计算机应用 ›› 2019, Vol. 39 ›› Issue (12): 3556-3562.DOI: 10.11772/j.issn.1001-9081.2019061019

• 网络空间安全 • 上一篇    下一篇

支持属性撤销的可验证外包的多授权属性加密方案

明洋, 何宝康   

  1. 长安大学 信息工程学院, 西安 710064
  • 收稿日期:2019-06-17 修回日期:2019-08-26 发布日期:2019-10-10 出版日期:2019-12-10
  • 作者简介:明洋(1979-),男,陕西西安人,教授,博士,主要研究方向:大数据安全、智能交通、无线网络安全;何宝康(1994-),男,河南三门峡人,硕士研究生,主要研究方向:云计算安全、车联网、属性加密。
  • 基金资助:
    陕西省自然科学基金资助项目(2018JM6081);中央高校基本科研业务费专项资金资助项目(300102249204)。

Attribute revocation and verifiable outsourcing supported multi-authority attribute-based encryption scheme

MING Yang, HE Baokang   

  1. School of Information Engineering, Chang'an University, Xi'an Shaanxi 710064, China
  • Received:2019-06-17 Revised:2019-08-26 Online:2019-10-10 Published:2019-12-10
  • Contact: 明洋
  • Supported by:
    This work is partially supported by the Natural Science Foundation of Shaanxi Province (2018JM6081), the Fundamental Research Funds for the Central Universities (300102249204).

摘要: 针对云存储中基于多授权属性加密(MA-ABE)访问控制方案存在数据使用者解密开销大,同时缺乏有效属性撤销的问题,提出了一种支持属性撤销的可验证外包的多授权属性加密方案。首先,利用可验证外包技术,降低数据使用者的解密开销,同时验证数据的完整性。然后,利用双线性映射保护访问策略,防止数据拥有者身份泄露。最后,利用每个属性的版本密钥实现立即的属性撤销。安全性分析表明所提方案在标准模型中判定性的q双线性Diffie-Hellman指数假设下是安全的,同时满足了前向安全性和抗合谋攻击。性能分析表明所提方案在功能性和计算开销两方面都具有较好的优势,因此所提方案更适用于云存储下多授权属性加密环境。

关键词: 云存储, 多授权, 可验证外包, 属性撤销, 策略隐藏

Abstract: Focusing on the large decryption overhead of the data user and the lack of effective attribute revocation of the Multi-Authority Attribute-Based Encryption (MA-ABE) access control scheme in cloud storage, an attribute revocation and verifiable outsourcing supported multi-authority attribute-based encryption scheme was proposed. Firstly, the data user's decryption overhead was markedly reduced and the integrity of the data was verified by using verifiable outsourcing technology. Then, the bilinear mapping was used to protect the access policy, preventing the identity of the data owner from leaking. Finally, the version key of each attribute was used to realize the immediate attribute revocation. The security analysis shows that the proposed scheme is safe under the decisional q-bilinear Diffie-Hellman exponent assumption in the standard model, achieves forward security and is able to resist collusion attack. The performance analysis shows that the proposed scheme has great advantages in terms of functionality and computational cost. Therefore, this scheme is more suitable for multi-authority attribute-based encryption environment in cloud storage.

Key words: cloud storage, multi-authority, verifiable outsourcing, attribute revocation, policy hiding

中图分类号: