Support policy hidden multi-authorization center access control method, cloud storage system

Abstract

The invention belongs to the technical field of wireless communication networks, and discloses a multi-authorization center access control method supporting policy hiding and a cloud storage system, including: system initialization, including the initialization of global authentication center CA and attribute authorization center AA; attribute conversion, attribute The authorization center AA anonymizes the attributes it owns; access authorization, the attribute authorization center AA assigns the anonymized attribute set to the user, and generates the key required for decryption, including the proxy decryption key and the user decryption key; The data owner encrypts the file; the user sends a file access request to the cloud service provider, and the process includes outsourcing decryption by the cloud service provider and the final decryption by the user; revoking some users in the system. The invention has the advantages of high system efficiency, supports dynamic management of user rights, and the like, and can be used in a data information system to ensure the privacy and security of user data and access policies, reduce user computing overhead, and improve system efficiency.

Description

technical field [0001] The invention belongs to the technical field of wireless communication networks, and in particular relates to a multi-authorization center access control method supporting policy hiding and a cloud storage system. Background technique [0002] At present, the closest existing technology: In the past ten years, cloud computing has developed from an emerging business concept to one of the fastest growing fields in the ~IT~ industry. Cloud storage is a data outsourcing service technology derived and developed from the concept of cloud computing. It refers to the collection and collaboration of a large number of different types of storage devices in the network through application software through functions such as cluster applications, network technology, or distributed file systems. Work together to provide data access services externally, which has the advantages of low cost, easy-to-use interface and high scalability. In addition, as an effective comp...

AI Technical Summary

Problems solved by technology

[0010] (1) The access policy of most schemes is exposed in the ciphertext, which may reveal the privacy information of the data owner and data visitor. However, in some schemes that support policy hiding, there are still problems such as insufficient expressiveness of the access structure and low system efficiency.

[0011] (2) In the ~CP-ABE~ scheme based on the matrix access structure, the length of the ciphertext increases with the increase of the number of attributes, and there is a relatively serious problem of computational efficiency, especially the computational overhead of the client is too large, so that this kind of Access control mode is difficult to apply in practice

[0012] (3) The access control scheme of multiple authorization centers is more suitable for the cloud storage environment, but the existing schemes that support policy hiding are mostly based on a single authorization center, and the few existing schemes based on multiple authorization centers are not scalable enough, and there are large computing costs, The problem of not being able to effectively resist collusion attacks

[0013] The difficulty of solving the above technical problems: (1) The technical bottleneck of the attribute encryption system mainly lies in its heavy encryption and decryption calculation overhead, which is also an important reason why this technology is difficult to be practically applied at present

(2) The privacy protection problem of access policy and the system efficiency problem brought about by hiding the access policy are another important reason why attribute encryption technology is difficult to be practically applied at present

Images