摘要
为了高效地实现云端数据的存储和传输安全,提出一种结合数字信封技术的改进的密文策略的属性加密机制(CPABE)云存储安全模型。该模型在不影响云服务性能的前提下保护用户的敏感数据,在数据未上传至云端前对数据进行本地加密;加密密钥通过CP-ABE机制以保证密钥不会被非法用户获取,并通过数字信封技术确保数据在传输过程中的完整性和保密性。新模型还结合动态口令(OTP)对用户进行登录校验,从而有效阻止非授权用户对数据的访问。仿真实验表明,改进的模型能够安全有效地保护用户的机密数据,阻止恶意用户对云服务器的非法访问。通过和现有云存储安全方案进行时间性能对比,改进的CP-ABE方案加密效率和安全性能有较大幅度提高。
In order to efficiently achieve the security of cloud data storage and transmission, we propose an improved cloud storage security model of ciphertext-policy attribute-based encryption (CP-ABE) which combines the digital envelopes technology. The model, under the premise of not affecting the cloud service performance, protects user' s sensitive data and makes local encryption on data before the data uploading to the cloud. Through CP-ABE mechanism the encryption keys is ensured not to be obtained by illegal users, and through digital envelopes technology it ensures the integrity and confidentiality of data in transit. The new model also combines with the one-time password (OTP) for checking the login of users, thus effectively prevents the access to the data by unauthorised users. Simulation experiment shows that the improved model can safely and effectively protect user's confidential data, blocks the illegal access to the cloud server by malicious users. By comparing time performance with existing cloud storage security solutions, the encryption efficiency and safety performance of the impr-;ved CP-ABE model are improved greatly.
出处
《计算机应用与软件》
CSCD
2016年第9期313-319,共7页
Computer Applications and Software
基金
国家自然科学基金项目(11062002
61363076)
江西省教育厅重点科技项目(GJJ13435
GJJ14465)
江西省自然科学基金项目(20142BAB207020)
关键词
云存储安全
属性加密机制
数字信封
动态口令
Cloud storage security Attribute-based encryption mechanism Digital envelope One-time password
