云环境下支持隐私保护和用户撤销的属性基加密方案

doi:10.3969/j.issn.1671-1122.2017.06.003

信息网络安全 ›› 2017, Vol. 17 ›› Issue (6): 14-21.doi: 10.3969/j.issn.1671-1122.2017.06.003

云环境下支持隐私保护和用户撤销的属性基加密方案

闫玺玺¹, 叶青¹, 刘宇²

1. 河南理工大学计算机科学与技术学院,河南焦作 454003;
2. 北京理工大学信息系统及安全对抗实验中心,北京 100081

收稿日期:2017-04-03 出版日期:2017-06-20
通讯作者: 叶青 715585783@qq.com
作者简介:闫玺玺（1985-）,女,河南,讲师,博士,主要研究方向为计算机网络安全、数字版权管理、数字内容安全;叶青（1981-）,女,辽宁,讲师,博士,主要研究方向为数字签名、格密码、计算机网络安全;刘宇（1993-）,男,黑龙江,硕士研究生,主要研究方向为信息安全。
基金资助:
国家自然科学基金[61300216]; 河南省科技厅项目[132102210123]; 河南省教育厅科研项目[16A520013]; 河南理工大学2015年青年骨干教师资助项目

Attribute-based Encryption Scheme Supporting Privacy Preserving and User Revocation in the Cloud Environment

YAN Xixi¹, YE Qing¹, LIU Yu²

1. School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo Henan 454003, China;
2. Information System and Security & Countermeasures Experimental Center, Beijing Institute of Technology, Beijing 100081, China;

Received:2017-04-03 Online:2017-06-20

摘要/Abstract

摘要： 针对云环境中用户属性更新和隐私安全问题,文章提出一种具有隐私保护且支持用户撤销的属性基加密方案。该方案采用半策略隐藏方式,将属性分为属性名和属性值,加密时对属性值进行隐藏,具体属性值不会泄露给任何第三方,有效地保护了用户的隐私。另外,通过令牌树机制为用户生成密钥加密密钥,控制用户对属性陷门的获取,实现了高效的属性撤销,即使用户错过密钥即时更新的信息,也可在解密密文前更新自己的密钥。安全性分析表明,该方案可以抵抗合谋攻击,并满足选择明文攻击安全。通过与其他方案对比,本文方案在存储代价和计算代价方面都有所优化,更适用于实际应用中用户属性规模远远小于系统属性规模的情况。

关键词: 云环境, 属性基加密, 属性撤销, 隐私保护

Abstract: In order to support fine-grained attribute revocation and privacy preserving in data outsourcing systems, an efficient privacy preserving attribute-based encryption scheme with user revocation is proposed. In the scheme, the attribute will be divided into two parts: attribute name and attribute value. Encryptor-specified access structures is partially hidden, so the value of user’s attributes will never be revealed to any third parties, and the user’s privacy will be effectively preserved. Meanwhile, a token system is used to create key encryption key which can address the challenging issue of efficient attribute revocation. The new scheme achieved fine-grained and immediate attribute revocation which is more suitable for the practical applications. In addition, the scheme is proved to be adaptively chosen plaintext attack secure in the standard model, and it can withstand conspiracy attack. Compared to the existing related schemes, computational cost and storage cost is reduced, and it is more suitable for the practical applications in which user attributes is much less than the total of system attributes.

Key words: cloud environment, attribute-based encryption, attribute revocation, privacy preserving

中图分类号:

TP393

闫玺玺, 叶青, 刘宇. 云环境下支持隐私保护和用户撤销的属性基加密方案[J]. 信息网络安全, 2017, 17(6): 14-21.

YAN Xixi, YE Qing, LIU Yu. Attribute-based Encryption Scheme Supporting Privacy Preserving and User Revocation in the Cloud Environment[J]. 信息网络安全, 2017, 17(6): 14-21.

参考文献

[1] 刘占斌,刘虹,火一莽. 云计算中基于密文策略属性基加密的数据访问控制协议[J]. 信息网络安全,2014（7）：57-60.
[2] IBRAIMI L, PETKOVIC M, NIKOYA S, et al. Mediated Ciphertext-policy Attribute-based Encryption and Its Application[C]//Springer. 10th International Workshop on Information Security Applications, August 25-27, 2009, Busan, Korea. Heidelberg: Springer, 2009: 310-322.
[3] YU Shucheng, WANG Cong, REN K, et al. Attribute-based Data Sharing with Attribute Revocation[C]//ACM. 5th ACM Symposium on Information, Computer and Communications Security, April 13-16, 2010, Beijing, China. New York: ACM, 2010: 262- 270.
[4] HUR J, NOH D K. Attribute-based Access Control with Efficient Revocation in Data Outsourcing Systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2011,22(7): 1214–1221.
[5] XIE Xingxing, MA Hua, LI Jin, et al. An Efficient Ciphertext-policy Attribute-based Access Control towards Revocation in Cloud Computing[J]. Journal of Universal Computer Science, 2013, 19(16): 2349-2367.
[6] WEI Lifei, ZHU Haojin, CAO Zhenfu, et al. Security and Privacy for Storage and Computation in Cloud Computing[J]. Information Sciences, 2014, 258 (3): 371-386.
[7] WANG Guojun, LIU Qin. Hierarchical Attribute-based Encryption and Scalable User Revocation for Sharing Data in Cloud Servers[J]. Computers & Security, 2011, 30(3): 320-331.
[8] TAKERU N, MASAMI M, YOSHIAKI S. Provably Secure Attribute-based Encryption with Attribute Revocation and Grant Function Using Proxy Re-encryption and Attribute Key for Updating[J]. Human-Centric Computing and Information Sciences, 2015, (8): 1-13.
[9] 李拴保,王雪瑞,傅建明,等. 多云服务提供者环境下的一种用户密钥撤销方法[J]. 电子与信息学报,2015,37（9）：2225-2231.
[10] XIA Zhihua, ZHANG Liangao, LIU Dandan. Attribute-based Access Control Scheme with Efficient Revocation in Cloud Computing[J]. China Communications, 2016, 13(7): 92-99.
[11] 王沿平,余小娟,张亚玲. 具有两个可撤销属性列表的密钥策略的属性加密方案[J]. 电子与信息学报,2016,38（6）：1406-1411.
[12] NISHIDE T, YONEYAMA K, OHTA K. Attribute-based Encryption with Partially Hidden Encryptor-specified Access Structures[C]//Springer. 6th International Conference on Applied Cryptography and Network Security, June 3-6, 2008, New York, USA. Heidelberg: Springer, 2008: 111-129.
[13] LI Jin, REN Kui, ZHU Bo, et al. Privacy Aware Attribute-based Encryption with User Accountability[C]//Springer. 12th International Conference on Information Security, September 7-9, 2009, Pisa, Italy. Heidelberg: Springer, 2009: 347-362.
[14] LAI Junzuo, DENG Huijie, LI Yingjiu. Fully Secure Ciphertext-policy Hiding CP-ABE[C]//Springer. 7th Information Security Practice and Experience. May 30-June 1, 2011, Guangzhou, China. Heidelberg: Springer, 2011: 24-39.
[15] LAI Junzuo, DENG Huijie, LI Yingjiu. Expressive CP-ABE with Partially Hidden Access Structures[C]//ACM. 7th ACM Symposium on Information, Computer and Communications Security, May 2-4, 2012, Seoul, Korea. New York: ACM, 2012: 18-19.
[16] 王海斌,陈少真. 隐藏访问结构的基于属性加密方案[J]. 电子与信息学报,2012,34（2）：457-461.
[17] ZENG Fugeng, XU Chunxing. Attribute-based Encryption with Hidden Threshold Access Structure[J]. Computer Modeling & New Technologies, 2014, 18(12B): 19-22.
[18] ZHOU Zhibin, HUANG Dijiang, WANG Zhijie. Efficient Privacy-priserving Ciphertext-policy Attribute Based-encryption and Broadcast Encryption[J]. IEEE Transactions on Computers, 2015, 64(1): 126-138.
[19] 应作斌,马建峰,崔江涛. 支持动态策略更新的半策略隐藏属性加密方案[J]. 通信学报,2015,36（12）：178-189.
[20] 宋衍,韩臻,刘凤梅,等. 基于访问树的策略隐藏属性加密方案[J]. 通信学报,2015,36（9）：119-126.
[21] 李继国,石岳蓉,张亦辰. 隐私保护且支持用户撤销的属性基加密方案[J]. 计算机研究与发展,2015,52（10）：2281-2292.
[22] 秦志光,吴世坤,熊虎. 云存储服务中数据完整性审计方案综述[J]. 信息网络安全,2014（7）：1-6.
[23] SAHAI A, WATERS B. Fuzzy Identity-based Encryption[C]//IACR. Advances in Cryptology-EUROCRYPT 2005, May 22-26, 2005, Aarhus, Denmark. Heidelberg: Springer, 2005: 457-473.
[24] 赵洋,陈阳,熊虎,等. 云环境下一种可撤销授权的数据拥有性证明方案[J]. 信息网络安全,2015（8）：1-7.

云环境下支持隐私保护和用户撤销的属性基加密方案

Attribute-based Encryption Scheme Supporting Privacy Preserving and User Revocation in the Cloud Environment

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	刘鹏, 何倩, 刘汪洋, 程序. 支持撤销属性和外包解密的CP-ABE方案[J]. 信息网络安全, 2020, 20(3): 90-97.
[2]	唐春明, 林旭慧. 隐私保护集合交集计算协议[J]. 信息网络安全, 2020, 20(1): 9-15.
[3]	许盛伟, 王飞杰. 多机构授权下可追踪可隐藏的属性基加密方案[J]. 信息网络安全, 2020, 20(1): 33-39.
[4]	汪金苗, 王国威, 王梅, 朱瑞瑾. 面向雾计算的隐私保护与访问控制方法[J]. 信息网络安全, 2019, 19(9): 41-45.
[5]	郝文江, 林云. 互联网企业社会责任现状与启示研究[J]. 信息网络安全, 2019, 19(9): 130-133.
[6]	周权, 许舒美, 杨宁滨. 一种基于ABGS的智能电网隐私保护方案[J]. 信息网络安全, 2019, 19(7): 25-30.
[7]	秦中元, 韩尹, 张群芳, 朱雪金. 一种改进的多私钥生成中心云存储访问控制方案[J]. 信息网络安全, 2019, 19(6): 11-18.
[8]	闫玺玺, 张棋超, 汤永利, 黄勤龙. 支持叛逆者追踪的密文策略属性基加密方案[J]. 信息网络安全, 2019, 19(5): 47-53.
[9]	李怡霖, 闫峥, 谢皓萌. 车载自组织网络的隐私保护综述[J]. 信息网络安全, 2019, 19(4): 63-72.
[10]	傅彦铭, 李振铎. 基于拉普拉斯机制的差分隐私保护k-means++聚类算法研究[J]. 信息网络安全, 2019, 19(2): 43-52.
[11]	赵志岩, 吴剑, 康凯. 一种兼顾业务数据安全的隐私保护世系发布方法[J]. 信息网络安全, 2019, 19(12): 29-37.
[12]	胡荣磊, 何艳琼, 曾萍, 范晓红. 一种大数据环境下医疗隐私保护方案设计与实现[J]. 信息网络安全, 2018, 18(9): 48-54.
[13]	李佩丽, 徐海霞, 马添军, 穆永恒. 区块链技术在网络互助中的应用及用户隐私保护[J]. 信息网络安全, 2018, 18(9): 60-65.
[14]	马蓉, 陈秀华, 刘慧, 熊金波. 移动群智感知中用户隐私度量与隐私保护研究[J]. 信息网络安全, 2018, 18(8): 64-72.
[15]	赖成喆, 王文娟. 面向车队的安全且具备隐私保护的移动性管理框架[J]. 信息网络安全, 2018, 18(7): 36-46.