通信学报 ›› 2019, Vol. 40 ›› Issue (6): 32-39.doi: 10.11959/j.issn.1000-436x.2019150

• 专题:网络攻防与安全度量 • 上一篇    下一篇

可高效撤销的属性基加密方案

李学俊,张丹,李晖   

  1. 西安电子科技大学网络与信息安全学院,陕西 西安 710071
  • 修回日期:2019-05-02 出版日期:2019-06-25 发布日期:2019-07-04
  • 作者简介:李学俊(1969- ),女,山西浮山人,博士,西安电子科技大学副教授,主要研究方向为物联网数据安全、安全方案及协议设计、无线网络安全。|张丹(1994- ),女,陕西咸阳人,西安电子科技大学硕士生,主要研究方向为属性基加密、物联网安全。|李晖(1968- ),男,河南灵宝人,博士,西安电子科技大学教授、博士生导师,主要研究方向为密码学、无线网络安全、云计算安全、信息论与编码理论。
  • 基金资助:
    国家重点研发计划基金资助项目(2018YFB0804701);国家自然科学基金资助项目(61572460)

Efficient revocable attribute-based encryption scheme

LI Xuejun,ZHANG Dan,LI Hui   

  1. School of Cyber Engineering,Xidian University,Xi’an 710071,China
  • Revised:2019-05-02 Online:2019-06-25 Published:2019-07-04
  • Supported by:
    The National Key Research and Development Project of China(2018YFB0804701);The National Natural Science Foundation of China(61572460)

摘要:

在现有的解决方案中,基于时间的方案难以实现即时撤销,基于第三方的方案往往需要重加密运算,计算量大,不适用于海量密文数据。针对该问题,提出了一种高效的支持用户和属性级别的即时撤销方案,所提方案基于经典的LSSS型访问结构的CP-ABE,引入了RSA密钥管理机制和属性认证思想,借助半可信第三方,在解密之前对用户进行属性认证。与现有的撤销方案对比,所提方案只需半可信第三方更新 RSA 属性认证密钥,不需要用户更新密钥且不需要重加密密文,极大地减少了撤销带来的计算量和通信量,同时保证了抗串谋攻击和前后向安全性。安全性分析和实验仿真证明,所提方案具有更高的撤销效率。

关键词: 密文-策略属性基加密机制, 属性撤销, RSA密钥管理, 多机构, 计算开销小

Abstract:

In the existing solutions,the time-based scheme is difficult to achieve immediate revocation,and the third-party-based scheme often requires re-encryption,which needs large amount of calculation and doesn’t apply to mas-sive data.To solve the problem,an efficient and immediate CP-ABE scheme was proposed to support user and attribute lev-els revocation.The scheme was based on the classic LSSS access structure,introducing RSA key management mechanism and attribute authentication.By means of a semi-trusted third party,the user could be authenticated before decryption.Com-pared with the existing revocation schemes,The proposed scheme didn’t need the user to update the key or re-encrypt the ciphertext.The semi-trusted third party wasn’t required to update the RSA attribute authentication key.The scheme greatly reduced the amount of computation and traffic caused by revocation,while ensuring anti-collusion attacks and forward and backward security.Finally,the security analysis and experimental simulation show that the scheme has higher revocation ef-ficiency.

Key words: CP-ABE, attribute revocation, RSA key management, multi-authority, less computation

中图分类号: 

  • TN918