计算机科学 ›› 2014, Vol. 41 ›› Issue (9): 146-151.doi: 10.11896/j.issn.1002-137X.2014.09.028
李拴保,范乃英,傅建明,祁慧敏,刘芊
LI Shuan-bao,FAN Nai-ying,FU Jian-ming,QI Hui-min and LIU Qian
摘要: 用户权限分配是云计算服务的重要难题之一,提出了一种基于属性的用户权限管理方案。该方案以云服务中的新用户密钥分配为研究对象,论述了多方协同的用户签名验证解密管理机制,数据所有者和授权者共同选择属性集,数据所有者基于属性集定义密文访问结构,从而用户只有通过授权者认证才能获得解密密钥,达到用户权限升级与降级同步管理的目的。另外,本方案以群属性集更新为中心设计CP-ABE群签名验证机制,令数据所有者、用户和授权者组成群;基于群和自身属性用户可对消息签名以及公开验证,用以保护密文数据的细粒度访问控制。最后,给出签名有效性和不可伪造的证明结果。
| [1] Armbrust M,Fox A.Above the Clouds:A Berkeley View ofCloud Computing[R].UC Berkeley Reliable Adaptive Distributed Systems Laboratory,2009 [2] 李拴保,傅建明,连向磊.植入城市计算综述[J].计算机科学,2013,40(3):8-15 [3] Li M,Yu S C,et al.Securing Personal Health Records in Cloud Computing:Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings [C]∥Proc of Secure- Comm 2010.LNICST 50,2010:89-106 [4] Zhang H G,Li C L,et al.Evolutionary cryptography againstmultidimensional linear cryptanalysis[J].Sci China Inf Sci,2011,54(12):2565-2577 [5] Zhang H G,Li C L,et al.Capability of evolutionary cryptosy-stems against differential cryptanalysis[J].Sci China Inf Sci,2011,54(10):1991-2000 [6] Wang H Z,Zhang H G,et al.Extended multivariate public key crypto systems with secure encryption function[J].Sci China Inf Sci,2011,54(6):1161-1171 [7] Tang M,Zhang H G,et al.Evolutionary chipers against differential power analysis and differential fault analysis[J].Sci China Inf Sci,2012,55(4):911-920 [8] 冯登国,张敏,等.云计算安全研究[J].软件学报,2011,22(1):71-83 [9] 沈昌祥,张焕国,等.信息安全综述[J].中国科学E辑:信息科学,2007,37(2):129-150 [10] Sahai A,Waters B,et al.Fuzzy identity-based encryption[C]∥Proc of EUROCRYPT 2005.Springer,Heidelberg,2005,3494:457-473 [11] Goyal V,Pandey O,et al.Attribute-Based encryption for fine-grained access control of encrypted data[C]∥Proc of the 13th ACM Conference on Computer and Communication Security.2006:89-98 [12] Bethencourt J,Sahai A,et al.Ciphertext-Policy Attribute-BasedEncryption[C]∥Proc of IEEE Symposium on Security and Privacy.2007:321-334 (下转第177页)(上接第151页) [13] Pirretti M,Traynor P,et al.Secure attribute based systems[C]∥Proc of the 13th ACM conference on Computer and Communication Security.2006:99-112 [14] Yu Shu-cheng,Wang Cong,et al.Attribute Based Data Sharing with Attribute Revocation[C]∥Proc of ASIACCS.2010:261-270 [15] Wang Guo-jun,Liu Qin,et al.Hierarchical attribute-based en-cryption for fine-grained access control in cloud storage services[C]∥Proc of CCS-2010.2010:735-737 [16] Yu Shu-cheng,Wang Cong,et al.Achieving Secure,Scalable,and Fine-grained Data Access Control in Cloud Computing [C]∥Proc of INFOCOM.2010:15-19 [17] Wang Guo-jun,Liu Qin,et al.Hierarchical attribute-based en-cryption and scalable user revocation for sharing data in cloud servers[J].Computers & Security,2011,30:320-331 [18] Nuttapong A,Hideki I.Conjunctive Broadcast and Attribute-Based Encryption[M]∥Pairing-Based Cryptograph-Pairing 2009.Springer Berlin Heidlberg,2009:248-265 [19] Niroshinie F,Seng W,et al.Mobile cloud computing:A survey[J].Future Generation Computer Systems,2013,29:84-106 [20] Ibraimi L,Petkovic M,et al.Ciphertext-policy attribute-basedthreshold decryption with flexible delegation and revocation of user attributes[R].Centre for Telematics and Information Technology,University of Twente,2009 [21] Jae H S,Keita E.Efficient Delegation of Key Generation andRevocation Functionalities in Identity-Based Encryption[M]∥ Topics in Cryptology-CFRSA 2013.Springer Berlin Heidelberg,2013:345-358 [22] Yang Kan,Jia Xiao-hua,et al.Attribute-based Fine-Grained Access Control with Efficient Revocation in Cloud Storage Systems[C]∥Proc of ASIA CCS.ACM,NY,2013:523-528 [23] Junbeom H,Dong K N.Attribute-based access control with efficient revocation in data outsourcing systems[J].IEEE T ransactions on Parallel and Distributed Systems,2011,22(7):1214-1221 [24] Aggelos K,Moti Y.Group Signatures with Efficient Concur-rent Join[C]∥Proc of EUROCRYPT 2005.2005:198-214 [25] Dalia K.Attribute Based Group Signature with Revocation[R].Cryptology ePrint archive:report 2007/241 [26] Dan B,Matt F.Identity-Based Encryption from the Weil Pairing[C]∥Proc of CRYPTO 2001.2001:213-229 [27] Sujata M,Bansidhar M,et al.A secure electronic cash based on a certificateless group signcryption scheme[J].Mathematical and Computer Modelling,2013(58):186-195 [28] Wang Chang-ji,Huang Jia-sen.Attribute-based Signcryptionwith Ciphertext-policy and Claim-predicate Mechanism[C]∥Proc of Seventh International Conference on Computational Intelligence and Security.2011:905-909 [29] Keita E,Atsuko M,et al.Toward Dynamic Attribute-BasedSigncryption[C]∥Proc of ACISP 2011.2011:439-443 [30] Fan Chun-i,Wu Chien-nan,et al.Attribute-based strong designated-verifier signature scheme[J].The Journal of Systems and Software,2012(85):944-959 |
| No related articles found! |
|
||
首页