作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2018, Vol. 44 ›› Issue (7): 139-144,149. doi: 10.19678/j.issn.1000-3428.0047699

• 安全技术 • 上一篇    下一篇

基于策略隐藏属性加密的云存储访问控制方案

范运东,吴晓平   

  1. 海军工程大学 信息安全系,武汉 430033
  • 收稿日期:2017-06-23 出版日期:2018-07-15 发布日期:2018-07-15
  • 作者简介:范运东(1993—),男,硕士研究生,主研方向为信息安全、云计算;吴晓平,教授、博士生导师。
  • 基金资助:

    国家自然科学基金(61672531,61100042);湖北省自然科学基金(2015CFC867)。

Cloud Storage Access Control Scheme Based on Policy Hiding Attribute Encryption

FAN Yundong,WU Xiaoping   

  1. Department of Information Security,Naval University of Engineering,Wuhan 430033,China
  • Received:2017-06-23 Online:2018-07-15 Published:2018-07-15

摘要:

现有云存储访问控制方案多数不能同时实现多机构授权与访问策略隐藏。为此,提出一种改进的云存储访问控制方案,并在安全模型下证明其安全性。将多值属性的访问结构转化为访问树后,使树中各节点信息嵌入至密文中,从而进行策略的完全隐藏。用户私钥由可信中央授权机构和多个属性授权机构共同生成,能够有效抵抗非法用户和授权机构的合谋攻击。理论分析和实验结果表明,与现有基于密文策略的属性加密方案相比,该方案在保证策略隐藏的同时,可实现较短的密文及用户私钥长度,并有效提升加解密效率。

关键词: 策略隐藏, 多授权机构, 属性加密, 云存储, 访问控制

Abstract:

Aiming at the problem that most existing cloud storage access control schemes can not realize the authorization of multiple authorities and access policy hiding at the same time,an improved cloud storage access control scheme is proposed,which proved to be secure under the security model.In this scheme,the access structure of the multi-valued attributes is transformed into the access tree,and the policy is completely hidden by embedding the node information in the tree into the ciphertext.The user’s private key is generated by a trusted central authority and multiple attribute authorities,which can effectively resist the collusion of illegal users and authorities.The theoretical analysis and experimental results show that,compared with existing Ciphertext Policy Attribute Based Encryption(CP-ABE) schemes,the proposed scheme achieves shorter length of ciphertext and the user’s private key while ensuring the policy hiding,and can effectively improve the efficiency of encryption and decryption.

Key words: policy hiding, multiple authorities, attribute encryption, cloud storage, access control

中图分类号: