高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

标准模型下可证明安全的支持大规模属性集与属性级用户撤销的CP-ABE方案

王建华 王光波 徐开勇

downloadPDF
文章导航 > 电子与信息学报  > 2017 >  39(12): 3013-3022
王建华, 王光波, 徐开勇. 标准模型下可证明安全的支持大规模属性集与属性级用户撤销的CP-ABE方案[J]. 电子与信息学报, 2017, 39(12): 3013-3022. doi: 10.11999/JEIT170199
引用本文: 王建华, 王光波, 徐开勇. 标准模型下可证明安全的支持大规模属性集与属性级用户撤销的CP-ABE方案[J]. 电子与信息学报, 2017, 39(12): 3013-3022. doi: 10.11999/JEIT170199
shu
WANG Jianhua, WANG Guangbo, XU Kaiyong. Ciphertext Policy Attribute-based Encryption Scheme Supporting Attribute Level User Revocation Under Large Universe[J]. Journal of Electronics & Information Technology, 2017, 39(12): 3013-3022. doi: 10.11999/JEIT170199
Citation: WANG Jianhua, WANG Guangbo, XU Kaiyong. Ciphertext Policy Attribute-based Encryption Scheme Supporting Attribute Level User Revocation Under Large Universe[J]. Journal of Electronics & Information Technology, 2017, 39(12): 3013-3022. doi: 10.11999/JEIT170199
shu

标准模型下可证明安全的支持大规模属性集与属性级用户撤销的CP-ABE方案

doi: 10.11999/JEIT170199
  • 2.

    (信息工程大学 郑州 450000)

基金项目: 

国家973计划项目(2013CB338001)

Ciphertext Policy Attribute-based Encryption Scheme Supporting Attribute Level User Revocation Under Large Universe

  • 2.

    (Information Science and Technology University, Zhengzhou 450000, China)

Funds: 

The National 973 Program of China (2013 CB338001)

    摘要
  • 摘要: 密文策略属性加密方案,特别是不受某个特定值限制的大规模属性集下的密文策略属性加密方案在云存储中得到了越来越广泛的应用,它能够实现细粒度的访问控制。但是在原始的属性加密方案中,解决动态的用户与属性撤销,是当前面临的重要挑战。为了解决这一问题,该文提出一个标准模型下可证明安全的支持大规模属性集的密文策略属性加密方案,该方案能够实现属性级的用户撤销,即若用户的某个属性被撤销,不会影响该用户其他合法属性的正常访问。为了实现撤销,将密钥分为两部分:为用户生成的私钥以及为云存储中心生成的授权密钥。在该方案中,若用户的属性被撤销,那么该属性对应的密文将进行更新,只有该属性没有被撤销的用户才能够成功地进行密钥更新而解密密文。该文基于q-type 假设在标准模型下对方案进行了选择访问结构明文攻击的安全性证明。最后对方案进行了性能分析与实验验证,实验结果表明,与已有相关方案相比,虽然为了实现属性撤销,增加了存储中心的计算负载,但是不需要属性中心的参与,因此降低了属性中心的计算负载,而且用户除了密钥外不需要其它额外参数来实现属性撤销,因此大大节省了存储空间。
    Abstract: Ciphertext-Policy Attribute-Based Encryption (CP-ABE), especially large universe CP-ABE that is not bounded with the attribute set, is getting the more and the more extensive application to the cloud storage. However, there exists an important challenge in original large universe CP-ABE, namely dynamic user and attribute revocation. In this paper, a large universe CP-ABE scheme with efficient attribute level user revocation is proposed, namely the revocation to an attribute of some user can not influence the common access of other legitimate attributes. To achieve the revocation, the master key is divided into two parts: delegation key and secret key, which are sent to the cloud provider and user separately. In this scheme proposed, if an attribute is revoked, then the ciphertext corresponding to this attribute should be updated so that only persons who are not revoked will be able to carry out key updating and decrypt the ciphertext successfully. Note that, the proposed scheme is proved selectively secure in the standard model under q-type assumption. Finally, the performance analysis and experimental verification are carried out in this paper, and the experimental results show that, compared with the existing revocation schemes, although the proposed scheme increases the Computational load of Storage service Provider (CSP) in order to achieve the attribute revocation, it does not need the participation of Attribute Authority (AA), which reduces the computational load of AA. Moreover, the user does not need any additional parameters to achieve the attribute revocation except of the private key, thus saving the storage space greatly.
    • HTML全文
    • 参考文献(18)
  • YADAV U C. Ciphertext-policy attribute-based encryption with hiding access structure[C]. 2015 IEEE International Advance Computing Conference (IACC), Bangalore, India, 2015: 6-10. doi: 10.1109/IADCC.2015.7154664.
    SAHAI A and WATERS B. Fuzzy Identity-Based Encryption [M]. Heidelberg, Berlin, Springer, 2005: 457-473. doi: 10.1007 /11426639_27.
    WANG M, ZHANG Z, and CHEN C. Security analysis of a privacy-preserving decentralized ciphertext-policy attribute- based encryption scheme[J]. Concurrency Computation Practice Experience, 2016, 28(4): 1237-1245. doi: 10.1002/ cpe.3623.
    NARUSE T, MOHRI M, and SHIRAISHI Y. Provably secure attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating[J]. Human-centric Computing and Information Sciences, 2015, 5(1): 1-13. doi: 10.1186/s13673-015-0027-0.
    LEWKO A, OKAMOTO T, SAHAI A, et al. Fully Secure Functional Encryption: Attribute-based Encryption and (Hierarchical) inner Product Encryption[M]. Heidelberg, Berlin, Springer, 2010: 62-91. doi: 10.1007/978-3-642-13190- 5_4.
    RAHULAMATHAVAN Y, VELURU S, HAN J, et al. User collusion avoidance scheme for privacy-preserving decentralized key-policy attribute-based encryption[J]. IEEE Transactions on Computers, 2016, 65(9): 2939-2946. doi: 10.1109/TC.2015.2510646.
    LEWKO A and WATERS B. Unbounded HIBE and attribute-based encryption[C]. International Conference on Theory and Applications of Cryptographic Techniques: Advances in Cryptology, Tallinn, Estonia, 2011: 547-567.
    ROUSELAKIS Y and WATERS B. Practical constructions and new proof methods for large universe attribute-based encryption[C]. ACM Sigsac Conference on Computer Communications Security, Berlin, Germany, 2013: 463-474.
    OSTROVSKY R, SAHAI A, and WATERS B. Attribute- based encryption with non-monotonic access structures[C]. CCS 07 ACM Conference on Computer Communications Security, Alexandria, Virginia, USA, 2007: 195-203.
    STADDON J, GOLLE P, et al. A content-driven access control system[C]. Proceedings of the 7th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryland, USA, 2008: 26-35.
    LIANG X, LU R, and LIN X. Ciphertext policy attribute based encryption with efficient revocation[OL]. https:// www.ResearchGate.net/publication/255670422, 2010.
    BETHENCOURT J, SAHAI A, and WATERS B. Ciphertext-policy attribute-based encryption[C]. IEEE Symposium on Security and Privacy, Oakland, California, USA, 2007: 321-334.
    BOLDYREVA A, GOYAL V, and KUMAR V. Identity- based encryption with efficient revocation[C]. ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, 2008: 417-426.
    PIRRETTI M, TRAYNOR P, MCDANIEL P, et al. Secure attribute-based systems[C]. ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 2006: 799-837.
    YANG K, JIA X, and REN K. Attribute-based fine-grained access control with efficient revocation in cloud storage systems[C]. ACM Sigsac Symposium on Information, Computer and Communications Security, Denver, Colorado, 2015: 523-528.
    HUR J and NOH D K. Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel Distributed Systems, 2011, 22(7): 1214-1221.
    BONEH D and BOYEN X. Efficient selective-ID Secure identity-based encryption without random oracles[C]. Advancesin Cryptology-EUROCRYPT 2004, Lecture Notes in Computer Science, Berlin, Heidelberg, 2004, 3027: 223-238.
    DAN B, GENTRY C, and WATERS B. Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys[M]. Heidelberg, Berlin, Springer, 2005: 258-275.
    • 相关文章
    • 施引文献
  • 资源附件(0)
  • 加载中
计量
  • 文章访问数:  758
  • HTML全文浏览量:  109
  • PDF下载量:  214
  • 被引次数: 0
出版历程
  • 收稿日期:  2017-03-06
  • 修回日期:  2017-08-06
  • 刊出日期:  2017-12-19

目录

    /

    返回文章
    返回

    Copyright © 2018《电子与信息学报》编辑部 京ICP备20021838号-8

    中国科学院电子学研究所,北京市2702信箱,邮编:100190

    电话:010-58887066传真:021-64253812Email:jeit@mail.ie.ac.cn

    本系统由 北京仁和汇智信息技术有限公司 开发    百度统计