摘要
随着物联网、5G以及6G移动通信网络的快速发展,相应的加密算法需要同时适应云计算和雾计算环境,还需要具备包括属性撤销机制在内的细粒度加密功能,并且具备抵抗共谋攻击的能力.然而,目前这些理论及技术问题的研究还有待进一步发展和完善.本文提出一种适用于云雾集合环境的数据细粒度加密及共享方案(NDSS-FC),面向云雾计算综合环境,借鉴密文策略属性基加密(CP-ABE)算法结构,可以实现细粒度的加密访问控制,可以实现安全的属性撤销,可以动态地管理用户,可以实现外包解密以及抵抗共谋攻击.首先,通过设计雾节点构造新型CP-ABE结构,以保证云雾结合环境下安全的数据共享,并且通过雾节点为计算资源受限的用户执行外包解密服务.其次,通过结合新型CP-ABE结构与单向函数树(OFT)技巧,以分享、更新群密钥的方式保证安全的属性撤销.再次,通过多项式分发版本密钥,以计算、更新版本密钥的方式保证动态用户管理.再次,通过在用户密钥中嵌入随机因子,以抵抗共谋攻击.最后,性能分析和形式化证明显示NDSS-FC方案安全高效.
With the fast development of Internet of Things(IoT),5G(the fifth generation communication system)and 6G networks,the corresponding encryption algorithms need to be adapted for both fog and cloud computing environments,with fine-grained data encryption function including attribute revocation mechanism and resistance against collusion attacks.Current research on these theoretical and technical issues needs to be further developed and improved.Based on ciphertext-policy attributebased encryption(CP-ABE)structure,this paper proposes a new data sharing scheme(NDSS-FC),which can fit for both the fog and the cloud computing environment,and can realize fine-grained data access control in fog and cloud computing architecture,such as secure attribute revocation,secure dynamic user management,with collusion attack resistance and outsourced decryption.Firstly,the proposed NDSS-FC scheme can achieve secure data sharing in fog and cloud computing environments with outsourced decryption.In the proposed NDSS-FC scheme,fog nodes are employed to construct new analogous CP-ABE structure,in which there are two kinds of data owners and data users.The fog nodes can deal with the outsourced decryption for those users who have limited computation resources.Secondly,the proposed NDSS-FC scheme can realize secure attribute revocation.In the proposed NDSS-FC scheme,the new analogous CP-ABE structure is combined with one-way function tree(OFT)technique to share attribute group keys for revoking users’attributes.Thirdly,the proposed NDSS-FC scheme can securely and dynamically manage users.In the proposed NDSS-FC scheme,there is a version key that is distributed via a polynomial and is embedded in the ciphertext.When a user is removed from or added into the system,the version key will be updated.Moreover,the proposed NDSS-FC scheme can withstand the collusion attacks.Both performance and formal security analysis show that the proposed NDSS-FC scheme is efficient and secure.
作者
周先斌
蒋睿
ZHOU Xian-Bin;JIANG Rui(School of Cyber Science and Engineering,Southeast University,Nanjing 210096,China)
出处
《密码学报》
CSCD
2023年第6期1295-1318,共24页
Journal of Cryptologic Research
基金
Natural Science Foundation of Jiangsu Province (BK20201265)
National Natural Science Foundation of China (61372103)
Open Project of National Engineering Research Center of Classified Protection and Safeguard Technology for Cybersecurity
关键词
云雾集合环境
细粒度数据加密
属性撤销
动态用户管理
外包解密
抵抗共谋攻击
fog and cloud computing environments
fine-grained data encryption
attribute revocation
dynamic user management
outsourced decryption
collusion attack resistance