计算机应用 ›› 2021, Vol. 41 ›› Issue (6): 1611-1620.DOI: 10.11772/j.issn.1001-9081.2020121955

所属专题: 2020年全国开放式分布与并行计算学术年会(DPCS 2020)

• 2020年全国开放式分布与并行计算学术年会(DPCS 2020) • 上一篇    下一篇

基于云雾计算的可追踪可撤销密文策略属性基加密方案

陈家豪1, 殷新春1,2   

  1. 1. 扬州大学 信息工程学院, 江苏 扬州 225127;
    2. 扬州大学广陵学院, 江苏 扬州 225128
  • 收稿日期:2020-11-04 修回日期:2021-03-29 出版日期:2021-06-10 发布日期:2021-06-21
  • 通讯作者: 殷新春
  • 作者简介:陈家豪(1997-),男,安徽安庆人,硕士研究生,主要研究方向:密码学、物联网安全、加密算法和协议;殷新春(1962-),男,江苏姜堰人,教授,博士生导师,博士,CCF会员,主要研究方向:密码学、软件质量保障、高性能计算。
  • 基金资助:
    国家自然科学基金资助项目(61472343)。

Traceable and revocable ciphertext-policy attribute-based encryption scheme based on cloud-fog computing

CHEN Jiahao1, YIN Xinchun1,2   

  1. 1. College of Information Engineering, Yangzhou University, Yangzhou Jiangsu 225127, China;
    2. Guangling College of Yangzhou University, Yangzhou Jiangsu 225128, China
  • Received:2020-11-04 Revised:2021-03-29 Online:2021-06-10 Published:2021-06-21
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61472343).

摘要: 针对资源受限的边缘设备在属性基加密中存在的解密工作开销较大,以及缺乏有效的用户追踪与撤销的问题,提出了一种支持云雾计算的可追踪可撤销的密文策略属性基加密(CP-ABE)方案。首先,通过对雾节点的引入,使得密文存储、外包解密等工作能够放在距离用户更近的雾节点进行,这样既有效地保护了用户的隐私数据,又减少了用户的计算开销;其次,针对属性基加密系统中用户权限变更、用户有意或无意地泄露自己密钥等行为,加入了用户的追踪和撤销功能;最后,通过算法追踪到做出上述行为的恶意用户身份后,将该用户加入撤销列表,从而取消该用户访问权限。性能分析表明,所提方案用户端的解密开销降低至一次乘法运算和一次指数运算,能够为用户节省大量带宽与解密时间,且该方案支持恶意用户的追踪与撤销。因此所提方案适用于云雾环境下计算资源受限设备的数据共享。

关键词: 密文策略属性基加密, 云计算, 雾计算, 外包解密, 用户可追踪, 用户可撤销

Abstract: Focusing on the large decryption overhead of the resource limited edge devices and the lack of effective user tracking and revocation in attribute-based encryption, a traceable and revocable Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme supporting cloud-fog computing was proposed. Firstly, through the introduction of fog nodes, the ciphertext storage and outsourcing decryption were able to be carried out on fog nodes near the users, which not only effectively protected users' private data, but also reduced users' computing overhead. Then, in response to the behaviors such as user permission changes, users intentionally or unintentionally leaking their own keys in the attribute-based encryption system, user tracking and revocation functions were added. Finally, after the identity of malicious user with the above behaviors was tracked through the algorithm, the user would be added to the revocation list, so that user's access right was cancelled. The performance analysis shows that the decryption overhead at the user end is reduced to one multiplication and one exponential operation, which can save large bandwidth and decryption time for users; at the same time, the proposed scheme supports the tracking and revocation of malicious users. Therefore, the proposed scheme is suitable for data sharing of devices with limited computing resources in cloud-fog environment.

Key words: Ciphertext-Policy Attribute-Based Encryption (CP-ABE), cloud computing, fog computing, outsourcing decryption, user traceable, user revocable

中图分类号: