计算机科学 ›› 2019, Vol. 46 ›› Issue (7): 96-101.doi: 10.11896/j.issn.1002-137X.2019.07.015
乔毛,秦岭
QIAO Mao,QIN Ling
摘要: 为了提高云存储访问控制(Access Control for Cloud Storage,ACCS)的安全性、高效性,目前国内外云储存服务技术在身份验证、用户授权、数据完整性和加密手段等方面提供了安全性支持,但只是在通信过程中采用https协议对报文进行加密或者引入第三方代理机构对数据文件重加密,导致在跨域共享中存在数据安全隐患,并且在加密过程中存在计算开销大、效率低的问题。为了解决以上问题,提出了云存储服务中一种高效属性撤销的AB-ACCS(Attributes-Based of Access Control for Cloud Storage)方案。该方案通过一种改进的CP-ABE(Ciphertext Policy Attri-bute Based Encryption))进行访问控制,在不引用第三方代理机构的情况下,云服务提供商(Cloud Storage Provider,CSP)执行密文重加密操作,减少了权威机构和用户的通信负担。同时为了提高该方案在访问控制时的效率,在控制算法上加入新文件创建、新用户授权、属性撤销、文件访问的过程设计,并且结合了懒惰重加密技术,实现了云存储服务中一种高效属性撤销的AB-ACCS方案。实验结果验证了此方案在云存储服务中是有效可行的,并且安全性分析表明其具有向前和向后的双向保密性。
中图分类号:
[1]BELGUITH S,KAANICHE N,LAURENT M,et al.PHOABE: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT[J].Computer Networks,2018,133:141-156. [2]WANG F Y,ZHANG Y,GUO X,et al.Multiuser access control searchable privacy-preserving scheme in cloud storage[J].International Journal of Communication Systems,2018:157-165. [3]JIANG Y H,WILL Y,MU Y,et al.Flexible ciphertext-policy attribute-based encryption supporting AND-gate and threshold with short ciphertexts[J].International Journal of Information Security,2017,38(1):463-475. [4]ZUO B Y,HUI L,JIAN F M,et al.Adaptively secure ciphertext-policy attribute-based encryption with dynamic policy updating[J].Science China Information Sciences,2016,25(2):1-6. [5]SHI R S,YOSHIAK I,NOMUR A,et al.Attribute Revocable Attribute-Based Encryption with Forward Secrecy for Fine-Grained Access Control of Shared Data[J].IEICE Transactions on Information and Systems,2017,19(5):2432-2439. [6]CHANG J W,JIA Y W,JING L,et al.Insecurity of Cheng et al.Efficient Revocation in Ciphertext-Policy Attribute-Based Encryption Based Cryptographic Cloud Storage[C]∥Euromicro International Conference on Parallel, Distributed and Network-based Processing.2017:1387-1393. [7]WANG J H,WANG G B,XU K Y.Prove CP-ABE scheme supporting large-scale attribute set and attribute-level user revocation under standard model[J].Journal of Electronics & Information Technology,2017,39(12):3013-3022.(in Chinese) 王建华,王光波,徐开勇.标准模型下可证明安全的支持大规模属性集与属性级用户撤销的CP-ABE方案[J].电子与信息学报,2017,39(12):3013-3022. [8]ZHANG W W,ZHANG Y Z,HUANG X,et al.Data Sharing Scheme for Wireless Body Area Network Supporting Secure Outsource Computing[J].Journal on Communications,2017,38(4):64-75.(in Chinese) 张维纬,张育钊,黄焯,等.支持安全外包计算的无线体域网数据共享方案[J].通信学报,2017,38(4):64-75. [9]LIU Q,LIU X H,HU B S,et al.Fine-grained access control supporting user revocation in personal health records cloud mana-gement system[J].Journal of Electronics & Information Technology,2017,39(5):1206-1212.(in Chinese) 刘琴,刘旭辉,胡柏霜,等.个人健康记录云管理系统中支持用户撤销的细粒度访问控制[J].电子与信息学报,2017,39(5):1206-1212. [10]ROHIT A,SRABAN K M.A Scalable Attribute-Based Access Control Scheme with Flexible Delegation cum Sharing of Access Privileges for Cloud Storage[C]∥International Conference on Advanced Networking Distributed Systems and Applications.2017:1-4. [11]YANG K,JIA X.Security for cloud storage systems[M]. Springer:New York,2015:39-58. [12]LI X H,LIU T,ZHOU M R.Releasable ABE access control method based on multi-authorities in cloud storage[J].Application Research of Computers,2017,34(3):897-902.(in Chinese) 李谢华,刘婷,周茂仁.云存储中基于多授权机构可撤销的ABE访问控制方法[J].计算机应用研究,2017,34(3):897-902. [13]HAN T X,DING J Y.Revocation and Optimization Mechanism of Rights for Cloud Computing Storage Platform Based on Dynamic Re-encryption[J].Science Technology and Engineering,2015,15(20):108-115.(in Chinese) 韩同欣,丁建元.基于动态重加密的云计算存储平台权限撤销优化机制[J].科学技术与工程,2015,15(20):108-115. [14]SUN X N,JIANG H,XU Q L.Multiuser ORAM Scheme Based on Binary Tree Storage[J].Journal of Software,2016,27(6):1475-1486.(in Chinese) 孙晓妮,蒋瀚,徐秋亮.基于二叉树存储的多用户ORAM方案[J].软件学报,2016,27(6):1475-1486. [15]ZHENG Z H,ZHANG M Q,WANG X A.identity proxy re-encryption scheme for cloud data sharing[J].Application Research of Computers,2016,33(11):3450-3454.(in Chinese) 郑志恒,张敏情,王绪安.一种适合云数据共享的身份代理重加密方案[J].计算机应用研究,2016,33(11):3450-3454. [16]YAN X L,ZHI X W,WEN Y Y.Linear (k,n) Secret Sharing Scheme with Cheating Detection[C]∥International Computer Conference on Wavelet Actiev Media Technology and Information Processing(ICCWAMTIP).2015:1-5. [17]ACHMAD B M,RINA R.File encryption and hiding application based on advanced encryption standard (AES) and append insertion steganography method[C]∥Communications Security Conference (CSC).2018:1-8. |
[1] | 阳真, 黄松, 郑长友. 基于区块链与改进CP-ABE的众测知识产权保护技术研究 Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE 计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075 |
[2] | 章园园, 秦岭. 面向物联网搜索技术的高效访问控制方案 Efficient Access Control Scheme for Internet of Things Search Technology 计算机科学, 2019, 46(8): 194-200. https://doi.org/10.11896/j.issn.1002-137X.2019.08.032 |
[3] | 江泽涛,黄锦,胡硕,徐智. 云计算下可撤销的全外包CP-ABE方案 Fully-outsourcing CP-ABE Scheme with Revocation in Cloud Computing 计算机科学, 2019, 46(7): 114-119. https://doi.org/10.11896/j.issn.1002-137X.2019.07.018 |
[4] | 刘胜杰, 王静. 云环境下SNS隐私保护方案 Privacy Preserving Scheme for SNS in Cloud Environment 计算机科学, 2019, 46(2): 133-138. https://doi.org/10.11896/j.issn.1002-137X.2019.02.021 |
[5] | 王静, 司书建. 面向脑机接口技术的属性可撤销访问控制方案 Attribute Revocable Access Control Scheme for Brain-Computer Interface Technology 计算机科学, 2018, 45(9): 187-194. https://doi.org/10.11896/j.issn.1002-137X.2018.09.031 |
[6] | 张光华, 刘会梦, 陈振国. 云计算环境下基于属性的撤销方案 Attribute-based Revocation Scheme in Cloud Computing Environment 计算机科学, 2018, 45(8): 134-140. https://doi.org/10.11896/j.issn.1002-137X.2018.08.024 |
[7] | 陈成, 努尔买买提·黑力力. 基于CP-ABE的利益冲突数据集的访问控制 CP-ABE Based Access Control of Data Set with Conflict of Interest 计算机科学, 2018, 45(11): 149-154. https://doi.org/10.11896/j.issn.1002-137X.2018.11.022 |
[8] | 屠袁飞, 高振宇, 李荣雨. 基于CP-ABE的可撤销属性加密访问控制算法 Removable Attribute Encryption Access Control Algorithm Based on CP-ABE 计算机科学, 2018, 45(11): 176-179. https://doi.org/10.11896/j.issn.1002-137X.2018.11.027 |
[9] | 熊安萍,许春香,冯浩. 云存储环境下支持策略变更的CP-ABE方案 CP-ABE Scheme with Supporting Policy Elastic Updating in Cloud Storage Environment 计算机科学, 2016, 43(1): 191-194. https://doi.org/10.11896/j.issn.1002-137X.2016.01.043 |
[10] | 张柄虹,张串绒,焦和平,张欣威. 一种属性可撤销的安全云存储模型 Secure Model of Cloud Storage Supporting Attribute Revocation 计算机科学, 2015, 42(7): 210-215. https://doi.org/10.11896/j.issn.1002-137X.2015.07.046 |
|