This paper presents an efficient, fine-grained and flexible access control scheme for the cloud storage at a scenario of the ciphertext-policy attribute-based encryption (CP-ABE). This scheme combines the techniques of segmentation of secret key and proxy re-encryption, and cloud service provider (CSP) will do most of re-encryption computing when the permission is revoked, which greatly reduces the computational cost of data owner (DO). Compared with existing schemes, this new scheme not only supports a variety of threshold gates access control pol icy, but also supports two different revoking units including attributes set and different user having the same attrib utes set when the permission is revoked. Finally the paper analyzes the security and runtime efficiency of the scheme. Experimental results show that the proposed scheme is superior to general schemes, especially considering cloud storage and the more users, the new scheme shows the more obvious advantages.%提出了一种在基于密文策略的属性加密(ciphertext-policy attribute-based encryption,CP-ABE)应用场景下,在云存储中实现高效、精细、灵活的密文访问控制的方案.新方案通过引入密钥分割技术和代理重加密技术,在权限撤销时将部分重加密工作转移给云服务提供商执行,大大降低了数据属主的计算代价.与现有方案相比,新方案不仅能够支持多种门限的精细的访问控制策略,而且在权限撤销时,既可以属性集为单位,又可以同一属性集下不同用户为单位.最后分析了方案的安全性,并测试了运行效率.实验结果表明,新方案明显优于一般方案,特别是考虑云存储及多用户情况下,新方案的优势更加明显.
展开▼
