通信学报 ›› 2015, Vol. 36 ›› Issue (6): 116-126.doi: 10.11959/j.issn.1000-436x.2015142

• 学术论文 • 上一篇    下一篇

面向云存储的基于属性加密的多授权中心访问控制方案

关志涛,杨亭亭,徐茹枝,王竹晓   

  1. 华北电力大学 控制与计算机工程学院,北京 102206
  • 出版日期:2015-06-25 发布日期:2017-05-11
  • 基金资助:
    国家自然科学基金资助项目;国家自然科学基金资助项目;中央高校面上基金资助项目

Multi-authority attribute-based encryption access control model for cloud storage

Zhi-tao GUAN,Ting-ting YANG,Ru-zhi XU,Zhu-xiao WANG   

  1. School of Control and Computer Engineering,North China Electric Power University,Beijing 102206,China
  • Online:2015-06-25 Published:2017-05-11
  • Supported by:
    The National Natural Science Foundation of China;The National Natural Science Foundation of China;The Central Government University Foundation

摘要:

已有基于属性加密的访问控制研究多是基于单授权中心来实现,该种方案在授权方不可信或遭受恶意攻击的情况下可能会造成密钥泄露。提出一种基于属性加密的多授权中心访问控制模型PRM-CSAC。基于CP-ABE方法,设计多授权中心的属性加密方案以提高密钥安全性;设计最小化属性分组算法,使用户访问文件时,能够按需分配密钥,减少不必要的属性密钥分配,降低重加密属性数量,提高系统效率;增加读写属性加强加密方对文件的访问控制,使访问控制策略更加完善。安全性分析及仿真实验表明,相比已有方案,PRM-CSAC对用户访问请求的响应时间更短,开销较小,且能够提供很高的安全性。

关键词: 云存储, 多授权中心, 访问控制, CP-ABE

Abstract:

The existing attribute-based encryption access control studies are mostly based on single authority,and this scheme is apt to be under attack to cause exposure of secret keys.Thus,a multi-authority access control model PRM-CSAC is proposed.Based on CP-ABE method,a multi-authority attribute-based encryption scheme is designed to improve security level.Minimized attribute grouping algorithm is designed to distribute keys to users according to needs,which can reduce unnecessary attribute key distribution and decrease the amount of re-encryption attributes.The read and write attribute are added to strengthen the control of owners.The analysis shows that the proposed scheme can meet the security requirement of access control in cloud,and it also has less response time and system cost.

Key words: cloud storage, multi-authority, access control, CP-ABE