通信学报 ›› 2014, Vol. 35 ›› Issue (Z2): 53-62.doi: 10.3969/j.issn.1000-436x.2014.z2.009

• 学术论文 • 上一篇    下一篇

权限分离的属性基加密数据共享方案

朱辉,雷婉,黄容,李晖,刘西蒙   

  1. 西安电子科技大学 综合业务网理论及关键技术国家重点实验室,陕西 西安 710071
  • 出版日期:2014-11-25 发布日期:2017-06-19
  • 基金资助:
    国家自然科学基金资助项目;国家自然科学基金资助项目;中央高校基本科研业务费基金资助项目;国家移动通信重大专项基金资助项目;高等学校学科创新引智计划基金资助项目

Privilege separation of data sharing scheme using attribute-based encryption

Hui ZHU,Wan LEI,Rong HUANG,Hui LI,Xi-meng LIU   

  1. State Key Laboratory of Integrated Services Networks,Xidian University,Xi'an 710071,China
  • Online:2014-11-25 Published:2017-06-19
  • Supported by:
    The National Natural Science Foundation of China;The National Natural Science Foundation of China;Fundamental Research Foundations for the Central Universities of China;The National Mobile Communication Major Project;111 Project

摘要:

属性基加密(ABE,attribute-based encryption)用于提供细粒度访问控制及一对多加密,现已被广泛应用于分布式环境下数据共享方案以提供隐私保护。然而,现有的属性基加密数据共享方案均允许数据拥有者任意修改数据,导致数据真实性无法保证,经常难以满足一些实际应用需求,如个人电子病例、审核系统、考勤系统等。为此,提出一种能保证数据真实可靠且访问控制灵活的数据共享方案。首先,基于 RSA 代理加密技术实现读写权限分离机制以保证数据真实可靠;其次,使用属性基加密机制提供灵活的访问控制策略;最后,利用关键字检索技术实现支持密钥更新的高效撤销机制。详细的安全性分析表明本方案能提供数据机密性以实现隐私保护,且性能分析和仿真表明本方案具有较高效率,能有效满足实际应用需求。

关键词: 属性基加密, 访问控制, 权限分离, 隐私保护, 数据共享

Abstract:

Attribute-based encryption (ABE),which can provide fine-grained access control and flexible one-to-many encryption,has been envisioned as an important data sharing approach to achieve privacy preserving in the distributed environment.However,the flourish of the data sharing approach using attribute-based encryption still hinges upon how to fully understand and manage the challenges facing in the distributed environment,especially the veracity of the data.In fact,all of the existing data sharing schemes allow data owner to modify data without restrictions,in which the veracity of the data has been questioned and that cannot satisfy the demands of practical application sometimes,such as personal electronic medical records or assessment systems.A data sharing scheme with privilege separation is presented,in which the veracity of the data can be ensured and the flexible access control can be provided.Based on RSA-based proxy encryption,a new efficient privilege separation mechanism is introduced to ensure the veracity of the data; exploiting attribute-based encryption,the data owner can define the access policy to achieve fine-grained access control.Detailed security analysis shows that the proposed data sharing scheme can provide the data confidentiality to achieve privacy preserving.In addition,the performance analysis demonstrates the scheme’s effectiveness in terms of the computation costs.

Key words: attribute-based encryption, access control, privilege separation, privacy preserving, data sharing