CN114065265B - Fine-grained cloud storage access control method, system and equipment based on blockchain technology - Google Patents

Fine-grained cloud storage access control method, system and equipment based on blockchain technology Download PDF

Info

Publication number
CN114065265B
CN114065265B CN202111429870.7A CN202111429870A CN114065265B CN 114065265 B CN114065265 B CN 114065265B CN 202111429870 A CN202111429870 A CN 202111429870A CN 114065265 B CN114065265 B CN 114065265B
Authority
CN
China
Prior art keywords
data
node
access control
ciphertext
cloud storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111429870.7A
Other languages
Chinese (zh)
Other versions
CN114065265A (en
Inventor
熊安萍
余浩立
蒋溢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN202111429870.7A priority Critical patent/CN114065265B/en
Publication of CN114065265A publication Critical patent/CN114065265A/en
Application granted granted Critical
Publication of CN114065265B publication Critical patent/CN114065265B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The invention relates to the field of data security, in particular to a fine-grained cloud storage access control method, system and equipment based on a blockchain technology; constructing a cloud storage sharing model based on a blockchain technology, registering DO and DU to an intelligent contract and generating a private key; the DO encrypts the data file by using a symmetric key to obtain a data ciphertext, and uploads the data ciphertext to the CSP, and the CSP returns to a file storage address; the DO encrypts the symmetric key and the file storage address according to the private key, the model public key and the access control strategy tree, sends the attribute base ciphertext to the blockchain to form a block, and returns a block identifier; the DU sends a data request to the blockchain, returns a corresponding attribute base ciphertext, and decrypts a file storage address and a symmetric key of the data file; the DU sends a request to the CSP according to the decryption address, and decrypts the data file from the data ciphertext returned by the CSP by using the decrypted symmetric key. The invention ensures the security of key transmission and data transmission.

Description

Fine-grained cloud storage access control method, system and equipment based on blockchain technology
Technical Field
The invention relates to the field of data security, in particular to a fine-grained cloud storage access control method, a fine-grained cloud storage access control system and fine-grained cloud storage access control equipment based on a blockchain technology.
Background
Cloud computing is a new computing model, and a large number of computing resources connected by a network are uniformly managed and scheduled to form a computing resource center for providing services for users. The cloud computing has the characteristics of high flexibility, expandability, high price and the like, so that more and more organizations and individuals choose to outsource data to the cloud computing service. At present, cloud storage is the most popular cloud computing service, and various storage devices on a network are cooperated through software by using cluster application, network technology or a distributed file system, so that the functions of data storage and service access are provided for the outside. With the development of cloud computing scale and technology, cloud security problems have become an important factor restricting the development of cloud computing.
In conventional access control systems, the rights of the data users are typically managed by the data owner or a trusted third party. Access control defines what operations can be performed on which objects by which principals through an authorization list or access control list, in which way policies can be flexibly adjusted. However, as the number of users and the amount of data increases, the access control list becomes huge and is not easy to maintain. Meanwhile, the calculation and storage modes of cloud computing are greatly different from those of the traditional calculation model, and the cloud computing is mainly characterized in the following five aspects: 1) The user cannot control the resources in the cloud; 2) Lack of trust between the user and the cloud; 3) Migration techniques may result in data altering the security domain; 4) Multi-tenant technology causes access principals to redefine; 5) Virtualization techniques may result in resources being stolen on the same physical device. Many studies on cloud access control have emerged in the academia, but most of them are based on centralized storage and management modes of identity, key, rights, etc., so there are still security and privacy issues, external attackers may attack trusted centers, malicious cloud system administrators may use privileges to illegally access resources or tamper with databases for illegitimate access.
Traditional encryption schemes (CP-ABE) based on ciphertext policy attributes, ciphertext associated with access control policies and user private keys associated with attribute bases. The user can decrypt a given ciphertext if and only if its set of attributes satisfies the access policy established by the data owner. And the data user acquires the corresponding key from the attribute authorization center according to the attribute set owned by the data user. The data owner may control access to the data according to an access policy. In the scheme, however, one or more fully trusted attribute authorities or central authorities are required. If the central facility is damaged, the entire system will be compromised. Meanwhile, on the basis of fine-grained access control, the front-back security problem of access control policy change still needs to be considered. After the access control strategy is changed, the original authorized user can still acquire the data file by using the original information by the traditional encryption scheme based on the ciphertext strategy attribute, and obviously, the security of the data after the strategy is changed cannot be ensured.
Disclosure of Invention
Aiming at the technical problems that an actual data sharing model depends on a centralization mechanism, the current CP-ABE scheme can not realize flexible change of an access control strategy, the safety before and after the change can not be ensured, and the like, the method solves the technical problems. According to the invention, a blockchain technology and a ciphertext policy attribute-based encryption algorithm are combined, an access control mechanism is researched in the cloud storage background, and a fine-grained cloud storage access control method, system and equipment based on the blockchain technology are provided, so that the access control singlepoint problem can be solved, fine-grained access control on cloud storage data is realized, and the aim of safe sharing of the data is fulfilled; meanwhile, the dynamic change operation of the access control strategy can be supported to face a wider application scene.
In a first aspect of the present invention, the present invention provides a blockchain technology-based fine-grained cloud storage access control method that can flexibly change policies, the method comprising:
Constructing a cloud storage sharing model based on a blockchain technology, comprising a cloud storage server, a data owner, a data requester and a blockchain, initializing the model by adopting the blockchain, and generating a public key and a master key parameter of the model;
The data owner and the data requester send the attribute set of the data owner and the data requester to the intelligent contract for registration, and a private key is generated according to private key intermediate information returned by the intelligent contract;
The data owner designates an access control policy tree for the data file, encrypts the data file by adopting a symmetric key to obtain a data ciphertext, and uploads the data ciphertext to a cloud storage server, and the cloud storage server returns a file storage address;
The data owner encrypts the symmetric key and the file storage address according to the private key, the public key of the model and the access control strategy tree, sends the attribute base ciphertext to a block chain to form a block, and returns a block identifier;
the data requester sends a data request to the blockchain, the blockchain returns a corresponding attribute base ciphertext, and after validity verification, the data requester decrypts a file storage address and a symmetric key of the data file;
And the data requester sends a request to the cloud storage server according to the decrypted file storage address, and decrypts the data file from the data ciphertext returned by the cloud storage server by using the decrypted symmetric key.
In a second aspect of the present invention, the present invention also provides a fine-grained cloud storage access control system based on blockchain technology, the system comprising a cloud storage server, a data owner, a data requester, and a blockchain; the system specifically comprises:
Constructing a cloud storage sharing model based on a blockchain technology based on a cloud storage server, a data owner, a data requester and a blockchain, initializing the model by adopting the blockchain, and generating a public key and a master key parameter of the model;
The data owner and the data requester send the attribute set of the data owner and the data requester to the intelligent contract for registration, and a private key is generated according to private key intermediate information returned by the intelligent contract;
The data owner designates an access control policy tree for the data file, encrypts the data file by adopting a symmetric key to obtain a data ciphertext, and uploads the data ciphertext to a cloud storage server, and the cloud storage server returns a file storage address;
The data owner encrypts the symmetric key and the file storage address according to the private key, the public key of the model and the access control strategy tree, sends the attribute base ciphertext to a block chain to form a block, and returns a block identifier;
the data requester sends a data request to the blockchain, the blockchain returns a corresponding attribute base ciphertext, and after validity verification, the data requester decrypts a file storage address and a symmetric key of the data file;
And the data requester sends a request to the cloud storage server according to the decrypted file storage address, and decrypts the data file from the data ciphertext returned by the cloud storage server by using the decrypted symmetric key.
In a third aspect of the present invention, the present invention also provides a computer device, the electronic device comprising:
A processor;
A memory for storing processor-executable instructions;
Wherein the processor is configured to perform the blockchain technology-based fine-grained cloud storage access control method of the first aspect of the invention.
The invention has the beneficial effects that:
According to the fine-grained cloud storage access control method, system and equipment scheme based on the blockchain technology, which are provided by the invention, the blockchain is used for replacing a trusted third party mechanism, so that a trust establishment mechanism with decentralization, distribution and non-tamperable information is realized, and the problems of high storage cost, privacy, data security and the like of the decentralization mechanism are solved. In the model provided by the invention, the data requester generates the private key, so that the safety problem of the private key in the transmission process is avoided. The invention also carries out policy change based on the access control policy tree, allows the data owner to change the access control tree policy, and the workload is mostly borne by intelligent contracts of the blockchain, so that the scheme can be oriented to wider application scenes.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a diagram of a cloud storage sharing model structure in an embodiment of the present invention;
FIG. 2 is a flowchart of a fine granularity cloud storage access control method based on a blockchain technique in an embodiment of the invention;
FIG. 3 is a flowchart of a fine-grained cloud storage access control method based on blockchain technology in a preferred embodiment of the invention;
FIG. 4 is a schematic diagram of a new strategy change process node according to the present invention;
fig. 5 is a schematic diagram illustrating node deletion during policy change according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The terms first, second, third and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "includes" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
A flowchart is used in the present application to describe the operations performed in accordance with embodiments of the present application. It should be understood that the preceding or following operations are not necessarily performed in order precisely. Rather, the various steps may be processed in reverse order or simultaneously, as desired. Also, other operations may be added to or removed from these processes.
Referring to fig. 1, fig. 1 is a schematic diagram of a cloud storage sharing model in an embodiment of the present invention, and as shown in fig. 1, the cloud storage sharing model used in this embodiment is based on a blockchain technology, and the model is composed of a cloud storage server, a blockchain and a plurality of users, where the users can be divided into data owners and data requesters, the data owners can be the data owners or the data requesters, and the data requesters can be the data requesters or the data owners, and here, for convenience of distinction, we define the data owners. In the model, a cloud storage server is responsible for storing data ciphertext and re-encrypting the ciphertext; the data owner is responsible for making an access control strategy tree, carrying out symmetric encryption on the stored data and carrying out attribute-based encryption on the symmetric key; if the attribute set of the data requester meets the strategy, the ciphertext can be decrypted to obtain the data; the blockchain is used as a key management center and a file information ciphertext storage center and is responsible for distributing key intermediate information and file information ciphertext for a data requester.
Based on the cloud storage sharing model, please refer to fig. 2, fig. 2 is a flowchart of a fine-grained cloud storage access control method based on a blockchain technique in an embodiment of the invention, as shown in fig. 2, where the method includes:
101. Constructing a cloud storage sharing model based on a blockchain technology, comprising a cloud storage server, a data owner, a data requester and a blockchain, initializing the model by adopting the blockchain, and generating a public key and a master key parameter of the model;
in the embodiment of the invention, a cloud storage server CSP stores a data file ciphertext sent by a data owner DO and re-encrypts the data file ciphertext in policy change; DO can share data and send ciphertext information to CSP and block chain BC respectively; the data requester DU sends a data acquisition request to the BC and the CSP, and if the strategy is met, the data is acquired; the BC distributes the key and file information ciphertext for the DU and performs policy change operations for the DO.
In the embodiment of the invention, the model is initialized by adopting the blockchain, and the public key and the master key parameters of the generated model can be expressed as follows:
PK={G,g,gα,gβ,e(g,g)β,H}
MSK={α,β∈Zp}
Wherein PK represents a public key parameter and MSK represents a master key parameter; g represents a multiplication group, G represents one generator of G and has prime order p, e represents bilinear mapping, α, β represent random numbers in Z p domain, and H represents a mapping function from attribute to bilinear pair.
It will be appreciated that the above-described setting and selection of public and master key parameters may refer to any of the manners employed in existing cloud storage sharing models.
102. The user, namely the data owner and the data requester, sends the attribute set of the user to the intelligent contract for registration, and generates a private key according to the private key intermediate information returned by the intelligent contract;
in the embodiment of the invention, the user can send the attribute set of the user to the intelligent contract for registration, the intelligent contract selects a random number, partial master key parameters are combined to calculate the private key intermediate information, the user operates the registration machine, and the private key is generated based on the private key intermediate information and the public key of the model.
Specifically, the user sends the attribute set S to the smart contract for registration, the smart contract selects a random number r e Z p, and selects a corresponding random number r i∈Zp according to (attribute S i) in the attribute set S to calculate private key intermediate information:
MSG={gαr,gr,gr1,gr2,...,gri}
Wherein MSG represents private key intermediate information; g represents one generator of G; alpha represents a random number of a Z p domain; r represents a random number selected by the intelligent contract; r i denotes a corresponding random number selected based on the attribute s i.
The intelligent contract sends private key intermediate information to a user, and the user runs a registration machine KeyGen (PK, keyInfo) to calculate own private key, which is expressed as:
Wherein D represents an encryption algorithm; d i represents a first encryption result corresponding to the attribute s i; d' i represents a second encryption result corresponding to the attribute s i; d "i denotes a third encryption result corresponding to the attribute s i.
103. The data owner designates an access control policy tree for the data file, encrypts the data file by adopting a symmetric key to obtain a data ciphertext, and uploads the data ciphertext to a cloud storage server, and the cloud storage server returns a file storage address;
In the embodiment of the invention, the data file to be shared is encrypted by the data owner through the symmetric key ck to obtain the ciphertext C, and the ciphertext C is uploaded to the cloud storage server, and the cloud storage server returns the file storage address addr.
For example, the access control policy tree formulated in the present embodiment may include: the method comprises the steps of allowing computer students or teachers of computers in universities and colleges to access, allowing administrators or supervisors of IT departments to access, and the like, wherein tree structure relations exist among access strategies, and the relations can be parallel relations or front-back relations, so that corresponding father node strategies and child node strategies are formed.
104. The data owner encrypts the symmetric key and the file storage address according to the private key, the public key of the model and the access control strategy tree, sends the attribute base ciphertext to a block chain to form a block, and returns a block identifier;
In the embodiment of the invention, the data owner runs Encrypt (τ, ck, addr, PK) according to the private key, the public key of the model, the access control policy tree, the symmetric key and the file storage address to obtain CT:
C=gS
C″x=qx(0)·gβ+αr}
wherein CT represents the result of attribute-based encryption; τ represents an access control policy tree; Ciphertext representing the symmetric key; ck denotes a symmetric key; s represents a random value selected by the root node, namely a secret value of the root node, and q x (0) represents a secret value of the leaf node x; the/> represents the ciphertext of the file storage address; addr represents the access address of the file; c represents the ciphertext of the secret value s; r represents a random number selected by the intelligent contract; { G, G, G α,gβ,e(g,g)β, H } represents the public key parameters of the model; g β+αr denotes a private key parameter; x represents a certain leaf node in the access control policy tree, X is a leaf node set of the access control policy tree, H (attr (X)) represents a mapping from the leaf node X to the attribute, and C x represents a first encryption result of the leaf node X; c' x represents the second encryption result of leaf node x; c "x represents the third encryption result for leaf node x.
In the encryption process, a random value s is firstly selected as a secret value of the root node, namely q r (0) =s, wherein r represents the root node; then, the order d n of the current polynomial is obtained according to the threshold k n of the root node and the formula k n=dn +1, the random number a 1,a2,...,an is selected to construct the child nodes under the root node of the polynomial , the respective secret value q (index) is calculated according to the sequence number index, the polynomial is constructed again according to the threshold of the respective node, and the like.
The data owner sends the computed CT to the smart contract, which generates a transaction, generates a chunk by the node, and generates a chunk identification ID CT, and returns the chunk identification ID CT to the data owner.
105. The data requester sends a data request to the blockchain, the blockchain returns a corresponding attribute base ciphertext, and after validity verification, the data requester decrypts a file storage address and a symmetric key of the data file;
In the embodiment of the invention, when a data requester sends a data request for a certain file to a blockchain, the blockchain can return an attribute base ciphertext owned by a corresponding data owner, and at the moment, the data requester decrypts the attribute base ciphertext by adopting a private key of the data requester, so that a corresponding file storage address addr and a symmetric key ck can be obtained, which are respectively expressed as:
Wherein represents the ciphertext of the symmetric key; the/> represents the ciphertext of the file storage address; f R represents ciphertext corresponding to the node.
For the decryption process of the attribute-based ciphertext, the decryption principle is as follows:
For leaf nodes, calculate:
for the non-leaf node n, assuming it has a set of child nodes Z, F n computes as follows:
Where i=index (Z), Z' = { index (Z): Z e Z }, and and so on, if DU satisfies the access control policy tree, run Decrypt (CT, SK), it is clear that:
FR=e(g,g)αrs
106. And the data requester sends a request to the cloud storage server according to the decrypted file storage address, and decrypts the data file from the data ciphertext returned by the cloud storage server by using the decrypted symmetric key.
In the embodiment of the invention, after the data requester sends a request to the cloud storage server according to the file storage address, the cloud storage server returns the data ciphertext, and the data ciphertext is decrypted by using the symmetric key decrypted in the last step, so that the data plaintext can be obtained.
In the above embodiment, two decryption processes are required for the data requester to obtain the data plaintext, first, the data requester issues a data acquisition request to the blockchain; the block chain verifies the identity of the data requester and returns a corresponding attribute base ciphertext CT; executing Decrypt (CT, SK) by the data requester, and if the strategy is met, decrypting to obtain a file storage address addr and a symmetric key ck; the data requester sends a request to the cloud storage server according to the addr; CSP returns data ciphertext C; the DU decrypts the data plaintext M using ck and C.
Referring to fig. 3, fig. 3 is a flowchart of a fine-grained cloud storage access control method based on a blockchain technique according to an embodiment of the invention, and as shown in fig. 3, the method mainly includes:
the intelligent contract is initialized to construct a cloud storage sharing model based on a blockchain technology;
The data owner and the data requester send the attribute set of the data owner and the data requester to the intelligent contract for registration, and a private key is generated according to private key intermediate information returned by the intelligent contract;
the data owner encrypts the data file by adopting a symmetric key to obtain a data ciphertext, and uploads the data ciphertext to a cloud storage server, and the cloud storage server returns a file storage address;
The data owner encrypts the symmetric key and the file storage address according to the private key, the public key of the model and the access control strategy tree, sends the attribute base ciphertext to a block chain to form a block, and returns a block identifier;
When the data owner changes the access control strategy tree appointed by the data file, the new access control strategy tree, a new symmetric key ciphertext and a re-encryption key are sent to the intelligent contract, the intelligent contract modifies the ciphertext content of the original block to generate a new block, the BC sends the re-encryption key to the CSP through a secure channel, and the CSP executes re-encryption of the ciphertext; the data requester sends a data request to the blockchain, the blockchain returns a corresponding attribute base ciphertext, and after validity verification, the data requester decrypts a file storage address and a symmetric key of the data file;
And the data requester sends a request to the cloud storage server according to the decrypted file storage address, and decrypts the data file from the data ciphertext returned by the cloud storage server by using the decrypted symmetric key.
The core difference between the preferred embodiment and the above embodiment is that the present embodiment further determines whether the data owner updates the access control policy, if the access control policy tree is updated, the data owner is required to calculate the re-encryption key, send the new access control policy tree, the new symmetric key ciphertext and the re-encryption key to the intelligent contract, and the intelligent contract modifies the attribute base ciphertext and the corresponding original block thereof according to the block identifier, and generates a new block; the blockchain sends a re-encryption key to the cloud storage server through the secure channel, and the cloud storage server re-encrypts the attribute base ciphertext by adopting the re-encryption key pair. Otherwise, according to the normal flow, the data requester directly requests the attribute base ciphertext from the intelligent contract of the blockchain.
In the preferred embodiment, if the data owner wants to modify the access control policy of a certain file, a new symmetric key ck 'needs to be selected first, and a re-encryption key ck pre is calculated according to the new symmetric key and the old symmetric key, and the new symmetric key is also encrypted at the same time, so as to obtain an updated symmetric key ciphertext and generate a new access control policy tree τ', and re-encryption information MSG pre is sent to the smart contract, which is expressed as/>
The smart contract sends the re-encryption key ck pre to the cloud storage server CSP, which performs re-encryption of the data ciphertext.
In the preferred embodiment, the modification of the attribute base ciphertext and the corresponding original block according to the block identifier by the intelligent contract includes traversing access control policy trees τ and τ' before and after updating in a recursive manner, so as to obtain an added Node set Node insert and a deleted Node set Node delete, and modifying Node content information corresponding to the attribute base ciphertext in the original block according to the corresponding new adding policy and deleting policy by the Node insert and the Node delete respectively.
Referring to fig. 4, fig. 4 is a schematic diagram of an addition policy in the embodiment of the present invention, as shown in fig. 4, the addition policy may be divided into two cases according to the condition of the parent node, where one is the case of OR, AND the other is the case of AND.
Determining newly added node and brothers thereof from access control strategy trees before and after updating;
For the condition that the condition of a father node in the access control strategy tree before updating is OR, for a newly added node, the intelligent contract calculates to obtain the secret value of a brother node according to the strategy tree before updating and the third encryption result of the brother node corresponding to the newly added node, and calculates to obtain the first encryption result, the second encryption result and the third encryption result of the newly added node by taking the secret value of the brother node as the secret value of the newly added node; and the encryption result of the newly added node is utilized to modify the information of the original block;
Specifically, in the embodiment of the present invention, the secret value q brother (0) of the sibling node may be obtained according to the third encryption result c″ brother of the sibling node, and because the condition is OR, the threshold value of the parent node is 1, the maximum degree of the polynomial is 0, and the polynomial has only constant terms, so that the secret values of the child nodes are the same, and all the secret values are expressed as:
Therefore, for the newly added node, we can calculate the corresponding attribute base ciphertext, add the attribute base ciphertext of the node to the attribute base ciphertext CT and generate a new block, and return the new block ID' CT to the DU, where the attribute base ciphertext of the node is expressed as:
C″node=qnode(0)·gβ+αr
For the condition that the condition of the father node in the access control strategy tree before updating is AND, for the newly added node, the intelligent contract calculates the secret value of each brother node according to the strategy tree before updating AND the brother node corresponding to the newly added node; processing the secret value of each brother node by using a Lagrange interpolation method, and calculating to obtain the secret value of the father node; the intelligent contract selects the random number of the polynomial, supplements the polynomial corresponding to the newly added node, constructs the new polynomial based on the secret value of the father node, and recalculates the first encryption result, the second encryption result and the third encryption result of the newly added node and the brother node thereof; and modifying the information of the original block by utilizing the encryption result of the newly added node, wherein the number of terms of the polynomial is the same as the number of brother nodes.
Specifically, since the current newly added node may have a plurality of sibling nodes, the secret value q brother1(0),qbrother2(0),...,qbrothern (0) of each sibling node needs to be calculated, and the secret value q parent (0) of the parent node is calculated by lagrangian interpolation:
Because the parent node is conditioned as AND, after adding the child node, the order is increased from d n to d n +1, the smart contract chooses the random number a 1,a2,...,an+1, AND constructs a new polynomial:
recalculating ciphertext of each child node:
C″x'=qx'(0)·gβ+αr
The child node content C x,C′x,C″x in the original CT is replaced with C x',C′x',C″x' and a new block is generated and the new block identification ID' CT is returned to the DU.
Referring to fig. 5, fig. 5 is a schematic diagram of a deletion policy in an embodiment of the present invention, as shown in fig. 5, the deletion policy may be divided into two cases according to the condition of the parent node, where one is the condition of OR, AND the other is the condition of AND.
Determining a deleted node and its brother node from the access control strategy tree before and after updating;
For the condition that the condition of a father node in the access control strategy tree before updating is OR, for deleting a node, the intelligent contract directly deletes a first encryption result, a second encryption result and a third encryption result corresponding to the node in the secret according to the strategy tree before updating; and the encryption result of the deleting node is utilized to modify the information of the original block;
In the embodiment of the invention, because the condition is OR, the threshold value of the father node is 1, the maximum degree of the polynomial is 0, the polynomial only has constant terms, and deleting the content of the node can not affect other nodes, so that C x,C′x,C″x corresponding to the node in the secret is directly deleted, a new block is generated, and a new block identification ID' CT is returned to DU.
For the condition that the condition of the father node in the access control strategy tree before updating is AND, for the deleted node, the intelligent contract calculates the secret value of each brother node according to the strategy tree before updating AND the brother node thereof; processing the secret value of each brother node by using a Lagrange interpolation method, and calculating to obtain the secret value of the father node; the intelligent contract selects the random number of the polynomial, deletes the polynomial corresponding to the deleted node, constructs a new polynomial based on the secret value of the father node, and recalculates to obtain a first encryption result, a second encryption result and a third encryption result of each child node, namely the brother node of the deleted node; and modifying the information of the original block by using the first encryption result, the second encryption result and the third encryption result of each brother node, wherein the number of terms of the polynomial is the same as the number of the remaining brother nodes.
Specifically, in the embodiment of the present invention, since there may be multiple sibling nodes in the access control policy tree before updating, the secret value q brother1(0),qbrother2(0),...,qbrothern (0) of each sibling node needs to be calculated in the access control policy tree before updating, and the secret value q parent (0) of the parent node is calculated by lagrangian interpolation:
Because the parent node is conditioned to be AND, after deleting the child node, the order is reduced from d n to d n -1, the smart contract chooses the random number a 1,a2,...,an-1, AND a new polynomial is constructed:
re-computing ciphertext of the sub-node:
C″x'=qx'(0)·gβ+αr
The child node content C x,C′x,C″x in the original CT is replaced with C x',C′x',C″x' and a new block is generated, and the new block ID' CT is returned to the DU, where the child node includes all sibling nodes corresponding to the deleted node.
Under the change of the access control strategy in the preferred embodiment, the intelligent reduction calculates CT after the update of the access control strategy, submits transaction, generates a block by a node, and generates a new ID' CT to return DU.
In an embodiment of the present invention, there is further provided a fine-grained cloud storage access control based on a blockchain technique, where the system includes a cloud storage server, a data owner, a data requester, and a blockchain; the system specifically comprises:
Constructing a cloud storage sharing model based on a blockchain technology based on a cloud storage server, a data owner, a data requester and a blockchain, initializing the model by adopting the blockchain, and generating a public key and a master key parameter of the model;
The data owner and the data requester send the attribute set of the data owner and the data requester to the intelligent contract for registration, and a private key is generated according to private key intermediate information returned by the intelligent contract;
The data owner designates an access control policy tree for the data file, encrypts the data file by adopting a symmetric key to obtain a data ciphertext, and uploads the data ciphertext to a cloud storage server, and the cloud storage server returns a file storage address;
The data owner encrypts the symmetric key and the file storage address according to the private key, the public key of the model and the access control strategy tree, sends the attribute base ciphertext to a block chain to form a block, and returns a block identifier;
the data requester sends a data request to the blockchain, the blockchain returns a corresponding attribute base ciphertext, and after validity verification, the data requester decrypts a file storage address and a symmetric key of the data file;
And the data requester sends a request to the cloud storage server according to the decrypted file storage address, and decrypts the data file from the data ciphertext returned by the cloud storage server by using the decrypted symmetric key.
In addition, the embodiment of the application also provides an electronic device, which can comprise the processor of the one or more processing cores and a memory for storing the executable instructions of the processor.
In one embodiment, the processor is a control center of the electronic device, connects various parts of the entire computer device using various interfaces and lines, and performs various functions and processes of the computer device by running or executing software programs and/or modules stored in memory, and invoking data stored in memory, thereby performing overall monitoring of the computer device.
In one embodiment, a processor may include one or more processing cores.
In one embodiment, the processor may integrate an application processor that primarily handles operating systems, user interfaces, applications, etc., with a modem processor that primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor.
In one embodiment, the memory may be used to store software programs and modules that the processor performs various functional applications and data processing by running the software programs and modules stored in the memory.
In one embodiment, the memory may comprise primarily a storage program area and a storage data area, wherein the storage program area may store an operating system, application programs required for at least one function, and the like; the storage data area may store data created according to the use of the electronic device, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory may also include a memory controller to provide access to the memory by the processor.
In one embodiment, a processor in a computer device loads executable files corresponding to processes of one or more application programs into a memory according to the following instructions, and the processor executes the application programs stored in the memory, so as to implement a cloud storage access function:
Constructing a cloud storage sharing model based on a blockchain technology, comprising a cloud storage server, a data owner, a data requester and a blockchain, initializing the model by adopting the blockchain, and generating a public key and a master key parameter of the model;
The data owner and the data requester send the attribute set of the data owner and the data requester to the intelligent contract for registration, and a private key is generated according to private key intermediate information returned by the intelligent contract;
The data owner designates an access control policy tree for the data file, encrypts the data file by adopting a symmetric key to obtain a data ciphertext, and uploads the data ciphertext to a cloud storage server, and the cloud storage server returns a file storage address;
The data owner encrypts the symmetric key and the file storage address according to the private key, the public key of the model and the access control strategy tree, sends the attribute base ciphertext to a block chain to form a block, and returns a block identifier;
the data requester sends a data request to the blockchain, the blockchain returns a corresponding attribute base ciphertext, and after validity verification, the data requester decrypts a file storage address and a symmetric key of the data file;
And the data requester sends a request to the cloud storage server according to the decrypted file storage address, and decrypts the data file from the data ciphertext returned by the cloud storage server by using the decrypted symmetric key.
The specific implementation of each operation above may be referred to the previous embodiments, and will not be described herein.
In the description of the present invention, it should be understood that the terms "coaxial," "bottom," "one end," "top," "middle," "another end," "upper," "one side," "top," "inner," "outer," "front," "center," "two ends," etc. indicate or are based on the orientation or positional relationship shown in the drawings, merely to facilitate description of the invention and simplify the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and therefore should not be construed as limiting the invention.
In the present invention, unless explicitly specified and limited otherwise, the terms "mounted," "configured," "connected," "secured," "rotated," and the like are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; either directly or indirectly through intermediaries, or in communication with each other or in interaction with each other, unless explicitly defined otherwise, the meaning of the terms described above in this application will be understood by those of ordinary skill in the art in view of the specific circumstances.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (7)

1. The fine-grained cloud storage access control method based on the blockchain technology is characterized by comprising the following steps of:
Constructing a cloud storage sharing model based on a blockchain technology, comprising a cloud storage server, a data owner, a data requester and a blockchain, initializing the model by adopting the blockchain, and generating a public key and a master key parameter of the model;
The data owner and the data requester send the attribute set of the data owner and the data requester to the intelligent contract for registration, and a private key is generated according to private key intermediate information returned by the intelligent contract;
The data owner designates an access control policy tree for the data file, encrypts the data file by adopting a symmetric key to obtain a data ciphertext, and uploads the data ciphertext to a cloud storage server, and the cloud storage server returns a file storage address;
The data owner encrypts the symmetric key and the file storage address according to the private key, the public key of the model and the access control strategy tree, sends the attribute base ciphertext to a block chain to form a block, and returns a block identifier;
the data owner performs attribute-based encryption on the symmetric key and the file storage address according to a private key, a public key of a model and an access control policy tree, and the attribute-based encryption is expressed as follows:
Wherein CT represents the result of attribute-based encryption; τ represents the access control policy tree before update; Ciphertext representing the symmetric key; ck denotes a symmetric key; e represents bilinear mapping, G represents one generation element of G, G represents multiplication group, alpha and beta represent random numbers in Z p domain, s represents random values selected by root nodes, namely secret values of the root nodes,/> represents ciphertext of file storage addresses, and addr represents access addresses of files; c represents the ciphertext of the secret value s; x represents a certain leaf node in the access control policy tree, X is a leaf node set of the access control policy tree, C x represents a first encryption result of the leaf node X, and q x (0) represents a secret value of the leaf node X; c' x represents the second encryption result of leaf node x; h (attr (x)) represents a mapping of the leaf node x to the attribute, C "x represents a third encryption result of the leaf node x, r represents a random number selected by the smart contract; g β+αr denotes a private key parameter;
When a data owner designates an access control strategy tree to change a data file, namely, when the data owner wants to modify an access control strategy of a certain file, a new symmetric key ck ' is selected, a re-encryption key ck pre is calculated according to the new symmetric key and the old symmetric key, the new symmetric key is encrypted to obtain an updated symmetric key ciphertext and generate an updated access control strategy tree tau ', the updated access control strategy tree tau ' and the updated symmetric key ciphertext/> form re-encryption information MSG pre and block identification ID CT, the re-encryption information MSG pre is sent to an intelligent contract, and the re-encryption information is expressed as/> intelligent contract to modify an attribute base ciphertext and a corresponding original block according to the block identification, and a new block is generated; the blockchain sends the re-encryption key to a cloud storage server through a secure channel, and the cloud storage server re-encrypts the attribute base ciphertext by adopting the re-encryption key;
the data requester sends a data request to the blockchain, the blockchain returns a corresponding attribute base ciphertext, and after validity verification, the data requester decrypts a file storage address and a symmetric key of the data file;
And the data requester sends a request to the cloud storage server according to the decrypted file storage address, and decrypts the data file from the data ciphertext returned by the cloud storage server by using the decrypted symmetric key.
2. The blockchain technology-based fine-grained cloud storage access control method according to claim 1, wherein the data owner and the data requester send their own attribute sets to the intelligent contract to register, and the private key generation step of generating the private key according to the private key intermediate information returned by the intelligent contract includes the data owner and the data requester sending their own attribute sets to the intelligent contract to register, the intelligent contract selecting a random number, and calculating the private key intermediate information in combination with part of the master key parameters, the data owner and the data requester operate a registrar, and the private key is generated based on the public key of the private key intermediate information combination model.
3. The fine-grained cloud storage access control method based on the blockchain technology according to claim 1, wherein the modification of the attribute base ciphertext and the corresponding original block by the intelligent contract according to the block identifier includes traversing access control policy trees before and after updating in a recursive manner to obtain an added node set and a deleted node set, and modifying node content information corresponding to the attribute base ciphertext in the original block according to the corresponding new adding policy and the deleting policy respectively.
4. The blockchain technology-based fine-grained cloud storage access control method according to claim 3, wherein modifying node content information corresponding to the attribute-based ciphertext in the original block according to the corresponding new addition policy comprises:
Determining newly added node and brothers thereof from access control strategy trees before and after updating;
For the condition that the condition of a father node in the access control strategy tree before updating is OR, the intelligent contract calculates to obtain the secret value of the brother node according to the third encryption result of the brother node corresponding to the access control strategy tree before updating and the newly added node, and calculates to obtain the first encryption result, the second encryption result and the third encryption result of the newly added node by taking the secret value of the brother node as the secret value of the newly added node; modifying the information of the original block by utilizing the encryption result of the newly added node and generating a new block;
For the condition that the condition of the father node in the access control strategy tree before updating is AND, the intelligent contract calculates the secret value of each brother node according to the access control strategy tree before updating AND the brother node corresponding to the newly added node; processing the secret value of each brother node by using a Lagrange interpolation method, and calculating to obtain the secret value of the father node; the intelligent contract selects the random number of the polynomial, supplements the polynomial corresponding to the newly added node, constructs the new polynomial based on the secret value of the father node, and recalculates the first encryption result, the second encryption result and the third encryption result of the newly added node and the brother node thereof; and modifying the information of the original block by using the calculated encryption result and generating a new block, wherein the number of terms of the polynomial is the same as the number of brother nodes.
5. The blockchain technology-based fine-grained cloud storage access control method of claim 4, wherein modifying node content information corresponding to the attribute-based ciphertext in the original block according to the corresponding deletion policy comprises:
determining a deleted node and its brother node from the access control strategy tree before and after updating;
For the condition that the condition of a father node in the access control strategy tree before updating is OR, for a deletion node, the intelligent contract directly deletes a first encryption result, a second encryption result and a third encryption result corresponding to the deletion node in the secret according to the access control strategy tree before updating; modifying the information of the original block by utilizing the encryption result of the deleting node and generating a new block;
For the condition that the condition of the father node in the access control strategy tree before updating is AND, for the deleted node, the intelligent contract calculates the secret value of each brother node according to the access control strategy tree before updating AND the brother node thereof; processing the secret value of each brother node by using a Lagrange interpolation method, and calculating to obtain the secret value of the father node; the intelligent contract selects the random number of the polynomial, deletes the polynomial corresponding to the deleted node, constructs a new polynomial based on the secret value of the father node, and recalculates to obtain a first encryption result, a second encryption result and a third encryption result of each child node, namely the brother node of the deleted node; and modifying the information of the original block by using the first encryption result, the second encryption result and the third encryption result of each brother node to generate a new block, wherein the number of terms of the polynomial is the same as the number of the remaining brother nodes.
6. A blockchain technology-based fine-grained cloud storage access control system for implementing the blockchain technology-based fine-grained cloud storage access control method of any of claims 1-5, wherein the system comprises a cloud storage server, a data owner, a data requester, and a blockchain; the system specifically comprises:
Constructing a cloud storage sharing model based on a blockchain technology based on a cloud storage server, a data owner, a data requester and a blockchain, initializing the model by adopting the blockchain, and generating a public key and a master key parameter of the model;
The data owner and the data requester send the attribute set of the data owner and the data requester to the intelligent contract for registration, and a private key is generated according to private key intermediate information returned by the intelligent contract;
The data owner designates an access control policy tree for the data file, encrypts the data file by adopting a symmetric key to obtain a data ciphertext, and uploads the data ciphertext to a cloud storage server, and the cloud storage server returns a file storage address;
The data owner encrypts the symmetric key and the file storage address according to the private key, the public key of the model and the access control strategy tree, sends the attribute base ciphertext to a block chain to form a block, and returns a block identifier;
the data requester sends a data request to the blockchain, the blockchain returns a corresponding attribute base ciphertext, and after validity verification, the data requester decrypts a file storage address and a symmetric key of the data file;
And the data requester sends a request to the cloud storage server according to the decrypted file storage address, and decrypts the data file from the data ciphertext returned by the cloud storage server by using the decrypted symmetric key.
7. A computer device, the computer device comprising:
A processor;
A memory for storing processor-executable instructions;
Wherein the processor is configured to perform the blockchain technology-based fine-grained cloud storage access control method of any of claims 1-5.
CN202111429870.7A 2021-11-29 2021-11-29 Fine-grained cloud storage access control method, system and equipment based on blockchain technology Active CN114065265B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111429870.7A CN114065265B (en) 2021-11-29 2021-11-29 Fine-grained cloud storage access control method, system and equipment based on blockchain technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111429870.7A CN114065265B (en) 2021-11-29 2021-11-29 Fine-grained cloud storage access control method, system and equipment based on blockchain technology

Publications (2)

Publication Number Publication Date
CN114065265A CN114065265A (en) 2022-02-18
CN114065265B true CN114065265B (en) 2024-04-16

Family

ID=80276997

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111429870.7A Active CN114065265B (en) 2021-11-29 2021-11-29 Fine-grained cloud storage access control method, system and equipment based on blockchain technology

Country Status (1)

Country Link
CN (1) CN114065265B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114510734B (en) * 2022-02-22 2023-10-20 光大科技有限公司 Data access control method, device and computer readable storage medium
CN114640468B (en) * 2022-03-16 2024-01-26 安顺职业技术学院 Block chain privacy protection method based on online offline attribute encryption
CN114584325A (en) * 2022-05-06 2022-06-03 四川野马科技有限公司 Bid quoted price data hybrid storage system and method based on block chain and cloud storage
CN114650137B (en) * 2022-05-23 2023-03-24 山东省计算中心(国家超级计算济南中心) Decryption outsourcing method and system based on block chain and supporting strategy hiding
CN115296817B (en) * 2022-08-03 2023-04-21 北京航空航天大学 Data access control method based on block chain technology and attribute encryption
CN115426136B (en) * 2022-08-12 2024-04-16 中国人民解放军战略支援部队信息工程大学 Cross-domain access control method and system based on block chain
CN115982746B (en) * 2023-03-17 2023-06-27 南京信息工程大学 Block chain-based data sharing method
CN116248751A (en) * 2023-03-20 2023-06-09 北京航空航天大学云南创新研究院 Intelligent contract registration and verification method based on alliance chain
CN116155619B (en) * 2023-04-04 2023-07-07 江西农业大学 Data processing method, data request terminal, data possession terminal and data processing device
CN117097566B (en) * 2023-10-18 2024-01-26 江西农业大学 Weighted attribute proxy re-encryption information fine granularity access control system and method
CN117648679B (en) * 2024-01-26 2024-04-30 中国人民解放军军事科学院系统工程研究院 JavaScript-based resource isolation method and system

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016197770A1 (en) * 2015-06-12 2016-12-15 深圳大学 Access control system and access control method thereof for cloud storage service platform
CN108243194A (en) * 2018-01-15 2018-07-03 浙江大学 A kind of semantic-based cloud storage access control method
CN111130757A (en) * 2019-12-31 2020-05-08 华中科技大学 Multi-cloud CP-ABE access control method based on block chain
CN111914269A (en) * 2020-07-07 2020-11-10 华中科技大学 Data security sharing method and system under block chain and cloud storage environment
CN112532588A (en) * 2020-11-06 2021-03-19 北京工业大学 Policy hidden type data access control method based on block chain
CN112765650A (en) * 2021-01-05 2021-05-07 西安电子科技大学 Attribute-based searchable encryption block chain medical data sharing method
CN112836229A (en) * 2021-02-10 2021-05-25 北京深安信息科技有限公司 Attribute-based encryption and block-chaining combined trusted data access control scheme
CN113132103A (en) * 2021-03-11 2021-07-16 西安电子科技大学 Data cross-domain security sharing system and method
CN113193953A (en) * 2021-04-16 2021-07-30 南通大学 Multi-authority attribute-based encryption method based on block chain
CN113434875A (en) * 2021-06-16 2021-09-24 北京市大数据中心 Lightweight access method and system based on block chain

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016197770A1 (en) * 2015-06-12 2016-12-15 深圳大学 Access control system and access control method thereof for cloud storage service platform
CN108243194A (en) * 2018-01-15 2018-07-03 浙江大学 A kind of semantic-based cloud storage access control method
CN111130757A (en) * 2019-12-31 2020-05-08 华中科技大学 Multi-cloud CP-ABE access control method based on block chain
CN111914269A (en) * 2020-07-07 2020-11-10 华中科技大学 Data security sharing method and system under block chain and cloud storage environment
CN112532588A (en) * 2020-11-06 2021-03-19 北京工业大学 Policy hidden type data access control method based on block chain
CN112765650A (en) * 2021-01-05 2021-05-07 西安电子科技大学 Attribute-based searchable encryption block chain medical data sharing method
CN112836229A (en) * 2021-02-10 2021-05-25 北京深安信息科技有限公司 Attribute-based encryption and block-chaining combined trusted data access control scheme
CN113132103A (en) * 2021-03-11 2021-07-16 西安电子科技大学 Data cross-domain security sharing system and method
CN113193953A (en) * 2021-04-16 2021-07-30 南通大学 Multi-authority attribute-based encryption method based on block chain
CN113434875A (en) * 2021-06-16 2021-09-24 北京市大数据中心 Lightweight access method and system based on block chain

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
A secure cloud storage framework with access control based on blockchain;Shangping Wang 等;IEEE Access;20190723;第7卷;112713-112725 *
Cloud storage access control scheme of ciphertext algorithm based on digital envelope;Anping Xiong 等;Intelligent Automation & Soft Computing;20151113;第22卷(第2期);289-294 *
TrustAccess:A Trustworthy Secure Ciphertext-policy and Attribute Hiding Access Control Scheme Based on Blockchain;Sheng Gao 等;IEEE Transactions on Vehicular Technology;20200630;第69卷(第6期);5784-5798 *
云存储访问控制中的快速属性基加密方案;王廷 等;科学技术与工程;20170108;第17卷(第01期);54-60 *
基于区块链的云存储加密数据共享方案;梁艳丽 等;计算机工程与应用;20200609;第56卷(第17期);41-47 *

Also Published As

Publication number Publication date
CN114065265A (en) 2022-02-18

Similar Documents

Publication Publication Date Title
CN114065265B (en) Fine-grained cloud storage access control method, system and equipment based on blockchain technology
CN110099043B (en) Multi-authorization-center access control method supporting policy hiding and cloud storage system
CN108810004B (en) Agent-based revocable multi-authorization-center access control method and cloud storage system
Jung et al. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption
CN108768951B (en) Data encryption and retrieval method for protecting file privacy in cloud environment
WO2016197680A1 (en) Access control system for cloud storage service platform and access control method therefor
CN114039790B (en) Fine-grained cloud storage security access control method based on blockchain
CN107465681B (en) Cloud computing big data privacy protection method
CN107332858B (en) Cloud data storage method
CN108111540A (en) The hierarchical access control system and method for data sharing are supported in a kind of cloud storage
CN108632030A (en) A kind of fine-grained access control method efficient and safe based on CP-ABE
CN108632385B (en) Time sequence-based cloud storage privacy protection method for multi-branch tree data index structure
US20140052985A1 (en) Methods for providing requested data from a storage device to a data consumer and storage devices
WO2017061950A1 (en) Data security system and method for operation thereof
CN110035067B (en) Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage
CN109819323B (en) Video content access method in mixed cloud system
CN113992330A (en) Block chain data controlled sharing method and system based on proxy re-encryption
CN113098849A (en) Access control method based on attribute and identity encryption, terminal and storage medium
Zhang et al. Feacs: A flexible and efficient access control scheme for cloud computing
Liu et al. Dynamic attribute-based access control in cloud storage systems
CN106888213B (en) Cloud ciphertext access control method and system
Fugkeaw A lightweight policy update scheme for outsourced personal health records sharing
CN113194089B (en) Attribute-based encryption method for ciphertext strategy supporting attribute revocation
CN110611571A (en) Revocable access control method of smart grid system based on fog
Lv et al. A secure and efficient revocation scheme for fine-grained access control in cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant