支持多种特性的基于属性代理重加密方案
|
摘要
一个理想的代理重加密方案通常具有单向性、非交互性、可重复性、可控性和可验证性,然而目前的方案普遍只满足其中的2个或3个,在一定程度上降低了实用性。为此,提出了一种支持5种特性的密文策略基于属性代理重加密(CP-ABPRE)方案。在所提方案中,云代理服务器只能利用重加密密钥重加密委托者指定的密文,抵御了满足重加密共享策略的用户与代理之间的共谋攻击;将多数加解密工作外包给云服务器,减轻了用户客户端的计算负担。安全分析表明,所提方案能抵御针对性选择明文攻击。
A ideal proxy re-encryption scheme has five features, such as one-way encryption, non-interaction, repeatability, controllability and verifiability. The existing schemes, however, have only two or three of the five features, which reduces the utility of them to some extent. For this, a new ciphertext-policy attribute-based proxy re-encryption(CP-ABPRE) scheme with the above five features was proposed. In the proposed scheme, the cloud proxy server could only re-encrypt the ciphertext specified by the delegator by using the re-encryption key, and resist the collusion attack between the user and the proxy satisfying the re-encryption sharing policy. Most of encryption and decryption were outsourced to cloud servers so that it reduced the computing burden on the user's client. The security analysis show that the proposed scheme resists the selective chosen plaintext attack(SCPA).
A ideal proxy re-encryption scheme has five features, such as one-way encryption, non-interaction, repeatability, controllability and verifiability. The existing schemes, however, have only two or three of the five features, which reduces the utility of them to some extent. For this, a new ciphertext-policy attribute-based proxy re-encryption(CP-ABPRE) scheme with the above five features was proposed. In the proposed scheme, the cloud proxy server could only re-encrypt the ciphertext specified by the delegator by using the re-encryption key, and resist the collusion attack between the user and the proxy satisfying the re-encryption sharing policy. Most of encryption and decryption were outsourced to cloud servers so that it reduced the computing burden on the user's client. The security analysis show that the proposed scheme resists the selective chosen plaintext attack(SCPA).
引文
[1]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]/The 2007 IEEE Symposium on Security and Privacy.IEEE,2007:321-334.
[2]冯朝胜,秦志光,袁丁.云数据安全存储技术[J].计算机学报,2015,38(1):150-163.FENG C S,QIN Z G,YUAN D.Techniques of secure storage for cloud data[J].Chinese Journal of Computers,2015,38(1):150-163.
[3]冯朝胜,秦志光,袁丁,等.云计算环境下访问控制关键技术[J].电子学报,2015,43(2):312-319.FENG C S,QIN Z G,YUAN D,et al.Key techniques of access control for cloud computing[J].Acta Electronica Sinica,2015,43(2):312-319.
[4]ATENIESE G,FU K,GREEN M,et al.Improved proxy re-encryption schemes with applications to secure distributed storage[J].ACMTransactions on Information and System Security,2006,9(1):1-30.
[5]GREEN M,ATENIESE G.Identity-based proxy re-encryption[C]//The5th International Conference on Applied Cryptography and Network Security.Springer,2007:288-306.
[6]THORBEK R.Linear integer secret sharing and distributed exponentiation[C]//The 9th International Conference on Theory and Practice of Public-Key Cryptography.Springer,2006:75-90.
[7]BEIMEL A.Secure schemes for secret sharing and key distribution[D].Haifa:Israel Institute of Technology,1996.
[8]KARCHMER M,WIGDERSON A.On span programs[C]//The Eighth Annual Structure in Complexity Theory.IEEE,1993:102-111.
[9]WATERS B.Ciphertext-policy attribute-based encryption:an expressive,efficient,and provably secure realization[C]//The 14th International Conference on Practice and Theory in Public Key Cryptography Conference on Public Key Cryptography.Springer,2011:53-70.
[10]BALU A,KUPPUSAMY K.An expressive and provably secure ciphertext-policy attribute-based encryption[J].Information Sciences,2014,276(4):354-362.
[11]CANETTI R,HALEVI S,KATZ J.Chosen-ciphertext security from identity-based encryption[C]//The Advances in Cryptology Eurocrypt.Springer,2004:207-222.
[12]LING C,NEWPORT C.Provably secure ciphertext policy abe[C]//The14th ACM Conference on Computer and Communications Security.ACM,2007:456-465.
[13]ZHAO J,FENG D G,ZHANG Z F.Attribute-based conditional proxy re-encryption with chosen-ciphertext security[C]//The Global Telecommunications Conference.IEEE,2010:1-6.
[14]LIANG X H,CAO Z F,LIN H,et al.Attribute based proxy re-encryption with delegating capabilities[C]//The 4th International Symposium on Information,Computer,and Communications Security.ACM,2009:276-286.
[15]LIANG K T,FANG L M,WONG D S,et al.A ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext security[C]//The 5th International Conference on Intelligent Networking and Collaborative Systems.IEEE,2013:552-559.
[16]LIANG K T,AU M H,LIU J K,et al.A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing[J].Future Generation Computers Systems,2015,52(C):95-108.
[17]LUO S,HU J B,CHEN Z.Ciphertext policy attribute-based proxy re-encryption[J].Information&Communications Security,2010,6476(4):401-415.
[18]LI J J,LIU Z H,ZU L H.Chosen-ciphertext secure multi-use unidirectional attribute-based proxy re-encryptions[C]//The Ninth Asia Joint Conference on Information Security.IEEE,2015:96-103.
[19]LUAN I,TANG Q,HARTEL P,et al.Efficient and provable secure ciphertext-policy attribute-based encryption schemes[C]//The 5th International Conference on Information Security Practice and Experience.Springer,2009:1-12.
[20]KAWAI Y.Outsourcing the re-encryption key generation:flexible ciphertext-policy attribute-based proxy re-encryption[C]//The Information Security Practice and Experience.Springer,2015:301-315.
[21]FU X B.Unidirectional proxy re-encryption for access structure transformation in attribute-based encryption schemes[J].International Journal of Network Security,2015,17(2):142-149.
[22]ZHANG Y H,LI J,CHEN X F,et al.Anonymous attribute-based proxy re-encryption for access control in cloud computing[J].Security&Communication Networks,2016,9(14):2397-2411.
[23]YIN H J,ZHANG L Y.Security analysis and improvement of an anonymous attribute-based proxy re-encryption[C]//The International Conference on Security,Privacy and Anonymity in Computation,Communication and Storage.Springer,2017:344-352.
[24]SEPEHRI M,TROMBETTA A.Secure and efficient data sharing with attribute-based proxy re-encryption scheme[C]//The 12th International Conference on Availability,Reliability and Security.ACM,2017:1-63.
[25]MA H,ZHANG R,WAN Z G,et al.Verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing[J].IEEE Transactions on Dependable&Secure Computing,2017,14(4):679-692.
[26]XIONG H,SUN J F.Comments on“verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing”[J].IEEE Transactions on Dependable&Secure Computing,2017,14(4):461-462.
[27]FENG X Y,LI C,LI D,et al.Fully secure hidden ciphertext policy attribute-based proxy re-encryption[C]//The International Conference on Information and Communications Security.Springer,2017:192-204.
[28]GE C,SUSILO W,FANG L,et al.A cca-secure key-policy attribute-based proxy re-encryption in the adaptive corruption model for dropbox data sharing system[J].Designs Codes&Cryptography,2018(1):1-17.
[29]YANG Y J,ZHU H Y,LU H B,et al.Cloud based data sharing with fine-grained proxy re-encryption[J].Pervasive and Mobile Computing,2016,28(C):122-134.
[30]XU P,CHEN H W,ZOU D Q,et al.Fine-grained and heterogeneous proxy re-encryption for secure cloud storage[J].Chinese Science Bulletin,2014,59(32):4201-4209.
[31]HUANG Q L,MA Z F,YANG Y X,et al.Improving security and efficiency for encrypted data sharing in online social networks[J].China Communications,2014,11(3):104-117.
[32]BENALOH J,LEICHTER J.Generalized secret sharing and monotone functions[C]//Advances in Cryptology.Springer,1990:27-35.
[33]GREEN M,HOHENBERGER S,WATERS B.Outsourcing the decryption of ABE ciphertexts[C]//The 20th Usenix Conference on Security.USENIX Association,2011:34.
[2]冯朝胜,秦志光,袁丁.云数据安全存储技术[J].计算机学报,2015,38(1):150-163.FENG C S,QIN Z G,YUAN D.Techniques of secure storage for cloud data[J].Chinese Journal of Computers,2015,38(1):150-163.
[3]冯朝胜,秦志光,袁丁,等.云计算环境下访问控制关键技术[J].电子学报,2015,43(2):312-319.FENG C S,QIN Z G,YUAN D,et al.Key techniques of access control for cloud computing[J].Acta Electronica Sinica,2015,43(2):312-319.
[4]ATENIESE G,FU K,GREEN M,et al.Improved proxy re-encryption schemes with applications to secure distributed storage[J].ACMTransactions on Information and System Security,2006,9(1):1-30.
[5]GREEN M,ATENIESE G.Identity-based proxy re-encryption[C]//The5th International Conference on Applied Cryptography and Network Security.Springer,2007:288-306.
[6]THORBEK R.Linear integer secret sharing and distributed exponentiation[C]//The 9th International Conference on Theory and Practice of Public-Key Cryptography.Springer,2006:75-90.
[7]BEIMEL A.Secure schemes for secret sharing and key distribution[D].Haifa:Israel Institute of Technology,1996.
[8]KARCHMER M,WIGDERSON A.On span programs[C]//The Eighth Annual Structure in Complexity Theory.IEEE,1993:102-111.
[9]WATERS B.Ciphertext-policy attribute-based encryption:an expressive,efficient,and provably secure realization[C]//The 14th International Conference on Practice and Theory in Public Key Cryptography Conference on Public Key Cryptography.Springer,2011:53-70.
[10]BALU A,KUPPUSAMY K.An expressive and provably secure ciphertext-policy attribute-based encryption[J].Information Sciences,2014,276(4):354-362.
[11]CANETTI R,HALEVI S,KATZ J.Chosen-ciphertext security from identity-based encryption[C]//The Advances in Cryptology Eurocrypt.Springer,2004:207-222.
[12]LING C,NEWPORT C.Provably secure ciphertext policy abe[C]//The14th ACM Conference on Computer and Communications Security.ACM,2007:456-465.
[13]ZHAO J,FENG D G,ZHANG Z F.Attribute-based conditional proxy re-encryption with chosen-ciphertext security[C]//The Global Telecommunications Conference.IEEE,2010:1-6.
[14]LIANG X H,CAO Z F,LIN H,et al.Attribute based proxy re-encryption with delegating capabilities[C]//The 4th International Symposium on Information,Computer,and Communications Security.ACM,2009:276-286.
[15]LIANG K T,FANG L M,WONG D S,et al.A ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext security[C]//The 5th International Conference on Intelligent Networking and Collaborative Systems.IEEE,2013:552-559.
[16]LIANG K T,AU M H,LIU J K,et al.A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing[J].Future Generation Computers Systems,2015,52(C):95-108.
[17]LUO S,HU J B,CHEN Z.Ciphertext policy attribute-based proxy re-encryption[J].Information&Communications Security,2010,6476(4):401-415.
[18]LI J J,LIU Z H,ZU L H.Chosen-ciphertext secure multi-use unidirectional attribute-based proxy re-encryptions[C]//The Ninth Asia Joint Conference on Information Security.IEEE,2015:96-103.
[19]LUAN I,TANG Q,HARTEL P,et al.Efficient and provable secure ciphertext-policy attribute-based encryption schemes[C]//The 5th International Conference on Information Security Practice and Experience.Springer,2009:1-12.
[20]KAWAI Y.Outsourcing the re-encryption key generation:flexible ciphertext-policy attribute-based proxy re-encryption[C]//The Information Security Practice and Experience.Springer,2015:301-315.
[21]FU X B.Unidirectional proxy re-encryption for access structure transformation in attribute-based encryption schemes[J].International Journal of Network Security,2015,17(2):142-149.
[22]ZHANG Y H,LI J,CHEN X F,et al.Anonymous attribute-based proxy re-encryption for access control in cloud computing[J].Security&Communication Networks,2016,9(14):2397-2411.
[23]YIN H J,ZHANG L Y.Security analysis and improvement of an anonymous attribute-based proxy re-encryption[C]//The International Conference on Security,Privacy and Anonymity in Computation,Communication and Storage.Springer,2017:344-352.
[24]SEPEHRI M,TROMBETTA A.Secure and efficient data sharing with attribute-based proxy re-encryption scheme[C]//The 12th International Conference on Availability,Reliability and Security.ACM,2017:1-63.
[25]MA H,ZHANG R,WAN Z G,et al.Verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing[J].IEEE Transactions on Dependable&Secure Computing,2017,14(4):679-692.
[26]XIONG H,SUN J F.Comments on“verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing”[J].IEEE Transactions on Dependable&Secure Computing,2017,14(4):461-462.
[27]FENG X Y,LI C,LI D,et al.Fully secure hidden ciphertext policy attribute-based proxy re-encryption[C]//The International Conference on Information and Communications Security.Springer,2017:192-204.
[28]GE C,SUSILO W,FANG L,et al.A cca-secure key-policy attribute-based proxy re-encryption in the adaptive corruption model for dropbox data sharing system[J].Designs Codes&Cryptography,2018(1):1-17.
[29]YANG Y J,ZHU H Y,LU H B,et al.Cloud based data sharing with fine-grained proxy re-encryption[J].Pervasive and Mobile Computing,2016,28(C):122-134.
[30]XU P,CHEN H W,ZOU D Q,et al.Fine-grained and heterogeneous proxy re-encryption for secure cloud storage[J].Chinese Science Bulletin,2014,59(32):4201-4209.
[31]HUANG Q L,MA Z F,YANG Y X,et al.Improving security and efficiency for encrypted data sharing in online social networks[J].China Communications,2014,11(3):104-117.
[32]BENALOH J,LEICHTER J.Generalized secret sharing and monotone functions[C]//Advances in Cryptology.Springer,1990:27-35.
[33]GREEN M,HOHENBERGER S,WATERS B.Outsourcing the decryption of ABE ciphertexts[C]//The 20th Usenix Conference on Security.USENIX Association,2011:34.