? 混合云系统中面向移动用户基于CP-ABE实现的加密数据灵活访问控制
Journal of Computer Science and Technology
Quick Search in JCST
 Advanced Search 
      Home | PrePrint | SiteMap | Contact Us | Help
 
Indexed by   SCIE, EI ...
Bimonthly    Since 1986
Journal of Computer Science and Technology 2017, Vol. 32 Issue (5) :974-990    DOI: 10.1007/s11390-017-1776-1
Computer Networks and Distributed Computing << Previous Articles | Next Articles >>
混合云系统中面向移动用户基于CP-ABE实现的加密数据灵活访问控制
Wen-Min Li, Xue-Lei Li, Qiao-Yan Wen, Shuo Zhang, Hua Zhang, Member, IEEE
State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications Beijing 100876, China
Flexible CP-ABE Based Access Control on Encrypted Data for Mobile Users in Hybrid Cloud System
Wen-Min Li, Xue-Lei Li, Qiao-Yan Wen, Shuo Zhang, Hua Zhang, Member, IEEE
State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications Beijing 100876, China

摘要
参考文献
相关文章
Download: [PDF 958KB]  
摘要 混合云系统中加密数据的访问控制能够为组织提供一种近似于组织策略的细粒度访问控制方法。本文提出一种改进的CP-ABE方案来构造加密数据的访问控制解决方法。该方法适合于混合云系统中的移动用户。本文改进方案中将原始的解密密钥分割成为一个控制密钥、一个秘密密钥和一组转换密钥的集合。由组织管理员管理的私有云计算系统利用控制密钥负责升级转换密钥以处理灵活的访问管理和属性变更。同时,移动用户的唯一秘密密钥同密文一样不会因为数据用户的属性注销而发生变化。进一步的,我们在访问控制列表中增加了属性以及对应的控制密钥和转换密钥以根据系统版本来管理用户权限。最后,分析表明本文方案是安全、灵活和高效的,并能够应用在移动混合云计算系统中。
关键词基于属性的访问控制   混合云   外包计算   属性变更   数据验证     
Abstract: In hybrid cloud computing, encrypted data access control can provide a fine-grained access method for organizations to enact policies closer to organizational policies. This paper presents an improved CP-ABE scheme to construct an encrypted data access control solution that is suitable for mobile users in hybrid cloud system. In our improvement, we split the original decryption keys into a control key, a secret key and a set of transformation keys. The private cloud managed by the organization administrator takes charge of updating the transformation keys using the control key. It helps to handle the situation of flexible access management and attribute alteration. Meanwhile, the mobile user's single secret key remains unchanged as well as the ciphertext even if the data user's attribute had been revoked. In addition, we modify the access control list through adding the attributes with corresponding control key and transformation keys so as to manage user privileges depending upon the system version. Finally, the analysis shows that our scheme is secure, flexible and efficient to be applied in mobile hybrid cloud computing.
Keywordsattribute-based access control   hybrid cloud   outsourcing computing   attribute alteration   data verification     
Received 2016-06-15;
本文基金:

This work was supported by the National Natural Science Foundation of China under Grant No. 61502044, and the Fundamental Research Funds for the Central Universities of China under Grant No. 2015RC23.

About author: Wen-Min Li received her B.S. and M.S. degrees in mathematics and applied mathematics from Shaanxi Normal University, Xi'an, in 2004 and 2007, respectively, and her Ph.D. degree in cryptology from Beijing University of Posts and Telecommunications, Beijing, in 2012. She is currently a post-doctoral researcher in Beijing University of Posts and Telecommunications, Beijing.
引用本文:   
Wen-Min Li, Xue-Lei Li, Qiao-Yan Wen, Shuo Zhang, Hua Zhang.混合云系统中面向移动用户基于CP-ABE实现的加密数据灵活访问控制[J]  Journal of Computer Science and Technology , 2017,V32(5): 974-990
Wen-Min Li, Xue-Lei Li, Qiao-Yan Wen, Shuo Zhang, Hua Zhang.Flexible CP-ABE Based Access Control on Encrypted Data for Mobile Users in Hybrid Cloud System[J]  Journal of Computer Science and Technology, 2017,V32(5): 974-990
链接本文:  
http://jcst.ict.ac.cn:8080/jcst/CN/10.1007/s11390-017-1776-1
Copyright 2010 by Journal of Computer Science and Technology