Searchable Encryption Scheme Supporting Policy Hiding and Constant Ciphertext Length
-
摘要: 属性加密体制是实现云存储中数据灵活访问控制的关键技术之一,但已有的属性加密方案存在密文存储开销过大和用户隐私泄露等问题,并且不能同时支持云端数据的公开审计。为了解决这些问题,该文提出一个新的可搜索属性加密方案,其安全性可归约到q-BDHE问题和CDH问题的困难性。该方案在支持关键词搜索的基础上,实现了密文长度恒定;引入策略隐藏思想,防止攻击者获取敏感信息,确保了用户的隐私性;通过数据公开审计机制,实现了云存储中数据的完整性验证。与已有的同类方案相比较,该方案有效地降低了数据的加密开销、关键词的搜索开销、密文的存储成本与解密开销,在云存储环境中具有较好的应用前景。Abstract: The Attribute-Based Encryption (ABE) mechanism is one of the key technologies for implementing flexible access control of data in cloud storage. However, the existing ABE schemes have some problems, such as too much ciphertext storage overhead and user privacy leakage, and unsupported public auditing of cloud data. To solve these problems, a new searchable ABE scheme is proposed, and its security can be reduced to the difficulty of q-BDHE (q –decisional Bilinear Diffie-Hellman Exponent) problem and CDH (Computational Diffie-Hellman) problem. The proposed scheme achieves a constant ciphertext length on the basis of supporting keyword search. By introducing strategies to hide ideas, it prevents attackers from obtaining sensitive information and ensures the privacy of users. And the integrity of the data in cloud storage is verified through data public audit mechanism. Compared with the existing similar schemes, this scheme greatly reduces the data encryption overhead, keyword search overhead, ciphertext storage cost and decryption cost, which has a good application prospect to the cloud storage environment.
-
表 1 计算开销对比
-
ZHANG Jindan, WANG Baocang, HE Debiao, et al. Improved secure fuzzy auditing protocol for cloud data storage[J]. Soft Computing, 2019, 23(10): 3411–3422. doi: 10.1007/s00500-017-3000-1 ZHANG Yinghui, YANG Menglei, ZHENG Dong, et al. Efficient and secure big data storage system with leakage resilience in cloud computing[J]. Soft Computing, 2018, 22(23): 7763–7772. doi: 10.1007/s00500-018-3435-z BETHENCOURT J, SAHAI A, and WATERS B. Ciphertext-policy attribute-based encryption[C]. The 2007 IEEE Symposium on Security and Privacy, Berkeley, USA, 2007: 321–334. doi: 10.1109/SP.2007.11. WATERS B. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization[C]. The 14th International Conference on Practice and Theory in Public Key Cryptography Conference on Public Key Cryptography, Taormina, Italy, 2011: 53–70. doi: 10.1007/978-3-642-19379-8_4. ROUSELAKIS Y and WATERS B. Practical constructions and new proof methods for large universe attribute-based encryption[C]. The 2013 ACM SIGSAC Conference on Computer & Communications Security, New York, USA, 2013: 463–474. doi: 10.1145/2508859.2516672. CHEUNG L and NEWPORT C. Provably secure ciphertext policy abe[C]. The 14th ACM Conference on Computer and Communications Security, Alexandria, USA, 2007: 456–465. doi: 10.1145/1315245.1315302. LAI Junzuo, DENG R H, and LI Yingjiu. Expressive CP-ABE with partially hidden access structures[C]. The 7th ACM Symposium on Information, Computer and Communications Security, New York, USA, 2012: 18–19. doi: 10.1145/2414456.2414465. NISHIDE T, YONEYAMA K, and OHTA K. Attribute-based encryption with partially hidden encryptor-specified access structures[C]. The 6th International Conference on Applied Cryptography and Network Security, New York, USA, 2008: 111–129. doi: 10.1007/978-3-540-68914-0_7. 应作斌, 马建峰, 崔江涛. 支持动态策略更新的半策略隐藏属性加密方案[J]. 通信学报, 2015, 36(12): 178–189. doi: 10.11959/j.issn.1000-436x.2015327YING Zuobin, MA Jianfeng, and CUI Jiangtao. Partially policy hidden CP-ABE supporting dynamic policy updating[J]. Journal on Communications, 2015, 36(12): 178–189. doi: 10.11959/j.issn.1000-436x.2015327 PHUONG T V X, YANG Guomin, and SUSILO W. Hidden ciphertext policy attribute-based encryption under standard assumptions[J]. IEEE transactions on Information Forensics and Security, 2016, 11(1): 35–45. doi: 10.1109/TIFS.2015.2475723 XU Runhua and LANG Bo. A CP-ABE scheme with hidden policy and its application in cloud computing[J]. International Journal of Cloud Computing, 2015, 4(4): 279–298. doi: 10.1504/IJCC.2015.074224 ZHOU Zhibin, HUANG Dijiang, and WANG Zhijie. Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption[J]. IEEE Transactions on Computers, 2015, 64(1): 126–138. doi: 10.1109/TC.2013.200 LAI Junzuo, DENG R H, and LI Yingjiu. Fully secure cipertext-policy hiding CP-ABE[C]. The 7th International Conference on Information Security Practice and Experience, Guangzhou, China, 2011: 24–39. doi: 10.1007/978-3-642-21031-0_3. EMURA K, MIYAJI A, NOMURA A, et al. A ciphertext-policy attribute-based encryption scheme with constant ciphertext length[C]. The 5th International Conference on Information Security Practice and Experience, Xi’an, China, 2009: 13–23. doi: 10.1007/978-3-642-00843-6_2. HERRANZ J, LAGUILLAUMIE F, and RÀFOLS C. Constant size ciphertexts in threshold attribute-based encryption[C]. The 13th International Conference on Practice and Theory in Public Key Cryptography, Paris, France, 2010: 19–34. doi: 10.1007/978-3-642-13013-7_2. GE Aijun, ZHANG Rui, CHEN Cheng, et al. Threshold ciphertext policy attribute-based encryption with constant size ciphertexts[C]. The 17th Australasian Conference on Information Security and Privacy, Wollongong, Australia, 2012: 336–349. doi: 10.1007/978-3-642-31448-3_25. ZHANG Yinghui, ZHENG Dong, CHEN Xiaofeng, et al. Computationally efficient ciphertext-policy attribute-based encryption with constant-size ciphertexts[C]. The 8th International Conference on Provable Security, Hong Kong, China, 2014: 259–273. doi: 10.1007/978-3-319-12475-9_18. 安立峰, 范运东, 付钰. 支持策略隐藏且固定密文长度的属性基加密方案[J]. 通信技术, 2018, 51(1): 156–164. doi: 10.3969/j.issn.1002-0802.2018.01.028AN Lifeng, FAN Yundong, and FU Yu. Attribute-based encryption scheme with hidden policy and constant length ciphertext[J]. Communications Technology, 2018, 51(1): 156–164. doi: 10.3969/j.issn.1002-0802.2018.01.028 KUMAR G S and KRISHNA A S. Privacy Sustaining Constant Length Ciphertext-policy Attribute-based Broadcast Encryption[M]. WANG J, REDDY G, PRASAD V, et al. Soft Computing and Signal Processing. Singapore: Springer, 2019: 313–324. 赵志远, 朱智强, 王建华, 等. 属性可撤销且密文长度恒定的属性基加密方案[J]. 电子学报, 2018, 46(10): 2391–2399. doi: 10.3969/j.issn.0372-2112.2018.10.012ZHAO Zhiyuan, ZHU Zhiqiang, WANG Jianhua, et al. Attribute-based encryption with attribute revocation and constant-size ciphertext[J]. Acta Electronica Sinica, 2018, 46(10): 2391–2399. doi: 10.3969/j.issn.0372-2112.2018.10.012 SUSILO W, YANG Guomin, GUO Fuchun, et al. Constant-size ciphertexts in threshold attribute-based encryption without dummy attributes[J]. Information Sciences, 2018, 429: 349–360. doi: 10.1016/j.ins.2017.11.037 孙瑾, 王小静, 王尚平, 等. 支持属性撤销的可验证多关键词搜索加密方案[J]. 电子与信息学报, 2019, 41(1): 53–60. doi: 10.11999/JEIT180237SUN Jin, WANG Xiaojing, WANG Shangping, et al. Verifiable multi-keyword search encryption scheme with attribute revocation[J]. Journal of Electronics &Information Technology, 2019, 41(1): 53–60. doi: 10.11999/JEIT180237 牛淑芬, 谢亚亚, 杨平平, 等. 加密邮件系统中基于身份的可搜索加密方案[J]. 电子与信息学报, 2020, 42(7): 1803–1810. doi: 10.11999/JEIT190578NIU Shufen, XIE Yaya, YANG Pingping, et al. Identity-based searchable encryption scheme for encrypted email system[J]. Journal of Electronics &Information Technology, 2020, 42(7): 1803–1810. doi: 10.11999/JEIT190578 BELGUITH S, KAANICHE N, LAURENT M, et al. Phoabe: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IOT[J]. Computer Networks, 2018, 133: 141–156. doi: 10.1016/j.comnet.2018.01.036 苏金树, 曹丹, 王小峰, 等. 属性基加密机制[J]. 软件学报, 2011, 22(6): 1299–1315. doi: 10.3724/SP.J.1001.2011.03993SU Jinshu, CAO Dan, WANG Xiaofeng, et al. Attribute-based encryption schemes[J]. Journal of Software, 2011, 22(6): 1299–1315. doi: 10.3724/SP.J.1001.2011.03993 QIU Shuo, LIU Jiqiang, SHI Yanfeng, et al. Hidden policy ciphertext-policy attribute-based encryption with keyword search against keyword guessing attack[J]. Science China Information Sciences, 2017, 60(5): 052105. doi: 10.1007/s11432-015-5449-9 刘振华, 周佩琳, 段淑红. 支持关键词搜索的属性代理重加密方案[J]. 电子与信息学报, 2018, 40(3): 683–689. doi: 10.11999/JEIT170448LIU Zhenhua, ZHOU Peilin, and DUAN Shuhong. Attribute-based proxy re-encryption scheme with keyword search[J]. Journal of Electronics &Information Technology, 2018, 40(3): 683–689. doi: 10.11999/JEIT170448 期刊类型引用(14)
1. 张盛峰,袁强,陈会丹,黄胜. EONs中一种混合路径专有保护算法. 光通信研究. 2021(02): 20-25 . 百度学术
2. 胡竣涛,时小虎,马德印. 基于均值漂移和遗传算法的护工调度算法. 广西师范大学学报(自然科学版). 2021(03): 27-39 . 百度学术
3. 巨子琪,兰宏伟,宰晨光. 轨道交通车辆踏面制动闸调器螺杆连接优化研究. 自动化与仪器仪表. 2020(12): 70-74 . 百度学术
4. 赵必游,张善辉,王进帅. 配电系统弹性光网络频谱整理优化算法. 电信科学. 2019(02): 43-50 . 百度学术
5. 黄正鹏,王力,张仕学,余廷忠,张起荣. 基于传统遗传和数据压缩算法的冗余光纤数据存储优化. 激光杂志. 2019(03): 135-139 . 百度学术
6. 程光德,肖瑜. 基于用户满意度的光网络数据路由机制设计. 激光杂志. 2019(04): 118-121 . 百度学术
7. 王鹏辉,张宁,肖明明. 基于节点重要度的路由选择与频谱分配算法. 计算机工程与应用. 2019(13): 106-111+259 . 百度学术
8. 马学森,朱建,谈杰,唐昊,周江涛. 多头绒泡菌预处理的改进Q学习算法求解最短路径问题. 电子测量与仪器学报. 2019(05): 148-157 . 百度学术
9. 施达雅,余庚. 弹性光网络中碎片问题的研究. 光通信技术. 2018(02): 16-19 . 百度学术
10. 田建勇,石林江. 基于Kalman算法的光纤网络流量在线预测模型. 激光杂志. 2018(09): 110-114 . 百度学术
11. 刘焕淋,胡浩,熊翠连,陈勇,向敏,马跃. 基于时频联合碎片感知的资源均衡虚拟光网络映射算法. 电子与信息学报. 2018(10): 2345-2351 . 本站查看
12. 刘焕淋,张明佳,陈勇,王欣. 频谱可用性和保护带宽共享度感知的弹性光网络生存性多路径策略. 电子与信息学报. 2017(10): 2472-2478 . 本站查看
13. 李汪丽. 通信链接无线终端资源传输路径目标识别仿真. 计算机仿真. 2017(10): 177-180 . 百度学术
14. 魏星. 基于改进人工鱼群算法的光网络最优环路径搜索研究. 计算机与数字工程. 2017(04): 650-654 . 百度学术
其他类型引用(11)
-