期刊文献+

基于CP-ABE算法的云存储数据访问控制方案设计 被引量:33

Design on Data Access Control Scheme for Cloud Storage Based on CP-ABE Algorithm
下载PDF
导出
摘要 云存储作为一种新兴的数据存储和云计算管理系统,得到了社会越来越多的关注。在云存储应用过程中,已经暴露出许多安全性问题,从而制约了云存储的进一步发展。针对云存储安全问题,文章提出了一种基于密文策略属性加密的安全、高效、细粒度的密文访问控制方案。文章首先对CP-ABE算法原理进行介绍,并在此基础上提出了改进算法,通过减少密钥计算量降低系统开销,提高运算效率。其次,建立密钥管理中心、用户和云存储服务器三方实体,同时对系统初始化、私钥申请、文件上传及文件下载流程进行描述。方案中数据属主利用私钥对文件摘要进行签名实现数据认证,避免了验证PKI公钥证书过程,提升认证效率;采用收敛加密技术实现密文数据冗余检测,提升存储空间利用率。最后,文章针对新方案的安全性进行理论分析,并通过仿真实验测试运行效率。实验证明,与一般方法相比,在用户属性和用户个数增长的条件下,新方案消耗的生成私钥时间最短且占有最小的存储空间。 Cloud storage obtains more and more social concerns as a new data storage management system. Cloud storage exposes many safety problems during using process. This paper puts forward a safety, efficient and fine-grained ciphertext access control scheme based on CP-ABE. Firstly, this paper introduces CP-ABE algorithm theory and improves CP-ABE in order to reduce the amount of key calculation and enhanced operation speed. Then this paper establishes models of key management center, users and cloud servicer, and describes systems initialization, key application, upload and download procedure of the files. Data owner uses key to signature file summary to complete data authentication and avoid authenticate PKI license. This paper uses convergent encryption to complete ciphertext redundancy test and improve storage space utilization ratio. At last, this paper analyses the scheme security and tests operation efficiency by simulated experiment. Compared to general methods, the new scheme consumes less time and storage space in case of user attributes and amount in growth. Experiment result shows the scheme has certain advantages in the case of massive users.
出处 《信息网络安全》 2016年第2期1-6,共6页 Netinfo Security
基金 湖北省自然科学基金[2015CFA066]
关键词 云计算 存储安全 访问控制 CP—ABE算法 数字签名 cloud computing storage safety access control CP-ABE algorithm digital signature
  • 相关文献

参考文献15

二级参考文献156

  • 1罗武庭.DJ—2可变矩形电子束曝光机的DMA驱动程序[J].LSI制造与测试,1989,10(4):20-26. 被引量:373
  • 2Organization for the Advancement of Structured Information Standards (OASIS) http://www.oasis-open.org/.
  • 3Distributed Management Task Force (DMTF) http://www.dmtf.org/home.
  • 4Cloud Security Alliance http://www.cloudsecurityalliance.org.
  • 5Crampton J, Martin K, Wild P. On key assignment for hierarchical access control. In: Guttan J, ed, Proc. of the 19th IEEE Computer Security Foundations Workshop--CSFW 2006. Venice: IEEE Computer Society Press, 2006. 5-7.
  • 6Damiani E, De S, Vimercati C, Foresti S, Jajodia S, Paraboschi S, Samarati P. An experimental evaluation of multi-key strategies for data outsourcing. In: Venter HS, Eloff MM, Labuschagne L, Eloff JHP, Solms RV, eds. New Approaches for Security, Privacy and Trust in Complex Environments, Proc. of the IFIP TC-11 22nd Int'l Information Security Conf. Sandton: Springer-Verlag, 2007. 395-396.
  • 7Bethencourt J, Sahai A, Waters B. Ciphertext-Policy attribute-based encryption. In: Shands D, ed. Proc. of the 2007 IEEE Symp. on Security and Privacy. Oakland: IEEE Computer Society, 2007. 321-334. [doi: 10.1109/SP.2007.11].
  • 8Yu S, Ren K, Lou W, Li J. Defending against key abuse attacks in KP-ABE enabled broadcast systems. In: Bao F, ed. Proc. of the 5th Int'l Conf. on Security and Privacy in Communication Networks. Singapore: Springer-Verlag, http://www.linkpdf.com/ ebook-viewer.php?url=http://www.ualr.edu/sxyul/file/SecureCommO9_AFKP_ABE.pdf.
  • 9Ibraimi L, Petkovic M, Nikova S, Hartel P, Jonker W. Ciphertext-Policy attribute-based threshold decryption with flexible delegation and revocation of user attributes. Technical Report, Centre for Telematics and Information Technology, University of Twente, 2009.
  • 10Roy S, Chuah M. Secure data retrieval based on ciphertext policy attribute-based encryption (CP-ABE) system for the DTNs. Technical Report, 2009.

共引文献1259

同被引文献202

引证文献33

二级引证文献153

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部