Computer Engineering and Applications ›› 2022, Vol. 58 ›› Issue (21): 109-118.DOI: 10.3778/j.issn.1002-8331.2109-0202

• Network, Communication and Security • Previous Articles     Next Articles

Hierarchical Lightweight Access Control Scheme in Cloud Environment

TONG Qian, HE Heng, NIE Lei, ZHANG Panfeng   

  1. 1.College of Computer Science and Technology, Wuhan University of Science and Technology, Wuhan 430065, China
    2.Hubei Province Key Laboratory of Intelligent Information Processing and Real-Time Industrial System, Wuhan 430065, China
    3.College of Information Science and Engineering, Guilin University of Technology, Guilin, Guangxi 541004, China
  • Online:2022-11-01 Published:2022-11-01



  1. 1.武汉科技大学 计算机科学与技术学院,武汉 430065 
    2.湖北省智能信息处理与实时工业系统重点实验室,武汉 430065
    3.桂林理工大学 信息科学与工程学院,广西 桂林 541004

Abstract: Attribute-based encryption can realize fine-grained access control of ciphertext data and effectively solve the problem of data sharing in the cloud environment. Aiming at the problem that it is difficult for devices with limited computing capabilities to efficiently complete a large number of calculations in the attribute-based encryption process, this paper proposes a hierarchical lightweight access control scheme in cloud environment. This solution safely transfers most of the time-consuming encryption and decryption calculations to the cloud servers by introducing virtual attribute and dual keys, and optimizes the access structure. The data sharer only needs to encrypt multiple data with hierarchical access structure once, and the data requester can decrypt part or all of the ciphertext according to its attributes. Security analysis and performance evaluation show that the solution can achieve efficient and fine-grained ciphertext data access control in the cloud environment, significantly reducing the computing overhead of the client, and will not cause data leakage during the entire execution process.

Key words: attribute-based encryption, access control, hierarchical, computing transfer

摘要: 属性基加密能够实现密文数据的细粒度访问控制,有效地解决云环境中的数据共享问题。针对计算能力受限设备难以高效地完成属性基加密过程中大量计算的问题,提出一种云环境中层次化的轻量级访问控制方案。该方案通过引入虚拟属性和双密钥将大部分耗时的加解密计算安全地转移至云服务器,并对访问结构进行优化。数据分享者对访问结构具有层次关系的多份数据只需加密一次,同时数据请求者可以根据其属性解密部分或全部密文。安全性分析和性能评估表明该方案能够实现云环境中高效和细粒度的密文数据访问控制,使得用户端计算开销显著降低,且在整个执行过程中不会造成数据泄露。

关键词: 属性基加密, 访问控制, 层次化, 计算转移