改进的ABE在公有云存储访问控制中的研究
|
摘要
在云存储访问控制领域,属性基加密算法(attribute-based encryption,ABE)是一种极具应用前景的密码体制。ABE不仅可以保证云计算环境下的信息安全性,同时提供了灵活的访问控制机制。当前ABE在安全性上主要面临密钥托管问题(key escrow problem)的威胁,并且由于涉及大量双线性配对,在计算效率方面不尽如人意。设计了一种改进的ABE算法,通过私钥的分布式生成解决了密钥托管问题。同时改进的算法无需进行双线性配对,在计算效率上相比已有的ABE算法有所提升。通过将算法规约至计算Diffie-Hellman问题(compu-tational Diffie-Hellman problem,CDH)的难解性上,证明了该方案在随机预言机模型下能够抵抗选择密文攻击。
Attribute-based encryption(ABE) is a promising technique that provides not only data encryption but also flexible access control for cloud storage. Existing ABE schemes are mainly threatened by key escrow problem in terms of security, and are unacceptable in term of efficiency due to large bilinear pairing computation. To address these problems, an improved ABE is proposed. Owing to distributed generation of private keys, the key escrow problem is addressed. In addition, the improved ABE does not need any bilinear pairing computation. Compared with existing schemes, as a result, the computation overhead is reduced. By reduction to computational Diffie-Hellman assumption(CDH), the proposed scheme is proven to be secure against chosen ciphertext attacks in random oracle model.
Attribute-based encryption(ABE) is a promising technique that provides not only data encryption but also flexible access control for cloud storage. Existing ABE schemes are mainly threatened by key escrow problem in terms of security, and are unacceptable in term of efficiency due to large bilinear pairing computation. To address these problems, an improved ABE is proposed. Owing to distributed generation of private keys, the key escrow problem is addressed. In addition, the improved ABE does not need any bilinear pairing computation. Compared with existing schemes, as a result, the computation overhead is reduced. By reduction to computational Diffie-Hellman assumption(CDH), the proposed scheme is proven to be secure against chosen ciphertext attacks in random oracle model.
引文
[1] Su J S. Network technology of data center for cloud computing[J]. China Education Network, 2017(11):40-41.
[2] Su J S, Cao D, Wang X F, et al. Attribute-based encryption schemes[J]. Journal of Software, 2011, 22(6):1299-1315.
[3] Sahai A, Waters B. Fuzzy identity-based encryption[C]//LNCS 3494:Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques, Denmark, May 22-26, 2005. Berlin, Heidelberg:Springer, 2005:457-473.
[4] Bethencourt J, Sahai A, Waters B. Ciphertext-policy attributebased encryption[C]//Proceedings of the IEEE Symposium on Security and Privacy, Oakland, May 20-23, 2007.Washington:IEEE Computer Society, 2007:321-334.
[5] Yan X X, Meng H. Ciphertext policy attribute-based encryption scheme supporting direct revocation[J]. Journal of Communications, 2016, 37(5):44-50.
[6] Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, Oct 30-Nov 3, 2006.New York:ACM, 2006:89-98.
[7] Zhang M Q, Du W D, Yang X Y, et al. A fully secure KPABE scheme in the standard model[J]. Journal of Computer Research and Development, 2015, 52(8):1893-1901.
[8] Chase M, Chow S S M. Improving privacy and security in multi-authority attribute-based encryption[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, Nov 9-13, 2009. New York:ACM,2009:121-130.
[9] Hur J. Improving security and efficiency in attribute-based data sharing[J]. IEEE Transactions on Knowledge&Data Engineering, 2013, 25(10):2271-2282.
[10] Zhang X, Wen Z L, Shen Q N, et al. Accountable attributebased encryption scheme without key escrow[J]. Journal of Computer Research and Development, 2015, 52(10):2293-2303.
[11] Karati A, Amin R, Biswas G P. Provably secure thresholdbased ABE scheme without bilinear map[J]. Arabian Journal for Science&Engineering, 2016, 41(8):3201-3213.
[12] Lin G F, Hong H S, Sun Z X. A collaborative key management protocol in ciphertext policy attribute-based encryption for cloud data sharing[J]. IEEE Access, 2017, 5:9464-9475.
[13] Chow S S M. Removing escrow from identity-based encryption[C]//LNCS 5443:Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography, Irvine, Mar 18-20, 2009. Berlin, Heidelberg:Springer,2009:256-276.
[14] Zhao C A, Zhang F G. Research and development on efficient pairing computations[J]. Journal of Software, 2009, 20(11):3001-3009.
[15] Cui Y, Song J, Miao C C, et al. Mobile cloud computing research progress and trends[J]. Chinese Journal of Computers,2017, 40(2):273-295.
[16] Li Q, Ma J F, Xiong J B, et al. An adaptively secure multiauthority ciphertext-policy ABE scheme on prime order groups[J]. Acta Electronica Sinica, 2014, 42(4):696-702.
[17] Zhang K, Ma J F, Liu J J, et al. Adaptively secure multiauthority attribute-based encryption with verifiable outsourced decryption[J]. Science China Information Sciences, 2016,59(9):99105.
[18] Qin B, Deng H, Wu Q H, et al. Flexible attribute-based encryption applicable to secure e-healthcare records[J]. International Journal of Information Security, 2015, 14(6):499-511.
[19] Bao F, Deng R H, Zhu H F. Variations of Diffie-Hellman problem[C]//LNCS 2836:Proceedings of the 5th International Conference on Information and Communications Security, Huhehaote, Oct 10-13, 2003. Berlin, Heidelberg:Springer, 2003:301-312.
[20] Coron J S. On the exact security of full domain hash[C]//LNCS 1880:Proceedings of the 20th Annual International Cryptology Conference, Santa Barbara, Aug 20-24, 2000.Berlin, Heidelberg:Springer, 2000:229-235.
[1]苏金树.面向云计算的数据中心网络技术[J].中国教育网络, 2017(11):40-41.
[2]苏金树,曹丹,王小峰,等.属性基加密机制[J].软件学报,2011, 22(6):1299-1315.
[5]闫玺玺,孟慧.支持直接撤销的密文策略属性基加密方案[J].通信学报, 2016, 37(5):44-50.
[7]张敏情,杜卫东,杨晓元,等.标准模型下全安全的密钥策略属性基加密方案[J].计算机研究与发展, 2015, 52(8):1893-1901.
[10]张星,文子龙,沈晴霓,等.可追责并解决密钥托管问题的属性基加密方案[J].计算机研究与发展, 2015, 52(10):2293-2303.
[14]赵昌安,张方国.双线性对有效计算研究进展[J].软件学报, 2009, 20(11):3001-3009.
[15]崔勇,宋健,缪葱葱,等.移动云计算研究进展与趋势[J].计算机学报, 2017, 40(2):273-295.
[16]李琦,马建峰,熊金波,等.一种素数阶群上构造的自适应安全的多授权机构CP-ABE方案[J].电子学报, 2014, 42(4):696-702.
[2] Su J S, Cao D, Wang X F, et al. Attribute-based encryption schemes[J]. Journal of Software, 2011, 22(6):1299-1315.
[3] Sahai A, Waters B. Fuzzy identity-based encryption[C]//LNCS 3494:Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques, Denmark, May 22-26, 2005. Berlin, Heidelberg:Springer, 2005:457-473.
[4] Bethencourt J, Sahai A, Waters B. Ciphertext-policy attributebased encryption[C]//Proceedings of the IEEE Symposium on Security and Privacy, Oakland, May 20-23, 2007.Washington:IEEE Computer Society, 2007:321-334.
[5] Yan X X, Meng H. Ciphertext policy attribute-based encryption scheme supporting direct revocation[J]. Journal of Communications, 2016, 37(5):44-50.
[6] Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, Oct 30-Nov 3, 2006.New York:ACM, 2006:89-98.
[7] Zhang M Q, Du W D, Yang X Y, et al. A fully secure KPABE scheme in the standard model[J]. Journal of Computer Research and Development, 2015, 52(8):1893-1901.
[8] Chase M, Chow S S M. Improving privacy and security in multi-authority attribute-based encryption[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, Nov 9-13, 2009. New York:ACM,2009:121-130.
[9] Hur J. Improving security and efficiency in attribute-based data sharing[J]. IEEE Transactions on Knowledge&Data Engineering, 2013, 25(10):2271-2282.
[10] Zhang X, Wen Z L, Shen Q N, et al. Accountable attributebased encryption scheme without key escrow[J]. Journal of Computer Research and Development, 2015, 52(10):2293-2303.
[11] Karati A, Amin R, Biswas G P. Provably secure thresholdbased ABE scheme without bilinear map[J]. Arabian Journal for Science&Engineering, 2016, 41(8):3201-3213.
[12] Lin G F, Hong H S, Sun Z X. A collaborative key management protocol in ciphertext policy attribute-based encryption for cloud data sharing[J]. IEEE Access, 2017, 5:9464-9475.
[13] Chow S S M. Removing escrow from identity-based encryption[C]//LNCS 5443:Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography, Irvine, Mar 18-20, 2009. Berlin, Heidelberg:Springer,2009:256-276.
[14] Zhao C A, Zhang F G. Research and development on efficient pairing computations[J]. Journal of Software, 2009, 20(11):3001-3009.
[15] Cui Y, Song J, Miao C C, et al. Mobile cloud computing research progress and trends[J]. Chinese Journal of Computers,2017, 40(2):273-295.
[16] Li Q, Ma J F, Xiong J B, et al. An adaptively secure multiauthority ciphertext-policy ABE scheme on prime order groups[J]. Acta Electronica Sinica, 2014, 42(4):696-702.
[17] Zhang K, Ma J F, Liu J J, et al. Adaptively secure multiauthority attribute-based encryption with verifiable outsourced decryption[J]. Science China Information Sciences, 2016,59(9):99105.
[18] Qin B, Deng H, Wu Q H, et al. Flexible attribute-based encryption applicable to secure e-healthcare records[J]. International Journal of Information Security, 2015, 14(6):499-511.
[19] Bao F, Deng R H, Zhu H F. Variations of Diffie-Hellman problem[C]//LNCS 2836:Proceedings of the 5th International Conference on Information and Communications Security, Huhehaote, Oct 10-13, 2003. Berlin, Heidelberg:Springer, 2003:301-312.
[20] Coron J S. On the exact security of full domain hash[C]//LNCS 1880:Proceedings of the 20th Annual International Cryptology Conference, Santa Barbara, Aug 20-24, 2000.Berlin, Heidelberg:Springer, 2000:229-235.
[1]苏金树.面向云计算的数据中心网络技术[J].中国教育网络, 2017(11):40-41.
[2]苏金树,曹丹,王小峰,等.属性基加密机制[J].软件学报,2011, 22(6):1299-1315.
[5]闫玺玺,孟慧.支持直接撤销的密文策略属性基加密方案[J].通信学报, 2016, 37(5):44-50.
[7]张敏情,杜卫东,杨晓元,等.标准模型下全安全的密钥策略属性基加密方案[J].计算机研究与发展, 2015, 52(8):1893-1901.
[10]张星,文子龙,沈晴霓,等.可追责并解决密钥托管问题的属性基加密方案[J].计算机研究与发展, 2015, 52(10):2293-2303.
[14]赵昌安,张方国.双线性对有效计算研究进展[J].软件学报, 2009, 20(11):3001-3009.
[15]崔勇,宋健,缪葱葱,等.移动云计算研究进展与趋势[J].计算机学报, 2017, 40(2):273-295.
[16]李琦,马建峰,熊金波,等.一种素数阶群上构造的自适应安全的多授权机构CP-ABE方案[J].电子学报, 2014, 42(4):696-702.