微信服务号

微信订阅号

2025年3月24日 8:18 星期一
首页 > 过刊浏览>2018年第29卷第7期 >2006-2017. DOI:10.13328/j.cnki.jos.005365
PDF HTML阅读 XML下载 导出引用 引用提醒
高效且可验证的多授权机构属性基加密方案
作者:
作者简介:

仲红(1965-),女,安徽固镇人,博士,教授,博士生导师,CCF专业会员,主要研究领域为网络(无线传感网,车联网,SDN软件定义网),信息安全(大数据隐私保护,云安全,边缘计算);朱文龙(1990-),男,硕士,主要研究领域为云计算,大数据隐私保护;崔杰(1980-),男,博士,副教授,CCF专业会员,主要研究领域为网络(无线传感网,车联网,SDN软件定义网),信息安全(大数据隐私保护,云安全,边缘计算);许艳(1982-),女,博士,讲师,主要研究领域为云计算,数据隐私保护,物联网安全.

通讯作者:

崔杰,E-mail:cuijie@mail.ustc.edu.cn

基金项目:

国家自然科学基金(61572001,61502008);安徽省自然科学基金(1508085QF132,1708085QF136)


Efficient and Verifiable Muti-Authority Attribute Based Encryption Scheme
Author:
Fund Project:

National Natural Science Foundation of China (61572001, 61502008); Natural Science Foundation of Anhui Province, China (1508085QF132, 1708085QF136)

  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [34]
    • |
  • 相似文献
    • | | |
  • 文章评论
    摘要:

    移动云计算对于移动应用程序来说是一种革命性的计算模式,其原理是把数据存储及计算能力从移动终端设备转移到资源丰富及计算能力强的云服务器.但是这种转移也引起了一些安全问题,例如,数据的安全存储、细粒度访问控制及用户的匿名性.虽然已有的多授权机构属性基加密云存储数据的访问控制方案,可以实现云存储数据的保密性及细粒度访问控制;但其在加密和解密阶段要花费很大的计算开销,不适合直接应用于电力资源有限的移动设备.另外,虽然可以通过外包解密的方式减少解密计算的开销,但其通常是把解密外包给不完全可信的第三方,其并不能完全保证解密的正确性.针对以上挑战,提出了一种高效的可验证的多授权机构属性基加密方案,该方案不仅可以降低加密解密的计算开销,还可以验证外包解密的正确性并且保护用户隐私.最后,安全分析和仿真实验结果表明了方案的安全性和高效性.

    Abstract:

    Mobile cloud computing is a revolutionary computing paradigm for mobile applications, which enables storage and computation migration from mobile users to resource-rich and powerful cloud server. This migration causes some privacy issues in providing secure data storage, fine-grained access control and anonymity of users. The existing multi-authority ciphertext policy attribute based encryption (CP-ABE) access control scheme guarantees the confidentiality of sensitive data in the cloud server and provides fine-grained access control using defined policies. However it costs too much computation time on encryption and decryption and consumes enormous power resources, making it unsuitable for the mobile devices which are usually equipped with a limited power support. To cope with these challenging concerns, this paper proposes a new data access control scheme for cloud computing by using a new cryptographic primitive known as online/offline multi-authority ABE and the transform key technique. This scheme implements fine-grained access of data and reduces online computation cost of the encryption and decryption on the user side. The proposed scheme acquires user's secret key received from different authorities. That results in protecting privacy of each user against single authority. At last, the security and performance analysis demonstrate that this scheme has high security in terms of data confidentiality and high efficiency in terms of online computation cost.

    参考文献
    [1] Yao X, Han X, Du X. A lightweight access control mechanism for mobile cloud computing. In:Proc. of the 2014 IEEE Conf. on Computer Communications Workshops (INFOCOM WKSHPS). IEEE, 2014. 380-385.
    [2] Ren W, Zeng L, Liu R, Cheng C. F2AC:A lightweight, fine-grained, and flexible access control scheme for file storage in mobile cloud computing. Mobile Information Systems, 2016.
    [3] Xie Y, Wen H, Wu B, Jiang Y, Meng J. A modified hierarchical attribute-based encryption access control method for mobile cloud computing. In:Proc. of the Cloud Computing. 2016.
    [4] Nag A, Choudhary S, Dawn S, Basu S. Secure data outsourcing in the cloud using multi-secret sharing scheme (MSSS). In:Proc. of the 1st Int'l Conf. on Intelligent Computing and Communication. Singapore:Springer-Verlag, 2017. 337-343.
    [5] Chattopadhyay AK, Nag A, Majumder K. Secure data outsourcing on cloud using secret sharing scheme. IJ Network Security, 2017,19(6):912-921.
    [6] Wang S, Zhou J, Liu JK, Yu J, Cheng J, Xie W. An efficient file hierarchy attribute-based encryption scheme in cloud computing. IEEE Trans. on Information Forensics and Security, 2016,11(6):1265-1277.
    [7] Xu J, Wen Q, Li W, Jin Z. Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation in cloud computing. IEEE Trans. on Parallel and Distributed Systems, 2016,27(1):119-129.
    [8] Lei L, Cai QW, Jing JW, Wang Z, Chen B. Enforcing access controls on encrypted cloud storage with policy hiding. Ruan Jian Xue Bao/Journal of Software, 2016,27(6):1432-1450(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5003.htm[doi:10.13328/j.cnki.jos.005003]
    [9] Wang Z, Huang D, Zhu Y, Li B, Chung CJ. Efficient attribute-based comparable data access control. IEEE Trans. on Computers, 2015,64(12):3430-3443.
    [10] Wang H, Zheng Z, Wu L, He D. New large-universe multi-authority ciphertext-policy ABE scheme and its application in cloud storage systems. Journal of High Speed Networks, 2016,22(2):153-167.
    [11] Jung T, Li X, Wan Z, Wang M. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE Trans. on Information Forensics and Security, 2015,10(1):190-199.
    [12] Hohenberger S, Waters B. Online/Offline attribute-based encryption. In:Public-Key Cryptography-PKC 2014. Berlin, Heidelberg:Springer-Verlag, 2014. 293-310.
    [13] Shao J, Zhu Y, Ji Q. Privacy-Preserving online/offline and outsourced multi-authority attribute-based encryption. In:Proc. of the 16th IEEE/ACIS Int'l Conf. on Computer and Information Science (ICIS). IEEE, 2017. 285-291.
    [14] Qin B, Deng RH, Liu S, Ma S. Attribute-Based encryption with efficient verifiable outsourced decryption. IEEE Trans on Information Forensics and Security, 2015,10(7):1384-1393.
    [15] Shao J, Lu R, Lin X. Fine-Grained data sharing in cloud computing for mobile devices. In:Proc. of the 2015 IEEE Conf. on Computer Communications (INFOCOM). IEEE, 2015. 2677-2685.
    [16] Sahai A, Waters B. Fuzzy identity-based encryption. Eurocrypt, 2005,3494:457-473.
    [17] Han J, Susilo W, Mu Y, Zhou J, Au MHA. Improving privacy and security in decentralized ciphertext-policy attribute-based encryption. IEEE Trans. on Information Forensics and Security, 2015,10(3):665-678.
    [18] Tang H, Cui Y, Guan C, Wu J, Weng J, Ren K. Enabling ciphertext deduplication for secure cloud storage and access control. In:Proc. of the 11th ACM on Asia Conf. on Computer and Communications Security. ACM, 2016. 59-70.
    [19] Li J, Yao W, Zhang Y, Qian H, Han J. Flexible and fine-grained attribute-based data storage in cloud computing. IEEE Trans. on Services Computing, 2016.
    [20] Zhou Z, Huang D, Wang Z. Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption. IEEE Trans. on Computers, 2015,64(1):126-138.
    [21] Yanli C, Lingling S, Geng Y. Attribute-Based access control for multi-authority systems with constant size ciphertext in cloud computing. China Communications, 2016,13(2):146-162.
    [22] Phuong TVX, Yang G, Susilo W. Hidden ciphertext policy attribute-based encryption under standard assumptions. IEEE Trans. on Information Forensics and Security, 2016,11(1):35-45.
    [23] Ruj S, Stojmenovic M, Nayak A. Decentralized access control with anonymous authentication of data stored in clouds. IEEE Trans. on Parallel and Distributed Systems, 2014,25(2):384-394.
    [24] Chase M. Multi-Authority attribute based encryption. In:Proc. of the Conf. on Theory of Cryptography. LNCS 4392, Berlin, Heidelberg:Springer-Verlag, 2007. 515-534.
    [25] Lewko A, Waters B. Decentralizing attribute-based encryption. In:Advances in Cryptology-EUROCRYPT 2011. Berlin, Heidelberg:Springer-Verlag, 2011. 568-588.
    [26] Guo F, Mu Y, Chen Z. Identity-Based online/offline encryption. In:Proc. of the Int'l Conf. on Financial Cryptography and Data Security. Berlin, Heidelberg:Springer-Verlag, 2008. 247-261.
    [27] Even S, Goldreich O, Micali S. On-Line/Off-Line digital signatures. In:Proc. of the Conf. on the Theory and Application of Cryptology. New York:Springer-Verlag, 1989. 263-275.
    [28] Hohenberger S, Waters B. Online/Offline attribute-based encryption. In:Proc. of the Int'l Workshop on Public Key Cryptography. Berlin, Heidelberg:Springer-Verlag, 2014. 293-310.
    [29] Rouselakis Y, Waters B. Practical constructions and new proof methods for large universe attribute-based encryption. In:Proc. of the 2013 ACM SIGSAC Conf. on Computer & Communications Security. ACM, 2013. 463-474.
    [30] Green M, Hohenberger S, Waters B. Outsourcing the decryption of ABE ciphertexts. In:Proc. of the USENIX Security Symp. 2011. 34.
    [31] Yang K, Jia X. DAC-MACS:Effective data access control for multi-authority cloud storage systems. In:Security for Cloud Storage Systems. New York:Springer-Verlag, 2014. 59-83.
    [32] De SJ, Ruj S. Decentralized access control on data in the cloud with fast encryption and outsourced decryption. In:Proc. of the 2015 IEEE Global Communications Conf. (GLOBECOM). IEEE, 2015. 1-6.
    附中文参考文献:
    [8] 雷蕾,蔡权伟,荆继武,林璟锵,王展,陈波.支持策略隐藏的加密云存储访问控制机制.软件学报,2016,27(6):1432-1450. http://www.jos.org.cn/1000-9825/5003.html[doi:10.13328/j.cnki.jos.005003]
    相似文献
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

仲红,崔杰,朱文龙,许艳.高效且可验证的多授权机构属性基加密方案.软件学报,2018,29(7):2006-2017

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2017-06-02
  • 最后修改日期:2017-07-13
  • 在线发布日期: 2017-10-17
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第19727216位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号