云外包数据安全共享的等级密钥管理与属性基加密方法研究
发布时间:2018-08-05 09:58
【摘要】:随着数据量的爆炸性增长,数据存储问题变得愈加独立与棘手。云计算中的存储服务正是迎合了这一市场契机,向资源有限的多租户提供数据的外包存储解决方案。在云存储中,用户将数据存储在远程云服务器上,并由云服务提供商对其进行操作处理。然而,云服务提供商受利益的驱使会在半可信模式或者恶意模式下工作。这就使得用户在外包存储时迫切希望云存储系统能够具有隐私保护的功能,以防止外包数据的非授权共享。因此,如何实现多个用户在云存储模式下进行高效灵活的数据安全共享变成了一个亟待解决的问题。本文从密文域访问控制中的等级密钥管理和属性基加密两种方法对上述问题展开研究,主要取得了如下研究成果:(1)针对用户共享权限动态变化的云外包数据细粒度共享问题,多权利群组密钥管理和等级密钥管理都需要数据拥有者自己更新系统中的某些公开参数。除此之外,基于等级密钥管理的解决方案还要求数据拥有者通过安全信道与涉及到的各个访问群组中用户进行一对一通信。一旦访问群组的等级结构较为复杂且涉及到的用户数目较多,这一更新过程会有单点失败的风险。为了避免这一缺陷,我们提出了一个面向外包数据共享的自主型等级密钥管理方案。该方案融合了多权利群组密钥管理和等级密钥管理各自设计上的优势。其主要特征是数据拥有者只通过系统公开参数对各个访问群组的等级结构进行管理。而各个访问群组中的用户以基于多线性映射的群组密钥协商方式获得所在群组对应的对称加密密钥。一旦发生用户共享权限的动态变化,数据拥有者和相应的高等级访问群组中用户均可以为涉及到的低等级访问群组中用户发布更新信息。获得这更新信息后,这些低等级访问群组中用户可以自主计算所在群组对应的新的对称加密密钥。(2)目前,安全且具有直接密钥派生的等级密钥管理方案需要对系统中的公开信息进行加密处理。这会增加系统建立与动态密钥管理的计算开销。通过使用线性几何中向量内积处理群组间的等级结构,我们给出了一个基于等级密钥管理的云外包数据安全共享解决方案。在该方案中,数据拥有者为每个访问群组公开一个向量,且所有向量组成的矩阵是系统的主要公开参数。与此同时,数据拥有者为各个用户分配所在群组对应的私有信息。通过该私有信息,访问群组中的用户能够计算出所在群组对应的私有向量。再计算这个私钥向量与所在群组对应的公开向量的内积,访问群组中的用户便可获得所在群组对应的对称加密密钥。如果两个访问群组不具有等级关系,则与它们相关联的向量会存在正交性,也就是向量内积为零。如果这两个访问群组具有等级关系,则高等级访问群组的私有向量与低等级访问群组的公开向量的内积对应一个间接密钥。利用该间接密钥,高等级访问群组中的用户可以获得低等级访问群组对应的对称加密密钥。在动态共享权限对应的密钥管理方面,数据拥有者只需要更新系统中的公开矩阵即可。通过安全性分析和仿真实验结果,我们可以看出该方案是安全且高效的。(3)面对多授权中心的云存储系统,我们提出了一个双因素的外包数据共享解决方案。该方案集成了身份基加密与密文策略的属性基加密两种技术。一个用户能够获取到数据拥有者的共享数据,除了其拥有的属性集合满足密文中的访问控制策略以外,还要求该用户从数据拥有者那里获得了授权密钥。另外,我们提出的方案还具有固定密文长度这一性质。利用云服务器辅助性重加密技术,该方案实现了双层撤销机制:属性授权中心对应的属性层撤销和数据拥有者对应的用户层撤销。并且,撤销过程是在公开信道下完成的,能够抵抗撤销用户的信道窃听攻击。安全性分析、性能对比以及仿真结果表明该方案在解决多授权中心下的云外包数据安全共享问题上是有效的。
[Abstract]:With the explosive growth of data, the problem of data storage becomes more and more independent and difficult. The storage service in the cloud computing is just to cater to this market opportunity to provide an outsourced storage solution to a resource limited multi tenant. In the cloud storage, the user stores the data on a remote cloud server and is provided by a cloud service provider. However, the benefit of cloud service providers is driven to work in a semi trusted or malicious mode, which makes it urgent for the user to have the privacy protection function of the cloud storage system to prevent unauthorized sharing of outsourced data in the outsourced storage. Efficient and flexible data security sharing has become an urgent problem to be solved. This paper studies the above problems from two methods of hierarchical key management and attribute based encryption in cipher domain access control. The main achievements are as follows: (1) the fine granularity of cloud outsourced data for the dynamic changes of the user shared privileges. In addition, the hierarchical key management solution also requires the data owner to communicate one to one communication with the users involved in the various access groups through the secure channel. Once access to the group, the data owner is required to access the group. In order to avoid this defect, we propose an autonomous hierarchical key management scheme for outsourced data sharing. This scheme combines multiple rights group key management and hierarchical key management in each design. The main feature is that the data owner manages the hierarchical structure of each access group only through the public parameters of the system, and the users in each of the access groups obtain the symmetric encryption key corresponding to the group by the group key negotiation based on the multilinear mapping. Users and users of the corresponding high level access groups can publish update information for users in the low level access group involved. After obtaining this update, these low-level access groups can independently compute the new symmetric encryption keys corresponding to their groups. (2) currently, it is safe and has a direct key derivative. The hierarchical key management scheme needs to encrypt the public information in the system. This will increase the computing overhead of the system establishment and dynamic key management. By using the vector product in linear geometry to process the hierarchical structure between groups, we give a solution for the security sharing of cloud outsourced data based on the hierarchical key management. In this scheme, the data owner exposes a vector for each access group, and the matrix of all the vectors is the main public parameter of the system. At the same time, the data owner assigns the corresponding private information to the group for each user. Through the private information, the users in the group can calculate the corresponding privacy of the group. There is a vector. Then we calculate the inner product of the private key vector and the public vector corresponding to the group. The users in the group can get the symmetric encryption keys corresponding to the group. If two groups of access groups do not have a hierarchical relationship, the vectors associated with them will have orthogonality, that is, the inner product of the vectors is zero. If the two The access group has a hierarchical relationship, and the private vector of the high level access group and the inner product of the public vector of the low level access group correspond to an indirect key. Using this indirect key, the users in the high level access group can obtain the symmetric plus secret key of the low level access group corresponding to the key pipe of the dynamic sharing rights. On the other hand, the data owner only needs to update the public matrix in the system. Through the security analysis and simulation results, we can see that the scheme is safe and efficient. (3) in the face of the cloud storage system in the multi authorization center, we propose a dual factor outsourcing data sharing solution. This scheme integrates the identity base. Two techniques of encryption and cipher based attribute based encryption. One user can obtain the shared data of the owner of the data. Besides the access control strategy in the ciphertext, the user also requires that the user obtain the authorization key from the data owner. Furthermore, the proposed scheme also has a fixed cipher length. By using cloud server aided re encryption technology, the scheme implements a double decker revocation mechanism: attribute layer revocation corresponding to attribute authorization center and user layer cancellation corresponding to data owner. And the revocation process is completed under the open channel, and can resist the channel eavesdropping attack of the revocation user. Security analysis, performance The comparison and simulation results show that the scheme is effective in solving the problem of cloud outsourcing data security sharing under multiple authorization centers.
【学位授予单位】:华南理工大学
【学位级别】:博士
【学位授予年份】:2016
【分类号】:TN918.4
[Abstract]:With the explosive growth of data, the problem of data storage becomes more and more independent and difficult. The storage service in the cloud computing is just to cater to this market opportunity to provide an outsourced storage solution to a resource limited multi tenant. In the cloud storage, the user stores the data on a remote cloud server and is provided by a cloud service provider. However, the benefit of cloud service providers is driven to work in a semi trusted or malicious mode, which makes it urgent for the user to have the privacy protection function of the cloud storage system to prevent unauthorized sharing of outsourced data in the outsourced storage. Efficient and flexible data security sharing has become an urgent problem to be solved. This paper studies the above problems from two methods of hierarchical key management and attribute based encryption in cipher domain access control. The main achievements are as follows: (1) the fine granularity of cloud outsourced data for the dynamic changes of the user shared privileges. In addition, the hierarchical key management solution also requires the data owner to communicate one to one communication with the users involved in the various access groups through the secure channel. Once access to the group, the data owner is required to access the group. In order to avoid this defect, we propose an autonomous hierarchical key management scheme for outsourced data sharing. This scheme combines multiple rights group key management and hierarchical key management in each design. The main feature is that the data owner manages the hierarchical structure of each access group only through the public parameters of the system, and the users in each of the access groups obtain the symmetric encryption key corresponding to the group by the group key negotiation based on the multilinear mapping. Users and users of the corresponding high level access groups can publish update information for users in the low level access group involved. After obtaining this update, these low-level access groups can independently compute the new symmetric encryption keys corresponding to their groups. (2) currently, it is safe and has a direct key derivative. The hierarchical key management scheme needs to encrypt the public information in the system. This will increase the computing overhead of the system establishment and dynamic key management. By using the vector product in linear geometry to process the hierarchical structure between groups, we give a solution for the security sharing of cloud outsourced data based on the hierarchical key management. In this scheme, the data owner exposes a vector for each access group, and the matrix of all the vectors is the main public parameter of the system. At the same time, the data owner assigns the corresponding private information to the group for each user. Through the private information, the users in the group can calculate the corresponding privacy of the group. There is a vector. Then we calculate the inner product of the private key vector and the public vector corresponding to the group. The users in the group can get the symmetric encryption keys corresponding to the group. If two groups of access groups do not have a hierarchical relationship, the vectors associated with them will have orthogonality, that is, the inner product of the vectors is zero. If the two The access group has a hierarchical relationship, and the private vector of the high level access group and the inner product of the public vector of the low level access group correspond to an indirect key. Using this indirect key, the users in the high level access group can obtain the symmetric plus secret key of the low level access group corresponding to the key pipe of the dynamic sharing rights. On the other hand, the data owner only needs to update the public matrix in the system. Through the security analysis and simulation results, we can see that the scheme is safe and efficient. (3) in the face of the cloud storage system in the multi authorization center, we propose a dual factor outsourcing data sharing solution. This scheme integrates the identity base. Two techniques of encryption and cipher based attribute based encryption. One user can obtain the shared data of the owner of the data. Besides the access control strategy in the ciphertext, the user also requires that the user obtain the authorization key from the data owner. Furthermore, the proposed scheme also has a fixed cipher length. By using cloud server aided re encryption technology, the scheme implements a double decker revocation mechanism: attribute layer revocation corresponding to attribute authorization center and user layer cancellation corresponding to data owner. And the revocation process is completed under the open channel, and can resist the channel eavesdropping attack of the revocation user. Security analysis, performance The comparison and simulation results show that the scheme is effective in solving the problem of cloud outsourcing data security sharing under multiple authorization centers.
【学位授予单位】:华南理工大学
【学位级别】:博士
【学位授予年份】:2016
【分类号】:TN918.4
【相似文献】
相关期刊论文 前10条
1 刘晓艳;;一种基于身份认证的多智体密钥管理方法[J];山西财经大学学报;2007年S2期
2 王燕;陈燕俐;曹晓梅;杨庚;;无线网络中一种新型密钥管理[J];信息网络安全;2009年11期
3 石强;张欣;;可信存储的密钥管理[J];中国科技信息;2011年09期
4 赵华伟;郭强;舒明雷;吕家亮;黄太波;;躯感网密钥管理特征及研究现状分析[J];计算机应用与软件;2012年07期
5 黄江凭,张克骞;单密钥算法中的密钥管理问题[J];中国金融电脑;1999年06期
6 戴琼海,覃毅力,张莹;组播通信的访问控制和密钥管理[J];电子学报;2002年S1期
7 王国明;侯整风;;信息隐藏技术在密钥管理中的应用研究[J];计算机工程与设计;2008年18期
8 孙磊;戴紫珊;郭锦娣;;云计算密钥管理框架研究[J];电信科学;2010年09期
9 龚敏;陆萍;;基于城市通卡的发卡与密钥管理研究[J];福建电脑;2012年05期
10 顾冠群 ,朱艳琴 ,徐永南;密钥管理的设计与实现[J];电信科学;1992年02期
相关会议论文 前7条
1 刘鹏;赵战生;荆继武;戴英侠;;批发银行业环境中的密钥管理[A];第十次全国计算机安全学术交流会论文集[C];1995年
2 王潮;张振华;应仲平;徐拾义;牛志华;;WSN中基于身份的分散密钥管理研究[A];第六届中国测试学术会议论文集[C];2010年
3 马春光;戴膺赞;;无线传感器网络动态密钥管理方案综述[A];黑龙江省计算机学会2009年学术交流年会论文集[C];2010年
4 刘文远;裴继辉;王永栓;;PKI密钥管理系统的研究与设计[A];2007年全国第十一届企业信息化与工业工程学术会议论文集[C];2007年
5 王绘丽;李冰;张晓慧;孙斌;;Ad Hoc虚拟骨干网中密钥管理的研究[A];2006通信理论与技术新进展——第十一届全国青年通信学术会议论文集[C];2006年
6 徐莹;徐福缘;李生琦;;层级结构中基于一元hash函数的存取控制方法研究[A];全国第十届企业信息化与工业工程学术年会论文集[C];2006年
7 张轶北;高宝成;;基于簇结构分布式认证的Shamir机制研究[A];中国电子学会第十五届信息论学术年会暨第一届全国网络编码学术年会论文集(上册)[C];2008年
相关重要报纸文章 前3条
1 ;众多存储企业关注密钥管理[N];人民邮电;2007年
2 宋家雨;密钥管理之秘诀[N];网络世界;2007年
3 江信q,
本文编号:2165439
本文链接:https://www.wllwen.com/shoufeilunwen/xxkjbs/2165439.html
最近更新
教材专著
