浏览全部资源
扫码关注微信
支持访问策略部分隐藏的CP-ABE方案
CP-ABE scheme supporting partially hidden access policy
- 通信学报 2024年45卷第10期 页码:180-190
- 作者机构:
1.四川师范大学计算机科学学院,四川 成都 610101
2.成都东软学院数字艺术与设计学院,四川 成都 611844
3.电子科技大学网络与数据安全四川省重点实验室,四川 成都 610054
- 作者简介:
[ "刘霞(1978- ),女,四川都江堰人,四川师范大学讲师,主要研究方向为网络安全、访问控制、隐私保护和区块链等。" ]
[ "王馨族(1997- ),女,四川苍溪人,成都东软学院助教,主要研究方向为区块链、信息安全等。" ]
[ "张涛(2000- ),男,四川德阳人,四川师范大学硕士生,主要研究方向为隐私保护与访问控制等。" ]
[ "陈盈阁(2000- ),男,四川成都人,四川师范大学硕士生,主要研究方向为云环境下的隐私保护、数据安全等。" ]
[ "王荣(1989- ),女,四川资阳人,博士,四川师范大学讲师,主要研究方向为隐私保护、联邦学习等。" ]
[ "冯朝胜(1971- ),男,四川广元人,博士,四川师范大学教授、博士生导师,主要研究方向为网络与信息安全。" ]
[ "秦志光(1956- ),男,四川荣昌人,博士,电子科技大学教授、博士生导师,主要研究方向为密码学、网络与信息安全。" ]
- 基金信息:国家自然科学基金资助项目(61373163);四川省自然科学基金资助项目(2022NSFSC0552;2023NSFSC1397)
DOI:10.11959/j.issn.1000-436x.2024179
中图分类号: TP309收稿日期:2024-04-26,
修回日期:2024-09-24,
纸质出版日期:2024-10-25
- 稿件说明:
移动端阅览
刘霞,王馨族,张涛等.支持访问策略部分隐藏的CP-ABE方案[J].通信学报,2024,45(10):180-190.
LIU Xia,WANG Xinzu,ZHANG Tao,et al.CP-ABE scheme supporting partially hidden access policy[J].Journal on Communications,2024,45(10):180-190.
刘霞,王馨族,张涛等.支持访问策略部分隐藏的CP-ABE方案[J].通信学报,2024,45(10):180-190. DOI: 10.11959/j.issn.1000-436x.2024179.
LIU Xia,WANG Xinzu,ZHANG Tao,et al.CP-ABE scheme supporting partially hidden access policy[J].Journal on Communications,2024,45(10):180-190. DOI: 10.11959/j.issn.1000-436x.2024179.
摘要
针对现有支持外包解密的基于密文策略的属性加密(CP-ABE)方案大多未考虑对密文访问策略的隐私保护,而部分支持策略隐藏的方案又存在访问策略匹配效率低的问题,提出一种支持访问策略隐藏且访问策略匹配效率较高的CP-ABE方案。该方案对属性值进行盲化处理并构造隐藏策略访问树,实现了访问策略的隐私保护;采用布隆过滤器对属性进行过滤与成员认证,从而快速找到满足访问策略的最小属性集,减少解密测试中的大量无效计算;利用强算力的云服务器进行外包计算,减少本地的解密开销。理论分析和实验结果分析均表明,所提方案可兼顾计算效率与策略隐私保护,访问策略匹配效率和加解密速度显著提升,本地解密时间被减少至常数级。安全性分析表明,所提方案不仅保护了外包访问策略的隐私性,还能抵御选择明文攻击。
Abstract
Most of the existing ciphertext-policy attribute-based encryption (CP-ABE) schemes that support outsourced decryption do not consider the privacy protection of the ciphertext access policy
while some schemes that support policy hidden have the problem of low access policy matching efficiency. Therefore
a CP-ABE scheme was proposed that supported access policy hidden and had high efficiency in access policy matching. In this scheme
the attribute values were blinded and a policy hidden access tree was constructed to realize the privacy protection of the access policy. Bloom filter was used to filter attributes and authenticate members
so as to quickly find the minimum set of attributes that meet the access policy and reduce a large number of invalid calculations in the decryption test. Finally
cloud servers with strong computing power for outsourced computing were used to reduce local decryption costs. Theoretical analysis and experimental results show that the proposed scheme can take into account both computational efficiency and policy privacy protection
significantly improving access policy matching efficiency
encryption and decryption speed
and local decryption time is reduced to a constant level. Security analysis demonstrates that the proposed scheme not only protects the privacy of outsourced access policies but also can resist chosen plaintext attacks.
关键词
Keywords
references
BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption [C ] // Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP '07) . Piscataway : IEEE Press , 2007 : 321 - 334 .
WATERS B . Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization [C ] // International Workshop on Public Key Cryptography . Berlin : Springer , 2011 : 53 - 70 .
FENG C S , YU K P , ALOQAILY M , et al . Attribute-based encryption with parallel outsourced decryption for edge intelligent IoV [J ] . IEEE Transactions on Vehicular Technology , 2020 , 69 ( 11 ): 13784 - 13795 .
LI H , YU K P , LIU B , et al . An efficient ciphertext-policy weighted attribute-based encryption for the Internet of health things [J ] . IEEE Journal of Biomedical and Health Informatics , 2022 , 26 ( 5 ): 1949 - 1960 .
LI Q , ZHANG Q Q , HUANG H P , et al . Secure, efficient, and weighted access control for cloud-assisted industrial IoT [J ] . IEEE Internet of Things Journal , 2022 , 9 ( 18 ): 16917 - 16927 .
GREEN M , HOHENBERGER S , WATERS B . Outsourcing the decryption of ABE ciphertexts [C ] // Proceedings of the 20th USENIX Security Symposium . Berkeley : USENIX Association , 2011 : 523 - 538 .
SANCHOL P , FUGKEAW S , SATO H . A mobile cloud-based access control with efficiently outsourced decryption [C ] // Proceedings of the 2022 10th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud) . Piscataway : IEEE Press , 2022 : 1 - 8 .
TU S S , HUANG F M , ZHANG S J , et al . Ciphertext-policy attribute-based encryption for securing IoT devices in fog computing [C ] // Proceedings of the 2022 International Conference on Computer, Information and Telecommunication Systems (CITS) . Piscataway : IEEE Press , 2022 : 1 - 7 .
HWANG Y W , LEE I Y . A study on CP-ABE based data sharing system that provides signature-based verifiable outsourcing [C ] // Proceedings of the 2021 International Conference on Advanced Enterprise Information System (AEIS) . Piscataway : IEEE Press , 2021 : 1 - 5 .
LIU X J , CHEN W , XIA Y J , et al . SE-VFC: secure and efficient outsourcing computing in vehicular fog computing [J ] . IEEE Transactions on Network and Service Management , 2021 , 18 ( 3 ): 3389 - 3399 .
WANG H Q , HE D B , HAN J G . VOD-ADAC: anonymous distributed fine-grained access control protocol with verifiable outsourced decryption in public cloud [J ] . IEEE Transactions on Services Computing , 2020 , 13 ( 3 ): 572 - 583 .
NISHIDE T , YONEYAMA K , OHTA K . Attribute-based encrypttion with partially hidden encryptor-specified access structures [C ] // International Conference on Applied Cryptography & Network Security . Berlin : Springer , 2008 : 111 - 129 .
LAI J Z , DENG R H , LI Y J . Expressive CP-ABE with partially hidden access structures [C ] // Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security . New York : ACM Press , 2012 : 146 - 162 .
HAN D Z , PAN N N , LI K C . A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection [J ] . IEEE Transactions on Dependable and Secure Computing , 2022 , 19 ( 1 ): 316 - 327 .
ZHANG Y H , ZHENG D , DENG R H . Security and privacy in smart health: efficient policy-hiding attribute-based access control [J ] . IEEE Internet of Things Journal , 2018 , 5 ( 3 ): 2130 - 2145 .
ZHANG Z S , ZHANG W , QIN Z G . A partially hidden policy CP-ABE scheme against attribute values guessing attacks with online privacy- protective decryption testing in IoT assisted cloud computing [J ] . Future Generation Computer Systems , 2021 , 123 : 181 - 195 .
NASIRAEE H , ASHOURI-TALOUKI M . Privacy-preserving distributed data access control for CloudIoT [J ] . IEEE Transactions on Dependable and Secure Computing , 2022 , 19 ( 4 ): 2476 - 2487 .
ZHANG W , ZHANG Z S , XIONG H , et al . PHAS-HEKR-CP-ABE: partially policy-hidden CP-ABE with highly efficient key revocation in cloud data sharing system [J ] . Journal of Ambient Intelligence and Humanized Computing , 2022 , 13 ( 1 ): 613 - 627 .
MAHDAVIOLIAEE M , AHMADIAN Z . Fine-grained flexible access control: ciphertext policy attribute based encryption for arithmetic circuits [J ] . Journal of Computer Virology and Hacking Techniques , 2023 , 19 ( 4 ): 515 - 528 .
0
浏览量
32
下载量
0
CSCD
- 网络PDF下载
- WORD下载
- XML下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies
- 总访问量:128271 今日访问量:536