Fine-grained cooperative access control scheme with hidden policies

doi:10.19682/j.cnki.1005-8885.2021.1021

中国邮电高校学报(英文版) ›› 2021, Vol. 28 ›› Issue (6): 13-25.doi: 10.19682/j.cnki.1005-8885.2021.1021

• Special Topic: Data Security and Privacy Preservation in Cloud/ Fog / Edge-Enabled Internet of Thing • 上一篇下一篇

Fine-grained cooperative access control scheme with hidden policies

Han Gang, Xing Qixuan, Zhang Yinghui

1. School of Cyberspace Security, Xi'an University of Posts and Telecommunications, Xi'an 710121, China
2. National Engineering Laboratory for Wireless Security, Xi'an University of Posts and Telecommunications, Xi'an 710121, China

收稿日期:2021-07-31 修回日期:2021-10-07 出版日期:2021-12-30 发布日期:2021-12-30
通讯作者: 行琦璇 E-mail:xqx0109@163.com
基金资助:
the National Natural Science Foundation of China (62072369, 62072371, 61772418), the Innovation Capability Support Program of Shaanxi (2020KJXX- 052), the Shaanxi Special Support Program Youth Top-notch Talent Program, the Key Research and Development Program of Shaanxi (2020ZDLGY08-04, 2021ZDLGY06-02), the Natural Science Basic Research Program of Shaanxi (2021JQ-722)

Fine-grained cooperative access control scheme with hidden policies

1. School of Cyberspace Security, Xi'an University of Posts and Telecommunications, Xi'an 710121, China
2. National Engineering Laboratory for Wireless Security, Xi'an University of Posts and Telecommunications, Xi'an 710121, China

Received:2021-07-31 Revised:2021-10-07 Online:2021-12-30 Published:2021-12-30
Supported by:
the National Natural Science Foundation of China (62072369, 62072371, 61772418), the Innovation Capability Support Program of Shaanxi (2020KJXX- 052), the Shaanxi Special Support Program Youth Top-notch Talent Program, the Key Research and Development Program of Shaanxi (2020ZDLGY08-04, 2021ZDLGY06-02), the Natural Science Basic Research Program of Shaanxi (2021JQ-722)

摘要/Abstract

摘要：

The traditional ciphertext policy attribute-based encryption (CP-ABE) has two problems:one is that the access policy must be embedded in the ciphertext and sent, which leads to the disclosure of user爷 s privacy information, the other is that it does not support collaborative decryption, which cannot meet the actual demand of conditional collaborative decryption among multiple users. In order to deal with the above two problems at the same time, a fine-grained cooperative access control scheme with hidden policies (FCAC-HP) is proposed based on the existing CP-ABE schemes combined with blockchain technology. In FCAC-HP scheme, users are grouped by group identifier so that only users within the same group can cooperate. In the data encryption stage, the access policy is encrypted and then embedded in the ciphertext to protect the privacy information of the access policy. In the data access stage, the anonymous attribute matching technology is introduced so that only matched users can decrypt ciphertext data to improve the efficiency of the system. In this process, a smart contract is used to execute the

verification algorithm to ensure the credibility of the results. In terms of security, FCAC-HP scheme is based on the prime subgroup discriminative assumption and is proved to be indistinguishable under chosen plaintext attack (CPA) by dual system encryption technology. Experimental verification and analysis show that FCAC-HP scheme improves computational efficiency while implementing complex functions.

关键词: attribute-based encryption, hidden policy, group collaboration, blockchain

Abstract:

Key words: attribute-based encryption, hidden policy, group collaboration, blockchain

中图分类号:

TP309

Han Gang, Xing Qixuan, Zhang Yinghui. Fine-grained cooperative access control scheme with hidden policies[J]. The Journal of China Universities of Posts and Telecommunications, 2021, 28(6): 13-25.

参考文献

1. Sahai A, Waters B. Fuzzy identity-based encryption. Advances in Cryptology: Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT’05), 2005, May 22-26, Aarhus, Denmark. LNCS 3494. Berlin, Germany: Springer, 2005: 457-473

2. Shamir A. Identity-based cryptosystems and signature schemes. Advances in Cryptology: Proceedings of the 1984 Workshop on the Theory and Application of Cryptographic Techniques (EUROCRYPT’84), 1984, Apr 9-11, Paris, France. LNCS 196. Berlin, Germany: Springer, 1984: 47-53

3. Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data. Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06), 2006, Oct 30-Nov 3, Alexandria, VA, USA. New York, NY, USA: ACM, 2006: 89-98

4. Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP '07), 2007, May 20-23, Berkeley, CA, USA. Piscataway, NJ, USA: IEEE, 2007: 321-334

5. Nishide T, Yoneyama K, Ohta K. Attribute-based encryption with partially hidden encryptor-specified access structures. Applied Cryptography and Network Security: Proceedings of the 6th International Conference on Applied Cryptography and Network Security (ACNS’08), 2008, Jun 3-6, New York, NY, USA. LNCS 5037. Berlin, Germany: Springer, 2008: 111-129

6. Zhong H, Zhu W L, Xu Y, et al. Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage. Soft Computing, 2018, 22: 243-251

7. Li F Q, Liu K M, Zhang L P, et al. EHRChain: A blockchain-based EHR system using attribute-based and homomorphic cryptosystem. IEEE Transactions on Services Computing, DOI:10.1109/TSC.2021.3078119 (To be published)

8. Lai J Z, Deng R H, Li Y J. Fully secure cipertext-policy hiding CP-ABE. Information Security Practice and Experience: Proceedings of the 7th International Conference on Information Security Practice and Experience (ISPEC’11), 2011, May 30-Jun 1, Guangzhou, China. LNCS 6672. Berlin, Germany: Springer, 2011: 24-39

9. Wang H B, Chen S Z. Attribute-based encryption with hidden access structures. Journal of Electronics and Information Technology, 2012, 34(2): 457-561 (in Chinese)

10. Yeh S C, Su M Y, Chen H H, et al. An efficient and secure approach for a cloud collaborative editing. Journal of Network and Computer Applications, 2013, 36(6): 1632-1641

11. Li M T, Huang X Y, Liu J K, et al. GO-ABE: Group-oriented attribute-based encryption. Network and System Security: Proceedings of the 9th International Conference on Network and System Security (NSS’15), 2015, Nov 3-5, New York, NY, USA. LNCS 8792. Berlin, Germany: Springer, 2015: 260-270

12. He P, Yu G, Zhang Y F, et al. Survey on blockchain technology and its application prospect. Computer Science, 2017, 44(4): 1-7 (in Chinese)

13. Hu G C, Zhang L Y, Mu Y, et al. An expressive "test-decrypt-verify" attribute-based encryption scheme with hidden policy for smart medical cloud. IEEE Systems Journal, 2021, 15(1): 365-376

14. Lei L, Cai Q W, Jing J W, et al. Enforcing access controls on encrypted cloud storage with policy hiding. Journal of Software, 2016, 27(6): 1432-1450 (in Chinese)

15. Khuntia S, Syam Kumar P. New hidden policy CP-ABE for big data access control with privacy-preserving policy in cloud computing. Proceedings of the 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT’18), 2018, Jul 10-12, Bengaluru, India. Piscataway, NJ, USA: IEEE, 2018: 7p

16. Jin C C, Feng X Y, Shen Q N. Fully secure hidden ciphertext policy attribute-based encryption with short ciphertext size. Proceedings of the 6th International Conference on Communication and Network Security, 2016, Nov 26-29, Singapore. New York, NY, USA: ACM, 2016: 91-98

17. Gao Z S, Cao L F, Du X H. Research progress of access control based on blockchain. https://kns.cnki.net/kcms/detail/detail.aspx?dbcode=CAPJ&dbname=CAPJLAST&filename=WXAQ2021031900D&uniplatform=NZKPT&v=f7elQvvfxw64hlQaWGhfsXK1FsMtRgFvdh_LfvJqwF4WmgbmGvlPL49YFGANf1b0. 2021 (in Chinese)

18. Zyskind G, Zekrifa D M S, Pentland A S, et al. Decentralizing privacy: using blockchain to protect personal data. Proceedings of the 36th IEEE Symposium on Security and Privacy Workshops, 2015, May 21-22, San Jose, CA, USA. Piscataway, NJ, USA: IEEE, 2015: 180-184

19. Wu A X, Zhang Y H, Zheng X K, et al. Efficient and privacy-preserving traceable attribute-based encryption in blockchain. Annals of Telecommunications, 2019, 74(7/8): 401-411

20. Maesa D, Mori P, Ricci L. Blockchain based access control. Distributed Applications and Interoperable Systems: Proceedings of the 17th IFIP International Conference on Distributed Applications and Interoperable Systems (DAIS’17), 2017, Jun 19-22, Neuchâtel, Switzerland. LNCS 10320. Berlin, Germany: Springer, 2017: 206-220

21. Huang H S, Chang T S, Wu J Y. A secure file sharing system based on IPFS and blockchain. Proceedings of the 2nd International Electronics Communication Conference (IECC’20), 2020, Jul 8-10, Singapore. New York, NY, USA: ACM, 2020: 96-100

22. Tapscott D, Tapscott A. Blockchain revolution: How the technology behind Bitcoin is changing money, business, and the world. Quality Management Journal, 2016, 25(1): 64-65

23. Zhang Y Y, Kasahara S, Shen Y L, et al. Smart contract-based access control for the Internet of things. IEEE Internet of Things Journal, 2019, 6(2): 1594-1605

24. Wang X L, Jiang X Z, Li Y. Model for data access control and sharing based on blockchain. Journal of Software, 2019, 30(6): 1661-1669 (in Chinese)

25. Waters B. Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions. Advances in Cryptology: Proceedings of the 29th Annual International Cryptology Conference (CRYPTO’09), 2009, Aug 16-20, Santa Barbara, CA, USA. LNCS 5677. Berlin, Germany: Springer, 2009: 619-636

26. Shi Y F, Zheng Q J, Liu J Q, et al. Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation. Information Sciences, 2015, 295: 221-231

[1]	Han Yushan, Che Bichen, Liu Jiali, Dou Zhao, Di Junyu. Nearly universal and efficient quantum secure multi-party computation protocol[J]. 中国邮电高校学报(英文版), 2022, 29(4): 51-68.
[2]	Tao Yunting, Kong Fanyu, Yu Jia. EPMDA: an efficient privacy-preserving multi-dimensional data aggregation scheme for edge computing-based IoT system [J]. 中国邮电高校学报(英文版), 2021, 28(6): 26-35.
[3]	Xu Yan, Li Zheng, Ding Long, Xu Rui. Cross-domain data cloud storage auditing scheme based on certificateless cryptography [J]. 中国邮电高校学报(英文版), 2021, 28(6): 36-47.
[4]	赵国生张婧婷王健. Research on location privacy protection method of sensor-cloud base station [J]. 中国邮电高校学报(英文版), 2021, 28(1): 64-77.
[5]	赵宗渠马少提王永军汤永利叶青. Two-factor ( biometric and password) authentication key exchange on lattice based on key consensus [J]. 中国邮电高校学报(英文版), 2020, 27(6): 42-53.
[6]	林杰刘川意方滨兴. VMScan: an out-of-VM malware scanner [J]. 中国邮电高校学报(英文版), 2020, 27(4): 59-68.
[7]	Tang Yongli, Wang Mingming, Ye Qing, Qin Panke, Zhao Zongqu. Lattice-based hierarchical identity-based broadcast encryption scheme in the standard model[J]. 中国邮电高校学报(英文版), 2019, 26(4): 70-79.
[8]	Cai Xiumei, Liu Chao, Huang Xianying, Liu Xiaoyang, Cao Qiong, Yang Hongyu. Dynamic model of computer viruses under the effect of removable media and external computers[J]. 中国邮电高校学报(英文版), 2018, 25(4): 86-93.
[9]	Min Xiangshen, Fan Jiulun, Zhang Xuefeng, Ren Fang. Color image encryption scheme based on chaotic systems[J]. 中国邮电高校学报(英文版), 2018, 25(2): 39-48.
[10]	Ding Haiyang, Li Zichen, Bi Wei. (k, n) halftone visual cryptography based on Shamir‘s secret sharing[J]. 中国邮电高校学报(英文版), 2018, 25(2): 60-76.
[11]	Chen Shangdi, Wen Jiejing. New key pre-distribution scheme using symplectic geometry over finite fields for wireless sensor networks[J]. 中国邮电高校学报(英文版), 2017, 24(5): 16-22.
[12]	谢佳胡予濮高军涛高雯李雪莲. Attribute-based signatures on lattices[J]. 中国邮电高校学报(英文版), 2016, 23(4): 83-90.
[13]	冯超辛阳. Fast key generation for Gentry-style homomorphic encryption[J]. Acta Metallurgica Sinica(English letters), 2014, 21(6): 37-44.
[14]	傅镜艺黄勤龙马兆丰杨义先. Secure personal data sharing in cloud computing using attribute-based broadcast encryption[J]. Acta Metallurgica Sinica(English letters), 2014, 21(6): 45-51.
[15]	张德栋马兆丰钮心忻 LI Guo-you. Secure and efficient anonymous proxy signature scheme in the random oracle model [J]. Acta Metallurgica Sinica(English letters), 2013, 20(4): 87-92.

Fine-grained cooperative access control scheme with hidden policies

Fine-grained cooperative access control scheme with hidden policies

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价