ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2016, Vol. 53 ›› Issue (10): 2365-2375.doi: 10.7544/issn1000-1239.2016.20160416

所属专题: 2016网络空间共享安全研究进展专题

• 信息安全 • 上一篇    下一篇

在线/离线密文策略属性基可搜索加密

陈冬冬,曹珍富,董晓蕾   

  1. (上海市高可信计算重点实验室(华东师范大学计算机科学与软件工程学院) 上海 200062) (51141500002@ecnu.cn)
  • 出版日期: 2016-10-01
  • 基金资助: 
    国家自然科学基金项目(61373154,61371083,61632012,61672239,61602180);高等学校博士学科点专项科研基金项目(20130073130004);上海市2016年度“科技创新行动计划”高新技术领域项目(16511101400);上海市自然科学基金项目(16ZR1409200) This work was supported by the National Natural Science Foundation of China (61373154, 61371083, 61632012, 61672239, 61602180), the Specialized Research Fund for the Doctoral Program of Higher Education of China (20130073130004), the Shanghai High-Tech Field Project (16511101400), and the Natural Science Foundation of Shanghai (16ZR1409200).

Online/Offline Ciphertext-Policy Attribute-Based Searchable Encryption

Chen Dongdong, Cao Zhenfu, Dong Xiaolei   

  1. (Shanghai Key Laboratory for Trustworthy Computing(School of Computer Science and Software Engineering, East China Normal University), Shanghai 200062)
  • Online: 2016-10-01

摘要: 在云计算环境中,越来越多的手机用户通过移动网路来共享自己的数据文件.但是由于云不是完全可信的,所以会出现一些安全隐私上的问题,针对这些问题,随之提出了各种基于属性基加密的解决方案.然而,其中大部分的工作要么是在加解密阶段存在大量的在线计算成本,要么是不支持加密数据的关键字搜索功能.而且大多的属性基加密机制会对数据共享、信息查询、数据细粒度管理等方面的效率性产生影响.为了解决这些问题带来的挑战,提出了一种新的密码学原语:在线/离线密文策略属性基可搜索加密方案(online/offline ciphertext-policy attribute-based searchable encryption scheme, OO-CP-ABSE).通过利用现有的在线/离线属性加密技术和属性基加密的外包解密技术,构造出高效的OO-CP-ABSE方案,使得数据拥有者端的在线计算代价最小化,同时使得数据用户端的解密计算代价最低;还给出了在云计算环境下,OO-CP-ABSE方案在移动设备上的应用;最后,给出了OO-CP-ABSE方案的安全性分析(数据机密性、关键字隐私安全、搜索可控性、陷门安全性)以及同现有其他方案的效率比较.

关键词: 云计算, 安全和隐私, 在线/离线密文策略属性基加密, 关键字搜索, 移动设备

Abstract: It is quite common for data owners to share the data via mobile phones in cloud computing. But because the cloud is not fully trusted, a series of privacy concerns emerge from it, and various schemes based on the attribute-based encryption have been proposed to these problems. However, most work either cannot support the keyword search function for the encrypted data, or bring a large of online computational cost in encryption and decryption phase. The efficiency of the data sharing and information query as well as the fined-grained of the data sharing will be affected by the most attribute-based encryption mechanism. To deal with these challenging concerns, we propose a new cryptographic primitive named online/offline ciphertext-policy attribute-based searchable encryption scheme (OO-CP-ABSE). By using the online/offline attribute-based encryption and the outsourcing decryption technique, we construct our scheme with minimum online computational cost on the data owner side and least decrypted computational cost on the data user side. Furthermore, we give the description of the application of OO-CP-ABSE in cloud computing for mobile devices. At last, we also present the efficiency of our scheme in comparison to other schemes and the security in terms of data confidentiality, keyword privacy, controlled searching, trapdoor privacy.

Key words: cloud computing, security and privacy, online/offline ciphertext-policy attribute-based encryption, keyword search, mobile device

中图分类号: