MA-ABE云存储访问控制策略研究

发布时间：2018-06-01 16:03

本文选题：属性加密 + 多授权中心　；参考：《兰州理工大学》2013年硕士论文

【摘要】：近几年来,云计算已经从以前的新兴技术发展成为当今的热点技术,这是一种全新的计算模型,它能将互联的大规模计算存储资源进行有效地整合,并把计算存储资源以服务的形式提供给用户。用户可以利用互联网络按需随时访问虚拟计算机和存储系统,而不需考虑复杂庞大的底层实现和管理方法,大大降低了企业的实现难度与硬件投入。随着国内外云计算应用及研究的不断发展,用户与云计算平台之间大量的数据交互,数据的传输和存储都面临巨大安全威胁,成为云计算安全中急需解决的一个重要问题。如何高效安全地实现云端大量存储数据的访问控制,成为了云计算技术研究的重点课题之一。本文先介绍了云计算的相关概念和基础知识,讨论了在实际应用中制约云计算发展的云存储数据访问控制的安全问题,即如何高效安全地实现云存储数据的访问控制,进而提出云数据存储的安全解决方案。为了达到云存储数据访问控制的灵活性、细粒度性、可扩展性、保密性、动态性,我们使用了多授权中心的属性加密(multi-authority attribute-based encryption,MA-ABE)机制和代理重加密技术。在现有的云存储属性机密方案中,密钥管理任务繁重,单授权中心安全性脆弱,要么没有加入随机化参数产生合谋攻击威胁,要么不能实时撤销用户产生重放攻击威胁,为此我们在前人研究的基础上,提出了一种安全有效的基于MA-ABE的云存储访问控制策略,并详细给出了MA-ABE算法和云存储访问控制实现过程,该方案把数据文件分为“数据头”和“数据正文”两部分,极大地提高了云存储数据资源的安全性,能更有效的支持多用户、多属主的复杂场景,更加符合实际的云存储环境。最后我们在随机预言机模型中,证明了本方案是语义安全的；同时对方案的效率进行了详细分析,通过与现有的文献对比,表明我们的方案具有更高的安全性、灵活性、细粒度性、可扩展性、动态性,更适合于云存储中较大规模数据的访问控制,不会因为数据的增大而影响计算复杂度。
[Abstract]:In recent years, cloud computing has developed from the former emerging technology to the current hot technology, this is a new computing model, it can connect large-scale computing storage resources for effective integration, The computing storage resource is provided to the user in the form of service. Users can use the Internet to access virtual computers and storage systems on demand at any time, without considering the complex and huge implementation and management methods, which greatly reduces the implementation difficulty and hardware investment of enterprises. With the continuous development of cloud computing applications and research at home and abroad, a large number of data interaction between users and cloud computing platform, data transmission and storage are facing a huge security threat, which has become an important issue in cloud computing security. How to realize the access control of cloud storage data efficiently and safely has become one of the key research topics of cloud computing technology. This paper first introduces the related concepts and basic knowledge of cloud computing, and discusses the security problem of cloud storage data access control which restricts the development of cloud computing in practical applications, that is, how to implement cloud storage data access control efficiently and safely. Furthermore, a security solution for cloud data storage is proposed. In order to achieve the flexibility, fine granularity, scalability, confidentiality and dynamics of cloud storage data access control, we use the attribute encryption multi-authority attribute-based encryption mechanism of multi-authorization center and agent reencryption technology. In the existing cloud storage attribute secret scheme, the task of key management is heavy, the security of single authorization center is fragile, either the randomization parameter is not added to create collusion attack threat, or the threat of replay attack can not be revoked in real time. On the basis of previous research, we propose a safe and effective cloud storage access control strategy based on MA-ABE, and give the MA-ABE algorithm and the implementation process of cloud storage access control in detail. The scheme divides the data file into two parts: "data head" and "data body", which greatly improves the security of cloud storage data resources, supports multi-user and multi-host complex scenarios more effectively, and conforms to the actual cloud storage environment. Finally, in the random oracle model, we prove that the scheme is semantically secure, and at the same time, the efficiency of the scheme is analyzed in detail, and compared with the existing literature, it shows that our scheme has higher security and flexibility. Fine-grained, extensible and dynamic, it is more suitable for the access control of large scale data in cloud storage, and will not affect the computational complexity because of the increase of data.
【学位授予单位】：兰州理工大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP333;TP309

【参考文献】