混合云系统中面向移动用户基于CP-ABE实现的加密数据灵活访问控制

doi:10.1007/s11390-017-1776-1

Search
Browse by Issue
Fig/Tab
Adv Search

›› 2017,Vol. 32 ›› Issue (5): 974-990.doi: 10.1007/s11390-017-1776-1

所属专题： Computer Architecture and Systems

混合云系统中面向移动用户基于CP-ABE实现的加密数据灵活访问控制

Wen-Min Li, Xue-Lei Li, Qiao-Yan Wen, Shuo Zhang, Hua Zhang, Member, IEEE

State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications Beijing 100876, China

收稿日期:2016-06-15 修回日期:2017-07-22 出版日期:2017-09-05 发布日期:2017-09-05
作者简介:Wen-Min Li received her B.S. and M.S. degrees in mathematics and applied mathematics from Shaanxi Normal University, Xi'an, in 2004 and 2007, respectively, and her Ph.D. degree in cryptology from Beijing University of Posts and Telecommunications, Beijing, in 2012. She is currently a post-doctoral researcher in Beijing University of Posts and Telecommunications, Beijing.
基金资助:
This work was supported by the National Natural Science Foundation of China under Grant No. 61502044, and the Fundamental Research Funds for the Central Universities of China under Grant No. 2015RC23.

Flexible CP-ABE Based Access Control on Encrypted Data for Mobile Users in Hybrid Cloud System

Wen-Min Li, Xue-Lei Li, Qiao-Yan Wen, Shuo Zhang, Hua Zhang, Member, IEEE

State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications Beijing 100876, China

Received:2016-06-15 Revised:2017-07-22 Online:2017-09-05 Published:2017-09-05
About author:Wen-Min Li received her B.S. and M.S. degrees in mathematics and applied mathematics from Shaanxi Normal University, Xi'an, in 2004 and 2007, respectively, and her Ph.D. degree in cryptology from Beijing University of Posts and Telecommunications, Beijing, in 2012. She is currently a post-doctoral researcher in Beijing University of Posts and Telecommunications, Beijing.
Supported by:
This work was supported by the National Natural Science Foundation of China under Grant No. 61502044, and the Fundamental Research Funds for the Central Universities of China under Grant No. 2015RC23.

摘要/Abstract

混合云系统中加密数据的访问控制能够为组织提供一种近似于组织策略的细粒度访问控制方法。本文提出一种改进的CP-ABE方案来构造加密数据的访问控制解决方法。该方法适合于混合云系统中的移动用户。本文改进方案中将原始的解密密钥分割成为一个控制密钥、一个秘密密钥和一组转换密钥的集合。由组织管理员管理的私有云计算系统利用控制密钥负责升级转换密钥以处理灵活的访问管理和属性变更。同时，移动用户的唯一秘密密钥同密文一样不会因为数据用户的属性注销而发生变化。进一步的，我们在访问控制列表中增加了属性以及对应的控制密钥和转换密钥以根据系统版本来管理用户权限。最后，分析表明本文方案是安全、灵活和高效的，并能够应用在移动混合云计算系统中。

Abstract: In hybrid cloud computing, encrypted data access control can provide a fine-grained access method for organizations to enact policies closer to organizational policies. This paper presents an improved CP-ABE scheme to construct an encrypted data access control solution that is suitable for mobile users in hybrid cloud system. In our improvement, we split the original decryption keys into a control key, a secret key and a set of transformation keys. The private cloud managed by the organization administrator takes charge of updating the transformation keys using the control key. It helps to handle the situation of flexible access management and attribute alteration. Meanwhile, the mobile user's single secret key remains unchanged as well as the ciphertext even if the data user's attribute had been revoked. In addition, we modify the access control list through adding the attributes with corresponding control key and transformation keys so as to manage user privileges depending upon the system version. Finally, the analysis shows that our scheme is secure, flexible and efficient to be applied in mobile hybrid cloud computing.

Wen-Min Li, Xue-Lei Li, Qiao-Yan Wen, Shuo Zhang, Hua Zhang. 混合云系统中面向移动用户基于CP-ABE实现的加密数据灵活访问控制[J]. , 2017, 32(5): 974-990.

Wen-Min Li, Xue-Lei Li, Qiao-Yan Wen, Shuo Zhang, Hua Zhang. Flexible CP-ABE Based Access Control on Encrypted Data for Mobile Users in Hybrid Cloud System[J]. , 2017, 32(5): 974-990.

参考文献

[1] Kaewpuang R, Niyato D, Wang P, Hossain E. A framework for cooperative resource management in mobile cloud computing. IEEE Journal on Selected Areas in Communications, 2013, 31(12):2685-2700.

[2] Grobauer B, Walloschek T, Stocker E. Understanding cloud computing vulnerabilities. IEEE Security & Privacy, 2011, 9(2):50-57.

[3] Jansen W, Grance T. Guidelines on security and privacy in public cloud computing. Journal of E-Governance, 2011, 34(3):149-151.

[4] Takabi H, Joshi J B D, Ahn G J. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 2010, 8(6):24-31.

[5] Sahai A, Waters B. Fuzzy identity-based encryption. In Proc. the 24th Annual Int. Conf. Theory and Applications of Cryptographic Techniques, May 2005, pp457-473.

[6] Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for fine-grained access control of encrypted data. In Proc. the 13th ACM Conf. Computer and Communications Security, October 30-November 3, 2006, pp.89-98.

[7] Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In Proc. IEEE Symp. Security and Privacy, May 2007, pp.321-334.

[8] Attrapadung N, Libert B, De Panafieu E. Expressive keypolicy attribute-based encryption with constant-size ciphertexts. In Proc. the 14th Int. Conf. Practice and Theory in Public Key Cryptography Conf. Public Key Cryptography, March 2011, pp.90-108.

[9] Cheung L, Newport C. Provably secure ciphertext policy ABE. In Proc. the 14th ACM Conf. Computer and Communications Security, October 2007, pp.456-465.

[10] Green M, Hohenberger S, Waters B. Outsourcing the decryption of ABE ciphertexts. In Proc. the 20th USENIX Conf. Security, August 2011.

[11] Goyal V, Jain A, Pandey O, Sahai A. Bounded ciphertext policy attribute based encryption. In Proc. the 35th Int. Colloquium on Automata Languages and Programming, July 2008, pp.579-591.

[12] Hur J, Noh D K. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel and Distributed Systems, 2011, 22(7):1214-1221.

[13] Lai J Z, Deng R H, Guan C W, Weng J. Attribute-based encryption with verifiable outsourced decryption. IEEE Trans. Information Forensics and Security, 2013, 8(8):1343-1354.

[14] Lewko A, Okamoto T, Sahai A, Takashima K, Waters B. Fully secure functional encryption:Attribute-based encryption and (hierarchical) inner product encryption. In Proc. the 29th Annual Int. Conf. Theory and Applications of Cryptographic Techniques, May 30-June 3, 2010, pp.62-91.

[15] Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonic access structures. In Proc. the 14th ACM Conf. Computer and Communications Security, October 2007, pp.195-203.

[16] Pirretti M, Traynor P, McDaniel P, Waters B. Secure attribute-based systems. In Proc. the 13th ACM Conf. Computer and Communications Security, October 30-November 3, 2006, pp.99-112.

[17] Rouselakis Y, Waters B. Practical constructions and new proof methods for large universe attribute-based encryption. In Proc. the ACM SIGSAC Conf. Computer & Communications Security, November 2013, pp.463-474.

[18] Waters B. Ciphertext-policy attribute-based encryption:An expressive, efficient, and provably secure realization. In Proc. the 14th Int. Conf. Practice and Theory in Public Key Cryptography Conf. Public Key Cryptography, March 2011, pp.53-70.

[19] Yu S C, Wang C, Ren K, Lou W J. Achieving secure, scalable, and fine-grained data access control in cloud computing. In Proc. IEEE INFOCOM, March 2010.

[20] Li M, Yu S C, Zheng Y, Ren K, Lou W J. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel and Distributed Systems, 2013, 24(1):131-143.

[21] Zhou L, Varadharajan V, Hitchens M. Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans. Information Forensics and Security, 2013, 8(12):1947-1960.

[22] Liu X J, Xia Y J, Xiang Y, Hassan M M, Alelaiwi A. A secure and efficient data sharing framework with delegated capabilities in hybrid cloud. In Proc. Int. Symp. Security and Privacy in Social Networks and Big Data, November 2015, pp.7-14.

[23] Xu J, Wen Q Y, Li W M, Jin Z P. Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation in cloud computing. IEEE Trans. Parallel and Distributed Systems, 2016, 27(1):119-129.

[24] Beimel A. Secure schemes for secret sharing and key distribution[Ph.D. Thesis]. Faculty of Computer Science, Technion-Israel Institute of Technology, Israel, 1996.

[25] Lewko A, Waters B. Decentralizing attribute-based encryption. In Proc. the 30th Annual Int. Conf. Theory and Applications of Cryptographic Techniques:Advances in Cryptology, May 2011, pp.568-588.

[26] Boneh D, Franklin M K. Identity-based encryption from the Weil pairing. In Proc. the 21st Annual Int. Cryptology Conf. Advances in Cryptology, August 2001, pp.213-229.

[27] Blaze M, Bleumer G, Strauss M. Divertible protocols and atomic proxy cryptography. In Proc. Annual Int. Conf. the Theory and Applications of Cryptographic Techniques, May 1998, pp.127-144.

[28] Singhal M, Chandrasekhar S, Ge T J, Sandhu R, Krishnan R, Ahn G J, Bertino E. Collaboration in multicloud computing environments:Framework and security issues. Computer, 2013, 46(2):76-84.

[29] Canetti R, Halevi S, Katz J. Chosen-ciphertext security from identity-based encryption. In Proc. the 23rd Annual Int. Conf. the Theory and Applications of Cryptographic Techniques, May 2004, pp.207-222.

[30] Li J W, Jia C F, Li J, Chen X F. Outsourcing encryption of attribute-based encryption with MapReduce. In Proc. the 14th Int. Conf. Information and Communications Security, October 2012, pp.191-201.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

混合云系统中面向移动用户基于CP-ABE实现的加密数据灵活访问控制

Flexible CP-ABE Based Access Control on Encrypted Data for Mobile Users in Hybrid Cloud System

PDF (PC)

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 0

Metrics

本文评价

推荐阅读 10