具有可撤销功能的属性协同访问控制方案

doi:10.11959/j.issn.1000-436x.2021058

Abstract

Abstract:

To solve the dynamic update of access rights in attribute-based collaborative access control, a novel scheme was proposed with the revocation of attribute, user and collaborative policy.A formal definition and a security model were presented, the group-based attribute group were changed to reflect the update of rights, and further, an efficient re-encryption algorithm was used to realize the immediate revocation of attributes and users.The translation value was used to achieve the revocation of collaborative policy by update corresponding ciphertext.The security analysis shows the scheme can guarantee data confidentiality, forward/backward security, and resist collusion attack under chosen plaintext attack.Compared with the related works, the proposal achieved more complete and efficient revocation scheme.

Key words: attribute-based collaborative access control, CP-ABE, revocation, translation node, attribute group

CLC Number:

TP309

Changgen PENG, Zongfeng PENG, Hongfa DING, Youliang TIAN, Rongfei LIU. Attribute-based revocable collaborative access control scheme[J]. Journal on Communications, 2021, 42(5): 75-86.

Figures/Tables 5

方案	密钥生成		加密(DO)	重加密(DSM)	解密	协同访问功能	属性即时撤销	用户撤销	协同策略撤销
方案	CA	DSM	加密(DO)	重加密(DSM)	解密	协同访问功能	属性即时撤销	用户撤销	协同策略撤销
文献[12]方案	$(n_{u} + 4) T_{e}$	—	$(3 n_{c} + 4) T_{e}$	—	$\begin{array}{l} (2 n_{ρ} + 4) T_{p} + \\ (n_{ρ} + n_{I}) T_{e} \end{array}$	√	×	×	×
文献[13]方案	$(2 n_{u} + 3) T_{e}$	—	$(2 n_{c} + 3 + \| tr \|) T_{e}$	—	$\begin{array}{l} (2 n_{c, γ} + \| {tr}_{γ} \| + 2) T_{p} + \\ (n_{c, γ} + \| nl \|) T_{e} \end{array}$	√	×	×	×
本文方案	$(2 n_{u} + 3) T_{e}$	$\log 2 \| Gr \| + \| Co \|$	$(2 n_{c} + 3 + \| tr \|) T_{e}$	n_cT_e	$\begin{array}{l} (2 n_{c, γ} + \| {tr}_{γ} \| + 2) T_{p} + \\ (2 n_{c, γ} + \| nl \| + 1) T_{e} \end{array}$	√	√	√	√

方案	密钥更新		密文更新		撤销粒度	协同策略撤销	安全模型
方案	CA	DSM	CA	DSM	撤销粒度	协同策略撤销	安全模型
文献[18]方案	$(n_{user} - r) T_{e}$	—	$4 (n_{user} - r) T_{e}$	—	属性级	×	×
文献[19]方案	—	$(n_{user} - r) T_{e}$	—	$(n_{user} - r) T_{e}$	用户级	×	×
文献[20]方案	—	$(n_{user} - r) T_{e}$	—	$4 (n_{user} - r) T_{e}$	属性级	×	×
本文方案	—	$(\| Gr \| - r) T_{e}$	—	$4 (\| Gr \| - r) T_{e}$	属性级	√	标准模型

References 29

[1]	DU M X , WANG Q , HE M Q ,et al. Privacy-preserving indexing and query processing for secure dynamic cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2018,13(9): 2320-2332.
[2]	SAHAI A , WATERS B . Fuzzy identity-based encryption[C]// 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2005: 457-473.
[3]	GOYAL V , PANDEY O , SAHAI A ,et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// Proceedings of the 13th ACM Conference on Computer and Communications Security. New York:ACM Press, 2006: 89-98.
[4]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// 2007 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2007: 321-334.
[5]	WATERS B , . Ciphertext-policy attribute-based encryption:an expressive,efficient,and provably secure realization[C]// International Workshop on Practice and Theory in Public Key Cryptography. Berlin:Springer, 2011: 53-70.
[6]	XUE K P , XUE Y J , HONG J N ,et al. RAAC:robust and auditable access control with multiple attribute authorities for public cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2017,12(4): 953-967.
[7]	LI W , XUE K P , XUE Y J ,et al. TMACS:a robust and verifiable threshold multi-authority access control system in public cloud storage[J]. IEEE Transactions on Parallel and Distributed Systems, 2016,27(5): 1484-1496.
[8]	XUE K P , CHEN W K , LI W ,et al. Combining data owner-side and cloud-side access control for encrypted cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2018,13(8): 2062-2074.
[9]	PACI F , SQUICCIARINI A , ZANNONE N . Survey on access control for community-centered collaborative systems[J]. ACM Computing Surveys, 2018,51(1): 1-38.
[10]	SHAMIR A . How to share a secret[J]. Communications of the ACM, 1979,22(11): 612-613.
[11]	TASSA T . Hierarchical threshold secret sharing[J]. Journal of Cryptology, 2007,20(2): 237-264.
[12]	SUSILO W , JIANG P , GUO F C ,et al. EACSIP:extendable access control system with integrity protection for enhancing collaboration in the cloud[J]. IEEE Transactions on Information Forensics and Security, 2017,12(12): 3110-3122.
[13]	XUE Y J , XUE K P , GAI N ,et al. An attribute-based controlled collaborative access control scheme for public cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2019,14(11): 2927-2942.
[14]	HUMBERT M , TRUBERT B , HUGUENIN K . A survey on interdependent privacy[J]. ACM Computing Surveys, 2020,52(6): 1-40.
[15]	房梁, 殷丽华, 郭云川 ,等. 基于属性的访问控制关键技术研究综述[J]. 计算机学报, 2017,40(7): 1680-1698.
	FANG L , YIN L H , GUO Y C ,et al. A survey of key technologies in attribute-based access control scheme[J]. Chinese Journal of Comput-ers, 2017,40(7): 1680-1698.
[16]	ATTRAPADUNG N , IMAI H . Conjunctive broadcast and attribute-based encryption[C]// 3rd International Conference on Pairing-Based Cryptography. Berlin:Springer, 2009: 248-265.
[17]	LIU J K , YUEN T H , ZHANG P ,et al. Time-based direct revocable ciphertext-policy attribute-based encryption with short revocation list[C]// 16th International Conference on Applied Cryptography and Network Security. Berlin:Springer, 2018: 516-534.
[18]	YEH L Y , CHIANG P Y , TSAI Y L ,et al. Cloud-based fine-grained health information access control framework for lightweight IoT devices with dynamic auditing and attribute revocation[J]. IEEE Transactions on Cloud Computing, 2018,6(2): 532-544.
[19]	HAO J L , HUANG C , LIU J ,et al. Efficient outsourced data access control with user revocation for cloud-based IoT[C]// 2018 IEEE Global Communications Conference. Piscataway:IEEE Press, 2018: 1-6.
[20]	HUR J , NOH D K . Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2011,22(7): 1214-1221.
[21]	LI M T , HUANG X Y , LIU J K ,et al. GO-ABE:group-oriented attribute-based encryption[M]. Cham: Springer International Publishing, 2014.
[22]	YEH S C , SU M Y , CHEN H H ,et al. An efficient and secure approach for a cloud collaborative editing[J]. Journal of Network and Computer Applications, 2013,36(6): 1632-1641.
[23]	史姣丽, 黄传河, 王晶 ,等. 云存储下多用户协同访问控制方案[J]. 通信学报, 2016,37(1): 88-99.
	SHI J L , HUANG C H , WANG J ,et al. Multi-user collaborative access control scheme in cloud storage[J]. Journal on Communications, 2016,37(1): 88-99.
[24]	ILIA P , CARMINATI B , FERRARI E ,et al. SAMPAC:Socially-aware collaborative multi-party access control[C]// 7th ACM on Conference on Data and Application Security and Privacy. New York:ACM Press, 2017: 71-82.
[25]	HUANG Q L , LI N , YANG Y X . DACSC:dynamic and fine-grained access control for secure data collaboration in cloud computing[C]// 2018 IEEE Global Communications Conference. Piscataway:IEEE Press, 2018: 1-7.
[26]	LI C H , XIE W R , ZHOU K . Efficient binary-encoding access control policy combination for large-scale collaborative scenarios[C]// 2018 17th IEEE International Conference on Trust,Security and Privacy in Computing and Communications/ 12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE) . Piscataway:IEEE Press, 2018: 560-566.
[27]	BOBBA R , KHURANA H , PRABHAKARAN M . Attribute-sets:a practically motivated enhancement to attribute-based encryption[C]// 14th European Conference on Research in Computer Security. Berlin:Springer, 2009: 587-604.
[28]	王光波, 刘海涛, 王晨露 ,等. 云存储环境下可撤销属性加密[J]. 计算机研究与发展, 2018,55(6): 76-86.
	WANG G B , LIU H T , WANG C L ,et al. Revocable attribute-based encryption in cloud storage[J]. Journal of Computer Research and De-velopment, 2018,55(6): 76-86.
[29]	NAOR D , NAOR M , LOTSPIECH J . Revocation and tracing schemes for stateless receivers[C]// 21st Annual International Cryptology Conference. Berlin:Springer, 2001: 41-62.

Metrics

Recommended 0

No Suggested Reading articles found!

Attribute-based revocable collaborative access control scheme

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 5

References 29

Related Articles 15

Metrics

Recommended 0

[1]	Ruizhong DU, Tianhe ZHANG, Pengliang SHI. Ciphertext policy hidden access control scheme based on blockchain and supporting data sharing [J]. Journal on Communications, 2022, 43(6): 168-178.
[2]	Yinghui ZHANG, Lingyun HU, Yixin LI, Jianting NING, Dong ZHENG. Secure and efficient batch authentication scheme based on dynamic revocation mechanism in space information network [J]. Journal on Communications, 2022, 43(4): 164-176.
[3]	Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing [J]. Journal on Communications, 2021, 42(8): 139-150.
[4]	Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing [J]. Journal on Communications, 2021, 42(3): 160-170.
[5]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[6]	LI Xuejun,ZHANG Dan,LI Hui. Efficient revocable attribute-based encryption scheme [J]. Journal on Communications, 2019, 40(6): 32-39.
[7]	Lei SUN,Zhiyuan ZHAO,Jianhua WANG,Zhiqiang ZHU. Attribute-based encryption scheme supporting attribute revocation in cloud storage environment [J]. Journal on Communications, 2019, 40(5): 47-56.
[8]	Xiaodong YANG,Yutong LI,Jinli WANG,Tingchun MA,Caifen WANG. Revocable identity-based proxy re-signature scheme in the standard model [J]. Journal on Communications, 2019, 40(5): 153-162.
[9]	Sheng DING,Jin CAO,Hui LI. Efficient pairing-free CP-ABE based on ordered binary decision diagram [J]. Journal on Communications, 2019, 40(12): 1-8.
[10]	Ruizhong DU,Pengliang SHI,Xinfeng HE. Cloud data assured deletion scheme based on overwrite verification [J]. Journal on Communications, 2019, 40(1): 130-140.
[11]	Xiangyu WANG,Jianfeng MA,Yinbin MIAO,Kai ZHANG,Qiying WU. Key storage management scheme based on keyed hash tree with state [J]. Journal on Communications, 2018, 39(5): 94-102.
[12]	Shun ZHANG,Hongli FAN,Hong ZHONG,Miaomiao TIAN. Efficient revocable certificateless remote anonymous authentication protocol for wireless body area network [J]. Journal on Communications, 2018, 39(4): 100-111.
[13]	Qi-ying WU,Jian-feng MA,Hui LI,Jun-wei ZHANG,Qi JIANG,Yin-bin MIAO. Multi-keyword search over encrypted data with user revocation [J]. Journal on Communications, 2017, 38(8): 183-193.
[14]	Wei-wei ZHANG,Yu-zhao ZHANG,Chao HUANG,Ru ZHANG,Yi-xian YANG. Data sharing scheme supporting secure outsourced computation in wireless body area network [J]. Journal on Communications, 2017, 38(4): 64-75.
[15]	Kai ZHANG,Jian-feng MA,Hui LI,Jun-wei ZHANG,Tao ZHANG. Multi-authority attribute-based encryption with efficient revocation [J]. Journal on Communications, 2017, 38(3): 83-91.