支持高效密文密钥同步演化的安全数据共享方案

doi:10.11959/j.issn.1000-436x.2018083

Abstract

Abstract:

The static property of stored ciphertext in cloud increases the probability that an attacker can crack the ciphertext by obtaining a key,while ciphertext and key updates based on key distribution and re-encryption are excessively expensive.For this problem,a secure data sharing scheme supporting efficient synchronous evolution for ciphertext and key (CKSE-SDS) was proposed.By introducing cryptography accumulator in broadcast encryption,mimicry transformation factor could be constructed supporting time-hopping periodically and efficient synchronous evolution for ciphertext and key could be achieved based on dynamic segmentation and fusion of ciphertext and key,which reduced certainty in the process of encryption and key distribution and increased the difficulty for attackers exploiting security vulnerabilities to obtain key to crack ciphertext as well.Theoretical analysis and security proofs show that the proposed scheme can support secure and efficient data access as well as reduce the probability of a successful attack effectively for an attacker,which can also enhance the system’s active security defense capability.

Key words: cloud storage, broadcast encryption, cryptography accumulator, data sharing, synchronous evolution

CLC Number:

TP309.2

Xincheng YAN,Yue CHEN,Hongyong JIA,Yanru CHEN,Xinyue ZHANG. Secure data sharing scheme supporting efficient synchronous evolution for ciphertext and key[J]. Journal on Communications, 2018, 39(5): 123-133.

Figures/Tables 4

场景	直接破解密文	获取密钥解密	攻击成功概率
P_w	$P_{g c_{i}} P_{d c_{i}}$	$P_{g c_{i}} P_{g k_{i}} P_{g d k_{i}}$	$P_{g c_{i}} P_{d c_{i}} + P_{g c_{i}} P_{g k_{i}} P_{g d k_{i}}$
P _1w	$P'_{g c_{i}} P'_{d c_{i}}$	$P'_{g c_{i}} P'_{g k_{i}} P'_{g d k_{i}}$	$P'_{g c_{i}} P'_{d c_{i}} + P'_{g c_{i}} P'_{g k_{i}} P'_{g d k_{i}}$
P_nw	$P_{g c_{i}} P_{d c_{i}}$	$\frac{1}{n^{3}} P_{g c_{i}} P_{g k_{i}} P_{g d k_{i}}$	$P_{g c_{i}} P_{d c_{i}} + \frac{1}{n^{3}} P_{g c_{i}} P_{g k_{i}} P_{g d k_{i}}$

References 25

[1]	苏金树, 曹丹, 王小峰 ,等. 属性基加密机制[J]. 软件学报, 2011,22(6): 1299-1315.
	SU J S , CAO D , WANG X F ,et al. Attribute-based encryption schemes[J]. Journal of Software, 2011,22(6): 1299-1315.
[2]	冯登国, 张敏, 张妍 ,等. 云计算安全研究[J]. 软件学报, 2011,22(1): 71-83.
	FENG D G , ZHANG M , ZHANG Y ,et al. Study on cloud computing security[J]. Journal of Software, 2011,22(1): 71-83.
[3]	黄刘生, 田苗苗, 黄河 . 大数据隐私保护密码技术研究综述[J]. 软件学报, 2015,26(4): 945-959.
	HUANG L S , TIAN M M , HUANG H . Preserving privacy in big data:a survey from the cryptographic perspective[J]. Journal of Software, 2015,26(4): 945-959.
[4]	DAN B , FRANKLIN M K . Identity-based encryption from the Weil pairing[C]// International Cryptology Conference. 2001: 213-229.
[5]	SAHAI A , WATERS B . Fuzzy identity-based encryption[C]// International Conference on Theory and Applications of Cryptographic Techniques. 2005: 457-473.
[6]	邬江兴 . 网络空间拟态安全防御[J]. 保密科学技术, 2014(10): 4-10.
	WU J X . Cyber minic security defense[J]. Secrecy Science and Technology, 2014(10): 4-10.
[7]	邬江兴 . 拟态计算与拟态安全防御的原意和愿景[J]. 电信科学, 2014,30(7): 1-7.
	WU J X . Meaning and vision of mimic computing and mimic security defense[J]. Telecommunications Science, 2014,30(7): 1-7.
[8]	刘杰, 曾浩洋, 田永春 ,等. 动态弹性安全防御技术及发展趋势[J]. 通信技术, 2015(2): 117-124.
	LIU J , ZENG H Y , TIAN Y C ,et al. Technology and development trend of dynamic resiliency for security defense[J]. Communications Technology, 2015(2): 117-124.
[9]	JAJODIA S , JAJODIA S , JAJODIA S ,et al. moving target defense[J]. Advances in Information Security, 2011,54: 99-108.
[10]	蔡桂林, 王宝生, 王天佐 ,等. 移动目标防御技术研究进展[J]. 计算机研究与发展, 2016,53(5): 968-987.
	CAI G L , WANG B S , WANG T Z ,et al. Research and development of moving target defense technology[J]. Journal of Computer Research and Development, 2016,53(5): 968-987.
[11]	JAJODIA S , GHOSH A K , SWARUP V ,et al. Moving target defense:creating asymmetric uncertainty for cyber threats[J]. Springer Ebooks, 2011.
[12]	WANG H , JIA Q , Dan F ,et al. A moving target DDoS defense mechanism[J]. Computer Communications, 2014,46(6): 10-21.
[13]	雷程, 马多贺, 张红旗 ,等. 基于最优路径跳变的网络移动目标防御技术[J]. 通信学报, 2017,38(3): 133-143.
	LEI C , MA D H , ZHANG H Q ,et al. Network moving target defense technique based on optimal forwarding path migration[J]. Journal on Communications, 2017,38(3): 133-143.
[14]	罗兴国, 仝青, 张铮 ,等. 拟态防御技术[J]. 中国工程科学, 2016,18(6): 69-73.
	LUO X G , TONG Q , ZHANG Z ,et al. Mimic defense technology[J]. Engineering Sciences, 2016,18(6): 69-73.
[15]	仝青, 张铮, 张为华 ,等. 拟态防御Web服务器设计与实现[J]. 软件学报, 2017,28(4): 883-897.
	TONG Q , ZHANG Z , ZHANG W H ,et al. Design and implementation of mimic defense Web server[J]. Journal of Software, 2017,28(4): 883-897.
[16]	YU S , WANG C , REN K ,et al. Attribute based data sharing with attribute revocation[C]// ACM Symposium on Information,Computer and Communications Security. 2010: 261-270.
[17]	HUR J , DONG K N . Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel ＆ Distributed Systems, 2011,22(7): 1214-1221.
[18]	ZU L , LIU Z , LI J . New ciphertext-policy attribute-based encryption with efficient revocation[C]// IEEE International Conference on Computer and Information Technology. 2014: 281-287.
[19]	YANG K , JIA X , REN K . Attribute-based fine-grained access control with efficient revocation in cloud storage systems[C]// ACM Sigsac Symposium on Information,Computer and Communications Security. 2013: 523-528.
[20]	XIA Z H , ZHANG L G , LIU D D ,et al. Attribute-based access control scheme with efficient revocation in cloud computing[J]. China Communications, 2016,13(7): 92-99.
[21]	FIAT A , NAOR M . Broadcast encryption[M]// Advances in Cryptology— CRYPTO’ 93. Springer Berlin Heidelberg, 1993: 480-491.
[22]	PHAN D H , POINTCHEVAL D , SHAHANDASHTI S F ,et al. Adaptive CCA broadcast encryption with constant-size secret keys and ciphertexts[J]. International Journal of Information Security, 2013,12(4): 251-265.
[23]	ZHOU Z , HUANG D , WANG Z . Efficient privacy-preserving ciphertext-policy attribute based encryption and broadcast encryption[J]. IEEE Transactions on Computers, 2014,64(1): 126-138.
[24]	WU Q , QIN B , ZHANG L ,et al. Contributory broadcast encryption with efficient encryption and short ciphertexts[J]. IEEE Transactions on Computers, 2016,65(2): 466-479.
[25]	BONEH D , BOYEN X , GOH E J . Hierarchical identity based encryption with constant size ciphertext[C]// International Conference on Theory and Applications of Cryptographic Techniques. 2005: 440-456.

Metrics

Recommended 0

No Suggested Reading articles found!

变量	含义
n	当前加入累加器集合的用户数量
exp	一次群元素幂运算
c	一次乘法运算
sig	一次数字签名加密运算
\|δ\|	签名值大小
\|G\|	群元素的大小

方案	通信开销	密钥更新开销	密文更新客户端开销
文献[22]方案	3\|G\|	N·exp	3exp+(n+2)c
文献[24]方案	3\|G\|	n·(exp+c)	(n+2)exp+nc
本文方案	2\|G\|+\|δ\|	nc	0

方案	通信开销	密文演化客户端计算开销
文献[22]方案	3\|G\|	3exp+(n+2)c
文献[24]方案	3\|G\|	(n+2)exp+nc
本文方案	(n+2)\|G\|+\|δ\|	0

Secure data sharing scheme supporting efficient synchronous evolution for ciphertext and key

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 4

References 25

Related Articles 15

Metrics

Recommended 0

[1]	Tao FENG, Liqiu CHEN, Junli FANG, Jianming SHI. Blockchain data sharing scheme based on localized difference privacy and attribute-based searchable encryption [J]. Journal on Communications, 2023, 44(5): 224-233.
[2]	Xuejiao LIU, Tiancong CAO, Yingjie XIA. Research on efficient and secure cross-domain data sharing of IoV under blockchain architecture [J]. Journal on Communications, 2023, 44(3): 186-197.
[3]	Guanxiong HA, Qiaowen JIA, Hang CHEN, Chunfu JIA. Data popularity-based encrypted deduplication scheme without third-party servers [J]. Journal on Communications, 2022, 43(8): 17-29.
[4]	Ruizhong DU, Tianhe ZHANG, Pengliang SHI. Ciphertext policy hidden access control scheme based on blockchain and supporting data sharing [J]. Journal on Communications, 2022, 43(6): 168-178.
[5]	Youhuizi LI, Yuyu YIN, Honghao GAO, Yi JIN, Xinheng WANG. Survey on privacy protection in non-aggregated data sharing [J]. Journal on Communications, 2021, 42(6): 195-212.
[6]	Tao FENG, Fanqi KONG, Chunyan LIU, Rong MA, Albettar Maher. Dual verifiable cloud storage scheme based on blockchain [J]. Journal on Communications, 2021, 42(12): 192-201.
[7]	Chunfu JIA, Guanxiong HA, Shaoqiang WU, Hang CHEN, Ruiqi LI. AONT-and-NTRU-based rekeying scheme for encrypted deduplication [J]. Journal on Communications, 2021, 42(10): 67-80.
[8]	Yang LIU, Jun LI, Wenyun CHEN, Mugen PENG. Research on endogenous security data sharing mechanism of F-RAN for 6G [J]. Journal on Communications, 2021, 42(1): 67-78.
[9]	Shufen NIU,Wenke LIU,Lixia CHEN,Caifen WANG,Xiaoni DU. Electronic medical record data sharing scheme based on searchable encryption via consortium blockchain [J]. Journal on Communications, 2020, 41(8): 204-214.
[10]	Junfeng TIAN,Yanbiao WANG,Xinfeng HE,Juntao ZHANG,Wanhe YANG,Ya’nan PANG. Survey on the causal consistency of data [J]. Journal on Communications, 2020, 41(3): 154-167.
[11]	Wenlong KE,Yong WANG,Miao YE,Junqi CHEN. Priority differentiated multicast flow scheduling method in Ceph cloud storage network [J]. Journal on Communications, 2020, 41(11): 40-51.
[12]	Yu’na JIANG,Xiaohu GE,Yang YANG,Chengxiang WANG,Jie LI. 6G oriented blockchain based Internet of things data sharing and storage mechanism [J]. Journal on Communications, 2020, 41(10): 48-58.
[13]	Lei SUN,Zhiyuan ZHAO,Jianhua WANG,Zhiqiang ZHU. Attribute-based encryption scheme supporting attribute revocation in cloud storage environment [J]. Journal on Communications, 2019, 40(5): 47-56.
[14]	Xiangsong ZHANG,Chen LI,Zhenhua LIU. Key-exposure resilient integrity auditing scheme with encrypted data deduplication [J]. Journal on Communications, 2019, 40(4): 95-106.
[15]	Miaomiao TIAN,Chuang GAO,Jie CHEN. Identity-based cloud storage integrity checking from lattices [J]. Journal on Communications, 2019, 40(4): 128-139.