DACPCC:一种包含访问权限的云计算数据访问控制方案

doi:10.3969/j.issn.0372-2112.2018.01.033

电子学报 ›› 2018, Vol. 46 ›› Issue (1): 236-244.DOI: 10.3969/j.issn.0372-2112.2018.01.033

DACPCC:一种包含访问权限的云计算数据访问控制方案

王于丁, 杨家海

清华大学网络科学与网络空间研究院, 北京 100084

收稿日期:2016-08-30 修回日期:2016-10-16 出版日期:2018-01-25
- 通讯作者:
- 杨家海
- 作者简介:
- 王于丁,男,1984年生于河北石家庄,清华大学网络科学与网络空间研究院博士生.研究方向为云计算安全.
- 基金资助:
- 国家自然科学基金 (No.61432009，No.61462009）; 教育部博士学科专项基金 (No.20130002110058）; 国家863高技术研究发展计划 (No.2015AA015601）

DACPCC:A Data Access Control Scheme with Access Permission for Cloud Computing

WANG Yu-ding, YANG Jia-hai

Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China

Received:2016-08-30 Revised:2016-10-16 Online:2018-01-25 Published:2018-01-25
- Supported by:
- National Natural Science Foundation of China (No.61432009, No.61462009); Research Fund for the Doctoral Program of Higher Education of China (No.20130002110058); National High-tech R&D Program of China (863 Program) (No.2015AA015601)

摘要/Abstract

摘要： 目前云计算访问控制技术最常用的加密体系是CP-ABE，但传统的CP-ABE加密体系中没有涉及用户的访问权限问题，数据提供者只能让用户去读取数据而不能写数据，访问控制机制不灵活，且效率低.针对这一不足，本文提出了一种包含访问权限的高效云计算访问控制方案DACPCC，该方案在CP-ABE基础上设置了权限控制密钥来加密云中的数据，数据提供者通过对权限控制密钥的选择来控制数据的访问权限.文章对DACPCC进行了详细的设计，并做了安全性证明和实验验证，结果表明DACPCC能够让数据提供者对其数据资源进行权限控制，并且是安全和高效的.

关键词: 云计算, 访问控制, 属性基加密, 访问权限, 属性撤销

Abstract: Currently, the most common encryption scheme of cloud computing access control system is CP-ABE, but the conventional CP-ABE encryption did not deal with the issue of user's access permission; data owners only allow the users to read the data but not to write, such kind of coarse access control mechanism is not flexible and low efficiency. To deal with this issue, the paper proposes a Data Access Control scheme with access Permission for Cloud Computing (DACPCC), it sets permission control keys to encrypt the data in cloud based on CP-ABE; the data owner controls the data's access permission by choosing the permission control keys. The paper illustrates the design details of the proposed scheme, then theoretically proves the security and evaluates the performance through simulated experiments; the results show that DACPCC allows the data owners to control the access permission of the data, and it is safe and more efficient.

Key words: cloud computing, access control, CP-ABE, access permission, attribute revocation

中图分类号:

TP309

王于丁, 杨家海. DACPCC:一种包含访问权限的云计算数据访问控制方案[J]. 电子学报, 2018, 46(1): 236-244.

WANG Yu-ding, YANG Jia-hai . DACPCC:A Data Access Control Scheme with Access Permission for Cloud Computing[J]. Acta Electronica Sinica, 2018, 46(1): 236-244.

参考文献

[1] 王于丁,杨家海,等.云计算访问控制研究综述[J].软件学报,2015,26(5):1129-1150. Wang YD,Yang JH,et al.Survey on access control technologies for cloud computing[J].Journal of Software,2015,26(5):1129-1150.(in Chinese)
[2] 冯朝胜,秦志光,等.云计算环境下访问控制关键技术[J].电子学报,2015.42(2):3125-319. Feng C,Qin Z,et al.Key techniques access control for cloud computing[J].Acta Electronica Sinica,2015,42(2):312-319.(in Chinese)
[3] Sahai A,Waters B.Fuzzy identity-based encryption[A].Advances in Cryptology-EUROCRYPT 2005[C].Berlin,Heidelberg:Springer-Verlag,2005.457-473.
[4] Bethencourt J,Sahai A,Waters B.Ciphertext-policy attribute-based encryption[A].Proc of the 2007 IEEE Symp on Security and Privacy[C].Washington:IEEE Computer Society,2007.321-334.
[5] 李凤华,苏芒,史国振,马建峰.访问控制模型研究进展及发展趋势[J].电子学报,2012,40(4):805-813. Li FH,Su M,Shi GZ,Ma JF.Research status and development trends of access control model[J].Acta Electronica Sinica,2012,40(4):805-813.(in Chinese)
[6] 俞能海,郝卓,等.云安全研究进展综述[J].电子学报,2013,41(2):371-381. Yu NH,Hao Z,et al.Review of cloud computing security[J].Acta Electronica Sinica,2013,41(2):371-381.(in Chinese)
[7] Goyal V,Jain A,Pandey O,Sahai A.Bounded ciphertext policy attribute based encryption[A].Proc of the ICALP 2008[C].Berlin,Heidelberg:Springer-Verlag,2008.579-591.
[8] Liang XH,Cao ZF,Lin H,Xing DS.Provably secure and efficient bounded ciphertext policy attribute based encryption[A].Proc of the ASIAN ACM Symp on Information,Computer and Communications Security (ASIACCS 2009)[C].New York:ACM Press,2009.343-352.
[9] Liu X,Ma J,Xiong J,et al.Ciphertext-policy hierarchical attribute-based encryption for fine-grained access control of encryption Data[J].International Journal of Network Security,2014,16(4):351-357.
[10] Wan Z,Liu J,Deng RH.HASBE:a hierarchical attribute-based solution for flexible and scalable access control in cloud computing[J].Information Forensics and Security,IEEE Transactions,2012,7(2):743-754.
[11] Kan Y,Xiaohua J,Kui R,Bo Z.DAC-MACS:Effective data access control for multi-authority cloud storage systems[A].2013 Proceedings IEEE INFOCOM[C].Turn,Italy:IEEE,2013.2895-2903.
[12] Jianwei C,Huadong M.Efficient decentralized attribute-based access control for cloud storage with user revocation[A].IEEE ICC 2014[C].Sydney:IEEE,2014.3782-3787.
[13] Sushmita R,Amiya.N,Ivan.S,DACC:Distributed access control in clouds[A].IEEE Trust Com'11[C].Changsha:IEEE,2011.91-98.
[14] Attrapadung N,Imai H.Attribute-Based encryption supporting direct/indirect revocation modes[A].Proc of the Cryptography and Coding 2009[C].Berlin,Heidelberg:Springer-Verlag,2009.278-300.
[15] Yu SC,Wang C,Ren K,Lou WJ.Attribute based data sharing with attribute revocation[A].Proc of the ASIAN ACM Conf.on Computer and Communications Security (ASIACCS 2010)[C].New York:ACM Press,2010.261-270.
[16] 洪澄,江敏,冯登国.AB-ACCS:一种云存储密文访问控制方法[J].计算机研究与发展,2010,47:259-265. Hong C,Zhang M,Feng D.MAB-ACCS:A cryptographic access control scheme for cloud storage[J].Journal of Computer Research and Development,2010,47:259-265.(in Chinese)
[17] Boneh D,Goh E,Nissim K.Evaluating 2-DNF formulas on ciphertexts[A].Proc of the Theory of Cryptography (TCC2005)[C].Berlin:Springer-Verlag,2005.325-341.
[18] Dan B,Matthew KF.Identity-based encryption from the weil pairing[A].Advances in Cryptology-CRYPTO 2011[C].Santa Barbara,USA:Springer,2001.213-229.
[19] Beimel A.Secure schemes for secret sharing and key distribution[D].Haifa:Israel Institute of Technology,1996.
[20] Taeho J,XiangYang L,Zhiguo W,Meng W.Privacy preserving cloud data access with multi-authorities[A].2013 Proceedings IEEE INFOCOM[C].Turn,Italy:IEEE,2013.2625-2633.

DACPCC:一种包含访问权限的云计算数据访问控制方案

DACPCC:A Data Access Control Scheme with Access Permission for Cloud Computing

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	赵开强, 康萍, 刘彬, 郭真, 冯朝胜, 卿昱. 支持云代理重加密的CP-ABE方案[J]. 电子学报, 2023, 51(3): 728-735.
[2]	佘维, 霍丽娟, 刘炜, 张志鸿, 宋轩, 田钊. 一种可隐藏敏感文档和发送者身份的区块链隐蔽通信模型[J]. 电子学报, 2022, 50(4): 1002-1013.
[3]	罗智勇, 朱梓豪, 谢志强, 孙广路. 面向云计算的花朵差分授粉工作流多目标优化算法研究[J]. 电子学报, 2021, 49(3): 470-476.
[4]	吴立强, 韩益亮, 杨晓元, 张敏情, 杨凯. 基于理想格的鲁棒门限代理重加密方案[J]. 电子学报, 2020, 48(9): 1786-1794.
[5]	晋云霞, 杨贺昆, 冯朝胜, 刘帅南, 李航, 邹莉萍, 万国根. 一种支持解密外包的KP-ABE方案[J]. 电子学报, 2020, 48(3): 561-567.
[6]	李航, 冯朝胜, 刘帅南, 刘彬, 赵开强. 支持离线/在线加密及可验证外包解密的CP-WABE方案[J]. 电子学报, 2020, 48(11): 2146-2153.
[7]	卢晶, 段勇, 刘海波. 基于z值的分布式密度峰值聚类算法[J]. 电子学报, 2018, 46(3): 730-738.
[8]	赵志远, 朱智强, 王建华, 孙磊. 属性可撤销且密文长度恒定的属性基加密方案[J]. 电子学报, 2018, 46(10): 2391-2399.
[9]	丁嘉宁, 张鹏, 杨嵘, 刘俊朋, 刘庆云, 熊刚. 支持多租户的网络测试床模拟流量标记和溯源模型[J]. 电子学报, 2017, 45(8): 1947-1956.
[10]	杜思军, 徐尚书, 刘俊南, 张俊伟, 马建峰. 云计算中抗共谋攻击的数据位置验证协议[J]. 电子学报, 2017, 45(6): 1321-1326.
[11]	陈振华, 李顺东, 王道顺, 黄琼, 张卫国. 集合成员关系的安全多方计算及其应用[J]. 电子学报, 2017, 45(5): 1109-1116.
[12]	翟治年, 卢亚辉, 余法红, 周武杰, 向坚, 吴茗蔚. 工作流可满足性(≠,=)计数及其#P完全性[J]. 电子学报, 2017, 45(3): 605-611.
[13]	李焱, 郑亚松, 李婧, 朱春鸽, 刘欣然. 云环境下面向跨域作业的调度方法[J]. 电子学报, 2017, 45(10): 2416-2424.
[14]	陶晓玲, 韦毅, 王勇. 一种基于分层多代理的云计算负载均衡方法[J]. 电子学报, 2016, 44(9): 2106-2113.
[15]	陈凯, 许海铭, 徐震, 林东岱, 刘勇. 适用于移动云计算的抗中间人攻击的SSP方案[J]. 电子学报, 2016, 44(8): 1806-1813.