支持高效密文密钥同步演化的安全数据共享方案

doi:10.11959/j.issn.1000-436x.2018083

通信学报 ›› 2018, Vol. 39 ›› Issue (5): 123-133.doi: 10.11959/j.issn.1000-436x.2018083

支持高效密文密钥同步演化的安全数据共享方案

严新成¹,陈越¹,贾洪勇²,陈彦如³,张馨月¹

¹ 解放军信息工程大学数据与目标工程学院，河南郑州 450001
² 郑州大学软件与应用科技学院，河南郑州 450001
³ 公安部第一研究所，北京 100048

修回日期:2018-04-13 出版日期:2018-05-01 发布日期:2018-06-01
作者简介:严新成（1991-），男，河南信阳人，解放军信息工程大学博士生，主要研究方向为应用密码学、云数据隐私保护、安全数据共享等。|陈越（1965-），男，河南开封人，博士，解放军信息工程大学教授、博士生导师，主要研究方向为网络与信息安全。|贾洪勇（1975-），男，河南西平人，博士，郑州大学讲师，主要研究方向为网络与信息安全、应用密码学、云数据访问控制。|陈彦如（1990-），女，河南三门峡人，公安部第一研究所助理工程师，主要研究方向为信息安全、等级保护等。|张馨月（1994-），女，满族，吉林通化人，解放军信息工程大学硕士生，主要研究方向为应用密码学、多级安全访问控制。
基金资助:
国家重点基础研究发展计划（“973”计划）基金资助项目(2012CB315901);河南省科技攻关计划基金资助项目(172102210017)

Secure data sharing scheme supporting efficient synchronous evolution for ciphertext and key

Xincheng YAN¹,Yue CHEN¹,Hongyong JIA²,Yanru CHEN³,Xinyue ZHANG¹

¹ School of Data and Target Engineering,PLA Information Engineering University,Zhengzhou 450001,China
² School of Software and Applied Technology,Zhengzhou University,Zhengzhou 450001,China
² The First Research Institute of the Ministry of Public Security,Beijing 100048,China

Revised:2018-04-13 Online:2018-05-01 Published:2018-06-01
Supported by:
The National Basic Research Program of China (973 Program)(2012CB315901);The Key Technologies R＆D Program of Henan Province(172102210017)

摘要/Abstract

摘要：

云存储密文的静态性增大了攻击者通过获取密钥破解密文的概率，而基于密钥分发和重加密的密文密钥更新则开销过大。针对此问题，提出一种支持高效密文密钥同步演化的安全数据共享方案（CKSE-SDS），通过在广播加密中引入密码学累加器构造支持时间周期性跳变的拟态变换因子，并基于密文及密钥的动态分割与融合实现高效的密文密钥同步演化，从而减少了加密过程和私钥分发的确定性，增大了攻击者利用安全漏洞获取密文密钥并破解密文的难度。理论分析及安全性证明表明，该方案在支持数据安全高效访问条件下，可有效降低攻击者攻击成功的概率，提升系统的主动安全防御能力。

关键词: 云存储, 广播加密, 密码学累加器, 数据共享, 同步演化

Abstract:

The static property of stored ciphertext in cloud increases the probability that an attacker can crack the ciphertext by obtaining a key,while ciphertext and key updates based on key distribution and re-encryption are excessively expensive.For this problem,a secure data sharing scheme supporting efficient synchronous evolution for ciphertext and key (CKSE-SDS) was proposed.By introducing cryptography accumulator in broadcast encryption,mimicry transformation factor could be constructed supporting time-hopping periodically and efficient synchronous evolution for ciphertext and key could be achieved based on dynamic segmentation and fusion of ciphertext and key,which reduced certainty in the process of encryption and key distribution and increased the difficulty for attackers exploiting security vulnerabilities to obtain key to crack ciphertext as well.Theoretical analysis and security proofs show that the proposed scheme can support secure and efficient data access as well as reduce the probability of a successful attack effectively for an attacker,which can also enhance the system’s active security defense capability.

Key words: cloud storage, broadcast encryption, cryptography accumulator, data sharing, synchronous evolution

中图分类号:

TP309.2

严新成,陈越,贾洪勇,陈彦如,张馨月. 支持高效密文密钥同步演化的安全数据共享方案[J]. 通信学报, 2018, 39(5): 123-133.

Xincheng YAN,Yue CHEN,Hongyong JIA,Yanru CHEN,Xinyue ZHANG. Secure data sharing scheme supporting efficient synchronous evolution for ciphertext and key[J]. Journal on Communications, 2018, 39(5): 123-133.

图/表 4

表1

表2

表3

表4

攻击概率对比"

场景	直接破解密文	获取密钥解密	攻击成功概率
P_w	$P_{g c_{i}} P_{d c_{i}}$	$P_{g c_{i}} P_{g k_{i}} P_{g d k_{i}}$	$P_{g c_{i}} P_{d c_{i}} + P_{g c_{i}} P_{g k_{i}} P_{g d k_{i}}$
P _1w	$P'_{g c_{i}} P'_{d c_{i}}$	$P'_{g c_{i}} P'_{g k_{i}} P'_{g d k_{i}}$	$P'_{g c_{i}} P'_{d c_{i}} + P'_{g c_{i}} P'_{g k_{i}} P'_{g d k_{i}}$
P_nw	$P_{g c_{i}} P_{d c_{i}}$	$\frac{1}{n^{3}} P_{g c_{i}} P_{g k_{i}} P_{g d k_{i}}$	$P_{g c_{i}} P_{d c_{i}} + \frac{1}{n^{3}} P_{g c_{i}} P_{g k_{i}} P_{g d k_{i}}$

表4

参考文献 25

[1]	苏金树, 曹丹, 王小峰 ,等. 属性基加密机制[J]. 软件学报, 2011,22(6): 1299-1315.
	SU J S , CAO D , WANG X F ,et al. Attribute-based encryption schemes[J]. Journal of Software, 2011,22(6): 1299-1315.
[2]	冯登国, 张敏, 张妍 ,等. 云计算安全研究[J]. 软件学报, 2011,22(1): 71-83.
	FENG D G , ZHANG M , ZHANG Y ,et al. Study on cloud computing security[J]. Journal of Software, 2011,22(1): 71-83.
[3]	黄刘生, 田苗苗, 黄河 . 大数据隐私保护密码技术研究综述[J]. 软件学报, 2015,26(4): 945-959.
	HUANG L S , TIAN M M , HUANG H . Preserving privacy in big data:a survey from the cryptographic perspective[J]. Journal of Software, 2015,26(4): 945-959.
[4]	DAN B , FRANKLIN M K . Identity-based encryption from the Weil pairing[C]// International Cryptology Conference. 2001: 213-229.
[5]	SAHAI A , WATERS B . Fuzzy identity-based encryption[C]// International Conference on Theory and Applications of Cryptographic Techniques. 2005: 457-473.
[6]	邬江兴 . 网络空间拟态安全防御[J]. 保密科学技术, 2014(10): 4-10.
	WU J X . Cyber minic security defense[J]. Secrecy Science and Technology, 2014(10): 4-10.
[7]	邬江兴 . 拟态计算与拟态安全防御的原意和愿景[J]. 电信科学, 2014,30(7): 1-7.
	WU J X . Meaning and vision of mimic computing and mimic security defense[J]. Telecommunications Science, 2014,30(7): 1-7.
[8]	刘杰, 曾浩洋, 田永春 ,等. 动态弹性安全防御技术及发展趋势[J]. 通信技术, 2015(2): 117-124.
	LIU J , ZENG H Y , TIAN Y C ,et al. Technology and development trend of dynamic resiliency for security defense[J]. Communications Technology, 2015(2): 117-124.
[9]	JAJODIA S , JAJODIA S , JAJODIA S ,et al. moving target defense[J]. Advances in Information Security, 2011,54: 99-108.
[10]	蔡桂林, 王宝生, 王天佐 ,等. 移动目标防御技术研究进展[J]. 计算机研究与发展, 2016,53(5): 968-987.
	CAI G L , WANG B S , WANG T Z ,et al. Research and development of moving target defense technology[J]. Journal of Computer Research and Development, 2016,53(5): 968-987.
[11]	JAJODIA S , GHOSH A K , SWARUP V ,et al. Moving target defense:creating asymmetric uncertainty for cyber threats[J]. Springer Ebooks, 2011.
[12]	WANG H , JIA Q , Dan F ,et al. A moving target DDoS defense mechanism[J]. Computer Communications, 2014,46(6): 10-21.
[13]	雷程, 马多贺, 张红旗 ,等. 基于最优路径跳变的网络移动目标防御技术[J]. 通信学报, 2017,38(3): 133-143.
	LEI C , MA D H , ZHANG H Q ,et al. Network moving target defense technique based on optimal forwarding path migration[J]. Journal on Communications, 2017,38(3): 133-143.
[14]	罗兴国, 仝青, 张铮 ,等. 拟态防御技术[J]. 中国工程科学, 2016,18(6): 69-73.
	LUO X G , TONG Q , ZHANG Z ,et al. Mimic defense technology[J]. Engineering Sciences, 2016,18(6): 69-73.
[15]	仝青, 张铮, 张为华 ,等. 拟态防御Web服务器设计与实现[J]. 软件学报, 2017,28(4): 883-897.
	TONG Q , ZHANG Z , ZHANG W H ,et al. Design and implementation of mimic defense Web server[J]. Journal of Software, 2017,28(4): 883-897.
[16]	YU S , WANG C , REN K ,et al. Attribute based data sharing with attribute revocation[C]// ACM Symposium on Information,Computer and Communications Security. 2010: 261-270.
[17]	HUR J , DONG K N . Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel ＆ Distributed Systems, 2011,22(7): 1214-1221.
[18]	ZU L , LIU Z , LI J . New ciphertext-policy attribute-based encryption with efficient revocation[C]// IEEE International Conference on Computer and Information Technology. 2014: 281-287.
[19]	YANG K , JIA X , REN K . Attribute-based fine-grained access control with efficient revocation in cloud storage systems[C]// ACM Sigsac Symposium on Information,Computer and Communications Security. 2013: 523-528.
[20]	XIA Z H , ZHANG L G , LIU D D ,et al. Attribute-based access control scheme with efficient revocation in cloud computing[J]. China Communications, 2016,13(7): 92-99.
[21]	FIAT A , NAOR M . Broadcast encryption[M]// Advances in Cryptology— CRYPTO’ 93. Springer Berlin Heidelberg, 1993: 480-491.
[22]	PHAN D H , POINTCHEVAL D , SHAHANDASHTI S F ,et al. Adaptive CCA broadcast encryption with constant-size secret keys and ciphertexts[J]. International Journal of Information Security, 2013,12(4): 251-265.
[23]	ZHOU Z , HUANG D , WANG Z . Efficient privacy-preserving ciphertext-policy attribute based encryption and broadcast encryption[J]. IEEE Transactions on Computers, 2014,64(1): 126-138.
[24]	WU Q , QIN B , ZHANG L ,et al. Contributory broadcast encryption with efficient encryption and short ciphertexts[J]. IEEE Transactions on Computers, 2016,65(2): 466-479.
[25]	BONEH D , BOYEN X , GOH E J . Hierarchical identity based encryption with constant size ciphertext[C]// International Conference on Theory and Applications of Cryptographic Techniques. 2005: 440-456.

变量	含义
n	当前加入累加器集合的用户数量
exp	一次群元素幂运算
c	一次乘法运算
sig	一次数字签名加密运算
\|δ\|	签名值大小
\|G\|	群元素的大小

方案	通信开销	密钥更新开销	密文更新客户端开销
文献[22]方案	3\|G\|	N·exp	3exp+(n+2)c
文献[24]方案	3\|G\|	n·(exp+c)	(n+2)exp+nc
本文方案	2\|G\|+\|δ\|	nc	0

方案	通信开销	密文演化客户端计算开销
文献[22]方案	3\|G\|	3exp+(n+2)c
文献[24]方案	3\|G\|	(n+2)exp+nc
本文方案	(n+2)\|G\|+\|δ\|	0

支持高效密文密钥同步演化的安全数据共享方案

Secure data sharing scheme supporting efficient synchronous evolution for ciphertext and key

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 25

相关文章 15

Metrics

推荐阅读 0

[1]	冯涛, 陈李秋, 方君丽, 石建明. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案[J]. 通信学报, 2023, 44(5): 224-233.
[2]	刘雪娇, 曹天聪, 夏莹杰. 区块链架构下高效的车联网跨域数据安全共享研究[J]. 通信学报, 2023, 44(3): 186-197.
[3]	哈冠雄, 贾巧雯, 陈杭, 贾春福. 无第三方服务器的基于数据流行度的加密去重方案[J]. 通信学报, 2022, 43(8): 17-29.
[4]	杜瑞忠, 张添赫, 石朋亮. 基于区块链且支持数据共享的密文策略隐藏访问控制方案[J]. 通信学报, 2022, 43(6): 168-178.
[5]	李尤慧子, 殷昱煜, 高洪皓, 金一, 王新珩. 面向隐私保护的非聚合式数据共享综述[J]. 通信学报, 2021, 42(6): 195-212.
[6]	冯涛, 孔繁琪, 柳春岩, 马蓉, Maher Albettar. 基于区块链的双重可验证云存储方案[J]. 通信学报, 2021, 42(12): 192-201.
[7]	贾春福, 哈冠雄, 武少强, 陈杭, 李瑞琪. 加密去重场景下基于AONT和NTRU的密钥更新方案[J]. 通信学报, 2021, 42(10): 67-80.
[8]	刘杨, 李珺, 陈文韵, 彭木根. 面向6G的雾无线接入网内生安全数据共享机制研究[J]. 通信学报, 2021, 42(1): 67-78.
[9]	牛淑芬,刘文科,陈俐霞,王彩芬,杜小妮. 基于联盟链的可搜索加密电子病历数据共享方案[J]. 通信学报, 2020, 41(8): 204-214.
[10]	田俊峰,王彦骉,何欣枫,张俊涛,杨万贺,庞亚南. 数据因果一致性研究综述[J]. 通信学报, 2020, 41(3): 154-167.
[11]	柯文龙,王勇,叶苗,陈俊奇. Ceph云存储网络中一种业务优先级区分的多播流调度方法[J]. 通信学报, 2020, 41(11): 40-51.
[12]	蒋宇娜,葛晓虎,杨旸,王承祥,李颉. 面向6G的区块链物联网数据共享和存储机制[J]. 通信学报, 2020, 41(10): 48-58.
[13]	孙磊,赵志远,王建华,朱智强. 云存储环境下支持属性撤销的属性基加密方案[J]. 通信学报, 2019, 40(5): 47-56.
[14]	张襄松,李晨,刘振华. 抗密钥泄露的支持密态数据去重的完整性审计方案[J]. 通信学报, 2019, 40(4): 95-106.
[15]	田苗苗,高闯,陈洁. 格上基于身份的云存储完整性检测方案[J]. 通信学报, 2019, 40(4): 128-139.