Attribute-based data encryption method supporting dynamic user revocation in cloud storage environment

A data encryption and cloud storage technology, which is applied in the field of data encryption in cloud storage environment, can solve data leakage and other problems, and achieve the effect of improving security, high security, and avoiding legal access

Active Publication Date: 2017-08-11
深圳大数信科技术有限公司
View PDF2 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The purpose of the present invention is to solve the problem that legitimate users can still access data after logout in the existing cloud storage data technology, which may easily cause data leakage

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attribute-based data encryption method supporting dynamic user revocation in cloud storage environment
  • Attribute-based data encryption method supporting dynamic user revocation in cloud storage environment
  • Attribute-based data encryption method supporting dynamic user revocation in cloud storage environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] In order to solve the problem in the existing cloud storage data technology that legitimate users can still access data after logout and easily cause data leakage, this embodiment provides a method such as figure 1 In the shown cloud storage environment, the attribute-based data encryption method that supports dynamic revocation by users firstly uses the partial key generated by CSP and the unique identifier generated by AC for the user to jointly generate U’s private key; then U that satisfies the access structure T uses its own The private key to decrypt encrypted data stored in the cloud. When a registered legal user logs out, the CSP updates some keys and completes the update of the relevant ciphertext, and the unregistered user completes the private key sk u However, users who have logged out cannot decrypt correctly, thereby protecting the confidentiality of shared data. The specific functions of the participants are as follows: figure 1 shown.

[0045] An attr...

Embodiment 2

[0068] User Registration Algorithm

[0069] The above-mentioned D is registered with the CSP: D needs to register before storing data, and the CSP verifies the authenticity of D’s identity ID, and returns k to D through a secure channel for successful registration.

[0070] User U registers in CSP: User U according to CSP attribute set Ω={L 1 , L 2 ,...,L n}, generating its own attribute set in And l j ∈Ω, 1≤j≤n, and submit the identity ID and personal attribute set w to the CSP, and the CSP returns the partial key k to U through a secure channel.

[0071] Encryption Algorithm

[0072] Before uploading the shared data, D constructs the access structure tree T with attributes in the access structure as leaf nodes and threshold logic symbols (AND, OR) as intermediate nodes. Then D converts the plaintext m ∈ G 1 Encryption is performed under the specified access structure tree T. D randomly selected Assign the value to the root node of the access structure and mark t...

Embodiment 3

[0078] Using the attribute-based data encryption method in the cloud storage environment shown in Embodiment 1 and Embodiment 2 to support user dynamic revocation and comparing with several existing schemes mainly consider the length of the user’s private key, the storage cost of the ciphertext length, and the user’s The calculation cost of the private key and the calculation cost of the ciphertext. In Table 1, n represents the number of system attributes, n i Indicates the number of values ​​of the i-th attribute, |w|(|w|≤n) indicates the number of attributes of the user's private key, |G| and |G 1 | represent G and G respectively 1 The length of the elements in, t m Indicates the calculation cost of unit power multiplication, t p Indicates the calculation cost of unit dot multiplication. The specific comparison results are shown in Table 1 and Table 2.

[0079] Table 1 Storage overhead comparison

[0080]

[0081] Table 2 Computational overhead comparison

[0082] ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an attribute-based data encryption method supporting dynamic user revocation in a cloud storage environment. An authority centre is introduced; therefore, a part of works of a cloud storage centre can be shared; furthermore, the cloud storage centre can be limited; the data security problem due to the fact that the control right of the cloud storage centre on data is too high can be avoided; furthermore, by means of the attribute-based data encryption method supporting dynamic user revocation in the cloud storage environment, after a legal data user logs out, the cloud storage centre updates a small amount of ciphertext components in a system; the betraying problem due to illegal access of the logout user to data can be avoided; other non-logout users still can normally decrypt updated ciphertexts by updating a small amount of ciphertext components in time; therefore, the data security is improved; furthermore, the data calculation amount, the storage amount, the data updating transmission amount can be greatly reduced due to change of a part of components; and thus, the attribute-based data encryption method has the characteristics of being high in security and low in calculation amount, storage amount and communication amount.

Description

technical field [0001] The invention belongs to the technical field of data encryption in a cloud storage environment, and relates to an attribute-based data encryption method that supports user dynamic revocation in a cloud storage environment. Background technique [0002] With the development of cloud storage technology, more and more users choose to use the cloud platform to store and share data. When users use the cloud storage environment to store and share unencrypted data, there are security risks of message and privacy leakage. To ensure data security, users encrypt their private data and store it in an open cloud storage environment. How to establish ciphertext access control in the cloud storage environment and the backward security of data brought about by the revocation of registered users are urgent problems to be solved. For example, in the actual application of cloud storage environment, users who satisfy the access structure must first register in the stor...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/08H04L29/06
CPCH04L9/0869H04L9/0891H04L63/0218H04L63/0428H04L63/068H04L63/083H04L63/10
Inventor 李艳平齐艳姣鲁来凤
Owner 深圳大数信科技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap