| As the current mainstream Big Data processing tool, Hadoop’s security issues have been gradually exposed. The static data security issue of HDFS has been very urgent.Aiming at static data security issues of HDFS, this paper proposes a novel program which combines symmetric encryption and attribute encryption scheme.This program can not only meet the efficiency of encryption and decryption, but also achieve flexible access control based on user attributes. Then we apply this program to Personal Health Records(PHR) Sharing system. The main work is as follows:(1) We combine attribute encryption and asymmetric encryption as a hybrid encryption scheme, and then we use it in HDFS static data encryption for the first time. It not only ensures flexible access control, but also improves greatly the efficiency of encryption and decryption.(2) Based on the hybrid encryption scheme of HDFS, we build a PHR-sharing system and establish a complete system architecture, and gives a detailed implementation of the system. According to the characteristics of the actual application scenarios, we extend the system to more than a single authorization center, which can prevent unauthorized users of collusion attacks. we establish an efficient attribute revocation mechanism and strictly control the authorized users’ "write" permission.This system also supports the temporary authorization in emergency situations.(3) We establish standard security model to prove the safety of hybrid encryption scheme, and analyze the complexity of the algorithm to verify the efficiency of the system by way of simulation experiments. |
PDF Full Text Request