作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2018, Vol. 44 ›› Issue (8): 1-6. doi: 10.19678/j.issn.1000-3428.0048571

所属专题: 云计算专题

• 云计算专题 • 上一篇    下一篇

支持多授权中心与属性变更的云访问控制方案

杨小东,安发英,杨苗苗,杨平,王彩芬   

  1. 西北师范大学 计算机科学与工程学院,兰州 730070
  • 收稿日期:2017-09-06 出版日期:2018-08-15 发布日期:2018-08-15
  • 作者简介:杨小东(1981—),男,副教授、博士,主研方向为云计算安全、代理重签名;安发英、杨苗苗、杨平,硕士研究生;王彩芬,教授、博士、博士生导师。
  • 基金资助:

    国家自然科学基金(61662069,61262057,61562077);中国博士后科学基金(2017M610817);甘肃省科技计划项目(145RJ DA325,1506RJZA130);甘肃省高等学校科研项目(2014-A011);兰州市科技计划项目(2013-4-22);西北师范大学青年教师科研能力提升计划项目(WNU-LKQN-14-7)。

Cloud Access Control Scheme Supporting Multi-authority Centers and Attribute Change

YANG Xiaodong,AN Faying,YANG Miaomiao,YANG Ping,WANG Caifen   

  1. College of Computer Science and Engineering,Northwest Normal University,Lanzhou 730070,China
  • Received:2017-09-06 Online:2018-08-15 Published:2018-08-15

摘要:

传统的基于密文策略的属性加密系统多数是基于单授权机构,存在计算开销较大、密钥维护效率低且无法实现抗串谋攻击等问题。为此,提出一种改进的云访问控制方案。通过哈希函数构建的逻辑二叉树为每个属性生成组密钥,并利用组密钥更新用户的私钥和密文,实现细粒度的属性变更。用户的属性私钥由多个授权中心联合分发,可解决单授权机构的性能瓶颈问题。借助解密外包和固定密文加密技术,减少用户的计算时间和存储开销。通过引入线性秘密共享矩阵,实现灵活的资源访问控制策略。分析结果表明,与基于属性加密的云存储方案等方案相比,该方案在属性变更时用户计算的复杂度最优,大幅提升了用户的解密效率。

关键词: 云数据, 访问控制, 属性变更, 属性基加密, 多授权中心

Abstract:

The traditional Ciphertextpolicy Attribute-based Encryption(CP-ABE) systems are based on singleauthority organization,and most of them have the problems of large computation cost,low key maintenance efficiency,and inability to achieve anti-conspiracy attacks.Therefore,an improved cloud access control scheme is proposed.The logical binary tree constructed by the hash function generates a group key for each attribute,and uses the group key to update the user’s private key and ciphertext to achieve fine-grained attribute changes.The private key of the user’s attribute is jointly distributed by multiple authorized centers to solve the performance bottleneck of the single authorized organization.With decryption outsourcing and fixed ciphertext encryption technology,users’ computing time and storage cost are reduced.The introduction of linear secret sharing matrix achieves a flexible resource access control strategy.Analysis results show that compared with other schemes such as cloud storage schemes based on attribute encryption,the complexity of the user’s computation is optimal when the attribute changes,which greatly enhances the user’s decryption efficiency.

Key words: cloud data, access control, attribute change, Attribute-based Encryption(ABE), multi-authority centers

中图分类号: