通信学报 ›› 2024, Vol. 45 ›› Issue (4): 128-136.doi: 10.11959/j.issn.1000-436x.2024062

• 学术论文 • 上一篇    

面向云存储的属性基双边访问控制方案

李琦1,2,3, 樊昊源1, 陈伟1, 熊金波4(), 韩立东2, 李瑞5   

  1. 1.南京邮电大学计算机学院, 江苏 南京 210023
    2.杭州师范大学浙江省密码技术重点实验室, 浙江 杭州 311121
    3.南京邮电大学通达学院, 江苏 扬州 225127
    4.福建师范大学计算机与网络空间安全学院, 福建 福州 350117
    5.西安电子科技大学计算机科学与技术学院, 陕西 西安 710071
  • 收稿日期:2023-10-25 修回日期:2024-02-20 出版日期:2024-04-30 发布日期:2024-05-27
  • 通讯作者: 熊金波 E-mail:jinbo810@163.com
  • 作者简介:李琦 (1989- ),男,江苏淮安人,博士,南京邮电大学副教授,主要研究方向为属性基密码学、访问控制、物联网安全等。
    樊昊源(2000- ),男,山西晋城人,南京邮电大学硕士生,主要研究方向为属性基密码学。
    陈伟 (1979- ),男,江苏淮安人,博士,南京邮电大学教授,主要研究方向为网络安全、人工智能安全等。
    熊金波(1981- ),男,湖南益阳人,博士,福建师范大学教授、博士生导师,主要研究方向为安全深度学习、数据安全与隐私保护。
    韩立东(1982- ),男,山东济南人,博士,杭州师范大学副教授,主要研究方向为公钥密码学、云计算安全、网络安全等。
    李瑞 (1983- ),男,陕西西安人,博士,西安电子科技大学教授,主要研究方向为智能感知、物联网与智能化系统等。
  • 基金资助:
    国家自然科学基金资助项目(62272102);江苏省高等学校基础科学(自然科学)研究基金资助项目(22KJB520029);浙江省密码技术重点实验室基金资助项目(ZCL21015);南京邮电大学校级自然科学基金资助项目(NY222141)

Attribute-based bilateral access control scheme for cloud storage

Qi LI1,2,3, Haoyuan FAN1, Wei CHEN1, Jinbo XIONG4(), Lidong HAN2, Rui LI5   

  1. 1.School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
    2.Key Laboratory of Cryptography of Zhejiang Province, Hangzhou Normal University, Hangzhou 311121, China
    3.Tongda College of Nanjing University of Posts and Telecommunications, Yangzhou 225127, China
    4.College of Computer and Cyber Security, Fujian Normal University, Fuzhou 350117, China
    5.The School of Computer Science and Technology, Xidian University, Xi’an 710071, China
  • Received:2023-10-25 Revised:2024-02-20 Online:2024-04-30 Published:2024-05-27
  • Contact: Jinbo XIONG E-mail:jinbo810@163.com
  • Supported by:
    The National Natural Science Foundation of China(62272102);The Natural Science Foundation of Jiangsu Higher Education Institutions of China(22KJB520029);The Open Research Fund of Key Laboratory of Cryptography of Zhejiang Province(ZCL21015);The Natural Science Foundation of Nanjing University of Posts and Telecommunications(NY222141)

摘要:

针对目前云存储中细粒度双边访问控制机制安全模型较弱且外包解密结果缺乏验证的问题,提出了一种面向云存储数据的属性基双边访问控制方案。首先,提出了自适应安全可验证外包双边CP-ABE的形式化定义和安全模型;其次,以此为基础并结合批量可验证技术在合数阶群上设计了双边访问控制方案,支持数据拥有者与数据使用者同时为对方定义访问策略;最后,安全性分析表明,所提方案在自适应安全模型下针对选择明文攻击与选择消息攻击是不可区分的和存在性不可伪造的。实验结果显示,所提方案减轻了用户端的匹配、解密以及验证阶段的计算开销。

关键词: 云存储, 双边访问控制, 自适应安全, 批量可验证, 外包解密

Abstract:

In the existing cloud storage systems, the fine grained and bilateral access control schemes suffer from weak security model and unverifiable outsourced decryption result. To address this problem, an attribute-based bilateral access control scheme for cloud storage was proposed. Firstly, the formal definition and secure model of adaptively secure and verifiable outsourced bilateral CP-ABE was given. Secondly, combining with the batch verification technology, the attribute based bilateral access control scheme was constructed on the composite order groups, which enabled both the data owner and data user to simultaneously define the access policies for each other. Finally, the security analysis showed that the proposed scheme was indistinguishable and existential unforgeable under adaptive security models against chosen plaintext attacks and chosen message attacks, respectively. The experimental results show that the proposed scheme achieves high performance on the user side, where the computational overhead of matching, decryption, and verification is reduced.

Key words: cloud storage, bilateral access control, adaptively secure, batch verification, outsourced decryption

中图分类号: 

No Suggested Reading articles found!