云存儲環(huán)境下無密鑰托管可撤銷屬性基加密方案研究

趙志遠; 朱智強; 王建華; 孫磊

doi:10.11999/JEIT170317

云存儲環(huán)境下無密鑰托管可撤銷屬性基加密方案研究

doi: 10.11999/JEIT170317

1.
(信息工程大學三院鄭州 450001) ②(鄭州信大先進技術研究院鄭州 450001) ③(空軍電子技術研究所北京 100195)

基金項目:

國家重點研發(fā)計劃(2016YFB0501900)，國家973計劃項目(2013CB338000)

計量
- 文章訪問數(shù): 1797
- HTML全文瀏覽量: 230
- PDF下載量: 388
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2017-04-11
- 修回日期: 2017-07-07
- 刊出日期: 2018-01-19

Revocable Attribute-based Encryption with Escrow-free in Cloud Storage

1.
(The Third College, Information Engineering University, Zhengzhou 450001, China)

Funds:

The National Key Research Program of China (2016YFB0501900), The National 973 Program of China (2013CB338000)

摘要

摘要: 屬性基加密因其細粒度訪問控制在云存儲中得到廣泛應用。但原始屬性基加密方案存在密鑰托管和屬性撤銷問題。為解決上述問題，該文提出一種密文策略的屬性基加密方案。該方案中屬性權威與中央控制通過安全兩方計算技術構建無密鑰托管密鑰分發(fā)協(xié)議解決密鑰托管問題。通過更新屬性版本密鑰的方式達到屬性級用戶撤銷，同時通過中央控制可以實現(xiàn)系統(tǒng)級用戶撤銷。為減少用戶解密過程的計算負擔，將解密運算過程中復雜對運算外包給云服務商，提高解密效率。該文基于q-Parallel BDHE假設在隨機預言機模型下對方案進行了選擇訪問結構明文攻擊的安全性證明。最后從理論和實驗兩方面對所提方案的效率與功能性進行了分析。實驗結果表明所提方案無密鑰托管問題，且具有較高系統(tǒng)效率。
- 云存儲 /
- 屬性基加密 /
- 無密鑰托管 /
- 撤銷 /
- 解密外包
Abstract: Attribute-Based Encryption (ABE) scheme is widely used in cloud storage, which can achieve fine-grained access control. However, the original attribute-based encryption schemes have key escrow and attribute revocation problems. To solve these problems, this paper proposes a ciphertext-based ABE scheme. In the scheme, the key escrow problem could be solved by escrow-free key issuing protocol, which is constructed using the secure two-party computation between the attribute authority and the central controller. By updating the attribute version key, the scheme can achieve attribute-level user revocation. And by central controller, the scheme can achieve system-level user revocation. In order to reduce the user,s computational burden of decryption, this scheme outsources the complicated pair operation to cloud service providers. Based on the assumption of q-Parallel BDHE, the scheme is proved that is the security of the chosen plaintext attack in the random oracle model. Finally, the efficiency and function of this scheme are analyzed theoretically and experimentally. The experimental results show that the proposed scheme does not have key escrow problem and has the higher system efficiency.
- Cloud storage /
- Attribute-Based Encryption (ABE) /
- Escrow-free /
- Revocation /
- Outsourced decryption

HTML全文

參考文獻(18)

ZHANG Yuqing, WANG Xiaofei, LIU Xuefeng, et al. Survey on cloud computing security[J]. Journal of Software, 2016, 27(6): 1328-1348. doi: 10.13328/j.cnki.jos.005004.

張玉清, 王曉菲, 劉雪峰, 等. 云計算環(huán)境安全綜述[J]. 軟件學報, 2016, 27(6): 1328-1348. doi: 10.13328/j.cnki.jos.005004.

MOROVATI K, KADAM S, and GHORBANI A. A network based document management model to prevent data extrusion[J]. Computers Security, 2016, 59(c): 71-91. doi: 10.1016/j.cose.2016.02.003.

BETHENCOURT J, SAHAI A, and WATERS B. Ciphertext-policy attribute-based encryption[C]. 2007 IEEE Symposium on Security and Privacy (SP'07), Berkeley, CA, USA, 2007: 321-334. doi: 10.1109/SP.2007.11.

LIU C W, HSIEN W F, YANG C C, et al. A survey of attribute-based access control with user revocation in cloud data storage[J]. International Journal of Network Security, 2016, 18(5): 900-916.

PIRRETTI M, TRAYNOR P, MCDANIEL P, et al. Secure attribute-based systems[C]. Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, 2006: 99-112. doi: 10.1145/ 1180405.1180419.

BOLDYREVA A, GOYAL V, and KUMAR V. Identity- based encryption with efficient revocation[C]. Proceedings of the 15th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, 2008: 417-426. doi: 10.1145/1455770.1455823.

HUANG Q, MA Z, YANG Y, et al. EABDS: Attribute-based secure data sharing with efficient revocation in cloud computing[J]. Chinese Journal of Electronics, 2015, 24(4): 862-868. doi: 10.1049/cje.2015.10.033.

IBRAIMI L, PETKOVIC M, NIKOVA S, et al. Mediated ciphertext-policy attribute-based encryption and its application[C]. Information Security Applications: 10th International Workshop, Busan, Korea, 2009: 309-323. doi: 10.1007/978-3-642-10838-9_23.

YU S, WANG C, REN K, et al. Attribute based data sharing with attribute revocation[C]. Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, 2010: 261-270. doi: 10.1145/1755688. 1755720.

HUR J and NOH D K. Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2011, 22(7): 1214-1221. doi: 10.1109/TPDS.2010.203.

YANG K, JIA X, and REN K. Attribute-based fine-grained access control with efficient revocation in cloud storage systems[C]. Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, Hangzhou, China, 2013: 523-528. doi: 10.1145/ 2484313.2484383.

ZU L, LIU Z, and LI J. New ciphertext-policy attribute-based encryption with efficient revocation[C]. IEEE International Conference on Computer and Information Technology, Xi,an, China, 2014: 281-287. doi: 10.1109/CIT.2014.97.

QIAN H, LI J, ZHANG Y, et al. Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation[J]. International Journal of Information Security, 2015, 14(6): 487-497. doi: 10.1007/ s10207-014-0270-9.

王尚平, 余小娟, 張亞玲. 具有兩個可撤銷屬性列表的密鑰策略的屬性加密方案[J]. 電子與信息學報, 2016, 38(6): 1406-1411. doi: 10.11999/JEIT150845.

WANG Shangping, YU Xiaojuan, and ZHANG Yaling. Revocable key-policy attribute-based encryption scheme with two revocation lists[J]. Journal of Electronics Information Technology, 2016, 38(6): 1406-1411. doi: 10.11999/ JEIT150845.

VAANCHIG N, CHEN W, and QIN Z. Fine-grained access control for cloud data sharing by secure and efficient attribute-revocable ciphertext-policy attribute-based encryption[J]. International Journal of Security and Its Applications, 2016, 10(10): 303-320. doi: 10.14257/ijsia. 2016.10.10.27.

HUR J. Improving security and efficiency in attribute-based data sharing[J]. IEEE Transactions on Knowledge and Data Engineering, 2013, 25(10): 2271-2282. doi: 10.1109/TKDE. 2011.78.

施引文獻

資源附件(0)

訪問統(tǒng)計