基于直接匿名证明的k次属性认证方案

doi:10.11959/j.issn.1000-436x.2018279

Abstract

Abstract:

s: At present, the main drawbacks of existing k-times attribute-based authentication (abbreviated to k-TABA) schemes and related attribute-based authentication schemes are that the computation cost of the authentication process depends on the size of the access formula and none of these schemes considers the problems of member revocation and attribute update. A new k-TABA scheme was constructed based on the building blocks of direct anonymous attestation, set membership proof and ciphertext-policy attribute-based encryption. Moreover, in order to reduce user's calculation as much as possible, the underlying attribute-based encryption scheme was modified, and then the main decryption operations were outsourced by using the key binding technique of Green et al. The new scheme can be deployed on a trusted platform and support expressive authentication policies. In addition, it also satisfies several ideal properties, such as registration process verifiability, member revocation, attribute update, and so on. The significant performance advantage of the new scheme is that the computation overhead of the user in the authentication phase is constant.

Key words: attribute-based authentication, direct anonymous attestation, ciphertext-policy attribute-based encryption, linear secret sharing, outsourced decryption

CLC Number:

TP393

Xin LIU,Qiuliang XU,Bin ZHANG,Bo ZHANG. k-times attribute-based authentication scheme using direct anonymous attestation[J]. Journal on Communications, 2018, 39(12): 113-133.

Figures/Tables 6

References 27

[1]	李顺东，窦家维，王道顺 . 同态加密算法及其在云安全中的应用[J]. 计算机研究与发展， 2015,52(6): 1378-1388.
	LI S D , DOU J W , WANG D S . Survey on homomorphic encryption and its applications to cloud security[J]. Journal of Computer Research and Development, 2015,52(6): 1378-1388.
[2]	张凯，马建峰，李辉，等. 支持高效撤销的多机构属性加密方案[J]. 通信学报， 2017,38(3): 83-91.
	ZHANG K , MA J F , LI H , et al. Multi-authority attribute-based encryption with efficient revocation[J]. Journal on Communications, 2017,38(3): 83-91.
[3]	ZHOU J , CAO Z F . PSCPA: patient self-controllable privacy-preserving cooperative authentication in distributed m-healthcare systems[R]. IACR Cryptology ePrint Archive: Report. 2012/044.
[4]	LI M , HUANG X Y , LIU J K , et al. Matrix-valued and quaternion wavelets[J]. International Journal of Embedded Systems, 2015,7(3-4): 191-202.
[5]	CAMENISCH J , DRIJVERS M , HAJNY J . Scalable revocation scheme for anonymous credentials based on n-times unlinkable proofs[C]// the 2016 ACM on Workshop on Privacy in the Electronic Society, WPES 2016. 2016:123-133.
[6]	NGUYEN L . Efficient dynamic k-times anonymous authentication[C]// First International Conference on Cryptology in Vietnam, VIETCRYPT 2006. Hanoi, Vietnam, 2006:81-98.
[7]	柳欣，徐秋亮 . 不可克隆的动态 k 次匿名认证方案[J]. 通信学报， 2012,33(7): 75-89.
	LIU X , XU Q L . Unclonable dynamic k-times anonymous authentication[J]. Journal on Communications, 2012,33(7): 75-89.
[8]	LIAN Y , HUANG X Y , MU Y . SA 3: Self-adaptive anonymous authentication for dynamic authentication policies[J]. Future Generation Computer Systems, 2014,30(1): 133-139.
[9]	MAJI H K , PRABHAKARAN M , ROSULEK M . Attribute-based signatures[C]// The Cryptographers' Track at the RSA Conference 2011, CT-RSA 2011. Hanoi, Vietnam, 2011:376-392.
[10]	YANG H , OLESHCHUK V A . An efficient traceable attribute-based authentication scheme with one-time attribute trees[C]// 20th Nordic Conference, NordSec 2015. 2015:123-135.
[11]	YANG H , OLESHCHUK V A . A dynamic attribute-based authentication scheme[C]// International Conference on Codes, Cryptology, and Information Security, C2SI 2015.. 2015:106-118.
[12]	LI J , CHEN X F , HUANG X Y . New attribute-based authentication and its application in anonymous cloud access service[J]. International Journal of Web and Grid Services, 2015,11(1): 125-141.
[13]	YUEN T H , LIU J K , AU M H , et al. K-times attribute-based anonymous access control for cloud computing[J]. IEEE Transactions on Computers, 2015,64(9): 2595-2608.
[14]	BRICKELL E , CHEN L , LI J . Simplified security notions of direct anonymous attestation and a concrete scheme from pairings[J]. International journal of information security, 2009,8(5): 315-330.
[15]	CHEN L . A DAA scheme requiring less TPM resources[C]// 5th International Conference on Information Security and Cryptology. 2010:350-365.
[16]	DESMOULINS N , LESCUYER R , SANDERS O , et al. Direct anonymous attestations with dependent basename opening[C]// the International Conference on Cryptology and Network Security. 2014:206-221.
[17]	BRICKELL E , CHEN L , LI J . A static Diffie-Hellman attack on several direct anonymous attestation schemes[C]// 4th International Conference on Trusted Systems, INTRUST 2012. 2012:95-111.
[18]	XI L , YANG Y , ZHANG Z F , et al. A static Diffie-Hellman attack on several direct anonymous attestation schemes[C]// the International Conference on Trust and Trustworthy Computing, TRUST 2014. 2014:1-18.
[19]	ZHANG P , CHEN Z H , LIANG K T , et al. A cloud-based access control scheme with user revocation and attribute update[C]// the Australasian Conference on Information Security and Privacy, ACISP 2016. 2016:525-540.
[20]	ARFAOUI G , LALANDE J F , TRAORé J , et al. A practical set-membership proof for privacy-preserving NFC mobile ticketing[C]// 15th International Symposium on Privacy Enhancing Technologies, PETS 2015. Philadelphia. 2015:25-45.
[21]	GREEN M , HOHENBERGER S , WATERS B . Outsourcing the decryption of abe ciphertexts[C]// The USENIX Security Symposium 2011. San Francisco, CA, USA. 2011:3-18.
[22]	BONEH D , BOYEN X . Short signatures without random oracles and the SDH assumption in bilinear groups[J]. Journal of Cryptology, 2008,21(2): 149-177.
[23]	LAI J Z , DENG R H , GUAN C , et al. Attribute-based encryption with verifiable outsourced decryption[J]. IEEE Transactions on Information Forensics and Security, 2013,8(8): 1343-1354.
[24]	CAMENISCH J , HOHENBERGER S , PEDERSEN M ? . Batch verification of short signatures[J]. IEEE Transactions on Information Forensics and Security, 2012,25(4): 723-747.
[25]	GOYAL V , PANDEY O , SAHAI A , et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// 13th ACM conference on Computer and communications security, CCS 2006. Alexandria. 2006:89-98.
[26]	CHEN L , MORRISSEY P , SMART N P . Pairings in trusted computing[C]// 13th ACM conference on Computer and communications security, CCS 2006. International Conference on Pairing-Based Cryptography, Pairing 2008. 2008:1-17.
[27]	LI J , AU M H , SUSILO W , et al. Attribute-based signature and its applications[C]// 13th ACM conference on Computer and communications security, CCS 2006. 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010. 2010:60-69.

Metrics

Recommended 0

No Suggested Reading articles found!

符号	含义	符号	含义
TPK	方案的群参数	cert _i	User _i的成员证书
MSK	AA的主密钥	S_i	User _i的属性集合
APK	方案的属性公钥	ASK _i	User _i的属性私钥
Φ ,Σ	底层区间证明协议中的公开列表	σ	User_i在认证阶段产生的DAA签名
RL	用户废除列表	(B,K)	σ中用于对TPM进行废除检测的数对
DAASeed	TPM的秘密种子	H₀,H₁,H₂,H₃	抗碰撞的散列函数，分别用于产生APK，产生TPM私钥，产生nym_i以及产生知识签名π₁,π₂,π₄中的挑战串
cnt	TPM的内部计数器	H_K	带密钥的散列函数，用于产生知识签名π₃中的挑战串
K_AA	AA的身份信息	K_SP	SP 在认证阶段产生的挑战元素，它将充当散列函数H_K的密钥
nym _i	User _i的伪名	Cha	SP 产生的关于K_SP 的底层CP-ABE方案挑战密文

方案	计算平台	访问策略	属性匿名性	访问次数受限	注册过程可验证性	成员废除	属性更新
文献[3]	PC	门限	是	否	否	否	否
文献[4]	PC	可表述性	是	否	否	否	否
文献[8]	PC	可表述性	是	否	否	否	否
文献[10]	PC	可表述性	是	否	否	否	否
文献[11]	PC	可表述性	否	否	否	否	否
文献[12]	PC	门限	是	否	否	否	否
文献[13]	PC	可表述性	是	是	否	否	否
本文	可信平台	可表述性	是	是	是	是	是

方案		注册			认证
方案	用户		属性权威/群管理员	用户		服务提供商/验证者
文献[3]	—		320(\|S_i\|+d)	480(n′+d-k+1)+\|des(Γ)\|		—
文献[4]	—		160\|S_i\|+320	160(l+n)+320		\|des(Γ)\|
文献[8]	—		160\|S_i\|+320	160(l+n)+320		\|des(Γ)\|
文献[10]	—		160\|S_i\|+320	1600		des(Γ)\|+320l+160
文献[11]	—		160\|S_i\|+320	160\|S_i\|+2 080		\|des(Γ)\|
文献[12]	N (N-1)?2PC\|_U+640N		(N-1)?\|PC\|_AA+320\|S_i\|	160 Nn′+1 600		N? \|des(Γ)\|
文献[13]	480		160\|S_i\|+480	960n+160l+5 600		\|des(Γ)\|+320
				5 280
本文	800		480\|S_i\|+1 280	5 280+480l+\|des(Γ)\|+320(\|RL\|+\|S_i\|)^*		\|des(Γ)\|+160(3l+\|RL\|)+1120

方案		注册			认证
方案	用户		属性权威/群管理员	用户		服务提供商/验证者
文献[3]	—		2(\|S_i\|+d)E	(2(n′+d?k)+5)E		\|S_r\|(6(n′+d?k)+8)E
文献[4]	—		(\|S_i\|+1)E	(3+2l+2ln)E		(5ln+3n+6)E
文献[8]	—		(\|S_i\|+1)E	(3+2l+2ln)E		(5ln+3n+6)E
文献[10]	—		(\|S_i\|+1)E	(6\|S_r\|+14)E		(2l+8)E
文献[11]	—		(\|S_i\|+1)E	(26+2\|S_i\|+\|L_i\|)E		(28+2\|S _i\|+\|L_i\|)E
文献[12]	N (N-1)(2PC)_U+NE		(N-1)(2PC)_AA+(2\|S_i\|+1)E	(N\|S_i\|+2Nn′+5)E		(10+3 Nn′)E
文献[13]	E		(\|S_i\|+3)E	(32+l+2ln+3n)E		(5ln+7 n+32)E
	4E⁺			—
本文	(2\|S_i\|+13)E⁺⁺		(4\|S_i\|+11)E	12E⁺⁺		(23+4\|RL\|)E

k-times attribute-based authentication scheme using direct anonymous attestation

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 27

Related Articles 5

Metrics

Recommended 0

[1]	Lei SUN,Zhiyuan ZHAO,Jianhua WANG,Zhiqiang ZHU. Attribute-based encryption scheme supporting attribute revocation in cloud storage environment [J]. Journal on Communications, 2019, 40(5): 47-56.
[2]	Fang QI,Yanmei LI,Zhe TANG. Revocable and traceable key-policy attribute-based encryption scheme [J]. Journal on Communications, 2018, 39(11): 63-69.
[3]	En ZHANG,Yaoyao PEI,Jiao DU. RLWE-based ciphertext-policy attribute proxy re-encryption [J]. Journal on Communications, 2018, 39(11): 129-137.
[4]	Xin LIU,Qiu-liang XU,Bo ZHANG. Lightweight multi-coupon system for multi-merchant environments with DAA [J]. Journal on Communications, 2016, 37(9): 30-45.
[5]	Hong-hu ZHEN,Yue CHEN,Peng-xu TAN,Yuan-bo GUO. Asymmetric bilinear pairing based direct anonymous attestation scheme [J]. Journal on Communications, 2010, 31(8A): 37-43.