计算机科学

计算机科学 ›› 2026, Vol. 53 ›› Issue (2): 431-441.doi: 10.11896/jsjkx.250900047

• 信息安全 • 上一篇    下一篇

支持分层访问控制的弱中心化敏感数据共享方案

郑开发1, 孙炜2, 周俊旭2, 吴云坤5, 徐振3, 刘志全2, 何强4   

  1. 1 北京航空航天大学网络空间安全学院 北京 100191
    2 暨南大学网络空间安全学院 广州 510632
    3 杭州芯云半导体集团有限公司 杭州 310052
    4 东北大学计算科学与工程学院 沈阳 110169
    5 奇安信科技集团股份有限公司 北京 100044
  • 收稿日期:2025-09-07 修回日期:2025-12-02 发布日期:2026-02-10
  • 通讯作者: 何强(heqiang@bmie.neu.edu.cn)
  • 作者简介:(zhengkaifa@buaa.edu.cn)
  • 基金资助:
    国家重点研发计划(2022YFB3104900);国家自然科学基金面上项目(62272195);北京市高层次创新创业人才支持计划科技新星计划(20250484975);山东省自然科学基金(ZR2024MF084)

Weakly-decentralized Scheme for Sensitive Data Sharing with Hierarchical Access Control

ZHENG Kaifa1, SUN Wei2, ZHOU Junxu2, WU Yunkun5, XU Zhen3, LIU Zhiquan2 , HE Qiang4   

  1. 1 School of Cyber Science and Technology,Beihang University,Beijing 100191,China
    2 School of Cyber Security,Jinan University,Guangzhou 510632,China
    3 Hangzhou Xinyun Semiconductor Group Co.,Ltd.,Hangzhou 310052,China
    4 School of Computer Science and Engineering,Northeastern University,Shenyang 110169,China
    5 Qi Anxin Technology Group Co.,Ltd.,Beijing 100044,China
  • Received:2025-09-07 Revised:2025-12-02 Online:2026-02-10
  • About author:ZHENG Kaifa,born in 1989,Ph.D,researcher.His main research interests include privacy computing,privacy protection and information security.
    HE Qiang,born in 1991,Ph.D,professor,Ph.D supervisor.His main research in-terests include edge computing,computing power network,terminal-edge-cloud collaboration,intelligent network,artificial intelligence(model interpretability,security),machine learning algorithms(graph neural network,multi-agent),etc.
  • Supported by:
    National Key Research and Development Program of China(2022YFB3104900),General Program of the National Natural Science Foundation of China(62272195), Sponsored by Beijing Nova Program(20250484975) and Natural Science Foundation of Shandong Province(ZR2024MF084).

PDF (PC)

75

摘要: 在云边协同等分布式应用场景下,实现高效性、可检索性与弱中心化的细粒度访问控制是保障敏感数据安全共享的核心挑战。然而,传统方案存在高昂的计算开销、缺少密文检索功能和中心化架构固有的安全风险等问题。对此,提出一种支持分层访问控制的弱中心化敏感数据共享方案(HAC-SDS)。首先,通过云边端协同计算方式,将终端侧开销转移到云边侧,降低计算和存储开销。其次,通过构建加密的倒排索引,支持对云端文件进行快速、细粒度的检索,并结合属性撤销与动态更新机制,显著提升效率。最后,将区块链技术应用于密钥管理,通过其弱中心化的特性,从根本上消除传统中心化方案的单点瓶颈与信任风险。安全分析表明,密文的不可区分性有效保障了数据的机密性。实验结果表明,所提密文检索方案在实际应用中是高效可行的。

关键词: 分层访问控制, 敏感数据共享, 云边端协同计算, 密文检索, 弱中心化

Abstract: In distributed application scenarios such as cloud-edge collaboration,achieving efficient,searchable,and decentralized fine-grained access control for sensitive data sharing presents a core challenge.Traditional schemes are often hindered by high computational overhead,a lack of ciphertext retrieval functionality,and the inherent security risks of centralized architectures.Therefore,this paper proposes a hierarchical access control scheme for sensitive data sharing in a semi-decentralized manner(HAC-SDS).Firstly,by employing a cloud-edge-device collaborative computing model,the scheme offloads significant computational and storage burdens from the client-side to cloud and edge servers,effectively reducing overhead.Secondly,an encrypted inverted index is constructed to support fast and fine-grained ciphertext retrieval,which is integrated with an attribute revocation and dynamic update mechanism to significantly enhance efficiency.Finally,blockchain technology is applied to key management,its decentralized nature fundamentally eliminates the single-point bottleneck and trust risks inherent in traditional centralized solutions.Security analysis demonstrates that the ciphertext achieves indistinguishability,thereby effectively guaranteeing data confidentiality.Experimental results confirm that the proposed ciphertext retrieval scheme is both efficient and practical for real-world applications.

Key words: Hierarchical access control, Sensitive data sharing, Cloud-edge-end collaborative computing, Searchable encryption, Decentralization

中图分类号: 

  • TP309
[1]ZHAO Y F.Application of big data and cloud computing in electronic information systems[J].Integrated Circuit Application,2025,42(1):122-123.
[2]D’ORAZIO C J,CHOO K K R.Circumventing iOS securitymechanisms for APT forensic investigations:A security taxonomy for cloud apps[J].Future Generation Computer Systems,2018,79:247-261.
[3]BROWN A J,GLISSON W B,ANDEL T R,et al.Cloud forecasting:Legal visibility issues in saturated environments[J].Computer Law & Security Review,2018,34(6):1278-1290.
[4]ZHANG X,ZHOU Y,WU D,et al.A survey on privacy-preserving caching at network edge:Classification,solutions,and challenges[J].ACM Computing Surveys,2025,57(5):1-38.
[5]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]//2007 IEEE Symposium on Security and Privacy(SP’07).IEEE,2007:321-334.
[6]GREEN M,HOHENBERGER S,WATERS B.Outsourcing the decryption of ABE ciphertexts[C]//20th USENIX security symposium(USENIX Security 11).2011.
[7]GUO L F,XING X M,GUO H.An efficient,traceable,and revocable attribute-based encryption scheme in cloud storage[J].Journal of Cryptologic Research,2023,10(1):131-145.
[8]YAN L,WANG G,YIN T,et al.Attribute-based searchable encryption:A survey[J].Electronics,2024,13(9):1621.
[9]ZHOU X B,JIANG,R.A fine-grained data encryption and sharing scheme for cloud-fog integrated environments[J].Journal of Cryptologic Research,2023,10(6):1295-1318.
[10]REN J,ZHANG L,WANG B.Decentralized multi-authority attribute-based searchable encryption scheme[J].International Journal of Network Security,2021,23(2):332-342.
[11]SAHAI A,WATERS B.Fuzzy identity-based encryption[C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin:Springer,2005:457-473.
[12]WANG S,ZHOU J,LIU J K,et al.An efficient file hierarchy attribute-based encryption scheme in cloud computing[J].IEEE Transactions on Information Forensics and Security,2016,11(6):1265-1277.
[13]ZHENG K,DING C,WANG J.A secure data-sharing scheme for privacy-preserving supporting node-edge-cloud collaborative computation[J].Electronics,2023,12(12):2737.
[14]LIU J,LI Y,SUN R,et al.EMK-ABSE:Efficient multikeyword attribute-based searchable encryption scheme through cloud-edge coordination[J].IEEE Internet of Things Journal,2022,9(19):18650-18662.
[15]XIA J,CHENG G,GU S,et al.Secure and trust-oriented edge storage for Internet of Things[J].IEEE Internet of Things Journal,2019,7(5):4049-4060.
[16]SONG D X,WAGNER D,PERRIG A.Practical techniques for searches on encrypted data[C]//Proceeding 2000 IEEE Symposium on Security and Privacy.IEEE,2000:44-55.
[17]ZHENG Q,XU S,ATENIESE G.VABKS:Verifiable attribute-based keyword search over outsourced encrypted data[C]//IEEE INFOCOM 2014-IEEE Conference on Computer Communications.IEEE,2014:522-530.
[18]HUANG Q,HUANG P,LI H,et al.A more efficient public-key authenticated encryption scheme with keyword search[J].Journal of Systems Architecture,2023,137:102839.
[19]FAN K,CHEN Q,SU R,et al.MSIAP:A dynamic searchable encryption for privacy-protection on smart grid with cloud-edge-end[J].IEEE Transactions on Cloud Computing,2021,11(2):1170-1181.
[20]ZHANG W,ZHANG Z,XIONG H,et al.PHAS-HEKR-CP-ABE:partially policy-hidden CP-ABE with highly efficient key revocation incloud data sharing system[J].Journal of Ambient Intelligence and Humanized Computing,2022,13(4):613-627.
[21]LUO F C,AL-KUWARI S,WANG H Y,et al.Revocable attri-bute-based encryption from standard lattices[J].Computer Standards & Interfaces,2023,84:103698.
[22]LIU J,LI Y,SUN R,et al.EMK-ABSE:Efficient multikeyword attribute-based searchable encryption scheme through cloud-edge coordination[J].IEEE Internet of Things Journal,2022,9(19):18650-18662.
[23]LI C,LI J,ZHANG K,et al.Verifiable cloud-based data publish-subscribe service with hidden access policy[J].IEEE Transactions on Cloud Computing,2023,11(4):3737-3749.
[24]HUANG B H,HUANG P R,ZHAO W H,et al.Multi-keyword searchable encryption scheme upporting attribute revocation in cloud storage[J].Computer Engineering,2021,47(11):29-36.
[25]NIU S F,SONG M,FANG L Z,et al.Cloud storage data sharing based on attribute encryption in smart healthcare[J].Journal of Electronics & Information Technology,2022,44(1):107-117.
[26]CHASE M.Multi-authority attribute based encryption[C]//Theory of Cryptography:4th Theory of Cryptography Confe-rence.Berlin:Springer,2007:515-534.
[27]LEWKO A,WATERS B.Decentralizing attribute-based encryption[C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin:Springer,2011:568-588.
[28]CUI J,BIAN F,ZHONG H,et al.An anonymous and outsourcing-supported multiauthority access control scheme with revocation for edge-enabled IIoT system[J].IEEE Systems Journal,2022,16(4):6569-6580.
[29]YANG X,LI W,FAN K.A revocable attribute-based encryption EHR sharing scheme with multiple authorities in blockchain[J].Peer-to-Peer Networking and Applications,2023,16(1):107-125.
[30]SASIKUMAR A,RAVI L,DEVARAJAN M,et al.Blockchain-assisted hierarchical attribute-based encryption scheme for secure information sharing in industrial internet of things[J].IEEE Access,2024,12:12586-12601.
[31]CUI Y,GAO F,SHI Y,et al.An efficient attribute-based multi-keyword search scheme in encrypted keyword generation[J].IEEE Access,2020,8:99024-99036.
[32]MIAO Y,MA J,LIU X,et al.Lightweight fine-grained search over encrypted data in fog computing[J].IEEE Transactions on Services Computing,2018,12(5):772-785.
[33]ZHENG K,ZHOU Z,LIU J,et al.Secure Fine-Grained Multi-Keyword Ciphertext Search Supporting Cloud-Edge-End Colla-boration in IoT[J].Chinese Journal of Electronics,2025,34(1):266-281.
[34]LI Y F,ZHANG G P,LIN L B,et al.An attribute-based encryption scheme supporting accountability and verifiable outsourced decryption[J].Journal of Guangdong University of Technology,2024,41(4):106-113.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市两江新区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发