计算机科学 ›› 2022, Vol. 49 ›› Issue (10): 327-334.doi: 10.11896/jsjkx.211000189
雷雪娇, 王银龙, 努尔买买提·黑力力
LEI Xue-jiao, WANG Yin-long, Nurmamat HELIL
摘要: 密文策略属性基加密(Ciphertext-Policy Attribute-Based Encryption,CP-ABE)可用于实现云计算环境下数据的安全共享。然而,在CP-ABE中用户属性的变动(属性撤销和属性添加)是一个棘手的问题。属性变动一般由代理服务器对相关密文进行二次加密和更新用户密钥来实施,而实施属性变动时,需要更新与将发生变动的属性相关的所有密文。文中提出了基于懒惰模式密文更新的用户属性变动方案,该方案通过分析用户(在属性撤销前或属性添加后)对属性变动相关密文是否具有访问能力,来判断是否需要更新密文,尽可能缩小需要更新的密文范围以及减少密文更新的次数,在保留原有CP-ABE方案安全特性的情况下,通过避免不必要的密文更新以及缩短密文长度的方式来提高方案的有效性。最后,通过小型实验验证了所提方案的正确性。
中图分类号:
[1]BETHENCOURT J,SAHAL A,WATERS B.Ciphertext-Policy Attribute-Based Encryption[C]//IEEE Symposium on Security &Privacy.IEEE Computer Society,2007:321-334. [2]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based Encryption for Fine-grained Access Control of Encrypted Data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.USA,2006:89-98. [3]WATERS B.Ciphertext-policy Attribute-based Encryption:anExpressive,Efficient,and Provably Secure Realization[C]//International Workshop on Public Key Cryptography.Berlin:Springer,2008:53-70. [4]ZU L,LIU Z,LI J.New Ciphertext-policy Attribute-based Encryption with Efficient Revocation[C]//2014 IEEE InternationalConference on Computer and Information Technology(CIT).IEEE,2014:281-287. [5]XIE X,MA H,LI J,et al.An Efficient Ciphertext-Policy Attri-bute-Based Access Control Towards Revocation in Cloud Computing[J].Journal of Universal Computer Science,2013,19(16):2349-2367. [6]HUR J,DONG K N.Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems[J].IEEE Transa-ctions on Parallel & Distributed Systems,2011,22(7):1214-1221. [7]LIU C W,HSIEN W F,YANG C C,et al.A Survey of Attri-bute-Based Access Control with User Revocation in Cloud Data Storage[J].International Journal of Network Security,2016,18(5):900-916. [8]YONG C,WANG Z Y,MA J,et al.Efficient Revocation in Ciphertext-Policy Attribute-Based Encryption Based Cryptogra-phic Cloud Storage[J].Journal of Zhejiang University-SCIENCE C(Computers & Electronics),2013,14(2):85-97. [9]WANG P P,FENG D G,ZHANG L W.CP-ABE scheme supporting fully fine-grained attribute revocation[J].Journal of Software,2012,23(10):2805-2816. [10]PIRRETTI M,TRAYNOR P,MCDANIEL P,et al.Secure Attribute-Based Systems[J].Journal of Computer Security,2010,18(5):799-837. [11]FH A,MWA B,ST A,et al.A Revocable and Outsourced Multi-Authority Attribute-Based Encryption Scheme in Fog Computing[J].Computer Networks,2021(10):1-8. [12]LI J,SHI Y,ZHANG Y.Searchable Ciphertext-Policy Attri-bute-Based Encryption with Revo-cation in Cloud Storage[J].International Journal of Communication Systems,2017,30(1):2933-2947. [13]ZHANG W F,CHEN Z,LIU X D,et al.CP-ABE scheme supporting Fine-grained attribute direct revocation[J].Journal of Software,2019,30(9):2760-2771. [14]LI J,YAO W,HAN J,et al.User Collusion Avoidance CP-ABE with Efficient Attribute Revocation for Cloud Storage[J].IEEE Systems Journal,2018(12):1767-1777. [15]SUN L,ZHAO Z Y,WANG J H,et al.Attribute-based encryption scheme supporting attribute revocation in cloud storage environment[J].Journal of Communications,2019,40(5):47-56. [16]YAN X X,TANG Y L.Attribute-based encryption scheme with efficient revocation in data outsourcing systems[J].Journal on Communications,2015,36(10):92-100. |
[1] | 章园园, 秦岭. 面向物联网搜索技术的高效访问控制方案 Efficient Access Control Scheme for Internet of Things Search Technology 计算机科学, 2019, 46(8): 194-200. https://doi.org/10.11896/j.issn.1002-137X.2019.08.032 |
[2] | 乔毛,秦岭. 云存储服务中一种高效属性撤销的AB-ACCS方案 AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services 计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015 |
[3] | 江泽涛,黄锦,胡硕,徐智. 云计算下可撤销的全外包CP-ABE方案 Fully-outsourcing CP-ABE Scheme with Revocation in Cloud Computing 计算机科学, 2019, 46(7): 114-119. https://doi.org/10.11896/j.issn.1002-137X.2019.07.018 |
[4] | 刘胜杰, 王静. 云环境下SNS隐私保护方案 Privacy Preserving Scheme for SNS in Cloud Environment 计算机科学, 2019, 46(2): 133-138. https://doi.org/10.11896/j.issn.1002-137X.2019.02.021 |
[5] | 王静, 司书建. 面向脑机接口技术的属性可撤销访问控制方案 Attribute Revocable Access Control Scheme for Brain-Computer Interface Technology 计算机科学, 2018, 45(9): 187-194. https://doi.org/10.11896/j.issn.1002-137X.2018.09.031 |
[6] | 张光华, 刘会梦, 陈振国. 云计算环境下基于属性的撤销方案 Attribute-based Revocation Scheme in Cloud Computing Environment 计算机科学, 2018, 45(8): 134-140. https://doi.org/10.11896/j.issn.1002-137X.2018.08.024 |
[7] | 翁岸祥,凌捷. 改进的隐藏访问结构的CP-ABE方案 Improved Scheme of CP-ABE with Hidden Access Structure 计算机科学, 2017, 44(Z11): 377-380. https://doi.org/10.11896/j.issn.1002-137X.2017.11A.079 |
[8] | 印凯泽,汪海航. 基于CP-ABE的多云存储系统中访问控制模型的研究 Research on Access Control Model in Multi-clouds Storage System Based on CP-ABE 计算机科学, 2016, 43(9): 165-168. https://doi.org/10.11896/j.issn.1002-137X.2016.09.032 |
[9] | 张柄虹,张串绒,焦和平,张欣威. 一种属性可撤销的安全云存储模型 Secure Model of Cloud Storage Supporting Attribute Revocation 计算机科学, 2015, 42(7): 210-215. https://doi.org/10.11896/j.issn.1002-137X.2015.07.046 |
|