基于屬性加密的高效密文去重和審計方案

馬華; 黨乾龍; 王劍鋒; 劉振華

doi:10.11999/JEIT170935

基于屬性加密的高效密文去重和審計方案

doi: 10.11999/JEIT170935

1.
西安電子科技大學數(shù)學與統(tǒng)計學院 ??西安 ??710071
2.
西安電子科技大學網(wǎng)絡(luò)與信息安全學院 ??西安 ??710071

基金項目: 國家自然科學基金(61702401, 61472470)，中國博士后科學基金(2017M613083)

詳細信息

作者簡介:
馬華：女，1963年生，教授，研究方向為網(wǎng)絡(luò)與信息安全

黨乾龍：男，1993年生，碩士生，研究方向為網(wǎng)絡(luò)與信息安全

王劍鋒：男，1985年生，講師，研究方向為應(yīng)用密碼學、云安全和數(shù)據(jù)外包

劉振華：男，1978年生，教授，研究方向為云計算中的密碼理論與安全協(xié)議、密文數(shù)據(jù)的再處理

通訊作者:
黨乾龍　xidianqldang@163.com

中圖分類號: TP309
計量
- 文章訪問數(shù): 2098
- HTML全文瀏覽量: 783
- PDF下載量: 96
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2017-10-10
- 修回日期: 2018-11-14
- 網(wǎng)絡(luò)出版日期: 2018-11-19
- 刊出日期: 2019-02-01

Efficient Ciphertext Deduplication and Auditing Scheme with Attribute-based Encryption

1.
School of Mathematics and Statistics, Xidian University, Xi’an 710071, China
2.
School of Network and Information Security, Xidian University, Xi’an 710071, China

Funds: The National Natural Science Foundation of China (61702401, 61472470), The China Postdoctoral Science Foundation (2017M613083)

摘要

摘要:
針對當前支持去重的屬性加密方案既不支持云存儲數(shù)據(jù)審計，又不支持過期用戶撤銷，且去重搜索和用戶解密效率較低的問題，該文提出一種支持高效去重和審計的屬性加密方案。該方案引入了第3方審計者對云存儲數(shù)據(jù)的完整性進行檢驗，利用代理輔助用戶撤銷機制對過期用戶進行撤銷，又提出高效去重搜索樹技術(shù)來提高去重搜索效率，并通過代理解密機制輔助用戶解密。安全性分析表明該方案通過采用混合云架構(gòu)，在公有云達到IND-CPA安全性，在私有云達到PRV-CDA安全性。性能分析表明該方案的去重搜索效率更高，用戶的解密計算量較小。
- 屬性加密 /
- 數(shù)據(jù)去重 /
- 審計 /
- 用戶撤銷 /
- 代理解密
Abstract:
Existing attribute-based deduplication schemes can support neither auditing of cloud storage data nor revocation of expired users. On the other hand, they are less efficient for deduplication search and users decryption. In order to solve these problems, this paper proposes an efficient deduplication and auditing Attribute-Based Encryption (ABE) scheme. A third-party auditor is introduced to verify the integrity of cloud storage data. Through an agent auxiliary user revocation mechanism, the proposed scheme supports the revocation of expired users. Effective deduplication search tree is put forward to improve the search efficiency, and the proxy decryption mechanism is used to assist users to decrypt. Finally, the security analysis shows that the proposed scheme can achieve IND-CPA security in the public cloud and PRV-CDA security in the private cloud by resorting to the hybrid cloud architecture. The performance analysis shows that the deduplication search is more efficient and the computation cost of user encryption is smaller.
- Attribute-Based Encryption (ABE) /
- Data deduplication /
- Auditing /
- Users revocation /
- Proxy decryption

HTML全文

圖 1 高效去重搜索樹生成過程舉例

下載: 全尺寸圖片幻燈片

表 1 高效去重搜索樹構(gòu)造

　算法 1　高效去重搜索樹構(gòu)造

　假設(shè)私有云需要存儲密文元組${{\rm{CT}} _i}$的指針到EDST葉子節(jié)點。(初
始化時，當前節(jié)點從根節(jié)點開始。假設(shè)$\left| {{T_{2,i}}} \right| $=60 bit。)

步驟 1　若$1 \le j < 60$時，私有云判斷標簽${T_{2,i}}$第$j$位。如果第$j$位
是0，密文元組${{\rm{CT}} _i}$的指針移動到當前節(jié)點的左子節(jié)點；
否則移動到右子節(jié)點。

步驟 2　若$j = 60$時，私有云判斷標簽${T_{2,i}}$第60位。如果第60位是0，密文元組${{\rm{CT}} _i}$的指針移動到當前節(jié)點的左子節(jié)點，并在當前節(jié)點存儲密文元組${{\rm{CT}} _i}$的指針；否則移動到右子節(jié)點，并在當前節(jié)點存儲密文元組${{\rm{CT}} _i}$的指針。

下載: 導(dǎo)出CSV

表 2 數(shù)據(jù)在高效去重搜索樹上去重搜索

　算法 2　數(shù)據(jù)在高效去重搜索樹上去重搜索

　$U\,$發(fā)送密文元組${{\rm{CT}} _i}$到私有云，私有云收到${{\rm{CT}} _i}$后，它開始從根
節(jié)點檢查重復(fù)數(shù)據(jù)。(初始化時，當前節(jié)點從根節(jié)點開始。)

　步驟 1　若$1 \le j < 60$時，私有云判斷標簽${T_{2,i}}$第$j$位；

　　(1)如果第$j$位是0。若當前節(jié)點有左子節(jié)點，則密文元組${{\rm{CT}} _i}$的
指針移動到當前節(jié)點的左子節(jié)點；否則，重復(fù)數(shù)據(jù)沒有找到；

　　(2)如果第$j$位是1。若當前節(jié)點有右子節(jié)點，則密文元組${{\rm{CT}} _i}$的
指針移動到當前節(jié)點的右子節(jié)點；否則，重復(fù)數(shù)據(jù)沒有找到。

　步驟 2　若$j = 60$時，私有云判斷標簽${T_{2,i}}$第60位；

　　(1)如果第60位是0。若當前節(jié)點有左子節(jié)點，則密文元組${{\rm{CT}} _i}$
的指針移動到當前節(jié)點的左子節(jié)點，轉(zhuǎn)(3)步；否則，重復(fù)
數(shù)據(jù)沒有找到；

　　(2)如果第60位是1。若當前節(jié)點有右子節(jié)點，則密文元組${{\rm{CT}} _i}$
的指針移動到當前節(jié)點的右子節(jié)點，轉(zhuǎn)(3)步；否則，重復(fù)
數(shù)據(jù)沒有找到；

　　(3)密文元組${{\rm{CT}} _i}$的指針找到密文元組${{\rm{CT}} _j}$，私有云判斷等式
$e({g^{{H_1}(m){\mu _i}}},{g^{{\mu _j}}}) = e({g^{{H_1}(m){\mu _j}}},{g^{{\mu _i}}})$是否成立。若成立，則重復(fù)
數(shù)據(jù)找到；否則，重復(fù)數(shù)據(jù)沒有找到。

下載: 導(dǎo)出CSV

表 3 本文方案與不同方案之間的比較

方案	大屬性空間	數(shù)據(jù)審計	用戶撤銷	數(shù)據(jù)去重	去重搜索階段的計算量	用戶解密階段的計算量	用戶私鑰的長度
文獻[7]方案	√	×	×	√	$2{\rm{Exp}} (G) + 2n{\rm{Pair}} $	$ \le (k + 2){\rm{Exp}} (G) + (3k + 1){\rm{Pair}} $	$2\|S\| + 2$
文獻[13]方案	√	√	√	×	/	${\rm{Exp}} (G)$	$2\|S\| + 3$
本文方案	√	√	√	√	$2{\rm{Exp}} (G) + {\rm{Exp}} ({G_T}) + 2{\rm{Pair}} $	${\rm{Exp}} (G)$	$2\|S\| + 3$

下載: 導(dǎo)出CSV

參考文獻(14)

CHOO K K R, HERMAN M, IORGA M, et al. Cloud forensics: State-of-the-art and future directions[J]. Digital Investigation, 2016, 18: 77–78. doi: 10.1016/j.diin.2016.08.003

LAI Junzuo, DENG R H, and LI Yingjun. Fully secure cipertext-policy hiding CP-ABE[C]. International Conference on Information Security Practice and Experience, Guangzhou, China, 2011: 24–39. doi: https://doi.org/10.1007/978-3-642-21031-0_3.

YU Shucheng, WANG Cong, REN Kui, et al. Achieving secure, scalable, and fine-grained data access control in cloud computing[C]. Proceedings of the 29th Conference on Information Communications, San Diego, USA, 2010: 1–9.

ROUSELAKIS Y and WATERS B. Practical constructions and new proof methods for large universe attribute-based encryption[C]. ACM Sigsac Conference on Computer & Communications Security, Berlin, Germary, 2013: 463–474.

BELLARE M, KEELVEEDHI S, and RISTENPAR T. Message-locked encryption and secure deduplication[C]. Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, 2013: 296–312. doi: https://doi.org/10.1007/978-3-642-38348-9_18.

BELLARE M and KEELVEEDHI S. Interactive messagee- locked encryption and secure deduplication[C]. IACR International Workshop on Public Key Cryptography, Gaithersburg, USA, 2015: 516–538. doi: https://doi.org/10.1007/978-3-662-46447-2_23.

CUI Hui, DENG R H, LI Yingjiu, et al. Attribute-based storage supporting secure deduplication of encrypted data in cloud[J]. IEEE Transactions on Big Data, 2017(99): 1–13. doi: 10.1109/TBdata.2017.2656120

JIANG Tao, CHEN Xiaofeng, WU Qianhong, et al. Secure and efficient cloud data deduplication with randomized tag[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(3): 532–543. doi: 10.1109/TIFS.2016.2622013

YANG Xue, LU Rongxing, CHOO K K R, et al. Achieving efficient and privacy-preserving cross-domain big data deduplication in cloud[J]. IEEE Transactions on Big Data, 2017(99): 1–12. doi: 10.1109/TBDATA.2017.2721444

YU Yong, LI Yannan, NI Jianbing, et al. Comments on " public integrity auditing for dynamic data sharing with multiuser modification”[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(3): 658–659. doi: 10.1109/TIFS.2015.2501728

YANG Guangyuan, YU Jia, SHEN Wenting, et al. Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability[J]. Journal of Systems and Software, 2016, 113: 130–139. doi: 10.1016/j.jss.2015.11.044

SHEN Jian, SHEN Jun, CHEN Xiaofeng, et al. An efficient public auditing protocol with novel dynamic structure for cloud data[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(10): 2402–2415. doi: 10.1109/TIFS.2017.2705620

YAN Xuewei, MA Hua, LIU Zhenhua, et al. Large universe revocable fine-grained encryption with public auditing [C]. International Conference on Broadband and Wireless Computing, Communication and Applications, Asan, Korea, 2016: 823–830. doi: https://doi.org/10.1007/978-3-319-49106-6_84.

王光波, 王建華. 基于屬性加密的云存儲方案研究[J]. 電子與信息學報, 2016, 38(11): 2931–2939. doi: 10.11999/JEIT160064

WANG Guangbo and WANG Jianhua. Research on cloud storage scheme with attribute-based encryption[J]. Journal of Electronics &Information Technology, 2016, 38(11): 2931–2939. doi: 10.11999/JEIT160064

相關(guān)文章

施引文獻

資源附件(0)

訪問統(tǒng)計