一种支持分级用户访问的文件分层CP-ABE方案

doi:10.13328/j.cnki.jos.006526

微信服务号

微信订阅号

2025年6月1日 16:05 星期日

首页 > 过刊浏览>2023年第34卷第7期 >3329-3342. DOI:10.13328/j.cnki.jos.006526

PDF HTML阅读 XML下载导出引用引用提醒

一种支持分级用户访问的文件分层CP-ABE方案
DOI:
                        10.13328/j.cnki.jos.006526
                    
CSTR:
                        
                    
作者:
                        刘帅南刘帅南
四川师范大学 计算机科学学院, 四川 成都 610101
在期刊界中查找
在百度中查找
在本站中查找
刘彬刘彬
四川师范大学 计算机科学学院, 四川 成都 610101
在期刊界中查找
在百度中查找
在本站中查找
郭真郭真
四川师范大学 计算机科学学院, 四川 成都 610101
在期刊界中查找
在百度中查找
在本站中查找
冯朝胜冯朝胜
四川师范大学 计算机科学学院, 四川 成都 610101;网络与数据安全四川省重点实验室(电子科技大学), 四川 成都 610054
在期刊界中查找
在百度中查找
在本站中查找
秦志光秦志光
网络与数据安全四川省重点实验室(电子科技大学), 四川 成都 610054
在期刊界中查找
在百度中查找
在本站中查找
卿昱卿昱
中国电子科技集团公司第三十研究所, 四川 成都 610041
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:刘帅南(1997-),男,硕士,主要研究领域为云计算,信息安全.;刘彬(1996-),男,硕士,主要研究领域为信息安全,区块链,联邦学习;郭真(1997-),女,硕士,主要研究领域为云计算,信息安全;冯朝胜(1971-),男,博士,教授,博士生导师,CCF高级会员,主要研究领域为网络与信息安全,云计算,大数据安全;秦志光(1956-),男,博士,教授,博士生导师,CCF杰出会员,主要研究领域为信息安全,分布式计算;卿昱(1970-),女,研究员,主要研究领域为网络与信息安全.
通讯作者:冯朝胜,E-mail:csfenggy@sicnu.edu.cn
中图分类号:TP309
基金项目:国防科技重点实验室基金（6142103010709）；国家自然科学基金（61373163）

File Hierarchy CP-ABE Scheme Supporting Graded User Access

Author:

LIU Shuai-Nan
LIU Shuai-Nan
School of Computer Science, Sichuan Normal University, Chengdu 610101, China
在期刊界中查找
在百度中查找
在本站中查找
LIU Bin
LIU Bin
School of Computer Science, Sichuan Normal University, Chengdu 610101, China
在期刊界中查找
在百度中查找
在本站中查找
GUO Zhen
GUO Zhen
School of Computer Science, Sichuan Normal University, Chengdu 610101, China
在期刊界中查找
在百度中查找
在本站中查找
FENG Chao-Sheng
FENG Chao-Sheng
School of Computer Science, Sichuan Normal University, Chengdu 610101, China;Network and Data Security Key Laboratory of Sichuan Province (University of Electronic Science and Technology of China), Chengdu 610054, China
在期刊界中查找
在百度中查找
在本站中查找
QIN Zhi-Guang
QIN Zhi-Guang
Network and Data Security Key Laboratory of Sichuan Province (University of Electronic Science and Technology of China), Chengdu 610054, China
在期刊界中查找
在百度中查找
在本站中查找
QING Yu
QING Yu
The 30th Research Institute of China Electronics Technology Group Corporation, Chengdu 610041, China
在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [27]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

文件分层的密文策略基于属性的加密（FH-CP-ABE）方案实现了同一访问策略的多层次文件加密，节省了加解密的计算开销和密文的存储开销.然而，目前的文件分层CP-ABE方案不支持分级用户访问，且存在越权访问的问题.为此，提出一种支持分级用户访问的文件分层CP-ABE方案.在所提方案中，通过构造分级用户访问树，并重新构造密文子项以支持分级用户的访问需求，同时消除用户进行越权访问的可能性.安全性分析表明，所提方案能够抵御选择明文攻击.理论分析和实验分析均表明，与相关方案相比，所提方案在计算和存储方面具有更高的效率.

关键词:基于属性的加密;文件分层;分级用户访问;越权访问;选择明文攻击

Abstract:

The file hierarchy ciphertext policy attribute-based encryption (FH-CP-ABE) scheme realizes multi-level files encryption with the single access policy, which saves the computation cost of encryption and decryption and the storage cost of ciphertext. Nevertheless, the existing file hierarchy CP-ABE scheme cannot support graded user access, while suffers due to the unauthorized access. For this reason, a file hierarchy CP-ABE scheme that supports graded user access is proposed. In the proposed scheme, the graded user access tree is constructed, and the ciphertext subsections are reconstructed to support the access requirements of graded users, thus eliminate the possibility of users to conduct unauthorized access. The security analysis shows that the proposed scheme can resist selective chosen-plaintext attack. Both theoretical and experimental analyses show that the proposed scheme is more efficient in terms of computation and storage compared to related scheme.

Key words:attribute-based encryption (ABE);file hierarchy (FH);graded user access;unauthorized access;selective chosen-plaintext attack

参考文献

[1] Sahai A, Waters B. Fuzzy identity-based encryption. In: Proc. of the 24th Annual Int’l Conf. on the Theory Raphic Techniques. Aarhus: Springer, 2004. 457–473.

[2] Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for fine-grained access control of encrypted data. In: Proc. of the 13th ACM Conf. on Computer and Communications Security. Alexandria: ACM, 2006. 89–98.

[3] Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In: Proc. of IEEE Symp. on Security and Privacy. Berkeley: IEEE Computer Society, 2007. 321–334.

[4] Horwitz J, Lynn B. Toward hierarchical identity-based encryption. In: Proc. of the Int’l Conf. on the Theory and Applications of Cryptographic Techniques. Amsterdam: Springer, 2002. 466–481.

[5] Gentry C, Silverberg A. Hierarchical ID-based cryptography. In: Proc. of the 8th Int’l Conf. on the Theory and Application of Cryptology and Information Security. Queenstown: Springer, 2002. 548–566.

[6] Boneh D, Boyen X. Efficient selective-ID secure identity-based encryption without random oracles. In: Proc. of Int’l Conf. on the Theory and Applications of Cryptographic Techniques. Interlaken: Springer, 2004. 223–238.

[7] Boneh D, Boyen X, Goh EJ. Hierarchical identity based encryption with constant size ciphertext. In: Proc. of the 24th Annual Int’l Conf. on the Theory and Applications of Cryptographic Techniques. Aarhus: Springer, 2005. 440–456.

[8] Tsai TT, Tseng YM, Wu TY. RHIBE: Constructing revocable hierarchical ID-based encryption from HIBE. Informatica, 2014, 25(2): 299–326. [doi: 10.15388/Informatica.2014.16

[9] Li J, Wang Q, Wang C, Ren K. Enhancing attribute-based encryption with attribute hierarchy. In: Proc. of the 4th Int’l Conf. on Communications and Networking. Xi’an: IEEE, 2009. 1–5.

[10] Wang GJ, Liu Q, Wu J. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proc. of the 17th ACM Conf. on Computer and Communications Security. Chicago Illinois: ACM, 2010. 735–737.

[11] Wan ZG, Liu JE, Deng RH. HASBE: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. on Information Forensics and Security, 2012, 7(2): 743–754. [doi: 10.1109/TIFS.2011.2172209

[12] Deng H, Wu QH, Qin B, Domingo-Ferrer J, Zhang L, Liu JW, Shi WC. Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Information Sciences, 2014, 275: 370–384. [doi: 10.1016/j.ins.2014.01.035

[13] Wang ZY, Wang J. A provably secure ciphertext-policy hierarchical attribute-based encryption. In: Proc. of the 2015 Int’l Conf. on Cloud Computing and Security. Nanjing: Springer, 2015. 38–48.

[14] Chandar PP, Mutkuraman D, Rathinrai M. Hierarchical attribute based proxy re-encryption access control in cloud computing. In: Proc. of the 2014 Int’l Conf. on Circuits, Power and Computing Technologies. Nagercoil: IEEE, 2014. 1565–1570.

[15] Huang QL, Yang YX, Shen MS. Secure and efficient data collaboration with hierarchical attribute-based encryption in cloud computing. Future Generation Computer Systems, 2017, 72: 239–249. [doi: 10.1016/j.future.2016.09.021

[16] Lin X, Han YL. Location hierarchical access control scheme based on attribute encryption. In: Proc. of the 36th Chinese Control Conf. (CCC). Dalian: IEEE, 2017. 9010–9014.

[17] Ali M, Mohajeri J, Sadeghi MR, Liu XM. A fully distributed hierarchical attribute-based encryption scheme. Theoretical Computer Science, 2020, 815: 25–46. [doi: 10.1016/j.tcs.2020.02.030

[18] Wang SL, Yu JP, Zhang P, Wang P. A novel file hierarchy access control scheme using attribute-based encryption. Applied Mechanics and Materials, 2015, 701–702: 911–918.

[19] Wang SL, Zhou JW, Liu JK, Yu JP, Chen JY, Xie WX. An efficient file hierarchy attribute-based encryption scheme in cloud computing. IEEE Trans. on Information Forensics and Security, 2016, 11(6): 1265–1277. [doi: 10.1109/TIFS.2016.2523941

[20] Jiang SC, Guo WB, Fan GS. Hierarchy attribute-based encryption scheme to support direct revocation in cloud storage. In: Proc. of the 16th IEEE/ACIS Int’l Conf. on Computer and Information Science. Wuhan: IEEE, 2017. 869–874.

[21] Sandhia GK, Raja SVK, Jansi KR. Multi-authority-based file hierarchy hidden CP-ABE scheme for cloud security. Service Oriented Computing and Applications, 2018, 12(3–4): 295–303. [doi: 10.1007/s11761-018-0240-6

[22] Guo R, Li X, Zheng D, Zhang YH. An attribute-based encryption scheme with multiple authorities on hierarchical personal health record in cloud. The Journal of Supercomputing, 2020, 76(7): 4884–4903. [doi: 10.1007/s11227-018-2644-7

[23] Kang L, Zhang LY. Improving file hierarchy attribute-based encryption scheme with multi-authority in cloud. In: Proc. of the 2nd Int’l Conf. on Frontiers in Cyber Security. Xi’an: Springer, 2019. 3–18.

[24] Chandrasekaran B, Nogami Y, Balakrishnan R. An efficient file hierarchy attribute based encryption using optimized tate pairing construction in cloud environment. Journal of Applied Security Research, 2020, 15(2): 270–278. [doi: 10.1080/19361610.2019.1649534

[25] He H, Zheng LH, Li P, Deng L, Huang L, Chen X. An efficient attribute-based hierarchical data access control scheme in cloud computing. Human-centric Computing and Information Sciences, 2020, 10(1): 49. [doi: 10.1186/s13673-020-00255-5

[26] Challagidad PS, Birje MN. Efficient multi-authority access control using attribute-based encryption in cloud storage. Procedia Computer Science, 2020, 167: 840–849. [doi: 10.1016/j.procs.2020.03.423

[27] Li GJ, Chen NY, Zhang YC. Extended file hierarchy access control scheme with attribute-based encryption in cloud computing. IEEE Trans. on Emerging Topics in Computing, 2021, 9(2): 983–993. [doi: 10.1109/TETC.2019.2904637

引用本文

刘帅南,刘彬,郭真,冯朝胜,秦志光,卿昱.一种支持分级用户访问的文件分层CP-ABE方案.软件学报,2023,34(7):3329-3342

复制

文章指标

点击次数:843
下载次数: 2802
HTML阅读次数: 1227
引用次数: 0

历史

收稿日期:2021-04-14
最后修改日期:2021-06-21
录用日期:
在线发布日期: 2022-10-14
出版日期: 2023-07-06

微信服务号

微信订阅号

引用本文

相关视频

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

相关视频

分享

微信扫一扫：分享

文章指标

历史

文章二维码