针对云存储服务中用户访问权限撤销计算与带宽代价过大、复杂度过高等问题,以密文策略的属性加密体制(CP-ABE)的密文访问控制方案作为理论背景,设计一种基于动态重加密的云存储权限撤销优化机制,即DR-PRO.该机制利用(k,n)门限方案,将数据信息划分成若干块,动态地选取某一数据信息块实现重加密,依次通过数据划分、重构、传输、提取以及权限撤销等子算法完成用户访问权限撤销的实现过程.通过理论分析与模拟实验评估表明,在保证云存储服务用户数据高安全性的前提下,DR-PRO机制有效地降低了用户访问权限撤销的计算与带宽代价,其性能效率得到了进一步优化与提高.%In order to solve the overhead computing and bandwidth,and high complexity problems existing in user access privilege revoking of cloud storage service,a dynamic re-encryption based cloud storage privilege revoking optimizing (DR-PRO)mechanism was designed,which takes the ciphertext access control scheme based on attribute encryption system of cipher-text scheme(CP-ABE)as the theoretical background. The (k,n) threshold scheme is adopted by DR-PRO mechanism to divide the data information into blocks,and select a certain data information block dynamically for re-encryption. The data information block is processed with the sub-algorithms of data division,reconstruction,transmission and extraction successively to accom-plish the realization process of user access privilege revoking. The theoretical analysis and experimental evaluation results show that,on the premise of ensuring the high data security of cloud storage service user,the DR-PRO mechanism reduced the over-head computing and bandwidth of the user access control privilege revoking efficiently,and its performance and efficiency were optimized and improved further.
展开▼
