支持动态策略更新的半策略隐藏属性加密方案

应作斌; 马建峰; 崔江涛

doi:10.11959/j.issn.1000-436x.2015327

您当前的位置：

首页 >

文章列表页 >

支持动态策略更新的半策略隐藏属性加密方案

数据安全 | 更新时间：2024-06-05

- 支持动态策略更新的半策略隐藏属性加密方案
- Partially policy hidden CP-ABE supporting dynamic policy updating
- 通信学报 2015年36卷第12期页码：1-221
- 作者机构：
  
  西安电子科技大学计算机学院，陕西西安 710071
- 作者简介：
  
  [ "应作斌（1982-），男，安徽芜湖人，西安电子科技大学博士生，主要研究方向为密码学与网络安全、基于位置的隐私保护等。" ]
  [ "马建峰（1963-），男，陕西西安人，博士，西安电子科技大学教授、博士生导师，主要研究方向为网络与信息安全等。" ]
  [ "崔江涛（1975-），男，山东平度人，博士，西安电子科技大学副教授、博士生导师，主要研究方向为高维索引技术、数据与知识工程等。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61202179);国家自然科学基金资助项目(61173089);国家自然科学基金资助项目(61472298);国家自然基金委员会——广东联合基金重点基金资助项目(U1135002);国家高技术研究发展计划(“863”计划）基金资助项目(2015AA016007);教育部留学回国人员科研启动计划基金资助项目
- DOI：10.11959/j.issn.1000-436x.2015327
  中图分类号： TP309
- 网络出版日期：2015-12，
  
  纸质出版日期：2015-12-25
- 稿件说明：
移动端阅览
应作斌, 马建峰, 崔江涛. 支持动态策略更新的半策略隐藏属性加密方案[J]. 通信学报, 2015,36(12):1-221.

Zuo-bin YING, Jian-feng MA, Jiang-tao CUI. Partially policy hidden CP-ABE supporting dynamic policy updating[J]. Journal on communications, 2015, 36(12): 1-221.
应作斌, 马建峰, 崔江涛. 支持动态策略更新的半策略隐藏属性加密方案[J]. 通信学报, 2015,36(12):1-221. DOI： 10.11959/j.issn.1000-436x.2015327.

Zuo-bin YING, Jian-feng MA, Jiang-tao CUI. Partially policy hidden CP-ABE supporting dynamic policy updating[J]. Journal on communications, 2015, 36(12): 1-221. DOI： 10.11959/j.issn.1000-436x.2015327.

摘要

基于密文策略的属性加密被认为适用于云存储的环境，但当数据拥有者需要更新访问策略时，现有的更新方式因受数据的规模和属性集的大小的限制，会使数据拥有者增加相应的计算开销和通信开销。同时，以明文形式存放在云端的访问策略也会造成用户数据的隐私泄露。针对以上2个问题，提出了一种支持动态策略更新的半策略隐藏属性加密方案，使用所提方案进行策略更新时，用户的计算开销减少，大量的计算由云服务器承担。由于使用了半策略隐藏，用户的具体属性值不会泄露给其他任何第三方，有效保护了用户的隐私。此外，所提方案可以支持任何形式的策略更新，在标准模型下证明了方案是自适应选择明文攻击（CPA）安全的。

Abstract

Ciphertext-policy attribute-based encryption (CP-ABE) was considered to be appropriate for cloud storage.However

under traditional CP-ABE scheme which was limited in terms of the scale of the data and the quantities of the attributes

computation and communication costs would be introduced correspondingly whenever the data owner wants to update the policy.Moreover

the policy which was stored in the form of plaintext would also result in privacy leakage.Aiming at tackling the above two problems

a novel scheme called partially policy hidden CP-ABE supporting dynamic policy updating (DPUPH-CP-ABE) was proposed.Through utilizing proposed scheme

the computation cost will be reduced

especially on user side

leaving the most computational work to the cloud server.Meanwhile

the value of the user’s attributes will never be revealed to any third parties

and the users’ privacy will be effectively preserved.Besides

the scheme is proved to be adaptively chosen plaintext attack (CPA) secure in the standard model and can support any types of policy updating.

关键词

Keywords

references

YU S , WANG C , REN K , et al . Achieving secure,scalable,and fine-grained data access control in cloud computing [A ] . INFOCOM,2010 Proceedings IEEE [C ] . 2010 . 1 - 9 .

SAHAI A , WATERS B . Fuzzy Identity-Based Encryption [M ] . Springer Berlin Heidelberg , 2005 .

GOYAL V , PANDEY O , SAHAI A , et al . Attribute-based encryption for fine-grained access control of encrypted data [A ] . Proceedings of the 13th ACM Conference on Computer and Communications Security [C ] . ACM , 2006 . 89 - 98 .

BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption [A ] . Security and Privacy [C ] . 2007 . 321 - 334 .

WATERS B . Ciphertext-Policy Attribute-Based Encryption:An Expressive,Efficient,and Provably Secure Realization [M ] . Springer Berlin Heidelberg , 2011 .

CHASE M . Multi-Authority Attribute based Encryption [M ] . Theory of Cryptography . Springer Berlin Heidelberg , 2007 .

LEWKO A , WATERS B . Decentralizing Attribute-based Encryption [M ] . Springer Berlin Heidelberg , 2011 .

LIU Z , CAO Z , HUANG Q , et al . Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles [A ] . Computer Security–ESORICS 2011 [C ] . Springer Berlin Heidelberg , 2011 . 278 - 297 .

SAHAI A , SEYALIOGLU H , WATERS B . Dynamic credentials and ciphertext delegation for attribute-based encryption [A ] . Advances in Cryptology–CRYPTO 2012 [C ] . Springer Berlin Heidelberg , 2012 . 199 - 217 .

YANG K , JIA X , REN K , et al . Enabling efficient access control with dynamic policy updating for big data in the cloud [A ] . INFOCOM,2014 Proceedings IEEE [C ] . 2014 . 2013 - 2021 .

NISHIDE T , YONEYAMA K , OHTA K . Attribute-based encryption with partially hidden encryptor-specified access structures [A ] . Applied cryptography and network security [C ] . Springer Berlin Heidelberg , 2008 . 111 - 129 .

LI J , REN K , ZHU B , et al . Privacy-aware attribute-based encryption with user accountability [A ] . Information Security [C ] . Springer Berlin Heidelberg , 2009 . 347 - 362 .

LAI J , DENG R H , LI Y . Expressive CP-ABE with partially hidden access structures [A ] . Proceedings of the 7th ACM Symposium on Information,Computer and Communications Security [C ] . ACM , 2012 . 18 - 19 .

BEIMEL A . Secure Schemes for Secret Sharing and Key Distribution [D ] . Technion-Israel Institute of Technology,Faculty of Computer Science , 1996 .

BONEH D , GOH E J , NISSIM K . Evaluating 2-DNF formulas on ciphertexts [A ] . Theory of Cryptography [C ] . Springer Berlin Heidelberg , 2005 . 325 - 341 .

LEWKO A , OKAMOTO T , SAHAI A , et al . Fully secure functional encryption:attribute-based encryption and (hierarchical) inner product encryption [A ] . Advances in Cryptology–EUROCRYPT 2010 [C ] . Springer Berlin Heidelberg , 2010 . 62 - 91 .

DE CARO A , IOVINO V , PERSIANO G . Fully secure anonymous hibe and secret-key anonymousibe with short ciphertexts [A ] . Pairing-Based Cryptography-Pairing 2010 [C ] . Springer Berlin Heidelberg , 2010 . 347 - 366 .

LEWKO A , WATERS B . New techniques for dual system encryption and fully secure HIBE with short ciphertexts [A ] . Theory of Cryptography [C ] . Springer Berlin Heidelberg , 2010 . 455 - 479 .

WATERS B . Dual system encryption:realizing fully secure IBE and HIBE under simple assumptions [A ] . Advances in Cryptology-CRYPTO 2009 [C ] . Springer Berlin Heidelberg , 2009 . 619 - 636 .

浏览量

1103

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

素数阶群上基于非对称对的身份基环签名

格上基于身份的增量签名方案

标准模型下可撤销的基于身份的代理重签名方案

基于云计算平台的物联网加密数据比较方案

可证安全的部分盲代理重签名方案