云存储环境下支持属性撤销的属性基加密方案

doi:10.11959/j.issn.1000-436x.2019116

Abstract

Abstract:

Attribute-based encryption (ABE) scheme is widely used in the cloud storage due to its fine-grained access control.Each attribute in ABE may be shared by multiple users at the same time.Therefore,how to achieve attribute-level user revocation is currently facing an important challenge.Through research,it has been found that some attribute-level user revocation schemes currently can’t resist the collusion attack between the revoked user and the existing user.To solve this problem,an attribute-based encryption scheme that supported the immediate attribute revocation was proposed.The scheme could achieve attribute-level user revocation and could effectively resist collusion attacks between the revoked users and the existing users.At the same time,this scheme outsourced complex decryption calculations to cloud service providers with powerful computing ability,which reduced the computational burden of the data user.The scheme was proved secure based on computational Diffie-Hellman assumption in the standard model.Finally,the functionality and efficiency of the proposed scheme were analyzed and verified.The experimental results show that the proposed scheme can safely implement attribute-level user revocation and has the ability to quickly decrypt,which greatly improves the system efficiency.

Key words: cloud storage, attribute-based encryption, collusion attack, attribute revocation, outsourced decryption

CLC Number:

TP309

Lei SUN,Zhiyuan ZHAO,Jianhua WANG,Zhiqiang ZHU. Attribute-based encryption scheme supporting attribute revocation in cloud storage environment[J]. Journal on Communications, 2019, 40(5): 47-56.

Figures/Tables 5

符号	含义
S	数据用户的属性集合
(M,ρ)	数据拥有者定义的LSSS访问结构
m	明文消息
PK,MSK	系统公钥和系统主私钥
DPK,DSK	DSM公钥和主私钥
RK	数据用户私钥
SK	数据用户转换密钥
KEK′	属性群初始密钥
KEK	属性群密钥
$\bar{KEK}$	属性撤销后的属性群密钥
CT′	中间密文
CT	密文
$\bar{C} \bar{T}$	转换密文
$\bar{CT}$	属性撤销后的密文
Hdr	密文头
$\bar{Hdr}$	属性撤销后的密文头

对比方案	AA与DU	AA与DO	CSP与DU	CSP与DO
文献[12]方案	(2n_k+1)\|g\|	2\|g\|+\|g_T\|	$(2 n_{c} + 1) \| g \| + \| g_{T} \| + (\frac{n_{c} n_{u}}{2} + l b (n_{u} + 1)) \| C_{k} \|$	(2n_c+1)\|g\|+\|g_T\|
文献[13]方案	(n_a+4)\|p\|	(2n_a+4)\|g\|+\|g_T\|	$(3 n_{c} + 1) \| g \| + \| g_{T} \|$	(3n_c+1)\|g\|+\|g_T\|
文献[15]方案	(n_k+2)\|g\|+\|p\|	(n_a+2)\|g\|+\|g_T\|	$(n_{c} + n_{k} + 5) \| g \| + \| g_{T} \| + (\frac{n_{c} n_{u}}{2} + l b (n_{u} + 1)) \| C_{k} \|$	(n_c+3)\|g\|+\|g_T\|
文献[16]方案	(n_k+2)\|g\|	(n_a+2)\|g\|+\|g_T\|	$(2 n_{c} + 1) \| g \| + \| g_{T} \|$	(2n_c+1)\|g\|+\|g_T\|
本文方案	(2n_k+2)\|g\|+\|p\|	(n_a+2)\|g\|+\|g_T\|	$(n_{c} + \frac{n_{c} n_{u}}{2} + 4 n_{k} + 2) \| g \| + \| g_{T} \| + (n_{k} + \frac{n_{u}}{2}) \| p \|$	(n_c+1)\|g\|+\|g_T\|

References 19

[1]	SUBASHINI S , KAVITHA V . A survey on security issues in service delivery models of cloud computing[J]. Journal of Network and Computer Applications, 2011,34(1): 1-11.
[2]	SAHAI A , WATERS B . Fuzzy identity-based encryption[C]// The 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2005: 457-473.
[3]	姚亮, 杨超, 马建峰 ,等. 云端数据访问控制中基于中间代理的用户撤销新方法[J]. 通信学报, 2015,36(11): 92-101.
	YAO L , YANG C , MA J F ,et al. New user revocation approach based on intermediate agency for cloud data access control[J]. Journal on Communications, 2015,36(11): 92-101.
[4]	GOYAL V , PANDEY O , SAHAI A ,et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// The 13th ACM Conference on Computer and Communications Security. ACM, 2006: 89-98.
[5]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// IEEE Symposium on Security and Privacy. IEEE, 2007: 321-334.
[6]	SOOKHAK M , YU F R , KHAN M K ,et al. Attribute-based data access control in mobile cloud computing:Taxonomy and open issues[J]. Future Generation Computer Systems, 2017,72(C): 273-287.
[7]	李勇, 曾振宇, 张晓菲 . 支持属性撤销的外包解密方案[J]. 清华大学学报:自然科学版, 2013,53(12): 1664-1669.
	LI Y , ZENG Z Y , ZHANG X F . Outsourced decryption scheme supporting attribute revocation[J]. Journal of Tsinghua University (Science ＆ Technology), 2013,53(12): 1664-1669.
[8]	PIRRETTI M , TRAYNOR P , MCDANIEL P ,et al. Secure attribute-based systems[C]// The 13th AMC conference on Computer and Communications Security. AMC, 2006: 99-112.
[9]	RAFAELI S , HUTCHISON D . A survey of key management for secure group communication[J]. ACM Computing Surveys, 2003,35(3): 309-329.
[10]	IBRAIMI L , PETKOVIC M , NIKOVA S ,et al. Mediated ciphertext-policy attribute-based encryption and its application[C]// The 10th International Workshop on Information Security Applications. 2009: 309-323.
[11]	YU S , WANG C , REN K ,et al. Attribute based data sharing with attribute revocation[C]// The 5th ACM Symposium on Information,Computer and Communications Security. ACM, 2010: 261-270.
[12]	HUR J , NOH D K . Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2011,22(7): 1214-1221.
[13]	YANG K , JIA X , REN K . Attribute-based fine-grained access control with efficient revocation in cloud storage systems[C]// The 8th ACM SIGSAC Symposium on Information,Computer and Communications Security. ACM, 2013: 523-528.
[14]	YANG K , JIA X . Security for cloud storage systems[M]. Berlin: SpringerPress, 2014.
[15]	马华, 白翠翠, 李宾 ,等. 支持属性撤销和解密外包的属性基加密方案[J]. 西安电子科技大学学报 (自然科学版), 2015,42(6): 6-10.
	MA H , BAI C C , LI B ,et al. Attribute-based encryption scheme supporting attribute revocation and decryption outsourcing[J]. Journal of Xidian University (Science ＆ Technology), 2015,42(6): 6-10.
[16]	SHIRAISHI Y , NOMURA K , MOHRI M ,et al. Attribute revocable attribute-based encryption with forward secrecy for fine-grained access control of shared data[J]. IEICE Transactions on Information and Systems, 2017,100(10): 2432-2439.
[17]	GREEN M , HOHENBERGER S , WATERS B . Outsourcing the decryption of ABE ciphertexts[C]// The 20th USENIX Conference on Security. USENIX, 2011:34.
[18]	LAI J , DENG R H , GUAN C ,et al. Attribute-based encryption with verifiable outsourced decryption[J]. IEEE Transactions on Information Forensics and Security, 2013,8(8): 1343-1354.
[19]	LI J , SHA F , ZHANG Y ,et al. Verifiable outsourced decryption of attribute-based encryption with constant ciphertext length[J]. Security and Communication Networks, 2017,2017(2): 1-11.

Metrics

Recommended 0

No Suggested Reading articles found!

对比方案	访问结构	安全假设	安全模型	撤销粒度	外包解密
文献[12]方案	Tree	—	一般群模型	属性级用户撤销	不支持
文献[13]方案	LSSS	q-parallel BDHE	随机预言机模型	属性级用户撤销	不支持
文献[15]方案	LSSS	—	一般群模型	属性级用户撤销	支持
文献[16]方案	LSSS	q-parallel BDHE	标准模型	属性级用户撤销	不支持
本文方案	LSSS	CDH	标准模型	属性级用户撤销	支持

对比方案	AA与DU	AA与DO	CSP与DU	CSP与DO
文献[12]方案	(2n_k+1)\|g\|	2\|g\|+\|g_T\|	$(2 n_{c} + 1) \| g \| + \| g_{T} \| + (\frac{n_{c} n_{u}}{2} + l b (n_{u} + 1)) \| C_{k} \|$	(2n_c+1)\|g\|+\|g_T\|
文献[13]方案	(n_a+4)\|p\|	(2n_a+4)\|g\|+\|g_T\|	$(3 n_{c} + 1) \| g \| + \| g_{T} \|$	(3n_c+1)\|g\|+\|g_T\|
文献[15]方案	(n_k+2)\|g\|+\|p\|	(n_a+2)\|g\|+\|g_T\|	$(n_{c} + n_{k} + 5) \| g \| + \| g_{T} \| + (\frac{n_{c} n_{u}}{2} + l b (n_{u} + 1)) \| C_{k} \|$	(n_c+3)\|g\|+\|g_T\|
文献[16]方案	(n_k+2)\|g\|	(n_a+2)\|g\|+\|g_T\|	$(2 n_{c} + 1) \| g \| + \| g_{T} \|$	(2n_c+1)\|g\|+\|g_T\|
本文方案	(2n_k+2)\|g\|+\|p\|	(n_a+2)\|g\|+\|g_T\|	$(n_{c} + \frac{n_{c} n_{u}}{2} + 4 n_{k} + 2) \| g \| + \| g_{T} \| + (n_{k} + \frac{n_{u}}{2}) \| p \|$	(n_c+1)\|g\|+\|g_T\|

Attribute-based encryption scheme supporting attribute revocation in cloud storage environment

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 5

References 19

Related Articles 15

Metrics

Recommended 0

[1]	Xuejiao LIU, Tiancong CAO, Yingjie XIA. Research on efficient and secure cross-domain data sharing of IoV under blockchain architecture [J]. Journal on Communications, 2023, 44(3): 186-197.
[2]	Yiliang HAN, Kaiyang GUO, Riming WU, Kai LIU. Attribute-based encryption scheme against key abuse based on OBDD access structure from lattice [J]. Journal on Communications, 2023, 44(1): 75-88.
[3]	Youliang TIAN, Maoqing TIAN, Hongfeng GAO, Miao HE, Jinbo XIONG. Cooperation-based location authentication scheme for crowdsensing applications [J]. Journal on Communications, 2022, 43(9): 121-133.
[4]	Guanxiong HA, Qiaowen JIA, Hang CHEN, Chunfu JIA. Data popularity-based encrypted deduplication scheme without third-party servers [J]. Journal on Communications, 2022, 43(8): 17-29.
[5]	Ruizhong DU, Tianhe ZHANG, Pengliang SHI. Ciphertext policy hidden access control scheme based on blockchain and supporting data sharing [J]. Journal on Communications, 2022, 43(6): 168-178.
[6]	Xinchun YIN, Mengyu WANG, Jianting NING. Lightweight searchable medical data sharing scheme [J]. Journal on Communications, 2022, 43(5): 110-122.
[7]	Xiaodong FU, Xinxin QI, Li LIU, Wei PENG, Jiaman DING, Fei DAI. Detecting and preventing collusion attack in DPoS based on power index [J]. Journal on Communications, 2022, 43(12): 123-133.
[8]	Shichang XUAN, Hao TANG, Wu YANG. Method for detecting collusion attack node in road condition information sharing based on reputation point [J]. Journal on Communications, 2021, 42(4): 158-168.
[9]	Tao FENG, Fanqi KONG, Chunyan LIU, Rong MA, Albettar Maher. Dual verifiable cloud storage scheme based on blockchain [J]. Journal on Communications, 2021, 42(12): 192-201.
[10]	Chunfu JIA, Guanxiong HA, Shaoqiang WU, Hang CHEN, Ruiqi LI. AONT-and-NTRU-based rekeying scheme for encrypted deduplication [J]. Journal on Communications, 2021, 42(10): 67-80.
[11]	Xixi YAN,Xu HE,Tao LIU,Qing YE,Jinxia YU,Yongli TANG. Traceable attribute-based encryption scheme with key-delegation abuse resistance [J]. Journal on Communications, 2020, 41(4): 150-161.
[12]	Junfeng TIAN,Yanbiao WANG,Xinfeng HE,Juntao ZHANG,Wanhe YANG,Ya’nan PANG. Survey on the causal consistency of data [J]. Journal on Communications, 2020, 41(3): 154-167.
[13]	Xixi YAN,Xiaohan YUAN,Yongli TANG,Yanli CHEN. Verifiable attribute-based searchable encryption scheme based on blockchain [J]. Journal on Communications, 2020, 41(2): 187-198.
[14]	Wenlong KE,Yong WANG,Miao YE,Junqi CHEN. Priority differentiated multicast flow scheduling method in Ceph cloud storage network [J]. Journal on Communications, 2020, 41(11): 40-51.
[15]	LI Xuejun,ZHANG Dan,LI Hui. Efficient revocable attribute-based encryption scheme [J]. Journal on Communications, 2019, 40(6): 32-39.