面向云存储的基于属性加密的多授权中心访问控制方案

doi:10.11959/j.issn.1000-436x.2015142

Abstract

Abstract:

The existing attribute-based encryption access control studies are mostly based on single authority,and this scheme is apt to be under attack to cause exposure of secret keys.Thus,a multi-authority access control model PRM-CSAC is proposed.Based on CP-ABE method,a multi-authority attribute-based encryption scheme is designed to improve security level.Minimized attribute grouping algorithm is designed to distribute keys to users according to needs,which can reduce unnecessary attribute key distribution and decrease the amount of re-encryption attributes.The read and write attribute are added to strengthen the control of owners.The analysis shows that the proposed scheme can meet the security requirement of access control in cloud,and it also has less response time and system cost.

Key words: cloud storage, multi-authority, access control, CP-ABE

Zhi-tao GUAN,Ting-ting YANG,Ru-zhi XU,Zhu-xiao WANG. Multi-authority attribute-based encryption access control model for cloud storage[J]. Journal on Communications, 2015, 36(6): 116-126.

Figures/Tables 11

References 19

[1]	李瑞轩, 董新华, 辜希武等. 移动云服务的数据安全与隐私保护综述[J]. 通信学报, 2013,34(12): 159-166. LI R X , DONG X H , GU X W ,et al. Overview of the data security and privacy preserving of mobile cloud services[J]. Journal on Communications, 2013,34(12): 159-166.
[2]	冯登国, 张敏, 张妍等. 云计算安全研究[J]. 软件学报, 2011,22(1): 71-83. FENG D G , ZHANG M , ZHANG Y ,et al. Study on cloud computing security[J]. Journal of Software, 2011,22(1): 71-83.
[3]	SHAMIR A . Identity-based cryptosystems and signature schemes[A]. Advances in Cryptology[C]. Springer, 1985. 47-53.
[4]	SAHAI A , WATERS B . Fuzzy identity-based encryption[A]. Advances in Cryptology–EUROCRYPT 2005[C]. 2005. 557-557.
[5]	GOYAL V , PANDEY O , SAHAI A ,et al. Attribute-based encryption for fine grained access control of encrypted data[A]. CCS[C]. 2006. 89-98.
[6]	苏金树, 曹丹, 王小峰 . 等属性基加密机制[J]. 软件学报, 2011,22(6): 1299-1315. SU J S , CAO D , WANG X F ,et al. Attribute-based encryption schemes[J]. Journal of Software, 2011,22(6): 1299-1315.
[7]	YU S,WANG C , REN K , LOU W . Achieving secure,scalable,and fine-grained data access control in cloud computing[A]. IEEE INFOCOM[C]. 2010. 1-9.
[8]	俞能海, 郝卓, 徐甲甲 . 等云安全研究进展综述[J]. 电子学报, 2013,41(2): 371-381. YU N H , HAO Z , XU J J ,et al. Review of cloud computing security[J]. Acta Electronica Sinica, 2013,41(2): 371-381.
[9]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[A]. IEEE S;P 2007. 321-334.
[10]	WANG G J , LIU Q , WU J . Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[A]. CCS[C]. 2010. 735-737.
[11]	CHASE M . Multi-authority attribute based encryption[A]. Theory of Cryptography[C]. 2007. 515-534.
[12]	CHASE M , CHOW S . Improving privacy and security in multi- authority attribute based encryption[A]. CCS[C]. 2009. 121-130.
[13]	LI M , YU S C , ZHENG Y ,et al. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption[J]. IEEE Transactions on Parallel and Distributed Systems, 2013,24(1): 131-143.
[14]	JUNG T,LI X , WAN Z , WAN M . Privacy preserving cloud data access with multi-authorities[A]. IEEE INFOCOM[C]. 2013. 2625-2833.
[15]	BLAZE M , BLEUMER G , STRAUSS M . Divertible protocols and atomic proxy cryptography[A]. Proc of EUROCRYPT[C]. 1998. 127-144.
[16]	DAN B , MATTHEW K F . Identity-based encryption from the Weil pairing[A]. Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology[C]. 2001. 213-229.
[17]	BEIMEL A . Secure Schemes for Secret Sharing and Key Distribution[D]. Haifa,Israel,Israel Institute of Technology, 1996.
[18]	洪澄, 张敏, 冯登国 . AB-ACCS：一种云存储密文访问控制方法[J]. 计算机研究与发展, 2010,47(z1): 259-265. HONG C , ZHANG M , FENG D G . A cryptographic access control scheme for cloud storage[J]. Journal of Computer Research and Development, 2010,47(z1): 259-265.
[19]	IMERCATI S D C , FORESTI S , JAJODIA S ,et al. Over-encryption:management of access control evolution on outsourced data[A]. Proc of VLDB’07[C]. 2007. 123-134.

Metrics

Recommended 0

No Suggested Reading articles found!

符号	说明
PK,MK	Public Key 公钥,Master Key 主密钥
SK,RKVer_ij,Ver_F1kAtti，Atti₁T,LT	用户私钥,重加密密钥属性i的版本号j，文件File1的版本号k属性名i，属性名i的第1个候选属性值树形访问结构，访问树T的叶子节点集合
v=Att(x)	T中的叶子节点x对应的属性值v
AMS	属性管理服务器
CS	云服务器
AA	属性授权中心
M→CT	明文M加密后形成密文CT
δ_O.F	Owner对文件File的权限签名

Owner	Group	Ver	Attributes
	Group1	Ver_G11	Att1,Att2
	Group2	Ver_G21	Att3
Owner1	Group3	Ver_G31	Att6
	Group4	Ver_G41	Att4,Att5
	Group5	—	Read/Read,Write

Owner	Group	Ver	Attributes	AA	PK
	Group1	Ver_G11	Att1,Att2	AA₁	PK_AA1
	Group2	Ver_G21	Att3	AA₂	PK_AA2
	Group3	Ver_G31	Att6	AA₃	PK_AA3
	Group4	Ver_G41	Att4,Att5	AA₄	PK_AA4
Owner1	GroupRW	—	AttR,AttW	R/WA	PK_R/WA

Multi-authority attribute-based encryption access control model for cloud storage

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 19

Related Articles 15

Metrics

Recommended 0

[1]	Wei JIN, Fenghua LI, Mingjie YU, Yunchuan GUO, Ziyan ZHOU, Liang FANG. HDFS-oriented cryptographic key resource control mechanism [J]. Journal on Communications, 2022, 43(9): 27-41.
[2]	Guanxiong HA, Qiaowen JIA, Hang CHEN, Chunfu JIA. Data popularity-based encrypted deduplication scheme without third-party servers [J]. Journal on Communications, 2022, 43(8): 17-29.
[3]	Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing [J]. Journal on Communications, 2021, 42(8): 139-150.
[4]	Changgen PENG, Zongfeng PENG, Hongfa DING, Youliang TIAN, Rongfei LIU. Attribute-based revocable collaborative access control scheme [J]. Journal on Communications, 2021, 42(5): 75-86.
[5]	Zuobin YING, Yuanping SI, Jianfeng MA, Ximeng LIU. Blockchain-based distributed EHR fine-grained traceability scheme [J]. Journal on Communications, 2021, 42(5): 205-215.
[6]	Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing [J]. Journal on Communications, 2021, 42(3): 160-170.
[7]	Fei TANG, Jiali BAO, Yonghong HUANG, Dong HUANG, Huili WANG. Multi-authority attribute-based identification scheme [J]. Journal on Communications, 2021, 42(3): 220-228.
[8]	Tao FENG, Fanqi KONG, Chunyan LIU, Rong MA, Albettar Maher. Dual verifiable cloud storage scheme based on blockchain [J]. Journal on Communications, 2021, 42(12): 192-201.
[9]	Chunfu JIA, Guanxiong HA, Shaoqiang WU, Hang CHEN, Ruiqi LI. AONT-and-NTRU-based rekeying scheme for encrypted deduplication [J]. Journal on Communications, 2021, 42(10): 67-80.
[10]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[11]	Tianyi ZHU,Fenghua LI,Wei JIN,Yunchuan GUO,Liang FANG,Lin CHENG. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy [J]. Journal on Communications, 2020, 41(9): 29-48.
[12]	Qinglei ZHOU,Shaohuan BAN,Yingjie HAN,Feng FENG. Mimic defense authentication method for physical access control [J]. Journal on Communications, 2020, 41(6): 80-87.
[13]	Chunfu JIA,Guanxiong HA,Ruiqi LI. Data access control policy of encrypted deduplication system [J]. Journal on Communications, 2020, 41(5): 72-83.
[14]	Yonggui FU,Jianming ZHU. Design for database access control mechanism based on blockchain [J]. Journal on Communications, 2020, 41(5): 130-140.
[15]	Zheng GUAN,Lei XIONG,Yao JIA,Min HE,Zhijun YANG. Research on scheduled WLAN MAC protocol with failure retries on RoF-DAS architecture [J]. Journal on Communications, 2020, 41(3): 102-111.