摘要： 针对移动云存储环境下的数据安全共享需求,从数据安全访问控制和完整性验证两方面设计基于密文策略的属性加密数据可验证访问控制方案,以应对移动设备计算能力、电池能量不足和数据存储容量有限的情况。在系统模型中引入加密和解密服务提供者,通过添加批准属性实现加密计算的安全外包。加密服务提供者为密文数据生成对应的验证标签,在解密数据前,云服务提供者根据验证标签完成由挑战者发起的数据完整性验证。解密服务提供者为请求访问数据的用户进行数据解密计算,由于只有用户自己持有用户私钥,因此能够实现解密计算的安全外包。分析与评估结果表明,该方案将大量计算操作外包给其他服务器,能够降低移动用户的计算开销。

关键词: 移动云, 属性加密, 数据完整性, 访问控制, 云存储

Abstract: In order to meet the secure requirements of data sharing in mobile cloud storage environment,a verifiable access control scheme based on Ciphertext-policy Attribute-based Encryption(CP-ABE) is proposed from the aspects of data security access control and integrity verification,to deal with the situations such as inadequate battery power,limited data storage and computation capacity for mobile devices.It introduces the Encryption Service Provider(ESP) and Decryption Service Provider(DSP) into the system model,and implements the security outsourcing of encryption computation by using the permission attribute.ESP generates the verifiable tag for the ciphertext,before decrypting,the data integrity verification is requested by the challenger,and completed by Cloud Service Provider(CSP) according to the verifiable tag.DSP decrypts the ciphertext for the user who requests to access data.Due to the user secret key holding only by the corresponding user,the decryption computation is outsourced in security.The results of analysis and evaluation show that the proposed scheme can reduce the computation overhead of the mobile user by outsourcing computation to other servers.

Key words: mobile cloud, Attribute-based Encryption(ABE), data integrity, access control, cloud storage

中图分类号: 

• TP393