一种支持访问结构隐藏的MA-CP-ABE方案

doi:10.3969/j.issn.1671-1122.2017.01.008

信息网络安全 ›› 2017, Vol. 17 ›› Issue (1): 48-56.doi: 10.3969/j.issn.1671-1122.2017.01.008

一种支持访问结构隐藏的MA-CP-ABE方案

韩清德¹(), 谢慧¹, 袁志民¹, 聂峰²

1. 海军工程大学信息安全系,湖北武汉 430033
2. 山东武警总队,山东济南 250000

收稿日期:2016-10-24 出版日期:2017-01-20 发布日期:2020-05-12
作者简介:
作者简介：韩清德（1989—）,男,福建,硕士研究生,主要研究方向为网络安全;谢慧（1979—）,女,山东,副教授,硕士,主要研究方向为网络安全;袁志民（1982—）,男,河南,讲师,博士,主要研究方向为信息安全;聂峰（1978—）,男,山东,硕士,主要研究方向为通信网络安全。
基金资助:
湖北省自然科学基金[2015CFA066]

A MA-CP-ABE Scheme of Supporting Access Structure Hiding

Qingde HAN¹(), Hui XIE¹, Zhimin YUAN¹, Feng NIE²

1. Department of Information Security, Naval University of Engineering, Wuhan Hubei 430033, China
2. China People’s Armed Police Corps in Shandong Province, Jinan Shandong 250000, China

Received:2016-10-24 Online:2017-01-20 Published:2020-05-12

摘要/Abstract

摘要：

属性基加密机制作为细粒度访问控制的有效手段,被广泛运用于云服务、远程医疗等领域。目前属性基加密机制的研究主要集中在多属性授权机构、属性动态撤销以及访问结构隐藏等方面,很少对访问结构隐藏与多属性授权进行综合研究,导致具备多属性授权的属性加密机制无法隐藏访问结构,严重威胁访问结构所携带的信息的安全;而具备访问结构隐藏的属性加密机制多采用单属性授权机构,限制了该类方案的功能扩展。文章针对该问题,在多属性授权密文策略的属性基加密机制的基础上,通过设置密文分量来实现访问结构隐藏;采用合数阶群双线性映射,设计出一种支持访问结构隐藏的MA-CP-ABE方案,并通过子群判定问题假设证明方案是自适应安全的。该方案对扩展属性基加密机制的安全应用具有重要意义。

关键词: 属性基加密, 多属性授权, 访问结构隐藏, 属性动态撤销

Abstract:

As an effective means of fine-grained access control, attribute-based encryption mechanism is widely used in cloud services, telemedicine and other fields. At present, the research of attribute-based encryption mechanism mainly focuses on the single attribute of multi-attribute authorization mechanism; attribute dynamic revocation and access structure concealment. However, few researches on access structure hiding and multi-attribute authorization lead to multi-attribute authorization encryption mechanism cannot guarantee the security of the sensitive information brought by the access structure, and the attribute-based encryption mechanism with the access structure hiding is restricted by the attribute authority and cannot be further expanded. In this paper, based on the attribute-based encryption mechanism of ciphertext policy with multi-attribute authorization, the access structure is hidden by setting the ciphertext component, and bilinear mapping of the group of orders is used to design a support access structure Hidden MA-CP-ABE scheme, and proved that the scheme is adaptive and safe by subgroup decision problem hypothesis. This scheme is of great significance for the application of the security mechanism of extended attribute-based encryption.

Key words: attribute-based encryption, multi-attribute authorization, access structure hiding, attribute dynamic revocation

中图分类号:

TP393

韩清德, 谢慧, 袁志民, 聂峰. 一种支持访问结构隐藏的MA-CP-ABE方案[J]. 信息网络安全, 2017, 17(1): 48-56.

Qingde HAN, Hui XIE, Zhimin YUAN, Feng NIE. A MA-CP-ABE Scheme of Supporting Access Structure Hiding[J]. Netinfo Security, 2017, 17(1): 48-56.

图/表 2

参考文献 35

[1]	SAHAI A,WATERS B.Fuzzy Identity-based Encryption[C]//AMS. 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 22-26, 2005, Aarhus, Denmark. Heidelberg: Springer, 2005: 457-473.
[2]	程思嘉,张昌宏,潘帅卿. 基于CP-ABE算法的云存储数据访问控制方案设计[J]. 信息网络安全,2016(2):1-6.
[3]	冯登国,陈成. 属性密码学研究[J].密码学报,2014,1(1):1-12.
[4]	李淑梅. 基于属性加密的细粒度动态云访问控制研究[D]. 内蒙古:内蒙古科技大学,2015.
[5]	郑周,张大军,李运发. 云计算中面向数据存储的安全访问控制机制[J]. 信息网络安全,2015(9):221-226.
[6]	程勇. 云存储中密文策略访问控制机制性能优化关键技术研究[D]. 长沙:国防科学技术大学,2013.
[7]	何享. 对等云存储服务系统的安全控制机制研究[D]. 武汉:华中科技大学,2013.
[8]	范运东,吴晓平,石雄. 基于信任值评估的云计算访问控制模型研究[J]. 信息网络安全,2016(7):71-77.
[9]	王晶,黄传河,王金海. 一种面向云存储的动态授权访问控制机制[J].计算机研究与发展,2016,53(4):904-920.
[10]	叶少珍,陈丽卿. 基于查询属性基加密的访问控制方案[J]. 北京工业大学学报,2016,42(8):1160-1166.
[11]	CHASE M. Multi-authority Attribute Based Encryption[EB/OL]. , 2016-9-10.
[12]	MULLER S, KATZENBEISSER S, ECKERT C.Distributed Attribute-based Encryption[C]//KIISC. 11th International Conference on Information Security and Cryptology, December 3-5, 2008, Seoul, Korea. Heidelberg: Springer, 2009: 20-36.
[13]	MULLER S, KATZENBEISSER S, ECKERT C.On Multi-authority Ciphertext-policy Attribute-based Encryption[J]. Bulletin of the Korean Mathematical Society, 2009, 46(4): 803-819.
[14]	LWEKO A, WATERS B.Decentralizing Attribute-based Encryption[C]//IST Austria. 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 8-12, 2011, Tallinn, Estonia. Heidelberg: Springer, 2011: 568-588.
[15]	LIU Zhen, CAO Zhenfu, HUANG Qiong, et al. Fully Secure Multi-authority Ciphertext-policy Attributr-based Encryption without Random Oracles[EB/OL]. , 2016-9-11.
[16]	KAPADIA A, TSANG P P, SMITH S W.Attribute-based Publishing with Hidden Credentials and Hidden Policies[C]//NSA. 14th Annual Network & Distributed System Security Symposium, February 28-March 2, 2007, San Diego, CA, USA. Berlin: ResearchGate, 2007: 179-192.
[17]	陈燕利. 基于属性的加密机制及应用研究[D]. 南京:南京邮电大学,2014.
[18]	NISHIDE T, YONEYAMA K, OHTA K.Attribute-based Encryption with Partially Hidden Encryptor-specified Access Structures[C]//IACR. 6th International Conference on Applied Cryptography and Network Security, June 3-6, 2008, New York, USA. Heidelberg: Springer, 2008: 111-129.
[19]	LAI Junzuo, DENG R H, LI Yingjiu.Fully Secure Ciphertext-policy Hiding CP-ABE[C]//ACM. 7th International Conference on Information Security Practice and Experience, May 30-June 1, 2011, Guangzhou, China. New York: ACM, 2011: 24-39.
[20]	王海斌,陈少真. 隐藏访问结构的基于属性加密方案[J]. 电子与信息学报,2012,34(2):457-461.
[21]	宋衍,秦臻,刘凤梅,等. 基于访问数的策略隐藏属性加密方案[J].通信学报,2015,36(9):119-126.
[22]	BONEH D, GOH E, NISSIN K.Evaluating 2-DNF Formulas on Ciphertexts[C]//ACM. 2nd International Conference on Theory of Cryptography, February 10-12, 2005, Cambridge, MA, UK. New York: ACM, 2005:325-341.
[23]	李琦. 基于属性的加密机制研究[D]. 西安:西安电子科技大学,2014.
[24]	LEWKO A, OKAMTO T, SAHAI A, et al.Fully Secure Functional Encryption: Attribute-based Encryption and (Hierarchical) Inner Product Encryption[C]//IACR. 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 30-June 3, 2010, French Riviera, French. Heidelberg: Springer, 2010: 62-91.
[25]	SHAMIR A.How to Share a Secret[J]. Communications of the ACM, 1979, 22(11): 612-613.
[26]	GOLDWASSER S, MICALI S.Probabilistic Encryption & How to Play Mental Poker Keeping Secret All Partial Information[C]//ACM. 14th Annual ACM Symposium on Theory of Computing, May 5-7, 1982, San Francisco, California, USA. New York: ACM, 1982: 365-377.
[27]	ATTRAPADUNG N.Dual System Encryption via Doubly Selective Security: Framework, Fully-secure Functional Encryption for Regular Languages, and More[C]//IACR. 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 11-15, 2014, Copenhagen, Denmark. Heidelberg: Springer, 2014: 557-577.
[28]	BLAZE M, BLEUMER G, STRAUSS M.Divertible Protocols and Atomic Proxy Cryptography[C]//IACR. International Conference on the Theory and Application of Cryptographic Techniques, May 31-June 4, 1998, Espoo, Finland. Heidelberg: Springer, 1998: 127-144.
[29]	闫玺玺,孟慧. 支持直接撤销的密文策略属性基加密方案[J]. 通信学报,2016,37(5):44-50.
[30]	郭威,周学广,瞿成勤,等. 基于CP-ABE的编队跨域通信方案研究[J]. 通信学报,2015,36(S1):250-258.
[31]	秦志光,包文意,赵洋,等. 云存储中一种模糊关键字搜索加密方案[J]. 信息网络安全,2015(6):7-12.
[32]	SHAMAIR A. Identity Based Cryptosystems and Signature Schemes[EB/OL]. , 2016-8-10.
[33]	宋开波. 基于密文策略属性基加密的云存储范围控制机制研究[D]. 长沙:国防科学技术大学,2012.
[34]	刘文超. 云技术中基于属性的访问控制研究[D]. 成都:电子科技大学,2015.
[35]	连科,赵泽茂,王丽君,等 . 一种支持属性重用的DCP-ABE方案研究[J]. 信息网络安全,2015(6):41-46.

一种支持访问结构隐藏的MA-CP-ABE方案

A MA-CP-ABE Scheme of Supporting Access Structure Hiding

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 2

参考文献 35

相关文章 12

编辑推荐

Metrics

本文评价

[1]	刘鹏, 何倩, 刘汪洋, 程序. 支持撤销属性和外包解密的CP-ABE方案[J]. 信息网络安全, 2020, 20(3): 90-97.
[2]	许盛伟, 王飞杰. 多机构授权下可追踪可隐藏的属性基加密方案[J]. 信息网络安全, 2020, 20(1): 33-39.
[3]	秦中元, 韩尹, 张群芳, 朱雪金. 一种改进的多私钥生成中心云存储访问控制方案[J]. 信息网络安全, 2019, 19(6): 11-18.
[4]	闫玺玺, 张棋超, 汤永利, 黄勤龙. 支持叛逆者追踪的密文策略属性基加密方案[J]. 信息网络安全, 2019, 19(5): 47-53.
[5]	董庆贺, 何倩, 江炳城, 刘鹏. 面向云数据库的多租户属性基安全隔离与数据保护方案[J]. 信息网络安全, 2018, 18(7): 60-68.
[6]	闫玺玺, 刘媛, 胡明星, 黄勤龙. 云环境下基于LWE的多机构属性基加密方案[J]. 信息网络安全, 2017, 17(9): 128-133.
[7]	闫玺玺, 刘媛, 李子臣, 黄勤龙. 云环境下理想格上的多机构属性基加密隐私保护方案[J]. 信息网络安全, 2017, 17(8): 19-25.
[8]	闫玺玺, 叶青, 刘宇. 云环境下支持隐私保护和用户撤销的属性基加密方案[J]. 信息网络安全, 2017, 17(6): 14-21.
[9]	荣星, 江荣. 一种基于混合属性的多授权中心云访问方案[J]. 信息网络安全, 2016, 16(11): 6-6.
[10]	连科, 赵泽茂, 王丽君, 贺玉菊. 一种支持属性重用的DCP-ABE方案研究[J]. 信息网络安全, 2015, 15(6): 41-46.
[11]	. 云计算中基于密文策略属性基加密的数据访问控制协议[J]. , 2014, 14(7): 57-.
[12]	连科, 赵泽茂, 贺玉菊. 属性匹配检测的匿名CP-ABE机制[J]. 信息网络安全, 2014, 14(10): 59-63.