云存储服务中一种高效属性撤销的AB-ACCS方案

doi:10.11896/j.issn.1002-137X.2019.07.015

摘要/Abstract

摘要： 为了提高云存储访问控制(Access Control for Cloud Storage,ACCS)的安全性、高效性,目前国内外云储存服务技术在身份验证、用户授权、数据完整性和加密手段等方面提供了安全性支持,但只是在通信过程中采用https协议对报文进行加密或者引入第三方代理机构对数据文件重加密,导致在跨域共享中存在数据安全隐患,并且在加密过程中存在计算开销大、效率低的问题。为了解决以上问题,提出了云存储服务中一种高效属性撤销的AB-ACCS(Attributes-Based of Access Control for Cloud Storage)方案。该方案通过一种改进的CP-ABE(Ciphertext Policy Attri-bute Based Encryption))进行访问控制,在不引用第三方代理机构的情况下,云服务提供商(Cloud Storage Provider,CSP)执行密文重加密操作,减少了权威机构和用户的通信负担。同时为了提高该方案在访问控制时的效率,在控制算法上加入新文件创建、新用户授权、属性撤销、文件访问的过程设计,并且结合了懒惰重加密技术,实现了云存储服务中一种高效属性撤销的AB-ACCS方案。实验结果验证了此方案在云存储服务中是有效可行的,并且安全性分析表明其具有向前和向后的双向保密性。

关键词: CP-ABE, 懒惰重加密, 云存储访问控制, 属性撤销

Abstract: In order to improve the security and efficiency of cloud storage access control (ACCS),cloud storage service technologies at home and abroad provide security support for authentication,user authorization,data integrityand encryption methods,but they only use https in the communication process.The protocol encrypts the packet or re-encrypts the data file by a third-party agency,resulting in data security risks in cross-domain sharing.In the encryption process,there are some problems such as large computational overhead and low efficiency.In order to solve the above problems,this paper proposed an AB-ACCS scheme for revocation of efficient attributes in cloud storage services.The solution uses an improved CP-ABE for access control.Without referring to a third-party agency,the CSP performs ciphertext re-encryption operations,which reduces the communication burden between authorities and users.At the same time,in order to improve the efficiency of the program in access control,new file creation,new user authorization,attribute revocation,and file access process design are added to the control algorithm,and a lazy re-encryption technology is combined to implement the proposed scheme.Experiment results verified that this scheme is effective and feasible in cloud storage services,and it shows forward and backward two-way confidentiality in security analysis.

Key words: Access control of cloud storage, Attribute revocation, CP-ABE, Lazy-revocation

中图分类号:

TP393

乔毛,秦岭. 云存储服务中一种高效属性撤销的AB-ACCS方案[J]. 计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015

QIAO Mao,QIN Ling. AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services[J]. Computer Science, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015

参考文献

[1]BELGUITH S,KAANICHE N,LAURENT M,et al.PHOABE: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT[J].Computer Networks,2018,133:141-156.
[2]WANG F Y,ZHANG Y,GUO X,et al.Multiuser access control searchable privacy-preserving scheme in cloud storage[J].International Journal of Communication Systems,2018:157-165.
[3]JIANG Y H,WILL Y,MU Y,et al.Flexible ciphertext-policy attribute-based encryption supporting AND-gate and threshold with short ciphertexts[J].International Journal of Information Security,2017,38(1):463-475.
[4]ZUO B Y,HUI L,JIAN F M,et al.Adaptively secure ciphertext-policy attribute-based encryption with dynamic policy updating[J].Science China Information Sciences,2016,25(2):1-6.
[5]SHI R S,YOSHIAK I,NOMUR A,et al.Attribute Revocable Attribute-Based Encryption with Forward Secrecy for Fine-Grained Access Control of Shared Data[J].IEICE Transactions on Information and Systems,2017,19(5):2432-2439.
[6]CHANG J W,JIA Y W,JING L,et al.Insecurity of Cheng et al.Efficient Revocation in Ciphertext-Policy Attribute-Based Encryption Based Cryptographic Cloud Storage[C]∥Euromicro International Conference on Parallel, Distributed and Network-based Processing.2017:1387-1393.
[7]WANG J H,WANG G B,XU K Y.Prove CP-ABE scheme supporting large-scale attribute set and attribute-level user revocation under standard model[J].Journal of Electronics & Information Technology,2017,39(12):3013-3022.(in Chinese)
王建华,王光波,徐开勇.标准模型下可证明安全的支持大规模属性集与属性级用户撤销的CP-ABE方案[J].电子与信息学报,2017,39(12):3013-3022.
[8]ZHANG W W,ZHANG Y Z,HUANG X,et al.Data Sharing Scheme for Wireless Body Area Network Supporting Secure Outsource Computing[J].Journal on Communications,2017,38(4):64-75.(in Chinese)
张维纬,张育钊,黄焯,等.支持安全外包计算的无线体域网数据共享方案[J].通信学报,2017,38(4):64-75.
[9]LIU Q,LIU X H,HU B S,et al.Fine-grained access control supporting user revocation in personal health records cloud mana-gement system[J].Journal of Electronics & Information Technology,2017,39(5):1206-1212.(in Chinese)
刘琴,刘旭辉,胡柏霜,等.个人健康记录云管理系统中支持用户撤销的细粒度访问控制[J].电子与信息学报,2017,39(5):1206-1212.
[10]ROHIT A,SRABAN K M.A Scalable Attribute-Based Access Control Scheme with Flexible Delegation cum Sharing of Access Privileges for Cloud Storage[C]∥International Conference on Advanced Networking Distributed Systems and Applications.2017:1-4.
[11]YANG K,JIA X.Security for cloud storage systems[M]. Springer:New York,2015:39-58.
[12]LI X H,LIU T,ZHOU M R.Releasable ABE access control method based on multi-authorities in cloud storage[J].Application Research of Computers,2017,34(3):897-902.(in Chinese)
李谢华,刘婷,周茂仁.云存储中基于多授权机构可撤销的ABE访问控制方法[J].计算机应用研究,2017,34(3):897-902.
[13]HAN T X,DING J Y.Revocation and Optimization Mechanism of Rights for Cloud Computing Storage Platform Based on Dynamic Re-encryption[J].Science Technology and Engineering,2015,15(20):108-115.(in Chinese)
韩同欣,丁建元.基于动态重加密的云计算存储平台权限撤销优化机制[J].科学技术与工程,2015,15(20):108-115.
[14]SUN X N,JIANG H,XU Q L.Multiuser ORAM Scheme Based on Binary Tree Storage[J].Journal of Software,2016,27(6):1475-1486.(in Chinese)
孙晓妮,蒋瀚,徐秋亮.基于二叉树存储的多用户ORAM方案[J].软件学报,2016,27(6):1475-1486.
[15]ZHENG Z H,ZHANG M Q,WANG X A.identity proxy re-encryption scheme for cloud data sharing[J].Application Research of Computers,2016,33(11):3450-3454.(in Chinese)
郑志恒,张敏情,王绪安.一种适合云数据共享的身份代理重加密方案[J].计算机应用研究,2016,33(11):3450-3454.
[16]YAN X L,ZHI X W,WEN Y Y.Linear (k,n) Secret Sharing Scheme with Cheating Detection[C]∥International Computer Conference on Wavelet Actiev Media Technology and Information Processing(ICCWAMTIP).2015:1-5.
[17]ACHMAD B M,RINA R.File encryption and hiding application based on advanced encryption standard (AES) and append insertion steganography method[C]∥Communications Security Conference (CSC).2018:1-8.

相关文章 10

[1]	阳真, 黄松, 郑长友. 基于区块链与改进CP-ABE的众测知识产权保护技术研究 Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE 计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075
[2]	章园园, 秦岭. 面向物联网搜索技术的高效访问控制方案 Efficient Access Control Scheme for Internet of Things Search Technology 计算机科学, 2019, 46(8): 194-200. https://doi.org/10.11896/j.issn.1002-137X.2019.08.032
[3]	江泽涛,黄锦,胡硕,徐智. 云计算下可撤销的全外包CP-ABE方案 Fully-outsourcing CP-ABE Scheme with Revocation in Cloud Computing 计算机科学, 2019, 46(7): 114-119. https://doi.org/10.11896/j.issn.1002-137X.2019.07.018
[4]	刘胜杰, 王静. 云环境下SNS隐私保护方案 Privacy Preserving Scheme for SNS in Cloud Environment 计算机科学, 2019, 46(2): 133-138. https://doi.org/10.11896/j.issn.1002-137X.2019.02.021
[5]	王静, 司书建. 面向脑机接口技术的属性可撤销访问控制方案 Attribute Revocable Access Control Scheme for Brain-Computer Interface Technology 计算机科学, 2018, 45(9): 187-194. https://doi.org/10.11896／j.issn.1002-137X.2018.09.031
[6]	张光华, 刘会梦, 陈振国. 云计算环境下基于属性的撤销方案 Attribute-based Revocation Scheme in Cloud Computing Environment 计算机科学, 2018, 45(8): 134-140. https://doi.org/10.11896/j.issn.1002-137X.2018.08.024
[7]	陈成, 努尔买买提·黑力力. 基于CP-ABE的利益冲突数据集的访问控制 CP-ABE Based Access Control of Data Set with Conflict of Interest 计算机科学, 2018, 45(11): 149-154. https://doi.org/10.11896／j.issn.1002-137X.2018.11.022
[8]	屠袁飞, 高振宇, 李荣雨. 基于CP-ABE的可撤销属性加密访问控制算法 Removable Attribute Encryption Access Control Algorithm Based on CP-ABE 计算机科学, 2018, 45(11): 176-179. https://doi.org/10.11896／j.issn.1002-137X.2018.11.027
[9]	熊安萍,许春香,冯浩. 云存储环境下支持策略变更的CP-ABE方案 CP-ABE Scheme with Supporting Policy Elastic Updating in Cloud Storage Environment 计算机科学, 2016, 43(1): 191-194. https://doi.org/10.11896/j.issn.1002-137X.2016.01.043
[10]	张柄虹,张串绒,焦和平,张欣威. 一种属性可撤销的安全云存储模型 Secure Model of Cloud Storage Supporting Attribute Revocation 计算机科学, 2015, 42(7): 210-215. https://doi.org/10.11896/j.issn.1002-137X.2015.07.046

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed