具有细粒度访问控制和低存储空间开销的云存储系统

doi:10.11772/j.issn.1001-9081.2015.12.3413

计算机应用 ›› 2015, Vol. 35 ›› Issue (12): 3413-3418.DOI: 10.11772/j.issn.1001-9081.2015.12.3413

具有细粒度访问控制和低存储空间开销的云存储系统

印凯泽, 汪海航

同济大学电子与信息工程学院, 上海 201804

收稿日期:2015-05-15 修回日期:2015-07-13 出版日期:2015-12-10 发布日期:2015-12-10
通讯作者: 印凯泽(1989-),男,浙江宁波人,博士研究生,CCF会员,主要研究方向:云计算、访问控制
作者简介:汪海航(1965-),男,浙江奉化人,教授,博士生导师,博士,主要研究方向:信息安全、网络与分布式计算。

Cloud storage system with fine-grained access control and low storage space overhead

YIN Kaize, WANG Haihang

College of Electronics and Information Engineering, Tongji University, Shanghai 201804, China

Received:2015-05-15 Revised:2015-07-13 Online:2015-12-10 Published:2015-12-10

摘要/Abstract

摘要： 针对目前公有云存储系统中存在的数据机密性和系统性能问题,提出了一个安全高效的方案,并将其应用于基于密文策略属性基加密(CP-ABE)的具有细粒度访问控制的密码学的云存储系统中。在这个方案中,原始的数据首先会经过一个(k,n)算法分割成小块,然后随机选择其中部分小块进行加密,最后发布到云上,且只保存一份副本。该方案能够提升用户撤销操作的性能和降低存储空间的开销,同时安全性分析也证明了这个系统在计算上是安全的。通过分析对比,实验结果表明:该方案优化了用户撤销,减少了数据拥有者对数据管理的时间,由于只需要保存一份数据副本,因此有效地减少了数据的存储空间。该方案实现了公有云存储中敏感数据的安全共享和高效存储。

关键词: 云存储, 访问控制, 密文策略属性基加密, (k, n)算法, 数据机密性

Abstract: Concerning the data's confidentiality when stored in public cloud storage system and the system's performance, a secure and efficient scheme was proposed and applied in the cloud storage system of cryptography with cryptographic fine-grained access control, which was based on Ciphertext-Policy Attribute-Based Encryption (CP-ABE). In the proposed scheme, the original data were firstly divided into a number of slices by the (k,n)algorithm. Then some of slices were randomly chosen to encrypt. At last, the encrypted slices were published to the cloud storage, and only one copy of these slices was stored. The proposed scheme was proved that it could improve the performance of the user's cancel operation and reduce the cost of the storage space. At the same time, the system was also proved to be safe on calculation by the analysis of the security. By contrast, the experimental results show that, the data management time for the data owner is decreased obviously through optimizing the user revocation phase. The data storage cost is also decreased because of only storing one copy of data. The proposed scheme achieves secure sharing and efficient storage of the sensitive data in the public cloud storage.

Key words: cloud storage, access control, Ciphertext-Policy Attribute-Based Encryption (CP-ABE), (k,n) algorithm, data confidentiality

中图分类号:

TP311.5

印凯泽, 汪海航. 具有细粒度访问控制和低存储空间开销的云存储系统[J]. 计算机应用, 2015, 35(12): 3413-3418.

YIN Kaize, WANG Haihang. Cloud storage system with fine-grained access control and low storage space overhead[J]. Journal of Computer Applications, 2015, 35(12): 3413-3418.

参考文献

[1] SNIA Technical Position. Cloud Data Management Interface (CDMI) v1.0.2[EB/OL].[2015-05-01]. http://snia.org/sites/default/files/CDMI%20v1.0.2.pdf.
[2] GHEMAWAT S, GOBIOFF H, LEUNG S T. The Google file system[J]. ACM SIGOPS Operating Systems Review, 2003, 37(5):29-43.
[3] BORTHAKUR D. The hadoop distributed file system:architecture and design[EB/OL].[2015-05-01]. http://hadoop.apache.org/docs/r1.2.1/hdfs_design.html.
[4] Amazon. Amazon simple storage service[EB/OL].[2015-05-01]. http://aws.amazon.com/s3/.
[5] KAMARA S, LAUTER K. Cryptographic cloud storage[C]//Financial Cryptography and Data Security, LNCS 6054. Berlin:Springer, 2010:136-149.
[6] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy. Washington, DC:IEEE Computer Society, 2007:321-334.
[7] SHAMIR A. How to share a secret[J]. Communications of the ACM, 1979, 22(11):612-613.
[8] GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security. New York:ACM, 2006:89-98.
[9] RESCH J K, PLANK J S. AONT-RS:blending security and performance in dispersed storage systems[C]//Proceedings of the 9th USENIX Conference on File and Storage Technologies. Berkeley:USENIX Association, 2011:1-12.
[10] RABIN M O. Efficient dispersal of information for security, load balancing, and fault tolerance[J]. Journal of the ACM, 1989, 36(2):335-348.
[11] RIVEST R L. All-or-nothing encryption and the package transform[C]//Proceedings of the 4th International Workshop on Fast Software Encryption. New York:ACM, 1997:210-218.
[12] BETHENCOURT J, SAHAI A, WATERS B. CP-ABE toolkit[EB/OL].[2015-05-01]. http://acsc.cs.utexas.edu/cpabe/.
[13] ALABDULATIF A, KHALIL I, MAI V. Protection of Electronic Health Records (EHRs) in cloud[C]//Proceedings of the 35th IEEE Conference on Engineering in Medicine and Biology Society. Piscataway:IEEE, 2013:4191-4194.

[1]	葛纪红, 沈韬. 基于区块链的能源数据访问控制方法[J]. 计算机应用, 2021, 41(9): 2615-2622.
[2]	杜心雨, 王化群. LTE-A网络中基于动态组的有效的身份认证和密钥协商方案[J]. 计算机应用, 2021, 41(6): 1715-1722.
[3]	陈家豪, 殷新春. 基于云雾计算的可追踪可撤销密文策略属性基加密方案[J]. 计算机应用, 2021, 41(6): 1611-1620.
[4]	葛丽娜, 胡雨谷, 张桂芬, 陈园园. 云计算环境基于客体属性匹配的逆向混合访问控制方案[J]. 计算机应用, 2021, 41(6): 1604-1610.
[5]	包玉龙, 朱雪阳, 张文辉, 孙鹏飞, 赵颖琪. 物联网应用中访问控制智能合约的形式化验证[J]. 计算机应用, 2021, 41(4): 930-938.
[6]	李秀艳, 刘明曦, 史闻博, 董国芳. 面向资源受限用户的高效动态数据审计方案[J]. 计算机应用, 2021, 41(2): 422-432.
[7]	李莉, 杨鸿飞, 董秀则. 基于身份多条件代理重加密的文件分级访问控制方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3251-3256.
[8]	王海勇, 潘启青, 郭凯璇. 基于区块链和用户信用度的访问控制模型[J]. 计算机应用, 2020, 40(6): 1674-1679.
[9]	唐鑫, 周琳娜. 基于响应模糊化的抗附加块攻击云数据安全去重方法[J]. 计算机应用, 2020, 40(4): 1085-1090.
[10]	史锦山, 李茹, 松婷婷. 基于区块链的物联网访问控制框架[J]. 计算机应用, 2020, 40(4): 931-941.
[11]	付伟, 顾晨阳, 高强. 基于属性加密的多用户共享ORAM方案[J]. 计算机应用, 2020, 40(2): 497-502.
[12]	王海勇, 彭垚, 郭凯璇. 云存储中基于代理重加密的CP-ABE访问控制方案[J]. 计算机应用, 2019, 39(9): 2611-2616.
[13]	柳玉东, 王绪安, 涂广升, 王涵. 全生命周期的云外包数据安全审计协议[J]. 计算机应用, 2019, 39(7): 1954-1958.
[14]	王亚琼, 史国振, 谢绒娜, 李凤华, 王雅哲. 卫星网络中支持策略隐藏的多授权访问控制方案[J]. 计算机应用, 2019, 39(2): 470-475.
[15]	明洋, 何宝康. 支持属性撤销的可验证外包的多授权属性加密方案[J]. 计算机应用, 2019, 39(12): 3556-3562.

具有细粒度访问控制和低存储空间开销的云存储系统

Cloud storage system with fine-grained access control and low storage space overhead

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics