权限分离的属性基加密数据共享方案

doi:10.3969/j.issn.1000-436x.2014.z2.009

Abstract

Abstract:

Attribute-based encryption (ABE),which can provide fine-grained access control and flexible one-to-many encryption,has been envisioned as an important data sharing approach to achieve privacy preserving in the distributed environment.However,the flourish of the data sharing approach using attribute-based encryption still hinges upon how to fully understand and manage the challenges facing in the distributed environment,especially the veracity of the data.In fact,all of the existing data sharing schemes allow data owner to modify data without restrictions,in which the veracity of the data has been questioned and that cannot satisfy the demands of practical application sometimes,such as personal electronic medical records or assessment systems.A data sharing scheme with privilege separation is presented,in which the veracity of the data can be ensured and the flexible access control can be provided.Based on RSA-based proxy encryption,a new efficient privilege separation mechanism is introduced to ensure the veracity of the data; exploiting attribute-based encryption,the data owner can define the access policy to achieve fine-grained access control.Detailed security analysis shows that the proposed data sharing scheme can provide the data confidentiality to achieve privacy preserving.In addition,the performance analysis demonstrates the scheme’s effectiveness in terms of the computation costs.

Key words: attribute-based encryption, access control, privilege separation, privacy preserving, data sharing

Hui ZHU,Wan LEI,Rong HUANG,Hui LI,Xi-meng LIU. Privilege separation of data sharing scheme using attribute-based encryption[J]. Journal on Communications, 2014, 35(Z2): 53-62.

Figures/Tables 11

References 19

[1]	ARMBRUST M , FOX A , GRIFFITH R ,et al. A view of cloud computing[J]. Communications of the ACM, 2010,53(4): 50-58.
[2]	冯登国, 张敏, 张妍等 . 云计算安全研究[J]. 软件学报, 2011,22(1): 71-83. FENG D G , ZHANG M , ZHANG Y ,et al. Study on cloud computing security[J]. Journal of Software, 2011,22(1): 71-83.
[3]	朱辉, 李晖, 苏万力 ,等. 基于身份的匿名无线认证方案[J]. 通信学报, 2009,30(4): 130-136. ZHU H , LI H , SU W L ,et al. ID-based wireless authentication scheme with anonymity[J]. Journal on Communications, 2009,30(4): 130-136.
[4]	AGRAWAL R , SRIKANT R . Privacy-preserving data mining[J]. ACM Sigmod Record, 2000,29(2): 439-450.
[5]	ZHU H , LIU T T , Wei G H ,et al. PPAS:privacy protection authentication scheme for VANET[J]. Cluster Computing, 2013,16(4): 873-886.
[6]	SAHAI A , WATERS B . Fuzzy identity-based encryption[M]. Advances in Cryptology–EUROCRYPT 2005. Springer Berlin Heidelberg, 2005.
[7]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[A]. Security and Privacy,SP'07[C]. 2007. 321-334.
[8]	YU S , WANG C , REN K ,et al. Achieving secure,scalable,and fine-grained data access control in cloud computing[A]. INFOCOM,2010 Proceedings IEEE[C]. 2010. 1-9.
[9]	LI M , YU S , ZHENG Y ,et al. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption[J]. IEEE Transactions on Parallel and Distributed Systems, 2013,24(1): 131-143.
[10]	AKINYELE J A , PAGANO M W , GREEN M D ,et al. Securing electronic medical records using attribute-based encryption on mobile devices[A]. Proceedings of the 1st ACM workshop on Security and Privacy in Smartphones and Mobile devices[C].ACM. 2011. 75-86.
[11]	NARAYAN S , GAGNE M,SAFAVI-NANINI R . Privacy preserving EHR system using attribute-based infrastructure[A]. Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop.[C]. ACM. 2010. 47-52.
[12]	JAHID S , MITTAL P , BORISOV N . EASIER:Encryption-based access control in social networks with efficient revocation[A]. Proceedings of the 6th ACM Symposium on Information,Computer and Communications Security[C]. ACM. 2011. 411-415.
[13]	XU Z , MARTIN K M . Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage[A]. 2012 IEEE 11th International Conference on Trust,Security and Privacy in Computing and Communications[C]. 2012. 844-849.
[14]	HUR J , NOH D K . Attribute-based access control with efficient revocation in data outsourcing system[J]. IEEE Transactions on Parallel and Distributed Systems, 2011,22(7): 1214-1221.
[15]	DONG C , RUSSELLO G , DULAY N . Shared and searchable encrypted data for untrusted servers[M]. Data and Applications Security XXII. Springer Berlin Heidelberg, 2008.
[16]	YANG Y , LU H , WENG J . Multi-user private keyword search for cloud computing[A]. 2011 IEEE Third International Conference on Cloud Computing Technology and Science (CloudCom).[C]. IEEE. 2011. 264-271.
[17]	BEN L . PBC library[EB/OL]. .
[18]	Openssl Team OpenSSL:The open source toolkit for SSL/TLS[EB/OL]. .
[19]	BETHENCOURT J ， SAHAI A ， WATERS B . The cpabe toolkit[EB/OL]. .

Metrics

Recommended 0

No Suggested Reading articles found!

符号	语义
u_t	用户 t的身份标识
att_i	属性 i
G_i	属性att_i所对应的属性群
Λ	属性集
KEK_j	节点 j所对应的KEK
PK_t	u_t的路径密钥
F_j	文件 j
(k_ut,ck_ut)	u_t所对应的查询密钥对
(e_i1,e_i2)	u_i所对应的写密钥对
(d_j1,d_j2)	F_j所对应的读密钥对
E_ABE(d_j1)	F_j所对应的读密钥密文
C	消息密文

方案	操作	时间/s
	主密钥( 2048 bit)	0.406
RSA	密钥对(1 024 bit)	0.981×10^?3
	加密(1 KB)	0.003
	解密(1 KB)	0.054
	系统建立	0.092
CP-ABE	生成密钥	0.436
	加密(1 KB)	0.234
	解密(1 KB)	0.092
AES	加密(1 MB)	0.028
	解密(1 MB)	0.039

Privilege separation of data sharing scheme using attribute-based encryption

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 19

Related Articles 15

Metrics

Recommended 0

[1]	Tao FENG, Liqiu CHEN, Junli FANG, Jianming SHI. Blockchain data sharing scheme based on localized difference privacy and attribute-based searchable encryption [J]. Journal on Communications, 2023, 44(5): 224-233.
[2]	Xuejiao LIU, Tiancong CAO, Yingjie XIA. Research on efficient and secure cross-domain data sharing of IoV under blockchain architecture [J]. Journal on Communications, 2023, 44(3): 186-197.
[3]	Yiliang HAN, Kaiyang GUO, Riming WU, Kai LIU. Attribute-based encryption scheme against key abuse based on OBDD access structure from lattice [J]. Journal on Communications, 2023, 44(1): 75-88.
[4]	Wei JIN, Fenghua LI, Mingjie YU, Yunchuan GUO, Ziyan ZHOU, Liang FANG. HDFS-oriented cryptographic key resource control mechanism [J]. Journal on Communications, 2022, 43(9): 27-41.
[5]	Ruizhong DU, Tianhe ZHANG, Pengliang SHI. Ciphertext policy hidden access control scheme based on blockchain and supporting data sharing [J]. Journal on Communications, 2022, 43(6): 168-178.
[6]	Xinchun YIN, Mengyu WANG, Jianting NING. Lightweight searchable medical data sharing scheme [J]. Journal on Communications, 2022, 43(5): 110-122.
[7]	Lichuan MA, Jiayi PENG, Qingqi PEI, Haojin ZHU. Efficient privacy-preserving decision tree classification protocol [J]. Journal on Communications, 2021, 42(8): 80-89.
[8]	Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing [J]. Journal on Communications, 2021, 42(8): 139-150.
[9]	Youhuizi LI, Yuyu YIN, Honghao GAO, Yi JIN, Xinheng WANG. Survey on privacy protection in non-aggregated data sharing [J]. Journal on Communications, 2021, 42(6): 195-212.
[10]	Changgen PENG, Zongfeng PENG, Hongfa DING, Youliang TIAN, Rongfei LIU. Attribute-based revocable collaborative access control scheme [J]. Journal on Communications, 2021, 42(5): 75-86.
[11]	Zuobin YING, Yuanping SI, Jianfeng MA, Ximeng LIU. Blockchain-based distributed EHR fine-grained traceability scheme [J]. Journal on Communications, 2021, 42(5): 205-215.
[12]	Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing [J]. Journal on Communications, 2021, 42(3): 160-170.
[13]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[14]	Yang LIU, Jun LI, Wenyun CHEN, Mugen PENG. Research on endogenous security data sharing mechanism of F-RAN for 6G [J]. Journal on Communications, 2021, 42(1): 67-78.
[15]	Tianyi ZHU,Fenghua LI,Wei JIN,Yunchuan GUO,Liang FANG,Lin CHENG. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy [J]. Journal on Communications, 2020, 41(9): 29-48.