共查询到18条相似文献,搜索用时 62 毫秒
1.
存储在云端服务器中的敏感数据的保密和安全访问是云存储安全研究的重要内容.针对真实的云存储环境中云服务提供商不可信的情况,采用基于属性的加密算法,提出了一种安全、高效、细粒度的云存储密文访问控制方案.与现有方案相比,该方案在用户撤销时,通过引入广播加密技术,使得撤销用户即使和云服务提供商共谋,也不能对私钥进行更新,保证了数据的安全性;方案将大部分密文重加密和用户私钥更新工作转移给云服务提供商执行,在保证安全性的前提下,降低了数据属主的计算代价;另外该方案还可支持多用户的同时撤销.最后分析了方案的安全性和计算复杂性,并测试了用户撤销时的运行效率. 相似文献
2.
3.
4.
针对现有的面向CP-ABE(Ciphertext-Policy Attribute-Based Encryption)的代理重加密方案因代理方可以解密代理重加密密文且可以任意修改访问策略而难以支持云代理重加密的问题,本文提出支持云代理重加密的CPABE方案即CP-ABE-CPRE(CP-ABE Scheme with Cloud Proxy Re-Encryption)方案.该方案利用版本号标识不同阶段的私钥和密文来支持属性撤销,只有在用户私钥版本号和密文版本号相匹配且用户属性满足访问策略时,用户才能解密密文.当撤销用户属性时,云服务器无需修改访问策略就可以更新被撤销属性对应的保密值.该方案还通过懒惰更新和批量更新减少密文和用户私钥更新次数,提升更新效率.理论分析和实验结果分析都表明,CP-ABE-CPRE在计算开销和存储开销上均优于相关已有方案.安全性分析表明,CP-ABE-CPRE能够对抗针对性选择明文攻击(sCPA, selective Chosen Plaintext Attack). 相似文献
5.
云存储下多用户协同访问控制方案 总被引:1,自引:0,他引:1
CP-ABE被认为是云存储下最适合的数据访问控制方法之一,但它仅适合用户分别读取或者分别修改不同数据的情况,而直接应用CP-ABE进行多用户协同数据访问时,会存在修改无序、密文文件大量冗余等问题。多用户协同访问云端数据时,应该在保证机密性、抗共谋的前提下控制合法用户有序地修改同一密文文件,同时云端尽可能减少密文文件副本。针对文件和文件逻辑分块,提出了2个多用户协同访问控制方案MCA-F和MCA-B。MCA-F满足单个数据文件作为最小控制粒度的访问控制需求,该方案采用层次加密结构,云服务器承担部分解密计算,以降低用户解密的计算代价;针对多用户同时写数据的访问控制,提出了对多个用户提交的暂存数据的管理方法。MCA-B用于文件的逻辑分块作为最小控制粒度的访问控制,该方案设计了文件的逻辑分块机制、基于索引矩阵的表示方法,提出了子数据掩码表示方法以描述多个用户对同一文件不同逻辑分块的写权限;MCA-B支持用户集合、文件逻辑分块结构的动态变化,而且数据的拥有者和修改者无需一直在线。与现有的方案相比,所提方案不仅具有云存储下多用户协同写数据的访问控制能力,而且读访问控制的用户端存储量和加解密计算量是较小的。 相似文献
6.
7.
在研究信息服务中心云存储用户的隐私保护问题时,基于属性的加密方案是一种前景看好的解决途径,它有效满足了匿名访问和数据加密等要求。然而,基于属性的加密方案只适用于对云存储服务中加密数据的认证访问。在云计算服务访问控制的环境中,部署这一方案是不切实际的。文章研究大数据中心云存储匿名访问控制的安全需求,介绍基于属性的访问控制方案构成,设计基于属性的k次匿名访问控制安全模型,描述方案的基本原理,给出方案的工作流程,并对方案的安全性和效率进行分析。 相似文献
8.
9.
10.
为解决云存储服务海量加密数据检索问题,提出一个新的云存储密文数据检索方法,新方法采用倒排索引结构,首先用户输入检索词,在密文索引中匹配,然后将词转化成其他形式和纠正错误的词之后进行再次查询,在返回结果低于先前设定的临界值的情况下继续执行以上步骤.这种基于云存储的密文数据检索方法提高了存储数据的隐私性,能够使用户得到他们所期望的结果,实验结果证明新的检索方法是有效的. 相似文献
11.
Cloud computing is one of the space-ground integration information network applications.Users can access data and retrieve service easily and quickly in cloud.The confidentiality and integrity of the data cloud have a direct correspondence to data security of the space-ground integration information network.Thus the data in cloud is transferred with encrypted form to protect the information.As an important technology of cloud security,access control should take account of multi-factor and cipher text to satisfy the complex requirement for cloud data protection.Based on this,a proxy re-encryption based multi-factor access control (PRE-MFAC) scheme was proposed.Firstly,the aims and assumptions of PRE-MFAC were given.Secondly,the system model and algorithm was defined.Finally,the security and properties of PRE-MFAC were analyzed.The proposed scheme has combined the PRE and multi-factor access control together and realized the multi-factor permission management of cipher text in cloud.Meanwhile,it can make the best possible use of cloud in computing and storing,then reduce the difficulty of personal user in cryptographic computing and key managing. 相似文献
12.
For the problem of secure data sharing and access control in mobile cloud,the drawback of traditional cryptographic access control schemes was deeply analyzed.Considering the truth that mobile devices were usually equipped with limited resources,an optimized attribute-based cryptographic access control scheme was proposed in this study.In the proposed scheme,a third party proxy was introduced into the system model,and the two-layer encryption method was applied.Combining traditional attribute-based encryption (ABE) algorithm with multi-secret sharing and split measurement of ABE encryption,the scheme could greatly reduce the cost of mobile users in terms of data publish and access management.Theoretical and experimental analysis shows that the contribution can well meet the requirements of mobile cloud in terms of security,computational complexity and communication cost,which means that it is promising for future applications. 相似文献
13.
Deepnarayan Tiwari Gayatri K Chaturvedi G. R. Gangadharan 《International Journal of Communication Systems》2019,32(15)
Cloud storage services require cost‐effective, scalable, and self‐managed secure data management functionality. Public cloud storage always enforces users to adopt the restricted generic security consideration provided by the cloud service provider. On the contrary, private cloud storage gives users the opportunity to configure a self‐managed and controlled authenticated data security model to control the accessing and sharing of data in a private cloud. However, this introduces several new challenges to data security. One critical issue is how to enable a secure, authenticated data storage model for data access with controlled data accessibility. In this paper, we propose an authenticated controlled data access and sharing scheme called ACDAS to address this issue. In our proposed scheme, we employ a biometric‐based authentication model for secure access to data storage and sharing. To provide flexible data sharing under the control of a data owner, we propose a variant of a proxy reencryption scheme where the cloud server uses a proxy reencryption key and the data owner generates a credential token during decryption to control the accessibility of the users. The security analysis shows that our proposed scheme is resistant to various attacks, including a stolen verifier attack, a replay attack, a password guessing attack, and a stolen mobile device attack. Further, our proposed scheme satisfies the considered security requirements of a data storage and sharing system. The experimental results demonstrate that ACDAS can achieve the security goals together with the practical efficiency of storage, computation, and communication compared with other related schemes. 相似文献
14.
基于CP-ABE算法的云存储数据访问控制 总被引:5,自引:0,他引:5
针对云存储服务网络特性和数据共享特性安全问题,提出一种基于CP-ABE算法的密文访问控制机制。从访问权限控制及访问控制体系结构2个方面对上述访问控制机制进行研究。给出相应的安全算法数据结构,并对其进行了仿真和性能分析。该安全机制在服务提供商不可信的前提下,保证在开放环境下云存储系统中数据的安全性,并通过属性管理降低权限管理的复杂度。 相似文献
15.
随着云计算技术的普遍应用,云环境下云资源的安全性问题也受到了信息安全技术领域研究人员的普遍关注.传统的访问控制方法不能适应云计算环境下的数据存储和处理的安全需要,属性加密访问控制方法在云计算环境下的应用,可以有效的保证云环境下数据的安全性.本文对云安全进行了简单的分析,对基于属性的访问控制方法进行了研究,结合云计算环境数据处理的实际情况,提出了基于属性加密访问控制方法在云计算环境下应用的方案,并进行了研究. 相似文献
16.
面向云存储的基于属性加密的多授权中心访问控制方案 总被引:1,自引:0,他引:1
已有基于属性加密的访问控制研究多是基于单授权中心来实现,该种方案在授权方不可信或遭受恶意攻击的情况下可能会造成密钥泄露。提出一种基于属性加密的多授权中心访问控制模型PRM-CSAC。基于CP-ABE方法,设计多授权中心的属性加密方案以提高密钥安全性;设计最小化属性分组算法,使用户访问文件时,能够按需分配密钥,减少不必要的属性密钥分配,降低重加密属性数量,提高系统效率;增加读写属性加强加密方对文件的访问控制,使访问控制策略更加完善。安全性分析及仿真实验表明,相比已有方案,PRM-CSAC对用户访问请求的响应时间更短,开销较小,且能够提供很高的安全性。 相似文献
17.
面向移动云计算的多要素代理重加密方案 总被引:2,自引:0,他引:2
云与移动计算的融合使用户能够更方便快捷地获取数据和服务,但是由于云平台和移动通信网络的开放性,如何在移动云计算环境下实现数据安全的访问和使用成为了亟待解决的问题。设计了一种基于多要素访问控制条件的代理重加密方案,包含系统模型、重加密算法及重加密密钥描述方法。基于该方案,云计算数据中心通过移动用户的访问请求,获取用户的客观访问控制条件,为用户生成相应的重加密密文,用户使用自身私钥即可对授权数据解密。在不增加用户密钥管理量的前提下,实现了移动云计算的多要素代理重加密。 相似文献
18.
Gangasandra Mahadevaiah Kiran Narasimhaiah Nalini 《International Journal of Communication Systems》2020,33(15)
Nowadays, security and data access control are some of the major concerns in the cloud storage unit, especially in the medical field. Therefore, a security‐aware mechanism and ontology‐based data access control (SA‐ODAC) has been developed to improve security and access control in cloud computing. The model proposed in this research work is based on two operational methods, namely, secure awareness technique (SAT) and ontology‐based data access control (ODAC), to improve security and data access control in cloud computing. The SAT technique is developed to provide security for medical data in cloud computing, based on encryption, splitting and adding files, and decryption. The ODAC ontology is launched to control unauthorized persons accessing data from storage and create owner and administrator rules to allow access to data and is proposed to improve security and restrict access to data. To manage the key of the SAT technique, the secret sharing scheme is introduced in the proposed framework. The implementation of the algorithm is performed by MATLAB, and its performance is verified in terms of delay, encryption time, encryption time, and ontology processing time and is compared with role‐based access control (RBAC), context‐aware RBAC and context‐aware task RBAC, and security analysis of advanced encryption standard and data encryption standard. Ultimately, the proposed data access control and security scheme in SA‐ODAC have achieved better performance and outperform the conventional technique. 相似文献