计算机工程与应用 ›› 2020, Vol. 56 ›› Issue (6): 117-125.DOI: 10.3778/j.issn.1002-8331.1811-0040

• 网络、通信与安全 • 上一篇    下一篇

面向外包数据的可追踪防泄漏访问控制方案

彭维平,郭凯迪,宋成,闫玺玺   

  1. 河南理工大学 计算机科学与技术学院,河南 焦作 454003
  • 出版日期:2020-03-15 发布日期:2020-03-13

Traceable Leak Prevention Access Control Scheme for Outsourced Data

PENG Weiping, GUO Kaidi, SONG Cheng, YAN Xixi   

  1. School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo, Henan 454003, China
  • Online:2020-03-15 Published:2020-03-13

摘要:

针对云存储环境下外包数据存在的信息泄漏及追踪难的问题,提出了一种改进的基于密文策略属性基加密(Ciphertext-Policy Attribute-Based Encryption,CP-ABE)的安全访问控制方案。方案基于双线性对理论和秘密共享机制,由第三方可信机构根据数据所有者指定的访问策略为其产生代理加密密钥,根据用户提交的个人属性信息提供用户注册以及密钥对分发,采用访问树构造访问策略来实现用户属性的匹配度计算。当发生用户密钥泄漏导致信息失密时,根据追踪列表可追踪到用户的身份。分析表明,方案在基于DBDH假设下证明是安全的,且实现了抵抗合谋攻击和中间人攻击。通过与其他方案比较,方案在加解密时间、私钥长度和密文长度方面有所优化,从而降低了存储开销和计算代价。

关键词: 属性基加密, 安全访问, 服务外包数据, 密文策略属性基加密(CP-ABE)算法, 可追踪

Abstract:

To solve the problem of information leakage and tracking difficulty of outsourced data in cloud storage environment, an improved CP-ABE-based security access control scheme is proposed. The solution is based on the dual-pair theory and secret sharing mechanism. The third-party trusted agency generates a proxy encryption key for the user according to the access policy specified by the data owner, provides user registration based on the personal attribute information submitted by the user, and distributes the key pair. The access tree constructs an access policy to implement the matching of the user attributes. When the leakage of the user key leads to information loss, the identity of the user can be traced according to the tracking list. The analysis shows that the scheme can be proved to be secure under the assumption of DBDH, and it achieves resistance against collusion attacks and man-in-the-middle attacks. Compared with other schemes, the scheme of this paper is optimized in terms of encryption and decryption time, private key length and ciphertext length, thereby reducing storage overhead and computational cost.

Key words: attribute-based encryption, secure access, service outsourcing data, Ciphertext-Policy Attribute-Based Encryption(CP-ABE) algorithm, trackable