关键词: 云存储, 密文访问控制, 基于密文策略的属性加密, 代理重加密, 密钥分割

Abstract: This paper presents an efficient, fine-grained and flexible access control scheme for the cloud storage at a scenario of the ciphertext-policy attribute-based encryption (CP-ABE). This scheme combines the techniques of segmentation of secret key and proxy re-encryption, and cloud service provider (CSP) will do most of re-encryption computing when the permission is revoked, which greatly reduces the computational cost of data owner (DO). Compared with existing schemes, this new scheme not only supports a variety of threshold gates access control pol-icy, but also supports two different revoking units including attributes set and different user having the same attrib-utes set when the permission is revoked. Finally the paper analyzes the security and runtime efficiency of the scheme. Experimental results show that the proposed scheme is superior to general schemes, especially considering cloud storage and the more users, the new scheme shows the more obvious advantages.

Key words: cloud storage, cryptographic access control, ciphertext-policy attribute-based encryption (CP-ABE), proxy re-encryption, segmentation of secret key