首页> 外文期刊>IEEE Transactions on Knowledge and Data Engineering >Privacy Preserving Policy-Based Content Sharing in Public Clouds
【24h】

Privacy Preserving Policy-Based Content Sharing in Public Clouds

机译:公共云中基于隐私保护策略的内容共享

获取原文
获取原文并翻译 | 示例

摘要

An important problem in public clouds is how to selectively share documents based on fine-grained attribute-based access control policies (acps). An approach is to encrypt documents satisfying different policies with different keys using a public key cryptosystem such as attribute-based encryption, and/or proxy re-encryption. However, such an approach has some weaknesses: it cannot efficiently handle adding/revoking users or identity attributes, and policy changes; it requires to keep multiple encrypted copies of the same documents; it incurs high computational costs. A direct application of a symmetric key cryptosystem, where users are grouped based on the policies they satisfy and unique keys are assigned to each group, also has similar weaknesses. We observe that, without utilizing public key cryptography and by allowing users to dynamically derive the symmetric keys at the time of decryption, one can address the above weaknesses. Based on this idea, we formalize a new key management scheme, called broadcast group key management (BGKM), and then give a secure construction of a BGKM scheme called ACV-BGKM. The idea is to give some secrets to users based on the identity attributes they have and later allow them to derive actual symmetric keys based on their secrets and some public information. A key advantage of the BGKM scheme is that adding users/revoking users or updating acps can be performed efficiently by updating only some public information. Using our BGKM construct, we propose an efficient approach for fine-grained encryption-based access control for documents stored in an untrusted cloud file storage.
机译:公共云中的一个重要问题是如何基于基于属性的细粒度访问控制策略(acps)有选择地共享文档。一种方法是使用诸如基于属性的加密和/或代理重新加密之类的公共密钥密码系统对具有不同密钥的满足不同策略的文档进行加密。但是,这种方法有一些缺点:无法有效地处理添加/撤消用户或身份属性以及策略更改。它要求保留同一文档的多个加密副本;它会产生很高的计算成本。对称密钥密码系统的直接应用也有类似的弱点,在该系统中,根据用户所满足的策略对用户进行分组,并将唯一密钥分配给每个组。我们观察到,在不利用公共密钥加密的情况下,并且通过允许用户在解密时动态导出对称密钥,可以解决上述缺陷。基于此想法,我们正式制定了一个称为广播组密钥管理(BGKM)的新密钥管理方案,然后给出了一个名为ACV-BGKM的BGKM方案的安全构造。这个想法是根据用户拥有的身份属性为他们提供一些秘密,然后允许他们根据他们的秘密和一些公共信息得出实际的对称密钥。 BGKM方案的主要优势在于,仅更新某些公共信息即可有效地执行添加用户/撤消用户或更新acps的操作。使用我们的BGKM构造,我们提出了一种有效的方法,用于对存储在不受信任的云文件存储中的文档进行基于细化加密的访问控制。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号