通信学报 ›› 2021, Vol. 42 ›› Issue (10): 81-94.doi: 10.11959/j.issn.1000-436x.2021206

• 学术论文 • 上一篇    下一篇

云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案

张嘉伟, 马建峰, 马卓, 李腾   

  1. 西安电子科技大学网络与信息安全学院,陕西 西安 710071
  • 修回日期:2021-09-15 出版日期:2021-10-25 发布日期:2021-10-01
  • 作者简介:张嘉伟(1985- ),男,山西太原人,西安电子科技大学博士生,主要研究方向为网络安全、访问控制、数据安全、云计算安全和区块链等
    马建峰(1963- ),男,陕西西安人,博士,西安电子科技大学教授、博士生导师,主要研究方向为网络安全、系统安全、数据安全和无人机安全等
    马卓(1980- ),男,陕西延安人,博士,西安电子科技大学教授、博士生导师,主要研究方向为人工智能与无人系统安全、无线网络安全等
    李腾(1991- ),男,陕西西安人,博士,西安电子科技大学讲师,主要研究方向为网络安全、系统日志分析、攻击检测、数据安全和隐私保护
  • 基金资助:
    国家自然科学基金资助项目(61902291);中国博士后基金资助项目(2019M653567);陕西省自然科学基金资助项目(2019JM-425);中央高校基本科研业务费专项资金资助项目(JB191507)

Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing

Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI   

  1. School of Cyber Engineering, Xidian University, Xi’an 710071, China
  • Revised:2021-09-15 Online:2021-10-25 Published:2021-10-01
  • Supported by:
    The National Natural Science Foundation of China(61902291);China Postdoctoral Science Foundation(2019M653567);The Natural Science Foundation of Shaanxi Province(2019JM-425);The Fundamental Research Funds for the Central Universities(JB191507)

摘要:

传统的密文策略属性基加密方案为云计算数据共享服务提供细粒度访问控制功能的同时,其访问策略中的明文属性会导致隐私和敏感数据泄露,而且根据恶意用户泄露的解密密钥对其进行高效追踪并撤销是一个挑战性问题,同时,大多数现有可撤销方案中都存在着撤销列表过长、效率过低等缺陷。针对这些问题,基于密文策略属性基加密方法,提出一种可撤销可追踪的基于时间并具有隐私保护的云数据共享方案。通过隐藏访问策略的属性值,所提方案支持单调且部分隐藏的访问策略和大规模属性空间,并使用层级的基于身份加密技术设置用户密钥有效期从而实现基于时间限制的数据访问控制。在此基础上,利用白盒追踪和二叉树技术,所提方案实现了高效的用户追踪和具有较短用户撤销列表的直接用户撤销,并使用在线/离线和可验证外包解密技术提高整体效率。最后,在判定性q-BDHE假设下,所提方案被证明是安全的。理论分析和实验结果显示,所提方案在时间和存储开销方面具有较高的性能。

关键词: 密文策略属性基加密, 云计算, 基于时间的访问控制, 白盒追踪, 直接用户撤销

Abstract:

General ciphertext-policy attribute-based encryption (CP-ABE) provides fine-grained access control for data sharing in cloud computing, but its plaintext formed access policy may cause leakage of private and sensitive data.And revoking a malicious user by accurately tracing the identity according to a leaked decryption key is a huge challenge.Moreover, most of existing revocable schemes incur long user revocation list and low efficiency.To solve these problems, a time-based and privacy preserving revocable and traceable data sharing scheme was proposed based on CP-ABE to support expressive monotonic and partial hidden access policy, large attribute universe by conceal the attribute values in access policy.Time-limited data access control using hierarchical identity-based encryption was achieved to set key valid period for users.Moreover, with the approaches of white-box tracing and binary tree, efficient user tracing and direct revocation with shorter revocation list was realized together with high efficiency via online/offline and verifiable outsourced decryption techniques.Furthermore, the scheme was secure under decisional q-BDHE assumption.Theoretical analysis and extensive experiments demonstrate its advantageous performance in computational and storage cost.

Key words: CP-ABE, cloud computing, time-based access control, while-box tracing, direct user revocation

中图分类号: 

No Suggested Reading articles found!