Journal of Computer Applications ›› 2019, Vol. 39 ›› Issue (9): 2611-2616.DOI: 10.11772/j.issn.1001-9081.2019020356

• Cyber security • Previous Articles     Next Articles

CP-ABE access control scheme based on proxy re-encryption in cloud storage

WANG Haiyong1, PENG Yao2, GUO Kaixuan2   

  1. 1. College of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210023, China;
    2. College of Internet of Things, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210003, China
  • Received:2019-03-05 Revised:2019-04-10 Online:2019-09-10 Published:2019-06-17
  • Supported by:

    This work is partially supported by the National Natural Science Foundation of China (GZ215045), the Education Informatization Research Project of Jiangsu Province (20172105), the Teaching Reform Project of Nanjing University of Posts and Telecommunications (JG06717JX66).

云存储中基于代理重加密的CP-ABE访问控制方案

王海勇1, 彭垚2, 郭凯璇2   

  1. 1. 南京邮电大学 计算机学院, 南京 210023;
    2. 南京邮电大学 物联网学院, 南京 210003
  • 通讯作者: 王海勇
  • 作者简介:王海勇(1979-),男,江苏连云港人,副研究员,博士,CCF会员,主要研究方向:计算机网络与安全、信息网络;彭垚(1993-),男,贵州黔西人,硕士研究生,主要研究方向:计算机网络与安全、云计算;郭凯璇(1991-),女,山东枣庄人,硕士研究生,主要研究方向:区块链、共识算法、物联网。
  • 基金资助:

    国家自然科学基金面上项目(GZ215045);江苏省教育信息化研究资助项目(20172105);南京邮电大学教学研究改革项目(JG06717JX66)。

Abstract:

Focused on the large user's decryption overhead of the Ciphertext Policy Attribute-Based Encryption (CP-ABE) access control scheme in cloud storage, a CP-ABE Access Control Scheme Based on Proxy Re-Encryption (CP-ABE-BPRE) was proposed, and the key generation method was improved. Five components were included in this scheme:trusted key authority, data owner, cloud service provider, proxy decryption server and data visitor. The cloud server re-encrypted the data, and the proxy decryption server performed most of the decryption calculation. The proposed scheme reduces the user's decryption overhead effectively,and solves the data leakage problem caused by illegal stealing of the user's private key in the traditional CP-ABE scheme, and the direct revocation of user attributes is provided while the fine-grained access control is ensured in the scheme. A comparison with other CP-ABE schemes demonstrates that this scheme has better decryption performance for users when accessing cloud data.

Key words: cloud storage, attribute-based encryption, proxy re-encryption, access control, trusted key

摘要:

针对云存储中基于密文策略的属性加密(CP-ABE)访问控制方案存在用户解密开销较大的问题,提出了一种基于代理重加密的CP-ABE (CP-ABE-BPRE)方案,并对密钥的生成方法进行了改进。此方案包含五个组成部分,分别是可信任密钥授权、数据属主、云服务提供商、代理解密服务器和数据访问者,其中云服务器对数据进行重加密,代理解密服务器完成大部分的解密计算。方案能够有效地降低用户的解密开销,在保证数据细粒度访问控制的同时还支持用户属性的直接撤销,并解决了传统CP-ABE方案中因用户私钥被非法盗取带来的数据泄露问题。与其他CP-ABE方案比较,此方案对访问云数据的用户在解密性能方面具有较好的优势。

关键词: 云存储, 属性加密, 代理重加密, 访问控制, 可信任密钥

CLC Number: