计算机科学与探索 ›› 2019, Vol. 13 ›› Issue (3): 437-445.DOI: 10.3778/j.issn.1673-9418.1803003

• 网络与信息安全 • 上一篇    下一篇

改进的ABE在公有云存储访问控制中的研究

许  萌1+,鲍安平1,吕湛山2   

  1. 1. 南京信息职业技术学院,南京 210023
    2. 山西晋煤华昱煤化工有限责任公司,山西 晋城 048000
  • 出版日期:2019-03-01 发布日期:2019-03-11

Research on Access Control for Cloud Storage by Improved ABE

XU Meng1+, BAO Anping1, LV Zhanshan2   

  1. 1. Nanjing College of Information Technology, Nanjing 210023, China
    2. Shanxi Jincheng Anthracite Huayu Coal Chemical Co., Ltd., Jincheng, Shanxi 048000, China
  • Online:2019-03-01 Published:2019-03-11

摘要: 在云存储访问控制领域,属性基加密算法(attribute-based encryption,ABE)是一种极具应用前景的密码体制。ABE不仅可以保证云计算环境下的信息安全性,同时提供了灵活的访问控制机制。当前ABE在安全性上主要面临密钥托管问题(key escrow problem)的威胁,并且由于涉及大量双线性配对,在计算效率方面不尽如人意。设计了一种改进的ABE算法,通过私钥的分布式生成解决了密钥托管问题。同时改进的算法无需进行双线性配对,在计算效率上相比已有的ABE算法有所提升。通过将算法规约至计算Diffie-Hellman问题(computational Diffie-Hellman problem,CDH)的难解性上,证明了该方案在随机预言机模型下能够抵抗选择密文攻击。

关键词: 属性基加密算法(ABE), 访问控制, 云存储, 密钥托管, 计算效率

Abstract: Attribute-based encryption (ABE) is a promising technique that provides not only data encryption but also flexible access control for cloud storage. Existing ABE schemes are mainly threatened by key escrow problem in terms of security, and are unacceptable in term of efficiency due to large bilinear pairing computation. To address these problems, an improved ABE is proposed. Owing to distributed generation of private keys, the key escrow problem is addressed. In addition, the improved ABE does not need any bilinear pairing computation. Compared with existing schemes, as a result, the computation overhead is reduced. By reduction to computational Diffie-Hellman assumption (CDH), the proposed scheme is proven to be secure against chosen ciphertext attacks in random oracle model.

Key words: attribute-based encryption (ABE), access control, cloud storage, key escrow, computational efficiency