具有访问权限撤销的外包数据加密方案

doi:10.11772/j.issn.1001-9081.2016.01.0216

计算机应用 ›› 2016, Vol. 36 ›› Issue (1): 216-221.DOI: 10.11772/j.issn.1001-9081.2016.01.0216

具有访问权限撤销的外包数据加密方案

李程文, 王晓明

暨南大学信息科学技术学院, 广州 510632

收稿日期:2015-07-29 修回日期:2015-09-15 出版日期:2016-01-10 发布日期:2016-01-09
通讯作者: 王晓明(1960-),女,重庆人,教授,博士,主要研究方向:计算机网络安全、现代密码学
作者简介:李程文(1991-),男,重庆人,硕士研究生,主要研究方向:密码学、信息安全。
基金资助:
国家自然科学基金资助项目(61070164,61272415);广东省自然基金资助项目(S2012010008767);广东省科技计划项目(2013B010401015,2012B091000136)。

Outsourced data encryption scheme with access privilege revocation

LI Chengwen, WANG Xiaoming

College of Information Science and Technology, Jinan University, Guangzhou Guangdong 510632, China

Received:2015-07-29 Revised:2015-09-15 Online:2016-01-10 Published:2016-01-09
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61070164, 61272415), the Natural Science Foundation of Guangdong Province (S2012010008767) and the Science and Technology Planning Project of Guangdong Province (2013B010401015, 2012B091000136).

摘要/Abstract

摘要： 对Zhou等提出的方案(ZHOU M, MU Y, SUSILO W, et al. Privacy enhanced data outsourcing in the cloud. Journal of network and computer applications, 2012, 35(4): 1367-1373)进行分析,指出了该方案无法实现对用户访问权限进行撤销的问题。针对该方案的不足,提出一种具有撤销用户访问权限的外包数据加密方案。首先,把数据分成多个数据块并分别对每个数据块加密;其次,通过密钥导出的方法减少数据拥有者管理和保存密钥的数量;最后,对同一个加密数据构造多个解密密钥,实现对某些用户的访问权限撤销,而未被撤销用户无需进行密钥更新。与Zhou等的方案相比,所提方案不仅保持该方案中的外包数据隐私保护优点,而且还实现了用户访问权限的撤销。分析结果表明,在离散对数困难问题(DLP)假设下,所提方案是安全的。

关键词: 外包数据, 用户撤销, 数据加密, 密钥管理, 多解密密钥

Abstract: The scheme proposed by Zhou et al. (ZHOU M, MU Y, SUSILO W, et al. Privacy enhanced data outsourcing in the cloud. Journal of network and computer applications, 2012, 35(4): 1367-1373) was analyzed, and the shortcoming of no access privilege revocation was shown. To address the shortcoming, an outsourced data encryption scheme with revoking access privilege was proposed. Firstly, the data were divided into several data blocks, and each data block was encrypted separately. Secondly, with the key derivation method, the number of keys stored and managed by the data owner was reduced. Finally, multiple decryption keys were constructed on an encrypted data to revoke access privileges of some users, without affecting the legitimate users. Compared with Zhou's scheme, the proposed scheme not only maintains the advantage of privacy protection to the outsourced data in the scheme, but also realizes access privilege revocation for users. The analysis results show that the proposed scheme is secure under the assumption of the Discrete Logarithm Problem (DLP).

Key words: outsourced data, user revocation, data encryption, key management, multiple decryption key

中图分类号:

TP309.7

李程文, 王晓明. 具有访问权限撤销的外包数据加密方案[J]. 计算机应用, 2016, 36(1): 216-221.

LI Chengwen, WANG Xiaoming. Outsourced data encryption scheme with access privilege revocation[J]. Journal of Computer Applications, 2016, 36(1): 216-221.

参考文献

[1] ARMBRUST M, FOX A, GRIFFITH R, et al. A view of cloud computing [J]. Communications of the ACM, 2010, 53(4): 50-58.
[2] GHEMAWAT S, GOBIOFF H, LEUNG S-T. The Google file system [C]// Proceeding of the 19th ACM Symposium on Operating Systems Principles. New York: ACM, 2003: 29-43.
[3] MODI C, PATEL D, BORISANIYA B, et al. A survey on security issues and solutions at different layers of cloud computing [J]. The journal of supercomputing, 2013, 63(2): 561-592.
[4] 杨健,汪海航,王剑,等.云计算安全问题研究综述[J].小型微型计算机系统,2012,33(3):472-479.(YANG J, WANG H H, WANG J, et al. Survey on some security issues of cloud computing [J]. Journal of Chinese computer systems, 2012, 33(3): 472-479.)
[5] BHADAURIA R, CHAKI R, CHAKI N, et al. Security issues in cloud computing [J]. Acta technica corviniensis-bulletin of engineering, 2014, 7(4): 159.
[6] WANG W, LI Z, OWENS R, et al. Secure and efficient access to outsourced data [C]// Proceedings of the 2009 ACM Workshop on Cloud Computing Security. New York: ACM, 2009: 55-66.
[7] AGRAWAL R, KIERNAN J, BLUNDO C, et al. Efficient key management for enforcing access control in outsourced scenarios [C]// Proceedings of the IFIP International Conference on Information Security. Berlin: Springer, 2009: 364-375.
[8] ATALLAH M J, BLANTON M, FAZIO N, et al. Dynamic and efficient key management for access hierarchies [J]. ACM transactions on information and system security, 2009, 12(18): 1-43.
[9] WALLNER D, HARDER E, AGEE R, et al. Key management for multicast: issues and architectures, RFC 2627 [S]. [S.l.]: IETF, 1999.
[10] ZHOU M, MU Y, SUSILO W, et al. Privacy enhanced data outsourcing in the cloud [J]. Journal of network and computer applications, 2012, 35(4): 1367-1373.
[11] DAMIANI E, JAJODIA S, FORESTI S, et al. Key management for multi-user encrypted databases [C]// Proceedings of the 2005 ACM Workshop on Storage Security and Survivability. New York: ACM, 2005: 74-83.
[12] KALLAHALLA M, RIEDEL E, SWAMINATHAN R, et al. Plutus: scalable secure file sharing on untrusted storage [C]// Proceedings of the 2nd USENIX Conference on File and Storage Technologies. Berkeley, CA: USENIX Association, 2003: 29-42.
[13] GOH E J, SHACHAM H, MODADUGU N, et al. SiRiUS: securing remote untrusted storage [C]// Proceedings of the 2003 Symposium on Network and Distributed System Security. Reston, VA: The Internet Society, 2003: 131-145.
[14] VIMERCATI S, FORESTI S, JAJODIA S, et al. Over-encryption: management of access control evolution on outsourced data [C]// Proceedings of the 33rd International Conference on Very Large Data Bases. New York: ACM, 2007: 123-134.
[15] CHEN T, HUANG J. A novel key management scheme for dynamic access control in a user hierarchy [J]. Applied mathematics and computation, 2005, 162(1): 339-351.

具有访问权限撤销的外包数据加密方案

Outsourced data encryption scheme with access privilege revocation

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	张学旺, 殷梓杰, 冯家琦, 叶财金, 付康. 基于区块链与可信计算的数据交易方案[J]. 计算机应用, 2021, 41(4): 939-944.
[2]	柳玉东, 王绪安, 涂广升, 王涵. 全生命周期的云外包数据安全审计协议[J]. 计算机应用, 2019, 39(7): 1954-1958.
[3]	韩司, 郑宝昆, 曹奇敏. 基于逻辑密钥树的无线传感网络密钥管理方案[J]. 计算机应用, 2019, 39(5): 1378-1384.
[4]	周阳, 吴启武, 姜灵芝. 基于分布式路径计算单元的多域光网络组密钥管理方案[J]. 计算机应用, 2019, 39(4): 1095-1099.
[5]	白平, 张薇, 李聪, 王绪安. 支持用户撤销的可验证密文检索方案[J]. 计算机应用, 2018, 38(6): 1640-1643.
[6]	宋天煜, 杨庚. 面向密文数据库的中间件系统设计与实现[J]. 计算机应用, 2018, 38(12): 3450-3454.
[7]	曾小飞, 卢建朱, 王洁. 传感器节点相互协作的广播认证[J]. 计算机应用, 2016, 36(8): 2219-2224.
[8]	项文, 杨晓元, 吴立强. 理想格上可撤销的模糊身份加密方案[J]. 计算机应用, 2016, 36(10): 2733-2737.
[9]	王斌斌张妍琰张学林. 基于区域的无线传感器网络混合密钥管理方案[J]. 计算机应用, 2014, 34(1): 90-94.
[10]	罗文俊徐敏. 云环境下的基于属性和重加密的密钥管理[J]. 计算机应用, 2013, 33(10): 2832-2834.
[11]	许杰麻军平何虎. 基于VLIW DSP 加密与认证算法的实现[J]. 计算机应用, 2012, 32(06): 1650-1653.
[12]	张敏情付文华吴旭光. 基于组合设计和身份加密的分簇无线传感器网络密钥管理方案[J]. 计算机应用, 2012, 32(05): 1392-1396.
[13]	吴丘林李乔良. 基于对称平衡不完全区组设计的持续安全管理密钥预分配方案[J]. 计算机应用, 2012, 32(04): 960-963.
[14]	孙梅赵兵. 基于身份的Ad Hoc网密钥管理方案[J]. 计算机应用, 2012, 32(01): 104-106.
[15]	曹帅张串绒宋程远. 具有抗合谋攻击能力的自治愈群组密钥管理方案[J]. 计算机应用, 2011, 31(10): 2692-2693.