Hierarchical Lightweight Access Control Scheme in Cloud Environment

doi:10.3778/j.issn.1002-8331.2109-0202

Abstract

Abstract: Attribute-based encryption can realize fine-grained access control of ciphertext data and effectively solve the problem of data sharing in the cloud environment. Aiming at the problem that it is difficult for devices with limited computing capabilities to efficiently complete a large number of calculations in the attribute-based encryption process, this paper proposes a hierarchical lightweight access control scheme in cloud environment. This solution safely transfers most of the time-consuming encryption and decryption calculations to the cloud servers by introducing virtual attribute and dual keys, and optimizes the access structure. The data sharer only needs to encrypt multiple data with hierarchical access structure once, and the data requester can decrypt part or all of the ciphertext according to its attributes. Security analysis and performance evaluation show that the solution can achieve efficient and fine-grained ciphertext data access control in the cloud environment, significantly reducing the computing overhead of the client, and will not cause data leakage during the entire execution process.

Key words: attribute-based encryption, access control, hierarchical, computing transfer

摘要： 属性基加密能够实现密文数据的细粒度访问控制，有效地解决云环境中的数据共享问题。针对计算能力受限设备难以高效地完成属性基加密过程中大量计算的问题，提出一种云环境中层次化的轻量级访问控制方案。该方案通过引入虚拟属性和双密钥将大部分耗时的加解密计算安全地转移至云服务器，并对访问结构进行优化。数据分享者对访问结构具有层次关系的多份数据只需加密一次，同时数据请求者可以根据其属性解密部分或全部密文。安全性分析和性能评估表明该方案能够实现云环境中高效和细粒度的密文数据访问控制，使得用户端计算开销显著降低，且在整个执行过程中不会造成数据泄露。

关键词: 属性基加密, 访问控制, 层次化, 计算转移

TONG Qian, HE Heng, NIE Lei, ZHANG Panfeng. Hierarchical Lightweight Access Control Scheme in Cloud Environment[J]. Computer Engineering and Applications, 2022, 58(21): 109-118.

童潜, 何亨, 聂雷, 张攀峰. 云环境中层次化的轻量级访问控制方案[J]. 计算机工程与应用, 2022, 58(21): 109-118.

References

[1] 张玉清，王晓菲，刘雪峰，等.云计算环境安全综述[J].软件学报，2016，27（6）：1328-1348.
ZHANG Y Q，WANG X F，LIU X F，et al.Survey on cloud computing security[J].Journal of Software，2016，27（6）：1328-1348.
[2] SAHAI A，WATERS B.Fuzzy identity-based encryption[C]//Proceedings of the 24th Annual International Conferenceerence on Theory and Applications of Cryptographic Techniques.Berlin：Springer，2004：457-473.
[3] GOYAL V，PANDEY O，SAHAI A，et al.Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.New York，NY：ACM，2006：89-98.
[4] BETHENCOURT J，SAHAI A，WATERS B.Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy.Piscataway，NJ：IEEE，2007：321-334.
[5] GREEN M，HOHENBERGER S，WATERS B.Outsourcing the decryption of abe ciphertexts[C]//Proceedings of the 20th USENIX Conference on Security.Berkeley，CA：USENIX Association，2011：34.
[6] WATERS B.Ciphertext-policy attribute-based encryption：an expressive，efficient，and provably secure realization[C]//Public Key Cryptography-PKC 2011.Berlin：Springer，2011：53-70.
[7] 王悦，樊凯.隐藏访问策略的高效CP-ABE方案[J].计算机研究与发展，2019，56（10）：2151-2159.
WANG Y，FAN K.Effective CP-ABE with hidden access policy[J].Journal of Computer Research and Development，2019，56（10）：2151-2159.
[8] XUE K P，GAI N，HONG J N，et al.Efficient and secure attribute-based access control with identical sub-policies frequently used in cloud storage[J].IEEE Transactions on Dependable and Secure Computing，2022，19（1）：635-646.
[9] NING J T，CAO Z F，DONG X L，et al.CryptCloud$^+$+：secure and expressive data access control for cloud storage[J].IEEE Transactions on Services Computing，2021，14（1）：111-124.
[10] WEI J H，CHEN X F，HUANG X Y，et al.RS-HABE：revocable-storage and hierarchical attribute-based access scheme for secure sharing of e-health records in public cloud[J].IEEE Transactions on Dependable and Secure Computing，2021，18（5）：2301-2315.
[11] 高嘉昕，孙加萌，秦静.支持属性撤销的可追踪外包属性加密方案[J].计算机研究与发展，2019，56（10）：2160-2169.
GAO J X，SUN J M，QIN J.Traceable outsourcing attribute-based encryption with attribute revocation[J].Journal of Computer Research and Development，2019，56（10）：2160-2169.
[12] HAN D Z，PAN N N，LI K C.A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection[J].IEEE Transactions on Dependable and Secure Computing，2022，19（1）：316-327.
[13] WU Y L，WU C C，HOU J，et al.Cloud-supported internet of things data security and access control in smart grid[C]//2019 IEEE Innovative Smart Grid Technologies-Asia.Piscataway，NJ：IEEE，2019：764-769.
[14] XUE Y J，XUE K P，GAI N，et al.An attribute-based controlled collaborative access control scheme for public cloud storage[J].IEEE Transactions on Information Forensics and Security，2019，14（11）：2927-2942.
[15] LIN S Q，ZHANG R，MA H，et al.Revisiting attribute-based encryption with verifiable outsourced decryption[J].IEEE Transactions on Information Forensics and Security，2015，10（10）：2119-2130.
[16] MAO X P，LAI J Z，MEI Q X，et al.Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption[J].IEEE Transactions on Dependable and Secure Computing，2016，13（5）：533-546.
[17] NING J T，CAO Z F，DONG X L，et al.Auditable sigma-time outsourced attribute-based encryption for access control in cloud computing[J].IEEE Transactions on Information Forensics and Security，2018，13（1）：94-105.
[18] LI J G，WANG Y，ZHANG Y C，et al.Full verifiability for outsourced decryption in attribute based encryption[J].IEEE Transactions on Services Computing，2020，13（3）：478-487.
[19] MA H，ZHANG R，WAN Z G，et al.Verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing[J].IEEE Transactions on Dependable and Secure Computing，2017，14（6）：679-692.
[20] XIONG H，SUN J F.Comments on “Verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing”[J].IEEE Transactions on Dependable and Secure Computing，2017，14（4）：461-462.
[21] LI R X，SHEN C L，HE H，et al.A lightweight secure data sharing scheme for mobile cloud computing[J].IEEE Transactions on Cloud Computing，2018，6（2）：344-357.
[22] LI J，WANG Q，WANG C，et al.Enhancing attribute-based encryption with attribute hierarchy[C]//2009 Fourth International Conference on Communications and Networking in China.Piscataway，NJ：IEEE，2009：1-5.
[23] BONEH D，BOYEN X.Efficient selective-ID secure identity-based encryption without random oracles[C]//International Conference on the Theory and Applications of Cryptographic Techniques.Berlin：Springer，2004，223-238.
[24] WANG S L，ZHOU J W，LIU J K，et al.An efficient file hierarchy attribute-based encryption scheme in cloud computing[J].IEEE Transactions on Information Forensics and Security，2016，11（6）：1265-1277.
[25] LI J G，CHEN N Y，ZHANG Y C.Extended file hierarchy access control scheme with attribute-based encryption in cloud computing[J].IEEE Transactions on Emerging Topics in Computing，2021，9（2）：983-993.
[26] HE H，ZHENG L H，LI P，et al.An efficient attribute-based hierarchical data access control scheme in cloud computing[J].Human?Centric Computing and Information Sciences，2020，10（1）.
[27] CARO A D，IOVINO V.jPBC：Java pairing based cryptography[C]//Proceedings of the 2011 IEEE Symposium on Computers and Communications.Piscataway，NJ：IEEE，2011：850-855.
[28] GREEN M，AKINYELE A，RUSHANAN M.Libfenc：the functional encryption library[EB/OL].[2020-09-10].http：//code.google.com/p/libfenc.