支持带权属性撤销的密文策略属性基加密方案

doi:10.11772/j.issn.1001-9081.2017.12.3423

计算机应用 ›› 2017, Vol. 37 ›› Issue (12): 3423-3429.DOI: 10.11772/j.issn.1001-9081.2017.12.3423

支持带权属性撤销的密文策略属性基加密方案

王经纬, 殷新春

扬州大学信息工程学院, 江苏扬州 225127

收稿日期:2017-06-13 修回日期:2017-07-30 出版日期:2017-12-10 发布日期:2017-12-18
通讯作者: 殷新春
作者简介:王经纬(1993-),男,江苏镇江人,硕士研究生,主要研究方向:密码学;殷新春(1962-),男,江苏姜堰人,教授,博士,CCF高级会员,主要研究方向:密码学、软件质量保障、高性能计算。
基金资助:
国家自然科学基金资助项目（61472343）。

Ciphertext policy attribute-based encryption scheme with weighted attribute revocation

WANG Jingwei, YIN Xinchun

School of Information Engineering, Yangzhou University, Yangzhou Jiangsu 225127, China

Received:2017-06-13 Revised:2017-07-30 Online:2017-12-10 Published:2017-12-18
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61472343).

摘要/Abstract

摘要： 针对目前大部分密文策略属性基加密（CP-ABE）方案都不支持属性的多状态表示，加密、解密阶段计算开销庞大的问题，提出一种支持带权属性撤销的CP-ABE方案（CPABEWAR）。一方面，通过引入带权属性的概念，增强了属性的表达能力；另一方面，为了降低计算开销，在保证数据安全的情况下将部分计算过程外包给云服务提供商（CSP）。分析结果表明，所提方案基于判定双线性DH （DBDH）假设是选择明文安全的（CPS）。所提方案以增加少量存储空间为代价简化了访问树结构，提高了系统效率和访问控制的灵活性，适合计算能力受限的云用户。

关键词: 属性基加密, 属性撤销, 访问控制, 判定双线性DH假设, 云存储

Abstract: Most of the existing Ciphertext-Policy Attribute-Based Encryption (CP-ABE) schemes cannot support multi-state representation of attributes, and the computation overhead of encryption and decryption phase is huge. In order to solve the problems, a CP-ABE scheme with Weighted Attribute Revocation (CPABEWAR) was proposed. On the one hand, the expression ability of attribute was improved by introducing the concept of weighted attribute. On the other hand, in order to reduce the computation cost, part calculation tasks were outsourced to Cloud Service Provider (CSP) under the premise of ensuring data securer. The analysis results show that, the proposed CPABEWAR is proved to be Chosen Plaintext Secure (CPS) under the Decisional Bilinear Diffie-Hellman (DBDH) assumption. The proposed scheme simplifies the access tree structure at the cost of a small amount of storage space and improves system efficiency and flexibility of access control, which is suitable for cloud users with limited computing power.

Key words: Attribute-Based Encryption (ABE), attribute revocation, access control, Decisional Bilinear Diffie-Hellman (DBDH) assumption, cloud storage

中图分类号:

TP309.7

王经纬, 殷新春. 支持带权属性撤销的密文策略属性基加密方案[J]. 计算机应用, 2017, 37(12): 3423-3429.

WANG Jingwei, YIN Xinchun. Ciphertext policy attribute-based encryption scheme with weighted attribute revocation[J]. Journal of Computer Applications, 2017, 37(12): 3423-3429.

参考文献

[1] NIST S P. A NIST definition of cloud computing[J]. Communications of the ACM, 2015, 53(6):50.
[2] WOOD T, RAMAKRISHNAN K K, SHENOY P, et al. CloudNet:dynamic pooling of cloud resources by live WAN migration of virtual machines[J]. IEEE/ACM Transactions on Networking, 2015, 23(5):1568-1583.
[3] CHOO K K R. Cloud computing:challenges and future directions[J]. Trends & Issues in Crime & Criminal Justice, 2010(400):1-6.
[4] ESPOSITO C, CASTIGLIONE A, MARTINI B, et al. Cloud manufacturing:security, privacy, and forensic concerns[J]. IEEE Cloud Computing, 2016, 3(4):16-22.
[5] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Proceedings of the 2005 Annual International Conference on the Theory and Applications of Cryptographic Techniques, LNCS 3494. Berlin:Springer, 2005:457-473.
[6] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security & Privacy. Piscataway, NJ:IEEE, 2007:321-334.
[7] GOVAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 200613th ACM Conference on Computer and Communications Security. New York:ACM, 2006:89-98.
[8] TOUATI L, CHALLAL Y. Batch-based CP-ABE with attribute revocation mechanism for the Internet of things[C]//Proceedings of the 2015 International Conference on Computing, Networking and Communications. Piacataway, NJ:IEEE, 2015:1044-1049.
[9] BOLDYREVA A, GOYAL V, KUMAR V. Identity-based encryption with efficient revocation[C]//Proceedings of the 200815th ACM Conference on Computer and Communications Security. New York:ACM, 2008:417-426.
[10] YU S, WANG C, REN K, et al. Attribute based data sharing with attribute revocation[C]//Proceedings of the 20105th ACM Symposium on Information, Computer and Communications Security. New York:ACM, 2010:261-270.
[11] TYSOWSKI P K, HASAN M A. Hybrid attribute-and re-encryption-based key management for secure and scalable mobile applications in clouds[J]. IEEE Transactions on Cloud Computing, 2013, 1(2):172-186.
[12] LI J G, YAO W, ZHANG Y C, et al. Flexible and fine-grained attribute-based data storage in cloud computing[J]. IEEE Transactions on Services Computing, 2017, 10(5):785-796.
[13] XU X L, ZHOU J L, WANG X H, et al. Multi-authority proxy re-encryption based on CPABE for cloud storage systems[J]. Journal of Systems Engineering and Electronics, 2016, 27(1):211-223.
[14] 闫玺玺,孟慧.支持直接撤销的密文策略属性基加密方案[J].通信学报,2016,37(5):44-50.(YAN X X, MENG H. Ciphertext policy attribute-based encryption scheme supporting direct revocation[J]. Journal on Communications, 2016, 37(5):44-50.)
[15] ZHANG Y H, CHEN X F, LI J, et al. Anonymous attribute-based encryption supporting efficient decryption test[C]//Proceedings of the 20138th ACM SIGSAC Symposium on Information, Computer and Communications Security. New York:ACM, 2013:511-516.
[16] LIU X M, MA J, XIONG J B, et al. Ciphertext-policy hierarchical attribute-based encryption for fine-grained access control of encryption data[J]. International Journal of Network Security, 2014, 16(6):437-443.
[17] WANG S L, LIANG K T, LIU J K, et al. Attribute-based data sharing scheme revisited in cloud computing[J]. IEEE Transactions on Information Forensics & Security, 2016, 11(8):1661-1673.
[18] XIE X X, MA H, LI J, et al. An efficient ciphertext-policy attribute-based access control towards revocation in cloud computing[J]. Journal of Universal Computer Science, 2013, 19(16):2349-2367.
[19] DAN B. The decision Diffie-Hellman problem[C]//Proceedings of the 19983rd International Symposium on Algorithmic Number Theory, LNCS 1423. London:Springer, 1998:48-63.

支持带权属性撤销的密文策略属性基加密方案

Ciphertext policy attribute-based encryption scheme with weighted attribute revocation

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	葛纪红, 沈韬. 基于区块链的能源数据访问控制方法[J]. 计算机应用, 2021, 41(9): 2615-2622.
[2]	陈家豪, 殷新春. 基于云雾计算的可追踪可撤销密文策略属性基加密方案[J]. 计算机应用, 2021, 41(6): 1611-1620.
[3]	葛丽娜, 胡雨谷, 张桂芬, 陈园园. 云计算环境基于客体属性匹配的逆向混合访问控制方案[J]. 计算机应用, 2021, 41(6): 1604-1610.
[4]	杜心雨, 王化群. LTE-A网络中基于动态组的有效的身份认证和密钥协商方案[J]. 计算机应用, 2021, 41(6): 1715-1722.
[5]	包玉龙, 朱雪阳, 张文辉, 孙鹏飞, 赵颖琪. 物联网应用中访问控制智能合约的形式化验证[J]. 计算机应用, 2021, 41(4): 930-938.
[6]	李秀艳, 刘明曦, 史闻博, 董国芳. 面向资源受限用户的高效动态数据审计方案[J]. 计算机应用, 2021, 41(2): 422-432.
[7]	庞晓琼, 杨婷, 陈文俊, 王云婷, 刘天野. 区块链环境下基于秘密共享的数字权限管理方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3257-3265.
[8]	李莉, 杨鸿飞, 董秀则. 基于身份多条件代理重加密的文件分级访问控制方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3251-3256.
[9]	郭丽峰, 王倩丽. 自适应安全的带关键字搜索的外包属性基加密方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3266-3273.
[10]	王海勇, 潘启青, 郭凯璇. 基于区块链和用户信用度的访问控制模型[J]. 计算机应用, 2020, 40(6): 1674-1679.
[11]	唐鑫, 周琳娜. 基于响应模糊化的抗附加块攻击云数据安全去重方法[J]. 计算机应用, 2020, 40(4): 1085-1090.
[12]	史锦山, 李茹, 松婷婷. 基于区块链的物联网访问控制框架[J]. 计算机应用, 2020, 40(4): 931-941.
[13]	付伟, 顾晨阳, 高强. 基于属性加密的多用户共享ORAM方案[J]. 计算机应用, 2020, 40(2): 497-502.
[14]	王海勇, 彭垚, 郭凯璇. 云存储中基于代理重加密的CP-ABE访问控制方案[J]. 计算机应用, 2019, 39(9): 2611-2616.
[15]	余卿斐, 涂广升, 李宁波, 周潭平. 多跳多策略属性基全同态加密方案[J]. 计算机应用, 2019, 39(8): 2326-2332.