混合云环境下基于属性的密文策略加密方案

针对现有云存储的数据和访问控制的安全性不高，从而造成用户存储的敏感信息被盗取的现象，结合现有的基于密文策略属性加密（CP-ABE）方案和数据分割的思想，提出了一个基于混合云的高效数据隐私保护模型。首先根据用户数据的敏感程度将数据合理分割成不同敏感级别的数据块，将分割后的数据存储在不同的云平台上，再根据数据的安全级别，进行不同强度的加密技术进行数据加密。同时在敏感信息解密阶段采取“先匹配后解密”的方法，并对算法进行了优化，最后用户进行一个乘法运算解密得到明文。在公有云中对1 Gb数据进行对称加密，较单节点提高了效率一倍多。实验结果表明：该方案可以有效保护云存储用户的隐私数据，同时降低了系统的开销，提高了灵活性。

Ciphertext-policy attribute-based encryption scheme in hybrid clouds

Focusing on inefficient data security and access control in the existed cloud storage, which results in sensitive information to be stolen, combined with the existed Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and data partition,an efficient data privacy protection model based on the hybrid cloud was proposed. First of all, according to the data sensitive degree, the data were divided into data blocks based on different sensitivity levels, and then data blocks were stored on different cloud platforms. According to the security level of the data, data were encrypted by using the different intensity encryption technologies. At the same time, the scheme of "first match after decryption" was adopted in the decryption stage and the algorithm was optimized. Finally, user decrypted ciphertext by the multiplication. Compared with the single node algorithm, for encrypting 1 Gb data, the efficiency of symmetric encryption algorithm more than doubled in the public clouds. The experimental results show that the proposed scheme can protect the privacy data of cloud storage user, reduces the system cost and improves the system flexibility.