In order to improve the security and efficiency of data access control under multi-authority environment,this paper proposed a multi-authority and revocable access control in clouds (MARACC),which was an efficient data access control scheme for multi-authority in cloud storage systems.In MARACC,in order to eliminate the security risk introduced by central authority and collusion attack,different attributes authorities and DO generated the attribute-based secret key components respectively.Furthermore,it enabled user and attribute revocation respectively,which achieved fine-grained access control.Finally,it gave the security proof by using the decisional bilinear Diffie-Hellman (DBDH) assumption.The analysis and simulation results show that the proposed scheme is secure and efficient.%针对跨域云数据访问控制中的安全性和有效性问题,提出了一种云存储下基于多授权机构ABE的可撤销访问控制方案.通过建立分散授权结构,由各属性授权机构(attribute authority,AA)和数据属主(data ow-ner,DO)分别产生各部分密钥组件,从而避免由于中央授权机构(central authority,CA)而引入的安全风险,以及用户和授权机构之间的联合攻击.此外,本方案将权限撤销分为用户权限撤销和属性权限撤销,以较少的计算代价实现了访问控制权限的细粒度撤销,并利用双线性判定Diffie-Hellman(DBDH)假设理论分析了方案的安全性.并且通过实验验证了此方案在多授权主体共存的云存储环境下能够安全、高效地实现访问控制和权限撤销.
展开▼
