ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (10): 2151-2159.doi: 10.7544/issn1000-1239.2019.20190343

所属专题: 2019密码学与智能安全研究专题

• 信息安全 • 上一篇    下一篇

隐藏访问策略的高效CP-ABE方案

王悦1,2,樊凯2   

  1. 1(西安文理学院信息工程学院 西安 710065);2(西安电子科技大学网络与信息安全学院 西安 710071) (ywang@xawl.edu.cn)
  • 出版日期: 2019-10-16
  • 基金资助: 
    国家重点研发计划项目(2017YFB0802300);国家自然科学基金项目(61772403,U1401251);西安市科技计划项目(CXY1352WL30)

Effective CP-ABE with Hidden Access Policy

Wang Yue1,2, Fan Kai2   

  1. 1(School of Information Engineering, Xi’an University, Xi’an 710065);2(School of Cyber Engineering, Xidian University, Xi’an 710071)
  • Online: 2019-10-16

摘要: 人工智能的发展离不开云计算的支撑,同样,人工智能的安全与云上大数据的安全也是密切相关的.目前,基于密文策略的属性基加密(ciphertext policy attribute-based encryption, CP-ABE)被认为是实现云上数据细粒度访问控制最有效的方法之一.在基于密文策略属性基加密方案中,访问策略与密文相关且绑定,但很多时候,访问策略本身就是敏感信息,若以明文形式存放在云端会造成用户数据的泄露.因此,一种隐藏访问策略的高效CP-ABE方案被提出以解决这一问题.它可以使得属性隐藏和秘密共享能够同时应用到“与”门结构中,然后利用合数阶双线性群构造了一种基于包含正负及无关值的“与门”的策略隐藏方案,该方案有效地避免了用户的具体属性值泄露给其他第三方,确保了用户隐私的安全.此外,通过实验验证及分析,保证了该方案在实现复杂访问结构的策略隐藏的同时,还满足解密时间短,解密效率高的优点.

关键词: 大数据安全, 属性加密, 访问结构, 策略隐藏, 访问控制

Abstract: The development of artificial intelligence depends on the development of cloud computing, at the same time, the security of artificial intelligence is closely related to the security of large data in the cloud. At Present, the ciphertext policy attribute-based encryption (CP-ABE) scheme is considered to be one of the most effective methods to achieve fine-grained access control of data in cloud. In the CP-ABE scheme, the access policy is often associated with the ciphertext. But sometimes, the access policy itself is also the important sensitive information, and access policies stored in the cloud in the form of clear text will also cause the users’ data revealed. In response to this problem, an efficient improved CP-ABE scheme is presented, which can hide the access policy. It can make both the attribute hiding and the secret sharing be applied to the AND-gate structure at the same time and then according to the composite order bilinear groups. Therefore, the user’s specific attribute value will not be disclosed to any other third party, thus we effectively protect the user’s privacy. In addition, through the experimental verification and data analysis, our scheme not only achieves the hidden of complex access structure,but also makes the ciphertext time shortened and decryption efficiency improved.

Key words: security of large data, attribute based encryption (ABE), access structure, hidden policy, access control

中图分类号: