Author Login Editor-in-Chief Peer Review Editor Work Office Work

Computer Engineering ›› 2021, Vol. 47 ›› Issue (7): 95-100. doi: 10.19678/j.issn.1000-3428.0058105

• Cyberspace Security • Previous Articles     Next Articles

An Attribute-based Encryption Scheme for Ciphertext Policy that Supports Attribute Revocation

WANG Jingyu, ZHOU Xuejuan   

  1. School of Information Engineering, Inner Mongolia University of Science and Technology, Baotou, Inner Mongolia 014010, China
  • Received:2020-04-17 Revised:2020-06-22 Published:2020-07-03

一种支持属性撤销的密文策略属性基加密方案

王静宇, 周雪娟   

  1. 内蒙古科技大学 信息工程学院, 内蒙古 包头 014010
  • 作者简介:王静宇(1976-),男,教授、博士,主研方向为信息安全、大数据访问控制;周雪娟,硕士研究生。
  • 基金资助:
    国家自然科学基金(61662056)。

Abstract: The traditional single-authorization Attribute-Based Encryption(ABE) schemes are limited by the high computing overhead and the poor security.Based on secure two-party computing protocols,this paper proposes a multi-authorization ciphertext policy ABE scheme,which supports fine-grained attribute-level revocation and user-level revocation.The scheme introduces multiple authorization centers to issue and update the secret key of the version.At the same time,secure two-party computation is performed between the secret key generation center and the cloud storage server to generate and update the user key for fine-grained attribute-level revocation.In the cloud storage server,the unique secret value and the unique identity value of each user in the list is operated to realize user-level revocation.In addition,the scheme employs multiple authorization centers to resist collusive attacks,and outsources part of computing tasks to the cloud.The scheme is put to a security test and compared with multiple schemes,including those based on AND,access tree and LSSS strategy.The experimental results show that the proposed scheme effectively enhances system security,and significantly reduces the computing complexity of the system.

Key words: access control, ciphertext policy Attribute-Based Encryption(ABE), multiple authorization centers, fine-grained attribute-level revocation, user revocation

摘要: 针对传统属性基加密方案中单授权中心计算开销大以及安全性较差等问题,通过引入多个授权中心以及安全两方计算协议等技术,提出一种支持细粒度属性级撤销和用户级撤销的密文策略属性基加密方案。引入多个属性授权中心以颁发并更新属性版本秘钥,同时秘钥生成中心与云存储服务器之间进行安全两方计算等操作,生成并更新用户密钥,从而进行细粒度属性级撤销。在云存储服务器中,对用户列表中的用户唯一秘值及唯一身份值进行操作以实现用户级撤销,同时通过多个授权中心抵抗合谋攻击,并将部分计算工作外包给云端。分析结果表明,与基于AND、访问树和LSSS策略的方案相比,该方案有效增强了系统的安全功能,同时显著降低了系统的计算复杂度。

关键词: 访问控制, 密文策略属性基加密, 多授权中心, 细粒度属性级撤销, 用户级撤销

CLC Number: