通信学报

• 云安全 • 上一篇    下一篇

云端数据访问控制中基于中间代理的用户撤销新方法

姚 亮,杨 超,马建峰,张俊伟   

  1. 西安电子科技大学 计算机学院,陕西 西安 710071
  • 出版日期:2015-11-27 发布日期:2015-11-27
  • 基金资助:
    国家自然科学基金资助项目(61170251);国家自然科学基金委—广东联合基金资助项目(U1401251);国家高技术研究发展计划(“863”计划)基金资助项目(2012AA013102);教育部重点基金资助项目(209156)

New user revocation approach based on intermediate agency for cloud data access control

  • Online:2015-11-27 Published:2015-11-27

PDF下载

640

被引次数

5

摘要: 基于属性的加密机制是云端大数据细粒度访问控制的重要方法,其中的用户撤销是访问控制的重要一环,但现有的用户撤销方法因为仅仅重新加密对称密钥或者需要重新加密原始数据,所以存在安全性差或效率低的问题。针对上述问题,提出了一种基于中间代理的用户撤销方法,来解决在细粒度访问控制环境下用户撤销所带来的安全和效率问题。该用户撤销方法主要思想是利用中间代理辅助处理原始密文,继而由用户完成转化后密文的解密。由于用户没有单独解密密文的能力,因此不需要重新加密共享数据,从而在用户撤销后保证了数据的安全性,又解决了效率问题。理论分析以及实验结果表明,所提出的方法相较现有方法能够在细粒度访问控制环境下达到安全且高效的用户撤销。

关键词: 数据机密性;细粒度访问;用户撤销;中间代理

Abstract: Attribute-based encryption mechanism was a significant approach for data fine-grained access control in cloud in which the user revocation was the most crucial aspect of the access control. However, the existing user revocation schemes either encrypt the symmetric key or the original data, so keeping the balance between security and efficiency was difficult. In order to solve the security and efficiency problems that user revocation brought in the fine-grained access control, a new user revocation approach based on intermediate agency was proposed. In this approach, a intermediate agency to process original cipher text was employed, then the decryption should be finished by users. Because the user couldnot decrypt the cipher text alone, encrypting data after user revocation was required. Theoretical analysis and experimental results show that in the fine-grained access control environment proposed approach can achieve security and efficiency in user revocation compared with the existing schemes.

Key words: data confidentiality; fine-grained access; user revocation; intermediate agency

No Suggested Reading articles found!