对Zhou等提出的方案(ZHOU M,MU Y,SUSILO W,et al.Privacy enhanced data outsourcing in the cloud.Journal of network and computer applications,2012,35(4):1367-1373)进行分析,指出了该方案无法实现对用户访问权限进行撤销的问题。针对该方案的不足,提出一种具有撤销用户访问权限的外包数据加密方案。首先,把数据分成多个数据块并分别对每个数据块加密;其次,通过密钥导出的方法减少数据拥有者管理和保存密钥的数量;最后,对同一个加密数据构造多个解密密钥,实现对某些用户的访问权限撤销,而未被撤销用户无需进行密钥更新。与Zhou等的方案相比,所提方案不仅保持该方案中的外包数据隐私保护优点,而且还实现了用户访问权限的撤销。分析结果表明,在离散对数困难问题(DLP)假设下,所提方案是安全的。
Unauthorized tampering with outsourced data can result in significant losses for both data owner and users.Data integrity therefore becomes an important factor in outsourced data systems.In this paper,we address this problem and propose a scheme for verifying the integrity of outsourced data.We first propose a new authenticated data structure for authenticating membership queries in sets based on accumulators,and then show how to apply it to the problem of verifying the integrity of outsourced data.We also prove that our scheme is secure under the q-strong DiffieHellman assumption.More importantly,our scheme has the constant cost communication,meanwhile keeping other complexity measures constant.Compared to previous schemes based on accumulators,our scheme reduces update cost and so improves previous schemes based on accumulators.In addition,the experimental comparison shows that our scheme outperforms the previous schemes.
WANG XiaomingYU FangLIN YanchunGAN QingqingWU Daini
