通信学报 ›› 2019, Vol. 40 ›› Issue (5): 47-56.doi: 10.11959/j.issn.1000-436x.2019116

• 学术论文 • 上一篇    下一篇

云存储环境下支持属性撤销的属性基加密方案

孙磊1,赵志远2,王建华1,朱智强1   

  1. 1 战略支援部队信息工程大学三院,河南 郑州 450001
    2 61516部队,北京 100062
  • 修回日期:2019-04-22 出版日期:2019-05-25 发布日期:2019-05-30
  • 作者简介:孙磊(1973- ),男,江苏靖江人,博士,战略支援部队信息工程大学教授,主要研究方向为云计算、计算机网络、信息安全等。|赵志远(1989- ),男,吉林磐石人,61516部队工程师,主要研究方向为云计算、信息安全和公钥密码等。|王建华(1962- ),男,北京人,博士,战略支援部队信息工程大学教授,主要研究方向为密码学、信息安全、计算机网络等。|朱智强(1961- ),男,吉林长春人,博士,战略支援部队信息工程大学教授,主要研究方向为云计算、网络与信息安全、密码学等。
  • 基金资助:
    国家重点基础研究发展计划(“973”计划)基金资助项目(2013CB338000);国家重点研发计划基金资助项目(2016YFB0501900)

Attribute-based encryption scheme supporting attribute revocation in cloud storage environment

Lei SUN1,Zhiyuan ZHAO2,Jianhua WANG1,Zhiqiang ZHU1   

  1. 1 The Third Institute,Strategic Support Force Information Engineering University,Zhengzhou 450001,China
    2 Troops 61516,Beijing 100062,China
  • Revised:2019-04-22 Online:2019-05-25 Published:2019-05-30
  • Supported by:
    The National Basic Research Program of China (973 Program)(2013CB338000);The National Key Research and Development Program of China(2016YFB0501900)

摘要:

属性基加密因其细粒度访问控制在云存储中得到了广泛应用。在属性基加密方案中,每个属性可能同时被多个用户共享,因此如何实现属性级用户撤销且能够抵抗用户合谋攻击是当前面临的重要挑战。针对上述问题,提出了一种支持属性撤销的属性基加密方案,所提方案可以有效地抵抗撤销用户与未撤销用户的合谋攻击,同时,将复杂的解密计算外包给具有强大计算能力的云服务商,减轻了数据用户的计算负担。在标准模型下,基于计算性Diffie-Hellman假设完成安全证明。最后从理论和实验2个方面对所提方案的效率与功能进行分析,结果表明所提方案可以安全地实现属性级用户撤销,并具有快速解密的能力。

关键词: 云存储, 属性基加密, 合谋攻击, 属性撤销, 解密外包

Abstract:

Attribute-based encryption (ABE) scheme is widely used in the cloud storage due to its fine-grained access control.Each attribute in ABE may be shared by multiple users at the same time.Therefore,how to achieve attribute-level user revocation is currently facing an important challenge.Through research,it has been found that some attribute-level user revocation schemes currently can’t resist the collusion attack between the revoked user and the existing user.To solve this problem,an attribute-based encryption scheme that supported the immediate attribute revocation was proposed.The scheme could achieve attribute-level user revocation and could effectively resist collusion attacks between the revoked users and the existing users.At the same time,this scheme outsourced complex decryption calculations to cloud service providers with powerful computing ability,which reduced the computational burden of the data user.The scheme was proved secure based on computational Diffie-Hellman assumption in the standard model.Finally,the functionality and efficiency of the proposed scheme were analyzed and verified.The experimental results show that the proposed scheme can safely implement attribute-level user revocation and has the ability to quickly decrypt,which greatly improves the system efficiency.

Key words: cloud storage, attribute-based encryption, collusion attack, attribute revocation, outsourced decryption

中图分类号: 

No Suggested Reading articles found!