【摘要】：隨著數(shù)據(jù)量的爆炸性增長,數(shù)據(jù)存儲(chǔ)問題變得愈加獨(dú)立與棘手。云計(jì)算中的存儲(chǔ)服務(wù)正是迎合了這一市場(chǎng)契機(jī),向資源有限的多租戶提供數(shù)據(jù)的外包存儲(chǔ)解決方案。在云存儲(chǔ)中,用戶將數(shù)據(jù)存儲(chǔ)在遠(yuǎn)程云服務(wù)器上,并由云服務(wù)提供商對(duì)其進(jìn)行操作處理。然而,云服務(wù)提供商受利益的驅(qū)使會(huì)在半可信模式或者惡意模式下工作。這就使得用戶在外包存儲(chǔ)時(shí)迫切希望云存儲(chǔ)系統(tǒng)能夠具有隱私保護(hù)的功能,以防止外包數(shù)據(jù)的非授權(quán)共享。因此,如何實(shí)現(xiàn)多個(gè)用戶在云存儲(chǔ)模式下進(jìn)行高效靈活的數(shù)據(jù)安全共享變成了一個(gè)亟待解決的問題。本文從密文域訪問控制中的等級(jí)密鑰管理和屬性基加密兩種方法對(duì)上述問題展開研究,主要取得了如下研究成果:(1)針對(duì)用戶共享權(quán)限動(dòng)態(tài)變化的云外包數(shù)據(jù)細(xì)粒度共享問題,多權(quán)利群組密鑰管理和等級(jí)密鑰管理都需要數(shù)據(jù)擁有者自己更新系統(tǒng)中的某些公開參數(shù)。除此之外,基于等級(jí)密鑰管理的解決方案還要求數(shù)據(jù)擁有者通過安全信道與涉及到的各個(gè)訪問群組中用戶進(jìn)行一對(duì)一通信。一旦訪問群組的等級(jí)結(jié)構(gòu)較為復(fù)雜且涉及到的用戶數(shù)目較多,這一更新過程會(huì)有單點(diǎn)失敗的風(fēng)險(xiǎn)。為了避免這一缺陷,我們提出了一個(gè)面向外包數(shù)據(jù)共享的自主型等級(jí)密鑰管理方案。該方案融合了多權(quán)利群組密鑰管理和等級(jí)密鑰管理各自設(shè)計(jì)上的優(yōu)勢(shì)。其主要特征是數(shù)據(jù)擁有者只通過系統(tǒng)公開參數(shù)對(duì)各個(gè)訪問群組的等級(jí)結(jié)構(gòu)進(jìn)行管理。而各個(gè)訪問群組中的用戶以基于多線性映射的群組密鑰協(xié)商方式獲得所在群組對(duì)應(yīng)的對(duì)稱加密密鑰。一旦發(fā)生用戶共享權(quán)限的動(dòng)態(tài)變化,數(shù)據(jù)擁有者和相應(yīng)的高等級(jí)訪問群組中用戶均可以為涉及到的低等級(jí)訪問群組中用戶發(fā)布更新信息。獲得這更新信息后,這些低等級(jí)訪問群組中用戶可以自主計(jì)算所在群組對(duì)應(yīng)的新的對(duì)稱加密密鑰。(2)目前,安全且具有直接密鑰派生的等級(jí)密鑰管理方案需要對(duì)系統(tǒng)中的公開信息進(jìn)行加密處理。這會(huì)增加系統(tǒng)建立與動(dòng)態(tài)密鑰管理的計(jì)算開銷。通過使用線性幾何中向量內(nèi)積處理群組間的等級(jí)結(jié)構(gòu),我們給出了一個(gè)基于等級(jí)密鑰管理的云外包數(shù)據(jù)安全共享解決方案。在該方案中,數(shù)據(jù)擁有者為每個(gè)訪問群組公開一個(gè)向量,且所有向量組成的矩陣是系統(tǒng)的主要公開參數(shù)。與此同時(shí),數(shù)據(jù)擁有者為各個(gè)用戶分配所在群組對(duì)應(yīng)的私有信息。通過該私有信息,訪問群組中的用戶能夠計(jì)算出所在群組對(duì)應(yīng)的私有向量。再計(jì)算這個(gè)私鑰向量與所在群組對(duì)應(yīng)的公開向量的內(nèi)積,訪問群組中的用戶便可獲得所在群組對(duì)應(yīng)的對(duì)稱加密密鑰。如果兩個(gè)訪問群組不具有等級(jí)關(guān)系,則與它們相關(guān)聯(lián)的向量會(huì)存在正交性,也就是向量內(nèi)積為零。如果這兩個(gè)訪問群組具有等級(jí)關(guān)系,則高等級(jí)訪問群組的私有向量與低等級(jí)訪問群組的公開向量的內(nèi)積對(duì)應(yīng)一個(gè)間接密鑰。利用該間接密鑰,高等級(jí)訪問群組中的用戶可以獲得低等級(jí)訪問群組對(duì)應(yīng)的對(duì)稱加密密鑰。在動(dòng)態(tài)共享權(quán)限對(duì)應(yīng)的密鑰管理方面,數(shù)據(jù)擁有者只需要更新系統(tǒng)中的公開矩陣即可。通過安全性分析和仿真實(shí)驗(yàn)結(jié)果,我們可以看出該方案是安全且高效的。(3)面對(duì)多授權(quán)中心的云存儲(chǔ)系統(tǒng),我們提出了一個(gè)雙因素的外包數(shù)據(jù)共享解決方案。該方案集成了身份基加密與密文策略的屬性基加密兩種技術(shù)。一個(gè)用戶能夠獲取到數(shù)據(jù)擁有者的共享數(shù)據(jù),除了其擁有的屬性集合滿足密文中的訪問控制策略以外,還要求該用戶從數(shù)據(jù)擁有者那里獲得了授權(quán)密鑰。另外,我們提出的方案還具有固定密文長度這一性質(zhì)。利用云服務(wù)器輔助性重加密技術(shù),該方案實(shí)現(xiàn)了雙層撤銷機(jī)制:屬性授權(quán)中心對(duì)應(yīng)的屬性層撤銷和數(shù)據(jù)擁有者對(duì)應(yīng)的用戶層撤銷。并且,撤銷過程是在公開信道下完成的,能夠抵抗撤銷用戶的信道竊聽攻擊。安全性分析、性能對(duì)比以及仿真結(jié)果表明該方案在解決多授權(quán)中心下的云外包數(shù)據(jù)安全共享問題上是有效的。
[Abstract]:With the explosive growth of data, the problem of data storage becomes more and more independent and difficult. The storage service in the cloud computing is just to cater to this market opportunity to provide an outsourced storage solution to a resource limited multi tenant. In the cloud storage, the user stores the data on a remote cloud server and is provided by a cloud service provider. However, the benefit of cloud service providers is driven to work in a semi trusted or malicious mode, which makes it urgent for the user to have the privacy protection function of the cloud storage system to prevent unauthorized sharing of outsourced data in the outsourced storage. Efficient and flexible data security sharing has become an urgent problem to be solved. This paper studies the above problems from two methods of hierarchical key management and attribute based encryption in cipher domain access control. The main achievements are as follows: (1) the fine granularity of cloud outsourced data for the dynamic changes of the user shared privileges. In addition, the hierarchical key management solution also requires the data owner to communicate one to one communication with the users involved in the various access groups through the secure channel. Once access to the group, the data owner is required to access the group. In order to avoid this defect, we propose an autonomous hierarchical key management scheme for outsourced data sharing. This scheme combines multiple rights group key management and hierarchical key management in each design. The main feature is that the data owner manages the hierarchical structure of each access group only through the public parameters of the system, and the users in each of the access groups obtain the symmetric encryption key corresponding to the group by the group key negotiation based on the multilinear mapping. Users and users of the corresponding high level access groups can publish update information for users in the low level access group involved. After obtaining this update, these low-level access groups can independently compute the new symmetric encryption keys corresponding to their groups. (2) currently, it is safe and has a direct key derivative. The hierarchical key management scheme needs to encrypt the public information in the system. This will increase the computing overhead of the system establishment and dynamic key management. By using the vector product in linear geometry to process the hierarchical structure between groups, we give a solution for the security sharing of cloud outsourced data based on the hierarchical key management. In this scheme, the data owner exposes a vector for each access group, and the matrix of all the vectors is the main public parameter of the system. At the same time, the data owner assigns the corresponding private information to the group for each user. Through the private information, the users in the group can calculate the corresponding privacy of the group. There is a vector. Then we calculate the inner product of the private key vector and the public vector corresponding to the group. The users in the group can get the symmetric encryption keys corresponding to the group. If two groups of access groups do not have a hierarchical relationship, the vectors associated with them will have orthogonality, that is, the inner product of the vectors is zero. If the two The access group has a hierarchical relationship, and the private vector of the high level access group and the inner product of the public vector of the low level access group correspond to an indirect key. Using this indirect key, the users in the high level access group can obtain the symmetric plus secret key of the low level access group corresponding to the key pipe of the dynamic sharing rights. On the other hand, the data owner only needs to update the public matrix in the system. Through the security analysis and simulation results, we can see that the scheme is safe and efficient. (3) in the face of the cloud storage system in the multi authorization center, we propose a dual factor outsourcing data sharing solution. This scheme integrates the identity base. Two techniques of encryption and cipher based attribute based encryption. One user can obtain the shared data of the owner of the data. Besides the access control strategy in the ciphertext, the user also requires that the user obtain the authorization key from the data owner. Furthermore, the proposed scheme also has a fixed cipher length. By using cloud server aided re encryption technology, the scheme implements a double decker revocation mechanism: attribute layer revocation corresponding to attribute authorization center and user layer cancellation corresponding to data owner. And the revocation process is completed under the open channel, and can resist the channel eavesdropping attack of the revocation user. Security analysis, performance The comparison and simulation results show that the scheme is effective in solving the problem of cloud outsourcing data security sharing under multiple authorization centers.
【學(xué)位授予單位】：華南理工大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2016
【分類號(hào)】：TN918.4

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 劉曉艷;;一種基于身份認(rèn)證的多智體密鑰管理方法[J];山西財(cái)經(jīng)大學(xué)學(xué)報(bào);2007年S2期

2 王燕;陳燕俐;曹曉梅;楊庚;;無線網(wǎng)絡(luò)中一種新型密鑰管理[J];信息網(wǎng)絡(luò)安全;2009年11期

3 石強(qiáng);張欣;;可信存儲(chǔ)的密鑰管理[J];中國科技信息;2011年09期

4 趙華偉;郭強(qiáng);舒明雷;呂家亮;黃太波;;軀感網(wǎng)密鑰管理特征及研究現(xiàn)狀分析[J];計(jì)算機(jī)應(yīng)用與軟件;2012年07期

5 黃江憑,張克騫;單密鑰算法中的密鑰管理問題[J];中國金融電腦;1999年06期

6 戴瓊海,覃毅力,張瑩;組播通信的訪問控制和密鑰管理[J];電子學(xué)報(bào);2002年S1期

7 王國明;侯整風(fēng);;信息隱藏技術(shù)在密鑰管理中的應(yīng)用研究[J];計(jì)算機(jī)工程與設(shè)計(jì);2008年18期

8 孫磊;戴紫珊;郭錦娣;;云計(jì)算密鑰管理框架研究[J];電信科學(xué);2010年09期

9 龔敏;陸萍;;基于城市通卡的發(fā)卡與密鑰管理研究[J];福建電腦;2012年05期

10 顧冠群 ,朱艷琴 ,徐永南;密鑰管理的設(shè)計(jì)與實(shí)現(xiàn)[J];電信科學(xué);1992年02期

相關(guān)會(huì)議論文 前7條

1 劉鵬;趙戰(zhàn)生;荊繼武;戴英俠;;批發(fā)銀行業(yè)環(huán)境中的密鑰管理[A];第十次全國計(jì)算機(jī)安全學(xué)術(shù)交流會(huì)論文集[C];1995年

2 王潮;張振華;應(yīng)仲平;徐拾義;牛志華;;WSN中基于身份的分散密鑰管理研究[A];第六屆中國測(cè)試學(xué)術(shù)會(huì)議論文集[C];2010年

3 馬春光;戴膺贊;;無線傳感器網(wǎng)絡(luò)動(dòng)態(tài)密鑰管理方案綜述[A];黑龍江省計(jì)算機(jī)學(xué)會(huì)2009年學(xué)術(shù)交流年會(huì)論文集[C];2010年

4 劉文遠(yuǎn);裴繼輝;王永栓;;PKI密鑰管理系統(tǒng)的研究與設(shè)計(jì)[A];2007年全國第十一屆企業(yè)信息化與工業(yè)工程學(xué)術(shù)會(huì)議論文集[C];2007年

5 王繪麗;李冰;張曉慧;孫斌;;Ad Hoc虛擬骨干網(wǎng)中密鑰管理的研究[A];2006通信理論與技術(shù)新進(jìn)展——第十一屆全國青年通信學(xué)術(shù)會(huì)議論文集[C];2006年

6 徐瑩;徐福緣;李生琦;;層級(jí)結(jié)構(gòu)中基于一元hash函數(shù)的存取控制方法研究[A];全國第十屆企業(yè)信息化與工業(yè)工程學(xué)術(shù)年會(huì)論文集[C];2006年

7 張軼北;高寶成;;基于簇結(jié)構(gòu)分布式認(rèn)證的Shamir機(jī)制研究[A];中國電子學(xué)會(huì)第十五屆信息論學(xué)術(shù)年會(huì)暨第一屆全國網(wǎng)絡(luò)編碼學(xué)術(shù)年會(huì)論文集（上冊(cè)）[C];2008年

相關(guān)重要報(bào)紙文章 前3條

1 ;眾多存儲(chǔ)企業(yè)關(guān)注密鑰管理[N];人民郵電;2007年

2 宋家雨;密鑰管理之秘訣[N];網(wǎng)絡(luò)世界;2007年

3 江信q，

本文編號(hào)：2165439