基于时间限制的用户撤销CP-ABE方案Time-based User Revocation CP-ABE Scheme
迪力夏提·吾普尔,韩舒艳,古丽米热·尔肯,努尔买买提·黑力力
摘要(Abstract):
用户撤销是属性基加密中的一个主要环节,但现有的用户撤销方案都采用重新加密和更新密钥来实施用户撤销,导致方案安全性差或计算量大.因此,本文提出一种基于时间限制的用户撤销密文策略属性基加密方案.方案中对每个用户指定一个访问数据的有效期,一旦有效期到期,用户就无法访问数据,从而实现用户的定时撤销.为了防止有效期的篡改或伪造,使用了短签名方法,从而提高了数据的安全性,并且有效地降低整个算法的计算量.
关键词(KeyWords): 密文策略属性基加密;用户撤销;短签名;外包解密;隐藏策略
基金项目(Foundation): 国家自然科学基金地区项目(61562085,61862059,11461069)资助
作者(Author): 迪力夏提·吾普尔,韩舒艳,古丽米热·尔肯,努尔买买提·黑力力
DOI: 10.13568/j.cnki.651094.2019.03.010
参考文献(References):
- [1]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]//IEEE Symposium on Security and Privacy.IEEE Computer Society,2007:321-334.
- [2]EMURA K,MIYAJI A,NOMURA A,et al.A ciphertext-policy attribute-based encryption scheme with constant ciphertext length[M].Berlin,Heidelberg:Springer Berlin Heidelberg,2009:13-23.
- [3]LIU H W,WANG X Y,ZHANG P.Verifying outsourced decryption of CP-ABE with signature[C]//Proceedings of 2015 4th International Conference on Mechatronics,Materials,Chemistry and Computer Engineering(ICMMCCE 2015),2015-12,Xi’an,China:Atlantis Press,2015:2042-2048.
- [4]HUR J.Attribute-based secure data sharing with hidden policies in smart grid[J].IEEE Transactions on Parallel&Distributed Systems,2013,24(11):2171-2180.
- [5]HELIL N,RAHMAN K.CP-ABE access control scheme for sensitive data set constraint with hidden access policy and constraint policy[J].Security&Communication Networks,2017,2017(6):1-13.
- [6]OSTROVSKY R,SAHAI A,WATERS B.Attribute-based encryption with non-monotonic access structures[J].IACR Cryptology ePrint Archive,2007,2007:195-203.
- [7]LIANG X,LU R,LIN X.Ciphertext policy attribute based encryption with efficient revocation[J].IEEE Symposium on Security&Privacy,2010,2008:321-334.
- [8]BALU A,KUPPUSAMY K.Ciphertext-policy attribute-based encryption with user revocation support[C]//International Conference on Heterogeneous Networking for Quality,Reliability,Security and Robustness.Springer Berlin Heidelberg,2013:696-705.
- [9]XU Z Q,Martin K M.Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage[C]//IEEE,International Conference on Trust,Security and Privacy in Computing and Communications.IEEE,2012:844-849.
- [10]ZHANG Y,CHEN X,LI J,et al.Attribute-based data sharing with flexible and direct revocation in cloud computing[J].Ksii Transactions on Internet&Information Systems,2014,8(11):4028-4049.
- [11]BAYAT M,ARKIAN H R,AREF M R.A revocable attribute-based data sharing scheme resilient to DoS attacks in smart grid[J].Wireless Networks,2015,21(3):871-881.
- [12]LIU Q,WANG G J,Wu J.Time-based proxy re-encryption scheme for secure data sharing in a cloud environment[J].Information Sciences,2014,258(3):355-370.
- [13]XIE X,MA H,LI J,et al.New ciphertext-policy attribute-based access control with efficient revocation[M].Berlin,Heidelberg:Springer Berlin Heidelberg,2013:373-382.
- [14]HAR J,NOH D K.Attribute-based access control with efficient revocation in data outsourcing systems[J].IEEE Transactions on Parallel and Distributed Systems,2011,22(7):1214-21.
- [15]ZHANG P,CHEN Z,LIANG K,et al.A cloud-based access control scheme with user revocation and attribute update[M].Information Security and Privacy.Springer International Publishing,2016:525-540.