Journal of Computer Applications ›› 2024, Vol. 44 ›› Issue (11): 3495-3502.DOI: 10.11772/j.issn.1001-9081.2023111678

• Cyber security • Previous Articles     Next Articles

SM9-based attribute-based searchable encryption scheme with cryptographic reverse firewall

Gaimei GAO, Mingbo DUAN(), Yaling XUN, Chunxia LIU, Weichao DANG   

  1. College of Computer Science and Technology,Taiyuan University of Science and Technology,Taiyuan Shanxi 030024,China
  • Received:2023-12-05 Revised:2024-03-25 Accepted:2024-04-10 Online:2024-05-30 Published:2024-11-10
  • Contact: Mingbo DUAN
  • About author:GAO Gaimei, born in 1978, Ph. D., associate professor. Her research interests include blockchain, network security, cryptography.
    XUN Yaling, born in 1980, Ph. D., professor. Her research interests include data mining, big data analysis and application.
    LIU Chunxia, born in 1977, M. S., associate professor. Her research interests include software engineering, database.
    DANG Weichao, born in 1974, Ph. D., associate professor. His research interests include intelligent computing, software reliability.
  • Supported by:
    National Natural Science Foundation of China(62272336)

支持密码逆向防火墙的基于SM9的属性基可搜索加密方案

高改梅, 段明博(), 荀亚玲, 刘春霞, 党伟超   

  1. 太原科技大学 计算机科学与技术学院,太原 030024
  • 通讯作者: 段明博
  • 作者简介:高改梅(1978—),女,山西吕梁人,副教授,博士,CCF会员,主要研究方向:区块链、网络安全、密码学
    荀亚玲(1980—),女,山西临汾人,教授,博士,CCF会员,主要研究方向:数据挖掘、大数据分析及应用
    刘春霞(1977—),女,山西大同人,副教授,硕士,CCF会员,主要研究方向:软件工程、数据库
    党伟超(1974—),男,山西运城人,副教授,博士,CCF会员,主要研究方向:智能计算、软件可靠性。
  • 基金资助:
    国家自然科学基金资助项目(62272336)

Abstract:

In response to the facts that most of Attribute-Based Searchable Encryption (ABSE) schemes are designed on the basis of non-national encryption algorithms and are unable to resist internal Algorithm Substitution Attack (ASA), an SM9-based Attribute-Based Searchable Encryption with Cryptographic Reverse Firewall (SM9ABSE-CRF) was proposed. This scheme extends the SM9 algorithm to the ABSE field, realizes fine-grained data access control, and introduces Cryptographic Reverse Firewall (CRF) technology to effectively resist ASA. SM9ABSE-CRF was analyzed under the Decisional Bilinear Diffie-Hellman (DBDH) assumption, and the deployment of CRF was formally proved to maintain functionality, preserving security, and resisting exfiltration. Theoretical analysis and simulation results show that compared to the ABSE scheme providing CRF — cABKS-CRF (consistent Attribute-Based Keyword Search system with CRF), SM9ABSE-CRF has higher security and demonstrates notable performance advantages during index and trapdoor generation phases.

Key words: Cryptographic Reverse Firewall (CRF), searchable encryption, Attribute-Based Encryption (ABE), SM9 algorithm, Algorithm Substitution Attack (ASA)

摘要:

针对属性基可搜索加密(ABSE)方案大都基于非国密算法设计,且无法抵抗内部算法替换攻击(ASA)的问题,提出一种支持密码逆向防火墙的基于SM9的属性基可搜索加密方案(SM9ABSE-CRF)。该方案将国密算法SM9扩展至ABSE领域,实现了细粒度数据访问控制,并引入密码逆向防火墙(CRF)技术有效抵御ASA。分析了SM9ABSE-CRF在判定性Diffie-Hellman(DBDH)假设下满足了选择关键词下的不可区分性,并形式化证明了CRF的部署满足维持功能性、保留安全性以及抵抗泄漏性。理论分析和仿真实验结果表明,与提供CRF的ABSE方案cABKS-CRF (consistent Attribute-Based Keyword Search system with CRF)相比,SM9ABSE-CRF具有更高的安全性,并且在索引与陷门生成阶段也表现出显著的性能优势。

关键词: 密码逆向防火墙, 可搜索加密, 属性基加密, SM9算法, 算法替换攻击

CLC Number: