Research on the Security Model of Multi-Authority for Attribute Encryption Based on Blockchain

doi:10.3969/j.issn.1671-1122.2022.05.010

Abstract

Abstract:

In the cloud environment, attribute encryption algorithms can effectively implement fine-grained access control of data cloud storage. Attribute encryption algorithms based on a single authority may have problems such as single point of failure and difficulty in key distribution, while attribute encryption algorithms based on multi-authority institutions have problems such as high communication overhead and untrustworthy authority. In view of the above problems, this paper proposed a blockchain-based attribute encryption multi-authority security access control model. Firstly, multiple authorized agencies jointly participate in the generation and secure transmission of attribute keys, which avoids the leakage of key information. Secondly, through the consensus mechanism and the sliding window mechanism, the authorized nodes are dynamically elected, the single point of failure is solved, the number of authorized nodes is dynamically adjusted, and the load balance is realized. Theoretical analysis and experimental data show that the scheme proposed in this paper can effectively ensure data security and improve the credibility, reliability and auditability of authorized institutions.

Key words: blockchain, attribute-based encryption, multi-authority

CLC Number:

TP309

CUI Haoyu, MA Limin, WANG Jiahui, ZHANG Wei. Research on the Security Model of Multi-Authority for Attribute Encryption Based on Blockchain[J]. Netinfo Security, 2022, 22(5): 84-93.

Figures/Tables 15

References 24

[1]	LIU Chilun. Cloud Service Access Control System Based on Ontologies[J]. Advances in Engineering Software, 2014, 69: 26-36. doi: 10.1016/j.advengsoft.2013.12.006 URL
[2]	CHEN Danwei, HUANG Xiuli, REN Xunyi. Access Control of Cloud Service Based on UCON[C]// Springer. Proceedings of the 1st International Conference on Cloud Computing. Heidelberg: Springer, 2009: 559-564.
[3]	BELLARE M, DESAI A, JOKIPII E, et al. A Concrete Security Treatment of Symmetric Encryption[C]// IEEE. Proceedings of the 38th Annual Symposium on Foundations of Computer Science. Washington, DC: IEEE, 1997: 394-403.
[4]	CURTMOLA R, GARAY J, KAMARA S, et al. Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions[C]// ACM. Proceedings of the 13th ACM Conference on Computer and Communications Security. New York: ACM, 2006: 79-88.
[5]	CRAMER R, SHOUP V. Design and Analysis of Practical Public-Key Encryption Schemes Secure Against Adaptive Chosen Ciphertext Attack[J]. Siam Journal on Computing, 2004, 33(1): 167-226. doi: 10.1137/S0097539702403773 URL
[6]	BALDI M, BIANCHI M, CHIARALUCE F, et al. Enhanced Public Key Security for the McEliece Cryptosystem[J]. Journal of Cryptology, 2016, 29(1): 1-27. doi: 10.1007/s00145-014-9187-8 URL
[7]	SAHAI A, WATERS B. Fuzzy Identity-Based Encryption[C]// Springer. Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques. Heidelberg: Springer, 2005: 457-473.
[8]	DAN B, FRANKLIN M. Identity-Based Encryption from the Weil Pairing[C]// Springer. Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology. Heidelberg: Springer, 2001: 213-229.
[9]	SUN Li. Research and Application of Information Protection Mechanism for Online Education Resource Alliance[J]. Netinfo Security, 2021, 21(9): 32-39.
	孙力. 区块链+在线教育资源联盟信息保护机制研究与应用[J]. 信息网络安全, 2021, 21(9):32-39.
[10]	CAO Lei. Cloud Outsourcing Attribute Base Encryption for Hidden Structure in Mobile Medical Service[D]. Xi'an: Xidian University, 2015.
[11]	CHASE M. Multi-Authority Attribute Based Encryption[C]// Springer. Proceedings of the 4th Theory of Cryptography Conference Amsterdam. Heidelberg: Springer, 2007: 515-534.
[12]	CHASE M, CHOW S. Improving Privacy and Security in Multi-Authority Attribute-Based Encryption[C]// ACM. Proceedings of the 16th ACM conference onComputer and communications security. New York: ACM, 2009: 121-130.
[13]	LEWKO A, WATERS B. Decentralizing Attribute-Based Encryption[C]// Springer. Proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Heidelberg: Springer, 2011: 568-588.
[14]	YUAN Chao, XU Mixue, SI Xueming, et al. Blockchain with Accountable CP-ABE: How to Effectively Protect the Electronic Documents[C]// IEEE. Proceedings of the 2017 IEEE 23rd International Conference on Parallel and Distributed Systems. Washington: IEEE, 2017: 800-803.
[15]	ZHENG Lianghan, HE Heng, TONG Qian, et al. Multi-Authority Access Control Scheme in Cloud Environment[J]. Journal of Frontiers of Computer Science and Technology, 2020, 14(11): 1865-1878.
	郑良汉, 何亨, 童潜, 等. 云环境中的多授权机构访问控制方案[J]. 计算机科学与探索, 2020, 14(11):1865-1878.
[16]	BEIMEL A. Secure Schemes for Secret Sharing and Key Distribution[D]. Haifa: Israel Institute of Technology, 1996.
[17]	WANG Jinmiao, XIE Yongheng, WANG Guowei, et al. A Method of Privacy Preserving and Access Control in Blockchain Based on Attribute-Based Encryption[J]. Netinfo Security, 2020, 20(9): 47-51.
	汪金苗, 谢永恒, 王国威, 等. 基于属性基加密的区块链隐私保护与访问控制方法[J]. 信息网络安全, 2020, 20(9):47-51.
[18]	YU Shucheng, WANG Cong, REN Kui, et al. Achieving Secure, Scalable, and Fine-Grained Data Access Control in Cloud Computing[C]// IEEE. Proceedings of the Infocom 2010. New York: IEEE, 2010: 1-9.
[19]	YU Jingang, ZHANG Hong, LI Shu, et al. Data Sharing Model for Internet of Things Based on Blockchain[J]. Journal of Chinese Mini-Micro Computer Systems, 2019, 40 (11): 2324-2329.
[20]	LI Jiguo, SHI Yuerong, ZHANG Yichen. Searchable Ciphertext-Policy Attribute-Based Encryption with Revocation in Cloud Storage[J]. International Journal of Communication Systems, 2017, 30(1): 2942-2955.
[21]	TIAN Youliang, YANG Kedi, WANG Zuan, et al. Algorithm of Blockchain Data Provenance Based on ABE[J]. Journal on Communications, 2019, 40 (11): 101-111.
	田有亮, 杨科迪, 王缵, 等. 基于属性加密的区块链数据溯源算法[J]. 通信学报, 2019, 40(11):101-111.
[22]	YAN Xixi, YUAN Xiaohan, TANG Yongli, et al. Verifiable Attribute-Based Searchable Encryption Scheme Based on Blockchain[J]. Journal on Communications, 2020, 41(2): 187-198.
	闫玺玺, 原笑含, 汤永利, 等. 基于区块链且支持验证的属性基搜索加密方案[J]. 通信学报, 2020, 41(2):187-198.
[23]	WATERS B. Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization[C]// Springer. Proceedings of the 14th International Conference on Practice and Theory in Public Key Cryptography Conference on Public Key Cryptography. Heidelberg: Springer, 2011: 53-70.
[24]	JUNG T, LI Xiangyang, WAN Zhiguo, et al. Privacy Preserving Cloud Data Access with Multi-Authorities[C]// IEEE. Proceedings of the Infocom 2013. New York: IEEE, 2013: 2625-2633.

参数	含义
k	系统安全参数
U	系统属性全集
pk	系统主公钥
mk	系统主密钥
S	用户属性集合
sk	用户属性密钥
M_i	l×n型访问控制矩阵M的第i行
ap	访问控制策略
ρ(i)	映射函数ρ为行指定属性
s	秘密共享密钥
λ_i	秘密共享密钥份额
v	随机向量
m	共享数据明文
CT	共享数据密文
(e,d )	用户非对称密钥对

方案	隐私保护	细粒度访问控制	多节点协同计算
文献[19]	√	•	•
文献[20]	•	•	•
文献[21]	√	√	•
文献[22]	√	√	•
本文方案	√	√	√

方案	本文方案	AC-CP-ABE^[23]	LS-CP-ABE^[24]
系统初始化时间	2E₀+E₁+P	2E₀+E₁+P	2E₀+E₁+P
密钥生成时间	(2+x)E₀	(3+2x)E₀	(2+2x)E₀
私钥存储开销	(2+x)l₀	(1+2x)l₀	(5+2x)l₀