信息网络安全 ›› 2021, Vol. 21 ›› Issue (4): 21-30.doi: 10.3969/j.issn.1671-1122.2021.04.003

• 技术研究 • 上一篇    下一篇

多用户通信机制中支持隐私保护的属性基动态广播加密

游文婷1, 张乐友1(), 叶亚迪1, 李晖2   

  1. 1.西安电子科技大学数学与统计学院,西安 710071
    2.西安电子科技大学网络与信息安全学院,西安 710071
  • 收稿日期:2020-12-08 出版日期:2021-04-10 发布日期:2021-05-14
  • 通讯作者: 张乐友 E-mail:lyzhang@mail.xidian.edu.cn
  • 作者简介:游文婷(1994—),女,山西,博士研究生,主要研究方向为匿名属性基加密|张乐友(1977—),男,山东,教授,博士,主要研究方向为公钥密码、隐私保护及信息安全|叶亚迪(1996—),女,山东,硕士研究生,主要研究方向为匿名加密|李晖(1968—),男,河南,教授,博士,主要研究方向为密码与信息安全、信息论与编码理论
  • 基金资助:
    国家自然科学基金(U19B2021);陕西省重点研发计划(2019KW-056);“十三五”国家密码发展基金(MMJJ20180209)

Privacy-preserving Attribute-based Dynamic Broadcast Encryption Mechanism in Multi-user Communication System

YOU Wenting1, ZHANG Leyou1(), YE Yadi1, LI Hui2   

  1. 1. School of Mathematics and Statistics, Xidian University, Xi’an 710071, China
    2. School of Network Information and Security, Xidian University, Xi’an 710071, China
  • Received:2020-12-08 Online:2021-04-10 Published:2021-05-14
  • Contact: ZHANG Leyou E-mail:lyzhang@mail.xidian.edu.cn

摘要:

云计算和物联网的快速发展使多用户信息共享机制备受关注,然而当用户将个人数据上传到云服务器与不同用户共享时,未经授权的用户和不可信的第三方云服务提供商会窥探这些隐私数据,对数据安全和用户隐私构成严重威胁。此外,多用户共享机制还存在访问控制不灵活、用户撤销和动态管理等问题。为了解决这些问题,文章结合属性基加密与广播加密技术提出一种动态广播加密机制。该方案在保证数据安全的同时,利用不经意传输协议,实现了接收者的匿名,保护了用户隐私。此外,该方案还支持新用户随时动态加入系统,且不影响原用户在系统中的解密能力,并实现了用户撤销和快速解密。性能分析表明,该方案较已有方案在安全性和效率方面有明显优势。

关键词: 属性基广播加密, 云计算, 不经意传输协议, 快速解密

Abstract:

Multi-user information sharing mechanism has been paid more and more attention with the rapid development of cloud computing and the Internet of things. However, when users upload personal data to the cloud server to share with different users, unauthorized users and untrusted third-party cloud service providers will snoop on these private data, which will pose a serious threat to data security and user privacy. In addition, there are still some challenges in the multiple-user sharing mechanism, such as inflexible access control, user revocation and dynamic management, etc. To address these problems, this paper proposes a dynamic broadcast encryption mechanism. It combines attribute-based encryption with broadcast encryption techniques. The scheme uses the oblivious transmission protocol to realize the receiver anonymity and protect the user privacy while ensuring the data security. Additionally, the scheme supports new users to join the system dynamically at any time without affecting the decryption ability of previous users in the system, and achieves user revocation and fast decryption. Performance analysis shows that the scheme has obvious advantages in security and efficiency compared with existing schemes.

Key words: attribute-based broadcast encryption, cloud computing, oblivious transfer protocol, fast decryption

中图分类号: