Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage

A multi-organization hierarchical, attribute-based encryption technology, applied in the field of computer security, can solve the problems of reducing the flexibility of access control and lack of flexibility of access.

Inactive Publication Date: 2014-03-05
NANJING UNIV OF POSTS & TELECOMM
View PDF2 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this mechanism only supports the basic ABE method and lacks the flexibility of access
[0005] Secondly, in a large number of CP-ABE-based models, there is only one attribute set in the access structure, and access policies can only be satisfied through various combinations of attributes, which greatly reduces the flexibility of access control.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage
  • Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage
  • Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0078] The mathematical knowledge involved in the present invention is defined below:

[0079] Definition 1 (bilinear mapping): Let the group G 1 and G 2 is a multiplicative cyclic group of order p, let G 1 One of the generators is g, and there is a bilinear pairing map satisfy the following properties:

[0080] Bilinearity: Assume that for all g, h ∈ G1 , a, b ∈ Z p , there is e(g a , h b ) = e(g, h) ab .

[0081] Non-degenerate: there exists g, h ∈ G 1 , so that e(g,h)≠1.

[0082] Computability: Any g, h∈G 1 , there exists a polynomial time algorithm to compute e(g, h) results.

[0083] like figure 1 As shown, the present invention provides the architecture of the HM-ABE system, and the system is composed of the following five parts: Cloud Server (CSP), Trusted Central Authorization Center (TA), Subordinate Authorization Center (AA), Data Owner (DO) and User. CSP provides cloud data storage services; TA is a trusted central authorization center, responsible fo...

Embodiment 2

[0133] like figure 2 As shown, a data owner DO uploads a file File to the cloud, and the user User obtains the ciphertext of the File from the cloud and uses its private key SK to decrypt it.

specific Embodiment approach

[0134] Then its specific implementation method is:

[0135] (1) The authorization center determines the depth of recursion, selects the bilinear map and bilinear group, generates the system master key MK and public key PK, retains MK, and discloses PK;

[0136] (2) The authorization center distributes the master key of the next-level authorization (execute this step when there is a sub-center);

[0137] (3) The central authorization center accepts the user identity file and generates attribute set A for it;

[0138] (4) Each authorization center generates a key SK for the user and distributes it to the user;

[0139] Key structure: the key structure of the present invention is hierarchical, so that the elements in the key can be either a single user attribute or a recursive attribute subset; when the system is initialized, the hierarchy of the key structure is defined The depth is depth to limit the maximum number of recursions; assuming depth=3, the elements of the first la...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multi-mechanism hierarchical attribute-based encryption method applied to cloud storage. The method comprises the steps that authorization centers determine recursion depths, select bilinear mappings and bilinear groups, generate a system MK and a PK, reserve the MK, and disclose the PK; the authorization centers allocate a master key authorized at the next stage (the step is executed when a subcenter exists); the central authorization center receives a user identity file and generates an attribute set A for the user identity file; the authorization centers generate a secret key SK for a user and distribute the SK to the user; a data owner DO generates an access strategy tree, the file is encrypted through an Encrypt method, and a ciphertext CT is uploaded to the cloud end; the user sends a request to the cloud end to have access to the file, the CT of the file is sent back through the cloud end, the user decrypts the file by means of the SK, and only when the attribute in the user SK meets an access control strategy of the file, complete decryption can be achieved; if decryption succeeds, a plaintext M is obtained by the user; if decryption does not succeed, it is shown that the user has no right to have access to the file.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a multi-organization hierarchical attribute-based encryption method applied to cloud storage. Background technique [0002] Cloud storage is developed and extended from the basis of cloud computing, and provides data outsourcing storage services for data users in the cloud. This new storage model has attracted extensive attention from academia and industry. However, when cloud storage is applied to real life, it still faces the following three major challenges: first, to protect the confidentiality of data. When the user's sensitive data is stored on the cloud server, the data security has certain risks. On the one hand, the server may check user data or illegally spy on user privacy; on the other hand, unauthorized users may illegally eavesdrop on private data. Second, protect user identity information from being leaked. In recent years, identity privacy protection...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08H04L9/32H04L9/30
Inventor 陈丹伟樊晓唯任勋益何利文王志伟
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap