计算机科学

计算机科学 ›› 2018, Vol. 45 ›› Issue (8): 134-140.doi: 10.11896/j.issn.1002-137X.2018.08.024

• 信息安全 • 上一篇    下一篇

云计算环境下基于属性的撤销方案

张光华1,2, 刘会梦2, 陈振国3   

  1. 西安电子科技大学综合业务网理论及关键技术国家重点实验室 西安7100711
    河北科技大学信息科学与工程学院 石家庄0500002
    华北科技学院河北省物联网数据采集与处理工程技术研究中心 河北 三河0652013
  • 收稿日期:2017-06-13 出版日期:2018-08-29 发布日期:2018-08-29
  • 作者简介:张光华(1979-),男,博士,副教授,CCF会员,主要研究方向为信任管理、无线网络安全,E-mail:xian_software@163.com(通信作者); 刘会梦(1991-),女,硕士,主要研究方向为网络安全; 陈振国(1976-),男,博士,副教授,主要研究方向为网络安全、物联网。
  • 基金资助:
    本文受国家自然科学基金项目(61572255),中国博士后科学基金(2015M582622),河北省高等学校科学技术研究项目(ZD2018236,QN2017062),河北省科技计划支撑项目(15210338,15210703)资助。

Attribute-based Revocation Scheme in Cloud Computing Environment

ZHANG Guang-hua1,2, LIU Hui-meng2, CHEN Zhen-guo3   

  1. State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an 710071,China1
    College of Information Science and Engineering,Hebei University of Science and Technology,Shijiazhuang 050000,China2
    Hebei Engineering Technology Research Center for IOT Data Acquisition & Processing,North China Institute of Science and Technology,Sanhe,Hebei 065201,China3
  • Received:2017-06-13 Online:2018-08-29 Published:2018-08-29

PDF (PC)

820

摘要: 针对云环境下密文策略属性基加密共享数据的访问权限撤销问题,提出了基于属性的撤销方案。方案中可信第三方从带有全局标识的用户属性集中查找满足密文访问结构的属性集,为该交集中的每个属性生成带有相同全局标识的密钥组件,通过组合密钥组件生成用户私钥。当发生撤销时,更新撤销用户属性的密钥组件并分发给拥有该属性的其他用户,同时生成对应的重加密密钥来对密文重加密。安全性分析和实验表明,本方案是选择明文攻击安全的,能有效实现属性的即时撤销,解决多授权结构密钥分发的同步问题。采用hash函数可使密文长度达到常数级,进一步减少资源开销,满足实际云环境中属性安全撤销的应用需求。

关键词: 单可信第三方, 云环境, 属性撤销, 属性加密, 资源开销

Abstract: Aiming at the problem of revoking the access rights of the ciphertexts policy attribute base encryption shared data in the cloud environment,the revocation scheme based on attribute was proposed.In the scheme,the trusted third party searches the attribute set satisfying the ciphertext access structure from the user attribute set with the global identity,generates the key component with the same global identity for each attribute in the intersection,and generates the user private key by combining the key components.When the revocation is occured,the scheme updates the key component which revokes the user attribute and distributes the component to other users who have the same attribute.At the same time,the corresponding re-encryption key is generated,and the ciphertext is re-encrypted in the cloud environment.The security analysis and experiments show that the scheme is safe to choose plaintext,which can effectively realize the real-time cancellation of attributes and solve the synchronization problem of multi-authorization structure key distribution.The hash function is used to make the ciphertext length constant,thus reducing the resource cost and mee-ting the application requirements of security in the real cloud environment.

Key words: Attribute encryption, Attribute revocation, Cloud environment, Resource overhead, Single trusted third party

中图分类号: 

  • TP309.2
[1]SAHAI A,WATERS B.Fuzzy identity-based encryption[C]∥International Confernece on Theory & Applications of Cryptographic Techniques.2005:457-473.
[2]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[J].IEEE Symposium on Security & Privacy,2007,2008(4):321-334.
[3]LIANG X H,LU R X,LIN X D,et al.Ciphertext Policy Attri-bute Based Encryption with Efficient Revocation[R].Waterloo:University of Waterloo,2010.
[4]HUR J,NOH D K.Attribute-based access control with efficient revocation in data outsourcing systems[J].IEEE Transactions on Parallel and Distributed Systems,2011,22(7):1214-1221.
[5]YU S,WANG C,REN K,et al.Achieving secure,scalable,and fine-grained data access control in cloud computing[C]∥IEEE INFOCOM 2010 Proceedings.2010:1-9.
[6]CHEN Y,WANG Z Y,MA J,et al.Efficient revocation in cipher-text-policy attribute-based encryption based cryptographic cloud storage[J].Journal of Zhejiang University-Science C,2013,14(2):85-97.
[7]YAN X X,TANG Y L.Attribute-based encryption scheme with efficient revocation in data outsourcing systems.Journal on Communications,2015,36(10):92-100.(in Chinese)闫玺玺,汤永利.数据外包环境下一种支持撤销的属性基加密方案[J].通信学报,2015,36(10):92-100.
[8]CHASE M.Multi-authority attribute based encryption[M]∥Theory of Cryptography.Springer Berlin Heidelberg,2007:515-534.
[9]LEWKO A,WATERS B.Decentralizing attribute-based encryption[M]∥Advances in Cryptology-EUROCRYPT 2011.SpringerBerlin Heidelberg,2011:568-588.
[10]YANG K,JIA X.Attributed-based access control for multi-authority systems in cloud storage[C]∥2012 IEEE 32nd International Conference on Distributed Computing Systems (ICDCS).IEEE,2012:536-545.
[11]DOSHI N,JINWALA D.Constant ciphertext length in mul-tiauthority ciphertext policy attribute based encryption[C]∥2011 2nd International Conference on Computer and Communication Technology (ICCCT).IEEE,2011:451-456.
[12]EMURA K,MIYAJI A,NOMURA A,et al.A ciphertext-policy attribute-based encryption scheme with constant ciphertext length[M]∥Information Security Practice and Experience.Springer Berlin Heidelberg,2009:13-23.
[13]HERRANZ J,LAGUILLAUMIE F,RÀFOLS C.Constant sizeciphertexts in threshold attribute-based encryption[M]∥Public Key Cryptography-PKC 2010.Springer Berlin Heidelberg,2010:19-34.
[14]GE A,ZHANG R,CHEN C,et al.Threshold ciphertext policy attribute-based encryption with constant size ciphertexts[C]∥Australasian Conference on Information Security and Privacy.2012:336-349.
[15]ATTRAPADUNG N,HERRANZ J,LAGUILLAUMIE F,et al.Attribute-based encryption schemes with constant-size ciphertexts[J].Theoretical Computer Science,2012,422(3):15-38.
[16]CHEN Y,SONG L,YANG G.Attribute-Based Access Control for Multi-Authority Systems with Constant Size Ciphertext in Cloud Computing[J].China Communications,2016,13(2):146-162.
[17]SHAMIR A.Identity-based cryptosystems and signature schemes[C]∥Proceedings of CRYPTO 84 on Advances in Cryptology.Berlin,1985:47-53.
[18]单忆南.基于属性的加密算法[D].上海:上海交通大学,2009.
[19]GENTRY C,PEIKERT C,VAIKUNTANATHAN V.Trap-doors for hard lattices and new cryptographic constructions[C]∥Proceeings of the 14th Annual ACM Symposium on Theory of Computing.2008:197-206.
[20]YAN X X,MENG H.Ciphertext policy attribute-based encryption scheme supporting direct revocation.Journal on Communications,2016,37(5):44-50.(in Chinese)闫玺玺,孟慧.支持直接撤销的密文策略属性基加密方案[J].通信学报,2016,37(5):44-50.
[1] 高诗尧, 陈燕俐, 许玉岚.
云环境下基于属性的多关键字可搜索加密方案
Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing
计算机科学, 2022, 49(3): 313-321. https://doi.org/10.11896/jsjkx.201100214
[2] 何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳.
多云环境中基于属性加密的高效多关键词检索方案
Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment
计算机科学, 2021, 48(11A): 576-584. https://doi.org/10.11896/jsjkx.201000026
[3] 章园园, 秦岭.
面向物联网搜索技术的高效访问控制方案
Efficient Access Control Scheme for Internet of Things Search Technology
计算机科学, 2019, 46(8): 194-200. https://doi.org/10.11896/j.issn.1002-137X.2019.08.032
[4] 乔毛,秦岭.
云存储服务中一种高效属性撤销的AB-ACCS方案
AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services
计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015
[5] 江泽涛,黄锦,胡硕,徐智.
云计算下可撤销的全外包CP-ABE方案
Fully-outsourcing CP-ABE Scheme with Revocation in Cloud Computing
计算机科学, 2019, 46(7): 114-119. https://doi.org/10.11896/j.issn.1002-137X.2019.07.018
[6] 刘胜杰, 王静.
云环境下SNS隐私保护方案
Privacy Preserving Scheme for SNS in Cloud Environment
计算机科学, 2019, 46(2): 133-138. https://doi.org/10.11896/j.issn.1002-137X.2019.02.021
[7] 高丹, 凌捷, 陈家辉.
基于可撤销外包属性加密的二维码加密
Two-dimensional Code Encryption Based on Revocable Outsourced Attribute Encryption
计算机科学, 2019, 46(12): 186-191. https://doi.org/10.11896/jsjkx.181102187
[8] 王静, 司书建.
面向脑机接口技术的属性可撤销访问控制方案
Attribute Revocable Access Control Scheme for Brain-Computer Interface Technology
计算机科学, 2018, 45(9): 187-194. https://doi.org/10.11896/j.issn.1002-137X.2018.09.031
[9] 初晓璐, 刘培顺.
基于公私属性的多授权中心加密方案
Multi-authority Encryption Scheme Based on Public and Private Attributes
计算机科学, 2018, 45(11): 124-129. https://doi.org/10.11896/j.issn.1002-137X.2018.11.018
[10] 屠袁飞, 高振宇, 李荣雨.
基于CP-ABE的可撤销属性加密访问控制算法
Removable Attribute Encryption Access Control Algorithm Based on CP-ABE
计算机科学, 2018, 45(11): 176-179. https://doi.org/10.11896/j.issn.1002-137X.2018.11.027
[11] 闫铭, 张应辉, 郑东, 吕柳迪, 苏昊楠.
灵活访问且模糊可搜索的EHR云服务系统
Flexibly Accessed and Vaguely Searchable EHR Cloud Service System
计算机科学, 2018, 45(10): 172-177. https://doi.org/10.11896/j.issn.1002-137X.2018.10.032
[12] 张勋,顾春华,罗飞,常耀辉,文赓.
基于动态规划的虚拟机放置策略
Virtual Machine Placement Strategy Based on Dynamic Programming
计算机科学, 2017, 44(8): 54-59. https://doi.org/10.11896/j.issn.1002-137X.2017.08.010
[13] 宋文纳,向广利,李安康,张月欣,陶然.
一种改进的属性加密方案
Improved Attribute-based Encryption Scheme
计算机科学, 2017, 44(1): 167-171. https://doi.org/10.11896/j.issn.1002-137X.2017.01.032
[14] 黄保华,贾丰玮,王添晶.
云存储平台下基于属性的数据库访问控制策略
Database Access Control Policy Based on Attribute in Cloud Storage Platform
计算机科学, 2016, 43(3): 167-173. https://doi.org/10.11896/j.issn.1002-137X.2016.03.032
[15] 刘晓建,王力生,廖新考.
基于CP-ABE和XACML多权限安全云存储访问控制方案
Multiple Permissions Secure Access Control Scheme Combining CP-ABE and XACML in Cloud Storage
计算机科学, 2016, 43(3): 118-121. https://doi.org/10.11896/j.issn.1002-137X.2016.03.024
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发