摘要
为了解决云存储中常见的安全威胁,提出了带有两层次撤销的安全数据共享(SDSSTLR)方案以保证共享数据的安全性.该方案能够抵抗用户与用户之间、用户与云服务器之间的共谋攻击,从而保护了数据的机密性.该方案使密钥分发中心与云服务器共同生成用户密钥,从而解决了因密钥仅由一个实体生成而影响密钥安全性的密钥托管问题,并通过保证这2个实体生成的用户密钥不能直接用于解密,使密钥得以在公共信道上安全传输,很大程度上解决了安全信道传输的难题.针对用户解密权限的管理,该方案设定了2个不同层次的撤销,分别为属性层次的撤销和用户层次的撤销,它们均能保证前向安全与后向安全.最后,安全性分析和效率分析证明了SDSS-TLR方案在安全威胁下的安全性和高效运行的能力.
To solve common secure challenges that may threaten the data security in the cloud storage,a secure data sharing scheme with two-level revocation(SDSS-TLR)scheme is proposed.User-user and user-cloud collusion attack can be resisted so that the data confidentiality can be ensured.The key escrow problem that secret keys are only generated by one entity threatens the security of secret keys.The key generation center and cloud server need to generate secret keys together,and thus,the key escrow problem can be solved.Through ensuring the secret key components generated by the two entities not be used to decrypt directly,the secret key transfer can be completed in the public channel,so the security channel transfer problem is solved.Two different levels of revocation,which are named attribute-level revocation and user-level revocation,are proposed in the scheme,which can guarantee the forward and backward security.Finally,the security in resisting attacks and performance of SDSS-TLR can be formally proved through security analysis and performance analysis.
作者
赵司宇
蒋睿
Zhao Siyu ;Jiang Rui(School of Information Science and Engineering,Southeast University,Nanjing 210096,China)
出处
《东南大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2018年第4期596-604,共9页
Journal of Southeast University:Natural Science Edition
基金
国家自然科学基金资助项目(61372103)
国家重点基础研究发展计划资助项目(973计划)(2013CB338003)
公安部信息网络安全重点实验室资助项目(C16612)
关键词
基于密文策略属性的加密方案
数据共享
撤销
云存储
ciphertext-policy attribute-based encryption
data sharing
revocation
cloud storage
