面向云存储的属性基双边访问控制方案

Attribute-based bilateral access control scheme for cloud storage

针对目前云存储中细粒度双边访问控制机制安全模型较弱且外包解密结果缺乏验证的问题,提出了一种面向云存储数据的属性基双边访问控制方案。首先,提出了自适应安全可验证外包双边CP-ABE的形式化定义和安全模型;其次,以此为基础并结合批量可验证技术在合数阶群上设计了双边访问控制方案,支持数据拥有者与数据使用者同时为对方定义访问策略;最后,安全性分析表明,所提方案在自适应安全模型下针对选择明文攻击与选择消息攻击是不可区分的和存在性不可伪造的。实验结果显示,所提方案减轻了用户端的匹配、解密以及验证阶段的计算开销。

In the existing cloud storage systems,the fine grained and bilateral access control schemes suffer from weak security model and unverifiable outsourced decryption result.To address this problem,an attribute-based bilateral access control scheme for cloud storage was proposed.Firstly,the formal definition and secure model of adaptively secure and verifiable outsourced bilateral CP-ABE was given.Secondly,combining with the batch verification technology,the attribute based bilateral access control scheme was constructed on the composite order groups,which enabled both the data owner and data user to simultaneously define the access policies for each other.Finally,the security analysis showed that the proposed scheme was indistinguishable and existential unforgeable under adaptive security models against chosen plaintext attacks and chosen message attacks,respectively.The experimental results show that the proposed scheme achieves high performance on the user side,where the computational overhead of matching,decryption,and verification is reduced.