本文選題：屬性加密 + 多授權(quán)中心　； 參考：《蘭州理工大學》2013年碩士論文

【摘要】：近幾年來,云計算已經(jīng)從以前的新興技術(shù)發(fā)展成為當今的熱點技術(shù),這是一種全新的計算模型,它能將互聯(lián)的大規(guī)模計算存儲資源進行有效地整合,并把計算存儲資源以服務的形式提供給用戶。用戶可以利用互聯(lián)網(wǎng)絡按需隨時訪問虛擬計算機和存儲系統(tǒng),而不需考慮復雜龐大的底層實現(xiàn)和管理方法,大大降低了企業(yè)的實現(xiàn)難度與硬件投入。隨著國內(nèi)外云計算應用及研究的不斷發(fā)展,用戶與云計算平臺之間大量的數(shù)據(jù)交互,數(shù)據(jù)的傳輸和存儲都面臨巨大安全威脅,成為云計算安全中急需解決的一個重要問題。如何高效安全地實現(xiàn)云端大量存儲數(shù)據(jù)的訪問控制,成為了云計算技術(shù)研究的重點課題之一。 本文先介紹了云計算的相關(guān)概念和基礎(chǔ)知識,討論了在實際應用中制約云計算發(fā)展的云存儲數(shù)據(jù)訪問控制的安全問題,即如何高效安全地實現(xiàn)云存儲數(shù)據(jù)的訪問控制,進而提出云數(shù)據(jù)存儲的安全解決方案。為了達到云存儲數(shù)據(jù)訪問控制的靈活性、細粒度性、可擴展性、保密性、動態(tài)性,我們使用了多授權(quán)中心的屬性加密(multi-authority attribute-based encryption,MA-ABE)機制和代理重加密技術(shù)。在現(xiàn)有的云存儲屬性機密方案中,密鑰管理任務繁重,單授權(quán)中心安全性脆弱,要么沒有加入隨機化參數(shù)產(chǎn)生合謀攻擊威脅,要么不能實時撤銷用戶產(chǎn)生重放攻擊威脅,為此我們在前人研究的基礎(chǔ)上,提出了一種安全有效的基于MA-ABE的云存儲訪問控制策略,并詳細給出了MA-ABE算法和云存儲訪問控制實現(xiàn)過程,該方案把數(shù)據(jù)文件分為“數(shù)據(jù)頭”和“數(shù)據(jù)正文”兩部分,極大地提高了云存儲數(shù)據(jù)資源的安全性,能更有效的支持多用戶、多屬主的復雜場景,更加符合實際的云存儲環(huán)境。 最后我們在隨機預言機模型中,證明了本方案是語義安全的；同時對方案的效率進行了詳細分析,通過與現(xiàn)有的文獻對比,表明我們的方案具有更高的安全性、靈活性、細粒度性、可擴展性、動態(tài)性,更適合于云存儲中較大規(guī)模數(shù)據(jù)的訪問控制,不會因為數(shù)據(jù)的增大而影響計算復雜度。
[Abstract]:In recent years, cloud computing has developed from the former emerging technology to the current hot technology, this is a new computing model, it can connect large-scale computing storage resources for effective integration, The computing storage resource is provided to the user in the form of service. Users can use the Internet to access virtual computers and storage systems on demand at any time, without considering the complex and huge implementation and management methods, which greatly reduces the implementation difficulty and hardware investment of enterprises. With the continuous development of cloud computing applications and research at home and abroad, a large number of data interaction between users and cloud computing platform, data transmission and storage are facing a huge security threat, which has become an important issue in cloud computing security. How to realize the access control of cloud storage data efficiently and safely has become one of the key research topics of cloud computing technology. This paper first introduces the related concepts and basic knowledge of cloud computing, and discusses the security problem of cloud storage data access control which restricts the development of cloud computing in practical applications, that is, how to implement cloud storage data access control efficiently and safely. Furthermore, a security solution for cloud data storage is proposed. In order to achieve the flexibility, fine granularity, scalability, confidentiality and dynamics of cloud storage data access control, we use the attribute encryption multi-authority attribute-based encryption mechanism of multi-authorization center and agent reencryption technology. In the existing cloud storage attribute secret scheme, the task of key management is heavy, the security of single authorization center is fragile, either the randomization parameter is not added to create collusion attack threat, or the threat of replay attack can not be revoked in real time. On the basis of previous research, we propose a safe and effective cloud storage access control strategy based on MA-ABE, and give the MA-ABE algorithm and the implementation process of cloud storage access control in detail. The scheme divides the data file into two parts: "data head" and "data body", which greatly improves the security of cloud storage data resources, supports multi-user and multi-host complex scenarios more effectively, and conforms to the actual cloud storage environment. Finally, in the random oracle model, we prove that the scheme is semantically secure, and at the same time, the efficiency of the scheme is analyzed in detail, and compared with the existing literature, it shows that our scheme has higher security and flexibility. Fine-grained, extensible and dynamic, it is more suitable for the access control of large scale data in cloud storage, and will not affect the computational complexity because of the increase of data.
【學位授予單位】：蘭州理工大學
【學位級別】：碩士
【學位授予年份】：2013
【分類號】：TP333;TP309

【參考文獻】

相關(guān)期刊論文 前8條

1 呂志泉;張敏;馮登國;;云存儲密文訪問控制方案[J];計算機科學與探索;2011年09期

2 陳康;鄭緯民;;云計算:系統(tǒng)實例與研究現(xiàn)狀[J];軟件學報;2009年05期

3 蘇金樹;曹丹;王小峰;孫一品;胡喬林;;屬性基加密機制[J];軟件學報;2011年06期

4 陳龍;肖敏;;云計算安全:挑戰(zhàn)與策略[J];數(shù)字通信;2010年03期

5 洪澄;張敏;馮登國;;面向云存儲的高效動態(tài)密文訪問控制方法[J];通信學報;2011年07期

6 唐強;姬東耀;;多授權(quán)中心可驗證的基于屬性的加密方案[J];武漢大學學報(理學版);2008年05期

7 彭安鑫;石磊;;云計算技術(shù)概述[J];網(wǎng)絡安全技術(shù)與應用;2011年06期

8 石利平;;淺析基于Web的云存儲技術(shù)[J];現(xiàn)代計算機(專業(yè)版);2010年03期

，

本文編號：1964763