云存储中基于多授权中心的CP-ABE访问控制方案
CP-ABE Access Control Scheme Based on Multi-Authorities in Cloud Storage
DOI: 10.12677/SEA.2020.93025, PDF,  被引量    科研立项经费支持
作者: 黄 艳, 吴晓鸰, 凌 捷:广东工业大学计算机学院,广东 广州
关键词: CP-ABE云存储访问控制多授权中心信任CP-ABE Cloud Storage Access Control Multi-Authorities Trust
摘要: 针对传统的密文策略属性基加密(Ciphertext Policy Attribute-Based Encryption, CP-ABE)方案在云存储访问控制过程中存在的安全和开销问题,提出一种云存储中基于多授权中心的CP-ABE访问控制方案。在CP-ABE的基础上对用户进行信任计算判断用户的可信度,利用多授权中心为合法用户生成全局密钥与属性密钥,同时使用代理服务器承担大部分解密计算与存储用户属性密钥的工作。安全性分析表明本方案是选择明文攻击安全的并且能够抵抗合谋攻击,性能分析表明本方案具有高效性,能减少用户端的开销。
Abstract: Aiming at the security and overhead problems of the traditional Ciphertext Policy Attribute-Based Encryption (CP-ABE) scheme in the process of cloud storage access control, a CP-ABE access control scheme based on multi-authorities in cloud storage is proposed. The trust calculation is carried out on the basis of CP-ABE to judge the credibility of users, global key and attribute key are generated for the legal users by using multi-authorities, meanwhile, the proxy server is used to undertake most of the work of decryption calculation and the storage of user's attribute key. The security anal-ysis shows that the scheme is chosen plaintext attack security and can resist the collusion attack, and the performance analysis shows that it is efficient and can reduce the overhead of the user.
文章引用:黄艳, 吴晓鸰, 凌捷. 云存储中基于多授权中心的CP-ABE访问控制方案[J]. 软件工程与应用, 2020, 9(3): 216-227. https://doi.org/10.12677/SEA.2020.93025

参考文献

[1] Mell, P. (2010) The NIST Definition of Cloud Computing. Communications of the ACM, 53, 50. [Google Scholar] [CrossRef
[2] Wang, S., Zhou, J., Liu, J.K., et al. (2016) An Efficient File Hier-archy Attribute-Based Encryption Scheme in Cloud Computing. IEEE Transaction on Information Forensics and Se-curity, 11, 1265-1277. [Google Scholar] [CrossRef
[3] Sukhodolskiy, I.A. and Zapechnikov, S.V. (2017) An Access Control Model for Cloud Storage Using Attribute-Based Encryption. IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering, St. Petersburg, 578-581. [Google Scholar] [CrossRef
[4] 洪澄, 张敏, 冯登国. 面向云存储的高效动态密文访问控制方法[J]. 通信学报, 2011, 32(7): 125-132.
[5] Sahai, A. and Waters, B. (2005) Fuzzy Identity-Based Encryption. In: International Conference on Theory and Application of Cryptographic Techniques, Springer Verlag, Berlin, 457-473. [Google Scholar] [CrossRef
[6] Goyal, V., Pandey, O., et al. (2006) Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data. Proceedings of the 13th ACM Conference on Computer and Commu-nications Security, Alexandria, VA, October 30-November 3 2006, 89-98. [Google Scholar] [CrossRef
[7] Bethencourt, J., Sahai, A. and Waters, B. (2007) Ciphertext-Policy Attribute-Based Encryption. IEEE Symposium on Security and Privacy, Berkeley, CA, 20-23 May 2007, 321-334. [Google Scholar] [CrossRef
[8] 房梁, 殷丽华, 郭云川, 方滨兴. 基于属性的访问控制关键技术研究综述[J]. 计算机学报, 2017, 40(7): 1680-1698.
[9] 何颖, 徐军, 侯雅婷. 云计算中的信任机制研究[J]. 计算机技术与发展, 2017, 27(10): 101-105.
[10] Riad, K. (2016) Multi-Authority Trust Access Control for Cloud Storage. 4th International Conference on Cloud Computing and Intelligence Systems, Beijing, 429-433. [Google Scholar] [CrossRef
[11] Li, J., Huang, X., Li, J., et al. (2014) Securely Outsourcing At-tribute-Based Encryption with Check Ability. IEEE Transactions on Parallel and Distributed Systems, 25, 2201-2210. [Google Scholar] [CrossRef
[12] Shao, J., Zhu, Y. and Ji, Q. (2017) Efficient Decentralized Attribute Based Encryption with Outsourced Computation for Mobile Cloud Computing. IEEE International Symposium on Parallel and Distributed Processing with Applications and 2017 IEEE International Conference on Ubiquitous Com-puting and Communications (ISPA/IUCC), Guangzhou, 417-422. [Google Scholar] [CrossRef
[13] Zhang, P., Chen, Z., Liu, J.K., Liang, K. and Liu, H. (2016) An Efficient Access Control Scheme with Outsourcing Capability and Attribute Update for Fog Computing. Future Generation Computing Systems, 12, 753-762. [Google Scholar] [CrossRef
[14] Michalas, A. and Weingarten, N. (2017) HealthShare: Using Attribute-Based Encryption for Secure Data Sharing between Multiple Clouds. IEEE 30th International Symposium on Computer-Based Medical Systems, Thessaloniki, 22-24 Jun 2017, 811-815. [Google Scholar] [CrossRef
[15] Chase, M. and Chow, S.S.M. (2009) Improving Privacy and Security in Multi-Authority Attribute-Based Encryption. Proceedings of the 16th ACM Conference on Computer Communications Security, Chicago, IL, 9-13 November 2009, 121-130. [Google Scholar] [CrossRef
[16] 雷丽楠, 李勇. 基于密文策略属性基加密的多授权中心访问控制方案[J]. 计算机应用研究, 2018, 35(1): 248-252+276.
[17] 谭跃生, 章世杨, 王静宇. 基于多授权中心的CP-ABE属性撤销方案[J]. 计算机工程与应用, 2019, 55(13): 78-84.
[18] Sandor, V.K.A., et al. (2019) Efficient Decentralized Multi-Authority Attribute Based Encryption for Mobile Cloud Data Storage. Journal of Network and Computer Applications, 129, 25-36. [Google Scholar] [CrossRef
[19] Wei, J., Liu, W. and Hu, X. (2018) Secure and Efficient Attrib-ute-Based Access Control for Multiauthority Cloud Storage. IEEE Systems Journal, 12, 1731-1742. [Google Scholar] [CrossRef
[20] Vaanchig, N., Xiong, H., Chen, W. and Qin, Z. (2018) Achieving Collaborative Cloud Data Storage by Key Escrow Free Multi-Authority CP-ABE Scheme with Dual Revo-cation. International Journal of Network Security, 20, 95-109.
[21] Boneh, D. and Franklin, M.K. (2001) Identity-Based Encryption from the Weil Pairing. Siam Journal on Computing, 32, 213-229. [Google Scholar] [CrossRef
[22] Josh, B. and Jerry, L. (1990) Generalized Secret Sharing and Monotone Functions. In: Advances in Cryptology CRYPTO99, Spnnger-Verlag, Berlin Heidelberg, 27-35. [Google Scholar] [CrossRef
[23] Blakley, G.R. (1979) Safeguarding Cryptographic Keys. National Computer Conference, New York, 4-7 June 1979, 313-317. [Google Scholar] [CrossRef
[24] Yacobi, Y.A. (2002) Note on the Bilinear Diffie-Hellman Assumption. Iacr Cryptology Eprint Archive, 45-57.

为你推荐