面向移动云的属性基密文访问控制优化方法

doi:10.11959/j.issn.1000-436x.2018112

摘要/Abstract

摘要：

针对移动云数据安全共享与访问控制问题，综合考虑当前密文访问控制机制的不足以及移动终端资源受限、网络带宽较低等特点，提出了一种面向移动云的属性基密文访问控制优化方法。通过引入属性基加密运算分割和双重加密机制，并结合多秘密共享技术进行改进，实现了移动用户数据发布和权限管理开销的大幅优化。理论和实验分析表明，所提方案在安全性、计算和网络开销等方面均能够满足移动云中的访问控制需求，具有良好的应用前景。

关键词: 移动云, 访问控制, 双重加密, 属性基加密, 优化

Abstract:

For the problem of secure data sharing and access control in mobile cloud,the drawback of traditional cryptographic access control schemes was deeply analyzed.Considering the truth that mobile devices were usually equipped with limited resources,an optimized attribute-based cryptographic access control scheme was proposed in this study.In the proposed scheme,a third party proxy was introduced into the system model,and the two-layer encryption method was applied.Combining traditional attribute-based encryption (ABE) algorithm with multi-secret sharing and split measurement of ABE encryption,the scheme could greatly reduce the cost of mobile users in terms of data publish and access management.Theoretical and experimental analysis shows that the contribution can well meet the requirements of mobile cloud in terms of security,computational complexity and communication cost,which means that it is promising for future applications.

Key words: mobile cloud, access control, two-layer encryption, attribute-based encryption, optimization

中图分类号:

TP309.2

刘建,鲜明,王会梅,荣宏. 面向移动云的属性基密文访问控制优化方法[J]. 通信学报, 2018, 39(7): 39-49.

Jian LIU,Ming XIAN,Huimei WANG,Hong RONG. Optimization method for attribute-based cryptographic access control in mobile cloud computing[J]. Journal on Communications, 2018, 39(7): 39-49.

图/表 7

图1

表1

本文方案与HW方案密文结构对比"

方案	随机密文部分	修正值部分
本文方案	$C_{0}, {C_{j, 3}, C_{j, 4}, C_{j, 5}}_{j \in [l]}, C_{8}$	$C_{1}, {C_{j, 2}, C_{j, 6}, C_{j, 7}}_{j \in [l]}$
HW方案	$C_{0}, {C_{j, 1}, C_{j, 2}, C_{j, 3}}_{j \in [l]}$	${C_{j, 4}, C_{j, 5}}_{j \in [l]}$

表1

图2

图3

图4

图5

表2

本文方案与其他方案在数据发布和权限撤销过程中的网络开销对比"

方案	数据发布过程中DO网络开销	权限撤销过程中DO网络开销
方案	数据发布过程中DO网络开销	下载	上传
RW方案	$\| m \| + (3 l + 1) \| p \|$	$\| m \| + (3 l + 1) \| p \|$	$\| m \| + (3 l + 1) \| p \|$
RW+双重加密方案	$\| m \| + (3 l + 1) \| p \|$	$(3 l + 1) \| p \|$	$(3 l + 1) \| p \|$
RW+替代重加密方案	$\| m \| + (3 l + 1) \| p \|$	$(3 l + 1) \| p \| + 2 \| m_{s} \|$	$(3 l + 1) \| p \| + 2 \| m_{s} \|$
本文方案	$\| m \| + (2 l + 3) \| p \|$	0	$2 l \| p \|$

表2

参考文献 26

[1]	李瑞轩, 董新华, 辜希武 ,等. 移动云服务的数据安全与隐私保护综述[J]. 通信学报, 2013,34(12): 158-166.
	LI R X , DONG X H , GU X W ,et al. Overview of the data security and privacy-preserving of mobile cloud services[J]. Journal on Communications, 2013,34(12): 158-166.
[2]	苏铓, 史振国, 谢绒娜 ,等. 面向移动云计算的多要素代理重加密方案[J]. 通信学报, 2015,36(11): 73-79.
	SU M , SHI Z G , XIE R N ,et al. Multi-element based on proxy re-encryption scheme for mobile cloud computing[J]. Journal on Communications, 2015,36(11): 73-79.
[3]	崔勇, 宋健, 缪葱葱 ,等. 移动云计算研究进展与趋势[J]. 计算机学报, 2017,40(2): 273-295.
	CUI Y , SONG J , MIAO C C ,et al. Mobile cloud computing research progress and trends[J]. Chinese Journal of Computers, 2017,40(2): 273-295.
[4]	王于丁, 杨家海, 徐聪 ,等. 云计算访问控制技术研究综述[J]. 软件学报, 2015,26(5): 1129-1150.
	WANG Y D , YANG J H , XU C ,et al. Survey on access control technologies for cloud computing[J]. Journal of Software, 2015,26(5): 1129-1150.
[5]	DONG C , RUSSELLO G , DULAY N . Shared and searchable encrypted data for untrusted servers[J]. Journal of Computer Security, 2011,19(3): 367-397.
[6]	SAHAI A , WATERS B . Fuzzy identity-based encryption[M]. Advances in Cryptology–EUROCRYPT, 2005: 457-473.
[7]	GOYAL V , PANDEY O , SAHAI A ,et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// The 13th ACM Conference on Computer and Communications Security. 2006: 89-98.
[8]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// IEEE Symposium on Security and Privacy. 2007: 321-334.
[9]	WATERS B . Ciphertext-policy attribute-based encryption:an expressive,efficient,and provably secure realization[M]. Public Key Cryptography–PKC, 2011: 53-70.
[10]	ZHOU L , VARADHARAJAN V , HITCHENS M . Achieving secure role-based access control on encrypted data in cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2013,8(12): 1947-1960.
[11]	ROUSELAKIS Y , WATERS B . Practical constructions and new proof methods for large universe attribute-based encryption[C]// ACM Sigsac Conference on Computer ＆ Communications Security. 2013: 463-474.
[12]	LIANG X , CAO Z , LIN H ,et al. Attribute based proxy re-encryption with delegating capabilities[C]// The 4th International Symposium on Information,Computer,and Communications Security. 2009: 276-286.
[13]	YU S , WANG C , REN K ,et al. Achieving secure,scalable,and fine-grained data access control in cloud computing[C]// The 29th Conference on Information Communications. 2010: 534-542.
[14]	YANG K , JIA X , REN K . Secure and verifiable policy update outsourcing for big data access control in the cloud[J]. IEEE Transactions on Parallel and Distributed Systems, 2015,26(12): 3461-3470.
[15]	CHENG Y , WANG Z Y , MA J ,et al. Efficient revocation in ciphertext-policy attribute-based encryption based cryptographic cloud storage[J]. Frontiers of Information Technology ＆ Electronic Engineering, 2013,14(2): 85-97.
[16]	YANG K , JIA X , REN K ,et al. DAC-MACS:effective data access control for multi-authority cloud storage systems[J]. IEEE Transactions on Information Forensics and Security, 2013,8(11): 1790-1801.
[17]	HAN J , SUSILO W , MU Y ,et al. Improving privacy and security in decentralized ciphertext-policy attribute-based encryption[J]. IEEE Transactions on Information Forensics and Security, 2015,10(3): 665-678.
[18]	HOHENBERGER S , WATERS B . Online/offline attribute-based encryption[M]. Public-Key Cryptography, 2014: 293-310.
[19]	GREEN M , HOHENBERGER S , WATERS B . Outsourcing the decryption of ABE ciphertexts[C]// The 20th USENIX Conference on Security. 2011:34.
[20]	LIN S , ZHANG R , MA H ,et al. Revisiting attribute-based encryption with verifiable outsourced decryption[J]. IEEE Transactions on Information Forensics and Security, 2015,10(10): 2119-2130.
[21]	SABRINA D C , SARA F , SUSHIL J ,et al. Over-encryption:management of access control evolution on outsourced data[C]// The 33rd International Conference on Very Large Data Bases. 2007: 123-134.
[22]	洪澄, 张敏, 冯登国 . 面向云存储的高效动态密文访问控制方法[J]. 通信学报, 2011,32(7): 125-132.
	HONG C , ZHANG M , FENG D G . Achieving efficient dynamic cryptographic access control in cloud storage[J]. Journal on Communications, 2011,32(7): 125-132.
[23]	BEIMEL A . Secure schemes for secret sharing and key distribution[M]. Technion-Israel Institute of Technology,Faculty of Computer Science, 1996.
[24]	BEIMEL A . Secret-sharing schemes:a survey[M]. Coding and cryptology, 2011: 11-46.
[25]	YU S , WANG C , REN K ,et al. Attribute based data sharing with attribute revocation[C]// The 5th ACM Symposium on Information,Computer and Communications Security. 2010: 261-270.
[26]	AKINYELE J A , GARMAN C , MIERS I ,et al. Charm:a framework for rapidly prototyping cryptosystems[J]. Journal of Cryptographic Engineering, 2013,3(2): 111-128.