云计算中属性基数据与权限混合访问控制方案

doi:10.3778/j.issn.1002-8331.2305-0207

摘要/Abstract

摘要： 云计算的出现使得从任何位置访问应用程序和数据成为可能，由于其灵活、高效和资源共享的特性，云计算迅速应用于各个行业和领域。云计算中的安全细粒度数据访问控制、隐私保护和权限控制已成为学术界和工业界研究的热点问题。为了解决这些问题，提出一种基于SM9属性加密的数据与权限混合访问控制方案，在需要加密大量具有层次结构的数据的场景下，该方案比传统的属性基加密方案更加灵活高效，匿名的特点可以限制用户隐私泄露，层次权限控制使得更细粒度地管理云数据的操作权限成为可能。安全分析和实验结果表明，该方案在判定性双线性Diffie-Hellman假设下是安全的，在加解密等方面具有良好的工作效率。

关键词: 匿名, 层次数据, 权限控制, SM9, 属性基加密

Abstract: The emergence of cloud computing has made it possible to access applications and data from anywhere. Due to its flexibility, efficiency, and resource sharing capabilities, cloud computing has been rapidly applied to various industries and fields. Fine-grained data access control, privacy protection, and privilege control in cloud computing have become hot research issues in both academia and industry. To address these issues, this paper proposes a data and privilege hybrid access control scheme based on SM9 attribute encryption. In scenarios that require encryption of a large amount of hierarchical data, this scheme is more flexible and efficient than traditional attribute-based encryption schemes, the anonymity of it can reduce the leakage of user’s privacy, and hierarchical privilege control makes it possible to manage the operation privilege of cloud data more finely. The security analysis and simulation experiments show that, the proposed scheme is secure under decisional bilinear Diffie-Hellman assumption, and it is efficient in encryption and decryption.

Key words: anonymity, hierarchical data, privilege control, SM9, attribute-based encryption

刘芹, 李鹏举, 余纯武. 云计算中属性基数据与权限混合访问控制方案[J]. 计算机工程与应用, 2024, 60(13): 276-286.

LIU Qin, LI Pengju, YU Chunwu. Attribute-Based Data and Privilege Hybrid Access Control Scheme in Cloud Computing[J]. Computer Engineering and Applications, 2024, 60(13): 276-286.

参考文献

[1] THUSHARA G A, BHANU S M S. A survey on secured data sharing using ciphertext policy attribute based encryption in cloud[C]//Proceedings of the 8th IEEE International Conference on Smart Computing and Communications (ICSCC), 2021: 170-177.
[2] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Heidelberg: Springer, 2005: 457-473.
[3] GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006: 89-98.
[4] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C]//Proceedings of IEEE Symposium on Security and Privacy, 2007: 321-334.
[5] 尹龙潇, 伍忠东. 密文策略属性加密中的撤销控制方案[J]. 计算机工程与应用, 2020, 56(13): 100-105.
YIN L X, WU Z D. Revocation control scheme in CP-ABE[J]. Computer Engineering and Applications, 2020, 56(13): 100-105.
[6] 许盛伟, 王飞杰. 多机构授权下可追踪可隐藏的属性基加密方案[J]. 信息网络安全, 2020, 20(1): 33-39.
XU S W, WANG F J. Attribute-based encryption scheme traced under multi-authority[J]. Netinfo Security, 2020, 20(1): 33-39.
[7] LI J, WANG Q, WANG C, et al. Enhancing attribute-based encryption with attribute hierarchy[J]. Mobile Networks and Applications, 2011, 16(5): 553-561.
[8] BONEH D, BOYEN X. Efficient selective-ID secure identity-based encryption without random oracles[C]//Proceedings of the 23th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Heidelberg: Springer, 2004: 223-238.
[9] ZOU X. A hierarchical attribute-based encryption scheme[J]. Wuhan University Journal of Natural Sciences, 2013, 18(3): 259-264.
[10] ALI M, MOHAJERI J, SADEGHI M R, et al. A fully distributed hierarchical attribute-based encryption scheme[J]. Theoretical Computer Science, 2020, 815: 25-46.
[11] WANG Z, WANG J. A provably secure ciphertext-policy hierarchical attribute-based encryption[C]//Proceedings of the First International Conference on Cloud Computing and Security. Cham, Switzerland: Springer, 2015: 38-48.
[12] LI C, SHEN Q, XIE Z, et al. Hierarchical and non-monotonic key-policy attribute-based encryption and its application[J]. Information Sciences, 2022, 611: 591-627.
[13] CHEN X, LIU Y, CHAO H C, et al. Ciphertext-policy hierarchical attribute-based encryption against key-delegation abuse for IoT-connected healthcare system[J]. IEEE Access, 2020, 8: 86630-86650.
[14] MIAO Y, MA J, LIU X, et al. Attribute-based keyword search over hierarchical data in cloud computing[J]. IEEE Transactions on Services Computing, 2017, 13(6): 985-998.
[15] DENG H, WU Q, QIN B, et al. Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts[J]. Infor-mation Sciences, 2014, 275: 370-384.
[16] WAN Z, DENG R H. HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing[J]. IEEE Transactions on Information Forensics and Security, 2011, 7(2): 743-754.
[17] CHANDAR P P, MUTKURAMAN D, RATHINRAI M. Hierarchical attribute based proxy re-encryption access control in cloud computing[C]//Proceedings of the IEEE International Conference on Circuits, Power and Computing Technologies, 2014: 1565-1570.
[18] WANG G, LIU Q, WU J. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services[C]//Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010: 735-737.
[19] WANG S, ZHOU J, LIU J K, et al. An efficient file hierarchy attribute-based encryption scheme in cloud computing[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(6): 1265-1277.
[20] GUO R, LI X, ZHENG D, et al. An attribute-based encryption scheme with multiple authorities on hierarchical personal health record in cloud[J]. The Journal of Supercomputing, 2020, 76(7): 4884-4903.
[21] LIU X, YANG X, LUO Y, et al. Anonymous electronic health record sharing scheme based on decentralized hierarchical attribute-based encryption in cloud environment[J]. IEEE Access, 2020, 8: 200180-200193.
[22] HE H, ZHENG L, LI P, et al. An efficient attribute-based hierarchical data access control scheme in cloud computing[J]. Human-centric Computing and Information Sciences, 2020, 10(1): 1-19.
[23] LI J, CHEN N, ZHANG Y. Extended file hierarchy access control scheme with attribute-based encryption in cloud computing[J]. IEEE Transactions on Emerging Topics in Computing, 2019, 9(2): 983-993.
[24] XIAO M, LI H, HUANG Q, et al. Attribute-based hierarchical access control with extendable policy[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 1868-1883.
[25] JUNG T, LI X Y, WAN Z, et al. Control cloud data access privilege and anonymity with fully anonymous attribute- based encryption[J]. IEEE Transactions on Information Forensics and Security, 2014, 10(1): 190-199.
[26] MORALES-SANDOVAL M, GONZALEZ-COMPEAN J L, DIAZ-PEREZ A, et al. A pairing-based cryptographic approach for data security in the cloud[J]. International Journal of Information Security, 2018, 17(4): 441-461.
[27] 庄朝源, 郭瑞, 杨耿. 区块链中可验证外包解密的匿名属性加密方案[J]. 计算机工程与应用, 2022, 58(19): 124-134.
ZHUANG C Y, GUO R, YANG G. Anonymous attribute-based encryption scheme with verifiable outsourcing decryption in blockchain[J]. Computer Engineering and Applications, 2022, 58(19): 124-134.
[28] LEWKO A, WATERS B. Decentralizing attribute-based encryption[C]//Proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Heidelberg: Springer, 2011: 568-588.
[29] 国家密码管理局. SM9标识密码算法: GM/T 0044—2016[S]. 北京: 中国标准出版社, 2016.
National Cryptography Administrative Department. Identity-based cryptographic algorithms SM9: GM/T 0044—2016[S]. Beijing: Standards Press of China, 2016.
[30] ELAINE B, BARKER W, BURR W, et al. Recommendation for key management: part1-general[Z]. NIST Special Publication, 2020: 1-158.