KR20120132708A - Distributed access priviledge management apparatus and method in cloud computing environments - Google Patents

Abstract

PURPOSE: An access authority distribution management apparatus and method thereof are provided to implement a rapid calculation process by examining weighted values. CONSTITUTION: A data owner terminal(610) creates a cryptogram by encrypting data through an AES(advanced encryption standard) key. The data owner terminal creates XOR shares including a plurality of recovery shares and effectiveness by dividing the AES key through an XOR threshold secret distribution method based on AONT(all or nothing transform) process. A cloud service provider server(620) stores the cryptogram by receiving the cryptogram from the data owner terminal. An authority manager group terminal(630) stores restoration shares and the XOR shares by receiving the restoration shares and the XOR shares from the data owner terminal.

Description

Distributed access priviledge management apparatus and method in cloud computing environments

The present invention relates to a cloud computing environment, and more particularly, to an apparatus and a method for distributed management of access rights in a cloud computing environment.

Cloud computing, which provides computing resources as a service, is a computing paradigm that is drawing attention in academia and industry. Amazon's Simple Storage Service (S3) data storage service, for example, rents online space to store data and provides data storage services for $ 0.15 per gigabyte per month or less. (Amazon 2010). Properly utilized this type of cloud computing service can save a lot of IT investment. For enterprises, efficient IT investments can be achieved as a service in a cloud computing environment rather than owning the infrastructure directly, thereby achieving a competitive advantage over other competitors. Leveraging these advantages, existing business environments are expected to move gradually to cloud business environments that leverage cloud computing technology. In a cloud business environment, it's safe to keep information that can hurt you and invade your privacy. However, for efficient work, it is expected that the sharing and utilization of confidential corporate information or personal privacy information will gradually increase.

When it is necessary to use the information, it is safe to get the consent of the information owner. However, personal information is currently managed by each institution. For example, in the medical environment, medical records such as hospitalization history and illness name, as well as personal information such as patient's name, gender and social security number are managed by the hospital. In order to share safe medical information, patients should keep their medical records, and users (medical staff, medical research institutes, insurance institutions, etc.) should ask for their consent when medical records are needed. However, for effective medical services to be available, medical information must be accessible to users at any time. In other words, personal information is stored in the medical DB server for service availability. However, when the information is stored and managed in a plain text form that anyone can identify in the DB server, there is a problem of trust in the DB server. Problems such as illegal secondary use (sharing information with users who are not allowed to access the DB) occur by malicious attackers who access the DB server. Therefore, it is required to encrypt the plain text unidentifiably by introducing a cryptographic method. In addition, there is a need for access rights management that controls only the users who have been granted access by the patient to view the data. Here, access right management is to decide whether to grant access by reassessing the justification for data access even if the user grants access. This prevents users from misusing or misusing data.

In other words, there is a need to securely share confidential information in cloud computing environments. Yu, Wang, Ren and Lou (2010) propose a way to meet these requirements. Leverage KP-ABE (Key Policy-Attribute Based Encryption) to ensure access control and confidentiality of your data, and use proxy re-encryption (PRE) to delegate tasks to cloud servers It solves the calculation overload such as key generation. The method of Yu et al. (2010) encrypts the cipher text with an arbitrary secret key encryption method and encrypts the secret key with KP-ABE and stores it in the cloud server. The cloud server transmits a cipher text and an encrypted secret key when a user requests a read request. Through this, Yu et al. (2010) solve the problem of secure secret key distribution. However, since the cloud server possesses both the ciphertext and the encrypted key, that is, possesses all the rights related to decryption, distributed management of the decryption authority owned by the cloud server is required. In addition, Yu et al. (2010) do not consider the concept of access management.

Recently, the importance of data backup has been highlighted due to the loss of corporate data due to the Japan earthquake. Among the necessity of data backup, data loss due to natural disaster was a banal reason that is unlikely to occur in reality. However, a lot of natural disasters have occurred recently, and the damages caused by them have continued. In addition, as in the case of Nonghyup (Media Daum 2011), files should be distributed and stored in the data center in a form that cannot identify confidential information in preparation for data deletion by malicious internal attackers. In addition, it is necessary to introduce access rights management procedures to evaluate the legitimacy of accessing the system before these malicious internal attackers can access the data.

(Data Encryption Key)로 데이터를 암호화하여 바디(body)를 구성하고 속성집합으로

를 암호화하여 헤더(header)를 구성한다. 이러한 헤더와 바디를 결합하여 데이터 파일을 구성하여 클라우드 사업자에게 전송한다. 사용자 그룹이 데이터에 접근하고자 할 때 소지하고 있는 비밀키가 헤더의 속성집합에 만족하면 DEK를 얻고 바디의 데이터를 열람할 수 있다. Yu et al.(2010)의 방식은 데이터 소유자가 시스템 속성 집합의 정의, 시스템과 관련된 키 생성 및 설정을 하고 데이터의 암호화, 데이터를 암호화한 비밀키를 KP-ABE로 암호화하여 클라우드 사업자에게 전송하면 암호화된 키와 암호문의 관리는 전적으로 클라우드 사업자가 시행한다. 즉, 데이터 소유자는 온라인 상태가 아니어도 상관없지만 Yu et al.(2010)의 방식은 철회된 사용자와 클라우드 사업자 간의 공모를 통해서 데이터의 기밀성을 침해할 수 있다.Yu et al. (2010) anticipate moving existing business environments to cloud computing environments and propose system models that can ensure the confidentiality of data in these environments. This approach also points out that data confidentiality issues in cloud computing environments are unreliable for cloud operators. Receiving and sending documents related to each field in plain text can be quick and convenient, but data confidentiality can be violated if transmitted through unreliable cloud providers. In this regard, the concept of attribute-based encryption (KP-ABE), which encrypts data into attribute sets and has a private key associated with an access structure that satisfies the attribute set of data, can be used. That is, the secret key

Data is encrypted with Data Encryption Key to construct a body and set

Encrypt to configure the header. The header and body are combined to form a data file and sent to the cloud provider. When a group of users wants to access data, if their private key satisfies the header's attribute set, they can obtain a DEK and view the body's data. Yu et al. (2010) suggests that the data owner can define the system property set, generate and set the key related to the system, encrypt the data, encrypt the data with the KP-ABE, and send it to the cloud provider. The management of encrypted keys and ciphertexts is entirely up to the cloud provider. In other words, the data owner may or may not be online, but Yu et al. (2010) 's approach can violate the confidentiality of the data through a collusion between the withdrawn user and the cloud operator.

In Yu et al. (2010), in order to effectively withdraw the user on the system, the PRE is used to update the attribute version, and the operation is impossible unless the user has the same version attribute. In order for the cloud operator to perform these functions, the data owner creates an access structure containing dummy attributes, and delivers the access structure without dummy attributes to the cloud provider to prevent illegal use of the system master key. The combination of the ciphertext (body) encrypted with the secret key and the secret key (header) encrypted with KP-ABE (data file) is transmitted to the cloud provider, and the data file is sent when the user group requests to view the data. The method of Yu et al. (2010) makes it impossible to decrypt even if the user group receives the data file by updating the version of the attribute used when encrypting the header. However, when a collusion between the withdrawn user and the cloud provider is made, the cloud server can access the data unless the cloud server updates the attribute version of the cipher text for the contributor. In other words, if the proxy does not update the attribute version of the ciphertext and only possesses the previously issued private key, it can be decrypted as plain text because it satisfies the attributes of the ciphertext.

SUMMARY OF THE INVENTION The present invention was created to improve the above-mentioned conventional problems, and distributes access rights enabling secure data confidentiality, secure key problem, and access right management using AONT-based XOR threshold secret distribution in cloud computing environment. It is an object of the present invention to provide a management apparatus and method thereof.

In order to achieve the above object, in the cloud computing environment according to the present invention, the access authority distribution management device data is encrypted with an AES key to generate a ciphertext, and the AES key is divided into AONT-based XOR (k, n) threshold secret dispersion. A data owner terminal for generating n (integer or greater) XOR shares (Share) having a plurality of share shares and redundancy; A cloud service provider server configured to receive and store the cipher text from the data owner terminal; An authority manager group terminal configured to receive and store the plurality of restoration shares and the n XOR shares from the data owner terminal; And receiving the plurality of restoration shares and the n number of XOR shares from the authority manager group terminal, and performing the AONT inverse transformation process on the plurality of restoration shares and k (integers less than n) of the plurality of restoration shares to perform the AES key. And a user group terminal for restoring the data by decrypting the cipher text from the cloud service provider server with the restored AES key.

According to an aspect of the present invention, there is provided a method for managing distributed access rights in a cloud computing environment, wherein a data owner terminal encrypts data with an AES key to generate an encrypted text and provide the encrypted text to a cloud service provider server; The data owner terminal divides the AES key into an AONT-based XOR (k, n) threshold secret distribution to generate n (integer or more) XOR shares having a plurality of restore shares and redundancy and provide them to the authority manager group server. Storing by; A user group terminal receives the plurality of restoration shares and the n XOR shares from the authority manager group server, and performs the AONT inverse transformation process on the plurality of restoration shares and k (integer less than n) XOR shares. Recovering the AES key; And restoring the data by the user group terminal decrypting the cipher text from the cloud service provider terminal with the restored AES key.

In the present invention, the authority manager group, which is a trusted authority on the cloud, ensures access management and distributed management of decryption authority. Unlike the traditional approach, AONT-based XOR threshold secret distribution should be used instead of KP-ABE to distribute and store keys, and the user must obtain the restore share (authorization manager group archive) and XOR share (user archive) distributed by the data owner. A protocol that can restore encrypted medical data and a weightable protocol for decryption authority is constructed. In the above, the present invention is compared and analyzed in terms of decryption authority distribution management, redundancy, and efficiency, and the weighting of authority, which is a new function using the XOR share of the present invention, has been examined. Through this, the present invention qualitatively showed that the present invention is more secure (guaranteed confidentiality of data) than the conventional method and can be operated quickly by XOR bit operation.

1 is a diagram illustrating a non-separated encryption mode proposed by Rivest.
2 is a view showing an AONT method that can be applied to the present invention.
3 is a diagram illustrating an example of XOR threshold secret dispersion.
4 is a block diagram showing AONT-based XOR threshold secret dispersion according to an embodiment of the present invention.
FIG. 5 is a diagram illustrating a concrete example of the AONT-based XOR threshold secret dispersion shown in FIG. 4.
6 is a block diagram illustrating an apparatus for managing distributed access rights in a cloud computing environment according to an exemplary embodiment of the present invention.
7 is an exemplary diagram illustrating a weight of an authority according to the number of X0R shares.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The following terms are defined in consideration of the functions of the present invention, and may be changed according to the intentions or customs of the user, the operator, and the like. Therefore, the definition should be based on the contents throughout this specification.

In the present invention, a secret key used for encrypting and encrypting corporate data using a secret key cryptography method is divided and stored in shares (restored share, XOR share) using AONT-based XOR threshold secret dispersion. In addition, a group of authority managers can be set up to store some of the shares (restore share), and to perform the function of restoring the secret key by evaluating the validity when the user accesses data. Only the user who restored the secret key through this legitimate procedure can access the data.

Currently, smartphone-based mobile cloud services are being activated. For example, it stores a patient's medical data in a server and provides a service that allows a user and a large number of users to access desired information anytime and anywhere through a smartphone application. When sharing and utilizing such medical data, the data owner can securely store their data in the online space if the data can be controlled by a trusted organization. The introduction of the present invention into the medical field enables the management of confidentiality and access rights of data.

In the present invention, the authority manager group, which is a trusted authority on the cloud, is intended to ensure distributed management of access rights and decryption rights. In order to implement the functions of efficient operation and weighting, AONT-based XOR threshold secret distribution is used instead of KP-ABE to distribute and store the keys, and the distributed share distributed by the data owner terminal 610 (authorization manager group storage) and The XOR share (user archive) must be obtained by the user to form a way to restore encrypted medical data. In addition, a weightable protocol for decoding authority is configured.

KP-ABE and PRE

In KP-ABE, a user's private key is associated with an access structure and a ciphertext is associated with an attribute set. That is, the ciphertext is decrypted when the attribute set in the ciphertext satisfies the specific decryption policy of the user secret key. For example, if there is an access structure (= ((University Professor-Research Team)) (Research Team Leader)), the policy of (University Professor, Research Team, Research Team Leader, Department Chair) is Department chair) ('∧' and '∨' are AND and OR gates, respectively). For example, suppose you are conducting a study of swine flu at a medical school. The research data is encrypted as a set of attributes ({research team, department chair}) and the secret key is related to the access structure. If the researcher wants to access the data he has been studying for, the ciphertext is a professor of university and the AND gate of the research team is not satisfied, but the OR gate of the department head is satisfied.

PRE is a way for the proxy server to re-encrypt A's ciphertext so that B can decrypt it without learning any information about the plaintext. That is, A generates a re-encryption key for delegating decryption authority for its ciphertext to B and sends it to the proxy server. The proxy server converts A's ciphertext into B's secret key and decrypts it with B's secret key. B then decrypts the ciphertext with its private key. In Yu et al. (2010), in order to ensure the confidentiality of the data, the data is encrypted with KP-ABE and delegated to the cloud operators by using the PRE method to reduce the computational overload of the data owner's key generation. .

In order to manage such access rights, the present invention intends to solve the public attack of the conventional method by distributing and storing data files with a trusted authority called the authority manager group. In the proposed method, the body is the ciphertext encrypted with the Advanced Encryption Standard (hereinafter referred to as 'AES') key, and the header is the restoration share after applying the AES key d (positive integer) times AONT conversion. In other words, the header is transmitted to the authority manager group and the body is transmitted to the cloud provider. Through distributed storage of these data files, the user group ensures the confidentiality of the data in a way that must be approved by the authority administrator group.

AONT encryption mode

Conventional All Or Nothing Transform (AONT) non-separated encryption mode is composed of a scramble unit for transforming plain text without using a secret key and an encryption unit for encrypting plain text using a secret key (Rivest 1997). Where h: {0, 1} ^ℓ → {0, 1} ^* is the hash function and g: {0, 1} ^* → {0, 1} ^ℓ is the generator function. Let data m be the L-bit plaintext and the secret key shared by the sender and receiver. Encrypt the random number r and the plaintext m as follows: At this time, the ciphertext is c = c ⁽¹⁾ ∥ c ⁽²⁾ . 1 is a non-separated encryption mode proposed in Rivest (1997).

Non-separated encryption mode has a problem of secure key distribution among senders and receivers, such as a secret key encryption method. In the present invention, AONT that does not use a secret key is utilized (桑 門 秀 典 ， 神 大 2004). Figure 2 is the AONT method proposed in the 桑 門 秀 典 ， 神 大 (2004). Yu-Sung, Shin (2004) has the variability of data through AONT transformation, but lacks redundancy in that all data must be transformed when restoring plain text. The present invention utilizes a combination of AONT transform and XOR threshold secret variance to provide redundancy.

XOR Threshold Secret Variance

XOR (eXclusive OR) (k, n) The threshold secret distribution method is an XOR operation-based secret distribution method that can distribute plaintext to n XOR shares and restore only k kOR shares (石津 晴 崇, 荻 原 利 彦 2004). In (k, n), n is an integer of 2 or more and k is an integer less than n. Conventional polynomial operations based secret variance (Shamir 1979) causes computational overload in restoration. In comparison, the XOR threshold secret dispersion is a bit operation, which is superior in terms of computational efficiency. However, when the plain text is distributed to n XOR shares, the plain text increases by n times. In other words, if the number of XOR shares is increased for the safety against the loss of plain text, the storage space is needed by n times the plain text. 3 shows an example of the XOR threshold secret dispersion when n = 3 and k = 2.

Application of XOR Threshold Secret Variance to AONT

By combining AONT (桑 門 秀 典 ， 神 大 2004) and XOR threshold secret variance (石津 晴 崇, 荻 原 利 彦 2004), we propose a method to guarantee both data variability and redundancy (Song Yu-jin, Park Kwang-yong 2010). 4 is a block diagram of AONT-based XOR threshold secret dispersion.

By repeatedly applying AONT to secret information as shown in FIG. 4, the size of node_L _i (i = 1, ..., d-1) is reduced and then XOR is applied to node_L _d (share with d times AONT conversion). Apply threshold secret variance. It is designed to secure redundancy against data loss by applying AONT transform to secret information and applying XOR threshold secret dispersion to node_L _d .

Here, the share (node R _1, node R _{2, ...,} node R _d ) that is essential when restoring as a share generated during AONT conversion is called a restore share and is created by XOR threshold secret distribution The remaining shares that may be lost are redundant (nodes L _{d, 1,} nodes L _{d, 2, ...,} nodes L _{d, n} ) are referred to as XOR shares.

In the protocol according to the present invention, the authority manager group terminal 630 carries the restoration share and the user group terminal 640 carries the XOR share. When the user wants to view the data using the user group terminal 640, the node _L _d is restored with k XOR shares, and the access share is restored by receiving the restoration share from the authority manager group terminal 630 and restoring the AES key. Access rights management).

A specific example of this application is shown in FIG. 5. Partition 10M (Mega byte) plain text into AONT transform. In the first run, 10M is split into 7M and 3M, and in the second run, 7M is split into 5M and 2M. In addition, 5M XOR (2, 3) threshold secret dispersion is used to distribute three XOR shares, and only two XOR shares are needed to restore the original state.

Distributing 10M plaintext by XOR (2, 3) threshold secrets alone requires 30M storage space, whereas using AONT-based XOR (2, 3) threshold secrets requires 20M storage space. In addition, repeated application of AONT can further reduce the capacity of shares distributed by secret dispersion. In other words, it effectively utilizes storage space and ensures the safety of data loss.

Hereinafter, an apparatus and method for managing distributed access rights in a cloud computing environment according to an exemplary embodiment of the present invention will be described with reference to FIG. 6. 6 is a block diagram illustrating an apparatus for managing distributed access rights in a cloud computing environment according to an exemplary embodiment of the present invention.

Referring to FIG. 6, the present invention solves the problem of guaranteeing data confidentiality and secure key distribution by utilizing AES (Daemen and Rijmen 1999) and AONT-based XOR threshold secret distribution.

k_s 및 생성원 함수 g를 이용해서 g(μ_s

k_s)를 계산한다. 데이터 소유자 단말(610)은 k₁∥k₂∥...∥k_s-1와 g(μ_s

k_s)를 XOR 연산해서 x₁∥x₂∥...∥x_s-1(노드_L_i(i=1,...,d))를 계산한다. 즉 x₁∥x₂∥...∥x_s-1 = (k₁∥k₂∥...∥k_s-1)g(μ_s

k_s). 데이터 소유자 단말(610)은 해쉬 함수 h를 이용해서 h(x₁∥x₂∥...∥x_s-1)를 계산한다. 데이터 소유자 단말(610)은 h(x₁∥x₂∥...∥x_s-1)과 (μ_s

k_s)을 XOR 연산해서 (노드_R_i)를 계산한다. 따라서, x_s = (μ_s

k_s)

h(x₁∥x₂∥...∥x_s-1). 데이터 소유자 단말(610)은 노드_L_i에 AONT 변환을 d회 반복 수행하여 노드_L_d를 생성한다. 마지막 d회 수행 후 생성된 모든 노드_R_i (i=1,...,d), 즉 복원 쉐어는 권한 관리자 그룹 단말(630)에 저장한다.The data owner terminal 610 encrypts the data m with AES and divides and distributes the AES key by AONT-based XOR threshold secret distribution. Specifically, first, the data owner terminal 610 is a hash function h is h: {0, 1} ^{ℓ (s-1)} → {0, 1} ^ℓ , the generation source function g is g: {0, 1} ^ℓ → Initialize the system by setting {0, 1} ^{ℓ (s-1)} respectively. In the hash function h and the generator original function g, l represents one block size and s represents the number of blocks. The data owner terminal 610 encrypts the data m with an AES key to form a ciphertext C (body). The data owner terminal 610 divides the AES key into an AONT based XOR (k, n) threshold secret variance (specify k = 2, n = 3 for explanation). The data owner terminal 610 sets the AES key k to k ₁ , k ₂ ...., k _s (k _i ∈ {0, 1} ^ℓ , i = 1, 2, .... to perform AONT conversion. , s) and calculate the μ _s = h (k ₁ ∥k ₂ ∥k _s-1 ) using the hash function h. The data owner terminal 610 is μ _s

g (μ _s) using k _s and the generator function g

k _s ) The data owner terminal 610 is k ₁ ∥k ₂ ∥ ... ∥k _s-1 and g (μ _s

Calculate k _s ) and compute x ₁ ∥x ₂ ∥x _s-1 (node_L _i (i = 1, ..., d)). That is x ₁ ∥ x ₂ ∥ ∥x _s-1 = (k ₁ ∥k ₂ ∥k _s-1 ) g (μ _s

k _s ). The data owner terminal 610 calculates h (x ₁ ∥ x ₂ ∥ ... ∥ x _s-1 ) using the hash function h. The data owner terminal 610 has h (x ₁ ∥x ₂ ∥ ... ∥x _s-1 ) and (μ _s

k _s ) is XORed to compute (node_R _i ). Thus, x _s = (μ _s

k _s )

h (x ₁ x ₂ …… x _s-1 ). The data owner terminal 610 repeats the AONT transformation to node_L _i d times to generate node_L _d . All nodes_R _i (i = 1, ..., d) generated after the last d times are stored in the authority manager group terminal 630.

R₀

R₁, K₁

R₁), 노드_L_d,2 = (K₀

R₀, K₁

R₀

R₁), 노드_L_d,3 =(R₀, R₁). 데이터 소유자 단말(610)은 XOR 쉐어인 노드_L_d,i를 사용자 그룹(640)의 각 사용자에게 전송한다. 데이터 소유자 단말(610)은 AES로 암호화된 암호문(바디)은 클라우드 서비스 제공자(Cloud Service Provider ; CSP) 서버(620)에게, AES키를 AONT 변환으로 분할된 모든 복원 쉐어(헤더)는 권한 관리자 그룹 단말(630)에 전송한다. 마지막 AONT 변환으로 분할된 노드_L_d는 XOR 임계치 비밀분산을 통해서 XOR 쉐어로 분산하여 사용자 그룹 단말(640)의 사용자에게 나눠준다. Data owner terminal 610 d is a conference AONT conversion takes the XOR of nodes share _{_L d K 0 ∥K 1 = {} 0, 1} ℓ (i = 1, 2)) to the division, and the two random numbers R ₀ , R ₁ (R _i = {0, 1} ^l (i = 1, 2)). The data owner terminal 610 generates node_L _{d, i (i = 1, 2, 3)} as follows through XOR operation of K ₀ , K ₁ and R ₀ , R ₁ as follows. Node_L _{d, 1} = (K ₀

R ₀

R ₁ , K ₁

R ₁ ), node_L _{d, 2} = (K ₀

R ₀ , K ₁

R ₀

R ₁ ), node_L _{d, 3} = (R ₀ , R ₁ ). The data owner terminal 610 transmits the XOR share node_L _{d, i} to each user of the user group 640. The data owner terminal 610 is an AES-encrypted ciphertext (body) to the Cloud Service Provider (CSP) server 620, and all restore shares (headers) partitioned by AEST conversion to the AEST are authority manager groups. It transmits to the terminal 630. Node_L _d divided by the last AONT transform is distributed to the XOR share through the XOR threshold secret distribution and distributed to the user of the user group terminal 640.

R₀

R₀, K₁ = K₁

R₀

R₁

R₁. 그 후, 노드_L_d = (K₀∥K₁)를 구성한다.The user group terminal 640 restores the AES key to AONT-based XOR (k, n) threshold secret distribution and decodes the ciphertext C with the restored AES key to derive data m. Specifically, if the user wants to decrypt the ciphertext C, the user collects as many as k thresholds of nodes_L _{d, i (i = 1,2,3)} and performs the XOR operation as follows. and a share in d conference AONT conversion takes a share of node _L _d restored (for illustration node _L _d, using ₁ and node _L _{d, 2).} That is, K ₀ = K ₀

R ₀

R ₀ , K ₁ = K ₁

R ₀

R ₁

R ₁ . Then, configure node_L _d = (K ₀ ∥ K ₁ ).

The user group terminal 640 is authenticated as an authorized user by the authority manager group terminal 630 to obtain all the restoration shares, and receives all node_R _i (i = 1, ..., d) which is the restoration share. performed d times AONT inversion process with XOR share the node _L _d by restoring the AES key, and decrypts the ciphertext data C m in the restored key in AES XOR threshold secret sharing of AONT based.

In the following, we compare and analyze the existing method and the proposed method in terms of decentralization management, redundancy, and efficiency. And the weighting of the authority which is a new function using the XOR share of this invention is examined. Table 1 below is a comparison table of features of the present invention and the conventional method.

Characteristic Existing Method  Invention Decryption authority
Distributed management Decryption authority centralized in cloud server Decryption authority is distributed by authorization manager group and cloud server Redundancy Lack of redundancy as it is incapable of losing the user's private key Utilization of XOR Threshold Secret Variance ensures redundancy because only dogs can be restored even if the XOR share is lost efficiency Slow encryption and decryption compared to the proposed method by pairing operation Faster encryption / decryption than XOR with XOR operation Authorized
Weighting Does not provide a concept of weighting permissions Authority weight can be assigned according to the number of XOR shares

In order to solve the problem of secure key distribution in cloud computing environment, the proposed protocol of Yu et al. Is similar to the scheme of the present invention. Yu et al. Solves the key distribution problem by encrypting the secret key that encrypts the data with Attribute Based Encryption (ABE) and transmitting the secret key of the ABE to the user. However, there is a problem of centralizing decryption authority because the cloud server holds both the ciphertext and the encrypted secret key.

The present invention encrypts data with AES and splits and distributes AES keys with AONT-based XOR threshold secret distribution (d restore shares, n XOR shares for node_L _d ). The cloud service provider server 620 distributes and stores the ciphertext, d restore shares in the authority manager group which is a trust authority, and n XOR shares for the node_L _d to the user. The authority manager group authenticates legitimate users and provides decryption authority for ciphertext. In other words, it is more secure than Yu et al. (2010) protocol configuration, where decryption authority is concentrated and user authentication process cannot be expected.

Yu et al. (2010) utilize the fast encryption / decryption processing speed of secret key cryptography and the access control of ABE efficiently. In other words, relatively large data is encrypted by secret key encryption method and small secret key is encrypted by ABE to provide efficiency and access control. However, there is a lack of redundancy due to the loss of the ABE secret key possessed by the user. In other words, if the ABE secret key is lost, it must be reissued and a computational overload problem is expected. From the enterprise's point of view, the service is interrupted until the re-issuance of the secret key, resulting in failure to maintain business continuity and loss of time. The proposed method can restore the secret key if there are only k thresholds among the n XOR shares for the node_L _d owned by the user. That is, the possibility of restoration is determined according to the amount of k XOR share information required for node_L _d restoration among n XOR shares using the XOR threshold secret dispersion. In addition, compared to Yu et al. (2010) based on pairing operation in secret key encryption, the proposed method is superior in computational efficiency because it is based on XOR operation.

According to the present invention, the weight of authority according to the number of XOR shares of node_L _d may be assigned by utilizing XOR threshold secret dispersion. For example, if the hospital A has a decryption policy of 'you can access the data only if it is more than the doctor', the XOR share can be arranged as shown in FIG. 7 by utilizing the XOR (k, n) threshold secret dispersion. Hospital heads and doctors have three or more XOR shares, so they are satisfied with the decryption policy and have the right to view the data. On the other hand, nurses, pharmacists, and nursing assistants have XOR shares that are not satisfied with the decryption policy, so they need to cooperate with other members to have three or more XOR shares. That is, the nurse can satisfy the decryption policy through cooperation with the nursing assistant. In this way, the hierarchical authority can be implemented by adjusting the number of XOR shares.

Although the present invention has been described as a specific preferred embodiment, the present invention is not limited to the above-described embodiments, and the present invention is not limited to the above-described embodiments without departing from the gist of the present invention as claimed in the claims. Anyone with a variety of variations will be possible.

610: data owner terminal
620: CSP server
630: authority manager group terminal
640: user group terminal

Claims (4)

Encrypts the data with an AES key to generate a ciphertext, and divides the AES key into an AONT-based XOR (k, n) threshold secret variance to generate n (2 or more integers) XOR shares with multiple restore shares and redundancy A data owner terminal;
A cloud service provider server configured to receive and store the cipher text from the data owner terminal;
An authority manager group terminal configured to receive and store the plurality of restoration shares and the n XOR shares from the data owner terminal; And
The AES key is restored by receiving the plurality of restoration shares and the n XOR shares from the authority manager group terminal and performing the AONT inverse conversion process on the plurality of restoration shares and k (the integer smaller than n). And a user group terminal for recovering the data by decrypting the cipher text from the cloud service provider server with the restored AES key. The apparatus of claim 1, wherein k and n are 2 and 3, respectively. Encrypting the data with an AES key by the data owner terminal to generate a cipher text and provide the encrypted text to a cloud service provider server;
The data owner terminal divides the AES key into an AONT-based XOR (k, n) threshold secret distribution to generate n (integer or more) XOR shares having a plurality of restore shares and redundancy and provide them to the authority manager group server. Storing by;
A user group terminal receives the plurality of restoration shares and the n XOR shares from the authority manager group server, and performs the AONT inverse transformation process on the plurality of restoration shares and k (integer less than n) XOR shares. Recovering the AES key; And
And recovering the data by decrypting the cipher text from the cloud service provider terminal by the restored AES key. The method of claim 3, wherein k and n are 2 and 3, respectively.

Images