东北大学学报:自然科学版 ›› 2015, Vol. 36 ›› Issue (10): 1416-1421.DOI: 10.3969/j.issn.1005-3026.2015.10.011

• 信息与控制 • 上一篇    下一篇

基于CP-ABE的云存储数据访问控制方案

高健, 曾康, 金恒展, 周福才   

  1. (东北大学 软件学院, 辽宁 沈阳110819)
  • 收稿日期:2014-12-04 修回日期:2014-12-04 出版日期:2015-10-15 发布日期:2015-09-29
  • 通讯作者: 高健
  • 作者简介:高健(1977-),男,辽宁沈阳人,东北大学博士研究生; 周福才(1964-),男,辽宁沈阳人,东北大学教授,博士生导师.
  • 基金资助:
    国家科技重大专项基金资助项目(2013ZX03002006); 辽宁省科技攻关项目(2013217004); 中央高校基本科研业务费专项资金资助项目(N130317002)

Data Access Control Scheme Based on CP-ABE in Cloud Storage

GAO Jian, ZENG Kang, JIN Heng-zhan, ZHOU Fu-cai   

  1. School of Software, Northeastern University, Shenyang 110819, China.
  • Received:2014-12-04 Revised:2014-12-04 Online:2015-10-15 Published:2015-09-29
  • Contact: ZHOU Fu-cai
  • About author:-
  • Supported by:
    -

摘要: 结合云存储的应用环境,构造了一种基于密文策略属性的加密(ciphertext policy attribute based encryption,CP-ABE)技术和收敛加密技术的混合加密数据访问控制方案.该方案包括密钥发布中心、用户和云服务器三方实体,能高效、灵活、细粒度地进行数据的访问控制,可提高云存储服务器的空间利用率,并使用签名技术支持数据源认证和数据完整性认证.理论分析与实验验证了该方案具有较高的实际应用价值.

关键词: 云存储, 基于密文策略的属性加密, 访问控制, 收敛加密, 数字签名

Abstract: A hybrid encryption and data access control scheme based on CP-ABE with convergent encryption technology was constructed by combining the application environment of cloud storage. Three entities are included in the proposed scheme which are key distribution center, customers and cloud server. It was indicted that the proposed scheme is efficient, flexible, fine-grained which can also improve the space utilization of the storage server. The data origin authentication and the data integrity certification were supported by using signature authentication technology. Theoretical analysis and experimental test showed that the proposed scheme has highly practical value.

Key words: cloud storage, ciphertext policy attribute based encryption(CP-ABE), access control, convergent encryption, digital signature

中图分类号: