SM9-based attribute-based searchable encryption scheme with cryptographic reverse firewall

doi:10.11772/j.issn.1001-9081.2023111678

Journal of Computer Applications ›› 2024, Vol. 44 ›› Issue (11): 3495-3502.DOI: 10.11772/j.issn.1001-9081.2023111678

• Cyber security • Previous Articles Next Articles

SM9-based attribute-based searchable encryption scheme with cryptographic reverse firewall

Gaimei GAO, Mingbo DUAN(), Yaling XUN, Chunxia LIU, Weichao DANG

College of Computer Science and Technology，Taiyuan University of Science and Technology，Taiyuan Shanxi 030024，China

Received:2023-12-05 Revised:2024-03-25 Accepted:2024-04-10 Online:2024-05-30 Published:2024-11-10
Contact: Mingbo DUAN
About author:GAO Gaimei， born in 1978， Ph. D.， associate professor. Her research interests include blockchain， network security， cryptography.
XUN Yaling， born in 1980， Ph. D.， professor. Her research interests include data mining， big data analysis and application.
LIU Chunxia， born in 1977， M. S.， associate professor. Her research interests include software engineering， database.
DANG Weichao， born in 1974， Ph. D.， associate professor. His research interests include intelligent computing， software reliability.
Supported by:
National Natural Science Foundation of China(62272336)

支持密码逆向防火墙的基于SM9的属性基可搜索加密方案

高改梅, 段明博(), 荀亚玲, 刘春霞, 党伟超

太原科技大学计算机科学与技术学院，太原 030024

通讯作者: 段明博
作者简介:高改梅（1978—），女，山西吕梁人，副教授，博士，CCF会员，主要研究方向：区块链、网络安全、密码学
荀亚玲（1980—），女，山西临汾人，教授，博士，CCF会员，主要研究方向：数据挖掘、大数据分析及应用
刘春霞（1977—），女，山西大同人，副教授，硕士，CCF会员，主要研究方向：软件工程、数据库
党伟超（1974—），男，山西运城人，副教授，博士，CCF会员，主要研究方向：智能计算、软件可靠性。
基金资助:
国家自然科学基金资助项目(62272336)

Abstract

Abstract:

In response to the facts that most of Attribute-Based Searchable Encryption （ABSE） schemes are designed on the basis of non-national encryption algorithms and are unable to resist internal Algorithm Substitution Attack （ASA）， an SM9-based Attribute-Based Searchable Encryption with Cryptographic Reverse Firewall （SM9ABSE-CRF） was proposed. This scheme extends the SM9 algorithm to the ABSE field， realizes fine-grained data access control， and introduces Cryptographic Reverse Firewall （CRF） technology to effectively resist ASA. SM9ABSE-CRF was analyzed under the Decisional Bilinear Diffie-Hellman （DBDH） assumption， and the deployment of CRF was formally proved to maintain functionality， preserving security， and resisting exfiltration. Theoretical analysis and simulation results show that compared to the ABSE scheme providing CRF — cABKS-CRF （consistent Attribute-Based Keyword Search system with CRF）， SM9ABSE-CRF has higher security and demonstrates notable performance advantages during index and trapdoor generation phases.

Key words: Cryptographic Reverse Firewall (CRF), searchable encryption, Attribute-Based Encryption (ABE), SM9 algorithm, Algorithm Substitution Attack (ASA)

摘要：

针对属性基可搜索加密（ABSE）方案大都基于非国密算法设计，且无法抵抗内部算法替换攻击（ASA）的问题，提出一种支持密码逆向防火墙的基于SM9的属性基可搜索加密方案（SM9ABSE-CRF）。该方案将国密算法SM9扩展至ABSE领域，实现了细粒度数据访问控制，并引入密码逆向防火墙（CRF）技术有效抵御ASA。分析了SM9ABSE-CRF在判定性Diffie-Hellman（DBDH）假设下满足了选择关键词下的不可区分性，并形式化证明了CRF的部署满足维持功能性、保留安全性以及抵抗泄漏性。理论分析和仿真实验结果表明，与提供CRF的ABSE方案cABKS-CRF （consistent Attribute-Based Keyword Search system with CRF）相比，SM9ABSE-CRF具有更高的安全性，并且在索引与陷门生成阶段也表现出显著的性能优势。

关键词: 密码逆向防火墙, 可搜索加密, 属性基加密, SM9算法, 算法替换攻击

CLC Number:

TP309.7

Gaimei GAO, Mingbo DUAN, Yaling XUN, Chunxia LIU, Weichao DANG. SM9-based attribute-based searchable encryption scheme with cryptographic reverse firewall[J]. Journal of Computer Applications, 2024, 44(11): 3495-3502.

高改梅, 段明博, 荀亚玲, 刘春霞, 党伟超. 支持密码逆向防火墙的基于SM9的属性基可搜索加密方案[J]. 《计算机应用》唯一官方网站, 2024, 44(11): 3495-3502.

Figures/Tables 5

Fig.1 System model

Tab.1 Comparison of computational cost

方案	索引生成	陷门生成	搜索
ABKS-UR^［9］	（n+1）E₁+E₂	（2n+1）E₁	（n+1）P+E₂
ABKS-SKGA^［13］	（n₁+3）E₁+M	（3n+1）E₁+nM	（2n₁+1）P+n₁E₂+n₁M
cABKS-CRF^［19］	（n+1）（2E₁+6E₂+3P）	（4n+2）E₁	（n+1）P+E₂
SM9ABSE-CRF	（4n+3）M+E₂+P	（4n₁+2）M	（2n+1）P

Tab.2 Comparison of communication cost and resistance to ASA

方案	索引生成	陷门生成	抗ASA
ABKS-UR^［9］	$(n + 1) G + G T$	$(2 n + 1) G$	×
ABKS-SKGA^［13］	$(n 1 + 3) G$	$(2 n + 1) G$	×
cABKS-CRF^［19］	$(n + 1) G + (4 n + 3) G T$	$(2 n + 1) G$	√
SM9ABSE-CRF	$(n + 1) G 1 + n G 2 + G T$	$n 1 G 1 + (n 1 + 1) G 2$	√

Tab.2 Comparison of communication cost and resistance to ASA

方案	索引生成	陷门生成	抗ASA
ABKS-UR^［9］	$(n + 1) G + G T$	$(2 n + 1) G$	×
ABKS-SKGA^［13］	$(n 1 + 3) G$	$(2 n + 1) G$	×
cABKS-CRF^［19］	$(n + 1) G + (4 n + 3) G T$	$(2 n + 1) G$	√
SM9ABSE-CRF	$(n + 1) G 1 + n G 2 + G T$	$n 1 G 1 + (n 1 + 1) G 2$	√

Fig. 2 Comparison of running time in key generation phase and index generation phase

Fig. 3 Comparison of running time in trapdoor generation phase and search phase

References 24

1	ZHANG L， XIONG H， HUANG Q， et al. Cryptographic solutions for cloud storage： challenges and research opportunities［J］. IEEE Transactions on Services Computing， 2022， 15（1）： 567-587.
2	SONG D X， WAGNER D， PERRIG A. Practical techniques for searches on encrypted data［C］// Proceedings of the 2000 IEEE Symposium on Security and Privacy. Piscataway： IEEE， 2000： 44-55.
3	BONEH D， DI CRESCENZO G， OSTROVSKY R， et al. Public key encryption with keyword search［C］// Proceedings of the 2004 International Conference on the Theory and Applications of Cryptographic Techniques， LNCS 3027. Berlin： Springer， 2004： 506-522.
4	GOYAL V， PANDEY O， SAHAI A， et al. Attribute-based encryption for fine-grained access control of encrypted data［C］// Proceedings of the 13th ACM Conference on Computer and Communications Security. New York： ACM， 2006： 89-98.
5	TANG Q， YUNG M. Cliptography： post-Snowden cryptography［C］// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York： ACM， 2017： 2615-2616.
6	BELLARE M， PATERSON K G， ROGAWAY P. Security of symmetric encryption against mass surveillance［C］// Proceedings of the 2014 Annual International Cryptology Conference， LNCS 8616. Berlin： Springer， 2014： 1-19.
7	MIRONOV I， STEPHENS-DAVIDOWITZ N. Cryptographic reverse firewalls［C］// Proceedings of the 2015 Annual International Conference on the Theory and Applications of Cryptographic Techniques， LNCS 9057. Berlin： Springer， 2015： 657-686.
8	ZHENG Q， XU S， ATENIESE G. VABKS： verifiable attribute-based keyword search over outsourced encrypted data［C］// Proceedings of the 2014 IEEE Conference on Computer Communications. Piscataway： IEEE， 2014： 522-530.
9	SUN W， YU S， LOU W， et al. Protecting your right： verifiable attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud［J］. IEEE Transactions on Parallel and Distributed Systems， 2016， 27（4）： 1187-1198.
10	WANG S， ZHANG D， ZHANG Y， et al. Efficiently revocable and searchable attribute-based encryption scheme for mobile cloud storage［J］. IEEE Access， 2018， 6： 30444-30457.
11	WANG S， JIA S， ZHANG Y. Verifiable and multi-keyword searchable attribute-based encryption scheme for cloud storage［J］. IEEE Access， 2019， 7： 50136-50147.
12	GE C， SUSILO W， LIU Z， et al. Secure keyword search and data sharing mechanism for cloud computing［J］. IEEE Transactions on Dependable and Secure Computing， 2021， 18（6）： 2787-2800.
13	LI J， WANG M， LU Y， et al. ABKS-SKGA： attribute-based keyword search secure against keyword guessing attack［J］. Computer Standards and Interfaces， 2020， 74： No.103471.
14	HONG B， CHEN J， ZHANG K， et al. Multi-authority non-monotonic KP-ABE with cryptographic reverse firewall［J］. IEEE Access， 2019， 7： 159002-159012.
15	ZHOU Y， GUO J， LI F. Certificateless public key encryption with cryptographic reverse firewalls［J］. Journal of Systems Architecture， 2020， 109： No.101754.
16	OUYANG M， WANG Z， LI F. Digital signature with cryptographic reverse firewalls［J］. Journal of Systems Architecture， 2021， 116： No.102029.
17	LI G， LIU J， ZHANG Z， et al. UC-secure cryptographic reverse firewall-guarding corrupted systems with the minimum trusted module［C］// Proceedings of the 2021 International Conference on Information Security and Cryptology， LNCS 13007. Cham： Springer， 2021： 85-110.
18	WANG Y， CHEN R， HUANG X， et al. Secure anonymous communication on corrupted machines with reverse firewalls［J］. IEEE Transactions on Dependable and Secure Computing， 2022， 19（6）： 3837-3854.
19	ZHANG K， JIANG Z， NING J， et al. Subversion-resistant and consistent attribute-based keyword search for secure cloud storage［J］. IEEE Transactions on Information Forensics and Security， 2022， 17： 1771-1784.
20	ZHOU Y， HU Z， LI F. Searchable public-key encryption with cryptographic reverse firewalls for cloud storage［J］. IEEE Transactions on Cloud Computing， 2023， 11（1）： 383-396.
21	JI H， ZHANG H， SHAO L， et al. An efficient attribute-based encryption scheme based on SM9 encryption algorithm for dispatching and control cloud［J］. Connection Science， 2021， 33（4）： 1094-1115.
22	SUN Y， CHATTERJEE P， CHEN Y， et al. Efficient identity-based encryption with revocation for data privacy in Internet of Things［J］. IEEE Internet of Things Journal， 2022， 9（4）： 2734-2743.
23	蒲浪，林超，伍玮，等. 基于SM9的公钥可搜索加密方案［J］. 信息安全学报， 2023， 8（1）：108-118.
	PU L， LIN C， WU W， et al. A public-key encryption with keyword search scheme from SM9［J］. Journal of Cyber Security， 2023， 8（1）： 108-118.
24	熊虎，林烨，姚婷. 支持等式测试及密码逆向防火墙的SM9标识加密方案［J］. 计算机研究与发展， 2024， 61（4）：1070-1084.
	XIONG H， LIN Y， YAO T. SM9 identity-based encryption scheme with equality test and cryptographic reverse firewalls［J］. Journal of Computer Research and Development， 2024， 61（4）： 1070-1084.

[1]	Xiaoling SUN, Danhui WANG, Shanshan LI. Dynamic ciphertext sorting and retrieval scheme based on blockchain [J]. Journal of Computer Applications, 2024, 44(8): 2500-2505.
[2]	Gaimei GAO, Jin ZHANG, Chunxia LIU, Weichao DANG, Shangwang BAI. Privacy protection scheme for crowdsourced testing tasks based on blockchain and CP-ABE policy hiding [J]. Journal of Computer Applications, 2024, 44(3): 811-818.
[3]	Zheng WANG, Jingwei WANG, Xinchun YIN. Searchable electronic health record sharing scheme with user revocation [J]. Journal of Computer Applications, 2024, 44(2): 504-511.
[4]	Yiting WANG, Wunan WAN, Shibin ZHANG, Jinquan ZHANG, Zhi QIN. Linkable ring signature scheme based on SM9 algorithm [J]. Journal of Computer Applications, 2024, 44(12): 3709-3716.
[5]	Jing LIANG, Wunan WAN, Shibin ZHANG, Jinquan ZHANG, Zhi QIN. Traceability storage model of charity system oriented to master-slave chain [J]. Journal of Computer Applications, 2024, 44(12): 3751-3758.
[6]	Xiaoyu DU, Shuaiqi LIU, Zhijie HAN, Zhenxiang HUO, Yujing WANG. Patient-centric medical information sharing scheme based on IPFS and blockchain [J]. Journal of Computer Applications, 2024, 44(10): 3122-3133.
[7]	Haiying MA, Jinzhou LI, Jikun YANG. Blockchain-based decentralized attribute-based encryption scheme for revocable attributes [J]. Journal of Computer Applications, 2023, 43(9): 2789-2797.
[8]	Jiaxing LU, Hua DAI, Yuanlong LIU, Qian ZHOU, Geng YANG. Dictionary partition vector space model for ciphertext ranked search in cloud environment [J]. Journal of Computer Applications, 2023, 43(7): 1994-2000.
[9]	PANG Xiaoqiong, WANG Yunting, CHEN Wenjun, JIANG Pan, GAO Yanan. Fair and verifiable multi-keyword ranked search over encrypted data based on blockchain [J]. Journal of Computer Applications, 2023, 43(1): 130-139.
[10]	Li LI, Yi WU, Zhikun YANG, Yunpeng CHEN. Medical electronic record sharing scheme based on sharding-based blockchain [J]. Journal of Computer Applications, 2022, 42(1): 183-190.
[11]	Xiaoqiong PANG, Ting YANG, Wenjun CHEN, Yunting WANG, Tianye LIU. Digital rights management scheme based on secret sharing in blockchain environment [J]. Journal of Computer Applications, 2021, 41(11): 3257-3265.
[12]	Xiaoling SUN, Guang YANG, Yanping SHEN, Qiuge YANG, Tao CHEN. Searchable encryption scheme based on splittable inverted index [J]. Journal of Computer Applications, 2021, 41(11): 3288-3294.
[13]	Lifeng GUO, Qianli WANG. Adaptive secure outsourced attribute-based encryption scheme with keyword search [J]. Journal of Computer Applications, 2021, 41(11): 3266-3273.
[14]	ZHANG En, HOU Yingying, LI Gongli, LI Huimin, LI Yu. Adaptive hierarchical searchable encryption scheme based on learning with errors [J]. Journal of Computer Applications, 2020, 40(1): 148-156.
[15]	YU Qingfei, TU Guangsheng, LI Ningbo, ZHOU Tanping. Multi-hop multi-policy attributed-based fully homomorphic encryption scheme [J]. Journal of Computer Applications, 2019, 39(8): 2326-2332.

SM9-based attribute-based searchable encryption scheme with cryptographic reverse firewall

支持密码逆向防火墙的基于SM9的属性基可搜索加密方案

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 5

References 24

Related Articles 15

Recommended Articles

Metrics