云存储环境下基于属性的访问控制方案设计

发布时间：2018-04-01 20:15

本文选题：云存储　切入点：CP-ABE　出处：《扬州大学》2017年硕士论文

【摘要】：云计算的发展越来越快,它可以提供用户更大范围的数据处理和共享能力,通过存储虚拟化整合不同的存储资源,用户可以通过单一的用户界面访问云中的数据资源,而不会显露底层基础设施的物理细节。用户仅仅通过网络连接电脑或者其他智能终端就可以访问云服务器端存储的数据。云计算是信息技术领域向集约化、规模化、规范化与专业化方向发展过程中取得的重要阶段性成果,被普遍认为是下一个重要的IT产业增长点。但随着云计算技术的不断发展和云计算服务的广泛应用,云计算也暴露出许多数据存储的安全问题,如何保证云服务器上用户存储数据的安全以及用户身份信息不被泄露,这些成为云计算服务首先需要解决的问题。云存储作为云计算中的一种重要的服务方式,用户作为云存储环境中随时可以加入或者离开的参与者,是随时变化的。因而,怎样实现云存储环境下对数据的访问控制,以及对用户拥有属性的方便安全的及时撤销,也是本文研究的研究重点。针对云计算中出现越来越多的云服务供应商(Cloud Service Provider,CSP)以及越来越多的用户群等特点,现有方案已经不能满足用户对数据在云存储中的安全性以及满足对数据跨域访问要求,基于多授权机构的密文策略基于属性加密(C iphertext-Po l icy Attribute-B ased Encryption,CP-ABE)的访问控制方法以及高效的属性撤销方法已成为云安全的研究重点。所以本文围绕的重点是云存储中基于多个属性授权(Attribute Authority,AA)的访问控制方法和高效的属性撤销方法进行研究,课题的主要研究内容归纳如下:1.针对云存储中多授权机构环境下数据跨域共享的安全问题和访问控制问题,给出了一种基于密文策略的多授权安全访问控制方法。使用多个授权机构,属性私钥的生成与中心认证机构(Central Authority,CA)分离,从而降低了由CA引入的安全风险。密文访问控制结构的定义与密钥组件的产生交由数据所有者(Date Owner,DO)与AA共同完成,有效预防了用户之间、AA与CA之间以及用户和AA之间的合谋攻击,并利用判定双线性Dif fie-Hellman(Decision Bilinear Diffie-Hellman,DBDH)假设理论分析了方案的安全性。2.针对于密文策略基于属性加密的访问控制方案中的属性撤销难问题,给出了一种云存储中基于密文策略的高效属性撤销方案,实现了安全、高效的属性撤销。采用非对称加密的方法实现数据加密,当撤销用户的属性时,授权生成新的属性组版本号密钥,交给云存储服务者再次加密密文,因此减少了数据所有者的计算成本。3.由于本方案不需要更新用户私钥,因而减少了算法运算复杂度。通过相应的理论分析和实验表明,该方法在用户属性发生撤销时数据安全性较高,此外该方法也在降低授权计算开销和网络通信开销方面做了相应的贡献。
[Abstract]:Cloud computing is growing faster and faster. It can provide users with a wider range of data processing and sharing capabilities, integrate different storage resources through storage virtualization, and allow users to access data resources in the cloud through a single user interface. Users can access the data stored on the cloud server just by connecting to their computers or other intelligent terminals. Cloud computing is the intensive and large-scale development of information technology. In the process of standardization and specialization, it is generally considered as the next important growth point of IT industry. However, with the continuous development of cloud computing technology and the wide application of cloud computing services, Cloud computing also exposes many security problems of data storage. How to ensure the security of user storage data and user identity information on cloud server is not disclosed. These become the first problems that cloud computing services need to solve. Cloud storage as an important service in cloud computing, users as participants in the cloud storage environment can join or leave at any time, is always changing. How to realize the access control of data in the cloud storage environment, and the convenient, safe and timely revocation of the user's properties, It is also the research focus of this paper. According to the characteristics of cloud computing, more and more cloud service providers, such as cloud Service provider (Service), and more and more users, The existing scheme can no longer satisfy the security of data in cloud storage and the requirement of cross-domain access to data. The ciphertext strategy based on multi-authorization organization (MAA) based on attribute encryption C iphertext-Po l icy Attribute-B ased encryption (CP-ABE) has become the focus of cloud security research, so the focus of this paper is on the base of cloud storage. The access control method and the efficient attribute revocation method of multiple attribute Authority-Allowance (AA) are studied. The main research contents are summarized as follows: 1. Aiming at the security problem and access control problem of data sharing across domains in multi-authorization organization environment in cloud storage, In this paper, a method of multi-authorization security access control based on ciphertext policy is presented. Using multiple authorization agencies, the generation of attribute private keys is separated from Central AuthorityCAs. The definition of ciphertext access control structure and the generation of key components are completed by data owner date owner DOO and AA. It effectively prevents collusion attacks between users and between CA and AA, and between users and AA. The security of the scheme is analyzed by using the theory of decision bilinear Dif fie-Hellman(Decision Bilinear Diffie-Hellman (DBDH). 2. Aiming at the problem of attribute revocation in the access control scheme based on attribute encryption in ciphertext policy, this paper discusses the problem of attribute revocation in access control scheme based on attribute encryption. This paper presents an efficient attribute revocation scheme based on ciphertext policy in cloud storage, which realizes secure and efficient attribute revocation. Asymmetric encryption is used to realize data encryption. Authorization to generate a new property group version number key to the cloud storage server to encrypt the ciphertext again, thus reducing the computational cost of the data owner .3. since the scheme does not need to update the user's private key, Therefore, the computational complexity of the algorithm is reduced. The theoretical analysis and experiments show that the method is more secure when the user attributes are revoked. In addition, the method also makes a corresponding contribution to reduce the overhead of authorized computing and network communication.
【学位授予单位】：扬州大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP309;TP333

【参考文献】