Efficient Collaborative Access Control Encryption Scheme for Cloud Storage

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Internet of Things Journal Pub Date : 2025-06-25 DOI:10.1109/JIOT.2025.3583009

Ran Lingqin;Peng Changgen;Tan Weijie

{"title":"Efficient Collaborative Access Control Encryption Scheme for Cloud Storage","authors":"Ran Lingqin;Peng Changgen;Tan Weijie","doi":"10.1109/JIOT.2025.3583009","DOIUrl":null,"url":null,"abstract":"To address the limitations of traditional access control schemes in cloud storage environments—such as high computational and storage overhead, difficulty in supporting collaborative user access, and vulnerability to malicious collusion attacks—this article proposes a Chinese remainder theorem (CRT)-based anti-collusion collaborative access control encryption scheme for cloud storage. Our solution introduces a dynamic authorization mechanism for collaborative nodes, enabling data owners (DOs) to designate collaborative nodes in access policies and generate collaborative secret values. By integrating threshold secret sharing technology, these collaborative secret values are embedded into group user keys. Leveraging the modulus orthogonality of CRT, our scheme imposes two conditions for collaborative access: 1) the attribute sets of group users must satisfy the collaborative access policy and 2) the collaborative secret value shares held by group members must meet a predefined threshold. This design not only supports legitimate collaborative decryption but also automatically identifies cross-group collaboration as a collusion attack without requiring trusted third-party authorities. Security analysis demonstrates that our scheme ensures data confidentiality. Experimental evaluations show significant advantages in computation and storage efficiency compared to typical schemes such as ciphertext-policy ABE (CP-ABE) and CP-WABE-certification authority (CA).","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 17","pages":"36577-36589"},"PeriodicalIF":8.9000,"publicationDate":"2025-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11050888/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

To address the limitations of traditional access control schemes in cloud storage environments—such as high computational and storage overhead, difficulty in supporting collaborative user access, and vulnerability to malicious collusion attacks—this article proposes a Chinese remainder theorem (CRT)-based anti-collusion collaborative access control encryption scheme for cloud storage. Our solution introduces a dynamic authorization mechanism for collaborative nodes, enabling data owners (DOs) to designate collaborative nodes in access policies and generate collaborative secret values. By integrating threshold secret sharing technology, these collaborative secret values are embedded into group user keys. Leveraging the modulus orthogonality of CRT, our scheme imposes two conditions for collaborative access: 1) the attribute sets of group users must satisfy the collaborative access policy and 2) the collaborative secret value shares held by group members must meet a predefined threshold. This design not only supports legitimate collaborative decryption but also automatically identifies cross-group collaboration as a collusion attack without requiring trusted third-party authorities. Security analysis demonstrates that our scheme ensures data confidentiality. Experimental evaluations show significant advantages in computation and storage efficiency compared to typical schemes such as ciphertext-policy ABE (CP-ABE) and CP-WABE-certification authority (CA).

查看原文本刊更多论文

基于云存储的高效协同访问控制加密方案

针对传统访问控制方案在云存储环境中的局限性，如计算和存储开销大、难以支持协同用户访问、易受恶意合谋攻击等，本文提出了一种基于中国剩余定理（CRT）的云存储反合谋协同访问控制加密方案。我们的解决方案为协作节点引入了动态授权机制，使数据所有者（DOs）能够在访问策略中指定协作节点并生成协作秘密值。通过集成阈值秘密共享技术，将这些协同秘密值嵌入到组用户密钥中。该方案利用CRT的模正交性，对协同访问施加两个条件：1)组用户的属性集必须满足协同访问策略；2)组成员所持有的协同秘密值共享必须满足预定义的阈值。这种设计不仅支持合法的协同解密，而且可以自动识别跨组协作为共谋攻击，而不需要可信的第三方权威。安全性分析表明，该方案保证了数据的保密性。实验结果表明，与密文策略ABE （CP-ABE）和cp - wabe -认证机构（CA）等典型方案相比，在计算和存储效率方面具有显著的优势。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.