《计算机应用研究》|Application Research of Computers

云存储环境下属性基加密综述

Survey of attribute-based encryption in cloud storage environment

免费全文下载 (已被下载 次)  
获取PDF全文
作者 赵志远,王建华,朱智强,孙磊
机构 1.信息工程大学,郑州 450001;2.空军电子技术研究所,北京 100195;3.郑州信大先进技术研究院,郑州 450001
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2018)04-0961-08
DOI 10.3969/j.issn.1001-3695.2018.04.001
摘要 属性基加密作为一种新型的密码方案,将用户私钥和密文与属性相关联,为解决云存储环境下数据安全共享、细粒度访问控制和安全存储等问题提供了一种解决思路。在对密钥策略属性基加密、密文策略属性基加密和混合策略属性基加密深入研究后,根据不同的功能扩展,针对隐藏访问结构、多授权机构、复杂计算安全外包、可搜索加密机制、属性撤销、叛徒追踪等重点难点问题进行了深入探讨研究。最后总结了现有研究工作的不足,并指出了未来的研究方向。
关键词 云计算;属性基加密;访问结构;细粒度访问控制
基金项目 国家重点研发计划资助项目(2016YFB0501900)
国家“973”计划资助项目(2013CB338000)
本文URL http://www.arocmag.com/article/01-2018-04-001.html
英文标题 Survey of attribute-based encryption in cloud storage environment
作者英文名 Zhao Zhiyuan, Wang Jianhua, Zhu Zhiqiang, Sun Lei
机构英文名 1.InformationEngineeringUniversity,Zhengzhou450001,China;2.ElectronicTechnologyInstituteofAirForce,Beijing100195,China;3.ZhengzhouXindaInstituteofAdvancedTechnology,Zhengzhou450001,China
英文摘要 As a new type of cryptography scheme, attribute-based encryption(ABE) associates the ciphertext and user’s secret key with attributes, and provides a solution for the security sharing, fine-grained access control and security storage of data in cloud storage environment. Based on the study of key-policy ABE, ciphertext-policy ABE and dual-policy ABE, according to the different function expansion, this paper elaborated the related works of ABE, including hidden access structure, multi-authorities, security outsourcing of complex computing, searchable encryption mechanism, attribute revocation, traitor tracing. Finally, this paper summarized the shortcomings of existing works and pointed out the future research directions.
英文关键词 cloud computing; attribute-based encryption; access structure; fine-grained access control
参考文献 查看稿件参考文献
  [1] Kale V. Guide to cloud computing for business and technology managers:from distributed computing to cloudware applications[M] . [S. l. ] :CRC Press, 2014.
[2] Gartner:2016年超36%数字内容将存储至云端[EB/OL] . (2013-07-16). https://club. 1688. com/article/32280571. htm.
[3] 冯登国, 张敏, 张妍, 等. 云计算安全研究[J] . 软件学报, 2011, 22(1):71-83.
[4] 张鹏飞. 云存储的数据安全问题研究[J] . 科学导报, 2016(6).
[5] Subashini S, Kavitha V. A survey on security issues in service delivery models of cloud computing[J] . Journal of Network and Computer Applications, 2011, 34(1):1-11.
[6] Pearson S. Taking account of privacy when designing cloud computing services[C] //Proc of ICSE Workshop on Software Engineering Challenges of Cloud Computing. Washington DC:IEEE Computer Society, 2009:44-52.
[7] Sahai A, Waters B. Fuzzy identity-based encryption[C] //Proc of Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2005:457-473.
[8] Kamara S, Lauter K. Cryptographic cloud storage[C] //Proc of International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2010:136-149.
[9] Boneh D, Franklin M. Identity-based encryption from the Weil pairing[C] //Proc of Annual International Cryptology Conference. Berlin:Springer, 2001:213-229.
[10] Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C] //Proc of the 13th ACM Conference on Computer and Communications Security. New York:ACM Press, 2006:89-98.
[11] Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption[C] //Proc of IEEE Symposium on Security and Privacy. Washington DC:IEEE Computer Society, 2007:321-334.
[12] Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonic access structures[C] //Proc of the 14th ACM Conference on Computer and Communications Security. New York:ACM Press, 2007:195-203.
[13] Zheng Yao. Key-policy attribute-based encryption scheme implementation[EB/OL] . (2012). http://www. cnsr. ictas. vt. edu/resources. html.
[14] Cheung L, Newport C. Provably secure ciphertext policy ABE[C] //Proc of the 14th ACM Conference on Computer and Communications Security. New York:ACM Press, 2007:456-465.
[15] Waters B. Ciphertext-policy attribute-based encryption:an expressive, efficient, and provably secure realization[C] //Proc of International Workshop on Public Key Cryptography. Berlin:Springer, 2011:53-70.
[16] Lewko A, Okamoto T, Sahai A, et al. Fully secure functional encryption:attribute-based encryption and(hierarchical) inner product encryption[C] //Proc of Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2010:62-91.
[17] Okamoto T, Takashima K. Fully secure functional encryption with general relations from the decisional linear assumption[C] //Proc of Annual Cryptology Conference. Berlin:Springer, 2010:191-208.
[18] Lewko A, Waters B. New proof methods for attribute-based encryption:achieving full security through selective techniques[C] //Proc of the 32nd Annual Cryptology Conference. Berlin:Springer, 2012:180-198.
[19] Attrapadung N, Imai H. Dual-policy attribute based encryption:simultaneous access control with ciphertext and key policies[J] . IEICE Trans on Fundamentals of Electronics Communications & Computer Sciences, 2010, 93-A(1):116-125.
[20] Miyaji A, Tran P V X. Constant-ciphertext-size dual policy attribute based encryption[C] //Proc of International Conference on Cyberspace Safety and Security. Berlin:Springer, 2012:400-413.
[21] Rao Y S, Dutta R. Computationally efficient dual-policy attribute based encryption with short ciphertext[C] //Proc of the 7th International Conference on Provable Security. New York:Springer-Verlag, 2013:288-308.
[22] Kapadia A, Tsang P P, Smith S W. Attribute-based publishing with hidden credentials and hidden policies[C] //Proc of Network and Distributed System Security Symposium. 2007:179-192.
[23] Nishide T, Yoneyama K, Ohta K. Attribute-based encryption with partially hidden encryptor-specified access structures[C] //Proc of International Conference on Applied Cryptography and Network Security. Berlin:Springer, 2008:111-129.
[24] Yu Shucheng, Ren Kui, Lou Wenjing. Attribute-based content distribution with hidden policy[C] //Proc of the 4th Workshop on Secure Network Protocols. Washington DC:IEEE Computer Society, 2008:39-44.
[25] Li Jin, Ren Kui, Zhu Bo, et al. Privacy-aware attribute-based encryption with user accountability[C] //Proc of International Conference on Information Security. Berlin:Springer, 2009:347-362.
[26] Lai Junzuo, Deng R H, Li Yingjiu. Fully secure cipertext-policy hiding CP-ABE[C] //Proc of International Conference on Information Security Practice and Experience. Berlin:Springer, 2011:24-39.
[27] 王海斌, 陈少真. 隐藏访问结构的基于属性加密方案[J] . 电子与信息学报, 2012, 34(2):457-461.
[28] Lai Junzuo, Deng R H, Li Yingliu. Expressive CP-ABE with partially hidden access structures[C] //Proc of the 7th ACM Symposium on Information, Computer and Communications Security. New York:ACM Press, 2012:18-19.
[29] Hur J. Attribute-based secure data sharing with hidden policies in smart grid[J] . IEEE Trans on Parallel and Distributed Systems, 2013, 24(11):2171-2180.
[30] 宋衍, 韩臻, 刘凤梅, 等. 基于访问树的策略隐藏属性加密方案[J] . 通信学报, 2015, 36(9):119-126.
[31] 唐强, 姬东耀. 多授权中心可验证的基于属性的加密方案[J] . 武汉大学学报:理学版, 2008, 54(5):607-610.
[32] Chase M. Multi-authority attribute based encryption[C] //Proc of Theory of Cryptography Conference. Berlin:Springer, 2007:515-534.
[33] Chase M, Chow S S M. Improving privacy and security in multi-authority attribute-based encryption[C] //Proc of the 16th ACM Conference on Computer and Communications Security. New York:ACM Press, 2009:121-130.
[34] Liu Zhen, Cao Zhenfu, Huang Qiong, et al. Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles[C] //Proc of the 16th European Symposium on Research in Computer Security. Berlin:Springer, 2011:278-297.
[35] Lewko A, Waters B. Decentralizing attribute-based encryption[C] //Proc of Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2011:568-588.
[36] Rouselakis Y, Waters B. Efficient statically-secure large-universe multi-authority attribute-based encryption[C] //Proc of International Conference on Financial Cryptography and Data Security. Berlin:Springer, 2015:315-332.
[37] 王皓, 郑志华, 吴磊, 等. 自适应安全的外包CP-ABE方案研究[J] . 计算机研究与发展, 2015, 52(10):2270-2280.
[38] Green M, Hohenberger S, Waters B. Outsourcing the decryption of ABE ciphertexts[C] //Proc of the 20th USENIX Conference on Security. Berkeley:USENIX Association, 2011:34.
[39] Zhou Zhibin, Huang Dijiang. Efficient and secure data storage operations for mobile cloud computing[C] //Proc of the 8th International Conference on Network and Service Management. Laxenburg:International Federation for Information Processing, 2012:37-45.
[40] Li Jingwei, Jia Chunfu, Li Jin, et al. Outsourcing encryption of attribute-based encryption with MapReduce[C] //Proc of the 14th International Conference on Information and Communications Security. Berlin:Springer, 2012:191-201.
[41] Lai Junzuo, Deng R H, Guan Chaowen, et al. Attribute-based encryption with verifiable outsourced decryption[J] . IEEE Trans on Information Forensics and Security, 2013, 8(8):1343-1354.
[42] Li Jin, Huang Xinyi, Li Jingwei, et al. Securely outsourcing attribute-based encryption with checkability[J] . IEEE Trans on Parallel and Distributed Systems, 2014, 25(8):2201-2210.
[43] Hohenberger S, Waters B. Online/offline attribute-based encryption[C] //Proc of International Workshop on Public Key Cryptography. Berlin:Springer, 2014:293-310.
[44] 沈志荣, 薛巍, 舒继武. 可搜索加密机制研究与进展[J] . 软件学报, 2014, 25(4):880-895.
[45] Song D X, Wagner D, Perrig A. Practical techniques for searches on encrypted data[C] //Proc of IEEE Symposium on Security and Privacy. Washington DC:IEEE Computer Society, 2000:44-55.
[46] Boneh D, Di Crescenzo G, Ostrovsky R, et al. Public key encryption with keyword search[C] //Proc of International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2004:506-522.
[47] Zhao Fangming, Nishide T, Sakurai K. Multi-user keyword search scheme for secure data sharing with fine-grained access control[C] //Proc of International Conference on Information Security and Cryptology. Berlin:Springer, 2011:406-418.
[48] Cao Ning, Wang Cong, Li Ming, et al. Privacy-preserving multi-keyword ranked search over encrypted cloud data[J] . IEEE Trans on Parallel and Distributed Systems, 2014, 25(1):222-233.
[49] Sun Wenhai, Yu Shucheng, Lou Wenjing, et al. Protecting your right:verifiable attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud[J] . IEEE Trans on Parallel and Distributed Systems, 2016:27(4):1187-1198.
[50] Han Fei, Qin Jing, Zhao Huawei, et al. A general transformation from KP-ABE to searchable encryption[J] . Future Generation Computer Systems, 2014, 30(1):107-115.
[51] Zheng Qingji, Xu Shouhuai, Ateniese G. VABKS:verifiable attribute-based keyword search over outsourced encrypted data[C] //Proc of IEEE INFOCOM. 2014:522-530.
[52] Li Ruixuan, Xu Zhiyong, Kang Wanshang, et al. Efficient multi-keyword ranked query over encrypted data in cloud computing[J] . Future Generation Computer Systems, 2014, 30(1):179-190.
[53] Revathy B D, Anbumani A, Ravishankar M P. Enabling secure and efficient keyword ranked search over encrypted data in the cloud[J] . International Journal of Recent Advances in Science & Engineering, 2015, 1(1):28-32.
[54] 李勇, 曾振宇, 张晓菲. 支持属性撤销的外包解密方案[J] . 清华大学学报:自然科学版, 2013, 53(12):1664-1669.
[55] Pirretti M, Traynor P, McDaniel P, et al. Secure attribute-based systems[C] //Proc of the 13th ACM Conference on Computer and Communications Security. New York:ACM Press, 2006, 99-112.
[56] Boldyreva A, Goyal V, Kumar V. Identity-based encryption with efficient revocation[C] //Proc of the 15th ACM Conference on Computer and Communications Security. New York:ACM Press, 2008:417-426.
[57] Rafaeli S, Hutchison D. A survey of key management for secure group communication[J] . ACM Computing Surveys, 2003, 35(3):309-329.
[58] Ibraimi L, Petkovic M, Nikova S, et al. Mediated ciphertext-policy attribute-based encryption and its application[C] //Proc of International Workshop on Information Security Applications. Berlin:Springer, 2009:309-323.
[59] Yu Shucheng, Wang Cong, Ren Kui, et al. Attribute based data sharing with attribute revocation[C] //Proc of the 5th ACM Symposium on Information, Computer and Communications Security. New York:ACM Press, 2010:261-270.
[60] Hur J, Noh D K. Attribute-based access control with efficient revocation in data outsourcing systems[J] . IEEE Trans on Parallel and Distributed Systems, 2011, 22(7):1214-1221.
[61] Kan Yang, Jia Xiaohua, Ren Kui. Attribute-based fine-grained access control with efficient revocation in cloud storage systems[C] //Proc of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. New York:ACM Press, 2013:523-528.
[62] Yang Kan, Jia Xiaohua. Security for cloud storage systems[M] . New York:Springer-Verlag, 2013.
[63] Zu Longhui, Liu Zhenhua, Li Juanjuan. New ciphertext-policy attribute-based encryption with efficient revocation[C] //Proc of IEEE International Conference on Computer and Information Technology. Washington DC:IEEE Computer Society, 2014:281-287.
[64] 张维纬, 冯桂, 刘建毅, 等. 云计算环境下支持属性撤销的外包解密DRM方案[J] . 计算机研究与发展, 2015, 52(12):2659-2668.
[65] Attrapadung N, Imai H. Attribute-based encryption supporting direct//indirect revocation modes[C] //Proc of IMA International Conference on Cryptography and Coding. Berlin:Springer, 2009:278-300.
[66] Hinek M J, Jiang Shaoquan, Safavi-Naini R, et al. Attribute-based encryption with key cloning protection[EB/OL] . (2008-11-09). https://eprint. iacr. org/2008/478. pdf.
[67] Li Jin, Ren Kui, Kim K. A2BE:accountable attribute-based encryption for abuse free access control[EB/OL] . (2009-04-14). https//eprint. iacr. org/2009/118. pdf.
[68] Li Jin, Zhao Gansen, Chen Xiaofeng, et al. Fine-grained data access control systems with user accountability in cloud computing[C] //Proc of the 2nd International Conference on Cloud Computing Technology and Science. Washington DC:IEEE Computer Society, 2010:89-96.
[69] Yu Shucheng, Ren Kui, Lou Wenjing, et al. Defending against key abuse attacks in KP-ABE enabled broadcast systems[C] //Proc of International Conference on Security and Privacy in Communication Systems. Berlin:Springer, 2009:311-329.
[70] Yu Shucheng, Wang Cong, Ren Kui, et al. Achieving secure, scalable, and fine-grained data access control in cloud computing[C] //Proc of the 29th Conference on Information Communications. Piscataway:IEEE Press, 2010:534-542.
[71] Liu Zhen, Cao Zhenfu, Wong D S. White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures[J] . IEEE Trans on Information Forensics and Security, 2013, 8(1):76-88.
[72] Boneh D, Boyen X. Short signatures without random oracles[C] //Proc of International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2004:56-73.
[73] Liu Zhen, Cao Zhenfu, Wong D S. Blackbox traceable CP-ABE:how to catch people leaking their keys by selling decryption devices on eBay[C] //Proc of ACM SIGSAC Conference on Computer & Communications Security. New York:ACM Press, 2013:475-486.
[74] Liu Zhen, Cao Zhenfu, Wong D S. Traceable CP-ABE:how to trace decryption devices found in the wild[J] . IEEE Trans on Information Forensics and Security, 2015, 10(1):55-68.
[75] Ning Jianting, Dong Xiaolei, Cao Zhenfu, et al. White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes[J] . IEEE Trans on Information Forensics and Security, 2015, 10(6):1274-1288.
收稿日期 2017/4/7
修回日期 2017/5/21
页码 961-968,973
中图分类号 TP309.7
文献标志码 A