面向移动云存储的属性基解密服务中间件

doi:10.11772/j.issn.1001-9081.2016.07.1828

计算机应用 ›› 2016, Vol. 36 ›› Issue (7): 1828-1833.DOI: 10.11772/j.issn.1001-9081.2016.07.1828

面向移动云存储的属性基解密服务中间件

蔡孟飞^1,2, 何倩¹, 程东生¹, 王士成²

1. 桂林电子科技大学认知无线电与信息处理教育部重点实验室, 广西桂林 541004;
2. 中国电子科技集团公司航天信息应用技术重点实验室, 石家庄 050081

收稿日期:2015-12-24 修回日期:2016-03-08 出版日期:2016-07-10 发布日期:2016-07-14
通讯作者: 何倩
作者简介:蔡孟飞(1990-),男,河南漯河人,硕士研究生,主要研究方向:云计算、信息安全;何倩(1979-),男,湖南郴州人,教授,博士,CCF会员,主要研究方向:分布式计算、信息安全;程东生(1990-),男,山东潍坊人,硕士研究生,主要研究方向:移动互联网;王士成(1976-),男,河北保定人,研究员,硕士,主要研究方向:航天信息系统。
基金资助:
国家自然科学基金资助项目（61201250，61163057，61163058）；广西自动检测技术与仪器重点实验室主任基金资助项目（YQ15102）；云计算与复杂系统高校重点实验室基金资助项目（14102）；中国电子科技集团公司航天信息应用技术重点实验室开放基金资助项目。

Mobile cloud storage-oriented attribute based decryption service middleware

CAI Mengfei^1,2, HE Qian¹, CHEN Dongsheng¹, WANG Shicheng²

1. Key Laboratory of Cognitive Radio and Information Processing of Ministry of Education, Guilin University of Electronic Technology, Guilin Guangxi 541004, China;
2. Key Laboratory of Aerospace Information Applications, China Electronics Technology Group Corporation, Shijiazhuang Hebei 050081, China

Received:2015-12-24 Revised:2016-03-08 Online:2016-07-10 Published:2016-07-14
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61201250, 61163057, 61163058), Guangxi Key Laboratory Foundation of Automatic Detection Technology and Instrument (YQ15102), Key Laboratory Foundation of Cloud Computing and Complex Systems (14102), Key Laboratory Foundation of Space Information Application Technology of China Electronics Technology Group Corporation.

摘要/Abstract

摘要： 属性基加密（ABE）算法支持对云端数据的细粒度访问控制。针对属性基解密计算复杂度高，难以在资源受限的移动终端上实现的问题，提出并实现了一种面向移动云存储的属性基解密服务中间件。在保证密文信息不被中间件获取的前提下，中间件为移动终端代理属性基解密服务，实现了基于树形结构的线性秘密共享（LSSS）矩阵求解，降低了终端的计算与通信开销，提高了解密速度；属性权威可以在不需要用户参与的条件下，即时、细粒度地撤销用户属性；所有接口均使用Restful服务，保证了通用性。实验结果表明，属性基解密服务中间件提高移动设备解密性能近30倍，具备较好的并发性能，属性撤销具有实用性。

关键词: 属性基加密, 数据外包, 移动云存储, 服务中间件, 属性撤销

Abstract: The Attribute Based Encryption (ABE) algorithm can support fine grained access control for cloud data. Concerning the problems that the ABE decryption has huge complexity and is difficult to realize on resource constrained mobile device, a mobile cloud storage-oriented attribute based decryption service middleware was proposed and realized. Without getting the information about the encrypted data, the middleware could delegate the ABE decryption service, a tree-based Linear Secret Sharing Scheme (LSSS) matrix solution was realized, and so the computation and communication cost of the mobile terminal were decreased. Accordingly, the decryption speed was improved. The attribute authority could revoke the user attributes through this middleware instantly with fine-grained control without involving any users. All the services were defined as Restful interface and then the generality of the middleware was ensured. The experimental results show that the middleware improves attribute based decryption performance nearly 30 times, and it has good parallel performance and practical attribute revoking capability.

Key words: Attribute Based Encryption (ABE), data outsourcing, mobile cloud storage, service middleware, attribute revocation

中图分类号:

蔡孟飞, 何倩, 程东生, 王士成. 面向移动云存储的属性基解密服务中间件[J]. 计算机应用, 2016, 36(7): 1828-1833.

CAI Mengfei, HE Qian, CHEN Dongsheng, WANG Shicheng. Mobile cloud storage-oriented attribute based decryption service middleware[J]. Journal of Computer Applications, 2016, 36(7): 1828-1833.

参考文献

[1] 中国互联网信息中心.第34次中国互联网络发展状况统计报告[J].互联网天地,2014(7):71-89.(China Internet Network Information Center. The 34th accounting reports of the development situation of China Internet[J]. China Internet, 2014(7):71-89.)
[2] 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(01):71-83.(FENG D G, ZHANG M, ZHANG Y, et al. Study on cloud computing security[J]. Journal of Software, 2011, 22(1):71-83.)
[3] GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security. New York:ACM, 2006:89-98.
[4] HORVáTH M. Attribute-based encryption optimized for cloud computing[J]. Infocommunications Journal, 2015, 7(2):1-9.
[5] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C]//SP 2007:Proceedings of the 2007 IEEE Symposium on Security and Privacy. Washington, DC:IEEE Computer Society, 2007:321-334.
[6] WATERS B. Ciphertext-policy attribute-based encryption:an ex-pressive, efficient, and provably secure realization[C]//PKC 2011:Proceedings of the 14th International Conference on Practice and Theory in Public Key Cryptography, LNCS 6751. Berlin:Springer, 2011:53-57.
[7] 王于丁,杨家海,徐聪,等.云计算访问控制技术研究综述[J].软件学报,2015,26(5):1129-1150.(WANG Y D,YANG J H, XU C, et al. Survey on access control technologies for cloud computing[J]. Journal of Software, 2015, 25(5):1129-1150.)
[8] 苏金树,曹丹,王小峰,等.属性基加密机制[J].软件学报,2011,22(6):1299-1315.(SU J S, CAO D, WANG X F, et al. Attribute-based encryption schemes[J]. Journal of Software, 2011, 22(6):1299-1315.)
[9] PIRRETTI M, TRAYNOR P, MCDANIEL P, et al. Secure attribute-based systems[J]. Journal of Computer Security, 2010, 18(5):799-837.
[10] ASIM M, LUAN I, PETKOVIC M. Ciphertext-policy attribute-based broadcast encryption scheme[C]//Communications and Multimedia Security:Proceedings of the 12th IFIP TC 6/TC 11 International Conference on Communications and Multimedia Security, LNCS 7025. Berlin:Springer, 2011:244-246.
[11] 王鹏翩,冯登国,张立武.一种支持完全细粒度属性撤销的CP-ABE方案[J].软件学报,2012,23(10):2805-2816.(WANG P P,FENG D G, ZHANG L W. CP-ABE scheme supporting fully fine-grained attribute revocation[J]. Journal of Software, 2012, 23(10):2805-2816.)
[12] BELQASMI F, GLITHO R, FU C. RESTful Web services for service provisioning in next generation networks:a survey[J]. IEEE Communications Magazine, 2011, 49(12):66-73.
[13] 李勇,曾振宇,张晓菲.支持属性撤销的外包解密方案[J].清华大学学报(自然科学版),2013,53(12):1664-1669.(LI Y, ZENG Z Y, ZHANG X F. Outsourced decryption scheme supporting attribute revocation[J]. Journal of Tsinghua University (Science and Technology), 2013, 53(12):1664-1669.)

[1]	陈家豪, 殷新春. 基于云雾计算的可追踪可撤销密文策略属性基加密方案[J]. 计算机应用, 2021, 41(6): 1611-1620.
[2]	庞晓琼, 杨婷, 陈文俊, 王云婷, 刘天野. 区块链环境下基于秘密共享的数字权限管理方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3257-3265.
[3]	郭丽峰, 王倩丽. 自适应安全的带关键字搜索的外包属性基加密方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3266-3273.
[4]	余卿斐, 涂广升, 李宁波, 周潭平. 多跳多策略属性基全同态加密方案[J]. 计算机应用, 2019, 39(8): 2326-2332.
[5]	明洋, 何宝康. 支持属性撤销的可验证外包的多授权属性加密方案[J]. 计算机应用, 2019, 39(12): 3556-3562.
[6]	李聪, 杨晓元, 白平, 王绪安. 可追责和完全可验证外包解密CP-ABE方案[J]. 计算机应用, 2018, 38(8): 2249-2255.
[7]	江炳城, 何倩, 陈亦婷, 刘鹏. 面向云数据库的属性基加密和查询转换中间件[J]. 计算机应用, 2018, 38(8): 2280-2286.
[8]	李聪, 杨晓元, 王绪安. 基于扩展属性基功能加密的有效外包计算[J]. 计算机应用, 2018, 38(6): 1633-1639.
[9]	刘荣, 潘洪志, 刘波, 祖婷, 方群, 何昕, 王杨. 基于密文策略属性基加密算法的云存储数据更新方法[J]. 计算机应用, 2018, 38(2): 348-351.
[10]	李琦, 熊金波, 黄利智, 王煊, 毛启铭, 姚岚午. 智慧健康中基于属性的访问控制方案[J]. 计算机应用, 2018, 38(12): 3471-3475.
[11]	陈丹伟, 杨晟. 基于动态信用等级的密文访问控制方案[J]. 计算机应用, 2017, 37(6): 1587-1592.
[12]	王经纬, 殷新春. 支持带权属性撤销的密文策略属性基加密方案[J]. 计算机应用, 2017, 37(12): 3423-3429.
[13]	李聪, 杨晓元, 王绪安, 白平. 固定密文长度的可验证属性基外包解密方案[J]. 计算机应用, 2017, 37(11): 3299-3303.
[14]	陈建, 沈潇军, 姚一杨, 邢雅菲, 琚小明. 基于密文策略属性基加密系统访问机制的缓存替换策略[J]. 计算机应用, 2017, 37(10): 2964-2967.
[15]	徐潜, 谭成翔. 基于密文策略属性加密体制的匿名云存储隐私保护方案[J]. 计算机应用, 2015, 35(6): 1573-1579.

面向移动云存储的属性基解密服务中间件

Mobile cloud storage-oriented attribute based decryption service middleware

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics