支持细粒度属性直接撤销的CP-ABE方案
作者:
作者单位:

作者简介:

张文芳(1978-),女,山西太原人,博士,副教授,主要研究领域为公钥密码学,信息安全;刘旭东(1990-),男,硕士生,主要研究领域为基于属性的密码体制,环签名;陈桢(1990-),男,硕士,主要研究领域为基于属性的加密,签名机制;王小敏(1974-),男,博士,教授,博士生导师,主要研究领域为信息安全,轨道交通信息系统安全.

通讯作者:

王小敏,E-mail:xmwang@swjtu.edu.cn

中图分类号:

TP309

基金项目:

国家自然科学基金(61872302);四川省科技计划(2017GZDZX0002,2018GZ0195,2017SZYZF0002,2019YFH0097);国家铁路智能运输系统工程技术中心开放课题(RITS2018KF02)


CP-ABE Scheme Supporting Fine-grained Attribute Direct Revocation
Author:
Affiliation:

Fund Project:

National Natural Science Foundation of China (61872302); Sichuan Science and Technology Program (2017GZDZX0002, 2018GZ0195, 2017SZYZF0002, 2019YFH0097); Project Fund for the Center of National Railway Intelligent Transportation System Engineering and Technology (RITS2018KF02)

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    为了解决用户属性变化带来的权限访问控制问题,支持属性撤销的基于属性加密方案被提出.然而,现有的属性撤销机制大多存在撤销代价大、撤销粒度粗等问题,且已有的方案均存在安全隐患,即属性授权中心可以伪装成任意用户解密密文.为弥补上述不足,提出一种支持细粒度属性直接撤销的密文策略的基于属性加密方案(CP-ABE),并给出该方案的形式化定义与安全模型.所提方案中,用于生成用户密钥的秘密参数由系统中心和属性授权机构分别产生,可避免属性授权中心解密密文的安全隐患.同时,通过引入多属性授权中心进一步降低了安全风险.在属性撤销方面,通过设计高效的重加密算法并引入属性撤销列表,实现细粒度的属性直接撤销.安全证明和性能分析表明:所提方案在适应性选择密文攻击下具有不可区分性并能抵抗不可信授权中心的破译攻击,较同类方案具有更高的计算效率以及更细的属性撤销粒度.

    Abstract:

    In the attribute-based cryptosystems, user's identity is extended as a set of attributes. In order to solve the access control problem caused by the change of users' attributes, attribute-based encryption (ABE) schemes with attribute revocation were proposed. However, there are some problems like high revocation cost or coarse-grained revocation in most of the existing ABE schemes. Besides, the attribute key escrow problem is serious, that is the attribute authority can impersonate any user to decrypt the ciphertexts since the user's attribute private key is generated by the attribute authority himself. In order to remedy the above mentioned problems, the study proposes a ciphertext-policy attribute-based scheme supporting fine-grained attribute direct revocation, whose formal definition and security model are also presented. In the proposal, user's attribute private key is generated by the system authority and multiple attribute authorities jointly, so that each attribute authority's privilege can be effectively limited. Furthermore, the proposal constructs an efficient re-encryption method based on the access tree, which, together with the attribute revocation list, can be used to realize fine-grained attribute direct revocation with low revocation cost. By the formal security proof, the proposal is proven to have the characteristics of indistinguish ability under the adaptive chosen cipher-text attack and can protect the system from being attacked by the incredible authority. Compared to the similar schemes, the proposal can achieve higher computation efficiency and finer-grained attribute direct revocation.

    参考文献
    相似文献
    引证文献
引用本文

张文芳,陈桢,刘旭东,王小敏.支持细粒度属性直接撤销的CP-ABE方案.软件学报,2019,30(9):2760-2771

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2017-01-22
  • 最后修改日期:2017-08-24
  • 录用日期:
  • 在线发布日期: 2019-09-06
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号