摘要
在云存储由第三方服务商提供的今天,基于属性的加密(ABE)技术是解决数据保护和访问控制问题的首选。虽然ABE可在每个数据项级别控制数据访问,但在动态属性撤销方面依然有实际应用的局限性。本文提出一种具有用户隐私保护的ABE通用属性撤销系统。该系统基于ABE技术,可用于原本基于ABE加密的应用场景,并可通过动态撤销应用系统中任意数量的属性,实现对数据的访问控制和安全保护。
Attribute-based encryption(ABE) has been a preferred encryption technology to solve the problems of data protection and access control, especially when the cloud storage is provided by third-party service providers.ABE can put data access under control at each data item level. However, ABE schemes have practical limitations on dynamic attribute revocation. We propose a generic attribute revocation system for ABE with user privacy protection. The attribute revocation ABE(AR-ABE) system can work with any type of ABE scheme to dynamically revoke any number of attributes.
引文
Au MH,Tsang PP,Susilo W,et al.,2009.Dynamic universal accumulators for DDH groups and their application to attribute-based anonymous credential systems.In:Fischlin M(Ed.),Topics in Cryptology-CT-RSA.Springer Berlin,Germany,5473:295-308.https://doi.org/10.1007/978-3-642-00862-7_20
Bethencourt J,Sahai A,Waters B,2007.Ciphertext-policy attribute-based encryption.Proc IEEE Symp on Security and Privacy,p.321-334.https://doi.org/10.1109/SP.2007.11
Boneh D,1998.The decision Diffie-Hellman problem.3rd Algorithmic Number Theory Symp,1423:48-63.https://doi.org/10.1007/BFb0054851
Boneh D,Boyen X,Shacham H,2004.Short group signatures.In:Franklin M(Ed.),Advances in CryptologyCRYPTO.Springer Berlin,Germany,3152:227-242.https://doi.org/10.1007/978-3-540-28628-8_3
Carroll M,van der Merwe A,KotzéP,2011.Secure cloud computing:benefits,risks and controls.Information Security South Africa,p.1-9.https://doi.org/10.1109/ISSA.2011.6027519
Chen GL,Xu ZQ,Jiang H,et al.,2018.Generic user revocation systems for attribute-based encryption in cloud storage.Front Inform Technol Electron Eng,19(11):1362-1384.https://doi.org/10.1631/FITEE.1800405
Gibson J,Rondeau R,Eveleig D,et al.,2012.Benefits and challenges of three cloud computing service models.4th Int Conf on Computational Aspects of Social Networks,p.198-205.https://doi.org/10.1109/CASoN.2012.6412402
Hur J,Noh DK,2011.Attribute-based access control with efficient revocation in data outsourcing systems.IEEETrans Parall Distrib Syst,22(7):1214-1221.https://doi.org/10.1109/TPDS.2010.203
Imine Y,Lounis A,Bouabdallah A,2017.Immediate attribute revocation in decentralized attribute-based encryption access control.IEEE Trustcom/BigDataSE/ICESS,p.33-40.https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.217
Joux A,2000.A one round protocol for tripartite DiffieHellman.In:Bosma W(Ed.),Algorithmic Number Theory.Springer Berlin,Germany,1838:385-393.https://doi.org/10.1007/10722028_23
Joux A,Nguyen K,2003.Separating decision DiffieHellman from computational Diffie-Hellman in cryptographic groups.J Cryptol,16(4):239-247.https://doi.org/10.1007/s00145-003-0052-4
Katz J,Lindell Y,2014.Introduction to Modern Cryptography(2ndEd.).Chapman and Hall/CRC,Boca Raton,America.
McCurley KS,1990.The discrete logarithm problem.Proc Symp in Applied Mathematics,p.49-74.
Menezes A,Okamoto T,Vanstone SA,1993.Reducing elliptic curve logarithms to logarithms in a finite field.IEEE Trans Inform Theory,39(5):1636-1646.https://doi.org/10.1109/18.259647
Miller HG,Veiga J,2009.Cloud computing:will commodity services benefit users long term?IT Prof,11(6):57-59.https://doi.org/10.1109/MITP.2009.117
Naruse T,Mohri M,Shiraishi Y,2014.Attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating.In:Park J,Stojmenovic I,Choi M,et al.(Eds.),Future Information Technology.Springer Berlin Heidelberg,276:119-125.https://doi.org/10.1007/978-3-642-40861-8_18
Sahai A,Waters B,2005.Fuzzy identity-based encryption.In:Cramer R(Ed.),Advances in CryptologyEUROCRYPT.Springer Berlin,Germany,3494:457-473.https://doi.org/10.1007/11426639_27
Verheul ER,2001.Self-blindable credential certificates from the weil pairing.In:Boyd C(Ed.),Advances in Cryptology-ASIACRYPT.Springer Berlin,Germany,2248:533-551.https://doi.org/10.1007/3-540-45682-1_31
Wang PP,Feng DG,Zhang LW,2011.Towards attribute revocation in key-policy attribute based encryption.In:Lin D,Tsudik G,Wang X(Eds.),Cryptology and Network Security.Springer Berlin,Germany,7092:272-291.https://doi.org/10.1007/978-3-642-25513-7_19
Xie XX,Ma H,Li J,et al.,2013.New ciphertext-policy attribute-based access control with efficient revocation.In:Mustofa K,Neuhold EJ,Tjoa AM,et al.(Eds.),Information and Communication Technology.Springer Berlin,Germany,7804:373-382.https://doi.org/10.1007/978-3-642-36818-9_41
Xue L,Yu Y,Li YN,et al.,2018.Efficient attribute-based encryption with attribute revocation for assured data deletion.Inform Sci,479:640-650.https://doi.org/10.1016/j.ins.2018.02.015
Yang K,Jia XH,Ren K,2013.Attribute-based fine-grained access control with efficient revocation in cloud storage systems.Proc 8thACM SIGSAC Symp on Information,Computer and Communications Security,p.523-528.https://doi.org/10.1145/2484313.2484383
Yu SC,Wang C,Ren K,et al.,2010.Attribute based data sharing with attribute revocation.Proc 5thACMSymp on Information,Computer and Communications Security,p.261-270.https://doi.org/10.1145/1755688.1755720