基于属性群的云存储密文访问控制方案

(730070)CryptographicAccessControlSchemeinCloudStorageBasedonAttributeGroupYANGXiao-dong,WANGCai-fen(CollegeofMathematicsandInformationScience,NorthwestNormalUniversity,Lanzhou730070,China)AbstractThispaperproposesacryptographicaccesscontrolschemebasedonattributegroupincloudstorage.ThesymmetriccryptosystemisusedtoencrypttheoriginaldatabytheDataOwner(DO),andtheattribute-basedencryptionalgorithmisusedtoencryptthesymmetrickey.DOdelegatethetaskofdatare-encryptiontotheCloudServiceProvider(CSP),whichnotonlyreducesthecomputationalcostofDO,butalsodoesnotrevealextrainformationoftheplaintexttoCSP.Theproposedschemesupportstheunitofacollectionofmultipleuserswhenanyattributeoruserisrevoked.Thefine-grainedandflexibleaccesscontrolcanbeachievedbyhybridcryptosystemmeachanism.Comparedwiththeexistingaccesscontrolschemes,theproposedschemeismoreefficientinrevocationcostandcanalleviatetheadministeringburdersonDO.Theschemeguaranteescollusionresistanceagainstcolludingusers,dataconfidentiality,forwardandbackwardsecrecy.Keywordscryptographicaccesscontrol;cloudstorage;attributegroup;userrevocation;re-encryptionDOI:10.3969/j.issn.1000-3428.2012.11.007ComputerEngineering3811Vol.38No.1120126June201210003428(2012)11002003ATP309.71(DataOwner,DO)(Ciphertext-policyAttribute-basedEncryption,CP-ABE)[1]CP-ABECP-ABECP-ABEDO(CloudServiceProvider,CSP)CP-ABE[2]CP-ABEDO[3]DOCSP[4-5]2DODO[6]CP-ABECP-ABE2CP-ABE(AES)ManagerDOCSP(61163038)(NWNU-LKQN-10-22)(1981)2011-12-14E-maily200888@163.com381121CSP2.1CA2p1G2G112:eGGGg1G12{,,,}q(1)iiq1iwG()iattii12{,,,}nUuuuiUUiCA*,pZ12{,,PKGG1,,(,),{}}qiiggeggw(,)MKg2.22(1)UtuUtSKCA*prZ(r)i*iprZtu()/(,:rtiiSKDgD'()(),)iiirrrattigwDgCAtSKtuiiUManager1u2u3u4u12{,}234{,,}13{,}12{,,34,}CA12341134{,,}Uuuu2124{,,}Uuuu3234{,,}Uuuu424{,}UuuManager(2)Manager(KEK)Ujv*jpKEKZtututPKManagertPKtuUManagerKEK11234567{,,,,,,}Uuuuuuuu1u11248{,,,}PKKEKKEKKEKKEK1KEK2.3DOffkEfkf()ffkCEfTxkTxx1xkxq*psZR(0)Rqsx(0)xq()(())parentxqindexx()parentxx()indexxxYTDOfk(0)(0)'()(,(,),,:,())yyyssfqqyyattCTTCkeggCgyYCgCwDO(,)fCCTCSP2.4Manager(,)fCCTCT(1)yYyU*ypKZyU'(0)(0)'()(,(,),,:,(()))yyyyssfKqqyyattCTTCkeggCgyYCgCw(2)KEKiUiU()iKEKU11134{,,}UuuuKEK1u3u4u{5,8}vv1U1()KEKU58{,}KEKKEK1U1()KEKU(3)E()(:{()})yyKKKEKUHdryYEK(4)ManagerServer'(,,)fHdrCCT2.5fHdr'CTfkfCf(1)tuCSPfManagertuServer'(,,)fHdrCCT(2)tuHdrtuitu()iKEKKEKUtPKHdriUiK11134{,,}Uuuu1U1()KEKU58{,}KEKKEK1u11{,PKKEK248,,}KEKKEKKEK4u4125{,,,PKKEKKEKKEK11}KEK1u181()KEKKEKUPK4u154()KEKKEKUPKHdr1U1Ktu1/()/'()(,:(),())iiiiKrrrrtiiattiSKDgDgwDg(3)tu'CTTy22201265(0)()(0)1/'''(0)()((),)(,)(,),(,)(,,)((),(()))yiyyyyyyiyqrrattrqyyytKKqryyattegwgeDCegguUeDCDecryptNodeCTSKyegwotherwisexx{}jzxjkjz'(,,)jzjFDecryptNodeCTSKz(0)(,)zjrqeggxkjzFLagrangexF(0)(,)xrqeggR'(,,)ADecryptNodeCTSKR(0)(,)(,)RrqrseggeggtuT/((,)/)fkCeCDA(4)tufkfCf2.6CACSPiUi(i)Manager(1)'*psZ'*ipKZiU'iiKKManager''''''''()()(0)(0)'()(0)(0)'()(,(,),,,(()),\{}:,(()))iiiiyyyyssssfKqsqsiiattKqsqsyyattCTTCkeggCgCgCwyYiCgCwiU(2)KEKiUiU()iKEKU13u1114{,}UuuKEK1u4u811{,}vv1U1811(){,}KEKUKEKKEK1()KEKU3u1u4u1()KEKUManager'()()({()},\{}:{()})iyiyKKKEKUKKKEKUHdrEKyYiEK31fCfkDOfkManager'CTfkCP-ABET(,)seggfkiiUiKHdrAESAESCP-ABE[1]2T(,)rseggTr()()iirriattDgwx(0)(,)xrqegg(,)rsegg'CTfk3Managers'siUiK'iK's(,)seggi'()(,)sseggiU'iKiK's'()(,)sseggi(,)segg4VmwareWorkstationRedHatEnterpriseLinux6.21GBcpabe-0.11[7]openssl-1.0.0[8]192AES521MB10MB50MB322DOCSPDO[5]DODO[6]DOCP-ABE(26)262012656ICCS-PWLoadRunner1072h7(a)(b)75000.1s1~22~34ICCS-PWICCS-PW[1].[EB/OL].[2011-08-01].[2].[M].:,2011.[3]BuyyaR,CheeShin-Yeo,VenugopaS.Market-orientedCloudComputing:Vision,Hype,andRealityforDeliveringITServicesasComputingUtilities[C]//Proc.ofHPCC’08.Dalian,China:[s.n.],2008.[4].[EB/OL].(2011-01-15).=2590507188137.[5]![EB/OL].[2011-08-01].[6]Seamicro.SM1000DataSheet[EB/OL].[2011-08-01].[7]CGI1.2Specification[EB/OL].[2011-08-01].[8].SQLite[EB/OL].[2011-08-01].~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~(22)5[1]BethencourtJ,SahaiA,WatersB.Ciphertext-policyAttribute-basedEncryption[C]//Proc.ofSSP’07.California,USA:[s.n.],2007.[2]IbraimiL,AsimM,PetkovicM.AnEncryptionSchemeforaSecurePolicyUpdating[C]//Proc.ofSECRYPT’10.Athens,Greece:[s.n.],2010.[3]YuShucheng,WangCong,RenKui,etal.AttributeBasedDataSharingwithAttributeRevocation[C]//Proc.ofASIACCS’10.Beijing,China:[s.n.],2010.[4]HongCheng,ZhangMin,Fe

基于属性群的云存储密文访问控制方案

免费阅读已结束，点击付费阅读剩下 ... 页

阅读已结束，您可以下载文档离线阅读

小区宽带驻地网工程施工手册(XXXX年版)

园林树木5

第一节现代旅游(第一课时)

生物学业水平模拟试题

新闻文体学

公益法人制度改革

日本政府(文部科学省)博士生奖学金项目

萧敬腾演唱会冠名赞助招商

二滩水电开发公司生产管理部主任绩效指标

中华传统养生推广协会

相关文档

相关搜索