信息网络安全 ›› 2016, Vol. 16 ›› Issue (11): 6-6.doi: 10.3969/j.issn.1671-1122.2016.11.002

• • 上一篇    下一篇

一种基于混合属性的多授权中心云访问方案

荣星1,2(), 江荣3   

  1. 1. 解放军信息工程大学三院,河南郑州 450004
    2. 北京工业大学计算机学院,北京 100124
    3. 国防科学技术大学六院,湖南长沙 410073
  • 收稿日期:2016-08-15 出版日期:2016-11-20 发布日期:2020-05-13
  • 作者简介:

    作者简介: 荣星(1986—),男,安徽,博士研究生,主要研究方向为云计算、可信计算;江荣(1984—),男,福建,讲师,博士,主要研究方向为无线传感器网络。

  • 基金资助:
    国家高技术研究发展计划(国家863计划)[2015AA016002]

A Mixed Attributes-based Multi-authority Cloud Access Scheme

Xing RONG1,2(), Rong JIANG3   

  1. 1. The 3rd Academy, PLA Information Engineering University, Zhengzhou Henan 450004, China
    2. College of Computer Science, Beijing University of Technology, Beijing 100124, China
    3. The 6th Academy, National University of Defense Technology, Changsha Hunan 410073, China
  • Received:2016-08-15 Online:2016-11-20 Published:2020-05-13

摘要:

针对云计算外包模式带来的数据安全问题,文章提出了一种云存储环境下的混合属性基数据访问控制方案。访问结构中引入了由数据属主直接控制的权限属性,并与传统访问控制树相结合,使得数据属主能够独立控制数据的访问,解决了由授权中心分发用户属性私钥引起的偷窥问题。方案支持用户属性撤销和用户直接撤销,并在用户属性撤销中使用了代理重加密方案,可有效降低数据属主的计算代价。理论分析和实验结果表明,本方案能有效保护云存储数据的机密性并且属性撤销效率高,能够很好地满足多授权中心环境要求。

关键词: 云计算, 属性基加密, 多授权中心, 属性撤销

Abstract:

The mode of outsourcing brings about new challenges for data security and access control in cloud computing, a multi-authority cloud access scheme with mixed access structure is put forward. After adding owner-defined permission attribute to traditional access structure, owner can decide which user has the right to access data and prevent attribute authority from peeking. User’s attribute and direct revocation methods can provide real-time privilege updating in multi-authority system, the former adopts proxy re-encryption to reduce the computing cost of data owner. Analysis shows that our proposed scheme is secure for protecting stored data under existing security models and highly efficient in attribute revocation, which is suitable for multi-authority cloud.

Key words: cloud computing, ABE, multi-authority, attribute revocation

中图分类号: