CN108632030B - CP-ABE-based fine-grained access control method - Google Patents

CP-ABE-based fine-grained access control method Download PDF

Info

Publication number
CN108632030B
CN108632030B CN201810241576.5A CN201810241576A CN108632030B CN 108632030 B CN108632030 B CN 108632030B CN 201810241576 A CN201810241576 A CN 201810241576A CN 108632030 B CN108632030 B CN 108632030B
Authority
CN
China
Prior art keywords
ciphertext
user
decryption
algorithm
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810241576.5A
Other languages
Chinese (zh)
Other versions
CN108632030A (en
Inventor
李凯
孙伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Wuyi Information Technology Co ltd
Original Assignee
National Sun Yat Sen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Sun Yat Sen University filed Critical National Sun Yat Sen University
Priority to CN201810241576.5A priority Critical patent/CN108632030B/en
Publication of CN108632030A publication Critical patent/CN108632030A/en
Application granted granted Critical
Publication of CN108632030B publication Critical patent/CN108632030B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a CP-ABE-based efficient and safe fine-grained access control method, which relates to data safe storage and fine-grained access control in a cloud environment and is characterized in that an outsourcing strategy is adopted to reduce local computation and communication resource consumption, access structure updating and user attribute revocation in a ciphertext state are supported, data are always in a blinding state for a server in the scheme operation process, the data safety is protected while computing resources by the server, the data master right is clarified, and hidden operation of the server is prevented.

Description

CP-ABE-based fine-grained access control method
Technical Field
The invention relates to the field of data access control in a cloud environment, in particular to a fine-grained access control method based on CP-ABE.
Background
Currently, data becomes the most valuable asset for individuals and enterprises, and the data assets and their management capabilities will determine the success or failure of enterprise competition and become the key for individual development. However, in big data and cloud computing environments, when personal data is stored remotely, where the stored data will be used, by whom it is not user-resolvable, data owners lose absolute control over their data, especially sensitive data, and problems with privacy disclosure and ownership of the data occur.
The user needs to make clear the data ownership, can determine the destination of the data and implement a fine-grained access control strategy on the data. Research shows that ciphertext policy attribute based encryption (CP-ABE) proposed in recent years realizes fine-grained access control on data thereof in a mode that a data owner formulates an access control policy, so that the data ownership can be well defined, the CP-ABE can realize encryption for all parties at one time instead of encryption for all parties at each time, only users meeting an access control structure attribute set can access the data, and the method has the characteristic of rich expression and can implement fine-grained access control on the encrypted data.
However, the CP-ABE method has the problems that in the operation process, the server can steal user data, the access control policy is difficult to update, the attribute revocation is difficult, and in the local encryption and decryption process, a large amount of computing and communication resources are consumed, so that the CP-ABE method is difficult to effectively work in small-scale micro devices and mobile devices.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a fine-grained access control method based on CP-ABE.
In order to solve the problems, the technical scheme provided by the invention is as follows:
a fine grain access control method based on CP-ABE comprises the following steps:
s1, initializing a system and generating parameters, wherein a trusted center TA runs a Setup (K) algorithm to initialize the system and generate the parameters, and the algorithm takes a security parameter K as input to generate a system public key Pk and a master key Mk;
s2, generating a private key, wherein the trusted center TA runs a KeyGen (Pk, Mk, A) algorithm, and generates a private key Sk for the user according to the user attribute set;
s3, encrypting data, wherein the trusted center TA runs an Encrypt (Pk, M, T) algorithm, encrypts the data for the data ciphertext M according to an access control strategy T formulated by a user, and generates a ciphertext CT with the access control strategy;
s4, generating a re-encryption key, wherein a data owner DO operates a ReKeyGen (Pk, T1, Sk) algorithm, and when an access control strategy formulated by a user is updated, a ciphertext re-encryption key Rk is generated for the user according to a user private key;
s5, encrypting the ciphertext, operating a ReEncrypt (Pk, CT, Rk) algorithm by the decryption service DS, and updating the ciphertext in a ciphertext state when an access control strategy formulated by a user is updated to generate a re-encrypted ciphertext CT 1;
s6, dividing a private key, wherein the data requester DR operates a DeyDiv (Pk, Sk) algorithm to divide a user private key to generate a ciphertext conversion private key SRk and a local decryption key Tk;
s7, data decryption, wherein a decryption service DS operates a decryption (Pk, CT, Sk) algorithm, judges whether a private key of a user meets an access control strategy formulated by the user when data are encrypted, decrypts the data for the user, outputs a plaintext M if the private key meets the access control strategy, and otherwise outputs a null;
and S8, attribute revocation, wherein an AttRevoke (CT, Sk) algorithm is operated to update the ciphertext and the private key of the user, when attribute revocation is sent, the private key can be directly updated by the user without revoked attribute, and the user with revoked attribute must request the trusted center TA to update the private key.
In the present invention, the system comprises:
and (3) a user layer: including the data owner and the data requestor. The data owner, namely a data file provider, defines an access control strategy of the data when uploading the data file, and is responsible for maintaining the data; the server determines whether the private key has the decryption authority to determine whether the data file can be used by the data requester.
Calculating a layer: including encryption service and decryption service, has greater computing power. The encryption service provides an encryption function for data and receives a data owner encryption request downward. The decryption service provides a data decryption function and receives requests from data requesters.
A storage layer: the storage service is provided, has larger storage capacity, and receives the storage request of the encryption service and the access request of the decryption service downwards.
The credible center: the trusted center performs system initialization and generates parameters of the system. The connection with the user layer is bidirectional connection, public parameters of a user layer system are provided, and a private key is generated for a user according to a user attribute set of the user layer; and the method is in one-way connection with the computing layer, and only provides system public parameters for the computing layer.
In the present invention, the initialization algorithm Setup (k) is run by the trusted center TA to perform system initialization and parameter generation. The algorithm takes a security parameter K as input and outputs a system master key Mk and a public key Pk, and the algorithm can configure an environment for system operation and generate the security parameter.
The private key generation algorithm KeyGen (Pk, Mk, a) is run by the trust center TA to generate an attribute private key for the user. The method comprises the steps of inputting a user attribute set A, and outputting an attribute private key SK related to the attribute set, wherein the algorithm can generate a unique private key for each legal user.
The encryption algorithm Encrypt (Pk, M, T) is run by the encryption service ES to Encrypt the plaintext. Inputting an access structure T and plaintext information M formulated by a public key Pk and DO, and outputting a ciphertext CT with an access control strategy, wherein the algorithm keeps the data information in a blinding state for a server while encrypting data by utilizing server computing resources.
The re-encryption key generation algorithm ReKeyGen (Pk, T1, Sk) is run by the data owner DO. Inputting the public key Pk, the new access control structure T1, and the user's current private key, the algorithm outputs the key Rk for ciphertext re-encryption, which is capable of generating the key for ciphertext re-encryption.
The re-encryption algorithm ReEncrypt (Pk, CT, Rk) is run by the decryption service DS. The algorithm takes the re-encryption key RK, the public key PK and the original ciphertext CT as output and outputs a re-encryption ciphertext CT 1. When the access structure is updated, the ciphertext encrypted under the access structure T may be directly converted into the ciphertext encrypted under the new access control structure T1.
The private key division algorithm KeyDiv (Pk, Sk) is executed by the user. The algorithm takes the public key Pk and the user private key Sk as input, outputs a ciphertext conversion key SRk and a local decryption key Tk related to the private key Sk, can split the private key, and ensures that the server cannot acquire the user private key.
The decryption algorithm Decrypt (Pk, CT, SK) is run by the decryption service DS to Decrypt the ciphertext. The algorithm takes a public key Pk, a ciphertext CT and a user private key SK as input, if the user private key meets the requirement of a ciphertext access control structure, plaintext information M is output, otherwise, the output is null, and in the decryption process, the algorithm utilizes server computing resources and can still keep the blinding state of data information to a server.
The attribute revocation algorithm AttrRevoke (CT, Sk) is used to update the ciphertext and the user private key when attribute revocation occurs. The algorithm takes a ciphertext CT and a user private key as input, outputs an updated ciphertext and the user private key { CT ', Sk' }, and can update the system in time when the attribute revocation occurs, so that the data security is ensured.
Further, the step S1 specifically includes:
s11, initializing a system and selecting a cyclic group
Figure GDA0002684155130000031
Wherein the circulating group
Figure GDA0002684155130000032
Is a prime number P, and the generators are g1,g2Setting up a bilinear map
Figure GDA0002684155130000033
And selecting a hash function
Figure GDA0002684155130000041
S12, generating parameters, and running a Setup (k) algorithm by the trusted center TA, wherein the algorithm selects two safety parameters alpha, beta belonging to Z randomlyp,ZpGenerating the public key and the master key parameter of the system for the integer group with the order of p,
master key MK ═ β, g1 α) And is reserved for the credible center TA,
public key
Figure GDA0002684155130000042
And distributed to system participants.
Further, the step S2 specifically includes:
the trusted center TA runs the KeyGen (Pk, Mk, A) algorithm, and the algorithm randomly selects r to be ZpLet the attribute set of the user be A, and for each attribute i ∈ A, randomly select ri∈ZpAnd a private key Sk is generated, the private key Sk is generated,
Figure GDA0002684155130000043
further, the step S3 specifically includes:
s31, the trusted center TA runs Encrypt (Pk, M, T) algorithm, and the data owner DO formulates an access structure T as T in the form of an access treeDO+TESWherein T isDoAccess structure, T, for user independent controlESIs an access control policy handled for the server, LDOAnd LESTo representTDOAnd TESSet of leaf nodes of, LTRepresenting a leaf node set of the access tree T, and adopting a sharer secret sharing scheme during encryption; for any node x in the access tree, its shared secret is qx(0)。
S32, the data owner DO randomly selects a1 st order polynomial q (x), calculates s as q (0), s1 as q (1), and s2 as q (2);
s33, the encryption service ES receives s1, T sent by the data owner DOESAnd calculate with s1 as the shared secret
Figure GDA0002684155130000044
S34, the data owner DO takes s2 as a shared secret to calculate
Figure GDA0002684155130000045
Figure GDA0002684155130000046
And C ═ Me (g) is calculated for plaintext M and s ═ q (0)1,g2)αsAnd C ═ hs
S35, the encryption service ES receives information (CT) sent by a data owner DODOC, C', joint CTESAnd (3) calculating a ciphertext:
Figure GDA0002684155130000047
Figure GDA0002684155130000048
s36, the encryption service ES sends the CT to a storage service, and the storage service stores the ciphertext information into a database.
Further, the step S4 specifically includes:
s41, the data owner DO runs a ReKeyGen (Pk, T1, Sk) algorithm, and the DO randomly selects theta epsilon to ZpUpdate the private key to
Figure GDA0002684155130000051
S42.DO calculation
Figure GDA0002684155130000052
Figure GDA0002684155130000053
S43.DO combines two parts of information to calculate a re-encryption key RK:
Figure GDA0002684155130000054
Figure GDA0002684155130000055
further, the step S5 specifically includes:
s51, the decryption service DS runs a ReEncrypt (Pk, CT, Rk) algorithm to the original ciphertext
Figure GDA0002684155130000056
Performing recursive decryption and calculation
Figure GDA0002684155130000057
Wherein y is a leaf node in the access tree;
s52 recursively decrypts the non-leaf node x in the access tree, computing:
Figure GDA0002684155130000058
for the root node r, there is a ═ Fr=e(g1,g2)rs
S53.DS calculation
Figure GDA0002684155130000059
S54, data owner DO receives information { A, B } calculation sent by DS
Figure GDA0002684155130000061
Figure GDA0002684155130000062
S55, calculating a re-encrypted ciphertext CT 1:
Figure GDA0002684155130000063
Figure GDA0002684155130000064
and S56, the user DO uploads the re-encrypted ciphertext CT1 to a decryption service, the decryption service further uploads the CT1 to a storage service, the CT is stored in the storage server, and the original ciphertext is updated to be the re-encrypted ciphertext.
Further, the step S6 specifically includes:
s61, the data requester DR runs KeyDiv (Pk, Sk) algorithm, and the DR randomly selects t e to ZpIn association with its private key
Figure GDA0002684155130000065
Calculating K ═ gt(α+r)/
S62.DR calculation ciphertext conversion key
Figure GDA0002684155130000066
Figure GDA0002684155130000067
Sending to a decryption service DS;
and S63, the DR calculates and stores the local decryption key Tk as t.
Further, the step S7 specifically includes:
s701, the decryption service DS operates a decryption (Pk, CT, SK) algorithm, and for ciphertext and DS, recursive decryption and calculation are carried out
Figure GDA0002684155130000068
Figure GDA0002684155130000069
Where y is a leaf node in the access tree, if
Figure GDA00026841551300000610
FyThe output is null;
s702, carrying out recursive decryption and calculation on non-leaf nodes x in the access tree
Figure GDA00026841551300000611
Figure GDA00026841551300000612
Further, the step S7 further includes:
when the ciphertext is the original ciphertext, the decryption process is as follows:
s711. in this case, A ═ Fr=e(g1,g2)rs
S712, calculating:
B=e(C′,K′)=e(hs,g1 t(α+r)/β)=e(g2 βs,g1 t(α+r)/β)=e(g1,g2)t(α+r)×s
s713, the data requester DR receives the information,
{A,B,C}={e(g1,g2)rs,e(g1,g2)t(α+r)×s,Me(g1,g2)αs};
s714.dr uses Tk ═ t to perform local decryption, and calculates B ═ B1/Tk=e(g1,g2)(α+r)×s
S715.DR carries out final decryption to obtain a data plaintext M:
Figure GDA0002684155130000079
when the ciphertext is the ciphertext with the updated access structure, the decryption process is as follows:
s721, wherein A is Fr=e(g1,g2)
S722, calculating:
Figure GDA0002684155130000071
s723. the data requester DR receives the information,
Figure GDA0002684155130000072
Figure GDA0002684155130000073
s724.DR uses Tk-t to decipher locally, and calculates B-B1/Tk==e(g1,g2)(α+r)λ
S725.dr requests decryption C' h from the trusted centersCalculating NewC ═ C'1/β=(hs)1/β=g2 s
S726.DR carries out final decryption, and data plaintext M is obtained:
Figure GDA0002684155130000074
further, in the step S8, when the attribute parameter is sent, the AttrRevoke (CT, Sk) algorithm is executed, and the algorithm execution process includes:
s81, the credible center TA randomly selects r to be Zp
S82, receiving the value of r and updating the ciphertext by the encryption service ES
Figure GDA0002684155130000075
Figure GDA0002684155130000076
S83, the users without the revoked attribute receive the r value of the credible center and update the private key
Figure GDA0002684155130000077
Figure GDA0002684155130000078
S84. the user with the revoked attribute can not receive the r value of the credible center, and the user must request the credible center to update the private key and newly calculate the private key of the user
Figure GDA0002684155130000081
Figure GDA0002684155130000082
Where S 'is the user' S updated set of attributes.
Compared with the prior art, the beneficial effects are: the CP-ABE-based fine-grained access control method provided by the invention can effectively solve the problems of user data leakage, difficulty in updating an access control strategy, difficulty in attribute revocation and the like of a server, can simultaneously solve the problem that a large amount of computing and communication resources are consumed in the local encryption and decryption process so that the local encryption and decryption process is difficult to effectively work in small and micro equipment and mobile equipment, realizes fine-grained access control on data, determines the data ownership so as to ensure the legal rights and interests of users, and is safe and efficient.
Drawings
FIG. 1 is a schematic diagram of the method of the present invention.
FIG. 2 is a diagram of a system model according to the present invention.
Fig. 3 is a diagram of an access control scheme of the present invention.
FIG. 4 is a flow chart of parameter generation according to the present invention.
FIG. 5 is a flow chart of the private key generation of the present invention.
FIG. 6 is a flow chart of data encryption generation according to the present invention.
Fig. 7 is a flowchart illustrating ciphertext access structure update according to the present invention.
FIG. 8 is a flowchart illustrating file decryption according to the present invention.
Fig. 9 is a flow chart of attribute revocation in accordance with the present invention.
Detailed Description
As shown in fig. 1 to 3, a fine grain access control method based on CP-ABE includes the following steps:
step 1: system initialization and parameter generation
Mainly configuring the operating environment of the system and generating key parameters required in the operating process of the system, combining the parameter generation flow chart of fig. 4, the trusted center TA starts the system to set and operate the Setup (k) algorithm, and selects the cycle group
Figure GDA0002684155130000083
Wherein the circulating group
Figure GDA0002684155130000084
Is a prime number P, and the generators are g1,g2Setting bilinear mapping e:
Figure GDA0002684155130000085
selecting
Figure GDA0002684155130000086
A hash function of; and two safety parameters alpha, beta belonging to Z randomly selected by the algorithmpOutputting a public key and a master key of the system;
master key MK ═ β, g1 α) Reserved for TA;
public key
Figure GDA0002684155130000087
And distributed to system participants.
Step 2: private key generation
The TA runs the KeyGen (Pk, Mk, a) algorithm to generate a private key for the user and passes the private key to the user over a secure channel. When the private key is generated specifically, in combination with the private key generation flow chart of fig. 5, the algorithm randomly selects r e to ZpLet the attribute set of the user be A, and for each attribute i ∈ A, randomly select ri∈ZpA private key, Sk, is generated and transmitted back to the user over the secure channel, wherein,
Figure GDA0002684155130000091
and step 3: file encryption
An Encrypt (Pk, M, T) encryption algorithm is operated in the file encryption process, and the main purpose is to keep the blinding state of data to a server while utilizing the computing power of the server so as to ensure the data ownership. The algorithm adopts a public key Pk, an access structure T and plaintext information M formulated by a data owner as input, and outputs a ciphertext CT related to the access structure T.
In the encryption process, in combination with the access tree of fig. 3 and the data encryption flowchart of fig. 6, the DO may set the access control structure T ═ T in the form of the access treeDO+TESTo reduce the amount of local computation, usually TDOHaving a part of the attributes, where T is selectedDOHaving only one attribute and being provided with LDOAnd LESRepresents TDOAnd TESSet of leaf nodes of, LTRepresenting a leaf node set of the access tree T, adopting a sharer secret sharing scheme, and aiming at any node x, q in the access treex(0) A secret value shared by node x. The algorithm mainly performs the following operations:
s31.do randomly selects a1 st order polynomial q (x), calculates s ═ q (0), s1 ═ q (1), s2 ═ q (2);
s32.DO Send s1, TES-to the encryption service ES;
s33.ES reception s1, TESRuns after, calculates CT with s1 as shared secretES
Figure GDA0002684155130000092
S34, calculating CT by using S2 as shared secret by user DODO
Figure GDA0002684155130000093
S35. additionally at the user side, for the plaintext information M, calculate C ═ Me (g)1,g2)αs(ii) a For shared secret s ═ q (0), calculate C ═ hs
S36, user DO sends { CTDOC, C' } to ES;
s37.ES reception { CTDOC, C', V }, combining various information to generate a ciphertext CT:
Figure GDA0002684155130000094
and S38, the ES sends the CT to a storage service, and the storage service stores the ciphertext information into a database.
And 4, step 4: updating the cipher access structure, calculating the re-encryption key Rk, re-encrypting the cipher to generate the re-encrypted cipher CT1
In the practical application of the ciphertext policy attribute-based encryption algorithm, an access control policy formulated by DO (data access) is frequently changed, and in order to solve the problem, two solutions of agent updating and user updating are frequently used, but the agent updating always exposes data information to an agent, and the user updating computation resource is seriously consumed and requires real-time online. The invention provides a ciphertext access structure updating algorithm, and combines the advantages of updating at an agent and a user, so that only a re-encryption key RK needs to be calculated by a number owner, and the agent can use the key to convert a ciphertext encrypted under one access structure T into a re-encrypted ciphertext calculated under another new access control structure T1.
In conjunction with the ciphertext access structure update flow diagram of fig. 7, first DO runs ReKeyGen (Pk, T1, Sk) to calculate the re-encryption key Rk, and the algorithm execution includes private key conversion and re-encryption key calculation.
1, private key conversion:
randomly selecting theta to be ZpAssociating private keys of DO
Figure GDA0002684155130000101
Figure GDA0002684155130000102
Updating the value of K to
Figure GDA0002684155130000103
Generating the translation private key SK' for DO:
Figure GDA0002684155130000104
2, calculating a re-encryption key:
combined hiding of the private key SK', resetting of the encryption key
Figure GDA0002684155130000105
Figure GDA0002684155130000106
Wherein the content of the first and second substances,
Figure GDA0002684155130000107
the re-encryption key RK is:
Figure GDA0002684155130000108
3 ciphertext re-encryption
The ES runs the ReEncrypt (Pk, CT, Rk) algorithm to convert the ciphertext encrypted under the access structure T into the ciphertext encrypted under the new access control structure T1, for the original ciphertext:
Figure GDA0002684155130000111
the establishment process of the ciphertext re-encryption is as follows:
1) the agent recursively decrypts the access tree:
a. decryption of leaf nodes in the access tree:
Figure GDA0002684155130000112
b. decryption of non-leaf nodes in the access tree:
Figure GDA0002684155130000113
c. with recursive secrets, for the root node r of the access tree, there are: a ═ Fr=e(g1,g2)rs
2) Calculating B ═ e (h) ═ K ═ C', K ═ e (h)s,g1 (α+r-θ)/β)=e(g1,g2)(α+r-θ)s
3) Sending A and B back to the user, and carrying out the following operations:
a. user calculates B/a ═ e (g)1,g2)(α+r-θ)s/e(g1,g2)rs=e(g1,g2)(α-θ)s
b. Computing NewC-Me (g) in conjunction with the C value of the original ciphertext containing the plaintext information1,g2)αs/e(g1,g2)(α-θ)s=Me(g1,g2)θs
4) Calculating the re-encrypted ciphertext CT 1:
compared with the original ciphertext, the re-encrypted ciphertext CT1 adds one more item E-g1 θe(g1,g2)αλAnd updating the ciphertext as follows:
Figure GDA0002684155130000114
5) the user uploads the re-encrypted ciphertext CT1 to the decryption service, which further uploads CT1 to the storage service, where it is stored in the storage server, updating the original ciphertext to the re-encrypted ciphertext.
And 5: data decryption
A decryption algorithm of Decrypt (Pk, CT, SK) is operated in the data decryption process, and the main purpose is to keep the blinding state of data to a server while utilizing the computing power of the server so as to ensure the data ownership. In combination with the data decryption flowchart of fig. 8, the algorithm uses the public key Pk, the ciphertext CT and the user private key Sk as inputs, and outputs a data plaintext when the access requirement is met. The encryption process comprises three processes of private key division, ciphertext conversion and local decryption.
1) Private key division: the purpose of private key partitioning is mainly to secure the data so that the private key of the data requestor DR is hidden from the decryption service. In the process, a user executes a KeyDiv (Pk, Sk) algorithm, inputs a private key Sk of DR and a system public key Pk, and outputs a key SRk for ciphertext conversion and a key Tk for local decryption, specifically:
user randomly selects t ∈ ZpFederated user private keys
Figure GDA0002684155130000121
Figure GDA0002684155130000122
Calculating D ═ gt(α+r)/βAnd generating a ciphertext transformation key Rk and a local decryption key TK, wherein:
Figure GDA0002684155130000123
and sending to the ES to request a decryption service, and storing Tk as t locally.
2) Ciphertext conversion: the purpose of ciphertext conversion is to perform initial decryption of the ciphertext by using computing resources of the server. After receiving the decryption request and the cipher text conversion key SRk, the DS firstly requests a data cipher text to be decrypted from the storage service, and after receiving the data request, the storage service sends the requested cipher text CT back to the DS; the ciphertext may be the original ciphertext CT:
Figure GDA0002684155130000124
or ciphertext CT1 updated by the access structure:
Figure GDA0002684155130000125
during decryption, the DS firstly checks the matching between the attribute set and the access structure of the ciphertext, if the attribute set does not meet the requirement of the access structure, the ciphertext conversion process outputs the inverted value, if the attribute set meets the requirement of the access structure, the initial decryption process of the ciphertext is started, and L is setTRepresenting the leaf node set of the access tree T, the specific process is as follows:
a. partial decryption operation of leaf nodes, for arbitrary y ∈ LTDS calculates F from the received informationy
Figure GDA0002684155130000126
If it is not
Figure GDA0002684155130000127
The calculation result is null;
b. partial decryption operation of non-leaf node x: for all children z, S of xxIs node x arbitrary KxThe set of child nodes, calling the algorithm first decrypts F of all the child nodes z of node xzThe nodes can be partially decrypted by the lagrange interpolation formula as follows, i ═ index (z), s in the access treex′={index(z):z∈SxAnd F is calculated by taking the delta as the Lagrange coefficientx
Figure GDA0002684155130000131
c. Decryption operation for root node: from the above, when r is the root node of T, y ∈ L for each leaf nodeDO∪LESPAnd the non-leaf node is subjected to recursive calculation to obtain:
Figure GDA0002684155130000132
the values for the two classes of ciphertext a are: a1 ═ e (g)1,g2)rsAnd a2 ═ e (g)1,g2)
d. For two kinds of cryptographs, the value of B is respectively calculated by K 'in the public key and C' in the cryptograph as follows:
B1=e(C′,K′)=e(hs,g1 t(α+r)/β)=e(g2 βs,g1 t(α+r)/β)=e(g1,g2)t(α+r)×s
B2=e(C′,K′)=e(hλ,g1 t(α+r)/β)=e(g2 βs,g1 t(α+r)/β)=e(g1,g2)t(α+r)×λ
the ds sends the data back to the data requester DR, and for two types of ciphertexts, the data sent is as follows:
for the original ciphertext: { a1, B1, C } - { e (g)1,g2)rs,e(g1,g2)t(α+r)×s,Me(g1,g2)αs};
For the ciphertext with the updated access structure:
{A2,B2,C,E,C’}={e(g1,g2),e(g1,g2)t(α+r)×λ,Me(g1,g2)θs,g1 θe(g1,g2)αλ,hs}。
3) local decryption:
in the process, ciphertext conversion data returned by the local decryption key Tk and the DS are used as input, a data plaintext corresponding to the ciphertext is output, the algorithm execution process is divided into local decryption of an original ciphertext and local decryption of the ciphertext after the access structure is updated, in the decryption process, the number of data tuples returned by the DS is judged first, the type of returned data is judged, and corresponding decryption is carried out.
a. Local decryption of an original ciphertext: at this time, the data returned by the DR receiving DS is { a1, B1, C }, and the local decryption key Tk is first calculated as t for the data B1
Figure GDA00026841551300001411
Figure GDA00026841551300001412
And finally decrypting the data to obtain a data plaintext M:
Figure GDA0002684155130000141
b. and (3) decrypting the ciphertext after the access structure is updated: at this time, the data returned by the user receiving DS is { a2, B2, C, E, C' }, and the local decryption key Tk is first calculated as t for the data B
Figure GDA0002684155130000142
Figure GDA0002684155130000143
Then solve for
Figure GDA0002684155130000144
The user then requests decryption C' h from the trusted centersTrusted center TA calculates NewC ═ C'1/β=(hs)1/β=g2 sAnd returning to the user, finally performing final ciphertext decryption to obtain a data plaintext M:
Figure GDA0002684155130000145
step 6: attribute revocation
In the system operation process, the problem of attribute change inevitably occurs, and attribute revocation is involved. In combination with the attribute revocation flow chart of fig. 9, when a certain user in the system has attribute revocation, the trust center randomly selects r e to ZpAnd the r value is addedAnd sending the new requirement to the users with the attributes which are not revoked and the encryption service ES for updating the ciphertext and the private keys of the users.
1) When the encryption service ES receives a cipher text updating demand and a r value sent by the trusted center, the encryption service ES updates the cipher text
Figure GDA0002684155130000146
The updated ciphertext is calculated as:
Figure GDA0002684155130000147
2) the private key is updated by the user without the revoked attribute, and when the user without the revoked attribute receives the updating requirement and the r value sent by the trusted center, the private key is updated by the user without the revoked attribute
Figure GDA0002684155130000148
Figure GDA0002684155130000149
The updated private key is calculated as:
Figure GDA00026841551300001410
3) the user of the revoked attribute updates the private key,
the user with the revoked attribute can not decrypt the ciphertext to obtain the data plaintext because the user does not receive the private key updating description and the r value and the ciphertext at the moment is updated, and the user with the revoked attribute can only decrypt the data by updating the private key of the user with the revoked attribute. At this time, the user needs to send a private key request to the trusted center again, and when the trusted center receives the private key request, the trusted center assumes that the attribute set of the user at this time is updated to be A', and the trusted center calculates the private key of the user to be
Figure GDA0002684155130000151
Finally, the method provided by the invention is subjected to security analysis and specific running time statistics.
Security analysis
In the present invention, the access control structure T is decomposed into: t ═ TDO+TES,TDOThe complexity of calculation and communication can be effectively reduced by containing fewer attributes according to TDOA first-order polynomial q (x) is randomly specified, and s is set to q (0), s1 is set to q (1), and s2 is set to q (2). ES can only be obtained during encryption (T)ESPS1), for any given first order polynomial, the secret component s is theoretically secure knowing only s1, according to a threshold secret sharing scheme.
For the safety of the algorithm, the ES, the DS and the SS are not credible, and can acquire corresponding information while executing a calculation task according to the algorithm. Assuming that ES, DS and SS carry out collusion attack, the following analysis is respectively carried out on the information acquisition situations:
MK=(β,gα) Reserved for TA;
and (2) DS: has a
Figure GDA0002684155130000152
And self-calculated a ═ e (g, g)rs,B=e(g,g)t(α+r).s
ES: having s1, TESPSelf-calculated
Figure GDA0002684155130000153
Figure GDA0002684155130000154
And user uploaded CTDO,C′=Me(g,g)αsAnd C ═ hs
Storage service: possess the ciphertext:
Figure GDA0002684155130000155
Figure GDA0002684155130000156
public key
Figure GDA0002684155130000157
Shared to each party;
Figure GDA0002684155130000158
as can be seen from the above table, the ES does not know the random number s for hiding the plaintext M, and the ES is in the blinding state for the ciphertext, and the ES does not know the access control structure set by the user, and cannot attempt decryption operation; for DS, a random number t is embedded in a hidden private key, and t is an index of a generator g, solving the private key of a user is equivalent to solving the problem of DLP difficulty, namely the private key of the user is also in a blinding state to DS, a server cannot or data content, and the privacy of data is protected, so that the algorithm is safe.
Run time statistics
The experiment is tested under a Ubuntu14.04LTS, a 3.8Gb memory, i5-4210M @2.6GHZ multiplied by 4, 16.8GB hard disk virtual machine.
Set the attribute set to 'ONE', 'TWO', 'tree', access structure to ((ONE and tree) and (TWO OR FOUR)), plaintext using random selection, updated access structure to (ONE and (TWO OR FOUR)), run the above algorithm with runtime statistics as follows.
TABLE 2 running time table for each algorithm
SetUp KeyGen Encryption ReKeyGen ReEncryption KeyDiv Ciphertext transformation Local decryption
Second of 0.03875 0.04463 0.05158 0.05514 0.05521 0.00140 0.04292 0.00175
It should be understood that the above-described embodiments of the present invention are merely examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the claims of the present invention.

Claims (8)

1. A fine grain access control method based on CP-ABE is characterized by comprising the following steps:
s1, initializing a system and generating parameters, wherein a trusted center TA runs a Setup (K) algorithm to initialize the system and generate the parameters, and the algorithm takes a security parameter K as input to generate a system public key Pk and a master key Mk;
s2, generating a private key, wherein the trusted center TA runs a KeyGen (Pk, Mk, A) algorithm, and generates a private key Sk for the user according to the user attribute set A;
s3, encrypting data, wherein the trusted center TA runs an Encrypt (Pk, M, T) algorithm, encrypts the data for the data ciphertext M according to an access control strategy T formulated by a user, and generates a ciphertext CT with the access control strategy;
s4, generating a re-encryption key, wherein a data owner DO operates a ReKeyGen (Pk, T1, Sk) algorithm, and when an access control strategy formulated by a user is updated, a ciphertext re-encryption key Rk is generated for the user according to a user private key; the method specifically comprises the following steps:
s41, the data owner DO operates a ReKeyGen (Pk, T1, Sk) algorithm, and T1 is a new access control structure; DO randomly selects theta ∈ ZpUpdate the private key to
Figure FDA0002684155120000011
Figure FDA0002684155120000012
S42.DO calculation
Figure FDA0002684155120000013
Figure FDA0002684155120000014
S43.DO combines two parts of information to calculate a re-encryption key RK:
Figure FDA0002684155120000015
s5, encrypting the ciphertext, operating a ReEncrypt (Pk, CT, Rk) algorithm by the decryption service DS, and updating the ciphertext in a ciphertext state when an access control strategy formulated by a user is updated to generate a re-encrypted ciphertext CT 1; the method specifically comprises the following steps:
s51, the decryption service DS runs a ReEncrypt (Pk, CT, Rk) algorithm to the original ciphertext
Figure FDA0002684155120000016
Performing recursive decryption, calculating:
Figure FDA0002684155120000017
wherein y is a leaf node in the access tree;
s52, carrying out recursive decryption on the non-leaf node x in the access tree, and calculating:
Figure FDA0002684155120000021
for the root node r, there is a ═ Fr=e(g1,g2)rs
S53, calculating:
Figure FDA0002684155120000022
s54, the data owner DO receives the information { A, B } sent by the DS and calculates New C:
Figure FDA0002684155120000023
s55, calculating a re-encrypted ciphertext CT 1:
Figure FDA0002684155120000024
s56, the user uploads the re-encrypted ciphertext CT1 to a decryption service, the decryption service further uploads the CT1 to a storage service, the CT is stored in a storage server, and the original ciphertext is updated to be the re-encrypted ciphertext;
s6, dividing a private key, wherein the data requester DR operates a DeyDiv (Pk, Sk) algorithm to divide a user private key to generate a ciphertext conversion private key SRk and a local decryption key Tk;
s7, data decryption, wherein a decryption service DS operates a decryption (Pk, CT, Sk) algorithm, judges whether a private key of a user meets an access control strategy formulated by the user when data are encrypted, decrypts the data for the user, outputs a plaintext M if the private key meets the access control strategy, and otherwise outputs a null;
and S8, attribute revocation, wherein an AttRevoke (CT, Sk) algorithm is operated to update the ciphertext and the private key of the user, when attribute revocation is sent, the private key can be directly updated by the user without revoked attribute, and the user with revoked attribute must request the trusted center TA to update the private key.
2. The fine grain access control method based on CP-ABE as claimed in claim 1, wherein said step S1 specifically includes:
s11, initializing a system and selecting a cyclic group
Figure FDA0002684155120000031
Wherein the circulating group
Figure FDA0002684155120000032
Is a prime number P, and the generators are g1,g2Selecting a hash function
Figure FDA0002684155120000033
The hash function mainly simulates a random database and sets bilinear mapping
Figure FDA0002684155120000034
S12, generating parameters, and running a Setup (k) algorithm by the trusted center TA, wherein the algorithm selects two safety parameters alpha, beta belonging to Z randomlypWherein Z ispFor integer groups of order p, the system generates public key and master key parameters,
master key MK ═ β, g1 α) And is reserved for the credible center TA,
public key
Figure FDA0002684155120000035
And distributed to system participants.
3. The fine grain access control method based on CP-ABE as claimed in claim 2, wherein said step S2 specifically includes:
the trusted center TA runs the KeyGen (Pk, Mk, A) algorithm, and the algorithm randomly selects r to be ZpLet the attribute set of the user be A, and for each attribute i ∈ A, randomly select ri∈ZpAnd a private key Sk is generated, the private key Sk is generated,
Figure FDA0002684155120000036
4. the fine grain access control method based on CP-ABE as claimed in claim 3, wherein said step S3 specifically includes:
s31, the trusted center TA runs Encrypt (Pk, M, T) algorithm, and the data owner DO formulates an access structure T as T in the form of an access treeDO+TESWherein T isDOAccess structure, T, for user independent controlESIs an access control policy handled for the server, LDOAnd LESRepresents TDOAnd TESSet of leaf nodes of, LTA set of leaf nodes representing an access tree T;
s32, the data owner DO randomly selects a1 st order polynomial q (x), calculates s as q (0), s1 as q (1), and s2 as q (2);
s33, the encryption service ES receives s1, T sent by the data owner DOESWith s1 as the shared secret, the shared secret value for any node x in the access tree is qx(0) And calculate
Figure FDA0002684155120000037
Figure FDA0002684155120000038
S34, the data owner DO takes s2 as a shared secret to calculate
Figure FDA0002684155120000039
Figure FDA00026841551200000310
And C ═ Me (g) is calculated for plaintext M and s ═ q (0)1,g2)αsAnd C ═ hs
S35, the encryption service ES receives information (CT) sent by a data owner DODOC, C', joint CTESAnd (3) calculating a ciphertext:
Figure FDA0002684155120000041
s36, the encryption service ES sends the CT to a storage service, and the storage service stores the ciphertext information into a database.
5. The fine grain access control method based on CP-ABE as claimed in claim 4, wherein said step S6 specifically includes:
s61, the data requester DR runs KeyDiv (Pk, Sk) algorithm, and the DR randomly selects t e to ZpIn association with its private key
Figure FDA0002684155120000042
Calculating K ═ gt(α+r)/β
S62.DR calculation ciphertext conversion key
Figure FDA0002684155120000043
Figure FDA0002684155120000044
Sending to a decryption service DS;
and S63, the DR calculates and stores the local decryption key Tk as t.
6. The fine grain access control method based on CP-ABE as claimed in claim 5, wherein said step S7 specifically includes:
s701, the decryption service DS operates a decryption (Pk, CT, SK) algorithm, and for the ciphertext and the DS, recursive decryption is carried out, and calculation is carried out:
Figure FDA0002684155120000045
where y is a leaf node in the access tree, if
Figure FDA0002684155120000046
FyThe value is null;
s702, carrying out recursive decryption on the non-leaf node x in the access tree, and calculating:
Figure FDA0002684155120000047
7. the fine grain CP-ABE based access control method according to claim 6, wherein said step S7 further comprises:
when the ciphertext is the original ciphertext, the decryption process is as follows:
s711. in this case, A ═ Fr=e(g1,g2)rs
S712, calculating B ═ e (C ', K') ═ e (h)s,g1 t(α+r)/β)=e(g2 βs,g1 t(α+r)/β)=e(g1,g2)t(α+r)×s
S713, the data requester DR receives the information,
{A,B,C}={e(g1,g2)rs,e(g1,g2)t(α+r)×s,Me(g1,g2)αs};
s714.dr uses Tk ═ t to perform local decryption, and calculates B ═ B1/Tk=e(g1,g2)(α+r)×s
S715.DR carries out final decryption to obtain a data plaintext M:
Figure FDA0002684155120000051
when the ciphertext is the ciphertext with the updated access structure, the decryption process is as follows:
s721, wherein A is Fr=e(g1,g2)
S722, calculating B ═ e (C ', K') ═ e (h)λ,g1 t(α+r)/β)=e(g2 βs,g1 t(α+r)/β)=e(g1,g2)t(α+r)×λ
S723. the data requester DR receives the information,
{A,B,C,E,C’}=
{e(g1,g2),e(g1,g2)t(α+r)×λ,Me(g1,g2)θs,g1 θe(g1,g2)αλ,hs};
s724.DR uses Tk-t to decipher locally, and calculates B-B1/Tk==e(g1,g2)(α+r)λ
S725.dr requests decryption C' h from the trusted centersCalculating NewC ═ C'1/β=(hs)1/β=g2 s
S726.DR carries out final decryption, and data plaintext M is obtained:
Figure FDA0002684155120000052
8. the fine grain CP-ABE based access control method of claim 7, wherein in step S8, when sending the attribute parameters, the AttrRevoke (CT, Sk) algorithm is executed, and the algorithm execution process includes:
s81, the credible center TA randomly selects r to be Zp
S82, receiving the value of r and updating the ciphertext by the encryption service ES
Figure FDA0002684155120000053
Figure FDA0002684155120000054
S83, the users without the revoked attribute receive the r value of the credible center and update the private key
Figure FDA0002684155120000061
Figure FDA0002684155120000062
S84. the user with the revoked attribute can not receive the r value of the credible center, and the user must request the credible center to update the private key and newly calculate the private key of the user
Figure FDA0002684155120000063
Figure FDA0002684155120000064
Where A 'is the user's updated set of attributes.
CN201810241576.5A 2018-03-22 2018-03-22 CP-ABE-based fine-grained access control method Active CN108632030B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810241576.5A CN108632030B (en) 2018-03-22 2018-03-22 CP-ABE-based fine-grained access control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810241576.5A CN108632030B (en) 2018-03-22 2018-03-22 CP-ABE-based fine-grained access control method

Publications (2)

Publication Number Publication Date
CN108632030A CN108632030A (en) 2018-10-09
CN108632030B true CN108632030B (en) 2020-11-27

Family

ID=63696287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810241576.5A Active CN108632030B (en) 2018-03-22 2018-03-22 CP-ABE-based fine-grained access control method

Country Status (1)

Country Link
CN (1) CN108632030B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109617855B (en) * 2018-10-25 2020-10-09 深圳技术大学(筹) File sharing method, device, equipment and medium based on CP-ABE layered access control
CN111756524A (en) * 2019-03-26 2020-10-09 深圳市网安计算机安全检测技术有限公司 Dynamic group key generation method and device, computer equipment and storage medium
CN110348187A (en) * 2019-05-30 2019-10-18 北京邮电大学 The method for secret protection and device of CP-ABE and random response fusion
CN110278078B (en) * 2019-06-17 2022-03-22 矩阵元技术(深圳)有限公司 Data processing method, device and system
CN110855613A (en) * 2019-10-12 2020-02-28 湖南大学 Outsourcing revocation method and system in attribute-based encryption system
CN111177744B (en) * 2019-12-07 2022-02-11 杭州电子科技大学 Access control strategy storage and matching method based on binary tree
CN114362924A (en) * 2020-09-29 2022-04-15 湖南大学 CP-ABE-based system and method for supporting flexible revocation and verifiable ciphertext authorization
CN112699395B (en) * 2021-01-14 2023-06-06 暨南大学 Attribute-based anonymous authentication method capable of chasing responsibility for fine-grained access control
CN113343258B (en) * 2021-06-09 2023-03-31 哈尔滨学院 Attribute-based agent re-encryption method applicable to lattice-based ciphertext strategy shared by body test result cloud
CN114205379A (en) * 2021-11-26 2022-03-18 江苏大学 CP-ABE outsourcing decryption result reusing method based on NDN

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103179114A (en) * 2013-03-15 2013-06-26 华中科技大学 Fine-grained access control method for data in cloud storage
CN105991278A (en) * 2016-07-11 2016-10-05 河北省科学院应用数学研究所 Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption)
CN106059759A (en) * 2016-07-11 2016-10-26 河北省科学院应用数学研究所 Architecture method for CP-ABE (Ciphertext-Policy Attribute-Based Encryption) ciphertext access control
WO2017076705A1 (en) * 2015-11-03 2017-05-11 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method of encryption based on the attributes comprising a pre-calculation phase
CN106878322A (en) * 2017-03-10 2017-06-20 北京科技大学 A kind of encryption and decryption method of the fixed length ciphertext based on attribute and key
CN107070652A (en) * 2017-04-24 2017-08-18 湖南科技学院 A kind of anti-tamper car networking method for secret protection of ciphertext based on CP ABE and system
CN107634830A (en) * 2017-09-13 2018-01-26 中国人民解放军信息工程大学 The revocable attribute base encryption method of server- aided, apparatus and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160241399A1 (en) * 2013-03-15 2016-08-18 Arizona Board Of Regents On Behalf Of Arizona State University Efficient Privacy-Preserving Ciphertext-Policy Attribute Based Encryption and Broadcast Encryption
US9495545B2 (en) * 2014-11-13 2016-11-15 Sap Se Automatically generate attributes and access policies for securely processing outsourced audit data using attribute-based encryption
US9894043B2 (en) * 2015-09-30 2018-02-13 Raytheon Bbn Technologies Corp. Cryptographically secure cross-domain information sharing

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103179114A (en) * 2013-03-15 2013-06-26 华中科技大学 Fine-grained access control method for data in cloud storage
WO2017076705A1 (en) * 2015-11-03 2017-05-11 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method of encryption based on the attributes comprising a pre-calculation phase
CN105991278A (en) * 2016-07-11 2016-10-05 河北省科学院应用数学研究所 Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption)
CN106059759A (en) * 2016-07-11 2016-10-26 河北省科学院应用数学研究所 Architecture method for CP-ABE (Ciphertext-Policy Attribute-Based Encryption) ciphertext access control
CN106878322A (en) * 2017-03-10 2017-06-20 北京科技大学 A kind of encryption and decryption method of the fixed length ciphertext based on attribute and key
CN107070652A (en) * 2017-04-24 2017-08-18 湖南科技学院 A kind of anti-tamper car networking method for secret protection of ciphertext based on CP ABE and system
CN107634830A (en) * 2017-09-13 2018-01-26 中国人民解放军信息工程大学 The revocable attribute base encryption method of server- aided, apparatus and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
云环境下基于CP_ABE的访问控制方法研究;赵嘉旭;《中国优秀硕士学位论文期刊》;20180115;全文 *

Also Published As

Publication number Publication date
CN108632030A (en) 2018-10-09

Similar Documents

Publication Publication Date Title
CN108632030B (en) CP-ABE-based fine-grained access control method
Li et al. User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage
Liang et al. Searchable attribute-based mechanism with efficient data sharing for secure cloud storage
Li et al. A lightweight secure data sharing scheme for mobile cloud computing
Zhou et al. Achieving secure role-based access control on encrypted data in cloud storage
CN110636500A (en) Access control system and method supporting cross-domain data sharing and wireless communication system
CN106375346B (en) Data guard method based on condition broadcast agent re-encryption under a kind of cloud environment
WO2016197680A1 (en) Access control system for cloud storage service platform and access control method therefor
Li et al. Two-factor data access control with efficient revocation for multi-authority cloud storage systems
CN108200181B (en) Cloud storage oriented revocable attribute-based encryption system and method
Zhou et al. Privacy-preserved access control for cloud computing
CN110247767B (en) Revocable attribute-based outsourcing encryption method in fog calculation
Ming et al. An efficient attribute based encryption scheme with revocation for outsourced data sharing control
CN104320393B (en) The controllable efficient attribute base proxy re-encryption method of re-encryption
Ali et al. A fully distributed hierarchical attribute-based encryption scheme
CN108111540A (en) The hierarchical access control system and method for data sharing are supported in a kind of cloud storage
Xu et al. Multi-authority proxy re-encryption based on CPABE for cloud storage systems
Liu et al. Hierarchical attribute-set based encryption for scalable, flexible and fine-grained access control in cloud computing
CN113411323B (en) Medical record data access control system and method based on attribute encryption
Xia et al. Attribute-based access control scheme with efficient revocation in cloud computing
Ming et al. Efficient revocable multi-authority attribute-based encryption for cloud storage
CN105933345A (en) Verifiable outsourcing attribute-based encryption method based on linear secret sharing
Liu et al. Dynamic attribute-based access control in cloud storage systems
Yuan et al. Fine-grained access control for big data based on CP-ABE in cloud computing
Hong et al. A key-insulated CP-ABE with key exposure accountability for secure data sharing in the cloud

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220829

Address after: 510665 No. 235, Gaotang Road, Tianhe District, Guangzhou City, Guangdong Province (Location: Room 307) (Cannot be used as a workshop) (Office only)

Patentee after: Guangdong Wuyi Information Technology Co.,Ltd.

Address before: 510275 No. 135 West Xingang Road, Guangzhou, Guangdong, Haizhuqu District

Patentee before: SUN YAT-SEN University

TR01 Transfer of patent right