一种高效多授权中心云访问控制方案

doi:10.11896/j.issn.1002-137X.2016.09.035

摘要/Abstract

摘要： 针对已有云计算多授权访问控制方案中用户端负担过重的问题,提出一种基于属性加密的多授权中心访问控制方案HE-MA-ACS。在层次化授权结构的基础上,引入外包解密思想,将用户访问的大部分解密计算开销外包至云服务端,实现细粒度的属性撤销,并且用户端不需要参与属性的撤销操作。对方案的正确性、安全性、计算和存储性能进行了分析,证明了该方案在用户端存储开销、访问通信开销、解密时间及属性撤销时计算开销上的优越性。该方案有效地降低了用户端的负担,提高了解密效率。

关键词: 多授权中心,属性基加密,云计算,访问控制,外包解密

Abstract: For solving the overhead problems of users in the multi-authority access control schemes,a HE-MA-ACS scheme was proposed.Outsourced decryption is introduced based on the hierarchical authorization structure,so large part of the decryption overhead is moved to the CSP.Furthermore,fine-grained attribute revocation is achieved and the users can not participate in the operation when their attributes are revoked.The correctness,security,calculated and storage performance were analyzed.Experimental results demonstrate the superiority of overhead in user storage,access communication,decryption and the computation costs when attribute is revoked as well.The scheme effectively reduces the burden on the user side and improves the efficiency of decryption.

Key words: Multi-authority,ABE,Cloud computing,Access control,Outsourced decryption

周鹏旭,李成海. 一种高效多授权中心云访问控制方案[J]. 计算机科学, 2016, 43(9): 180-183. https://doi.org/10.11896/j.issn.1002-137X.2016.09.035

ZHOU Peng-xu and LI Cheng-hai. High Efficiency Multi-authority Cloud Access Control Scheme[J]. Computer Science, 2016, 43(9): 180-183. https://doi.org/10.11896/j.issn.1002-137X.2016.09.035

参考文献

[1] Feng Deng-guo,Zhang Min,Zhang Yan,et al.Studay on Cloud Computing Security[J].Journal of Software,2011,22(1):71-83(in Chinese) 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83
[2] Lin Chuang,Su Wen-bo,Meng Kun,et al.Cloud Computing Security:Architecture,Mechanism and Modeling[J].Chinese Journal of Computers,2013,9(36):1765-1784(in Chinese) 林闯,苏文博,孟坤,等.云计算安全:架构、机制与模型评价[J].计算机学报,2013,9(36):1765-1784
[3] Hong Cheng,Zhang Min,Feng Deng-guo.Achieving efficientdynamic cryptographic access control in cloud storage[J].Journal on Communications,2011,32(7):125-132(in Chinese) 洪澄,张敏,冯登国.面向云存储的高效动态密文访问控制方法[J].通信学报,2011,32(7):125-132
[4] Sahai A,Water B.Fuzzy identity-based encryption[C]∥Proc of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin:Springer-Verlag,2005:457-473
[5] Goyal V,Pandey O,Sahai A,et al.Attribute based encryption for fine-grained access control of encrypted data[C]∥Proc of ACM Conference on Computer and Communications Security.New York:ACM Press,2006:89-98
[6] Bethencount J,Sahai A,Waters B.Ciphertext-policy attribute-based encryption[C]∥Proc of IEEE Symposium on Security and Privacy.IEEE Press,2007:321-334
[7] Wen Yu-hui,Chen Guang-yong,Zhao Jin-tao.Solution of dataaccess control with ciphertext-policy attribute-based encryption in cloud computing[J].Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition),2013,25(5):658-664(in Chinese) 温昱晖,陈广勇,赵劲涛.基于CP-ABE在云计算中实现数据访问控制的方案[J].重庆邮电大学学报(自然科学版),2013,25(5):658-664
[8] Chase M.Multi-Authority attribute based encryption[C]∥Proc of the 4th Theory of Cryptography Conf.Germany:Springer Berlin Heidelberg,2007:515-534
[9] Ruj S,Nayak A,Stojmenovic I.DACC:Distributed access control in clouds[C]∥Proc of the 10th IEEE Int’l Conf.on Trust,Security and Privacy in Computing and Communications.Wa-shington,DC:IEEE Press,2011:91-98
[10] Liu Xue-jiao,Xia Ying-jie,Jiang Sha-sha,et al.Hierarchical attribute-based access control with authentication for outsourced data in cloud computing[C]∥Proc of the 2013 12th IEEE Int’l Conf.on Trust,Security and Privacy in Computing and Communications.Australia:IEEE Press,2013:477-484
[11] Yang Geng,Wang Dong-yang,Zhang Ting,et al.Attribute-Based Access Control with Multi-Authority Structure in Cloud Computing[J].Journal of Nanjing University of Posts and Telecommunications(Natural Science),2014,34(2):2-9(in Chinese) 杨庚,王东阳,张婷,等.云计算环境中基于属性的多权威访问控制方法[J].南京邮电大学学报(自然科学),2014,34(2):2-9
[12] Huang Xiao-fneg,Qi Tao,Qin Bao-dong,et al.Multi-Authority Attribute Based Encryption Scheme Revocation[C]∥2015 24th International Conference on Computer Communication and Networks (ICCCN).IEEE Press,2015:1-5
[13] Chen Yan-li,Song Ling-ling,Yang Geng.Attribute-based access control for multi-authority system with constant size ciphertext in cloud computing[J].Wireless Communication Over Zigbee for Automotive Inclination Measurement China Communications,2016,13(2):146-162
[14] Xu X,Zhou J,Wang X,et al.Multi-Authority proxy re-encryption based on CPABE for cloud storage systems[J].Journal of Systems Engineering and Electronics,2016,27(1):211-223
[15] Chen Dan-wei,Wan Liang-qing,Wang Chen,et al.A Multi-authority Attribute-Based Encryption Scheme with Pre-decryption[C]∥2015 Seventh International Symposium on Parallel Architectures,Algorithms and Programming (PAAP).IEEE Press,2015:223-228
[16] Li Yong,Zeng Zhen-yu,Zhang Xiao-fei.Outsourced decryption scheme supporting attribute revocation[J].Journal of Tsinghua University(Sci & Technol),2013,53(12):1664-1669(in Chinese) 李勇,曾振宇,张晓菲.支持属性撤销的外包解密方案[J].清华大学学报(自然科学版),2013,53(12):1664-1669
[17] Yang Kan,Jia Xiao-hua,Ren Kui,et al.DAC-MACS:Effective data access control for multi-authority cloud storage systems [J].IEEE Transactions on Information Forensics and Security,2013,8(11):1790-1801
[18] Rong Xing,Zhao Yong,Jiang Rong.MMACS:A Multi-Authority Cloud Access Scheme with Mixed Access Structure[C]∥Proc of Workshop on Secure Networking and Forensic Computing.Sydney,NSW:IEEE Press,2014:706-711

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed