云计算中支持授权相等测试的基于身份加密方案

doi:10.3969/j.issn.1671-1122.2018.06.007

信息网络安全 ›› 2018, Vol. 18 ›› Issue (6): 52-60.doi: 10.3969/j.issn.1671-1122.2018.06.007

云计算中支持授权相等测试的基于身份加密方案

张琦, 林喜军, 曲海鹏()

中国海洋大学信息科学与工程学院,山东青岛 266100

收稿日期:2018-04-11 出版日期:2018-06-15 发布日期:2020-05-11
作者简介:
作者简介：张琦（1992—）,女,山东,硕士研究生,主要研究方向为密码学、信息安全;林喜军（1977—）,男,山东,讲师,博士,主要研究方向为密码学、信息安全;曲海鹏（1972—）,男,山东,副教授,博士,主要研究方向为密码学、信息安全。
基金资助:
国家自然科学基金[61379127]

Identity-based Encryption Scheme Support Authorization Equality Test in Cloud Environment

Qi ZHANG, Xijun LIN, Haipeng QU()

College of Information Science and Engineering, Ocean University of China, Qingdao Shandong 266100, China

Received:2018-04-11 Online:2018-06-15 Published:2020-05-11

摘要/Abstract

摘要：

随着云计算技术的不断发展,公有云环境中的加密算法已经成为当前研究的热点课题。其中,可以支持相等测试的基于身份的加密（IBEET）算法备受关注。该算法能够实现对两个不同用户加密后的密文进行对比,并判断这些密文对应的明文信息是否相等,以便进行信息比对、匹配和查询检索。然而,现有的支持相等测试的基于身份的加密算法都缺少细粒度的授权机制。为了保护用户隐私,文章提出一种支持授权相等测试的基于身份加密方案（IBE-SAET）,可以实现对云服务器进行密文级或用户级的授权,用户可以选择对服务器进行两种粒度的授权。文中给出了相应的系统模型、正式算法定义及安全模型。另外,文章基于双线性映射上的Diffie-Hellman假设,设计了具体的加密算法和授权算法。最后,在随机预言模型下,证明了方案满足单向的抗选择ID和选择密文的攻击安全性。

关键词: 云计算, 基于身份加密, 相等测试, 授权

Abstract:

Recently, the encryption algorithm in public cloud environment has been a hot topic. Among these encryption algorithms, the identity-based encryption with equality test (IBEET) algorithm which can support the equality test attracts much attention. This kind of algorithm can compare the encrypted ciphertexts of two different users and determine whether the corresponding message of the ciphertexts are equal, which bring convenient for information comparing, matching and querying. However, there is still lacking of fine-grained authorization mechanism up to date for the identity-based encryption algorithm that supports the equality test in the public cloud. In order to enhance the privacy of user’s data, this paper proposes an identity-based encryption scheme support authorization equality test (IBE-SAET), and design two kinds of authorization which are user specific authorization and ciphertext specific authorization for cloud servers. In the new scheme, the user can authorize the cloud server with two different types of authorization. What’s more, this thesis gives the corresponding system model, formal algorithm definition and security model of IBE-SAET. In addition, specific encryption algorithms and authorization algorithms are designed based on the Diffie-Hellman problem on bilinear maps. Finally, this paper proves the security of the IBE-SAET scheme in random oracle model, which is one-way secure against chosen identity and chosen ciphertext attacks.

Key words: cloud computing, identity-based encryption, equality test, authorization

中图分类号:

TP309

张琦, 林喜军, 曲海鹏. 云计算中支持授权相等测试的基于身份加密方案[J]. 信息网络安全, 2018, 18(6): 52-60.

Qi ZHANG, Xijun LIN, Haipeng QU. Identity-based Encryption Scheme Support Authorization Equality Test in Cloud Environment[J]. Netinfo Security, 2018, 18(6): 52-60.

图/表 3

参考文献 18

[1]	BAO Guohua, WANG Shengyu, LI Yunfa.Research on Data Security Protection Method Based on Privacy Awareness in Cloud Computing[J]. Netinfo Security, 2017, 17(1): 84-89.
	包国华,王生玉,李运发. 云计算中基于隐私感知的数据安全保护方法研究[J]. 信息网络安全,2017,17(1):84-89.
[2]	YANG Guomin, TAN C H, HUANG Qiong, et al.Probabilistic Public Key Encryption with Equality Test[C]//Springer. 2010 International Conference on Topics in Cryptology, March 1-5, 2010, San Francisco, California, USA. Heidelberg: Springer, 2010: 119-131.
[3]	WANG Yongjian, ZHANG Jian, CHENG Shaoyu, et al.An Improved Design of Homomorphic Encryption for Cloud Computing[J]. Netinfo Security, 2017, 17(3): 21-26.
	王永建,张健,程少豫,等. 面向云计算的同态加密改进设计[J]. 信息网络安全,2017,17(3):21-26.
[4]	TANG Qiang.Towards Public Key Encryption Scheme Supporting Equality Test with Fine-grained Authorization[C]//Springer. 16th Australasian Conference on Information Security and Privacy, July 11-13, 2011, Melbourne, Australia. Heidelberg: Springer, 2011: 389-406.
[5]	TANG Qiang.Public Key Encryption Supporting Plaintext Equality Test and User-specified Authorization[J]. Security & Communication Networks. 2012, 5(12): 1351-1362.
[6]	TANG Qiang.Public Key Encryption Schemes Supporting Equality Test with Authorisation of Different Granularity[J]. International Journal of Applied Cryptography, 2012, 2(4): 304-321.
[7]	MA Sha, ZHANG Mingwu, HUANG Qiong, et al. Public Key Encryption with Delegated Equality Test in a Multi-user Setting[EB/OL]. , 2017-12-10.
[8]	HUANG Kaibin, TSO R, CHEN Yuchi, et al.PKE-AET: Public Key Encryption with Authorized Equality Test[J]. Computer Journal, 2015, 58(10): 2686-2697.
[9]	MA Sha, HUANG Qiong, ZHANG Mingwu, et al.Efficient Public Key Encryption With Equality Test Supporting Flexible Authorization[J]. IEEE Transactions on Information Forensics & Security, 2015, 10(3): 458-470.
[10]	HUANG Kaibin, TSO R, CHEN Yuchi, et al.A New Public Key Encryption with Equality Test[C]//Springer. 8th International Conference on Network and System Security, October 15-17, 2014, Xi’an, China. Heidelberg: Springer, 2014: 550-557.
[11]	LU Yao, ZHANG Rui, LIN Dongdai.Stronger Security Model for Public-key Encryption with Equality Test[C]//Springer. 5th International Conference on Pairing-based Cryptography, May 16-18, 2012, Cologne, Germany. Heidelberg: Springer, 2012: 65-82.
[12]	JI Haiping, XU Lei, YU Xiaoling, et al.Research on Hierarchical Identity-based Encryption Management System in Cloud Computing[J]. Netinfo Security, 2016, 16(5): 30-36.
	计海萍,徐磊,蔚晓玲,等. 云计算环境下基于身份的分层加密管理系统研究[J]. 信息网络安全,2016,16(5):30-36.
[13]	MCCULLAGH N.Securing E-mail with Identity-based Encryption[J]. It Professional, 2005, 7(3): 63-64.
[14]	BAI Qinghai.Comparative Research on Two Kinds of Certification Systems of the Public Key Infrastructure (PKI) and the Identity Based Encryption (IBE)[C]//IEEE. 2012 Cross Strait Quad-Regional Radio Science and Wireless Technology Conference, July 23-27, 2012, Taiwan, China. New Jersey: IEEE, 2012: 147-150.
[15]	MA Sha.Identity-based Encryption with Outsourced Equality Test in Cloud Computing[J]. Information Sciences an International Journal, 2016, 328(C): 389-402.
[16]	LEE H T, LING S, SEO J H, et al.Semi-generic Construction of Public Key Encryption and Identity-based Encryption with Equality Test[J]. Information Sciences An International Journal, 2016, 373(C): 419-440.
[17]	WU Libing, ZHANG Yubo, CHOO K K R, et al. Efficient Identity-based Encryption Scheme with Equality Test in Smart City[J]. IEEE Transactions on Sustainable Computing, 2018, 3(1): 44-55.
[18]	CHEN Yu, CHEN Liqun, ZHANG Zongyang.CCA Secure IB-KEM from the Computational Bilinear Diffie-Hellman Assumption in the Standard Model[C]//Springer. 14th International Conference on Information Security and Cryptology, November 30-December 2, 2011, Seoul, Korea. Heidelberg: Springer, 2012: 275-301.

云计算中支持授权相等测试的基于身份加密方案

Identity-based Encryption Scheme Support Authorization Equality Test in Cloud Environment

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 3

参考文献 18

相关文章 15

编辑推荐

Metrics

本文评价

[1]	刘渊, 乔巍. 云环境下基于Kubernetes集群系统的容器网络研究与优化[J]. 信息网络安全, 2020, 20(3): 36-44.
[2]	张艺, 刘红燕, 咸鹤群, 田呈亮. 基于授权记录的云存储加密数据去重方法[J]. 信息网络安全, 2020, 20(3): 75-82.
[3]	许盛伟, 王飞杰. 多机构授权下可追踪可隐藏的属性基加密方案[J]. 信息网络安全, 2020, 20(1): 33-39.
[4]	白嘉萌, 寇英帅, 刘泽艺, 查达仁. 云计算平台基于角色的权限管理系统设计与实现[J]. 信息网络安全, 2020, 20(1): 75-82.
[5]	任良钦, 王伟, 王琼霄, 鲁琳俪. 一种新型云密码计算平台架构及实现[J]. 信息网络安全, 2019, 19(9): 91-95.
[6]	余奕, 吕良双, 李肖坚, 王天博. 面向移动云计算场景的动态网络拓扑描述语言[J]. 信息网络安全, 2019, 19(9): 120-124.
[7]	王紫璇, 吕良双, 李肖坚, 王天博. 基于共享存储的OpenStack虚拟机应用分发策略[J]. 信息网络安全, 2019, 19(9): 125-129.
[8]	崔艳鹏, 冯璐铭, 闫峥, 蔺华庆. 基于程序切片技术的云计算软件安全模型研究[J]. 信息网络安全, 2019, 19(7): 31-41.
[9]	葛新瑞, 崔巍, 郝蓉, 于佳. 加密云数据上支持可验证的关键词排序搜索方案[J]. 信息网络安全, 2019, 19(7): 82-89.
[10]	田春岐, 李静, 王伟, 张礼庆. 一种基于机器学习的Spark容器集群性能提升方法[J]. 信息网络安全, 2019, 19(4): 11-19.
[11]	赵谱, 崔巍, 郝蓉, 于佳. 一种针对El-Gamal数字签名生成的安全外包计算方案[J]. 信息网络安全, 2019, 19(3): 81-86.
[12]	张振峰, 张志文, 王睿超. 网络安全等级保护2.0云计算安全合规能力模型[J]. 信息网络安全, 2019, 19(11): 1-7.
[13]	李一凡, 李昌婷, 李一鸣, 刘宗斌. 基于NFC智能卡的防伪方案及实现[J]. 信息网络安全, 2018, 18(9): 74-79.
[14]	冯新扬, 沈建京. 一种基于Yarn云计算平台与NMF的大数据聚类算法[J]. 信息网络安全, 2018, 18(8): 43-49.
[15]	陶源, 黄涛, 张墨涵, 黎水林. 网络安全态势感知关键技术研究及发展趋势分析[J]. 信息网络安全, 2018, 18(8): 79-85.