【摘要】：云計算作為近年來興起的一種基于互聯(lián)網的服務模式,逐漸地得到推廣和普及。它能將網絡中不同地域、不同類型的資源整合起來協(xié)同工作,以此來滿足用戶存儲和處理海量數(shù)據(jù)的需求,極大地提高了資源利用率,降低了用戶使用成本。但云存儲的服務模式也帶來了新的安全隱患,其中一個必須考慮的問題就是如何在存儲介質位于用戶控制范圍之外的條件下,在保護用戶數(shù)據(jù)機密性的同時實現(xiàn)合法用戶對資源細粒度的訪問控制及高效的共享�；趯傩缘拿艽a學是近年來密碼學研究中的一個熱門方向,它能夠有效的實現(xiàn)數(shù)據(jù)細粒度的非交互訪問控制,因此具有廣泛的應用前景。代理重加密技術適用于需要進行密文轉換的場景,并且通過將密文轉換工作交給代理減輕用戶端的工作負擔,可以滿足云端加密數(shù)據(jù)高效共享的需求。在這種情況下,將代理重加密技術應用到屬性基密碼體制中,提出了屬性基代理重加密。在屬性基代理重加密系統(tǒng)中,若用戶A擁有解密權限,則用戶A可以給一個被稱作是重加密代理的半可信代理服務器發(fā)送針對用戶B的重加密密鑰,重加密代理就利用接收到的重加密密鑰將原始密文轉換成用戶B利用自己的私鑰就可以解密的重加密密文,從而實現(xiàn)用戶之間高效的數(shù)據(jù)共享。我們稱用戶A為重加密授權者,用戶B為重加密解密者。且在上述密文轉換過程中,重加密代理無法獲取重加密授權者和重加密解密者的私鑰以及密文中對應明文的任何信息。然而,現(xiàn)有屬性基代理重加密方案在安全性及效率方面均存在不足,針對這些問題,本文提出一個新的屬性基代理重加密方案。新的方案可以被證明是適應性安全的,消除了較弱安全模型中對攻擊者攻擊能力的限制,可以抵御更強類型的攻擊者。同時,加密者還具有重加密控制功能,即加密者可以決定一個密文是否能被重加密。通過與現(xiàn)有的方案進行對比,可知新的屬性基代理重加密方案在計算量和性能等方面都具有明顯優(yōu)勢,更適合于實際的應用。新的方案可以被用于分布式文件系統(tǒng)、云存儲環(huán)境以及電子醫(yī)療服務等場景,能夠解決數(shù)據(jù)在公共服務器中的安全存儲和細粒度訪問控制等問題。
[Abstract]:Cloud computing, as a service model based on internet, has been popularized and popularized gradually in recent years. It can integrate different regions and different types of resources to work together to meet the needs of users to store and process large amounts of data. It greatly improves the utilization of resources and reduces the cost of users. However, the service mode of cloud storage also brings new security risks. One of the problems that must be considered is how to store media outside the user's control. While protecting the confidentiality of user data, the access control and efficient sharing of resource by legitimate users are realized. Attribute-based cryptography is a hot research direction in cryptography in recent years. It can effectively realize non-interactive access control of data fine-grained, so it has a wide application prospect. Proxy reencryption technology is suitable for scenarios where ciphertext conversion is needed and can meet the requirement of efficient sharing of encrypted data in cloud by handing ciphertext conversion over to agent to lighten the workload of client. In this case, agent reencryption technology is applied to attribute-based cryptosystem, and attribute-based agent reencryption is proposed. In the attribute base agent reencryption system, if user A has decryption permission, user A can send a reencryption key for user B to a semi-trusted proxy server called reencryption agent. The reencryption agent converts the original ciphertext into a reencrypted ciphertext which can be decrypted by the user B using its own private key using the received reencryption key so as to achieve efficient data sharing among users. We call user A heavy encryption Authorizer and user B heavy encryption decryptor. In the process of ciphertext conversion, the reencryption agent is unable to obtain the private key of the reencryption authorizer and the decryptor and any information corresponding to the plaintext in the ciphertext. However, the existing attribute-based agent reencryption schemes are insufficient in terms of security and efficiency. In order to solve these problems, a new property-based agent reencryption scheme is proposed in this paper. The new scheme can be proved to be adaptive, which eliminates the limitation of the attacker's attack ability in the weaker security model, and can resist the stronger type of attacker. At the same time, the encryptor also has the function of reencrypting, that is, the encryptor can decide whether a ciphertext can be reencrypted. By comparing with the existing schemes, it can be seen that the new attribute-based agent reencryption scheme has obvious advantages in computation and performance, and is more suitable for practical applications. The new scheme can be used in distributed file system, cloud storage environment, electronic medical service and so on. It can solve the problem of secure storage and fine-grained access control of data in public server.
【學位授予單位】：西安電子科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TN918.4

【參考文獻】

相關碩士學位論文 前1條

1 錢俊磊;雙系統(tǒng)加密在屬性基密碼方案的應用[D];上海交通大學;2011年

，

本文編號：2260416