计算机应用 ›› 2015, Vol. 35 ›› Issue (7): 1897-1902.DOI: 10.11772/j.issn.1001-9081.2015.07.1897

• 信息安全 • 上一篇    下一篇

基于动态重加密的云存储权限撤销优化机制——DR-PRO

杜明, 郝国生   

  1. 江苏师范大学 计算机科学与技术学院, 江苏 徐州 221116
  • 收稿日期:2015-02-03 修回日期:2015-03-28 出版日期:2015-07-10 发布日期:2015-07-17
  • 通讯作者: 杜明(1976-),男,山东泰安人,工程师,硕士,CCF会员,主要研究方向:云计算、物联网,dumxz@139.com
  • 作者简介:郝国生(1972-),男,河北万全人,副教授,博士,主要研究方向:智能计算、组织状态观测。
  • 基金资助:

    江苏省自然科学基金资助项目(BK20131130);江苏师范大学校自然科学基金资助项目(13XLB03)。

DR-PRO: cloud-storage privilege revoking optimization mechanism based on dynamic re-encryption

DU Ming, HAO Guosheng   

  1. College of Computer Science and Technology, Jiangsu Normal University, Xuzhou Jiangsu 221116, China
  • Received:2015-02-03 Revised:2015-03-28 Online:2015-07-10 Published:2015-07-17

摘要:

针对云存储服务中用户访问权限撤销计算与带宽代价过大、复杂度过高等问题,提出一种基于动态重加密的云存储权限撤销优化机制(DR-PRO)。首先,以密文策略的属性加密体制(CP-ABE)的密文访问控制方案作为理论背景,利用(k,n)门限方案,将数据信息划分成若干块,动态地选取某一数据信息块实现重加密;然后,依次通过数据划分、重构、传输、提取以及权限撤销等子算法完成用户访问权限撤销实现过程。理论分析与测试仿真表明,在保证云存储服务用户数据高安全性的前提下:与懒惰重加密机制相比,DR-PRO的用户访问权限撤销的计算与带宽代价在数据文件变化情况下的平均下降幅度是5%;与完全重加密机制相比,DR-PRO的用户访问权限撤销的计算与带宽代价在共享数据块变化情况下的平均下降幅度是20%。实验结果表明,DR-PRO在云存储服务中能够有效提高用户访问权限撤销的性能与效率。

关键词: 云存储, 密文访问控制, 权限撤销, 动态重加密

Abstract:

To effectively solve overhead computing and bandwidth, high complexity problems about user access privileges revoking in cloud-storage service, a cloud-storage privilege revoking optimization mechanism based on dynamic re-encryption (DR-PRO) was proposed. Firstly, based on ciphertext access control scheme of Ciphertext Policy Attribute Based Encryption (CP-ABE), by using (k,n) threshold algorithm of secret sharing scheme, data information was divided into a number of blocks, and then a data information block was dynamically selected to realize re-encryption. Secondly, the user access privilege revoking was finished by the sub-algorithms, including data cutting, data reconstructing, data publishing, data extracting and data revoking. The theoretical analysis and test simulation showed that, based on high security of user information in cloud-storage service, compared with lazy re-encryption mechanism, the average computing and bandwidth decrease of user access privileges revoking was 5% when data file changed; compared with full re-encryption mechanism, the average computing and bandwidth decrease of user access privileges revoking was 20% when shared data block changed. The experimental results show that DR-PRO effectively improves the performance and efficiency of user access privileges revoking in cloud-storage service.

Key words: cloud-storage, ciphertext access control, privilege revoking, dynamic re-encryption

中图分类号: