引用本文
  • 党鲜玲.一种大属性域版本控制的云安全用户属性动态撤销策略[J].信息安全学报,已采用    [点击复制]
  • dangxianling.A Dynamic Revocation Strategy of Cloud Security User Attributes for Large Attribute Domain Version Control[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【在线阅读全文】【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 49次   下载 0  
一种大属性域版本控制的云安全用户属性动态撤销策略
党鲜玲
0
(太原科技大学)
摘要:
密文策略属性基加密( ciphertext-policy attribute-based encryption,CP-ABE) 作为一种一对多的数据加密技术,因能实现密 文数据安全和细粒度的权限访问控制而引起学术界的广泛关注。尽管目前在该领域已取得了一些研究成果,然而,大多数 CP-ABE 方案均基于小属性域,系统属性同时被多个用户共享而难以实现动态的属性撤销,现有的属性撤销机制在功能复杂 性、计算高效性、以及抗合谋攻击安全性方面存在的问题都成为它在实际应用中的障碍。针对上述问题,提出一种大属性域 版本控制的云安全用户属性动态撤销策略。该方案在密文策略属性加密中构造属性及用户版本密钥,通过更新属性版本密钥 实现用户属性撤销,更新用户版本密钥实现用户撤销。由此避免了基于重加密实现撤销带来的计算和通信开销。该方案基于 q-DBPBDHE 假设,在随机预言模型下证明是静态性安全的。最后,对方案进行了性能分析与实验验证,实验结果表明:在保 证密文前后向安全性的前提下,该方案可以实现动态的用户属性撤销和用户撤销且可以抵制多重合谋攻击, 较同类方案本文方 案具有有较优的功能特性和计算效率。此外,所提方案基于大属性域,在实际应用中更加灵活。
关键词:  云计算  大属性域  版本控制  属性撤销  访问控制
DOI:
投稿时间:2021-09-29修订日期:2022-01-14
基金项目:山西省应用基础研究项目
A Dynamic Revocation Strategy of Cloud Security User Attributes for Large Attribute Domain Version Control
dangxianling
(Taiyuan University of Science and Technology)
Abstract:
Ciphertext Policy Attribute-Based Encryption (CP-ABE), as a one-to-many public key encryption method, has attracted extensive attention in the academic world. Because this technique can protect data security, as well as provide fine-grained data access control. Although some research achievements have been made in this field, However, in most of existing CP-ABE schemes are based on small universe of attributes. And the attribute level dynamic revocation is an important challenge because the system attributes are shared by multiple users at the same time. There are some obstacles towards practical applications in most of the existing attribute revocation mechanisms, including the aspects of functionality, efficiency and anti-collusion attack security. In order to resolve the above mentioned issue, the paper proposes a scheme which is a dynamic revocation strategy of cloud security user attributes based on large universe version control. In the proposal, the attribute version key and user version key in the construction of the ciphertext policy attribute based encryption. Only the corresponding attribute version keys need to be update when the user attributes are revoked. similarly, only the user version key needs to be updated when the user is revoked. Therefore the expensive computation and communication overhead caused by ciphertext update based on data re-encryption can be effectively avoided. Based on the assumption of q-DBPBDHE, the scheme is proved that is statically secure in the random oracle model. Finally, the performance analysis and experimental verification are carried out, and the experimental results show that the proposed scheme can dynamically implement attribute level user revocation and user revocation, while ensuring multiple anti-collusion attacks under the premise of guaranteeing forward and backward security for ciphertext. Comparisons are provided between the proposal scheme and other lattice-based related works, analysis shows that our scheme has some advantages in terms of functional characteristics and computational efficiency. In addition, the proposed scheme supports large universe of attributes, which makes it more flexible for practical applications.
Key words:  cloud computing  large universe  version control  attribute revocation  access control