信息网络安全 ›› 2018, Vol. 18 ›› Issue (6): 52-60.doi: 10.3969/j.issn.1671-1122.2018.06.007

• • 上一篇    下一篇

云计算中支持授权相等测试的基于身份加密方案

张琦, 林喜军, 曲海鹏()   

  1. 中国海洋大学信息科学与工程学院,山东青岛 266100
  • 收稿日期:2018-04-11 出版日期:2018-06-15 发布日期:2020-05-11
  • 作者简介:

    作者简介:张琦(1992—),女,山东,硕士研究生,主要研究方向为密码学、信息安全;林喜军(1977—),男,山东,讲师,博士,主要研究方向为密码学、信息安全;曲海鹏(1972—),男,山东,副教授,博士,主要研究方向为密码学、信息安全。

  • 基金资助:
    国家自然科学基金[61379127]

Identity-based Encryption Scheme Support Authorization Equality Test in Cloud Environment

Qi ZHANG, Xijun LIN, Haipeng QU()   

  1. College of Information Science and Engineering, Ocean University of China, Qingdao Shandong 266100, China
  • Received:2018-04-11 Online:2018-06-15 Published:2020-05-11

摘要:

随着云计算技术的不断发展,公有云环境中的加密算法已经成为当前研究的热点课题。其中,可以支持相等测试的基于身份的加密(IBEET)算法备受关注。该算法能够实现对两个不同用户加密后的密文进行对比,并判断这些密文对应的明文信息是否相等,以便进行信息比对、匹配和查询检索。然而,现有的支持相等测试的基于身份的加密算法都缺少细粒度的授权机制。为了保护用户隐私,文章提出一种支持授权相等测试的基于身份加密方案(IBE-SAET),可以实现对云服务器进行密文级或用户级的授权,用户可以选择对服务器进行两种粒度的授权。文中给出了相应的系统模型、正式算法定义及安全模型。另外,文章基于双线性映射上的Diffie-Hellman假设,设计了具体的加密算法和授权算法。最后,在随机预言模型下,证明了方案满足单向的抗选择ID和选择密文的攻击安全性。

关键词: 云计算, 基于身份加密, 相等测试, 授权

Abstract:

Recently, the encryption algorithm in public cloud environment has been a hot topic. Among these encryption algorithms, the identity-based encryption with equality test (IBEET) algorithm which can support the equality test attracts much attention. This kind of algorithm can compare the encrypted ciphertexts of two different users and determine whether the corresponding message of the ciphertexts are equal, which bring convenient for information comparing, matching and querying. However, there is still lacking of fine-grained authorization mechanism up to date for the identity-based encryption algorithm that supports the equality test in the public cloud. In order to enhance the privacy of user’s data, this paper proposes an identity-based encryption scheme support authorization equality test (IBE-SAET), and design two kinds of authorization which are user specific authorization and ciphertext specific authorization for cloud servers. In the new scheme, the user can authorize the cloud server with two different types of authorization. What’s more, this thesis gives the corresponding system model, formal algorithm definition and security model of IBE-SAET. In addition, specific encryption algorithms and authorization algorithms are designed based on the Diffie-Hellman problem on bilinear maps. Finally, this paper proves the security of the IBE-SAET scheme in random oracle model, which is one-way secure against chosen identity and chosen ciphertext attacks.

Key words: cloud computing, identity-based encryption, equality test, authorization

中图分类号: