计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (7): 339-346.doi: 10.11896/jsjkx.220500238

• 信息安全 • 上一篇    下一篇

云环境下基于属性策略隐藏的细粒度高效可搜索加密方案

周艺华, 李美奇, 扈新宇, 杨宇光   

  1. 北京工业大学信息学部 北京 100124
    可信计算北京市重点实验室 北京 100124
  • 收稿日期:2022-05-25 修回日期:2022-10-10 出版日期:2023-07-15 发布日期:2023-07-05
  • 通讯作者: 李美奇(limeiqi@emails.bjut.edu.cn)
  • 作者简介:(zhouyh@bjut.edu.cn)
  • 基金资助:
    国家自然科学基金(62071015)

Fine Grained and Efficient Searchable Encryption Scheme Based on Attribute Policy Hiding inCloud Environment

ZHOU Yihua, LI Meiqi, HU Xinyu, YANG Yuguang   

  1. Faculty of Information Technology,Beijing University of Technology,Beijing 100124,China
    Beijing Key Laboratory of Trusted Computing,Beijing 100124,China
  • Received:2022-05-25 Revised:2022-10-10 Online:2023-07-15 Published:2023-07-05
  • About author:ZHOU Yihua,born in 1969,Ph.D,associate professor.His main research intere-sts include network and information security.LI Meiqi,born in 1998,postgraduate.Her main research interests include information security and privacy protection.
  • Supported by:
    National Natural Science Foundation of China(62071015).

PDF (PC)

279

摘要: 基于属性的加密为存储在云中的外包数据提供了灵活且细粒度的访问控制。传统的基于属性的密文策略加密方案(CP-ABE)的访问策略常以明文形式出现,极易暴露用户的隐私敏感信息。另外,由于属性的加入,在加解密以及搜索阶段的相关计算和存储开销与属性数量呈线性关系,而且策略隐藏也会增加后续的计算开销。这些都难以满足云环境下具有隐私保护的安全高效可搜索加密的实际需求。针对上述问题,提出了一种同时支持策略隐藏与密文长度恒定的可搜索加密方案。该方案基于多值通配符与门策略,实现了密文长度恒定,并且具有固定的加解密和搜索开销,减少了用户的计算开销和云端对密文的存储开销。将访问策略中的属性通过加密完全隐藏,在搜索时使用布隆过滤器判断用户是否拥有访问策略中的相关属性,保护了用户隐私,也提高了计算效率。所提方案在 q-BDHE假设下满足 IND-CPA安全。安全性分析与实验结果表明了所提方案的安全性、高效性和可行性,其是一个高效的关键词搜索方案,在云环境与物联网中具有较好的应用前景。

关键词: 属性基加密, 策略隐藏, 密文恒定, 关键词搜索, 云环境

Abstract: Attribute based encryption provides flexible and fine-grained access control for outsourced data stored in the cloud.The traditional attribute based ciphertext policy encryption scheme(CP-ABE),whose access policy often appears in the form of plaintext,is very easy to expose users’ sensitive privacy information.In addition,due to the addition of attributes,the related calculation and storage costs in the encryption,decryption and search stages are linear with the number of attributes,and policy hiding will also increase the subsequent calculation costs.These are difficult to meet the actual needs of secure and efficient searchable encryption with privacy protection in cloud environment.To solve the above problems,a searchable encryption scheme supporting both policy hiding and constant ciphertext length is proposed.Based on the multi-valued wildcard and gate strategy,the scheme realizes the constant length of the ciphertext,and has a fixed encryption,decryption and search overhead,reducing users’ computing overhead and the storage overhead of the ciphertext in the cloud.The attributes in the access policy are completely hidden by encryption,and the bloom filter is used to judge whether the user has the relevant attributes in the access policy during the search,which not only protects users’ privacy,but also improves the computing efficiency.The scheme meets the IND-CPA safety under the assumption of q-BDHE.Security analysis and experimental results show that the scheme is safe,efficient and feasible.It is an efficient keyword search scheme,and has a good application prospect in cloud environment and Internet of Things.

Key words: Attribute based encryption, Policy hiding, Constant ciphertext, Keyword search, Cloud environment

中图分类号: 

  • TP309
[1]SAHIA A,WATERS B R.Fuzzy Identity-Based Encryption[C]//Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques.Berlin/Heidelberg:Springer,2005:457-473.
[2]SUN W,YU S,LOU W,et al.Protecting Your Right:Attribute-based Keyword Search with Fine-grained Owner-enforced Search Authorization in the Cloud[C]//IEEE INFOCOM 2014.IEEE,2014:226-234.
[3]CHENG S J,ZHANG C H,PAN S Q.Design of cloud storage data access control scheme based on cp-abe algorithm [J].Information Network Security,2016(2):1-6.
[4]HAN D,PAN N,LI K C.A Traceable and Revocable Cipher-text-policy Attribute-based Encryption Scheme Based on Privacy Protection[J].IEEE Transactions on Dependable and Secure Computing,2022,19(1):316-327.
[5]ZHANG Y,DENG R,XU S,et al.Attribute-Based Encryption for Cloud Computing Access Control:A Survey[J].ACM Computing Surveys,2020,53(4):1-41.
[6]JITENDRA K S,NARANDER K.Secure Data Validation and Transmission in Cloud and IoT Through BanLogic and KP-ABE[J].International Journal of Sensors,Wireless Communications and Control,2022,12(1):79-87.
[7]SANGEETHA M,VIJAVAKARTHIK P.To provide a securedaccess control using combined hybrid key-ciphertext attribute based encryption(KC-ABE)[C]//IEEE International Confe-rence on Intelligent Techniques in Control.IEEE,2017:1-4.
[8]WATERS B.Ciphertext-Policy Attribute-Based Encryption:An Expressive,Efficient,and Provably Secure Realization[C]//International Workshop on Public Key Cryptography.Berlin/Heidelberg:Springer,2008:53-70.
[9]LIU S,GUO Y Z.Multi authorization center CP-ABE proxy re-encryption scheme in cloud computing [J].Journal of Network and Information Security,2022,8(3):176-188.
[10]SHAO F J,ZHENG R J.An Efficient Fuzzy Searchable Encryption Scheme based Attribute for Medical Data[J].International Core Journal of Engineering,2022,8(7):118-126.
[11]XIE M,RUAN Y,HONG H,et al.A CP-ABE scheme based on multi-authority in hybrid clouds for mobile devices[J].Future Generation Computer Systems,2021,121(5):114-122.
[12]VARRI U S,PASUPULETI S K,KADAMBARI K V.CP-ABSEL:Ciphertext-policy attribute-based searchable encryption from lattice in cloud storage[J].Peer-to-Peer Networking and Applications,2021,14(3):1290-1302.
[13]NISHIDE T,YONEYAMA K,OHTA K.Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures[C]//International Conference on Applied Cryptography and Network Security.Berlin/Heidelberg:Springer,2008:111-129.
[14]LAI J,DENG,LI R H.Fully Secure Cipertext-Policy Hiding CP-ABE[C]//Information Security Practice and Experience.Berlin/Heidelberg:Springer,2011:24-39.
[15]QIU S,LIU J,SHI Y,et al.Hidden policy ciphertext-policy attribute-based encryption with keyword search against keyword guessing attack[J].Science China(Information Sciences),2016,60(5):1-12.
[16]ZHANG L,HU G,MU Y,et al.Hidden Ciphertext Policy Attribute-Based Encryption with Fast Decryption for Personal Health Record System[J].IEEE Access,2019,7(3):33202-33213.
[17]MENG F,CHENG L,WANG M.Ciphertext-policy attribute-based encryption with hidden sensitive policy from keyword search techniques in smart city[J].EURASIP Journal on Wireless Communications and Networking,2021,2021(1):20.
[18]ARKIN G,HELIL N.Ciphertext-Policy Attribute Based En-cryption with Selectively-Hidden Access Policy [J].Computing and Informatics,2021,40(5):1136-1159.
[19]ZHANG Z,ZHANG J,YUAN Y,et al.An Expressive FullyPolicy-Hidden Ciphertext Policy Attribute-Based Encryption Scheme with Credible Verification Based on Blockchain[J].IEEE Internet of Things Journal,2022,9(11):8681-8692.
[20]GAN T,LIAO Y,LIANG Y,et al.Partial policy hiding attri-bute-based encryption in vehicular fog computing[J].Soft Computing,2021,25(6):10543-10559.
[21]HERRANZJ,LAGUILLAUMIE F,CARLA R.Constant SizeCiphertexts in Threshold Attribute-Based Encryption[C]//International Conference on Practice & Theory in Public Key Cryptography.Berlin/Heidelberg:Springer,2010:19-34.
[22]GUAN Z,YANG W,ZHU L,et al.Achieving adaptively secure data access control with privacy protection for lightweight IoT devices[J].Science China Information Sciences,2021,64(6):1-14.
[23]WEI T,GENG Y,YANG X,et al.Attribute-based Access Control with Constant-size Ciphertext in Cloud Computing[J].IEEE Transactions on Cloud Computing,2017,5(4):617-627.
[24]ZHAO Z Y,ZHU Z Q,WANG J H,et al Attribute based encryption scheme with revocable attributes and constant ciphertext length[J].Acta Electronica Sinica,2018,46(10):2391-239.
[25]BLOOM B H.Space/time trade-offs in hash coding with allowable errors[J].Communications of the ACM,1970,13(7):422-426.
[26]GE A,RUI Z,CHENG C,et al.Threshold Ciphertext Policy Attribute-Based Encryption with Constant Size Ciphertexts[C]//Australasian Conference on Information Security & Privacy.Berlin/Heidelberg:Springer,2012:336-349.
[27]ZHANG K,LI Y P,LU L F.Privacy-Preserving Attribute-Based Keyword Search with Traceability and Revocation for Cloud-Assisted IoT[J/OL].Security and Communication Networks,2021,2021,9929663.https://www.xueshufan.com/publication/3171431550.
[28]CHEN R,LI Z.Blockchain-Based Mechanism for ElectronicHealthy Records Sharing Using Fine-grained Authorization[C]//2021 7th International Conference on Computer and Communications(ICCC).2021:1557-1564.
[29]MIAO Y,MA J,LIU X,et al.Attribute-Based Keyword Search over Hierarchical Data in Cloud Computing[J].IEEE Transactions on Services Computing,2020,13(6):985-998.
[30]LI Q,XIA B,HUANG H,et al.TRAC:Traceable and Revocable Access Control Scheme for mHealth in 5G-Enabled IIoT[J].IEEE Transactions on Industrial Informatics,2022,18(5):3437-3448.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发