计算机科学 ›› 2018, Vol. 45 ›› Issue (11): 124-129.doi: 10.11896/j.issn.1002-137X.2018.11.018
初晓璐, 刘培顺
CHU Xiao-lu, LIU Pei-shun
摘要: 基于属性的加密方法可以简化云计算环境中的密钥管理和访问控制问题,是适用于云环境的加密方案。文中提出了一种基于公私属性的多授权中心加密方案。该方案将属性分为公有属性和私有属性,将用户的角色权限信息等作为用户的公有属性,将用户登录密码、设备上的标识码等作为用户的私有属性。利用公有属性实现访问控制,在云服务器上安全地共享数据;利用私有属性实现信息流的安全控制,确保只有特定用户在特定设备上使用数据。提出的方案可以实现密钥追踪和属性撤销,基于私有属性的加密还可以实现抗合谋攻击。
中图分类号:
[1]SAHAI A,WATERS B.Fuzzy identity-based encryption∥International Conference on Theory and Applications of Cryptographic Techniques.Springer-Verlag,2005:457-473. [2]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-Based Encryption for Fine-Grained Access Control of Encryption Data[C]∥ACM Conference on Computer and Communication Security (CCS 2006).New York:ACM Press,2006:89-98. [3]BETHENCOURTJ,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]∥2017 IEEE Symposium on Security and Privacy.Berkeley:IEEE Press,2018(4):321-334. [4]CHASE M.Multi-authority attribute based encryption[C]∥ Theory of Cryptography.Berlin,Heidelberg:Springer Press,2007:515-534. [5]GOYAL V,JIAN A,PANDEY O,et al.Bounded ciphertext po- licy attribute based encryption[C]∥International Colloquium on Automata,Languages,and Programming.Berlin,Heidelberg:Springer Press,2008:579-591. [6]WATER B.Ciphertext-policy attribute-based encryption:An expressive,efficient,and provably secure realization[C]∥International Workshop on Public Key Cryptography.Taormina:Springer,2011:53-70. [7]HINEK M J.Attribute-Based Encryption with Key Cloning Pro- tection.Cryptology Eprint Archive Report,2006,2008(4):803-819. [8]RUJ S,NAYAK A,STOJMENOVIC I.DACC:Distributed Access.Control in Clouds[C]∥2011 IEEE 10th International Conference on Trust,Security and Privacy in Computing and Communications.Changsha:IEEE Press,2011:91-98. [9]CHEN J,LIM H W,LING S,et al.Shorter IBE and signatures via asymmetric pairings [C]∥International Conference on Pairing-Based Cryptography.Cologne:Springer Press,2012:122-140. [10]LEWKO A B,WATERS B.New proof methods for attribute-based encryption:Achieving full security through selective techniques [C]∥Advances in Cryptology-CRYPTO.Santa Barbara:Springer Press,2012:180-198. [11]CHASE M.Multi-authority attribute-based encryption[C]∥The Fourth Theory of Cryptography Conference (TCC 2007).Berlin,Heidelberg:Springer Press,2007:515-534. [12]CAOZ F.New directions of modern cryptography [M].Boca Raton:CRC Press,2012. [13]LEWKO A B,Waters B.Decentralizing attribute-based encryption [C]∥Annual International Conference on the Theory and Applications of Cryptographic Techniques.Tallinn:Springer,2011:568-588. [14]TANG Q,JI D Y.Multi-authority verifiable attribute based encryption[J].Journal of Wuhan University(Science Edition),2008,54(5):607-610.(in Chinese) 唐强,姬东耀.多授权中心可验证的基于属性的加密方案[J].武汉大学学报(理学版),2008,54(5):607-610. [15]LEWKO A,WATERS B.Decentralizing attribute-based encryption[C]∥Advances in Cryptology-EUROCRYPT.2011:568-588. [16]YANG K,JIA X H.Attributed-based Access Control for Multi-authority System in Cloud Storage[C]∥2012 IEEE 32nd International Conference on Distributed Computing Systems.Macau:IEEE Press,2012:536-545. [17]YANG K,JIA X H.Expressive,Efficient and Revocable Data Access Control for Multi-Authority Cloud Storage[C]∥IEEE Transactions on Parallel and Distributed Systems.IEEE Computer Society:IEEE Press,2013:1735-1744. [18]ROUSELAKIS Y,WATERS B.Efficient statically-secure largeu- niverse multi-authority attribute-based encryption [C]∥International Conference on Financial Cryptography and Data Security.Berlin,Heidelberg:Springer Press,2015:315-332. [19]YANG X D,YANG M M,YANG P,et al.A Multi-authority Attribute-Based Encryption Access Control for Social Network[C]∥2017 3rd IEEE International Conference on Control Scien-ce and Systems Engineering (ICCSSE).Beijing:IEEE Press,2017:671-674. [20]FENG D G,CHEN C.Research on Attribute-based Cryptography[J].Journal of Cryptologic Research,2014,1(1):1-12.(in Chinese) 冯登国,陈成.属性密码学研究[J].密码学报,2014,1(1):1-12. [21]CAO Z F.New Development of Cryptography[J].Journal of Sichuan University,2015,1(47):1-12.(in Chinese) 曹珍富.密码学的新发展[J].四川大学学报,2015,1(47):1-12. [22]CHEND W,WANL Q,WANG C,et al.A Multi-authority Attribute-based Encryption Scheme with Pre-decryption[C]∥2015 Seventh International Symposium on Parallel Architectures,Algorithms and Programming(PAAP).Nanjing:IEEE Press,2015:223-228. [23]HU P,GAO H Y.Key-Policy Attribute-Based Encryption Sc- heme for General Circuits[J].Journal of Software,2016,27(6):1498-1510.(in Chinese) 胡鹏,高海英.一种实现一般电路的密钥策略的属性加密方案[J].软件学报,2016,27(6):1498-1510. [24]BEIMEL A.Secure schemes for secret sharing and key distribution.Phd Thesis Israel Institute of Technology Technion,1996.http://www.dphu.org/uploads/attachements/books/books_1542_0.pdf. [25]LIU Z,CAO Z F,WONG D S.White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures[C]∥IEEE Transaction on Information Forensics and Security.IEEE Signal Processing Society:IEEE Press,2013:76-88. |
[1] | 高诗尧, 陈燕俐, 许玉岚. 云环境下基于属性的多关键字可搜索加密方案 Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing 计算机科学, 2022, 49(3): 313-321. https://doi.org/10.11896/jsjkx.201100214 |
[2] | 王政, 姜春茂. 一种基于三支决策的云任务调度优化算法 Cloud Task Scheduling Algorithm Based on Three-way Decisions 计算机科学, 2021, 48(6A): 420-426. https://doi.org/10.11896/jsjkx.201000023 |
[3] | 潘瑞杰, 王高才, 黄珩逸. 云计算下基于动态用户信任度的属性访问控制 Attribute Access Control Based on Dynamic User Trust in Cloud Computing 计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013 |
[4] | 陈玉平, 刘波, 林伟伟, 程慧雯. 云边协同综述 Survey of Cloud-edge Collaboration 计算机科学, 2021, 48(3): 259-268. https://doi.org/10.11896/jsjkx.201000109 |
[5] | 王文娟, 杜学绘, 任志宇, 单棣斌. 基于因果知识和时空关联的云平台攻击场景重构 Reconstruction of Cloud Platform Attack Scenario Based on Causal Knowledge and Temporal- Spatial Correlation 计算机科学, 2021, 48(2): 317-323. https://doi.org/10.11896/jsjkx.191200172 |
[6] | 蒋慧敏, 蒋哲远. 企业云服务体系结构的参考模型与开发方法 Reference Model and Development Methodology for Enterprise Cloud Service Architecture 计算机科学, 2021, 48(2): 13-22. https://doi.org/10.11896/jsjkx.200300044 |
[7] | 何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳. 多云环境中基于属性加密的高效多关键词检索方案 Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment 计算机科学, 2021, 48(11A): 576-584. https://doi.org/10.11896/jsjkx.201000026 |
[8] | 毛瀚宇, 聂铁铮, 申德荣, 于戈, 徐石成, 何光宇. 区块链即服务平台关键技术及发展综述 Survey on Key Techniques and Development of Blockchain as a Service Platform 计算机科学, 2021, 48(11): 4-11. https://doi.org/10.11896/jsjkx.210500159 |
[9] | 王勤, 魏立斐, 刘纪海, 张蕾. 基于云服务器辅助的多方隐私交集计算协议 Private Set Intersection Protocols Among Multi-party with Cloud Server Aided 计算机科学, 2021, 48(10): 301-307. https://doi.org/10.11896/jsjkx.210300308 |
[10] | 张恺琪, 涂志莹, 初佃辉, 李春山. 基于排队论的服务资源可用性相关研究综述 Survey on Service Resource Availability Forecast Based on Queuing Theory 计算机科学, 2021, 48(1): 26-33. https://doi.org/10.11896/jsjkx.200900211 |
[11] | 雷阳, 姜瑛. 云计算环境下关联节点的异常判断 Anomaly Judgment of Directly Associated Nodes Under Cloud Computing Environment 计算机科学, 2021, 48(1): 295-300. https://doi.org/10.11896/jsjkx.191200186 |
[12] | 徐蕴琪, 黄荷, 金钟. 容器技术在科学计算中的应用研究 Application Research on Container Technology in Scientific Computing 计算机科学, 2021, 48(1): 319-325. https://doi.org/10.11896/jsjkx.191100111 |
[13] | 李彦, 申德荣, 聂铁铮, 寇月. 面向加密云数据的多关键字语义搜索方法 Multi-keyword Semantic Search Scheme for Encrypted Cloud Data 计算机科学, 2020, 47(9): 318-323. https://doi.org/10.11896/jsjkx.190800139 |
[14] | 马潇潇, 黄艳. 大属性可公开追踪的密文策略属性基加密方案 Publicly Traceable Accountable Ciphertext Policy Attribute Based Encryption Scheme Supporting Large Universe 计算机科学, 2020, 47(6A): 420-423. https://doi.org/10.11896/JsJkx.190700131 |
[15] | 金小敏, 滑文强. 移动云计算中面向能耗优化的资源管理 Energy Optimization Oriented Resource Management in Mobile Cloud Computing 计算机科学, 2020, 47(6): 247-251. https://doi.org/10.11896/jsjkx.190400020 |
|