云存储中基于代理重加密的CP-ABE访问控制方案

doi:10.11772/j.issn.1001-9081.2019020356

计算机应用 ›› 2019, Vol. 39 ›› Issue (9): 2611-2616.DOI: 10.11772/j.issn.1001-9081.2019020356

云存储中基于代理重加密的CP-ABE访问控制方案

王海勇¹, 彭垚², 郭凯璇²

1. 南京邮电大学计算机学院, 南京 210023;
2. 南京邮电大学物联网学院, 南京 210003

收稿日期:2019-03-05 修回日期:2019-04-10 出版日期:2019-09-10 发布日期:2019-06-17
通讯作者: 王海勇
作者简介:王海勇(1979-),男,江苏连云港人,副研究员,博士,CCF会员,主要研究方向:计算机网络与安全、信息网络;彭垚(1993-),男,贵州黔西人,硕士研究生,主要研究方向:计算机网络与安全、云计算;郭凯璇(1991-),女,山东枣庄人,硕士研究生,主要研究方向:区块链、共识算法、物联网。
基金资助:
国家自然科学基金面上项目（GZ215045）；江苏省教育信息化研究资助项目（20172105）；南京邮电大学教学研究改革项目（JG06717JX66）。

CP-ABE access control scheme based on proxy re-encryption in cloud storage

WANG Haiyong¹, PENG Yao², GUO Kaixuan²

1. College of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210023, China;
2. College of Internet of Things, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210003, China

Received:2019-03-05 Revised:2019-04-10 Online:2019-09-10 Published:2019-06-17
Supported by:
This work is partially supported by the National Natural Science Foundation of China (GZ215045), the Education Informatization Research Project of Jiangsu Province (20172105), the Teaching Reform Project of Nanjing University of Posts and Telecommunications (JG06717JX66).

摘要/Abstract

摘要：

针对云存储中基于密文策略的属性加密（CP-ABE）访问控制方案存在用户解密开销较大的问题，提出了一种基于代理重加密的CP-ABE （CP-ABE-BPRE）方案，并对密钥的生成方法进行了改进。此方案包含五个组成部分，分别是可信任密钥授权、数据属主、云服务提供商、代理解密服务器和数据访问者，其中云服务器对数据进行重加密，代理解密服务器完成大部分的解密计算。方案能够有效地降低用户的解密开销，在保证数据细粒度访问控制的同时还支持用户属性的直接撤销，并解决了传统CP-ABE方案中因用户私钥被非法盗取带来的数据泄露问题。与其他CP-ABE方案比较，此方案对访问云数据的用户在解密性能方面具有较好的优势。

关键词: 云存储, 属性加密, 代理重加密, 访问控制, 可信任密钥

Abstract:

Focused on the large user's decryption overhead of the Ciphertext Policy Attribute-Based Encryption (CP-ABE) access control scheme in cloud storage, a CP-ABE Access Control Scheme Based on Proxy Re-Encryption (CP-ABE-BPRE) was proposed, and the key generation method was improved. Five components were included in this scheme:trusted key authority, data owner, cloud service provider, proxy decryption server and data visitor. The cloud server re-encrypted the data, and the proxy decryption server performed most of the decryption calculation. The proposed scheme reduces the user's decryption overhead effectively,and solves the data leakage problem caused by illegal stealing of the user's private key in the traditional CP-ABE scheme, and the direct revocation of user attributes is provided while the fine-grained access control is ensured in the scheme. A comparison with other CP-ABE schemes demonstrates that this scheme has better decryption performance for users when accessing cloud data.

Key words: cloud storage, attribute-based encryption, proxy re-encryption, access control, trusted key

中图分类号:

TP302.1

王海勇, 彭垚, 郭凯璇. 云存储中基于代理重加密的CP-ABE访问控制方案[J]. 计算机应用, 2019, 39(9): 2611-2616.

WANG Haiyong, PENG Yao, GUO Kaixuan. CP-ABE access control scheme based on proxy re-encryption in cloud storage[J]. Journal of Computer Applications, 2019, 39(9): 2611-2616.

参考文献

[1] SUKHODOLSKIY I A, ZAPECHNIKOV S V. An access control model for cloud storage using attribute-based encryption[C]//Proceedings of the 2017 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering. Piscataway, NJ:IEEE, 2017:578-581.
[2] SANDHIA G K, KASMIR RAJA S V, JANSI K R. Multi-authority-based file hierarchy hidden CP-ABE scheme for cloud security[J]. Service Oriented Computing and Applications, 2018,12(3/4):295-308.
[3] WANG S, ZHOU J, LIU J K, et al. An efficient file hierarchy attribute-based encryption scheme in cloud computing[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(6):1265-1277.
[4] GRUMAN G, KNORR E. What cloud computing really means[J]. Courts Today, 2010, 8(4):34.
[5] 刘建,鲜明,王会梅,等.面向移动云的属性基密文访问控制优化方法[J].通信学报,2018,39(7):43-53.(LIU J, XIAN M, WANG H M, et al. Optimization method for attribute-based cryptographic access control in mobile cloud computing[J]. Journal on Communications, 2018, 39(7):43-53.)
[6] NARUSE T, MOHRI M, SHIRAISHI Y. Attribute revocable attribute-based encryption with forward secrecy for fine-grained access control of shared data[EB/OL].[2019-01-03]. https://www.researchgate.net/publication/320140444_Attribute_Revocable_Attribute-Based_Encryption_with_Forward_Secrecy_for_Fine-Grained_Access_Control_of_Shared_Data.
[7] GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security. New York:ACM, 2006:89-98.
[8] 闫玺玺,孟慧.支持直接撤销的密文策略属性基加密方案[J].通信学报,2016,37(5):44-50.(YAN X X, MENG H. Ciphertext policy attribute-based encryption scheme supporting direct revocation[J]. Journal on Communications, 2016, 37(5):44-50.)
[9] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy. Washington, DC:IEEE Computer Society, 2007:321-334.
[10] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Proceedings of the 2005 Annual International Conference on the Theory and Applications of Cryptographic Techniques, LNCS 3494. Berlin:Springer, 2005:457-473.
[11] OSTROVSKY R, SAHAI A, WATERS B. Attribute-based encryption with non-monotonic access structures[C]//CCS'07:Proceedings of the 14th ACM Conference on Computer and Communications Security. New York:ACM, 2007:195-203.
[12] CHEUNG L, NEWPORT C. Provably secure ciphertext policy ABE[C]//CCS'07:Proceedings of the 14th ACM Conference on Computer and Communications Security. New York:ACM, 2007:456-465.
[13] LEWKO A, OKAMOTO T, SAHAI A, et al. Fully secure functional encryption:attribute-based encryption and (hierarchical) inner product encryption[C]//Proceedings of the 2010 Annual International Conference on the Theory and Applications of Cryptographic Techniques, LNCS 6110. Berlin:Springer, 2010:62-91.
[14] GREEN M, HOHENBERGER S, WATERS B. Outsourcing the decryption of ABE ciphertexts[C]//SEC'11:Proceedings of the 20th USENIX conference on Security. Berkeley, CA:USENIX Association, 2011:34.
[15] ODELU V, DAS A K, KHURRAM KHAN M, et al. Expressive CP-ABE scheme for mobile devices in IoT satisfying constant-size keys and ciphertexts[EB/OL].[2019-01-06]. https://www.researchgate.net/publication/313814297_Expressive_CP-ABE_Scheme_for_Mobile_Devices_in_IoT_satisfying_Constant-size_Keys_and_Ciphertexts.
[16] OHIGASHI T, NISHIMURA K, AIBARA R, et al. Implementation and evaluation of secure outsourcing scheme for secret sharing scheme on cloud storage services[C]//Proceedings of the 2014 IEEE 38th International Computer Software and Applications Conference Workshops. Piscataway, NJ:IEEE, 2014:78-83.
[17] HUR J. Improving security and efficiency in attribute-based data sharing[J]. IEEE Transactions on Knowledge and Data Engineering, 2013, 25(10):2271-2282.
[18] DINH H T, LEE C, NIYATO D, et al. A survey of mobile cloud computing:architecture, applications, and approaches[J]. Wireless Communications and Mobile Computing, 2013, 13(18):1587-1611.
[19] AHMAD M S, MUSA N E, NADARAJAH R, et al. Comparison between Android and iOS operating system in terms of security[C]//Proceedings of the 2013 8th International Conference on Information Technology in Asia. Piscataway, NJ:IEEE, 2013,7:1-4.

云存储中基于代理重加密的CP-ABE访问控制方案

CP-ABE access control scheme based on proxy re-encryption in cloud storage

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	葛纪红, 沈韬. 基于区块链的能源数据访问控制方法[J]. 计算机应用, 2021, 41(9): 2615-2622.
[2]	杜心雨, 王化群. LTE-A网络中基于动态组的有效的身份认证和密钥协商方案[J]. 计算机应用, 2021, 41(6): 1715-1722.
[3]	葛丽娜, 胡雨谷, 张桂芬, 陈园园. 云计算环境基于客体属性匹配的逆向混合访问控制方案[J]. 计算机应用, 2021, 41(6): 1604-1610.
[4]	谷正川, 郭渊博, 方晨. 基于代理重加密的消息队列遥测传输协议端到端安全解决方案[J]. 计算机应用, 2021, 41(5): 1378-1385.
[5]	张利华, 王欣怡, 胡方舟, 黄阳, 白甲义. 基于双联盟链的智能电网数据共享模型[J]. 计算机应用, 2021, 41(4): 963-969.
[6]	包玉龙, 朱雪阳, 张文辉, 孙鹏飞, 赵颖琪. 物联网应用中访问控制智能合约的形式化验证[J]. 计算机应用, 2021, 41(4): 930-938.
[7]	李秀艳, 刘明曦, 史闻博, 董国芳. 面向资源受限用户的高效动态数据审计方案[J]. 计算机应用, 2021, 41(2): 422-432.
[8]	王海勇, 潘启青, 郭凯璇. 基于区块链和用户信用度的访问控制模型[J]. 计算机应用, 2020, 40(6): 1674-1679.
[9]	唐鑫, 周琳娜. 基于响应模糊化的抗附加块攻击云数据安全去重方法[J]. 计算机应用, 2020, 40(4): 1085-1090.
[10]	史锦山, 李茹, 松婷婷. 基于区块链的物联网访问控制框架[J]. 计算机应用, 2020, 40(4): 931-941.
[11]	付伟, 顾晨阳, 高强. 基于属性加密的多用户共享ORAM方案[J]. 计算机应用, 2020, 40(2): 497-502.
[12]	罗文俊, 闻胜莲, 程雨. 基于区块链的电子医疗病历共享方案[J]. 计算机应用, 2020, 40(1): 157-161.
[13]	柳玉东, 王绪安, 涂广升, 王涵. 全生命周期的云外包数据安全审计协议[J]. 计算机应用, 2019, 39(7): 1954-1958.
[14]	王亚琼, 史国振, 谢绒娜, 李凤华, 王雅哲. 卫星网络中支持策略隐藏的多授权访问控制方案[J]. 计算机应用, 2019, 39(2): 470-475.
[15]	罗霄峰, 杨兴春, 胡勇. 改进的基于属性的访问控制策略评估管理决策图[J]. 计算机应用, 2019, 39(12): 3569-3574.