支持用户撤销的多授权机构的属性加密方案

doi:10.6040/j.issn.1671-9352.0.2017.399

山东大学学报（理学版） ›› 2018, Vol. 53 ›› Issue (7): 75-84.doi: 10.6040/j.issn.1671-9352.0.2017.399

支持用户撤销的多授权机构的属性加密方案

李艳平,齐艳姣,张凯,魏旭光^*

陕西师范大学数学与信息科学学院, 陕西西安 710119

收稿日期:2017-08-15 出版日期:2018-07-20 发布日期:2018-07-03
作者简介:李艳平(1978— ),女,博士,副教授,研究方向为安全云存储. E-mail:lyp@snnu.edu.cn*通信作者简介:魏旭光(1973— ),硕士,实验师,研究方向为安全云存储. E-mail:weixuguang@snnu.edu.cn
基金资助:
国家自然科学基金资助项目(61402275,61402015);陕西省自然科学基础研究计划资助项目(2016JM6069);中央高校基本科研业务费专项资金(GK201803005,GK201402004);人社部2015年留学人员科技活动项目

Multi-authority and revocable attribute-based encryption scheme

LI Yan-ping, QI Yan-jiao, ZHANG Kai, WEI Xu-guang^*

School of Mathematics and Information Science, Shaanxi Normal University, Xi'an 710119, Shaanxi, China

Received:2017-08-15 Online:2018-07-20 Published:2018-07-03

摘要/Abstract

摘要： 目前多数基于属性加密的云存储访问控制研究是基于单授权机构,系统内仅有一个授权机构为用户颁发属性密钥,可信而好奇的单授权机构会凭借用户提交的属性对用户的身份、职业等隐私信息进行判断和推测,特别是在单授权机构不可信或遭受恶意攻击的情况下,可能造成密钥泄露而导致云端数据被非法解密。为了避免上述两种安全问题,结合现有的多授权机构的思想,使不同权限的授权机构管理不同属性并进行属性相关密钥分发,大大降低了单一信任机构的工作量,解决了单授权机构下的密钥泄露或滥用问题,同时提高了用户的隐私数据保护;通过访问树技术实现了AND、OR及Threshold灵活访问策略,且将用户身份标识设置在访问树中来实现用户的撤销,撤销出现后只需更新部分密文而无需更新属性密钥,因而减少了计算开销。在标准模型下证明了该方案在选择身份属性攻击模型下是安全的,其安全性规约到判定性双线性Diffie-Hellman(decisional bilinear Diffie-Hellman, DBDH)问题。

关键词: 多授权机构, 判定性双线性Diffie-Hellman问题, 隐私保护

Abstract: Most of the existing attribute-based encryption schemes are based on a single authority. That is, there is only one authority in the system to issue the key to the user. The curious authority will speculate the user's identity, occupation and other private information by the user's attributes. In particular, if the single authority suffered malicious attacks, it maybe cause the leakage of private key and the breach of cloud data confidentiality. In order to avoid the above two kinds of problems, multi-authority is introduced in this paper. The different authorities manage different attributes and distribute the attributes key to users, which greatly decreases the single authority's workload, improves the protection of user privacy data and solves the key escrow under a single or abuse authority. AND, OR and Threshold are flexible realized by using the access tree, and the user identity is set in the access tree to achieve the user's direct revocation. When the revocation occurs, the whole system only needs to update parts of the ciphertext without updating the attribute key, thus reducing the computational overhead of the cloud storage message. Finally, the proposed scheme is proved secure under the chosen identity attribute attack in the standard model, and the security of the scheme is built on the hardness assumption of decision bilinear Diffie-Hellman(DBDH)problem.

Key words: multi-authority, privacy preserving, DBDH problem

中图分类号:

TP393

李艳平,齐艳姣,张凯,魏旭光. 支持用户撤销的多授权机构的属性加密方案[J]. 山东大学学报（理学版）, 2018, 53(7): 75-84.

LI Yan-ping, QI Yan-jiao, ZHANG Kai, WEI Xu-guang. Multi-authority and revocable attribute-based encryption scheme[J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(7): 75-84.

参考文献

[1] SAHAI A, WATERS B. Fuzzy identity-based encryption[C] //International Conference on Theory and Applications of Cryptographic Techniques. Berlin:Springer-Verlag, 2005: 457-473.
[2] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C] //Proceedings of the 2007 IEEE Symposium on Security and Privacy. Washington: IEEE Computer Society, 2007: 321-334.
[3] JUNG Taeho, LI Xiaoyang, WAN Zhiguo, et al. Privacy preserving cloud data access with multi-authorities[C] //2013 Proceedings IEEE INFOCOM. New York: IEEE, 2013: 2625-2633.
[4] HAN Jinguang, SUSILO W, MU Yi, et al. Improving privacy and security in decentralized ciphertext-policy attribute-based encryption[J]. IEEE Transactions on Information Forensics & Security, 2017, 10(3):665-678.
[5] MÜLLER S, KATZENBEISSER S, ECKERT C. Distributed attribute-based encryption[C] //International Conference on Information Security and Cryptology-ICISC 2008. Berlin: Springer-Verlag, 2008:20-36.
[6] LIU Zhen, CAO Zhenfu, HUANG Qiong, et al. Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles[C] //European Conference on Research in Computer Security. Berlin: Springer-Verlag, 2011: 278-297.
[7] LEWKO A, WATERS B. Decentralizing attribute-based encryption[C] //Proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer-Verlag, 2011: 568-588.
[8] YANG Kan, JIA Xiaohua, REN Kui. DAC-MACS: Effective data access control for multi-authority cloud storage systems[C] //2013 Proceedings IEEE INFOCOM. New York: IEEE, 2013: 1790-1801.
[9] RUJ S, STOJMENOVIC M, NAYAK A. Decentralized access control with anonymous authentication of data stored in clouds[J]. IEEE Transactions on Parallel & Distributed Systems, 2013, 25(2):384-394.
[10] GORASIA N, SRIKANTH R R, NISHANT D, et al. Improving security in multi authority attribute based encryption with fast decryption[J]. Procedia Computer Science, 2016, 79:632-639.
[11] CHASE M. Multi-authority attribute based encryption[J]. Lecture Notes in Computer Science, 2007: 515-534.
[12] YADAV U C, ALI S T. Ciphertext policy-hiding attribute-based encryption[C] //Proceedings of 2015 International Conference on Advances in Computing, Communications and Informatics(ICACCI 2015). New York: IEEE, 2015: 2067-2071.
[13] PHUONG T V X, YANG Guomin, SUSILO W. Hidden ciphertext policy attribute-based encryption under standard assumptions[J]. IEEE Transactions on Information Forensics & Security, 2015, 11(1):35-45.
[14] QIN Baodong, DENG R H, LI Yingjiu, et al. Server-aided revocable identity-based encryption[C] //Proceedings of Computer Security(ESORICS 2015)Switzerland: Springer International Publishing, 2015: 286-304.
[15] CUI Hui, DENG R H, LI Yingjiu, et al. Server-aided revocable attribute-based encryption[C] // Proceedings of Computer Security(ESORICS 2016)Switzerland: Springer International Publishing, 2016: 570-587.
[16] FAN Chuni, HUNG Shiming, RUAN Heming. Arbitrary-state attribute-based encryption with dynamic membership[J]. IEEE Transactions on Computers, 2014, 63(8):1951-1961.
[17] WANG Shulan, ZHOU Junwei, LIU K J, et al. An efficient file hierarchy attribute-based encryption scheme in cloud computing[J]. IEEE Transactions on Information Forensics & Security, 2016, 11(6):1265-1277.
[18] BONEH D, GOH E J, NISSIM K. Evaluating 2-dnf formulas on ciphertexts[C] //Proceedings of the 2nd Theory of Cryptography Conference(TCC2005). Berlin: Springer-Verlag, 2005: 325-341.
[19] 陶启,黄晓芳.基于密文策略多机构属性基加密方案[J].武汉大学学报(理学版),2015,61(6):545-548. TAO Qi, HUANG Xiaofang. Multi-authority ciphertext-policy attribute-based encryption scheme[J]. Journal Wuhan University(Natural Science Edition), 2015, 61(6):545-548.
[20] 李新,彭长根,牛翠翠.隐藏树型访问结构的属性加密方案[J].密码学报,2016,3(5):471-479. LI Xin, PENG Changgen, NIU Cuicui. Attribute-based encryption scheme with hidden tree access structures[J]. Journal of Cryptologic Research, 2016, 3(5):471-479.
[21] HUR J. Improving security and efficiency in attribute-based data sharing[J]. IEEE Transactions on Knowledge & Data Engineering, 2013, 25(10):2271-2282.
[22] XIE Xingxing, MA Hua, LI Jin, et al. An efficient ciphertext-policy attribute-based access control towards revocation in cloud computing[J]. Journal of Universal Computerence, 2013, 19(16):2349-2367.
[23] KILINC H H, YANIK T. A survey of sip authentication and key agreement schemes[J]. IEEE Communications Surveys & Tutorials, 2014, 16(2):1005-1023.

多维度评价

Viewed

Full text

Abstract

Cited

Shared

Discussed

支持用户撤销的多授权机构的属性加密方案

Multi-authority and revocable attribute-based encryption scheme

PDF (PC)

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

多维度评价

本文评价

推荐阅读 0

[1]	康海燕,黄渝轩,陈楚翘. 基于视频分析的地理信息隐私保护方法[J]. 山东大学学报（理学版）, 2018, 53(1): 19-29.
[2]	毕晓迪,梁英,史红周,田辉. 一种基于隐私偏好的二次匿名位置隐私保护方法[J]. 山东大学学报（理学版）, 2017, 52(5): 75-84.
[3]	康海燕,马跃雷. 差分隐私保护在数据挖掘中应用综述[J]. 山东大学学报（理学版）, 2017, 52(3): 16-23.
[4]	柳欣,徐秋亮,张波. 满足可控关联性的合作群签名方案[J]. 山东大学学报（理学版）, 2016, 51(9): 18-35.
[5]	查明明,王伟. FlowMonitor: Android隐私数据流向监控防护系统[J]. 山东大学学报（理学版）, 2016, 51(9): 59-67.
[6]	李宇溪,王恺璇,林慕清,周福才. 基于匿名广播加密的P2P社交网络隐私保护系统[J]. 山东大学学报（理学版）, 2016, 51(9): 84-91.
[7]	蔡红云,马晓雪. 在线社会网络中基于关系强度的访问控制机制[J]. 山东大学学报（理学版）, 2016, 51(7): 90-97.
[8]	蔡红云, 田俊峰. 云计算中的数据隐私保护研究[J]. 山东大学学报（理学版）, 2014, 49(09): 83-89.
[9]	杨松涛, 马春光, 周长利, 张宗利. 一种地理围栏服务中的LBS隐私保护方法[J]. 山东大学学报（理学版）, 2014, 49(09): 69-73.
[10]	康海燕, 杨孔雨, 陈建明. 基于K-匿名的个性化隐私保护方法研究[J]. 山东大学学报（理学版）, 2014, 49(09): 142-149.
[11]	赵泽茂1,李林1,张帆1,2,张品1,周建钦1,王家波1. 基于分散子匿名区域的位置隐私保护方法[J]. J4, 2013, 48(7): 56-61.
[12]	景旭1,2,3, 何东健1*. 无完全可信PKG身份签名的分层CES方案[J]. J4, 2012, 47(9): 7-14.
[13]	高枫1,何泾沙2. 基于信任和信息流模型的隐私保护方法[J]. J4, 2011, 46(5): 39-43.
[14]	叶明全1,2, 胡学钢1,伍长荣3. 垂直划分多决策表下基于条件信息熵的隐私保护属性约简[J]. J4, 2010, 45(9): 14-19.
[15]	邱桃荣,王璐,熊树洁,白小明. 一种基于粒计算的知识隐藏方法[J]. J4, 2010, 45(7): 60-64.