摘要
为有效解决现有的支持外包的属性基加密(CP-ABE)方案中不可信云服务商以及恶意用户对系统带来的安全隐患,提出一种可追溯高安全的高效CP-ABE方案。为追踪恶意用户以及预防云服务商为寻求利益从而作恶的可能,搭建双层架构的区块链并分别存储相关加密验证数据以及用户访问记录。引入用户交互和属性结合的双重信任管理机制,增强整个系统的安全性和细粒度。通过外包解密以及数据公开撤销机制提升用户解密速率的同时节省不知情用户因访问撤销数据花费的通信开销。安全性分析结果表明,该方案具有机密性、完整性、问责性以及抗共谋攻击功能,用仿真实验与其它方案对比分析验证了该方案计算开销的优势。
To effectively solve the security risks caused by untrusted cloud providers and malicious users in the existing attribute-based encryption(CP-ABE)schemes,an efficient CP-ABE scheme with high traceability and security was proposed.To track malicious users and prevent the possibility of evil by cloud service providers seeking benefits,a two-layer blockchain was built and the relevant encryption verification data and user access records were respectively stored.The dual trust management mechanism combining user interaction and attributes was introduced to enhance the security and granularity of the whole system.The mecha-nism of outsourcing decryption and data disclosure revocation improved the decryption rate of users and saved the communication cost of uninformed users for accessing revoked data.The security analysis shows that the scheme has the functions of confiden-tiality,integrity,accountability and resistance to collusive attack,and the simulation results show that the scheme has the advantage of computing cost compared with other schemes.
作者
董国芳
鲁烨堃
张楚雯
刘兵
DONG Guo-fang;LU Ye-kun;ZHANG Chu-wen;LIU Bing(School of Electrical Information Engineering,Yunnan Minzu University,Kunming 650504,China)
出处
《计算机工程与设计》
北大核心
2024年第5期1329-1336,共8页
Computer Engineering and Design
基金
国家自然科学基金项目(61662089)。
