基于云雾计算的可追踪可撤销密文策略属性基加密方案

Traceable and revocable ciphertext-policy attribute-based encryption scheme based on cloud-fog computing

针对资源受限的边缘设备在属性基加密中存在的解密工作开销较大,以及缺乏有效的用户追踪与撤销的问题,提出了一种支持云雾计算的可追踪可撤销的密文策略属性基加密(CP-ABE)方案。首先,通过对雾节点的引入,使得密文存储、外包解密等工作能够放在距离用户更近的雾节点进行,这样既有效地保护了用户的隐私数据,又减少了用户的计算开销;其次,针对属性基加密系统中用户权限变更、用户有意或无意地泄露自己密钥等行为,加入了用户的追踪和撤销功能;最后,通过算法追踪到做出上述行为的恶意用户身份后,将该用户加入撤销列表,从而取消该用户访问权限。性能分析表明,所提方案用户端的解密开销降低至一次乘法运算和一次指数运算,能够为用户节省大量带宽与解密时间,且该方案支持恶意用户的追踪与撤销。因此所提方案适用于云雾环境下计算资源受限设备的数据共享。

Focusing on the large decryption overhead of the resource limited edge devices and the lack of effective user tracking and revocation in attribute-based encryption,a traceable and revocable Ciphertext-Policy Attribute-Based Encryption(CP-ABE)scheme supporting cloud-fog computing was proposed.Firstly,through the introduction of fog nodes,the ciphertext storage and outsourcing decryption were able to be carried out on fog nodes near the users,which not only effectively protected users’private data,but also reduced users’computing overhead.Then,in response to the behaviors such as user permission changes,users intentionally or unintentionally leaking their own keys in the attribute-based encryption system,user tracking and revocation functions were added.Finally,after the identity of malicious user with the above behaviors was tracked through the algorithm,the user would be added to the revocation list,so that user’s access right was cancelled.The performance analysis shows that the decryption overhead at the user end is reduced to one multiplication and one exponential operation,which can save large bandwidth and decryption time for users;at the same time,the proposed scheme supports the tracking and revocation of malicious users.Therefore,the proposed scheme is suitable for data sharing of devices with limited computing resources in cloud-fog environment.