计算机科学 ›› 2023, Vol. 50 ›› Issue (7): 339-346.doi: 10.11896/jsjkx.220500238
周艺华, 李美奇, 扈新宇, 杨宇光
ZHOU Yihua, LI Meiqi, HU Xinyu, YANG Yuguang
摘要: 基于属性的加密为存储在云中的外包数据提供了灵活且细粒度的访问控制。传统的基于属性的密文策略加密方案(CP-ABE)的访问策略常以明文形式出现,极易暴露用户的隐私敏感信息。另外,由于属性的加入,在加解密以及搜索阶段的相关计算和存储开销与属性数量呈线性关系,而且策略隐藏也会增加后续的计算开销。这些都难以满足云环境下具有隐私保护的安全高效可搜索加密的实际需求。针对上述问题,提出了一种同时支持策略隐藏与密文长度恒定的可搜索加密方案。该方案基于多值通配符与门策略,实现了密文长度恒定,并且具有固定的加解密和搜索开销,减少了用户的计算开销和云端对密文的存储开销。将访问策略中的属性通过加密完全隐藏,在搜索时使用布隆过滤器判断用户是否拥有访问策略中的相关属性,保护了用户隐私,也提高了计算效率。所提方案在 q-BDHE假设下满足 IND-CPA安全。安全性分析与实验结果表明了所提方案的安全性、高效性和可行性,其是一个高效的关键词搜索方案,在云环境与物联网中具有较好的应用前景。
中图分类号:
[1]SAHIA A,WATERS B R.Fuzzy Identity-Based Encryption[C]//Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques.Berlin/Heidelberg:Springer,2005:457-473. [2]SUN W,YU S,LOU W,et al.Protecting Your Right:Attribute-based Keyword Search with Fine-grained Owner-enforced Search Authorization in the Cloud[C]//IEEE INFOCOM 2014.IEEE,2014:226-234. [3]CHENG S J,ZHANG C H,PAN S Q.Design of cloud storage data access control scheme based on cp-abe algorithm [J].Information Network Security,2016(2):1-6. [4]HAN D,PAN N,LI K C.A Traceable and Revocable Cipher-text-policy Attribute-based Encryption Scheme Based on Privacy Protection[J].IEEE Transactions on Dependable and Secure Computing,2022,19(1):316-327. [5]ZHANG Y,DENG R,XU S,et al.Attribute-Based Encryption for Cloud Computing Access Control:A Survey[J].ACM Computing Surveys,2020,53(4):1-41. [6]JITENDRA K S,NARANDER K.Secure Data Validation and Transmission in Cloud and IoT Through BanLogic and KP-ABE[J].International Journal of Sensors,Wireless Communications and Control,2022,12(1):79-87. [7]SANGEETHA M,VIJAVAKARTHIK P.To provide a securedaccess control using combined hybrid key-ciphertext attribute based encryption(KC-ABE)[C]//IEEE International Confe-rence on Intelligent Techniques in Control.IEEE,2017:1-4. [8]WATERS B.Ciphertext-Policy Attribute-Based Encryption:An Expressive,Efficient,and Provably Secure Realization[C]//International Workshop on Public Key Cryptography.Berlin/Heidelberg:Springer,2008:53-70. [9]LIU S,GUO Y Z.Multi authorization center CP-ABE proxy re-encryption scheme in cloud computing [J].Journal of Network and Information Security,2022,8(3):176-188. [10]SHAO F J,ZHENG R J.An Efficient Fuzzy Searchable Encryption Scheme based Attribute for Medical Data[J].International Core Journal of Engineering,2022,8(7):118-126. [11]XIE M,RUAN Y,HONG H,et al.A CP-ABE scheme based on multi-authority in hybrid clouds for mobile devices[J].Future Generation Computer Systems,2021,121(5):114-122. [12]VARRI U S,PASUPULETI S K,KADAMBARI K V.CP-ABSEL:Ciphertext-policy attribute-based searchable encryption from lattice in cloud storage[J].Peer-to-Peer Networking and Applications,2021,14(3):1290-1302. [13]NISHIDE T,YONEYAMA K,OHTA K.Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures[C]//International Conference on Applied Cryptography and Network Security.Berlin/Heidelberg:Springer,2008:111-129. [14]LAI J,DENG,LI R H.Fully Secure Cipertext-Policy Hiding CP-ABE[C]//Information Security Practice and Experience.Berlin/Heidelberg:Springer,2011:24-39. [15]QIU S,LIU J,SHI Y,et al.Hidden policy ciphertext-policy attribute-based encryption with keyword search against keyword guessing attack[J].Science China(Information Sciences),2016,60(5):1-12. [16]ZHANG L,HU G,MU Y,et al.Hidden Ciphertext Policy Attribute-Based Encryption with Fast Decryption for Personal Health Record System[J].IEEE Access,2019,7(3):33202-33213. [17]MENG F,CHENG L,WANG M.Ciphertext-policy attribute-based encryption with hidden sensitive policy from keyword search techniques in smart city[J].EURASIP Journal on Wireless Communications and Networking,2021,2021(1):20. [18]ARKIN G,HELIL N.Ciphertext-Policy Attribute Based En-cryption with Selectively-Hidden Access Policy [J].Computing and Informatics,2021,40(5):1136-1159. [19]ZHANG Z,ZHANG J,YUAN Y,et al.An Expressive FullyPolicy-Hidden Ciphertext Policy Attribute-Based Encryption Scheme with Credible Verification Based on Blockchain[J].IEEE Internet of Things Journal,2022,9(11):8681-8692. [20]GAN T,LIAO Y,LIANG Y,et al.Partial policy hiding attri-bute-based encryption in vehicular fog computing[J].Soft Computing,2021,25(6):10543-10559. [21]HERRANZJ,LAGUILLAUMIE F,CARLA R.Constant SizeCiphertexts in Threshold Attribute-Based Encryption[C]//International Conference on Practice & Theory in Public Key Cryptography.Berlin/Heidelberg:Springer,2010:19-34. [22]GUAN Z,YANG W,ZHU L,et al.Achieving adaptively secure data access control with privacy protection for lightweight IoT devices[J].Science China Information Sciences,2021,64(6):1-14. [23]WEI T,GENG Y,YANG X,et al.Attribute-based Access Control with Constant-size Ciphertext in Cloud Computing[J].IEEE Transactions on Cloud Computing,2017,5(4):617-627. [24]ZHAO Z Y,ZHU Z Q,WANG J H,et al Attribute based encryption scheme with revocable attributes and constant ciphertext length[J].Acta Electronica Sinica,2018,46(10):2391-239. [25]BLOOM B H.Space/time trade-offs in hash coding with allowable errors[J].Communications of the ACM,1970,13(7):422-426. [26]GE A,RUI Z,CHENG C,et al.Threshold Ciphertext Policy Attribute-Based Encryption with Constant Size Ciphertexts[C]//Australasian Conference on Information Security & Privacy.Berlin/Heidelberg:Springer,2012:336-349. [27]ZHANG K,LI Y P,LU L F.Privacy-Preserving Attribute-Based Keyword Search with Traceability and Revocation for Cloud-Assisted IoT[J/OL].Security and Communication Networks,2021,2021,9929663.https://www.xueshufan.com/publication/3171431550. [28]CHEN R,LI Z.Blockchain-Based Mechanism for ElectronicHealthy Records Sharing Using Fine-grained Authorization[C]//2021 7th International Conference on Computer and Communications(ICCC).2021:1557-1564. [29]MIAO Y,MA J,LIU X,et al.Attribute-Based Keyword Search over Hierarchical Data in Cloud Computing[J].IEEE Transactions on Services Computing,2020,13(6):985-998. [30]LI Q,XIA B,HUANG H,et al.TRAC:Traceable and Revocable Access Control Scheme for mHealth in 5G-Enabled IIoT[J].IEEE Transactions on Industrial Informatics,2022,18(5):3437-3448. |
|