Design on Data Access Control Scheme for Cloud Storage Based on CP-ABE Algorithm

doi:10.3969/j.issn.1671-1122.2016.02.001

Abstract

Abstract:

Cloud storage obtains more and more social concerns as a new data storage management system. Cloud storage exposes many safety problems during using process. This paper puts forward a safety, efficient and fine-grained ciphertext access control scheme based on CP-ABE. Firstly, this paper introduces CP-ABE algorithm theory and improves CP-ABE in order to reduce the amount of key calculation and enhanced operation speed. Then this paper establishes models of key management center, users and cloud servicer, and describes systems initialization, key application, upload and download procedure of the files. Data owner uses key to signature file summary to complete data authentication and avoid authenticate PKI license. This paper uses convergent encryption to complete ciphertext redundancy test and improve storage space utilization ratio. At last, this paper analyses the scheme security and tests operation efficiency by simulated experiment. Compared to general methods, the new scheme consumes less time and storage space in case of user attributes and amount in growth. Experiment result shows the scheme has certain advantages in the case of massive users.

Key words: cloud computing, storage safety, access control, CP-ABE algorithm, digital signature

CLC Number:

TP309

Sijia CHENG, Changhong ZHANG, Shuaiqing PAN. Design on Data Access Control Scheme for Cloud Storage Based on CP-ABE Algorithm[J]. Netinfo Security, 2016, 16(2): 1-6.

Figures/Tables 8

References 15

[1]	秦志光,包文意,赵洋,等. 云存储中一种模糊关键字搜索加密方案[J]. 信息网络安全,2015(6):7-12.
[2]	冯登国,张敏,张妍. 云计算安全研究[J]. 软件学报,2011,22(1):71-83.
[3]	冯朝胜,秦志光,袁丁. 云数据安全存储技术[J]. 计算机学报,2015,38(1):150-163.
[4]	赵洋,任化强,熊虎,等. 无双线性对的云数据完整性验证方案[J]. 信息网络安全,2015(7):7-12.
[5]	SHAMIR A. Identity-based Cryptosystems and Signature Schemes[EB/OL]. .
[6]	SAHAI A, WATERS B.Fuzzy Identity Based Encryption[C]//IACR. 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 22-26, 2005, Aarhus, Denmark. Heidelberg: Springer-Verlag, 2005: 457-473.
[7]	GOYAL V, PANDEY O, SAHAI A, et al.Attribute Based Encryption for FIne-grained Access Control of Encrypted Data[C]//ACM. 13th ACM Conference on Computer and Communications Security (CCS’06), October 30-November 3, 2006, Alexandria, VA, USA. New York: ACM, 2006: 89-98.
[8]	BETHENCOURT J, SAHAI A, WATERS B.Ciphertext-policy Attribute-based Encryption[C]//IEEE. 2007 IEEE Symposium on Security and Privacy, May 20-23, 2007, Oakland, Califormia, USA. New Jersey: IEEE, 2007: 321-334.
[9]	赵洋,陈阳,熊虎,等. 云环境下一种可撤销授权的数据拥有性证明方案[J]. 信息网络安全,2015(8):1-7.
[10]	周明快. 基于CP-ABE的云计算改进属性加密安全访问控制策略设计[J]. 计算机测量与控制,2015,23(1):297-300.
[11]	石强,赵鹏远. 云存储关键技术分析[J]. 河北省科学院学报,2011,28(3):66-68.
[12]	DAMIANI E, VIMERCATI S D C D, FORESTI S, et al. Selective Data Encryption in Outsourced Dynamic Environments[J]. Electronic Notes in Theoretical Computer Science, 2007, 168(1): 127-142.
[13]	HONG Cheng, ZHANG Min, FENG Dengguo.AB-ACCS: A Cryptographic Access Control Scheme for Cloud Storage[J]. Journal of Computer Research and Development, 2010, 47(z1): 259-265.
[14]	李琦,马剑锋,熊金波,等. 一种素数阶群上构造的自适应安全带多授权机构CP-ABE方案[J]. 电子学报,2014,4(42):696-702.
[15]	王淑娥,林柏钢,杨旸,等. 用于PHR云存储的属性密文访问控制方案[J]. 信息网络安全,2014(5):15-20.