支持动态策略更新的半策略隐藏属性加密方案

doi:10.11959/j.issn.1000-436x.2015327

通信学报 ›› 2015, Vol. 36 ›› Issue (12): 1-221.doi: 10.11959/j.issn.1000-436x.2015327

• 数据安全 • 下一篇

支持动态策略更新的半策略隐藏属性加密方案

应作斌,马建峰,崔江涛

西安电子科技大学计算机学院，陕西西安 710071

出版日期:2015-12-25 发布日期:2017-07-17
基金资助:
国家自然科学基金资助项目;国家自然科学基金资助项目;国家自然科学基金资助项目;国家自然科学基金资助项目;国家高技术研究发展计划(“863”计划）基金资助项目;教育部留学回国人员科研启动计划基金资助项目

Partially policy hidden CP-ABE supporting dynamic policy updating

Zuo-bin YING,Jian-feng MA,Jiang-tao CUI

School of Computer Science and Technology,Xidian University,Xi’an 710071,China

Online:2015-12-25 Published:2017-07-17
Supported by:
The National Natural Science Foundation of China;The National Natural Science Foundation of China;The National Natural Science Foundation of China;The National Natural Science Foundation of China;The National High Technology Research and Development Program (863 Program);SRF for ROCS,SEM and the Fundamental Research Funds for the Central Universities

摘要/Abstract

摘要：

基于密文策略的属性加密被认为适用于云存储的环境，但当数据拥有者需要更新访问策略时，现有的更新方式因受数据的规模和属性集的大小的限制，会使数据拥有者增加相应的计算开销和通信开销。同时，以明文形式存放在云端的访问策略也会造成用户数据的隐私泄露。针对以上2个问题，提出了一种支持动态策略更新的半策略隐藏属性加密方案，使用所提方案进行策略更新时，用户的计算开销减少，大量的计算由云服务器承担。由于使用了半策略隐藏，用户的具体属性值不会泄露给其他任何第三方，有效保护了用户的隐私。此外，所提方案可以支持任何形式的策略更新，在标准模型下证明了方案是自适应选择明文攻击（CPA）安全的。

关键词: 密文策略属性加密, 动态策略更新, 半策略隐藏, 标准模型, 自适应选择明文攻击安全

Abstract:

Ciphertext-policy attribute-based encryption (CP-ABE) was considered to be appropriate for cloud storage.However,under traditional CP-ABE scheme which was limited in terms of the scale of the data and the quantities of the attributes,computation and communication costs would be introduced correspondingly whenever the data owner wants to update the policy.Moreover,the policy which was stored in the form of plaintext would also result in privacy leakage.Aiming at tackling the above two problems,a novel scheme called partially policy hidden CP-ABE supporting dynamic policy updating (DPUPH-CP-ABE) was proposed.Through utilizing proposed scheme,the computation cost will be reduced,especially on user side,leaving the most computational work to the cloud server.Meanwhile,the value of the user’s attributes will never be revealed to any third parties,and the users’ privacy will be effectively preserved.Besides,the scheme is proved to be adaptively chosen plaintext attack (CPA) secure in the standard model and can support any types of policy updating.

Key words: ciphertext-policy ABE, dynamic policy updating, partially policy hidden, standard model, adaptive chosen plaintext attack secure

应作斌,马建峰,崔江涛. 支持动态策略更新的半策略隐藏属性加密方案[J]. 通信学报, 2015, 36(12): 1-221.

Zuo-bin YING,Jian-feng MA,Jiang-tao CUI. Partially policy hidden CP-ABE supporting dynamic policy updating[J]. Journal on Communications, 2015, 36(12): 1-221.

图/表 2

参考文献 19

[1]	YU S , WANG C , REN K ,et al. Achieving secure,scalable,and fine-grained data access control in cloud computing[A]. INFOCOM,2010 Proceedings IEEE[C]. 2010. 1-9.
[2]	SAHAI A , WATERS B . Fuzzy Identity-Based Encryption[M]. Springer Berlin Heidelberg, 2005.
[3]	GOYAL V , PANDEY O , SAHAI A ,et al. Attribute-based encryption for fine-grained access control of encrypted data[A]. Proceedings of the 13th ACM Conference on Computer and Communications Security[C]. ACM, 2006. 89-98.
[4]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[A]. Security and Privacy[C]. 2007. 321-334.
[5]	WATERS B . Ciphertext-Policy Attribute-Based Encryption:An Expressive,Efficient,and Provably Secure Realization[M]. Springer Berlin Heidelberg, 2011.
[6]	CHASE M . Multi-Authority Attribute based Encryption[M]. Theory of Cryptography. Springer Berlin Heidelberg, 2007.
[7]	LEWKO A , WATERS B . Decentralizing Attribute-based Encryption[M]. Springer Berlin Heidelberg, 2011.
[8]	LIU Z , CAO Z , HUANG Q ,et al. Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles[A]. Computer Security–ESORICS 2011[C]. Springer Berlin Heidelberg, 2011. 278-297.
[9]	SAHAI A , SEYALIOGLU H , WATERS B . Dynamic credentials and ciphertext delegation for attribute-based encryption[A]. Advances in Cryptology–CRYPTO 2012[C]. Springer Berlin Heidelberg, 2012. 199-217.
[10]	YANG K , JIA X , REN K ,et al. Enabling efficient access control with dynamic policy updating for big data in the cloud[A]. INFOCOM,2014 Proceedings IEEE[C]. 2014. 2013-2021.
[11]	NISHIDE T , YONEYAMA K , OHTA K . Attribute-based encryption with partially hidden encryptor-specified access structures[A]. Applied cryptography and network security[C]. Springer Berlin Heidelberg, 2008. 111-129.
[12]	LI J , REN K , ZHU B ,et al. Privacy-aware attribute-based encryption with user accountability[A]. Information Security[C]. Springer Berlin Heidelberg, 2009. 347-362.
[13]	LAI J , DENG R H , LI Y . Expressive CP-ABE with partially hidden access structures[A]. Proceedings of the 7th ACM Symposium on Information,Computer and Communications Security[C]. ACM, 2012. 18-19.
[14]	BEIMEL A . Secure Schemes for Secret Sharing and Key Distribution[D]. Technion-Israel Institute of Technology,Faculty of Computer Science, 1996.
[15]	BONEH D , GOH E J , NISSIM K . Evaluating 2-DNF formulas on ciphertexts[A]. Theory of Cryptography[C]. Springer Berlin Heidelberg, 2005. 325-341.
[16]	LEWKO A , OKAMOTO T , SAHAI A ,et al. Fully secure functional encryption:attribute-based encryption and (hierarchical) inner product encryption[A]. Advances in Cryptology–EUROCRYPT 2010[C]. Springer Berlin Heidelberg, 2010. 62-91.
[17]	DE CARO A , IOVINO V , PERSIANO G . Fully secure anonymous hibe and secret-key anonymousibe with short ciphertexts[A]. Pairing-Based Cryptography-Pairing 2010[C]. Springer Berlin Heidelberg, 2010. 347-366.
[18]	LEWKO A , WATERS B . New techniques for dual system encryption and fully secure HIBE with short ciphertexts[A]. Theory of Cryptography[C]. Springer Berlin Heidelberg, 2010. 455-479.
[19]	WATERS B . Dual system encryption:realizing fully secure IBE and HIBE under simple assumptions[A]. Advances in Cryptology-CRYPTO 2009[C]. Springer Berlin Heidelberg, 2009. 619-636.

符号	描述
U	属性总集合
PK ,MSK,SK_S	系统公开参数，主密钥及用户私钥
CT ,CT'	原始密文及新密文
(A,ρ,Γ),(A′,ρ′,Γ′)	旧访问策略及新访问策略。其中A是被分享的矩阵，ρ将属性和每一行映射，Γ 为属性值，(A′,ρ′,Γ′)的定义与其类似
E_info (M)	关于M的加密信息，用于策略更新
DPUK_M	关于 M 的升级秘钥，发给云端对原始密文CT 进行更新
R_1A′ ,R_2A′ ,R_3A′	新旧策略对比后产生的属性名称对应的行索引信息

支持动态策略更新的半策略隐藏属性加密方案

Partially policy hidden CP-ABE supporting dynamic policy updating

在线阅读

PDF下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 2

参考文献 19

相关文章 15

Metrics

推荐阅读 0

[1]	侯红霞, 张明瑞, 赵艳琦, 董晓丽. 素数阶群上基于非对称对的身份基环签名[J]. 通信学报, 2021, 42(9): 155-164.
[2]	董江涛, 闫沛文, 杜瑞忠. 雾计算中基于无配对CP-ABE可验证的访问控制方案[J]. 通信学报, 2021, 42(8): 139-150.
[3]	杜瑞忠, 闫沛文, 刘妍. 雾计算中细粒度属性更新的外包计算访问控制方案[J]. 通信学报, 2021, 42(3): 160-170.
[4]	田苗苗, 陈静, 仲红. 格上基于身份的增量签名方案[J]. 通信学报, 2021, 42(1): 108-117.
[5]	杨小东,李雨潼,王晋利,麻婷春,王彩芬. 标准模型下可撤销的基于身份的代理重签名方案[J]. 通信学报, 2019, 40(5): 153-162.
[6]	孟倩,马建峰,陈克非,苗银宾,杨腾飞. 基于云计算平台的物联网加密数据比较方案[J]. 通信学报, 2018, 39(4): 167-175.
[7]	杨小东,陈春霖,杨平,安发英,麻婷春,王彩芬. 可证安全的部分盲代理重签名方案[J]. 通信学报, 2018, 39(2): 65-72.
[8]	柳欣,徐秋亮,张斌,张波. 基于直接匿名证明的k次属性认证方案[J]. 通信学报, 2018, 39(12): 113-133.
[9]	汤永利,胡明星,刘琨,叶青,闫玺玺. 新的格上基于身份的全同态加密方案[J]. 通信学报, 2017, 38(5): 39-47.
[10]	牛淑芬,牛灵,王彩芬,李亚红. 标准模型下可证明安全的无证书广义签密[J]. 通信学报, 2017, 38(4): 35-45.
[11]	叶青,胡明星,汤永利,刘琨,闫玺玺. 新的格上基于身份的分级加密方案[J]. 通信学报, 2017, 38(11): 54-64.
[12]	闫玺玺,刘媛,李子臣,汤永利. 支持策略动态更新的多机构属性基加密方案[J]. 通信学报, 2017, 38(10): 94-101.
[13]	杨小东,杨苗苗,高国娟,李亚楠,鲁小勇,王彩芬. 强不可伪造的基于身份服务器辅助验证签名方案[J]. 通信学报, 2016, 37(6): 49-55.
[14]	杨春丽,闫建华,郑世慧,王励成,杨榆. 对一个格基身份签名方案的分析和改进[J]. 通信学报, 2015, 36(5): 104-111.
[15]	李艳琼,李继国,张亦辰. 标准模型下安全的无证书签名方案[J]. 通信学报, 2015, 36(4): 186-194.