一种改进的云存储平台权限管理机制设计  被引量：1

作　　者：卜质琼[1,2] 郑波尽[3] BU Zhiqiong ZHENG Bojin(School of Computer Science, South China Normal University, Guangzhou 510631, China Guangdong Polytechnic Normal University, Guangzhou 510665, China South-Central University for Nationalities, Wuhan 430074, China)

机构地区：[1]华南师范大学计算机学院,广东广州510631 [2]广东技术师范学院,广东广州510665 [3]中南民族大学,湖北武汉430074

出　　处：《现代电子技术》2016年第21期1-6,10,共7页Modern Electronics Technique

基　　金：广东省自然科学基金项目(S2012030006242)

摘　　要：针对云存储服务中用户访问权限撤销计算与带宽代价过大、复杂度过高等问题,以密文策略的属性加密体制(CP-ABE)的密文访问控制方案作为理论背景,设计一种基于动态重加密的云存储权限撤销优化机制,即DR-PRO。该机制利用(k,n)门限方案,将数据信息划分成若干块,动态地选取某一数据信息块实现重加密,依次通过数据划分、重构、传输、提取以及权限撤销等子算法完成用户访问权限撤销的实现过程。通过理论分析与模拟实验评估表明,在保证云存储服务用户数据高安全性的前提下,DR-PRO机制有效地降低了用户访问权限撤销的计算与带宽代价,其性能效率得到了进一步优化与提高。In order to solve the overhead computing and bandwidth, and high complexity problems existing in user access privilege revoking of cloud storage service, a dynamic re-encryption based cloud storage privilege revoking optimizing （DR- PRO） mechanism was designed, which takes the ciphertext access control scheme based on attribute encryption system of cipher- text scheme （CP-ABE） as the theoretical background. The （k,n） threshold scheme is adopted by DR-PRO mechanism to divide the data information into blocks, and select a certain data information block dynamically for re-encryption. The data information block is processed with the sub-algorithms of data division, reconstruction, transmission and extraction successively to accom- plish the realization process of user access privilege revoking. The theoretical analysis and experimental evaluation results show that, on the premise of ensuring the high data security of cloud storage service user, the DR-PRO mechanism reduced the over- head computing and bandwidth of the user access control privilege revoking efficiently, and its performance and efficiency were optimized and improved further.

关 键 词：云存储 密文访问控制 权限撤销 动态重加密 CP-ABE DR-PRO 

分 类 号：TN911.34[电子电信—通信与信息系统] TP393[电子电信—信息与通信工程]