计算机工程与应用 ›› 2020, Vol. 56 ›› Issue (18): 69-76.DOI: 10.3778/j.issn.1002-8331.1911-0126

• 网络、通信与安全 • 上一篇    下一篇

基于CP-ABE重加密的敏感数据访问控制限制方案

古丽米热·尔肯,努尔买买提·黑力力   

  1. 新疆大学 数学与系统科学学院,乌鲁木齐 830046
  • 出版日期:2020-09-15 发布日期:2020-09-10

CP-ABE Re-encryption Based Access Control Constraint for Sensitive Data

Gulmire ARKEN, Nurmamat HELIL   

  1. College of Mathematics and System Science, Xinjiang University, Urumqi 830046, China
  • Online:2020-09-15 Published:2020-09-10

摘要:

数据拥有者分享于云上的数据之间可能存在利益冲突或由其推理出敏感信息。选择通过二次加密实现属性撤销的密文策略属性基加密(Ciphertext-Policy Attribute-Based Encryption,CP-ABE)系统,提出利用其原有的重加密实施这类特殊数据上的访问控制限制方案,方案对已有的密码系统以较小的代价进行改进,使其具有防止用户访问利益冲突数据或泄露敏感信息的能力,从而提高系统安全性。最后进行安全性分析并对方案中各算法的运行时间进行测试。分析表明该方案在BDHE假设下能够抵抗RCCA攻击。

关键词: 密文策略属性基加密(CP-ABE), 访问控制限制, 重加密

Abstract:

The data shared on the cloud may have conflicts of interest, or one may infer sensitive information from them. This paper chooses the Ciphertext-Policy Attribute-Based Encryption(CP-ABE) scheme that implements attribute revocation through re-encryption and proposes an approach of enforcing access control constraints on such particular data through the re-encryption. This scheme improves the security of existing scheme at less cost while having the ability to prevent users from accessing data that have conflict of interest or revealing sensitive information. Finally, this paper provides security analysis and conduct a test for algorithms in the presented scheme. The analysis shows that the scheme can resist RCCA attacks under the BDHE assumption.

Key words: Ciphertext-Policy Attribute-Based Encryption(CP-ABE), access control constraint, re-encryption