云存储下多用户协同访问控制方案

doi:10.11959/j.issn.1000-436x.2016010

摘要/Abstract

摘要：

CP-ABE 被认为是云存储下最适合的数据访问控制方法之一，但它仅适合用户分别读取或者分别修改不同数据的情况，而直接应用CP-ABE进行多用户协同数据访问时，会存在修改无序、密文文件大量冗余等问题。多用户协同访问云端数据时，应该在保证机密性、抗共谋的前提下控制合法用户有序地修改同一密文文件，同时云端尽可能减少密文文件副本。针对文件和文件逻辑分块，提出了2个多用户协同访问控制方案MCA-F和MCA-B。MCA-F满足单个数据文件作为最小控制粒度的访问控制需求，该方案采用层次加密结构，云服务器承担部分解密计算，以降低用户解密的计算代价；针对多用户同时写数据的访问控制，提出了对多个用户提交的暂存数据的管理方法。MCA-B 用于文件的逻辑分块作为最小控制粒度的访问控制，该方案设计了文件的逻辑分块机制、基于索引矩阵的表示方法，提出了子数据掩码表示方法以描述多个用户对同一文件不同逻辑分块的写权限；MCA-B支持用户集合、文件逻辑分块结构的动态变化，而且数据的拥有者和修改者无需一直在线。与现有的方案相比，所提方案不仅具有云存储下多用户协同写数据的访问控制能力，而且读访问控制的用户端存储量和加解密计算量是较小的。

关键词: 云存储, 访问控制, 属性加密, 多用户协同访问

Abstract:

CP-ABE was considered as one of most suitable methods of access control in cloud storage. However, it was just fit for reading or modifying different data files respectively. When CP-ABE was applied directly to data access collaborative control by multiple users, there would be such problems as data being modified disorderly.When multiple users access collaboratively the data stored on the cloud, legitimate users should modify the same ciphertext file orderly on the premise of confidentiality and collusion-resistance and the copies of ciphertext file should be generated as few as possible. Two multi-user collaborative access control schemes MCA-F and MCA-B for the file and its logical blocks each were proposed. The MCA-F scheme meets the requirement of access control in which the minimal granularity of control is a single data file. In MCA-F scheme, hierarchical encryption is adopted,a part of decrypting computation is transferred to a cloud server to decrease the computational cost on users when decrypting.In allusion to the simultaneous write-data access control of multiple users, a method is designed to manage semi-stored modified data submitted by menders. The MCA-B scheme is used for the access control in which a logical block of the file is the minimal granularity of control. This scheme designs a mechanism of logical blocking of the file and a representing method based on index matrix, and the representation of sub data mask is put forward to describe write permission of multiple users on different logical blocks of the same file. MCA-B scheme supports the dynamic change of the structure of logical blocks of the file, and the owners or menders do not need to be online always. Compared with the existing schemes, not only do proposed schemes provide multi-user collaborative access control in cloud storage, but also the client storage of reading access control and the computation of encrypting and decrypting are both lesser.

Key words: cloud storage, access control, attribute-based encryption, multi-user collaborative access

史姣丽,黄传河,王晶,覃匡宇,何凯. 云存储下多用户协同访问控制方案[J]. 通信学报, 2016, 37(1): 88-99.

li SHIJiao,he HUANGChuan,Jing WANG,yu QINKuang,Kai HE. Multi-user collaborative access control scheme in cloud storage[J]. Journal on Communications, 2016, 37(1): 88-99.

图/表 6

表1

图1

图2

图3

表2

存储代价比较"

方案	AA_k	Cloud	Owner	Mender
文献[10]方案	$(n_{a, k} + 3) \| p \|$	$(3 + 3 t_{r}) \| p \|$	$(2 N_{A} + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	－
文献[11]方案	$(n_{a, k} + 3) \| p \|$	$(3 + 3 t_{r}) \| p \|$	$(3 N_{A} + 1 + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	－
本文方案1 (MCA-F)	$(n_{a, k} + 3 + n_{u_{t}, k}) \| p \|$	$(4 + 2 t_{r} + 2 t_{w}) \| p \| + (1 + n_{m e n d e r}) L$	$(1 + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	$(2 + 2 \sum_{k = 1}^{N_{A}} n_{a, k, u_{t}}) \| p \|$
本文方案2 (MCA-B)	$(n_{a, k} + 3 + n_{u_{t}, k}) \| p \|$	$(4 + 2 t_{r} + 2 t_{w}) \| p \| + L + n (2 + 2 \sum t_{n}^{i}) \| p \| + \sum_{m e n d e r = 1}^{N} \sum_{p = 1}^{M} L_{p}^{m e n d e r}$	$(1 + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	$(2 + 2 \sum_{k = 1}^{N_{A}} n_{a, k, u_{t}}) \| p \|$

表2

表3

计算代价比较"

方案	EncryptRead算法(Owner上)	DecryptRead算法(Cloud上)	DecryptRead算法(Mender/User上)	Verify算法(Cloud上)	VerifyPart算法(Cloud上)
文献[10]方案	(2+2t_r)exp	0	(k+logt)exp+(2k+1)pairing	—	—
文献[11]方案	(3+6t_r)exp	$N_{A} ((\sum_{k = 1}^{I_{A_{k}}} (3 p a i r i n g + \exp)) + 2 p a i r i n g)$	exp	—	—
本文方案1 (MCA-F)	(2+2t_r)exp	(k+logt_r )exp+(2k)pairing	exp+ pairing	(k+logt_w+1)exp+(2k)pairing	—
本文方案2 (MCA-B)	(2+2t_r)exp	(k+logt_r )exp+(2k)pairing	exp+ pairing	—	(k+logt_p+1)exp+(2k)pairing

表3

参考文献 17

[1]	SAHAI A , WATERS B . Fuzzy identity-based encryp-tion[C]// Advances in Cryptology - Eurocrypt 2005. Springer, Berlin Heidelberg, c2005:457-473.
[2]	GOYAL O P V , SAHAI A , WATERS B . Attribute based encryption for fine-grained access conrol of encrypted data[C]// 13th ACM Confe-rence on Computer and Communications Security. Alexandria, c2006:89-98.
[3]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// IEEE Symposium on Security and Pri-vacy. California,IEEE, c2007:321-334.
[4]	LEWKO A , OKAMOTO T , SAHAI A , et al. Fully secure functional. encryption: attribute-based encryption and (hierarchical) inner product encryption[C]// Advances in Cryptology EUROCRYPT 2010. Springer, Berlin Heidelberg, c2010:62-91.
[5]	DENG H , WU Q , QIN B . Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts[J]. Information Sciences, 2014,275(8): 370-384.
[6]	LI M , YU S C , ZHENG Y . Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption[J]. IEEE Transactions on Parallel and Distributed Systems, 2013,24(1): 131-143.
[7]	FERRARA A L , FUCHSBAUER G , WARINSCHI B . Cryptographi-cally Enforced RBAC[C]// IEEE 26th Computer Security Foundations Symposium (CSF).Louisiana,IEEE, c2013:115-129.
[8]	ZHAO F , NISHIDE T , SAKURAI K . Realizing fine-grained and flexible access control to outsourced data with attribute-based crypto-systems[C]// IInformation Security Practice and Experience. Springer, Berlin Heidelberg, c2011:83-97.
[9]	RUJ S , STOJMENOVIC M , NAYAK A . Decentralized access control with anonymous authentication of data stored in clouds[J]. IEEE Trans-actions on Parallel and Distributed Systems, 2014,25(2): 384-394.
[10]	HUR J , KANG K . Secure data retrieval for decentralized disrup-tion-tolerant military networks[J]. IEEE/ACM Transactions o Net-working, 2014,(22):16-26.
[11]	YANG K , JIA X H , REN K , et al. DAC-MACS: effective data access control for multi-authority cloud storage systems[C]// INFOCOM 2013. Turin,IEEE, c2013:2895-2903.
[12]	YANG K , JIA X , REN K . Enabling efficient access contro with dy-namic policy updating for big data in the cloud[C]// INFOCOM 2014. Toronto,IEEE, c2014:2013-2021.
[13]	HERRANZ J , RUIZ A , SáEZ G . New results and applications for multi-secret sharing schemes[J]. Designs, Codes and Cryptography, 2013,73(3): 841-864.
[14]	LEWKO A , WATERS B . New proof methods for attribute-based encryption: achieving full security through selective techniques[C]// Advances in Cryptology CRYPTO 2012. California: Springer, c2012:180-198.
[15]	郭树行，张禹．基于动态情景网关的系统协同访问控制模型[J]. 通信学报, 2013,34(Z1):142-147. GUO S X , ZHANG Y . Dynamic situation gateway based system co-operations access gated model[J]. Journal on Communications, 2013,34(Z1):142-147.
[16]	林果园，贺珊，黄皓．基于行为的云计算访问控制安全模型[J]. 通信学报, 2012,33(3):59-66. LIN G Y , HZ S ， HUANG H . Access control security model based on behavior in clond computing environment[J]. Journd on Communica-tions, 2012,33(3):59-66.
[17]	SHI J L , et al. An access control scheme with direct cloud-aided attribute revocation using version key[C]// ICA3PP 2014. Dalian, Springer International Publishing, c2014:429-442.

符号	说明
I_k	授权机构AA_k管理的属性集合
PK _Ak	授权机构AA_k的公钥
SK_Ak	授权机构AA_k的私钥
GSKu	用户u_t的全局私钥
SK_{u k}	授权机构AA_k发行给用户u_t的属性私钥
( ?D_j ,D_j )	属性私钥SK_{u k}中的一部分
Key_sym	用来加解密数据文件的对称密钥

方案	AA_k	Cloud	Owner	Mender
文献[10]方案	$(n_{a, k} + 3) \| p \|$	$(3 + 3 t_{r}) \| p \|$	$(2 N_{A} + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	－
文献[11]方案	$(n_{a, k} + 3) \| p \|$	$(3 + 3 t_{r}) \| p \|$	$(3 N_{A} + 1 + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	－
本文方案1 (MCA-F)	$(n_{a, k} + 3 + n_{u_{t}, k}) \| p \|$	$(4 + 2 t_{r} + 2 t_{w}) \| p \| + (1 + n_{m e n d e r}) L$	$(1 + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	$(2 + 2 \sum_{k = 1}^{N_{A}} n_{a, k, u_{t}}) \| p \|$
本文方案2 (MCA-B)	$(n_{a, k} + 3 + n_{u_{t}, k}) \| p \|$	$(4 + 2 t_{r} + 2 t_{w}) \| p \| + L + n (2 + 2 \sum t_{n}^{i}) \| p \| + \sum_{m e n d e r = 1}^{N} \sum_{p = 1}^{M} L_{p}^{m e n d e r}$	$(1 + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	$(2 + 2 \sum_{k = 1}^{N_{A}} n_{a, k, u_{t}}) \| p \|$