A Cross-Domain Ciphertext Sharing Scheme Supporting Access Behavior Identity Tracing

Shen Yuan; Song Wei; Zhao Changsheng; Peng Zhiyong

doi:10.7544/issn1000-1239.202330618

Journal of Computer Research and Development > 2024 > 61(7): 1611-1628. > DOI: 10.7544/issn1000-1239.202330618 CSTR: 32373.14.issn1000-1239.202330618

Shen Yuan, Song Wei, Zhao Changsheng, Peng Zhiyong. A Cross-Domain Ciphertext Sharing Scheme Supporting Access Behavior Identity Tracing[J]. Journal of Computer Research and Development, 2024, 61(7): 1611-1628. DOI: 10.7544/issn1000-1239.202330618

Citation:

PDF (1889 KB)

A Cross-Domain Ciphertext Sharing Scheme Supporting Access Behavior Identity Tracing

Shen Yuan^{1, 2,},
Song Wei^{1, 3, ,},
Zhao Changsheng¹,
Peng Zhiyong^{1, 3, ,}

1.
School of Computer Science, Wuhan University, Wuhan 430072
2.
School of Software, Pingdingshan University, Pingdingshan, Henan 467041
3.
Intellectual Computing Laboratory for Cultural Heritage (Wuhan University), Wuhan 430072

Funds: This work was supported by the National Natural Science Foundation of China (62372340, 62072349) and the Major Technical Research Project of Hubei Province (2023BAA018)

More Information

Author Bio:
Shen Yuan: born in 1983. PhD, lecturer. Member of CCF. His main research interests include data security, differential privacy, and applied cryptography

Song Wei: born in 1978. PhD, associate professor. Senior member of CCF. His main research interests include big data management and analysis, applied cryptography, privacy protection, cloud security, and AI security

Zhao Changsheng: born in 1999. Master. His main research interests include data security and applied cryptography

Peng Zhiyong: born in 1963. PhD, professor. Fellow of CCF. His main research interests include database, big data management and analysis, trusted data management, and complex data management
Received Date: July 30, 2023
Revised Date: November 13, 2023
Available Online: March 03, 2024

Graphical Abstract

Abstract

Abstract

As a widely used ciphertext authorization access mechanism in cloud environments, ciphertext-policy attribute-based encryption (CP-ABE) has fine-grained, one-to-many and owner-controlled properties. However, the traditional CP-ABE mechanism is difficult to obtain the identities of authorized users who maliciously abuse their decryption privileges since multiple users may have the same attribute set. Although numerous existing studies achieve the identity tracking for some specific decryption privilege abuses (i.e., white-box attacks and black-box attacks), they are challenging to audit authorized users’ identities for ciphertext access behaviors, which may lead to potential data security and owners’ right-to-be-informed compliance issues. Based on CP-ABE mechanism, to realize identity tracing of ciphertext data access behavior in real application scenarios, this scheme designs a cross-domain ciphertext data sharing method, which generates the access request by binding the traceable decryption key with the authorized user’s access behavior. The integrity of access requests is protected by blockchain. Meanwhile, this scheme introduces an encrypted inverted index structure to address the inefficiency of the identity traceability caused by blockchain traversal. The privacy-preserving of index queries is achieved through the BLS signature and privacy set intersection. Theoretical analysis and experimental results demonstrate that the proposed cross-domain ciphertext sharing scheme with authorized users’ access behaviors audit trail is efficient and practical.
- CP-ABE,
- cross-domain ciphertext data sharing,
- access behavior trace,
- blockchain,
- traversing optimization

FullText(HTML)

References (34)

References

[1]	Li Fengqi, Liu Kemeng, Zhang Lupeng, et al. EHRChain: A blockchain-based EHR system using attribute-based and homomorphic cryptosystem[J]. IEEE Transactions on Services Computing, 2022, 15(5): 2755−2765 doi: 10.1109/TSC.2021.3078119
[2]	Kshirsagar R, Hsu L Y, Greenberg C H, et al. Accurate and interpretable machine learning for transparent pricing of health insurance plans [C] // Proc of the 35th AAAI Conf on Artificial Intelligence. Palo Alto, CA: AAAI, 2021: 15127−15136
[3]	Shen Jiayan, Zeng Peng, Choo K K R, et al. A certificateless provable data possession scheme for cloud-based EHRs[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 1156−1168 doi: 10.1109/TIFS.2023.3236451
[4]	Qin Xuanmei, Huang Yongfeng, Yang Zhen, et al. LBAC: A lightweight blockchain-based access control scheme for the Internet of things[J]. Information Sciences, 2021, 554: 222−235 doi: 10.1016/j.ins.2020.12.035
[5]	张凯,马建峰,张俊伟,等. 在线/离线的可追责属性加密方案[J]. 计算机研究与发展,2018,55(1):216−224 doi: 10.7544/issn1000-1239.2018.20160799 Zhang Kai, Ma Jianfeng, Zhang Junwei, et al. Online/Offline traceable attribute-based encryption[J]. Journal of Computer Research and Development, 2018, 55(1): 216−224 (in Chinese) doi: 10.7544/issn1000-1239.2018.20160799
[6]	Ning Jianting, Dong Xiaolei, Cao Zhenfu, et al. White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(6): 1274−1288 doi: 10.1109/TIFS.2015.2405905
[7]	Liu Zhenhua, Ding Yingying, Yuan Ming, et al. Black-box accountable authority CP-ABE scheme for cloud-assisted E-health system[J]. IEEE Systems Journal, 2023, 17(1): 756−767 doi: 10.1109/JSYST.2022.3175244
[8]	Liu Zhen, Cao Zhenfu, Wong D S. White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(1): 76−88 doi: 10.1109/TIFS.2012.2223683
[9]	Ning Jiangting, Cao Zhenfu, Dong Xiaolei, et al. White-box traceable CP-ABE for cloud storage service: How to catch people leaking their access credentials effectively[J]. IEEE Transactions on Dependable and Secure Computing, 2018, 15(5): 883−897 doi: 10.1109/TDSC.2016.2608343
[10]	Yang Yang, Liu Ximeng, Deng R H, et al. Lightweight sharable and traceable secure mobile health system[J]. IEEE Transactions on Dependable and Secure Computing, 2020, 17(1): 78−91 doi: 10.1109/TDSC.2017.2729556
[11]	Shen Yuan, Song Wei, Zhao Changsheng, et al. Secure access control for eHealth data in emergency rescue case based on traceable attribute-based encryption [C] // Proc of the 21st Int Conf on Trust, Security and Privacy in Computing and Communications. Piscataway, NJ: IEEE, 2022: 201−208
[12]	Zhandry M. White box traitor tracing [G] // LNCS 12828: Proc of the 41st Annual Int Cryptology Conf. Berlin: Springer, 2021: 303−333
[13]	Ziegler D, Marsalek A, Palfinger G. White-box traceable attribute-based encryption with hidden policies and outsourced decryption [C] // Proc of the 20th IEEE Int Conf on Trust, Security and Privacy in Computing and Communications. Piscataway, NJ: IEEE, 2021. 331−338
[14]	Liu Zhen, Cao Zhenfu, Wong D S. Blackbox traceable CP-ABE: How to catch people leaking their keys by selling decryption devices on eBay [C] // Proc of ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2013: 475−486
[15]	Xu Shengming, Yuan Jiaming, Xu Guowen, et al. Efficient ciphertext-policy attribute-based encryption with blackbox traceability[J]. Information Sciences, 2020, 538: 19−38 doi: 10.1016/j.ins.2020.05.115
[16]	Xu Shengming, Huang Xinyi, Yuan Jiaming, et al. Accountable and fine-grained controllable rewriting in blockchains[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 18: 101−116
[17]	Ahmad A, Saad M, AlGhamdi M A, et al. BlockTrail: A service for secure and transparent blockchain-driven audit trails[J]. IEEE Systems Journal, 2022, 16(1): 1367−1378 doi: 10.1109/JSYST.2021.3097744
[18]	Ruan P, Dinh T T A, Lin Q, et al. LineageChain: A fine-grained, secure and efficient data provenance system for blockchains[J]. The International Journal of Very Large Data Bases, 2021, 30(1): 975−988
[19]	Wang Ti, Ma Hui, Zhou Yongbing, et al. Fully accountable data sharing for pay-as-you-go cloud scenes[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(4): 2005−2016 doi: 10.1109/TDSC.2019.2947579
[20]	Ning Jianting, Cao Zhenfu, Dong Xiaolei, et al. Auditable σ-time outsourced attribute-based encryption for access control in cloud computing[J]. IEEE Transactions on Information Forensics and Security, 2018, 13(1): 94−105 doi: 10.1109/TIFS.2017.2738601
[21]	Labadie C, Legner C. Personal data protection inside and out. Integrating data protection requirements in the data lifecycle[J]. Enterprise Modelling and Information Systems Architectures International Journal of Conceptual Modeling, 2020, 15(9): 1−20
[22]	Beimel A. Secure schemes for secret sharing and key distribution [D]. Haifa, Israel: Israel Institute of Technology, 1996
[23]	Rouselakis Y, Waters B. Practical constructions and new proof methods for large universe attribute-based encryption [C] // Proc of the 20th ACM SIGSAC Conf on Computer & Communications Security. New York: ACM, 2013: 463−474
[24]	Goyal V. Reducing trust in the PKG in identity based cryptosystems [G] // LNCS 4622: Proc of the 27th Annual Int Cryptology Conf. Berlin: Springer, 2007: 430−447
[25]	Ke Weiliang, Ge Chengyue, Song Wei. Executing efficient retrieval over blockchain medical data based on exponential skip bloom filter [G] // LNCS 13423: Proc of the 6th Web and Big Data Int Joint Conf. Berlin: Springer, 2022: 334−348
[26]	Wang Bing, Song Wei, Lou Wenjin, et al. Inverted index based multi-keyword public-key searchable encryption with strong privacy guarantee [C] // Proc of the 34th IEEE Conf on Computer Communications. Piscataway, NJ: IEEE, 2015: 2092−2100
[27]	Boneh D, Franklin M K. Identity based encryption from the Weil pairing [G] // LNCS 2139: Proc of the 21st Annual Int Cryptology Conf. Berlin: Springer, 2001: 213−229
[28]	Yang Yang, Zheng Xianghan, Guo Wenzhong, et al. Privacy-preserving smart IoT-based healthcare big data storage and self-adaptive access control system[J]. Information Sciences, 2019, 479: 567−592 doi: 10.1016/j.ins.2018.02.005
[29]	Wang Jiabei, Zhang Rui, Li Jianhao, et al. Owner-enabled secure authorized keyword search over encrypted data with flexible metadata[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 2746−2760 doi: 10.1109/TIFS.2022.3163886
[30]	Xiao Yue, Zhang Peng, Liu Yuhong. Secure and efficient multi-signature schemes for fabric: An enterprise blockchain platform[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 1782−1794 doi: 10.1109/TIFS.2020.3042070
[31]	Boneh D, Drijvers M, Neven G. Compact multi-signatures for smaller blockchains [G] // LNCS 11273: Proc of the 24th Int Conf on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2018: 435–464
[32]	Hou Huiying, Ning Jianting, Zhao Yunlei, et al. Fine-grained and controllably editable data sharing with accountability in cloud storage[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(5): 3448−3463 doi: 10.1109/TDSC.2021.3100401
[33]	Caro De A, Iovino V. jPBC: Java pairing based cryptography [C] // Proc of the 16th IEEE Symp on Computers and Communications. Piscataway, NJ: IEEE, 2011: 850−855
[34]	Caliper. Hyperledger caliper, version 0.5 [CP/OL]. [2023-10-17].https://hyperledger.github.io/caliper/

[1]	Wu Jingya, Lu Wenyan, Yan Guihai, Li Xiaowei. HyperTree: High Concurrent B+tree Index Accelerator[J]. Journal of Computer Research and Development, 2023, 60(7): 1661-1677. DOI: 10.7544/issn1000-1239.202111055
[2]	Yang Yongpeng, Jiang Dejun. A Method for Solving the wandering B+ tree Problem[J]. Journal of Computer Research and Development, 2023, 60(3): 539-554. DOI: 10.7544/issn1000-1239.202220555
[3]	Yan Wei, Zhang Xingjun, Ji Zeyu, Dong Xiaoshe, Ji Chenzhao. One-Direction Shift B⁺-Tree Based on Persistent Memory[J]. Journal of Computer Research and Development, 2021, 58(2): 371-383. DOI: 10.7544/issn1000-1239.2021.20200403
[4]	Te Rigen, Li Wei, and Li Xiongfei. Storage Model and Implementation of the Dynamic Ordered Tree[J]. Journal of Computer Research and Development, 2013, 50(5): 969-985.
[5]	Shen Yan, Song Shunlin, Zhu Yuquan. Mining Algorithm of Association Rules Based on Disk Table Resident FP-TREE[J]. Journal of Computer Research and Development, 2012, 49(6): 1313-1322.
[6]	Wang Hongqiang, Li Jianzhong, and Wang Hongzhi. Processing XPath over F&B-Index[J]. Journal of Computer Research and Development, 2010, 47(5): 866-877.
[7]	Zhou Da, Liang Zhichao, Meng Xiaofeng. HF-Tree: An Update-Efficient Index for Flash Memory[J]. Journal of Computer Research and Development, 2010, 47(5): 832-840.
[8]	Sun Xiaojuan, Sun Ninghui, Chen Mingyu. Optimization of B-NIDS for Multicore[J]. Journal of Computer Research and Development, 2007, 44(10): 1733-1740.
[9]	Ju Dapeng, Li Ming, Hu Jinfeng, Wang Dongsheng, Zheng Weimin, and Ma Yongquan. An Algorithm of B\++ Tree Management in P2P Environment[J]. Journal of Computer Research and Development, 2005, 42(8): 1438-1444.
[10]	Dong Daoguo, Liang Liuhong, and Xue Xiangyang. VAR-Tree—A New High-Dimensional Data Index Structure[J]. Journal of Computer Research and Development, 2005, 42(1): 10-17.

Cited By

Cited by

Periodical cited type(1)

1.	LUO Haoran，HU Shuisong，WANG Wenyong，TANG Yuke，ZHOU Junwei. Research on Multi-Core Processor Analysis for WCET Estimation. ZTE Communications. 2024(01): 87-94 .