CN108881314B - Privacy protection method and system based on CP-ABE ciphertext under fog computing environment - Google Patents

Privacy protection method and system based on CP-ABE ciphertext under fog computing environment Download PDF

Info

Publication number
CN108881314B
CN108881314B CN201810987100.6A CN201810987100A CN108881314B CN 108881314 B CN108881314 B CN 108881314B CN 201810987100 A CN201810987100 A CN 201810987100A CN 108881314 B CN108881314 B CN 108881314B
Authority
CN
China
Prior art keywords
ciphertext
user
data
access
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810987100.6A
Other languages
Chinese (zh)
Other versions
CN108881314A (en
Inventor
陈燕俐
陈梦书
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Posts and Telecommunications filed Critical Nanjing University of Posts and Telecommunications
Priority to CN201810987100.6A priority Critical patent/CN108881314B/en
Publication of CN108881314A publication Critical patent/CN108881314A/en
Application granted granted Critical
Publication of CN108881314B publication Critical patent/CN108881314B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The invention discloses a privacy protection method and a system based on a CP-ABE ciphertext under a fog computing environment. And partial computation is outsourced to the fog nodes in the encryption and decryption stages, so that the burden of a user is reduced. Considering that the access structure may reveal the privacy of the user, the method introduces a technology of partially hiding the access structure, and ensures the security of the privacy of the user. And finally, in order to verify whether the ciphertext is tampered in the processes of transmission and outsourcing decryption, the ciphertext is verified to ensure the correctness of the ciphertext.

Description

Privacy protection method and system based on CP-ABE ciphertext under fog computing environment
Technical Field
The invention relates to a CP-ABE (ciphertext-based encryption) ciphertext access control method capable of realizing privacy protection in a fog computing environment, and belongs to the technical field of fog computing.
Background
Fog Computing (Fog Computing), a model in which data, (data) processing and applications are concentrated in devices at the edge of the network, rather than being kept almost entirely in the Cloud, is an extended concept of Cloud Computing (Cloud Computing). The fog calculation mainly uses equipment in an edge network, and data transfer has extremely low time delay. It has a large geographical distribution with a large number of network nodes. And the fog computing has good mobility, the mobile phone and other mobile devices can be directly communicated with each other, signals do not need to go around a circle to a cloud or even a base station, and high mobility is supported. Due to the characteristics of large scale and low cost of cloud computing, more and more users store data in a cloud storage server, and the data are stored and shared. However, the computation of large amounts of data is performed in the cloud, which greatly reduces its efficiency. The occurrence of fog counting effectively alleviates this problem.
The cloud storage brings convenience to data storage and brings a potential safety hazard that how to guarantee legal access to data to a user is a storage medium of the cloud located outside the control of the user? This problem can be solved by encrypting data and controlling the decryption capability of the user to achieve ciphertext access control. Ciphertext access control may be understood as an access control method in which a user encrypts data and then controls the access rights of the data user by distributing a decryption key. A ciphertext access control mechanism is adopted, a user independently encrypts data, and the user can protect the security of data content; meanwhile, the data decryption key is distributed to authorized visitors by the user, and an autonomous and controllable access control mechanism can be realized. The research on ciphertext access control can be traced back to a hierarchical access control system which is provided by Akl and Taylor and realized based on a public key cryptographic algorithm. With the continuous development of cryptography, the ciphertext access control technology is also continuously perfected, and ciphertext access control mechanisms realized based on algorithms such as asymmetric encryption, one-way Hash, identity encryption and attribute encryption appear in sequence. The basic ideas of the access control technologies are the same, but the operations such as data encryption, key management, key distribution and the like are optimized through different cryptographic technologies, and the performance of a ciphertext access control mechanism is improved.
Access control in a fog computing environment is a security guarantee for user data sharing, similar to the case in a cloud computing environment, but its network structure and system model are different from those in a cloud computing environment. Therefore, there is a need to consider a new access control scheme for clouds, fog and users, where the fog node should assist the user in reducing the amount of computation and provide more flexibility. Outsourcing is one of the best choices for implementing a fog node to assist users, and can be used to perform large-scale computations to reduce the computational overhead required by resource-constrained devices. In addition, to prevent data from being tampered with by malicious molecules in cloud computing and fog computing, it is very necessary to increase verifiability. In 2014, Asim et al constructed a CP-ABE scheme with encryption and decryption outsourcing capabilities. In their scheme, the data owner first generates a ciphertext and then applies a semi-trusted agent to re-encrypt the encrypted information associated with the access structure. In the decryption process, the user sends a conversion key to another semi-trusted agent to decrypt most of ciphertext, and finally, the user performs the final small part of calculation to decrypt and obtain information, so that most of calculation expense is reduced for the user. In 2016, Mao et al introduced a generic structure for attribute-based encryption that was verifiable outsourced decryption, which also left a simple computation for the user to decrypt the ciphertext. The ABE refers to encryption based on attributes, the encryption scheme based on the attributes is divided into two types, namely Key-Policy ABE (KP-ABE) based on attribute encryption of a Key strategy and CP-ABE (Ciphertext-Policy ABE) based on attribute encryption of a Ciphertext strategy. In KP-ABE, the key is related to the access strategy, the cipher text is related to the attribute set, the encryptor can only select descriptive attributes for the data, and can not decide who can decrypt the cipher text, but only trust the key issuer. The attributes in CP-ABE are used to describe the user's private key, and the encryptor can use the access policy to decide which encrypted data can be accessed, but the encryptor does not know who can access the ciphertext. Therefore, the deployment mode of the CP-ABE is closer to that of the traditional access control model, the CP-ABE can be well suitable for protecting sensitive data in a fog computing environment, and meanwhile, the access strategy can be controlled more flexibly.
Although the ciphertext in the conventional CP-ABE scheme does not directly tell the recipient identity, the plaintext access structure is appended to the ciphertext, and anyone who can see the ciphertext can infer from the access structure some encrypted data or private information about the person who can access the encrypted data. In some applications, the access structure contains sensitive information. Thus, the access structure itself is confidential information in addition to the data content. It follows that in some specific cases it is important to cryptographically hide the access structure. In 2008, Nishide and Kazuki et al first proposed an attribute-based encryption scheme with hidden access structures. With this scheme, the encryptor can encrypt data using a hidden access structure. If the attribute associated with the decryptor's key does not satisfy the access structure associated with the encrypted data, the decryptor cannot decrypt the data or even infer the access structure specified by the encryptor.
Disclosure of Invention
The purpose of the invention is as follows: in order to overcome the defects in the prior art, the computing overhead of encryption and decryption of a user is reduced by utilizing fog computing, and the access structure is hidden to prevent the privacy of the user from being revealed and verify whether the data is tampered in the transmission process. The method and the system for realizing privacy protection based on CP-ABE ciphertext access control in the fog computing environment use the access structure of the LSSS to encrypt the ciphertext, realize the description of fine granularity of the attribute of a searcher by a data owner, flexibly control the access authority and improve the system efficiency.
The technical scheme is as follows: in order to achieve the purpose, the invention adopts the technical scheme that:
a method for realizing privacy protection based on CP-ABE ciphertext access control in a fog computing environment comprises the following steps:
step 1: according to the safety parameter 1kThe system public parameter PK is public, and the system master key MSK is stored by a private key generation center.
Step 2: and generating a user decryption key DSK and a fog node decryption key TSK according to the system public parameter PK, the system master key MSK and the user attribute set A, wherein the fog node decryption key TSK is sent to the fog node for outsourcing decryption, and the user decryption key DSK is sent to the user for decrypting the final encrypted data file by the user.
And step 3: the data owner sends part of LSSS access structure (M, rho) to the fog node, and the fog node generates part of ciphertext CT according to the system public parameter PK and the part of LSSS access structure (M, rho)1While the haze node is to convert part of the ciphertext CT1And returning to the data owner. The data owner according to the system public parameter PK, the data file M, the symmetric key ck, the access structure (M, rho, { A)ρ(i)}) and partial ciphertext CT1Generating ciphertext CT and verification data E, A about data and LSSS access structure attribute valuesρ(i)And attribute values of attribute names corresponding to rho (i). And uploading the ciphertext CT to a cloud storage through the fog node by the data owner for storage.
And 4, step 4: and the fog node generates an LSSS access structure verification set according to the ciphertext CT and the fog node decryption key TSK, and if and only if the attribute of the user accords with the LSSS access structure, the user can correctly decrypt the LSSS access structure, and meanwhile, the generated part of ciphertext CT' is returned to the user, otherwise, the decryption fails. The user obtains a symmetric key ck and a random value gamma according to the partial ciphertext CT' and the user decryption key DSK, verifies whether the verification data E is established according to the random value gamma, and uses the symmetric key ck to perform secondary verification when the verification data E is establishedEckAnd (m) decrypting the data file m. Otherwise, the ciphertext data is falsified, and the decryption fails.
Preferably: system common parameters in the step 1
System master key MSK ═ d1,d2,d3,d4,gα,gβ}。
Wherein 1 iskRepresenting a security parameter, U representing a global set of attributes, the size of U being | U |. Bilinear map e: GXG → GTThe group G is a prime number p-order cyclic group, G belongs to G and is a generating element of the group G, and u, h, v, w belongs to G, u, h, v, w represent random group elements. Random value d is randomly selected by the system1,d2,d3,d4,α,β∈ZP,ZPRepresenting a prime field of order p. And (3) calculating: hash function H1:GT→{0,1}t,H2:{0,1}t→Zp
Preferably: in step 2, the user decryption key DSK ═ K1},
Fog node conversion key TSK ═ K1',K2,{Kt,1,Kt,2,Kt,3,Kt,4,Kt,5}t∈[1,k]}
Wherein, the size of the attribute set A is k, and the attribute value is { A1,L,Ak}. Randomly selecting values r, r' r by the system1,L,rk,r1',L,rk'∈ZP. And (3) calculating:
preferably: part of cipher text in the step 3
Wherein: m is a matrix of l × n, l represents the number of rows of the matrix, n represents the number of columns of the matrix, MiThe representation is the ith row of the matrix M, the function ρ being effected by MiMapping to corresponding attribute name rho (i), and randomly selecting values mu and y by the system2,L,yn∈ZPForm a vectorFor i: i is more than or equal to 1 and less than or equal to l, and calculatingRandom selection of s by the system1,1,L,sl,1,s1,2,L,sl,2,z1,L,zl∈ZpCalculatingD=gμ
Preferably: in the step 3, the data owner accesses the structure (M, rho, { A) according to the system public parameter PK, the data file M, the symmetric key ck and the access structureρ(i)}) and partial ciphertext CT1The method for generating the ciphertext CT and the verification data E of the data and the LSSS access structure attribute value comprises the following steps:
the specific treatment steps are as follows:
step 321: selecting a unique serial number FID for the file, randomly generating a symmetric key ck, encrypting the data file m by using the symmetric key ck to obtain a data ciphertext EckAnd (m) is Enc (m, ck), Enc represents a symmetric encryption algorithm, and then the system randomly selects a random value gamma epsilon ZpCalculatingAs verification data for verifying whether the ciphertext is tampered when the user decrypts the ciphertext.
Step 322: encrypting the symmetric key ck, and randomly selecting a random value s belonging to Z by the systemPCalculatingThe following ciphertext data is then computed: d ═ gμs
Step 323: randomly selecting random data m' belonged to Z by the systemPThe random value gamma' belongs to ZPEncrypting and calculating the random data mThese two data will be used to verify that for the same attribute name, the corresponding user attribute value is the same as the access structure attribute value.
Step 324: the above data are combined into a complete ciphertext:
then:
ciphertext CT { (M, ρ), C', Eck(m),E,E',D,{Ci,Di,1,Di,2,Ei,1,Ei,2,Fi}i∈[1,l]}。
Preferably: in the step 4, the fog node generates an LSSS access structure verification set according to the ciphertext CT and the fog node decryption key TSK, if and only if the attribute of the user accords with the LSSS access structure, the user can correctly decrypt the LSSS access structure, and meanwhile, the generated partial ciphertext CT' is returned to the user, otherwise, the decryption fails:
generating an LSSS access structure verification set I according to the ciphertext CT and the mist node decryption key TSKA,ρ={I1,L,Iq}: set of minimal subsets of attribute names for which the user satisfies (M, ρ), I1,L,IqRespectively, represent a minimum subset of attribute names that the user satisfies (M, ρ). If the user attribute name satisfies the access structure, then find the constant set { omega } within the polynomial timei∈ZP}i∈IIn which Ij∈IA,ρJ is not less than 1 and not more than q, so that
Verification thereafter for set IjAnd (4) whether the corresponding user attribute value is the same as the access structure attribute value. When I isj∈IA,ρWhen j is more than or equal to 1 and less than or equal to q, calculating
Verification gm'hγ'Whether or not E' is true. If not, it is stated that for set IjIf the corresponding user attribute value is different from the access structure attribute value, the attribute name in (1) is reselectedj∈IA,ρAnd recalculating the above equation, wherein j increases from 1 to q in steps when IqIf the condition is still not satisfied, the equation is satisfied, and the user is directly informed that the decryption is failed. If it is trueFor set I, thenjThe corresponding user attribute value is the same as the access structure attribute value, so that a partial ciphertext is formed:
returning the partial ciphertext CT' to the user.
Preferably: in the step 4, the user obtains a symmetric key ck and a random value gamma according to the partial ciphertext CT' and the user decryption key DSK, verifies whether the verification data E is established or not according to the random value gamma, and if the verification data E is established, uses the symmetric key ck to decrypt the E from the EckAnd (m) decrypting the data file m. Otherwise, the decryption fails according to the following method that the ciphertext data is tampered:
according to the partial cipher text CT' and the user decryption key DSK. And (3) calculating:
a symmetric key ck and a random value gamma are obtained.
AuthenticationIf it is true, using symmetric key ck to convert EckAnd (m) decrypting the data file m. Otherwise, the ciphertext data is falsified, and the decryption fails.
A system for realizing privacy protection based on CP-ABE ciphertext access control in a fog computing environment comprises an initialization module, a private key generation module, an encrypted data module and a decrypted ciphertext module, wherein the encrypted data module comprises a fog node encryption module and a data owner encryption module, and the decrypted ciphertext module comprises a fog node decryption module and a user decryption module, wherein:
an initialization module: and generating a system public parameter PK and a system master key MSK by a private key generation center.
A private key generation module: and generating a user decryption key DSK and a fog node decryption key TSK according to the system public parameter PK, the system master key MSK and the user attribute set A.
Fog node encryption module: generating partial cipher text CT according to system public parameter PK and partial LSSS access structure (M, rho) sent by data owner1While the haze node is to convert part of the ciphertext CT1And returning to the data owner.
Data owner encryption module: according to the system public parameter PK, the data file M, the symmetric key ck and the access structure (M, rho, { A)ρ(i)}) and partial ciphertext CT1Ciphertext CT and verification data about the data and LSSS access structure attribute values are generated.
Fog node decryption module: and the fog node generates an LSSS access structure verification set according to the ciphertext CT and the fog node decryption key TSK, and if and only if the attribute of the user accords with the LSSS access structure, the user can correctly decrypt the LSSS access structure, and meanwhile, the generated part of ciphertext CT' is returned to the user, otherwise, the decryption fails.
A user decryption module: obtaining a symmetric key ck and a random value gamma according to the partial ciphertext CT' and the user decryption key DSK, verifying whether the verification data E is established according to the random value gamma, and if the verification data E is established, using the symmetric key ck to decrypt the E from the EckAnd (m) decrypting the data file m. Otherwise, the ciphertext data is falsified, and the decryption fails.
Compared with the prior art, the invention has the following beneficial effects:
1. the ciphertext access control method adopting outsourcing calculation is suitable for the fog calculation environment. Considering that the computing power of user equipment, such as mobile equipment like a mobile phone and the like, is limited in the fog environment, and the fog computing environment provides a large number of fog nodes with certain computing power, the method outsourcing a large number of encryption and decryption computations to the fog nodes, and the burden of the user is reduced. Meanwhile, the low-delay characteristic of the fog calculation greatly reduces the data transmission time between the user and the fog node.
2. The invention introduces a partial hidden access structure technology, encrypts the ciphertext by adopting the LSSS access structure, realizes fine-grained description of the user attribute by the LSSS access strategy, facilitates the control of the data owner on the file access right, and accords with the practical application. The attribute in the access structure is divided into an attribute name and an attribute value, and the attribute value is embedded into the ciphertext, so that the privacy protection is effectively improved.
3. The invention effectively integrates the attribute encryption based on the ciphertext strategy based on the fog calculation with the partially hidden LSSS access structure technology, fully utilizes the advantages of the attribute encryption and the partially hidden LSSS access structure technology, ensures the protection of encrypted data and user privacy, realizes the verification of the correctness of the ciphertext on the premise of effectively improving the calculation efficiency of user encryption and decryption in practical application, prevents the ciphertext from being modified in the processes of ciphertext transmission and outsourcing decryption, and improves the safety of the system.
Drawings
Fig. 1 is a flow chart of a specific implementation of the encryption algorithm of the present invention.
FIG. 2 is a diagram of a system model in a fog computing environment in accordance with the present invention.
Detailed Description
The present invention is further illustrated by the following description in conjunction with the accompanying drawings and the specific embodiments, it is to be understood that these examples are given solely for the purpose of illustration and are not intended as a definition of the limits of the invention, since various equivalent modifications will occur to those skilled in the art upon reading the present invention and fall within the limits of the appended claims.
A system for implementing privacy protection based on CP-ABE ciphertext access control in a fog computing environment, as shown in fig. 1-2, includes an initialization module, a private key generation module, an encrypted data module, and a decrypted ciphertext module, where the encrypted data module includes a fog node encryption module and a data owner encryption module, and the decrypted ciphertext module includes a fog node decryption module and a user decryption module, where:
an initialization module: and generating a system public parameter PK and a system master key MSK through a private key generation center (PKG), wherein the system public parameter PK is public, and the system master key MSK is stored by the private key generation center.
A private key generation module: and generating a user decryption key DSK and a fog node decryption key TSK according to the system public parameter PK, the system master key MSK and the user attribute set A, wherein the fog node decryption key TSK is used for decrypting part of the ciphertext by the fog node, and the user decryption key DSK is used for decrypting the final encrypted data file by the user.
Fog node encryption module: generating partial cipher text CT according to system public parameter PK and partial LSSS access structure (M, rho) sent by data owner1While the haze node is to convert part of the ciphertext CT1And returning to the data owner.
Data owner encryption module: according to the system public parameter PK, the data file M, the symmetric key ck and the access structure (M, rho, { A)ρ(i)}) and partial ciphertext CT1Ciphertext CT and verification data about the data and LSSS access structure attribute values are generated.
Fog node decryption module: and the fog node generates an LSSS access structure verification set according to the ciphertext CT and the fog node decryption key TSK, and if and only if the attribute of the user accords with the LSSS access structure, the user can correctly decrypt the LSSS access structure, and meanwhile, the generated part of ciphertext CT' is returned to the user, otherwise, the decryption fails.
A user decryption module: obtaining a symmetric key ck and a random value gamma according to the partial ciphertext CT' and the user decryption key DSK, verifying whether the verification data E is established according to the random value gamma, and if the verification data E is established, using the symmetric key ck to decrypt the E from the EckAnd (m) decrypting the data file m. Otherwise, the ciphertext data is falsified, and the decryption fails.
The mist node decryption module decrypts the ciphertext of the part related to the LSSS access structure, and the user decryption module decrypts the last small part of the ciphertext to obtain data. And finally, verifying whether the ciphertext is tampered.
The invention outsourcing most of encryption and decryption calculation to the fog node. The method is suitable for the fog computing environment because the fog computing provides a large number of fog nodes with certain computing power, and the low-delay characteristic of the fog computing greatly reduces the data transmission time between the user and the fog nodes.
The Encryption module uses an Attribute-Based Encryption (ABE) -Based ciphertext access control method, and a specific access control structure is designed by using the user-related Attribute as the basis of resource authorization, so that the method is suitable for a large-scale distributed network interaction environment; the CP-ABE is a cipher text strategy-based attribute encryption algorithm (CP-ABE), a private key in the algorithm is related to an attribute set, a cipher text is related to an access structure, and authority control of a data owner to an accessor is easier to realize; the LSSS access structure is partially hidden, fine-grained description of attributes of an accessor can be realized by the LSSS access structure, access authority is flexibly controlled, the attributes in the access structure are divided into two parts, namely attribute names and attribute values, the attribute values are embedded into a ciphertext, the attribute values in the access structure are hidden, and protection of a system on user privacy is enhanced.
And the ciphertext verification function is to add verification data obtained by XOR of the ciphertext and a hash value into the ciphertext, and then compare the value obtained by XOR of the plaintext and the hash value with the verification data when a user decrypts the plaintext to obtain the plaintext so as to verify whether the ciphertext is tampered in the transmission and outsourcing decryption processes. By using the hash function and the XOR operation, the effect of verifying the ciphertext can be achieved, and only a small influence is generated on the system efficiency.
A method for implementing privacy protection based on CP-ABE ciphertext access control in a fog computing environment, as shown in fig. 1-2, includes the following steps:
step 1: according to the safety parameter 1kThe system public parameter PK is public, and the system master key MSK is stored by a private key generation center.
Input of safety parameters 1kAnd a global attribute set U, the size of U being | U |. Bilinear map e: GXG → GTThe group G is a prime number p-order cyclic group, G belongs to G and is a generating element of the group G, and u, h, v, w belongs to G, u, h, v, w represent random group elements. Random value d is randomly selected by the system1,d2,d3,d4,α,β∈ZP,ZPRepresenting a prime field of order p. Computing: Hash function H1:GT→{0,1}t,H2:{0,1}t→Zp. Then:
system common parameter PK ═ { U, H, GT,g,u,h,w,v,g1,g2,g3,g4,e(g,g)α,e(g,g)β},
System master key MSK ═ d1,d2,d3,d4,gα,gβ}。
Wherein the system public parameter PK is public and the system master key MSK is held by the private key generation center.
Step 2, generating a private key: and generating a user decryption key DSK and a fog node decryption key TSK according to the system public parameter PK, the system master key MSK and the user attribute set A, wherein the fog node decryption key TSK is sent to the fog node for outsourcing decryption, and the user decryption key DSK is sent to the user for decrypting the final encrypted data file by the user.
Inputting system public parameters PK, a system master key MSK and a user attribute set A. Wherein the size of the attribute set A is k, and the attribute value is { A1,L,Ak}. Randomly selecting values r, r' r by the system1,L,rk,r1',L,rk'∈ZP. Then, calculating: t ∈ (1, k). Then:
user decryption key DSK ═ K1},
Fog node conversion secretKey TSK ═ K1',K2,{Kt,1,Kt,2,Kt,3,Kt,4,Kt,5}t∈[1,k]}。
The user decryption key DSK is sent to the user and the fog node decryption key TSK is sent to the fog node for outsourcing decryption.
And step 3: encrypting data
The data owner sends part of LSSS access structure (M, rho) to the fog node, and the fog node generates part of ciphertext CT according to the system public parameter PK and the part of LSSS access structure (M, rho)1While the haze node is to convert part of the ciphertext CT1And returning to the data owner. The data owner according to the system public parameter PK, the data file M, the symmetric key ck, the access structure (M, rho, { A)ρ(i)}) and partial ciphertext CT1Generating ciphertext CT and verification data E, A about data and LSSS access structure attribute valuesρ(i)And attribute values of attribute names corresponding to rho (i). And uploading the ciphertext CT to a cloud storage through the fog node by the data owner for storage.
The data owner sends part of the LSSS access structure (M, ρ) to the fog node. Where M is a l × n matrix, l represents the number of rows of the matrix, n represents the number of columns of the matrix, MiThe representation is the ith row of the matrix M, the function ρ being effected by MiTo the corresponding attribute name ρ (i).
Step 3-1: fog computing encryption
The input system common parameters PK and partial LSSS access structure (M, ρ). Randomly selecting the value mu, y by the system2,L,yn∈ZPForm a vectorFor i: i is more than or equal to 1 and less than or equal to l, and calculating
Random selection of s by the system1,1,L,sl,1,s1,2,L,sl,2,z1,L,zl∈ZpCalculating Then:
partial cipher text
CT partial ciphertext by fog node1And returning to the data owner through the secure channel.
Step 3-2: data owner encryption
Inputting system public parameters PK, data file M, symmetric encryption key ck, access structure (M, rho, { A)ρ(i)}) and partial ciphertext CT1. Wherein A isρ(i)And attribute values of attribute names corresponding to rho (i).
In an actual scenario, several files with the same access authority are often divided into a file group. For the sake of brevity, only processing of a single file is described herein. The file is encrypted by adopting a hybrid encryption mode, namely, a symmetric encryption algorithm (such as AES, DES and the like) is adopted to encrypt the data file to obtain a data ciphertext, and a CP-ABE encryption algorithm is adopted to encrypt the symmetric key (session key) to obtain a key ciphertext. The user accesses the data file by sequentially decrypting the key ciphertext and the data ciphertext.
The specific treatment steps are as follows:
(1) selecting a unique serial number FID for the file, randomly generating a symmetric key ck, encrypting a data file m by using the ck to obtain a data ciphertext Eck(m) Enc (m, ck) (where Enc is a symmetric encryption algorithm). Then, the system randomly selects a random value gamma epsilon ZpCalculatingAs verification data for verifying whether the ciphertext is tampered when the user decrypts the ciphertext.
(2) The symmetric key ck is encrypted and is followed by the systemSelecting random value s ∈ ZPCalculatingThe following ciphertext data is then computed: d ═ gμs
(3) Randomly selecting a random data m' belonged to Z by the systemPA random value gamma' epsilon ZPEncrypting and calculating the random data mE'=gm'hγ'The two data will be used to verify whether the corresponding user attribute value is the same as the access structure attribute value for the same attribute name.
(4) The above data are combined into a complete ciphertext: then:
ciphertext CT { (M, ρ), C', Eck(m),E,E',D,{Ci,Di,1,Di,2,Ei,1,Ei,2,Fi}i∈[1,l]}。
And uploading the ciphertext CT to a cloud storage through the fog node by the data owner for storage.
And 4, step 4: decrypting ciphertext
And the fog node generates an LSSS access structure verification set according to the ciphertext CT and the fog node decryption key TSK, and if and only if the attribute of the user accords with the LSSS access structure, the user can correctly decrypt the LSSS access structure, and meanwhile, the generated part of ciphertext CT' is returned to the user, otherwise, the decryption fails. The user obtains a symmetric key ck and a random value gamma according to the partial ciphertext CT' and the user decryption key DSK, and the symmetric key ck and the random value gamma are obtained according to the random valueGamma verifying the verification data E, if true, using the symmetric key ck to verify EckAnd (m) decrypting the data file m. Otherwise, the ciphertext data is falsified, and the decryption fails.
Step 4-1: and (3) mist node decryption:
inputting the ciphertext CT and the fog node decryption key TSK to generate an LSSS access structure verification set IA,ρ={I1,L,Iq}: set of minimal subsets of attribute names for which the user satisfies (M, ρ), I1,L,IqRespectively, represent a minimum subset of attribute names that the user satisfies (M, ρ). If the user attribute name satisfies the access structure, then the constant set { ω is found within the polynomial timei∈ZP}i∈IIn which Ij∈IA,ρJ is not less than 1 and not more than q, so that
Verification thereafter for set IjAnd (4) whether the corresponding user attribute value is the same as the access structure attribute value. When in useWhen j is more than or equal to 1 and less than or equal to q, calculating
Verification gm'hγ'Whether or not E' is true. If not, it is stated that for set IjIf the corresponding user attribute value is different from the access structure attribute value, the attribute name in (1) is reselectedj∈IA,ρThen, the above equation is recalculated, wherein,j increases from 1 to q successively when IqIf the condition is still not satisfied, the equation is satisfied, and the user is directly informed that the decryption is failed. If true, the description is for set IjThe corresponding user attribute value is the same as the access structure attribute value, so that a partial ciphertext is formed:
returning the partial ciphertext CT' to the user.
Step 4-2: user decryption:
the partial cipher text CT' and the user decryption key DSK are input. And (3) calculating:
a symmetric key ck and a random value gamma are obtained.
AuthenticationIf it is true, using symmetric key ck to convert EckAnd (m) decrypting the data file m. Otherwise, the ciphertext data is falsified, and the decryption fails.
The invention adopts the access structure based on the LSSS linear secret shared matrix, not only supports the attribute of the fine-grained description access user, but also has higher computational efficiency. And partial computation is outsourced to the fog nodes in the encryption and decryption stages, so that the burden of a user is reduced. Considering that the access structure may reveal the privacy of the user, the method introduces a technology of partially hiding the access structure, and ensures the security of the privacy of the user. And finally, in order to verify whether the ciphertext is tampered in the processes of transmission and outsourcing decryption, the ciphertext is verified to ensure the correctness of the ciphertext.
The above description is only of the preferred embodiments of the present invention, and it should be noted that: it will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the principles of the invention and these are intended to be within the scope of the invention.

Claims (8)

1. A method for realizing privacy protection based on CP-ABE ciphertext access control in a fog computing environment is characterized by comprising the following steps:
step 1: according to the safety parameter 1kThe system comprises a global attribute set U, a bilinear mapping generation system public parameter PK and a system master key MSK, wherein the system public parameter PK is public, and the system master key MSK is stored by a private key generation center;
step 2: generating a user decryption key DSK and a fog node decryption key TSK according to the system public parameter PK, the system master key MSK and the user attribute set A, wherein the fog node decryption key TSK is sent to the fog node for outsourcing decryption, and the user decryption key DSK is sent to a user for decrypting the final encrypted data file by the user;
and step 3: the data owner sends part of LSSS access structure (M, rho) to the fog node, and the fog node generates part of ciphertext CT according to the system public parameter PK and the part of LSSS access structure (M, rho)1While the haze node is to convert part of the ciphertext CT1Returning to the data owner; the data owner according to the system public parameter PK, the data file M, the symmetric key ck, the access structure (M, rho, { A)ρ(i)}) and partial ciphertext CT1Generating ciphertext CT and verification data E, A about data and LSSS access structure attribute valuesρ(i)An attribute value of an attribute name corresponding to rho (i); the data owner uploads the ciphertext CT to a cloud storage through a fog node for storage;
and 4, step 4: the fog node generates an LSSS access structure verification set according to the ciphertext CT and a fog node decryption key TSK, correct decryption can be performed only when the attribute of the user accords with the LSSS access structure, and meanwhile, a part of ciphertext CT is generated' return to user, otherwise decryption fails; the user obtains a symmetric key ck and a random value gamma according to the partial ciphertext CT' and the user decryption key DSK, verifies whether the verification data E is established according to the random value gamma, and uses the symmetric key ck to decrypt the E if the verification data E is establishedck(m) decrypting the data file m; otherwise, the ciphertext data is falsified, and the decryption fails.
2. The method for implementing privacy protection based on CP-ABE ciphertext access control in a fog computing environment, as claimed in claim 1, wherein: system common parameters in the step 1
System master key MSK ═ d1,d2,d3,d4,gα,gβ};
Wherein 1 iskRepresenting a safety parameter, wherein U represents a global attribute set, and the size of U is | U |; bilinear map e: GXG → GTThe group G is a prime number p-order cyclic group, G belongs to G as a generating element of the group G, and u, h, v, w belongs to G, u, h, v, w are random group elements; random value d is randomly selected by the system1,d2,d3,d4,α,β∈ZP,ZpA prime field of order p; and (3) calculating: hash function H1:GT→{0,1}t,H2:{0,1}t→Zp
3. The method for implementing privacy protection based on CP-ABE ciphertext access control in a fog computing environment, as claimed in claim 2, wherein: in step 2, the user decryption key DSK ═ K1},
Fog node conversion key TSK ═ K1',K2,{Kt,1,Kt,2,Kt,3,Kt,4,Kt,5}t∈[1,k]}
Wherein, the size of the attribute set A is k, and the attribute value is { A1,L,Ak}; randomly selecting values r, r' r by the system1,L,rk,r1',L,rk'∈ZP(ii) a And (3) calculating:
4. the method for realizing privacy protection based on CP-ABE ciphertext access control in a fog computing environment of claim 3, wherein: part of cipher text in the step 3
Wherein: m is a matrix of l × n, l represents the number of rows of the matrix, n represents the number of columns of the matrix, MiThe representation is the ith row of the matrix M, the function ρ being effected by MiMapping to corresponding attribute name rho (i), and randomly selecting values mu and y by the system2,L,yn∈ZPForm a vectorFor i: i is more than or equal to 1 and less than or equal to l, and calculatingRandom selection of s by the system1,1,L,sl,1,s1,2,L,sl,2,z1,L,zl∈ZpCalculatingD=gμ
5. The method for realizing privacy protection based on CP-ABE ciphertext access control in a fog computing environment of claim 4, wherein: in the step 3, the data owner accesses the structure (M, rho, { A) according to the system public parameter PK, the data file M, the symmetric key ck and the access structureρ(i)}) and partial ciphertext CT1The method for generating the ciphertext CT and the verification data E of the data and the LSSS access structure attribute value comprises the following steps:
the specific treatment steps are as follows:
step 321: selecting a unique serial number FID for the file, randomly generating a symmetric key ck, encrypting the data file m by using the symmetric key ck to obtain a data ciphertext EckAnd (m) is Enc (m, ck), Enc represents a symmetric encryption algorithm, and then the system randomly selects a random value gamma epsilon ZpCalculatingThe verification data is used for verifying whether the ciphertext is tampered when the user decrypts the ciphertext;
step 322: encrypting the symmetric key ck, and randomly selecting a random value s belonging to Z by the systemPCalculatingThe following ciphertext data is then computed: d ═ gμs
Step 323: randomly selecting random data m' belonged to Z by the systemPThe random value gamma' belongs to ZPEncrypting and calculating the random data mE'=gm'hγ'The two data are used for verifying whether the corresponding user attribute value and the corresponding access structure attribute value are the same for the same attribute name;
step 324: the above data are combined into a complete ciphertext: Eck(m),E'=gm'hγ',D=gμsthen: ciphertext CT { (M, ρ), C', Eck(m),E,E',D,{Ci,Di,1,Di,2,Ei,1,Ei,2,Fi}i∈[1,l]}。
6. The method for implementing privacy protection based on CP-ABE ciphertext access control in a fog computing environment of claim 5, wherein: in the step 4, the fog node generates an LSSS access structure verification set according to the ciphertext CT and the fog node decryption key TSK, if and only if the attribute of the user accords with the LSSS access structure, the user can correctly decrypt the LSSS access structure, and meanwhile, the generated partial ciphertext CT' is returned to the user, otherwise, the decryption fails:
generating an LSSS access structure verification set I according to the ciphertext CT and the mist node decryption key TSKA,ρ={I1,L,Iq}: set of minimal subsets of attribute names for which the user satisfies (M, ρ), I1,L,IqRespectively representing minimum subsets of attribute names that the user satisfies (M, ρ); if the user attribute name satisfies the access structure, then find the constant set { omega } within the polynomial timei∈ZP}i∈IIn which Ij∈IA,ρJ is not less than 1 and not more than q, so that
Verification thereafter for set IjThe attribute name in (1), whether the corresponding user attribute value is the same as the access structure attribute value; when I isj∈IA,ρWhen j is more than or equal to 1 and less than or equal to q, calculating
Verification gm'hγ'Whether or not E' holds; if not, it is stated that for set IjIf the corresponding user attribute value is different from the access structure attribute value, the attribute name in (1) is reselectedj∈IA,ρAnd recalculating the above three equations, wherein j increases from 1 to q in sequence when IqIf the condition is still not satisfied and the equality is established, directly informing the user of the decryption failure; if true, the description is for set IjThe corresponding user attribute value is the same as the access structure attribute value, so that a partial ciphertext is formed:
returning the partial ciphertext CT' to the user.
7. The method for implementing privacy protection based on CP-ABE ciphertext access control in a fog computing environment of claim 6, wherein: in the step 4, the user obtains a symmetric key ck and a random value gamma according to the partial ciphertext CT' and the user decryption key DSK, verifies whether the verification data E is established or not according to the random value gamma, and if the verification data E is established, uses the symmetric key ck to decrypt the E from the Eck(m) decrypting the data file m; otherwise, the decryption fails according to the following method that the ciphertext data is tampered:
according to the partial ciphertext CT' and the user decryption key DSK; and (3) calculating:
obtaining a symmetric key ck and a random value gamma;
authenticationIf it is true, using symmetric key ck to convert Eck(m) decrypting the data file m; otherwise, the ciphertext data is falsified, and the decryption fails.
8. A system for implementing a privacy protection method based on CP-ABE ciphertext access control in a fog computing environment as claimed in any one of claims 1 to 7, wherein: including initialization module, private key generation module, encrypted data module, decryption ciphertext module, encrypted data module includes fog node encryption module, data owner encryption module, decryption ciphertext module includes fog node decryption module, user decryption module, wherein:
an initialization module: generating a system public parameter PK and a system master key MSK through a private key generation center;
a private key generation module: generating a user decryption key DSK and a fog node decryption key TSK according to a system public parameter PK, a system master key MSK and a user attribute set A;
fog node encryption module: generating partial cipher text CT according to system public parameter PK and partial LSSS access structure (M, rho) sent by data owner1While the haze node is to convert part of the ciphertext CT1Returning to the data owner;
data owner encryption module: according to the system public parameter PK, the data file M, the symmetric key ck and the access structure (M, rho, { A)ρ(i)}) and partial ciphertext CT1Generating ciphertext CT and verification data about the data and the LSSS access structure attribute value;
fog node decryption module: the fog node generates an LSSS access structure verification set according to the ciphertext CT and a fog node decryption key TSK, correct decryption can be performed only when the attribute of the user accords with the LSSS access structure, meanwhile, a generated part of ciphertext CT' is returned to the user, and decryption fails otherwise;
a user decryption module: obtaining a symmetric key ck and a random value gamma according to the partial ciphertext CT' and the user decryption key DSK, verifying whether the verification data E is established according to the random value gamma, and if the verification data E is established, using the symmetric key ck to decrypt the E from the Eck(m) decrypting the data file m; otherwise, the ciphertext data is falsified, and the decryption fails.
CN201810987100.6A 2018-08-28 2018-08-28 Privacy protection method and system based on CP-ABE ciphertext under fog computing environment Active CN108881314B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810987100.6A CN108881314B (en) 2018-08-28 2018-08-28 Privacy protection method and system based on CP-ABE ciphertext under fog computing environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810987100.6A CN108881314B (en) 2018-08-28 2018-08-28 Privacy protection method and system based on CP-ABE ciphertext under fog computing environment

Publications (2)

Publication Number Publication Date
CN108881314A CN108881314A (en) 2018-11-23
CN108881314B true CN108881314B (en) 2021-02-02

Family

ID=64322218

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810987100.6A Active CN108881314B (en) 2018-08-28 2018-08-28 Privacy protection method and system based on CP-ABE ciphertext under fog computing environment

Country Status (1)

Country Link
CN (1) CN108881314B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109936562B (en) * 2019-01-09 2021-07-27 南京邮电大学 Extensible access control method for fog computing
CN109740383A (en) * 2019-01-10 2019-05-10 南京信息职业技术学院 A kind of secret protection control method calculating medical system towards mist
CN110138561B (en) * 2019-03-22 2021-09-17 西安电子科技大学 Efficient ciphertext retrieval method based on CP-ABE automatic correction and cloud computing service system
CN110247767A (en) * 2019-06-28 2019-09-17 北京工业大学 Voidable attribute base outsourcing encryption method in mist calculating
CN110602086B (en) * 2019-09-10 2021-10-26 北京工业大学 Repealable and outsourced multi-authorization center attribute-based encryption method in fog computing
CN111327620B (en) * 2020-02-27 2021-04-27 福州大学 Data security traceability and access control system under cloud computing framework
CN111447192A (en) * 2020-03-23 2020-07-24 齐鲁工业大学 Lightweight attribute base signcryption method for cloud and mist assisted Internet of things
CN111698085A (en) * 2020-06-08 2020-09-22 南京工业大学 CP-ABE decryption outsourcing

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850652A (en) * 2017-02-21 2017-06-13 重庆邮电大学 One kind arbitration can search for encryption method
CN108418784A (en) * 2017-12-04 2018-08-17 重庆邮电大学 A kind of distributed cross-domain authorization and access control method based on properties secret

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9141823B2 (en) * 2013-03-15 2015-09-22 Veridicom, Sa De Cv Abstraction layer for default encryption with orthogonal encryption logic session object; and automated authentication, with a method for online litigation

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850652A (en) * 2017-02-21 2017-06-13 重庆邮电大学 One kind arbitration can search for encryption method
CN108418784A (en) * 2017-12-04 2018-08-17 重庆邮电大学 A kind of distributed cross-domain authorization and access control method based on properties secret

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于LSSS的隐藏策略属性基加密方案;陈丹伟,汤波;《计算机技术与发展》;20180228;第28卷(第2期);第119-124页 *
策略隐藏的CP_ABE访问控制方案;江泽涛,赵嘉旭,吴辉;《计算机工程与设计》;20170630;第38卷(第6期);第1429-1433页 *

Also Published As

Publication number Publication date
CN108881314A (en) 2018-11-23

Similar Documents

Publication Publication Date Title
CN108881314B (en) Privacy protection method and system based on CP-ABE ciphertext under fog computing environment
Kumar et al. Secure storage and access of data in cloud computing
CN104363215B (en) A kind of encryption method and system based on attribute
CN102624522B (en) A kind of key encryption method based on file attribute
CN108418681B (en) Attribute-based ciphertext retrieval system and method supporting proxy re-encryption
CN110099043B (en) Multi-authorization-center access control method supporting policy hiding and cloud storage system
CN109246096B (en) Multifunctional fine-grained access control method suitable for cloud storage
CN104168108B (en) It is a kind of to reveal the traceable attribute base mixed encryption method of key
CN104901942A (en) Distributed access control method for attribute-based encryption
CN104486315A (en) Revocable key external package decryption method based on content attributes
CN103731432A (en) Multi-user supported searchable encryption system and method
CN105100083B (en) A kind of secret protection and support user's revocation based on encryption attribute method and system
CN106487506B (en) Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption
Saroj et al. Threshold cryptography based data security in cloud computing
Kaaniche et al. ID based cryptography for cloud data storage
CN105656881B (en) A kind of electronic health record can verify that outsourcing storage and retrieval system and method
Kaaniche et al. Cloudasec: A novel public-key based framework to handle data sharing security in clouds
CN108768951B (en) Data encryption and retrieval method for protecting file privacy in cloud environment
Han et al. A data sharing protocol to minimize security and privacy risks of cloud storage in big data era
Wang et al. A pre-authentication approach to proxy re-encryption in big data context
CN110266687B (en) Method for designing Internet of things security agent data sharing module by adopting block chain technology
CN110602063A (en) Multi-authorization-center access control method and system and cloud storage system
CN109831430A (en) Safely controllable efficient data sharing method and system under a kind of cloud computing environment
Kumari et al. Key derivation policy for data security and data integrity in cloud computing
Wu et al. A trusted and efficient cloud computing service with personal health record

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant