信息网络安全 ›› 2017, Vol. 17 ›› Issue (6): 14-21.doi: 10.3969/j.issn.1671-1122.2017.06.003

• 技术研究 • 上一篇    下一篇

云环境下支持隐私保护和用户撤销的属性基加密方案

闫玺玺1, 叶青1, 刘宇2   

  1. 1. 河南理工大学计算机科学与技术学院,河南焦作 454003;
    2. 北京理工大学信息系统及安全对抗实验中心,北京 100081
  • 收稿日期:2017-04-03 出版日期:2017-06-20
  • 通讯作者: 叶青 715585783@qq.com
  • 作者简介:闫玺玺(1985-),女,河南,讲师,博士,主要研究方向为计算机网络安全、数字版权管理、数字内容安全;叶青(1981-),女,辽宁,讲师,博士,主要研究方向为数字签名、格密码、计算机网络安全;刘宇(1993-),男,黑龙江,硕士研究生,主要研究方向为信息安全。
  • 基金资助:
    国家自然科学基金[61300216]; 河南省科技厅项目[132102210123]; 河南省教育厅科研项目[16A520013]; 河南理工大学2015年青年骨干教师资助项目

Attribute-based Encryption Scheme Supporting Privacy Preserving and User Revocation in the Cloud Environment

YAN Xixi1, YE Qing1, LIU Yu2   

  1. 1. School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo Henan 454003, China;
    2. Information System and Security & Countermeasures Experimental Center, Beijing Institute of Technology, Beijing 100081, China;
  • Received:2017-04-03 Online:2017-06-20

摘要: 针对云环境中用户属性更新和隐私安全问题,文章提出一种具有隐私保护且支持用户撤销的属性基加密方案。该方案采用半策略隐藏方式,将属性分为属性名和属性值,加密时对属性值进行隐藏,具体属性值不会泄露给任何第三方,有效地保护了用户的隐私。另外,通过令牌树机制为用户生成密钥加密密钥,控制用户对属性陷门的获取,实现了高效的属性撤销,即使用户错过密钥即时更新的信息,也可在解密密文前更新自己的密钥。安全性分析表明,该方案可以抵抗合谋攻击,并满足选择明文攻击安全。通过与其他方案对比,本文方案在存储代价和计算代价方面都有所优化,更适用于实际应用中用户属性规模远远小于系统属性规模的情况。

关键词: 云环境, 属性基加密, 属性撤销, 隐私保护

Abstract: In order to support fine-grained attribute revocation and privacy preserving in data outsourcing systems, an efficient privacy preserving attribute-based encryption scheme with user revocation is proposed. In the scheme, the attribute will be divided into two parts: attribute name and attribute value. Encryptor-specified access structures is partially hidden, so the value of user’s attributes will never be revealed to any third parties, and the user’s privacy will be effectively preserved. Meanwhile, a token system is used to create key encryption key which can address the challenging issue of efficient attribute revocation. The new scheme achieved fine-grained and immediate attribute revocation which is more suitable for the practical applications. In addition, the scheme is proved to be adaptively chosen plaintext attack secure in the standard model, and it can withstand conspiracy attack. Compared to the existing related schemes, computational cost and storage cost is reduced, and it is more suitable for the practical applications in which user attributes is much less than the total of system attributes.

Key words: cloud environment, attribute-based encryption, attribute revocation, privacy preserving

中图分类号: