基于密文策略属性加密体制的匿名云存储隐私保护方案

doi:10.11772/j.issn.1001-9081.2015.06.1573

计算机应用 ›› 2015, Vol. 35 ›› Issue (6): 1573-1579.DOI: 10.11772/j.issn.1001-9081.2015.06.1573

基于密文策略属性加密体制的匿名云存储隐私保护方案

徐潜, 谭成翔

同济大学电子与信息工程学院, 上海 201804

收稿日期:2014-12-24 修回日期:2015-03-09 发布日期:2015-06-12
通讯作者: 徐潜(1986-),男,黑龙江哈尔滨人,博士研究生,主要研究方向:移动网络隐私保护、安全云存储;1062842783@qq.com
作者简介:谭成翔(1965-),男,湖北红安人,教授,博士生导师,主要研究方向:网络安全、分布式计算。

Anonymous privacy-preserving scheme for cloud storage based on CP_ABE

XU Qian, TAN Chengxiang

College of Electrical and Information Engineering, Tongji University, Shanghai 201804, China

Received:2014-12-24 Revised:2015-03-09 Published:2015-06-12

摘要/Abstract

摘要：

针对云存储中数据机密性问题,为解决密钥泄漏与属性撤销问题,从数据的机密性存储以及访问的不可区分性两个方面设计了基于密文策略属性加密体制(CP_ABE)的匿名云存储隐私保护方案。提出了关于密钥泄漏的前向安全的不可逆密钥更新算法;在层次化用户组以及改进的Subset-Difference算法基础上,利用云端数据重加密算法实现属性的细粒度撤销;基于同态加密算法实现k匿名l多样性数据请求,隐藏用户潜在兴趣,并在数据应答中插入数据的二次加密,满足关于密钥泄漏的后向安全。在标准安全模型下,基于l阶双线性Diffie-Hellman(判定性l-BDHE)假设给出所提出方案的选择性安全证明,并分别从计算开销、密钥长度以及安全性等方面验证了方案的性能优势。

关键词: 密文策略基于属性加密体制, 可证明安全, 重加密, 密钥泄漏, 属性撤销

Abstract:

In order to solve the confidentiality issues such as key exposure and attribute revocation of data stored in cloud server, an advanced anonymous privacy-preserving scheme based on Ciphertext-Policy Attributed-Based Encryption (CP_ABE) was proposed by considering confidentiality of data storage and indistinguishability of access. First, the scheme constructed a forward-secure irreversible key-update algorithm to solve key exposure. On the basis of the classified user-group and the advanced Subset-Difference algorithm, fine-grained attribute revocation was implemented with the help of cloud data re-encryption algorithm. The potential interests of user would be concealed when k-anonymity l-diversity data request was introduced based on the homomorphic encryption algorithm. The backward-security of key exposure was realized on the basis of secondary encryption inserted in data response. Under the l-Bilinear Diffie-Hellman Exponent Problem (l-BDHE) assumption, selective security of the proposed scheme was proved in the standard model. The performance advantage of the proposed scheme was demonstrated respectively in terms of efficiency, key length and security.

Key words: Ciphertext-Policy Attributed-Based Encryption (CP_ABE), provable security, re-encryption, key exposure, attribute revocation

中图分类号:

TP309

徐潜, 谭成翔. 基于密文策略属性加密体制的匿名云存储隐私保护方案[J]. 计算机应用, 2015, 35(6): 1573-1579.

XU Qian, TAN Chengxiang. Anonymous privacy-preserving scheme for cloud storage based on CP_ABE[J]. Journal of Computer Applications, 2015, 35(6): 1573-1579.

参考文献

[1] SAHAI A, WATERS B. Fuzzy identity based encryption [C]//Proceedings of 2005 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer-Verlag, 2005: 457-473.
[2] GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data [C]//Proceedings of the 13th ACM Conference on Computer and Communications Security. New York: ACM, 2006: 89-98.
[3] TANG Y, LEE P, LIU J, et al. Secure overlay cloud storage with access control and assured deletion [J]. IEEE Transactions on Dependable and Secure Computing, 2012, 9(6):903-916.
[4] HONG C, ZHANG M, FENG D. AB-ACCS: a cryptographic access control scheme for cloud storage [J]. Journal of Computer Research and Development, 2010, 47(Z1): 259-265.(洪澄, 张敏, 冯登国.AB-ACCS:一种云存储密文访问控制方法[J].计算机研究与发展, 2010, 47(Z1):259-265.)
[5] HONG C, ZHANG M, FENG D. Achieving efficient dynamic cryptographic access control in cloud storage [J]. Journal on Communications, 2011, 32(7): 125-132.(洪澄, 张敏, 冯登国.面向云存储的高效动态密文访问控制方法[J].通信学报, 2011, 32(7):125-132.)
[6] WEI J, LIU W, HU X. Forward-secure ciphertext-policy attribute-based encryption scheme [J]. Journal on Communications, 2014, 35(7): 38-45.(魏江宏, 刘文芬, 胡学先.前向安全的密文策略基于属性加密方案[J].通信学报, 2014, 35(7):38-45.)
[7] WANG P, FENG D, ZHANG L. CP-ABE scheme supporting fully fine-grained attribute revocation [J]. Journal of Software, 2012, 23(10): 2805-2816.(王鹏翩, 冯登国, 张立武.一种支持完全细粒度属性撤销的CP-ABE方案[J].软件学报, 2012, 23(10):2805-2816.)
[8] YU S, WANG C, REN K, et al. Achieving secure, scalable and fine-grained data access control in cloud computing [C]//Proceedings of the 2010 INFOCOM. Piscataway: IEEE, 2010: 1-9.
[9] HUR J, NOH D K. Attribute-based access control with efficient revocation in data outsourcing systems [J]. IEEE Transactions on Parallel and Distributed Systems, 2011, 22(7): 1214-1221.
[10] ATTRAPADUNG N, IMAI H. Conjunctive broadcast and attribute-based encryption [C]//Proceedings of the Third International Conference on Pairing-Based Cryptography — Pairing 2009, LNCS 5671. Berlin: Springer, 2009: 248-265
[11] WAN Z, LIU J, DENG R H. HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing [J]. IEEE Transactions on Information Forensics and Security, 2012, 7(2): 743-754.
[12] SAHAI A, SEYALIOGLU H, WATERS B, et al. Dynamic credentials and ciphertext delegation for attribute-based encryption [C]//Proceedings of the 32nd Annual Cryptology Conference on Advances in Cryptology — CRYPTO 2012, LNCS 7417. Berlin: Springer, 2012: 199-217.
[13] LU R, LIN X, SHI Z, et al. PLAM: A privacy-preserving framework for local-area mobile social networks [C]//Proceedings of the INFOCOM 2014. Piscataway: IEEE, 2014: 763-771.
[14] NAOR D, NAOR M, LOTSPIECH J. Revocation and tracing schemes for stateless receivers [C]//Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology — CRYPTO 2001, LNCS 2139. Berlin: Springer, 2001: 41-62.

[1]	谷正川, 郭渊博, 方晨. 基于代理重加密的消息队列遥测传输协议端到端安全解决方案[J]. 计算机应用, 2021, 41(5): 1378-1385.
[2]	张利华, 王欣怡, 胡方舟, 黄阳, 白甲义. 基于双联盟链的智能电网数据共享模型[J]. 计算机应用, 2021, 41(4): 963-969.
[3]	李莉, 杨鸿飞, 董秀则. 基于身份多条件代理重加密的文件分级访问控制方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3251-3256.
[4]	罗文俊, 闻胜莲, 程雨. 基于区块链的电子医疗病历共享方案[J]. 计算机应用, 2020, 40(1): 157-161.
[5]	王海勇, 彭垚, 郭凯璇. 云存储中基于代理重加密的CP-ABE访问控制方案[J]. 计算机应用, 2019, 39(9): 2611-2616.
[6]	柳玉东, 王绪安, 涂广升, 王涵. 全生命周期的云外包数据安全审计协议[J]. 计算机应用, 2019, 39(7): 1954-1958.
[7]	明洋, 何宝康. 支持属性撤销的可验证外包的多授权属性加密方案[J]. 计算机应用, 2019, 39(12): 3556-3562.
[8]	张恩, 金刚刚. 基于同态加密和Bloom过滤器的云外包多方隐私集合比较协议[J]. 计算机应用, 2018, 38(8): 2256-2260.
[9]	王建平, 张敏情, 李天雪, 马双棚. 基于码分多址复用的双重加密可逆信息隐藏[J]. 计算机应用, 2018, 38(4): 1023-1028.
[10]	王经纬, 殷新春. 支持带权属性撤销的密文策略属性基加密方案[J]. 计算机应用, 2017, 37(12): 3423-3429.
[11]	郝伟, 杨晓元, 王绪安, 吴立强. 条件型非对称跨加密系统的代理重加密方案[J]. 计算机应用, 2016, 36(9): 2452-2458.
[12]	刘明烨, 韩益亮, 杨晓元. 基于低密度生成矩阵码的签密方案[J]. 计算机应用, 2016, 36(9): 2459-2464.
[13]	郝伟, 杨晓元, 王绪安, 张英男, 吴立强. 适用于移动用户高效访问外包数据的非对称代理重加密方案[J]. 计算机应用, 2016, 36(8): 2225-2230.
[14]	蔡孟飞, 何倩, 程东生, 王士成. 面向移动云存储的属性基解密服务中间件[J]. 计算机应用, 2016, 36(7): 1828-1833.
[15]	徐海琳, 陈莺, 陆阳. 高效无双线性对的基于证书代理重加密方案[J]. 计算机应用, 2016, 36(5): 1250-1256.

基于密文策略属性加密体制的匿名云存储隐私保护方案

Anonymous privacy-preserving scheme for cloud storage based on CP_ABE

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics