[1]赵司宇,蒋睿.云计算中具有两层次撤销的安全数据共享方案[J].东南大学学报(自然科学版),2018,48(4):596-604.[doi:10.3969/j.issn.1001-0505.2018.04.003]
 Zhao Siyu,Jiang Rui.Secure data sharing scheme with two level revocations in cloud computing[J].Journal of Southeast University (Natural Science Edition),2018,48(4):596-604.[doi:10.3969/j.issn.1001-0505.2018.04.003]
点击复制

云计算中具有两层次撤销的安全数据共享方案()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
48
期数:
2018年第4期
页码:
596-604
栏目:
信息与通信工程
出版日期:
2018-07-20

文章信息/Info

Title:
Secure data sharing scheme with two level revocations in cloud computing
作者:
赵司宇蒋睿
东南大学信息科学与工程学院, 南京 210096
Author(s):
Zhao Siyu Jiang Rui
School of Information Science and Engineering, Southeast University, Nanjing 210096, China
关键词:
基于密文策略属性的加密方案 数据共享 撤销 云存储
Keywords:
ciphertext-policy attribute-based encryption data sharing revocation cloud storage
分类号:
TN918.4
DOI:
10.3969/j.issn.1001-0505.2018.04.003
摘要:
为了解决云存储中常见的安全威胁,提出了带有两层次撤销的安全数据共享(SDSS-TLR)方案以保证共享数据的安全性.该方案能够抵抗用户与用户之间、用户与云服务器之间的共谋攻击,从而保护了数据的机密性.该方案使密钥分发中心与云服务器共同生成用户密钥,从而解决了因密钥仅由一个实体生成而影响密钥安全性的密钥托管问题,并通过保证这2个实体生成的用户密钥不能直接用于解密,使密钥得以在公共信道上安全传输,很大程度上解决了安全信道传输的难题.针对用户解密权限的管理,该方案设定了2个不同层次的撤销,分别为属性层次的撤销和用户层次的撤销,它们均能保证前向安全与后向安全.最后,安全性分析和效率分析证明了SDSS-TLR方案在安全威胁下的安全性和高效运行的能力.
Abstract:
To solve common secure challenges that may threaten the data security in the cloud storage, a secure data sharing scheme with two-level revocation(SDSS-TLR)scheme is proposed. User-user and user-cloud collusion attack can be resisted so that the data confidentiality can be ensured. The key escrow problem that secret keys are only generated by one entity threatens the security of secret keys. The key generation center and cloud server need to generate secret keys together, and thus, the key escrow problem can be solved. Through ensuring the secret key components generated by the two entities not be used to decrypt directly, the secret key transfer can be completed in the public channel, so the security channel transfer problem is solved. Two different levels of revocation, which are named attribute-level revocation and user-level revocation, are proposed in the scheme, which can guarantee the forward and backward security. Finally, the security in resisting attacks and performance of SDSS-TLR can be formally proved through security analysis and performance analysis.

参考文献/References:

[1] Sahai A, Waters B. Fuzzy identity-based encryption[C]//International Conference on Theory and Applications of Cryptographic Techniques. Arahus, Denmark, 2005: 457-473.
[2] Shamir A. Identity-based cryptosystems and signature schemes[C]//The Workshop on the Theory & Application of Cryptographic Techniques. Santa Barbara, USA, 1984: 47-53.
[3] Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//ACM Conference on Computer and Communications Security. Alexandria, USA, 2006: 89-98. DOI:10.1145/1180405.1180418.
[4] Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption[C]//IEEE Symposium on Security and Privacy. Oakland, USA, 2007: 321-334.
[5] Zhang Y, Chen X, Li J, et al. Attribute-based data sharing with flexible and direct revocation in cloud computing[J]. Ksii Transactions on Internet & Information Systems, 2014, 8(11): 4028-4049. DOI:10.3837/tiis.2014.11.021.
[6] Hur J, Noh D K. Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel & Distributed Systems, 2010, 22(7): 1214-1221. DOI:10.1109/tpds.2010.203.
[7] Ruj S, Stojmenovic M, Nayak A. Decentralized access control with anonymous authentication of data stored in clouds[J]. IEEE Transactions on Parallel & Distributed Systems, 2014, 25(2): 384-394. DOI:10.1109/TPDS.2013.38.
[8] Liu X F, Zhang Y Q, Wang B Y, et al. Mona: Secure multi-owner data sharing for dynamic groups in the cloud[J].IEEE Transactions on Parallel and Distributed Systems, 2013, 24(6): 1182-1191. DOI:10.1109/tpds.2012.331.
[9] Yang K, Jia X H. Expressive, efficient, and revocable data access control for multi-authority cloud storage[J]. IEEE Transactions on Parallel and Distributed Systems, 2014, 25(7): 1735-1744. DOI:10.1109/TPDS.2013.253.
[10] Tysowski P K, Hasan M A. Hybrid attribute-and re-encryption-based key management for secure and scalable mobile applications in clouds[J]. IEEE Transactions on Cloud Computing, 2013, 1(2): 172-186.DOI:10.1109/TCC.2013.11.
[11] Huang Xiaofang, Tao Qi, Qin Baodong, et al. Multi-authority attribute based encryption scheme with revocation[C]//2015 24th International Conference on Computer Communication and Networks(ICCCN). Las Vegas, USA, 2015: 1-5.
[12] Naruse T, Mohri M, Shiraishi Y. Provably secure attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating[J]. Human-Centric Computing and Information Sciences, 2015, 5(1): 8. DOI:10.1186/s13673-015-0027-0.
[13] Fan C I, Huang V S M, Ruan H M. Arbitrary-state attribute-based encryption with dynamic membership[J].IEEE Transactions on Computers, 2014, 63(8): 1951-1961. DOI:10.1109/tc.2013.83.
[14] Chow S S M. Removing escrow from identity-based encryption[C]//PKC International Conference on Practice and Theory in Public Key Cryptography. Irvine, USA, 2009: 256-276. DOI:10.1007/978-3-642-00468-1_15.
[15] Hur J. Improving security and efficiency in attribute-based data sharing[J]. IEEE Transactions on Knowledge and Data Engineering, 2013, 25(10): 2271-2282. DOI:10.1109/TKDE.2011.78.
[16] Chase M, Chow S S M. Improving privacy and security in multi-authority attribute-based encryption[C]//ACM Conference on Computer and Communications Security. Chicago, USA, 2009: 121-130. DOI:10.1145/1653662.1653678.
[17] Wang S L, Liang K T, Liu J K, et al. Attribute-based data sharing scheme revisited in cloud computing[J]. IEEE Transactions on Information Forensics & Security, 2017, 11(8): 1661-1673. DOI:10.1109/tifs.2016.2549004.
[18] Steinfeld R, Bull L, Wang H, et al. Universal designated-verifier signatures[J]. Lecture Notes in Computer Science, 2003, 2894: 523-542.
[19] Wang J, Lang B. An efficient KP-ABE scheme for content protection in information-centric networking[C]//2016 IEEE Symposium on Computers and Communication. Messina, Italy, 2016: 830-837. DOI:10.1109/iscc.2016.7543839.
[20] Dan B. The decision Diffie-Hellman problem[C]//International Algorithmic Number Theory Symposium. Portland, USA, 1998: 48-63.
[21] Schnorr C P. Efficient identification and signatures for smart cards[C]//The Workshop on the Theory & Application of of Cryptographic Techniques. Houthalen, Belgium, 1989: 239-252. DOI:10.1007/0-387-34805-0_22.

备注/Memo

备注/Memo:
收稿日期: 2018-01-04.
作者简介: 赵司宇(1994—),男,硕士生;蒋睿(联系人),男,博士,副教授,R.Jiang@seu.edu.cn.
基金项目: 国家自然科学基金资助项目(61372103)、国家重点基础研究发展计划资助项目(973 计划)(2013CB338003)、公安部信息网络安全重点实验室资助项目(C16612).
引用本文: 赵司宇,蒋睿.云计算中具有两层次撤销的安全数据共享方案[J].东南大学学报(自然科学版),2018,48(4):596-604. DOI:10.3969/j.issn.1001-0505.2018.04.003.
更新日期/Last Update: 2018-07-20