信息网络安全

信息网络安全 ›› 2016, Vol. 16 ›› Issue (2): 1-6.doi: 10.3969/j.issn.1671-1122.2016.02.001

• •    下一篇

基于CP-ABE算法的云存储数据访问控制方案设计

程思嘉(), 张昌宏, 潘帅卿   

  1. 海军工程大学信息安全系,湖北武汉430033
  • 收稿日期:2015-12-23 出版日期:2016-02-10 发布日期:2020-05-13
  • 作者简介:

    作者简介: 程思嘉(1992—),男,山西,硕士研究生,主要研究方向为云计算与云安全;张昌宏(1964—),男,江苏,副教授,硕士,主要研究方向为云计算存储技术;潘帅卿(1994—),男,江苏,硕士研究生,主要研究方向为云计算与云安全。

  • 基金资助:
    湖北省自然科学基金[2015CFA066]

Design on Data Access Control Scheme for Cloud Storage Based on CP-ABE Algorithm

Sijia CHENG(), Changhong ZHANG, Shuaiqing PAN   

  1. Department of Information Security, Navy University of Engineering, Wuhan Hubei 430033, China
  • Received:2015-12-23 Online:2016-02-10 Published:2020-05-13

RichHTML

1

PDF (PC)

309

摘要:

云存储作为一种新兴的数据存储和云计算管理系统,得到了社会越来越多的关注。在云存储应用过程中,已经暴露出许多安全性问题,从而制约了云存储的进一步发展。针对云存储安全问题,文章提出了一种基于密文策略属性加密的安全、高效、细粒度的密文访问控制方案。文章首先对CP-ABE算法原理进行介绍,并在此基础上提出了改进算法,通过减少密钥计算量降低系统开销,提高运算效率。其次,建立密钥管理中心、用户和云存储服务器三方实体,同时对系统初始化、私钥申请、文件上传及文件下载流程进行描述。方案中数据属主利用私钥对文件摘要进行签名实现数据认证,避免了验证PKI公钥证书过程,提升认证效率;采用收敛加密技术实现密文数据冗余检测,提升存储空间利用率。最后,文章针对新方案的安全性进行理论分析,并通过仿真实验测试运行效率。实验证明,与一般方法相比,在用户属性和用户个数增长的条件下,新方案消耗的生成私钥时间最短且占有最小的存储空间。

关键词: 云计算, 存储安全, 访问控制, CP-ABE算法, 数字签名

Abstract:

Cloud storage obtains more and more social concerns as a new data storage management system. Cloud storage exposes many safety problems during using process. This paper puts forward a safety, efficient and fine-grained ciphertext access control scheme based on CP-ABE. Firstly, this paper introduces CP-ABE algorithm theory and improves CP-ABE in order to reduce the amount of key calculation and enhanced operation speed. Then this paper establishes models of key management center, users and cloud servicer, and describes systems initialization, key application, upload and download procedure of the files. Data owner uses key to signature file summary to complete data authentication and avoid authenticate PKI license. This paper uses convergent encryption to complete ciphertext redundancy test and improve storage space utilization ratio. At last, this paper analyses the scheme security and tests operation efficiency by simulated experiment. Compared to general methods, the new scheme consumes less time and storage space in case of user attributes and amount in growth. Experiment result shows the scheme has certain advantages in the case of massive users.

Key words: cloud computing, storage safety, access control, CP-ABE algorithm, digital signature

中图分类号: