计算机科学 ›› 2019, Vol. 46 ›› Issue (7): 114-119.doi: 10.11896/j.issn.1002-137X.2019.07.018
江泽涛1,2,黄锦1,胡硕3,徐智1
JIANG Ze-tao1,2,HUANG Jin1,HU Shuo3,XU Zhi1
摘要: 在属性基加密体制(Attribute-Based Encryptionsystem,ABE)中,用户可以通过自身属性进行信息加密和解密,具有灵活性和安全性,因而该机制被广泛应用于云存储的安全数据共享方案。但标准ABE机制具有繁重的计算开销,限制了ABE加密的实际应用,无法满足数据拥有者可以动态、高效地修改用户访问权限的需求。针对以上问题,文中提出一种支持属性撤销的全外包密文策略属性基加密方案。利用计算外包将密钥生成以及加解密过程中的复杂计算交由云服务器完成,减少密钥生成中心(Key Generation Center,KGC)以及用户的计算开销,通过属性密钥密文更新实现对用户属性的细粒度撤销。最后通过理论分析对所提方案的效率和功能进行评估,结果表明其具有良好的安全性及较高的系统效率。
中图分类号:
[1]WANG Y D,YANG J H,XU C,et al.Survey on access control technologies for cloud computing[J].Journal of Software,2015,26(5):1129-1150.(in Chinese) 王于丁,杨家海,徐聪,等.云计算访问控制技术研究综述[J].软件学报,2015,26(5):1129-1150. [2]SHAMIR A.Identity-Based Cryptosystems and Signature Sche- mes[M]∥Advances in Cryptology.Springer Berlin Heidelberg,1984:47-53. [3]SAHAI A,WATERS B.Fuzzy identity-based encryption[C]∥International Conference on Theory and Applications of Cryptographic Techniques.Springer-Verlag,2005:457-473. [4]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]∥ACM Conference on Computer and Communications Security.ACM,2006:89-98. [5]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-Policy Attribute-Based Encryption[C]∥IEEE Symposium on Security &Privacy.2007. [6]GREEN M,HOHENBERGER S,WATERS B.Outsourcing the decryption of ABE ciphertexts[C]∥Usenix Conference on Security.USENIX Association,2011:34. [7]ZHOU Z,HUANG D.Efficient and secure data storage operations for mobile cloud computing[C]∥International Conference on Network and Service Management.International Federation for Information Processing,2012:37-45. [8]ASIM M M,PETKOVIC M M,IGNATENKO T T.Attribute-based encryption with encryption and decryption outsourcing[C]∥Conference on Innovations in Clouds,Internet and Networks.2014. [9]CHOW S S M.A Framework of Multi-Authority Attribute- Based Encryption with Outsourcing and Revocation[C]∥ACM on Symposium on Access Control Models and Technologies.ACM,2016:215-226. [10]MAO X,LAI J,MEI Q,et al.Generic and Efficient Constructions of Attribute-Based Encryption with Verifiable Outsourced Decryption[J].IEEE Transactions on Dependable & Secure Computing,2016,13(5):533-546. [11]WANG H,HE D,SHEN J,et al.Verifiable outsourced ciphertext-policy attribute-based encryption in cloud computing[J].Soft Computing,2016,21(24):1-11. [12]YU S,WANG C,REN K,et al.Achieving secure,scalable,and fine-grained data access control in cloud computing[C]∥INFOCOM,2010 Proceedings IEEE.IEEE,2010:1-9. [13]YANG K,JIA X,REN K.Attribute-based fine-grained access control with efficient revocation in cloud storage systems[C]∥ACM Sigsac Symposium on Information,Computer and Communications Security.ACM,2013:523-528. [14]HUR J,NOH D K.Attribute-Based Access Control with Effi- cient Revocation in Data Outsourcing Systems[J].IEEETran-sactions on Parallel & Distributed Systems,2011,22(7):1214-1221. [15] LI Y,ZENG Z Y,ZHANG X F.Outsourced decryption scheme supporting attribute revocation[J].Journal of Tsinghua University(Science and Technology),2013,53(12):1664-1669.(in Chinese) 李勇,曾振宇,张晓菲.支持属性撤销的外包解密方案[J].清华大学学报(自然科学版),2013,53(12):1664-1669. [16] MA H,BAI C C,LI B,et al.Attribute-based encryption scheme supporting attribute revocation and decryption outsourcing[J].Journal of Xidian University,2015,42(6):6-10.(in Chinese) 马华,白翠翠,李宾,等.支持属性撤销和解密外包的属性基加密方案[J].西安电子科技大学学报,2015,42(6):6-10. [17]FANG X F,WANG X M.Outsourced Encryption and Decryption CP-ABE Scheme with User Revocation [J].Computer Engineering,2016,42(12):124-128,132.(in Chinese) 方雪锋,王晓明.可撤销用户的外包加解密CP-ABE方案[J].计算机工程,2016,42(12):124-128,132. [18]ZHANG P,CHEN Z,LIANG K,et al.A Cloud-Based Access Control Scheme with User Revocation and Attribute Update[C]∥Australasian Conference on Information Security and Privacy.Springer International Publishing,2016:525-540. [19]LI J,JIA C,LI J,et al.Outsourcing encryption of attribute-based encryption with mapreduce[C]∥International Conference on Information and Communications Security.Springer-Verlag,2012:191-201. |
[1] | 高诗尧, 陈燕俐, 许玉岚. 云环境下基于属性的多关键字可搜索加密方案 Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing 计算机科学, 2022, 49(3): 313-321. https://doi.org/10.11896/jsjkx.201100214 |
[2] | 王政, 姜春茂. 一种基于三支决策的云任务调度优化算法 Cloud Task Scheduling Algorithm Based on Three-way Decisions 计算机科学, 2021, 48(6A): 420-426. https://doi.org/10.11896/jsjkx.201000023 |
[3] | 潘瑞杰, 王高才, 黄珩逸. 云计算下基于动态用户信任度的属性访问控制 Attribute Access Control Based on Dynamic User Trust in Cloud Computing 计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013 |
[4] | 陈玉平, 刘波, 林伟伟, 程慧雯. 云边协同综述 Survey of Cloud-edge Collaboration 计算机科学, 2021, 48(3): 259-268. https://doi.org/10.11896/jsjkx.201000109 |
[5] | 蒋慧敏, 蒋哲远. 企业云服务体系结构的参考模型与开发方法 Reference Model and Development Methodology for Enterprise Cloud Service Architecture 计算机科学, 2021, 48(2): 13-22. https://doi.org/10.11896/jsjkx.200300044 |
[6] | 王文娟, 杜学绘, 任志宇, 单棣斌. 基于因果知识和时空关联的云平台攻击场景重构 Reconstruction of Cloud Platform Attack Scenario Based on Causal Knowledge and Temporal- Spatial Correlation 计算机科学, 2021, 48(2): 317-323. https://doi.org/10.11896/jsjkx.191200172 |
[7] | 毛瀚宇, 聂铁铮, 申德荣, 于戈, 徐石成, 何光宇. 区块链即服务平台关键技术及发展综述 Survey on Key Techniques and Development of Blockchain as a Service Platform 计算机科学, 2021, 48(11): 4-11. https://doi.org/10.11896/jsjkx.210500159 |
[8] | 向阿新, 高鸿峰, 田有亮. 基于改进P2PKHCA脚本方案的比特币密钥更新机制 Key Update Mechanism in Bitcoin Based on Improved P2PKHCA Script Scheme 计算机科学, 2021, 48(11): 159-169. https://doi.org/10.11896/jsjkx.210400027 |
[9] | 王勤, 魏立斐, 刘纪海, 张蕾. 基于云服务器辅助的多方隐私交集计算协议 Private Set Intersection Protocols Among Multi-party with Cloud Server Aided 计算机科学, 2021, 48(10): 301-307. https://doi.org/10.11896/jsjkx.210300308 |
[10] | 张恺琪, 涂志莹, 初佃辉, 李春山. 基于排队论的服务资源可用性相关研究综述 Survey on Service Resource Availability Forecast Based on Queuing Theory 计算机科学, 2021, 48(1): 26-33. https://doi.org/10.11896/jsjkx.200900211 |
[11] | 雷阳, 姜瑛. 云计算环境下关联节点的异常判断 Anomaly Judgment of Directly Associated Nodes Under Cloud Computing Environment 计算机科学, 2021, 48(1): 295-300. https://doi.org/10.11896/jsjkx.191200186 |
[12] | 徐蕴琪, 黄荷, 金钟. 容器技术在科学计算中的应用研究 Application Research on Container Technology in Scientific Computing 计算机科学, 2021, 48(1): 319-325. https://doi.org/10.11896/jsjkx.191100111 |
[13] | 李彦, 申德荣, 聂铁铮, 寇月. 面向加密云数据的多关键字语义搜索方法 Multi-keyword Semantic Search Scheme for Encrypted Cloud Data 计算机科学, 2020, 47(9): 318-323. https://doi.org/10.11896/jsjkx.190800139 |
[14] | 马潇潇, 黄艳. 大属性可公开追踪的密文策略属性基加密方案 Publicly Traceable Accountable Ciphertext Policy Attribute Based Encryption Scheme Supporting Large Universe 计算机科学, 2020, 47(6A): 420-423. https://doi.org/10.11896/JsJkx.190700131 |
[15] | 金小敏, 滑文强. 移动云计算中面向能耗优化的资源管理 Energy Optimization Oriented Resource Management in Mobile Cloud Computing 计算机科学, 2020, 47(6): 247-251. https://doi.org/10.11896/jsjkx.190400020 |
|