计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (9): 388-395.doi: 10.11896/jsjkx.240700066

• 信息安全 • 上一篇    下一篇

多权威可撤销密文策略属性基加密数据共享方案

李莉1, 陈介2, 朱江文3   

  1. 1 北京电子科技学院电子与通信工程系 北京 102627
    2 北京电子科技学院网络空间安全系 北京 102627
    3 北京邮电大学网络空间安全学院 北京 100876
  • 收稿日期:2024-07-10 修回日期:2024-09-30 出版日期:2025-09-15 发布日期:2025-09-11
  • 通讯作者: 陈介(cj_workhub@163.com)
  • 作者简介:(laury_li@126.com)
  • 基金资助:
    中央高校基本科研业务费(3282024007)

Multi-authority Revocable Ciphertext-policy Attribute-based Encryption Data Sharing Scheme

LI Li1, CHEN Jie2, ZHU Jiangwen3   

  1. 1 Department of Electronic and Communication Engineering,Beijing Electronic Science and Technology Institute,Beijing 102627,China
    2 Department of Cyberspace Security,Beijing Electronic Science and Technology Institute,Beijing 102627,China
    3 School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China
  • Received:2024-07-10 Revised:2024-09-30 Online:2025-09-15 Published:2025-09-11
  • About author:LI Li,born in 1974,Ph.D,professor,is a member of CCF(No.U9735M).Her main research interests include network and system security and embedded system security application.
    CHEN Jie,born in 2000,master.His main research interests include searchable encryption and attribute-based cryptography.
  • Supported by:
    Fundamental Research Funds for the Central Universities(3282024007).

PDF (PC)

10

摘要: 在数据安全保护与共享领域,密文策略属性基加密(CP-ABE)被认为是一种在保护数据保密性的同时,允许数据被分享给经过授权的访问者的方法。然而,用户的属性不是一成不变的,因此数据访问者的权限可能发生变化,一种实用的方法是数据所有者重新加密密文并将其上传到服务器,以确保被撤销的用户无法再次访问数据,但这种做法给服务器带来了较大的负担。为了解决这一问题,提出了一种无需更新云端密文的支持用户级和属性级撤销的CP-ABE方案,通过代理服务器对密文进行重加密和预解密,管理各用户的预解密密钥,撤销时只需更新预解密密钥。实验结果表明,在多属性权威机构的条件下,在无需更新云端密文的情况下即可实现细粒度的属性撤销,并且具有前向安全性,相较于同类方案具有较小的计算开销和密钥存储开销。在q-BDHE困难性问题下提供了安全性证明,证明该方案对选择明文攻击具有不可区分性。

关键词: 属性基加密, 访问控制, 可撤销, 前向安全, 数据共享

Abstract: In the field of data security protection and sharing,Ciphertext-Policy Attribute-Based Encryption(CP-ABE) is widely recognized as a method that ensures the confidentiality of data while allowing authorized users to access and share the data.However,users’ attributes are not static,leading to potential changes in data access permissions.A practical approach is for data ow-ners to re-encrypt ciphertext and upload it to the server to prevent revoked users from accessing the data.This practice imposes a significant burden on the server.To address this issue,a CP-ABE scheme supporting user-level and attribute-level revocation without updating cloud ciphertext is proposed,through proxy server re-encrypt and pre-decrypt ciphertext and managing the pre-decryption keys for each user,and updating only the pre-decryption keys during revocation.Experimental analysis demonstrates that under the conditions of multiple attribute authorities,this scheme achieves user-level and attribute-level revocation with forward security without updating cloud ciphertext,with lower computational and key storage overhead compared to similar schemes.Security proofs are provided under the q-BDHE hardness assumption,showing that the scheme is indistinguishable against chosen plaintext attacks.

Key words: Attribute-based encryption, Access control, Revocable, Forward security, Data sharing

中图分类号: 

  • TP309.7
[1]SAHAI A,WATERS B.Fuzzy identity-based encryption[C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin:Springer,2005:457-473.
[2]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]//2007 IEEE Symposium on Security and Privacy(SP’07).IEEE,2007:321-334.
[3]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.2006:89-98.
[4]YAN X,NI H,LIU Y,et al.Privacy-preserving multi-authority attribute-based encryption with dynamic policy updating in PHR[J].Computer Science and Information Systems,2019,16(3):831-847.
[5]ATTRAPADUNG N,IMAI H.Conjunctive broadcast and attribute-based encryption[C]//International Conference on Pairing-based Cryptography.Berlin:Springer,2009:248-265.
[6]WANG P P,FENG D G,ZHANG L W.CP-ABE Scheme Supporting Fully Fine-Grained Attribute Revocation[J].Journal of Software,2012,23(10):2805-2816.
[7]DAS S,NAMASUDRA S.MACPABE:Multi-Authority-basedCP-ABE with efficient attribute revocation for IoT-enabled healthcare infrastructure[J].International Journal of Network Management,2023,33(3):e2200.
[8]LIU J K,YUEN T H,ZHANG P,et al.Time-Based Direct Re-vocable Ciphertext-Policy Attribute-Based Encryption with Short Revocation List[C]//Applied Cryptography and Network Security.Cham:Springer,2018:516-534.
[9]LIU Y L,XU S W,YUE Z Y.A Lightweight CP-ABE Schemewith Direct Attribute Revocation for Vehicular Ad Hoc Network[J].Entropy,2023,25(7):979.
[10]JIANG Y,SUSILO W,MU Y,et al.Ciphertext-policy attribute-based encryption with hidden access policy[J].Mobile Networks and Applications,2018,23(4):840-854.
[11]WEI J H,CHEN X F,HUANG X X,et al.RS-HABE:Revocable-Storage and Hierarchical Attribute-Based Access Scheme for Secure Sharing of e-Health Records in Public Cloud[J].IEEE Transactions on Dependable and Secure Computing,2019,18(5):2301-2315.
[12]GUO L F,XING X M,GUO H.An efficient traceable and revocable attribute-based encryption scheme in cloud storage[J].Journal of Cryptologic Research,2023,10(1):131-145.
[13]ZHOU X B,JIANG R.A fine-grained data encryption and sharing scheme in fog and cloud computing environments[J].Journal of Cryptologic Research,2023,10(6):1295-1318.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发