CN108200181B - Cloud storage oriented revocable attribute-based encryption system and method - Google Patents
Cloud storage oriented revocable attribute-based encryption system and method Download PDFInfo
- Publication number
- CN108200181B CN108200181B CN201810025746.6A CN201810025746A CN108200181B CN 108200181 B CN108200181 B CN 108200181B CN 201810025746 A CN201810025746 A CN 201810025746A CN 108200181 B CN108200181 B CN 108200181B
- Authority
- CN
- China
- Prior art keywords
- key
- attribute
- module
- data
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a revocable attribute-based encryption system and method for cloud storage.A public key and a main private key of the encryption system and an attribute private key and an attribute group initial key of a data user are generated by an attribute authorization module; the data owner module constructs a data access structure and encrypts a plaintext to obtain an initial ciphertext; the data management module generates an attribute group key through the constructed key encryption key tree, performs re-encryption processing on the initial ciphertext to generate a ciphertext file and a ciphertext header of the ciphertext file, and stores the ciphertext file through the storage module; the data management module can also update the attribute group key after the attribute of the data user module is cancelled, and process the attribute group key to obtain an updated ciphertext file. And the data user module accesses the ciphertext file and decrypts the ciphertext file to obtain a plaintext corresponding to the ciphertext file. Therefore, the attribute-level user revocation capability is realized, collusion attack between a revoked user and a non-revoked user can be resisted, and the method has the advantages of fixed-length ciphertext length and higher efficiency.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a revocable attribute-based encryption system and method for cloud storage.
Background
In recent years, with the rapid development and wide application of technologies such as big data and cloud computing, a large amount of data generated by a large number of users can be uploaded to a cloud server for storage or computing, and therefore the related security problem of the data becomes a research hotspot.
Attribute-Based Encryption (ABE) is used as a novel public key Encryption system, can realize flexible fine-grained access control on data according to user attributes, and is one of key support technologies for solving the current cloud storage security problem. The ABE is classified into a Key-Policy attribute encryption scheme (Key-Policy ABE, KP-ABE) and a Ciphertext-Policy attribute encryption scheme (Ciphertext-Policy ABE, CP-ABE) according to the embedding position of an access structure. The CP-ABE is similar to role-based access control in traditional access control, can embed an access structure in a ciphertext, specifies that a user with certain attributes can access the ciphertext, and realizes a one-to-many encryption mode. Therefore, the CP-ABE can play a great value in a cloud storage mode, is widely concerned by academia and industry, and becomes a research hotspot of the current cryptology theory.
In the actual application process of the CP-ABE, the ciphertext length is an important technical index. In most of existing CP-ABE schemes, the length of a ciphertext is increased linearly along with the increase of complexity of an access structure, so that a data ciphertext occupies a large amount of cloud storage resources, and a user spends a large amount of funds on renting the cloud storage resources; and on the other hand, a large amount of communication resources are occupied in the data sharing process. Another security indicator of CP-ABE during application is attribute revocation. Since a large number of users are in the cloud storage, some user's relevant attributes may change during the operation of the system, or some private keys may be revealed, and therefore, revoking or updating the private key component of each attribute is crucial to the security of the system. Each attribute in CP-ABE may be shared by multiple users, which means that revocation of any attribute may affect other users, and thus attribute revocation is also a difficulty in CP-ABE schemes. Based on the influence range of the revoked attribute, the attribute key revocation can be divided into three cases, namely user revocation, user partial attribute revocation and system attribute revocation. The user revokes all attributes of the user without influencing the users which are not revoked; the user partial attribute revocation is to revoke some attributes in the user attribute information, and after revocation, the user loses the authority corresponding to the attribute, but does not affect the authority of other attributes; a system attribute revocation, i.e., revoking all users having that attribute.
However, in the existing research, it is found that the existing CP-ABE scheme has certain defects in a plurality of aspects such as fine-grained access control in a data outsourcing environment, resistance to collusion attack between a revoked user and an unrevoked user, saving of computing and storage resources, maintenance of an attribute revocation list, and the like, so that the existing CP-ABE scheme is difficult to meet the requirements of users.
Disclosure of Invention
In view of the above problems, the present invention provides an attribute encryption system and method, which achieve attribute-level user revocation capability, can resist collusion attack between revoked users and non-revoked users, and has a ciphertext length of a fixed length and higher efficiency.
In order to achieve the above object, according to a first aspect of the present invention, there is provided a cloud storage oriented revocable attribute-based encryption system, including: the system comprises an attribute authorization module, a data owner module, a data management module, a storage module and a data user module;
the attribute authorization module is used for generating a public key and a main private key of an encryption system, generating an attribute private key and an attribute group initial key of a data user module, sending the attribute private key of the data user module to the data user module, and sending the attribute group initial key to the data management module;
the data owner module is used for constructing a data access structure and encrypting a plaintext through a public key of the encryption system to generate an initial ciphertext;
the data management module is used for generating a public key of the data management module and a main private key of the data management module, generating an attribute group key through a constructed key encryption key tree, carrying out re-encryption processing on the initial ciphertext to generate a ciphertext file, and generating a ciphertext head of the ciphertext file;
the storage module is used for storing the ciphertext file and the ciphertext header of the ciphertext file;
the data user module is used for accessing the ciphertext file and decrypting the ciphertext file according to the public key of the encryption system, the private key of the data user module and the attribute group key to obtain a plaintext corresponding to the ciphertext file, wherein the attribute information of the data user module meets the data access structure constructed by the data owner module;
when the attribute of the data user module is revoked, the data management module is further configured to update the attribute group key of the data user module, and update the ciphertext file to obtain an updated ciphertext file and a ciphertext header of the updated ciphertext file.
Preferably, the attribute authorization module includes:
a parameter setting unit for setting parameters of the encryption system;
the first key generation unit is used for calculating and generating a public key and a main private key of the encryption system according to the parameters of the encryption system;
the private key generating unit is used for acquiring the attribute information of the data user module, calculating and generating an attribute private key and an attribute group initial key of the data user module according to the public key and the main private key of the encryption system and the public key of the data management module;
and the sending unit is used for sending the attribute key of the data user module to the data user module and sending the attribute group initial key to the data management module.
Preferably, the data owner module is specifically configured to encrypt a plaintext according to the data access structure and a public key of an encryption system sent by the attribute authorization module to generate an initial ciphertext.
Preferably, the data management module includes:
the second key generation unit is used for calculating and generating a public key and a main private key of the data management module according to the public key of the encryption system;
the construction unit is used for constructing a key encryption key tree according to the attribute information of the data user module;
the attribute group key generation unit is used for generating an attribute group key through the key encryption key tree according to the received attribute information of the data user module and the attribute initial group key sent by the attribute authorization module;
and the re-encryption unit is used for re-encrypting the initial ciphertext according to the public key of the encryption system and the private key of the data management module to generate a ciphertext file and generate a ciphertext header of the ciphertext file.
Preferably, when the attribute of the data user module is revoked, the data management module further includes:
the first updating unit is used for acquiring the revoked attribute of the data user module with the revoked attribute, calculating and generating an updated public key and a master private key of the corresponding data management module according to the revoked attribute, the private key of the data management module and the attribute group key of the data user module, and generating the updated attribute group key of the data user module;
and the second updating unit is used for updating the ciphertext file according to the obtained revoked attribute to obtain an updated ciphertext file and a ciphertext header of the updated ciphertext file.
According to a second aspect of the present invention, there is provided a revocable attribute-based encryption method for cloud storage, the method being applicable to a revocable attribute-based encryption system for cloud storage, the system including: the system comprises an attribute authorization module, a data owner module, a data management module, a storage module and a data user module, and the method comprises the following steps:
the attribute authorization module generates a public key and a main private key of an encryption system, generates an attribute private key and an attribute group initial key of a data user, sends the attribute private key of the data user module to the data user module, and sends the attribute group initial key to the data management module;
the data owner module constructs a data access structure and encrypts a plaintext through a public key of the encryption system to generate an initial ciphertext;
the data management module generates a public key of the data management module and a main private key of the data management module, generates an attribute group key through a constructed key encryption key tree, performs re-encryption processing on the initial ciphertext to generate a ciphertext file, and generates a ciphertext head of the ciphertext file;
the storage module stores the ciphertext file and the ciphertext header of the ciphertext file;
the data user module accesses the ciphertext file and decrypts the ciphertext file according to the public key of the encryption system, the private key of the data user module and the attribute group key to obtain a plaintext corresponding to the ciphertext file, wherein the attribute information of the data user module meets a data access structure constructed by the data owner module;
and when the attribute of the data user module is cancelled, the data management module updates the attribute group key of the data user module and updates the ciphertext file to obtain an updated ciphertext file and a ciphertext header of the updated ciphertext file.
Preferably, the generating, by the attribute authorization module, a public key and a master private key of the encryption system, generating an attribute private key and an attribute group initial key of the data user module, sending the attribute private key of the data user module to the data user module, and sending the attribute group initial key to the data management module includes:
setting parameters of an encryption system;
calculating and generating a public key and a main private key of the encryption system according to the parameters of the encryption system;
acquiring attribute information of a data user module, and calculating and generating an attribute private key and an attribute group initial key of the data user module according to a public key and a main private key of the encryption system and a public key of the data management module;
and sending the attribute key of the data user module to the data user module, and sending the attribute group initial key to the data management module.
Preferably, the data owner module constructs a data access structure, and encrypts a plaintext by using a public key of the encryption system to generate an initial ciphertext, and the method includes:
the data owner module constructs a data access structure;
and encrypting a plaintext according to the data access structure and the public key of the encryption system sent by the attribute authorization module to generate an initial ciphertext.
Preferably, the generating, by the data management module, a public key of the data management module and a master private key of the data management module, generating an attribute group key by using the constructed key encryption key tree, performing re-encryption processing on the initial ciphertext to generate a ciphertext file, and generating a ciphertext header of the ciphertext file includes:
calculating and generating a public key and a main private key of the data management module according to the public key of the encryption system;
constructing a key encryption key tree according to the attribute information of the data user module;
generating an attribute group key through the key encryption key tree according to the received attribute information of the data user module and the attribute initial group key sent by the attribute authorization module;
and carrying out re-encryption processing on the initial ciphertext according to the public key of the encryption system and the private key of the data management module to generate a ciphertext file, and generating a ciphertext head of the ciphertext file.
Preferably, when the attribute of the data user module is revoked, the method further includes:
the data management module acquires the revoked attribute of the data user module with the revoked attribute, calculates and generates an updated public key and a master private key of the corresponding data management module according to the revoked attribute, the private key of the data management module and the attribute group key of the data user module, and generates an updated attribute group key of the data user module;
and updating the ciphertext file according to the obtained revoked attribute to obtain an updated ciphertext file and a ciphertext header of the updated ciphertext file.
Compared with the prior art, the method and the device have the advantages that the key encryption key tree is built through the data management module, the attribute group key is built based on the key encryption key tree, the attribute group key of each data user module in the attribute group is different, and when a certain attribute of a certain data user module is revoked, the corresponding attribute group key is revoked. Because the attribute group key of each data user module is different, collusion attack between a revocation data user module and a non-revocation data user module can be resisted; when the attribute of the data user module is cancelled, all calculated amounts of updating the attribute group key of the data user module and the updated key file are completed by the data management module, so that the calculation burden of the data user module is effectively reduced, and the efficiency of the encryption system is improved; in addition, the invention adopts an AND gate access structure supporting multi-value attributes and wildcards in the encryption process, so that the ciphertext length is not linearly and positively correlated with the access structure any more, the constant ciphertext length is realized, and the storage burden and the communication burden are reduced; the invention has flexible and fine-grained access control capability and high-efficiency revocation capability.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a revocable attribute-based encryption system for cloud storage according to an embodiment of the present invention;
fig. 2 is a timing diagram of an execution process of a cloud storage oriented revocable attribute-based encryption system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of another cloud storage-oriented revocable attribute-based encryption system according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a key encryption key tree according to an embodiment of the present invention;
fig. 5 is a schematic flowchart of a revocable attribute-based encryption method for cloud storage according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first" and "second," and the like in the description and claims of the present invention and the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not set forth for a listed step or element but may include steps or elements not listed.
The embodiment of the invention discloses a revocable attribute-based encryption system for cloud storage, and please refer to the attached figure 1, which comprises the following components:
the system comprises an attribute authorization module 1, a data owner module 2, a data management module 3, a storage module 4 and a data user module 5;
the attribute authorization module 1 is configured to generate a public key and a master private key of an encryption system, generate an attribute private key and an attribute group initial key of a data user module, send the attribute private key of the data user module to the data user module, and send the attribute group initial key to the data management module;
the data owner module 2 is used for constructing a data access structure and encrypting a plaintext through a public key of the encryption system to generate an initial ciphertext;
the data management module 3 is configured to generate a public key of the data management module and a master private key of the data management module, generate an attribute group key through a constructed key encryption key tree, perform re-encryption processing on the initial ciphertext to generate a ciphertext file, and generate a ciphertext header of the ciphertext file;
the storage module 4 is configured to store the ciphertext file and the ciphertext header of the ciphertext file;
the data user module 5 is configured to access the ciphertext file, and decrypt the ciphertext file according to the public key of the encryption system, the private key of the data user module, and the attribute group key to obtain a plaintext corresponding to the ciphertext file, where attribute information of the data user module satisfies a data access structure constructed by the data owner module;
when the attribute of the data user module 5 is revoked, the data management module 3 is further configured to update the attribute group key of the data user module, and update the ciphertext file to obtain an updated ciphertext file and a ciphertext header of the updated ciphertext file.
In the embodiment of the present invention, the attribute authorization module 1 may be a completely trusted authority, and is mainly responsible for generating a system public key and a system private key, and at the same time, it controls the distribution of the private key of the data user module and the initial key of the attribute group. The data owner module 2 will typically upload the encrypted data to the cloud service provider to reduce the storage burden. In order to reduce the calculation burden of the data owner module 2, when the data user module cancels the attribute, the key encryption key tree constructed by the data management module 3 generates the attribute group key to complete the updating work of the attribute related key and the ciphertext; the data owner module 2 needs to encrypt the data with the symmetric key before uploading the data to the cloud service provider and then designates an access structure for encrypting the symmetric key. Only when the attribute of the data user module 5 meets the access structure, the key can be correctly decrypted to obtain a symmetric key, and then the symmetric key is used for decrypting the ciphertext file to obtain a corresponding plaintext; the data user module 5, i.e. the data visitor in the system, can freely access the ciphertext data resources in the cloud. The attribute authorization module 1 generates a private key for the data accessor according to the attribute of the data accessor for decrypting the key ciphertext. If its attributes are not revoked, the data consumer module 5 is able to calculate the final plaintext. The operational relationship between the various modules of the system in an embodiment of the present invention is illustrated in fig. 2.
In the embodiment of the invention, a key encryption key tree is constructed through the data management module 3, the attribute group key is constructed based on the key encryption key tree, the attribute group keys of each data user module in the attribute group are different, and when a certain attribute of a certain data user module is revoked, the corresponding attribute group key is revoked. Because the attribute group key of each data user module is different, collusion attack between a revocation data user module and a non-revocation data user module can be resisted; when the attribute of the data user module is cancelled, all calculated amounts of updating the attribute group key of the data user and updating the ciphertext file are completed by the data management module 3, so that the calculation burden of the data user module is effectively reduced, and the efficiency of the encryption system is improved; in addition, the invention realizes the constant length of the ciphertext, and reduces the storage burden and the communication burden; the invention has flexible and fine-grained access control capability and high-efficiency revocation capability.
On the basis of the embodiment corresponding to fig. 1, referring to fig. 3, in another cloud storage oriented revocable attribute-based encryption system disclosed in the present invention, the attribute authorization module 1 specifically includes:
a parameter setting unit 11 for setting parameters of the encryption system;
a first key generation unit 12, configured to calculate and generate a public key PK and a master private key MSK of the encryption system according to the parameter of the encryption system;
a private key generating unit 13, configured to obtain the attribute information of the data user, calculate and generate an attribute private key SK of the data user module according to the public key PK and the master private key MSK of the encryption system and the public key DPK of the data management moduleLAnd an attribute group initial key KEK';
a sending unit 14, configured to use the attribute private key SK of the data user moduleLAnd sending the attribute group initial key to the data user module and sending the attribute group initial key to the data management module.
The data management module 3 includes:
a second key generation unit 31, configured to calculate and generate a public key DPK and a master private key DSK of the data management module according to the public key PK of the encryption system;
a construction unit 32, configured to construct a key encryption key tree according to the set information of the data user;
the attribute group key generation unit 33 is configured to generate an attribute group key KEK through the key encryption key tree according to the received attribute information of the data user and the attribute group initial key KEK' sent by the attribute authorization module;
and the re-encryption unit 34 is configured to re-encrypt the initial ciphertext according to the public key PK of the encryption system and the private key DSK of the data management module, generate a ciphertext file, and generate a ciphertext header of the ciphertext file.
It should be noted that the parameter setting unit 11 mainly employs a bilinear group technique, which is an important key technique in the cryptographic system. Let psi be a group production algorithm with the security parameter λ as input, output (p, G)TAnd e). Where p is a prime number determined by a safety parameter lambda, G and GTIs a cyclic group of order prime p. Bilinear map e: GXG → GTThe following properties are satisfied:
The Attribute Authority (AA) module 1 in the present invention is abbreviated as AA for descriptive convenience, and the first key generation unit 12 performs AASetup (1)λ) → PK, MSK }: the AA executes the algorithm for system initialization. The algorithm takes a hidden security parameter lambda as input and outputs a system public parameter, a public key PK and a private key MSK of AA, and specifically comprises the following steps:
AA inputs a security parameter λ and selects two multiplicative cyclic groups G and G of prime p orderTG is the generator of the cyclic group G, and there is effectively a bilinear map e G → GT。
AA calculationAndwherein i is more than or equal to 1 and less than or equal to n, and b is more than or equal to 1 and less than or equal to bi≤ni。
Correspondingly, the Data management module 3 (DSM), which is abbreviated as DSM for convenience of description, executes the algorithm dsmsetup (pk) → { DPK, DSK } for initialization. The algorithm takes a system public key PK as input and outputs a public key DPK of DSM and a main private key DSK. The DSM's public-private key pair will be updated when user attribute revocation occurs at the system. Referring to fig. 4, at this time, the constructing unit 32 constructs a Key Encryption Key (KEK) tree, that is, a complete binary tree established based on the user set, and provides a Key update capability for the un-revoked user, thereby achieving the purpose of revoking the user. Setting a system user set U ═ U1,u2,…,uNSystem attribute information W ═ att1,att2,…,attn}. Is provided withIs to possess attribute attiIs called an attribute group. GiWill be regarded as having access to the attribute attiThe access list of (2). Let G ═ G1,G2,…,GnIs the attribute group set. For example: if u1,u2,u3Respectively possess attribute information att1,att2},{att1,att2,att3},{att2,att3}, then G1={u1,u2},G2={u1,u2,u3}, G3={u2,u3}. The DSM constructs the KEK tree as follows:
each user in the data user set U is assigned to a leaf node of the binary tree, each node vjStore one randomMachine value thetaj。
Path node generation algorithm Path (u)k): for each user ukAll nodes from leaf node to root node are defined as user ukThe path node of (2). E.g., Path (u)5)={v12,v6,v3,v1}。
Minimum coverage set algorithm Mincs (G)i): for each attribute group GiIn the KEK tree G can be coverediIs the minimum coverage set. Such as Gi={u1,u2,u4,u6,u7,u8}, then Mincs (G)i)={v4,v11,v13,v7}。
Consider Path (u)k) And Mincs (G)i) Of each user uk∈GiWith and only one node vjStored random value thetaj. U as in (2) and (3)6Owning only node v13Stored random value theta13。
The public key DPK and the main private key DSK for generating the DSM are specifically:
After obtaining the public key and the private key of the AA, the public key and the master private key of the DSM, the private key of the data user is generated, that is, the private key generation unit 13 of the attribute authorization module 1 and the attribute group key generation module 33 of the data management module 3 are performed, specifically:
the private key generation unit 13 executes an algorithm AAKeyGen (id, PK, DPK, MSK, L) → { SK }LKEK' which takes a system public key PK, a DSM public key DPK, a system master private key MSK and user attribute information L as input and outputs a user attribute private key SKLAnd an attribute group key KEK', specifically:
the attribute group key generation module 33 executes an algorithm DSMKeyGen (KEK ', L) → KEK, and outputs a user attribute group private key KEK with KEK' and user attribute information L as inputs.
The DSM generates an attribute group key for the user according to the KEK tree computation process. For eachDSM calculation
If it isThe DSM stops calculating; if it isDSM calculationWherein the random value thetajCorresponding node
The data encryption process is carried out in two steps, namely the initial encryption of the data owner module 2 and the re-encryption of the data management module 3, and the phase comprises two polynomial time algorithms of Encrypt and DSMEncrypt. The data owner module 2 constructs an access structure and encrypts a plaintext to generate an initial ciphertext, and then the DSM performs proxy re-encryption to generate a ciphertext file, wherein the ciphertext file comprises a re-encrypted ciphertext and a data ciphertext header. The method specifically comprises the following steps:
the data owner module 2 executes an algorithm Encrypt (PK, W, m) → CT ', which takes a system public key PK, an access structure W and a plaintext message m as inputs and outputs an intermediate ciphertext CT', specifically:
To improve computational efficiency, the data owner module 2 may first encrypt the data m with the symmetric key k, and then the data owner designates an attribute-based access structure W for encrypting the symmetric key k.
The re-encryption unit 34, performs the algorithm DSMEncrypt (PK, DSK, CT') → { Hdr, CT → [ (Hdr), CTWThe algorithm takes a system public key PK, a DSM public key DPK and an intermediate ciphertext CT' as input, and outputs a ciphertext head Hdr and a final ciphertext CTWThe method specifically comprises the following steps:
DSM will (CT)WHdr) to the memory module 4 for storage.
After data is encrypted, if a data user module accesses a ciphertext file, the ciphertext file needs to be decrypted, before that, whether the attribute of a data user meets the access structure of the data owner module 2 is judged, and only when the attribute information of the data user module meets the access structure and the attribute of the data user is not revoked, the data user module can calculate and obtain a plaintext corresponding to the ciphertext file through the following process.
I.e. performing the algorithm Decrypt (PK, Hdr, CT)W,SKLKEK) → m, with the system public key PK, ciphertext header Hdr, ciphertext CTWPrivate key SK of user attributeLAnd KEK as inputs, outputting plaintext data m. Data user first calculationThen the plaintext message m is obtained by calculation according to the following formula:
when the attribute of a certain data user is revoked, the data management module 3 first updates the public-private key pair of DSM, the attribute group key of the data user, and then updates the ciphertext file, that is, updates the corresponding ciphertext and ciphertext header, and at this time, the data management module 3 further includes:
the first updating unit 35 is configured to obtain a revoked attribute of a data user module with a revoked attribute, calculate and generate an updated public key DPK and a master private key DSK of a corresponding data management module according to the revoked attribute, a private key of the data management module, and an attribute group key of the data user module, and generate an updated attribute group key of the data user module;
and the second updating unit 36 is configured to update the ciphertext file according to the obtained revoked attribute, so as to obtain an updated ciphertext file.
The first updating unit 35 executes an algorithmWith DSM private key DSK, user private key KEK and revoked attribute LxAs input, a new private key is outputThe method specifically comprises the following steps:
DSM update attribute groupAnd recalculateFor example: if it isThenWhen data user u6Property L ofxWhen the key is revoked, the key is cancelled,
If it isThe DSM stops calculating; if it isDSM calculationAndwherein the random valueCorresponding node
Second updating unit 36, executing the algorithmWith ciphertext header Hdr, ciphertext CT and revoked attribute LxAs input, a new ciphertext header is outputAnd ciphertextThe method specifically comprises the following steps:
Updating the ciphertext header:
in the embodiment of the invention, a key encryption key tree is constructed through the data management module 3, the attribute group key is constructed based on the key encryption key tree, the attribute group key of each data user in the attribute group is different, and when a certain attribute of a certain data user is revoked, the corresponding attribute group key is revoked. Because the attribute group key of each data user is different, collusion attack between a revoked data user and a non-revoked data user can be resisted; in the data encryption process, firstly, the uploaded data, namely the plaintext, is initially encrypted through the data owner module 2, and then, the data is re-encrypted through the data management module 3, so that an AND gate strategy of multi-value attributes and wildcards is supported, further, the ciphertext length is not in positive linear correlation with the data access structure, and the constant ciphertext length is realized; and when the attribute of the data user is revoked, all the calculation amounts of the attribute group key of the data user and the updated key file are completed by the data management module 3, so that the calculation burden of the data user is effectively reduced, the efficiency of an encryption system is improved, and flexible and fine-grained access control and high-efficiency revocation capability are realized.
Corresponding to the revocable attribute-based encryption system for cloud storage provided by the embodiment of the invention, the invention also provides a revocable attribute-based encryption method for cloud storage, which is suitable for the revocable attribute-based encryption system for cloud storage, and the system comprises: the method comprises the following steps of an attribute authorization module, a data owner module, a data management module, a storage module and a data user module, and referring to the attached figure 5:
s11, the attribute authorization module generates a public key and a main private key of an encryption system, generates an attribute private key and an attribute group initial key of a data user module, sends the attribute private key of the data user module to the data user module, and sends the attribute group initial key to the data management module;
s12, the data owner module constructs a data access structure, and encrypts a plaintext through a public key of the encryption system to generate an initial ciphertext;
s13, the data management module generates a public key of the data management module and a main private key of the data management module, generates an attribute group key through a constructed key encryption key tree, re-encrypts the initial ciphertext to generate a ciphertext file, and generates a ciphertext header of the ciphertext file;
s14, the storage module stores the ciphertext file;
s15, the data user module accesses the ciphertext file, and decrypts the ciphertext file according to the public key of the encryption system, the private key of the data user module and the attribute group key to obtain a plaintext corresponding to the ciphertext file, wherein the attribute information of the data user module meets the data access structure constructed by the data owner module;
and S16, when the attribute of the data user module is cancelled, the data management module updates the attribute group key of the data user module, and updates the ciphertext file to obtain an updated ciphertext file and a ciphertext header of the ciphertext file.
Specifically, the attribute authorization module generates a public key and a master private key of an encryption system, generates an attribute private key and an attribute group initial key of a data user, sends the attribute private key of the data user to the data user module, and sends the attribute group initial key to the data management module, and the method includes:
setting parameters of an encryption system;
calculating and generating a public key and a main private key of the encryption system according to the parameters of the encryption system;
acquiring attribute information of a data user module, and calculating and generating an attribute private key and an attribute group initial key of the data user module according to a public key and a main private key of the encryption system and a public key of the data management module;
and sending the attribute key of the data user module to the data user module, and sending the attribute group initial key to the data management module.
Correspondingly, the data owner module constructs a data access structure, encrypts a plaintext through a public key of the encryption system to generate an initial ciphertext, and includes:
the data owner module constructs a data access structure;
and encrypting a plaintext according to the data access structure and the public key of the encryption system sent by the attribute authorization module to generate an initial ciphertext.
Correspondingly, the data management module generates a public key of the data management module and a master private key of the data management module, generates an attribute group key through a constructed key encryption key tree, performs re-encryption processing on the initial ciphertext to generate a ciphertext file, and generates a ciphertext header of the ciphertext file, including:
calculating and generating a public key and a main private key of the data management module according to the public key of the encryption system;
constructing a key encryption key tree according to the attribute information of the data user module;
generating an attribute group key through the key encryption key tree according to the received attribute information of the data user module and the attribute initial group key sent by the attribute authorization module;
and carrying out re-encryption processing on the initial ciphertext according to the public key of the encryption system and the private key of the data management module to generate a ciphertext file, and generating a ciphertext head of the ciphertext file.
Specifically, when the attribute of the data user module is revoked, the method further includes:
the data management module acquires the revoked attribute of the data user module with the revoked attribute, calculates and generates an updated public key and a master private key of the corresponding data management module according to the revoked attribute, the private key of the data management module and the attribute group key of the data user module, and generates an updated attribute group key of the data user module;
and updating the ciphertext file according to the obtained revoked attribute to obtain an updated ciphertext file and a ciphertext header of the updated ciphertext file.
In the embodiment of the invention, a key encryption key tree is constructed through a data management module, an attribute group key is constructed based on the key encryption key tree, the attribute group keys of each data user module in an attribute group are different, and when a certain attribute of a certain data user module is revoked, the corresponding attribute group key is revoked. Because the attribute group key of each data user module is different, collusion attack between a revoked data user and a non-revoked data user can be resisted; when the attribute of the data user module is cancelled, all calculated amounts of updating the attribute group key of the data user module and the updated key file are completed by the data management module, so that the calculation burden of the data user module is effectively reduced, and the efficiency of the encryption system is improved; in addition, the invention realizes the constant length of the ciphertext, and reduces the storage burden and the communication burden; the invention has flexible and fine-grained access control capability and high-efficiency revocation capability.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. A cloud storage oriented revocable attribute-based encryption system, the system comprising: the system comprises an attribute authorization module, a data owner module, a data management module, a storage module and a data user module;
the attribute authorization module is configured to generate a public key and a master private key of an encryption system, generate an attribute private key and an attribute group initial key of a data user module, send the attribute private key of the data user module to the data user module, and send the attribute group initial key to the data management module, where the attribute authorization module includes: a parameter setting unit for setting parameters of the encryption system; the first key generation unit is used for calculating and generating a public key and a main private key of the encryption system according to the parameters of the encryption system; the private key generating unit is used for acquiring the attribute information of the data user module, calculating and generating an attribute private key and an attribute group initial key of the data user module according to the public key and the main private key of the encryption system and the public key of the data management module; a sending unit, configured to send the attribute key of the data user module to the data user module, and send the attribute group initial key to the data management module;
the data owner module is used for constructing a data access structure and encrypting a plaintext through a public key of the encryption system to generate an initial ciphertext;
the data management module is used for generating a public key of the data management module and a main private key of the data management module, generating an attribute group key through a constructed key encryption key tree, carrying out re-encryption processing on the initial ciphertext to generate a ciphertext file, and generating a ciphertext head of the ciphertext file, wherein the encryption process is an AND gate access structure supporting multi-valued attributes and wildcards;
the storage module is used for storing the ciphertext file and the ciphertext header of the ciphertext file;
the data user module is used for accessing the ciphertext file and decrypting the ciphertext file according to the public key of the encryption system, the private key of the data user module and the attribute group key to obtain a plaintext corresponding to the ciphertext file, wherein the attribute information of the data user module meets the data access structure constructed by the data owner module;
when the attribute of the data user module is revoked, the data management module is further configured to update the attribute group key of the data user module, and update the ciphertext file to obtain an updated ciphertext file and a ciphertext header of the updated ciphertext file.
2. The system according to claim 1, wherein the data owner module is specifically configured to encrypt plaintext according to the data access structure and a public key of an encryption system sent by the attribute authorization module to generate an initial ciphertext.
3. The system of claim 1, wherein the data management module comprises:
the second key generation unit is used for calculating and generating a public key and a main private key of the data management module according to the public key of the encryption system;
the construction unit is used for constructing a key encryption key tree according to the attribute information of the data user module;
the attribute group key generation unit is used for generating an attribute group key through the key encryption key tree according to the received attribute information of the data user module and the attribute initial group key sent by the attribute authorization module;
and the re-encryption unit is used for re-encrypting the initial ciphertext according to the public key of the encryption system and the private key of the data management module to generate a ciphertext file and generate a ciphertext header of the ciphertext file.
4. The system of claim 1, wherein when the attribute of the data user module is revoked, the data management module further comprises:
the first updating unit is used for acquiring the revoked attribute of the data user module with the revoked attribute, calculating and generating an updated public key and a master private key of the corresponding data management module according to the revoked attribute, the private key of the data management module and the attribute group key of the data user module, and generating the updated attribute group key of the data user module;
and the second updating unit is used for updating the ciphertext file according to the obtained revoked attribute to obtain an updated ciphertext file and a ciphertext header of the updated ciphertext file.
5. A revocable attribute-based encryption method for cloud storage is characterized in that the method is suitable for a revocable attribute-based encryption system for cloud storage, and the system comprises: the system comprises an attribute authorization module, a data owner module, a data management module, a storage module and a data user module, and the method comprises the following steps:
the attribute authorization module generates a public key and a main private key of an encryption system, generates an attribute private key and an attribute group initial key of a data user, sends the attribute private key of the data user module to the data user module, and sends the attribute group initial key to the data management module, wherein the attribute authorization module generates the public key and the main private key of the encryption system, generates the attribute private key and the attribute group initial key of the data user module, sends the attribute private key of the data user module to the data user module, and sends the attribute group initial key to the data management module, and the method comprises the following steps: setting parameters of an encryption system; calculating and generating a public key and a main private key of the encryption system according to the parameters of the encryption system; acquiring attribute information of a data user module, and calculating and generating an attribute private key and an attribute group initial key of the data user module according to a public key and a main private key of the encryption system and a public key of the data management module; sending the attribute key of the data user module to the data user module, and sending the attribute group initial key to the data management module;
the data owner module constructs a data access structure and encrypts a plaintext through a public key of the encryption system to generate an initial ciphertext;
the data management module generates a public key of the data management module and a main private key of the data management module, generates an attribute group key through a constructed key encryption key tree, performs re-encryption processing on the initial ciphertext to generate a ciphertext file, and generates a ciphertext head of the ciphertext file, wherein the encryption process is an AND gate access structure supporting multi-valued attributes and wildcards;
the storage module stores the ciphertext file and the ciphertext header of the ciphertext file;
the data user module accesses the ciphertext file and decrypts the ciphertext file according to the public key of the encryption system, the private key of the data user module and the attribute group key to obtain a plaintext corresponding to the ciphertext file, wherein the attribute information of the data user module meets a data access structure constructed by the data owner module;
and when the attribute of the data user module is cancelled, the data management module updates the attribute group key of the data user module and updates the ciphertext file to obtain an updated ciphertext file and a ciphertext header of the updated ciphertext file.
6. The method of claim 5, wherein the data owner module constructs a data access structure and encrypts plaintext with a public key of the encryption system to generate an initial ciphertext, comprising:
the data owner module constructs a data access structure;
and encrypting a plaintext according to the data access structure and the public key of the encryption system sent by the attribute authorization module to generate an initial ciphertext.
7. The method of claim 5, wherein the data management module generates a public key of the data management module and a master private key of the data management module, generates an attribute group key through the constructed key encryption key tree, performs re-encryption processing on the initial ciphertext to generate a ciphertext file, and generates a ciphertext header of the ciphertext file, comprising:
calculating and generating a public key and a main private key of the data management module according to the public key of the encryption system;
constructing a key encryption key tree according to the attribute information of the data user module;
generating an attribute group key through the key encryption key tree according to the received attribute information of the data user module and the attribute initial group key sent by the attribute authorization module;
and carrying out re-encryption processing on the initial ciphertext according to the public key of the encryption system and the private key of the data management module to generate a ciphertext file, and generating a ciphertext head of the ciphertext file.
8. The method of claim 5, wherein when the attribute of the data user module is revoked, the method further comprises:
the data management module acquires the revoked attribute of the data user module with the revoked attribute, calculates and generates an updated public key and a master private key of the corresponding data management module according to the revoked attribute, the private key of the data management module and the attribute group key of the data user module, and generates an updated attribute group key of the data user module;
and updating the ciphertext file according to the obtained revoked attribute to obtain an updated ciphertext file and a ciphertext header of the updated ciphertext file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810025746.6A CN108200181B (en) | 2018-01-11 | 2018-01-11 | Cloud storage oriented revocable attribute-based encryption system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810025746.6A CN108200181B (en) | 2018-01-11 | 2018-01-11 | Cloud storage oriented revocable attribute-based encryption system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108200181A CN108200181A (en) | 2018-06-22 |
CN108200181B true CN108200181B (en) | 2021-03-19 |
Family
ID=62589031
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810025746.6A Active CN108200181B (en) | 2018-01-11 | 2018-01-11 | Cloud storage oriented revocable attribute-based encryption system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108200181B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108880798B (en) * | 2018-06-28 | 2020-11-03 | 西南交通大学 | Attribute basis weight encryption method for realizing fine-grained attribute revocation |
CN108989305A (en) * | 2018-07-10 | 2018-12-11 | 国家电网公司华东分部 | A kind of data-sharing systems, method and device |
CN108989028A (en) * | 2018-07-16 | 2018-12-11 | 哈尔滨工业大学(深圳) | Group cipher distribution management method, apparatus, electronic equipment and storage medium |
CN109040045B (en) * | 2018-07-25 | 2021-04-06 | 广东工业大学 | Cloud storage access control method based on ciphertext policy attribute-based encryption |
CN110098926B (en) * | 2019-05-06 | 2021-08-13 | 西安交通大学 | Attribute revocation method |
CN112565223B (en) * | 2020-11-27 | 2022-11-04 | 东莞职业技术学院 | Internet of things-oriented attribute encryption access control method and system and storage medium |
CN113037485B (en) * | 2021-05-24 | 2021-08-03 | 中国人民解放军国防科技大学 | Group session key establishment method and system |
CN113438235B (en) * | 2021-06-24 | 2022-10-18 | 国网河南省电力公司 | Data layered credible encryption method |
CN113438238A (en) * | 2021-06-25 | 2021-09-24 | 北京八分量信息科技有限公司 | User information anti-theft automatic alarm system based on decentralization |
CN113642427A (en) * | 2021-07-29 | 2021-11-12 | 中国人民解放军战略支援部队信息工程大学 | Image protection method for artificial intelligence counterfeiting |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102781001A (en) * | 2011-05-10 | 2012-11-14 | 中兴通讯股份有限公司 | Method for encrypting built-in file of mobile terminal and mobile terminal |
CN103152322A (en) * | 2013-01-28 | 2013-06-12 | 中兴通讯股份有限公司 | Method of data encryption protection and system thereof |
US8837738B2 (en) * | 2011-04-08 | 2014-09-16 | Arizona Board Of Regents On Behalf Of Arizona State University | Methods, systems, and apparatuses for optimal group key management for secure multicast communication |
CN104113408A (en) * | 2014-07-11 | 2014-10-22 | 西安电子科技大学 | Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption |
CN105049430A (en) * | 2015-06-30 | 2015-11-11 | 河海大学 | Ciphertext-policy attribute-based encryption method having efficient user revocation capability |
CN106059768A (en) * | 2016-05-30 | 2016-10-26 | 西安电子科技大学 | Encryption system and method for resisting re-encryption key leakage and capable of cancelling attributes |
CN106330865A (en) * | 2016-08-12 | 2017-01-11 | 安徽大学 | Attribute-Based Keyword Search Method Supporting Efficient Revocation in Cloud Environment |
CN107359986A (en) * | 2017-07-03 | 2017-11-17 | 暨南大学 | The outsourcing encryption and decryption CP ABE methods of user revocation |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160241399A1 (en) * | 2013-03-15 | 2016-08-18 | Arizona Board Of Regents On Behalf Of Arizona State University | Efficient Privacy-Preserving Ciphertext-Policy Attribute Based Encryption and Broadcast Encryption |
-
2018
- 2018-01-11 CN CN201810025746.6A patent/CN108200181B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8837738B2 (en) * | 2011-04-08 | 2014-09-16 | Arizona Board Of Regents On Behalf Of Arizona State University | Methods, systems, and apparatuses for optimal group key management for secure multicast communication |
CN102781001A (en) * | 2011-05-10 | 2012-11-14 | 中兴通讯股份有限公司 | Method for encrypting built-in file of mobile terminal and mobile terminal |
CN103152322A (en) * | 2013-01-28 | 2013-06-12 | 中兴通讯股份有限公司 | Method of data encryption protection and system thereof |
CN104113408A (en) * | 2014-07-11 | 2014-10-22 | 西安电子科技大学 | Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption |
CN105049430A (en) * | 2015-06-30 | 2015-11-11 | 河海大学 | Ciphertext-policy attribute-based encryption method having efficient user revocation capability |
CN106059768A (en) * | 2016-05-30 | 2016-10-26 | 西安电子科技大学 | Encryption system and method for resisting re-encryption key leakage and capable of cancelling attributes |
CN106330865A (en) * | 2016-08-12 | 2017-01-11 | 安徽大学 | Attribute-Based Keyword Search Method Supporting Efficient Revocation in Cloud Environment |
CN107359986A (en) * | 2017-07-03 | 2017-11-17 | 暨南大学 | The outsourcing encryption and decryption CP ABE methods of user revocation |
Also Published As
Publication number | Publication date |
---|---|
CN108200181A (en) | 2018-06-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108200181B (en) | Cloud storage oriented revocable attribute-based encryption system and method | |
Li et al. | User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage | |
Li et al. | A lightweight secure data sharing scheme for mobile cloud computing | |
Li et al. | TMACS: A robust and verifiable threshold multi-authority access control system in public cloud storage | |
He et al. | Secure, efficient and fine-grained data access control mechanism for P2P storage cloud | |
CN108632030B (en) | CP-ABE-based fine-grained access control method | |
CN114039790B (en) | Fine-grained cloud storage security access control method based on blockchain | |
Xu et al. | Multi-authority proxy re-encryption based on CPABE for cloud storage systems | |
Ming et al. | Efficient revocable multi-authority attribute-based encryption for cloud storage | |
CN110933033A (en) | Cross-domain access control method for multiple Internet of things domains in smart city environment | |
Hoang et al. | Forward-secure data outsourcing based on revocable attribute-based encryption | |
Hu et al. | CP_ABSC: An attribute-based signcryption scheme to secure multicast communications in smart grids | |
Pervez et al. | SAPDS: self-healing attribute-based privacy aware data sharing in cloud | |
CN110611571A (en) | Revocable access control method of smart grid system based on fog | |
Lv et al. | A secure and efficient revocation scheme for fine-grained access control in cloud storage | |
AboDoma et al. | Adaptive time-bound access control for internet of things in fog computing architecture | |
Ding et al. | Policy based on homomorphic encryption and retrieval scheme in cloud computing | |
CN114143072A (en) | CP-ABE-based attribute revocation optimization method and system | |
US20120201376A1 (en) | Communication device and key calculating device | |
Hong et al. | A key-insulated CP-ABE with key exposure accountability for secure data sharing in the cloud | |
Wang et al. | Research on Ciphertext‐Policy Attribute‐Based Encryption with Attribute Level User Revocation in Cloud Storage | |
Chen et al. | Achieve revocable access control for fog-based smart grid system | |
Yao et al. | A Collusion‐Resistant Identity‐Based Proxy Reencryption Scheme with Ciphertext Evolution for Secure Cloud Sharing | |
Imine et al. | Immediate attribute revocation in decentralized attribute-based encryption access control | |
Zhou et al. | Secure fine-grained access control of mobile user data through untrusted cloud |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |