云数据下基于可问责属性即可撤销的加密方案

doi:10.3969/j.issn.1671-1122.2021.12.010

信息网络安全 ›› 2021, Vol. 21 ›› Issue (12): 70-77.doi: 10.3969/j.issn.1671-1122.2021.12.010

云数据下基于可问责属性即可撤销的加密方案

张淑清¹(), 蔡志文²

1.广西警察学院交通管理工程学院,南宁 530022
2.南宁市公安局交通工程科学研究所,南宁 530015

收稿日期:2021-09-15 出版日期:2021-12-10 发布日期:2022-01-11
通讯作者: 张淑清 E-mail:zhangqunhui73@sina.com
作者简介:张淑清（1966—）,女,广西,副教授,硕士,主要研究方向为数据加密、网络与信息化|蔡志文（1981—）,男,广西,高级工程师,硕士,主要研究方向为数据机密与大数据安全
基金资助:
广西工业与信息化发展专项资金项目(2019-450000-65-03-025941)

Revocable Encryption Scheme Based on Accountability Attribute under Cloud Data

ZHANG Shuqing¹(), CAI Zhiwen²

1. School of Traffic Management Engineering, Guangxi Police College, Nanning 530022, China
2. Traffic Engineering Science Research Institute of Nanning Public Security Bureau, Nanning 530015, China

Received:2021-09-15 Online:2021-12-10 Published:2022-01-11
Contact: ZHANG Shuqing E-mail:zhangqunhui73@sina.com

摘要/Abstract

摘要：

针对当前云数据下多数加密方案的解密过度依赖双线性映射、解密效率不高等问题,文章提出一种基于可问责属性即可撤销的加密方案。该方案采用单属性权威架构,解密过程不再依赖双线性映射,从而降低了解密开销;基于属性群组思想建立属性即可撤销机制,降低密文重加密的运算复杂度;以权威属性构建问责列表,并在私钥中嵌入用户信息,借助解密用户信息验证机制,快速问责恶意用户。将文章所提加密方案与其他4种同类加密方案进行性能对比,结果表明,该加密方案在保证安全性的前提下,不仅实现了属性的即时撤销和恶意用户的问责,还大大降低了撤销开销和解密开销。

关键词: 云数据, 属性加密, 问责机制, 属性撤销, 访问控制

Abstract:

In view of the problem that most encryption schemes in the current cloud big data over relies on bilinear mapping for decryption and low decryption efficiency, a revocable encryption scheme based on accountability attribute was proposed. Firstly, the scheme adopted single attribute authority architecture, and the decryption process no longer depended on bilinear mapping, and the decryption overhead was reduced. Secondly, establishing an attribute revocation mechanism based on the attribute group idea, reducing the computational complexity of ciphertext re-encryption. Thirdly, the accountability list was constructed with authoritative attributes, and the user information was embedded in the private key. With the help of decryption user information verification mechanism, malicious users were accountable quickly. Finally, the performance of this encryption scheme was compared with the other four similar encryption schemes. The results show that compared with the other four encryption schemes, this encryption scheme not only realizes the immediate revocation of attributes and the accountability of malicious users, but also greatly reduces the revocation and decryption overhead.

Key words: cloud data, attribute encryption, accountability mechanism, attribute revocation, access control

中图分类号:

TP309

张淑清, 蔡志文. 云数据下基于可问责属性即可撤销的加密方案[J]. 信息网络安全, 2021, 21(12): 70-77.

ZHANG Shuqing, CAI Zhiwen. Revocable Encryption Scheme Based on Accountability Attribute under Cloud Data[J]. Netinfo Security, 2021, 21(12): 70-77.

图/表 5

图1

表1

表2

表3

表4

参考文献 19

[1]	ZHANG Qian, WANG Jian. Cloud Shared Data Integrity Audit Scheme with Traceable User Identity[J]. Computer Science, 2020, 47(6):303-309.
	张茜, 王箭. 用户身份可追踪的云共享数据完整性审计方案[J]. 计算机科学, 2020, 47(6):303-309.
[2]	JIANG Mingmin, WANG Yiyuan. Optimization Exploration and Characteristic Analysis of Cloud Shared Information from the Perspective of Information Foraging[J]. Information Science, 2020, 38(5):93-97.
	蒋明敏, 王艺苑. 信息觅食视角下云共享信息的优化探索和特性分析[J]. 情报科学, 2020, 38(5):93-97.
[3]	YOO H, CHUNG K. PHR Based Diabetes Index Service Model Using Life Behavior Analysis[J]. Wireless Personal Communications, 2017, 93(1):161-174. doi: 10.1007/s11277-016-3715-9 URL
[4]	LI Jiguo, ZHANG Yichen, NING Jianting, et al. Attribute Based Encryption with Privacy Protection and Accountability for CloudIoT[EB/OL]. https://ieeexplore.ieee.org/document/9003205, 2020-02-19.
[5]	SHEN Jian, ZHOU Tianqi, CAO Zhenfu. Protection Methods for Cloud Data Security[J]. Journal of Computer Research and Development, 2021, 58(10):2079-2098.
	沈剑, 周天祺, 曹珍富. 云数据安全保护方法综述[J]. 计算机研究与发展, 2021, 58(10):2079-2098.
[6]	SAHAI A, WATERS B. Fuzzy Identity-based Encryption[C]// Springer. 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques(EUROCRYPT 2005), May 2-4, 2005, Aarhus, Denmark. Berlin: Springer, 2005: 457-473.
[7]	LIU Xueyan, LU Tingting, HE Xiaomei, et al. Verifiable Attribute-based Keyword Search over Encrypted Cloud Data Supporting Data Deduplication[J]. IEEE Access, 2020, 8(99):52062-52074. doi: 10.1109/Access.6287639 URL
[8]	GUDEME J R, PASUPULETI S K, KANDUKURI R. Attribute-based Public Integrity Auditing for Shared Data with Efficient User Revocation in Cloud Storage[J]. Journal of Ambient Intelligence and Humanized Computing, 2020, 12(2):12652-12666.
[9]	EDEMACU K, JANG B, KIM J W. Collaborative eHealth Privacy and Security: An Access Control with Attribute Revocation Based on OBDD Access Structure[J]. IEEE Journal of Biomedical and Health Informatics, 2020, 24(10):2168-2194.
[10]	ALTAMIMI A, KAMOONA M A. Securing E-health Data using Ciphertext-policy Attribute-based Encryption with Dynamic User Revocation[J]. International Journal of Recent Technology and Engineering, 2019, 8(3):7244-7250.
[11]	WANG Shangping, GUO Keke, ZHANG Yaling. Ciphertext-policy Attribute-based Encryption Scheme with Attribute Level User Revocation for Cloud Storage[EB/OL]. https://www.researchgate.net/publication/327651817_Traceable_ciphertext-policy_attribute-based_encryption_scheme_with_attribute_level_user_revocation_for_cloud_storage, 2018-09-12.
[12]	CHEN Lu, XIANG Feng, SUN Zhixin. Research Progress of Blockchain Security Technology based on Attribute Cryptosystem[J]. Acta Electronica Sinica, 2021, 49(1):192-200. doi: 10.12263/DZXB.20191375
	陈璐, 相峰, 孙知信. 基于属性密码体制的区块链安全技术研究进展[J]. 电子学报, 2021, 49(1):192-200.
[13]	GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based Encryption for Fine-grained Access Control of Encrypted Data[C]// ACM. Proceedings of the 13th ACM Conference on Computer and Communications Security(CCS 2006), October 30-November 3, 2006, Alexandria, VA, USA. New York: ACM, 2006: 89-98.
[14]	WANG Ze, GAO Minghua, CHEN Lu, et al. An Access Control Scheme Based on Access Tree Structure Pruning for Cloud Computing[J]. International Journal of Network Security, 2021, 23(1):143-156.
[15]	HANAOKA G, KUROSAWA K. Between Hashed DH and Computational DH: Compact Encryption from Weaker Assumption[J]. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2010, 93(11):1994-2006.
[16]	XHAFA F, FENG Jianglang, ZHANG Yinghui, et al. Privacy-aware Attribute-based PHR Sharing with User Accountability in Cloud Computing[J]. Journal of Supercomputing, 2015, 71(5):1607-1619. doi: 10.1007/s11227-014-1253-3 URL
[17]	HONG Hanshu, SUN Zhixin. High Efficient Key-insulated Attribute Based Encryption Scheme without Bilinear Pairing Operations[J]. Springer Plus, 2016, 5(1):131-142. doi: 10.1186/s40064-016-1765-9 URL
[18]	LIN Guofeng, HONG Hanshu, SUN Zhixin. A Collaborative Key Management Protocol in Ciphertext Policy Attribute-based Encryption for Cloud Data Sharing[J]. IEEE Access, 2017, 23(5):9464-9475.
[19]	XUE Liang, YU Yong, LI Yannan, et al. Efficient Attribute-based Encryption with Attribute Revocation for Assured Data Deletion[J]. Information Sciences, 2019, 30(479):640-650.

符号	含义
$\|\tau \|$	访问树节点数量
$\|E\|$	访问策略所含属性数量
$\|SP\|$	系统属性集合的势
$\|{{Q}_{i}}\|$	属性群组的势
$\|U\|$	用户属性集合的势

加密方案	访问策略	属性撤销			是否支持追责	安全模式
加密方案	访问策略	可信等级	撤销时间	撤销机构	是否支持追责	安全模式
CP-ABE-MA	属性列表	—	—	—	支持	$IND-CCA$
KI-ABE-WP	访问树	全可信	周期	属性权威	不支持	$IND-CCA$
CKM-CP-ABE	线性秘密分享	半可信	即时	数据云中心	不支持	$IND-CCA$
AD-KP-ABE	访问树	半可信	即时	属性权威	不支持	$IND-CCA$
本文加密方案	访问树	半可信	即时	数据云中心	支持	$IND-CCA$

加密方案	指数运算次数/次	乘运算次数/次
CP-ABE-MA	0	0
KI-ABE-WP	0	2
CKM-CP-ABE	$2\|{{Q}_{i}}\|+\|E\|+\|U\|+1$	$\|{{Q}_{i}}\|$
AD-KP-ABE	$2\|{{Q}_{i}}\|+\|U\|$	$\|{{Q}_{i}}\|$
本文加密方案	2	$\|{{Q}_{i}}\|-1$

加密方案	双线性映射次数/次	指数运算次数/次
CP-ABE-MA	$4(\|SP\|+{{l}_{id}})$	0
KI-ABE-WP	0	$2\|E\|+\|T\|-1$
CKM-CP-ABE	$2\|U\|+2$	$2\|U\|+\|{{Q}_{i}}\|+1$
AD-KP-ABE	$2\|U\|$	$2\|U\|+\|T\|$
本文加密方案	0	$2\|E\|+\|T\|+\|{{Q}_{i}}\|$

云数据下基于可问责属性即可撤销的加密方案

Revocable Encryption Scheme Based on Accountability Attribute under Cloud Data

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 19

相关文章 15

编辑推荐

Metrics

本文评价

[1]	靳姝婷, 何泾沙, 朱娜斐, 潘世佳. 基于本体推理的隐私保护访问控制机制研究[J]. 信息网络安全, 2021, 21(8): 52-61.
[2]	沈卓炜, 高鹏, 许心宇. 基于安全协商的DDS安全通信中间件设计[J]. 信息网络安全, 2021, 21(6): 19-25.
[3]	芦效峰, 付淞兵. 属性基加密和区块链结合的可信数据访问控制方案[J]. 信息网络安全, 2021, 21(3): 7-8.
[4]	王健, 于航, 韩臻, 韩磊. 基于智能合约的云存储共享数据访问控制方法[J]. 信息网络安全, 2021, 21(11): 40-47.
[5]	魏占祯, 彭星源, 赵洪. SDN中基于用户信任度的资源访问控制方案[J]. 信息网络安全, 2021, 21(10): 33-40.
[6]	汪金苗, 谢永恒, 王国威, 李易庭. 基于属性基加密的区块链隐私保护与访问控制方法[J]. 信息网络安全, 2020, 20(9): 47-51.
[7]	吴云坤, 姜博, 潘瑞萱, 刘玉岭. 一种基于零信任的SDN网络访问控制方法[J]. 信息网络安全, 2020, 20(8): 37-46.
[8]	宋硕, 张兴兰. 云环境下支持属性撤销的无密钥托管属性基加密方案[J]. 信息网络安全, 2020, 20(8): 62-70.
[9]	杜义峰, 郭渊博. 一种基于信任值的雾计算动态访问控制方法[J]. 信息网络安全, 2020, 20(4): 65-72.
[10]	刘鹏, 何倩, 刘汪洋, 程序. 支持撤销属性和外包解密的CP-ABE方案[J]. 信息网络安全, 2020, 20(3): 90-97.
[11]	喻露, 罗森林. RBAC模式下数据库内部入侵检测方法研究[J]. 信息网络安全, 2020, 20(2): 83-90.
[12]	许盛伟, 王飞杰. 多机构授权下可追踪可隐藏的属性基加密方案[J]. 信息网络安全, 2020, 20(1): 33-39.
[13]	汪金苗, 王国威, 王梅, 朱瑞瑾. 面向雾计算的隐私保护与访问控制方法[J]. 信息网络安全, 2019, 19(9): 41-45.
[14]	王生玉, 汪金苗, 董清风, 朱瑞瑾. 基于属性加密技术研究综述[J]. 信息网络安全, 2019, 19(9): 76-80.
[15]	叶阿勇, 金俊林, 孟玲玉, 赵子文. 面向移动终端隐私保护的访问控制研究[J]. 信息网络安全, 2019, 19(8): 51-60.