摘要
密文策略属性基加密(ciphertext-policy attribute-based encryption,CP-ABE)类似于基于角色访问控制,可以为云存储系统提供灵活细粒度的访问控制.但大多数CP-ABE方案中,密文长度与访问策略复杂度成正相关,系统属性同时被多个用户共享而导致属性难以被撤销.针对上述问题,本文提出一种支持属性撤销且密文长度恒定的属性基加密方案.该方案中每个用户的属性群密钥不能通用,可以有效抵抗撤销用户与未撤销用户的合谋攻击.为减少属性授权机构和数据拥有者的计算负担,属性撤销过程所需的计算量外包给数据服务管理者;同时该方案采用支持多值属性和通配符的"AND"门策略,实现了密文长度恒定.所提方案基于决策性q-BDHE (q-bilinear Diffie-Hellman exponent)假设对方案进行了选择明文攻击的安全性证明.最后对方案进行了理论分析与实验验证,分析结果表明本文方案可以有效抵制用户合谋攻击,增加了方案的安全性.同时所提方案在功能和计算效率方面具有一定优势,适用于实际应用情况.
Ciphertext-Policy Attribute-Based Encryption(CP-ABE)is similar to role-based access control,which provides flexible and fine-grained access control for cloud storage systems.However,in most of existing CP-ABE schemes,the ciphertext length is positively related to the complexity of the access structure.And the attribute level user revocation is an important challenge because the system attributes are shared by multiple users at the same time.To solve this problem,this paper presents an CP-ABE scheme that supports the attribute level user revocation and constant-size ciphertext.The attribute group key for each user in the scheme is different,so this scheme can effectively resist collusion attacks between the revoked users and the existing users.To reduce the computational burden of the attribute authority and the data owner,the amount of computation required for the attribute revocation process is outsourced to the data service manager.At the same time,the scheme adopts the AND-Gate strategy supporting multi-valued attributes and wildcards,and the ciphertext length is constant.The scheme is proved selectively secure based on Decisional q-Bilinear Diffie-Hellman Exponent(q-BDHE)assumption.Finally,the functionality and efficiency of the proposed scheme are analyzed and verified.The experimental results show that the proposed scheme can safely implement attribute level user revocation.At the same time,the proposed scheme has some advantages in terms of function and computational efficiency.It is suitable for practical application.
作者
赵志远
朱智强
王建华
孙磊
ZHAO Zhi-yuan;ZHU Zhi-qiang;WANG Jian-hua;SUN Lei(Information Engineering University,Zhengzhou,Henan 450001,China)
出处
《电子学报》
EI
CAS
CSCD
北大核心
2018年第10期2391-2399,共9页
Acta Electronica Sinica
基金
国家973重点基础研究发展计划(No.2013CB338000)
国家重点研发计划(No.2016YFB0501900)。
关键词
属性基加密
属性撤销
合谋攻击
密文长度恒定
attribute-based encryption
attribute revocation
collusion attacks
constant-size ciphertext
