网络与信息安全学报 ›› 2016, Vol. 2 ›› Issue (7): 8-17.doi: 10.11959/j.issn.2096-109x.2016.00070
修回日期:
2016-06-27
出版日期:
2016-07-15
发布日期:
2020-03-26
作者简介:
冯涛(1970-),男,甘肃临洮人,博士,兰州理工大学研究员、博士生导师,主要研究方向为网络与信息安全。|殷潇雨(1991-),女,山西太原人,兰州理工大学硕士生,主要研究方向为网络与信息安全。
基金资助:
Revised:
2016-06-27
Online:
2016-07-15
Published:
2020-03-26
Supported by:
摘要:
以典型的云存储体系结构为研究对象,从数据拥有者、云服务器、授权机构、用户以及用户撤销机制5个方面对云存储系统的隐私保护机制进行了研究,通过分析比较发现,云存储系统中的隐私保护问题主要可以分为系统参与者的身份隐私问题、敏感属性信息泄露问题、云存储系统敏感内容信息泄露问题。针对上述问题,研究了当前基于属性加密的云存储系统隐私保护机制,并讨论了其中存在的不足、可能的解决方案以及未来可能的研究方向。
中图分类号:
冯涛,殷潇雨. 基于属性加密的云存储隐私保护机制研究[J]. 网络与信息安全学报, 2016, 2(7): 8-17.
Tao FENG,Xiao-yu YIN. Research on privacy preserving mechanism of attribute-based encryption cloud storage[J]. Chinese Journal of Network and Information Security, 2016, 2(7): 8-17.
表1
使用者隐私保护方案比较"
使用者 | 方案 | 隐私保护机制 | 解决的问题 | 访问结构 | 方案特点 | 困难问题 | ABE方案 |
Li | 访问策略隐藏 | 敏感属性信息 | 树 | 用户可追责,访问结构隐藏 | 双线性群 | CP-ABE | |
数据拥有者 | Yin | 半隐藏 | 敏感属性信息 | LSSS | 动态访问策略更新,计算开销小 | 合数阶群 | CP-ABE |
Guan | 访问结构隐藏 | 敏感属性信息 | 树 | 文件读写访问控制,密钥按需分配 | 素数阶群 | CP-ABE | |
Chase | 匿名密钥分发协议 | 身份隐私 | 树 | 无CA,隐藏GID | 素数阶群 | ABE | |
用户 | Xu | 数据请求匿名 | 身份隐私 | LSSS | 同态加密机制,不可逆密钥更新 | l-BDHE | CP-ABE |
表4
撤销机制分析"
分类 | 方案 | 撤销机制 | 解决的问题 | 安全性 | 方案特点 | 困难问题 | 撤销粒度 | ABE方案 |
Wei[ | 私钥密文均有时间标记 | 敏感内容信息 | 前向 | 私钥生命周期离散化 | l-BDHE | 用户 | CP-ABE | |
间接撤销 | Hong[ | 密钥隔离 | 敏感内容信息 | 前向 后向 | 无双线性对操作,解决密钥泄露问题 | CDH | 用户 | ABE |
Yu[ | 代理重加密 | 敏感内容信息 | 前向 | 数据双重加密,代理重加密 | DBDH | 用户 | ABE | |
Xu[ | 代理重加密 | 敏感内容信息 | 前向 | 数据分割,代理重加密机制 | DBDH | 用户 | CP-ABE | |
直接撤销 | Shi[ | 非撤销用户无需更新密钥 | 敏感内容信息 | 前向 | 授权密文验证,未撤销用户不更新密钥 | (d+3)-MDDH | 用户 | KP-ABE |
Li[ | 属性用户群 | 敏感内容信息 | 前向 后向 | 解密外包,高效撤销 | 组合阶双线性群 | 用户属性 | CP-ABE |
[41] | ATTRAPADUNG N , IMAI H . Attribute-based encryption support-ing direct/indirect revocation modes[C]//International Conference on Cryptography and Coding. c2009.278-300. |
[42] | YU S , WANG C , REN K , et al. Achieving secure,scalable,and fine-grained data access control in cloud computing[C]//IEEE Conference on Information Communications. c2010:1-9. |
[43] | HUR J , NOH D K . Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel & Distributed Systems, 2011,22(7):1214-1221. |
[44] | ATTRAPADUNG N , IMAI H . Conjunctive broadcast and attrib-ute-based encryption[C]//The 3rd International Conference on Pairing-Based Cryptography. c2009.248-265. |
[45] | PIRRETTI M , TRAYNOR P , MCDANIEL P , et al. Secure attrib-ute-based systems[C]//ACM Conference on Computer and Com-munications Security(CCS). c2006:799-837. |
[46] | 魏江宏, 刘文芬, 胡学先 . 前向安全的密文策略基于属性加密方案[J]. 通信学报, 2014,35(7): 38-45. |
WEI J H , LIU W F , HU X X . Forward-secure cipher text-policy at-tribute-based encryption scheme[J]. Journal on Communication, 2014,35(7): 38-45. | |
[47] | HONG H , SUN Z . High efficient key-insulated attribute based encryption scheme without bilinear pairing operations[J]. Springer-plus, 2015,5(1): 1-12. |
[48] | YU S , WANG C , REN K , et al. Attribute based data sharing with attribute revocation[C]//ACM Symposium on Information,Com-puter and Communications Security(ASIACCS 2010). IEEE Trans Circuits and Systems-II:Express Briefs, c010:261-270. |
[49] | SHI Y , ZHENG Q , LIU J , et al. Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation[J]. Information Sciences, 2015,295:221-231. |
[50] | 李尚, 周志刚, 张宏莉, 等. 大数据安全高效搜索与隐私保护机制展望[J]. 网络与信息安全学报, 2016,2(4): 21-32. |
LI S , ZHOU Z G , ZHANG H L , et al. Prospect of secure-efficient search and privacy-preserving mechanism on big data[J]. Chinese Journal of Network and Information Security, 2016,2(4): 21-32. | |
[1] | CHASE M , CHOW S S M . Improving privacy and security in multi-authority attribute-based encryption[C]//ACM Conference on Computer and Communications Security. c2009:121-130. |
[2] | PRASAD P S , AHAMMED G F , et al. Attribute-based encryption for scalable and secure sharing of personal health records in cloud computing[J]. International Journal of Computer Science and In-formation Technologies, 2014,5(4): 5038-5040. |
[3] | DONG X , YU J , LUO Y , et al. Achieving an effective,scalable and privacy-preserving data sharing service in cloud computing[J]. Computers & Security, 2013,42(5): 151-164. |
[4] | LIANG K , MAN H A , LIU J K , et al. A secure and efficient ci-phertext-policy attribute-based proxy re-encryption for cloud data sharing[J]. Future Generation Computer Systems, 2014,52(C): 95-108. |
[5] | WANG G , LIU Q , WU J , et al. Hierarchical attribute-based encryp-tion and scalable user revocation for sharing data in cloud serv-ers[J]. Computers & Security, 2011,30(5): 320-331. |
[6] | SHAMIR A . Identity-based cryptosystems and signature schemes[M]//Advances in Cryptology. Computers & Security, Berlin Heidelberg:Springer, 1984:47-53. |
[7] | SAHAI A , WATERS B . Fuzzy identity-based encryption[C]// In-ternational Conference on Theory and Applications of Crypto-graphic Techniques. c2005:457-473. |
[8] | GOYAL V , PANDEY O , SAHAI A , et al. Attribute-based encryp-tion for fine-grained access control of encrypted data[C]//ACM Conference on Computer and Communications Security(CCS). c2006:89-98. |
[9] | BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]//2007 IEEE Symposium on Security and Privacy. c2007:321-334. |
[10] | CHASE M . Multi-authority attribute based encryption[C]//Theory of Cryptography Conference. c2007:515-534. |
[11] | LIN H , CAO Z , LIANG X , et al. Secure threshold multi authority attribute based encryption without a central authority[C]//Interna-tional Conference on Cryptology. c2008:2618-2632. |
[12] | 苏金树, 曹丹, 王小峰, 等. 属性基加密机制[J]. 软件学报, 2011,22(6): 1299-1315. |
SU J S , CAO D , WANG X F , et al. Attribute-based encryption schemes[J]. Journal of Software, 2011,22(6): 1299-1315. | |
[13] | YU S , WANG C , REN K , et al. Achieving secure,scalable,and fine-grained data access control in cloud computing[C]//Conference on Information Communications. IEEE Security & Privacy, c2010:1-9. |
[14] | ZHANG L , HU Y . New constructions of hierarchical attrib-ute-based encryption for fine-grained access control in cloud com-puting[J]. Ksii Transactions on Internet & Information Systems, 2013,7(5): 1343-1356. |
[15] | LI F , RAHULAMATHAVAN Y , RAJARAJAN M , et al. Low com-plexity multi-authority attribute based encryption scheme for mo-bile cloud computing[C]//IEEE International Symposium on Ser-vice Oriented System Engineering. c2013:573-577. |
[16] | KUMAR N S , LAKSHMI G V R , BALAMURUGAN B . Enhanced attribute based encryption for cloud computing[J]. Procedia Com-puter Science, 2014,46:689-696. |
[17] | TAN Y L , GOI B , KOMIYA R , et al. Design and implementation of key-policy attribute-based encryption in body sensor network[J]. International Journal of Cryptology.Research, 2013,4(1):84-101. |
[18] | NING J , DONG X , CAO Z , et al. Accountable authority cipher-text-policy attribute-based encryption with white-box traceability and public auditing in the cloud[M]//Computer Security—ESORICS 2015. Berlin:Springer, 2015:270-289. |
[19] | LI J , REN K , ZHU B , et al. Privacy-aware attribute-based encryp-tion with user accountability[C]//International Conference on In-formation Security. c2009:347-362. |
[20] | 应作斌, 马建峰, 崔江涛 . 支持动态策略更新的半策略隐藏属性加密方案[J]. 通信学报, 2015,36(12): 178-189. |
YING Z B , MA J F , CUI J T . Partially policy hidden CP-ABE sup-porting dynamic policy updating[J]. Journal on Communications, 2015,36(12): 178-189. | |
[21] | 关志涛, 杨亭亭, 徐茹枝, 等. 面向云存储的基于属性加密的多授权中心访问控制方案[J]. 通信学报, 2015,36(6): 116-126. |
GUAN Z T , YANG T T , XU R Z , WANG Z X . Multi-authority at-tribute-based encryption access control model for cloud storage[J]. Journal on Communications, 2015,36(6): 116-126. | |
[22] | CHASE M , CHOW S S M . Improving privacy and security in multi-authority attribute-based encryption[C]//ACM Conference on Computer and Communications Security. c2009:121-130. |
[23] | 徐潜, 谭成翔 . 基于密文策略属性加密体制的匿名云存储隐私保护方案[J]. 计算机应用, 2015,35(6): 1573-1579. |
XU Q , TAN C . Anonymous privacy-perserving scheme for cloud storage based on CP-ABE[J]. Journal of Computer Applications, 2015,35(6): 1573-1579. | |
[24] | 冯登国, 张敏, 张妍, 等. 云计算安全研究[J]. 软件学报, 2011,22(1): 71-83. |
FENG D G , ZHANG M , ZHANG Y , et al. Study on cloud comput-ing security[J]. Journal of Software, 2011,22(1): 71-83. | |
[25] | 施荣华, 刘鑫, 董健, 等. 云环境下一种基于数据分割的CP-ABE隐私保护方案[J]. 计算机应用研究, 2015(2): 521-523. |
SHI R H , LIU X , DONG J . Private protection scheme in cloud computing using CP-ABE based on data parti-tion[J]. Application Research of Computers, 2015(2): 521-523. | |
[26] | XU X L , ZHOU J L , et al. Multi-authority proxy re-encryption based on CPABE for cloud storage systems[J]. Journal of Systems Engineering & Electronics, 2016,27(1): 211-223. |
[27] | LI Q , MA J , LI R et al. Secure,efficient and revocable multi-authority access control system in cloud storage[J]. Com-puters & Security, 2016,59(C): 45-59. |
[28] | BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]//IEEE Symposium on Security and Privacy. c2007:321-334. |
[29] | GOYAL V , PANDEY O , SAHAI A , et al. Attribute-based encryp-tion for fine-grained access control of encrypted data[C]//ACM Conference on Computer and Communications Security(CCS). c2006:89-98. |
[30] | HUR J . Improving security and efficiency in attribute-based data sharing[J]. IEEE Transactions on Knowledge & Data Engineering, 2013,25(10): 2271-2282. |
[31] | MUMü , LLER S , KATZENBEISSER S , et al. On multi-authority ciphertext-policy attribute-based encryption[J]. Bulletin of the Ko-rean Mathematical Society, 2009,46(4): 803-819. |
[32] | LIN H , CAO Z , LIANG X , et al. Secure threshold multi authority attribute based encryption without a central authority[C]//Interna-tional Conference on Cryptology. c2008:2618-2632. |
[33] | LIU Z , CAO Z , HUANG Q , et al. Fully secure multi-authority ciphertext-policy attribute-based encryption without random ora-cles[M]//Computer Security—ESDRICS 2011, Berlin:Springer, 2011:278-297. |
[34] | GUO Z , LI M , CUI Y , et al. Dynamic multi-attribute based encryp-tion[J]. International Journal of Digital Content Technology & Its Applications, 2011,5(9):281-289. |
[35] | LEWKO A , WATERS B . Decentralizing attribute-based encryp-tion[C]//30th Annual International Conference on the Theory and Applications of Cryptographic Techniques. c2011:568-588. |
[36] | JUNG T , LI X Y , WAN Z , et al. Privacy preserving cloud data access with multi-authorities[J]. IEEE Infocom, 2013,12(11):2625-2633. |
[37] | JUNG T , LI X , WAN Z , et al. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption[J]. IEEE Transactions on Information Forensics & Security, 2015,10(1):190-199. |
[38] | BOLDYREVA A , GOYAL V , KUMAR V . Identity-based encryp-tion with efficient revocation[C]//ACM Conference on Computer and Communications Security (CCS). IEEE Transactions on Information Forensics & Security, c2008:417-426. |
[39] | LUAN I , PETKOVIC M , NIKOVA S , et al. Mediated ciphertext-policy attribute-based encryption and its application[C]//International Work-shop on Information Security Applications. c2009:309-323. |
[40] | ATTRAPADUNG N , IMAI H . Conjunctive broadcast and attrib-ute-based encryption[C]//The 3rd International Conference on Pairing-Based Cryptography. c2009.248-265. |
[1] | 陈赛特, 李卫海, 姚远志, 俞能海. 轻量级K匿名增量近邻查询位置隐私保护算法[J]. 网络与信息安全学报, 2023, 9(3): 60-72. |
[2] | 肖敏, 毛发英, 黄永洪, 曹云飞. 基于属性签名的车载网匿名信任管理方案[J]. 网络与信息安全学报, 2023, 9(2): 33-45. |
[3] | 许建龙, 林健, 黎宇森, 熊智. 分布式用户隐私保护可调节的云服务个性化QoS预测模型[J]. 网络与信息安全学报, 2023, 9(2): 70-80. |
[4] | 袁承昊, 李勇, 任爽. 多关键词动态可搜索加密方案[J]. 网络与信息安全学报, 2023, 9(2): 143-153. |
[5] | 孙哲, 宁洪, 殷丽华, 方滨兴. 基于教学实训靶场的“数据隐私保护”课程建设初探[J]. 网络与信息安全学报, 2023, 9(1): 178-188. |
[6] | 白雪, 秦宝东, 郭瑞, 郑东. 基于SM2的两方协作盲签名协议[J]. 网络与信息安全学报, 2022, 8(6): 39-51. |
[7] | 肖敏, 姚涛, 刘媛妮, 黄永洪. 具有隐私保护的动态高效车载云管理方案[J]. 网络与信息安全学报, 2022, 8(6): 70-83. |
[8] | 卢晨昕, 陈兵, 丁宁, 陈立全, 吴戈. 具有紧凑标签的基于身份匿名云审计方案[J]. 网络与信息安全学报, 2022, 8(6): 156-168. |
[9] | 明盛智, 朱建明, 隋智源, 张娴. 信息增值机制下在线医疗隐私保护策略[J]. 网络与信息安全学报, 2022, 8(6): 169-177. |
[10] | 姜涛, 徐航, 王良民, 马建峰. 支持受损数据定位与恢复的动态群用户可证明存储[J]. 网络与信息安全学报, 2022, 8(5): 75-87. |
[11] | 张娴, 朱建明, 隋智源, 明盛智. 数字货币交易匿名性与监管的博弈分析[J]. 网络与信息安全学报, 2022, 8(5): 150-157. |
[12] | 刘峰, 杨杰, 齐佳音. 区块链密码学隐私保护技术综述[J]. 网络与信息安全学报, 2022, 8(4): 29-44. |
[13] | 金琳, 田有亮. 基于区块链的多权限属性隐藏电子病历共享方案[J]. 网络与信息安全学报, 2022, 8(4): 66-76. |
[14] | 张伟成, 卫红权, 刘树新, 普黎明. 5G移动边缘计算场景下的快速切换认证方案[J]. 网络与信息安全学报, 2022, 8(3): 154-168. |
[15] | 陈前昕, 毕仁万, 林劼, 金彪, 熊金波. 支持多数不规则用户的隐私保护联邦学习框架[J]. 网络与信息安全学报, 2022, 8(1): 139-150. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|