摘要
在现有的解决方案中,基于时间的方案难以实现即时撤销,基于第三方的方案往往需要重加密运算,计算量大,不适用于海量密文数据。针对该问题,提出了一种高效的支持用户和属性级别的即时撤销方案,所提方案基于经典的LSSS型访问结构的CP-ABE,引入了RSA密钥管理机制和属性认证思想,借助半可信第三方,在解密之前对用户进行属性认证。与现有的撤销方案对比,所提方案只需半可信第三方更新RSA属性认证密钥,不需要用户更新密钥且不需要重加密密文,极大地减少了撤销带来的计算量和通信量,同时保证了抗串谋攻击和前后向安全性。安全性分析和实验仿真证明,所提方案具有更高的撤销效率。
In the existing solutions,the time-based scheme is difficult to achieve immediate revocation,and the third-party-based scheme often requires re-encryption,which needs large amount of calculation and doesn’t apply to massive data.To solve the problem,an efficient and immediate CP-ABE scheme was proposed to support user and attribute levels revocation.The scheme was based on the classic LSSS access structure,introducing RSA key management mechanism and attribute authentication.By means of a semi-trusted third party,the user could be authenticated before decryption.Compared with the existing revocation schemes,The proposed scheme didn’t need the user to update the key or re-encrypt the ciphertext.The semi-trusted third party wasn’t required to update the RSA attribute authentication key.The scheme greatly reduced the amount of computation and traffic caused by revocation,while ensuring anti-collusion attacks and forward and backward security.Finally,the security analysis and experimental simulation show that the scheme has higher revocation efficiency.
作者
李学俊
张丹
李晖
LI Xuejun;ZHANG Dan;LI Hui(School of Cyber Engineering,Xidian University,Xi’an 710071,China)
出处
《通信学报》
EI
CSCD
北大核心
2019年第6期32-39,共8页
Journal on Communications
基金
国家重点研发计划基金资助项目(No.2018YFB0804701)
国家自然科学基金资助项目(No.61572460)~~