【摘要】：數(shù)據(jù)外包能減少數(shù)據(jù)所有者的成本。然而,當(dāng)數(shù)據(jù)被存儲(chǔ)在遠(yuǎn)程服務(wù)器上時(shí),數(shù)據(jù)所有者會(huì)喪失對其敏感數(shù)據(jù)的控制,不可信方可能訪問這些敏感數(shù)據(jù)。傳統(tǒng)的方法使用完全可信的服務(wù)器來存儲(chǔ)和負(fù)責(zé)對敏感數(shù)據(jù)的訪問控制,如果用戶擁有某些證書,滿足訪問控制策略,他便可以訪問敏感數(shù)據(jù)。然而,一旦存儲(chǔ)敏感數(shù)據(jù)的服務(wù)器受到威脅,數(shù)據(jù)的機(jī)密性也會(huì)受到威脅。因此,對服務(wù)器中存儲(chǔ)的敏感數(shù)據(jù)需要以加密形式存儲(chǔ),使得即使服務(wù)器受到威脅,數(shù)據(jù)的機(jī)密性也得以保證。然而,傳統(tǒng)的加密方法存在如下缺點(diǎn):(1).加密是一個(gè)用戶和另一個(gè)用戶秘密地共享數(shù)據(jù)的方式;(2).對加密數(shù)據(jù)的訪問是要么全訪問,要么全不訪問。也就是說,它們不能用來處理對加密數(shù)據(jù)的富有表達(dá)力的訪問控制。在許多應(yīng)用中,比如云存儲(chǔ)系統(tǒng)中,數(shù)據(jù)所有者可能希望根據(jù)對接收者屬性的策略來選擇性地共享敏感數(shù)據(jù)。不是每次為各方加密數(shù)據(jù),而是一次為所有各方加密數(shù)據(jù)。近年來提出的屬性基加密方案能很好地滿足這些需求。屬性基加密是一種新穎的公鑰加密范例,它允許用戶基于屬性加密和解密消息,而且它富有表達(dá)力,能對加密數(shù)據(jù)實(shí)施細(xì)粒度的訪問控制。本文進(jìn)行了基于屬性基加密的細(xì)粒度訪問控制機(jī)制研究,其主要研究內(nèi)容和創(chuàng)新點(diǎn)包括:1.提出了黑盒可追責(zé)密文策略屬性基加密方案既存的屬性基加密方案需要一個(gè)可信的中央機(jī)構(gòu)。此中央機(jī)構(gòu)擁有方案的主秘密,能計(jì)算與用戶的任意屬性相關(guān)的私鑰,并能解密對任意用戶加密的任意密文,生成和分發(fā)與屬性相關(guān)的私鑰給其他用戶。因此,它必須是絕對可信的。如果中央機(jī)構(gòu)從事惡意活動(dòng),它將不會(huì)被抓住和起訴。也就是說,屬性基加密方案中仍然存在密鑰托管問題。如果這個(gè)問題沒被解決,將會(huì)影響屬性基加密方案的采納。本文提出了黑盒可追責(zé)密文策略屬性基加密方案,在這個(gè)方案中,一個(gè)安全的私鑰生成協(xié)議被構(gòu)造,法官能判斷譯碼盒是由惡意的用戶創(chuàng)建還是由惡意的中央機(jī)構(gòu)創(chuàng)建。本文方案減輕了對中央機(jī)構(gòu)的信任,使得中央機(jī)構(gòu)被指控濫用這種信任的可能性被減少,從而使得屬性基加密方案能很好地對加密數(shù)據(jù)實(shí)施細(xì)粒度的訪問控制。2.提出了密文策略屬性基代理重加密方案在屬性基加密方案中,用戶的私鑰與屬性集相關(guān),敏感數(shù)據(jù)在對屬性的訪問結(jié)構(gòu)下被加密成密文,當(dāng)且僅當(dāng)其屬性滿足與密文相關(guān)的訪問結(jié)構(gòu)的用戶才能解密密文。然而,在加密數(shù)據(jù)不被解密的前提下,既存的屬性基加密方案并不支持對屬性基加密方案中訪問結(jié)構(gòu)的更新。本文提出了密文策略屬性基代理重加密方案,它允許在不解密密文的前提下,通過一個(gè)誠實(shí)而又好奇的代理如云服務(wù)器轉(zhuǎn)換與初始密文相關(guān)的訪問結(jié)構(gòu),此代理在另一個(gè)訪問結(jié)構(gòu)下重加密最初的密文成重加密密文,使得其屬性滿足新訪問結(jié)構(gòu)的用戶能解密重加密的密文。所提方案較好地解決了在采用屬性基加密方案對加密數(shù)據(jù)實(shí)施細(xì)粒度訪問控制時(shí),屬性基加密方案中訪問結(jié)構(gòu)頻繁地發(fā)生變化的問題。3.提出了基于屬性基加密的具有細(xì)粒度訪問控制的不經(jīng)意傳輸方案在外包系統(tǒng)中,盡管加密技術(shù)被用來保護(hù)外包數(shù)據(jù),但對像誰訪問了外包數(shù)據(jù)以及他怎樣訪問這些數(shù)據(jù)的這類型的敏感數(shù)據(jù),服務(wù)提供商仍能收集它們。為了保護(hù)用戶的隱私和讓服務(wù)提供商實(shí)施訪問控制,本文提出了基于屬性基加密的具有細(xì)粒度訪問控制的不經(jīng)意傳輸方案,其中,數(shù)據(jù)庫服務(wù)器中的數(shù)據(jù)用訪問控制策略來保護(hù),僅有其證書滿足訪問策略的用戶才能訪問這些數(shù)據(jù),而服務(wù)提供商不會(huì)了解到用戶訪問了哪些數(shù)據(jù)或用戶的證書。本文方案具有如下優(yōu)勢:第一、本文方案維護(hù)了不經(jīng)意傳輸?shù)碾[私特性,提供了細(xì)粒度的訪問控制機(jī)制。第二、它允許直接支持AND門,OR門和Threshold的富有表達(dá)力的訪問控制策略。第三、在本文方案中的通信復(fù)雜度與用戶訪問的記錄數(shù)成常量關(guān)系。第四、本文方案在素?cái)?shù)階環(huán)境下被構(gòu)造。4.提出了具有外包解密功能的基于素?cái)?shù)階群的內(nèi)積謂詞加密方案在謂詞加密方案——屬性隱藏的屬性基加密方案中,密文既隱藏明文消息,又隱藏屬性。謂詞加密對加密數(shù)據(jù)實(shí)施細(xì)粒度的訪問控制和對加密數(shù)據(jù)進(jìn)行搜索。然而,謂詞加密在效率上存在的主要缺點(diǎn)是密文的大小和解密它的時(shí)間會(huì)隨著謂詞的復(fù)雜性而增長。本文提出了具有外包解密功能的基于素?cái)?shù)階群的內(nèi)積謂詞加密方案,它大大地減少了用戶的開銷。在該方案中,用戶提供給云服務(wù)器一把轉(zhuǎn)換密鑰,以允許云服務(wù)器轉(zhuǎn)換密文屬性滿足謂詞的謂詞加密密文成一條簡短的密文,從而大大減少用戶解密密文的時(shí)間,而云服務(wù)器也不會(huì)了解任意的用戶消息,同時(shí),用戶能對云服務(wù)器進(jìn)行的轉(zhuǎn)換進(jìn)行驗(yàn)證,以保證轉(zhuǎn)換的正確性。
文內(nèi)圖片：
圖片說明： 1Issue協(xié)議
[Abstract]:The out-of-data package can reduce the cost of the data owner. However, when data is stored on a remote server, the data owner loses control over its sensitive data, and the untrusted party may access the sensitive data. The traditional approach uses a fully trusted server to store and take charge of access control for sensitive data, and if the user has certain credentials to meet the access control policy, he can access sensitive data. However, once the server that stores sensitive data is threatened, the confidentiality of the data is also compromised. Therefore, sensitive data stored in the server needs to be stored in encrypted form, so that the confidentiality of the data is guaranteed even if the server is threatened. However, the conventional encryption method has the following disadvantages: (1). Encryption is the way a user and another user share data in secret; (2). Access to the encrypted data is either full access or full access. That is, they cannot be used to handle access control for the rich expression of the encrypted data. In many application, such as a cloud storage system, a data owner may wish to selectively share sensitive data in accordance with a policy of that recipient's attributes. It is not to encrypt data for each party at a time, but to encrypt data for all parties at a time. The attribute-based encryption scheme proposed in recent years can well meet these demands. Attribute-based encryption is a novel public-key encryption paradigm that allows users to encrypt and decrypt messages based on attributes, and it is rich in expression, enabling fine-grained access control to encrypted data. In this paper, a fine-grained access control mechanism based on attribute-based encryption is studied, and the main research contents and innovation points are as follows:1. It is proposed that the property-based encryption scheme of the property-based encryption scheme of the cryptograph policy of the black box can be traced back to the existing property-based encryption scheme requires a trusted central mechanism. The central mechanism has the master secret of the scheme, can calculate the private key related to any attribute of the user, and can decrypt any cipher text encrypted by any user, and generate and distribute the private key related to the attribute to other users. It must therefore be absolutely credible. If the central authority is engaged in a malicious activity, it will not be caught and prosecuted. That is, a key escrow problem is still present in the attribute-based encryption scheme. If this problem is not resolved, the adoption of the attribute-based encryption scheme will be affected. In this paper, a key encryption scheme is proposed in this paper. In this scheme, a secure private key generation protocol is constructed, and the judge can judge whether the decoding box is created by a malicious user or by a malicious central mechanism. The scheme reduces the trust of the central authorities, so that the possibility of the central authorities being charged with the abuse of such trust is reduced, so that the attribute-based encryption scheme can well implement fine-grained access control to the encrypted data. In the attribute-based encryption scheme, the key of the user's private key is related to the attribute set, and the sensitive data is encrypted into the cipher text under the access structure of the attribute, and the cipher text can be decrypted only when the attribute of the attribute satisfies the user of the access structure related to the cipher text. However, if the encrypted data is not decrypted, the existing attribute-based encryption scheme does not support the update of the access structure in the attribute-based encryption scheme. This paper presents a scheme for re-encryption of the attribute-based proxy of the cipher-text strategy, which allows the access structure related to the initial cipher text to be converted by an honest and curious agent, such as the cloud server, without the decryption of the cipher text, The agent re-encrypts the original cipher text to re-encrypt the cipher text under the other access structure, so that the user whose property satisfies the new access structure can decrypt the re-encrypted cipher text. The proposed scheme better solves the problem that the access structure in the attribute-based encryption scheme is changed frequently when the attribute-based encryption scheme is adopted to implement fine-grained access control to the encrypted data. in an out-of-packet system, an inadvertent transmission scheme with fine-grained access control based on an attribute-based encryption is proposed, although encryption techniques are used to protect the outsourced data, Service providers can still collect them. in order to protect the privacy of the user and to let the service provider implement the access control, the paper proposes an unintentional transmission scheme with fine-grained access control based on the attribute-based encryption, wherein the data in the database server is protected by the access control strategy, Only users whose certificates meet the access policy can access these data, and the service provider will not know which data or the user's credentials have been accessed by the user. The scheme of this paper has the following advantages: first, the scheme of this paper maintains the privacy characteristic that is inadvertently transmitted, and provides the fine-grained access control mechanism. Second, it allows an expression-based access control strategy that directly supports AND gates, OR gates, and Threshold. Third, the communication complexity in the scheme is constant with the number of records accessed by the user. Fourth, the scheme of this paper is constructed in prime order environment. An inner product predicate encryption scheme based on prime order group with outsourced decryption function is proposed. In the attribute-based encryption scheme of the predicate encryption scheme _ attribute hiding, the cipher text both hides the plain text message and hides the attribute. Predicate encryption implements fine-grained access control for encrypted data and searches for encrypted data. However, the main disadvantage of predicate encryption in efficiency is that the size of the cipher text and the time to decrypt it will increase with the complexity of the predicates. In this paper, an inner product predicate encryption scheme based on prime order group with outsourcing and decryption function is proposed, which greatly reduces the user's overhead. In the scheme, the user provides a conversion key to the cloud server to allow the cloud server to convert the ciphertext attribute to satisfy the predicate encryption cipher text of the predicate into a short cipher text, thereby greatly reducing the time when the user decrypts the cipher text, and the cloud server does not know any user information, At the same time, the user can verify the conversion of the cloud server to ensure the correctness of the conversion.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2016
【分類號(hào)】：TN918.4

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 孫偉;李艷靈;周文勇;;細(xì)粒度基于傳遞功能的約束委托模型[J];信陽師范學(xué)院學(xué)報(bào)(自然科學(xué)版);2013年03期

2 夏汛;陳玲;;基于攔截器的細(xì)粒度權(quán)限設(shè)計(jì)[J];福建電腦;2012年11期

3 歐陽純萍;陽小華;雷龍艷;徐強(qiáng);余穎;劉志明;;多策略中文微博細(xì)粒度情緒分析研究[J];北京大學(xué)學(xué)報(bào)(自然科學(xué)版);2014年01期

4 史大偉;袁天偉;;一種粗細(xì)粒度結(jié)合的動(dòng)態(tài)污點(diǎn)分析方法[J];計(jì)算機(jī)工程;2014年03期

5 原子;于莉莉;劉超;;引入缺陷的細(xì)粒度軟件變更識(shí)別方法[J];北京航空航天大學(xué)學(xué)報(bào);2014年09期

6 戢彥泓,郭常杰,鐘玉琢,孫立峰;基于細(xì)粒度可擴(kuò)展編碼的多源視頻流化方案[J];清華大學(xué)學(xué)報(bào)(自然科學(xué)版);2004年04期

7 涂登彪;譚光明;孫凝暉;;無鎖同步的細(xì)粒度并行介度中心算法[J];軟件學(xué)報(bào);2011年05期

8 張宇軒;魏廷存;樊曉椏;張萌;;面向流體系的細(xì)粒度異步訪存調(diào)度[J];計(jì)算機(jī)應(yīng)用研究;2012年03期

9 王寬;;基于細(xì)粒度調(diào)整的同步播放控制算法[J];山西電子技術(shù);2008年05期

10 華秀麗;徐凡;王中卿;李培峰;;細(xì)粒度科技論文摘要句子分類方法[J];計(jì)算機(jī)工程;2012年14期

相關(guān)會(huì)議論文 前5條

1 葉蘊(yùn)芳;楊榆;羅鑫;徐國愛;;Appfuse系統(tǒng)中細(xì)粒度權(quán)限控制的研究與實(shí)現(xiàn)[A];2007北京地區(qū)高校研究生學(xué)術(shù)交流會(huì)通信與信息技術(shù)會(huì)議論文集（上冊）[C];2008年

2 江偉玉;高能;劉澤藝;林雪燕;;一種云計(jì)算中的多重身份認(rèn)證與授權(quán)方案[A];第27次全國計(jì)算機(jī)安全學(xué)術(shù)交流會(huì)論文集[C];2012年

3 郭磊;唐玉華;周杰;董亞卓;;基于FPGA的Cholesky分解細(xì)粒度并行結(jié)構(gòu)與實(shí)現(xiàn)[A];2010年第16屆全國信息存儲(chǔ)技術(shù)大會(huì)（IST2010）論文集[C];2010年

4 李俊青;謝圣獻(xiàn);劉廣亮;陳晨;;P2P網(wǎng)絡(luò)基于蟻群優(yōu)化的動(dòng)態(tài)細(xì)粒度訪問控制框架[A];2008年全國開放式分布與并行計(jì)算機(jī)學(xué)術(shù)會(huì)議論文集(下冊)[C];2008年

5 盛振華;吳羽;江錦華;壽黎但;陳剛;;InfoSigs:一種面向WEB對象的細(xì)粒度聚類算法[A];第26屆中國數(shù)據(jù)庫學(xué)術(shù)會(huì)議論文集（A輯）[C];2009年

相關(guān)重要報(bào)紙文章 前2條

1 趙曉濤;巡展中的三大熱門[N];網(wǎng)絡(luò)世界;2007年

2 樂天邋編譯;編織一張更好的Web[N];計(jì)算機(jī)世界;2007年

相關(guān)博士學(xué)位論文 前4條

1 付興兵;基于屬性基加密的細(xì)粒度訪問控制機(jī)制研究[D];電子科技大學(xué);2016年

2 時(shí)杰;關(guān)系數(shù)據(jù)庫細(xì)粒度訪問控制研究[D];華中科技大學(xué);2010年

3 朱倩;面向自由文本的細(xì)粒度關(guān)系抽取的關(guān)鍵技術(shù)研究[D];江蘇大學(xué);2011年

4 余a\;基于Simulink模型的細(xì)粒度多線程技術(shù)研究[D];浙江大學(xué);2014年

相關(guān)碩士學(xué)位論文 前10條

1 蔡雅雅;基于半監(jiān)督集成剪枝算法的細(xì)粒度城市空氣質(zhì)量估計(jì)[D];浙江大學(xué);2016年

2 何東梅;細(xì)粒度物體分類算法研究與實(shí)現(xiàn)[D];北京交通大學(xué);2016年

3 廖純;基于句法和語義的話題細(xì)粒度情感分析的研究[D];北京理工大學(xué);2016年

4 李毅;屬性層級(jí)觀點(diǎn)挖掘技術(shù)的研究與應(yīng)用[D];石家莊鐵道大學(xué);2016年

5 周志華;聊天系統(tǒng)文本情感細(xì)粒度分類研究與應(yīng)用[D];西南交通大學(xué);2015年

6 康海蒙;基于細(xì)粒度監(jiān)控的Spark優(yōu)化研究[D];哈爾濱工業(yè)大學(xué);2016年

7 張s，

本文編號(hào)：2512455