• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学 ›› 2023, Vol. 45 ›› Issue (02): 286-294.

• 计算机网络与信息安全 • 上一篇    下一篇

基于时间因子的可撤销可追踪属性基加密方案

许城洲1,王晨2,张文涛1   

  1. (1.中国航天系统科学与工程研究院,北京 100037;2.中国航天科技集团有限公司,北京 100048)

  • 收稿日期:2022-03-22 修回日期:2022-08-25 接受日期:2023-02-25 出版日期:2023-02-25 发布日期:2023-02-15

A time factor based revocable and traceable attribute-based encryption scheme

XU Cheng-zhou1,WANG Chen2,ZHANG Wen-tao1   

  1. (1.China Aerospace Academy of Systems Science and Engineering,Beijing 100037;
    2.China Aerospace Science and Technology Corporation,Beijing 100048,China)
  • Received:2022-03-22 Revised:2022-08-25 Accepted:2023-02-25 Online:2023-02-25 Published:2023-02-15

摘要: 现有的属性基加密方案访问策略中较少涉及时间因子,用户为自己的数据设置访问策略时,无法对访问数据的用户拥有属性的时间进行限定,针对恶意泄露密钥的用户进行追踪并撤销也是属性基加密中的挑战性问题,现有的可撤销方案存在计算量太大、效率过低等缺陷。针对这些问题,提出一种基于时间因子的可撤销可追踪属性基加密方案,在用户密钥中分别标记用户获取属性的时间,访问策略中对用户获取属性最早/最迟时间进行限定,解密时对用户属性时间进行验证,丰富了系统的访问策略并实现了方案的后向安全,通过时间验证服务器对用户解密阶段进行管理,用户属性撤销时仅需要更新用户时间标记因子,用户撤销时仅需要删除时间因子,实现方案高效撤销和前向安全。最后,在DBDH假设下,所提方案是IND-CPA安全的。性能分析和实验结果表明,所提方案有较丰富的功能和较高的性能。

关键词: 密文策略属性基加密, 用户撤销, 用户属性撤销, 前后向安全, 基于时间访问控制

Abstract: Existing access policies of attribute-based encryption schemes seldom involve the time factor. When users set access policies for their own data, it is impossible to limit the time when the users who access the data have the attributes. It is also a challenging problem in attribute-based encryption to track and revoke a user who leaks the key maliciously, and the existing revocable schemes are too computationally intensive and inefficient. To address these problems, a revocable and traceable attribute-based encryption scheme based on time factor is proposed. In the scheme, the user's access time is marked in the user key, the earliest/latest time of the user's attribute acquisition can be limited in the access policy, and the time of the user's attribute acquisition is verified during decryption, which enriches the access policy of the system and realizes the backward security of the scheme. The decryption phase is managed by the time verification server, and only the user time tag factor needs to be updated when the user attributes are revoked, and only the time factor needs to be deleted when the user is revoked, so as to achieve efficient revocation and forward security of the scheme. Finally, under the assumption of DBDH, the proposed scheme is IND-CPA secure. The performance analysis and experimental results show that the proposed scheme has richer features and higher performance.

Key words: ciphertext-policy attribute-based encryption(CP-ABE), user revocation, user attribute revocation, forward and backward security, time-based access control