云环境下SNS隐私保护方案
|
摘要
社交网络存储的数据实际都是外包给并不完全可信的云服务商。针对社交网络隐私安全和属性更新问题,提出一种云环境中具有策略隐藏和属性撤销的属性基加密方案。通过分解密钥产生方式降低用户端的计算量,引入合数阶的双线性群实现访问策略隐藏,并利用令牌树和陷门机制灵活且高效地完成属性撤销。而且,该方案在标准假设下可被证明是安全的。因此,将该方案运用于社交网络,将数据加密存储于云服务端是安全可行的。与其他方案相比,该方案既保护了访问策略的隐私,又具有多样的访问控制功能,在计算和存储等方面更有优势。
In reality,data stored on social networks are often outsourced to the untrusted cloud services providers.Aiming at the problems of privacy and attribute updating of social network,an attribute-based encryption scheme with hidden policy and attribute revocation in cloud environment was proposed.This scheme reduces the computation of client by breaking down the way of key generation.Moreover,the policy is hidden by using the composite order bilinear groups,and a mechanism with token tree and attribute trapdoor is used to achieve an efficient and flexible attribute revocation.In addition,the scheme is proved to be secure under the standard assumption.So,using this encryption in social network service to encrypt data to cloud servers is safe and feasible.Compared to other related works,this scheme protects the privacy of access policy and gives a better performance in computing and storage with access control functions.
In reality,data stored on social networks are often outsourced to the untrusted cloud services providers.Aiming at the problems of privacy and attribute updating of social network,an attribute-based encryption scheme with hidden policy and attribute revocation in cloud environment was proposed.This scheme reduces the computation of client by breaking down the way of key generation.Moreover,the policy is hidden by using the composite order bilinear groups,and a mechanism with token tree and attribute trapdoor is used to achieve an efficient and flexible attribute revocation.In addition,the scheme is proved to be secure under the standard assumption.So,using this encryption in social network service to encrypt data to cloud servers is safe and feasible.Compared to other related works,this scheme protects the privacy of access policy and gives a better performance in computing and storage with access control functions.
引文
[1] NING J T,CAO Z F,DONG X L,et al.Auditableσ-Time Outsourced Attribute-Based Encryption for Access Control in Cloud Computing[J].IEEE Transactions on Information Forensics and Security,2018,13(1):94-105.
[2] LI J G,YAO W,ZHANG Y C,et al.Flexible and fine-grained attribute-based data storage in cloud computing[J].IEEE Transactions on Services Computing,2017,10(5):785-796.
[3] HU X P,CHU T H S,LEUNG V C M,et al.A Survey on Mobile Social Networks:Applications,Platforms,System Architectures,and Future Research Directions[J].IEEE Communication Surveys&Tutorials,2015,17(3):1557-1581.
[4] SAHAI A,WATERS B.Fuzzy identity-based encryption[C]∥International Conference on Tecony&Applications of Cryptographic Techniques.2005:457-473.
[5] ZHU Y Q,LI D Y,YAN R D,et al.Maximizing the Influence and Profit in Social Networks[J].IEEE Transactions on Computational Social Systems,2017,4(3):54-64.
[6] DEEPALI V,DEEPALI N.Privacy preservation in SMAC-social networking,mobile network,analytics and cloud computing[C]∥2017International Conference on I-SMAC(IoT in Social,Mobile,Analytics and Cloud)(I-SMAC).Palladam,India:IEEE,2017:801-807.
[7] LI J,YAN H,LIU Z,et al.Location-Sharing Systems With Enhanced Privacy in Mobile Online Social Networks[J].IEEE Systems Journal,2017,11(2):439-448.
[8] FAN K,TIAN Q,WANG J X,et al.Privacy protection based access control scheme in cloud-based services[J].China Communications,2017,14(1):61-71.
[9] JAHID S,MITTAL P,BORISOV N.EASiER:encryption-based access control in social networks with efficient revocation[C]∥Proceedings of the 6th ACM Symposium on Information,Computer and Communications Security(ASIACCS 2011).Hong Kong,China:ACM,2011:411-415.
[10]RUJ S,STOJMENOVIC M,NAYAK A.Decentralized access control with anonymous authentication of data stored in clouds[J].IEEE Transactions on Parallel and Distributed Systems,2014,25(2):384-394.
[11]HUR J,KANG K.Secure data retrieval for decentralized disruption-tolerant military networks[J].IEEE/ACM Transactions on Networking,2014,22(1):16-26.
[12]WATERS B.Ciphertext-policy attribute-based encryption:An expressive,efficient,and provably secure realization[C]∥Public Key Cryptography-PKC 2011.Berlin Heidelberg:Springer,2011:53-70.
[13]WAN Z,LIU J E,DENG R H.HASBE:a hierarchical attributebased solution for flexible and scalable access control in cloud computing[J].Information Forensics and Security,2012,7(2):743-754.
[14]CHEN Y L,SONG L L,YANG G.Efficient Access Control Scheme Combining CP-ABE and SD in Cloud Computing[J].Computer Science,2014,41(9):152-157,168.(in Chinese)陈燕俐,宋玲玲,杨庚.基于CP-ABE和SD的高效云计算访问控制方案[J].计算机科学,2014,41(9):152-157,168.
[15]ZHOU Z,HUANG D,WANG Z.Efficient Privacy-Preserving Ciphertext-Policy Attribute Based-Encryption and Broadcast Encryption[J].IEEE Transactions on Computers,2015,1(64):126-138.
[16]LV Z Q,HONG C,ZHANG M,et al.Privacy-perserving scheme for social networks[J].Journal on Communications,2014,35(8):23-32.(in Chinese)吕志泉,洪澄,张敏,等.面向社交网络的隐私保护方案[J].通信学报,2014,35(8):23-32.
[17]ZHOU S G,DU R Y,CHEN J,et al.FACOR:flexible access control with outsourceable revocation in mobile clouds[J].China Communications,2016,13(4):136-150.
[18]TRAN V X P,YANG G M,SUSILO W.Hidden Ciphertext Policy Attribute-Based Encryption Under Standard Assumptions[J].IEEE Transactions on Information Forensics and Security,2016,11(1):35-45.
[2] LI J G,YAO W,ZHANG Y C,et al.Flexible and fine-grained attribute-based data storage in cloud computing[J].IEEE Transactions on Services Computing,2017,10(5):785-796.
[3] HU X P,CHU T H S,LEUNG V C M,et al.A Survey on Mobile Social Networks:Applications,Platforms,System Architectures,and Future Research Directions[J].IEEE Communication Surveys&Tutorials,2015,17(3):1557-1581.
[4] SAHAI A,WATERS B.Fuzzy identity-based encryption[C]∥International Conference on Tecony&Applications of Cryptographic Techniques.2005:457-473.
[5] ZHU Y Q,LI D Y,YAN R D,et al.Maximizing the Influence and Profit in Social Networks[J].IEEE Transactions on Computational Social Systems,2017,4(3):54-64.
[6] DEEPALI V,DEEPALI N.Privacy preservation in SMAC-social networking,mobile network,analytics and cloud computing[C]∥2017International Conference on I-SMAC(IoT in Social,Mobile,Analytics and Cloud)(I-SMAC).Palladam,India:IEEE,2017:801-807.
[7] LI J,YAN H,LIU Z,et al.Location-Sharing Systems With Enhanced Privacy in Mobile Online Social Networks[J].IEEE Systems Journal,2017,11(2):439-448.
[8] FAN K,TIAN Q,WANG J X,et al.Privacy protection based access control scheme in cloud-based services[J].China Communications,2017,14(1):61-71.
[9] JAHID S,MITTAL P,BORISOV N.EASiER:encryption-based access control in social networks with efficient revocation[C]∥Proceedings of the 6th ACM Symposium on Information,Computer and Communications Security(ASIACCS 2011).Hong Kong,China:ACM,2011:411-415.
[10]RUJ S,STOJMENOVIC M,NAYAK A.Decentralized access control with anonymous authentication of data stored in clouds[J].IEEE Transactions on Parallel and Distributed Systems,2014,25(2):384-394.
[11]HUR J,KANG K.Secure data retrieval for decentralized disruption-tolerant military networks[J].IEEE/ACM Transactions on Networking,2014,22(1):16-26.
[12]WATERS B.Ciphertext-policy attribute-based encryption:An expressive,efficient,and provably secure realization[C]∥Public Key Cryptography-PKC 2011.Berlin Heidelberg:Springer,2011:53-70.
[13]WAN Z,LIU J E,DENG R H.HASBE:a hierarchical attributebased solution for flexible and scalable access control in cloud computing[J].Information Forensics and Security,2012,7(2):743-754.
[14]CHEN Y L,SONG L L,YANG G.Efficient Access Control Scheme Combining CP-ABE and SD in Cloud Computing[J].Computer Science,2014,41(9):152-157,168.(in Chinese)陈燕俐,宋玲玲,杨庚.基于CP-ABE和SD的高效云计算访问控制方案[J].计算机科学,2014,41(9):152-157,168.
[15]ZHOU Z,HUANG D,WANG Z.Efficient Privacy-Preserving Ciphertext-Policy Attribute Based-Encryption and Broadcast Encryption[J].IEEE Transactions on Computers,2015,1(64):126-138.
[16]LV Z Q,HONG C,ZHANG M,et al.Privacy-perserving scheme for social networks[J].Journal on Communications,2014,35(8):23-32.(in Chinese)吕志泉,洪澄,张敏,等.面向社交网络的隐私保护方案[J].通信学报,2014,35(8):23-32.
[17]ZHOU S G,DU R Y,CHEN J,et al.FACOR:flexible access control with outsourceable revocation in mobile clouds[J].China Communications,2016,13(4):136-150.
[18]TRAN V X P,YANG G M,SUSILO W.Hidden Ciphertext Policy Attribute-Based Encryption Under Standard Assumptions[J].IEEE Transactions on Information Forensics and Security,2016,11(1):35-45.