• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学

• 计算机网络与信息安全 • 上一篇    下一篇

基于隐藏访问策略属性基的能源互联网数据保护

刘鹏1,2,何倩1,2,李双富1,2,徐红1,2   

  1. (1.桂林电子科技大学广西密码学与信息安全重点实验室,广西 桂林 541004;
    2.桂林电子科技大学广西云计算与大数据协同创新中心,广西 桂林 541004)
  • 收稿日期:2018-05-30 修回日期:2018-10-12 出版日期:2019-04-25 发布日期:2019-04-25

Energy internet data protection based on
attribute based hidden access strategy

LIU Peng1,2,HE Qian1,2,LI Shuangfu1,2 ,XU Hong1,2
 
  

  1. (1.Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin 541004;
    2.Guangxi Collaborative Innovation Center of Cloud Computing and Big Data,
    Guilin University of Electronic Technology,Guilin 541004,China)
  • Received:2018-05-30 Revised:2018-10-12 Online:2019-04-25 Published:2019-04-25

摘要:

能源互联网中不同安全域中实体的通信数据包含敏感信息,基于密文策略属性基加密CP-ABE方案可实现细粒度的保护,但传统CP-ABE解密复杂度高,属性撤销需要对整个密文进行全部更新,以及访问策略易泄露隐私信息,导致其在能源互联网中应用受限。围绕着能源互联网云存储数据共享安全,设计基于隐藏访问策略的能源互联网数据保护方案,访问策略支持任意门限或者布尔表达式,将访问策略中的属性模糊化以实现策略的隐藏,引入解密代理将高复杂度的属性基解密过程的主要部分外包到服务端,减少了接收端的解密开销,在属性撤销过程中仅需要属性认证中心和解密代理参与,降低了属性撤销的难度。实验对比分析结果表明,本文方案的解密性能有较大的提升。

关键词: 能源互联网, 属性基加密, 策略隐藏, 属性撤销, 解密代理

Abstract:

The communication data of the entities in different security domains in the energy internet contains sensitive information. The ciphertext-policy attributebased encryption (CP-ABE) scheme can achieve fine-grained protection. However, the traditional CP-ABE scheme is complicated to decrypt, and the revocation of attributes requires a complete update of the entire ciphertext. Besides, its access policy is prone to leaking private information, resulting in its limited application in the energy Internet. In order to solve the above problems, based on the data sharing security of the energy internet cloud storage, we propose an energy internet data protection scheme based on a hidden access strategy. The access strategy supports arbitrary thresholds or Boolean expressions, and the attributes in the access strategy are obscured to realize policy hiding. The scheme introduce the decryption agent to outsource the main part of the high-complexity attributebased decryption process to the server, thus reducing the decryption overhead of the receiving end. The attribute revocation process only requires the attribute authority and the decryption agent to participate, so the difficulty of the process is reduced. Analysis on comparative experiments shows that the decryption performance of this scheme is greatly improved.

 

Key words: energy internet, attributebased encryption (ABE), policy hiding, revocable attribute, decryption proxy