多云服務(wù)提供者環(huán)境下的一種用戶密鑰撤銷方法
doi: 10.11999/JEIT150205
基金項目:
國家自然科學(xué)基金(61373168, 61202387),教育部高等學(xué)校博士學(xué)科點專項科研基金(20120141110002)和河南省軟科學(xué)研究基金(132400410165, 142400410263, 142400410267, 142400411039)
User Key Revocation Method for Multi-cloud Service Providers
-
摘要: 密鑰信息泄露是互聯(lián)云服務(wù)難題之一,為解決該問題,該文提出一種基于屬性環(huán)簽名的用戶密鑰撤銷方案。該方案以互聯(lián)云的用戶密文訪問方法為研究對象,論述了無屬性泄露的密文矩陣映射機(jī)制,多授權(quán)者自主擴(kuò)展屬性集生成密鑰,從而令云服務(wù)提供者(CSP)無法獲得用戶完整屬性,達(dá)到消除屬性存儲負(fù)載的目的。另外,該方案以撤銷環(huán)與單調(diào)張成算法為基礎(chǔ)設(shè)計用戶簽名驗證撤銷機(jī)制,令CSP、授權(quán)者與用戶共同組成屬性環(huán),接受CSP定義密文訪問結(jié)構(gòu),用戶簽名只有通過源CSP驗證才能訪問密文,授權(quán)者撤銷部分屬性失效用戶解密密鑰,從而達(dá)到權(quán)限撤銷不影響其它用戶訪問的目的。該方案以密文策略屬性基加密(CP-ABE)與單調(diào)張成算法為基礎(chǔ)設(shè)計多用戶組合屬性共謀抵抗機(jī)制,用以保護(hù)屬性的機(jī)密性。最后,給出該方案通信成本和計算效率的性能分析,用以驗證該方法的有效性。
-
關(guān)鍵詞:
- 云計算 /
- 環(huán)簽名 /
- 訪問結(jié)構(gòu) /
- 驗證 /
- 共謀
Abstract: Key information leakage is one of the most serious problems in Intercloud service, to solve this problem, a scheme of user key revocation on attribute-based ring signatures is proposed. Focused on user ciphertext access in Intercloud, the mechanism of ciphertext matrixes mapping without attribute leakage is discussed, multi-authority can extend attribute sets for generation key, then full user attributes can not be acquired by Cloud Service Providers (CSP), thus overhead on attribute storage is reduced. In addition, user signature verification revocation based on revocable ring and monotone span programs is designed, which constitutes ring of CSPs, authorities and users. Receiving CSP can define ciphertext access structure, users can access ciphertext through source CSP verifying, and authorities can remove decryption key from attribute-lost users without affecting any other users. The mechanism of collusion resistance with integrating attributes on the basis of Ciphertext-Policy Attribute Base Encryption (CP-ABE) and monotone span programs is discussed, with which user attribute confidentiality can be protected from leakage. Finally, to prove the effectiviness of the proposed model, the performance analysis of communication cost and computational efficiency are verified.-
Key words:
- Cloud computing /
- Ring signature /
- Access structure /
- Verify /
- Collusion
-
Buyya R, Ranjan R, and Calheiros N R. InterCloud: utility- oriented federation of cloud computing environments for scaling of application services[C]. Proceedings of Algorithms and Architectures for Parallel Processing, Berlin, 2010: 13-31. 李拴保, 傅建明, 張煥國. 環(huán)境下基于環(huán)簽密的用戶身份屬性保護(hù)方案[J]. 通信學(xué)報,2014, 35(9): 99-111. Li Shuan-bao, Fu Jian-ming, and Zhang Huan-guo. Scheme on user identity attribute preserving based on ring signcryption for cloud computing[J]. Journal on Communications, 2014, 35(9): 99-111. 馮登國, 張敏, 楊妍妍. 云計算安全研究[J]. 軟件學(xué)報, 2011, 22(1): 71-83. Feng Deng-guo, Zhang Min, and Yang Yan-yan. Study on cloud computing security[J]. Journal of Software, 2011, 22(1): 71-83. Liu D Y W, Liu J K, and Mu Y. Revocable ring signature[J]. Journal of Computer Science and Technology, 2007, 12(6): 785-794. Chuang I-hsun and Li Syuan-hao. An effective privacy protection scheme for cloud computing[C]. Proceedings of Advanced Communication Technology, Gangwon-Do, 2011: 260-265. Wang Guo-jun and Liu Qin. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[C]. Proceedings of Computer and Communications Security, Pairs, 2010: 735-737. Sherman S M C and He Yi-jun. Simple privacy-preserving identity-management for cloud environment[C]. Proceedings of Applied Cryptography and Network Necurity, Berlin, 2012: 526-543. Mao Shao-wu and Zhang Huan-guo. A resistant quantum key exchange protocol and its corresponding encryption scheme [J]. China Communications, 2014, 11(9): 12-23. 張倩穎, 馮登國, 趙世軍. 基于可信芯片的平臺身份證明方案研究[J]. 通信學(xué)報,2014, 35(8): 95-106. Zhang Qian-ying, Feng Deng-guo, and Zhao Shi-jun. Research of platform identity attestation based on trusted chip[J]. Journal on Communications, 2014, 35(8): 95-106. 馮登國, 張敏, 李昊. 大數(shù)據(jù)隱私與安全保護(hù)[J]. 計算機(jī)學(xué)報, 2014, 37(1): 246-258. Feng Den-guo, Zhang Min, and Li Hao. Big data privacy and security protection[J]. Journal of Computer, 2014, 37(1): 246-258. Yu Shu-cheng and Wang Cong. Achieving secure, scalable, and fine-grained data access control in cloud computing[C]. Proceedings of Computer Communications, Pairs, 2010b: 15-19. Yu Shu-cheng and Wang Cong. Attribute based data sharing with attribute revocation[C]. Proceedings of Information, Computer and Communications Security, Pairs, 2010a: 261-270. Wang Guo-jun and Liu Qin. Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers[J]. Computers Security, 2011, 30(3): 320-331. Wei Li-fei and Zhu Hao-jin. Security and privacy for storage and computation in cloud computing[J]. Information Sciences, 2014, 258: 371-386. Adeela W and Asad R. A framework for preservation of cloud users data privacy using dynamic reconstruction of metadata [J]. Journal of Network and Computer Applications, 2013, 36(2): 235-248. Dan B and Matt F. Identity-based encryption from the weil pairing[C]. Proceedings of Cryptology, Berlin, 2001: 213-229. Zhang Yan, Feng Deng-guo, and Zhang Zheng-feng. On the security of an efficient attribute-based signature[C]. Proceedings of Network and System Security, Berlin, 2013: 381-392. Lewko A and Waters B. Decentralizing attribute-based encryption[C]. Proceedings of EUROCRYPT, Paterson, 2011: 568-588. Bethencourt J, Sahai A, and Waters B. Ciphertext-policy attribute-based encryption[C]. Proceedings of the IEEE Security and Privacy, Paris, 2007: 321-334. Shamir A. How to share secret[J]. Communication of Association for Computing Machinery, 2002, 40(11): 612-613. -
計量
- 文章訪問數(shù): 1305
- HTML全文瀏覽量: 114
- PDF下載量: 486
- 被引次數(shù): 0