|
|
User Key Revocation Method for Multi-cloud Service Providers |
Li Shuan-bao①②③ Wang Xue-rui④ Fu Jian-ming①② Zhang Huan-guo①② |
①(Key Lab of Aerospace Information Security and Trusted Computing Ministry of Education, Wuhan 430072, China)
②(School of Computer, Wuhan University, Wuhan 430072, China)
③(Henan College of Finance and Taxation, Zhengzhou 451464, China)
④(College of Computer Science and Technology of Henan Institute of Engineering, Zhengzhou 451191, China) |
|
|
Abstract Key information leakage is one of the most serious problems in Intercloud service, to solve this problem, a scheme of user key revocation on attribute-based ring signatures is proposed. Focused on user ciphertext access in Intercloud, the mechanism of ciphertext matrixes mapping without attribute leakage is discussed, multi-authority can extend attribute sets for generation key, then full user attributes can not be acquired by Cloud Service Providers (CSP), thus overhead on attribute storage is reduced. In addition, user signature verification revocation based on revocable ring and monotone span programs is designed, which constitutes ring of CSPs, authorities and users. Receiving CSP can define ciphertext access structure, users can access ciphertext through source CSP verifying, and authorities can remove decryption key from attribute-lost users without affecting any other users. The mechanism of collusion resistance with integrating attributes on the basis of Ciphertext-Policy Attribute Base Encryption (CP-ABE) and monotone span programs is discussed, with which user attribute confidentiality can be protected from leakage. Finally, to prove the effectiviness of the proposed model, the performance analysis of communication cost and computational efficiency are verified.
|
Received: 03 February 2015
Published: 26 June 2015
|
|
Corresponding Authors:
Li Shuan-bao
E-mail: phdfuli@whu.edu.cn
|
|
|
|
[1] |
Buyya R, Ranjan R, and Calheiros N R. InterCloud: utility- oriented federation of cloud computing environments for scaling of application services[C]. Proceedings of Algorithms and Architectures for Parallel Processing, Berlin, 2010: 13-31.
|
[2] |
Alliance C S. The notorious nine cloud computing top threats in 2013[OL]. http://cloudsecurityalliance.org/research/top threats, 2013.9.
|
[3] |
李拴保, 傅建明, 张焕国. 环境下基于环签密的用户身份属性保护方案[J]. 通信学报,2014, 35(9): 99-111.
|
|
Li Shuan-bao, Fu Jian-ming, and Zhang Huan-guo. Scheme on user identity attribute preserving based on ring signcryption for cloud computing[J]. Journal on Communications, 2014, 35(9): 99-111.
|
[4] |
冯登国, 张敏, 杨妍妍. 云计算安全研究[J]. 软件学报, 2011, 22(1): 71-83.
|
|
Feng Deng-guo, Zhang Min, and Yang Yan-yan. Study on cloud computing security[J]. Journal of Software, 2011, 22(1): 71-83.
|
[5] |
Liu D Y W, Liu J K, and Mu Y. Revocable ring signature[J]. Journal of Computer Science and Technology, 2007, 12(6): 785-794.
|
[6] |
Chuang I-hsun and Li Syuan-hao. An effective privacy protection scheme for cloud computing[C]. Proceedings of Advanced Communication Technology, Gangwon-Do, 2011: 260-265.
|
[7] |
Wang Guo-jun and Liu Qin. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[C]. Proceedings of Computer and Communications Security, Pairs, 2010: 735-737.
|
[8] |
Sherman S M C and He Yi-jun. Simple privacy-preserving identity-management for cloud environment[C]. Proceedings of Applied Cryptography and Network Necurity, Berlin, 2012: 526-543.
|
[9] |
Mao Shao-wu and Zhang Huan-guo. A resistant quantum key exchange protocol and its corresponding encryption scheme [J]. China Communications, 2014, 11(9): 12-23.
|
[10] |
张倩颖, 冯登国, 赵世军. 基于可信芯片的平台身份证明方案研究[J]. 通信学报,2014, 35(8): 95-106.
|
|
Zhang Qian-ying, Feng Deng-guo, and Zhao Shi-jun. Research of platform identity attestation based on trusted chip[J]. Journal on Communications, 2014, 35(8): 95-106.
|
[11] |
冯登国, 张敏, 李昊. 大数据隐私与安全保护[J]. 计算机学报, 2014, 37(1): 246-258.
|
|
Feng Den-guo, Zhang Min, and Li Hao. Big data privacy and security protection[J]. Journal of Computer, 2014, 37(1): 246-258.
|
[12] |
Yu Shu-cheng and Wang Cong. Achieving secure, scalable, and fine-grained data access control in cloud computing[C]. Proceedings of Computer Communications, Pairs, 2010b: 15-19.
|
[13] |
Yu Shu-cheng and Wang Cong. Attribute based data sharing with attribute revocation[C]. Proceedings of Information, Computer and Communications Security, Pairs, 2010a: 261-270.
|
[14] |
Dalia K. Attribute based group signature with revocation [OL]. http://eprint.iacr.org/2007/241.pdf, 2007.6.
|
[15] |
Wang Guo-jun and Liu Qin. Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers[J]. Computers &Security, 2011, 30(3): 320-331.
|
[16] |
Wei Li-fei and Zhu Hao-jin. Security and privacy for storage and computation in cloud computing[J]. Information Sciences, 2014, 258: 371-386.
|
[17] |
Adeela W and Asad R. A framework for preservation of cloud users’ data privacy using dynamic reconstruction of metadata [J]. Journal of Network and Computer Applications, 2013, 36(2): 235-248.
|
[18] |
Dan B and Matt F. Identity-based encryption from the weil pairing[C]. Proceedings of Cryptology, Berlin, 2001: 213-229.
|
[19] |
Zhang Yan, Feng Deng-guo, and Zhang Zheng-feng. On the security of an efficient attribute-based signature[C]. Proceedings of Network and System Security, Berlin, 2013: 381-392.
|
[20] |
Jin Li and Kwangjo. Attribute based ring signatures[OL]. http:// eprint.iacr.org/2008/394.pdf, 2008.6.
|
[21] |
Lewko A and Waters B. Decentralizing attribute-based encryption[C]. Proceedings of EUROCRYPT, Paterson, 2011: 568-588.
|
[22] |
Bethencourt J, Sahai A, and Waters B. Ciphertext-policy attribute-based encryption[C]. Proceedings of the IEEE Security and Privacy, Paris, 2007: 321-334.
|
[23] |
Shamir A. How to share secret[J]. Communication of Association for Computing Machinery, 2002, 40(11): 612-613.
|
|
|
|