吉林大学学报(工学版) ›› 2014, Vol. 44 ›› Issue (3): 788-794.doi: 10.13229/j.cnki.jdxbgxb201403033

• 论文 • 上一篇    下一篇

云中基于常数级密文属性基加密的访问控制机制

李琦1,2,马建峰1,2,熊金波1,2,张涛1,2,刘西蒙2,3   

  1. 1.西安电子科技大学 计算机学院,西安 710071;
    2.西安电子科技大学 陕西省网络与系统安全重点实验室,西安 710071;
    3.西安电子科技大学 通信工程学院,西安 710071
  • 收稿日期:2012-12-26 出版日期:2014-03-01 发布日期:2014-03-01
  • 通讯作者: 马建峰(1963),男,教授,博士生导师.研究方向:信道编码,密码学,无线和移动安全,系统可生存性.E-mail:jfma@mail.xidian.edu.cn E-mail:qilijs@gmail.com
  • 作者简介:李琦(1989),男,博士研究生.研究方向:密码学,网络安全.E-mail:qilijs@gmail.com
  • 基金资助:
    长江学者和创新团队发展计划项目(IRT1078);国家自然基金委员会-广东联合基金重点基金项目(U1135002);国家科技部重大专项项目(2011ZX03005-002);国家自然科学基金面上项目(61370078).

Attribute-based encryption based access control scheme withconstant-size ciphertext in cloud computing

LI Qi1,2, MA Jian-feng1,2, XIONG Jin-bo1,2,ZHANG Tao1,2,LIU Xi-meng2,3   

  1. 1.School of Computer Science and Technology, Xidian University, Xi′an 710071, China;
    2.Shaanxi Key Laboratory of Network and System Security, Xidian University, Xi′an 710071, China;
    3.School of Telecommunications Engineering, Xidian University, Xi′an 710071, China
  • Received:2012-12-26 Online:2014-03-01 Published:2014-03-01

RICH HTML

0   

PDF (PC)

682

摘要: 针对当前云计算环境下基于属性加密访问控制机制中密文存储开销随属性个数成线性增长的问题,提出了一种基于常数级密文CP-ABE(CCP-ABE)算法的访问控制机制。先用一个对称密钥加密源数据,然后用一个与门访问策略加密该对称密钥,只有拥有满足该访问策略的属性集合的用户才能恢复出对称密钥。在CPA安全的CCP-ABE算法安全性的基础上证明了该访问控制机制的安全性,并且给出了CCA安全的CCP-ABE构造方法。性能分析结果表明:该访问控制机制将密文存储开销由随密文中包含的属性个数增加成线性增长降为常数级。

关键词: 计算机应用, 访问控制, 基于属性的加密, 云计算, 常数级长度

Abstract: Based on Attribute-Based Encryption (ABE), a variety of access control schemes have been constructed in cloud computing. However, in these schemes, the ciphertext overhead goes linearly with the number of attributes used in encryption. To address this concern, a CCP-ABE (Constant-size Ciphertext Policy ABE) based access control scheme is proposed. The original data is encrypted by a symmetric key; then symmetric key is encrypted under an AND-gate access policy. Only the user who possesses a set of attributes that satisfy the policy can recover the symmetric key. The security of the proposed scheme is proved based on security of the CPA (Chosen Plaintext Attack) secure CCP-ABE scheme. Moreover, a method of constructing CCA (Chosen Ciphertext attack) secure CCP-ABE schemes is introduced. Performance analysis indicates that the ciphertext overhead over the number of attributes included in ciphertext is constant-size rather than linearity.

Key words: computer application, access control, attribute-based encryption, cloud computing, constant-size

中图分类号: 

  • TP393
[1] Li J T, Li N H, Winsborough W H. Automated trustnegotiation using cryptographic credentials[C]∥Proceedings of the 12th ACM Conference on Computer and Communications Security, New York, NY, USA, 2005: 46-57.
[2] Harney H, Colgrove A, Mcdaniel P. Principles of policy in secure groups[C]∥Proceedings of the Symposium on Network and Distributed System Security,San Diego,California,USA,2001: 66-74.
[3] 李凤华, 王巍, 马建峰,等. 协作信息系统的访问控制模型及其应用[J]. 通信学报, 2008, 29(9): 116-123.
Li Feng-hua, Wang Wei, Ma Jian-feng, et al. Access control model and its application for collaborative information systems[J]. Journal on Communications, 2008, 29(9): 116-123.
[4] Yu S C, Wang C, Ren K, et al. Achieving secure, scalable, and fine-grained data access control in cloud computing[C]∥Proceedings of the 2010 INFOCOM, San Diego, CA,2010:1-9.
[5] Wang G J, Liu Q, Wu J. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[C]∥Proceedings of the 17th ACM Conference on Computer and communications security, New York, NY, USA, 2010:735-737.
[6] Wan Z G, Liu J, Deng R H. HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing[J]. IEEE Transactions on Information Forensics and Security, 2012, 7(2):743-754.
[7] 孙国梓, 董宇, 李云. 基于 CP-ABE算法的云存储数据访问控制[J]. 通信学报, 2011, 32(7): 146-152.
Sun Guo-zhi, Dong Yu, Li Yun. CP-ABE based data access control for cloud storage[J]. Journal on Communications, 2011, 32(7): 146-152.
[8] Zhou Zhi-bin, Huang Di-jiang. On efficient ciphertext-policy attribute based encryption and broadcast encryption[C]∥Proceedings of the 17th ACM Conference on Computer and Communications Security, New York, NY, USA, 2010:753-755.
[9] Sahai A, Waters B. Fuzzy identity-based encryption[J]. Lecture Notes in Computer Science, 2005,3494: 457-473.
[10] Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]∥Proceedings of the 13th ACM Conference on Computer and Communications Security, New York, NY, USA, 2006: 89-98.
[11] Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption[C]∥IEEE Symposium on Security and Privacy, Berkeley, CA, 2007: 321-334.
[12] Cheung L, Newport C. Provably secure ciphertext policy ABE[C]∥Proceedings of the 14th ACM Conference on Computer and Communications Security, New York, NY, USA,2007: 456-465.
[13] Goyal V, Jain A, Pandey O, et al. Bounded ciphertext policy attribute based encryption[J]. Lecture Notes in Computer Science, 2008,5126: 579-591.
[14] Lewko A, Okamoto T, Sahai A, et al. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption[J]. Lecture Notes in Computer Science, 2010,6110: 62-91.
[15] Lewko A, Sahai A, Waters B. Revocation systems with very small private keys[C]∥2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 2010: 273-285.
[16] Lewko A, Waters B. Decentralizing attribute-based encryption[J]. Lecture Notes in Computer Science, 2011,6632: 568-588.
[17] Kallahalla M, Riedel E, Swaminathan R, et al. Plutus: Scalable secure file sharing on untrusted storage[C]∥Proceedings of the 2nd USENIX Conference on File and Storage Technologies, Berkeley, CA, USA, 2003: 29-42.
[18] Goh E J, Shacham H, Modadugu N, et al. SiRiUS: Securing remote untrusted storage[C]∥Proceedings of the Symposium on Network and Distributed System Security, San Diego,California,USA,2003:131-145.
[19] Gentry C, Silverberg A. Hierarchical ID-based Cryptography[M]. Lecture Notes in Computer Science, 2002,2501: 548-566.
[20] Canetti R, Halevi S, Katz J. Chosen-ciphertext security from identity-based encryption[J]. Lecture Notes in Computer Science, 2004,3027: 207-222.
[21] Boneh D, Gentry C, Waters B. Collusion resistant broadcast encryption with short ciphertexts and private keys[J]. Lecture Notes in Computer Science, 2005,3621: 258-275.
[1] 刘富,宗宇轩,康冰,张益萌,林彩霞,赵宏伟. 基于优化纹理特征的手背静脉识别系统[J]. 吉林大学学报(工学版), 2018, 48(6): 1844-1850.
[2] 王利民,刘洋,孙铭会,李美慧. 基于Markov blanket的无约束型K阶贝叶斯集成分类模型[J]. 吉林大学学报(工学版), 2018, 48(6): 1851-1858.
[3] 金顺福,王宝帅,郝闪闪,贾晓光,霍占强. 基于备用虚拟机同步休眠的云数据中心节能策略及性能[J]. 吉林大学学报(工学版), 2018, 48(6): 1859-1866.
[4] 赵东,孙明玉,朱金龙,于繁华,刘光洁,陈慧灵. 结合粒子群和单纯形的改进飞蛾优化算法[J]. 吉林大学学报(工学版), 2018, 48(6): 1867-1872.
[5] 刘恩泽,吴文福. 基于机器视觉的农作物表面多特征决策融合病变判断算法[J]. 吉林大学学报(工学版), 2018, 48(6): 1873-1878.
[6] 欧阳丹彤, 范琪. 子句级别语境感知的开放信息抽取方法[J]. 吉林大学学报(工学版), 2018, 48(5): 1563-1570.
[7] 刘富, 兰旭腾, 侯涛, 康冰, 刘云, 林彩霞. 基于优化k-mer频率的宏基因组聚类方法[J]. 吉林大学学报(工学版), 2018, 48(5): 1593-1599.
[8] 桂春, 黄旺星. 基于改进的标签传播算法的网络聚类方法[J]. 吉林大学学报(工学版), 2018, 48(5): 1600-1605.
[9] 刘元宁, 刘帅, 朱晓冬, 陈一浩, 郑少阁, 沈椿壮. 基于高斯拉普拉斯算子与自适应优化伽柏滤波的虹膜识别[J]. 吉林大学学报(工学版), 2018, 48(5): 1606-1613.
[10] 车翔玖, 王利, 郭晓新. 基于多尺度特征融合的边界检测算法[J]. 吉林大学学报(工学版), 2018, 48(5): 1621-1628.
[11] 赵宏伟, 刘宇琦, 董立岩, 王玉, 刘陪. 智能交通混合动态路径优化算法[J]. 吉林大学学报(工学版), 2018, 48(4): 1214-1223.
[12] 黄辉, 冯西安, 魏燕, 许驰, 陈慧灵. 基于增强核极限学习机的专业选择智能系统[J]. 吉林大学学报(工学版), 2018, 48(4): 1224-1230.
[13] 傅文博, 张杰, 陈永乐. 物联网环境下抵抗路由欺骗攻击的网络拓扑发现算法[J]. 吉林大学学报(工学版), 2018, 48(4): 1231-1236.
[14] 曹洁, 苏哲, 李晓旭. 基于Corr-LDA模型的图像标注方法[J]. 吉林大学学报(工学版), 2018, 48(4): 1237-1243.
[15] 侯永宏, 王利伟, 邢家明. 基于HTTP的动态自适应流媒体传输算法[J]. 吉林大学学报(工学版), 2018, 48(4): 1244-1253.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
版权所有 © 《吉林大学学报(工学版)》编辑部
地址:长春市人民大街5988号 电话:+86-431-85095297 传真:+86-431-85094074 E-mail: xbgxb@jlu.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发