CN108390876B - Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server - Google Patents
Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server Download PDFInfo
- Publication number
- CN108390876B CN108390876B CN201810149575.8A CN201810149575A CN108390876B CN 108390876 B CN108390876 B CN 108390876B CN 201810149575 A CN201810149575 A CN 201810149575A CN 108390876 B CN108390876 B CN 108390876B
- Authority
- CN
- China
- Prior art keywords
- user
- key
- ciphertext
- service provider
- cloud service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
The invention belongs to the technical field of protocols as characteristics, and discloses a method for supporting revocation of outsourcing and verification of access control of multiple authorization centers and a cloud server, wherein the method comprises the following steps: system initialization, including initialization of a global authentication center and other authorization centers; the authorization center distributes an attribute set for the user and generates a key required by decryption for the user; encrypting the file by the data owner, wherein the encryption process comprises outsourcing encryption, verification of an outsourcing result and final encryption of the data owner; a user sends a file access request to a cloud service provider, and the process comprises outsourcing decryption by the cloud service provider, verifying an outsourcing result and finally decrypting the user; certain users or certain attributes in the system are revoked. The method has the advantages of high system access efficiency, low calculation overhead, support of dynamic user authority management and the like, and can be used for protecting the safety of private data of the user in cloud storage, reducing the calculation overhead of the user and dynamically managing the authority of the user in the system.
Description
Technical Field
The invention belongs to the technical field of protocols as characteristics, and particularly relates to a method for supporting revocation of outsourcing and verification of access control of multiple authorization centers and a cloud server.
Background
Currently, the current state of the art commonly used in the industry is such that:with the continuous development of information technology, the life of people is greatly improved. Among them, the development of cloud computing is rapid, and people attract extensive attention. Cloud computing is an entity with huge computing capacity and storage capacity, and is a transmission method of network storage, virtualization, load balancing, distributed computing, parallel computing, utility computing and the likeThe product of the combination of statistical computing technology and network technology development. It is powerful in that it can distribute computing resources dynamically to users over a network. Meanwhile, the user can store own data or resources in the cloud server, or outsource some complex computing tasks to a cloud service provider. In this way, the user is no longer limited by the geographical location and limited computing resources, and in addition, complex computing tasks can be deployed on remote distributed computers, which marginalizes the computing and greatly improves the computing efficiency. The cloud storage is a data outsourcing service technology derived and developed from a cloud computing concept, and means that a large number of various different types of storage devices in a network are gathered through application software to cooperatively work to provide data to the outside through functions such as cluster application, network technology or a distributed file system, and the cloud storage has the advantages of being low in cost, easy to use in interface and high in expandability. It is not very safe for the user to store the sensitive data of the user in the cloud. Cloud providers are not fully trusted and may compromise users' data by virtue of interests colluding with illegitimate users. The security and lack of control of data are the biggest hurdles that hinder the development of cloud storage. Access control can ensure that only authorized users can access sensitive data, which is considered as an important means for solving the security problem of cloud storage. However, the conventional access control scheme has many problems, it cannot be applied to a finer-grained and more flexible access control environment, and a trusted entity is required to implement an access control policy. An access control scheme based on attribute encryption can solve the above problems, and is considered to be an access control technology suitable for being applied to protecting data security in a cloud storage environment. Attribute-based encryption mechanisms have evolved over identity-based encryption mechanisms. In 2005, Sahai and Waters first proposed the concept of attribute-based encryption (ABE). It is a more flexible encryption mechanism that supports one-to-many than traditional public key encryption. In the attribute-based encryption system, the original identification representing the user identity is expanded into a series of attributes, and a ciphertext and a user key are respectively identified by an access control strategy and a describable attribute set. By introducing an access structure, it can be guaranteedOnly users whose attribute sets satisfy the access policy can successfully decrypt the ciphertext. The encryption mechanism based on the attribute greatly reduces the calculation overhead of encryption and decryption of users, can ensure the confidentiality of data, and is suitable for the condition of numerous users in a distributed environment. Attribute-based encryption is divided into two categories: (1) attribute encryption for ciphertext policy (CP-ABE): in the attribute encryption of the ciphertext strategy, ciphertext corresponds to an access control strategy, namely, an encryptor defines a control strategy and some attributes, wherein the strategy is used for encrypting the ciphertext, and the attributes are used for describing a secret key of a user; (2) attribute encryption for key policy (KP-ABE): in the attribute encryption of the key policy, the key corresponds to the access control policy, and the encryption process is opposite to that of the ciphertext policy. Although both KP-ABE and CP-ABE can realize fine-grained access control, CP-ABE can make the data owner decide the specific access control strategy, therefore CP-ABE is regarded as the most suitable data access control scheme in cloud storage. In the CP-ABE scheme, each legitimate user in the system is assigned certain attributes, and a key for each user is generated according to the attribute set of each user. The data owner firstly encrypts the data plaintext by using a symmetric key, then encrypts the key by using a public key encryption method, and in the public key encryption process, the data owner comprises an access structure T. If a user wants to decrypt the ciphertext, its attributes must satisfy the access structure T. The data owner enforces its access control policy by setting the access structure T. Existing CP-ABE schemes are mostly based on one rights issuer, where all keys are managed and issued. However, in practical applications, a user may have attributes granted from multiple rights issuer, and a data owner may also share data to users managed by other rights issuer. For example, in a medical cloud system, patients may share their medical record data with doctors who are granted by medical institutions and with researchers who are granted by research institutes and who are from different attribute domains, so the multi-authority CP-ABE scheme is more suitable for use in a cloud storage system. In attribute-based encryption systems, the computational overhead of the encryption and decryption stages is also not small. In the processIt is a good choice to outsource part of the computing to a cloud service provider. However, the cloud facilitator is not fully trusted and may only perform partial computations, return an intermediate value, or deliberately return an erroneous result. Therefore, it is very important to provide a method capable of verifying the computing result of the cloud service provider. In addition, the access control technology based on attribute encryption also brings great management burden, and especially the revocation problem is always troublesome. On one hand, the number of users in the cloud storage system is huge, and the users may frequently replace the users. In addition, the user's attributes may also change frequently. The user may be granted certain new attributes and may be revoked certain current attributes, with his access rights to the data being changed. On the other hand, when the authority of a certain user needs to be revoked, the related ciphertext needs to be re-encrypted, and the file after re-encryption cannot be decrypted by the previous key any more, so that other affected users need to upgrade the key to decrypt, and each user is no longer independent and mutually interferes with each other. In addition, if the rights are revoked frequently, the computational burden is also large, and the dynamic property increases the overhead and difficulty of updating the key. Most of the prior art is not efficient enough and does not support flexible revocation of users and attributes in a cloud storage system, so that a method for supporting revocation outsourcing and verifying access control of multiple authorization centers is necessary.
In summary, the problems of the prior art are as follows:the prior art is not efficient enough, and does not support flexible revocation of users and attributes in a cloud storage system; the calculation complexity is high, the cost is large, and the cancellation is difficult.
The difficulty and significance for solving the technical problems are as follows:the access control technology based on attribute encryption also brings great management burden, and especially the revocation problem is always troublesome. On one hand, the number of users in the cloud storage system is huge, and the users may frequently replace the users. In addition, the user's attributes may also change frequently. The user may be granted some new attributes or may be revoked some current attributes, and his access right to the data may followAnd (3) changing the operation. On the other hand, when the authority of a certain user needs to be revoked, the related ciphertext needs to be re-encrypted, and the file after re-encryption cannot be decrypted by the previous key any more, so that other affected users need to upgrade the key to decrypt, and each user is no longer independent and mutually interferes with each other. In addition, if the rights are revoked frequently, the computational burden is also large, and the dynamic property increases the overhead and difficulty of updating the key.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an access control method for a verifiable multi-authorization center and a cloud server, which support outsourcing revocation.
The invention is realized in such a way that a method for supporting revocation of outsourcing and verification of access control of multiple authorization centers comprises the following steps: initializing a global authentication center CA and other authorization centers AA, distributing corresponding identity identifiers for all authorization centers and users in the system, and generating global public parameters and keys required by encryption; the authorization center distributes an attribute set for the user and generates a key required by decryption; encrypting the file by the data owner; a user sends a file access request to a cloud service provider; certain users or certain attributes in the system are revoked.
Further, the key includes: the agent key which is stored in the cloud end and used for completing partial decryption and the user private key which is kept by the user and used for completing final decryption;
the encryption process comprises the steps that a cloud service provider conducts partial encryption calculation, a generated ciphertext is sent to a data owner, and the data owner completes final encryption; after encryption is completed, uploading the ciphertext to a cloud service provider for storage;
after receiving the request, the cloud service provider uses the proxy key of the user stored in the cloud end to partially decrypt the file and sends the partially decrypted ciphertext to the user; after receiving the ciphertext, the user decrypts the ciphertext by using the private key of the user, and only the user with the attribute meeting the access strategy can successfully decrypt the ciphertext;
when a user is revoked, the data owner sends the identity of the revoked user to the cloud service provider, the cloud service provider searches the proxy key list and deletes the proxy key of the user, and the user cannot decrypt the proxy key to recover the plaintext if the proxy key is lost; when attribute revocation occurs, the data owner needs to re-encrypt the ciphertext, and meanwhile, the authorization center needs to update keys of other non-revoked users in the system; partial work of ciphertext re-encryption and key updating is outsourced to a cloud service provider to be completed.
Further, the initializing specifically includes:
(1) CA initialization, CA firstly selects a system security parameter lambda and an attribute domain U, and then selects three multiplication cyclic groups G with order p1,G2And GT,g1,g2Is G1,G2Bilinear mapping of the generator of (1) as e: G1×G2→GTAnd two hash functions H: {0,1 }are selected*→Zp,F:GT→Zp. CA selects a random number a E ZpAnd finally generating a global public parameter:
the CA issues a globally unique identity aid for each legal authorization center in the system and issues a globally unique identity uid for each legal user;
(2) AA initialization, AAaidThe managed attribute set is defined asThe associated set of rights issuer is defined as IA;AAaidFirst, two random numbers alpha are selectedaid,βaid∈ZpFor attribute setsEach attribute x in (2)k,AAaidAll randomly select a unique version number vkAt the mostThe post-calculation attribute public key, the authorization center public key and the authorization center private key are as follows:
further, the step of the authorization center allocating the attribute set to the user and generating the key required for decryption specifically includes:
(1)AAaidfirstly, each legal user is assigned with a corresponding attribute set Suid,aidThen a globally unique random number z is selected for each useruid∈ZpAs the user private key, the agent key and the user private key of the user are calculated as follows:
SKuid=zuid;
(2) generated proxy key PxKuid,aidWill be sent to the cloud facilitator store, which executes LPxK=LPxK∪{uid,PxKuid,aidAdding the proxy key of the user to a proxy key list LPxKIn, user private key SKuidThen the data is sent to the corresponding user and is stored by the user.
Further, encrypting the file by the data owner specifically includes:
(1) the cloud service provider firstly selects a random number s' belonging to ZpFor i e {1, …, l }, λ is randomly choseni′,γi′∈ZpThe ciphertext is computed as follows:
outputting partially encrypted ciphertext CTout={s′,C0,(Ci,1,Ci,2,λi′,γi′)i∈{1,…,l}};
(2) Data owner receives CToutThen, whether the result is correct or not is verified, and first, the result is checkedWhether the result is true or not; if the result is not true, directly outputting b to be 0, and representing that the result of the outsourcing calculation is not correct; otherwise, for i ∈ {1, …, l }, the data owner calculates:
ti=(aλi′-vρ(i)·γi-H(ρ(i))·γi)modp;
then, a security parameter r is selected, and s is randomly selected1,…,sl∈{0,1}rAnd calculating:
if it is notThe output b is 1, which indicates that the calculation result is correct; otherwise, the output b is equal to 0, which indicates that the result is wrong;
(3) data owner verifies CToutIf the result is correct, the rest of encryption operations are continuously completed, wherein A represents an l multiplied by n matrix, and l is the total number of the attributes; the function rho maps each row of the matrix into an attribute, and the data owner first selects a secret random number s ∈ ZpAnd a random vectorWherein, y2,…,ynIs used to share s. For i ∈ {1, …, l }, calculateAiRepresents the ith row of matrix A; then, γ is randomly selected again1,γ2,…,γl∈ZpAnd computes the ciphertext as follows:
wherein, C', Ci,3,Ci,4For correcting s, λi,γi。CvFor verifying the result of the outsource decryption; finally, the complete ciphertext CT is output as { C, C', C0,(Ci,1,Ci,2,Ci,3,Ci,4)i∈{1,…,l},Cv,(A,ρ)}。
Further, the step of sending the file access request to the cloud service provider by the user specifically includes:
(1) when a user sends a file access request, a cloud service provider firstly checks whether an attribute set of the user accords with an access structure; if his attributes satisfy the access structure, a set of constants w can be foundi∈ZpSo thatWhere I ═ {1, …, l }, the partially decrypted ciphertext is then computed as follows:
after decryption succeeds, sending the partially decrypted ciphertext CT' to a user;
(2) after receiving the partially decrypted ciphertext CT' from the cloud service provider, the user verifies whether the calculation result is correct; user only needs to calculateWhether the result is true or not; if yes, the output b is equal to 1, and the calculation result is correct; otherwise, outputting b-0 to indicate that the cloud service provider returns an error result;
(3) after the user verifies that the CT' is correct, the user uses the private key SK of the useruidThe plaintext can be recovered, calculated as follows:
further, revoking some users or some attributes in the system specifically includes:
(1) when the user revocation happens, the data owner sends the identity uid of the revoked user to the cloud service provider, and after receiving the user revocation information, the cloud service provider searches the agent key list LPxKAnd deletes the proxy key corresponding to the uid, and then updates the proxy key list to L'PxK;
(2) When attribute revocation occurs, the data owner needs to re-encrypt the ciphertext and the authorization center needs to update the keys of other non-revoked users;
firstly, the authorization center generates some key updating materials to prepare for the subsequent key updating; the uid represents the identity of all other non-revoked users, and the associated rights issuer first generates a new attribute version numberCalculate a version update key ofReuse it for all owned propertiesThe non-revoked user computing agent updates the key toAAaidUpdating the attribute public key for the revoked attribute toAnd broadcasting a message to data owners in the system so that they can receive the updated attribute public key;will be sent to the cloud service to update proxy key PxKuid,aid,Will be sent to the data owner;
cloud service provider receives proxy update keyThen, all owned properties will beNon-revoked user of (2) updates the corresponding proxy keyProxy key PxKuid,aidWill be updated as:
the data owner receives the version update keyThereafter, the ciphertext update key is calculated asAnd sending the encrypted ciphertext to a cloud service provider for re-encrypting the ciphertext;
the cloud service provider updates the key after receiving the ciphertextThen, the corresponding ciphertext is updated toThe re-encrypted ciphertext will be published as follows:
another object of the present invention is to provide a cloud server applying the method for supporting revocation of outsource verifiable multi-authority access control.
In summary, the advantages and positive effects of the invention are:the invention considers the application scene of multiple authorization centers, avoids the problems of single point failure and system bottleneck brought by a single authorization center, enriches the attribute domain of the user, improves the efficiency of the system and better meets the actual application requirements. According to the invention, calculation outsourcing is introduced, and most of calculation of encryption and decryption can be outsourced to a cloud service provider to be completed, so that the calculation overhead of data owner encryption and user decryption is greatly reduced, and the access efficiency of the system is improved.
According to the invention, a corresponding outsourcing calculation verification scheme is adopted, and once a cloud service provider returns an error result, a user can immediately perceive the error result by running a corresponding verification algorithm, so that the correctness of a subsequent calculation result can be ensured. In the user revocation process, the work of ciphertext re-encryption and key updating does not need to be finished, and a data owner only needs to enable a cloud service provider to delete the proxy key stored in the cloud end of the revoked user; in the attribute revocation process, most of updating and re-encryption calculation is outsourced to a cloud service provider, and a user only needs to complete a small amount of calculation.
The invention introduces the global authentication center CA, can distribute globally unique identity identifications aid and uid for all authorization centers and users in the system respectively, and only the private key belonging to the same uid can be used for decryption, thereby avoiding collusion attack among users.
Drawings
Fig. 1 is a flowchart of a method for supporting revocation of outsourced verifiable multi-authority access control according to an embodiment of the present invention.
Fig. 2 is a flowchart of an implementation of a method for supporting revocation of outsourced verifiable multi-authority access control according to an embodiment of the present invention.
Fig. 3 is a sub-flowchart of a user accessing data according to an embodiment of the present invention.
Fig. 4 is a sub-flow diagram of revocation as provided by an embodiment of the present invention.
Fig. 5 is a time-simulated graph of encryption consumption provided by an embodiment of the present invention.
Fig. 6 is a graph of a time simulation of decryption consumption provided by an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention is applied to a method for supporting revocation outsourcing and verifying multi-authorization-center access control in cloud storage, so as to ensure the security of private data of users, reduce the calculation overhead of the users and dynamically manage the authority of the users in a system.
As shown in fig. 1, the method for supporting revocation of outsourced verifiable multi-authorization-center access control provided by the embodiment of the present invention includes the following steps:
s101: system initialization, including the initialization of a global Certificate Authority (CA) and other authorization centers (AA);
s102: the authorization center distributes an attribute set for the user and generates a key required by decryption for the user;
s103: encrypting the file by the data owner, wherein the encryption process comprises outsourcing encryption, verification of an outsourcing result and final encryption of the data owner;
s104: a user sends a file access request to a cloud service provider, and the process comprises outsourcing decryption by the cloud service provider, verifying an outsourcing result and finally decrypting the user;
s105: certain users or certain attributes in the system are revoked.
The application of the principles of the present invention will now be described in further detail with reference to the accompanying drawings.
As shown in fig. 2, the method for supporting revocation of outsource and authentication of access control of multiple authorization centers provided by the embodiment of the present invention specifically includes the following steps:
step 1: and (5) initializing the system.
1.1) CA initialization. CA firstly selects a system security parameter lambda and an attribute domain U, and then selects three multiplication cyclic groups G with order p1,G2And GT,g1,g2Is G1,G2Bilinear mapping of the generator of (1) as e: G1×G2→GTAnd two hash functions H: {0,1 }are selected*→Zp,F:GT→Zp. CA selects a random number a E ZpAnd finally generating a global public parameter:
in addition, all authorities and users need to register with the CA in order to verify their legitimate identities. The CA issues a globally unique identity aid for each legal authorization center in the system and issues a globally unique identity uid for each legal user;
1.2) AA initialization. AAaidThe managed attribute set is defined asThe associated set of rights issuer is defined as IA。AAaidFirst, two random numbers alpha are selectedaid,βaid∈ZpFor attribute setsEach attribute x in (2)k,AAaidAll randomly select a unique version number vkAnd finally, calculating the attribute public key, the authorization center public key and the authorization center private key as follows:
step 2: the authorization center assigns a set of attributes to the user and generates the keys required for decryption for it.
2.1)AAaidFirstly, each legal user is assigned with a corresponding attribute set Suid,aidThen a globally unique random number z is selected for each useruid∈ZpAs the user private key. Then, the agent key and the user private key of the user are calculated as follows:
SKuid=zuid;
2.2) generated proxy Key PxKuid,aidWill be sent to the cloud facilitator store, which executes LPxK=LPxK∪{uid,PxKuid,aidAdding the proxy key of the user to a proxy key list LPxKIn (1). User private key SKuidThen the data is sent to the corresponding user and is stored by the user.
And step 3: the data owner encrypts the file.
3.1) the cloud service provider first selects a random number s' epsilon Zpλ 'is randomly chosen for i ∈ {1, …, l }, all'i,γ′i∈ZpThe ciphertext is computed as follows:
then, the partially encrypted ciphertext CT is outputout={s′,C0,(Ci,1,Ci,2,λ′i,γ′i)i∈{1,…,l}}。
3.2) data owner receives CToutThereafter, it will be verified whether the result is correct. First, checkWhether or not this is true. If not, the direct output b is equal to 0, which represents that the result of the outsourcing calculation is not correct. Otherwise, for i ∈ {1, …, l }, the data owner calculates:
ti=(aλi′-vρ(i)·γi-H(ρ(i))·γi)modp;
then, a security parameter r is selected, and s is randomly selected1,…,sl∈{0,1}rAnd calculating:
if it is notThe output b is 1, which indicates that the calculation result is correct. Otherwise, the output b is 0, indicating that the result is erroneous.
3.3) data owner verified CToutIf correct, the rest of the encryption operation will be continued to be completed. Let A denote an l n matrix, l being the total number of attributes. The function p maps each row of the matrix to an attribute. The data owner first selects a secret random number s ∈ ZpAnd a random vectorWherein, y2,…,ynIs used to share s. For i ∈ {1, …, l }, calculateAiRepresenting the ith row of matrix a. Then, γ is randomly selected again1,γ2,…,γl∈ZpAnd computes the ciphertext as follows:
wherein, C', Ci,3,Ci,4For correcting s, λi,γi。CvFor verifying the outcome of the decryption of the outsource. Finally, the complete ciphertext CT is output as { C, C', C0,(Ci,1,Ci,2,Ci,3,Ci,4)i∈{1,…,l},Cv,(A,ρ)}。
And 4, step 4: and the user sends a file access request to the cloud service provider.
As shown in fig. 3, this step is specifically implemented as follows:
4.1) when a user makes a file access request, the cloud facilitator first checks whether his set of attributes conforms to the access structure. If his properties satisfy the access structure, a set of constants w can be foundi∈ZpSo thatWhere I ═ {1, …, l }, the partially decrypted ciphertext is then computed as follows:
and after the decryption is successful, sending the partially decrypted ciphertext CT' to the user.
4.2) after the user receives the partially decrypted ciphertext CT' from the cloud service provider, whether the calculation result is correct or not is verified. User only needs to calculateWhether or not this is true. If true, the output b equals 1, indicating a calculationThe result is correct. Otherwise, the output b ═ 0 indicates that the cloud service provider returned an erroneous result.
4.3) after the user verifies that the CT' is correct, only the private key SK of the user is neededuidThe plaintext can be recovered, calculated as follows:
and 5: certain users or certain attributes in the system are revoked.
As shown in fig. 4, this step is specifically implemented as follows:
5.1) when the user revocation occurs, the data owner sends the identity uid of the revoked user to the cloud service provider, and the cloud service provider searches the agent key list L after receiving the user revocation informationPxKAnd deletes the proxy key corresponding to the uid, and then updates the proxy key list to L'PxK。
5.2) when attribute revocation occurs, the data owner needs to re-encrypt the ciphertext and the authorization center needs to update the keys of other non-revoked users.
5.21) the rights issuer will first generate some keying material in preparation for later key updates. Where the uid is to indicate the identity of all other non-revoked users, the associated rights issuer first generates a new attribute version numberThen calculates a version update key ofReuse it for all owned propertiesThe non-revoked user computing agent updates the key toThen, AAaidUpdating the attribute public key for the revoked attribute toAnd broadcasts a message to the data owners in the system so that they can receive the updated attribute public key. Then, the user can use the device to perform the operation,will be sent to the cloud service to update proxy key PxKuid,aid,Will be sent to the data owner.
5.22) cloud service provider receives the proxy update keyThen, all owned properties will beNon-revoked user of (2) updates the corresponding proxy keyProxy key PxKuid,aidWill be updated as:
5.23) data owner receives version update KeyThereafter, the ciphertext update key is calculated asAnd sends it to the cloud service provider for use in re-encrypting the ciphertext.
5.24) cloud service provider receives cipher text updating keyThen, the corresponding ciphertext is updated toThe re-encrypted ciphertext will be published as follows:
the application effect of the present invention will be described in detail with reference to the simulation.
1. Simulation conditions
The simulation environment is as follows: a desktop computer is configured withCPU G630@270GHz 4.00GB RAM, operating system 64 bits Ubuntu 14.04. Based on the Charm tool, the implementation language is Python.
2. Simulation content and result analysis
As shown in fig. 5 and 6, as a result of accessing the data file by using the method of the present invention, it can be seen from fig. 5 that the time consumed by the cloud service provider to outsource encryption is much longer than the time consumed by the data owner to encrypt the data file in the encryption process, and the time consumed by the data owner to encrypt the data file is about 0.05s as the number of attributes increases. Just because most of complex calculations are outsourced to cloud service providers, a data owner only needs to complete a small amount of calculations, and the calculation overhead of the data owner is greatly reduced. In fig. 6, the time consumed for outsourced decryption is much longer than the time consumed for user decryption, and becomes longer as the number of attributes increases, while the time consumed for user decryption is about 0.03s and is almost constant. Similarly, most complex calculations are outsourced to cloud service providers, so that a user only needs to complete simple exponential operation, and the calculation overhead of the user is greatly reduced.
As can be seen from the simulation results, the method can greatly reduce the calculation overhead of users in the system and improve the access efficiency of the system, which is very important in practical application.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (6)
1. An access control method supporting revocation of outsource and capable of being authenticated by multiple authorization centers is characterized by comprising the following steps: initializing a global authentication center CA and other authorization centers AA, distributing corresponding identity identifiers for all authorization centers and users in the system, and generating global public parameters and keys required by encryption; the authorization center distributes an attribute set for the user and generates a key required by decryption; encrypting the file by the data owner; a user sends a file access request to a cloud service provider; revoking certain users or certain attributes in the system;
the encrypting the file by the data owner specifically includes:
(1) the cloud service provider firstly selects a random number s' belonging to Zpλ 'is randomly chosen for i ∈ {1, …, l }, all'i,γ′i∈ZpThe ciphertext is computed as follows:
outputting partially encrypted ciphertext CTout={s′,C0,(Ci,1,Ci,2,λ′i,γ′i)i∈{1,…,l}};
(2) Data owner receives CToutThen, whether the result is correct or not is verified, and first, the result is checkedWhether the result is true or not; if the result is not true, directly outputting b to be 0, and representing that the result of the outsourcing calculation is not correct; otherwise, for i ∈ {1, …, l }, the data owner calculates:
ti=(aλ′i-vρ(i)·γi-H(ρ(i))·γi)mod p;
then, a security parameter r is selected, and s is randomly selected1,…,sl∈{0,1}rAnd calculating:
if it is notThe output b is 1, which indicates that the calculation result is correct; otherwise, the output b is equal to 0, which indicates that the result is wrong;
(3) data owner verifies CToutIf the result is correct, the rest of encryption operations are continuously completed, wherein A represents an l multiplied by n matrix, and l is the total number of the attributes; the function rho maps each row of the matrix into an attribute, and the data owner first selects a secret random number s ∈ ZpAnd a random vectorWherein, y2,…,ynIs used to share s; for i ∈ {1, …, l }, calculateAiRepresents the ith row of matrix A; then, γ is randomly selected again1,γ2,…,γl∈ZpAnd computes the ciphertext as follows:
wherein, C', Ci,3,Ci,4For correcting s, λi,γi;CvFor verifying the result of the outsource decryption; finally, the complete ciphertext CT is output as { C, C', C0,(Ci,1,Ci,2,Ci,3,Ci,4)i∈{1,…,l},Cv,(A,ρ)}。
2. The method of supporting revocation of outsourced verifiable multi-authority access control of claim 1, wherein said key comprises: the agent key which is stored in the cloud end and used for completing partial decryption and the user private key which is kept by the user and used for completing final decryption;
the encryption process comprises the steps that a cloud service provider conducts partial encryption calculation, a generated ciphertext is sent to a data owner, and the data owner completes final encryption; after encryption is completed, uploading the ciphertext to a cloud service provider for storage;
after receiving the request, the cloud service provider uses the proxy key of the user stored in the cloud end to partially decrypt the file and sends the partially decrypted ciphertext to the user; after receiving the ciphertext, the user decrypts the ciphertext by using the private key of the user, and only the user with the attribute meeting the access strategy can successfully decrypt the ciphertext;
when a user is revoked, the data owner sends the identity of the revoked user to the cloud service provider, the cloud service provider searches the proxy key list and deletes the proxy key of the user, and the user cannot decrypt the proxy key to recover the plaintext if the proxy key is lost; when attribute revocation occurs, the data owner needs to re-encrypt the ciphertext, and meanwhile, the authorization center needs to update keys of other non-revoked users in the system; partial work of ciphertext re-encryption and key updating is outsourced to a cloud service provider to be completed.
3. The method of claim 2, wherein the initializing specifically comprises:
(1) CA initialization, CA firstly selects a system security parameter lambda and an attribute domain U, and then selects three multiplication cyclic groups G with order p1,G2And GT,g1,g2Is G1,G2Bilinear mapping of the generator of (1) as e: G1×G2→GTAnd two hash functions H: {0,1 }are selected*→Zp,F:GT→Zp(ii) a CA selects a random number a E ZpAnd finally generating a global public parameter:
the CA issues a globally unique identity aid for each legal authorization center in the system and issues a globally unique identity uid for each legal user;
(2) AA initialization, AAaidThe managed attribute set is defined asThe associated set of rights issuer is defined as IA;AAaidFirst, two random numbers alpha are selectedaid,βaid∈ZpFor attribute setsEach attribute x in (2)k,AAaidAll randomly select a unique version number vkAnd finally, calculating the attribute public key, the authorization center public key and the authorization center private key as follows:
4. the method of claim 3, wherein the authorization center assigns a set of attributes to the user and generates the key required for decryption, and further comprising:
(1)AAaidfirstly, each legal user is assigned with a corresponding attribute set Suid,aidThen a globally unique random number z is selected for each useruid∈ZpAs the user private key, the agent key and the user private key of the user are calculated as follows:
SKuid=zuid;
(2) generated proxy key PxKuid,aidWill be sent to the cloud facilitator store, which executes LPxK=LPxK∪{uid,PxKuid,aidAdding the proxy key of the user to a proxy key list LPxKIn, user private key SKuidThen the data is sent to the corresponding user and is stored by the user.
5. The method for supporting revocation of outsourced verifiable multi-authority access control as claimed in claim 4, wherein the step of the user issuing the file access request to the cloud service provider specifically comprises:
(1) when a user sends a file access request, a cloud service provider firstly checks whether an attribute set of the user accords with an access structure; if his attributes satisfy the access structure, a set of constants w can be foundi∈ZpSo thatWhere I ═ {1, …, l }, the partially decrypted ciphertext is then computed as follows:
after decryption succeeds, sending the partially decrypted ciphertext CT' to a user;
(2) after receiving the partially decrypted ciphertext CT' from the cloud service provider, the user verifies whether the calculation result is correct; user only needs to calculateWhether the result is true or not; if yes, the output b is equal to 1, and the calculation result is correct; otherwise, outputting b-0 to indicate that the cloud service provider returns an error result;
(3) after the user verifies that the CT' is correct, the user uses the private key SK of the useruidThe plaintext can be recovered, calculated as follows:
6. the method for supporting revocation outsourcing verifiable multi-authority access control according to claim 5, wherein revoking certain users or certain attributes in the system specifically includes:
(1) when the user revocation happens, the data owner sends the identity uid of the revoked user to the cloud service provider, and after receiving the user revocation information, the cloud service provider searches the agent key list LPxKAnd deletes the proxy key corresponding to the uid, and then updates the proxy key list to L'PxK;
(2) When attribute revocation occurs, the data owner needs to re-encrypt the ciphertext and the authorization center needs to update the keys of other non-revoked users;
firstly, the authorization center generates some key updating materials to prepare for the subsequent key updating; the uid represents the identity of all other non-revoked users, and the associated rights issuer first generates a new attribute version numberCalculate a version update key ofReuse it for all owned propertiesThe non-revoked user computing agent updates the key toAAaidUpdating the attribute public key for the revoked attribute toAnd broadcasting a message to data owners in the system so that they can receive the updated attribute public key;will be sent to the cloud service to update proxy key PxKuid,aid,Will be sent to the data owner;
cloud service provider receives proxy update keyThen, all owned properties will beNon-revoked user of (2) updates the corresponding proxy keyProxy key PxKuid,aidWill be updated as:
the data owner receives the version update keyThereafter, the ciphertext update key is calculated asAnd sending the encrypted ciphertext to a cloud service provider for re-encrypting the ciphertext;
the cloud service provider updates the key after receiving the ciphertextThen, the corresponding ciphertext is updated toThe re-encrypted ciphertext will be published as follows:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810149575.8A CN108390876B (en) | 2018-02-13 | 2018-02-13 | Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810149575.8A CN108390876B (en) | 2018-02-13 | 2018-02-13 | Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108390876A CN108390876A (en) | 2018-08-10 |
CN108390876B true CN108390876B (en) | 2021-12-14 |
Family
ID=63069620
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810149575.8A Active CN108390876B (en) | 2018-02-13 | 2018-02-13 | Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108390876B (en) |
Families Citing this family (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109547413B (en) * | 2018-10-23 | 2021-04-27 | 莆田学院 | Access control method of convertible data cloud storage with data source authentication |
CN109768858B (en) * | 2018-12-26 | 2022-03-08 | 西安电子科技大学 | Multi-authorization-based attribute encryption access control system in cloud environment and design method |
CN109831430B (en) * | 2019-01-30 | 2020-05-22 | 中国科学院信息工程研究所 | Safe, controllable and efficient data sharing method and system under cloud computing environment |
CN109981263B (en) * | 2019-02-28 | 2021-10-26 | 复旦大学 | Distributed verifiable random number generation method based on CP-ABE |
CN109981601A (en) * | 2019-03-06 | 2019-07-05 | 南京信息工程大学 | Business administration common data under cloud environment based on dual factors protects system and method |
CN110099043B (en) * | 2019-03-24 | 2021-09-17 | 西安电子科技大学 | Multi-authorization-center access control method supporting policy hiding and cloud storage system |
CN109981641B (en) * | 2019-03-26 | 2020-10-02 | 北京邮电大学 | Block chain technology-based safe publishing and subscribing system and publishing and subscribing method |
CN110247767B (en) * | 2019-06-28 | 2022-03-29 | 北京工业大学 | Revocable attribute-based outsourcing encryption method in fog calculation |
CN110443069B (en) * | 2019-08-06 | 2023-07-25 | 广东工业大学 | Method, system and equipment for protecting privacy of mobile social network |
CN110602063A (en) * | 2019-08-27 | 2019-12-20 | 西安电子科技大学 | Multi-authorization-center access control method and system and cloud storage system |
CN110636500B (en) * | 2019-08-27 | 2022-04-05 | 西安电子科技大学 | Access control system and method supporting cross-domain data sharing and wireless communication system |
CN111130767A (en) * | 2019-11-30 | 2020-05-08 | 西安电子科技大学 | Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking |
CN111181719B (en) * | 2019-12-30 | 2022-05-27 | 山东师范大学 | Hierarchical access control method and system based on attribute encryption in cloud environment |
CN111241561B (en) * | 2020-01-10 | 2022-05-03 | 福州大学 | User certifiable outsourcing image denoising method based on privacy protection |
CN111447200B (en) * | 2020-03-24 | 2022-03-08 | 湖南兴天电子科技有限公司 | Data processing method, device, system, electronic equipment and storage medium |
CN111698083A (en) * | 2020-06-03 | 2020-09-22 | 湖南大学 | Attribute-based encryption method capable of outsourcing multiple authorization centers |
CN111917721B (en) * | 2020-06-28 | 2022-04-05 | 石家庄铁道大学 | Attribute encryption method based on block chain |
CN111901320B (en) * | 2020-07-16 | 2021-05-11 | 西南交通大学 | Attribute revocation CP-ABE-based encryption method and system for resisting key forgery attack |
CN112187777A (en) * | 2020-09-24 | 2021-01-05 | 深圳市赛为智能股份有限公司 | Intelligent traffic sensing data encryption method and device, computer equipment and storage medium |
CN114362924A (en) * | 2020-09-29 | 2022-04-15 | 湖南大学 | CP-ABE-based system and method for supporting flexible revocation and verifiable ciphertext authorization |
CN112565223B (en) * | 2020-11-27 | 2022-11-04 | 东莞职业技术学院 | Internet of things-oriented attribute encryption access control method and system and storage medium |
CN112564903B (en) * | 2020-12-08 | 2022-06-14 | 西安电子科技大学 | Decentering access control method for data security sharing in smart power grid |
CN113079177B (en) * | 2021-04-15 | 2022-05-31 | 河南大学 | Remote sensing data sharing method based on time and decryption frequency limitation |
CN113489683B (en) * | 2021-06-11 | 2023-05-16 | 东莞职业技术学院 | Anti-misuse key decentralization attribute-based encryption method, system and storage medium |
CN113411323B (en) * | 2021-06-16 | 2022-09-30 | 上海应用技术大学 | Medical record data access control system and method based on attribute encryption |
CN113489732B (en) * | 2021-07-13 | 2023-07-04 | 郑州轻工业大学 | Content sharing privacy protection method for resisting collusion attack |
CN113486384B (en) * | 2021-07-28 | 2023-03-28 | 抖音视界有限公司 | Key updating method, device, multi-attribute authority management system, equipment and medium |
CN113438254B (en) * | 2021-08-24 | 2021-11-05 | 北京金睛云华科技有限公司 | Distributed classification method and system for ciphertext data in cloud environment |
CN114944915B (en) * | 2022-06-10 | 2023-03-10 | 敏于行(北京)科技有限公司 | Threshold proxy re-encryption method and related device for non-interactive dynamic proxy |
CN115834130A (en) * | 2022-10-25 | 2023-03-21 | 西安电子科技大学 | Attribute-based encryption method for realizing partial strategy hiding |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103618728A (en) * | 2013-12-04 | 2014-03-05 | 南京邮电大学 | Attribute-based encryption method for multiple authority centers |
CN104486315A (en) * | 2014-12-08 | 2015-04-01 | 北京航空航天大学 | Revocable key external package decryption method based on content attributes |
CN104901942A (en) * | 2015-03-10 | 2015-09-09 | 重庆邮电大学 | Distributed access control method for attribute-based encryption |
WO2018006715A1 (en) * | 2016-07-05 | 2018-01-11 | 阿里巴巴集团控股有限公司 | Authority revoking method and device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
BR112015003216A2 (en) * | 2012-08-17 | 2017-07-04 | Koninklijke Philips Nv | attribute based encryption system; communication system; key generator for use in the system; and attribute-based encryption method |
-
2018
- 2018-02-13 CN CN201810149575.8A patent/CN108390876B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103618728A (en) * | 2013-12-04 | 2014-03-05 | 南京邮电大学 | Attribute-based encryption method for multiple authority centers |
CN104486315A (en) * | 2014-12-08 | 2015-04-01 | 北京航空航天大学 | Revocable key external package decryption method based on content attributes |
CN104901942A (en) * | 2015-03-10 | 2015-09-09 | 重庆邮电大学 | Distributed access control method for attribute-based encryption |
WO2018006715A1 (en) * | 2016-07-05 | 2018-01-11 | 阿里巴巴集团控股有限公司 | Authority revoking method and device |
Non-Patent Citations (2)
Title |
---|
Comments on "Verifiable and Exculpable Outsourced Attribute-Based Encryption for Access Control in Cloud Computing";Hu Xiong 等;《 IEEE Transactions on Dependable and Secure Computing》;20170707;全文 * |
面向云存储的基于属性加密的多授权中心访问控制方案;关志有 等;《通信学报》;20150625;第36卷(第6期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN108390876A (en) | 2018-08-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108390876B (en) | Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server | |
CN108810004B (en) | Agent-based revocable multi-authorization-center access control method and cloud storage system | |
CN110099043B (en) | Multi-authorization-center access control method supporting policy hiding and cloud storage system | |
CN108833393B (en) | Revocable data sharing method based on fog computing | |
US7454021B2 (en) | Off-loading data re-encryption in encrypted data management systems | |
Xu et al. | Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage | |
CN110602063A (en) | Multi-authorization-center access control method and system and cloud storage system | |
US20060129847A1 (en) | Methods and systems for providing a secure data distribution via public networks | |
Horng et al. | An identity-based and revocable data-sharing scheme in VANETs | |
CN114039790B (en) | Fine-grained cloud storage security access control method based on blockchain | |
CN111163036B (en) | Data sharing method, device, client, storage medium and system | |
CN112671535B (en) | Multi-center revocable key strategy attribute-based encryption method and device and storage medium | |
Sumathi et al. | A group-key-based sensitive attribute protection in cloud storage using modified random Fibonacci cryptography | |
Kim et al. | A cryptographically enforced access control with a flexible user revocation on untrusted cloud storage | |
Liu et al. | Dynamic attribute-based access control in cloud storage systems | |
Fugkeaw | Enabling trust and privacy-preserving e-KYC system using blockchain | |
Chaudhary et al. | RMA-CPABE: A multi-authority CPABE scheme with reduced ciphertext size for IoT devices | |
Fugkeaw | A lightweight policy update scheme for outsourced personal health records sharing | |
CN109587115B (en) | Safe distribution and use method of data files | |
CN113194089B (en) | Attribute-based encryption method for ciphertext strategy supporting attribute revocation | |
Sandhia et al. | Secure sharing of data in cloud using MA-CPABE with elliptic curve cryptography | |
CN113360944A (en) | Dynamic access control system and method for power internet of things | |
CN113132097B (en) | Lightweight certificateless cross-domain authentication method, system and application suitable for Internet of things | |
Swetha et al. | Security on mobile cloud computing using cipher text policy and attribute based encryption scheme | |
Dhal et al. | RACC: An efficient and revocable fine grained access control model for cloud storage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |