中国邮电高校学报(英文) ›› 2021, Vol. 28 ›› Issue (6): 13-25.doi: 10.19682/j.cnki.1005-8885.2021.1021

• Special Topic: Data Security and Privacy Preservation in Cloud/ Fog / Edge-Enabled Internet of Thing • 上一篇    下一篇

Fine-grained cooperative access control scheme with hidden policies

Han Gang, Xing Qixuan, Zhang Yinghui   

  1. 1. School of Cyberspace Security, Xi'an University of Posts and Telecommunications, Xi'an 710121, China
    2. National Engineering Laboratory for Wireless Security, Xi'an University of Posts and Telecommunications, Xi'an 710121, China

  • 收稿日期:2021-07-31 修回日期:2021-10-07 出版日期:2021-12-30 发布日期:2021-12-30
  • 通讯作者: 行琦璇 E-mail:xqx0109@163.com
  • 基金资助:
    the National Natural Science Foundation of China (62072369, 62072371, 61772418), the Innovation Capability Support Program of Shaanxi (2020KJXX- 052), the Shaanxi Special Support Program Youth Top-notch Talent Program, the Key Research and Development Program of Shaanxi (2020ZDLGY08-04, 2021ZDLGY06-02), the Natural Science Basic Research Program of Shaanxi (2021JQ-722)

Fine-grained cooperative access control scheme with hidden policies

  1. 1. School of Cyberspace Security, Xi'an University of Posts and Telecommunications, Xi'an 710121, China
    2. National Engineering Laboratory for Wireless Security, Xi'an University of Posts and Telecommunications, Xi'an 710121, China
  • Received:2021-07-31 Revised:2021-10-07 Online:2021-12-30 Published:2021-12-30
  • Supported by:
    the National Natural Science Foundation of China (62072369, 62072371, 61772418), the Innovation Capability Support Program of Shaanxi (2020KJXX- 052), the Shaanxi Special Support Program Youth Top-notch Talent Program, the Key Research and Development Program of Shaanxi (2020ZDLGY08-04, 2021ZDLGY06-02), the Natural Science Basic Research Program of Shaanxi (2021JQ-722)

摘要:

The traditional ciphertext policy attribute-based encryption (CP-ABE) has two problems:one is that the access policy must be embedded in the ciphertext and sent, which leads to the disclosure of user爷 s privacy information, the other is that it does not support collaborative decryption, which cannot meet the actual demand of conditional collaborative decryption among multiple users. In order to deal with the above two problems at the same time, a fine-grained cooperative access control scheme with hidden policies (FCAC-HP) is proposed based on the existing CP-ABE schemes combined with blockchain technology. In FCAC-HP scheme, users are grouped by group identifier so that only users within the same group can cooperate. In the data encryption stage, the access policy is encrypted and then embedded in the ciphertext to protect the privacy information of the access policy. In the data access stage, the anonymous attribute matching technology is introduced so that only matched users can decrypt ciphertext data to improve the efficiency of the system. In this process, a smart contract is used to execute the
verification algorithm to ensure the credibility of the results. In terms of security, FCAC-HP scheme is based on the prime subgroup discriminative assumption and is proved to be indistinguishable under chosen plaintext attack (CPA) by dual system encryption technology. Experimental verification and analysis show that FCAC-HP scheme improves computational efficiency while implementing complex functions.

关键词: attribute-based encryption, hidden policy, group collaboration, blockchain

Abstract:

The traditional ciphertext policy attribute-based encryption (CP-ABE) has two problems:one is that the access policy must be embedded in the ciphertext and sent, which leads to the disclosure of user爷 s privacy information, the other is that it does not support collaborative decryption, which cannot meet the actual demand of conditional collaborative decryption among multiple users. In order to deal with the above two problems at the same time, a fine-grained cooperative access control scheme with hidden policies (FCAC-HP) is proposed based on the existing CP-ABE schemes combined with blockchain technology. In FCAC-HP scheme, users are grouped by group identifier so that only users within the same group can cooperate. In the data encryption stage, the access policy is encrypted and then embedded in the ciphertext to protect the privacy information of the access policy. In the data access stage, the anonymous attribute matching technology is introduced so that only matched users can decrypt ciphertext data to improve the efficiency of the system. In this process, a smart contract is used to execute the
verification algorithm to ensure the credibility of the results. In terms of security, FCAC-HP scheme is based on the prime subgroup discriminative assumption and is proved to be indistinguishable under chosen plaintext attack (CPA) by dual system encryption technology. Experimental verification and analysis show that FCAC-HP scheme improves computational efficiency while implementing complex functions.

Key words: attribute-based encryption, hidden policy, group collaboration, blockchain

中图分类号: