计算机工程与应用 ›› 2015, Vol. 51 ›› Issue (23): 87-93.

• 网络、通信、安全 • 上一篇    下一篇

Hadoop环境中基于属性和定长密文的访问控制方法

张欣晨,杨  庚   

  1. 南京邮电大学 计算机学院,南京 210003
  • 出版日期:2015-12-01 发布日期:2015-12-14

Attribute-based access control model with constant-size ciphertext in Hadoop cloud environment

ZHANG Xinchen, YANG Geng   

  1. College of Computer Science and Technology, Nanjing University of Posts and Telecommunications, Nanjing 210003, China
  • Online:2015-12-01 Published:2015-12-14

摘要: 随着云计算技术的广泛应用,人们越来越关注安全和隐私问题。由于云端是第三方服务器,并非完全可信,数据属主需要将数据加密后再托管云存储。如何实现对加密数据的高效访问控制是云计算技术亟需解决的问题。结合Hadoop云平台、基于属性与固定密文长度的加密方案提出并实现了一种在Hadoop云环境下基于属性和固定密文长度的层次化访问控制模型。该模型不仅具有固定密文长度、层次化授权结构、减少双线性对计算量的特点;同时经过实验验证,该模型能够实现云计算环境下对加密数据的高效访问控制,并解决了云存储空间有限的问题。

关键词: 云计算, Hadoop, 层次化访问控制模型, 基于密文策略的属性加密(CP-ABE), 定长密文

Abstract: With the popularity of cloud computing, there have been increasing concerns on its security. Data owners have to encrypt outsourced data to enforce confidentiality as the cloud computing environment is untrusted. Therefore, how to achieve practicable access control of encrypted data in untrusted environment is an urgent issue to be solved. This paper proposes and implements a hierarchical attribute-based access control model with constant-size ciphertext in Hadoop cloud environment, which combines Hadoop cloud computing platform and an attribute-based encryption scheme with constant-size ciphertext. The model not only has characters of constant-size ciphertext, hierarchical authorization structure and reducing computation cost in encryption and decryption algorithms, but also through experimental verifications, the model can implement efficient access control of encrypted data in cloud environment and solve the problem of limitation of cloud storage space.

Key words: cloud computing, Hadoop, hierarchical access control model, Ciphertext-Policy Attribute-Based Encryption(CP-ABE), constant-size ciphertext