计算机科学

计算机科学 ›› 2022, Vol. 49 ›› Issue (10): 327-334.doi: 10.11896/jsjkx.211000189

• 信息安全 • 上一篇    下一篇

基于懒惰模式密文更新的CP-ABE属性变动方案

雷雪娇, 王银龙, 努尔买买提·黑力力   

  1. 新疆大学数学与系统科学学院 乌鲁木齐 830017
  • 收稿日期:2021-10-25 修回日期:2022-04-06 出版日期:2022-10-15 发布日期:2022-10-13
  • 通讯作者: 努尔买买提·黑力力(nur924@sina.com)
  • 作者简介:(leixuejiao866@163.com)
  • 基金资助:
    国家自然科学基金(61862059,61562085)

Lazy-mode Ciphertext-update Based Approach for CP-ABE Attribute Change

LEI Xue-jiao, WANG Yin-long, Nurmamat HELIL   

  1. College of Mathematics and System Science,Xinjiang University,Urumqi 830017,China
  • Received:2021-10-25 Revised:2022-04-06 Online:2022-10-15 Published:2022-10-13
  • About author:LEI Xue-jiao,born in 1997,postgra-duate.Her main research interests include information security and cryptography.
    Nurmamat HELIL,born in 1976,Ph.D,professor,Ph.D supervisor.His main research interests include information system security,access control,and cloud storage security.
  • Supported by:
    National Natural Science Foundation of China(61862059,61562085).

PDF (PC)

390

摘要: 密文策略属性基加密(Ciphertext-Policy Attribute-Based Encryption,CP-ABE)可用于实现云计算环境下数据的安全共享。然而,在CP-ABE中用户属性的变动(属性撤销和属性添加)是一个棘手的问题。属性变动一般由代理服务器对相关密文进行二次加密和更新用户密钥来实施,而实施属性变动时,需要更新与将发生变动的属性相关的所有密文。文中提出了基于懒惰模式密文更新的用户属性变动方案,该方案通过分析用户(在属性撤销前或属性添加后)对属性变动相关密文是否具有访问能力,来判断是否需要更新密文,尽可能缩小需要更新的密文范围以及减少密文更新的次数,在保留原有CP-ABE方案安全特性的情况下,通过避免不必要的密文更新以及缩短密文长度的方式来提高方案的有效性。最后,通过小型实验验证了所提方案的正确性。

关键词: 密文策略属性基加密, 属性撤销, 属性增加, 密文更新, 懒惰模式

Abstract: Ciphertext-policy attribute-based encryption(CP-ABE) can be used to realize secure data sharing in cloud computing environments.However,user attribute change(attribute revocation and addition) in CP-ABE is a tricky problem.Generally,attribute change is realized via the proxy server’s secondary encryption of ciphertext and key update.However,when enforcing an attribute change,all ciphertexts related to this attribute should be updated.This paper proposes a user attribute change approach based on lazy-mode ciphertext-update.It analyzes the user’s access ability(before attribute revocation or after attribute addition) to the ciphertexts involved in attribute change and determines if these ciphertexts need to be updated,minimizing the scope of the ciphertexts that need to be updated and reducing the number of updates.This approach improves its efficiency by avoiding unnece-ssary ciphertext updates and shortening the ciphertext while preserving the original security features of the CP-ABE.Finally,a small-size test is conducted to verify the correctness of the proposed approach.

Key words: Ciphertext-policy attribute-based encryption, Attribute revocation, Attribute addition, Ciphertext update, Lazy-mode

中图分类号: 

  • TP309
[1]BETHENCOURT J,SAHAL A,WATERS B.Ciphertext-Policy Attribute-Based Encryption[C]//IEEE Symposium on Security &Privacy.IEEE Computer Society,2007:321-334.
[2]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based Encryption for Fine-grained Access Control of Encrypted Data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.USA,2006:89-98.
[3]WATERS B.Ciphertext-policy Attribute-based Encryption:anExpressive,Efficient,and Provably Secure Realization[C]//International Workshop on Public Key Cryptography.Berlin:Springer,2008:53-70.
[4]ZU L,LIU Z,LI J.New Ciphertext-policy Attribute-based Encryption with Efficient Revocation[C]//2014 IEEE InternationalConference on Computer and Information Technology(CIT).IEEE,2014:281-287.
[5]XIE X,MA H,LI J,et al.An Efficient Ciphertext-Policy Attri-bute-Based Access Control Towards Revocation in Cloud Computing[J].Journal of Universal Computer Science,2013,19(16):2349-2367.
[6]HUR J,DONG K N.Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems[J].IEEE Transa-ctions on Parallel & Distributed Systems,2011,22(7):1214-1221.
[7]LIU C W,HSIEN W F,YANG C C,et al.A Survey of Attri-bute-Based Access Control with User Revocation in Cloud Data Storage[J].International Journal of Network Security,2016,18(5):900-916.
[8]YONG C,WANG Z Y,MA J,et al.Efficient Revocation in Ciphertext-Policy Attribute-Based Encryption Based Cryptogra-phic Cloud Storage[J].Journal of Zhejiang University-SCIENCE C(Computers & Electronics),2013,14(2):85-97.
[9]WANG P P,FENG D G,ZHANG L W.CP-ABE scheme supporting fully fine-grained attribute revocation[J].Journal of Software,2012,23(10):2805-2816.
[10]PIRRETTI M,TRAYNOR P,MCDANIEL P,et al.Secure Attribute-Based Systems[J].Journal of Computer Security,2010,18(5):799-837.
[11]FH A,MWA B,ST A,et al.A Revocable and Outsourced Multi-Authority Attribute-Based Encryption Scheme in Fog Computing[J].Computer Networks,2021(10):1-8.
[12]LI J,SHI Y,ZHANG Y.Searchable Ciphertext-Policy Attri-bute-Based Encryption with Revo-cation in Cloud Storage[J].International Journal of Communication Systems,2017,30(1):2933-2947.
[13]ZHANG W F,CHEN Z,LIU X D,et al.CP-ABE scheme supporting Fine-grained attribute direct revocation[J].Journal of Software,2019,30(9):2760-2771.
[14]LI J,YAO W,HAN J,et al.User Collusion Avoidance CP-ABE with Efficient Attribute Revocation for Cloud Storage[J].IEEE Systems Journal,2018(12):1767-1777.
[15]SUN L,ZHAO Z Y,WANG J H,et al.Attribute-based encryption scheme supporting attribute revocation in cloud storage environment[J].Journal of Communications,2019,40(5):47-56.
[16]YAN X X,TANG Y L.Attribute-based encryption scheme with efficient revocation in data outsourcing systems[J].Journal on Communications,2015,36(10):92-100.
[1] 章园园, 秦岭.
面向物联网搜索技术的高效访问控制方案
Efficient Access Control Scheme for Internet of Things Search Technology
计算机科学, 2019, 46(8): 194-200. https://doi.org/10.11896/j.issn.1002-137X.2019.08.032
[2] 乔毛,秦岭.
云存储服务中一种高效属性撤销的AB-ACCS方案
AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services
计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015
[3] 江泽涛,黄锦,胡硕,徐智.
云计算下可撤销的全外包CP-ABE方案
Fully-outsourcing CP-ABE Scheme with Revocation in Cloud Computing
计算机科学, 2019, 46(7): 114-119. https://doi.org/10.11896/j.issn.1002-137X.2019.07.018
[4] 刘胜杰, 王静.
云环境下SNS隐私保护方案
Privacy Preserving Scheme for SNS in Cloud Environment
计算机科学, 2019, 46(2): 133-138. https://doi.org/10.11896/j.issn.1002-137X.2019.02.021
[5] 王静, 司书建.
面向脑机接口技术的属性可撤销访问控制方案
Attribute Revocable Access Control Scheme for Brain-Computer Interface Technology
计算机科学, 2018, 45(9): 187-194. https://doi.org/10.11896/j.issn.1002-137X.2018.09.031
[6] 张光华, 刘会梦, 陈振国.
云计算环境下基于属性的撤销方案
Attribute-based Revocation Scheme in Cloud Computing Environment
计算机科学, 2018, 45(8): 134-140. https://doi.org/10.11896/j.issn.1002-137X.2018.08.024
[7] 翁岸祥,凌捷.
改进的隐藏访问结构的CP-ABE方案
Improved Scheme of CP-ABE with Hidden Access Structure
计算机科学, 2017, 44(Z11): 377-380. https://doi.org/10.11896/j.issn.1002-137X.2017.11A.079
[8] 印凯泽,汪海航.
基于CP-ABE的多云存储系统中访问控制模型的研究
Research on Access Control Model in Multi-clouds Storage System Based on CP-ABE
计算机科学, 2016, 43(9): 165-168. https://doi.org/10.11896/j.issn.1002-137X.2016.09.032
[9] 张柄虹,张串绒,焦和平,张欣威.
一种属性可撤销的安全云存储模型
Secure Model of Cloud Storage Supporting Attribute Revocation
计算机科学, 2015, 42(7): 210-215. https://doi.org/10.11896/j.issn.1002-137X.2015.07.046
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发