摘要
传统的密文策略属性基加密方案为云计算数据共享服务提供细粒度访问控制功能的同时,其访问策略中的明文属性会导致隐私和敏感数据泄露,而且根据恶意用户泄露的解密密钥对其进行高效追踪并撤销是一个挑战性问题,同时,大多数现有可撤销方案中都存在着撤销列表过长、效率过低等缺陷。针对这些问题,基于密文策略属性基加密方法,提出一种可撤销可追踪的基于时间并具有隐私保护的云数据共享方案。通过隐藏访问策略的属性值,所提方案支持单调且部分隐藏的访问策略和大规模属性空间,并使用层级的基于身份加密技术设置用户密钥有效期从而实现基于时间限制的数据访问控制。在此基础上,利用白盒追踪和二叉树技术,所提方案实现了高效的用户追踪和具有较短用户撤销列表的直接用户撤销,并使用在线/离线和可验证外包解密技术提高整体效率。最后,在判定性q-BDHE假设下,所提方案被证明是安全的。理论分析和实验结果显示,所提方案在时间和存储开销方面具有较高的性能。
General ciphertext-policy attribute-based encryption(CP-ABE)provides fine-grained access control for data sharing in cloud computing,but its plaintext formed access policy may cause leakage of private and sensitive data.And revoking a malicious user by accurately tracing the identity according to a leaked decryption key is a huge challenge.Moreover,most of existing revocable schemes incur long user revocation list and low efficiency.To solve these problems,a time-based and privacy preserving revocable and traceable data sharing scheme was proposed based on CP-ABE to support expressive monotonic and partial hidden access policy,large attribute universe by conceal the attribute values in access policy.Time-limited data access control using hierarchical identity-based encryption was achieved to set key valid period for users.Moreover,with the approaches of white-box tracing and binary tree,efficient user tracing and direct revocation with shorter revocation list was realized together with high efficiency via online/offline and verifiable outsourced decryption techniques.Furthermore,the scheme was secure under decisional q-BDHE assumption.Theoretical analysis and extensive experiments demonstrate its advantageous performance in computational and storage cost.
作者
张嘉伟
马建峰
马卓
李腾
ZHANG Jiawei;MA Jianfeng;MA Zhuo;LI Teng(School of Cyber Engineering,Xidian University,Xi’an 710071,China)
出处
《通信学报》
EI
CSCD
北大核心
2021年第10期81-94,共14页
Journal on Communications
基金
国家自然科学基金资助项目(No.61902291)
中国博士后基金资助项目(No.2019M653567)
陕西省自然科学基金资助项目(No.2019JM-425)
中央高校基本科研业务费专项资金资助项目(No.JB191507)。
