云环境下支持属性撤销的访问控制研究
发布时间:2018-11-07 20:06
【摘要】:随着云计算的普及,越来越多的用户将自己的敏感数据外包到云服务器上.云服务器负责管理和维护所存储的数据,并提供用户所需要的服务.通过外包数据到云服务器上,用户能够享受到高质量的数据存储服务.另外,,其他用户也可以申请访问存储在云服务器上的数据.这样,不同的用户间能够达到彼此共享数据的目的.然而,在云环境下用户不能完全信任云服务器.此外,用户希望其他的非法用户无法访问自己所存储的数据.因此,在数据共享时,如何建立一种安全的访问控制机制成为亟待解决的难题.访问控制技术允许合法用户成功访问所需要的数据.并且,鉴于用户频繁地变更,需要提出一种支持用户和属性撤销的访问控制方案.本文的主要工作有以下几个方面: 1.研究了现有的各种基于属性的加密方案,总结了现有方案的不足,我们所关注的不足之处主要在于属性撤销时的效率问题,同时也包括方案其他方面的不足. 2.基于诚实但好奇的服务器(honest-but-curious)模型,提出一种高效的支持属性和用户撤销的访问控制方案.该方案不仅在加密时效率高,并且在密钥更新时也更加高效.通过严格的安全性分析,证明了提出的方案在诚实但好奇的服务器模型下是安全的并且可以高效地实现属性和用户撤销.对方案进行了效率分析,结果表明我们的方案是高效的. 3.基于上述属性撤销方案,我们提到了另外一种服务器形式的属性撤销问题.因此,在所定义的新的服务器模型下,为了解决服务器与用户勾结的问题,提出了一种方案,这个方案能够解决共谋攻击.
[Abstract]:With the popularity of cloud computing, more and more users outsource their sensitive data to cloud servers. The cloud server is responsible for managing and maintaining the stored data and providing the services required by the user. By outsourcing data to cloud servers, users can enjoy high-quality data storage services. In addition, other users can apply for access to the data stored on the cloud server. In this way, different users can achieve the purpose of sharing data with each other. However, in a cloud environment, users cannot fully trust the cloud server. In addition, users want other illegal users to have no access to their stored data. Therefore, in data sharing, how to establish a secure access control mechanism becomes an urgent problem. Access control technology allows legitimate users to access the required data successfully. Moreover, in view of the frequent changes of users, an access control scheme supporting user and attribute revocation is proposed. The main work of this paper is as follows: 1. This paper studies all kinds of existing attribute-based encryption schemes, summarizes the shortcomings of the existing schemes, and focuses on the efficiency of attribute revocation, as well as the shortcomings of other aspects of the scheme. 2. Based on the honest but curious server (honest-but-curious) model, an efficient access control scheme supporting attribute and user revocation is proposed. This scheme is not only efficient in encryption, but also more efficient in key updating. Through strict security analysis, it is proved that the proposed scheme is secure under the honest but curious server model and can efficiently realize attribute and user revocation. The efficiency of the scheme is analyzed and the results show that our scheme is efficient. 3. Based on the above attribute revocation scheme, we refer to another kind of server property revocation problem. Therefore, in order to solve the problem of collusion between server and user under the new server model, a scheme is proposed, which can solve the collusion attack.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP309.7
本文编号:2317434
[Abstract]:With the popularity of cloud computing, more and more users outsource their sensitive data to cloud servers. The cloud server is responsible for managing and maintaining the stored data and providing the services required by the user. By outsourcing data to cloud servers, users can enjoy high-quality data storage services. In addition, other users can apply for access to the data stored on the cloud server. In this way, different users can achieve the purpose of sharing data with each other. However, in a cloud environment, users cannot fully trust the cloud server. In addition, users want other illegal users to have no access to their stored data. Therefore, in data sharing, how to establish a secure access control mechanism becomes an urgent problem. Access control technology allows legitimate users to access the required data successfully. Moreover, in view of the frequent changes of users, an access control scheme supporting user and attribute revocation is proposed. The main work of this paper is as follows: 1. This paper studies all kinds of existing attribute-based encryption schemes, summarizes the shortcomings of the existing schemes, and focuses on the efficiency of attribute revocation, as well as the shortcomings of other aspects of the scheme. 2. Based on the honest but curious server (honest-but-curious) model, an efficient access control scheme supporting attribute and user revocation is proposed. This scheme is not only efficient in encryption, but also more efficient in key updating. Through strict security analysis, it is proved that the proposed scheme is secure under the honest but curious server model and can efficiently realize attribute and user revocation. The efficiency of the scheme is analyzed and the results show that our scheme is efficient. 3. Based on the above attribute revocation scheme, we refer to another kind of server property revocation problem. Therefore, in order to solve the problem of collusion between server and user under the new server model, a scheme is proposed, which can solve the collusion attack.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP309.7
【参考文献】
相关期刊论文 前2条
1 沈昌祥;张焕国;冯登国;曹珍富;黄继武;;信息安全综述[J];中国科学(E辑:信息科学);2007年02期
2 吕志泉;张敏;冯登国;;云存储密文访问控制方案[J];计算机科学与探索;2011年09期
本文编号:2317434
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2317434.html
