ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2015, Vol. 52 ›› Issue (10): 2281-2292.doi: 10.7544/issn1000-1239.2015.20150580

所属专题: 2015网络安全与隐私保护研究进展

• 信息安全 • 上一篇    下一篇



  1. (河海大学计算机与信息学院 南京 211100) (
  • 出版日期: 2015-10-01
  • 基金资助: 

A Privacy Preserving Attribute-Based Encryption Scheme with User Revocation

Li Jiguo, Shi Yuerong, Zhang Yichen   

  1. (College of Computer & Information, Hohai University, Nanjing 211100)
  • Online: 2015-10-01

摘要: 自从Sahai和Waters提出了基于属性加密的概念,密文策略的属性基加密(ciphertext-policy attribute-based encryption, CP-ABE)体制因其使用场景的广泛性受到了各界的青睐.对于使用移动设备进行属性基加解密的用户而言,大量的双线性对运算带来的电池耗费是不经济的;同时,由于在云环境系统下用户属性的动态性和访问结构的公开性,也会导致属性失效和用户隐私泄露的问题.为了解决上述问题,构造了一个隐私保护的且支持用户撤销的属性基加密方案,达到了完全隐藏访问结构并通过密钥更新机制灵活地实现用户撤销;同时,该方案将计算代价较高的双线性对操作外包给云存储提供方执行,以降低移动设备用户的计算代价,为了遏制云端的不端行为或对云端恶意攻击,提供了对转换密文的验证功能,保证了转换后密文未被非法替换,使之更适用于安全的手机云应用.

关键词: 属性基加密体制, 密文策略, 隐私保护, 用户撤销, 云计算

Abstract: Since Sahai and Waters proposed the concept of attribute-based encryption, ciphertext-policy attribute-based encryption (CP-ABE) system has drawn more and more attentions due to its widespread use of scenes. The consumption of the battery is not economical for users who use attribute-based encryption on mobile devices because of the large number of bilinear pairing operations. Due to dynamic for user’s attributes and the openness of the access structure in the cloud environment, it may lead to the attribute failure and user privacy leakage. In order to solve above problems, we construct an attribute-based encryption scheme, which protects the privacy for the users by fully hidden access structure and supports flexible user revocation by key updating mechanisms. Meanwhile, we outsource the high computational cost of the bilinear pairing operations to the cloud storage providers, which reduces the computational expense of users for mobile devices. In order to curb cloud misconduct or malicious attacks on the cloud, we provide the verification function of the converted ciphertext which ensures the converted encrypted cipher text is not replaced illegally. The proposed scheme is more suitable for secure mobile cloud applications.

Key words: attribute-based encryption system, ciphertext-policy, privacy preserving, user revocation, cloud computing