Research And Design Of Cloud Storage Key Management Scheme For Hierarchical Structure

In recent years,with the rapid development of cloud computing technology,the application of cloud storage technology which is based on cloud computing to the military field has become the next development direction of military information systems.Although the application of cloud storage technology to the military field has broad prospects,its security issues have constrained the in-depth development of its applications.Therefore,under the characteristics of cloud storage multi-tenancy and massive data,how to realize the secure storage of military data and the flexible sharing of data between military departments on this basis has become the focus of this paper.In this paper,According to the organizational structure of the military department hierarchy and three different directions of data-oriented access to the hierarchical structure,We research the key management scheme of ciphertext data sharing access in cloud storage environment.(1)A key management scheme for hierarchical access to hierarchical nodes is proposed.Aiming at the actual needs of the military departments organized by the hierarchical structure to access the data of the lower-level departments,a key management scheme based on homomorphic hash is proposed.By using the homomorphism of the homomorphic Hash function and the key derivation tree structure of the hierarchical structure,an efficient superior department decryption key is derived from the decryption key of the lower-level department.Due to the fact that the department has dynamic join or revocation,in order to adapt to the dynamic demand,the key management support department node joins and cancels the operation,and the key management overhead caused by the dynamic change of the department is small.By defining HHF-CAS,the homomorphic collision problem of the homomorphic Hash function is used as a security basis to analyze the scheme.It proves that the attacker cannot obtain the decryption key of the superior department in the polynomial time.At the same time,the performance analysis and comparison experiments show that the proposed scheme has less storage overhead than the common parameters of the existing scheme,and the key generation phase and key derivation efficiency are optimal.(2)A key management scheme for hierarchical access to hierarchical node nodes is proposed.Since the nodes in the hierarchy have the requirement to access the ciphertext data of their siblings horizontally,and the classic KAC scheme is difficult to solve the problem of dynamic growth of data categories and user revocation problems,this paper first proposes an extended KAC scheme called DRKAC scheme.The solution supports key aggregation on demand and supports dynamic growth of data categories and user safe and efficient revocation.Then,the access requirements can be shared horizontally for the nodes.According to the access range of the sibling nodes that the nodes can access horizontally,the corresponding decryption keys are assigned to the nodes,and the rights are granted and the complete key management scheme is constructed.At the same time,this paper analyzes the correctness and formal security of the scheme.The DBDH problem is used as a basis for security to prove that the solution is CPA-safe.(3)A key management scheme for hierarchical access to hierarchical nodes is proposed.Based on the Hierarchy structure of the HIBE scheme,a decryption key is generated for nodes with up-level access rights.To implement data sharing access and efficient revocation of rights,this paper proposes a HIB-PRE scheme,and the key management center allocates a single proxy server.The undeliverable re-encryption key implements the access permission constraint and realizes the efficient privilege revocation based on the re-encryption key.This paper ensures the security and reliability of the scheme through correctness analysis,security analysis and performance analysis.(4)This paper integrates the key management schemes that share access rights in three different directions oriented to the hierarchical structure,and grants shared access rights to different nodes in the same direction through the same key management center;The algorithm reduces the key management overhead of the node,and discusses the permissions granted based on the access authority matrix,the inter-node cross-domain access scheme,and the integration and function expansion of the implementation scheme.