摘要
随着越来越多的企业使用云计算提供的各种数据服务,云安全变得至关重要,而数据的加密和身份访问管理(IAM)是云安全的重要组成部分。密文策略属性基加密(CP-ABE)是一种特殊的公钥加密方案,可以用来解决密文的访问控制问题,适用于身份和访问管理系统。然而现有的属性基加密方案大多不能抵抗量子攻击,并且只能支持单值属性。为了满足身份访问管理中常用的基于属性的访问控制(ABAC)模型的需求,文章基于环上的错误学习问题构造了一个多权威密文策略属性基加密方案。文章所提方案采用键值对形式的属性,并支持析取范式的访问结构,能够实现细粒度的访问控制。同时,该方案允许多个权威去中心化地管理密钥。另外,该方案依赖于evasive LWE假设在多项式环上的变种,该方案被证明具有静态安全性。文章对方案进行了C++语言的实现验证,并进行了性能测试,实验结果表明,该方案具有较高的性能,适合实际应用。
As more companies adopt cloud computing services,the importance of cloud security has increased significantly.To ensure secure data storage in the cloud,encryption and Identity and Access Management(IAM)are essential components.One solution for access control of encrypted data is Ciphertext-Policy Attribute-Based Encryption(CP-ABE),which can also be used in IAM systems.However,most of existing ABE schemes are not resistant to quantum adversaries,and only support single-valued attributes.To address the demand for IAMs using Attribute-Based Access Control(ABAC)mechanisms,this paper constructed a multi-authority CP-ABE scheme based on the ring learning with error problem.This scheme presented attributes in key-value pairs and supported access structures of Disjunctive Normal Form(DNF)formulas to achieve fine-grained access control.At the same time,this scheme allowed multiple decentralized authorities to manage and distribute keys.Furthermore,relying on a ring variant of evasive LWE assumption,this scheme was proven static secure.This article implemented the CP-ABE scheme in C++,and conducted performance testing.The experimental result shows that this scheme enjoys high efficiency and is suitable for practical application.
作者
刘芹
王卓冰
余纯武
王张宜
LIU Qin;WANG Zhuobing;YU Chunwu;WANG Zhangyi(School of Cyber Science and Engineering,Wuhan University,Wuhan 430079,China;School of Computer Science,Wuhan University,Wuhan 430079,China)
出处
《信息网络安全》
CSCD
北大核心
2023年第9期25-36,共12页
Netinfo Security
基金
国家自然科学基金[62272348]。
