面向云存储且支持重加密的多关键词属性基可搜索加密方案
Multi-keyword attribute-based searchable encryption scheme supporting re-encryption for cloud storage
张克君 1王文彬 2徐少飞 3于新颖 2王钧 3李鹏程 4钱榕3
作者信息
- 1. 北京邮电大学网络空间安全学院,北京 100876;北京电子科技学院网络空间安全系,北京 100071;中国科学技术大学网络空间安全学院,安徽 合肥 230026
- 2. 北京邮电大学网络空间安全学院,北京 100876
- 3. 北京电子科技学院网络空间安全系,北京 100071
- 4. 中国科学技术大学网络空间安全学院,安徽 合肥 230026
- 折叠
摘要
针对一对多模型下共享数据细粒度访问控制、密文密钥的安全共享和更新等问题,提出了一种面向云存储且支持代理重加密的多关键词属性基可搜索加密方案.增加节点信息改进访问树结构,实现对密文数据读写权限的细粒度访问控制;对查询关键词进行属性基加密优化处理,实现陷门信息不可区分性和限制不同用户的检索能力;利用重加密方法更新密文及密钥,解决已撤销用户恶意访问隐私数据带来的系统安全问题;设计了一种基于区块链的安全性验证算法来识别第三方托管隐私数据被攻击篡改的问题.基于DBDH困难问题和DDH困难问题,推理证明了所提方案能够满足自适应关键词密文安全和陷门安全.实验结果表明,该方案在密钥生成、陷门生成、关键词索引生成和正确性验证阶段能够保证隐私数据及密钥安全,同时相比于同类方案,在时间开销方面具有更高效率.
Abstract
To address fine-grained access control,secure sharing,and encrypted key updates in a one-to-many model,a multi-keyword attribute-based searchable encryption scheme with proxy re-encryption for cloud storage was proposed.The access tree was enhanced with node information for fine-grained control over ciphertext read and write permissions.The keyword encryption process was optimized for trapdoor indistinguishability and restricted user search capabilities.Re-encryption updated ciphertext and keys,preventing malicious access by revoked users.A blockchain-based verifica-tion algorithm was designed to detect tampering of third-party data.The DBDH and DDH hard problems proved the scheme's keyword ciphertext security and trapdoor security.Experiments show the proposed scheme secures data and keys during key generation,trapdoor,and index generation,and correctness verification.It also demonstrates higher effi-ciency in time overhead,ensuring privacy and key safety while maintaining high efficiency.
关键词
可搜索加密/属性基加密/读/写节点/代理重加密/访问控制Key words
searchable encryption/attribute-based encryption/read/write node/proxy re-encryption/access control引用本文复制引用
基金项目
中央高校基本科研业务费资金资助项目(3282023033)
北京高校"高精尖"学科建设基金资助项目(20210086Z0401)
出版年
2024
国家科技期刊平台
NSTL
万方数据