多云服务提供者环境下的一种用户密钥撤销方法

李拴保; 王雪瑞; 傅建明; 张焕国

doi:10.11999/JEIT150205

多云服务提供者环境下的一种用户密钥撤销方法

doi: 10.11999/JEIT150205

基金项目:

国家自然科学基金(61373168, 61202387)，教育部高等学校博士学科点专项科研基金(20120141110002)和河南省软科学研究基金(132400410165, 142400410263, 142400410267, 142400411039)

计量
- 文章访问数: 1249
- HTML全文浏览量: 100
- PDF下载量: 486
- 被引次数: 0
出版历程
- 收稿日期: 2015-02-03
- 修回日期: 2015-05-18
- 刊出日期: 2015-09-19

User Key Revocation Method for Multi-cloud Service Providers

摘要

摘要: 密钥信息泄露是互联云服务难题之一，为解决该问题，该文提出一种基于属性环签名的用户密钥撤销方案。该方案以互联云的用户密文访问方法为研究对象，论述了无属性泄露的密文矩阵映射机制，多授权者自主扩展属性集生成密钥，从而令云服务提供者(CSP)无法获得用户完整属性，达到消除属性存储负载的目的。另外，该方案以撤销环与单调张成算法为基础设计用户签名验证撤销机制，令CSP、授权者与用户共同组成属性环，接受CSP定义密文访问结构，用户签名只有通过源CSP验证才能访问密文，授权者撤销部分属性失效用户解密密钥，从而达到权限撤销不影响其它用户访问的目的。该方案以密文策略属性基加密(CP-ABE)与单调张成算法为基础设计多用户组合属性共谋抵抗机制，用以保护属性的机密性。最后，给出该方案通信成本和计算效率的性能分析，用以验证该方法的有效性。
- 云计算 /
- 环签名 /
- 访问结构 /
- 验证 /
- 共谋
Abstract: Key information leakage is one of the most serious problems in Intercloud service, to solve this problem, a scheme of user key revocation on attribute-based ring signatures is proposed. Focused on user ciphertext access in Intercloud, the mechanism of ciphertext matrixes mapping without attribute leakage is discussed, multi-authority can extend attribute sets for generation key, then full user attributes can not be acquired by Cloud Service Providers (CSP), thus overhead on attribute storage is reduced. In addition, user signature verification revocation based on revocable ring and monotone span programs is designed, which constitutes ring of CSPs, authorities and users. Receiving CSP can define ciphertext access structure, users can access ciphertext through source CSP verifying, and authorities can remove decryption key from attribute-lost users without affecting any other users. The mechanism of collusion resistance with integrating attributes on the basis of Ciphertext-Policy Attribute Base Encryption (CP-ABE) and monotone span programs is discussed, with which user attribute confidentiality can be protected from leakage. Finally, to prove the effectiviness of the proposed model, the performance analysis of communication cost and computational efficiency are verified.
- Cloud computing /
- Ring signature /
- Access structure /
- Verify /
- Collusion

HTML全文

参考文献(24)

Buyya R, Ranjan R, and Calheiros N R. InterCloud: utility- oriented federation of cloud computing environments for scaling of application services[C]. Proceedings of Algorithms and Architectures for Parallel Processing, Berlin, 2010: 13-31.

李拴保, 傅建明, 张焕国. 环境下基于环签密的用户身份属性保护方案[J]. 通信学报，2014, 35(9): 99-111.

Li Shuan-bao, Fu Jian-ming, and Zhang Huan-guo. Scheme on user identity attribute preserving based on ring signcryption for cloud computing[J]. Journal on Communications, 2014, 35(9): 99-111.

冯登国, 张敏, 杨妍妍. 云计算安全研究[J]. 软件学报, 2011, 22(1): 71-83.

Feng Deng-guo, Zhang Min, and Yang Yan-yan. Study on cloud computing security[J]. Journal of Software, 2011, 22(1): 71-83.

Liu D Y W, Liu J K, and Mu Y. Revocable ring signature[J]. Journal of Computer Science and Technology, 2007, 12(6): 785-794.

Chuang I-hsun and Li Syuan-hao. An effective privacy protection scheme for cloud computing[C]. Proceedings of Advanced Communication Technology, Gangwon-Do, 2011: 260-265.

Wang Guo-jun and Liu Qin. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[C]. Proceedings of Computer and Communications Security, Pairs, 2010: 735-737.

Sherman S M C and He Yi-jun. Simple privacy-preserving identity-management for cloud environment[C]. Proceedings of Applied Cryptography and Network Necurity, Berlin, 2012: 526-543.

Mao Shao-wu and Zhang Huan-guo. A resistant quantum key exchange protocol and its corresponding encryption scheme [J]. China Communications, 2014, 11(9): 12-23.

张倩颖, 冯登国, 赵世军. 基于可信芯片的平台身份证明方案研究[J]. 通信学报，2014, 35(8): 95-106.

Zhang Qian-ying, Feng Deng-guo, and Zhao Shi-jun. Research of platform identity attestation based on trusted chip[J]. Journal on Communications, 2014, 35(8): 95-106.

冯登国, 张敏, 李昊. 大数据隐私与安全保护[J]. 计算机学报, 2014, 37(1): 246-258.

Feng Den-guo, Zhang Min, and Li Hao. Big data privacy and security protection[J]. Journal of Computer, 2014, 37(1): 246-258.

Yu Shu-cheng and Wang Cong. Achieving secure, scalable, and fine-grained data access control in cloud computing[C]. Proceedings of Computer Communications, Pairs, 2010b: 15-19.

Yu Shu-cheng and Wang Cong. Attribute based data sharing with attribute revocation[C]. Proceedings of Information, Computer and Communications Security, Pairs, 2010a: 261-270.

Wang Guo-jun and Liu Qin. Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers[J]. Computers Security, 2011, 30(3): 320-331.

Wei Li-fei and Zhu Hao-jin. Security and privacy for storage and computation in cloud computing[J]. Information Sciences, 2014, 258: 371-386.

Adeela W and Asad R. A framework for preservation of cloud users data privacy using dynamic reconstruction of metadata [J]. Journal of Network and Computer Applications, 2013, 36(2): 235-248.

Dan B and Matt F. Identity-based encryption from the weil pairing[C]. Proceedings of Cryptology, Berlin, 2001: 213-229.

Zhang Yan, Feng Deng-guo, and Zhang Zheng-feng. On the security of an efficient attribute-based signature[C]. Proceedings of Network and System Security, Berlin, 2013: 381-392.

Lewko A and Waters B. Decentralizing attribute-based encryption[C]. Proceedings of EUROCRYPT, Paterson, 2011: 568-588.

Bethencourt J, Sahai A, and Waters B. Ciphertext-policy attribute-based encryption[C]. Proceedings of the IEEE Security and Privacy, Paris, 2007: 321-334.

Shamir A. How to share secret[J]. Communication of Association for Computing Machinery, 2002, 40(11): 612-613.

施引文献

资源附件(0)

访问统计