面向社交网络的隐私保护方案

doi:10.3969/j.issn.1000-436x.2014.08.004

摘要/Abstract

摘要：

针对社交网络的隐私安全问题，提出了一种新的社交网络隐私保护方案。首先设计了带陷门的属性加密算法，由属性权威机构与数据属主协同完成用户私钥的生成与分发，有效降低了数据属主的密钥管理代价。然后，通过令牌树机制控制用户对属性陷门的获取，实现了高效的属性撤销。安全性分析表明，该方案能够避免社交网络服务提供商与系统内部非授权用户的合谋攻击，且不泄漏用户的任何属性信息。实验结果证实，该方案在计算代价、存储代价等方面比现有方案更有优越性。

关键词: 社交网络, 隐私保护, 属性加密, 令牌树, 属性撤销

Abstract:

The security and privacy issues in SNS were studied and a privacy-preserving scheme PPSNS was proposed. PPSNS utilizes attribute-based encryption, allowing the SNS user to set up an enforcement of fine-grained access control upon the data he owns, thus the potential threats from unauthorized parties or even the SNS provider itself could be avoided. A token system in PPSNS is included to address the challenging issue of efficient attribute revocation. In addi-tion, the users in PPSNS don't have to manage as much information as they do in other encryption-based solutions, achieving a much lower cost in the client side. Analyses show that PPSNS is secure, and gives a better performance in computing and storage costs compared to most related works.

Key words: social network, privacy-preserving, attribute-based encryption, token tree, attribute revocation

吕志泉,洪澄,张敏,冯登国,陈开渠. 面向社交网络的隐私保护方案[J]. 通信学报, 2014, 35(8): 15-22.

Zhi-quan LV,Cheng HONG,Min1 ZHANG,Deng-guo FENG,Kai-qu CHEN. Privacy-perserving scheme for social networks[J]. Journal on Communications, 2014, 35(8): 15-22.

图/表 9

图1

图2

表1

图3

图4

图5

图6

表2

图7

参考文献 25

[1]	KWAK H , LEE C , PARK H , et al. What is Twitter, a social network or a news media[A]. Proceedings of the 19th International Conference on World Wide Web[C]. Raleigh, NC, USA, 2010. 591-600.
[2]	FOGEL J , NEHMAD E . Internet social network communities: risk taking, trust, and privacy concerns[J]. Computers in Human Behavior, 2009,25(1): 153-160.
[3]	LUCAS M , BORISOV N . Flybynight: mitigating the privacy risks of social networking[A]. Proceedings of the 7th ACM Workshop on Pri-vacy in the Electronic Society[C]. Alexandria, VA, USA, 2008. 1-8.
[4]	GUHA S , TANG K , FRANCIS P . NOYB: privacy in online social networks[A]. Proceedings of the First Workshop on Online Social Networks[C]. Seattle, WA, USA, 2008. 49-54.
[5]	LUO W , XIE Q , HENGARTNER U . Facecloak: an architecture for user privacy on social networking sites[A]. Proceedings of the 12th International Conference on Computational Science and Engineering (CSE 2009)[C]. Vancouver, BS, Canada, 2009. 26-33.
[6]	SUN J , ZHU X , FANG Y . A privacy-preserving scheme for online social networks with efficient revocation[A]. Proceedings of the 29th International Conference on Computer Communications (INFOCOM 2010)[C]. SanDiego, CA, USA, 2010. 1-9.
[7]	BADEN R , BENDER A , SPRING N , et al. Persona: an online social network with user-defined privacy[A]. Proceedings of the ACM SIGCOMM 2009 Conference on Data Communication (SIGCOMM 2009)[C]. Barcelona, Spain, 2009. 135-146.
[8]	JAHID S , MITTAL P , BORISOV N . EASiER: encryption-based ac-cess control in social networks with efficient revocation[A]. Proceed-ings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011)[C]. HongKong, China, 2011. 411-415.
[9]	LIANG X , LI X , LU R , et al. An efficient and secure user revocation scheme in mobile social networks[A]. Proceedings of International Conference on Global Telecommunications Conference (GLOBECOM 2011)[C]. Houston, TX, USA, 2011. 1-5.
[10]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attrib-ute-based encryption[A]. Proceedings of the 28th International Sym-posium on Security and Privacy (S＆P 2007)[C]. Berkeley, CA, USA, 2007. 321-334.
[11]	HUR J , NOH D . Attribute-based access control with efficient revoca-tion in data outsourcing systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2011,22(7): 1214-1221.
[12]	LV Z , HONG C , ZHANG M , et al. A secure and efficient revocation scheme for fine-grained access control in cloud storage[A]. Proceedings of the 4th International Conference on Cloud Computing Technology and Science (CloudCom 2012)[C]. Taiwan, China, 2012. 545-550.
[13]	吕志泉，张敏，冯登国 . 云存储密文访问控制方案[J]. 计算机科学与探索 2011,5(9): 835-844. LV Z Q , ZHANG M , FENG D G . Cryptographic access control scheme for cloud storage[J]. Journal of Frontiers Computer Science and Tech-nology, 2011,5(9): 835-844.
[14]	孙国梓，董宇，李云 . 基于CP-ABE 算法的云存储数据访问控制[J]. 通信学报 2011,32(7): 146-152. SUN G Z , DONG Y , LI Y . CP-ABE based data access control for cloud storage[J]. Journal on Communications, 2011,32(7): 146-152.
[15]	YU S , WANG C , REN K , et al. Attribute based data sharing withattribute revocation[A]. Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2010)[C]. Beijing, China, 2010. 261-270.
[16]	王鹏翩，冯登国，张立武 . 一种支持完全细粒度属性撤销的CP-ABE方案[J]. 软件学报 2012,23(10): 2805-2816. WANG P P , FENG D G , ZHANG L W . CP-ABE scheme supporting fully fine-grained attribute revocation[J]. Journal of Software, 2012,23(10): 2805-2816.
[17]	BONEH D , FRANKLIN M . Identity-based encryption from the Weil pairing[A]. Proceedings of the 21th Annual International Cryptology (CRYPTO 2001)[C]. Santa Rarbara, California, USA, 2001. 213-29.
[18]	BEIMEL A . Secure Schemes for Secret Sharing and Key Distribution[D]. Proceedings of the 21th Annual International Cryptology (CRYPTO 2001)[C]. PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel, 1996.
[19]	WATERS B . Ciphertext-policy attribute-based encryption: an expres-sive, efficient, and provably secure realization[A]. Proceedings of the 14th IACR International Conference on Practice and Theory of Public Key Cryptography (PKC 2011)[C]. Taormina, Italy, 2011. 53-70.
[20]	KALLAHALLA M , RIEDEL E , SWAMINATHAN R , et al. Plutus:scalable secure file sharing on untrusted storage[A]. Proceedings of the 2nd USENIX Conference on File and Storage Technologies[C]. San Francisco, CR, USA, 2003. 29-42.
[21]	FU K . Group Sharing and Random Access in Cryptographic Storage File Systems[D]. Massachusetts Institute of Technology, 1999.
[22]	The functional encryption library[EB/OL]. .
[23]	LI J , ZHAO G , CHEN X , et al. Fine-grained data access control sys-tems with user accountability in cloud computing[A]. Proceedings of the 2th International Conference on Cloud Computing Technology and Science (CloudCom 2010)[C]. Indianapolis, IN, USA, 2010. 89-96.
[24]	LI J , REN K , ZHU B , et al. Privacy-Aware Attribute-Based Encryp-tion with User Accountability[M]. Information Security, Ber-lin Heidelberg, 2009. 347-362.
[25]	CHASE M , CHOW S . Improving privacy and security in multi- au-thority attribute-based encryption[A]. Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009)[C]. Chicago, IL, USA, 2009. 121-130.

方案	OSKC	OSKS	OENC	ODEC
EASiER	O(na)	O(ma)	O(D)+O(b)	O(D)+O(c)
PPSNS	O(1)	O(m)+O(a)	O(D)+O(b)	O(D)+O(c)

Depth	N_S	OTC/byte	OKC/ms	OTS/MB
10	512	120	5	12
12	2048	144	6	48
14	8192	168	8	192
16	32768	192	9	768