支持隐私保护的多机构属性基加密方案
|
摘要
针对云环境中用户敏感信息的保护,提出一种支持隐私保护的多机构属性基加密(attribute based encryption,ABE)方案.该方案采用半策略隐藏方式,将属性分为属性名和属性值2部分,通过对用户的属性值进行隐藏,实现对用户的隐私保护,避免用户的具体属性值泄露给其他任何第三方.另外,加密时仅对与访问策略相关的属性名进行加密,而不是对系统所有属性进行加密,改变了已有的隐私保护属性基加密方式,大大减短了密文长度.方案的安全性依赖于DBDH假设,并且在标准模型下满足自适应选择明文攻击安全.同时,通过与其他方案的对比,方案计算代价和存储代价都有明显优势,尤其是密文长度仅与访问策略设置的属性相关,更加适用于实际应用中用户属性规模远远小于系统属性规模的情况.
Attribute based encryption(ABE)is a new cryptographic technique which guarantees finegrained access control of outsourced encrypted data in the cloud.In order to protect the users'sensitive information in the cloud,a multi-authority attribute based encryption(MA-ABE)scheme with privacy protection is proposed.In the scheme,the users'attribute is divided into two parts:the attribute name and the attribute value.The value of user's attributes would be hidden in the access structure to prevent from revealing to any third parties,so the users'privacy will be effectively preserved.In addition,the attribute name is used to construct the access structure,and the length of our ciphertext is associated with the number of attribute name which belongs to the access policy,rather than the all attributes in the system.Besides,the scheme is secure against chosen plaintext attack under the decision bilinear Diffie-Hellman(DBDH)assumption in the standard model.Compared with the existing related schemes,the size of ciphertext and users'secret key in the scheme are all reduced,and the lower computing cost and storage cost makes the scheme more effective in the practical application,especially the condition in which the scale of user attributes is far smaller than the scale of system attributes.
Attribute based encryption(ABE)is a new cryptographic technique which guarantees finegrained access control of outsourced encrypted data in the cloud.In order to protect the users'sensitive information in the cloud,a multi-authority attribute based encryption(MA-ABE)scheme with privacy protection is proposed.In the scheme,the users'attribute is divided into two parts:the attribute name and the attribute value.The value of user's attributes would be hidden in the access structure to prevent from revealing to any third parties,so the users'privacy will be effectively preserved.In addition,the attribute name is used to construct the access structure,and the length of our ciphertext is associated with the number of attribute name which belongs to the access policy,rather than the all attributes in the system.Besides,the scheme is secure against chosen plaintext attack under the decision bilinear Diffie-Hellman(DBDH)assumption in the standard model.Compared with the existing related schemes,the size of ciphertext and users'secret key in the scheme are all reduced,and the lower computing cost and storage cost makes the scheme more effective in the practical application,especially the condition in which the scale of user attributes is far smaller than the scale of system attributes.
引文
[1]Sahai A,Waters B.Fuzzy identity-based encryption[C]//Proc of the 24th Int Conf on Theory and Applications of Cryptographic Techniques.Berlin:Springer,2005:457-473
[2]Chase M.Multi-authority attribute based encryption[C]//Proc of Theory of Cryptography Conf.Berlin:Springer,2007:515-534
[3]Lin Huang,Cao Zhenfu,Liang Xiaohui,et al.Secure threshold multi-authority attribute based encryption without a central authority[C]//Proc of Int Conf on Cryptology in India.Berlin:Springer,2008:426-436
[4]Müller S,Katzenbeissior S,Eckert C.On multi-authority ciphertext-policy attribute-based encryption[J].Bulletin of the Korean Mathematical Society,2009,46(4):803-819
[5]Chase M,Chow S S.Improving privacy and security in multi-authority attribute-based encryption[C]//Proc of the16th ACM Conf of Computer and Communication Security.New York:ACM,2009:121-130
[6]Lewko A,Waters B.Decentralizing attribute-based encryption[G]//LNCS 6632:Proc of the 30th Int Conf on Theory and Applications of Cryptographic Techniques.Berlin:Springer,2011:568-588
[7]Xhafa F,Feng Jianglang,Zhang Yinghui,et al.Privacyaware attribute-based PHR sharing with user accountability in cloud computing[J].Journal of Supercomputing,2015,71(5):1607-1619
[8]Han Jinguang,Susilo W,Mu Yi,et al.Improving privacy and security in decentralized ciphertext-policy attribute-based encryption[J].IEEE Trans on Information Forensics and Security,2015,10(3):665-678
[9]Wang Minqian,Zhang Zhenfeng,Chen Cheng.Security analysis of a privacy-preserving decentralized ciphertextpolicy attribute-based encryption scheme[J].Concurrency &Computation Practice &Experience,2016,28(4):1237-1245
[10]Qian Huiling,Li Jiguo,Zhang Yichen,et al.Privacypreserving personal health record using multi-authority attribute-based encryption with revocation[J].International Journal of Information Security,2015,14(6):487-497
[11]Guan Zhitao,Yang Tingting,Xu Ruzhi,et al.Multiauthority attribute-based encryption access control model for cloud storage[J].Journal on Communications,2015,36(6):116-126(in Chinese)(关志涛,杨亭亭,徐茹枝,等.面向云存储的基于属性加密的多授权中心访问控制方案[J].通信学报,2015,36(6):116-126)
[12]Tao Qi,Huang Xiaofang.Multi-authority ciphertext-policy attribute-based encryption scheme[J].Journal of Wuhan University:Nature Science,2015,61(6):545-548(in Chinese)(陶启,黄晓芳.基于密文策略多机构属性基加密方案[J].武汉大学学报:理学版,2015,61(6):545-548)
[13]Wu Guangqiang.Multi-authority CP-ABE with policy update in cloud storage[J].Journal of Computer Research and Development,2016,53(10):2393-2399(in Chinese)(吴光强.适合云存储的访问策略可更新多中心CP-ABE方案[J].计算机研究与发展,2016,53(10):2393-2399)
[14]Lai Junzuo,Deng Huijie,Li Yingjiu.Expressive CP-ABE with partially hidden access structures[C]//Proc of the 7th ACM Symp on Information,Computer and Communications Security.New York:ACM,2012:18-19
[15]Ibraimi L,Tang Qiang,Hartal P.Efficient and provable secure ciphertext-policy attribute-based encryption schemes[C]//Proc of the 5th Int Conf on Information Security Practice and Experience.Berlin:Springer,2009:1-12
[2]Chase M.Multi-authority attribute based encryption[C]//Proc of Theory of Cryptography Conf.Berlin:Springer,2007:515-534
[3]Lin Huang,Cao Zhenfu,Liang Xiaohui,et al.Secure threshold multi-authority attribute based encryption without a central authority[C]//Proc of Int Conf on Cryptology in India.Berlin:Springer,2008:426-436
[4]Müller S,Katzenbeissior S,Eckert C.On multi-authority ciphertext-policy attribute-based encryption[J].Bulletin of the Korean Mathematical Society,2009,46(4):803-819
[5]Chase M,Chow S S.Improving privacy and security in multi-authority attribute-based encryption[C]//Proc of the16th ACM Conf of Computer and Communication Security.New York:ACM,2009:121-130
[6]Lewko A,Waters B.Decentralizing attribute-based encryption[G]//LNCS 6632:Proc of the 30th Int Conf on Theory and Applications of Cryptographic Techniques.Berlin:Springer,2011:568-588
[7]Xhafa F,Feng Jianglang,Zhang Yinghui,et al.Privacyaware attribute-based PHR sharing with user accountability in cloud computing[J].Journal of Supercomputing,2015,71(5):1607-1619
[8]Han Jinguang,Susilo W,Mu Yi,et al.Improving privacy and security in decentralized ciphertext-policy attribute-based encryption[J].IEEE Trans on Information Forensics and Security,2015,10(3):665-678
[9]Wang Minqian,Zhang Zhenfeng,Chen Cheng.Security analysis of a privacy-preserving decentralized ciphertextpolicy attribute-based encryption scheme[J].Concurrency &Computation Practice &Experience,2016,28(4):1237-1245
[10]Qian Huiling,Li Jiguo,Zhang Yichen,et al.Privacypreserving personal health record using multi-authority attribute-based encryption with revocation[J].International Journal of Information Security,2015,14(6):487-497
[11]Guan Zhitao,Yang Tingting,Xu Ruzhi,et al.Multiauthority attribute-based encryption access control model for cloud storage[J].Journal on Communications,2015,36(6):116-126(in Chinese)(关志涛,杨亭亭,徐茹枝,等.面向云存储的基于属性加密的多授权中心访问控制方案[J].通信学报,2015,36(6):116-126)
[12]Tao Qi,Huang Xiaofang.Multi-authority ciphertext-policy attribute-based encryption scheme[J].Journal of Wuhan University:Nature Science,2015,61(6):545-548(in Chinese)(陶启,黄晓芳.基于密文策略多机构属性基加密方案[J].武汉大学学报:理学版,2015,61(6):545-548)
[13]Wu Guangqiang.Multi-authority CP-ABE with policy update in cloud storage[J].Journal of Computer Research and Development,2016,53(10):2393-2399(in Chinese)(吴光强.适合云存储的访问策略可更新多中心CP-ABE方案[J].计算机研究与发展,2016,53(10):2393-2399)
[14]Lai Junzuo,Deng Huijie,Li Yingjiu.Expressive CP-ABE with partially hidden access structures[C]//Proc of the 7th ACM Symp on Information,Computer and Communications Security.New York:ACM,2012:18-19
[15]Ibraimi L,Tang Qiang,Hartal P.Efficient and provable secure ciphertext-policy attribute-based encryption schemes[C]//Proc of the 5th Int Conf on Information Security Practice and Experience.Berlin:Springer,2009:1-12