摘要
随着云计算应用的增加,安全问题引起了人们的高度重视。由于云计算环境的分布式和不可信等特征,数据属主有时需要对数据加密后再托管云存储,如何实现非可信环境中加密数据的访问控制是云计算技术和应用需要解决的问题。文中提出一种基于属性和固定密文长度的层次化访问控制方法,该方案将密文长度和双线性对计算量限制在固定值,具有较高的效率,并且引入层次化授权结构,减少了单一授权的负担和风险,实现了高效、精细、可扩展的访问控制。同时证明了该方案在判定性q-BDHE假设下具有CCA2安全性。
With the popularity of cloud computing ,there have been increasing concerns on its security. Data owners have to encrypt outsourced data to enforce confidentiality as the cloud computing environment is distributed and untrusted. Therefore,how to achieve practicable access control of encrypted data in untrusted environment is an urgent issue to be solved. Propose a hierarchical attribute-based access control scheme with constant-size ciphertext. The scheme is efficient because of the constant-size ciphertext and computation cost in encryption and decryption algorithms. Furthermore the hierarchical authorization structure which reduces the burden and risk in the case of one single authority makes it scalable. At the same time,prove that the scheme is of CCA2 security under the decisional q-Bilinear Diffie -Hellman Exponent assumption.
出处
《计算机技术与发展》
2013年第11期128-132,共5页
Computer Technology and Development
基金
国家"973"重点基础研究发展规划项目(2011CB302903)
国家自然科学基金资助项目(61272084
61202004)
江苏省高校自然科学研究重大项目(11KJA520002)
高等学校博士学科点专项科研基金资助课题(20113223110003
20093223120001)
中国博士后科学基金资助项目(2011M500095)
江苏省科技支撑计划(社会发展)项目(BE2011826)
关键词
云计算
访问控制
CP—ABE
定长密文
cloud computing
access control
CP-ABE
constant-size ciphertext
