信息网络安全 ›› 2017, Vol. 17 ›› Issue (6): 6-8.doi: 10.3969/j.issn.1671-1122.2017.06.002

• 技术研究 • 上一篇    下一篇

云计算中可撤销存储的外包加解密CP-ABE方案

卿勇1, 2, 孙伟1, 熊虎1, 赵洋1   

  1. 1. 电子科技大学软件学院,四川成都 610054;
    2. 达州职业技术学院,四川达州635001
  • 收稿日期:2017-04-27 出版日期:2017-06-20
  • 通讯作者: 熊虎 xionghu.uestc@gmail.com
  • 作者简介:卿勇(1960-),男,四川,副教授,主要研究方向为计算机科学、密码学;孙伟(1992-),男,四川,硕士研究生,主要研究方向为密码学;熊虎(1982-),男,四川,副教授,博士,主要研究方向为密码学、网络安全;赵洋(1973-),男,四川,副教授,博士,主要研究方向为密码学、网络安全。
  • 基金资助:
    国家自然科学基金[61370026]

Outsourcing Encryption and Decryption CP-ABE Scheme with Revocation Storage in Cloud Computing

QING Yong1, 2, SUN Wei1, XIONG Hu1, ZHAO Yang1   

  1. 1. School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu Sichuan 610054, China;
    2. Dazhou Vocational and Technical College, Dazhou Sichuan 635001, China
  • Received:2017-04-27 Online:2017-06-20

摘要: 考虑到用户对数据隐私性的需求以及云服务器的不可信,利用属性基密码体制(ABE)构建面向云存储的安全数据共享方案被广泛研究。当用户被撤销时,现有的标准ABE机制无法确保被撤销的用户不能继续访问云服务器中的海量密文数据。针对上述问题,文章结合密文更新和密钥更新的思想,提出了一种可以支持加解密外包的可撤销存储的密文策略属性基加密(SR-CP-ABE)方案。该方案通过定期更新存储在云服务器中的密文来确保用户被撤销后无法访问这些密文。同时,该方案通过结合密钥拆分的思想,将加解密过程中的复杂计算外包到不可信的云服务器,降低了用户的加解密计算量,实验结果表明文章提出的方案是高效可行的。

关键词: 云计算, 密文访问控制, 外包加解密计算, 用户撤销, 密钥更新

Abstract: Taking into account the user’s need for data privacy and the untrustworthiness of cloud servers, the use of attribute-based cryptography(ABE) to build cloud-oriented security data sharing program is widely studied. When a user is revoked, the existing standard ABE mechanism can’t ensure that the revoked user can’t continue to access the massive ciphertext data in the cloud server. Aiming at the above problems, this paper proposes a ciphertext strategy attribute encryption scheme(SR-CP-ABE) which can support the reusable storage of encryption and decryption by combining the idea of ciphertext update and key update. The program ensures that the user can’t access the ciphertext by periodically updating the ciphertext stored in the cloud server. At the same time, this program through the combination of the idea of key split, encryption and decryption process in the complex computing outsourcing to the untrusted cloud server to reduce the user’s encryption and decryption calculation. The experimental results show that the proposed scheme is efficient and feasible.

Key words: cloud computing, ciphertext access control, outsourcing encryption and decryption computation, user revocation, key update

中图分类号: