CN106022167A - Social privacy protection method of multi-level attribute management center based on characteristic encryption - Google Patents
Social privacy protection method of multi-level attribute management center based on characteristic encryption Download PDFInfo
- Publication number
- CN106022167A CN106022167A CN201610498716.8A CN201610498716A CN106022167A CN 106022167 A CN106022167 A CN 106022167A CN 201610498716 A CN201610498716 A CN 201610498716A CN 106022167 A CN106022167 A CN 106022167A
- Authority
- CN
- China
- Prior art keywords
- friend
- attribute
- making
- attribute management
- management server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a social privacy protection method of a multi-level attribute management center based on characteristic encryption. A friend making sponsor uploads encrypted personal information files to a remote friend finder, and a certain kind of user-defined attribute characteristics and a friend making access control strategy are uploaded to the multi-level attribute management center; the multi-level attribute management center generates ciphertext according to the attribute characteristics and is associated with an access strategy tree corresponding to attributes; a friend making requester requests for checking friend making information of other users in the friend finder, when an attribute set of the friend making requester is matched with the access strategy tree of the friend making sponsor, the multi-level attribute management center sends a secrete key corresponding to the attribute of the friend making sponsor to the friend making requester, and the friend making requester decrypts data ciphertext of an information owner of the friend finder. The method solves the single-point fault and performance bottleneck problems of a single-authorization center, and also solves the problems that an intelligent terminal does not depend on an authorization center and accordingly monitoring difficulty is high and application scenes are limited.
Description
Technical field
The present invention relates to Computer Science and Technology field, particularly to one multi-level attribute management center feature based
The social method for secret protection of encryption.
Background technology
Along with developing rapidly of mobile social networking (MSN, Mobile Social Networks) and intelligent terminal,
User can be by sharing mood, photo in MSN at any time, and activity, hobby etc. constantly find new friend, thus
Expand further the social scope (such as intelligence circle, micro-poly-etc.) of oneself.Friend based on user property coupling is the discovery that mobile society
Hand over typical case's application in network, between user can by coupling personal attribute's file each other, find have the most emerging
The friend of interest hobby or there is the user of certain category feature.Along with the continuous intensification of the degree of experience, experience the continuous expansion of scope,
User will carry out magnanimity convergence at the real information of mobile social networking on far-end or terminal.In this process, user
Wish by mobile social networking find to be unwilling again while oneself friend interested by too much personal information Gongzhi in
Crowd, proposes new challenge also to Mobile solution service provider.
Further, the personal information of user generally contains huge commercial interest, therefore, the most usually by service provider or
Other malicious users of person are collected in the case of undelegated, excavate or are betrayed, and this adds what privacy of user was revealed virtually
Risk.Therefore, how on friend's attributes match service infrastructure that offer is good, protection individual subscriber personal secrets simultaneously, be
The hot issue that mobile social networking friend is urgently to be resolved hurrily in finding.
But prior art mostly is single trusted party and carries out attribute authority and key management, along with the increase of user is met
Performance bottleneck and key management risk problem are arrived.
Summary of the invention
The invention provides the social method for secret protection of a kind of multi-level attribute management center feature based encryption, its mesh
Be, introduce the management authorizing trusted party that the attribute of user is changed at many levels to replace traditional solution more,
Overcome the performance bottleneck of single trusted party and the problem of key management risk, can solve the problem that again user in mobile social networking simultaneously
To the fine granularity access privilege control intending coupling user during friend-making.
The present invention relates generally to following sections: encounter center (Friend Server is called for short FS), credible central authorities award
Power center (Trusted Authority is called for short TA), (Attributed Authority is called for short at multi-level attribute management center
AA), friend-making sender (Alice), friend-making requestor (Bob).
Assuming that in this programme TA is the most believable, and FS, AA are honest and curiosity, i.e. FS, AA can abide by honestly
Keep every agreement of system but also can try one's best spy on the superincumbent user file of storage.
The social method for secret protection of a kind of multi-level attribute management center feature based encryption, friend-making promoter utilizes fortune
Row APP application program on intelligent terminal, by the personal information files passe through encryption to long-range encounter center, simultaneously
The access control policy of self-defining a certain generic attribute feature and friend-making is uploaded to multi-level attribute management center;Multi-level genus
Property administrative center generate ciphertext the access strategy tree corresponding with this attribute according to attribute character and be associated;Friend-making requester requests
Check the friend-making information of other users in encounter center, when himself the visit of community set and friend-making promoter of friend-making requestor
Asking that Policy Tree matches, key corresponding for friend-making promoter's attribute is sent to hand over requestor by multi-level attribute management center, hands over
Friend requestor deciphers the data ciphertext of information owner in encounter center;
Described multi-level attribute management center includes multiple attribute management server, and multiple attribute management servers are according to belonging to
Property classification and membership relation build attribute management server structure tree, each attribute management server is by credible central authorization center
Distribution unique attribute management server identifiers;The most credible central authorization center is that each friend-making person distributes unique subscriber identification
Symbol.
The all properties feature of friend-making promoter each in encounter center is split into mutually disjoint K attribute set,
Each attribute set is by an attribute management server management on the trust chain of attribute management server structure tree;
Friend-making promoter is at attribute management server AAkOn sub-key calculate process as follows:
Key corresponding to ciphertext that one friend-making promoter is centrally generated at multi-level attribute management is not by single attribute
Management server generates and stores, but multiple attribute management server having Attribute Association relation generates respectively and stores
's;
(1) first, AAkPseudo-random function P will be selectedSK() is according to the user unique identifier GID of friend-making promoter and genus
Property management server A AkAttribute management server unique identifier AIDkCalculate the private key parts P of friend-making promoterSK(u)
=αk,u;
(2) secondly, AAkUnique community set random number ru is randomly choosed for friend-making promoter(k), for friend-making promoter
Each attribute set Au of AliceAlice_i (k)Select the attribute set random number ru differedi (k), meanwhile, for each attribute
Collection AuAlice_i (k)In each attributeSelect different attribute random number rui,j (k), ru(k)、rui (k)AndBelong to integer,
0≤i≤n, 1≤j≤r, n represent the attribute set number of friend-making promoter, and r represents that one attribute set of friend-making promoter comprises
Attribute character number;
Make attribute set AuAlice_0 (k)Corresponding random number ru0 (k)=ru(k);
(3) last, generate friend-making promoter Alice at AA according to below equationkSub-key be
Wherein,It is AA respectivelykOn two local master keys;α,β1,β2
Belong to integer, riRepresent attribute management server AAkThe attribute character quantity that comprised of higher level's attribute management server,
Represent attribute management server AAkThe attribute character quantity comprised,Represent AAkAll subordinates attribute management server comprise
Attribute character quantity;G represents the generation unit of cyclic group;
For at friend-making promoter Alice at kth attribute management server AAkSub-key composition portion
Point, it is followed successively by friend-making promoter ALICE property set zygote key on kth attribute management server, a certain generic attribute collection
Zygote key and some community set sub-key.
The cipher key processes of the friend-making promoter that the request user that makes friends obtains encounter center is as follows:
Make the friend-making promoter Alice of encounter center at kth attribute management server AAkCiphertext be CTAlice (k), its
In, access strategy is TAlice (k), the community set uploaded of friend-making requestor Bob is AuBob (k);
Attribute management server AAkCall the access control policy tree Tree (Au of friend-making requestor BobBob (k)) verify
The attribute Au of friend-making requestor BobBob (k)Whether meet the access control policy T of friend-making promoter AliceAlice (k)If meeting,
Then attribute management server AAkCorresponding sub-key is sent to friend-making requestor, and otherwise, friend-making requestor cannot obtain deciphering
Sub-key;When friend-making requestor obtains the decryption sub-key that each attribute management server sends, by the set of all sub-keys
Total key is deciphered as making friends;
Wherein, access control policy tree uses CP-ABE to carry out friend-making promoter or the attribute of requestor and friend-making strategy
Encryption obtains.
Described attribute management server AAkCall the access control policy tree Tree (Au of friend-making requestor BobBob (k)) come
The attribute Au of checking friend-making requestor BobBob (k)Whether meet the access control policy T of AliceAlice (k)Detailed process as follows:
For arbitrary node x, Tree in access strategyx(AuBob (k)) return a set SxIf, AuBob (k)It is unsatisfactory for
Access control policy then Tree (AuBob (k)) return empty set, otherwise, from set Tx(AuBob (k)) select a label i, save from root
Point starts recursive call decryption function and is decrypted each node in the access control policy tree of friend-making data requester, sentences
The scope control strategy that the access control policy whether friend-making data owner with encounter center of friend request user that breaks off a friendship is arranged
Coupling, if can mate, then successful decryption, attribute management server the most corresponding in multi-level attribute management provide phase
The sub-key answered is to friend-making data requester, otherwise, deciphers unsuccessfully, it is impossible to obtain key.
If friend-making requestor meets the access strategy of the promoter that makes friends on all K attribute management centers, first by following
Formula obtains deciphers middle parameter Q:
But according to deciphering in the middle of parameter Q ciphertext is decrypted acquisition e (g, g)αθ:
Wherein, C(k)The ciphertext of the friend-making promoter on expression kth attribute management server, Du(k)For friend-making promoter
At the private key parts of the supercentral community set of kth attribute management, θ and α represents a decrypted random integer, F(k)For node k
On decryption function value, e (g, g) represent bilinear map,Represent a bilinear map based on user property, au(k)According to user unique identifier GID and attribute management server unique identifier AIDkThe private key for user parts generated, DuserFor
The deciphering parameter of friend-making requestor it is presented to by trusted authorization center.
Described friend-making promoter Alice at all total keys of AA attribute is:
Wherein, DAliceRepresent a deciphering parameter, please for meeting the friend-making of the access strategy tree that friend-making person Alice is arranged
The person of asking carries out file decryption, credible central authorization center TA issue.
Beneficial effect
The invention provides the social method for secret protection of a kind of multi-level attribute management center feature based encryption, make friends
User will be applied in the dating system of multiple attribute authority containing the encryption attribute scheme of ciphertext rule, it is achieved that both propped up
Hold many authorization center, support again to customize the friend-making scheme of fine granularity access strategy in the way of attribute set.During deciphering, user's
Community set first must can obtain decruption key by the checking of ciphertext in each authentication center rule, thus just
Really deciphering obtains the message of user in plain text.In this way, Single Point of Faliure and the performance bottleneck of single authorization center are i.e. solved
Problem, solves again that intelligent terminal is independent of authorization center and the supervision difficulty that produces is high and the problem of application scenarios limitation.Peace
Complete and performance evaluation shows, scheme herein is more more effective than existing scheme.
(1) key management is carried out by setting up many authorization attributes center.The private key phase of each friend-making user property and user
Association.The most different users has independent private key, can avoid multiple users share key and the disclosure risk brought.
(2) by management and computation key in many rights issuer system, the operating pressure of single attribute authority is alleviated, fall
The low system dependency to single authorization center, it is to avoid Single Point of Faliure and performance bottleneck.
(3) reach fine-grained access of friend-making user is controlled by the secure access access rights of user setup.Hand over
Friend data owner (Data Owner), before upper transmitting file, arranges different access strategies for different personal information files
(Policy).Being controlled by access strategy in ciphering process so that access strategy is embedded in ciphertext, the request of friend-making is used
When family only surely belongs to the access strategy of sexual satisfaction ciphertext, just have retrieval permissions and corresponding ciphertext can be deciphered.
(4) collusion resistant.If one group of user not having anyone have permission some private data of access, then it
Even if the cipher key combinations of oneself the most also cannot realize deciphering the purpose of these data.
Accompanying drawing explanation
Fig. 1 is the application scenarios figure of the method for the invention;
Fig. 2 is System Initialization time figure;
Fig. 3 is that system key generates time diagram;
Fig. 4 is system encryption time diagram;
Fig. 5 is the encryption times figure of different size file.
Detailed description of the invention
Below in conjunction with drawings and Examples, the present invention is described further.
Friend-making process general frame figure is as it is shown in figure 1, friend-making process is as follows:
Step 1: system initialization, generates system PKI and system master key.
Credible central authorization center TA is that all friend-making users distribute the GID of a unique overall situation as user identity mark
Know, and be respectively allocated a unique mark AID for all properties management server A A.GID is typically the identity number of user
Word signature character string, all of AA all can verify that the verity of GID and the GID of user illegally can not be obtained by other users.
In this programme, the implication of relevant character variable sees table 1;
Table 1 denotational description table
In system initialisation phase, TA specifies depth of recursion dep limited in key structure, convenient the most false in order to describe
If dep=2.TA randomly chooses PKI and generates parameter alpha, { β1,β2,...,βdepth}∈Zp, as the calculating parameter of TA master key,
Can calculate system PKI is:
System master key is:
MK0={ β1,β2,gα} (2)
Step 2: credible central authorization center TA authorizes to subordinate's attribute management center AA, generates attribute management center AA's
Master key
(1) after TA has initialized, it will one-level AA is authorized.First it is that each AA generates an overall mark
AID, it is assumed that the community set of AA management is Λ={ A0,A1,...,An, A0Represent is the genus of ground floor authorization center management
Temper collection, AiRepresent the attribute set (dep=2) of the 2nd layer of authorization center management, ai,jRepresent attribute set AjMiddle jth attribute.
M represents AjThe number of middle attribute, when AA is carried out initializing and authorizes by TA, TA randomly chooses r and represents Λ, r and should represent one
The set of integer, calculates each attribute for convenience and assumes that it is an integer, ri,j∈ZpRepresent ai,j∈Ai, 0≤i≤n, 1≤j
≤ m carries out the master key of first order calculation AA:
In above-mentioned key, D, Di,j,D′i,jRepresent the ingredient of key, E respectivelyiDecipher for switching node, can be to genus
Property is carried out across sets match.During conversionCan be from ri' transposition ri。
Step 3: user key generates.
Friend-making promoter (data owner) Alice wants that the encounter center by mobile social networking is found and had a certain class
The user of attribute character, then first Alice will arrange a series of friend-making attribute character and friend-making strategy uploads to authorize more
Attribute management center, for ensureing safety and the high availability of service, user's Alice all properties feature AuAliceTo be split into
K part of mutually disjointing is managed jointly by K attribute management center on attribute trust chain.
Assume that user Alice friend-making user is at kth (1≤k≤K) AAkOn community set be:
Wherein AuAlice_0 (k)Represent the set that single attribute forms, AuAlice_1 (k)To AuAlice_n (k)Represent that the degree of depth is 2
Attribute set.Represent attribute set AuAlice_i (k)Middle jth attribute.m
Represent AuAlice_i (k)The number of middle attribute, then the sub-key at kth attribute management center of user Alice calculates process
As follows:
(1) first, AAkPseudo-random function P will be selectedSK() is according to GID and AID of AlicekCalculate user Alice's
Private key parts PSK(u)=αk,u。
Secondly, (2) AAkUnique random number ru is randomly choosed for user(k)∈ZP, for each attribute set AuAlice_i (k)
∈AuAlice (k)Select n the random number ru differedi (k)∈Zp(i=1,2 ..., n), for set AuAlice_0 (k)If, ru0 (k)=ru(k), also it is Au simultaneouslyAlice_i (k)In each attributeSelect different random number rui,j (k)∈Zp(0≤i≤n,1
≤j≤r)。
(3) last, generate user Alice at AAkSub-key be
WhereinIt is AA respectivelykOn two local master keys.Represent in the Alice key ingredient at k-th attribute center.So, user Alice at all AA
The total key of attribute is:
Wherein DAliceRepresent a deciphering parameter, be used for meeting Alice feature (access strategy tree) user that sets a property and enter
The deciphering of style of writing part, is issued by TA.
Step 4: AES
When Alice submission attribute to AAkIn, AAkCP-ABE will be used to generate according to attribute, the access strategy of attribute character
Tree, uses T(k)Representing, computation rule is as follows:
T(k)From AAkThe downward each node x of root node R(k)An all corresponding multinomial qx.For non-leaf nodes, qxRank
(use dxRepresent) be that the threshold value of node x subtracts 1, i.e. dx=kx-1.If x(k)For leaf node, then qxRank be 0, i.e. dx=0.Right
Dig up the roots the arbitrary node x outside node(k), qx(0)=qparent(x)(index (x)), other values polynomial randomly choose.For
Root node qR(0)=θ, θ ∈ ZpOther randomly choose, and utilize lagrange polynomial to determine qxThresholding multinomial.Use Y(k)Table
Show all leaf node y(k)Set, X(k)Represent all non-leaf nodes x(k)Set, then generate AAkUpper access strategy
Ciphertext be:
Similarly, performing similar access strategy ciphering process at other K-1 attribute management center, last Alice obtains
Ciphertext and its access strategy to plaintext M be:
NoteIt is retained in many authorization attributes administrative center for other request users that makes friends
Verify, noteFor access strategy ciphertext.
Step 4: decipherment algorithm
Because this programme being assumed, encounter center server is honest and curiosity, so Alice is by clear data M
Before reaching long-range encounter center server, a random number θ ∈ Z must be selectedp, and utilize announcement e (g, g)αCalculate
CiphertextTo simultaneouslyUpload to encounter center:
Honest and curious model (Honest-but-Curious, HBC): this type of assailant does not the most destroy agreement flow process,
But it is attempt among the information oneself obtained use more technological means to obtain the more privacy information of user.(such as: logical
Cross the consumption habit of user every day to speculate the credit line of user, or the medical web site paid close attention to by user understands user
Health), in this article, the friend-making user participating in coupling is belonging to the assailant of honesty and curiosity, the most internal
Assailant.
Assuming user Bob to want by dating site finds a certain position to have the friend of a certain class special characteristic, then Bob
Firstly the need of arranging one group of self characteristic attribute set, AuBob (k)And upload to attribute management center { AA1,AA2,...,AAk}
It is used for applying for decruption key, it is assumed that the access strategy of user Bob is distributed on W AA, and user Bob has in K attribute management
The private key parts that scheming is calculated, then, during and if only if K >=W, can be computed correctly out key e (g, the g of Alice encrypting plaintext M
)αθ。
Key e (g, g)αθCalculating process is as follows:
Assume that Alice is at kth attribute management center AAkCiphertext be CTAlice (k), wherein access strategy is TAlice (k),
The community set uploaded of Bob is AuBob (k), then AAkTree (Au will be calledBob (k)) verify the attribute Au of BobBob (k)It is
The no access control policy T meeting AliceAlice (k), Tree (AuBob (k)) algorithm employing recursive fashion realization.For access strategy
In arbitrary node x, Treex(AuBob (k)) return a set SxIf, AuBob (k)It is unsatisfactory for access control policy then Tree
(AuBob (k)) return empty set, otherwise algorithm is from set Tx(AuBob (k)) select a label i, start recursive call letter from root node
NumberDecryptNode function is defined as follows:
(1) if x is ∈ Y(k), when x is leaf node,Function is defined as:
WhenThen
WhenBecauseIt is the element on G, it is therefore assumed thatThen:
(2) ifWhen i.e. x is non-leaf nodes,Carry out following recurrence
Calculate:
If BxIt is any kxThe set that the child node of individual node x is constituted, if any of which child node z ∈ Bx, it is full that and if only if
During foot following two condition: the nonempty set S that DecryptNode returnsZ(i∈SZ), there is i ' ≠ i, i ' ∈ SZ, and node z is
During one switching node being decrypted node z, otherwise function returns null.
For z ∈ BxIf, i ∈ SZ, then function is calledFunction result is saved in FZ
In.If i ' is ∈ SZ, i ' ≠ i, then call functionFunction result is saved in FZIn '.
If 1. i=0, then without conversion, can directly calculate:
If 2. i ≠ 0, then carry out node conversion:
To each z ∈ BxChild node calculate FzAfter, utilize Lagrange's interpolation can obtain the F of node xx,Wherein iz=index (z), S 'z={ index (z): z ∈ Bx, Lagrange coefficient is:
Upwards recurrence, can obtain at root node RFunctional value is:
When i ≠ 0, rightChange:
If the attribute character of friend-making requestor meets the access strategy of all K authorization center, i.e.Without empty
Value, then carry out e calculated as below (g, g)αθ, carry out calculate deciphering parameter:
Thus can obtain:
Obtain as follows, final successful decryption.
Experiment will add based on the big several storehouses of Stanford University PBC (https: //crypto.stanford.edu/pbc/)
Close and deciphering computing, hardware configuration is the valiant dragon of CPUTM8X74AC 801 processor host frequency 2.5GHz, LPDDR3 933MHz 3G is high
Speed internal memory, supports bluetooth 4.0 and WiFi two-frequency signal, and programmed environment uses Eclipse development platform, utilizes java applet to design
Language carries out code development, and data simulation uses OriginPro2016.
This programme assumes that user Alice has different characteristic attributes, such as with to music under different living scenes
Interest, the interest to film, the interest etc. to body-building, show according to the investigation of Tengxun's microblogging, the interest characteristics of general user
Fine-grained description can be obtained in 100 range of attributes.Therefore this programme assumes that the characteristic attribute of user is respectively from 0-100
When carrying out being incremented by, the initialization time of system, key generates the time, encryption attribute time and [Li] [Chase] agreement difference
The opposite sex.
Fig. 2 illustrate under same access strategy, illustrate this programme along with attribute be incremented by time, attribute increase to system
Initializing impact little, simultaneity factor initialization time is more much smaller than other schemes, this is because have employed more at this programme
Access strategy tree flexibly, and the hierarchy of system and access strategy tree determine the initialized time.Simultaneously in scheme
[Li] [Chase] employs bilinearity repeatedly calculate.Therefore, on computing cost, scheme herein is more efficient, specifically counts
According to being shown in Table 2.
Table 2 System Initialization time
Fig. 3 illustrates that each attribute management center produces the generation time of sub-key, and in this programme, attribute is by multiple mandates
Center AA manages, and therefore, multiple AA have shared the computing cost of the generation of key.Meanwhile, data owner when Update attribute,
Only need to calculate new attribute cyphertext component.So key herein generates shortest time, concrete data are shown in Table 3.
Table 3 system key generates the time
Fig. 4 explanation is incremented by along with attribute, and the time that in this programme, clear text file is encrypted by data owner, in the present invention
Encipherment scheme in the size of key that generates be about about 72kb, encryption has the plaintext of 100 attributes to have only to 5 seconds, encryption
Time is only the half of [Li] scheme, this is because increase from needs for designing user signature in [Li] [Chase] scheme
Add sizable time overhead effect.Concrete data are shown in Table 4.
The table 4 system encryption time
Fig. 5 explanation is along with the change of encrypted file size, and the change of encryption times, in this programme, because data institute
The person of having has only to send the attribute updated and to AA rather than updates whole community set.Therefore, this programme encrypt file time
Wait calculating fastest.Meanwhile, because ABE mechanism uses symmetric encipherment algorithm, therefore in file size to (>=64MB)
When, the execution time of symmetric encipherment algorithm is main time, and he is affected not quite by Update attribute change.Concrete data are shown in
Table 5.
Table 5 file size change user's encryption and decryption time
In mobile social networking, maximized enhancing contact each other with exchange, simultaneously the most again protection user
People's privacy concern is a study hotspot in current privacy protection direction.This programme on based on cryptographic Research foundation,
Propose the cryptographic protocol based on attribute authorizing multi-levelization, it is achieved that the privacy of mobile social networking friend-making coupling is protected more
Protect.The program improves the friend-making efficiency in mobile social networking so that user can visit with setting themselves in fine-grained discovery
Ask the user that control strategy matches, simultaneously as matching primitives process is responsible for calculating by many authorization center, solve in the past
The performance bottleneck of single authorization center and cipher key management considerations, also mitigate computing cost on intelligent terminal simultaneously.By peace
Complete and performance evaluation, it is found that the agreement that this programme proposes can terminal calculate resource-constrained in the case of find more
The user joined, more more effective than conventional agreement.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, that is made any repaiies
Change, equivalent, improvement etc., should be included within the scope of the present invention.
Claims (6)
1. the social method for secret protection of a multi-level attribute management center feature based encryption, it is characterised in that make friends and send out
Play person's utilization and operate in the APP application program on intelligent terminal, will be through the personal information files passe of encryption to long-range friendship
Friend center, uploads to the access control policy of self-defining a certain generic attribute feature and friend-making in multi-level attribute management simultaneously
The heart;Multi-level attribute management center generates ciphertext according to attribute character and the access strategy tree corresponding with this attribute is associated;Hand over
Friend's requester requests checks the friend-making information of other users in encounter center, when friend-making requestor himself community set and friendship
The access strategy tree of friend promoter matches, and key corresponding for friend-making promoter's attribute is sent to by multi-level attribute management center
Friend-making requestor, friend-making requestor deciphers the data ciphertext of information owner in encounter center;
Described multi-level attribute management center includes multiple attribute management server, and multiple attribute management servers are according to Attribute class
Other and membership relation builds attribute management server structure tree, and each attribute management server is distributed by credible central authorization center
Unique attribute management server identifiers;The most credible central authorization center is that each friend-making person distributes unique user identifiers.
Method the most according to claim 1, it is characterised in that by all properties of friend-making promoter each in encounter center
Feature splits into mutually disjoint K attribute set, on each attribute set trust chain by attribute management server structure tree
The management of attribute management server;
Friend-making promoter is at attribute management server AAkOn sub-key calculate process as follows:
(1) first, AAkPseudo-random function P will be selectedSK() is according to the user unique identifier GID of friend-making promoter and attribute pipe
Reason server A AkAttribute management server unique identifier AIDkCalculate the private key parts P of friend-making promoterSK(u)=
αK, u;
(2) secondly, AAkUnique community set random number ru is randomly choosed for friend-making promoter(k), friend-making promoter Alice is
Each attribute setSelect the attribute set random number differedMeanwhile, for each attribute set
In each attributeSelect different attribute randoms numberAndBelong to integer, 0≤i≤n, 1≤
J≤r, n represent the attribute set number of friend-making promoter, and r represents the attribute character that one attribute set of friend-making promoter comprises
Number;
Make attribute setCorresponding random number ru0 (k)=ru(k);
(3) last, generate friend-making promoter Alice at AA according to below equationkSub-key be
Wherein,It is AA respectivelykOn two local master keys;α, β1, β2All belong to
In integer, riRepresent attribute management server AAkThe attribute character quantity that comprised of higher level's attribute management server,Represent
Attribute management server AAkThe attribute character quantity comprised,Represent AAkThe attribute that comprises of all subordinates attribute management server
Feature quantity;G represents the generation unit of cyclic group;
For at friend-making promoter Alice at kth attribute management server AAkSub-key ingredient, depend on
Secondary property set zygote key for friend-making promoter Alice on kth attribute management server, a certain generic attribute collection zygote are close
Key and some community set sub-key.
Method the most according to claim 2, it is characterised in that the request user that makes friends obtains the friend-making promoter of encounter center
Cipher key processes as follows:
Make the friend-making promoter Alice of encounter center at kth attribute management server AAkCiphertext be CTAlice (k), wherein,
Access strategy is TAlice (k), the community set uploaded of friend-making requestor Bob is
Attribute management server AAkCall the access control policy tree of friend-making requestor BobVerify friend-making request
The attribute of person BobWhether meet the access control policy T of friend-making promoter AliceAlice (k)If meeting, then attribute pipe
Reason server A AkCorresponding sub-key is sent to friend-making requestor, and otherwise, friend-making requestor cannot obtain decryption sub-key;
When friend-making requestor obtains the decryption sub-key that each attribute management server sends, using the set of all sub-keys as friend-making
Decipher total key;
Wherein, access control policy tree uses CP-ABE to be encrypted friend-making promoter or the attribute of requestor and friend-making strategy
Obtain.
Method the most according to claim 3, it is characterised in that described attribute management server AAkCall friend-making requestor
The access control policy tree Tree (Au of BobBob (k)) verify the attribute Au of friend-making requestor BobBob (k)Whether meet Alice's
Access control policy TAlice (k)Detailed process as follows:
For arbitrary node x, Tree in access strategyx(AuBob (k)) return a set SxIf, AuBob (k)It is unsatisfactory for accessing
Control strategy then Tree (AuBob (k)) return empty set, otherwise, from set Tx(AuBob (k)) select a label i, open from root node
Each node in the access control policy tree of friend-making data requester is decrypted by beginning recursive call decryption function, it is judged that hand over
The scope control strategy matching that the access control policy of friend request user whether friend-making data owner with encounter center is arranged,
If can mate, then successful decryption, attribute management server the most corresponding in multi-level attribute management provide corresponding
Sub-key is to friend-making data requester, otherwise, deciphers unsuccessfully, it is impossible to obtain key.
Method the most according to claim 4, it is characterised in that if friend-making requestor meets all K attribute management centers
The access strategy of upper friend-making promoter, obtains the most as follows and deciphers middle parameter Q:
But according to deciphering in the middle of parameter Q ciphertext is decrypted acquisition e (g, g)αθ:
Wherein, C(k)The ciphertext of the friend-making promoter on expression kth attribute management server, Du(k)For friend-making promoter in kth
The private key parts of the supercentral community set of individual attribute management, θ and α represents a decrypted random integer, F(k)For on node k
Decryption function value, e (g, g) represents bilinear map,Represent a bilinear map based on user property, au(k)For
According to user unique identifier GID and attribute management server unique identifier AIDkThe private key for user parts generated, DuserServe as reasons
The deciphering parameter of friend-making requestor is presented at trusted authorization center.
6. according to the method described in any one of claim 2-5, it is characterised in that described friend-making promoter Alice is owning
The total key of AA attribute is:
Wherein, DAliceRepresent a deciphering parameter, for meeting the friend-making requestor of the access strategy tree that friend-making person Alice is arranged
Carry out file decryption, credible central authorization center TA issue.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610498716.8A CN106022167A (en) | 2016-06-30 | 2016-06-30 | Social privacy protection method of multi-level attribute management center based on characteristic encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610498716.8A CN106022167A (en) | 2016-06-30 | 2016-06-30 | Social privacy protection method of multi-level attribute management center based on characteristic encryption |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106022167A true CN106022167A (en) | 2016-10-12 |
Family
ID=57104428
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610498716.8A Pending CN106022167A (en) | 2016-06-30 | 2016-06-30 | Social privacy protection method of multi-level attribute management center based on characteristic encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106022167A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106656997A (en) * | 2016-11-09 | 2017-05-10 | 湖南科技学院 | Mobile social network based agent proxy re-encryption cross-domain friend-making privacy protection method |
CN108881291A (en) * | 2018-07-19 | 2018-11-23 | 上海海事大学 | A kind of weight properties base encryption method based on layered authorization mechanism |
CN109121269A (en) * | 2018-09-13 | 2019-01-01 | 江苏科技大学 | A kind of harbour Intelligent illumination management system and its access control method |
CN110532792A (en) * | 2019-08-29 | 2019-12-03 | 冷杉云(北京)科技股份有限公司 | A kind of inspection method and system of privacy information |
CN110825888A (en) * | 2019-11-15 | 2020-02-21 | 海南大学 | Multidimensional hierarchical interaction mechanism capable of defining privacy ambiguities |
CN112069513A (en) * | 2020-08-12 | 2020-12-11 | 福建师范大学 | Encryption method and system capable of sharing decryption |
CN112989375A (en) * | 2021-03-05 | 2021-06-18 | 武汉大学 | Hierarchical optimization encryption lossless privacy protection method |
CN114745200A (en) * | 2022-05-07 | 2022-07-12 | 湖南科技学院 | Malicious code detection method based on malicious code dynamic evidence obtaining model |
CN115242490A (en) * | 2022-07-19 | 2022-10-25 | 北京计算机技术及应用研究所 | Group key secure distribution method and system under trusted environment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110238482A1 (en) * | 2010-03-29 | 2011-09-29 | Carney John S | Digital Profile System of Personal Attributes, Tendencies, Recommended Actions, and Historical Events with Privacy Preserving Controls |
CN103457725A (en) * | 2013-07-02 | 2013-12-18 | 河海大学 | Encryption method for multiple authorization centers |
CN103618729A (en) * | 2013-09-03 | 2014-03-05 | 南京邮电大学 | Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage |
CN103647644A (en) * | 2013-12-26 | 2014-03-19 | 北京航空航天大学 | Attribute-based encryption method for achieving hierarchical certification authority |
-
2016
- 2016-06-30 CN CN201610498716.8A patent/CN106022167A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110238482A1 (en) * | 2010-03-29 | 2011-09-29 | Carney John S | Digital Profile System of Personal Attributes, Tendencies, Recommended Actions, and Historical Events with Privacy Preserving Controls |
CN103457725A (en) * | 2013-07-02 | 2013-12-18 | 河海大学 | Encryption method for multiple authorization centers |
CN103618729A (en) * | 2013-09-03 | 2014-03-05 | 南京邮电大学 | Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage |
CN103647644A (en) * | 2013-12-26 | 2014-03-19 | 北京航空航天大学 | Attribute-based encryption method for achieving hierarchical certification authority |
Non-Patent Citations (2)
Title |
---|
JOHN BETHENCOURT ETC.: ""Ciphertext-Policy Attribute-Based Encryption"", 《IEEE SYMPOSIUM ON SECURITY AND PRIVACY》 * |
邵菊: ""一种基于隐私保护的云端访问控制系统"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106656997B (en) * | 2016-11-09 | 2019-06-18 | 湖南科技学院 | One kind being based on the cross-domain friend-making method for secret protection of mobile social networking proxy re-encryption |
CN106656997A (en) * | 2016-11-09 | 2017-05-10 | 湖南科技学院 | Mobile social network based agent proxy re-encryption cross-domain friend-making privacy protection method |
CN108881291A (en) * | 2018-07-19 | 2018-11-23 | 上海海事大学 | A kind of weight properties base encryption method based on layered authorization mechanism |
CN108881291B (en) * | 2018-07-19 | 2020-12-22 | 上海海事大学 | Weight attribute base encryption method based on hierarchical authorization mechanism |
CN109121269A (en) * | 2018-09-13 | 2019-01-01 | 江苏科技大学 | A kind of harbour Intelligent illumination management system and its access control method |
CN110532792B (en) * | 2019-08-29 | 2022-03-15 | 冷杉云(北京)科技股份有限公司 | Method and system for checking privacy information |
CN110532792A (en) * | 2019-08-29 | 2019-12-03 | 冷杉云(北京)科技股份有限公司 | A kind of inspection method and system of privacy information |
CN110825888A (en) * | 2019-11-15 | 2020-02-21 | 海南大学 | Multidimensional hierarchical interaction mechanism capable of defining privacy ambiguities |
CN112069513B (en) * | 2020-08-12 | 2022-09-27 | 福建师范大学 | Encryption method and system capable of sharing decryption |
CN112069513A (en) * | 2020-08-12 | 2020-12-11 | 福建师范大学 | Encryption method and system capable of sharing decryption |
CN112989375A (en) * | 2021-03-05 | 2021-06-18 | 武汉大学 | Hierarchical optimization encryption lossless privacy protection method |
CN112989375B (en) * | 2021-03-05 | 2022-04-29 | 武汉大学 | Hierarchical optimization encryption lossless privacy protection method |
CN114745200A (en) * | 2022-05-07 | 2022-07-12 | 湖南科技学院 | Malicious code detection method based on malicious code dynamic evidence obtaining model |
CN114745200B (en) * | 2022-05-07 | 2024-05-24 | 湖南科技学院 | Malicious code detection method based on malicious code dynamic evidence obtaining model |
CN115242490A (en) * | 2022-07-19 | 2022-10-25 | 北京计算机技术及应用研究所 | Group key secure distribution method and system under trusted environment |
CN115242490B (en) * | 2022-07-19 | 2023-09-26 | 北京计算机技术及应用研究所 | Group key secure distribution method and system in trusted environment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106022167A (en) | Social privacy protection method of multi-level attribute management center based on characteristic encryption | |
Zhong et al. | Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage | |
Li et al. | Searchable ciphertext‐policy attribute‐based encryption with revocation in cloud storage | |
Zhang et al. | Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing | |
Luo et al. | Hierarchical multi-authority and attribute-based encryption friend discovery scheme in mobile social networks | |
Miao et al. | m 2-ABKS: Attribute-based multi-keyword search over encrypted personal health records in multi-owner setting | |
CN114039790B (en) | Fine-grained cloud storage security access control method based on blockchain | |
Sun et al. | Multi-keyword searchable and data verifiable attribute-based encryption scheme for cloud storage | |
Zaghloul et al. | P-MOD: Secure privilege-based multilevel organizational data-sharing in cloud computing | |
CN106656997B (en) | One kind being based on the cross-domain friend-making method for secret protection of mobile social networking proxy re-encryption | |
CN103618729A (en) | Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage | |
CN108040056A (en) | Safety medical treatment big data system based on Internet of Things | |
CN108600174B (en) | Access control mechanism of large cooperative network and implementation method thereof | |
Huang et al. | Efficient revocable storage attribute-based encryption with arithmetic span programs in cloud-assisted internet of things | |
CN106612169A (en) | Safe data sharing method in cloud environment | |
Premkamal et al. | Dynamic traceable CP‐ABE with revocation for outsourced big data in cloud storage | |
Li et al. | Traceable ciphertext-policy attribute-based encryption with verifiable outsourced decryption in ehealth cloud | |
CN104618366B (en) | A kind of network archives safety management system and method based on attribute | |
CN106487792A (en) | A kind of power marketing cloud storage encryption method and system | |
Wang et al. | Attribute-based equality test over encrypted data without random oracles | |
Sammy et al. | An efficient blockchain based data access with modified hierarchical attribute access structure with CP-ABE using ECC scheme for patient health record | |
Qin et al. | Flexible and lightweight access control for online healthcare social networks in the context of the internet of things | |
Guo et al. | A multi-factor combined data sharing scheme for vehicular fog computing using blockchain | |
Zhou et al. | Secure fine-grained friend-making scheme based on hierarchical management in mobile social networks | |
CN108763944A (en) | Multicenter large attribute Domain Properties base encryption method can be revoked safely in calculating in mist |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161012 |
|
RJ01 | Rejection of invention patent application after publication |