A Lifecycle-Manageable Public Data Sharing Scheme

doi:10.3969/j.issn.1671-1122.2024.08.014

Abstract

Abstract:

Public data as a data element can significantly empower government public services and social governance. However, frequent data breaches severely hinder the progress of public data sharing. Existing attribute-based encryption schemes, while enabling secure access to public data, suffer from inefficiencies in authorization management and difficulties in control after sharing, making them unsuitable for current public data sharing models. Therefore, this paper proposed a public data sharing scheme that was controllable throughout the entire lifecycle. The scheme began with a data capsule encapsulation method that deeply bound shared public data with access authorization policies; it then constructed a multi-party, layered authorization and lifecycle-aware access control method for the shared data. Security and experimental simulation analyses demonstrate that the scheme achieves controllable public data sharing throughout its entire lifecycle, with minimal overhead and meeting practical needs.

Key words: data capsule, data sharing, access control, blockchain

CLC Number:

TP309

LYU Qiuyun, ZHOU Lingfei, REN Yizhi, ZHOU Shifei, SHENG Chunjie. A Lifecycle-Manageable Public Data Sharing Scheme[J]. Netinfo Security, 2024, 24(8): 1291-1305.

Figures/Tables 9

References 29

[1]	State Council. Opinions of the CPC Central Committee and the State Council on Establishing a Data Base System to Maximize a Better Role of Data Elements[J]. Scientific Chinese, 2023(2): 60-64.
	中共中央国务院. 国务院关于构建数据基础制度更好发挥数据要素作用的意见[J]. 科学中国人, 2023(2): 60-64.
[2]	ZHENG Xue. The “Data Elements ×” Three-Year Action Plan Will Be Implemented[N]. 21st CENTURY BUSINESS HERALD, 2023-12-19(2).
	郑雪. “数据要素×”三年行动计划将落地[N]. 21世纪经济报道,2023-12-19(2).
[3]	FAN Wenyang. Over 30, 000 Pieces of Sensitive Information of Teachers and Students Leaked from a University in Nanchang, Resulting in an 800, 000 Yuan Fine! Three People Arrested[EB/OL]. (2023-08-16)[2024-03-17]. https://new.qq.com/rain/a/20230817A016UZ00.
	樊文扬. 南昌一高校3万余条师生敏感信息泄露,被罚80万!3人被抓[EB/OL]. (2023-08-16)[2024-03-17]. https://new.qq.com/rain/a/20230817A016UZ00.
[4]	SECRSS. Overview of the Top 10 Global Data Security and Cyber Attack Incidents in 2023[EB/OL]. (2023-12-15)[2024-03-17]. https://www.secrss.com/articles/61797.
	安全内参. 2023年全球10大数据安全和网络攻击事件盘点[EB/OL]. (2023-12-15)[2024-03-17]. https://www.secrss.com/articles/61797.
[5]	PENG Chun. The Promotion and Boundary of Data Sharing in the Public Sector[J]. SJTU Law Review, 2023(6): 63-77.
	彭錞. 论政务数据共享的推进与边界[J]. 交大法学, 2023(6): 63-77.
[6]	FERNANDEZ M, JAIMUNK J, THURAISINGHAM B. A Privacy-Preserving Architecture and Data-Sharing Model for Cloud-IoT Applications[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 20(4): 3495-3507.
[7]	DONG Xin, YU Jiadi, YUAN Luo, et al. Achieving an Effective, Scalable and Privacy-Preserving Data Sharing Service in Cloud Computing[J]. Computers & Security, 2014, 42: 151-164.
[8]	CHASE M. Multi-Authority Attribute Based Encryption[C]// Springer. 4th Theory of Cryptography Conference, TCC 2007. Heidelberg: Springer, 2007: 515-534.
[9]	SAHAI A, WATERS B. Fuzzy Identity-Based Encryption[C]// Springer. 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Heidelberg: Springer, 2005: 457-473.
[10]	GOYAL V, PANDEY O, SAHAI A, et al. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data[C]// ACM SIGSAC. 13th ACM Conference on Computer and Communications Security. New York: ACM, 2006: 89-98.
[11]	BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-Policy Attribute-Based Encryption[C]// IEEE. 2007 IEEE Symposium on Security and Privacy (SP’07). New York: IEEE, 2007: 321-334.
[12]	ZUO Cong, SHAO Jun, LIU J K, et al. Fine-Grained Two-Factor Protection Mechanism for Data Sharing in Cloud Storage[J]. IEEE Transactions on Information Forensics and Security, 2018, 13(1): 186-196.
[13]	LI Chunhua, HE Jinbiao, LEI Cheng, et al. Achieving Privacy-Preserving CP-ABE Access Control with Multi-Cloud[C]// IEEE. 2018 IEEE International Conference on Parallel & Distributed Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom). New York: IEEE, 2018: 801-808.
[14]	JI Honghan, ZHANG Hongjie, SHAO Lisong, et al. An Efficient Attribute-Based Encryption Scheme Based on SM9 Encryption Algorithm for Dispatching and Control Cloud[J]. Connection Science, 2021, 33(4): 1094-1115.
[15]	NING Jianting, HUANG Xinyi, SUSILO W, et al. Dual Access Control for Cloud-Based Data Storage and Sharing[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(2): 1036-1048.
[16]	KARTHIKA A, MUTHUKUMARAN N. An ADS-PAYG Approach Using Trust Factor against Economic Denial of Sustainability Attacks in Cloud Storage[J]. Wireless Personal Communications, 2022, 122(1): 69-85.
[17]	YANG Kan, SHU Jiangang, XIE Ruitao, et al. Efficient and Provably Secure Data Selective Sharing and Acquisition in Cloud-Based Systems[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 71-84.
[18]	BELLARE M, BOLDYREVA A, O’NEILL A. Deterministic and Efficiently Searchable Encryption[C]// Springer. Advances in Cryptology-CRYPTO 2007: 27th Annual International Cryptology Conference. Heidelberg: Springer, 2007: 535-552.
[19]	LYU Qiuyun, QI Yizhen, ZHANG Xiaocheng, et al. SBAC: A Secure Blockchain-Based Access Control Framework for Information-Centric Networking[J]. Journal of Network and Computer Applications, 2020, 149: 1-17.
[20]	XUE Zhiyuan, WANG Miao, ZHANG Qiuyue, et al. A Regulatable Blockchain Transaction Model with Privacy Protection[J]. International Journal of Computational Intelligence Systems, 2021, 14(1): 1642-1652.
[21]	NIE Zixiang, LONG Yuanzhentai, ZHANG Senlin, et al. A Controllable Privacy Data Transmission Mechanism for Internet of Things System Based on Blockchain[J]. International Journal of Distributed Sensor Networks, 2022, 18(3): 303-315.
[22]	ZHOU Quan, CHEN Minhui, WEI Kaijun, et al. Blockchain Access Control Scheme with SM9-Based Attribute Encryption[J]. Netinfo Security, 2023, 23(9): 37-46.
	周权, 陈民辉, 卫凯俊, 等. 基于SM9的属性加密的区块链访问控制方案[J]. 信息网络安全, 2023, 23(9): 37-46.
[23]	WANG Lun, NEAR J P, SOMANI N, et al. Data Capsule: A New Paradigm for Automatic Compliance with Data Privacy Regulations[C]//Springer. Heterogeneous Data Management, Polystores, and Analytics for Healthcare:VLDB 2019 Workshops, Poly and DMAH. Heidelberg: Springer, 2019: 3-23.
[24]	SOLTANI R, NGUYEN U T, AN Aijun. Data Capsule: A Self-Contained Data Model as an Access Policy Enforcement Strategy[C]// IEEE. 2021 3rd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS). New York: IEEE, 2021: 93-96.
[25]	MÜLLER S, KATZENBEISSER S, ECKERT C. On Multi-Authority Ciphertext-Policy Attribute-Based Encryption[J]. Bulletin of the Korean Mathematical Society, 2009, 46(4): 803-819.
[26]	OSTROVSKY R, SAHAI A, WATERS B. Attribute-Based Encryption with Non-Monotonic Access Structures[C]// ACM. 14th ACM Conference on Computer and Communications Security. New York: ACM, 2007: 195-203.
[27]	WANG Shulan, WANG Haiyan, LI Jianqiang, et al. A Fast CP-ABE System for Cyber-Physical Security and Privacy in Mobile Healthcare Network[J]. IEEE Transactions on Industry Applications, 2020, 56(4): 4467-4477.
[28]	NAKAMOTO S. Bitcoin Whitepaper[EB/OL]. (2008-10-31)[2024-03-17]. https://bitcoin.org/bitcoin.pdf.
[29]	LYU Qiuyun, LI Hao, DENG Zhining, et al. A2ua: An Auditable Anonymous User Authentication Protocol Based on Blockchain for Cloud Services[J]. IEEE Transactions on Cloud Computing, 2022(99): 1-16.

符号	描述
$SPP$,$SSP$	系统公开和保密参数
$\begin{align} & (P{{K}_{x}},S{{K}_{x}})\|x\in \\ & \{U,P,DB,S\} \\ \end{align}$	公共数据需求方U、公共数据平台P、数据局DB和数源方S 的公私钥匙
$I{{D}_{x}}\|x\in \{P,U,SU,S\}$	公共数据平台P、公共数据需求方U、公共数据需求方直属上级SU、数源方S的身份标识符
$SCR$	共享证书请求
DV,OV, SOV	数据凭证，组织机构凭证，直属上级组织机构凭证
SC	共享证书
$T$	访问策略树
$ACT$	访问控制树
$ACR$	访问控制规则
CT	加密后的密文
${{q}_{x}}$	访问控制树逻辑节点多项式

方案	细粒度访问控制	抵御访问密钥勾结攻击	抵御EDoS攻击	全生命周期感知	访问属性安全颁发
文献[12]方案	√	√	×	×	×
文献[15]方案	√	√	√	×	×
文献[17]方案	√	×	×	×	×
本文方案	√	√	√	√	√

方案	初始化阶段	密钥生成阶段	加密阶段	解密阶段
文献[12]方案	3\|u\|(e₁+e_T)+p	(3\|u\|+1)e₁	(\|u\|+1)e₁+e_T	(\|u\|+1)p
文献[15]方案	e₁+e_T+p	(\|s\|+2)e₁	(3n+1)e₁+e_T	(2n₁+1)p
文献[17]方案	4e₁+e_T+p	(\|s\|+7)e₁	(3n+5)e₁+2e_T+p	e₁+2e_T
本文方案	e₁+e_T+p	(2e₁+z)\|s\|	(n+1)e₁+zn+e_T+p	(2n₁+1)p

方案	主公钥	数据使用方密钥	密文
文献[12]方案	\|u\|\|G₁\|+\|G_T\|	(3\|u\|+1)\|G₁\|	\|M\|+\|G_T\|+(\|u\|+1)\|G₁\|
文献[15]方案	\|G₁\|+\|G_T\|	(\|S\|+2)\|G₁\|	\|M\|+\|G_T\|+(3n+1)\|G₁\|
文献[17]方案	4\|G₁\|+\|G_T\|	2\|Z_p\|+(\|s\|+4)\|G₁\|	\|M\|+(2n+5)\|G₁\|
本文方案	2\|G₁\|+\|G_T\|	(\|s\|+1)\|G₁\|	\|M\|+\|G_T\|+(2n+1)\|G₁\|