信息网络安全 ›› 2019, Vol. 19 ›› Issue (7): 50-58.doi: 10.3969/j.issn.1671-1122.2019.07.006

• • 上一篇    下一篇

基于属性加密且支持密文检索的安全云存储系统

刘建华1, 郑晓坤2(), 郑东3, 敖章衡3   

  1. 1. 西安邮电大学信息中心,陕西西安 710121
    2. 西安邮电大学计算机学院,陕西西安 710121
    3. 西安邮电大学无线网络安全技术国家工程实验室,陕西西安 710121
  • 收稿日期:2018-12-10 出版日期:2019-07-19 发布日期:2020-05-11
  • 作者简介:

    作者简介:刘建华(1963—),男,陕西,教授级高级工程师,主要研究方向为通信与网络安全;郑晓坤(1995—),男,山西,硕士研究生,主要研究方向为信息安全;郑东(1964—),男,山西,教授,博士,主要研究方向为密码学、云存储安全;敖章衡(1990—),男,湖北,硕士,主要研究方向为云计算。

  • 基金资助:
    国家自然科学基金[61472472]

Secure Attribute Based Encryption Enabled Cloud Storage System with Ciphertext Search

Jianhua LIU1, Xiaokun ZHENG2(), Dong ZHENG3, Zhangheng AO3   

  1. 1. Department of Information Center, Xi’an University of Posts and Telecommunications, Xi’an Shannxi 710121, China;
    2. School of Computer Science and Technology, Xi’an University of Posts and Telecommunications,Xi’an Shannxi 710121, China;
    3. National Engineering Laboratory for Wireless Security,Xi’an University of Posts and Telecommunications, Xi’an Shannxi 710121, China;
  • Received:2018-12-10 Online:2019-07-19 Published:2020-05-11

摘要:

云存储作为一种新兴的网络存储技术,其优点得到了广大用户的关注与认可。然而,频繁暴露的各大云盘隐私泄露等安全问题严重阻碍了云存储服务的应用与发展。文章提出了一种基于属性加密且支持密文检索的安全云存储系统。用户首先从可信中心申请属性密钥,然后将加密的隐私数据外包给云服务器。授权用户通过属性密钥生成关键字陷门,只有授权用户的属性满足规定的访问控制树时,该授权用户才被允许通过此陷门搜索云端加密数据。为了有效管理系统内的授权用户,新系统采用重加密技术实现了系统内特定用户的废除与添加。安全性分析表明,该系统能够有效保护用户的隐私和数据安全。性能分析表明,该系统具有较高的效率。

关键词: 云存储, 隐私泄露, 属性加密, 重加密

Abstract:

As a new kind of network storage technologies, cloud storage gets most people's attentions. However, the privacy and security issues have seriously hindered the application and development of cloud storage service. We present a secure attribute-based encryption enabled cloud storage system with ciphertext search. The basic idea is that users first outsource encrypted private data to cloud servers, then cloud services distribute an attribute key to an authorized user. The user generates a trapdoor based on his attribute keys. Only the attributes of authorized users satisfy the access tree integrated in the ciphertext, and the authorized users are allowed to search on cloud encrypted data by the trapdoor. In order to effectively manage authorized users in the system, the idea of re-encryption is adopted to achieve the revocation and addition of the authorized user. Security analysis shows that the system can effectively protect the user's privacy, and performance analysis indicate that the system has desirable performance.

Key words: cloud storage, privacy leakage, attribute-based encryption, re-encryption

中图分类号: