多云服务提供者环境下的一种用户密钥撤销方法

doi:10.11999/JEIT150205

Abstract
Figure/Table
References (23)
Related Citation (15)

Download: PDF (338 KB)
Export: BibTeX | EndNote (RIS)

Abstract

Key information leakage is one of the most serious problems in Intercloud service, to solve this problem, a scheme of user key revocation on attribute-based ring signatures is proposed. Focused on user ciphertext access in Intercloud, the mechanism of ciphertext matrixes mapping without attribute leakage is discussed, multi-authority can extend attribute sets for generation key, then full user attributes can not be acquired by Cloud Service Providers (CSP), thus overhead on attribute storage is reduced. In addition, user signature verification revocation based on revocable ring and monotone span programs is designed, which constitutes ring of CSPs, authorities and users. Receiving CSP can define ciphertext access structure, users can access ciphertext through source CSP verifying, and authorities can remove decryption key from attribute-lost users without affecting any other users. The mechanism of collusion resistance with integrating attributes on the basis of Ciphertext-Policy Attribute Base Encryption (CP-ABE) and monotone span programs is discussed, with which user attribute confidentiality can be protected from leakage. Finally, to prove the effectiviness of the proposed model, the performance analysis of communication cost and computational efficiency are verified.

Key words： Cloud computing Ring signature Access structure Verify Collusion

Received: 03 February 2015 Published: 26 June 2015

PACS:

TP393.08

Corresponding Authors: Li Shuan-bao E-mail: phdfuli@whu.edu.cn

	Service

	E-mail this article
	Add to my bookshelf
	Add to citation manager
	E-mail Alert
	RSS
	Articles by authors
	Li Shuan-bao
	Wang Xue-rui
	Fu Jian-ming
	Zhang Huan-guo

Cite this article:

Li Shuan-bao,Wang Xue-rui,Fu Jian-ming等. User Key Revocation Method for Multi-cloud Service Providers[J]. JEIT, 2015, 37(9): 2225-2231.

URL:

http://jeit.ie.ac.cn/EN/10.11999/JEIT150205 OR http://jeit.ie.ac.cn/EN/Y2015/V37/I9/2225

[1]	Buyya R, Ranjan R, and Calheiros N R. InterCloud: utility- oriented federation of cloud computing environments for scaling of application services[C]. Proceedings of Algorithms and Architectures for Parallel Processing, Berlin, 2010: 13-31.
[2]	Alliance C S. The notorious nine cloud computing top threats in 2013[OL]. http://cloudsecurityalliance.org/research/top threats, 2013.9.
[3]	李拴保, 傅建明, 张焕国. 环境下基于环签密的用户身份属性保护方案[J]. 通信学报，2014, 35(9): 99-111.
	Li Shuan-bao, Fu Jian-ming, and Zhang Huan-guo. Scheme on user identity attribute preserving based on ring signcryption for cloud computing[J]. Journal on Communications, 2014, 35(9): 99-111.
[4]	冯登国, 张敏, 杨妍妍. 云计算安全研究[J]. 软件学报, 2011, 22(1): 71-83.
	Feng Deng-guo, Zhang Min, and Yang Yan-yan. Study on cloud computing security[J]. Journal of Software, 2011, 22(1): 71-83.
[5]	Liu D Y W, Liu J K, and Mu Y. Revocable ring signature[J]. Journal of Computer Science and Technology, 2007, 12(6): 785-794.
[6]	Chuang I-hsun and Li Syuan-hao. An effective privacy protection scheme for cloud computing[C]. Proceedings of Advanced Communication Technology, Gangwon-Do, 2011: 260-265.
[7]	Wang Guo-jun and Liu Qin. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[C]. Proceedings of Computer and Communications Security, Pairs, 2010: 735-737.
[8]	Sherman S M C and He Yi-jun. Simple privacy-preserving identity-management for cloud environment[C]. Proceedings of Applied Cryptography and Network Necurity, Berlin, 2012: 526-543.
[9]	Mao Shao-wu and Zhang Huan-guo. A resistant quantum key exchange protocol and its corresponding encryption scheme [J]. China Communications, 2014, 11(9): 12-23.
[10]	张倩颖, 冯登国, 赵世军. 基于可信芯片的平台身份证明方案研究[J]. 通信学报，2014, 35(8): 95-106.
	Zhang Qian-ying, Feng Deng-guo, and Zhao Shi-jun. Research of platform identity attestation based on trusted chip[J]. Journal on Communications, 2014, 35(8): 95-106.
[11]	冯登国, 张敏, 李昊. 大数据隐私与安全保护[J]. 计算机学报, 2014, 37(1): 246-258.
	Feng Den-guo, Zhang Min, and Li Hao. Big data privacy and security protection[J]. Journal of Computer, 2014, 37(1): 246-258.
[12]	Yu Shu-cheng and Wang Cong. Achieving secure, scalable, and fine-grained data access control in cloud computing[C]. Proceedings of Computer Communications, Pairs, 2010b: 15-19.
[13]	Yu Shu-cheng and Wang Cong. Attribute based data sharing with attribute revocation[C]. Proceedings of Information, Computer and Communications Security, Pairs, 2010a: 261-270.
[14]	Dalia K. Attribute based group signature with revocation [OL]. http://eprint.iacr.org/2007/241.pdf, 2007.6.
[15]	Wang Guo-jun and Liu Qin. Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers[J]. Computers &Security, 2011, 30(3): 320-331.
[16]	Wei Li-fei and Zhu Hao-jin. Security and privacy for storage and computation in cloud computing[J]. Information Sciences, 2014, 258: 371-386.
[17]	Adeela W and Asad R. A framework for preservation of cloud users’ data privacy using dynamic reconstruction of metadata [J]. Journal of Network and Computer Applications, 2013, 36(2): 235-248.
[18]	Dan B and Matt F. Identity-based encryption from the weil pairing[C]. Proceedings of Cryptology, Berlin, 2001: 213-229.
[19]	Zhang Yan, Feng Deng-guo, and Zhang Zheng-feng. On the security of an efficient attribute-based signature[C]. Proceedings of Network and System Security, Berlin, 2013: 381-392.
[20]	Jin Li and Kwangjo. Attribute based ring signatures[OL]. http:// eprint.iacr.org/2008/394.pdf, 2008.6.
[21]	Lewko A and Waters B. Decentralizing attribute-based encryption[C]. Proceedings of EUROCRYPT, Paterson, 2011: 568-588.
[22]	Bethencourt J, Sahai A, and Waters B. Ciphertext-policy attribute-based encryption[C]. Proceedings of the IEEE Security and Privacy, Paris, 2007: 321-334.
[23]	Shamir A. How to share secret[J]. Communication of Association for Computing Machinery, 2002, 40(11): 612-613.