计算机科学与探索

• 学术研究 •    下一篇

云边协同下支持等值测试的属性基广播签密方案

牛淑芬, 王卫芳, 董润园, 张岩, 南兴兴, 胡林   

  1. 1. 西北师范大学 计算机科学与工程学院, 兰州 730070
    2. 西北师范大学 密码技术与数据分析重点实验室, 兰州 730070

Attribute-Based Broadcast Signing Scheme with Equivalence Testing Support under Cloud-Edge Collaboration

NIU Shufen,  WANG Weifang,  DONG Runyuan,  ZHANG Yan,  NAN Xingxing,  HU Lin   

  1. 1. College of Computer Science and Engineering,Northwest Normal University, Lanzhou 730070, China
    2. Key Laboratory of Cryptography and Data Analysis, Northwest Normal University, Lanzhou 730070, China

摘要: 由于边缘计算的内容感知、实时计算、并行处理等开放特性,加剧了原本在云计算环境中就已存在的数据安全与隐私保护挑战。针对边缘计算环境中日益凸显的隐私数据泄露风险等安全问题,本文提出了一个支持等值测试的轻量级属性基广播签密方案。该方案运用属性基加密机制,实现了对数据的细粒度访问控制,确保仅当用户的属性符合预设策略时才可以解密访问数据,增强了数据的安全性;结合广播签密技术,保障了数据的机密性,确保数据的完整性和不可伪造性;利用等值测试技术,使得云服务器能够智能地对密文进行分类处理,实现了密文的有序分类存储,提升了数据管理的便捷性;此外考虑到边缘计算环境下资源受限的特点,通过外包计算的方式,将繁重的计算任务转移至边缘服务器,有效减轻了用户端的计算负担,提高了整体系统的运行效率与用户体验。在随机预言机模型下,证明了方案的安全性,通过性能分析,表明本文方案在功能特性和计算效率方面具有一定优势,在边缘计算环境中具有可适用性。

关键词: 边缘计算, 广播签密, 属性基签密, 等值测试

Abstract: The inherent characteristics of edge computing, including content awareness, real-time processing, and parallel computation, have intensified the existing challenges related to data security and privacy protection that were already present in cloud computing environments. To address the escalating risks of privacy data leakage and other security concerns within edge computing contexts, this paper proposes a lightweight attribute-based broadcast encryption scheme that supports equivalence testing. This scheme employs an attribute-based encryption mechanism to facilitate fine-grained access control over data, ensuring that decryption and access are granted only when a user's attributes align with predefined policies, thereby bolstering data security. By integrating broadcast encryption technology, it guarantees both the confidentiality of the data as well as its integrity and authenticity. Additionally, through the application of equivalence testing techniques, cloud servers can intelligently categorize encrypted data for ordered classification storage, enhancing the efficiency of data management processes. Moreover, taking into account the resource-constrained nature of edge computing environments, this approach offloads intensive computational tasks to edge servers via outsourced computation methods—effectively alleviating computational burdens on user devices while improving overall system performance and user experience. The security of this scheme is validated under a random oracle model.performance analysis indicates that it offers distinct advantages in functional capabilities and computational efficiency suitable for deployment in edge computing scenarios.

Key words: Edge computing, Broadcast signcryption, Attribute-based signcryption, Equality test