计算机科学 ›› 2017, Vol. 44 ›› Issue (2): 176-176.doi: 10.11896/j.issn.1002-137X.2017.02.027
李谢华,周茂仁,刘婷
LI Xie-hua, ZHOU Mao-ren and LIU Ting
摘要: 针对云存储中跨域数据访问控制的安全性和有效性问题,提出了一种基于MA-ABE的高效的、细粒度的访问控制方案。新方案通过使用密钥分割技术和代理重加密技术,在权限撤销时保证用户密钥的安全性,并将大部分密文重加密工作转移到云端,以降低数据属主的计算代价。利用数据属主和授权机构分别产生和分发属性私钥组件,将用户全球唯一标识(GID)和用户私钥相分离,避免了授权机构间的联合攻击,有效地保护了用户身份信息。最后,通过理论分析表明了新方案的安全性,并实验验证了该方案在权限撤销时的高效性。
[1] SAHAI A,WATERS B.Fuzzy identity-based encryption[C]∥Proc of Advances in Cryptology-EUROCRYPT’05.Aarhus,Springer Berlin Heidelberg,2005:457-473. [2] BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy Attribute-based Encryption[C]∥Proc of IEEE Symposium Security and Privacy.Berkeley,CA,IEEE,2007:321-334. [3] WATERS B.Ciphertext-policy attribute-based encryption:Anexpressive,efficient,and provably secure realization[C]∥Proc of PKC’11.Taormina,Italy,Springer Berlin Heidelberg,2011:53-70. [4] GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]∥Proc of ACM Conference on Computer and Communications Security.Virginia,ACM,2006:89-98. [5] HUR J,NOH D K.Attribute-based access control with efficient revocation in data outsourcing systems[J].IEEE Transactions on Parallel and Distributed Systems,2011,2(7):1214-1221. [6] CHEUNG L,NEWPORT C.Provably secure ciphertext policyabe[C]∥CCS’07.New York,NY,USA:ACM,2007:456-465. [7] LIANG X H,LU R D,et al.Ciphertext-policy At tribute Based Encryption with Efficient Revocation[R].Technical Report,University of Waterloo,2010. [8] CHASE M.Multi-authority attribute based encryption[C]∥Proc of Cryptography Conference on Theory of Cryptography (TCC’07).Amsterdam,Springer Berlin Heidelberg,2007:515-534. [9] LIN H,CAO Z F,LIANG X.Secure threshold multi-authorityattribute-based encryption without a central authority[C]∥Proc of International Conference on Cryptology.India,Springer Berlin Heidelberg,2008:426-436. [10] LEWKO A,WATERS B.Decentralizing attribute-based encryption[C]∥Proc of International Conference on the Theory and Applications of Cryptographic Techniques.Tallinn,Springer Berlin Heidelberg,2011:568-588. [11] YU S C,WANG C,REN K,et al.Achiving secure,scalable,and fine-grained data access control in cloud computing [C]∥Proceedings of IEEE INFOCOM 2010.San Diego,CA,2010. [12] YANG K,JIA X H,REN K.DAC-MACS:Effective Date Access Control for Multi-Authority Cloud Storage Systems[J].IEEE Transactions on Information Forensics and Security,IEEE,2013,8(11):1790-1801. [13] LI J,REN K,ZHU B,et al.Privacy-aware attribute-based encryption with user accountability[M]∥Lecture Notes in Computer Science,ISC’09.Springer,vol.5735,2009:347-362. [14] YANG K,JIA X H.Expressive,Efficient and Revocable DataAccess Control for Multi-Authority Cloud Storage[J].IEEE Transactions on Parallel and Distributed Systems,2014,25(7):1735-1744. [15] YANG K,JIA X H.Attribute-based Access Control for Multi-Authority System in Cloud Storage[C]∥Proc of International Conference on Distributed Computing Systems (ICDCS).Macau,IEEE,2012:536-545. [16] EISSA T,CHO G H.A Fine Grained Access Control and Flexible Revocation Scheme for Data Security on Public Cloud Sto-rage Service[C]∥2012 International Conference on Cloud Computing Technologies,Applications and Management(ICCCTAM).Dubai,2012:27-33. [17] BENALOH J,LEKCHTER J.Generalized secret sharing andmonotone functions[C]∥Proc of Crypto’88,Lecture Notes in Computer Science.Springer-Verlag,Berlin,1989:213-222. [18] SUSHMITA R,AMIYA N,IVAN S.DACC:Distributed Access Control in Clouds[C]∥Proc of IEEE TrustCom.Changsha,IEEE,2011:91-98. [19] BETHENCOURT J,SAHAI A,WATERS B.The cpabe toolkit .http://acsc.csl.sri.com/cpabe. |
No related articles found! |
|