Secure management of key distribution in cloud scenarios

Existing key distribution scheme based on key derivation has security default in cloud scenarios. The scheme distributes decryption keys to users through tags stored on cloud server. If the tag is destroyed by cloud server intentionally or unintentionally, the key distribution is destroyed too. Besides the above case, if all related tags are stored on client operated by user, the storage burden is high. To eliminate the insecurity of key distribution, we propose a novel solution based on tag derivation. In our scheme, each user needs to manage a single key and tag. Through the two information, the user can compute all authorized keys without using any information stored on cloud server. That is, our key distribution scheme is unrelated to cloud server to enhance the security of key distribution. The experiment results show that the performance of our method is better than existing methods in key distribution and query.