基于CP-ABE的云计算改进属性加密安全访问控制策略设计

针对云计算存储中心由于数据和访问控制的安全性无法得到有效保障,从而可能造成用户存储的敏感数据被盗取的问题,现有的解决方法往往通过加密数据密钥,并通过对数据加密来解决安全性问题,但这些方法没有对访问控制的整个过程进行全面的定义和描述,同时仍然具有较大的时空开销。为此,在对CP-ABE(eiphertext-policy attribute-based encryption)进行深入分析的基础上提出了一种基于改进属性加密访问控制模型,然后对CP-ABE进行改进,并对公钥和主密钥的生成、数据所有者加密文件、访问用户解密文件以及用户权限的全面管理过程均进行了详尽的定义和描述,从而设计了一种通用的安全访问机制。在仿真工具Ubuntu中进行实验,结果表明文中方法能有效地实现云计算环境下的安全访问控制,与其它方法相比,具有计算和存储开销低优点,具有较大的优越性。

Design for Strategy of Safety Access Control Cloud Computing Based on CP-ABE and Improved Attribute Encryption

Aiming at safety of the data and access control in the cloud computing storage center not guaranteed comprehensively, mainly leading to the sensitive data of user losing. The traditional solving methods usually implement the encryption of the data key, and using the data encryption to solve the safety problem. However these methods are not describe all the process of access control, then they still have big computing and storage expense. Therefore, the CP-ABE is analyzed and a improved attribute encryption model is proposed. Then the CP-ABE is improved, the generation of public key and main key, the encryption of file of data owner, access of the encryption of file and the comprehensive manage process of user right are all described and defined, so a universal safety access control mechanism is designed. The experiment is operated in Ubuntu, the result shows the method in this paper can effectively realize access control with safety, and compared with the other methods, it has the properties of lower computing and storage expense, so it has some priority.