混合云环境下基于属性的密文策略加密方案

doi:10.11772/j.issn.1001-9081.2016.07.1822

计算机应用 ›› 2016, Vol. 36 ›› Issue (7): 1822-1827.DOI: 10.11772/j.issn.1001-9081.2016.07.1822

混合云环境下基于属性的密文策略加密方案

陈亮, 杨庚, 屠袁飞

南京邮电大学计算机学院, 南京 210003

收稿日期:2015-12-24 修回日期:2016-03-30 出版日期:2016-07-10 发布日期:2016-07-14
通讯作者: 杨庚
作者简介:陈亮(1990-),男,江苏盐城人,硕士研究生,主要研究方向:网络与信息安全、访问控制、大数据隐私保护;杨庚(1961-),男,江苏建湖人,教授,博士,CCF高级会员,主要研究方向:网络与信息安全、分布与并行计算、大数据隐私保护;屠袁飞(1984-),男,江苏南京人,博士研究生,主要研究方向:数据隐私保护、访问控制。
基金资助:
国家自然科学基金资助项目（61272084）；国家自然科学基金面上项目（61572263）。

Ciphertext-policy attribute-based encryption scheme in hybrid clouds

CHEN Liang, YANG Geng, TU Yuanfei

College of Computer Science and Technology, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210003, China

Received:2015-12-24 Revised:2016-03-30 Online:2016-07-10 Published:2016-07-14
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61272084), the Surface Program of National Natural Science Foundation of China (61572263).

摘要/Abstract

摘要： 针对现有云存储的数据和访问控制的安全性不高，从而造成用户存储的敏感信息被盗取的现象，结合现有的基于密文策略属性加密（CP-ABE）方案和数据分割的思想，提出了一个基于混合云的高效数据隐私保护模型。首先根据用户数据的敏感程度将数据合理分割成不同敏感级别的数据块，将分割后的数据存储在不同的云平台上，再根据数据的安全级别，进行不同强度的加密技术进行数据加密。同时在敏感信息解密阶段采取“先匹配后解密”的方法，并对算法进行了优化，最后用户进行一个乘法运算解密得到明文。在公有云中对1 Gb数据进行对称加密，较单节点提高了效率一倍多。实验结果表明：该方案可以有效保护云存储用户的隐私数据，同时降低了系统的开销，提高了灵活性。

关键词: 访问控制, 混合云, 云存储, 数据分割, 属性, 敏感级别

Abstract: Focusing on inefficient data security and access control in the existed cloud storage, which results in sensitive information to be stolen, combined with the existed Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and data partition,an efficient data privacy protection model based on the hybrid cloud was proposed. First of all, according to the data sensitive degree, the data were divided into data blocks based on different sensitivity levels, and then data blocks were stored on different cloud platforms. According to the security level of the data, data were encrypted by using the different intensity encryption technologies. At the same time, the scheme of "first match after decryption" was adopted in the decryption stage and the algorithm was optimized. Finally, user decrypted ciphertext by the multiplication. Compared with the single node algorithm, for encrypting 1 Gb data, the efficiency of symmetric encryption algorithm more than doubled in the public clouds. The experimental results show that the proposed scheme can protect the privacy data of cloud storage user, reduces the system cost and improves the system flexibility.

Key words: access control, hybrid cloud, cloud storage, data partition, attribution, sensitivity level

中图分类号:

TP309.2

陈亮, 杨庚, 屠袁飞. 混合云环境下基于属性的密文策略加密方案[J]. 计算机应用, 2016, 36(7): 1822-1827.

CHEN Liang, YANG Geng, TU Yuanfei. Ciphertext-policy attribute-based encryption scheme in hybrid clouds[J]. Journal of Computer Applications, 2016, 36(7): 1822-1827.

参考文献

[1] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//EUROCRYPT'05:Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2005:457-473.
[2] GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//CCS'06:Proceedings of the 13th ACM Conference on Computer and Communications Security. New York:ACM, 2006:89-98.
[3] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy at-tribute-based encryption[C]//SP'07:Proceedings of the 2007 IEEE Symposium on Security and Privacy. Washington, DC:IEEE Computer Society, 2007:321-334.
[4] 徐小龙,周静岚,杨庚.一种基于数据分割与分级的云存储数据隐私保护机制[J].计算机科学,2013,40(2):98-102.(XU X L, ZHOU J L, YANG G. Data privacy protection mechanism for cloud storage based on data partition and classification[J]. Computer Science, 2013, 40(2):98-102.)
[5] SHAMIR A. Identity-based cryptosystems and signature schemes[C]//Proceedings of CRYPTO 84 on Advances in Cryptology. Berlin:Springer, 1985:47-53.
[6] NISHIDE T, YONEYAMA K, OHTA K. Attribute-based encryption with partially hidden ciphertext policies[J]. IEICE Transactions on Fundamentals of Electronics Communications & Computer Sciences, 2009, 92-A(1):22-32.
[7] CHASE M. Multi-authority attribute based encryption[C]//TCC 2007:Proceedings of the 4th Theory of Cryptography Conference on Theory of Cryptography. Berlin:Springer, 2007:515-534.
[8] YU S, REN K, LOU W. Attribute-based content distribution with hidden policy[C]//NPSec 2008:Proceedings of the 20084th Workshop on Secure Network Protocols. Piscataway, NJ:IEEE, 2008:39-44.
[9] MVLLER S, KATZENBEISSER S. Hiding the policy in crypto-graphic access control[C]//STM 2011:Proceedings of the 7th International Workshop on Security and Trust Management. Berlin:Springer, 2012:90-105.
[10] BALU A, KUPPUSAMY K. An expressive and provably secure ciphertext-policy attribute-based encryption[J]. Information Sciences, 2014, 276(4):354-362.
[11] ZHANG Y, CHEN X, LI J, et al. Anonymous attribute-based encryption supporting efficient decryption test[C]//ASIA CCS'13:Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer And Communications Security. New York:ACM, 2013:511-516.
[12] HUANG X Z, LIU J Q, HAN Z, et al. Privacy beyond sensitive values[J]. Science China Information Sciences, 2015, 58(7):1-15.
[13] 付雅丹,杨庚,胡持,等.基于MapReduce的并行AES加密算法[J].计算机应用,2015, 35(11):3079-3082.(FU Y D,YANG G, HU C, et al. Parallel algorithm for AES encryption on MapReduce[J]. Journal of Computer Applications, 2015, 35(11):3079-3082.)
[14] ANGELO D C. Pairing-based cryptography library[EB/OL].[2015-12-14]. https://crypto.stanford.edu/pbc/.
[15] NISHIDE T, YONEYAMA K, OHTA K. Attribute-based encryption with partially hidden encryptor-specified access structures[C]//ACNS 2008:Proceedings of the 6th International Conference on Applied Cryptography and Network Security. Berlin:Springer, 2008:111-129.

混合云环境下基于属性的密文策略加密方案

Ciphertext-policy attribute-based encryption scheme in hybrid clouds

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	陈恒恒, 倪志伟, 朱旭辉, 金媛媛, 陈千. 基于聚类分析的差分隐私高维数据发布方法[J]. 计算机应用, 2021, 41(9): 2578-2585.
[2]	葛纪红, 沈韬. 基于区块链的能源数据访问控制方法[J]. 计算机应用, 2021, 41(9): 2615-2622.
[3]	赵小虎, 李晓. 基于多特征提取的图像语义描述算法[J]. 计算机应用, 2021, 41(6): 1640-1646.
[4]	陈家豪, 殷新春. 基于云雾计算的可追踪可撤销密文策略属性基加密方案[J]. 计算机应用, 2021, 41(6): 1611-1620.
[5]	葛丽娜, 胡雨谷, 张桂芬, 陈园园. 云计算环境基于客体属性匹配的逆向混合访问控制方案[J]. 计算机应用, 2021, 41(6): 1604-1610.
[6]	杜心雨, 王化群. LTE-A网络中基于动态组的有效的身份认证和密钥协商方案[J]. 计算机应用, 2021, 41(6): 1715-1722.
[7]	包玉龙, 朱雪阳, 张文辉, 孙鹏飞, 赵颖琪. 物联网应用中访问控制智能合约的形式化验证[J]. 计算机应用, 2021, 41(4): 930-938.
[8]	樊玮, 王慧敏, 邢艳. 基于自编码器的多视图属性网络表示学习模型[J]. 计算机应用, 2021, 41(4): 1064-1070.
[9]	吴锐, 刘宇, 冯凯. 基于双域自注意力机制的行人属性识别[J]. 计算机应用, 2021, 41(2): 372-378.
[10]	李秀艳, 刘明曦, 史闻博, 董国芳. 面向资源受限用户的高效动态数据审计方案[J]. 计算机应用, 2021, 41(2): 422-432.
[11]	郭丽峰, 王倩丽. 自适应安全的带关键字搜索的外包属性基加密方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3266-3273.
[12]	庞晓琼, 杨婷, 陈文俊, 王云婷, 刘天野. 区块链环境下基于秘密共享的数字权限管理方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3257-3265.
[13]	李莉, 杨鸿飞, 董秀则. 基于身份多条件代理重加密的文件分级访问控制方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3251-3256.
[14]	张志浩, 林耀进, 卢舜, 郭晨, 王晨曦. 缺失标记下基于类属属性的多标记特征选择[J]. 计算机应用, 2021, 41(10): 2849-2857.
[15]	杨云龙, 孙建强, 宋国超. 基于门控循环单元和胶囊特征的文本情感分析[J]. 计算机应用, 2020, 40(9): 2531-2535.