本文選題：云存儲　切入點：CP-ABE　出處：《揚州大學(xué)》2017年碩士論文

【摘要】：云計算的發(fā)展越來越快,它可以提供用戶更大范圍的數(shù)據(jù)處理和共享能力,通過存儲虛擬化整合不同的存儲資源,用戶可以通過單一的用戶界面訪問云中的數(shù)據(jù)資源,而不會顯露底層基礎(chǔ)設(shè)施的物理細節(jié)。用戶僅僅通過網(wǎng)絡(luò)連接電腦或者其他智能終端就可以訪問云服務(wù)器端存儲的數(shù)據(jù)。云計算是信息技術(shù)領(lǐng)域向集約化、規(guī)�；�、規(guī)范化與專業(yè)化方向發(fā)展過程中取得的重要階段性成果,被普遍認為是下一個重要的IT產(chǎn)業(yè)增長點。但隨著云計算技術(shù)的不斷發(fā)展和云計算服務(wù)的廣泛應(yīng)用,云計算也暴露出許多數(shù)據(jù)存儲的安全問題,如何保證云服務(wù)器上用戶存儲數(shù)據(jù)的安全以及用戶身份信息不被泄露,這些成為云計算服務(wù)首先需要解決的問題。云存儲作為云計算中的一種重要的服務(wù)方式,用戶作為云存儲環(huán)境中隨時可以加入或者離開的參與者,是隨時變化的。因而,怎樣實現(xiàn)云存儲環(huán)境下對數(shù)據(jù)的訪問控制,以及對用戶擁有屬性的方便安全的及時撤銷,也是本文研究的研究重點。針對云計算中出現(xiàn)越來越多的云服務(wù)供應(yīng)商(Cloud Service Provider,CSP)以及越來越多的用戶群等特點,現(xiàn)有方案已經(jīng)不能滿足用戶對數(shù)據(jù)在云存儲中的安全性以及滿足對數(shù)據(jù)跨域訪問要求,基于多授權(quán)機構(gòu)的密文策略基于屬性加密(C iphertext-Po l icy Attribute-B ased Encryption,CP-ABE)的訪問控制方法以及高效的屬性撤銷方法已成為云安全的研究重點。所以本文圍繞的重點是云存儲中基于多個屬性授權(quán)(Attribute Authority,AA)的訪問控制方法和高效的屬性撤銷方法進行研究,課題的主要研究內(nèi)容歸納如下:1.針對云存儲中多授權(quán)機構(gòu)環(huán)境下數(shù)據(jù)跨域共享的安全問題和訪問控制問題,給出了一種基于密文策略的多授權(quán)安全訪問控制方法。使用多個授權(quán)機構(gòu),屬性私鑰的生成與中心認證機構(gòu)(Central Authority,CA)分離,從而降低了由CA引入的安全風險。密文訪問控制結(jié)構(gòu)的定義與密鑰組件的產(chǎn)生交由數(shù)據(jù)所有者(Date Owner,DO)與AA共同完成,有效預(yù)防了用戶之間、AA與CA之間以及用戶和AA之間的合謀攻擊,并利用判定雙線性Dif fie-Hellman(Decision Bilinear Diffie-Hellman,DBDH)假設(shè)理論分析了方案的安全性。2.針對于密文策略基于屬性加密的訪問控制方案中的屬性撤銷難問題,給出了一種云存儲中基于密文策略的高效屬性撤銷方案,實現(xiàn)了安全、高效的屬性撤銷。采用非對稱加密的方法實現(xiàn)數(shù)據(jù)加密,當撤銷用戶的屬性時,授權(quán)生成新的屬性組版本號密鑰,交給云存儲服務(wù)者再次加密密文,因此減少了數(shù)據(jù)所有者的計算成本。3.由于本方案不需要更新用戶私鑰,因而減少了算法運算復(fù)雜度。通過相應(yīng)的理論分析和實驗表明,該方法在用戶屬性發(fā)生撤銷時數(shù)據(jù)安全性較高,此外該方法也在降低授權(quán)計算開銷和網(wǎng)絡(luò)通信開銷方面做了相應(yīng)的貢獻。
[Abstract]:Cloud computing is growing faster and faster. It can provide users with a wider range of data processing and sharing capabilities, integrate different storage resources through storage virtualization, and allow users to access data resources in the cloud through a single user interface. Users can access the data stored on the cloud server just by connecting to their computers or other intelligent terminals. Cloud computing is the intensive and large-scale development of information technology. In the process of standardization and specialization, it is generally considered as the next important growth point of IT industry. However, with the continuous development of cloud computing technology and the wide application of cloud computing services, Cloud computing also exposes many security problems of data storage. How to ensure the security of user storage data and user identity information on cloud server is not disclosed. These become the first problems that cloud computing services need to solve. Cloud storage as an important service in cloud computing, users as participants in the cloud storage environment can join or leave at any time, is always changing. How to realize the access control of data in the cloud storage environment, and the convenient, safe and timely revocation of the user's properties, It is also the research focus of this paper. According to the characteristics of cloud computing, more and more cloud service providers, such as cloud Service provider (Service), and more and more users, The existing scheme can no longer satisfy the security of data in cloud storage and the requirement of cross-domain access to data. The ciphertext strategy based on multi-authorization organization (MAA) based on attribute encryption C iphertext-Po l icy Attribute-B ased encryption (CP-ABE) has become the focus of cloud security research, so the focus of this paper is on the base of cloud storage. The access control method and the efficient attribute revocation method of multiple attribute Authority-Allowance (AA) are studied. The main research contents are summarized as follows: 1. Aiming at the security problem and access control problem of data sharing across domains in multi-authorization organization environment in cloud storage, In this paper, a method of multi-authorization security access control based on ciphertext policy is presented. Using multiple authorization agencies, the generation of attribute private keys is separated from Central AuthorityCAs. The definition of ciphertext access control structure and the generation of key components are completed by data owner date owner DOO and AA. It effectively prevents collusion attacks between users and between CA and AA, and between users and AA. The security of the scheme is analyzed by using the theory of decision bilinear Dif fie-Hellman(Decision Bilinear Diffie-Hellman (DBDH). 2. Aiming at the problem of attribute revocation in the access control scheme based on attribute encryption in ciphertext policy, this paper discusses the problem of attribute revocation in access control scheme based on attribute encryption. This paper presents an efficient attribute revocation scheme based on ciphertext policy in cloud storage, which realizes secure and efficient attribute revocation. Asymmetric encryption is used to realize data encryption. Authorization to generate a new property group version number key to the cloud storage server to encrypt the ciphertext again, thus reducing the computational cost of the data owner .3. since the scheme does not need to update the user's private key, Therefore, the computational complexity of the algorithm is reduced. The theoretical analysis and experiments show that the method is more secure when the user attributes are revoked. In addition, the method also makes a corresponding contribution to reduce the overhead of authorized computing and network communication.
【學(xué)位授予單位】：揚州大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP309;TP333

【參考文獻】

相關(guān)期刊論文 前9條

1 CHEN Yanli;SONG Lingling;YANG Geng;;Attribute-Based Access Control for Multi-Authority Systems with Constant Size Ciphertext in Cloud Computing[J];中國通信;2016年02期

2 楊庚;王東陽;張婷;閔兆娥;;云計算環(huán)境中基于屬性的多權(quán)威訪問控制方法[J];南京郵電大學(xué)學(xué)報(自然科學(xué)版);2014年02期

3 俞能海;郝卓;徐甲甲;張衛(wèi)明;張馳;;云安全研究進展綜述[J];電子學(xué)報;2013年02期

4 傅穎勛;羅圣美;舒繼武;;安全云存儲系統(tǒng)與關(guān)鍵技術(shù)綜述[J];計算機研究與發(fā)展;2013年01期

5 楊小東;王彩芬;;基于屬性群的云存儲密文訪問控制方案[J];計算機工程;2012年11期

6 馬丹丹;陳勤;黨正芹;張金漫;;基于多屬性機構(gòu)的密文策略加密機制[J];計算機工程;2012年10期

7 呂志泉;張敏;馮登國;;云存儲密文訪問控制方案[J];計算機科學(xué)與探索;2011年09期

8 洪澄;張敏;馮登國;;面向云存儲的高效動態(tài)密文訪問控制方法[J];通信學(xué)報;2011年07期

9 馮登國;張敏;張妍;徐震;;云計算安全研究[J];軟件學(xué)報;2011年01期

相關(guān)碩士學(xué)位論文 前1條

1 李曉暉;云計算環(huán)境下基于屬性的加密關(guān)鍵技術(shù)研究[D];上海交通大學(xué);2013年

，

本文編號：1697123