权限分离的属性基加密数据共享方案

朱辉; 雷婉; 黄容; 李晖; 刘西蒙

doi:10.3969/j.issn.1000-436x.2014.z2.009

您当前的位置：

首页 >

文章列表页 >

权限分离的属性基加密数据共享方案

学术论文 | 更新时间：2024-06-05

- 权限分离的属性基加密数据共享方案
- Privilege separation of data sharing scheme using attribute-based encryption
- 通信学报 2014年35卷第Z2期页码：53-62
- 作者机构：
  
  西安电子科技大学综合业务网理论及关键技术国家重点实验室，陕西西安 710071
- 作者简介：
  
  [ "朱辉（1981-），男，河南周口人，博士，西安电子科技大学副教授，主要研究方向为信息安全和隐私保护。" ]
  [ "雷婉（1991-），女，陕西渭南人，西安电子科技大学硕士生，主要研究方向为基于属性加密和信息安全。" ]
  [ "黄容（1989-），女，湖南衡阳人，西安电子科技大学硕士生，主要研究方向为基于属性加密和云计算安全。" ]
  [ "李晖（1969-），男，河南灵宝人，博士，西安电子科技大学教授，主要研究方向为密码学、无线网络安全、信息论和网络编码。" ]
  [ "刘西蒙（1988-），男，陕西西安人，西安电子科技大学博士生，主要研究方向为公钥密码学、信息安全、安全网络编码及其应用。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61303218);国家自然科学基金资助项目(61272457);中央高校基本科研业务费基金资助项目(K5051301017);国家移动通信重大专项基金资助项目(2012ZX03002003-002);高等学校引智计划基金资助项目(B08038)
- DOI：10.3969/j.issn.1000-436x.2014.z2.009
  中图分类号： TP309
- 网络出版日期：2014-11，
  
  纸质出版日期：2014-11-30
- 稿件说明：
移动端阅览
朱辉, 雷婉, 黄容, 等. 权限分离的属性基加密数据共享方案[J]. 通信学报, 2014,35(Z2):53-62.

Hui ZHU, Wan LEI, Rong HUANG, et al. Privilege separation of data sharing scheme using attribute-based encryption[J]. Journal on communications, 2014, 35(Z2): 53-62.
朱辉, 雷婉, 黄容, 等. 权限分离的属性基加密数据共享方案[J]. 通信学报, 2014,35(Z2):53-62. DOI： 10.3969/j.issn.1000-436x.2014.z2.009.

Hui ZHU, Wan LEI, Rong HUANG, et al. Privilege separation of data sharing scheme using attribute-based encryption[J]. Journal on communications, 2014, 35(Z2): 53-62. DOI： 10.3969/j.issn.1000-436x.2014.z2.009.

摘要

属性基加密(ABE

attribute-based encryption)用于提供细粒度访问控制及一对多加密，现已被广泛应用于分布式环境下数据共享方案以提供隐私保护。然而，现有的属性基加密数据共享方案均允许数据拥有者任意修改数据，导致数据真实性无法保证，经常难以满足一些实际应用需求，如个人电子病例、审核系统、考勤系统等。为此，提出一种能保证数据真实可靠且访问控制灵活的数据共享方案。首先，基于 RSA 代理加密技术实现读写权限分离机制以保证数据真实可靠；其次，使用属性基加密机制提供灵活的访问控制策略；最后，利用关键字检索技术实现支持密钥更新的高效撤销机制。详细的安全性分析表明本方案能提供数据机密性以实现隐私保护，且性能分析和仿真表明本方案具有较高效率，能有效满足实际应用需求。

Abstract

Attribute-based encryption (ABE)

which can provide fine-grained access control and flexible one-to-many encryption

has been envisioned as an important data sharing approach to achieve privacy preserving in the distributed environment.However

the flourish of the data sharing approach using attribute-based encryption still hinges upon how to fully understand and manage the challenges facing in the distributed environment

especially the veracity of the data.In fact

all of the existing data sharing schemes allow data owner to modify data without restrictions

in which the veracity of the data has been questioned and that cannot satisfy the demands of practical application sometimes

such as personal electronic medical records or assessment systems.A data sharing scheme with privilege separation is presented

in which the veracity of the data can be ensured and the flexible access control can be provided.Based on RSA-based proxy encryption

a new efficient privilege separation mechanism is introduced to ensure the veracity of the data; exploiting attribute-based encryption

the data owner can define the access policy to achieve fine-grained access control.Detailed security analysis shows that the proposed data sharing scheme can provide the data confidentiality to achieve privacy preserving.In addition

the performance analysis demonstrates the scheme’s effectiveness in terms of the computation costs.

关键词

Keywords

references

ARMBRUST M , FOX A , GRIFFITH R , et al . A view of cloud computing [J ] . Communications of the ACM , 2010 , 53 ( 4 ): 50 - 58 .

冯登国 , 张敏 , 张妍等 . 云计算安全研究 [J ] . 软件学报 , 2011 , 22 ( 1 ): 71 - 83 .

FENG D G , ZHANG M , ZHANG Y , et al . Study on cloud computing security [J ] . Journal of Software , 2011 , 22 ( 1 ): 71 - 83 .

朱辉 , 李晖 , 苏万力 , 等 . 基于身份的匿名无线认证方案 [J ] . 通信学报 , 2009 , 30 ( 4 ): 130 - 136 .

ZHU H , LI H , SU W L , et al . ID-based wireless authentication scheme with anonymity [J ] . Journal on Communications , 2009 , 30 ( 4 ): 130 - 136 .

AGRAWAL R , SRIKANT R . Privacy-preserving data mining [J ] . ACM Sigmod Record , 2000 , 29 ( 2 ): 439 - 450 .

ZHU H , LIU T T , Wei G H , et al . PPAS:privacy protection authentication scheme for VANET [J ] . Cluster Computing , 2013 , 16 ( 4 ): 873 - 886 .

SAHAI A , WATERS B . Fuzzy identity-based encryption [M ] . Advances in Cryptology–EUROCRYPT 2005 . Springer Berlin Heidelberg , 2005 .

BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption [A ] . Security and Privacy,SP'07 [C ] . 2007 . 321 - 334 .

YU S , WANG C , REN K , et al . Achieving secure,scalable,and fine-grained data access control in cloud computing [A ] . INFOCOM,2010 Proceedings IEEE [C ] . 2010 . 1 - 9 .

LI M , YU S , ZHENG Y , et al . Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption [J ] . IEEE Transactions on Parallel and Distributed Systems , 2013 , 24 ( 1 ): 131 - 143 .

AKINYELE J A , PAGANO M W , GREEN M D , et al . Securing electronic medical records using attribute-based encryption on mobile devices [A ] . Proceedings of the 1st ACM workshop on Security and Privacy in Smartphones and Mobile devices[C].ACM . 2011 . 75 - 86 .

NARAYAN S , GAGNE M,SAFAVI-NANINI R . Privacy preserving EHR system using attribute-based infrastructure [A ] . Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop .[C ] . ACM . 2010 . 47 - 52 .

JAHID S , MITTAL P , BORISOV N . EASIER:Encryption-based access control in social networks with efficient revocation [A ] . Proceedings of the 6th ACM Symposium on Information,Computer and Communications Security [C ] . ACM . 2011 . 411 - 415 .

XU Z , MARTIN K M . Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage [A ] . 2012 IEEE 11th International Conference on Trust,Security and Privacy in Computing and Communications [C ] . 2012 . 844 - 849 .

HUR J , NOH D K . Attribute-based access control with efficient revocation in data outsourcing system [J ] . IEEE Transactions on Parallel and Distributed Systems , 2011 , 22 ( 7 ): 1214 - 1221 .

DONG C , RUSSELLO G , DULAY N . Shared and searchable encrypted data for untrusted servers [M ] . Data and Applications Security XXII . Springer Berlin Heidelberg , 2008 .

YANG Y , LU H , WENG J . Multi-user private keyword search for cloud computing [A ] . 2011 IEEE Third International Conference on Cloud Computing Technology and Science (CloudCom) .[C ] . IEEE . 2011 . 264 - 271 .

BEN L . PBC library [EB/OL ] . http://crypto.stanford.edu/pbc/,2013 http://crypto.stanford.edu/pbc/,2013 .

Openssl Team OpenSSL:The open source toolkit for SSL/TLS [EB/OL ] . http://www.openssl.org,2013 http://www.openssl.org,2013 .

BETHENCOURT J ， SAHAI A ， WATERS B . The cpabe toolkit [EB/OL ] . http://acsc.csl.sri.com /cpabe/,2013 http://acsc.csl.sri.com /cpabe/,2013 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向云存储且支持重加密的多关键词属性基可搜索加密方案

区块链架构下高效的车联网跨域数据安全共享研究

基于区块链且支持数据共享的密文策略隐藏访问控制方案

面向移动云的属性基密文访问控制优化方法

支持直接撤销的密文策略属性基加密方案