ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2016, Vol. 53 ›› Issue (10): 2393-2399.doi: 10.7544/issn1000-1239.2016.20160432

所属专题: 2016网络空间共享安全研究进展专题

• 信息安全 • 上一篇    下一篇



  1. (暨南大学信息科学技术学院 广州 510632) (
  • 出版日期: 2016-10-01
  • 基金资助: 
    国家自然科学基金重点项目(61133014);国家自然科学基金面上项目(61272413,61272534) This work was supported by the Key Program of the National Natural Science Foundation of China (61133014) and the General Program of the National Natural Science Foundation of China (61272413,61272534).

Multi-Authority CP-ABE with Policy Update in Cloud Storage

Wu Guangqiang   

  1. (College of Information Science and Technology, Jinan University, Guangzhou 510632)
  • Online: 2016-10-01

摘要: 云存储作为一种新型的数据存储体系结构,近年来得到越来越广泛的应用.大多数用户为了降低本地存储开销、实现数据共享选择将自己的数据上传到云服务器存储.然而,云存储系统存在的安全隐患也引发了社会越来越多的担忧.例如,不完全可信的云服务提供商可能会窃取用户的数据或让未授权的其他用户访问数据等.因此,对用户数据进行加密并实现数据的访问控制是确保云存储中数据安全的有效方法.基于密文的属性加密(CP-ABE)方案则能够很好地实现安全云存储目标,它允许一个发送者加密数据并设置访问控制结构,只有符合条件的用户才能对数据进行解密.但是,传统CP-ABE方案中存在的密钥泄露等问题制约了属性加密在云存储系统中的应用.针对上述的问题,提出了一个多授权机构支持策略更新的CP-ABE方案,该方案与之前的方案相比,不仅可以通过多授权机构避免密钥泄露问题,同时将策略更新及密文更新过程交给服务器执行,有效地降低了本地的计算开销和数据传输开销,充分利用云存储的优势提供一个高效、灵活的安全数据存储方案,对所提方案进行了安全性证明,并对方案进行了效率分析.

关键词: 云存储, 访问控制, 基于密文的属性加密, 多授权机构, 策略更新

Abstract: Cloud storage, as a novel data storage architecture, has been widely used to provide services for data draw to store and share their data in cloud. However, the security concerns of cloud storage also draw much attention of the whole society. Since some cloud service providers are not trustworthy, the data stored in their cloud servers could be stolen or accessed by unauthorized users. Ciphertext-policy attribute based encryption (CP-ABE) can be used to solve such security problems in cloud, which can encrypt data under a specified access policy thus to maintain data confidentiality as well as access control. Unfortunately, traditional CP-ABE schemes suffer from key escrow problems and are lack of policy update. In this paper, we propose a new multi-authority CP-ABE scheme with policy update, which can efficiently cut down the computation cost and communication cost compared with other schemes in literature. We also prove the semantic security for our scheme, and also analyze its efficiency.

Key words: cloud storage, access control, ciphertext-policy attribute-based encryption (CP-ABE), multi-authority, policy update