In order to efficiently achieve the security of cloud data storage and transmission,we propose an improved cloud storage security model of ciphertext-policy attribute-based encryption (CP-ABE)which combines the digital envelopes technology.The model,under the premise of not affecting the cloud service performance,protects user’s sensitive data and makes local encryption on data before the data uploading to the cloud.Through CP-ABE mechanism the encryption keys is ensured not to be obtained by illegal users,and through digital envelopes technology it ensures the integrity and confidentiality of data in transit.The new model also combines with the one-time password (OTP)for checking the login of users,thus effectively prevents the access to the data by unauthorised users.Simulation experiment shows that the improved model can safely and effectively protect user’s confidential data,blocks the illegal access to the cloud server by malicious users.By comparing time performance with existing cloud storage security solutions,the encryption efficiency and safety performance of the improved CP-ABE model are improved greatly.%为了高效地实现云端数据的存储和传输安全,提出一种结合数字信封技术的改进的密文策略的属性加密机制(CP-ABE)云存储安全模型。该模型在不影响云服务性能的前提下保护用户的敏感数据,在数据未上传至云端前对数据进行本地加密;加密密钥通过 CP-ABE 机制以保证密钥不会被非法用户获取,并通过数字信封技术确保数据在传输过程中的完整性和保密性。新模型还结合动态口令(OTP)对用户进行登录校验,从而有效阻止非授权用户对数据的访问。仿真实验表明,改进的模型能够安全有效地保护用户的机密数据,阻止恶意用户对云服务器的非法访问。通过和现有云存储安全方案进行时间性能对比,改进的 CP-ABE方案加密效率和安全性能有较大幅度提高。
展开▼
