增强安全的云存储数据访问控制方案

摘要/Abstract

摘要： 云存储带来了许多优势，例如，可节省用户的硬件购买成本，并提供实时在线数据存储服务。越来越多的人选择将数据存储在云上。为了提高数据安全性和数据隐私性，Wu等人在Yang的方案的基础上，给出了一种扩展的多权限云存储数据访问控制方案(NEDAC-MACS)。本文给出一种攻击方法，以证明被撤消的用户仍然可以解密NEDAC-MACS中的新密文，并提出一种增强NEDAC-MACS安全性的方案，该方案可以抵抗云服务器与用户之间的串通攻击。加密分析表明，该方案能够抵抗串通攻击并且是可行的。

关键词: 访问控制, 数据安全性, 合谋攻击, 云存储

Abstract: Cloud storage has brought many advantages, such as saving users hardware purchase costs and providing real-time online data storage services. More and more people are choosing to store data on the cloud. In order to improve data security and data privacy, Wu et al. gave an extended data access control scheme for multi-authority cloud storage (NEDAC-MACS) on the basis of the scheme of Yang. In this paper, an attack method is given to demonstrate that a revoked user can still decrypt new ciphertexts in NEDAC-MACS, and a scheme to enhance the security of NEDAC-MACS is proposed, which can resist the collusion attack between cloud server and users. Cryptographic analyses confirm that the scheme is able to resist collusion attacks and is feasible.

Key words: access control, data security, collusion attack, cloud storage

刘铮, 吴柯桦, 叶春晓. 增强安全的云存储数据访问控制方案[J]. 计算机与现代化, 2021, 0(10): 119-126.

LIU Zheng, WU Ke-hua, YE Chun-xiao. Security-enhanced Data Access Control for Multi-authority Cloud Storage[J]. Computer and Modernization, 2021, 0(10): 119-126.

参考文献［30］

［1］	BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption［C］// Proceedings of the 2007 IEEE Symposium on Security and Privacy. 2007:321-334.
［2］	LV Z Q, CHI J L, ZHANG M, et al. Efficiently attribute-based access control for mobile cloud storage system［C］// Proceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications. 2014:292-299.
［3］	YANG K, JIA X H, REN K. Attribute-based fine-grained access control with efficient revocation in cloud storage systems［C］// Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. 2013:523-528.
［4］	WEI J H, LIU W F, HU X X. Secure and efficient attribute-based access control for multiauthority cloud storage［J］. IEEE Systems Journal, 2018,12(2):1731-1742.
［5］	RUJ S, NAYAK A, STOJMENOVIC I. DACC: Distributed access control in clouds［C］// Proceedings of the 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications. 2011:91-98.
［6］	CHASE M. Multi-authority attribute based encryption［C］// Proceedings of the 4th Conference on Theory of Cryptography. 2007:515-534.
［7］	CHASE M, CHOW S S M. Improving privacy and security in multi-authority attribute-based encryption［C］// Proceedings of the 16th ACM Conference on Computer and Communications Security. 2009:121-130.
［8］	YANG K, JIA X H, REN K, et al. DAC-MACS: Effective data access control for multiauthority cloud storage systems［J］. IEEE Transactions on Information Forensics and Security, 2013,8(11):1790-1801.
［9］	LI M, YU S C, ZHENG Y, et al. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption［J］. IEEE Transactions on Parallel and Distributed Systems, 2013,24(1):131-143.
［10］	LI J, HUANG X Y, LI J W, et al. Securely outsourcing attribute-based encryption with checkability［J］. IEEE Transactions on Parallel and Distributed Systems, 2014,25(8):2201-2210.
［11］	LI J G, YAO W, HAN J G, et al. User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage［J］. IEEE Systems Journal, 2018,12(2):1767-1777.
［12］	HU C Q, LI W, CHENG X Z, et al. A secure and verifiable access control scheme for big data storage in clouds［J］. IEEE Transactions on Big Data, 2018,4(3):341-355.
［13］	WU X L, JIANG R, BHARGAVA B. On the security of data access control for multiauthority cloud storage systems［J］. IEEE Transactions on Services Computing, 2017,10(2):258-272.
［14］	SAHAI A, WATERS B. Fuzzy identity-based encryption［C］// Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques. 2005:457-473.
［15］	GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data［C］// Proceedings of the 13th ACM Conference on Computer and Communications Security. 2006:89-98.
［16］	OSTROVSKY R, SAHAI A, WATERS B. Attribute-based encryption with non-monotonic access structures［C］// Proceedings of the 14th ACM Conference on Computer and Communications Security. 2007:195-203.
［17］	LEWKO A, OKAMOTO T, SAHAI A, et al. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption［C］// Proceedings of the 29th Annual International Conference on Theory and Applications of Cryptographic Techniques. 2010:62-91.
［18］	WATERS B. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization［C］// Proceedings of the 14th International Conference on Practice and Theory in Public Key Cryptography. 2011:53-70.
［19］	ROUSELAKIS Y, WATERS B. Practical constructions and new proof methods for large universe attribute-based encryption［C］// Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. 2013:463-474.
［20］	LEWKO A, WATERS B. Decentralizing attribute-based encryption［C］// Proceedings of the 30th Annual International Conference on Theory and Applications of Cryptographic Techniques: Advances in Cryptology. 2011:568-588.
［21］	PIRRETTI M, TRAYNOR P, MCDANIEL P, et al. Secure attribute-based systems［C］// Proceedings of the 13th ACM Conference on Computer and Communications Security. 2006:99-112.
［22］	HUR J, NOH D K. Attribute-based access control with efficient revocation in data outsourcing systems［J］. IEEE Transactions on Parallel and Distributed Systems, 2011,22(7):1214-1221.
［23］	CHEN J W, MA H D. Efficient decentralized attribute-based access control for cloud storage with user revocation［C］// Proceedings of the 2014 IEEE International Conference on Communications. 2014:3782-3787.
［24］	LI X Y, TANG S H, XU L L, et al. Two-factor data access control with efficient revocation for multi-authority cloud storage systems［J］. IEEE Access, 2017,5:393-405.
［25］	YU S C, WANG C, REN K, et al. Attribute based data sharing with attribute revocation［C］// Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. 2010:261-270.
［26］	KAWAI Y, TAKASHIMA K. Fully-anonymous functional proxy-re-encryption［DB/OL］. (2013-10-11)［2021-01-21］. https://eprint.iacr.org/2013/318.pdf.
［27］	CHAUDHARI P, DAS M L, DASGUPTA D. Privacy-preserving proxy re-encryption with fine-grained access control［C］// Proceedings of the 2017 International Conference on Information Systems Security. 2017:88-103.
［28］	ZIEGLER D, MARSALEK A. Efficient revocable attribute-based encryption with hidden policies［C］// Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications. 2020:1638-1645.
［29］	WANG H J, DONG X L, CAO Z F. Multi-value-independent ciphertext-policy attribute based encryption with fast keyword search［J］. IEEE Transactions on Services Computing, 2020,13(6):1142-1151.
［30］	ZHANG M Y, ZHOU J L, ZHANG G X, et al. Scalable and updatable attribute-based privacy protection scheme for big data publishing［C］// Proceedings of the 2020 IEEE Global Communications Conference. 2020. DOI: 10.1109/GLOBECOM42002.2020.9322458.

[1]	古丽博斯坦·阿克木, 努尔买买提·黑力力. 支持动态策略变化的ABAC决策回收[J]. 计算机与现代化, 2022, 0(10): 47-54.
[2]	李文全, 徐素萍. 基于地理信息的旅游资源信息库系统[J]. 计算机与现代化, 2021, 0(08): 100-103.
[3]	刘雪贞, 崔艳, 邓小飞, 彭杰. 支持权限管理的高效属性撤销机制[J]. 计算机与现代化, 2021, 0(07): 95-101.
[4]	赵微, 秦砺寒, 运晨超. 基于Portal认证技术的科技成果数据跨平台访问控制[J]. 计算机与现代化, 2021, 0(07): 102-106.
[5]	孙广成, 李洪赭, 李赛飞, 张晓薇. 基于区块链的物联网访问控制系统[J]. 计算机与现代化, 2020, 0(11): 100-108.
[6]	曹永明. 一种无安全信道的模糊关键字搜索加密方案[J]. 计算机与现代化, 2020, 0(04): 42-.
[7]	张茜,王箭. 基于盲签名的云共享数据完整性审计方案[J]. 计算机与现代化, 2020, 0(04): 60-.
[8]	缪思薇1，余文豪1，姚峰2，高婧3. 针对PLC访问控制的安全分析[J]. 计算机与现代化, 2019, 0(09): 41-.
[9]	杨阳，曹彦. 基于危机事件的自适应访问控制模型[J]. 计算机与现代化, 2019, 0(08): 98-.
[10]	张芃,周良. 基于信任的动态多级访问控制模型[J]. 计算机与现代化, 2019, 0(07): 116-.
[11]	张兴兰,李建楠. 支持高效撤销的属性加密方案[J]. 计算机与现代化, 2018, 0(07): 114-.
[12]	周鹏1,2，龙士工1,2. 基于SBT全结点存储的云数据完整性[J]. 计算机与现代化, 2018, 0(06): 37-.
[13]	陈成，努尔买买提·黑力力. 基于CP-ABE的隐藏属性外包解密访问控制[J]. 计算机与现代化, 2018, 0(05): 74-.
[14]	刘赛1,聂庆节1,刘军1,李东民2,李静2. 基于量化行为的实时数据库备份系统访问控制模型[J]. 计算机与现代化, 2018, 0(01): 116-122.
[15]	史庭俊,张颖杰. #br# 云存储中基于属性的密文策略访问控制方法[J]. 计算机与现代化, 2017, 0(7): 111-116.