An Improved Scheme of Multi-PKG Cloud Storage Access Control

doi:10.3969/j.issn.1671-1122.2019.06.002

Abstract

Abstract:

In order to improve the security of cloud storage access control, an improved multiple private key generation center(PKG) cloud storage access control method based on attribute encryption is proposed. This paper first introduces the attribute encryption and access control model based on ciphertext-policy attribute-based encryption(CP-ABE). An improved multi-PKG scheme is then presented for cloud storage access control in this paper, which improves a single PKG to a primary PKG and several sub-PKGs. The primary PKG selects initialization parameters for generating a public key parameter and a master key of the primary PKG and each sub-PKG for data encryption. The sub-PKG then generates the relevant private key information and sends it to the client. Only the client receives the private key information of all the sub-PKGs to successfully calculate the private key for data decryption. This improved scheme can achieve flexible, fine-grained access control in the third-party server and the private key generation center(PKG) untrusted cloud storage scenario, while ensuring the confidentiality of user data. Ensure that for any ciphertext data stored by the user on the cloud server, only users who meet the corresponding attribute requirements can successfully decrypt to get the plaintext data, while any untrusted third party cannot illegally obtain the user’s private information independently.

Key words: attribute-based encryption, cloud storage, access control, multi-PKG

CLC Number:

TP309

Zhongyuan QIN, Yin HAN, Qunfang ZHANG, Xuejin ZHU. An Improved Scheme of Multi-PKG Cloud Storage Access Control[J]. Netinfo Security, 2019, 19(6): 11-18.

Figures/Tables 2

References 11

[1]	ZHAO Zhenkai, QIN Bo.The Research of Data Security Technology in Cloud Storage[J]. Information Security And Communications Privacy, 2018(2): 75-82.
	赵振凯,秦波.云存储中的数据安全技术[J].信息安全与通信保密,2018(2):75-82.
[2]	FENG Chaosheng, QIN Zhiguang, YUAN Ding.Techniques of Secure Storage for Cloud Data[J]. Chinese Journal of Computers, 2015, 38(1): 150-163.
	冯朝胜,秦志光,袁丁.云数据安全存储技术[J].计算机学报,2015,38(1):150-163.
[3]	SHAMIR A.Identity-based Cryptosystems and Signature Schemes[C]//Springer. 1984 Advances in Cryptology, August 19-22, Santa Barbara, CA, USA. Heidelberg: Springer, 1984: 47-53.
[4]	HU V C, KUHN D R, FERRAIOLO D F, et al.Attribute-based Access Control[J]. Computer, 2015, 48(2): 85-88.
[5]	PRAVEEN K P, SYAM K P, ALPHONSE P J A. Attribute Based Encryption in Cloud Computing: A Survey, Gap Analysis, and Future Directions[J]. Journal of Network and Computer Applications, 2018, 108(1): 37-52.
[6]	TENG wei, YANG Geng, XIANG Yang, et al. Attribute-based Access Control with Constant-size Ciphertext in Cloud Computing[J]. IEEE Transactions on Cloud Computing, 2017, 5(4): 617-627.
[7]	SHI Yue, LI Xianglong, DAI Fangfang.An Enhanced Security Framework of Software Defined Network Based on Attribute-based Encryption[J]. Netinfo Security, 2018, 18(1): 15-22.
	石悦,李相龙,戴方芳.一种基于属性基加密的增强型软件定义网络安全框架[J].信息网络安全,2018,18(1):15-22.
[8]	SAHAI A, WATERS B R.Fuzzy Identity Based Encryption[C]//Springer. 24th Annual International Conference on Theory and Applications of Cryptographic Techniques, May 22-26, 2005, Aarhus, Denmark. Heidelberg: Springer, 2004: 457-473.
[9]	QING Yong, SUN Wei, XIONG Hu, et al.Outsourcing Encryption and Decryption CP-ABE Scheme with Revocation Storage in Cloud Computing[J]. Netinfo Security, 2017, 17(6): 6-8.
	卿勇,孙伟,熊虎,等.云计算中可撤销存储的外包加解密CP-ABE方案[J].信息网络安全,2017,17(6):6-8.
[10]	BETHENCOURT J, SAHAI A, WATERS B.Ciphertext-policy Attribute-based Encryption[C]//IEEE. 2007 IEEE Symposium on Security and Privacy, May 20-23, 2007, Berkeley, CA, USA. New Jersey: IEEE, 2007: 321-334.
[11]	ZHONG Hong, CUI Jie, ZHU Wenlong, et al.Efficient and Verifiable Muti-authority Attribute Based Encryption Scheme[J]. Journal of Software, 2018, 29(7): 184-195.
	仲红,崔杰,朱文龙,等.高效且可验证的多授权机构属性基加密方案[J].软件学报,2018,29(7):184-195.

[1]	Yifeng DU, Yuanbo GUO. A Dynamic Access Control Method for Fog Computing Based on Trust Value [J]. Netinfo Security, 2020, 20(4): 65-72.
[2]	Peng LIU, Qian HE, Wangyang LIU, Xu CHENG. CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption [J]. Netinfo Security, 2020, 20(3): 90-97.
[3]	Lu YU, Senlin LUO. A Method of Internal Intrusion Detection of Database in RBAC Mode [J]. Netinfo Security, 2020, 20(2): 83-90.
[4]	Shengwei XU, Feijie WANG. Attribute-based Encryption Scheme Traced Under Multi-authority [J]. Netinfo Security, 2020, 20(1): 33-39.
[5]	Xiaoran LI, Rong HAO, Jia YU. Certificateless Provable Data Possession with Data Uploading Control [J]. Netinfo Security, 2020, 20(1): 83-88.
[6]	WANG Jinmiao, WANG Guowei, WANG Mei, ZHU Ruijin. Achieving Privacy Preserving and Flexible Access Control in Fog Computing [J]. Netinfo Security, 2019, 19(9): 41-45.
[7]	WANG Shengyu, WANG Jinmiao, DONG Qingfeng, ZHU Ruijin. A Survey of Attribute-based Encryption Technology [J]. Netinfo Security, 2019, 19(9): 76-80.
[8]	YE A-yong, JIN Junlin, MENG Lingyu, ZHAO Ziwen. Research on Access Control for Privacy Protection of Mobile Terminals [J]. Netinfo Security, 2019, 19(8): 51-60.
[9]	LIU Jianhua, ZHENG Xiaokun, ZHENG Dong, AO Zhangheng. Secure Attribute Based Encryption Enabled Cloud Storage System with Ciphertext Search [J]. Netinfo Security, 2019, 19(7): 50-58.
[10]	HOU Lin, LI Mingjie, XU Jian, ZHOU Fucai. Distributed Dynamic Provable Data Possession Model Based on Flexible Length-based Authenticated Skip List [J]. Netinfo Security, 2019, 19(7): 67-74.
[11]	SHAO Bilin, LI Xiaojun, BIAN Genqing, ZHAO Yu. A Survey on Data Integrity Auditing Technology in Cloud Storage [J]. Netinfo Security, 2019, 19(6): 28-36.
[12]	Xixi YAN, Qichao ZHANG, Yongli TANG, Qinlong HUANG. Ciphertext Policy Attribute-based Encryption Scheme Supporting Traitor Tracing [J]. Netinfo Security, 2019, 19(5): 47-53.
[13]	Yiming HEI, Jianwei LIU, Zongyang ZHANG, Hui YU. Blockchain-based Distributed Cloud Storage System with Public Verification [J]. Netinfo Security, 2019, 19(3): 52-60.
[14]	Shuai LI, Xiaojie LIU, Bing XU. Research on a Disk Data Synchronization Method Based on Directory Hash Tree [J]. Netinfo Security, 2019, 19(2): 53-59.
[15]	Fangbo CAI, Jingsha HE, Nafei ZHU, Song HAN. Research on Cascading Failure of Nodes in Distributed Access Control Model [J]. Netinfo Security, 2019, 19(12): 47-52.