摘要
CP-ABE方案的访问结构是直接外包给云服务器的,这会使得访问策略被公开,而且每个权限都能够在云存储系统中独立地发布属性。由于用户属性的动态性,现在的CP-ABE方案并不能直接应用在多权限云存储系统的数据访问控制中。针对这些挑战,提出一种多权限CP-ABE访问控制方案。利用隐藏在云存储系统中的策略来保护用户的隐私以及访问策略隐私;采用线性秘密共享方案来实现访问策略。对该方案进行安全性分析,证明其在访问策略的保护和用户权限重新计算的成本方面具有一定的优势。
The access structure of CP-ABE scheme is outsourced directly to the cloud server,which makes the access policy explode,and each permission can publish attributes independently in the cloud storage system.Due to the dynamic nature of user attributes,the current CP-ABE scheme can not be directly applied to the data access control of multi-permission cloud storage systems.Therefore,in order to meet these challenges,we propose a multi-permission CP-ABE access control scheme.It could protect the privacy and access policy privacy of users by using the policies hidden in the cloud storage system.The linear secret sharing scheme was used to implement the access policy.Finally,the security analysis of the scheme proves that our scheme has some advantages in terms of the protection of access policy and the cost of user rights recalculation.
作者
刘海峰
高月月
Liu Haifeng;Gao Yueyue(Shaanxi University of Science and Technology,Xi’an 710012,Shaanxi,China)
出处
《计算机应用与软件》
北大核心
2020年第9期315-319,共5页
Computer Applications and Software
关键词
属性加密
访问策略
云存储
Attribute encryption
Access policy
Cloud storage
