摘要：

传统的基于密文策略的属性加密系统多数是基于单授权机构,存在计算开销较大、密钥维护效率低且无法实现抗串谋攻击等问题。为此,提出一种改进的云访问控制方案。通过哈希函数构建的逻辑二叉树为每个属性生成组密钥,并利用组密钥更新用户的私钥和密文,实现细粒度的属性变更。用户的属性私钥由多个授权中心联合分发,可解决单授权机构的性能瓶颈问题。借助解密外包和固定密文加密技术,减少用户的计算时间和存储开销。通过引入线性秘密共享矩阵,实现灵活的资源访问控制策略。分析结果表明,与基于属性加密的云存储方案等方案相比,该方案在属性变更时用户计算的复杂度最优,大幅提升了用户的解密效率。

关键词: 云数据, 访问控制, 属性变更, 属性基加密, 多授权中心

Abstract:

The traditional Ciphertextpolicy Attribute-based Encryption(CP-ABE) systems are based on singleauthority organization,and most of them have the problems of large computation cost,low key maintenance efficiency,and inability to achieve anti-conspiracy attacks.Therefore,an improved cloud access control scheme is proposed.The logical binary tree constructed by the hash function generates a group key for each attribute,and uses the group key to update the user’s private key and ciphertext to achieve fine-grained attribute changes.The private key of the user’s attribute is jointly distributed by multiple authorized centers to solve the performance bottleneck of the single authorized organization.With decryption outsourcing and fixed ciphertext encryption technology,users’ computing time and storage cost are reduced.The introduction of linear secret sharing matrix achieves a flexible resource access control strategy.Analysis results show that compared with other schemes such as cloud storage schemes based on attribute encryption,the complexity of the user’s computation is optimal when the attribute changes,which greatly enhances the user’s decryption efficiency.

Key words: cloud data, access control, attribute change, Attribute-based Encryption(ABE), multi-authority centers

中图分类号: 

• TP391