摘要
针对传统云端数据访问控制方案中存在用户无法在不下载密文数据的情况下对存储在云服务器上的数据进行完整性验证和仲裁,以及验证流程中存在对第三方机构的可信依赖问题,提出一种去中心化密文属性基加密及审计方法(A decentralized ciphertext attribute-based encryption and auditing method, D-CPABEA)。该方法利用同态签名技术,使用户能在不下载密文数据的情况下对云端数据进行完整性验证;通过基于区块链的多属性授权机构,实现去中心化用户密钥生成,可防止未授权用户与属性授权机构进行合谋攻击;采用基于密文属性基加密的访问控制机制实现了对云端数据的动态访问控制;采用链上智能合约技术,解决了现有云端数据审计方案完整性验证流程中对可信审计机构依赖的问题。安全分析与实验验证结果表明该方法具有良好的安全性与可用性。
To address issues in traditional cloud data access control schemes,where users cannot verify the integrity of data stored on cloud servers or perform arbitration without downloading the ciphertext data,and where the verification process relies on the trustworthiness of third-party agencies,we propose a decentralized ciphertext attribute-based encryption and auditing method(D-CPABEA).This method employs homomorphic signature technology,enabling users to verify the integrity of cloud data without downloading ciphertext data.A multi-attribute authority based on blockchain enables decentralized user key generation,effectively preventing unauthorized users and attribute authorities from colluding.By adopting an access control mechanism based on ciphertext attribute-based encryption,this method achieves dynamic access control over cloud data.Furthermore,the use of smart contracts on the blockchain eliminates dependency on trusted auditing agencies in the data integrity verification process of current cloud auditing schemes.Security analysis and experimental results demonstrate that the proposed method provides robust security and usability.
作者
唐杨
田达
唐寅
徐志鹏
朱柏魁
TANG Yang;TIAN Da;TANG Yin;XU Zhi-peng;ZHU Bo-kui(School of Computer Science,Chengdu University of Information Technology,Chengdu 610225,China;Nanjing Electronic Equipment Research Institute,Nanjing 210007,China)
出处
《计算机技术与发展》
2025年第7期71-78,共8页
Computer Technology and Development
基金
中国工程院战略研究与咨询项目(2022-XY-111)。
关键词
去中心化
同态签名
云存储
完整性验证
访问控制
decentralization
homomorphic signature
cloud storage
integrity verification
access control
