支持撤销属性和外包解密的CP-ABE方案

doi:10.3969/j.issn.1671-1122.2020.03.012

信息网络安全 ›› 2020, Vol. 20 ›› Issue (3): 90-97.doi: 10.3969/j.issn.1671-1122.2020.03.012

• 理论研究 • 上一篇

支持撤销属性和外包解密的CP-ABE方案

刘鹏^1,²(), 何倩², 刘汪洋¹, 程序¹

1.中电科大数据研究院有限公司,贵阳 550018
2.桂林电子科技大学广西密码学与信息安全重点实验室,桂林 541004

收稿日期:2019-10-20 出版日期:2020-03-10 发布日期:2020-05-11
作者简介:
作者简介：刘鹏（1990—）,男,河南,硕士,主要研究方向为分布式计算、信息安全;何倩（1979—）,男,湖南,教授,博士,主要研究方向为云计算、分布式计算和信息安全;刘汪洋（1987—）,男,四川,博士,主要研究方向为开放数据、智慧城市;程序（1984—）,男,贵州,博士,主要研究方向为开放数据、知识图谱。
基金资助:
国家自然科学基金[61661015];广西云计算与大数据协同创新基金[YD16801,C77KYS02SX18];广西创新驱动重大专项[AA17202024];广西密码学与信息安全重点实验室基金[CIS201701]

CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption

LIU Peng^1,²(), HE Qian², LIU Wangyang¹, CHENG Xu¹

1. CETC Big Data Research Institute Co.,Ltd., Guiyang 550018, China
2. Guangxi Key Laboratory of Cryptography and Information Security, Guilin University of Electronic Technology, Guilin 541004, China

Received:2019-10-20 Online:2020-03-10 Published:2020-05-11

摘要/Abstract

摘要：

属性基加密机制能够为云环境下的数据分享和管理提供灵活的访问控制方案。然而,传统的属性基加密方案存在解密复杂度高和属性撤销困难的问题,导致属性基加密机制在实际中的应用受限。针对上述问题,文章提出一种支持撤销属性和外包解密的密文策略属性基加密方案,该方案在属性撤销过程只需更新对应的密文组件,有效降低密文更新的计算开销,并且属性撤销过程对用户是透明的,用户不需要参与密文和密钥的更新,减少了属性撤销对用户的影响。同时,引入解密代理将解密过程中计算开销较大的部分外包到服务端,降低用户端解密开销。安全性分析表明,该方案可以抵抗联合共谋以及选择性明文攻击,并通过对比分析得到该方案在密文更新和解密过程的计算开销均具有一定的优势。

关键词: 属性基加密, 访问控制, 属性撤销, 外包解密

Abstract:

The attribute-based encryption mechanism provides a flexible access control scheme for data sharing and management in a cloud environment. However, the traditional attribute-based encryption scheme has the problems of high decryption complexity and difficulty in attribute revocation, which leads to limited application of the attribute-based encryption mechanism in practice. Aiming at the above problems, this paper proposes a ciphertext-policy attribute-based encryption scheme, which only needs to update the corresponding secret in the attribute revocation process. The text component effectively reduces the computational cost of the ciphertext update, and the attribute revocation process is transparent to the user. The user does not need to participate in the ciphertext and the key update, thereby reducing the impact of the attribute revocation on the user. At the same time, the decryption agent is introduced to outsource the part with large computational cost in the decryption process to the server, thereby reducing the decryption overhead of the client. Security analysis shows that this scheme can resist joint collusion and selective plaintext attacks. Finally, through comparative analysis, the scheme has certain advantages in the computational overhead of the ciphertext update and decryption process.

Key words: attribute-based encryption, access control, attribute revocation, outsourcing decryption

中图分类号:

TP309

刘鹏, 何倩, 刘汪洋, 程序. 支持撤销属性和外包解密的CP-ABE方案[J]. 信息网络安全, 2020, 20(3): 90-97.

LIU Peng, HE Qian, LIU Wangyang, CHENG Xu. CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption[J]. Netinfo Security, 2020, 20(3): 90-97.

图/表 2

参考文献 21

[1]	FENG Dengguo, ZHANG Min, ZHANG Yan, et al.Study on Cloud Computing Security[J]. Journal of Software, 2011, 22(1): 71-83.
	冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83.
[2]	SAHAI A, WATERS B.Fuzzy identity-based encryption[C]//IACR. 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 22-26, 2005, Aarhus, Denmark. Heidelberg: Springer-Verlag, 2005: 457-473.
[3]	GOYAL V, PANDEY O, SAHAI A, et al.Attribute-based encryption for fine-grained access control of encrypted data[C]//ACM. 13th ACM Conference on Computer and Communicatons Security, October 30-November 3, 2006, Alexandria, VA, USA. New York: ACM, 2006: 89-98.
[4]	BETHENCOURT J, SAHAI A, WATERS B.Ciphertext-Policy Attribute-Based Encryption[C]//IEEE. 2007 IEEE Symposium on Security and Privacy, May 20-23, 2007, Oakland, Califormia, USA. New Jersey: IEEE, 2007: 321-334.
[5]	WATERS B.Ciphertext-Policy Attribute-Based Encryption: an Expressive, Efficient, and Provably Secure Realization[C]//IACR. 14th International Conference on Practice and Theory in Public Key Cryptography, March 6-9, 2011, Taormina, Italy. Heidelberg: Springer, 2011: 53-70.
[6]	PIRRETTI M, TRAYNOR P, et al.Secure attribute-based systems[C]//ACM, 13th ACM Conference on Computer and Communication Security, October 30-November 3, 2006, Alexandria, VA, USA. New York: ACM, 2006: 799-837.
[7]	BOLDYREVA A, GOYAL V, KUNMAR V.Identity-based encryption with efficient re-vocation modes[C]//ACM. 15th ACM Conference on Computer and Communications Security, November 3-7, 2008, Alexandria, VA, USA. New York: ACM, 2008: 417-426.
[8]	HUR J, DONG K N.Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2011, 22(7): 1214-1221.
[9]	XIE Xingxing, MA Hua, LI Jin, et al.An Efficient Ciphertext Policy Attribute-Based Access Control Towards Revocation in Cloud Computing[J]. Journal of Universal Computerence, 2013, 19(16): 2349-2367.
[10]	MA Hua, BAI Cuicui, LI Bin, et al.Attribute-Based Encryption Scheme Support in Attribute Revocation and Decryption Outsourcing[J]. Journal of Xidian University(Science & Technology), 2015, 42(6): 6-10.
	马华,白翠翠,李宾,等.支持属性撤销和解密外包的属性基加密方案[J].西安电子科技大学学报,2015,42(6):6-10.
[11]	SHIRAISHI Y, NOMURA K, MOHRI M, et al.Attribute Revocable Attribute-Based Encryption with Forward Secrecy for Fine-Grained Access Control of Shared Data[J]. IEICE Transactions on Information and Systems, 2017, 100(10): 2432-2439.
[12]	SUN Lei, ZHAO Zhiyuan, WANG Jianhua, et al.Attribute-Based Encryption Scheme Supporting Attribute Revocation in Cloud Storage Environment[J]. Journal on Communications, 2019, 40(5): 47-56.
	孙磊,赵志远,王建华,等.云存储环境下支持属性撤销的属性基加密方案[J].通信学报,2019,40(5):47-56.
[13]	GREEN M, HOHENBERGER S, WATERS B.Outsourcing the Decryption of ABE Ciphertexts[C]//ACM. 2011 USENIX Conference on Security, August 8-12, 2011, San Francisco, CA. New York: ACM, 2011: 1-16.
[14]	MAO Xianping, LAI Junzuo, MEI Qixiang, et al.Generic and Efficient Constructions of Attribute-Based Encryption with Verifiable Outsourced Decryption[J]. IEEE Transactions on Dependable & Secure Computing, 2016, 13(5): 533-546.
[15]	WANG Hao, HE Debiao, SHEN Jian, et al.Verifiable Outsourced Ciphertext-Policy Attribute-Based Encryption in Cloud Computing[J]. Soft Computing, 2016, 21(24): 1-11.
[16]	LI Jin, HUANG Xinyi, CHEN Xiaofeng, et al.Securely Outsourcing Attribute-Based Encryption with Checkability[J]. IEEE Transactions on Parallel and Distributed Systems, 2014, 25(8): 2201-2210.
[17]	CHOW S S M. A Framework of Multi-Authority Attribute-Based Encryption with Outsourcing and Revocation[C]//ACM. 21th ACM on Symposium on Access Control Models and Technologies. June 5-8, 2016, Shanghai, China. New York: ACM, 2016: 215-226.
[18]	WU Xianglong, JIANG Rui, BHARGAVA B.On the Security of Data Access Control for Multiauthority Cloud Storage Systems[J]. IEEE Transactions on Services Computing, 2015, 10(2): 285-272.
[19]	YU Shucheng, WANG Cong, REN K, et al.Attribute-Based Data Sharing with Attribute Revocation[C]//ACM. 5th ACM Symposium on Information, Computer and Communications Security, April 13-16, 2010, Beijing, China. New York: ACM, 2010: 262-270.
[20]	ZHANG Rui, MA Hui, LU Yao.Fine-Grained Access Control System Based on Fully out Sourced Attribute-Based Encryption[J]. Journal of Systems and Software, 2017, 125(C): 344-353.
[21]	ZHAO Zhiyuan, WANG Jianhua, XU Kaiyong, et al.Fully Outsourced Attribute-Based Encryption with Varifiability for Cloud Storage[J]. Journal of Computer Research and Development, 2019, 56(2): 442-452.
	赵志远,王建华,徐开勇,等. 面向云存储的支持完全外包属性基加密方案[J]. 计算机研究与发展,2019,56(2):442-452.

方案	访问结构	安全假设	安全模型	外包解密
文献[8]	Tree	——	标准模型	不支持
文献[11]	LSSS	q-parallelBDHE	一般群模型	不支持
文献[12]	LSSS	CDH	标准模型	支持
本文方案	LSSS	DBDH	标准模型	支持

方案	密钥生成	密文生成	密文更新	解密
文献[8]	(2\|S\|+3)E	(2L+1)E+P	(2L+3)E	2(L-1)E+(2L+1)P
文献[11]	(\|S\|+2)E	(2L+1)E+P	LE	(2L+1)P
文献[12]	2(\|S\|+1)E	(3L+1)E+P	(L+2)E	E
本文方案	(\|S\|+2)E	(2L+1)E+P	2E	E

支持撤销属性和外包解密的CP-ABE方案

CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 2

参考文献 21

相关文章 15

编辑推荐

Metrics

本文评价

[1]	汪金苗, 谢永恒, 王国威, 李易庭. 基于属性基加密的区块链隐私保护与访问控制方法[J]. 信息网络安全, 2020, 20(9): 47-51.
[2]	杜义峰, 郭渊博. 一种基于信任值的雾计算动态访问控制方法[J]. 信息网络安全, 2020, 20(4): 65-72.
[3]	喻露, 罗森林. RBAC模式下数据库内部入侵检测方法研究[J]. 信息网络安全, 2020, 20(2): 83-90.
[4]	许盛伟, 王飞杰. 多机构授权下可追踪可隐藏的属性基加密方案[J]. 信息网络安全, 2020, 20(1): 33-39.
[5]	汪金苗, 王国威, 王梅, 朱瑞瑾. 面向雾计算的隐私保护与访问控制方法[J]. 信息网络安全, 2019, 19(9): 41-45.
[6]	叶阿勇, 金俊林, 孟玲玉, 赵子文. 面向移动终端隐私保护的访问控制研究[J]. 信息网络安全, 2019, 19(8): 51-60.
[7]	秦中元, 韩尹, 张群芳, 朱雪金. 一种改进的多私钥生成中心云存储访问控制方案[J]. 信息网络安全, 2019, 19(6): 11-18.
[8]	闫玺玺, 张棋超, 汤永利, 黄勤龙. 支持叛逆者追踪的密文策略属性基加密方案[J]. 信息网络安全, 2019, 19(5): 47-53.
[9]	蔡方博, 何泾沙, 朱娜斐, 韩松. 分布式访问控制模型中节点级联失效研究[J]. 信息网络安全, 2019, 19(12): 47-52.
[10]	时向泉, 陶静, 赵宝康. 面向虚拟化环境的网络访问控制系统[J]. 信息网络安全, 2019, 19(10): 1-9.
[11]	董庆贺, 何倩, 江炳城, 刘鹏. 面向云数据库的多租户属性基安全隔离与数据保护方案[J]. 信息网络安全, 2018, 18(7): 60-68.
[12]	石悦, 李相龙, 戴方芳. 一种基于属性基加密的增强型软件定义网络安全框架[J]. 信息网络安全, 2018, 18(1): 15-22.
[13]	闫玺玺, 刘媛, 胡明星, 黄勤龙. 云环境下基于LWE的多机构属性基加密方案[J]. 信息网络安全, 2017, 17(9): 128-133.
[14]	闫玺玺, 刘媛, 李子臣, 黄勤龙. 云环境下理想格上的多机构属性基加密隐私保护方案[J]. 信息网络安全, 2017, 17(8): 19-25.
[15]	马国峻, 李凯, 裴庆祺, 詹阳. 一种社交网络中细粒度人脸隐私保护方案[J]. 信息网络安全, 2017, 17(8): 26-32.