计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (12): 317-325.doi: 10.11896/jsjkx.231000056

• 信息安全 • 上一篇    下一篇

支持策略与属性全隐藏的CP-ABE方案

姜露寒, 田有亮, 向阿新   

  1. 贵州大学公共大数据国家重点实验室 贵阳 550025
    贵州大学计算机科学与技术学院 贵阳 550025
    贵州大学密码学与数据安全研究所 贵阳 550025
    贵州省密码学与区块链技术特色重点实验室 贵阳 550025
  • 收稿日期:2023-10-10 修回日期:2024-05-15 出版日期:2024-12-15 发布日期:2024-12-10
  • 通讯作者: 田有亮(youliangtian@163.com)
  • 作者简介:(gs.lhjiang21@gzu.edu.cn)
  • 基金资助:
    国家重点研发计划(2021YFB3101100);国家自然科学基金(62272123,62262058);贵州省高层次创新型人才项目(黔科合平台人才[2020]6008);贵阳市科技计划项目(筑科合[2021]1-5,[2022]2-4);贵州省科技计划项目(黔科合平台人才[2020]5017,黔科合支撑[2022]一般065)

CP-ABE Scheme Supports Fully Policy and Attribute Hidden

JIANG Luhan, TIAN Youliang, XIANG Axin   

  1. State Key Laboratory of Public Big Data, Guizhou University, Guiyang 550025, China
    College of Computer Science and Technology, Guizhou University, Guiyang 550025, China
    Institute of Cryptography & Data Security, Guizhou University, Guiyang 550025, China
    Guizhou Provincial Key Laboratory of Cryptography and Blockchain Technology, Guiyang 550025, China
  • Received:2023-10-10 Revised:2024-05-15 Online:2024-12-15 Published:2024-12-10
  • About author:JIANG Luhan,born in 1998,postgra-duate.Her main research interests include secure information security and cryptographic algorithms.
    TIAN Youliang,born in 1982,Ph.D,professor,Ph.D supervisor.His main research interests include algorithmic game theory,cryptography and security protocols,big data security and privacy protection,blockchain and electronic currency,etc.
  • Supported by:
    National Key R&D Program of China(2021YFB3101100),National Natural Science Foundation of China(62272123,62262058),Project of High-level Innovative Talents of Guizhou Province([2020]6008),Science and Technology Program of Guiyang([2021]1-5,[2022]2-4) and Science and Technology Program of Guizhou Province([2020]5017,[2022]065).

PDF (PC)

139

摘要: 已有的支持策略或属性隐藏的CP-ABE方案可实现隐私保护的细粒度访问控制,但大部分方案仅实现了关于属性值的部分策略隐藏,且忽略了密钥生成过程的用户属性隐藏问题,仍易造成用户隐私信息泄露。针对上述问题,文中提出了一种完全隐藏访问策略和用户属性的CP-ABE方案,用于数据访问控制和密钥生成过程中的用户隐私信息保护。首先,提出了属性莫顿过滤器(Attribute Morton Filter,AMF),加密阶段将访问策略完全隐藏于AMF中,解密阶段用户可高效查询并精准判断用户属性在策略中的位置;其次,提出了一种基于zk-SNARKs的密钥生成方法,有效隐藏了密钥生成过程中的用户属性;最后,安全性证明及性能分析表明,所提方案在不影响效率的同时具有选择明文攻击下的不可区分性。

关键词: 属性基加密, 访问策略, 用户属性, 完全隐藏, 属性莫顿过滤器

Abstract: The existing ciphertext-policy attribute-based encryption schemes that support policy or attribute hiding can achieve fine-grained access control for privacy protection,but most of them only realize partial policy hiding of attribute values,and ignore the problem of hiding user attributes during key generation,which is still prone to user privacy information leakage.To address the above problems,a CP-ABE scheme that fully hides access policy and user attributes for data access control and user privacy information protection during key generation is proposed.Firstly,the attribute Morton filter(AMF) is proposed,in which the access policy is fully hidden in the AMF during the encryption phase,and the user can efficiently query and accurately determine the position of attributes in the policy during the decrypt phase.Secondly,a zk-SNARKs-based key generation method is developed to effectively conceal the user attributes throughout the key generation process.Finally,security and performance analysis are conducted to evaluate the proposed scheme,demonstrating its indistinguishability under chosen-plaintext attack security without compromising efficiency.

Key words: Attribute-based encryption, Access policy, User attributes, Fully hidden, Attribute Morton filters

中图分类号: 

  • TP309
[1]BASU S,BARDHAN A,GUPTA K,et al.Cloud computing security challenges & solutions-A survey[C]//2018 IEEE 8th Annual Computing and Communication Workshop and Confe-rence(CCWC).Las Vegas: IEEE,2018:347-356.
[2]SUBRAMANIAN N,JEYARAJ A.Recent security challenges in cloud computing[J].Computers & Electrical Engineering,2018,71:28-42.
[3]BIRJE M N,CHALLAGIDAD P S,GOUDAR R H,et al.Cloud computing review:concepts,technology,challenges and security[J].International Journal of Cloud Computing,2017,6(1):32-57.
[4]SAHAI A,WATERS B.Fuzzy identity-based encryption[C]//Advances in Cryptology-EUROCRYPT 2005:24th Annual International Conference on the Theory and Applications of Cryptographic Techniques.Denmark:Springer,2005:457-473.
[5]BETHENCOURT J,SAHAI A,Waters B.Ciphertext-policy attribute-based encryption[C]//2007 IEEE Symposium on Security and Privacy(SP’07).Piscataway:IEEE,2007:321-334.
[6]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.Alexandria:ACM,2006:89-98.
[7]LAI J,DENG R H,LI Y.Expressive CP-ABE with partially hidden access structures[C]//Proceedings of the 7th ACM Symposium on Information,Computer and Communications Security.New York:ACM,2012:18-19.
[8]BEIMEL A.Secure Schemes for Secret Sharing and Key Distribution[J/OL].https://www.cs.bgu.ac.il/~beimel/Papers/thesis.pdf.
[9]HAN D,PAN N,LI K C.A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection[J].IEEE Transactions on Dependable and Secure Computing,2022,19(1):316-327.
[10]ZHANG Z,ZHANG W,QIN Z.A partially hidden policy CP-ABE scheme against attribute values guessing attacks with online privacy-protective decryption testing in IoT assisted cloud computing[J].Future Generation Computer Systems,2021,123:181-195.
[11]CHINNASAMY P,DEEPALAKSHMI P,DUTTA A K,et al.Ciphertext-policy attribute-based encryption for cloud storage:Toward data privacy and authentication in AI-enabled IoT system[J].Mathematics,2021,10(1):1-24.
[12]ZHANG W,ZHANG Z,XIONG H,et al.PHAS-HEKR-CP-ABE:partially policy-hidden CP-ABE with highly efficient key revocation in cloud data sharing system[J].Journal of Ambient Intelligence and Humanized Computing,2022,13(1):613-627.
[13]HAN Q,ZHANG Y,LI H.Efficient and robust attribute-based encryption supporting access policy hiding in Internet of Things[J].Future Generation Computer Systems,2018,83:269-277.
[14]BRODER A,MITZENMACHER M.Network applications ofbloom filters:A survey[J].Internet Mathematics,2004,1(4):485-509.
[15]MA H,ZHOU D,LI P,et al.EVOAC-HP:An Efficient andVerifiable Outsourced Access Control Scheme with Hidden Po-licy[J].Sensors,2023,23(9):4384.
[16]BA Y,HU X,CHEN Y,et al.A blockchain-based CP-ABEscheme with partially hidden access structures[J].Security and Communication Networks,2021,2021:1-16.
[17]YING Z,JIANG W,LIU X,et al.Reliable policy updating under efficient policy hidden fine-grained access control framework for cloud data sharing[J].IEEE Transactions on Services Computing,2021,15(6):3485-3498.
[18]FAN B,ANDERSEN D G,KAMINSKY M,et al.Cuckoo filter:Practically better than bloom[C]//Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies.Australia:ACM,2014:75-88.
[19]XUE J,SHI L,ZHANG W,et al.Poly-ABE:A traceable and revocable fully hidden policy CP-ABE scheme for integrated demand response in multi-energy systems[J].Journal of Systems Architecture,2023,143(1):102982.
[20]CHASE M,CHOW S S M.Improving privacy and security in multi-authority attribute-based encryption[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security.New York:ACM,2009:121-130.
[21]JUNG T,LI X Y,WAN Z,et al.Privacy preserving cloud data access with multi-authorities[C]//2013 Proceedings IEEE INFOCOM.Piscataway:IEEE,2013:2625-2633.
[22]NASIRAEE H,ASHOURI-TALOUKI M.Anonymous decen-tralized attribute-based access control for cloud-assisted IoT[J].Future Generation Computer Systems,2020,110:45-56.
[23]DUAN Z,ZHU J,ZHAO J Y.IAM-BDSS:A Secure Ciphertext-Policy and Identity-Attribute Management Data Sharing Scheme based on Block-chain[C]//2022 International Conference on Blockchain Technology and Information Security(ICBCTIS).Piscataway:IEEE,2022:117-122.
[24]BRESLOW A D,JAYASENA N S.Morton filters:faster,space-efficient cuckoo filters via biasing,compression,and decoupled logical sparsity[J].Proceedings of the VLDB Endowment,2018,11(9):1041-1055.
[25]APPLEBY A.Murmurhash[DB/OL].https://sites.google.com/site/murmurhash,2008.
[26]REITWIESSNER C.zkSNARKs in a nutshell[J].EthereumBlog,2016,6(1):1-15.
[27]BANERJEE A,CLEAR M,TEWARI H.Demystifying the Role of zk-SNARKs in Zcash[C]//2020 IEEE Conference on Application,Information and Network Security(AINS).Malaysia:IEEE,2020:12-19.
[28]SOBER M,KOBELT M,SCAFFINO G,et al.Distributed Key Generation with Smart Contracts using zk-SNARKs[C]//Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing.Tallinn Estonia:ACM,2023:231-240.
[29]BEN-SASSON E,CHIESA A,RIABZEV M,et al.Aurora:Transparent succinct arguments for R1CS[C]//Advances in Cryptology-EUROCRYPT 2019.Springer International Publishing,2019:103-128.
[30]GENNARO R,GENTRY C,PARNO B,et al.Quadratic spanprograms and succinct NIZKs without PCPs[C]//Advances in Cryptology-EUROCRYPT 2013.Greece:Springer,2013:626-645.
[31]CHEUNG L,NEWPORT C.Provably secure ciphertext policy ABE[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.Virginia:ACM,2007:456-465.
[32]TU S,NIU S,LI H.A fine-grained access control and revocation scheme on clouds[J].Concurrency and Computation:Practice and Experience,2016,28(6):1697-1714.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发