云存储下多用户协同访问控制方案

史姣丽; 黄传河; 王晶; 覃匡宇; 何凯

doi:10.11959/j.issn.1000-436x.2016010

您当前的位置：

首页 >

文章列表页 >

云存储下多用户协同访问控制方案

学术论文 | 更新时间：2024-06-05

- 云存储下多用户协同访问控制方案
- Multi-user collaborative access control scheme in cloud storage
- 通信学报 2016年37卷第1期页码：88-99
- 作者机构：
  
  1. 武汉大学计算机学院，湖北武汉 430072
  2. 九江学院信息科学与技术学院，江西九江 332005
  3. 桂林电子科技大学信息与通信学院，广西桂林 541004
- 作者简介：
  
  [ "史姣丽（1979-），女，山西运城人，武汉大学博士生，九江学院讲师，主要研究方向为网络安全。" ]
  [ "黄传河（1963-），男，湖北随州人，博士，武汉大学教授、博士生导师，主要研究方向为移动互联网、移动ad hoc网络、无线传感器网络、无线mesh网络、WDM网络、物联网、网络安全、分布并行处理。" ]
  [ "王晶（1986-），女，湖南邵阳人，武汉大学博士生，主要研究方向为网络安全。" ]
  [ "覃匡宇（1974-），男，壮族，广西马山人，武汉大学博士生，主要研究方向为计算机网络。" ]
  [ "何凯（1987-），男，湖北黄冈人，武汉大学博士生，主要研究方向为网络安全。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61373040);国家自然科学基金资助项目(61572370);教育部博士点基金资助项目(20120141110073)
- DOI：10.11959/j.issn.1000-436x.2016010
  中图分类号： TP393.0
- 网络出版日期：2016-01，
  
  纸质出版日期：2016-01-25
- 稿件说明：
移动端阅览
史姣丽, 黄传河, 王晶, 等. 云存储下多用户协同访问控制方案[J]. 通信学报, 2016,37(1):88-99.

li SHIJiao, he HUANGChuan, Jing WANG, et al. Multi-user collaborative access control scheme in cloud storage[J]. Journal on communications, 2016, 37(1): 88-99.
史姣丽, 黄传河, 王晶, 等. 云存储下多用户协同访问控制方案[J]. 通信学报, 2016,37(1):88-99. DOI： 10.11959/j.issn.1000-436x.2016010.

li SHIJiao, he HUANGChuan, Jing WANG, et al. Multi-user collaborative access control scheme in cloud storage[J]. Journal on communications, 2016, 37(1): 88-99. DOI： 10.11959/j.issn.1000-436x.2016010.

摘要

CP-ABE 被认为是云存储下最适合的数据访问控制方法之一，但它仅适合用户分别读取或者分别修改不同数据的情况，而直接应用CP-ABE进行多用户协同数据访问时，会存在修改无序、密文文件大量冗余等问题。多用户协同访问云端数据时，应该在保证机密性、抗共谋的前提下控制合法用户有序地修改同一密文文件，同时云端尽可能减少密文文件副本。针对文件和文件逻辑分块，提出了2个多用户协同访问控制方案MCA-F和MCA-B。MCA-F满足单个数据文件作为最小控制粒度的访问控制需求，该方案采用层次加密结构，云服务器承担部分解密计算，以降低用户解密的计算代价；针对多用户同时写数据的访问控制，提出了对多个用户提交的暂存数据的管理方法。MCA-B 用于文件的逻辑分块作为最小控制粒度的访问控制，该方案设计了文件的逻辑分块机制、基于索引矩阵的表示方法，提出了子数据掩码表示方法以描述多个用户对同一文件不同逻辑分块的写权限；MCA-B支持用户集合、文件逻辑分块结构的动态变化，而且数据的拥有者和修改者无需一直在线。与现有的方案相比，所提方案不仅具有云存储下多用户协同写数据的访问控制能力，而且读访问控制的用户端存储量和加解密计算量是较小的。

Abstract

CP-ABE was considered as one of most suitable methods of access control in cloud storage. However

it was just fit for reading or modifying different data files respectively. When CP-ABE was applied directly to data access collaborative control by multiple users

there would be such problems as data being modified disorderly.When multiple users access collaboratively the data stored on the cloud

legitimate users should modify the same ciphertext file orderly on the premise of confidentiality and collusion-resistance and the copies of ciphertext file should be generated as few as possible. Two multi-user collaborative access control schemes MCA-F and MCA-B for the file and its logical blocks each were proposed. The MCA-F scheme meets the requirement of access control in which the minimal granularity of control is a single data file. In MCA-F scheme

hierarchical encryption is adopted

a part of decrypting computation is transferred to a cloud server to decrease the computational cost on users when decrypting.In allusion to the simultaneous write-data access control of multiple users

a method is designed to manage semi-stored modified data submitted by menders. The MCA-B scheme is used for the access control in which a logical block of the file is the minimal granularity of control. This scheme designs a mechanism of logical blocking of the file and a representing method based on index matrix

and the representation of sub data mask is put forward to describe write permission of multiple users on different logical blocks of the same file. MCA-B scheme supports the dynamic change of the structure of logical blocks of the file

and the owners or menders do not need to be online always. Compared with the existing schemes

not only do proposed schemes provide multi-user collaborative access control in cloud storage

but also the client storage of reading access control and the computation of encrypting and decrypting are both lesser.

关键词

Keywords

references

SAHAI A , WATERS B . Fuzzy identity-based encryp-tion [C ] // Advances in Cryptology - Eurocrypt 2005 . Springer, Berlin Heidelberg , c 2005 : 457 - 473 .

GOYAL O P V , SAHAI A , WATERS B . Attribute based encryption for fine-grained access conrol of encrypted data [C ] // 13th ACM Confe-rence on Computer and Communications Security . Alexandria , c 2006 : 89 - 98 .

BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption [C ] // IEEE Symposium on Security and Pri-vacy. California,IEEE , c 2007 : 321 - 334 .

LEWKO A , OKAMOTO T , SAHAI A , et al . Fully secure functional. encryption: attribute-based encryption and (hierarchical) inner product encryption [C ] // Advances in Cryptology EUROCRYPT 2010 . Springer, Berlin Heidelberg , c 2010 : 62 - 91 .

DENG H , WU Q , QIN B . Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts [J ] . Information Sciences , 2014 , 275 ( 8 ): 370 - 384 .

LI M , YU S C , ZHENG Y . Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption [J ] . IEEE Transactions on Parallel and Distributed Systems , 2013 , 24 ( 1 ): 131 - 143 .

FERRARA A L , FUCHSBAUER G , WARINSCHI B . Cryptographi-cally Enforced RBAC [C ] // IEEE 26th Computer Security Foundations Symposium (CSF).Louisiana,IEEE , c 2013 : 115 - 129 .

ZHAO F , NISHIDE T , SAKURAI K . Realizing fine-grained and flexible access control to outsourced data with attribute-based crypto-systems [C ] // IInformation Security Practice and Experience . Springer, Berlin Heidelberg , c 2011 : 83 - 97 .

RUJ S , STOJMENOVIC M , NAYAK A . Decentralized access control with anonymous authentication of data stored in clouds [J ] . IEEE Trans-actions on Parallel and Distributed Systems , 2014 , 25 ( 2 ): 384 - 394 .

HUR J , KANG K . Secure data retrieval for decentralized disrup-tion-tolerant military networks [J ] . IEEE/ACM Transactions o Net-working , 2014 ,( 22 ): 16 - 26 .

YANG K , JIA X H , REN K , et al . DAC-MACS: effective data access control for multi-authority cloud storage systems [C ] // INFOCOM 2013. Turin,IEEE , c 2013 : 2895 - 2903 .

YANG K , JIA X , REN K . Enabling efficient access contro with dy-namic policy updating for big data in the cloud [C ] // INFOCOM 2014. Toronto,IEEE , c 2014 : 2013 - 2021 .

HERRANZ J , RUIZ A , SÁEZ G . New results and applications for multi-secret sharing schemes [J ] . Designs, Codes and Cryptography , 2013 , 73 ( 3 ): 841 - 864 .

LEWKO A , WATERS B . New proof methods for attribute-based encryption: achieving full security through selective techniques [C ] // Advances in Cryptology CRYPTO 2012 . California: Springer , c 2012 : 180 - 198 .

郭树行，张禹．基于动态情景网关的系统协同访问控制模型 [J ] . 通信学报 , 2013 , 34 ( Z1 ): 142 - 147 .

GUO S X , ZHANG Y . Dynamic situation gateway based system co-operations access gated model [J ] . Journal on Communications , 2013 , 34 ( Z1 ): 142 - 147 .

林果园，贺珊，黄皓．基于行为的云计算访问控制安全模型 [J ] . 通信学报 , 2012 , 33 ( 3 ): 59 - 66 .

LIN G Y , HZ S ， HUANG H . Access control security model based on behavior in clond computing environment [J ] . Journd on Communica-tions , 2012 , 33 ( 3 ): 59 - 66 .

SHI J L , et al . An access control scheme with direct cloud-aided attribute revocation using version key [C ] // ICA3PP 2014 . Dalian , Springer International Publishing , c 2014 : 429 - 442 .

浏览量

777

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

云存储环境下的密文安全共享机制

面向云存储的基于属性加密的多授权中心访问控制方案

基于属性的安全增强云存储访问控制方案

基于CP-ABE算法的云存储数据访问控制

面向云存储且支持重加密的多关键词属性基可搜索加密方案