面向云存储的安全密文访问控制方案
发布时间:2018-11-07 21:04
【摘要】:存储在云端服务器中的敏感数据的保密和安全访问是云存储安全研究的重要内容。针对真实的云存储环境中云服务提供商不可信的情况,采用基于属性的加密算法,提出了一种安全、高效、细粒度的云存储密文访问控制方案。与现有方案相比,该方案在用户撤销时,通过引入广播加密技术,使得撤销用户即使和云服务提供商共谋,也不能对私钥进行更新,保证了数据的安全性;方案将大部分密文重加密和用户私钥更新工作转移给云服务提供商执行,在保证安全性的前提下,降低了数据属主的计算代价;另外该方案还可支持多用户的同时撤销。最后分析了方案的安全性和计算复杂性,并测试了用户撤销时的运行效率。
[Abstract]:The security and security access of sensitive data stored in cloud server is an important part of cloud storage security research. Aiming at the situation that cloud service provider is not trusted in real cloud storage environment, a secure, efficient and fine-grained access control scheme of cloud storage ciphertext is proposed by using attribute based encryption algorithm. Compared with the existing scheme, the scheme can not update the private key even if it is colluded with the cloud service provider by introducing broadcast encryption technology to ensure the security of the data. The scheme transfers most of the ciphertext reencryption and private key update work to the cloud service provider, which reduces the computing cost of the data master on the premise of ensuring security. In addition, the scheme can also support multi-user revocation at the same time. Finally, the security and computational complexity of the scheme are analyzed, and the running efficiency of user revocation is tested.
【作者单位】: 南京邮电大学计算机学院;
【基金】:国家重点基础研究发展计划(973计划)(2011CB302903) 国家自然科学基金(61272084) 江苏省自然科学基金(BK2009426)资助项目
【分类号】:TP393.08
本文编号:2317565
[Abstract]:The security and security access of sensitive data stored in cloud server is an important part of cloud storage security research. Aiming at the situation that cloud service provider is not trusted in real cloud storage environment, a secure, efficient and fine-grained access control scheme of cloud storage ciphertext is proposed by using attribute based encryption algorithm. Compared with the existing scheme, the scheme can not update the private key even if it is colluded with the cloud service provider by introducing broadcast encryption technology to ensure the security of the data. The scheme transfers most of the ciphertext reencryption and private key update work to the cloud service provider, which reduces the computing cost of the data master on the premise of ensuring security. In addition, the scheme can also support multi-user revocation at the same time. Finally, the security and computational complexity of the scheme are analyzed, and the running efficiency of user revocation is tested.
【作者单位】: 南京邮电大学计算机学院;
【基金】:国家重点基础研究发展计划(973计划)(2011CB302903) 国家自然科学基金(61272084) 江苏省自然科学基金(BK2009426)资助项目
【分类号】:TP393.08
【相似文献】
相关期刊论文 前10条
1 尹帮治;;一种新的网站用户登录验证方案[J];微型电脑应用;2008年10期
2 ;[J];;年期
3 ;[J];;年期
4 ;[J];;年期
5 ;[J];;年期
6 ;[J];;年期
7 ;[J];;年期
8 ;[J];;年期
9 ;[J];;年期
10 ;[J];;年期
,本文编号:2317565
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2317565.html
