云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案

doi:10.11959/j.issn.1000-436x.2021206

通信学报 ›› 2021, Vol. 42 ›› Issue (10): 81-94.doi: 10.11959/j.issn.1000-436x.2021206

云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案

张嘉伟, 马建峰, 马卓, 李腾

西安电子科技大学网络与信息安全学院，陕西西安 710071

修回日期:2021-09-15 出版日期:2021-10-25 发布日期:2021-10-01
作者简介:张嘉伟（1985- ），男，山西太原人，西安电子科技大学博士生，主要研究方向为网络安全、访问控制、数据安全、云计算安全和区块链等
马建峰（1963- ），男，陕西西安人，博士，西安电子科技大学教授、博士生导师，主要研究方向为网络安全、系统安全、数据安全和无人机安全等
马卓（1980- ），男，陕西延安人，博士，西安电子科技大学教授、博士生导师，主要研究方向为人工智能与无人系统安全、无线网络安全等
李腾（1991- ），男，陕西西安人，博士，西安电子科技大学讲师，主要研究方向为网络安全、系统日志分析、攻击检测、数据安全和隐私保护
基金资助:
国家自然科学基金资助项目(61902291);中国博士后基金资助项目(2019M653567);陕西省自然科学基金资助项目(2019JM-425);中央高校基本科研业务费专项资金资助项目(JB191507)

Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing

Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI

School of Cyber Engineering, Xidian University, Xi’an 710071, China

Revised:2021-09-15 Online:2021-10-25 Published:2021-10-01
Supported by:
The National Natural Science Foundation of China(61902291);China Postdoctoral Science Foundation(2019M653567);The Natural Science Foundation of Shaanxi Province(2019JM-425);The Fundamental Research Funds for the Central Universities(JB191507)

摘要/Abstract

摘要：

传统的密文策略属性基加密方案为云计算数据共享服务提供细粒度访问控制功能的同时，其访问策略中的明文属性会导致隐私和敏感数据泄露，而且根据恶意用户泄露的解密密钥对其进行高效追踪并撤销是一个挑战性问题，同时，大多数现有可撤销方案中都存在着撤销列表过长、效率过低等缺陷。针对这些问题，基于密文策略属性基加密方法，提出一种可撤销可追踪的基于时间并具有隐私保护的云数据共享方案。通过隐藏访问策略的属性值，所提方案支持单调且部分隐藏的访问策略和大规模属性空间，并使用层级的基于身份加密技术设置用户密钥有效期从而实现基于时间限制的数据访问控制。在此基础上，利用白盒追踪和二叉树技术，所提方案实现了高效的用户追踪和具有较短用户撤销列表的直接用户撤销，并使用在线/离线和可验证外包解密技术提高整体效率。最后，在判定性q-BDHE假设下，所提方案被证明是安全的。理论分析和实验结果显示，所提方案在时间和存储开销方面具有较高的性能。

关键词: 密文策略属性基加密, 云计算, 基于时间的访问控制, 白盒追踪, 直接用户撤销

Abstract:

General ciphertext-policy attribute-based encryption (CP-ABE) provides fine-grained access control for data sharing in cloud computing, but its plaintext formed access policy may cause leakage of private and sensitive data.And revoking a malicious user by accurately tracing the identity according to a leaked decryption key is a huge challenge.Moreover, most of existing revocable schemes incur long user revocation list and low efficiency.To solve these problems, a time-based and privacy preserving revocable and traceable data sharing scheme was proposed based on CP-ABE to support expressive monotonic and partial hidden access policy, large attribute universe by conceal the attribute values in access policy.Time-limited data access control using hierarchical identity-based encryption was achieved to set key valid period for users.Moreover, with the approaches of white-box tracing and binary tree, efficient user tracing and direct revocation with shorter revocation list was realized together with high efficiency via online/offline and verifiable outsourced decryption techniques.Furthermore, the scheme was secure under decisional q-BDHE assumption.Theoretical analysis and extensive experiments demonstrate its advantageous performance in computational and storage cost.

Key words: CP-ABE, cloud computing, time-based access control, while-box tracing, direct user revocation

中图分类号:

TP309

张嘉伟, 马建峰, 马卓, 李腾. 云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案[J]. 通信学报, 2021, 42(10): 81-94.

Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing[J]. Journal on Communications, 2021, 42(10): 81-94.

图/表 9

表1

图1

图2

表2

本文方案和相关方案的计算开销比较"

方案	加密	解密	密钥生成
文献[13]方案	$(7 \| I \| + 2) E_{i} + 2 E_{T} + (7 \| I \| + 1) M_{i j} + M_{T}$	$\| I \| E_{T} + (2 \| I \| + 1) P_{i j} + 2 \| I \| M_{i j}$	$(2 \| S \| + 3) E_{i} + (2 \| S \| + 3) M_{i j}$
文献[16]方案	$(7 \| I \| + 4) E_{i} + 2 E_{T} + (7 \| I \| + 2) M_{i j} + M_{T}$	$(2 \| I \| + 1) E_{i} + \| I \| E_{T} + (2 \| I \| + 1) P_{i j} + (2 \| I \| + 1) M_{i j}$	$(2 \| S \| + 4) E_{i} + (2 \| S \| + 4) M_{i j}$
文献[23]方案	$(4 \| I \| + \| C \| + 2) E_{1} + E_{2} + \| I \| M_{1} + M_{2}$	$(2 \| I \| + 1) E_{1} + (2 \| I \| + 4) M_{1} + (3 \| I \| + 1) P$	$(2 \| S \| + 5) E_{1} + (\| S \| + 1) M_{1}$
本文方案	$(l_{d} + \| C \| + 1) E_{1} + l_{d} M_{1}$	$E_{1} + E_{2} + 2 M_{1} + P$	$(2 \| S \| + d + 8) E_{1} + (l_{σ} + \| S \|) M_{1}$

表2

表3

本文方案和相关方案的存储开销对比"

方案	公共参数长度	用户密钥长度	密文长度
方案[13]方案	$4 \| G_{i} \|+\| G_{T} \|$	$(\| S \|+2)\| G_{i j} \|$	$(3 l +2)\| G_{i j} \|+2\| G_{T} \|$
方案[16]方案	$4 \| G_{i} \|+\| G_{T} \|$	$(\| S \|+3)\| G_{i j} \|+\| ℤ_{N} \|$	$(3 l +4)\| G_{i j} \|+2\| G_{T} \|$
方案[23]方案	$(2 \| U \| + 3) \| G_{1} \| + \| G_{2} \|$	$(\| S \| + 4) \| G_{1} \| + (\| P \| + 1) \| ℤ_{p} \|$	$(3 l + \| C \| + 2) \| G_{1} \| + \| G_{2} \|$
本文方案	$(2 \| U \| + d + 3) \| G_{1} \| + \| G_{2} \|$	$\| G_{1} \| + (\| P \| + 1) \| ℤ_{p} \|$	$(3 l + \| C \| + 3) \| G_{1} \| + \| G_{2} \| + 2 l \| ℤ_{p} \|$

表3

图3

图4

图5

图6

参考文献 25

[13]	ZHANG Y H , ZHENG D , DENG R H . Security and privacy in smart health:efficient policy-hiding attribute-based access control[J]. IEEE Internet of Things Journal, 2018,5(3): 2130-2145.
[14]	FAN K , XU H Y , GAO L X ,et al. Efficient and privacy preserving access control scheme for fog-enabled IoT[J]. Future Generation Computer Systems, 2019,99: 134-142.
[15]	CUI H , DENG R H , LAI J Z ,et al. An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures,revisited[J]. Computer Networks, 2018,133: 157-165.
[16]	LI Q , ZHANG Y H , ZHANG T ,et al. HTAC:fine-grained policy-hiding and traceable access control in mHealth[J]. IEEE Access, 2020,8: 123430-123439.
[17]	ZHANG P , CHEN Z H , LIANG K T ,et al. A cloud-based access control scheme with user revocation and attribute update[C]// Information Security and Privacy. Cham:Springer, 2016: 525-540.
[18]	LI J G , YAO W , ZHANG Y C ,et al. Flexible and fine-grained attribute-based data storage in cloud computing[J]. IEEE Transactions on Services Computing, 2017,10(5): 785-796.
[19]	ZHANG J W , LI T , OBAIDAT M S ,et al. Enabling efficient data sharing with auditable user revocation for IoV systems[J]. IEEE Systems Journal, 2021,PP(99): 1.
[20]	ZHANG J W , MA J F , LI T ,et al. Efficient hierarchical and time-sensitive data sharing with user revocation in mobile crowdsensing[J]. Security and Communication Networks, 2021,2021: 1-17.
[21]	QIN B D , ZHAO Q L , ZHENG D ,et al. (Dual) server-aided revocable attribute-based encryption with decryption key exposure resistance[J]. Information Sciences, 2019,490: 74-92.
[22]	LIU Z H , DUAN S H , ZHOU P L ,et al. Traceable-then-revocable ciphertext-policy attribute-based encryption scheme[J]. Future Generation Computer Systems, 2019,93: 903-913.
[23]	HAN D Z , PAN N N , LI K C . A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection[J]. IEEE Transactions on Dependable and Secure Computing, 2020,PP(99): 1.
[24]	LIU J K , YUEN T H , ZHANG P ,et al. Time-based direct revocable ciphertext-policy attribute-based encryption with short revocation list[C]// Applied Cryptography and Network Security. Berlin:Springer, 2018: 516-534.
[1]	ZHANG J W , MA J F , MA Z ,et al. Efficient hierarchical data access control for resource-limited users in cloud-based e-health[C]// Proceedings of 2019 International Conference on Networking and Network Applications (NaNA). Piscataway:IEEE Press, 2019: 319-324.
[2]	MIAO Y B , WENG J , LIU X M ,et al. Enabling verifiable multiple keywords search over encrypted cloud data[J]. Information Sciences, 2018,465: 21-37.
[3]	MIAO Y B , DENG R H , LIU X M ,et al. Multi-authority attribute-based keyword search over encrypted cloud data[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(4): 1667-1680.
[4]	ISLAM M A , MADRIA S . Attribute-based encryption scheme for secure multi-group data sharing in cloud[J]. IEEE Transactions on Services Computing, 2020,PP(99): 1.
[5]	ZHANG Z T , ZENG P , PAN B F ,et al. Large-universe attribute-based encryption with public traceability for cloud storage[J]. IEEE Internet of Things Journal, 2020,7(10): 10314-10323.
[6]	QI S Y , LU Y S , ZHENG Y Q ,et al. CPDS:enabling compressed and private data sharing for industrial Internet of things over blockchain[J]. IEEE Transactions on Industrial Informatics, 2021,17(4): 2376-2387.
[7]	HOHENBERGER S , WATERS B . Online/offline attribute-based encryption[C]// International Workshop on Public Key Cryptography. Berlin:Springer, 2014: 293-310.
[8]	ROUSELAKIS Y , WATERS B . Practical constructions and new proof methods for large universe attribute-based encryption[C]// Proceedings of the 2013 ACM SIGSAC Conference on Computer ＆ Communications Security. New York:ACM Press, 2013: 463-474.
[9]	JOSHI M , JOSHI K , FININ T . Attribute based encryption for secure access to cloud based EHR systems[C]// Proceedings of 2018 IEEE 11th International Conference on Cloud Computing (CLOUD). Piscataway:IEEE Press, 2018: 932-935.
[10]	LIU Z C , JIANG Z L , WANG X ,et al. Practical attribute-based encryption:outsourcing decryption,attribute revocation and policy updating[J]. Journal of Network and Computer Applications, 2018,108: 112-123.
[11]	FAN W J , LI F , CHEN X W ,et al. Deploying parallelised ciphertext-policy attributed-based encryption in clouds[J]. International Journal of Computational Science and Engineering, 2018,16(3): 321.
[12]	NING J T , CAO Z F , DONG X L ,et al. Auditable $\sigma $ -time outsourced attribute-based encryption for access control in cloud computing[J]. IEEE Transactions on Information Forensics and Security, 2018,13(1): 94-105.
[25]	DE CARO A , IOVINO V . JPBC:Java pairing based cryptography[C]// Proceedings of 2011 IEEE Symposium on Computers and Communications (ISCC). Piscataway:IEEE Press, 2011: 850-855.

方案	F1	F2	F3	F4	F5	F6	F7	F8
文献[19]	√	×	×	×	×	√	√	√
文献[20]	√	×	×	×	√	√	√	√
文献[24]	√	√	×	×	√	×	×	√
文献[13]	×	×	√	×	×	×	√	×
文献[16]	√	×	√	√	×	×	√	×
文献[23]	√	×	√	√	×	×	√	√
本文方案	√	√	√	√	√	√	√	√

方案	加密	解密	密钥生成
文献[13]方案	$(7 \| I \| + 2) E_{i} + 2 E_{T} + (7 \| I \| + 1) M_{i j} + M_{T}$	$\| I \| E_{T} + (2 \| I \| + 1) P_{i j} + 2 \| I \| M_{i j}$	$(2 \| S \| + 3) E_{i} + (2 \| S \| + 3) M_{i j}$
文献[16]方案	$(7 \| I \| + 4) E_{i} + 2 E_{T} + (7 \| I \| + 2) M_{i j} + M_{T}$	$(2 \| I \| + 1) E_{i} + \| I \| E_{T} + (2 \| I \| + 1) P_{i j} + (2 \| I \| + 1) M_{i j}$	$(2 \| S \| + 4) E_{i} + (2 \| S \| + 4) M_{i j}$
文献[23]方案	$(4 \| I \| + \| C \| + 2) E_{1} + E_{2} + \| I \| M_{1} + M_{2}$	$(2 \| I \| + 1) E_{1} + (2 \| I \| + 4) M_{1} + (3 \| I \| + 1) P$	$(2 \| S \| + 5) E_{1} + (\| S \| + 1) M_{1}$
本文方案	$(l_{d} + \| C \| + 1) E_{1} + l_{d} M_{1}$	$E_{1} + E_{2} + 2 M_{1} + P$	$(2 \| S \| + d + 8) E_{1} + (l_{σ} + \| S \|) M_{1}$

方案	公共参数长度	用户密钥长度	密文长度
方案[13]方案	$4 \| G_{i} \|+\| G_{T} \|$	$(\| S \|+2)\| G_{i j} \|$	$(3 l +2)\| G_{i j} \|+2\| G_{T} \|$
方案[16]方案	$4 \| G_{i} \|+\| G_{T} \|$	$(\| S \|+3)\| G_{i j} \|+\| ℤ_{N} \|$	$(3 l +4)\| G_{i j} \|+2\| G_{T} \|$
方案[23]方案	$(2 \| U \| + 3) \| G_{1} \| + \| G_{2} \|$	$(\| S \| + 4) \| G_{1} \| + (\| P \| + 1) \| ℤ_{p} \|$	$(3 l + \| C \| + 2) \| G_{1} \| + \| G_{2} \|$
本文方案	$(2 \| U \| + d + 3) \| G_{1} \| + \| G_{2} \|$	$\| G_{1} \| + (\| P \| + 1) \| ℤ_{p} \|$	$(3 l + \| C \| + 3) \| G_{1} \| + \| G_{2} \| + 2 l \| ℤ_{p} \|$

云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案

Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 25

相关文章 15

Metrics

推荐阅读 0

[1]	马玲, 樊漆亮, 许婷, 郭冠琛, 张圣林, 孙永谦, 张玉志. 基于强化学习的在线离线混部云环境下的调度框架[J]. 通信学报, 2023, 44(6): 90-102.
[2]	王化群, 刘哲, 何德彪, 李继国. 公有云中身份基多源IoT终端数据PDP方案[J]. 通信学报, 2021, 42(7): 52-60.
[3]	张键红, 武梦龙, 王晶, 刘沛, 姜正涛, 彭长根. 云环境下安全的可验证多关键词搜索加密方案[J]. 通信学报, 2021, 42(4): 139-149.
[4]	李瑞琪, 贾春福, 王雅飞. 基于NTRU的多密钥同态代理重加密方案及其应用[J]. 通信学报, 2021, 42(3): 11-22.
[5]	王文娟, 杜学绘, 单棣斌. 基于动态概率攻击图的云环境攻击场景构建方法[J]. 通信学报, 2021, 42(1): 1-17.
[6]	田有亮,骆琴. 基于改进Merkle-Tree认证方法的可验证多关键词搜索方案[J]. 通信学报, 2020, 41(9): 118-129.
[7]	王娜,郑坤,付俊松,李剑. 基于分块的移动边缘计算密文检索方法[J]. 通信学报, 2020, 41(7): 95-102.
[8]	赵临东,庄文芹,陈建新,周亮. 异构蜂窝网络中分层任务卸载：建模与优化[J]. 通信学报, 2020, 41(4): 34-44.
[9]	梁冰,纪雯. 基于次模优化的边云协同多用户计算任务迁移方法[J]. 通信学报, 2020, 41(10): 25-36.
[10]	苏命峰,王国军,李仁发. 基于利益相关视角的多维QoS云资源调度方法[J]. 通信学报, 2019, 40(6): 102-115.
[11]	陈兴蜀,滑强,王毅桐,葛龙,朱毅. 云环境下SDN网络低速率DDoS攻击的研究[J]. 通信学报, 2019, 40(6): 210-222.
[12]	王万良, 臧泽林, 陈国棋, 屠杭垚, 王宇乐, 陆琳彦. 大规模云计算服务器优化调度问题的最优二元交换算法研究[J]. 通信学报, 2019, 40(5): 180-191.
[13]	王田,沈雪微,罗皓,陈柏生,王国军,贾维嘉. 基于雾计算的可信传感云研究进展[J]. 通信学报, 2019, 40(3): 170-181.
[14]	何欣枫,田俊峰,刘凡鸣. 可信云平台技术综述[J]. 通信学报, 2019, 40(2): 154-163.
[15]	朱智强,林韧昊,胡翠云. 基于数字证书的openstack身份认证协议[J]. 通信学报, 2019, 40(2): 188-196.