Computer Science

Computer Science ›› 2026, Vol. 53 ›› Issue (2): 431-441.doi: 10.11896/jsjkx.250900047

• Information Security • Previous Articles     Next Articles

Weakly-decentralized Scheme for Sensitive Data Sharing with Hierarchical Access Control

ZHENG Kaifa1, SUN Wei2, ZHOU Junxu2, WU Yunkun5, XU Zhen3, LIU Zhiquan2 , HE Qiang4   

  1. 1 School of Cyber Science and Technology,Beihang University,Beijing 100191,China
    2 School of Cyber Security,Jinan University,Guangzhou 510632,China
    3 Hangzhou Xinyun Semiconductor Group Co.,Ltd.,Hangzhou 310052,China
    4 School of Computer Science and Engineering,Northeastern University,Shenyang 110169,China
    5 Qi Anxin Technology Group Co.,Ltd.,Beijing 100044,China
  • Received:2025-09-07 Revised:2025-12-02 Published:2026-02-10
  • About author:ZHENG Kaifa,born in 1989,Ph.D,researcher.His main research interests include privacy computing,privacy protection and information security.
    HE Qiang,born in 1991,Ph.D,professor,Ph.D supervisor.His main research in-terests include edge computing,computing power network,terminal-edge-cloud collaboration,intelligent network,artificial intelligence(model interpretability,security),machine learning algorithms(graph neural network,multi-agent),etc.
  • Supported by:
    National Key Research and Development Program of China(2022YFB3104900),General Program of the National Natural Science Foundation of China(62272195), Sponsored by Beijing Nova Program(20250484975) and Natural Science Foundation of Shandong Province(ZR2024MF084).

PDF (PC)

72

Abstract: In distributed application scenarios such as cloud-edge collaboration,achieving efficient,searchable,and decentralized fine-grained access control for sensitive data sharing presents a core challenge.Traditional schemes are often hindered by high computational overhead,a lack of ciphertext retrieval functionality,and the inherent security risks of centralized architectures.Therefore,this paper proposes a hierarchical access control scheme for sensitive data sharing in a semi-decentralized manner(HAC-SDS).Firstly,by employing a cloud-edge-device collaborative computing model,the scheme offloads significant computational and storage burdens from the client-side to cloud and edge servers,effectively reducing overhead.Secondly,an encrypted inverted index is constructed to support fast and fine-grained ciphertext retrieval,which is integrated with an attribute revocation and dynamic update mechanism to significantly enhance efficiency.Finally,blockchain technology is applied to key management,its decentralized nature fundamentally eliminates the single-point bottleneck and trust risks inherent in traditional centralized solutions.Security analysis demonstrates that the ciphertext achieves indistinguishability,thereby effectively guaranteeing data confidentiality.Experimental results confirm that the proposed ciphertext retrieval scheme is both efficient and practical for real-world applications.

Key words: Hierarchical access control, Sensitive data sharing, Cloud-edge-end collaborative computing, Searchable encryption, Decentralization

CLC Number: 

  • TP309
[1]ZHAO Y F.Application of big data and cloud computing in electronic information systems[J].Integrated Circuit Application,2025,42(1):122-123.
[2]D’ORAZIO C J,CHOO K K R.Circumventing iOS securitymechanisms for APT forensic investigations:A security taxonomy for cloud apps[J].Future Generation Computer Systems,2018,79:247-261.
[3]BROWN A J,GLISSON W B,ANDEL T R,et al.Cloud forecasting:Legal visibility issues in saturated environments[J].Computer Law & Security Review,2018,34(6):1278-1290.
[4]ZHANG X,ZHOU Y,WU D,et al.A survey on privacy-preserving caching at network edge:Classification,solutions,and challenges[J].ACM Computing Surveys,2025,57(5):1-38.
[5]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]//2007 IEEE Symposium on Security and Privacy(SP’07).IEEE,2007:321-334.
[6]GREEN M,HOHENBERGER S,WATERS B.Outsourcing the decryption of ABE ciphertexts[C]//20th USENIX security symposium(USENIX Security 11).2011.
[7]GUO L F,XING X M,GUO H.An efficient,traceable,and revocable attribute-based encryption scheme in cloud storage[J].Journal of Cryptologic Research,2023,10(1):131-145.
[8]YAN L,WANG G,YIN T,et al.Attribute-based searchable encryption:A survey[J].Electronics,2024,13(9):1621.
[9]ZHOU X B,JIANG,R.A fine-grained data encryption and sharing scheme for cloud-fog integrated environments[J].Journal of Cryptologic Research,2023,10(6):1295-1318.
[10]REN J,ZHANG L,WANG B.Decentralized multi-authority attribute-based searchable encryption scheme[J].International Journal of Network Security,2021,23(2):332-342.
[11]SAHAI A,WATERS B.Fuzzy identity-based encryption[C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin:Springer,2005:457-473.
[12]WANG S,ZHOU J,LIU J K,et al.An efficient file hierarchy attribute-based encryption scheme in cloud computing[J].IEEE Transactions on Information Forensics and Security,2016,11(6):1265-1277.
[13]ZHENG K,DING C,WANG J.A secure data-sharing scheme for privacy-preserving supporting node-edge-cloud collaborative computation[J].Electronics,2023,12(12):2737.
[14]LIU J,LI Y,SUN R,et al.EMK-ABSE:Efficient multikeyword attribute-based searchable encryption scheme through cloud-edge coordination[J].IEEE Internet of Things Journal,2022,9(19):18650-18662.
[15]XIA J,CHENG G,GU S,et al.Secure and trust-oriented edge storage for Internet of Things[J].IEEE Internet of Things Journal,2019,7(5):4049-4060.
[16]SONG D X,WAGNER D,PERRIG A.Practical techniques for searches on encrypted data[C]//Proceeding 2000 IEEE Symposium on Security and Privacy.IEEE,2000:44-55.
[17]ZHENG Q,XU S,ATENIESE G.VABKS:Verifiable attribute-based keyword search over outsourced encrypted data[C]//IEEE INFOCOM 2014-IEEE Conference on Computer Communications.IEEE,2014:522-530.
[18]HUANG Q,HUANG P,LI H,et al.A more efficient public-key authenticated encryption scheme with keyword search[J].Journal of Systems Architecture,2023,137:102839.
[19]FAN K,CHEN Q,SU R,et al.MSIAP:A dynamic searchable encryption for privacy-protection on smart grid with cloud-edge-end[J].IEEE Transactions on Cloud Computing,2021,11(2):1170-1181.
[20]ZHANG W,ZHANG Z,XIONG H,et al.PHAS-HEKR-CP-ABE:partially policy-hidden CP-ABE with highly efficient key revocation incloud data sharing system[J].Journal of Ambient Intelligence and Humanized Computing,2022,13(4):613-627.
[21]LUO F C,AL-KUWARI S,WANG H Y,et al.Revocable attri-bute-based encryption from standard lattices[J].Computer Standards & Interfaces,2023,84:103698.
[22]LIU J,LI Y,SUN R,et al.EMK-ABSE:Efficient multikeyword attribute-based searchable encryption scheme through cloud-edge coordination[J].IEEE Internet of Things Journal,2022,9(19):18650-18662.
[23]LI C,LI J,ZHANG K,et al.Verifiable cloud-based data publish-subscribe service with hidden access policy[J].IEEE Transactions on Cloud Computing,2023,11(4):3737-3749.
[24]HUANG B H,HUANG P R,ZHAO W H,et al.Multi-keyword searchable encryption scheme upporting attribute revocation in cloud storage[J].Computer Engineering,2021,47(11):29-36.
[25]NIU S F,SONG M,FANG L Z,et al.Cloud storage data sharing based on attribute encryption in smart healthcare[J].Journal of Electronics & Information Technology,2022,44(1):107-117.
[26]CHASE M.Multi-authority attribute based encryption[C]//Theory of Cryptography:4th Theory of Cryptography Confe-rence.Berlin:Springer,2007:515-534.
[27]LEWKO A,WATERS B.Decentralizing attribute-based encryption[C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin:Springer,2011:568-588.
[28]CUI J,BIAN F,ZHONG H,et al.An anonymous and outsourcing-supported multiauthority access control scheme with revocation for edge-enabled IIoT system[J].IEEE Systems Journal,2022,16(4):6569-6580.
[29]YANG X,LI W,FAN K.A revocable attribute-based encryption EHR sharing scheme with multiple authorities in blockchain[J].Peer-to-Peer Networking and Applications,2023,16(1):107-125.
[30]SASIKUMAR A,RAVI L,DEVARAJAN M,et al.Blockchain-assisted hierarchical attribute-based encryption scheme for secure information sharing in industrial internet of things[J].IEEE Access,2024,12:12586-12601.
[31]CUI Y,GAO F,SHI Y,et al.An efficient attribute-based multi-keyword search scheme in encrypted keyword generation[J].IEEE Access,2020,8:99024-99036.
[32]MIAO Y,MA J,LIU X,et al.Lightweight fine-grained search over encrypted data in fog computing[J].IEEE Transactions on Services Computing,2018,12(5):772-785.
[33]ZHENG K,ZHOU Z,LIU J,et al.Secure Fine-Grained Multi-Keyword Ciphertext Search Supporting Cloud-Edge-End Colla-boration in IoT[J].Chinese Journal of Electronics,2025,34(1):266-281.
[34]LI Y F,ZHANG G P,LIN L B,et al.An attribute-based encryption scheme supporting accountability and verifiable outsourced decryption[J].Journal of Guangdong University of Technology,2024,41(4):106-113.
[1] LAN Yajie, MA Ziqiang, CHEN Jiali, MIAO Li, XU Xin. Survey on Application of Searchable Attribute-based Encryption Technology Based on Blockchain [J]. Computer Science, 2024, 51(6A): 230800016-14.
[2] SHAO Tong, LI Chuan, XUE Lei, LIU Yang, ZHAO Ning, CHEN Qing. Forward and Backward Secure Dynamic Searchable Encryption Schemes Based on vORAM [J]. Computer Science, 2024, 51(6A): 230500098-9.
[3] ZHANG Ruirong, NIU Baoning, FAN Xing. Multi-attribute Blockchain Decentralization Degree Measurement Model [J]. Computer Science, 2024, 51(5): 382-389.
[4] XU Chengzhi, XU Lei, XU Chungen. Dynamic Searchable Symmetric Encryption Based on Protected Search Mode of Updatable Encryption [J]. Computer Science, 2024, 51(3): 340-350.
[5] YAN Li, YIN Tian, LIU Peishun, FENG Hongxin, WANG Gaozhou, ZHANG Wenbin, HU Hailin, PAN Fading. Overview of Attribute-based Searchable Encryption [J]. Computer Science, 2024, 51(11A): 231100137-12.
[6] LIU Yuanlong, DAI Hua, LI Zhangchen, ZHOU Qian, YI Xun, YANG Geng. Research on Semantic-aware Ciphertext Rtrieval in Cloud Environments:A Survey [J]. Computer Science, 2024, 51(11): 298-306.
[7] GAO Shi-yao, CHEN Yan-li, XU Yu-lan. Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing [J]. Computer Science, 2022, 49(3): 313-321.
[8] JI Yan, DAI Hua, JIANG Ying-ying, YANG Geng, Yi Xun. Parallel Multi-keyword Top-k Search Scheme over Encrypted Data in Hybrid Clouds [J]. Computer Science, 2021, 48(5): 320-327.
[9] DAI Chuang-chuang, LUAN Hai-jing, YANG Xue-ying, GUO Xiao-bing, LU Zhong-hua, NIU Bei-fang. Overview of Blockchain Technology [J]. Computer Science, 2021, 48(11A): 500-508.
[10] WU Guang-fu, CHEN Ying, ZENG Xian-wen, HE Dao-Jing and LI Jiang-hua. Design and Analysis of Token Model Based on Blockchain Technology [J]. Computer Science, 2020, 47(6A): 603-608.
[11] WANG Shao-hui,ZHANG Yan-xuan,WANG Hua-qun,XIAO Fu,WANG Ru-chuan. Efficient Public-key Searchable Encryption Scheme Against Inside Keyword Guessing Attack [J]. Computer Science, 2019, 46(7): 91-95.
[12] HU Zhao-peng, DING Wei-ping, GAO Zhan, ZHU Xiao-hui, WANG Jie-hua. Multi-stage Cascade Wireless Security Authentication Scheme Based on Blockchain Technology [J]. Computer Science, 2019, 46(12): 180-185.
[13] LI Wei, WANG Teng-yu, LIU Qian-long, LIU Ke-meng, FAN Yong-gang. Inter-merchant Account Management Model Based on Blockchain [J]. Computer Science, 2019, 46(11A): 544-547.
[14] QU Guang-qiang, SUN Bin. Study on Trustworthy Backtracking Mechanism of Experimental Teaching Fund Based on Blockchain [J]. Computer Science, 2019, 46(11A): 553-556.
[15] FAN Ji-li, LI Xiao-hua, NIE Tie-zheng, YU Ge. Survey on Smart Contract Based on Blockchain System [J]. Computer Science, 2019, 46(11): 1-10.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.