计算机科学 ›› 2019, Vol. 46 ›› Issue (7): 114-119.doi: 10.11896/j.issn.1002-137X.2019.07.018

• 信息安全 • 上一篇    下一篇

云计算下可撤销的全外包CP-ABE方案

江泽涛1,2,黄锦1,胡硕3,徐智1   

  1. (桂林电子科技大学计算机与信息安全学院 广西 桂林541004)1
    (桂林电子科技大学广西可信软件重点实验室 广西 桂林541004)2
    (南昌航空大学信息学院 南昌330063)3
  • 收稿日期:2018-06-07 出版日期:2019-07-15 发布日期:2019-07-15
  • 作者简介:江泽涛(1961-),男,博士,教授,主要研究方向为图像处理、计算机视觉、网络信息安全;黄 锦(1994-),男,硕士生,主要研究方向为网络信息安全;胡 硕(1983-),男,硕士,讲师,主要研究方向为智能计算;徐 智(1981-),男,博士,副教授,主要研究方向为计算机视觉,E-mail:645882969@qq.com(通信作者)。
  • 基金资助:
    国家自然科学基金(61572147),广西科技计划项目(AC16380108),广西图像图形智能处理重点实验项目(GIIP201701),广西研究生教育创新计划资助项目(2018YJCX46),江西省自然科学基金资助项目(20171BAB212015)资助

Fully-outsourcing CP-ABE Scheme with Revocation in Cloud Computing

JIANG Ze-tao1,2,HUANG Jin1,HU Shuo3,XU Zhi1   

  1. (School of Computer and Information Security,Guilin University of Electronic Technology,Guilin,Guangxi 541004,China)1
    (Guangxi Key Laboratory of Trusted Software,Guilin University of Electronic Technology,Guilin,Guangxi 541004,China)2
    (School of Information Engineering,Nanchang Hangkong University,Nanchang 330063,China)3
  • Received:2018-06-07 Online:2019-07-15 Published:2019-07-15

摘要: 在属性基加密体制(Attribute-Based Encryptionsystem,ABE)中,用户可以通过自身属性进行信息加密和解密,具有灵活性和安全性,因而该机制被广泛应用于云存储的安全数据共享方案。但标准ABE机制具有繁重的计算开销,限制了ABE加密的实际应用,无法满足数据拥有者可以动态、高效地修改用户访问权限的需求。针对以上问题,文中提出一种支持属性撤销的全外包密文策略属性基加密方案。利用计算外包将密钥生成以及加解密过程中的复杂计算交由云服务器完成,减少密钥生成中心(Key Generation Center,KGC)以及用户的计算开销,通过属性密钥密文更新实现对用户属性的细粒度撤销。最后通过理论分析对所提方案的效率和功能进行评估,结果表明其具有良好的安全性及较高的系统效率。

关键词: 计算外包, 密钥更新, 云计算, 属性撤销, 属性基加密

Abstract: In the attribute-based encryption system (ABE),users can encrypt and decrypt information through their own attributes,which is flexible and secure.Therefore,the system is widely used in secure data sharing solutions for cloud storage.However,the standard ABE mechanism has a heavy computational overhead,it restricts the practical application of ABE encryption and can’t satisfy the requirement that the data owner can dynamically and efficiently modify the user access authority.Aiming at the above problems,this paper proposed a full-outsourcing ciphertext policy attribute-based encryption scheme supporting attribute revocation.By using computational outsourcing,the complex calculations of key generation and encryption and decryption processesare handed over to cloud server to complete,redu-cing computational overhead of the key generation center (KGC) and the user’s,and realizing the fine-grained revocation of user attributes through attribute key ciphertext updating.Finally,the efficiency and function of the proposed scheme were analyzed theoretically.Theoretical analysis was conducted to evaluate efficiency and functions of the proposed scheme.The results show that the proposed scheme has good security and high system efficiency.

Key words: Attribute base encryption, Attribute revocation, Cloud computing, Computing outsourcing, Key update

中图分类号: 

  • TP309
[1]WANG Y D,YANG J H,XU C,et al.Survey on access control technologies for cloud computing[J].Journal of Software,2015,26(5):1129-1150.(in Chinese)
王于丁,杨家海,徐聪,等.云计算访问控制技术研究综述[J].软件学报,2015,26(5):1129-1150.
[2]SHAMIR A.Identity-Based Cryptosystems and Signature Sche- mes[M]∥Advances in Cryptology.Springer Berlin Heidelberg,1984:47-53.
[3]SAHAI A,WATERS B.Fuzzy identity-based encryption[C]∥International Conference on Theory and Applications of Cryptographic Techniques.Springer-Verlag,2005:457-473.
[4]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]∥ACM Conference on Computer and Communications Security.ACM,2006:89-98.
[5]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-Policy Attribute-Based Encryption[C]∥IEEE Symposium on Security &Privacy.2007.
[6]GREEN M,HOHENBERGER S,WATERS B.Outsourcing the decryption of ABE ciphertexts[C]∥Usenix Conference on Security.USENIX Association,2011:34.
[7]ZHOU Z,HUANG D.Efficient and secure data storage operations for mobile cloud computing[C]∥International Conference on Network and Service Management.International Federation for Information Processing,2012:37-45.
[8]ASIM M M,PETKOVIC M M,IGNATENKO T T.Attribute-based encryption with encryption and decryption outsourcing[C]∥Conference on Innovations in Clouds,Internet and Networks.2014.
[9]CHOW S S M.A Framework of Multi-Authority Attribute- Based Encryption with Outsourcing and Revocation[C]∥ACM on Symposium on Access Control Models and Technologies.ACM,2016:215-226.
[10]MAO X,LAI J,MEI Q,et al.Generic and Efficient Constructions of Attribute-Based Encryption with Verifiable Outsourced Decryption[J].IEEE Transactions on Dependable & Secure Computing,2016,13(5):533-546.
[11]WANG H,HE D,SHEN J,et al.Verifiable outsourced ciphertext-policy attribute-based encryption in cloud computing[J].Soft Computing,2016,21(24):1-11.
[12]YU S,WANG C,REN K,et al.Achieving secure,scalable,and fine-grained data access control in cloud computing[C]∥INFOCOM,2010 Proceedings IEEE.IEEE,2010:1-9.
[13]YANG K,JIA X,REN K.Attribute-based fine-grained access control with efficient revocation in cloud storage systems[C]∥ACM Sigsac Symposium on Information,Computer and Communications Security.ACM,2013:523-528.
[14]HUR J,NOH D K.Attribute-Based Access Control with Effi- cient Revocation in Data Outsourcing Systems[J].IEEETran-sactions on Parallel & Distributed Systems,2011,22(7):1214-1221.
[15] LI Y,ZENG Z Y,ZHANG X F.Outsourced decryption scheme supporting attribute revocation[J].Journal of Tsinghua University(Science and Technology),2013,53(12):1664-1669.(in Chinese)
李勇,曾振宇,张晓菲.支持属性撤销的外包解密方案[J].清华大学学报(自然科学版),2013,53(12):1664-1669.
[16] MA H,BAI C C,LI B,et al.Attribute-based encryption scheme supporting attribute revocation and decryption outsourcing[J].Journal of Xidian University,2015,42(6):6-10.(in Chinese)
马华,白翠翠,李宾,等.支持属性撤销和解密外包的属性基加密方案[J].西安电子科技大学学报,2015,42(6):6-10.
[17]FANG X F,WANG X M.Outsourced Encryption and Decryption CP-ABE Scheme with User Revocation [J].Computer Engineering,2016,42(12):124-128,132.(in Chinese)
方雪锋,王晓明.可撤销用户的外包加解密CP-ABE方案[J].计算机工程,2016,42(12):124-128,132.
[18]ZHANG P,CHEN Z,LIANG K,et al.A Cloud-Based Access Control Scheme with User Revocation and Attribute Update[C]∥Australasian Conference on Information Security and Privacy.Springer International Publishing,2016:525-540.
[19]LI J,JIA C,LI J,et al.Outsourcing encryption of attribute-based encryption with mapreduce[C]∥International Conference on Information and Communications Security.Springer-Verlag,2012:191-201.
[1] 高诗尧, 陈燕俐, 许玉岚.
云环境下基于属性的多关键字可搜索加密方案
Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing
计算机科学, 2022, 49(3): 313-321. https://doi.org/10.11896/jsjkx.201100214
[2] 王政, 姜春茂.
一种基于三支决策的云任务调度优化算法
Cloud Task Scheduling Algorithm Based on Three-way Decisions
计算机科学, 2021, 48(6A): 420-426. https://doi.org/10.11896/jsjkx.201000023
[3] 潘瑞杰, 王高才, 黄珩逸.
云计算下基于动态用户信任度的属性访问控制
Attribute Access Control Based on Dynamic User Trust in Cloud Computing
计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013
[4] 陈玉平, 刘波, 林伟伟, 程慧雯.
云边协同综述
Survey of Cloud-edge Collaboration
计算机科学, 2021, 48(3): 259-268. https://doi.org/10.11896/jsjkx.201000109
[5] 蒋慧敏, 蒋哲远.
企业云服务体系结构的参考模型与开发方法
Reference Model and Development Methodology for Enterprise Cloud Service Architecture
计算机科学, 2021, 48(2): 13-22. https://doi.org/10.11896/jsjkx.200300044
[6] 王文娟, 杜学绘, 任志宇, 单棣斌.
基于因果知识和时空关联的云平台攻击场景重构
Reconstruction of Cloud Platform Attack Scenario Based on Causal Knowledge and Temporal- Spatial Correlation
计算机科学, 2021, 48(2): 317-323. https://doi.org/10.11896/jsjkx.191200172
[7] 毛瀚宇, 聂铁铮, 申德荣, 于戈, 徐石成, 何光宇.
区块链即服务平台关键技术及发展综述
Survey on Key Techniques and Development of Blockchain as a Service Platform
计算机科学, 2021, 48(11): 4-11. https://doi.org/10.11896/jsjkx.210500159
[8] 向阿新, 高鸿峰, 田有亮.
基于改进P2PKHCA脚本方案的比特币密钥更新机制
Key Update Mechanism in Bitcoin Based on Improved P2PKHCA Script Scheme
计算机科学, 2021, 48(11): 159-169. https://doi.org/10.11896/jsjkx.210400027
[9] 王勤, 魏立斐, 刘纪海, 张蕾.
基于云服务器辅助的多方隐私交集计算协议
Private Set Intersection Protocols Among Multi-party with Cloud Server Aided
计算机科学, 2021, 48(10): 301-307. https://doi.org/10.11896/jsjkx.210300308
[10] 张恺琪, 涂志莹, 初佃辉, 李春山.
基于排队论的服务资源可用性相关研究综述
Survey on Service Resource Availability Forecast Based on Queuing Theory
计算机科学, 2021, 48(1): 26-33. https://doi.org/10.11896/jsjkx.200900211
[11] 雷阳, 姜瑛.
云计算环境下关联节点的异常判断
Anomaly Judgment of Directly Associated Nodes Under Cloud Computing Environment
计算机科学, 2021, 48(1): 295-300. https://doi.org/10.11896/jsjkx.191200186
[12] 徐蕴琪, 黄荷, 金钟.
容器技术在科学计算中的应用研究
Application Research on Container Technology in Scientific Computing
计算机科学, 2021, 48(1): 319-325. https://doi.org/10.11896/jsjkx.191100111
[13] 李彦, 申德荣, 聂铁铮, 寇月.
面向加密云数据的多关键字语义搜索方法
Multi-keyword Semantic Search Scheme for Encrypted Cloud Data
计算机科学, 2020, 47(9): 318-323. https://doi.org/10.11896/jsjkx.190800139
[14] 马潇潇, 黄艳.
大属性可公开追踪的密文策略属性基加密方案
Publicly Traceable Accountable Ciphertext Policy Attribute Based Encryption Scheme Supporting Large Universe
计算机科学, 2020, 47(6A): 420-423. https://doi.org/10.11896/JsJkx.190700131
[15] 金小敏, 滑文强.
移动云计算中面向能耗优化的资源管理
Energy Optimization Oriented Resource Management in Mobile Cloud Computing
计算机科学, 2020, 47(6): 247-251. https://doi.org/10.11896/jsjkx.190400020
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!