• • 上一篇    下一篇

云计算中基于密文策略属性基加密的数据访问控制协议

刘占斌%刘虹%火一莽   

  • 基金资助:
    国家科技支撑项目[2012BAH38B04、2012BAH38B04]、国家高科技研究发展计划(2012AA013002)

Data Access Control Protocol for the Cloud Computing based on Ciphertext-policy Attribute based Encryption (CP-ABE)

LIU Zhan-bin%LIU Hong%HUO Yi-mang   

  • About author:公安部第三研究所,上海,310000%北京锐安科技有限公司,北京,100044

摘要: 云计算提供一种新兴的数据交互模式,实现了用户数据的远程存储、共享和计算。由于云计算的系统复杂性、网络开放性、资源集中性以及数据敏感性等特点,使得用户与云服务器的交互过程面临着严峻的安全威胁,成为云计算安全领域亟待解决的关键问题。文章首先介绍了云计算系统的系统组件、信任模型和攻击模型,针对云计算系统中的数据安全访问问题,提出了基于密文策略属性基加密的访问控制协议。该协议利用切比雪夫映射的半群特性实现了用户身份的合法性认证,并设计轻量级的属性加密算法实现用户数据的可靠性授权。同时,该协议主要引入身份认证、访问控制和前向安全性机制,实现用户身份真实性认证和数据可靠性访问。通过协议存储需求分析,表明该协议在数据属性集和密钥存储方面具有固定的存储空间需求,避免海量数据交互中用户存储空间的线性增长。通过分析,表明该协议具有较强的可靠性、灵活性和扩展性,适应于云环境中大规模数据交互的应用场景。

Abstract: Cloud computing provides an emerging data interactive paradigm, and realizes users’ data remote storage, sharing and computing. Due to the system complexity, network openness, resource concentration, and data sensitivity, the process of the user accessing the cloud server is suffering from severe security threats, which make that the cloud data protection becomes an important issue. This work first introduces the system components, trust model, and attack model, and proposes a ciphertext-policy attribute based encryption (CP-ABE) based data access control protocol to achieve data protection. The proposed protocol applies the semi-group property of Chebyshev chaotic map for authentication, and adopts lightweight CP-ABE scheme for authorization. Meanwhile, the security mechanisms including authentication, access control, and forward security are applied to achieve user identification and data access control. According to the storage requirement analysis, the protocol owns fixed storage requirements in the attribute set and key, avoiding the linear growth of massive data interaction. It turns out that the protocol is secure, reliable and flexible for the large-scale data interactions in the cloud environments.