一种支持细粒度授权的数据安全共享方案

信息安全研究 ›› 2023, Vol. 9 ›› Issue (7): 667-.

• 数据合规高效流通使用专题 • 上一篇下一篇

一种支持细粒度授权的数据安全共享方案

陈曦1李勇2李如先1

1(联易融数字科技集团有限公司广东深圳518063)
2(北京交通大学电子信息工程学院北京100044)

出版日期:2023-07-01 发布日期:2023-07-01
通讯作者: 陈曦博士.主要研究方向为隐私计算、密码协议应用、区块链、密文共享与授权. chenxi@linklogis.com
作者简介:陈曦博士.主要研究方向为隐私计算、密码协议应用、区块链、密文共享与授权. chenxi@linklogis.com 李勇博士，副教授.主要研究方向为应用密码学、云计算安全、隐私计算. liyong@bjtu.edu.cn 李如先主要研究方向为隐私计算、区块链、大数据、图像OCR. liruxian@linklogis.com

A Secure Data Sharing Scheme Supporting Finegrained Authorization

Online:2023-07-01 Published:2023-07-01

摘要/Abstract

摘要： 针对在云计算环境下数据共享时存在的数据集中存储、数据共享困难等问题，通过结合多条件代理重加密和基于属性代理重加密，提出面向多用户的支持多授权条件的基于属性代理重加密方案.该方案支持多个关键词授权条件下的密文数据细粒度访问，能够对密文共享的授权条件和授权范围进行限定，只有属性集符合密文中的访问结构以及关键词与密文所设的关键词一致时，用户才能访问数据.该方案还支持灵活的用户撤销，防止密文未经授权被合谋解密，保护了数据所有者的敏感信息.通过可证明安全分析，在一般群模型下，该方案具有选择明文攻击安全性；与其他条件代理重加密方案相比，其所支持的功能更具有多样性.

关键词: 数据安全流通, 密文共享, 基于属性代理重加密, 多授权条件, 条件代理重加密

Abstract: Considering the problems such as centralized data storage and difficulty in data sharing in cloud computing environments, based on the combination of multiconditional proxy reencryption and attributebased proxy reencryption, a multiconditional attributebased threshold proxy reencryption scheme which supports multiple authorization conditions is proposed. The scheme supports finegrained access to ciphertext data under multiple keyword authorization conditions, and can limit the authorization conditions and scope of ciphertext sharing. Only when the attribute set meets the access structure in the ciphertext and the keywords are consistent with the keywords set in the ciphertext, users can access the data. This solution achieves finegrained access to ciphertext data under multiple keyword authorization conditions, supports flexible user revocation, prevents unauthorized decryption of ciphertext by conspirators, and protects the sensitive information of data owners. Through the provable security analysis, it is shown that under the general group model, the scheme can resist chosen plaintext attack; compared with other conditional proxy reencryption schemes, the functions it supports are more diverse.

Key words: secure data circulation, ciphertext sharing, attributebased proxy reencryption, multiple authorization conditions, conditional proxy reencryption

陈曦, 李勇, 李如先, . 一种支持细粒度授权的数据安全共享方案[J]. 信息安全研究, 2023, 9(7): 667-.

参考文献

［1］Blaze M, Bleumer G, Strauss M. Divertible protocols and atomic proxy cryptography［C］ LNCS 1403: EUROCRYPT 1998. Berlin: Springer, 1998: 127144［2］Liang Xiaohui, Cao Zhenfu, Lin Huang, et al. Attribute based proxy reencryption with delegating capabilities［C］ Proc of the 4th Int Symp on Information, Computer, and Communications Security. New York: ACM, 2009: 276286［3］Sandor V K A, Lin Yaping. Offline privacy preserving proxy reencryption in mobile cloud computing［J］. Pervasive and Mobile Computing, 2019, 59: 101081［4］Xue Yingjie, Xue Kaiping, Gai Na, et al. An attributebased controlled collaborative access control scheme for public cloud storage［J］. IEEE Trans on Information Forensics and Security, 2019,14(11): 29272942［5］Tang Qiang. Typebased proxy reencryption and its construction［C］ Proc of the 9th Annual Int Conf on Cryptology. Berin: Springer, 2008: 130144［6］Fang Liming, Wang Jiandong, Ge Chunpeng, et al. Fuzzy conditional proxy reencryption［J］. Science China Information Sciences, 2013, 56(5): 113［7］Ge Chunpeng, Wang Jiandong, Fang Liming. Research on noninteractive construction based on fuzzy conditional proxy reencryption［J］. International Journal of Security and Its Applications, 2015, 9(12): 405418［8］蓝才会, 王彩芬. 一个新的基于秘密共享的条件代理重加密方案［J］. 计算机学报, 2013, 36(4): 895902［9］Liu Yepeng, Ren Yongjun, Ge Chunpeng, et al. A CCAsecure multiconditional proxy broadcast reencryption scheme for cloud storage system［J］. Journal of Information Security and Applications, 2019, 47: 125131［10］Fan Chuni, Chen Juncheng, Huang Shiyuan, et al. Provably secure timedrelease proxy conditional reencryption［J］. IEEE Systems Journal, 2017, 11(4): 22912302［11］Zeng Peng, Choo K. A new kind of conditional proxy reencryption for secure cloud storage［J］. IEEE Access, 2018, 6: 7001770024［12］Luo Song, Hu Jianbin, Chen Zhong. Ciphertext policy attributebased proxy reencryption［C］ LNSC 6476: Proc of Int Conf on Information and Communications Security. Berlin: Springer, 2010: 401415［13］Zhang Kuan, Yang Kan, Liang Xiaohui, et al. Security and privacy for mobile healthcare networks: From a quality of protection perspective［J］. IEEE Wireless Communications, 2015, 22(4): 104112［14］Yang Yanjiang, Zhu Haiyan, Lu Haibing, et al. Cloud based data sharing with finegrained proxy reencryption［J］. Pervasive and Mobile Computing, 2016, 28: 122134［15］Xu Xiaolong, Zhang Qitong, Zhou Jinglan. NCMACPABE: Noncentered multiauthority proxy reencryption based on CPABE for cloud storage systems［J］. Journal of Central South University, 2017, 24(4): 807818［16］Deng Hua, Qin Zheng, Wu Qianhong, et al. Flexible attributebased proxy reencryption for efficient data sharing［J］. Information Sciences, 2020, 511: 94113［17］Weng Jian, Weng Jiasi, Liu Jianan, et al. Serveraided access control for cloud computing［J］. Chinese Journal of Network and Information Security, 2016, 2(10): 5876［18］Song Youjin. Threshold delegation scheme based on multiproxy reencryption［J］. International Journal of Security and Its Applications, 2016, 10(7): 35562［19］Li Juyan, Ma Chunguang, Zhao Qian. Resplittable threshold multibroker proxy reencryption scheme from lattices［J］. Journal on Communications, 2017, 38(5): 157164［20］Patil S M, Purushothama B R. Nontransitive and collusion resistant quorum controlled proxy reencryption scheme for resource constrained networks［J］. Journal of Information Security and Applications, 2020, 50: 112［21］李勇, 雷丽楠, 朱岩. 密文访问控制及其应用研究［J］. 信息安全研究, 2016, 2(8): 721728［22］Singh G, Serra L, Png W, et al. BrickNet: Sharing object behaviors on the net［C］ Proc of IEEE VRAIS'95. Piscataway, NJ: IEEE, 1995: 1925［23］Wang Junwei. Java realization for ciphertextpolicy attributebased encryption［EBOL］. 2012 ［20230618］. https:github.comjunweiwangcpabe［24］Huang Qinlong, Yang Yixian, Fu Jingyi. PRECISE: Identitybased private data sharing with conditional proxy reencryption in online social networks［J］. Future Generation Computer Systems, 2018 (86): 15231533

一种支持细粒度授权的数据安全共享方案

A Secure Data Sharing Scheme Supporting Finegrained Authorization

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 0

编辑推荐

Metrics