| The development of information technology brings a variety of new applications,but also led to the explosive growth of the data.The emergence of cloud computing technology provide massive information storage,processing,distribution capabilities,however,it also brings new security challenges.Once organizations and individuals have migrated their data to the cloud,the nature of losing physical control of the data,made the data privacy issues more severe.If there is no good solution,those issues will greatly hinder the development and application of cloud computing technology.Although the naive application of encryption technology-data was encrypted before uploading to the cloud,and the user was authorized by sending key to them,can solve the problem of lacking control of the user's data,but it brings a huge cost of key management and data encryption.The "Attribute based Encryption" and "Group Key Management" technology are put forward to embed the encryption rules to the decryption rules,which greatly reduce the complexity of key management.But those scheme suffer inefficiently user revocation and unable to support rich semantics access policies,and user authorization update must facing the enormous bandwidth overhead to download the data to the trust location to re-encrypt the data.In this paper,we propose a group key management scheme based on linear secret sharing(LSSS)to solve the privacy issues of data on the cloud.The technology allows users to user rich semantic access policies to encrypt the data key,the user who meet the access rules,can use their own identifies information to decrypt and obtain the shared key.The scheme support rich semantic access policies,flexible authority changes and user revocation without user involvement,which greatly enhance the availability of technology.Based on the proposed group key management scheme,this paper put forward a security proxy,which perfectly embeds the proposed group key management scheme.The proxy works without changing the service mode of the cloud computing,and implements access control on the data store in the cloud,so that the data owner can recover the control of the data.In order to dissolve the issues of data re-encryption cost when the authority change and user revocation,in this paper,the double layer encryption scheme was used,which allowed the cloud to do the re-encryption job without scarifying the security and extra cost.Experiments and analysis show that the group key management algorithm proposed in this paper has a high performance. |
PDF Full Text Request