基于时间因子的可撤销可追踪属性基加密方案

计算机工程与科学 ›› 2023, Vol. 45 ›› Issue (02): 286-294.

• 计算机网络与信息安全 • 上一篇下一篇

基于时间因子的可撤销可追踪属性基加密方案

许城洲1,王晨2,张文涛1

（1.中国航天系统科学与工程研究院,北京 100037；2.中国航天科技集团有限公司,北京 100048）

收稿日期:2022-03-22 修回日期:2022-08-25 接受日期:2023-02-25 出版日期:2023-02-25 发布日期:2023-02-15

A time factor based revocable and traceable attribute-based encryption scheme

XU Cheng-zhou1，WANG Chen2,ZHANG Wen-tao1

（1.China Aerospace Academy of Systems Science and Engineering,Beijing 100037；
2.China Aerospace Science and Technology Corporation,Beijing 100048,China）

Received:2022-03-22 Revised:2022-08-25 Accepted:2023-02-25 Online:2023-02-25 Published:2023-02-15

摘要/Abstract

摘要： 现有的属性基加密方案访问策略中较少涉及时间因子，用户为自己的数据设置访问策略时，无法对访问数据的用户拥有属性的时间进行限定，针对恶意泄露密钥的用户进行追踪并撤销也是属性基加密中的挑战性问题，现有的可撤销方案存在计算量太大、效率过低等缺陷。针对这些问题，提出一种基于时间因子的可撤销可追踪属性基加密方案，在用户密钥中分别标记用户获取属性的时间，访问策略中对用户获取属性最早/最迟时间进行限定，解密时对用户属性时间进行验证，丰富了系统的访问策略并实现了方案的后向安全，通过时间验证服务器对用户解密阶段进行管理，用户属性撤销时仅需要更新用户时间标记因子，用户撤销时仅需要删除时间因子，实现方案高效撤销和前向安全。最后，在DBDH假设下，所提方案是IND-CPA安全的。性能分析和实验结果表明，所提方案有较丰富的功能和较高的性能。

关键词: 密文策略属性基加密, 用户撤销, 用户属性撤销, 前后向安全, 基于时间访问控制

Abstract: Existing access policies of attribute-based encryption schemes seldom involve the time factor. When users set access policies for their own data, it is impossible to limit the time when the users who access the data have the attributes. It is also a challenging problem in attribute-based encryption to track and revoke a user who leaks the key maliciously, and the existing revocable schemes are too computationally intensive and inefficient. To address these problems, a revocable and traceable attribute-based encryption scheme based on time factor is proposed. In the scheme, the user's access time is marked in the user key, the earliest/latest time of the user's attribute acquisition can be limited in the access policy, and the time of the user's attribute acquisition is verified during decryption, which enriches the access policy of the system and realizes the backward security of the scheme. The decryption phase is managed by the time verification server, and only the user time tag factor needs to be updated when the user attributes are revoked, and only the time factor needs to be deleted when the user is revoked, so as to achieve efficient revocation and forward security of the scheme. Finally, under the assumption of DBDH, the proposed scheme is IND-CPA secure. The performance analysis and experimental results show that the proposed scheme has richer features and higher performance.

Key words: ciphertext-policy attribute-based encryption(CP-ABE), user revocation, user attribute revocation, forward and backward security, time-based access control

许城洲, 王晨, 张文涛. 基于时间因子的可撤销可追踪属性基加密方案[J]. 计算机工程与科学, 2023, 45(02): 286-294.

XU Cheng-zhou, WANG Chen, ZHANG Wen-tao. A time factor based revocable and traceable attribute-based encryption scheme[J]. Computer Engineering & Science, 2023, 45(02): 286-294.

参考文献［26］

［1］	Chen L X, Qiu L B, Li K-C, et al.DMRS:An efficient dynamic multi-keyword ranked search over encrypted cloud data［J］.Soft Computing,2017,21(16):4829-4841.
［2］	Chen L X,Zhang N V,Li K C, et al.Improving file locality in multi-keyword top-k search based on clustering［J］.Soft Computing:A Fusion of Foundations,Methodologies and Applications,2018,22(9):3111-3121.
［3］	Song G,Deng Q Y.Security-level switchable attribute-based encryption under the strictly weaker assumption family［J］.Information Sciences,2019,482:47-62.
［4］	Shi Y, Zheng Q, Liu J, et al.Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation［J］.Information Sciences,2015,295:221-231.
［5］	Hur J,Noh D K.Attribute-based access control with efficient revocation in data outsourcing systems［J］.IEEE Transactions on Parallel and Distributed Systems,2010,22(7):1214-1221.
［6］	Hoang V H,Lehtihet E,Ghamri-Doudane Y.Forward-secure data outsourcing based on revocable attribute-based encryption［C］∥Proc of the 15th International Wireless Communications & Mobile Computing Conference,2019:1839-1846.
［7］	Xu S, Yang G,Mu Y.Revocable attribute-based encryption with decryption key exposure resistance and ciphertext delegation［J］.Information Sciences,2019,479:116-134.
［8］	Xiang G,Li B,Fu X,et al.An attribute revocable CP-ABE scheme［C］∥Proc of the 7th International Conference on Advanced Cloud and Big Data,2019:198-203.
［9］	Fan C I,Huang V S M,Ruan H M.Arbitrary-state attribute-based encryption with dynamic membership［J］.IEEE Transactions on Computers,2013,63(8):1951-1961.
［10］	Wang Peng-pian,Feng Deng-guo,Zhang Li-wu.A KP-ABE scheme supporting user revocation based on access tree［C］∥Proc of China Computer Networks and Information Security Conference,2011:1-8.(in Chinese)
［11］	Ruj S,Stojmenovic M,Nayak A.Decentralized access control with anonymous authentication of data stored in clouds［J］.IEEE Transactions on Parallel and Distributed Systems,2013,25(2):384-394.
［12］	Cui H, Deng R H, Li Y, et al. Server-aided revocable attribute-based encryption［C］∥Proc of European Symposium on Research in Computer Security,2016:570-587.
［13］	Yang K,Jia X,Ren K.Attribute-based fine-grained access control with efficient revocation in cloud storage systems［C］∥Proc of the 8th ACM SIGSAC Symposium on Information,Computer and Communications Security,2013:523-528.
［14］	Zhang Y,Chen X,Li J,et al.FDR-ABE:Attribute-based encryption with flexible and direct revocation［C］∥Proc of the 5th International Conference on Intelligent Networking and Collaborative Systems,2013:38-45.
［15］	Boldyreva A,Goyal V,Kumar V.Identity-based encryption with efficient revocation［C］∥Proc of the 15th ACM Confe- rence on Computer and Communications Security,2008:417-426.
［16］	Pirretti M,Traynor P,McDaniel P,et al.Secure attribute-based systems［J］.Journal of Computer Security,2010,18(5):799-837.
［17］	Yu S, Wang C,Ren K,et al.Attribute based data sharing with attribute revocation［C］∥Proc of the 5th ACM Symposium on Information,Computer and Communications Security,2010:261-270.
［18］	Shiraishi Y,Nomura K,Mohri M,et al.Attribute revocable attribute-based encryption with forward secrecy for fine-grained access control of shared data［J］.IEICE Transactions on Information and Systems,2017,100(10):2432-2439.
［19］	Qing Yong, Sun Wei, Xiong Hu,et al.Outsourcing encryption and decryption CP-ABE scheme with revocation storage in cloud computing［J］.Netinfo Security,2017(6):6-13.(in Chinese)
［20］	Wang S, Guo K,Zhang Y. Traceable ciphertext-policy attribute-based encryption scheme with attribute level user revocation for cloud storage［J］.PLoS ONE,2018,13(9):e0203225.
［21］	Han D, Pan N, Li K C. A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection［J］.IEEE Transactions on Dependable and Secure Computing,2020,19(1):316-327.
［22］	Liu J K,Yuen T H,Zhang P,et al.Time-based direct revocable ciphertext-policy attribute-based encryption with short revocation list［C］∥Proc of International Conference on Applied Cryptography and Network Security,2018:516-534.
［23］	Zhang Jia-wei,Ma Jian-feng, Ma Zhuo,et al.Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing［J］.Journal on Communications,2021,42(10):81-94.(in Chinese)
［24］	Wang Chen-yu,Wang Ding,Wang Fei-fei,et al.Multi-factor user authentication scheme for multi-gateway wireless sensor networks［J］.Chinese Journal of Computers,2020,43(4):683-700.(in Chinese)
［25］	Wang C Y, Wang D, Xu G A, et al. Efficient privacy- preserving user authentication scheme with forward secrecy for industry 4.0［J］.Science China Information Sciences,2022,65:article number 112301.
［26］	Li Ji-guo,Shi Yue-rong,Zhang Yi-chen.A privacy preserv- ing attribute-based encryption scheme with user revocation［J］.Journal of Computer Research and Development,2015,52(10):2281-2292.(in Chinese)
	附中文参考文献：
［10］	王鹏翩,冯登国,张立武.一个基于访问树的支持用户撤销的KP-ABE 方案［C］∥中国计算机网络与信息安全学术会议,2011:1-8.
［19］	卿勇,孙伟,熊虎,等.云计算中可撤销存储的外包加解密CP-ABE方案［J］.信息网络安全,2017(6):6-13.
［23］	张嘉伟，马建峰，马卓，等.云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案［J］.通信学报,2021,42(10):81-94.
［24］	王晨宇，汪定，王菲菲,等.面向多网关的无线传感器网络多因素认证协议［J］.计算机学报,2020 43(4):683-700.
［26］	李继国,石岳蓉,张亦辰.隐私保护且支持用户撤销的属性基加密方案［J］.计算机研究与发展,2015,52(10):2281-2292.

[1]	牛淑芬, 方丽芝, 宋蜜, 王彩芬, 杜小妮. 智慧城市中隐私保护性广播加密算法[J]. 计算机工程与科学, 2022, 44(06): 1003-1012.
[2]	许城洲, 张文涛, 郎静宏. 可防止无关属性干扰的属性基加密方案[J]. 计算机工程与科学, 2022, 44(05): 800-809.

基于时间因子的可撤销可追踪属性基加密方案

A time factor based revocable and traceable attribute-based encryption scheme

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献［26］

相关文章 2

编辑推荐

Metrics

本文评价

基于时间因子的可撤销可追踪属性基加密方案

A time factor based revocable and traceable attribute-based encryption scheme

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献 ［26］

相关文章 2

编辑推荐

Metrics

本文评价

参考文献［26］