支持大属性空间和安全分级的KP-ABE
A KP-ABE Scheme Supporting Large Universe and Security Classification
- 电子学报 2023年51卷第9期 页码:2549-2557
- 作者机构:
1.四川师范大学计算机科学学院,四川成都 610101
2.电子科技大学网络与数据安全四川省重点实验室,四川成都 610054
3.中国电子科技集团公司第30研究所,四川成都 610041
- 作者简介:
[ "康 萍 女,1998年3月出生于四川南充,四川师范大学在读研究生.研究方向为信息安全与云计算. E-mail: iskangping@foxmail.com" ]
赵开强 男,1996年1月出生于四川巴中,四川师范大学在读研究生.研究方向为信息安全与云计算. E-mail: 18483621260@163.com
刘 彬 男,1996年10月出生于四川宜宾,四川师范大学在读研究生.研究方向为区块链、联邦学习与信息安全. E-mail: liubin10@foxmail.com
郭 真 女,1997年9月出生于四川成都,四川师范大学在读研究生.研究方向为信息安全与云计算. E-mail: ssbguo@foxmail.com
- 基金信息:国家自然科学基金(61373163);国防科技重点实验室基金(6142103010709)
DOI:10.12263/DZXB.20210493
中图分类号: TP309.2收稿:2021-04-16,
修回:2022-04-10,
纸质出版:2023-09-25
- 稿件说明:
移动端阅览
康萍,赵开强,刘彬等.支持大属性空间和安全分级的KP-ABE[J].电子学报,2023,51(09):2549-2557.
KANG Ping,ZHAO Kai-qiang,LIU Bin,et al.A KP-ABE Scheme Supporting Large Universe and Security Classification[J].ACTA ELECTRONICA SINICA,2023,51(09):2549-2557.
康萍,赵开强,刘彬等.支持大属性空间和安全分级的KP-ABE[J].电子学报,2023,51(09):2549-2557. DOI: 10.12263/DZXB.20210493.
KANG Ping,ZHAO Kai-qiang,LIU Bin,et al.A KP-ABE Scheme Supporting Large Universe and Security Classification[J].ACTA ELECTRONICA SINICA,2023,51(09):2549-2557. DOI: 10.12263/DZXB.20210493.
摘要
现有的KP-ABE(Key-Policy Attribute-Based Encryption)方案主要通过哈希函数实现对大属性空间的支持,安全性建立在随机预言模型下而非标准模型下;计算每个属性对应的密文子项或密钥子项,指数运算次数大于最大加密属性个数;不支持数据和用户安全分级.针对上述问题,本文提出了一种支持大属性空间和安全分级的KP-ABE方案.该方案通过编码函数而不是哈希函数将任意“属性名称:属性值”编码映射至有限域中的一个元素,实现对任意“属性名称:属性值”的支持并确保任意两个不同“属性名称:属性值”的编码值不同;结合强制访问控制思想,方案对密文和用户赋予不同的安全等级,只有用户安全等级不低于密文的安全等级时用户才能解密.最后对本文方案进行了安全性和性能分析,在标准模型下证明了该方案针对选择明文攻击是安全的;性能分析表明,所提出方案只需要进行2次指数运算,就能完成一个属性对应的密文子项或密钥子项的计算.
Abstract
The existing KP-ABE (Key-Policy Attribute-Based Encryption) scheme mainly supports large universe by using hash function
and the security is built under the random oracle model instead of the standard model; the number of exponentiation operations is greater than the maximum number of attributes at the time of encryption when calculating the ciphertext components or key components for each attribute; it does not support data and user security classification. To address the above problems
this paper proposes a KP-ABE scheme that supports large universe and security classification. The scheme maps arbitrary “attribute name: attribute value” to an element in the finite field through an encoding function instead of hash function
enabling support for any “attribute name: attribute value” and ensuring that any two different “attribute name: attribute value” combinations are encoded with different values; combined with the idea of mandatory access control
the scheme assigns different security levels to ciphertext and user
and only when the user security level is not lower than the security level of the ciphertext can the user decrypt it. The scheme is proved to be secure against chosen plaintext attacks under the standard model; the performance analysis shows that the proposed scheme only needs to perform two exponential operations to complete the computation of the ciphertext components or key components corresponding to one attribute.
关键词
Keywords
references
冯朝胜 , 秦志光 , 袁丁 . 云数据安全存储技术 [J]. 计算机学报 , 2015 , 38 ( 1 ): 150 - 163 .
FENG C S , QIN Z G , YUAN D . Techniques of secure storage for cloud data [J]. Chinese Journal of Computers , 2015 , 38 ( 1 ): 150 - 163 . (in Chinese)
冯朝胜 , 秦志光 , 袁丁 , 等 . 云计算环境下访问控制关键技术 [J]. 电子学报 , 2015 , 43 ( 2 ): 312 - 319 .
FENG C S , QIN Z G , YUAN D , et al . Key techniques of access control for cloud computing [J]. Acta Electronica Sinica , 2015 , 43 ( 2 ): 312 - 319 . (in Chinese)
SAHAI A , WATERS B . Fuzzy identity-based encryption [M]// Lecture Notes in Computer Science . Berlin : Springer Berlin Heidelberg , 2005 : 457 - 473 .
GOYAL V , PANDEY O , SAHAI A , et al . Attribute-based encryption for fine-grained access control of encrypted data [C]// CCS'06: Proceedings of the 13th ACM conference on Computer and communications security . New York : ACM , 2006 : 89 - 98 .
BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption [C]// 2007 IEEE Symposium on Security and Privacy . Piscataway : IEEE , 2007 : 321 - 334 .
PIRRETTI M , TRAYNOR P , MCDANIEL P , et al . Secure attribute-based systems [J]. Journal of Computer Security , 2010 , 18 ( 5 ): 799 - 837 .
LEWKO A , WATERS B . Unbounded HIBE and attribute-based encryption [C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques . Berlin ,: Springer , 2011 : 547 - 567 .
OKAMOTO T , TAKASHIMA K . Fully secure unbounded inner-product and attribute-based encryption [C]// International Conference on the Theory and Application of Cryptology and Information Security . Berlin : Springer , 2012 : 349 - 366 .
ROUSELAKIS Y , WATERS B . New constructions and proof methods for large universe attribute-based encryption [C]// Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security . New York : ACM , 2013 : 463 - 474 .
BEIMEL A . Secure Schemes for Secret Sharing and Key Distribution [D]. Haifa : Israel Institute of Techono logy , 1996 .
KARCHMER M , WIGDERSON A . On span programs [C]// Proceedings of the Eigth Annual Structure in Complexity Theory Conference . Piscataway : IEEE , 1993 : 102 - 111 .
LEWKO A . Tools for simulating features of composite order bilinear groups in the prime order setting [C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques . Berlin : Springer , 2012 : 318 - 335 .
OKAMOTO T , TAKASHIMA K . Homomorphic encryption and signatures from vector decomposition [C]// International Conference on Pairing-Based Cryptography . Berlin : Springer , 2008 : 57 - 74 .
OKAMOTO T , TAKASHIMA K . Fully secure functional encryption with general relations from the decisional linear assumption [C]// Annual Cryptology Conference . Berlin : Springer , 2010 : 191 - 208 .
LEWKO A , OKAMOTO T , SAHAI A , et al . Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption [C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques . Berlin : Springer , 2010 : 62 - 91 .
FREEMAN D M . Converting pairing-based cryptosystems from composite-order groups to prime-order groups [C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques . Berlin : Springer , 2010 : 44 - 61 .
ZHANG K , LIU X M , LI Y P , et al . A secure enhanced key-policy attribute-based temporary keyword search scheme in the cloud [J]. IEEE Access , 2020 , 8 : 127845 - 127855 .
晋云霞 , 杨贺昆 , 冯朝胜 , 等 . 一种支持解密外包的KP-ABE方案 [J]. 电子学报 , 2020 , 48 ( 3 ): 561 - 567 .
JIN Y X , YANG H K , FENG C S , et al . A KP-ABE scheme with outsourced decryption [J]. Acta Electronica Sinica , 2020 , 48 ( 3 ): 561 - 567 . (in Chinese)
杨贺昆 , 冯朝胜 , 晋云霞 , 等 . 支持可验证加解密外包的CP-ABE方案 [J]. 电子学报 , 2020 , 48 ( 8 ): 1545 - 1551 .
YANG H K , FENG C S , JIN Y X , et al . ACP-ABE scheme with verifiable outsourced encryption and decryption [J]. Acta Electronica Sinica , 2020 , 48 ( 8 ): 1545 - 1551 . (in Chinese)
0
浏览量
10
下载量
0
CSCD
- 网络PDF下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies