支持属性撤销的可验证外包的多授权属性加密方案

doi:10.11772/j.issn.1001-9081.2019061019

计算机应用 ›› 2019, Vol. 39 ›› Issue (12): 3556-3562.DOI: 10.11772/j.issn.1001-9081.2019061019

支持属性撤销的可验证外包的多授权属性加密方案

明洋, 何宝康

长安大学信息工程学院, 西安 710064

收稿日期:2019-06-17 修回日期:2019-08-26 发布日期:2019-10-10 出版日期:2019-12-10
作者简介:明洋(1979-),男,陕西西安人,教授,博士,主要研究方向:大数据安全、智能交通、无线网络安全;何宝康(1994-),男,河南三门峡人,硕士研究生,主要研究方向:云计算安全、车联网、属性加密。
基金资助:
陕西省自然科学基金资助项目（2018JM6081）；中央高校基本科研业务费专项资金资助项目（300102249204）。

Attribute revocation and verifiable outsourcing supported multi-authority attribute-based encryption scheme

MING Yang, HE Baokang

School of Information Engineering, Chang'an University, Xi'an Shaanxi 710064, China

Received:2019-06-17 Revised:2019-08-26 Online:2019-10-10 Published:2019-12-10
Contact: 明洋
Supported by:
This work is partially supported by the Natural Science Foundation of Shaanxi Province (2018JM6081), the Fundamental Research Funds for the Central Universities (300102249204).

摘要/Abstract

摘要： 针对云存储中基于多授权属性加密（MA-ABE）访问控制方案存在数据使用者解密开销大，同时缺乏有效属性撤销的问题，提出了一种支持属性撤销的可验证外包的多授权属性加密方案。首先，利用可验证外包技术，降低数据使用者的解密开销，同时验证数据的完整性。然后，利用双线性映射保护访问策略，防止数据拥有者身份泄露。最后，利用每个属性的版本密钥实现立即的属性撤销。安全性分析表明所提方案在标准模型中判定性的q双线性Diffie-Hellman指数假设下是安全的，同时满足了前向安全性和抗合谋攻击。性能分析表明所提方案在功能性和计算开销两方面都具有较好的优势，因此所提方案更适用于云存储下多授权属性加密环境。

关键词: 云存储, 多授权, 可验证外包, 属性撤销, 策略隐藏

Abstract: Focusing on the large decryption overhead of the data user and the lack of effective attribute revocation of the Multi-Authority Attribute-Based Encryption (MA-ABE) access control scheme in cloud storage, an attribute revocation and verifiable outsourcing supported multi-authority attribute-based encryption scheme was proposed. Firstly, the data user's decryption overhead was markedly reduced and the integrity of the data was verified by using verifiable outsourcing technology. Then, the bilinear mapping was used to protect the access policy, preventing the identity of the data owner from leaking. Finally, the version key of each attribute was used to realize the immediate attribute revocation. The security analysis shows that the proposed scheme is safe under the decisional q-bilinear Diffie-Hellman exponent assumption in the standard model, achieves forward security and is able to resist collusion attack. The performance analysis shows that the proposed scheme has great advantages in terms of functionality and computational cost. Therefore, this scheme is more suitable for multi-authority attribute-based encryption environment in cloud storage.

Key words: cloud storage, multi-authority, verifiable outsourcing, attribute revocation, policy hiding

中图分类号:

TP309.7

明洋, 何宝康. 支持属性撤销的可验证外包的多授权属性加密方案[J]. 计算机应用, 2019, 39(12): 3556-3562.

MING Yang, HE Baokang. Attribute revocation and verifiable outsourcing supported multi-authority attribute-based encryption scheme[J]. Journal of Computer Applications, 2019, 39(12): 3556-3562.

参考文献

[1] MELL P, GRANCE T. The NIST definition of cloud computing:SP 800-145[R]. Gaithersburg, MD:National Institute of Standards & Technology, 2011.
[2] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Proceedings of the 2005 Annual International Conference on the Theory and Applications of Cryptographic Techniques, LNCS 3494. Berlin:Springer, 2005:457-473.
[3] GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security. New York:ACM, 2006:89-98.
[4] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy. Piscataway:IEEE, 2007:321-334.
[5] WATERS B. Ciphertext-policy attribute-based encryption:an expressive, efficient, and provably secure realization[C]//Proceedings of the 2011 International Workshop on Public Key Cryptography, LNCS 6571. Berlin:Springer, 2011:53-70.
[6] LEWKO A, WATERS B. New proof methods for attribute-based encryption:achieving full security through selective techniques[C]//Proceedings of the 2012 Annual Cryptology Conference, LNCS 7417. Berlin:Springer, 2012:180-198.
[7] ROUSELAKIS Y, WATERS B. Practical constructions and new proof methods for large universe attribute-based encryption[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM, 2013:463-474.
[8] 仲红,崔杰,朱文龙,等.高效且可验证的多授权机构属性基加密方案[J].软件学报,2018,29(7):2006-2017.(ZHONG H, CUI J, ZHU W L, et al. Efficient and verifiable multi-authority attribute based encryption scheme[J]. Journal of Software, 2018, 29(7):2006-2017.)
[9] 范运东,吴晓平.基于策略隐藏属性加密的云存储访问控制方案[J].计算机工程,2018,44(7):139-144,149.(FAN Y D, WU X P. Cloud storage access control scheme based on policy hiding attribute encryption[J]. Computer Engineering, 2018, 44(7):139-144, 149.)
[10] CHASE M. Multi-authority attribute based encryption[C]//Proceedings of the 2007 Theory of Cryptography Conference, LNCS 4392. Berlin:Springer, 2007:515-534.
[11] LEWKO A, WATERS B. Decentralizing attribute-based encryption[C]//Proceedings of the 2011 Annual International Conference on the Theory and Applications of Cryptographic Techniques, LNCS 6632. Berlin:Springer, 2011:568-588.
[12] GREEN M, HOHENBERGER S, WATERS B. Outsourcing the decryption of ABE ciphertexts[C]//Proceedings of the 2011 USENIX Conference on Security. Berkeley, CA:USENIX Association, 2011:34-34.
[13] LAI J, DENG R H, GUAN C, et al. Attribute-based encryption with verifiable outsourced decryption[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(8):1343-1354.
[14] YANG K, JIA X, REN K, et al. DAC-MACS:effective data access control for multi-authority cloud storage systems[C]//Proceedings of the 2013 IEEE INFOCOM. Piscataway:IEEE, 2013:2589-2903.
[15] LI J, HUANG X, LI J, et al. Securely outsourcing attribute-based encryption with checkability[J]. IEEE Transactions on Parallel and Distributed Systems, 2013, 25(8):2201-2210.
[16] BEIMEL A. Secure schemes for secret sharing and key distribution[D]. Haifa, Israel:Technion-Israel Institute of Technology, 1996:76-90.
[17] YANG K, JIA X. Expressive, efficient, and revocable data access control for multi-authority cloud storage[J]. IEEE Transactions on Parallel and Distributed Systems, 2013, 25(7):1735-1744.
[18] YANG Y, CHEN X Y, CHEN H, et al. Improving privacy and security in decentralizing multi-authority attribute-based encryption in cloud computing[J]. IEEE Access, 2018, 6:18009-18021.
[19] LI W, XUE K, XUE Y, et al. TMACS:a robust and verifiable threshold multi-authority access control system in public cloud storage[J]. IEEE Transactions on Parallel and Distributed Systems, 2015, 27(5):1484-1496.

支持属性撤销的可验证外包的多授权属性加密方案

Attribute revocation and verifiable outsourcing supported multi-authority attribute-based encryption scheme

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	高改梅, 张瑾, 刘春霞, 党伟超, 白尚旺. 基于区块链与CP-ABE策略隐藏的众包测试任务隐私保护方案[J]. 《计算机应用》唯一官方网站, 2024, 44(3): 811-818.
[2]	马海英, 李金舟, 杨及坤. 基于区块链可撤销属性的去中心化属性基加密方案[J]. 《计算机应用》唯一官方网站, 2023, 43(9): 2789-2797.
[3]	谢振杰, 付伟. 基于可审计多副本的云存储差错副本恢复机制[J]. 《计算机应用》唯一官方网站, 2023, 43(4): 1102-1108.
[4]	孙京宇, 朱家玉, 田自强, 史国振, 关川江. 基于椭圆曲线加密且支持撤销的属性基加密方案[J]. 《计算机应用》唯一官方网站, 2022, 42(7): 2094-2103.
[5]	吴静雯, 殷新春, 宁建廷. 车载自组网中可追踪可撤销的多授权中心属性基加密方案[J]. 《计算机应用》唯一官方网站, 2022, 42(6): 1695-1701.
[6]	李秀艳, 刘明曦, 史闻博, 董国芳. 面向资源受限用户的高效动态数据审计方案[J]. 计算机应用, 2021, 41(2): 422-432.
[7]	郭丽峰, 王倩丽. 自适应安全的带关键字搜索的外包属性基加密方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3266-3273.
[8]	唐鑫, 周琳娜. 基于响应模糊化的抗附加块攻击云数据安全去重方法[J]. 计算机应用, 2020, 40(4): 1085-1090.
[9]	付伟, 顾晨阳, 高强. 基于属性加密的多用户共享ORAM方案[J]. 《计算机应用》唯一官方网站, 2020, 40(2): 497-502.
[10]	王海勇, 彭垚, 郭凯璇. 云存储中基于代理重加密的CP-ABE访问控制方案[J]. 计算机应用, 2019, 39(9): 2611-2616.
[11]	柳玉东, 王绪安, 涂广升, 王涵. 全生命周期的云外包数据安全审计协议[J]. 计算机应用, 2019, 39(7): 1954-1958.
[12]	王亚琼, 史国振, 谢绒娜, 李凤华, 王雅哲. 卫星网络中支持策略隐藏的多授权访问控制方案[J]. 计算机应用, 2019, 39(2): 470-475.
[13]	周坚, 金瑜, 何亨, 李鹏. 基于嵌套Merkle Hash tree区块链的云数据动态审计模型[J]. 计算机应用, 2019, 39(12): 3575-3583.
[14]	李静, 刘冬实. 主动容错云存储系统的可靠性评价模型[J]. 计算机应用, 2018, 38(9): 2631-2636.
[15]	陈博, 何连跃, 严巍巍, 徐照淼, 徐俊. 海量小文件系统的可移植操作系统接口兼容技术[J]. 计算机应用, 2018, 38(5): 1389-1392.