湖南大学学报(自然科学版)
湖南大學學報(自然科學版)
호남대학학보(자연과학판)
Journal of Hunan University (Natural Sciences)
2015年
10期
133-140
,共8页
李谢华%张蒙蒙%刘鸿%王勇军
李謝華%張矇矇%劉鴻%王勇軍
리사화%장몽몽%류홍%왕용군
多授权机构%属性加密%访问控制%访问结构树%云存储
多授權機構%屬性加密%訪問控製%訪問結構樹%雲存儲
다수권궤구%속성가밀%방문공제%방문결구수%운존저
multi-authority%Attribute-Based Encryption(ABE)%access control%access tree%cloud storage
针对于跨域云数据访问控制中的安全性和有效性问题,提出了一种基于树访问结构的多授权机构属性加密(Attribute-Based Encryption,ABE)的跨域数据访问控制方法。通过建立分散授权模型,将属性私钥的生成与中央认证机构(Central Authority,CA)分离,由数据属主(Data Owner,DO)和授权机构分别生成并分发属性私钥组件。利用基于访问结构树的控制策略,有效预防了用户之间以及用户和授权机构之间的联合攻击。此外,用户密钥计算无需使用全球唯一标识(Global Identity,GID),支持匿名用户跨域数据访问。最后,利用双线性判定Diffie-Hellman(Decision Bilinear Diffie-Hellman,DBDH)假设理论分析了方案的安全性。研究结果表明,本方案在解密操作和加解密平均时间上具有较高的性能,能够有效地应用于多授权机构并存的云存储环境。
針對于跨域雲數據訪問控製中的安全性和有效性問題,提齣瞭一種基于樹訪問結構的多授權機構屬性加密(Attribute-Based Encryption,ABE)的跨域數據訪問控製方法。通過建立分散授權模型,將屬性私鑰的生成與中央認證機構(Central Authority,CA)分離,由數據屬主(Data Owner,DO)和授權機構分彆生成併分髮屬性私鑰組件。利用基于訪問結構樹的控製策略,有效預防瞭用戶之間以及用戶和授權機構之間的聯閤攻擊。此外,用戶密鑰計算無需使用全毬唯一標識(Global Identity,GID),支持匿名用戶跨域數據訪問。最後,利用雙線性判定Diffie-Hellman(Decision Bilinear Diffie-Hellman,DBDH)假設理論分析瞭方案的安全性。研究結果錶明,本方案在解密操作和加解密平均時間上具有較高的性能,能夠有效地應用于多授權機構併存的雲存儲環境。
침대우과역운수거방문공제중적안전성화유효성문제,제출료일충기우수방문결구적다수권궤구속성가밀(Attribute-Based Encryption,ABE)적과역수거방문공제방법。통과건립분산수권모형,장속성사약적생성여중앙인증궤구(Central Authority,CA)분리,유수거속주(Data Owner,DO)화수권궤구분별생성병분발속성사약조건。이용기우방문결구수적공제책략,유효예방료용호지간이급용호화수권궤구지간적연합공격。차외,용호밀약계산무수사용전구유일표식(Global Identity,GID),지지닉명용호과역수거방문。최후,이용쌍선성판정Diffie-Hellman(Decision Bilinear Diffie-Hellman,DBDH)가설이론분석료방안적안전성。연구결과표명,본방안재해밀조작화가해밀평균시간상구유교고적성능,능구유효지응용우다수권궤구병존적운존저배경。
In order to improve the security and efficiency of data access control under multi-authority environment,an access-tree based multi-authority ABE (ATB-MAABE)has been proposed in this paper. In ATB-MAABE,CA is only used for public parameters generating and authority verification,which re-duces the security risk introduced by CA.Access control policy is defined by the DO(data owner),and the attribute-based secret key components are generated by DO and different attributes authorities.By using the access tree based control policy,this scheme can prevent the attacks from the user and authority collu-sion.Furthermore,the user's global identifier (GID)is not required in secret key generating,which can support anonymous data control and sharing.Finally,the security proof is given by using the Decisional Bilinear Diffie-Hellman (DBDH )assumption,and the experiment results show the efficiency of this scheme in encryption/decryption operations.