云存储下多用户协同访问控制方案

doi:10.11959/j.issn.1000-436x.2016010

Abstract

Abstract:

CP-ABE was considered as one of most suitable methods of access control in cloud storage. However, it was just fit for reading or modifying different data files respectively. When CP-ABE was applied directly to data access collaborative control by multiple users, there would be such problems as data being modified disorderly.When multiple users access collaboratively the data stored on the cloud, legitimate users should modify the same ciphertext file orderly on the premise of confidentiality and collusion-resistance and the copies of ciphertext file should be generated as few as possible. Two multi-user collaborative access control schemes MCA-F and MCA-B for the file and its logical blocks each were proposed. The MCA-F scheme meets the requirement of access control in which the minimal granularity of control is a single data file. In MCA-F scheme, hierarchical encryption is adopted,a part of decrypting computation is transferred to a cloud server to decrease the computational cost on users when decrypting.In allusion to the simultaneous write-data access control of multiple users, a method is designed to manage semi-stored modified data submitted by menders. The MCA-B scheme is used for the access control in which a logical block of the file is the minimal granularity of control. This scheme designs a mechanism of logical blocking of the file and a representing method based on index matrix, and the representation of sub data mask is put forward to describe write permission of multiple users on different logical blocks of the same file. MCA-B scheme supports the dynamic change of the structure of logical blocks of the file, and the owners or menders do not need to be online always. Compared with the existing schemes, not only do proposed schemes provide multi-user collaborative access control in cloud storage, but also the client storage of reading access control and the computation of encrypting and decrypting are both lesser.

Key words: cloud storage, access control, attribute-based encryption, multi-user collaborative access

li SHIJiao,he HUANGChuan,Jing WANG,yu QINKuang,Kai HE. Multi-user collaborative access control scheme in cloud storage[J]. Journal on Communications, 2016, 37(1): 88-99.

Figures/Tables 6

方案	AA_k	Cloud	Owner	Mender
文献[10]方案	$(n_{a, k} + 3) \| p \|$	$(3 + 3 t_{r}) \| p \|$	$(2 N_{A} + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	－
文献[11]方案	$(n_{a, k} + 3) \| p \|$	$(3 + 3 t_{r}) \| p \|$	$(3 N_{A} + 1 + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	－
本文方案1 (MCA-F)	$(n_{a, k} + 3 + n_{u_{t}, k}) \| p \|$	$(4 + 2 t_{r} + 2 t_{w}) \| p \| + (1 + n_{m e n d e r}) L$	$(1 + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	$(2 + 2 \sum_{k = 1}^{N_{A}} n_{a, k, u_{t}}) \| p \|$
本文方案2 (MCA-B)	$(n_{a, k} + 3 + n_{u_{t}, k}) \| p \|$	$(4 + 2 t_{r} + 2 t_{w}) \| p \| + L + n (2 + 2 \sum t_{n}^{i}) \| p \| + \sum_{m e n d e r = 1}^{N} \sum_{p = 1}^{M} L_{p}^{m e n d e r}$	$(1 + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	$(2 + 2 \sum_{k = 1}^{N_{A}} n_{a, k, u_{t}}) \| p \|$

方案	EncryptRead算法(Owner上)	DecryptRead算法(Cloud上)	DecryptRead算法(Mender/User上)	Verify算法(Cloud上)	VerifyPart算法(Cloud上)
文献[10]方案	(2+2t_r)exp	0	(k+logt)exp+(2k+1)pairing	—	—
文献[11]方案	(3+6t_r)exp	$N_{A} ((\sum_{k = 1}^{I_{A_{k}}} (3 p a i r i n g + \exp)) + 2 p a i r i n g)$	exp	—	—
本文方案1 (MCA-F)	(2+2t_r)exp	(k+logt_r )exp+(2k)pairing	exp+ pairing	(k+logt_w+1)exp+(2k)pairing	—
本文方案2 (MCA-B)	(2+2t_r)exp	(k+logt_r )exp+(2k)pairing	exp+ pairing	—	(k+logt_p+1)exp+(2k)pairing

References 17

[1]	SAHAI A , WATERS B . Fuzzy identity-based encryp-tion[C]// Advances in Cryptology - Eurocrypt 2005. Springer, Berlin Heidelberg, c2005:457-473.
[2]	GOYAL O P V , SAHAI A , WATERS B . Attribute based encryption for fine-grained access conrol of encrypted data[C]// 13th ACM Confe-rence on Computer and Communications Security. Alexandria, c2006:89-98.
[3]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// IEEE Symposium on Security and Pri-vacy. California,IEEE, c2007:321-334.
[4]	LEWKO A , OKAMOTO T , SAHAI A , et al. Fully secure functional. encryption: attribute-based encryption and (hierarchical) inner product encryption[C]// Advances in Cryptology EUROCRYPT 2010. Springer, Berlin Heidelberg, c2010:62-91.
[5]	DENG H , WU Q , QIN B . Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts[J]. Information Sciences, 2014,275(8): 370-384.
[6]	LI M , YU S C , ZHENG Y . Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption[J]. IEEE Transactions on Parallel and Distributed Systems, 2013,24(1): 131-143.
[7]	FERRARA A L , FUCHSBAUER G , WARINSCHI B . Cryptographi-cally Enforced RBAC[C]// IEEE 26th Computer Security Foundations Symposium (CSF).Louisiana,IEEE, c2013:115-129.
[8]	ZHAO F , NISHIDE T , SAKURAI K . Realizing fine-grained and flexible access control to outsourced data with attribute-based crypto-systems[C]// IInformation Security Practice and Experience. Springer, Berlin Heidelberg, c2011:83-97.
[9]	RUJ S , STOJMENOVIC M , NAYAK A . Decentralized access control with anonymous authentication of data stored in clouds[J]. IEEE Trans-actions on Parallel and Distributed Systems, 2014,25(2): 384-394.
[10]	HUR J , KANG K . Secure data retrieval for decentralized disrup-tion-tolerant military networks[J]. IEEE/ACM Transactions o Net-working, 2014,(22):16-26.
[11]	YANG K , JIA X H , REN K , et al. DAC-MACS: effective data access control for multi-authority cloud storage systems[C]// INFOCOM 2013. Turin,IEEE, c2013:2895-2903.
[12]	YANG K , JIA X , REN K . Enabling efficient access contro with dy-namic policy updating for big data in the cloud[C]// INFOCOM 2014. Toronto,IEEE, c2014:2013-2021.
[13]	HERRANZ J , RUIZ A , SáEZ G . New results and applications for multi-secret sharing schemes[J]. Designs, Codes and Cryptography, 2013,73(3): 841-864.
[14]	LEWKO A , WATERS B . New proof methods for attribute-based encryption: achieving full security through selective techniques[C]// Advances in Cryptology CRYPTO 2012. California: Springer, c2012:180-198.
[15]	郭树行，张禹．基于动态情景网关的系统协同访问控制模型[J]. 通信学报, 2013,34(Z1):142-147. GUO S X , ZHANG Y . Dynamic situation gateway based system co-operations access gated model[J]. Journal on Communications, 2013,34(Z1):142-147.
[16]	林果园，贺珊，黄皓．基于行为的云计算访问控制安全模型[J]. 通信学报, 2012,33(3):59-66. LIN G Y , HZ S ， HUANG H . Access control security model based on behavior in clond computing environment[J]. Journd on Communica-tions, 2012,33(3):59-66.
[17]	SHI J L , et al. An access control scheme with direct cloud-aided attribute revocation using version key[C]// ICA3PP 2014. Dalian, Springer International Publishing, c2014:429-442.

Metrics

Recommended 0

No Suggested Reading articles found!

符号	说明
I_k	授权机构AA_k管理的属性集合
PK _Ak	授权机构AA_k的公钥
SK_Ak	授权机构AA_k的私钥
GSKu	用户u_t的全局私钥
SK_{u k}	授权机构AA_k发行给用户u_t的属性私钥
( ?D_j ,D_j )	属性私钥SK_{u k}中的一部分
Key_sym	用来加解密数据文件的对称密钥

方案	AA_k	Cloud	Owner	Mender
文献[10]方案	$(n_{a, k} + 3) \| p \|$	$(3 + 3 t_{r}) \| p \|$	$(2 N_{A} + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	－
文献[11]方案	$(n_{a, k} + 3) \| p \|$	$(3 + 3 t_{r}) \| p \|$	$(3 N_{A} + 1 + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	－
本文方案1 (MCA-F)	$(n_{a, k} + 3 + n_{u_{t}, k}) \| p \|$	$(4 + 2 t_{r} + 2 t_{w}) \| p \| + (1 + n_{m e n d e r}) L$	$(1 + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	$(2 + 2 \sum_{k = 1}^{N_{A}} n_{a, k, u_{t}}) \| p \|$
本文方案2 (MCA-B)	$(n_{a, k} + 3 + n_{u_{t}, k}) \| p \|$	$(4 + 2 t_{r} + 2 t_{w}) \| p \| + L + n (2 + 2 \sum t_{n}^{i}) \| p \| + \sum_{m e n d e r = 1}^{N} \sum_{p = 1}^{M} L_{p}^{m e n d e r}$	$(1 + \sum_{k = 1}^{N_{A}} n_{a, k}) \| p \|$	$(2 + 2 \sum_{k = 1}^{N_{A}} n_{a, k, u_{t}}) \| p \|$

Multi-user collaborative access control scheme in cloud storage

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 17

Related Articles 15

Metrics

Recommended 0

[1]	Xuejiao LIU, Tiancong CAO, Yingjie XIA. Research on efficient and secure cross-domain data sharing of IoV under blockchain architecture [J]. Journal on Communications, 2023, 44(3): 186-197.
[2]	Yiliang HAN, Kaiyang GUO, Riming WU, Kai LIU. Attribute-based encryption scheme against key abuse based on OBDD access structure from lattice [J]. Journal on Communications, 2023, 44(1): 75-88.
[3]	Wei JIN, Fenghua LI, Mingjie YU, Yunchuan GUO, Ziyan ZHOU, Liang FANG. HDFS-oriented cryptographic key resource control mechanism [J]. Journal on Communications, 2022, 43(9): 27-41.
[4]	Guanxiong HA, Qiaowen JIA, Hang CHEN, Chunfu JIA. Data popularity-based encrypted deduplication scheme without third-party servers [J]. Journal on Communications, 2022, 43(8): 17-29.
[5]	Ruizhong DU, Tianhe ZHANG, Pengliang SHI. Ciphertext policy hidden access control scheme based on blockchain and supporting data sharing [J]. Journal on Communications, 2022, 43(6): 168-178.
[6]	Xinchun YIN, Mengyu WANG, Jianting NING. Lightweight searchable medical data sharing scheme [J]. Journal on Communications, 2022, 43(5): 110-122.
[7]	Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing [J]. Journal on Communications, 2021, 42(8): 139-150.
[8]	Changgen PENG, Zongfeng PENG, Hongfa DING, Youliang TIAN, Rongfei LIU. Attribute-based revocable collaborative access control scheme [J]. Journal on Communications, 2021, 42(5): 75-86.
[9]	Zuobin YING, Yuanping SI, Jianfeng MA, Ximeng LIU. Blockchain-based distributed EHR fine-grained traceability scheme [J]. Journal on Communications, 2021, 42(5): 205-215.
[10]	Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing [J]. Journal on Communications, 2021, 42(3): 160-170.
[11]	Tao FENG, Fanqi KONG, Chunyan LIU, Rong MA, Albettar Maher. Dual verifiable cloud storage scheme based on blockchain [J]. Journal on Communications, 2021, 42(12): 192-201.
[12]	Chunfu JIA, Guanxiong HA, Shaoqiang WU, Hang CHEN, Ruiqi LI. AONT-and-NTRU-based rekeying scheme for encrypted deduplication [J]. Journal on Communications, 2021, 42(10): 67-80.
[13]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[14]	Tianyi ZHU,Fenghua LI,Wei JIN,Yunchuan GUO,Liang FANG,Lin CHENG. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy [J]. Journal on Communications, 2020, 41(9): 29-48.
[15]	Qinglei ZHOU,Shaohuan BAN,Yingjie HAN,Feng FENG. Mimic defense authentication method for physical access control [J]. Journal on Communications, 2020, 41(6): 80-87.