摘要: |
密文策略属性基加密(ciphertext-policy attribute-based encryption, CP-ABE) 作为一种一对多的数据加密技术, 因能实现密文数据安全和细粒度的权限访问控制而引起学术界的广泛关注。尽管目前在该领域已取得了一些研究成果, 然而, 大多数CP-ABE 方案均基于小属性域, 系统属性同时被多个用户共享而难以实现动态的属性撤销, 现有的属性撤销机制在功能复杂性、计算高效性、以及抗合谋攻击安全性方面存在的问题都成为它在实际应用中的障碍。针对上述问题, 提出一种大属性域版本控制的云安全用户属性动态撤销策略。该方案在密文策略属性加密中构造属性及用户版本密钥, 通过更新属性版本密钥实现用户属性撤销, 更新用户版本密钥实现用户撤销。由此避免了基于重加密实现撤销带来的计算和通信开销。该方案基于 q-DBPBDHE假设, 在随机预言模型下证明是静态性安全的。最后, 对方案进行了性能分析与实验验证, 实验结果表明:在保证密文前后向安全性的前提下, 该方案可以实现动态的用户属性撤销和用户撤销且可以抵制多重合谋攻击, 较同类方案本文方案具有较优的功能特性和计算效率。此外, 所提方案基于大属性域, 在实际应用中更加灵活。 |
关键词: 云计算 大属性域 版本控制 属性撤销 访问控制 |
DOI:10.19363/J.cnki.cn10-1380/tn.2023.01.12 |
Received:September 28, 2021Revised:January 14, 2022 |
基金项目:本课题得到山西省应用基础研究项目(No. 201901D111266)资助。 |
|
A Dynamic Revocation Strategy of Cloud Security User Attributes for Large Attribute Domain Version Control |
DANG Xianling,GUO Yinzhang |
Department of Computer Science and Technology, Taiyuan University of Science and Technology (TUST), Taiyuan 030024, China |
Abstract: |
Ciphertext Policy Attribute-Based Encryption (CP-ABE), as a one-to-many public key encryption method, has attracted extensive attention in the academic world. Because this technique can protect data security, as well as provide fine-grained data access control. Although some research achievements have been made in this field, However, in most of existing CP-ABE schemes are based on small universe of attributes. And the attribute level dynamic revocation is an important challenge because the system attributes are shared by multiple users at the same time. There are some obstacles towards practical applications in most of the existing attribute revocation mechanisms, including the aspects of functionality, efficiency and anti-collusion attack security. In order to resolve the above mentioned issue, the paper proposes a scheme which is a dynamic revocation strategy of cloud security user attributes based on large universe version control. In the proposal, the attribute version key and user version key in the construction of the ciphertext policy attribute based encryption. Only the corresponding attribute version keys need to be update when the user attributes are revoked. similarly, only the user version key needs to be updated when the user is revoked. Therefore the expensive computation and communication overhead caused by ciphertext update based on data re-encryption can be effectively avoided. Based on the assumption of q-DBPBDHE, the scheme is proved that is statically secure in the random oracle model. Finally, the performance analysis and experimental verification are carried out, and the experimental results show that the proposed scheme can dynamically implement attribute level user revocation and user revocation, while ensuring multiple anti-collusion attacks under the premise of guaranteeing forward and backward security for ciphertext. Comparisons are provided between the proposal scheme and other lattice-based related works, analysis shows that our scheme has some advantages in terms of functional characteristics and computational efficiency. In addition, the proposed scheme supports large universe of attributes, which makes it more flexible for practical applications. |
Key words: cloud computing large universe version control attribute revocation access control |