Privacy Protection Based Access Control Scheme in Cloud-Based Services  被引量：3

作　　者：Kai Fan Qiong Tian Junxiong Wang Hui Li Yintang Yang 

机构地区：[1]State Key Laboratory of Integrated Service Networks,Xidian University,Xi'an,710071,China [2]Key Lab.of the Minist.of Educ.for Wide Band-Gap Semiconductor Materials and Devices,Xidian University,Xi'an,710071,China

出　　处：《China Communications》2017年第1期61-71,共11页中国通信（英文版）

基　　金：financially supported by the National Natural Science Foundation of China(No.61303216,No.61272457,No.U1401251,and No.61373172);the National High Technology Research and Development Program of China(863 Program)(No.2012AA013102);National 111 Program of China B16037 and B08038

摘　　要：With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection(PS-ACS). In the PS-ACS scheme, we divide users into private domain(PRD) and public domain(PUD) logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption(KAE) and the Improved Attribute-based Signature(IABS) respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption(CP-ABE) scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users' privacy in cloud-based services.With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection（PS-ACS）. In the PS-ACS scheme, we divide users into private domain（PRD） and public domain（PUD） logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption（KAE） and the Improved Attribute-based Signature（IABS） respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption（CP-ABE） scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users＇ privacy in cloud-based services.

关 键 词：access control data sharing privacy protection cloud-based services 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]