摘要: 提出一种基于属性群的云存储密文访问控制方案。采用对称加密算法加密大型数据文件,并用属性加密算法加密对称密钥,将重加密的任务转移到云服务提供商,从而降低数据拥有者的计算代价,且未向云服务提供商泄露额外信息。在属性和用户权限撤销时,以同一属性集下的不同用户为单位,数据拥有者不参与属性和用户权限的撤销,从而减轻数据拥有者的权限管理代价。分析结果表明,该方案在权限撤销时的效率优于已有的密文访问控制方案,支持细粒度的灵活访问控制策略,具有数据机密性、抗合谋攻击性、前向保密性和后向保密性。
关键词:
密文访问控制,
云存储,
属性群,
用户权限撤销,
重加密
Abstract: This paper proposes a cryptographic access control scheme based on attribute group in cloud storage. The symmetric cryptosystem is used to encrypt the original data by the Data Owner(DO), and the attribute-based encryption algorithm is used to encrypt the symmetric key. DO delegate the task of data re-encryption to the Cloud Service Provider(CSP), which not only reduces the computational cost of DO, but also does not reveal extra information of the plaintext to CSP. The proposed scheme supports the unit of a collection of multiple users when any attribute or user is revoked. The fine-grained and flexible access control can be achieved by hybrid cryptosystem meachanism. Compared with the existing access control schemes, the proposed scheme is more efficient in revocation cost and can alleviate the administering burders on DO. The scheme guarantees collusion resistance against colluding users, data confidentiality, forward and backward secrecy.
Key words:
cryptographic access control,
cloud storage,
attribute group,
user revocation,
re-encryption
中图分类号:
杨小东, 王彩芬. 基于属性群的云存储密文访问控制方案[J]. 计算机工程, 2012, 38(11): 20-22,26.
YANG Xiao-Dong, WANG Cai-Fen. Cryptographic Access Control Scheme in Cloud Storage Based on Attribute Group[J]. Computer Engineering, 2012, 38(11): 20-22,26.