通信学报 ›› 2017, Vol. 38 ›› Issue (10): 94-101.doi: 10.11959/j.issn.1000-436x.2017201

• 学术论文 • 上一篇    下一篇

支持策略动态更新的多机构属性基加密方案

闫玺玺1,刘媛1,李子臣2,汤永利1   

  1. 1 河南理工大学计算机科学与技术学院,河南 焦作 454003
    2 北京印刷学院信息工程学院,北京 102600
  • 修回日期:2017-07-25 出版日期:2017-10-01 发布日期:2017-11-16
  • 作者简介:闫玺玺(1985-),女,河南灵宝人,博士,河南理工大学讲师、硕士生导师,主要研究方向为网络与信息安全、数字版权管理、数字内容安全和密码学。|刘媛(1989-),女,河南濮阳人,河南理工大学硕士生,主要研究方向为密码学、网络与信息安全。|李子臣(1965-),男,河南温县人,北京印刷学院教授、博士生导师,主要研究方向为信息安全、电子商务和密码学。|汤永利(1972-),男,河南焦作人,河南理工大学教授、硕士生导师,主要研究方向为密码学算法检测、网络与信息安全。
  • 基金资助:
    国家自然科学基金资助项目(61300216);河南省科技厅基金资助项目(132102210123);河南省教育厅科研基金资助项目(16A520013);河南理工大学2015年青年骨干教师基金资助项目

Multi-authority attribute-based encryption scheme with policy dynamic updating

Xi-xi YAN1,Yuan LIU1,Zi-chen LI2,Yong-li TANG1   

  1. 1 College of Computer Science and Technology,Henan Polytechnic University,Jiaozuo 454003,China
    2 College of Information Engineering,Beijing Institute of Graphic Communication,Beijing 102600,China
  • Revised:2017-07-25 Online:2017-10-01 Published:2017-11-16
  • Supported by:
    The National Natural Science Foundation of China(61300216);The Science Project of Henan Province(132102210123);The Scientific Research Project of Henan Province(16A520013);The Research Fund for Young Backbone Teachers of Henan Polytechnic University in 2015

摘要:

属性基加密方案被认为是云存储环境下数据资源访问控制的最佳选择,但是策略更新很大程度上限制了其在实际中的应用。针对此问题,提出一种支持策略动态更新的多机构属性基加密方案。该方案引入匿名密钥分发协议为用户生成私钥,有效地保护用户的隐私,并抵抗属性机构的共谋攻击。另外,方案采用动态策略更新算法,支持任何类型的策略更新,大大减少传统策略更新中的计算和通信开销。经安全性分析证明,方案在标准模型下满足自适应选择明文攻击安全。通过对比,用户私钥和密文长度都有所减少,密文更新交给云服务器完成,降低了数据拥有者的工作量,更加贴近实际应用。

关键词: 属性基加密, 多机构, 动态策略更新, 隐私保护

Abstract:

Attribute-based encryption (ABE) is a new cryptographic technique which guarantees fine-grained access control of outsourced encrypted data in the cloud environment.However,a key limitation remains,namely policy updating.Thus,a multi-authority attribute-based encryption scheme with policy dynamic updating was proposed.In the scheme,an anonymous key issuing protocol was introduced to protect users’ privacy and resist collusion attack of attribute authority.The scheme with dynamic policy updating technique was secure against chosen plaintext attack under the standard model and can support any types of policy updating.Compared to the existing related schemes,the size of ciphertext and users’ secret key is reduced and can significantly reduce the computation and communication costs of updating ciphertext.It is more effective in the practical application.

Key words: attribute based encryption, multi-authority, dynamic policy updating, privacy protection

中图分类号: 

  • TP309