雾计算中可追踪的多权威动态可搜索加密方案

doi:10.3778/j.issn.1002-8331.2409-0356

摘要/Abstract

摘要： 针对传统基于属性的关键字搜索方案中搜索算法的局限性、单点性能瓶颈以及恶意用户非法泄露密钥等问题，提出一种雾计算环境下支持动态关键字搜索和用户追踪的多权威加密方案。通过引入动态搜索机制，当两个关键字集中任一个关键字匹配时就停止搜索，从而提高方案的灵活性和可用性。通过引入多个属性权威管理互不相交的属性集，避免单点性能瓶颈问题，显著提升方案的扩展性和稳定性。为了防止恶意用户泄露密钥，在密钥中嵌入用户的身份信息，实现对恶意用户的追踪，追踪到恶意用户后，将该用户加入撤销列表，从而取消该用户访问权限。利用外包技术，将大量的计算任务转移至雾节点，以缓解资源受限终端用户的计算负担。安全性分析和性能比较表明了该方案的安全性和有效性。

关键词: 雾计算, 属性基加密, 多属性权威, 关键字搜索, 可追踪性和可撤销性

Abstract: This paper focuses on the limitations of traditional attribute-based keyword search schemes, such as inefficiencies in search algorithms, single-point performance bottlenecks, and the risk of malicious key leakage. A multi-authority encryption scheme with dynamic keyword search and user traceability is proposed for fog computing environments. Firstly, a dynamic search mechanism is introduced, allowing the search to stop once any keyword in the set matches, improving both flexibility and usability. Secondly, through the introduction of multiple attribute authorities to manage disjoint attribute sets, single-point bottlenecks are prevented, significantly enhancing scalability and system stability. Thirdly, in order to prevent malicious users from leaking keys, the user’s identity information is embedded in the key to track malicious users. After tracking malicious users, the user would be added to the revocation list, thereby canceling the user’s access rights. Finally, computational tasks are outsourced to fog nodes, reducing the computational burden on resource-constrained terminal users. Security analysis and performance comparisons show the proposed method is secure and efficient.

Key words: fog computing, attribute-based encryption, multi-authority, keyword search, traceability and revocation

刘雪艳, 李文静, 贾博龙, 徐文豪. 雾计算中可追踪的多权威动态可搜索加密方案[J]. 计算机工程与应用, 2025, 61(23): 274-285.

LIU Xueyan, LI Wenjing, JIA Bolong, XU Wenhao. Traceable Multi-Authority Dynamic Searchable Encryption Scheme in Fog Computing[J]. Computer Engineering and Applications, 2025, 61(23): 274-285.

参考文献

[1] STERGIOU C, PSANNIS K E, KIM B G, et al. Secure integration of IoT and cloud computing[J]. Future Generation Computer Systems, 2018, 78: 964-975.
[2] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]// Proceedings of the Central European Conference on Cryptology, 2005: 457-473.
[3] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C]//Proceedings of the IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2007: 321-334.
[4] CHASE M. Multi-authority attribute based encryption[C]//Proceedings of the Theory of Cryptography Conference. Berlin, Heidelberg: Springer, 2007: 515-534.
[5] ZHANG S W, YANG Y B, LIANG W, et al. MKSS: an effective multi-authority keyword search scheme for edge-cloud collaboration[J]. Journal of Systems Architecture, 2023, 144: 102998.
[6] CHAUDHURY S S. Efficient quantum multi-authority attribute-based encryption and generalizations[J]. Quantum Information Processing, 2024, 23(10): 327.
[7] MIAO Y B, DENG R, LIU X M, et al. Multi-authority attribute-based keyword search over encrypted cloud data[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18: 1667-1680.
[8] HARN L, REN J. Generalized digital certificate for user authentication and key establishment for secure communications[J]. IEEE Transactions on Wireless Communications, 2011, 10(7): 2372-2379.
[9] SONG D X, WAGNER D, PERRIG A. Practical techniques for searches on encrypted data[C]//Proceedings of the IEEE Symposium on Security and Privacy, 2000: 44-55.
[10] LI H W, LIU D X, DAI Y S, et al. Personalized search over encrypted data with efficient and secure updates in mobile clouds[J]. IEEE Transactions on Emerging Topics in Computing, 2018, 6(1): 97-109.
[11] MIAO Y B, MA J F, LIU Z Q. Revocable and anonymous searchable encryption in multi-user setting[J]. Concurrency and Computation: Practice and Experience, 2016, 28(4): 1204-1218.
[12] MIAO Y B, LIU J J, MA J F. Efficient keyword search over encrypted data in multi-cloud setting[J]. Security and Communication Networks, 2016, 9(16): 3808-3820.
[13] YANG Y, MA M D. Conjunctive keyword search with designated tester and timing enabled proxy re-encryption function for E-health clouds[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(4): 746-759.
[14] ZHU H, MEI Z L, WU B, et al. Fuzzy keyword search and access control over ciphertexts in cloud computing[C]//Proceedings of the Australasian Conference on Information Security and Privacy, 2017: 248-265.
[15] HUANG Q L, YAN G Y, WEI Q L. Attribute-based expressive and ranked keyword search over encrypted documents in cloud computing[J]. IEEE Transactions on Services Computing, 2023, 16(2): 957-968.
[16] ZHENG Q J, XU S H, ATENIESE G. VABKS: verifiable attribute-based keyword search over outsourced encrypted data[C]//Proceedings of the IEEE International Conference on Computer Communications. Piscataway: IEEE, 2014: 522-530.
[17] SUN W H, YU S C, LOU W J, et al. Protecting your right: verifiable attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud[J]. IEEE Transactions on Parallel and Distributed Systems, 2016, 27(4): 1187-1198.
[18] MIAO Y B, LIU X M, CHOO K R, et al. Privacy-preserving attribute-based keyword search in shared multi?owner setting[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(3): 1080-1094.
[19] QIU S, LIU J Q, SHI Y F, et al. Hidden policy ciphertext-policy attribute-based encryption with keyword search against keyword guessing attack[J]. Science China Information Sciences, 2016, 60(5): 052105.
[20] MENG F, CHENG L X, WANG M Q. ABDKS: attribute-based encryption with dynamic keyword search in fog computing[J]. Frontiers of Computer Science, 2021, 15(5): 155810.
[21] VARRI U S, KASANI S, PASUPULETI S K, et al. FELT-ABKS: fog-enabled lightweight traceable attribute-based keyword search over encrypted data[J]. IEEE Internet of Things Journal, 2022, 9(10): 7559-7571.
[22] LIU Z, CAO Z F, WONG D S. White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(1): 76-88.
[23] ZIEGLER D, MARSALEK A, PALFINGER G. White-box traceable attribute-based encryption with hidden policies and outsourced decryption[C]//Proceedings of the IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications. Piscataway: IEEE, 2021: 331-338.
[24] LUO F C, AL-KUWARI S. Generic construction of black-box traceable attribute-based encryption[J]. IEEE Transactions on Cloud Computing, 2023, 11(1): 942-955.
[25] FAN K, LI W H, BAI Y H, et al. EIV-BT-ABE: efficient attribute-based encryption with black-box traceability based on encrypted identity vector[J]. IEEE Internet of Things Journal, 2024, 11(9): 15229-15240.
[26] SETHI K, PRADHAN A, BERA P. PMTER-ABE: a practical multi-authority CP-ABE with traceability, revocation and outsourcing decryption for secure access control in cloud systems[J]. Cluster Computing, 2021, 24(2): 1525-1550.
[27] ZHANG L Y, ZHAO C C, WU Q, et al. A traceable and revocable multi-authority access control scheme with privacy preserving for mHealth[J]. Journal of Systems Architecture, 2022, 130: 102654.
[28] SARWAR K, YONGCHAREON S, YU J, et al. A survey on privacy preservation in fog-enabled Internet of Things[J]. ACM Computing Surveys, 2023, 55(1): 1-39.
[29] GREEN M, HOHENBERGER S, WATERS B. Outsourcing the decryption of ABE ciphertexts[C]//Proceedings of the 20th USENIX Conference on Security, 2011: 34-49.
[30] TU S S, WAQAS M, HUANG F M, et al. A revocable and outsourced multi-authority attribute-based encryption scheme in fog computing[J]. Computer Networks, 2021, 195: 108196.
[31] BEN L. PBC library[EB/OL]. (2013-06-14) [2021-06-20]. https://crypto.stanford.edu/pbc/.