本文選題：屬性加密 + 多授權(quán)中心�。� 參考：《蘭州理工大學(xué)》2013年碩士論文

【摘要】：近幾年來,云計(jì)算已經(jīng)從以前的新興技術(shù)發(fā)展成為當(dāng)今的熱點(diǎn)技術(shù),這是一種全新的計(jì)算模型,它能將互聯(lián)的大規(guī)模計(jì)算存儲資源進(jìn)行有效地整合,并把計(jì)算存儲資源以服務(wù)的形式提供給用戶。用戶可以利用互聯(lián)網(wǎng)絡(luò)按需隨時訪問虛擬計(jì)算機(jī)和存儲系統(tǒng),而不需考慮復(fù)雜龐大的底層實(shí)現(xiàn)和管理方法,大大降低了企業(yè)的實(shí)現(xiàn)難度與硬件投入。隨著國內(nèi)外云計(jì)算應(yīng)用及研究的不斷發(fā)展,用戶與云計(jì)算平臺之間大量的數(shù)據(jù)交互,數(shù)據(jù)的傳輸和存儲都面臨巨大安全威脅,成為云計(jì)算安全中急需解決的一個重要問題。如何高效安全地實(shí)現(xiàn)云端大量存儲數(shù)據(jù)的訪問控制,成為了云計(jì)算技術(shù)研究的重點(diǎn)課題之一。 本文先介紹了云計(jì)算的相關(guān)概念和基礎(chǔ)知識,討論了在實(shí)際應(yīng)用中制約云計(jì)算發(fā)展的云存儲數(shù)據(jù)訪問控制的安全問題,即如何高效安全地實(shí)現(xiàn)云存儲數(shù)據(jù)的訪問控制,進(jìn)而提出云數(shù)據(jù)存儲的安全解決方案。為了達(dá)到云存儲數(shù)據(jù)訪問控制的靈活性、細(xì)粒度性、可擴(kuò)展性、保密性、動態(tài)性,我們使用了多授權(quán)中心的屬性加密(multi-authority attribute-based encryption,MA-ABE)機(jī)制和代理重加密技術(shù)。在現(xiàn)有的云存儲屬性機(jī)密方案中,密鑰管理任務(wù)繁重,單授權(quán)中心安全性脆弱,要么沒有加入隨機(jī)化參數(shù)產(chǎn)生合謀攻擊威脅,要么不能實(shí)時撤銷用戶產(chǎn)生重放攻擊威脅,為此我們在前人研究的基礎(chǔ)上,提出了一種安全有效的基于MA-ABE的云存儲訪問控制策略,并詳細(xì)給出了MA-ABE算法和云存儲訪問控制實(shí)現(xiàn)過程,該方案把數(shù)據(jù)文件分為“數(shù)據(jù)頭”和“數(shù)據(jù)正文”兩部分,極大地提高了云存儲數(shù)據(jù)資源的安全性,能更有效的支持多用戶、多屬主的復(fù)雜場景,更加符合實(shí)際的云存儲環(huán)境。 最后我們在隨機(jī)預(yù)言機(jī)模型中,證明了本方案是語義安全的；同時對方案的效率進(jìn)行了詳細(xì)分析,通過與現(xiàn)有的文獻(xiàn)對比,表明我們的方案具有更高的安全性、靈活性、細(xì)粒度性、可擴(kuò)展性、動態(tài)性,更適合于云存儲中較大規(guī)模數(shù)據(jù)的訪問控制,不會因?yàn)閿?shù)據(jù)的增大而影響計(jì)算復(fù)雜度。
[Abstract]:In recent years, cloud computing has developed from the former emerging technology to the current hot technology, this is a new computing model, it can connect large-scale computing storage resources for effective integration, The computing storage resource is provided to the user in the form of service. Users can use the Internet to access virtual computers and storage systems on demand at any time, without considering the complex and huge implementation and management methods, which greatly reduces the implementation difficulty and hardware investment of enterprises. With the continuous development of cloud computing applications and research at home and abroad, a large number of data interaction between users and cloud computing platform, data transmission and storage are facing a huge security threat, which has become an important issue in cloud computing security. How to realize the access control of cloud storage data efficiently and safely has become one of the key research topics of cloud computing technology. This paper first introduces the related concepts and basic knowledge of cloud computing, and discusses the security problem of cloud storage data access control which restricts the development of cloud computing in practical applications, that is, how to implement cloud storage data access control efficiently and safely. Furthermore, a security solution for cloud data storage is proposed. In order to achieve the flexibility, fine granularity, scalability, confidentiality and dynamics of cloud storage data access control, we use the attribute encryption multi-authority attribute-based encryption mechanism of multi-authorization center and agent reencryption technology. In the existing cloud storage attribute secret scheme, the task of key management is heavy, the security of single authorization center is fragile, either the randomization parameter is not added to create collusion attack threat, or the threat of replay attack can not be revoked in real time. On the basis of previous research, we propose a safe and effective cloud storage access control strategy based on MA-ABE, and give the MA-ABE algorithm and the implementation process of cloud storage access control in detail. The scheme divides the data file into two parts: "data head" and "data body", which greatly improves the security of cloud storage data resources, supports multi-user and multi-host complex scenarios more effectively, and conforms to the actual cloud storage environment. Finally, in the random oracle model, we prove that the scheme is semantically secure, and at the same time, the efficiency of the scheme is analyzed in detail, and compared with the existing literature, it shows that our scheme has higher security and flexibility. Fine-grained, extensible and dynamic, it is more suitable for the access control of large scale data in cloud storage, and will not affect the computational complexity because of the increase of data.
【學(xué)位授予單位】：蘭州理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2013
【分類號】：TP333;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前8條

1 呂志泉;張敏;馮登國;;云存儲密文訪問控制方案[J];計(jì)算機(jī)科學(xué)與探索;2011年09期

2 陳康;鄭緯民;;云計(jì)算:系統(tǒng)實(shí)例與研究現(xiàn)狀[J];軟件學(xué)報;2009年05期

3 蘇金樹;曹丹;王小峰;孫一品;胡喬林;;屬性基加密機(jī)制[J];軟件學(xué)報;2011年06期

4 陳龍;肖敏;;云計(jì)算安全:挑戰(zhàn)與策略[J];數(shù)字通信;2010年03期

5 洪澄;張敏;馮登國;;面向云存儲的高效動態(tài)密文訪問控制方法[J];通信學(xué)報;2011年07期

6 唐強(qiáng);姬東耀;;多授權(quán)中心可驗(yàn)證的基于屬性的加密方案[J];武漢大學(xué)學(xué)報(理學(xué)版);2008年05期

7 彭安鑫;石磊;;云計(jì)算技術(shù)概述[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2011年06期

8 石利平;;淺析基于Web的云存儲技術(shù)[J];現(xiàn)代計(jì)算機(jī)(專業(yè)版);2010年03期

，

本文編號：1964763