云存储是未来存储业务的发展方向, 数据安全是云存储客户的首要关切. 密文策略属性加密(CP-ABE)算法允许数据拥有者将访问策略嵌入密文中, 并结合数据访问者的密钥实施访问控制, 特别适合云存储环境, 但CP-ABE不支持与时间相关的访问控制. 本文提出基于时释性加密的CP-ABE方案, 通过在CP-ABE中融入时释性加密(TRE)机制来实现带有时间控制的密文共享, 允许数据拥有者基于用户属性和访问时间制定更加灵活的访问策略. 论文通过安全分析表明, 该方案能够抵抗来自用户、云存储平台和授权机构的非法访问、非法用户的串谋攻击以及选择明文攻击.
Cloud storage is the future development direction of the storage business, and data security is the primary concern of cloud storage customers. The Ciphertext-Policy Attribute-Based Encryption (CP-ABE) algorithm allows the data owner to embed the access policy in the ciphertext and implement access control in conjunction with the key of data accessor, which is particularly appropriate for cloud storage environments. However, CP-ABE does not support time-related access control. This study proposes a CP-ABE scheme based on Time-Release Encryption (TRE). By incorporating a TRE mechanism in CP-ABE to achieve ciphertext sharing with time control, this scheme allows data owners to formulate a more flexible access strategy based on user attributes and access time. And then, we conduct security analysis to verify that this scheme can resist illegal access from users, cloud storage platforms and authorized institutions, as well as collusion attacks of illegal users. In addition, this scheme can also resist chosen-plaintext attack.