信息网络安全 ›› 2020, Vol. 20 ›› Issue (3): 90-97.doi: 10.3969/j.issn.1671-1122.2020.03.012
• 理论研究 • 上一篇
收稿日期:
2019-10-20
出版日期:
2020-03-10
发布日期:
2020-05-11
作者简介:
作者简介:刘鹏(1990—),男,河南,硕士,主要研究方向为分布式计算、信息安全;何倩(1979—),男,湖南,教授,博士,主要研究方向为云计算、分布式计算和信息安全;刘汪洋(1987—),男,四川,博士,主要研究方向为开放数据、智慧城市;程序(1984—),男,贵州,博士,主要研究方向为开放数据、知识图谱。
基金资助:
LIU Peng1,2(), HE Qian2, LIU Wangyang1, CHENG Xu1
Received:
2019-10-20
Online:
2020-03-10
Published:
2020-05-11
摘要:
属性基加密机制能够为云环境下的数据分享和管理提供灵活的访问控制方案。然而,传统的属性基加密方案存在解密复杂度高和属性撤销困难的问题,导致属性基加密机制在实际中的应用受限。针对上述问题,文章提出一种支持撤销属性和外包解密的密文策略属性基加密方案,该方案在属性撤销过程只需更新对应的密文组件,有效降低密文更新的计算开销,并且属性撤销过程对用户是透明的,用户不需要参与密文和密钥的更新,减少了属性撤销对用户的影响。同时,引入解密代理将解密过程中计算开销较大的部分外包到服务端,降低用户端解密开销。安全性分析表明,该方案可以抵抗联合共谋以及选择性明文攻击,并通过对比分析得到该方案在密文更新和解密过程的计算开销均具有一定的优势。
中图分类号:
刘鹏, 何倩, 刘汪洋, 程序. 支持撤销属性和外包解密的CP-ABE方案[J]. 信息网络安全, 2020, 20(3): 90-97.
LIU Peng, HE Qian, LIU Wangyang, CHENG Xu. CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption[J]. Netinfo Security, 2020, 20(3): 90-97.
[1] | FENG Dengguo, ZHANG Min, ZHANG Yan, et al.Study on Cloud Computing Security[J]. Journal of Software, 2011, 22(1): 71-83. |
冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83. | |
[2] | SAHAI A, WATERS B.Fuzzy identity-based encryption[C]//IACR. 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 22-26, 2005, Aarhus, Denmark. Heidelberg: Springer-Verlag, 2005: 457-473. |
[3] | GOYAL V, PANDEY O, SAHAI A, et al.Attribute-based encryption for fine-grained access control of encrypted data[C]//ACM. 13th ACM Conference on Computer and Communicatons Security, October 30-November 3, 2006, Alexandria, VA, USA. New York: ACM, 2006: 89-98. |
[4] | BETHENCOURT J, SAHAI A, WATERS B.Ciphertext-Policy Attribute-Based Encryption[C]//IEEE. 2007 IEEE Symposium on Security and Privacy, May 20-23, 2007, Oakland, Califormia, USA. New Jersey: IEEE, 2007: 321-334. |
[5] | WATERS B.Ciphertext-Policy Attribute-Based Encryption: an Expressive, Efficient, and Provably Secure Realization[C]//IACR. 14th International Conference on Practice and Theory in Public Key Cryptography, March 6-9, 2011, Taormina, Italy. Heidelberg: Springer, 2011: 53-70. |
[6] | PIRRETTI M, TRAYNOR P, et al.Secure attribute-based systems[C]//ACM, 13th ACM Conference on Computer and Communication Security, October 30-November 3, 2006, Alexandria, VA, USA. New York: ACM, 2006: 799-837. |
[7] | BOLDYREVA A, GOYAL V, KUNMAR V.Identity-based encryption with efficient re-vocation modes[C]//ACM. 15th ACM Conference on Computer and Communications Security, November 3-7, 2008, Alexandria, VA, USA. New York: ACM, 2008: 417-426. |
[8] | HUR J, DONG K N.Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2011, 22(7): 1214-1221. |
[9] | XIE Xingxing, MA Hua, LI Jin, et al.An Efficient Ciphertext Policy Attribute-Based Access Control Towards Revocation in Cloud Computing[J]. Journal of Universal Computerence, 2013, 19(16): 2349-2367. |
[10] | MA Hua, BAI Cuicui, LI Bin, et al.Attribute-Based Encryption Scheme Support in Attribute Revocation and Decryption Outsourcing[J]. Journal of Xidian University(Science & Technology), 2015, 42(6): 6-10. |
马华,白翠翠,李宾,等.支持属性撤销和解密外包的属性基加密方案[J].西安电子科技大学学报,2015,42(6):6-10. | |
[11] | SHIRAISHI Y, NOMURA K, MOHRI M, et al.Attribute Revocable Attribute-Based Encryption with Forward Secrecy for Fine-Grained Access Control of Shared Data[J]. IEICE Transactions on Information and Systems, 2017, 100(10): 2432-2439. |
[12] | SUN Lei, ZHAO Zhiyuan, WANG Jianhua, et al.Attribute-Based Encryption Scheme Supporting Attribute Revocation in Cloud Storage Environment[J]. Journal on Communications, 2019, 40(5): 47-56. |
孙磊,赵志远,王建华,等.云存储环境下支持属性撤销的属性基加密方案[J].通信学报,2019,40(5):47-56. | |
[13] | GREEN M, HOHENBERGER S, WATERS B.Outsourcing the Decryption of ABE Ciphertexts[C]//ACM. 2011 USENIX Conference on Security, August 8-12, 2011, San Francisco, CA. New York: ACM, 2011: 1-16. |
[14] | MAO Xianping, LAI Junzuo, MEI Qixiang, et al.Generic and Efficient Constructions of Attribute-Based Encryption with Verifiable Outsourced Decryption[J]. IEEE Transactions on Dependable & Secure Computing, 2016, 13(5): 533-546. |
[15] | WANG Hao, HE Debiao, SHEN Jian, et al.Verifiable Outsourced Ciphertext-Policy Attribute-Based Encryption in Cloud Computing[J]. Soft Computing, 2016, 21(24): 1-11. |
[16] | LI Jin, HUANG Xinyi, CHEN Xiaofeng, et al.Securely Outsourcing Attribute-Based Encryption with Checkability[J]. IEEE Transactions on Parallel and Distributed Systems, 2014, 25(8): 2201-2210. |
[17] | CHOW S S M. A Framework of Multi-Authority Attribute-Based Encryption with Outsourcing and Revocation[C]//ACM. 21th ACM on Symposium on Access Control Models and Technologies. June 5-8, 2016, Shanghai, China. New York: ACM, 2016: 215-226. |
[18] | WU Xianglong, JIANG Rui, BHARGAVA B.On the Security of Data Access Control for Multiauthority Cloud Storage Systems[J]. IEEE Transactions on Services Computing, 2015, 10(2): 285-272. |
[19] | YU Shucheng, WANG Cong, REN K, et al.Attribute-Based Data Sharing with Attribute Revocation[C]//ACM. 5th ACM Symposium on Information, Computer and Communications Security, April 13-16, 2010, Beijing, China. New York: ACM, 2010: 262-270. |
[20] | ZHANG Rui, MA Hui, LU Yao.Fine-Grained Access Control System Based on Fully out Sourced Attribute-Based Encryption[J]. Journal of Systems and Software, 2017, 125(C): 344-353. |
[21] | ZHAO Zhiyuan, WANG Jianhua, XU Kaiyong, et al.Fully Outsourced Attribute-Based Encryption with Varifiability for Cloud Storage[J]. Journal of Computer Research and Development, 2019, 56(2): 442-452. |
赵志远,王建华,徐开勇,等. 面向云存储的支持完全外包属性基加密方案[J]. 计算机研究与发展,2019,56(2):442-452. |
[1] | 汪金苗, 谢永恒, 王国威, 李易庭. 基于属性基加密的区块链隐私保护与访问控制方法[J]. 信息网络安全, 2020, 20(9): 47-51. |
[2] | 杜义峰, 郭渊博. 一种基于信任值的雾计算动态访问控制方法[J]. 信息网络安全, 2020, 20(4): 65-72. |
[3] | 喻露, 罗森林. RBAC模式下数据库内部入侵检测方法研究[J]. 信息网络安全, 2020, 20(2): 83-90. |
[4] | 许盛伟, 王飞杰. 多机构授权下可追踪可隐藏的属性基加密方案[J]. 信息网络安全, 2020, 20(1): 33-39. |
[5] | 汪金苗, 王国威, 王梅, 朱瑞瑾. 面向雾计算的隐私保护与访问控制方法[J]. 信息网络安全, 2019, 19(9): 41-45. |
[6] | 叶阿勇, 金俊林, 孟玲玉, 赵子文. 面向移动终端隐私保护的访问控制研究[J]. 信息网络安全, 2019, 19(8): 51-60. |
[7] | 秦中元, 韩尹, 张群芳, 朱雪金. 一种改进的多私钥生成中心云存储访问控制方案[J]. 信息网络安全, 2019, 19(6): 11-18. |
[8] | 闫玺玺, 张棋超, 汤永利, 黄勤龙. 支持叛逆者追踪的密文策略属性基加密方案[J]. 信息网络安全, 2019, 19(5): 47-53. |
[9] | 蔡方博, 何泾沙, 朱娜斐, 韩松. 分布式访问控制模型中节点级联失效研究[J]. 信息网络安全, 2019, 19(12): 47-52. |
[10] | 时向泉, 陶静, 赵宝康. 面向虚拟化环境的网络访问控制系统[J]. 信息网络安全, 2019, 19(10): 1-9. |
[11] | 董庆贺, 何倩, 江炳城, 刘鹏. 面向云数据库的多租户属性基安全隔离与数据保护方案[J]. 信息网络安全, 2018, 18(7): 60-68. |
[12] | 石悦, 李相龙, 戴方芳. 一种基于属性基加密的增强型软件定义网络安全框架[J]. 信息网络安全, 2018, 18(1): 15-22. |
[13] | 闫玺玺, 刘媛, 胡明星, 黄勤龙. 云环境下基于LWE的多机构属性基加密方案[J]. 信息网络安全, 2017, 17(9): 128-133. |
[14] | 闫玺玺, 刘媛, 李子臣, 黄勤龙. 云环境下理想格上的多机构属性基加密隐私保护方案[J]. 信息网络安全, 2017, 17(8): 19-25. |
[15] | 马国峻, 李凯, 裴庆祺, 詹阳. 一种社交网络中细粒度人脸隐私保护方案[J]. 信息网络安全, 2017, 17(8): 26-32. |
阅读次数 | ||||||||||||||||||||||||||||||||||||||||||||||||||
全文 167
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
摘要 636
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||