|
|
- 2018
支持用户撤销的多授权机构的属性加密方案
|
Abstract:
摘要: 目前多数基于属性加密的云存储访问控制研究是基于单授权机构,系统内仅有一个授权机构为用户颁发属性密钥,可信而好奇的单授权机构会凭借用户提交的属性对用户的身份、职业等隐私信息进行判断和推测,特别是在单授权机构不可信或遭受恶意攻击的情况下,可能造成密钥泄露而导致云端数据被非法解密。为了避免上述两种安全问题,结合现有的多授权机构的思想,使不同权限的授权机构管理不同属性并进行属性相关密钥分发,大大降低了单一信任机构的工作量,解决了单授权机构下的密钥泄露或滥用问题,同时提高了用户的隐私数据保护;通过访问树技术实现了AND、OR及Threshold灵活访问策略,且将用户身份标识设置在访问树中来实现用户的撤销,撤销出现后只需更新部分密文而无需更新属性密钥,因而减少了计算开销。在标准模型下证明了该方案在选择身份属性攻击模型下是安全的,其安全性规约到判定性双线性Diffie-Hellman(decisional bilinear Diffie-Hellman, DBDH)问题。
Abstract: Most of the existing attribute-based encryption schemes are based on a single authority. That is, there is only one authority in the system to issue the key to the user. The curious authority will speculate the user's identity, occupation and other private information by the user's attributes. In particular, if the single authority suffered malicious attacks, it maybe cause the leakage of private key and the breach of cloud data confidentiality. In order to avoid the above two kinds of problems, multi-authority is introduced in this paper. The different authorities manage different attributes and distribute the attributes key to users, which greatly decreases the single authority's workload, improves the protection of user privacy data and solves the key escrow under a single or abuse authority. AND, OR and Threshold are flexible realized by using the access tree, and the user identity is set in the access tree to achieve the user's direct revocation. When the revocation occurs, the whole system only needs to update parts of the ciphertext without updating the attribute key, thus reducing the computational overhead of the cloud storage message. Finally, the proposed scheme is proved secure under the chosen identity attribute attack in the standard model, and the security of the scheme is built on the hardness assumption of decision bilinear Diffie-Hellman(DBDH)problem
| [1] | HAN Jinguang, SUSILO W, MU Yi, et al. Improving privacy and security in decentralized ciphertext-policy attribute-based encryption[J]. IEEE Transactions on Information Forensics & Security, 2017, 10(3):665-678. |
| [2] | MüLLER S, KATZENBEISSER S, ECKERT C. Distributed attribute-based encryption[C] //International Conference on Information Security and Cryptology-ICISC 2008. Berlin: Springer-Verlag, 2008:20-36. |
| [3] | QIN Baodong, DENG R H, LI Yingjiu, et al. Server-aided revocable identity-based encryption[C] //Proceedings of Computer Security(ESORICS 2015)Switzerland: Springer International Publishing, 2015: 286-304. |
| [4] | CHASE M. Multi-authority attribute based encryption[J]. Lecture Notes in Computer Science, 2007: 515-534. |
| [5] | YADAV U C, ALI S T. Ciphertext policy-hiding attribute-based encryption[C] //Proceedings of 2015 International Conference on Advances in Computing, Communications and Informatics(ICACCI 2015). New York: IEEE, 2015: 2067-2071. |
| [6] | CUI Hui, DENG R H, LI Yingjiu, et al. Server-aided revocable attribute-based encryption[C] // Proceedings of Computer Security(ESORICS 2016)Switzerland: Springer International Publishing, 2016: 570-587. |
| [7] | FAN Chuni, HUNG Shiming, RUAN Heming. Arbitrary-state attribute-based encryption with dynamic membership[J]. IEEE Transactions on Computers, 2014, 63(8):1951-1961. |
| [8] | WANG Shulan, ZHOU Junwei, LIU K J, et al. An efficient file hierarchy attribute-based encryption scheme in cloud computing[J]. IEEE Transactions on Information Forensics & Security, 2016, 11(6):1265-1277. |
| [9] | PHUONG T V X, YANG Guomin, SUSILO W. Hidden ciphertext policy attribute-based encryption under standard assumptions[J]. IEEE Transactions on Information Forensics & Security, 2015, 11(1):35-45. |
| [10] | BONEH D, GOH E J, NISSIM K. Evaluating 2-dnf formulas on ciphertexts[C] //Proceedings of the 2nd Theory of Cryptography Conference(TCC2005). Berlin: Springer-Verlag, 2005: 325-341. |
| [11] | 陶启,黄晓芳.基于密文策略多机构属性基加密方案[J].武汉大学学报(理学版),2015,61(6):545-548. TAO Qi, HUANG Xiaofang. Multi-authority ciphertext-policy attribute-based encryption scheme[J]. Journal Wuhan University(Natural Science Edition), 2015, 61(6):545-548. |
| [12] | 李新,彭长根,牛翠翠.隐藏树型访问结构的属性加密方案[J].密码学报,2016,3(5):471-479. LI Xin, PENG Changgen, NIU Cuicui. Attribute-based encryption scheme with hidden tree access structures[J]. Journal of Cryptologic Research, 2016, 3(5):471-479. |
| [13] | XIE Xingxing, MA Hua, LI Jin, et al. An efficient ciphertext-policy attribute-based access control towards revocation in cloud computing[J]. Journal of Universal Computerence, 2013, 19(16):2349-2367. |
| [14] | KILINC H H, YANIK T. A survey of sip authentication and key agreement schemes[J]. IEEE Communications Surveys & Tutorials, 2014, 16(2):1005-1023. |
| [15] | SAHAI A, WATERS B. Fuzzy identity-based encryption[C] //International Conference on Theory and Applications of Cryptographic Techniques. Berlin:Springer-Verlag, 2005: 457-473. |
| [16] | BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C] //Proceedings of the 2007 IEEE Symposium on Security and Privacy. Washington: IEEE Computer Society, 2007: 321-334. |
| [17] | JUNG Taeho, LI Xiaoyang, WAN Zhiguo, et al. Privacy preserving cloud data access with multi-authorities[C] //2013 Proceedings IEEE INFOCOM. New York: IEEE, 2013: 2625-2633. |
| [18] | LIU Zhen, CAO Zhenfu, HUANG Qiong, et al. Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles[C] //European Conference on Research in Computer Security. Berlin: Springer-Verlag, 2011: 278-297. |
| [19] | LEWKO A, WATERS B. Decentralizing attribute-based encryption[C] //Proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer-Verlag, 2011: 568-588. |
| [20] | YANG Kan, JIA Xiaohua, REN Kui. DAC-MACS: Effective data access control for multi-authority cloud storage systems[C] //2013 Proceedings IEEE INFOCOM. New York: IEEE, 2013: 1790-1801. |
| [21] | RUJ S, STOJMENOVIC M, NAYAK A. Decentralized access control with anonymous authentication of data stored in clouds[J]. IEEE Transactions on Parallel & Distributed Systems, 2013, 25(2):384-394. |
| [22] | GORASIA N, SRIKANTH R R, NISHANT D, et al. Improving security in multi authority attribute based encryption with fast decryption[J]. Procedia Computer Science, 2016, 79:632-639. |
| [23] | HUR J. Improving security and efficiency in attribute-based data sharing[J]. IEEE Transactions on Knowledge & Data Engineering, 2013, 25(10):2271-2282. |
