通信学报 ›› 2020, Vol. 41 ›› Issue (5): 72-83.doi: 10.11959/j.issn.1000-436x.2020062

• 学术论文 • 上一篇    下一篇

密文去重系统中的数据访问控制策略

贾春福1,2,哈冠雄1,2,李瑞琪1,2   

  1. 1 南开大学网络空间安全学院,天津 300350
    2 天津市网络与数据安全技术重点实验室,天津 300350
  • 修回日期:2020-03-03 出版日期:2020-05-25 发布日期:2020-05-30
  • 作者简介:贾春福(1967- ),男,河北文安人,博士,南开大学教授、博士生导师,主要研究方向为计算机网络与信息安全、可信计算、恶意代码分析等|哈冠雄(1995- ),男,回族,天津人,南开大学硕士生,主要研究方向为云数据安全、密码学应用等|李瑞琪(1993- ),男,黑龙江尚志人,南开大学博士生,主要研究方向为同态加密、格密码学等
  • 基金资助:
    国家重点研发计划基金资助项目(2018YFA0704703);国家自然科学基金资助项目(61972215);国家自然科学基金资助项目(61772291);国家自然科学基金资助项目(61702399);国家自然科学基金资助项目(61972073);天津市自然科学基金资助项目(17JCZDJC30500)

Data access control policy of encrypted deduplication system

Chunfu JIA1,2,Guanxiong HA1,2,Ruiqi LI1,2   

  1. 1 College of Cyber Science,Nankai University,Tianjin 300350,China
    2 Tianjin Key Laboratory of Network and Data Security Technology,Tianjin 300350,China
  • Revised:2020-03-03 Online:2020-05-25 Published:2020-05-30
  • Supported by:
    The National Key Research and Development Program of China(2018YFA0704703);The National Natural Science Foundation of China(61972215);The National Natural Science Foundation of China(61772291);The National Natural Science Foundation of China(61702399);The National Natural Science Foundation of China(61972073);The Natural Science Foundation of TianJin(17JCZDJC30500)

摘要:

针对云存储中现有密文去重系统大多使用收敛加密,数据所有者无法对外包数据进行有效访问控制的问题,设计了支持身份认证、授权去重、权限更新等访问控制功能的密文去重系统。外包数据仅与授权用户去重,未授权用户无法获取数据信息;通过CP-ABE与ElGamal私钥的动态拆分更新数据的访问权限;使用自我控制对象封装用户数据及其访问策略,对数据访问者进行身份认证并确保访问控制策略有效执行。安全性分析与仿真实验表明,所提系统实现了数据访问控制且具有较高的执行效率。

关键词: 安全策略更新, 授权去重, 自我控制对象, 访问控制, 云数据安全

Abstract:

To solve the problem that convergent encryption was commonly used in existing encrypted deduplication systems in cloud storage and data owner couldn’t effectively enforce access control on their outsourced data,an encrypted deduplication system was proposed to support access control functions such as identity authentication,authorization deduplication and the update of access control policy.The outsourced data was only deduplicated with the authorized users,and the unauthorized users couldn’t obtain any data information.CP-ABE and the partition of the ElGamal private key were used to update the access control policy of data.Self-control objects was used to encapsulate user’s data and its access policy,providing authentication for data visitors and ensuring the access control policies enforced effectively.Security analysis and simulation results demonstrate that the proposed system enables data access control and executes efficiently.

Key words: update of security policy, authorized deduplication, self-control object, access control, cloud data security

中图分类号: 

No Suggested Reading articles found!