高级检索

    可信云存储环境下支持访问控制的密钥管理

    Key Management for Access Control in Trusted Cloud Storages

    • 摘要: 可信云存储采用本地数据加解密来保证用户外包数据在网络传输和云端存储的安全性.该环境下数据拥有者通过对数据密钥的安全共享和管理来实现对不同用户的选择性数据访问授权控制.针对多数据拥有者可信云存储环境,以最小化用户的密钥安全传输/存储等密钥管理代价及其安全风险为目标,提出了一种新的基于全局逻辑层次图(global logical hierarchical graph, GLHG)的密钥推导机制的密钥管理方法.该方法通过GLHG密钥推导图来安全、等价地实施全局用户的数据访问授权策略,同时利用云服务提供商(半可信第三方)来执行GLHG密钥推导图结构的管理并引入代理重加密技术,从而进一步提高密钥管理执行效率.阐述了基于GLHG密钥推导图更新的动态访问控制支持策略,并对该方法进行安全性分析和实验对比分析.

       

      Abstract: In trusted cloud storage (TCS), for protecting the privacy of the sensitive outsourced cloud data, data owners locally encrypt their data before outsourcing. Through the secure management of the data keys, the selective access of outsourced data can be enforced in TCS scenarios. However, in TCS with multiple data owners, it remains a challenge to reduce users security risk and costs of key management as much as possible. In this paper, we propose a novel key management scheme based on global logical hierarchical graph (GLHG) for key derivation, which is used to enforce correctly the global authorization policies of all users. Our solution can achieve high efficiency by delegating the management of GLHG structure to cloud and adopting proxy re-encryption (PRE) technology. Additionally, this paper states the update policies for supporting dynamic access control. Finally, we show the benefits of our solution by experimentally evaluating quantitative criterions of key management.

       

    /

    返回文章
    返回