计算机科学 ›› 2018, Vol. 45 ›› Issue (8): 134-140.doi: 10.11896/j.issn.1002-137X.2018.08.024
张光华1,2, 刘会梦2, 陈振国3
ZHANG Guang-hua1,2, LIU Hui-meng2, CHEN Zhen-guo3
摘要: 针对云环境下密文策略属性基加密共享数据的访问权限撤销问题,提出了基于属性的撤销方案。方案中可信第三方从带有全局标识的用户属性集中查找满足密文访问结构的属性集,为该交集中的每个属性生成带有相同全局标识的密钥组件,通过组合密钥组件生成用户私钥。当发生撤销时,更新撤销用户属性的密钥组件并分发给拥有该属性的其他用户,同时生成对应的重加密密钥来对密文重加密。安全性分析和实验表明,本方案是选择明文攻击安全的,能有效实现属性的即时撤销,解决多授权结构密钥分发的同步问题。采用hash函数可使密文长度达到常数级,进一步减少资源开销,满足实际云环境中属性安全撤销的应用需求。
中图分类号:
[1]SAHAI A,WATERS B.Fuzzy identity-based encryption[C]∥International Confernece on Theory & Applications of Cryptographic Techniques.2005:457-473. [2]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[J].IEEE Symposium on Security & Privacy,2007,2008(4):321-334. [3]LIANG X H,LU R X,LIN X D,et al.Ciphertext Policy Attri-bute Based Encryption with Efficient Revocation[R].Waterloo:University of Waterloo,2010. [4]HUR J,NOH D K.Attribute-based access control with efficient revocation in data outsourcing systems[J].IEEE Transactions on Parallel and Distributed Systems,2011,22(7):1214-1221. [5]YU S,WANG C,REN K,et al.Achieving secure,scalable,and fine-grained data access control in cloud computing[C]∥IEEE INFOCOM 2010 Proceedings.2010:1-9. [6]CHEN Y,WANG Z Y,MA J,et al.Efficient revocation in cipher-text-policy attribute-based encryption based cryptographic cloud storage[J].Journal of Zhejiang University-Science C,2013,14(2):85-97. [7]YAN X X,TANG Y L.Attribute-based encryption scheme with efficient revocation in data outsourcing systems.Journal on Communications,2015,36(10):92-100.(in Chinese)闫玺玺,汤永利.数据外包环境下一种支持撤销的属性基加密方案[J].通信学报,2015,36(10):92-100. [8]CHASE M.Multi-authority attribute based encryption[M]∥Theory of Cryptography.Springer Berlin Heidelberg,2007:515-534. [9]LEWKO A,WATERS B.Decentralizing attribute-based encryption[M]∥Advances in Cryptology-EUROCRYPT 2011.SpringerBerlin Heidelberg,2011:568-588. [10]YANG K,JIA X.Attributed-based access control for multi-authority systems in cloud storage[C]∥2012 IEEE 32nd International Conference on Distributed Computing Systems (ICDCS).IEEE,2012:536-545. [11]DOSHI N,JINWALA D.Constant ciphertext length in mul-tiauthority ciphertext policy attribute based encryption[C]∥2011 2nd International Conference on Computer and Communication Technology (ICCCT).IEEE,2011:451-456. [12]EMURA K,MIYAJI A,NOMURA A,et al.A ciphertext-policy attribute-based encryption scheme with constant ciphertext length[M]∥Information Security Practice and Experience.Springer Berlin Heidelberg,2009:13-23. [13]HERRANZ J,LAGUILLAUMIE F,RÀFOLS C.Constant sizeciphertexts in threshold attribute-based encryption[M]∥Public Key Cryptography-PKC 2010.Springer Berlin Heidelberg,2010:19-34. [14]GE A,ZHANG R,CHEN C,et al.Threshold ciphertext policy attribute-based encryption with constant size ciphertexts[C]∥Australasian Conference on Information Security and Privacy.2012:336-349. [15]ATTRAPADUNG N,HERRANZ J,LAGUILLAUMIE F,et al.Attribute-based encryption schemes with constant-size ciphertexts[J].Theoretical Computer Science,2012,422(3):15-38. [16]CHEN Y,SONG L,YANG G.Attribute-Based Access Control for Multi-Authority Systems with Constant Size Ciphertext in Cloud Computing[J].China Communications,2016,13(2):146-162. [17]SHAMIR A.Identity-based cryptosystems and signature schemes[C]∥Proceedings of CRYPTO 84 on Advances in Cryptology.Berlin,1985:47-53. [18]单忆南.基于属性的加密算法[D].上海:上海交通大学,2009. [19]GENTRY C,PEIKERT C,VAIKUNTANATHAN V.Trap-doors for hard lattices and new cryptographic constructions[C]∥Proceeings of the 14th Annual ACM Symposium on Theory of Computing.2008:197-206. [20]YAN X X,MENG H.Ciphertext policy attribute-based encryption scheme supporting direct revocation.Journal on Communications,2016,37(5):44-50.(in Chinese)闫玺玺,孟慧.支持直接撤销的密文策略属性基加密方案[J].通信学报,2016,37(5):44-50. |
[1] | 高诗尧, 陈燕俐, 许玉岚. 云环境下基于属性的多关键字可搜索加密方案 Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing 计算机科学, 2022, 49(3): 313-321. https://doi.org/10.11896/jsjkx.201100214 |
[2] | 何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳. 多云环境中基于属性加密的高效多关键词检索方案 Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment 计算机科学, 2021, 48(11A): 576-584. https://doi.org/10.11896/jsjkx.201000026 |
[3] | 章园园, 秦岭. 面向物联网搜索技术的高效访问控制方案 Efficient Access Control Scheme for Internet of Things Search Technology 计算机科学, 2019, 46(8): 194-200. https://doi.org/10.11896/j.issn.1002-137X.2019.08.032 |
[4] | 乔毛,秦岭. 云存储服务中一种高效属性撤销的AB-ACCS方案 AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services 计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015 |
[5] | 江泽涛,黄锦,胡硕,徐智. 云计算下可撤销的全外包CP-ABE方案 Fully-outsourcing CP-ABE Scheme with Revocation in Cloud Computing 计算机科学, 2019, 46(7): 114-119. https://doi.org/10.11896/j.issn.1002-137X.2019.07.018 |
[6] | 刘胜杰, 王静. 云环境下SNS隐私保护方案 Privacy Preserving Scheme for SNS in Cloud Environment 计算机科学, 2019, 46(2): 133-138. https://doi.org/10.11896/j.issn.1002-137X.2019.02.021 |
[7] | 高丹, 凌捷, 陈家辉. 基于可撤销外包属性加密的二维码加密 Two-dimensional Code Encryption Based on Revocable Outsourced Attribute Encryption 计算机科学, 2019, 46(12): 186-191. https://doi.org/10.11896/jsjkx.181102187 |
[8] | 王静, 司书建. 面向脑机接口技术的属性可撤销访问控制方案 Attribute Revocable Access Control Scheme for Brain-Computer Interface Technology 计算机科学, 2018, 45(9): 187-194. https://doi.org/10.11896/j.issn.1002-137X.2018.09.031 |
[9] | 初晓璐, 刘培顺. 基于公私属性的多授权中心加密方案 Multi-authority Encryption Scheme Based on Public and Private Attributes 计算机科学, 2018, 45(11): 124-129. https://doi.org/10.11896/j.issn.1002-137X.2018.11.018 |
[10] | 屠袁飞, 高振宇, 李荣雨. 基于CP-ABE的可撤销属性加密访问控制算法 Removable Attribute Encryption Access Control Algorithm Based on CP-ABE 计算机科学, 2018, 45(11): 176-179. https://doi.org/10.11896/j.issn.1002-137X.2018.11.027 |
[11] | 闫铭, 张应辉, 郑东, 吕柳迪, 苏昊楠. 灵活访问且模糊可搜索的EHR云服务系统 Flexibly Accessed and Vaguely Searchable EHR Cloud Service System 计算机科学, 2018, 45(10): 172-177. https://doi.org/10.11896/j.issn.1002-137X.2018.10.032 |
[12] | 张勋,顾春华,罗飞,常耀辉,文赓. 基于动态规划的虚拟机放置策略 Virtual Machine Placement Strategy Based on Dynamic Programming 计算机科学, 2017, 44(8): 54-59. https://doi.org/10.11896/j.issn.1002-137X.2017.08.010 |
[13] | 宋文纳,向广利,李安康,张月欣,陶然. 一种改进的属性加密方案 Improved Attribute-based Encryption Scheme 计算机科学, 2017, 44(1): 167-171. https://doi.org/10.11896/j.issn.1002-137X.2017.01.032 |
[14] | 黄保华,贾丰玮,王添晶. 云存储平台下基于属性的数据库访问控制策略 Database Access Control Policy Based on Attribute in Cloud Storage Platform 计算机科学, 2016, 43(3): 167-173. https://doi.org/10.11896/j.issn.1002-137X.2016.03.032 |
[15] | 刘晓建,王力生,廖新考. 基于CP-ABE和XACML多权限安全云存储访问控制方案 Multiple Permissions Secure Access Control Scheme Combining CP-ABE and XACML in Cloud Storage 计算机科学, 2016, 43(3): 118-121. https://doi.org/10.11896/j.issn.1002-137X.2016.03.024 |
|