支持云代理重加密的CP-ABE方案
A CP-ABE Scheme with Cloud Proxy Re-Encryption
- 电子学报 2023年51卷第3期 页码:728-735
- 作者机构:
1.四川师范大学计算机科学学院,四川成都 610101
2.电子科技大学网络与数据安全四川省重点实验室,四川成都 610054
3.中国电子科技集团公司第30研究所,四川成都 610041
- 作者简介:
[ "赵开强 男, 1996年01月出生于四川省巴中市.四川师范大学在读研究生.研究方向为信息安全与云计算.E-mail: 18483621260@163.com" ]
康萍 女, 1998年03月出生于四川省南充市.四川师范大学在读研究生.研究方向为信息安全与云计算.E-mail: iskangping@foxmail.com
刘彬 男, 1996年10月出生于四川省宜宾市.四川师范大学在读研究生.研究方向为区块链、联邦学习与信息安全.E-mail: liubin10@foxmail.com
郭真 女, 1997年09月出生于四川省成都市.四川师范大学在读研究生.研究方向为信息安全与云计算.E-mail: ssbguo@foxmail.com
[ "冯朝胜(通讯作者) 男, 1971年01月出生于四川省广元市.教授、 硕士生导师.研究方向为云计算安全.E-mail: csfenggy@163.com" ]
[ "卿昱 女, 1970出生于四川,中国电子科技集团公司第三十研究所研究员,硕士生导师.研究方向为网络与信息安全." ]
- 基金信息:国家自然科学基金(61373163);国防科技重点实验室基金(6142103010709)
DOI:10.12263/DZXB.20210445
中图分类号: TP309.2收稿:2021-04-07,
修回:2022-04-10,
纸质出版:2023-03-25
- 稿件说明:
移动端阅览
赵开强,康萍,刘彬等.支持云代理重加密的CP-ABE方案[J].电子学报,2023,51(03):728-735.
ZHAO Kai-qiang,KANG Ping,LIU Bin,et al.A CP-ABE Scheme with Cloud Proxy Re-Encryption[J].ACTA ELECTRONICA SINICA,2023,51(03):728-735.
赵开强,康萍,刘彬等.支持云代理重加密的CP-ABE方案[J].电子学报,2023,51(03):728-735. DOI: 10.12263/DZXB.20210445.
ZHAO Kai-qiang,KANG Ping,LIU Bin,et al.A CP-ABE Scheme with Cloud Proxy Re-Encryption[J].ACTA ELECTRONICA SINICA,2023,51(03):728-735. DOI: 10.12263/DZXB.20210445.
摘要
针对现有的面向CP-ABE(Ciphertext-Policy Attribute-Based Encryption)的代理重加密方案因代理方可以解密代理重加密密文且可以任意修改访问策略而难以支持云代理重加密的问题,本文提出支持云代理重加密的CP-ABE方案即CP-ABE-CPRE(CP-ABE Scheme with Cloud Proxy Re-Encryption)方案.该方案利用版本号标识不同阶段的私钥和密文来支持属性撤销,只有在用户私钥版本号和密文版本号相匹配且用户属性满足访问策略时,用户才能解密密文.当撤销用户属性时,云服务器无需修改访问策略就可以更新被撤销属性对应的保密值.该方案还通过懒惰更新和批量更新减少密文和用户私钥更新次数,提升更新效率.理论分析和实验结果分析都表明,CP-ABE-CPRE在计算开销和存储开销上均优于相关已有方案.安全性分析表明,CP-ABE-CPRE能够对抗针对性选择明文攻击(sCPA, selective Chosen Plaintext Attack).
Abstract
Aiming at the problem that the existing CP-ABE (Ciphertext-Policy Attribute-Based Encryption) proxy re-encryption scheme is difficult to support cloud proxy re-encryption because the proxy can decrypt the re-encrypted ciphertext and modify the access policy arbitrarily
we propose a CP-ABE-CPRE (CP-ABE Scheme with Cloud Proxy Re-Encryption) scheme. CP-ABE-CPRE supports attribute revocation by using version numbers to identify private key and ciphertext at different stages. Only when the user private key's edition number matches the ciphertext's and the user's attributes meet the access policy
the user can decrypt the ciphertext. When revoking an attribute
cloud can update the confidential data corresponding to the attribute needed revoking without modifying the access policy. Moreover
this scheme also reduces the number of ciphertext and user private key updates through lazy and batch updates
and improves update efficiency. Analysis of theoretical and experimental results both show that CP-ABE-CPRE is superior to related existing solutions in terms of computational and storage cost. And security analysis shows that CP-ABE-CPRE resists the selective chosen plaintext attack.
关键词
Keywords
references
SAHAI A , WATERS B . Fuzzy identity-based encryption [C]// Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques . Berlin : Springer , 2005 : 457 - 473 .
GOYAL V , PANDEY O , SAHAI A , et al . Attribute-based encryption for fine-grained access control of encrypted data [C]// Proceedings of the 13th ACM Conference On Computer And Communications Security . New York , ACM , 2006 : 89 - 98 .
BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption [C]// 2007 IEEE Symposium on Security and Privacy . Piscataway : IEEE , 2007 : 321 - 334 .
WATERS B . Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization [C]// International Workshop on Public Key Cryptography . Berlin, Heidelberg : Springer , 2011 : 53 - 70 .
BALU A , KUPPUSAMY K . An expressive and provably secure ciphertext-policy attribute-based encryption [J]. Information Sciences , 2014 , 276 : 354 - 362 .
LIANG X H , CAO Z F , LIN H , et al . Attribute based proxy re-encryption with delegating capabilities [C]// Proceedings of the 4th International Symposium on Information, Computer, and Communications Security . New York , ACM , 2009 : 276 - 286 .
LUO S , HU J B , CHEN Z . Ciphertext policy attribute-based proxy re-encryption [C]// International Conference on Information and Communications Security . Berlin, Heidelberg : Springer , 2010 : 401 - 415 .
LI J J , LIU Z H , ZU L H . Chosen-ciphertext secure multi-use unidirectional attribute-based proxy re-encryptions [C]// 2014 Ninth Asia Joint Conference on Information Security . Piscataway : IEEE , 2014 : 96 - 103 .
KAWAI Y . Outsourcing the re-encryption key generation: flexible ciphertext-policy attribute-based proxy re-encryption [M]// Information Security Practice and Experience . Cham : Springer International Publishing , 2015 : 301 - 315 .
LIANG K T , AU M H , LIU J K , et al . A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing [J]. Future Generation Computer Systems , 2015 , 52 : 95 - 108 .
LIANG K T , FANG L M , SUSILO W , et al . A ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext security [C]// 2013 5th International Conference on Intelligent Networking and Collaborative Systems . Piscataway : IEEE , 2013 : 552 - 559 .
杨贺昆 , 冯朝胜 , 晋云霞 , 等 . 支持可验证加解密外包的CP-ABE方案 [J]. 电子学报 , 2020 , 48 ( 8 ): 1545 - 1551 .
YANG H K , FENG C S , JIN Y X , et al . ACP-ABE scheme with verifiable outsourced encryption and decryption [J]. Acta Electronica Sinica , 2020 , 48 ( 8 ): 1545 - 1551 . (in Chinese)
ZENG P , CHOO K K R . A new kind of conditional proxy re-encryption for secure cloud storage [J]. IEEE Access , 2018 , 6 : 70017 - 70024 .
冯朝胜 , 罗王平 , 秦志光 , 等 . 支持多种特性的基于属性代理重加密方案 [J]. 通信学报 , 2019 , 40 ( 6 ): 177 - 189 .
FENG C S , LUO W P , QIN Z G , et al . Attribute-based proxy re-encryption scheme with multiple features [J]. Journal on Communications , 2019 , 40 ( 6 ): 177 - 189 . (in Chinese)
DENG H , QIN Z , WU Q H , et al . Flexible attribute-based proxy re-encryption for efficient data sharing [J]. Information Sciences , 2020 , 511 : 94 - 113 .
ZHENG D , QIN B D , LI Y N , et al . Cloud-assisted attribute-based data sharing with efficient user revocation in the Internet of Things [J]. IEEE Wireless Communications , 2020 , 27 ( 3 ): 18 - 23 .
LIN H Y , HUNG Y M . An improved proxy re-encryption scheme for IoT-based data outsourcing services in clouds [J]. Sensors (Basel, Switzerland) , 2020 , 21 ( 1 ): 67 .
GUO H , ZHANG Z F , XU J , et al . Accountable proxy re-encryption for secure data sharing [J]. IEEE Transactions on Dependable and Secure Computing , 2021 , 18 ( 1 ): 145 - 159 .
YU S C , WANG C , REN K , et al . Achieving secure, scalable, and fine-grained data access control in cloud computing [C]// 2010 Proceedings IEEE INFOCOM . Piscataway : IEEE , 2010 : 1 - 9 .
TYSOWSKI P K , HASAN M A . Hybrid attribute- and re-encryption-based key management for secure and scalable mobile applications in clouds [J]. IEEE Transactions on Cloud Computing , 2013 , 1 ( 2 ): 172 - 186 .
LI J , YAO W , ZHANG Y , et al . Flexible and fine-grained attribute-based data storage in cloud computing [J]. IEEE Transactions on Services Computing , 2017 , 10 ( 5 ): 785 - 796 .
LI L , WANG Z , LI N . Efficient attribute-based encryption outsourcing scheme with user and attribute revocation for fog-enabled IoT [J]. IEEE Access , 2020 , 8 : 176738 - 176749 .
0
浏览量
11
下载量
1
CSCD
- 网络PDF下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies