摘要
针对海量数据安全存储与可信共享的问题,提出了云链协同的数据共享访问控制方法。首先,构建基于区块链和云存储的数据共享访问控制方法的系统模型,改进了基于密文策略的属性加密算法,创建了用户-属性的多对多关联策略,实现对数据密文的访问控制,解决云服务器诚实且好奇的问题;然后,提出一种既支持细粒度访问控制又支持对加密数据进行多关键字搜索的有效公钥加密方法,可以实现加密数据的多关键字查询,并且在生成关键字索引时不需要提前定义字典库,可以降低一部分存储开销;最后,在判定性Diffie⁃Hellman和随机Oracle模型的假设下证明了所提方法是安全的。实验结果表明,所提方法在索引生成和关键字匹配阶段效率较高。
For the problem of secure storage and credible sharing of massive data,a data sharing access control method of cloud⁃chain collaboration is proposed.Firstly,the system model based on blockchain and cloud storage is constructed.The attribute encryption algorithm based on ciphertext policy is improved,and the user⁃attribute many⁃to⁃many association policy is established to realize the access control of data ciphertext and solve the problem of honest and curious cloud servers.Then,an effective public key that supports both fine⁃grained access control and multi⁃keyword search of encrypted data is proposed.The proposed method is proved to be secure under the assumptions of deterministic Diffie⁃Hellman and stochastic Oracle models,and the experimental results show that the proposed method is more efficient in the index generation and keyword matching stages.
作者
康海燕
张沙沙
KANG Haiyan;ZHANG Shasha(Information Security Department,Beijing Information Science and Technology University,Beijing 100192,China;School of Computer,Beijing Information Science and Technology University,Beijing 100192,China)
出处
《北京邮电大学学报》
EI
CAS
CSCD
北大核心
2023年第3期56-61,共6页
Journal of Beijing University of Posts and Telecommunications
基金
国家社会科学基金项目(21BTQ079)。
关键词
云服务器
区块链
可搜索加密
属性加密
访问控制
cloud server
block chain
searchable encryption
properties of encryption
access control
