基于属性加密的云存储方案研究

王光波; 王建华

doi:10.11999/JEIT160064

基于属性加密的云存储方案研究

doi: 10.11999/JEIT160064

王光波¹,
王建华²

1.
(解放军信息工程大学郑州 450001) ②(空军电子技术研究所北京 100195)

基金项目:

国家高技术研究发展计划(2012AA012704)，郑州市科技领军人才项目(131PLJRC644)

计量
- 文章访问数: 1344
- HTML全文浏览量: 114
- PDF下载量: 723
- 被引次数: 0
出版历程
- 收稿日期: 2016-01-15
- 修回日期: 2016-08-15
- 刊出日期: 2016-11-19

Research on Cloud Storage Scheme with Attribute-based Encryption

WANG Guangbo¹,
WANG Jianhua²

1.
(PLA Information Engineering University, Zhengzhou 450001, China)
2.
(Electronic Technology Institute of Air Force, Beijing 100195, China)

Funds:

The National High-tech RD Program of China (2012AA012704), The Science and Technology Leading Talent Project of Zhengzhou (131PLJRC644)

摘要

摘要: 云存储中往往采用属性加密方案来实现细粒度的访问控制，为了进一步保护访问控制策略中的敏感信息，并解决授权中心单独为用户生成密钥而产生的密钥托管问题。该文对访问控制策略中的属性进行重新映射，以实现其隐私性。另外在密钥生成算法中设计一个双方计算协议，由用户产生密钥的部分组件，与授权中心共同生成密钥以解决密钥托管问题。最后在标准模型下对方案进行了安全证明，并进行了性能分析与实验验证，实验结果表明，与已有相关方案相比，虽然为了实现访问控制策略隐藏并且解决密钥托管问题增加了额外的计算负载，但是由于该文将大部分解密工作授权给云存储中心来执行，因此数据访问者的计算负载较小。
- 属性加密 /
- 控制策略隐藏 /
- 密钥托管 /
- 外包解密
Abstract: Attribute-Based Encryption (ABE) is often used in cloud storage to achieve fine-grained access control. In order to further protect the sensitive information of access control policy and solve the key escrow caused by the authority center generating the private key for users alone. In this paper, the attributes of access control policy are remapped to achieve its privacy. Additionally, a two-party computing protocol in which the user generates partial private key component is devised to solve the problem of key escrow. At last, the security of this scheme is proved in the standard model, and the performance analysis and experiment validation are conducted, which show that although some additional computation overhead is added for achieving the privacy of access control policy and solving the problem of key escrow, the receiver in proposed scheme has smaller computation overhead compared with the existing related schemes because most of the decryption is delegated to the storage center to carry out.
- Attribute-Based Encryption (ABE) /
- Access control policy hidden /
- Key escrow /
- Outsource decryption

HTML全文

参考文献(22)

SAHAI A and WATERS B. Fuzzy Identity-Based Encryption [M]. Heidelberg, Berlin, Springer, 2005: 457-473. doi: 10.1007 /11426639_27.

YADAV U C. Ciphertext-policy attribute-based encryption with hiding access structure[C]. 2015 IEEE International Advance Computing Conference (IACC), Bangalore, India, 2015: 6-10. doi: 10.1109/IADCC.2015.7154664.

NARUSE T, MOHRI M, and SHIRAISHI Y. Provably secure attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating[J]. Human-centric Computing and Information Sciences, 2015, 5(1): 1-13.

WANG H, YANG B, and WANG Y. Server aided ciphertext- policy attribute-based encryption[C]. IEEE International Conference on Advanced Information Networking Applications Workshops, Gwangju, Korea, 2015: 440-444. doi: 10.1109/WAINA.2015.11.

QI L, MA J, RUI L, et al. Large universe decentralized key- policy attribute-based encryption[J]. Security Communi- cation Networks, 2015, 8(3): 501-509.

WANG X, ZHANG J, SCHOOLER E M, et al. Performance evaluation of attribute-based encryption: Toward data privacy in the IoT[C]. IEEE International Conference on Communications (ICC), Sydney, Australia, 2014: 725-730.

KAPADIA A, TSANG P P, and SMITH S W. Attribute- based publishing with hidden credentials and hidden policies [C]. Network and Distributed System Security Symposium, NDSS 2007, San Diego, CA, USA, 2007: 179-192.

NISHIDE T, YONEYAMA K, and OHTA K. Attribute- based Encryption with Partially Hidden Encryptor-specified Access Structures[M]. Heidelberg, Berlin, Springer, 2008: 111-129. doi: 10.1007/978-3-540-68914-0_7.

LAI J, DENG R H, and LI Y. Fully secure cipertext-policy hiding CP-ABE[J]. Lecture Notes in Computer Science, 2011, 6672: 24-39.

王海斌, 陈少真. 隐藏访问结构的基于属性加密方案[J]. 电子与信息学报, 2012, 34(2): 457-461.

WANG Haibin and CHEN Shaozhen. Attribute-based encryption with hidden access structures[J]. Journal of Electronics Information Technology, 2012, 34(2): 457-461.

HUR J. Attribute-based secure data sharing with hidden policies in smart grid[J]. IEEE Transactions on Parallel Distributed Systems, 2013, 24(11): 2171-2180. doi: 10.1109/ TPDS.2012.61.

宋衍, 韩臻, 刘凤梅, 等. 基于访问树的策略隐藏属性加密方案[J]. 通信学报, 2015, 36(9): 119-126.

SONG Yan, HAN Zhen, LIU Fengmei, et al. Attribute-based encryption with hidden policies in the access tree[J]. Journal on Communications, 2015, 36(9): 119-126.

LUAN Ibraimi, QIANG Tang, PITER Hartel, et al. Efficient and Provable Secure Ciphertext-policy Attribute-Based Encryption Schemes. Information Security Practice and Experience[M]. Heidelberg, Berlin, Springer, 2009: 1-12.

CHASE M and CHOW S S M. Improving privacy and security in multi-authority attribute-based encryption[C]. ACM Conference on Computer and Communications Security, Chicago, IL, USA, 2009: 121-130. doi: 10.1145/1653662. 1653678.

YANG M, LIU F, HAN J L, et al. An efficient attribute based encryption scheme with revocation for outsourced data sharing control[C]. 2011 First International Conference on Instrumentation, Measurement, Computer, Communication and Control, Beijing, China, 2011: 516-520.

LIU Z, CAO Z, and WONG D. Traceable ciphertext-policy attribute-based encryption supporting any monotone access structures[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(1): 76-88.

BONEH D and BOYEN X. Short signatures without random oracles[C]. Advances in Cryptology-EUROCRYPT 2004, Switzerland, 2004: 56-73.

ZAVATTONI E, PEREZ L J D, MITSUNARI S, et al. Software implementation of an attribute-based encryption scheme[J]. IEEE Transactions on Computers, 2015, 64(5): 1429-1441. [19] CHEUNG L and NEWPORT C. Provably secure ciphertext policy ABE[C]. Proceedings of the 14th ACM Conference on Computer and Communications Security, New York, USA, 2007: 456-465. doi: 10.1145/1315245.1315302.

LEWKO A, OKAMOTO T, SAHAI A, et al. Fully Secure Functional Encryption: Attribute-based Encryption and (Hierarchical) Inner Product Encryption[M]. Heidelberg, Berlin, Springer, 2010: 62-91. doi: 10.1007/978-3-642-13190- 5_4.

BELENKIY M, CAMENISCH J, CHASE M, et al. Randomizable Proofs and Delegatable Anonymous Credentials[M]. Heidelberg, Berlin, Springer, 2009: 108-125. doi: 10.1007/978-3-642-03356-8_7.

施引文献

资源附件(0)

访问统计