云存储环境下支持属性撤销的属性基加密方案

详细信息    查看全文 | 推荐本文 |

英文篇名：Attribute-based encryption scheme supporting attribute revocation in cloud storage environment 作者：孙磊 ; 赵志远 ; 王建华 ; 朱智强 英文作者：SUN Lei;ZHAO Zhiyuan;WANG Jianhua;ZHU Zhiqiang;The Third Institute, Strategic Support Force Information Engineering University;Troops 61516; 关键词：云存储 ; 属性基加密 ; 合谋攻击 ; 属性撤销 ; 解密外包 英文关键词：cloud storage;;attribute-based encryption;;collusion attack;;attribute revocation;;outsourced decryption 中文刊名：TXXB 英文刊名：Journal on Communications 机构：战略支援部队信息工程大学三院;61516部队; 出版日期：2019-05-25 出版单位：通信学报 年：2019 期：v.40;No.385 基金：国家重点基础研究发展计划(“973”计划)基金资助项目(No.2013CB338000);; 国家重点研发计划基金资助项目(No.2016YFB0501900)~~ 语种：中文; 页：TXXB201905006 页数：10 CN：05 ISSN：11-2102/TN 分类号：51-60

摘要

属性基加密因其细粒度访问控制在云存储中得到了广泛应用。在属性基加密方案中,每个属性可能同时被多个用户共享,因此如何实现属性级用户撤销且能够抵抗用户合谋攻击是当前面临的重要挑战。针对上述问题,提出了一种支持属性撤销的属性基加密方案,所提方案可以有效地抵抗撤销用户与未撤销用户的合谋攻击,同时,将复杂的解密计算外包给具有强大计算能力的云服务商,减轻了数据用户的计算负担。在标准模型下,基于计算性Diffie-Hellman假设完成安全证明。最后从理论和实验2个方面对所提方案的效率与功能进行分析,结果表明所提方案可以安全地实现属性级用户撤销,并具有快速解密的能力。
        Attribute-based encryption(ABE) scheme is widely used in the cloud storage due to its fine-grained access control.Each attribute in ABE may be shared by multiple users at the same time. Therefore, how to achieve attribute-level user revocation is currently facing an important challenge. Through research, it has been found that some attribute-level user revocation schemes currently can't resist the collusion attack between the revoked user and the existing user. To solve this problem,an attribute-based encryption scheme that supported the immediate attribute revocation was proposed. The scheme could achieve attribute-level user revocation and could effectively resist collusion attacks between the revoked users and the existing users. At the same time, this scheme outsourced complex decryption calculations to cloud service providers with powerful computing ability, which reduced the computational burden of the data user. The scheme was proved secure based on computational Diffie-Hellman assumption in the standard model. Finally, the functionality and efficiency of the proposed scheme were analyzed and verified. The experimental results show that the proposed scheme can safely implement attribute-level user revocation and has the ability to quickly decrypt, which greatly improves the system efficiency.

引文

[1]SUBASHINI S,KAVITHA V.A survey on security issues in service delivery models of cloud computing[J].Journal of Network and Computer Applications,2011,34(1):1-11.
    [2]SAHAI A,WATERS B.Fuzzy identity-based encryption[C]//The 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques.2005:457-473.
    [3]姚亮,杨超,马建峰,等.云端数据访问控制中基于中间代理的用户撤销新方法[J].通信学报,2015,36(11):92-101.YAO L,YANG C,MA J F,et al.New user revocation approach based on intermediate agency for cloud data access control[J].Journal on Communications,2015,36(11):92-101.
    [4]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C]//The 13th ACM Conference on Computer and Communications Security.ACM,2006:89-98.
    [5]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]//IEEE Symposium on Security and Privacy.IEEE,2007:321-334.
    [6]SOOKHAK M,YU F R,KHAN M K,et al.Attribute-based data access control in mobile cloud computing:Taxonomy and open issues[J].Future Generation Computer Systems,2017,72(C):273-287.
    [7]李勇,曾振宇,张晓菲.支持属性撤销的外包解密方案[J].清华大学学报:自然科学版,2013,53(12):1664-1669.LI Y,ZENG Z Y,ZHANG X F.Outsourced decryption scheme supporting attribute revocation[J].Journal of Tsinghua University(Science&Technology),2013,53(12):1664-1669.
    [8]PIRRETTI M,TRAYNOR P,MCDANIEL P,et al.Secure attribute-based systems[C]//The 13th AMC conference on Computer and Communications Security.AMC,2006:99-112.
    [9]RAFAELI S,HUTCHISON D.A survey of key management for secure group communication[J].ACM Computing Surveys,2003,35(3):309-329.
    [10]IBRAIMI L,PETKOVIC M,NIKOVA S,et al.Mediated ciphertext-policy attribute-based encryption and its application[C]//The 10th International Workshop on Information Security Applications.2009:309-323.
    [11]YU S,WANG C,REN K,et al.Attribute based data sharing with attribute revocation[C]//The 5th ACM Symposium on Information,Computer and Communications Security.ACM,2010:261-270.
    [12]HUR J,NOH D K.Attribute-based access control with efficient revocation in data outsourcing systems[J].IEEE Transactions on Parallel and Distributed Systems,2011,22(7):1214-1221.
    [13]YANG K,JIA X,REN K.Attribute-based fine-grained access control with efficient revocation in cloud storage systems[C]//The 8th ACMSIGSAC Symposium on Information,Computer and Communications Security.ACM,2013:523-528.
    [14]YANG K,JIA X.Security for cloud storage systems[M].Berlin:Springer,2014.
    [15]马华,白翠翠,李宾,等.支持属性撤销和解密外包的属性基加密方案[J].西安电子科技大学学报(自然科学版),2015,42(6):6-10.MA H,BAI C C,LI B,et al.Attribute-based encryption scheme supporting attribute revocation and decryption outsourcing[J].Journal of Xidian University(Science&Technology),2015,42(6):6-10.
    [16]SHIRAISHI Y,NOMURA K,MOHRI M,et al.Attribute revocable attribute-based encryption with forward secrecy for fine-grained access control of shared data[J].IEICE Transactions on Information and Systems,2017,100(10):2432-2439.
    [17]GREEN M,HOHENBERGER S,WATERS B.Outsourcing the decryption of ABE ciphertexts[C]//The 20th USENIX Conference on Security.USENIX,2011:34.
    [18]LAI J,DENG R H,GUAN C,et al.Attribute-based encryption with verifiable outsourced decryption[J].IEEE Transactions on Information Forensics and Security,2013,8(8):1343-1354.
    [19]LI J,SHA F,ZHANG Y,et al.Verifiable outsourced decryption of attribute-based encryption with constant ciphertext length[J].Security and Communication Networks,2017,2017(2):1-11.