基于动态重加密的云存储权限撤销优化机制——DR-PRO

针对云存储服务中用户访问权限撤销计算与带宽代价过大、复杂度过高等问题,提出一种基于动态重加密的云存储权限撤销优化机制(DR-PRO)。首先,以密文策略的属性加密体制(CP-ABE)的密文访问控制方案作为理论背景,利用(k,n)门限方案,将数据信息划分成若干块,动态地选取某一数据信息块实现重加密;然后,依次通过数据划分、重构、传输、提取以及权限撤销等子算法完成用户访问权限撤销实现过程。理论分析与测试仿真表明,在保证云存储服务用户数据高安全性的前提下:与懒惰重加密机制相比,DR-PRO的用户访问权限撤销的计算与带宽代价在数据文件变化情况下的平均下降幅度是5%;与完全重加密机制相比,DR-PRO的用户访问权限撤销的计算与带宽代价在共享数据块变化情况下的平均下降幅度是20%。实验结果表明,DR-PRO在云存储服务中能够有效提高用户访问权限撤销的性能与效率。

DR-PRO: cloud-storage privilege revoking optimization mechanism based on dynamic re-encryption

To effectively solve overhead computing and bandwidth, high complexity problems about user access privileges revoking in cloud-storage service, a cloud-storage privilege revoking optimization mechanism based on dynamic re-encryption (DR-PRO) was proposed. Firstly, based on ciphertext access control scheme of Ciphertext Policy Attribute Based Encryption (CP-ABE), by using (k,n) threshold algorithm of secret sharing scheme, data information was divided into a number of blocks, and then a data information block was dynamically selected to realize re-encryption. Secondly, the user access privilege revoking was finished by the sub-algorithms, including data cutting, data reconstructing, data publishing, data extracting and data revoking. The theoretical analysis and test simulation showed that, based on high security of user information in cloud-storage service, compared with lazy re-encryption mechanism, the average computing and bandwidth decrease of user access privileges revoking was 5% when data file changed; compared with full re-encryption mechanism, the average computing and bandwidth decrease of user access privileges revoking was 20% when shared data block changed. The experimental results show that DR-PRO effectively improves the performance and efficiency of user access privileges revoking in cloud-storage service.