基于授權(quán)的多服務(wù)器可搜索密文策略屬性基加密方案

張玉磊; 劉文靜; 劉祥震; 張永潔; 王彩芬

doi:10.11999/JEIT180944

基于授權(quán)的多服務(wù)器可搜索密文策略屬性基加密方案

doi: 10.11999/JEIT180944

1.
西北師范大學(xué)計(jì)算機(jī)科學(xué)與工程學(xué)院 ??蘭州 ??730070
2.
甘肅衛(wèi)生職業(yè)學(xué)院 ??蘭州 ??730070

基金項(xiàng)目: 國(guó)家自然科學(xué)基金(61163038, 61262056, 61262057)，甘肅省高等學(xué)?？蒲许?xiàng)目(2017A-003, 2018A-207)

詳細(xì)信息

作者簡(jiǎn)介:
張玉磊：男，1979年生，博士，副教授，研究方向?yàn)槊艽a學(xué)與信息安全

劉文靜：女，1994年生，碩士生，研究方向?yàn)槊艽a學(xué)與信息安全

劉祥震：男，1994年生，碩士生，研究方向?yàn)槊艽a學(xué)與信息安全

張永潔：女，1978年生，碩士，副教授，研究方向?yàn)槊艽a學(xué)與信息安全

王彩芬：女，1963年生，博士，教授，博士生導(dǎo)師，研究方向?yàn)槊艽a學(xué)與信息安全

通訊作者:
劉文靜　lwj19940212@qq.com

中圖分類號(hào): TP309
計(jì)量
- 文章訪問數(shù): 2161
- HTML全文瀏覽量: 723
- PDF下載量: 85
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2018-10-10
- 修回日期: 2019-01-19
- 網(wǎng)絡(luò)出版日期: 2019-02-18
- 刊出日期: 2019-08-01

Searchable Multi-server CP-ABE Scheme Based on Authorization

1.
College of Computer Science and Engineering, Northwest Normal University, Lanzhou 730070, China
2.
Gansu Health Vocational College, Lanzhou 730070, China

Funds: The National Natural Science Foundation of China (61163038, 61262056, 61262057), The Higher Educational Scientific Research Foundation of Gansu Province (2017A-003, 2018A-207)

摘要

摘要: 針對(duì)現(xiàn)有屬性基可搜索加密方案缺乏對(duì)云服務(wù)器授權(quán)的服務(wù)問題，該文提出一種基于授權(quán)的可搜索密文策略屬性基加密(CP-ABE)方案。方案通過云過濾服務(wù)器、云搜索服務(wù)器和云存儲(chǔ)服務(wù)器協(xié)同合作實(shí)現(xiàn)搜索服務(wù)。用戶可將生成的授權(quán)信息和陷門信息分別發(fā)送給云過濾服務(wù)器和云搜索服務(wù)器，在不解密密文的情況下，云過濾服務(wù)器可對(duì)所有密文進(jìn)行檢測(cè)。該方案利用多個(gè)屬性授權(quán)機(jī)構(gòu)，在保證數(shù)據(jù)機(jī)密性的前提下能進(jìn)行高效的細(xì)粒度訪問，解決數(shù)據(jù)用戶密鑰泄露問題，提高數(shù)據(jù)用戶對(duì)云端數(shù)據(jù)的檢索效率。通過安全性分析，證明方案在提供數(shù)據(jù)檢索服務(wù)的同時(shí)無(wú)法竊取數(shù)據(jù)用戶的敏感信息，且能夠有效地防止數(shù)據(jù)隱私的泄露。
- 云存儲(chǔ) /
- 授權(quán)服務(wù)器 /
- 可搜索加密 /
- 密文策略屬性基加密 /
- 多屬性授權(quán)機(jī)構(gòu)
Abstract: Considering that the existing attribute-based searchable encryption scheme lacks the authorization service to the cloud server, a multi-server searchable Ciphertext Polity Attribute Base Encryption (CP-ABE) scheme is proposed based on authorization. The scheme implements search services through a cloud filter server, cloud search server and cloud storage server cooperation mechanism. The users send the authorization information to the cloud filter server at once, then the server creates the authorization information; The cloud search server creates the trapdoor information based on the trapdoor information sent by the users. Without decrypting the cipher text, the cloud filter server can detect all the cipher texts. Multiple attribute authorities can be used to ensure efficient and fine-grained access under the premise of ensuring data confidentiality, solving the problem of leakage of data user keys. It can improve the data retrieval efficiency when people use the cloud server. Through security analysis, it is proved that the scheme can not steal sensitive information of data users while providing data retrieval services, and it can effectively prevent the leakage of data privacy.
- Cloud storage /
- Authorization server /
- Searchable encryption /
- Attribute-based cipher text policy encryption /
- Multi-attribute authority

HTML全文

圖 1 基于授權(quán)的可搜索CP-ABE模型

下載: 全尺寸圖片幻燈片

圖 2 加密算法及解密算法運(yùn)算開銷

下載: 全尺寸圖片幻燈片

表 1 不同方案功能對(duì)比

方案	支持細(xì)粒度訪問	中央授權(quán)機(jī)構(gòu)	屬性授權(quán)機(jī)構(gòu)	支持多服務(wù)器	支持授權(quán)服務(wù)器
文獻(xiàn)[16]	是	有	單	否	否
文獻(xiàn)[17]	否	無(wú)	無(wú)	是	否
本文方案	是	無(wú)	多	是	是

下載: 導(dǎo)出CSV

表 2 計(jì)算開銷表

方案	加密運(yùn)算量	陷門檢測(cè)運(yùn)算量	解密運(yùn)算量
文獻(xiàn)[16]	3+P(2n+5)E+(3n+3)M	4P+6E+6M	(n+5)P+(3n+3)E+(5n+4)M
本文方案	+P+(2n+1)E+(2n+1)M	①3+P+(4n+2)E+(4n+2)M②4+P+(8n+4)E+(2n+3)M	2+P+(2n+5)E+(n+1)M

下載: 導(dǎo)出CSV

參考文獻(xiàn)(18)

BONEH D, DI CRESCENZO G, OSTROVSKY R, et al. Public key encryption with keyword search[C]. International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2004: 506–522.

李經(jīng)緯, 賈春福, 劉哲理, 等. 可搜索加密技術(shù)研究綜述[J]. 軟件學(xué)報(bào), 2015, 26(1): 109–128. doi: 10.13328/j.cnki.jos.004700

LI Jingwei, JIA Chunfu, LIU Zheli, et al. Survey on the searchable encryption[J]. Journal of Software, 2015, 26(1): 109–128. doi: 10.13328/j.cnki.jos.004700

BAEK J, SAFAVI-NAINI R, and SUSILO W. On the integration of public key data encryption and public key encryption with keyword search[C]. The 9th International Conference on Information Security, Samos Island, Greece, 2006: 217–232. doi: 10.1007/11836810_16.

BAEK J, SAFAVI-NAINI R, and SUSILO W. Public key encryption with keyword search revisited[C]. Computational Science and Its Applications – ICCSA 2008, Berlin, Heidelberg, 2008: 1249–1259.

YANG Ce, ZHANG Weiming, XU Jun, et al. A fast privacy-preserving multi-keyword search scheme on cloud data[C]. 2012 International Conference on Cloud and Service Computing, Shanghai, China, 2012: 104–110.

王保民, 何智靈, 羅文俊. 基于云存儲(chǔ)的多用戶可搜索加密方案[J]. 信息網(wǎng)絡(luò)安全, 2013(12): 33–36.

WANG Baomin, HE Zhiling, and LUO Wenjun. An efficient scheme of multi-user searchable encryption with keyword in cloud storage[J]. Netinfo Security, 2013(12): 33–36.

張楠, 陳蘭香. 一種高效的支持排序的關(guān)鍵詞可搜索加密系統(tǒng)研究[J]. 信息網(wǎng)絡(luò)安全, 2017(2): 43–50. doi: 10.3969/j.issn.1671-1122.2017.02.007

ZHANG Nan and CHEN Lanxiang. Research on an efficient ranked keywords searchable encryption system[J]. Netinfo Security, 2017(2): 43–50. doi: 10.3969/j.issn.1671-1122.2017.02.007

SAHAI A and WATERS B. Fuzzy identity-based encryption[C]. The 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, 2005: 457–473.

WANG Hao, ZHENG Zhihua, WU Lei, et al. New directly revocable attribute-based encryption scheme and its application in cloud storage environment[J]. Cluster Computing, 2017, 20(3): 2385–2392. doi: 10.1007/s10586-016-0701-7

李雙, 徐茂智. 基于屬性的可搜索加密方案[J]. 計(jì)算機(jī)學(xué)報(bào), 2014, 37(5): 1017–1024.

LI Shuang and XU Maozhi. Attribute-based public encryption with keyword search[J]. Chinese Journal of Computers, 2014, 37(5): 1017–1024.

ZHENG Qingji, XU Shouhuai, and ATENIESE G. VABKS: Verifiable attribute-based keyword search over outsourced encrypted data[C]. 2014 IEEE Conference on Computer Communications, Toronto, Canada, 2014: 522–530. doi: 10.1109/INFOCOM.2014.6847976.

SUN Wenhai, YU Shucheng, LOU Wenjing, et al. Protecting your right: Verifiable attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud[J]. IEEE Transactions on Parallel and Distributed Systems, 2016, 27(4): 1187–1198. doi: 10.1109/TPDS.2014.2355202

IBRAIMI L, NIKOVA S, HARTEL P, et al. Public-key encryption with delegated search[C]. The 9th International Conference on Applied Cryptography and Network Security, Nerja, Spain, 2011: 532–549. doi: 10.1007/978-3-642-21554-4_31.

林鵬, 江頡, 陳鐵明. 云環(huán)境下關(guān)鍵詞搜索加密算法研究[J]. 通信學(xué)報(bào), 2015, 36(S1): 259–265.

LIN Peng, JIANG Jie, and CHEN Tieming. Application of keyword searchable encryption in cloud[J]. Journal on Communications, 2015, 36(S1): 259–265.

蘇航, 朱智強(qiáng), 孫磊. 移動(dòng)云存儲(chǔ)中基于屬性的搜索加密方案研究[J]. 計(jì)算機(jī)應(yīng)用研究, 2017, 34(12): 3753–3757, 3766. doi: 10.3969/j.issn.1001-3695.2017.12.053

SU Hang, ZHU Zhiqiang, and SUN Lei. Research on searchable attribute based encryption in mobile cloud storage[J]. Application Research of Computers, 2017, 34(12): 3753–3757, 3766. doi: 10.3969/j.issn.1001-3695.2017.12.053

伍祈應(yīng), 馬建峰, 苗銀賓, 等. 多數(shù)據(jù)擁有者認(rèn)證的密文檢索方案[J]. 通信學(xué)報(bào), 2017, 38(11): 161–170.

WU Qiying, MA Jianfeng, Miao Yinbin, et al. Multi-owner accredited keyword search over encrypted data[J]. Journal on Communications, 2017, 38(11): 161–170.

黃海平, 杜建澎, 戴華, 等. 一種基于云存儲(chǔ)的多服務(wù)器多關(guān)鍵詞可搜索加密方案[J]. 電子與信息學(xué)報(bào), 2017, 39(2): 389–396. doi: 10.11999/JEIT160338

HUANG Haiping, DU Jianpeng, DAI Hua, et al. Multi-sever multi-keyword searchable encryption scheme based on cloud storage[J]. Journal of Electronics &Information Technology, 2017, 39(2): 389–396. doi: 10.11999/JEIT160338

PBC Library. The pairing-based cryptography library[EB/OL]. http://crypto.stanford.edu/pbc/, 2010.

相關(guān)文章

施引文獻(xiàn)

資源附件(0)

訪問統(tǒng)計(jì)