基于属性加密的云存储隐私保护机制研究

doi:10.11959/j.issn.2096-109x.2016.00070

Abstract

Abstract:

The typical cloud storage architecture was presented as research objects and the privacy preserving mechanism of attribute-based encryption cloud storage including following aspects-data owner,cloud servers,au-thorized agency,data user and revocation of user was researched.By analyzing and comparing,it was discovered that the privacy preserving problems of cloud storage could be divided into privacy issues of users' identity,sensitive attribute information disclosure and leakage of privacy content in the system.Aiming at the above problems,the current privacy preserving mechanism of attribute-based encryption cloud storage was studied and shortages of the present schemes,possible solutions and the study trend in the future were discussed.

Key words: cloud storage, privacy preserving, attribute-based encryption, access structures, revocation mechanism

CLC Number:

TP309

Tao FENG,Xiao-yu YIN. Research on privacy preserving mechanism of attribute-based encryption cloud storage[J]. Chinese Journal of Network and Information Security, 2016, 2(7): 8-17.

Figures/Tables 5

References 40

[41]	ATTRAPADUNG N , IMAI H . Attribute-based encryption support-ing direct/indirect revocation modes[C]//International Conference on Cryptography and Coding. c2009.278-300.
[42]	YU S , WANG C , REN K , et al. Achieving secure,scalable,and fine-grained data access control in cloud computing[C]//IEEE Conference on Information Communications. c2010:1-9.
[43]	HUR J , NOH D K . Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel ＆ Distributed Systems, 2011,22(7):1214-1221.
[44]	ATTRAPADUNG N , IMAI H . Conjunctive broadcast and attrib-ute-based encryption[C]//The 3rd International Conference on Pairing-Based Cryptography. c2009.248-265.
[45]	PIRRETTI M , TRAYNOR P , MCDANIEL P , et al. Secure attrib-ute-based systems[C]//ACM Conference on Computer and Com-munications Security(CCS). c2006:799-837.
[46]	魏江宏，刘文芬，胡学先 . 前向安全的密文策略基于属性加密方案[J]. 通信学报， 2014,35(7): 38-45.
	WEI J H , LIU W F , HU X X . Forward-secure cipher text-policy at-tribute-based encryption scheme[J]. Journal on Communication, 2014,35(7): 38-45.
[47]	HONG H , SUN Z . High efficient key-insulated attribute based encryption scheme without bilinear pairing operations[J]. Springer-plus, 2015,5(1): 1-12.
[48]	YU S , WANG C , REN K , et al. Attribute based data sharing with attribute revocation[C]//ACM Symposium on Information,Com-puter and Communications Security(ASIACCS 2010). IEEE Trans Circuits and Systems-II:Express Briefs, c010:261-270.
[49]	SHI Y , ZHENG Q , LIU J , et al. Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation[J]. Information Sciences, 2015,295:221-231.
[50]	李尚，周志刚，张宏莉，等. 大数据安全高效搜索与隐私保护机制展望[J]. 网络与信息安全学报， 2016,2(4): 21-32.
	LI S , ZHOU Z G , ZHANG H L , et al. Prospect of secure-efficient search and privacy-preserving mechanism on big data[J]. Chinese Journal of Network and Information Security, 2016,2(4): 21-32.
[1]	CHASE M , CHOW S S M . Improving privacy and security in multi-authority attribute-based encryption[C]//ACM Conference on Computer and Communications Security. c2009:121-130.
[2]	PRASAD P S , AHAMMED G F , et al. Attribute-based encryption for scalable and secure sharing of personal health records in cloud computing[J]. International Journal of Computer Science and In-formation Technologies, 2014,5(4): 5038-5040.
[3]	DONG X , YU J , LUO Y , et al. Achieving an effective,scalable and privacy-preserving data sharing service in cloud computing[J]. Computers ＆ Security, 2013,42(5): 151-164.
[4]	LIANG K , MAN H A , LIU J K , et al. A secure and efficient ci-phertext-policy attribute-based proxy re-encryption for cloud data sharing[J]. Future Generation Computer Systems, 2014,52(C): 95-108.
[5]	WANG G , LIU Q , WU J , et al. Hierarchical attribute-based encryp-tion and scalable user revocation for sharing data in cloud serv-ers[J]. Computers ＆ Security, 2011,30(5): 320-331.
[6]	SHAMIR A . Identity-based cryptosystems and signature schemes[M]//Advances in Cryptology. Computers ＆ Security, Berlin Heidelberg:Springer, 1984:47-53.
[7]	SAHAI A , WATERS B . Fuzzy identity-based encryption[C]// In-ternational Conference on Theory and Applications of Crypto-graphic Techniques. c2005:457-473.
[8]	GOYAL V , PANDEY O , SAHAI A , et al. Attribute-based encryp-tion for fine-grained access control of encrypted data[C]//ACM Conference on Computer and Communications Security(CCS). c2006:89-98.
[9]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]//2007 IEEE Symposium on Security and Privacy. c2007:321-334.
[10]	CHASE M . Multi-authority attribute based encryption[C]//Theory of Cryptography Conference. c2007:515-534.
[11]	LIN H , CAO Z , LIANG X , et al. Secure threshold multi authority attribute based encryption without a central authority[C]//Interna-tional Conference on Cryptology. c2008:2618-2632.
[12]	苏金树，曹丹，王小峰，等. 属性基加密机制[J]. 软件学报， 2011,22(6): 1299-1315.
	SU J S , CAO D , WANG X F , et al. Attribute-based encryption schemes[J]. Journal of Software, 2011,22(6): 1299-1315.
[13]	YU S , WANG C , REN K , et al. Achieving secure,scalable,and fine-grained data access control in cloud computing[C]//Conference on Information Communications. IEEE Security ＆ Privacy, c2010:1-9.
[14]	ZHANG L , HU Y . New constructions of hierarchical attrib-ute-based encryption for fine-grained access control in cloud com-puting[J]. Ksii Transactions on Internet ＆ Information Systems, 2013,7(5): 1343-1356.
[15]	LI F , RAHULAMATHAVAN Y , RAJARAJAN M , et al. Low com-plexity multi-authority attribute based encryption scheme for mo-bile cloud computing[C]//IEEE International Symposium on Ser-vice Oriented System Engineering. c2013:573-577.
[16]	KUMAR N S , LAKSHMI G V R , BALAMURUGAN B . Enhanced attribute based encryption for cloud computing[J]. Procedia Com-puter Science, 2014,46:689-696.
[17]	TAN Y L , GOI B , KOMIYA R , et al. Design and implementation of key-policy attribute-based encryption in body sensor network[J]. International Journal of Cryptology.Research, 2013,4(1):84-101.
[18]	NING J , DONG X , CAO Z , et al. Accountable authority cipher-text-policy attribute-based encryption with white-box traceability and public auditing in the cloud[M]//Computer Security—ESORICS 2015. Berlin:Springer, 2015:270-289.
[19]	LI J , REN K , ZHU B , et al. Privacy-aware attribute-based encryp-tion with user accountability[C]//International Conference on In-formation Security. c2009:347-362.
[20]	应作斌，马建峰，崔江涛 . 支持动态策略更新的半策略隐藏属性加密方案[J]. 通信学报， 2015,36(12): 178-189.
	YING Z B , MA J F , CUI J T . Partially policy hidden CP-ABE sup-porting dynamic policy updating[J]. Journal on Communications, 2015,36(12): 178-189.
[21]	关志涛，杨亭亭，徐茹枝，等. 面向云存储的基于属性加密的多授权中心访问控制方案[J]. 通信学报， 2015,36(6): 116-126.
	GUAN Z T , YANG T T , XU R Z , WANG Z X . Multi-authority at-tribute-based encryption access control model for cloud storage[J]. Journal on Communications, 2015,36(6): 116-126.
[22]	CHASE M , CHOW S S M . Improving privacy and security in multi-authority attribute-based encryption[C]//ACM Conference on Computer and Communications Security. c2009:121-130.
[23]	徐潜，谭成翔 . 基于密文策略属性加密体制的匿名云存储隐私保护方案[J]. 计算机应用， 2015,35(6): 1573-1579.
	XU Q , TAN C . Anonymous privacy-perserving scheme for cloud storage based on CP-ABE[J]. Journal of Computer Applications, 2015,35(6): 1573-1579.
[24]	冯登国，张敏，张妍，等. 云计算安全研究[J]. 软件学报， 2011,22(1): 71-83.
	FENG D G , ZHANG M , ZHANG Y , et al. Study on cloud comput-ing security[J]. Journal of Software, 2011,22(1): 71-83.
[25]	施荣华，刘鑫，董健，等. 云环境下一种基于数据分割的CP-ABE隐私保护方案[J]. 计算机应用研究， 2015(2): 521-523.
	SHI R H , LIU X , DONG J . Private protection scheme in cloud computing using CP-ABE based on data parti-tion[J]. Application Research of Computers, 2015(2): 521-523.
[26]	XU X L , ZHOU J L , et al. Multi-authority proxy re-encryption based on CPABE for cloud storage systems[J]. Journal of Systems Engineering ＆ Electronics, 2016,27(1): 211-223.
[27]	LI Q , MA J , LI R et al. Secure,efficient and revocable multi-authority access control system in cloud storage[J]. Com-puters ＆ Security, 2016,59(C): 45-59.
[28]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]//IEEE Symposium on Security and Privacy. c2007:321-334.
[29]	GOYAL V , PANDEY O , SAHAI A , et al. Attribute-based encryp-tion for fine-grained access control of encrypted data[C]//ACM Conference on Computer and Communications Security(CCS). c2006:89-98.
[30]	HUR J . Improving security and efficiency in attribute-based data sharing[J]. IEEE Transactions on Knowledge ＆ Data Engineering, 2013,25(10): 2271-2282.
[31]	MUMü , LLER S , KATZENBEISSER S , et al. On multi-authority ciphertext-policy attribute-based encryption[J]. Bulletin of the Ko-rean Mathematical Society, 2009,46(4): 803-819.
[32]	LIN H , CAO Z , LIANG X , et al. Secure threshold multi authority attribute based encryption without a central authority[C]//Interna-tional Conference on Cryptology. c2008:2618-2632.
[33]	LIU Z , CAO Z , HUANG Q , et al. Fully secure multi-authority ciphertext-policy attribute-based encryption without random ora-cles[M]//Computer Security—ESDRICS 2011, Berlin:Springer, 2011:278-297.
[34]	GUO Z , LI M , CUI Y , et al. Dynamic multi-attribute based encryp-tion[J]. International Journal of Digital Content Technology ＆ Its Applications, 2011,5(9):281-289.
[35]	LEWKO A , WATERS B . Decentralizing attribute-based encryp-tion[C]//30th Annual International Conference on the Theory and Applications of Cryptographic Techniques. c2011:568-588.
[36]	JUNG T , LI X Y , WAN Z , et al. Privacy preserving cloud data access with multi-authorities[J]. IEEE Infocom, 2013,12(11):2625-2633.
[37]	JUNG T , LI X , WAN Z , et al. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption[J]. IEEE Transactions on Information Forensics ＆ Security, 2015,10(1):190-199.
[38]	BOLDYREVA A , GOYAL V , KUMAR V . Identity-based encryp-tion with efficient revocation[C]//ACM Conference on Computer and Communications Security (CCS). IEEE Transactions on Information Forensics ＆ Security, c2008:417-426.
[39]	LUAN I , PETKOVIC M , NIKOVA S , et al. Mediated ciphertext-policy attribute-based encryption and its application[C]//International Work-shop on Information Security Applications. c2009:309-323.
[40]	ATTRAPADUNG N , IMAI H . Conjunctive broadcast and attrib-ute-based encryption[C]//The 3rd International Conference on Pairing-Based Cryptography. c2009.248-265.

Metrics

Recommended 0

No Suggested Reading articles found!

使用者	方案	隐私保护机制	解决的问题	访问结构	方案特点	困难问题	ABE方案
	Li^[19]	访问策略隐藏	敏感属性信息	树	用户可追责，访问结构隐藏	双线性群	CP-ABE
数据拥有者	Yin^[20]	半隐藏	敏感属性信息	LSSS	动态访问策略更新，计算开销小	合数阶群	CP-ABE
	Guan^[21]	访问结构隐藏	敏感属性信息	树	文件读写访问控制，密钥按需分配	素数阶群	CP-ABE
	Chase^[22]	匿名密钥分发协议	身份隐私	树	无CA，隐藏GID	素数阶群	ABE
用户	Xu^[23]	数据请求匿名	身份隐私	LSSS	同态加密机制，不可逆密钥更新	l-BDHE	CP-ABE

方案	隐私保护机制	解决的问题	访问结构	方案特点	困难问题	ABE方案
Dong^[3]	避免响应密文请求	身份隐私	LSSS	IBE机制，撤销只需重加密部分密文	双线性群	CP-ABE
Shi^[25]				分块存储，系统开销低	—	CP-ABE
	CS分块存储	敏感内容信息	树
Xu^[26]				分块存储，双重加密	DBDH	CP-ABE
Li^[27]	CS同态预解密	敏感内容信息	LSSS	解密外包，高效的用户属性撤销机制	组合阶双线性群	CP-ABE

方案	隐私保护机制	解决的问题	访问结构	方案特点	困难问题	ABE方案
Lewko^[35]	匿名密钥生成	敏感属性信息	LSSS	任何参与方都可以成为授权机构，抗合谋攻击	组合阶双线性群	CP-ABE
Jung^[36]	匿名数据访问	敏感属性信息	树	AA与用户盲交互细粒度的文件权限控制	DBDH	CP-ABE
Jung^[37]	完全匿名	敏感属性信息	树	多选一不经意传输	DBDH	CP-ABE

分类	方案	撤销机制	解决的问题	安全性	方案特点	困难问题	撤销粒度	ABE方案
	Wei^[46]	私钥密文均有时间标记	敏感内容信息	前向	私钥生命周期离散化	l-BDHE	用户	CP-ABE
间接撤销	Hong^[47]	密钥隔离	敏感内容信息	前向后向	无双线性对操作，解决密钥泄露问题	CDH	用户	ABE
	Yu^[48]	代理重加密	敏感内容信息	前向	数据双重加密，代理重加密	DBDH	用户	ABE
	Xu^[26]	代理重加密	敏感内容信息	前向	数据分割，代理重加密机制	DBDH	用户	CP-ABE
直接撤销	Shi^[49]	非撤销用户无需更新密钥	敏感内容信息	前向	授权密文验证，未撤销用户不更新密钥	(d+3)-MDDH	用户	KP-ABE
直接撤销	Li^[27]	属性用户群	敏感内容信息	前向后向	解密外包，高效撤销	组合阶双线性群	用户属性	CP-ABE

Research on privacy preserving mechanism of attribute-based encryption cloud storage

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 5

References 40

Related Articles 15

Metrics

Recommended 0

[1]	Min XIAO, Faying MAO, Yonghong HUANG, Yunfei CAO. Anonymous trust management scheme of VANET based on attribute signature [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 33-45.
[2]	Chenghao YUAN, Yong LI, Shuang REN. Dynamic multi-keyword searchable encryption scheme [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 143-153.
[3]	Tao JIANG, Hang XU, Liangmin WANG, Jianfeng MA. Proof of storage with corruption identification and recovery for dynamic group users [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 75-87.
[4]	Yihua ZHOU, Xinyu HU, Meiqi LI, Yuguang YANG. Searchable encryption scheme based on attribute policy hiding in a cloud environment [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 112-121.
[5]	Hao WANG,Tianhao WU,Konglin ZHU,Lin ZHANG. Anonymous vehicle authentication scheme based on blockchain technology in the intersection scenario [J]. Chinese Journal of Network and Information Security, 2020, 6(5): 27-35.
[6]	Yu ZHANG,Xixiang LYU,Yucong ZOU,Yige LI. Differentially private sequence generative adversarial networks for data privacy masking [J]. Chinese Journal of Network and Information Security, 2020, 6(4): 109-119.
[7]	Xinglan ZHANG,Yao CUI. Attribute-based encryption schema with group signatures [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 15-21.
[8]	Suqing LIN. Verifiable outsourced attribute-based encryption with access update [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 37-49.
[9]	Xiao YU,Li TIAN,Zhe LIU,Jie WANG. Research and realization on USBKEY based network storage user data protection [J]. Chinese Journal of Network and Information Security, 2018, 4(6): 62-69.
[10]	Mengyang YU,Hui LIN,Youliang TIAN. New cross-layer reputation mechanism for mobile cloud computing [J]. Chinese Journal of Network and Information Security, 2018, 4(3): 51-58.
[11]	Yang LI,Jiang-hua LIU,Wei WU. Group-oriented ciphertext-policy attribute-based encryption with expressive access policy [J]. Chinese Journal of Network and Information Security, 2017, 3(5): 54-61.
[12]	Jiao LIANG,Wu LIU,Wei-li HAN,Xiao-yang WANG,Si-yu GAN,Shuo SHEN. Code security of mobile backup modules on the Android platform [J]. Chinese Journal of Network and Information Security, 2017, 3(1): 68-78.
[13]	Su-qing LIN. Outsourced attribute-based encryption with policy update [J]. Chinese Journal of Network and Information Security, 2016, 2(5): 39-49.
[14]	Rui-xin YAO,Hui LI,Jin CAO. Overview of privacy preserving in social network [J]. Chinese Journal of Network and Information Security, 2016, 2(4): 33-43.
[15]	Liang-xuan ZHANG,Hui LI. Multi-authority attribute-based encryption with efficient user revocation in cloud computing [J]. Chinese Journal of Network and Information Security, 2016, 2(2): 62-74.