基于双重加密的敏感数据限时访问研究

发布时间：2018-03-28 01:19

本文选题：属性基加密　切入点：密文提取　出处：《电子科技大学学报》2017年03期

【摘要】：在云外包存储的背景下,针对外包存储中共享敏感数据的定时删除问题,提出基于双重加密的敏感数据限时访问方案。首先对称加密待共享的敏感数据文件,随后对加密后的文件进行随机分割提取,形成提取密文分量和封装密文分量;然后采用限时属性基加密算法对对称密钥和提取密文分量进行加密,生成访问控制对象;最后将访问控制对象同封装密文分量一同上传至云服务器。通过该方案,授权用户能够在限时属性基加密的访问时限窗口中解密访问控制对象,获取对称密钥和提取密文分量,并合成原始密文,恢复明文。访问时限窗口过期后,任何用户都无法属性基解密访问控制对象,获取对称密钥,恢复明文,从而实现敏感数据的定时删除。通过敌手攻击模型,分析并证明了该方案的安全性。
[Abstract]:Under the background of cloud outsourcing storage, aiming at the problem of timing deletion of shared sensitive data in outsourced storage, a time-limited access scheme of sensitive data based on double encryption is proposed. Firstly, the sensitive data files to be shared are encrypted symmetrically. Then the encrypted files are randomly partitioned and extracted to form the extracted ciphertext components and encapsulated ciphertext components, and then the symmetric key and the extracted ciphertext components are encrypted by the time-limited attribute base encryption algorithm to generate access control objects. Finally, the access control object is uploaded to the cloud server with the encapsulated ciphertext component. With this scheme, the user can decrypt the access control object in the access time window encrypted by the time-limited attribute base, obtain the symmetric key and extract the ciphertext component. After the expiration of the access time window, no user can decrypt the access control object, obtain the symmetric key, restore the plaintext, and realize the timing deletion of sensitive data. The security of the scheme is analyzed and proved.
【作者单位】：电子科技大学信息与软件工程学院;
【基金】：国家自然科学基金(61520106007)
【分类号】：TP399

【参考文献】