一种支持属性重用的DCP-ABE方案研究

doi:10.3969/j.issn.1671-1122.2015.06.007

信息网络安全 ›› 2015, Vol. 15 ›› Issue (6): 41-46.doi: 10.3969/j.issn.1671-1122.2015.06.007

一种支持属性重用的DCP-ABE方案研究

连科(), 赵泽茂, 王丽君, 贺玉菊

杭州电子科技大学通信工程学院,浙江杭州 310018

收稿日期:2015-04-20 出版日期:2015-06-20 发布日期:2018-07-16
作者简介:
作者简介：连科（1986-）,男,河北,硕士研究生,主要研究方向：通信网络与信息安全;赵泽茂（1965-）,男,四川,教授,博士,主要研究方向：信息安全与密码学;王丽君（1989-）,女,河南,硕士研究生,主要研究方向：信息安全与密码学;贺玉菊（1989-）,女,河南,硕士研究生,主要研究方向：信息安全与密码学。
基金资助:
浙江省自然科学基金[R109000138];浙江省钱江人才计划[2013R10071]

Research on DCP-ABE Scheme Supporting Attribute Reuse

Ke LIAN(), Ze-mao ZHAO, Li-jun WANG, Yu-ju HE

College of Communication Engineering, Hangzhou Dianzi University, Hangzhou Zhejiang 310018,China

Received:2015-04-20 Online:2015-06-20 Published:2018-07-16

摘要/Abstract

摘要：

属性基加密（ABE）机制以属性为公钥,将密文和用户私钥与属性关联,能够灵活地表示访问控制策略,从而极大地降低数据共享细粒度访问控制带来的网络带宽和发送节点的处理开销。作为单授权机构ABE机制的推广,多授权机构ABE机制减轻了单一机构的工作负担,降低了风险,同时也更容易满足分布式系统的需求。文章针对目前多授权机构ABE方案中属性不能重用的问题,提出一个分权密文策略属性基加密（DCP-ABE）方案。该方案引入授权机构全局标识符,在加密阶段通过将属性（该属性满足密文的访问结构）相关的密文构件与该属性所属的授权机构的全局标识符进行绑定,使得不同授权机构所管理的属性能够重复使用,扩展了方案的实用性。此外,该方案中任何授权机构都可以动态加入或者离开该加密系统,不再需要中央授权机构对授权机构进行管理。

关键词: 属性基加密, 访问控制策略, 分权密文策略, 多授权机构

Abstract:

Attribute-based encryption (ABE) scheme takes attributes as the public key and associates the ciphertext and user’s secret key with attributes, so it can express flexibly access control policies. This scheme dramatically reduces the network bandwidth and the cost of sending nodes’ operations in fine-grained access control of data sharing. As a generalization of a single authority ABE scheme, multi-authority ABE scheme reduces the burden of single authority and the security risk, while meeting the needs of distributed applications more easy. To address the issue that the attributes cannot be reused in multi-authority ABE scheme, this paper proposes an improved multi-authority ABE scheme called DCP-ABE scheme, which introduces the global identifier of authority. In the encryption stage, by binding the ciphertext components related to the attribute with the global identifier of authority that manages this attribute, the attributes managed by different authorities can be reused, which expands the practicality of the scheme. In addition, in this scheme, any authority can dynamically join or leave the encryption system, which no longer needs the management of the central authority.

Key words: attribute-based encryption, access control policy, decentralized ciphertext policy, multi-authority

中图分类号:

TP309

连科, 赵泽茂, 王丽君, 贺玉菊. 一种支持属性重用的DCP-ABE方案研究[J]. 信息网络安全, 2015, 15(6): 41-46.

Ke LIAN, Ze-mao ZHAO, Li-jun WANG, Yu-ju HE. Research on DCP-ABE Scheme Supporting Attribute Reuse[J]. Netinfo Security, 2015, 15(6): 41-46.

图/表 2

参考文献 11

[1]	Chase M.Multi-authority attribute based encryption[C]//Theory of Cryptography. Springer Berlin Heidelberg, 2007: 515-534.
[2]	Božović V, Socek D, Steinwandt R, et al.Multi-authority attribute-based encryption with honest-but-curious central authority[J]. International Journal of Computer Mathematics, 2012, 89(3): 268-283.
[3]	Lin H, Cao Z, Liang X, et al.Secure threshold multi authority attribute based encryption without a central authority[J]. Information Sciences, 2010, 180(13): 2618-2632.
[4]	Gennaro R, Jarecki S, Krawczyk H, et al.Secure distributed key generation for discrete-log based cryptosystems[C]//Advances in Cryptology-EUROCRYPT' 99. Springer Berlin Heidelberg, 1999: 295-310.
[5]	Lewko A, Waters B.Decentralizing attribute-based encryption[C]//Advances in Cryptology-EUROCRYPT 2011. Springer Berlin Heidelberg, 2011: 568-588.
[6]	Chase M, Chow S S M. Improving privacy and security in multi-authority attribute-based encryption[C]//Proceedings of the 16th ACM conference on Computer and communications security. ACM, 2009: 121-130.
[7]	Liu Z, Cao Z, Huang Q, et al.Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles[C]//Computer Security-ESORICS 2011. Springer Berlin Heidelberg, 2011: 278-297.
[8]	Han J, Susilo W, Mu Y, et al.Privacy-preserving decentralized key-policy attribute-based encryption[J]. Parallel and Distributed Systems, IEEE Transactions on, 2012, 23(11): 2150-2162.
[9]	Qian H, Li J, Zhang Y.Privacy-Preserving Decentralized Ciphertext-Policy Attribute-Based Encryption with Fully Hidden Access Structure[C]//Information and Communications Security. Springer International Publishing, 2013: 363-372.
[10]	Boneh D, Boyen X.Short signatures without random oracles[C]//Advances in Cryptology-EUROCRYPT 2004. Springer Berlin Heidelberg, 2004: 56-73.
[11]	Ibraimi L, Tang Q, Hartel P, et al.Efficient and provable secure ciphertext-policy attribute-based encryption schemes[C]//Information Security Practice and Experience. Springer Berlin Heidelberg, 2009: 1-12.

[1]	刘鹏, 何倩, 刘汪洋, 程序. 支持撤销属性和外包解密的CP-ABE方案[J]. 信息网络安全, 2020, 20(3): 90-97.
[2]	许盛伟, 王飞杰. 多机构授权下可追踪可隐藏的属性基加密方案[J]. 信息网络安全, 2020, 20(1): 33-39.
[3]	秦中元, 韩尹, 张群芳, 朱雪金. 一种改进的多私钥生成中心云存储访问控制方案[J]. 信息网络安全, 2019, 19(6): 11-18.
[4]	闫玺玺, 张棋超, 汤永利, 黄勤龙. 支持叛逆者追踪的密文策略属性基加密方案[J]. 信息网络安全, 2019, 19(5): 47-53.
[5]	董庆贺, 何倩, 江炳城, 刘鹏. 面向云数据库的多租户属性基安全隔离与数据保护方案[J]. 信息网络安全, 2018, 18(7): 60-68.
[6]	闫玺玺, 刘媛, 胡明星, 黄勤龙. 云环境下基于LWE的多机构属性基加密方案[J]. 信息网络安全, 2017, 17(9): 128-133.
[7]	闫玺玺, 刘媛, 李子臣, 黄勤龙. 云环境下理想格上的多机构属性基加密隐私保护方案[J]. 信息网络安全, 2017, 17(8): 19-25.
[8]	闫玺玺, 叶青, 刘宇. 云环境下支持隐私保护和用户撤销的属性基加密方案[J]. 信息网络安全, 2017, 17(6): 14-21.
[9]	韩清德, 谢慧, 袁志民, 聂峰. 一种支持访问结构隐藏的MA-CP-ABE方案[J]. 信息网络安全, 2017, 17(1): 48-56.
[10]	罗霄峰, 王文贤, 罗万伯. 访问控制技术现状及展望[J]. 信息网络安全, 2016, 16(12): 19-27.
[11]	荣星, 江荣. 一种基于混合属性的多授权中心云访问方案[J]. 信息网络安全, 2016, 16(11): 6-6.
[12]	. 云计算中基于密文策略属性基加密的数据访问控制协议[J]. , 2014, 14(7): 57-.
[13]	连科, 赵泽茂, 贺玉菊. 属性匹配检测的匿名CP-ABE机制[J]. 信息网络安全, 2014, 15(10): 59-63.
[14]	江伟玉;刘丽敏;查达仁. 面向云存储的访问控制服务研究[J]. , 2013, 13(10): 0-0.
[15]	金张果;林柏钢;林志远. 自动信任协商中一种最小信任披露策略[J]. , 2012, 12(6): 0-0.

一种支持属性重用的DCP-ABE方案研究

Research on DCP-ABE Scheme Supporting Attribute Reuse

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 2

参考文献 11

相关文章 15

编辑推荐

Metrics

本文评价