一种高效细粒度云存储访问控制方案

分析Hur等提出的数据外包系统中属性基访问控制方案,指出其存在前向保密性安全漏洞、更新属性群密钥效率低和系统存储量大等缺陷,并基于Hur等方案,提出一种新的高效细粒度云存储访问控制方案.新方案由完全可信机构而非云服务器生成属性群密钥,解决前向保密性问题.采用中国剩余定理实现用户属性撤销,将KEK树上覆盖属性群用户最小子树的求解转变为中国剩余定理同余方程组的求解,提高群密钥更新效率.采用密文策略的属性基加密方法加密用于加密明文的对称密钥而非明文本身,将访问控制策略变更的重加密过程转移到云端,实现属性级和用户级的权限撤销.分析表明,新方案具有更强的安全性,更高的群密钥更新效率和更小的存储量与计算量.

Fine-grained Access Control with Efficient Revocation in Cloud Storage

Analyzed the attribute-based access control scheme in data outsourcing systems introduced by Hur et al and found there existed some weaknesses such as forward secrecy problem, low efficiency in updating the attribute group key, and great storage of the system in the scheme, then proposed a novel fine-grained access control scheme in cloud storage with more efficiency based on Hur et al＇s. The attribute group key was generated by the Trusted Authority（TA） rather than the Data Service Provider（DSP）, thus solves the forward secrecy problem. The Chinese Remainder Theorem was applied to realize the user attribute revocation. Solving the Chinese Remainder Theorem Congruence Equations instead of solving the minimum cover set in the KEK tree makes it more efficient in updating the attribute group key. The ciphertext-policy attributebased encryption solution was used to encrypt the symmetric key encrypting the plaintext rather than the plaintext immediately. The task of attribute-based encryption re-encryption was delegated to the DSP. The scheme achieves hybrid revocations both on the attribute level and the user level. The analysis results indicate that the proposed scheme with less shortage and calculation is more secure and efficient in revocation cost.