摘要
针对一对多模型下共享数据细粒度访问控制、密文密钥的安全共享和更新等问题,提出了一种面向云存储且支持代理重加密的多关键词属性基可搜索加密方案。增加节点信息改进访问树结构,实现对密文数据读写权限的细粒度访问控制;对查询关键词进行属性基加密优化处理,实现陷门信息不可区分性和限制不同用户的检索能力;利用重加密方法更新密文及密钥,解决已撤销用户恶意访问隐私数据带来的系统安全问题;设计了一种基于区块链的安全性验证算法来识别第三方托管隐私数据被攻击篡改的问题。基于DBDH困难问题和DDH困难问题,推理证明了所提方案能够满足自适应关键词密文安全和陷门安全。实验结果表明,该方案在密钥生成、陷门生成、关键词索引生成和正确性验证阶段能够保证隐私数据及密钥安全,同时相比于同类方案,在时间开销方面具有更高效率。
To address fine-grained access control,secure sharing,and encrypted key updates in a one-to-many model,a multi-keyword attribute-based searchable encryption scheme with proxy re-encryption for cloud storage was proposed.The access tree was enhanced with node information for fine-grained control over ciphertext read and write permissions.The keyword encryption process was optimized for trapdoor indistinguishability and restricted user search capabilities.Re-encryption updated ciphertext and keys,preventing malicious access by revoked users.A blockchain-based verification algorithm was designed to detect tampering of third-party data.The DBDH and DDH hard problems proved the scheme’s keyword ciphertext security and trapdoor security.Experiments show the proposed scheme secures data and keys during key generation,trapdoor,and index generation,and correctness verification.It also demonstrates higher efficiency in time overhead,ensuring privacy and key safety while maintaining high efficiency.
作者
张克君
王文彬
徐少飞
于新颖
王钧
李鹏程
钱榕
ZHANG Kejun;WANG Wenbin;XU Shaofei;YU Xinying;WANG Jun;LI Pengcheng;QIAN Rong(School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China;Department of Cyberspace Security,Beijing Electronic Science and Technology Institute,Beijing 100071,China;School of Cyberspace Security,University of Science and Technology of China,Hefei 230026,China)
出处
《通信学报》
EI
CSCD
北大核心
2024年第9期244-257,共14页
Journal on Communications
基金
中央高校基本科研业务费资金资助项目(No.3282023033)
北京高校“高精尖”学科建设基金资助项目(No.20210086Z0401)。
关键词
可搜索加密
属性基加密
读/写节点
代理重加密
访问控制
searchable encryption
attribute-based encryption
read/write node
proxy re-encryption
access control
