可信执行环境赋能的云数据动态群组访问控制

李玥; 宋祁朋; 贾皓; 邓鑫; 马建峰

doi:10.19665/j.issn1001-2400.2023.04.019

您当前的位置：

首页 >

文章列表页 >

可信执行环境赋能的云数据动态群组访问控制

网络空间安全专栏 | 更新时间：2023-10-18

- 可信执行环境赋能的云数据动态群组访问控制
- 暂无标题
- 西安电子科技大学学报 2023年50卷第4期页码：194-205
- 作者机构：
  
  1. 西安电子科技大学网络与信息安全学院,陕西西安 710071
  2. 西安电子科技大学空天地一体化综合业务网全国重点实验室,陕西西安 710071
  3. 华北电力大学控制与计算机工程学院,北京 102206
- 作者简介：
  
  [ "李玥(1988—),女,讲师,E-mail:[email protected];" ]
  宋祁朋(1988—),男,讲师,E-mail:[email protected]
  [ "贾皓(2000—),男,西安电子科技大学硕士研究生,E-mail:[email protected];" ]
  [ "邓鑫(2001—),男,华北电力大学本科生,E-mail:[email protected];" ]
  [ "马建峰(1963—),男,教授,E-mail:[email protected]" ]
- 基金信息：
  
  国家重点研发计划(2021YFB3101304);陕西省2022年自然科学基础研究计划-青年项目(2022JQ-658);陕西省自然科学基础研究计划资助项目(2022JQ-621);陕西省自然科学基础研究计划资助项目(2021JQ-207);国家自然科学基金青年项目(62002278);中央高校基本科研业务费专项资金资助(XJS211508);中央高校基本科研业务费专项资金资助(XJS211507);中央高校基本科研业务费专项资金资助(ZYTS23165)
- DOI：10.19665/j.issn1001-2400.2023.04.019
  中图分类号：
扫描看全文
李玥, 宋祁朋, 贾皓, 等. 可信执行环境赋能的云数据动态群组访问控制[J]. 西安电子科技大学学报, 2023,50(4):194-205.
李玥, 宋祁朋, 贾皓, 等. 可信执行环境赋能的云数据动态群组访问控制[J]. 西安电子科技大学学报, 2023,50(4):194-205. DOI： 10.19665/j.issn1001-2400.2023.04.019.

DOI：

摘要

云存储服务的普及,吸引着众多用户将数据外包存储至云平台。出于个人隐私保护的需要,云外包数据多以密文形式存在,为用户通过云平台共享数据带来极大的不便。其关键挑战在于,如何设计基于密码学的群组访问控制方案,以合理的计算/存储开销,支持用户安全便捷地进行密文数据共享。针对该问题,在既有文献基础之上,提出了一种基于可信计算环境的低开销、细粒度云存储数据动态群组访问控制机制。该方案以一种融合了身份基广播加密、属性加密以及代理重加密的既有方案为基础,通过引入可信执行环境,如英特尔,®,软件防护扩展(Intel,®, SGX),对原方案中密码学进行了计算简化,同时通过引入子群划分的思想,近一步优化了动态群组访问控制的管理开销。仿真结果表明,与原方案相比,本方案在有效保护数据隐私、提供细粒度密文数据动态访问控制能力的同时,极大地降低了计算复杂度。

Abstract

The prevalence of cloud storage service has attracted many users to outsource their data to cloud platforms.In order to protect personal privacy,data are encrypted before being outsourced to the cloud,which brings great inconvenience for data sharing through the cloud platforms.The key challenge lies in how to design a cryptography-based group access control scheme to support users to share ciphertext data safely and conveniently with reasonable computing/storage overhead.To this end,by considering the existing research efforts,and based on an existing scheme that combines identity-based broadcast encryption,attribute encryption and proxy re-encryption,a low-overhead,fine-grained cloud storage data dynamic group access control mechanism based on trusted computing environment is proposed.By introducing a trusted execution environment,such as Intel,®, software guard extensions (SGX),the cryptographic operation within the original scheme is significantly simplified.At the same time,by introducing the idea of subgroup partition,the management overhead of dynamic group access control is further optimized.Simulation results show that,compared with the original scheme,this scheme not only effectively protects data privacy,but also provides dynamic access control capabilities for fine-grained ciphertext data,which greatly reduces computational complexity.

关键词

身份基广播加密SGX动态群组访问控制

Keywords

identity based broadcast encryptionSGXdynamic group access control

references

GOH E J, SHACHAM H, MODADYGU N, et al. SiRiUS:Securing Remote Untrusted Storage[C]// Proceedings of the Network and Distributed System Security Symposium (NDSS). San Diego: NDSS, 2003:131-145.

KIM J, SUSILO W, AU M H, et al. Adaptively Secure Identity-Based Broadcast Encryption with A Constant-Sized Ciphertext[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(3):679-693. DOI:10.1109/TIFS.2014.2388156http://doi.org/10.1109/TIFS.2014.2388156http://ieeexplore.ieee.org/document/7001075/http://ieeexplore.ieee.org/document/7001075/

DELERABLEE C. Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys[C]// International Conference on the Theory and Application of Cryptology and Information Security.Heidelberg:Springer, 2007:200-215.

GOYAL V, PANDEY O, SAHAI A, et al. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data[C]// Proceedings of the 13th ACM Conference on Computer and Communications Security. New York: ACM, 2006:89-98.

BLAZE M, BLEUMER G, STRAUSS M. Divertible Protocolsand Atomic Proxy Cryptography[C]// International Conference on the Theory and Applications of Cryptographic Techniques.Heidelberg:Springer, 1998:127-144.

GE C, LIU Z, XIA J, et al. Revocable Identity-Based Broadcast Proxy Re-Encryption for Data Sharing in Clouds[J]. IEEE Transactions on Dependable and Secure Computing, 2019, 18(3):1214-1226. DOI:10.1109/TDSC.2019.2899300http://doi.org/10.1109/TDSC.2019.2899300https://ieeexplore.ieee.org/document/8642350/https://ieeexplore.ieee.org/document/8642350/

WENG J, DENG R H, DING X, et al. Conditional Proxy Re-Encryption Secure Against Chosen-ciphertext Attack[C]// Proceedings of the 4th International Symposium on Information,Computer,and Communications Security. New York: ACM, 2009:322-332.

GE C, SUSILO W, WANG J, et al. Identity-Based Conditional Proxy Re-Encryption with Fine Grain Policy[J]. Computer Standards & Interfaces, 2017, 52:1-9. DOI:10.1016/j.csi.2016.12.005http://doi.org/10.1016/j.csi.2016.12.005https://linkinghub.elsevier.com/retrieve/pii/S0920548916302343https://linkinghub.elsevier.com/retrieve/pii/S0920548916302343

GE C, ZHOU L, XIA J, et al. A Secure Fine-Grained Identity-Based Proxy Broadcast Re-Encryption Scheme for Micro-Video Subscribing System in Clouds[C]// International Symposium on Security and Privacy in Social Networks and Big Data.Heidelberg:Springer, 2019:139-151.

DENG H, ZHANG J, QIN Z, et al. Policy-Based Broadcast Access Authorization for Flexible Data Sharing in Clouds[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 19(5):3024-3037. DOI:10.1109/TDSC.2021.3080282http://doi.org/10.1109/TDSC.2021.3080282https://ieeexplore.ieee.org/document/9431697/https://ieeexplore.ieee.org/document/9431697/

GE C, WILLY S, JOONASNG B, et al. A Verifiable and Fair Attribute-Based Proxy Re-Encryption Scheme for Data Sharing in Clouds[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(5):2907-2919. DOI:10.1109/TDSC.2021.3076580http://doi.org/10.1109/TDSC.2021.3076580https://ieeexplore.ieee.org/document/9419729/https://ieeexplore.ieee.org/document/9419729/

MD A I, MADRIA S K. Attribute-Based Encryption Scheme for Secure Multi-Group Data Sharing in Cloud[J]. IEEE Transactions on Services Computing, 2022, 15(4):2158-2172. DOI:10.1109/TSC.2020.3038836http://doi.org/10.1109/TSC.2020.3038836https://ieeexplore.ieee.org/document/9262918/https://ieeexplore.ieee.org/document/9262918/

曾辉祥, 习宁, 谢晴晴, 等. 抗属性篡改的去中心化密文数据安全共享[J]. 西安电子科技大学学报, 2022, 49(2):135-145.

ZENG Huixiang, XI Ning, XIE Qingqing, et al. Decentralized Ciphertext Sharing Based on Blockchain[J]. Journal of Xidian University, 2022, 49(2):135-145.

牛淑芬, 杨平平, 谢亚亚, 等. 区块链上基于云辅助的密文策略属性基数据共享加密方案[J]. 电子与信息学报, 2021, 43(7):1864-1871.

NIU Shufen, YANG Pingping, XIE Yaya, et al. Cloud-Assisted Ciphertext Policy Attribute Based Encryption Data Sharing Encryption Scheme Based on BlockChain[J] Journal of Electronics & Information Technology, 2021, 43(7):1864-1871.

邱云翔, 张红霞, 曹琪, 等. 基于CP-ABE算法的区块链数据访问控制方案[J]. 网络与信息安全学报, 2020, 6(3):88-98.

QIU Yunxiang, ZHANG Hongxia, CAO Qi, et al. Blockchain Data Access Control Scheme Based on CP-ABE Algorithm[J]. Chinese Journal of Network and Information Security, 2020, 6(3):88-98.

GAO S, PIAO G, ZHU J, et al. Trustaccess:A Trustworthy Secure Ciphertext-Policy And Attribute Hiding Access Control Scheme Based on Blockchain[J]. IEEE Transactions on Vehicular Technology, 2020, 69(6):5784-5798. DOI:10.1109/TVT.25http://doi.org/10.1109/TVT.25https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=25https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=25

LI T, ZHANG J, LIN Y, et al. Blockchain-Based Fine-Grained Data Sharing For Multiple Groups in Internet of Things[J]. Security and Communication Networks, 2021, 2021:1-13.

SUN J, XU G, ZHANG T, et al. Verifiable,Fairand Privacy-Preserving Broadcast Authorization for Flexible Data Sharing in Clouds[J]. IEEE Transactions on Information Forensics and Security, 2022, 18:683-698. DOI:10.1109/TIFS.2022.3226577http://doi.org/10.1109/TIFS.2022.3226577https://ieeexplore.ieee.org/document/9969631/https://ieeexplore.ieee.org/document/9969631/

SUN J, XIONG H, LIU X, et al. Lightweightand Privacy-aware Fine-grained Access Control for IoT-oriented Smart Health[J]. IEEE Internet of Things Journal, 2020, 7(7):6566-6575. DOI:10.1109/JIoT.6488907http://doi.org/10.1109/JIoT.6488907https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6488907https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6488907

GARRISON W C, SHULL A, MYERS S, et al. On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud[C]// 2016 IEEE Symposium on Security and Privacy (SP).Piscataway:IEEE, 2016:819-838.

赵波, 袁安琪, 安杨. SGX在可信计算中的应用分析[J]. 网络与信息安全学报, 2021, 7(6):126-142.

ZHAO Bo, YUAN Anqi, AN Yang. Application Progress of SGX in Trusted Computing Area[J]. Chinese Journal of Network and Information Security, 2021, 7(6):126-142.

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据