本文選題：云安全 + 訪問(wèn)控制�。� 參考：《山東師范大學(xué)》2017年碩士論文

【摘要】：近年來(lái)云計(jì)算的發(fā)展趨勢(shì)讓人矚目,其用戶數(shù)量正日益增加,被認(rèn)為是繼微型計(jì)算機(jī)、Internet后的第三次革命。云計(jì)算:就是以“網(wǎng)絡(luò)”為中心,通過(guò)鏈接分布在不同地理位置的軟、硬件資源,并屏蔽底層資源的異構(gòu)性;為用戶提供透明的、按需存取的服務(wù)。云計(jì)算在高速發(fā)展的同時(shí)帶來(lái)了云安全問(wèn)題。目前在云環(huán)境中,云安全問(wèn)題已成為云計(jì)算發(fā)展的瓶頸;其中最關(guān)鍵的云安全問(wèn)題之一就是訪問(wèn)控制問(wèn)題。目前,解決云安全最有效的技術(shù)方法就是把傳統(tǒng)的訪問(wèn)控制技術(shù)與現(xiàn)在改進(jìn)、拓展的密碼技術(shù)相結(jié)合,爭(zhēng)取進(jìn)一步解決云安全的新需求。有學(xué)者提出了基于密文策略的屬性加密機(jī)制(CP-ABE)。該算法雖然具有靈活性、高效性、動(dòng)態(tài)性、隱私性等特點(diǎn),然而在CP-ABE算法應(yīng)用到云平臺(tái)中的過(guò)程中,在屬性撤銷與訪問(wèn)策略靈活性方面還有待進(jìn)一步發(fā)展。本文對(duì)基于屬性加密的密文策略訪問(wèn)控制機(jī)制進(jìn)行了重點(diǎn)研究,主要完成的研究工作如下:(1)基于屬性的密文策略訪問(wèn)控制方案雖然提供了雙重驗(yàn)證機(jī)制,在一定程度上保證了云端服務(wù)器數(shù)據(jù)的安全性,但當(dāng)云服務(wù)器出現(xiàn)宕機(jī)或者被攻陷時(shí),將導(dǎo)致密鑰的泄露,會(huì)造成非法用戶的合謀攻擊。本文在基于可信第三方的基礎(chǔ)上,通過(guò)引入多權(quán)威中心,由各個(gè)權(quán)威分發(fā)屬性的私鑰,有效地防止了非法用戶的合謀攻擊,從而進(jìn)一步加強(qiáng)了云端數(shù)據(jù)的安全性,并且有效地解決了用戶密鑰管理與分發(fā)、負(fù)載過(guò)大等問(wèn)題。(2)為了解決云環(huán)境下基于屬性的密文策略動(dòng)態(tài)變更開(kāi)銷大的問(wèn)題,引入了融合屬性的概念,提出了基于融合屬性的密文策略訪問(wèn)控制方案。該方案通過(guò)已有的基于屬性的密文策略訪問(wèn)控制方案為基礎(chǔ),將普通的訪問(wèn)結(jié)構(gòu)樹(shù)轉(zhuǎn)化為SAS訪問(wèn)結(jié)構(gòu)樹(shù),然后把SAS訪問(wèn)結(jié)構(gòu)樹(shù)中,同時(shí)出現(xiàn)頻率較高的屬性融合在一起。使訪問(wèn)樹(shù)中終端節(jié)點(diǎn)的個(gè)數(shù)有效地減少了,從而有效地降低了數(shù)據(jù)擁有者進(jìn)行密文更新的負(fù)擔(dān)。(3)通過(guò)理論分析與相關(guān)實(shí)驗(yàn)說(shuō)明了屬性的數(shù)量是衡量密文進(jìn)行加密的重要時(shí)間性能指標(biāo),并證明了以上方案的提出,一方面可以有效地減少策略屬性變更時(shí)用戶的計(jì)算開(kāi)銷,另一方面有效地保護(hù)了云環(huán)境下數(shù)據(jù)的安全性和細(xì)粒度地訪問(wèn)控制,并降低了數(shù)據(jù)擁有者的負(fù)載量。
[Abstract]:In recent years, the development trend of cloud computing is attracting people's attention, and the number of users is increasing day by day, which is considered to be the third revolution after microcomputer. Cloud computing: is "network" as the center, through the link in different geographical location of software, hardware resources, and shield the underlying resources of heterogeneous; provide users with transparent, on-demand access services. Cloud computing in the rapid development of the cloud security problems at the same time. At present, cloud security has become the bottleneck of cloud computing development in cloud environment, and access control is one of the most critical cloud security problems. At present, the most effective way to solve cloud security is to combine the traditional access control technology with the improved and extended cryptographic technology to further solve the new demand of cloud security. Some scholars have proposed an attribute encryption mechanism based on ciphertext policy. Although the algorithm has the characteristics of flexibility, efficiency, dynamic and privacy, however, in the process of applying CP-ABE algorithm to cloud platform, the flexibility of attribute revocation and access strategy needs to be further developed. This paper focuses on the ciphertext policy access control mechanism based on attribute encryption. The main research work is as follows: 1) although the attribute-based ciphertext policy access control scheme provides a dual verification mechanism, To a certain extent, the security of cloud server data is guaranteed, but when the cloud server is down or is attacked, it will lead to the disclosure of the key, which will result in the collusion attack of illegal users. On the basis of trusted third party, by introducing multi-authority center and distributing the private key of each authority attribute, this paper effectively prevents the collusion attack of illegal user, and further strengthens the security of cloud data. In order to solve the problem of large cost of dynamic change of attribute based ciphertext policy in cloud environment, the concept of fusion attribute is introduced. In order to solve the problem of user key management and distribution, excessive load and so on, this paper introduces the concept of fusion attribute in order to solve the problem of large dynamic change overhead of attribute based ciphertext policy. A ciphertext policy access control scheme based on fused attributes is proposed. Based on the existing attribute-based ciphertext policy access control scheme, the common access structure tree is transformed into the SAS access structure tree, and then the SAS access structure tree is merged with the high frequency attributes. Effectively reduces the number of terminal nodes in the access tree, Thus effectively reducing the data owner's burden of updating ciphertext. (3) through theoretical analysis and related experiments, it is proved that the number of attributes is an important time performance index to measure ciphertext encryption, and it is proved that the above scheme is proposed. On the one hand, it can effectively reduce the computing overhead of the user when the policy attribute changes, on the other hand, it can effectively protect the data security and fine-grained access control in the cloud environment, and reduce the load of the data owner.
【學(xué)位授予單位】：山東師范大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 錢沖沖;解福;;一種基于可信第三方的CP-ABE云存儲(chǔ)訪問(wèn)控制方案[J];計(jì)算機(jī)與數(shù)字工程;2017年01期

2 王靜宇;李淑梅;鄭雪峰;;一種基于屬性加密的細(xì)粒度云訪問(wèn)控制方案[J];微電子學(xué)與計(jì)算機(jī);2015年09期

3 張應(yīng)輝;鄭東;馬華;;具有隱私保護(hù)的云存儲(chǔ)訪問(wèn)控制方案[J];電子科技;2015年06期

4 王淑娥;林柏鋼;楊e，

本文編號(hào)：1979631