Computer Science ›› 2019, Vol. 46 ›› Issue (7): 96-101.doi: 10.11896/j.issn.1002-137X.2019.07.015

• Information Security • Previous Articles     Next Articles

AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services

QIAO Mao,QIN Ling   

  1. (College of Computer Science & Technology,Nanjing Technology University,Nanjing 211816,China)
  • Received:2018-05-31 Online:2019-07-15 Published:2019-07-15

Abstract: In order to improve the security and efficiency of cloud storage access control (ACCS),cloud storage service technologies at home and abroad provide security support for authentication,user authorization,data integrityand encryption methods,but they only use https in the communication process.The protocol encrypts the packet or re-encrypts the data file by a third-party agency,resulting in data security risks in cross-domain sharing.In the encryption process,there are some problems such as large computational overhead and low efficiency.In order to solve the above problems,this paper proposed an AB-ACCS scheme for revocation of efficient attributes in cloud storage services.The solution uses an improved CP-ABE for access control.Without referring to a third-party agency,the CSP performs ciphertext re-encryption operations,which reduces the communication burden between authorities and users.At the same time,in order to improve the efficiency of the program in access control,new file creation,new user authorization,attribute revocation,and file access process design are added to the control algorithm,and a lazy re-encryption technology is combined to implement the proposed scheme.Experiment results verified that this scheme is effective and feasible in cloud storage services,and it shows forward and backward two-way confidentiality in security analysis.

Key words: Access control of cloud storage, Attribute revocation, CP-ABE, Lazy-revocation

CLC Number: 

  • TP393
[1]BELGUITH S,KAANICHE N,LAURENT M,et al.PHOABE: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT[J].Computer Networks,2018,133:141-156.
[2]WANG F Y,ZHANG Y,GUO X,et al.Multiuser access control searchable privacy-preserving scheme in cloud storage[J].International Journal of Communication Systems,2018:157-165.
[3]JIANG Y H,WILL Y,MU Y,et al.Flexible ciphertext-policy attribute-based encryption supporting AND-gate and threshold with short ciphertexts[J].International Journal of Information Security,2017,38(1):463-475.
[4]ZUO B Y,HUI L,JIAN F M,et al.Adaptively secure ciphertext-policy attribute-based encryption with dynamic policy updating[J].Science China Information Sciences,2016,25(2):1-6.
[5]SHI R S,YOSHIAK I,NOMUR A,et al.Attribute Revocable Attribute-Based Encryption with Forward Secrecy for Fine-Grained Access Control of Shared Data[J].IEICE Transactions on Information and Systems,2017,19(5):2432-2439.
[6]CHANG J W,JIA Y W,JING L,et al.Insecurity of Cheng et al.Efficient Revocation in Ciphertext-Policy Attribute-Based Encryption Based Cryptographic Cloud Storage[C]∥Euromicro International Conference on Parallel, Distributed and Network-based Processing.2017:1387-1393.
[7]WANG J H,WANG G B,XU K Y.Prove CP-ABE scheme supporting large-scale attribute set and attribute-level user revocation under standard model[J].Journal of Electronics & Information Technology,2017,39(12):3013-3022.(in Chinese)
王建华,王光波,徐开勇.标准模型下可证明安全的支持大规模属性集与属性级用户撤销的CP-ABE方案[J].电子与信息学报,2017,39(12):3013-3022.
[8]ZHANG W W,ZHANG Y Z,HUANG X,et al.Data Sharing Scheme for Wireless Body Area Network Supporting Secure Outsource Computing[J].Journal on Communications,2017,38(4):64-75.(in Chinese)
张维纬,张育钊,黄焯,等.支持安全外包计算的无线体域网数据共享方案[J].通信学报,2017,38(4):64-75.
[9]LIU Q,LIU X H,HU B S,et al.Fine-grained access control supporting user revocation in personal health records cloud mana-gement system[J].Journal of Electronics & Information Technology,2017,39(5):1206-1212.(in Chinese)
刘琴,刘旭辉,胡柏霜,等.个人健康记录云管理系统中支持用户撤销的细粒度访问控制[J].电子与信息学报,2017,39(5):1206-1212.
[10]ROHIT A,SRABAN K M.A Scalable Attribute-Based Access Control Scheme with Flexible Delegation cum Sharing of Access Privileges for Cloud Storage[C]∥International Conference on Advanced Networking Distributed Systems and Applications.2017:1-4.
[11]YANG K,JIA X.Security for cloud storage systems[M]. Springer:New York,2015:39-58.
[12]LI X H,LIU T,ZHOU M R.Releasable ABE access control method based on multi-authorities in cloud storage[J].Application Research of Computers,2017,34(3):897-902.(in Chinese)
李谢华,刘婷,周茂仁.云存储中基于多授权机构可撤销的ABE访问控制方法[J].计算机应用研究,2017,34(3):897-902.
[13]HAN T X,DING J Y.Revocation and Optimization Mechanism of Rights for Cloud Computing Storage Platform Based on Dynamic Re-encryption[J].Science Technology and Engineering,2015,15(20):108-115.(in Chinese)
韩同欣,丁建元.基于动态重加密的云计算存储平台权限撤销优化机制[J].科学技术与工程,2015,15(20):108-115.
[14]SUN X N,JIANG H,XU Q L.Multiuser ORAM Scheme Based on Binary Tree Storage[J].Journal of Software,2016,27(6):1475-1486.(in Chinese)
孙晓妮,蒋瀚,徐秋亮.基于二叉树存储的多用户ORAM方案[J].软件学报,2016,27(6):1475-1486.
[15]ZHENG Z H,ZHANG M Q,WANG X A.identity proxy re-encryption scheme for cloud data sharing[J].Application Research of Computers,2016,33(11):3450-3454.(in Chinese)
郑志恒,张敏情,王绪安.一种适合云数据共享的身份代理重加密方案[J].计算机应用研究,2016,33(11):3450-3454.
[16]YAN X L,ZHI X W,WEN Y Y.Linear (k,n) Secret Sharing Scheme with Cheating Detection[C]∥International Computer Conference on Wavelet Actiev Media Technology and Information Processing(ICCWAMTIP).2015:1-5.
[17]ACHMAD B M,RINA R.File encryption and hiding application based on advanced encryption standard (AES) and append insertion steganography method[C]∥Communications Security Conference (CSC).2018:1-8.
[1] YANG Zhen, HUANG Song, ZHENG Chang-you. Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE [J]. Computer Science, 2022, 49(5): 325-332.
[2] JIANG Ze-tao,HUANG Jin,HU Shuo,XU Zhi. Fully-outsourcing CP-ABE Scheme with Revocation in Cloud Computing [J]. Computer Science, 2019, 46(7): 114-119.
[3] LIU Sheng-jie, WANG Jing. Privacy Preserving Scheme for SNS in Cloud Environment [J]. Computer Science, 2019, 46(2): 133-138.
[4] WANG Jing, SI Shu-jian. Attribute Revocable Access Control Scheme for Brain-Computer Interface Technology [J]. Computer Science, 2018, 45(9): 187-194.
[5] ZHANG Guang-hua, LIU Hui-meng, CHEN Zhen-guo. Attribute-based Revocation Scheme in Cloud Computing Environment [J]. Computer Science, 2018, 45(8): 134-140.
[6] CHEN Cheng, Nurmamat HELIL. CP-ABE Based Access Control of Data Set with Conflict of Interest [J]. Computer Science, 2018, 45(11): 149-154.
[7] TU Yuan-fei, GAO Zhen-yu, LI Rong-yu. Removable Attribute Encryption Access Control Algorithm Based on CP-ABE [J]. Computer Science, 2018, 45(11): 176-179.
[8] XIONG An-ping, XU Chun-xiang and FENG Hao. CP-ABE Scheme with Supporting Policy Elastic Updating in Cloud Storage Environment [J]. Computer Science, 2016, 43(1): 191-194.
[9] ZHANG Bing-hong, ZHANG Chuan-rong, JIAO He-ping and ZHANG Xin-wei. Secure Model of Cloud Storage Supporting Attribute Revocation [J]. Computer Science, 2015, 42(7): 210-215.
[10] LI Shuan-bao,FAN Nai-ying,FU Jian-ming,QI Hui-min and LIU Qian. Study on User Permissions Management Based on Attribute for Cloud Environment [J]. Computer Science, 2014, 41(9): 146-151.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!