边云辅助下的可撤销属性加密方案

doi:10.19678/j.issn.1000-3428.0069341

摘要/Abstract

摘要：

物联网(IoT)设备数据上云已成为主流数据管理方案, 但云端数据管理存在安全风险。为确保数据机密性并防止未授权访问, 属性访问控制(ABAC)被认为是一种有效的解决方案。然而, 现有加密方案负担重、撤销机制不完善, 不适用于动态的物联网环境, 为此提出了边云辅助下的可撤销属性加密方案(ECA-RABE)。该方案采用椭圆曲线加密(ECC)技术降低计算开销; 支持多属性机构分担属性管理减少单点故障问题; 引入边缘节点(EN)降低物联网设备的计算负载; 利用云计算预解密降低用户侧计算压力; 引入属性版本号以及系统版本号, 设计撤销机制实现用户属性撤销、系统全局属性撤销以及用户撤销。安全性分析与性能分析表明, 所提方案在决策双线性Diffie-Hellman (DBDH)假设下是安全的, 并且加、解密效率高, 更适用于物联网环境。

关键词: 属性加密, 边缘计算, 访问控制, 线性秘密共享方案, 加密外包, 解密外包

Abstract:

Uploading data from Internet of Things (IoT) devices to the cloud has become a mainstream data management solution. However, cloud-based data management is associated with security risks. Attribute-Based Access Control (ABAC) is considered an effective solution for safeguarding data confidentiality and preventing unauthorized access. However, existing encryption schemes are computationally burdensome and lack robust revocation mechanisms, rendering them unsuitable for dynamic IoT environments. To address these issues, this study proposes a Revocable Attribute-Based Encryption scheme Assisted by Edge and Cloud (ECA-RABE). The scheme utilizes Elliptic Curve Cryptography (ECC) to reduce computational overhead, supports decentralized attribute management among multiple authorities to eliminate single points of failure, and employs Edge Node (EN) to offload computational tasks from IoT devices. Additionally, cloud computing is leveraged for pre-decryption to reduce user-side computational pressure. The scheme incorporates both attribute and system version numbers and designs a revocation mechanism to achieve user-level attribute revocation, system-wide attribute revocation, and user revocation. Security and performance analyses demonstrate that the proposed scheme is secure under the Decisional Bilinear Diffie-Hellman (DBDH) assumption and exhibits high efficiency in encryption and decryption. Therefore, the proposed scheme is well-suited to IoT environments.

Key words: attribute-based encryption, edge computing, access control, linear secret sharing scheme, encryption outsourcing, decryption outsourcing

张伟航, 钟永彦, 向元柱, 丁士旵. 边云辅助下的可撤销属性加密方案[J]. 计算机工程, 2025, 51(7): 244-253.

ZHANG Weihang, ZHONG Yongyan, XIANG Yuanzhu, DING Shichan. Revocable Attribute-Based Encryption Scheme Assisted by Edge and Cloud[J]. Computer Engineering, 2025, 51(7): 244-253.

https://www.ecice06.com/CN/Y2025/V51/I7/244

图/表 10

图1 ECA-RABE系统模型

Fig.1 ECA-RABE system model

图2 ECA-RABE系统流程

Fig.2 ECA-RABE system process

图3 ECA-RABE不同属性数目下各阶段运行时间

Fig.3 Runtime of each stage of ECA-RABE under different number of attributes

图4 ECA-RABE不同属性数目或密文数目下撤销算法运行时间

Fig.4 Runtime of revocation algorithm in ECA-RABE under different numbers of attributes or ciphertexts

图5 不同属性数目下DO加密运行时间

Fig.5 Runtime of DO encryption with different numbers of attributes

图6 不同属性数目下DU解密运行时间

Fig.6 Runtime of DU decryption with different numbers of attributes

参考文献 26

1	SWESSI D , IDOUDI H . A survey on Internet-of-Things security: threats and emerging countermeasures. Wireless Personal Communications, 2022, 124 (2): 1557- 1592.
2	MOHAMMADPOOR M , TORABI F . Big data analytics in oil and gas industry: an emerging trend. Petroleum, 2020, 6 (4): 321- 328.
3	IMTEAJ A , THAKKER U , WANG S Q , et al. A survey on federated learning for resource-constrained IoT devices. IEEE Internet of Things Journal, 2021, 9 (1): 1- 24.
4	ALZAKHOLI O , HAJI L L , SHUKUR H , et al. Comparison among cloud technologies and cloud performance. Journal of Applied Science and Technology Trends, 2020, 1 (1): 40- 47.
5	MOHAMMED S M , ABDULKAREEM N M , ZEEBAREE S R M , et al. IoT and cloud computing issues, challenges and opportunities: a review. Qubahan Academic Journal, 2021, 1 (2): 1- 7.
6	YU Y C , HU L , CHU J F . A secure authentication and key agreement scheme for IoT-based cloud computing environment. Symmetry, 2020, 12 (1): 150.
7	HUANG X , XIONG H , CHEN J H , et al. Efficient revocable storage attribute-based encryption with arithmetic span programs in cloud-assisted Internet of Things. IEEE Transactions on Cloud Computing, 2021, 11 (2): 1273- 1285.
8	BELGUITH S , KAANICHE N , HAMMOUDEH M . Analysis of attribute-based cryptographic techniques and their application to protect cloud services. Transactions on Emerging Telecommunications Technologies, 2022, 33 (3): e3667.
9	BUTT U A , AMIN R , MEHMOOD M , et al. Cloud security threats and solutions: a survey. Wireless Personal Communications, 2023, 128 (1): 387- 413.
10	LEE C C , CHUNG P S , HWANG M S . A survey on attribute-based encryption schemes of access control in cloud environments. International Journal of Network Security, 2013, 15 (4): 231- 240.
11	RAVINDER R B, ANIL K A. Survey on access control mechanisms in cloud environments[C]//Proceedings of 2024 International Conference on Emerging eLearning Technologies and Applications. Singapore: Springer Singapore, 2020: 141-149.
12	GUPTA R , KANUNGO P , DAGDEE N . A survey of state-of-the-art multi-authority attribute based encryption schemes in cloud environment. KSⅡ Transactions on Internet and Information Systems, 2023, 17 (1): 1- 10.
13	BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C]//Proceedings of the IEEE Symposium on Security and Privacy. Washington D. C., USA: IEEE Press, 2007: 321-334.
14	LIU Z H , DING Y Y , YUAN M , et al. Black-box accountable authority CP-ABE scheme for cloud-assisted E-health system. IEEE Systems Journal, 2022, 17 (1): 756- 767.
15	LEWKO A, WATERS B. Decentralizing attribute-based encryption[C]//Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Germany: Springer, 2011: 568-588.
16	GREEN M, HOHENBERGER S, WATERS B. Outsourcing the decryption of ABE ciphertexts[C]//Proceedings of the 20th USENIX Conference on Security. [S. l. ]: USENIX Association, 2011: 1-10.
17	CHENG F W , JI S , LAI C . Efficient CP-ABE scheme resistant to key leakage for secure cloud-fog computing. Journal of Internet Technology, 2022, 23 (7): 1461- 1471.
18	LI X , LIU T , CHEN C Y , et al. A lightweight and verifiable access control scheme with constant size ciphertext in edge-computing-assisted IoT. IEEE Internet of Things Journal, 2022, 9 (19): 19227- 19237.
19	程小辉, 丁黄婧, 邓昀, 等. 基于边缘计算的多授权属性加密方案. 计算机工程与设计, 2023, 44 (8): 2272- 2279.
	CHENG X H , DING H J , DENG Y , et al. Multi authorization attribute encryption mechanism based on edge computing. Computer Engineering and Design, 2023, 44 (8): 2272- 2279.
20	ODELU V , DAS A K . Design of a new CP-ABE with constant-size secret keys for lightweight devices using elliptic curve cryptography. Security and Communication Networks, 2016, 9 (17): 4048- 4059.
21	DING S , LI C , LI H . A novel efficient pairing-free CP-ABE based on elliptic curve cryptography for IoT. IEEE Access, 2018, 6, 27336- 27345.
22	SETHIA D , SAHU R . Efficient ECC-based CP-ABE scheme with constant-sized key and scalable user revocation. International Journal of Information Security and Privacy, 2022, 16 (1): 1- 19.
23	严新成, 陈越, 巴阳, 等. 支持用户权限动态变更的可更新属性加密方案. 计算机研究与发展, 2020, 57 (5): 1057- 1069.
	YAN X C , CHEN Y , BA Y , et al. Updatable attribute-based encryption scheme supporting dynamic change of user rights. Journal of Computer Research and Development, 2020, 57 (5): 1057- 1069.
24	SETHI K , PRADHAN A , BERA P . PMTER-ABE: a practical multi-authority CP-ABE with traceability, revocation and outsourcing decryption for secure access control in cloud systems. Cluster Computing, 2021, 24 (2): 1525- 1550.
25	DAS S , NAMASUDRA S . MACPABE: multi-authority-based CP-ABE with efficient attribute revocation for IoT-enabled healthcare infrastructure. International Journal of Network Management, 2023, 33 (3): e2200.
26	董江涛, 闫沛文, 杜瑞忠. 雾计算中基于无配对CP-ABE可验证的访问控制方案. 通信学报, 2021, 42 (8): 139- 150.
	DONG J T , YAN P W , DU R Z . Verifiable access control scheme based on unpaired CP-ABE in fog computing. Journal on Communications, 2021, 42 (8): 139- 150.

[1]	武小丰, 袁培燕. 一种改进蛇优化算法的边缘服务器动态放置策略[J]. 计算机工程, 2025, 51(6): 255-265.
[2]	杨莉斌, 詹成, 李婷婷, 廖婧睿. 多天线无人机视频通信中的节能资源分配策略[J]. 计算机工程, 2025, 51(6): 266-274.
[3]	杜剑波, 董伟哲, 金蓉, 王军选, 康嘉文, 刘雷, 策力木格. 基于MEC的空天地一体化网络任务分割与资源分配[J]. 计算机工程, 2025, 51(5): 43-51.
[4]	林绍福, 陈盈盈, 李硕朋. 基于深度强化学习的多无人机能量传输与边缘计算联合优化方法[J]. 计算机工程, 2025, 51(3): 144-154.
[5]	刘亮, 毛武平, 李汶蔚, 谭思源, 荆腾祥. 空天地一体化边缘计算网络中基于博弈论的任务卸载策略[J]. 计算机工程, 2025, 51(2): 238-249.
[6]	徐渊博, 任静, 王亮, 符宁, 於志文. 面向无人机辅助边缘计算的卸载任务准入控制机制[J]. 计算机工程, 2025, 51(2): 54-64.
[7]	张俊娜, 李天泽, 赵晓焱, 袁培燕. 一种基于DQN的去中心化优先级卸载策略[J]. 计算机工程, 2024, 50(9): 235-245.
[8]	张冀, 龚雯雯, 朵春红, 齐国梁. 面向多智能体与双层卸载的车联网卸载算法[J]. 计算机工程, 2024, 50(8): 182-197.
[9]	石琼, 段辉, 师智斌. 基于深度强化学习的可信任务卸载方案[J]. 计算机工程, 2024, 50(8): 142-152.
[10]	周浚辉, 徐鹏, 孙胜利. 协同感知系统中一种基于信息年龄优化的服务策略[J]. 计算机工程, 2024, 50(8): 165-181.
[11]	郑清安, 董建成, 陈亮, 阮英清, 李锦松, 许林彬. 分布式可信数据管理与隐私保护技术研究[J]. 计算机工程, 2024, 50(7): 174-186.
[12]	陈姣, 沈艳. 面向缓存机制的移动边缘计算任务卸载研究[J]. 计算机工程, 2024, 50(7): 194-203.
[13]	赵云涛, 肖俊杰, 李维刚, 熊雅婷. 基于改进PPYOLOE-R的信息码矫正研究[J]. 计算机工程, 2024, 50(6): 358-366.
[14]	曾耀平, 夏玉婷, 江伟伟, 刘月强. 加权能耗最小化的无人机辅助移动边缘计算策略研究[J]. 计算机工程, 2024, 50(2): 288-297.
[15]	倪苏婕, 陈兵, 石优. 一种联合V2I和V2V的任务卸载优化方案[J]. 计算机工程, 2024, 50(12): 174-183.

选择文件类型/文献管理软件名称

选择包含的内容