CN111310214A - Attribute-based encryption method and system capable of preventing key abuse - Google Patents
Attribute-based encryption method and system capable of preventing key abuse Download PDFInfo
- Publication number
- CN111310214A CN111310214A CN202010111296.XA CN202010111296A CN111310214A CN 111310214 A CN111310214 A CN 111310214A CN 202010111296 A CN202010111296 A CN 202010111296A CN 111310214 A CN111310214 A CN 111310214A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- attribute
- data
- data user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000004364 calculation method Methods 0.000 claims description 3
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 3
- 230000008901 benefit Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to an attribute-based encryption method and system capable of preventing key abuse, wherein the method comprises the following steps: s1: the attribute authorization center generates a master key and a system public parameter; s2: the attribute authorization center calculates the user attribute key by using a key generation algorithm according to the master key, the system public parameters, the user identity, the user attribute set and the key series number; s3: the data owner calculates a ciphertext by using an encryption algorithm according to a plaintext, a system public parameter and an access structure; s4: the data user calculates a plaintext according to the system public parameter, the ciphertext, the user attribute key and the user identity; s5: if the data owner suspects that a certain data user key is abused, sending the key to an audit center; and the auditing center searches for the data user with the same key serial number as the suspicious data user in a comparison manner, if the data user is found, the found data user is judged to be a malicious user, otherwise, the attribute authorization center is judged to be malicious. The method and the system are beneficial to tracking and revoking the malicious users.
Description
Technical Field
The invention relates to the technical field of cloud computing security, in particular to an attribute-based encryption method and system capable of preventing key abuse.
Background
Cloud computing is a computer network-based computing model in which a large number of computers interconnected by a network participate, and shared software/hardware resources can be provided to the computers and other electronic devices on demand. Cloud computing, as a representative of new service models, has received a great deal of attention from the industry and academia with its advantages of low cost, rapid deployment, green environmental protection, and flexible scaling. However, when the cloud computing service runs on a third-party cloud platform provider, a trusted relationship cannot be established between the user and the cloud service and the cloud platform, which may cause leakage of data information and privacy of the user, and thus, a plurality of security problems may occur. An attribute-based encryption (ABE) system can realize one-to-many encryption and fine-grained access control, and can well solve key problems of access control, data security, privacy and the like in cloud computing. Although ABE is considered a promising technology in cloud computing to enable secure data transmission, storage, and sharing, challenges remain when deploying to applications in the real world. For example, a data user intentionally divulges its attribute key to an unauthorized user, or constructs a decryption device using its key, and provides decryption services to an unauthorized user. How to track and revoke malicious users is a great challenge. Since the attribute key of the ABE does not have relevant information for identifying the user identity, a malicious user may share his attribute key with multiple users in order to earn the benefit of a business without having to assume any legal responsibility. Therefore, designing an efficient ABE executable on internet of things resource constrained devices with accountability is a great challenge.
Disclosure of Invention
The invention aims to provide an attribute-based encryption method and system capable of preventing key abuse, which are beneficial to tracking and revoking malicious users.
In order to achieve the purpose, the invention adopts the technical scheme that: an attribute-based encryption method capable of preventing key abuse, comprising the steps of:
step S1: attribute authority entry security parameter 1λGenerating a master key MSK and a system public parameter PK;
step S2: the attribute authorization center inputs a master key MSK, a system public parameter PK, a user identity ID and a user attribute setAnd a key series number KFN, calculating a user attribute key SK using a key generation algorithm, wherein the ID and the KFN are embedded in the SK;
step S3: data owner inputs plaintext m, system public parameters PK and access structureCalculating a ciphertext CT by using an encryption algorithm;
step S4: the data user calculates the plaintext according to the system public parameter PK, the ciphertext CT, the user attribute key SK and the user identity ID, if so, the data user calculates the plaintextI.e. user attribute setSatisfying access structure embedded in ciphertext CTThen the plaintext m is output, otherwiseI.e. user attribute setUnsatisfied access structure embedded in ciphertext CTThe ciphertext cannot be decrypted to obtain the plaintext;
step S5: if the data owner suspects a certain data user key SKsuspectedMisuse, then suspect data user key SKsuspectedSending the data to an auditing center; audit center inputs suspicious data user key SKsuspectedRunning a tracking algorithm and outputting a user ID and a KFN; then, the auditing center searches for the data user which is the same as the KFN of the suspicious data user in a comparison way, if the data user is found, the auditing center judges that the found data user is a malicious user, namely a key leakage person, otherwise, the auditing center judges that the attribute authorization center is malicious, namely the key leakage person.
Further, the step S1 specifically includes the following steps:
step S11: attribute authority entry security parameter 1λI.e. a 0,1 bit string of length lambda, outputs a bilinear group (p, G)TE) in which GTAnd G is a prime number p factorial cyclic group, G is a generator of group G, e: G → GTIs a bilinear map;
step S12, randomly selecting u, h, w, v ∈ G, (α, x, y) ∈ ZpCalculating X ═ gx,Y=gyWherein Z ispRepresenting the set {0,1,2, …, p-1}, wherein u, h, w, v, α, x and y are random numbers;
step S13: attribute authority publication PK ═ p, G, GT,e),u,h,w,v,X,Y,e(g,g)α) For system public parameters, MSK ═ (α, x, y) is the master key, kept secret by the attribute authority.
Further, in step S2, the step of calculating the user attribute key SK by using the key generation algorithm specifically includes the following steps:
step S21: the data user first submits its own ID and attribute setGiving an attribute authority whereinIs an attribute value, n and niIs an integer;
step S22: data user random selection Represents the set 1,2, …, p-1; calculating the commitment value R ═ wkAnd sending R to the attribute authorization center;
step S23: the data user proves that the data user has a k value corresponding to the commitment value R to the attribute authorization center by using zero knowledge proof;
step S24: the attribute authority center checks whether the zero knowledge proof is valid, if so, the step S25 is carried out, and if not, the step S26 is carried out;
step S25: inputting system public parameter PK ═ ((p, G, G)T,e),u,h,w,v,X,Y,e(g,g)α) Random selection of d, r by attribute authority1,r2,...,rn∈ZpK is calculated using the master key MSK ═ (α, x, y)0=gα/(x+ID+yd)wrk,K1=gr,K2=gxr,K3=gyr,T1=ID,T3=d,If x + ID + ydmodp is 0, reselecting the value d; if x + ID + ydmodp is not equal to 0, the attribute authorization center generates an attribute key for the data userIn which SK embeds a user identity T1ID and key series number T2=k;
Step S26: generation of the attribute key for the data user is stopped.
Further, the step S3 specifically includes the following steps:
step S31: data owner input system public parameter PK ═ ((p, G)T,e),u,h,w,v,X,Y,e(g,g)α) Message m ∈ GTAnd an access nodeStructure of the organizationWhereinWiIs a list of attributes, SiIs an attribute; selecting a random number s, s1,s2,...,sn-1∈ZpCalculatingWhere s is the shared secret value;
step S32: the data owner selects n random numbers t1,t2,...,tn∈ZpCalculating C ═ me (g, g)αs,C1=gs,C2=gxs,C3=gys,
Step S33: to hide the access structure, the data owner generates a corresponding value for each attribute valueWhen in useTime, calculateWhen in useOnly randomly chooseFinally, the data owner outputs the ciphertext
Further, in step S4, the calculation of the plaintext m specifically includes the following steps:
step S41: data user input system public parameter PK ═ ((p, G, G)T,e),u,h,w,v,X,Y,e(g,g)α),And attribute setAssociated attribute keysFor each attribute in the attribute setData user selectionComputing
Step S42: and the data user calculates m as C/B.
Further, the step S5 specifically includes the following steps:
step S51: if the data owner suspects a certain data user key SKsuspectedMisuse, then suspect data user key SKsuspectedSending the data to an auditing center; audit center inputs suspicious data user key SKsuspectedRunning the tracking algorithm, outputting T1=ID,T2=k;
Step S52: the audit center compares and searches the key serial number T of the suspicious data user2K is the same as KFN of which data user identity ID registered in the audit center, that is, k is kIDIf the identity ID is found, the audit center judges that the data user with the identity ID is a malicious user, namely a key divulger, otherwise, k is not equal to kIDAnd the auditing center judges that the attribute authorization center is malicious, namely a key leakage person.
The invention also provides an attribute-based encryption system capable of preventing key abuse, which comprises:
the attribute authorization center is used for generating a master key MSK and a system public parameter PK; and is also used for processing the data according to the master key MSK, the system public parameter PK, the user identity ID and the user attribute setAnd a key series number KFN, calculating a user attribute key SK by using a key generation algorithm;
data owner for accessing the structure according to the plaintext m, the system disclosure parameter PKCalculating a ciphertext CT by using an encryption algorithm; and also for using the suspect data user key SKsuspectedSending the data to an auditing center;
the data user is used for calculating a plaintext according to the system public parameter PK, the ciphertext CT, the user attribute key SK and the user identity ID; and
an audit center for using the user key SK according to the suspicious datasuspectedAnd running a tracking algorithm, outputting the user ID and the KFN, then comparing and searching for the data user which is the same as the KFN of the suspicious data user, if the data user is found, judging that the found data user is a malicious user, namely a key divulger, and if the data user is not found, judging that the attribute authorization center is malicious, namely the key divulger.
Compared with the prior art, the invention has the following beneficial effects: the method and the system are designed based on an attribute-based cryptosystem and can realize one-to-many access control. The method and the system not only can realize fine-grained access control, but also can realize the functions of tracking and cancelling malicious users by embedding the key serial number which can uniquely identify the identity of the data user in the attribute key of the data user, and have strong practicability and wide application prospect.
Drawings
FIG. 1 is a schematic block diagram of a system of an embodiment of the present invention.
Detailed Description
The invention is further described with reference to the following figures and specific embodiments.
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments according to the present application. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
The invention provides an attribute-based encryption method capable of preventing key abuse, which comprises the following steps:
step S1: attribute authority entry security parameter 1λThe master key MSK and the system public parameter PK are generated.
In this embodiment, the step S1 specifically includes the following steps:
step S11: attribute authority entry security parameter 1λI.e. a 0,1 bit string of length lambda, outputs a bilinear group (p, G)TE) in which GTAnd G is a prime number p factorial cyclic group, G is a generator of group G, e: G → GTIs a bilinear map;
step S12, randomly selecting u, h, w, v ∈ G, (α, x, y) ∈ ZpCalculating X ═ gx,Y=gyWherein Z ispRepresenting the set {0,1,2, …, p-1}, wherein u, h, w, v, α, x and y are random numbers;
step S13: attribute authority publication PK ═ p, G, GT,e),u,h,w,v,X,Y,e(g,g)α) For system public parameters, MSK ═ (α, x, y) is the master key, kept secret by the attribute authority.
Step (ii) ofS2: the attribute authorization center inputs a master key MSK, a system public parameter PK, a user identity ID and a user attribute setAnd a key series number KFN, calculating a user attribute key SK using a key generation algorithm, wherein the SK embeds an ID and the KFN.
In this embodiment, calculating the user attribute key SK by using the key generation algorithm specifically includes the following steps:
step S21: the data user first submits its own ID and attribute setGiving an attribute authority whereinIs an attribute value, n and niIs an integer;
step S22: data user random selection Represents the set 1,2, …, p-1; calculating the commitment value R ═ wkAnd sending R to the attribute authorization center;
step S23: the data user proves that the data user has a k value corresponding to the commitment value R to the attribute authorization center by using zero knowledge proof;
step S24: the attribute authority center checks whether the zero knowledge proof is valid, if so, the step S25 is carried out, and if not, the step S26 is carried out;
step S25: inputting system public parameter PK ═ ((p, G, G)T,e),u,h,w,v,X,Y,e(g,g)α) Random selection of d, r by attribute authority1,r2,...,rn∈ZpK is calculated using the master key MSK ═ (α, x, y)0=gα/(x+ID+yd)wrk,K1=gr,K2=gxr,K3=gyr,T1=ID,T3=d,Wherein the unexplained parameters are random numbers or calculated values; if x + ID + ydmodp is 0, reselecting the value d; if x + ID + ydmodp is not equal to 0, the attribute authorization center generates an attribute key for the data userIn which SK embeds a user identity T1ID and T2K, i.e., the key series number KFN;
step S26: generation of the attribute key for the data user is stopped.
Step S3: data owner inputs plaintext m, system public parameters PK and access structureThe ciphertext CT is computed using an encryption algorithm.
In this embodiment, the step S3 specifically includes the following steps:
step S31: data owner input system public parameter PK ═ ((p, G)T,e),u,h,w,v,X,Y,e(g,g)α) Message m ∈ GTAnd access structureWhereinWiIs a list of attributes, SiIs an attribute; selecting a random number s, s1,s2,...,sn-1∈ZpCalculatingWhere s is the shared secret value;
step S32: the data owner selects n random numbers t1,t2,...,tn∈ZpCalculating C ═ me (g, g)αs,C1=gs,C2=gxs,C3=gys,
Step S33: to hide the access structure, the data owner generates a corresponding value for each attribute valueWhen in useTime, calculateWhen in useOnly randomly chooseFinally, the data owner outputs the ciphertext
Step S4: the data user calculates the plaintext according to the system public parameter PK, the ciphertext CT, the user attribute key SK and the user identity ID, if so, the data user calculates the plaintextI.e. user attribute setSatisfying access structure embedded in ciphertext CTThen the plaintext m is output, otherwiseI.e. user attribute setUnsatisfied access structure embedded in ciphertext CTThe ciphertext cannot be decrypted to obtain the plaintext.
The calculation of the plaintext m specifically comprises the following steps:
step S41: data user input system public parameter PK ═ ((p, G, G)T,e),u,h,w,v,X,Y,e(g,g)α),And attribute setAssociated attribute keysFor each attribute in the attribute setData user selectionComputing
Step S42: and the data user calculates m as C/B.
Step S5: if the data owner suspects a certain data user key SKsuspectedMisuse (e.g. intentional disclosure to other unauthorized data users for interest), the suspect data user key SKsuspectedSending the data to an auditing center; audit center inputs suspicious data user key SKsuspectedRunning a tracking algorithm and outputting a user ID and a KFN; then, the auditing center compares and searches for the data user which is the same as the KFN of the suspicious data user, if the data user is found, the auditing center judges that the found data user is a malicious user, namely a key leakage person, otherwise, the auditing center judges that the attribute authorization center is maliciousI.e. the key issuer.
In this embodiment, the step S5 specifically includes the following steps:
step S51: if the data owner suspects a certain data user key SKsuspectedMisuse, then suspect data user key SKsuspectedSending the data to an auditing center; audit center inputs suspicious data user key SKsuspectedRunning the tracking algorithm, outputting T1=ID,T2=k;
Step S52: the audit center compares and searches the key serial number T of the suspicious data user2K is the same as KFN of which data user identity ID registered in the audit center, that is, k is kIDIf the identity ID is found, the audit center judges that the data user with the identity ID is a malicious user, namely a key divulger, otherwise, k is not equal to kIDAnd the auditing center judges that the attribute authorization center is malicious, namely a key leakage person.
The invention also provides an attribute-based encryption system capable of preventing key abuse based on the method, which comprises an attribute authorization center, a data owner, a data user and an audit center, as shown in figure 1.
The attribute authorization center is used for generating a master secret key MSK and a system public parameter PK and is also used for generating a master secret key MSK, a system public parameter PK, a user identity ID and a user attribute set according to the master secret key MSK, the system public parameter PK, the user identity ID and the user attribute setAnd a key series number KFN, which calculates the user attribute key SK using a key generation algorithm.
The data owner is used to access the structure according to the plaintext m, the system disclosure parameters PKCalculating the ciphertext CT using an encryption algorithm, and using the ciphertext CT to use the user key SK for the suspect datasuspectedAnd sending the data to an auditing center.
And the data user is used for calculating a plaintext according to the system public parameter PK, the ciphertext CT, the user attribute key SK and the user identity ID.
The audit center is used for user key SK according to suspicious datasuspectedAnd running a tracking algorithm, outputting the user ID and the KFN, then comparing and searching for the data user which is the same as the KFN of the suspicious data user, if the data user is found, judging that the found data user is a malicious user, namely a key divulger, and if the data user is not found, judging that the attribute authorization center is malicious, namely the key divulger.
The invention has the main characteristic advantage of realizing one-to-many access control, user tracking and attribute key revocation. The method not only can realize fine-grained access control, but also can realize the functions of malicious user tracking and attribute key revocation by embedding the key serial number which can uniquely identify the identity of the data user in the attribute key of the data user, and the scheme has higher safety and better performance.
As shown in fig. 1, the attribute authority generates system public parameters and issues attribute keys to data owners and data users. And the data owner encrypts the message by using the related access structure and outsources the ciphertext to the cloud server. Each ciphertext is associated with an access structure and a private key of a data user is associated with a set of attributes. The outsourced data can be successfully decrypted if the set of attributes of the authorized data users satisfies the access structure. When the data owner suspects the key leakage or key abuse, the auditing center starts an auditing and canceling program and returns the tracking and auditing results to the data owner and the data user. According to the invention, the key series number of the corresponding identity is embedded in the user attribute key, and when a user shares the attribute key with other people for commercial benefit, the key series number of the user can be tracked through a key tracking algorithm, so that the malicious data user identity is determined, and the problems of key abuse and attribute key revocation are solved.
The foregoing is directed to preferred embodiments of the present invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof, and the scope thereof is determined by the claims that follow. However, any simple modification, equivalent change and modification of the above embodiments according to the technical essence of the present invention are within the protection scope of the technical solution of the present invention.
Claims (7)
1. An attribute-based encryption method capable of preventing key abuse, comprising the steps of:
step S1: attribute authority entry security parameter 1λGenerating a master key MSK and a system public parameter PK;
step S2: the attribute authorization center inputs a master key MSK, a system public parameter PK, a user identity ID and a user attribute setAnd a key series number KFN, calculating a user attribute key SK using a key generation algorithm, wherein the ID and the KFN are embedded in the SK;
step S3: data owner inputs plaintext m, system public parameters PK and access structureCalculating a ciphertext CT by using an encryption algorithm;
step S4: the data user calculates the plaintext according to the system public parameter PK, the ciphertext CT, the user attribute key SK and the user identity ID, if so, the data user calculates the plaintextI.e. user attribute setSatisfying access structure embedded in ciphertext CTThen the plaintext m is output, otherwiseI.e. user attribute setDiscontent withAccess structure embedded in ciphertext CTThe ciphertext cannot be decrypted to obtain the plaintext;
step S5: if the data owner suspects a certain data user key SKsuspectedMisuse, then suspect data user key SKsuspectedSending the data to an auditing center; audit center inputs suspicious data user key SKsuspectedRunning a tracking algorithm and outputting a user ID and a KFN; then, the auditing center searches for the data user which is the same as the KFN of the suspicious data user in a comparison way, if the data user is found, the auditing center judges that the found data user is a malicious user, namely a key leakage person, otherwise, the auditing center judges that the attribute authorization center is malicious, namely the key leakage person.
2. The method for attribute-based encryption capable of preventing key abuse according to claim 1, wherein said step S1 specifically comprises the following steps:
step S11: attribute authority entry security parameter 1λI.e. a 0,1 bit string of length lambda, outputs a bilinear group (p, G)TE) in which GTAnd G is a prime number p factorial cyclic group, G is a generator of group G, e: G → GTIs a bilinear map;
step S12, randomly selecting u, h, w, v ∈ G, (α, x, y) ∈ ZpCalculating X ═ gx,Y=gyWherein Z ispRepresenting the set {0,1,2, …, p-1}, wherein u, h, w, v, α, x and y are random numbers;
step S13: attribute authority publication PK ═ p, G, GT,e),u,h,w,v,X,Y,e(g,g)α) For system public parameters, MSK ═ (α, x, y) is the master key, kept secret by the attribute authority.
3. The method for attribute-based encryption capable of preventing key abuse according to claim 2, wherein in step S2, the step of calculating the user attribute key SK by using the key generation algorithm specifically comprises the following steps:
step S21: the data user first submits its own ID and attribute setGiving an attribute authority whereinIs an attribute value, n and niIs an integer;
step S22: data user random selection Represents the set 1,2, …, p-1; calculating the commitment value R ═ wkAnd sending R to the attribute authorization center;
step S23: the data user proves that the data user has a k value corresponding to the commitment value R to the attribute authorization center by using zero knowledge proof;
step S24: the attribute authority center checks whether the zero knowledge proof is valid, if so, the step S25 is carried out, and if not, the step S26 is carried out;
step S25: inputting system public parameter PK ═ ((p, G, G)T,e),u,h,w,v,X,Y,e(g,g)α) Random selection of d, r by attribute authority1,r2,…,rn∈ZpK is calculated using the master key MSK ═ (α, x, y)0=gα/(x+ID+yd)wrk,K1=gr,K2=gxr,K3=gyr,T1=ID,T3=d,If x + ID + ydmodp is 0, reselecting the value d; if x + ID + ydmodp is not equal to 0, the attribute authorization center generates an attribute key for the data userIn which SK embeds a user identity T1ID and key series number T2=k;
Step S26: generation of the attribute key for the data user is stopped.
4. The method of claim 3, wherein said step S3 specifically comprises the following steps:
step S31: data owner input system public parameter PK ═ ((p, G)T,e),u,h,w,v,X,Y,e(g,g)α) Message m ∈ GTAnd access structureWhereinWiIs a list of attributes, SiIs an attribute; selecting a random number s, s1,s2,…,sn-1∈ZpCalculatingWhere s is the shared secret value;
step S32: the data owner selects n random numbers t1,t2,…,tn∈ZpCalculating C ═ me (g, g)αs,C1=gs,C2=gxs,C3=gys,
5. The method for attribute-based encryption capable of preventing key abuse according to claim 4, wherein in step S4, the calculation of plaintext m specifically comprises the following steps:
step S41: data user input system public parameter PK ═ ((p, G, G)T,e),u,h,w,v,X,Y,e(g,g)α),And attribute setAssociated attribute keysFor each attribute in the attribute setData user selectionComputing
Step S42: and the data user calculates m as C/B.
6. The method of claim 5, wherein said step S5 specifically comprises the following steps:
step S51: if the data owner suspects a certain data user key SKsuspectedMisuse, then suspect data user key SKsuspectedSending the data to an auditing center; audit center inputs suspicious data user key SKsuspectedRunning the tracking algorithm, outputting T1=ID,T2=k;
Step S52: the audit center compares and searches the key serial number T of the suspicious data user2K is the same as KFN of which data user identity ID registered in the audit center, that is, k is kIDIf the identity ID is found, the audit center judges that the data user with the identity ID is a malicious user, namely a key divulger, otherwise, k is not equal to kIDAnd the auditing center judges that the attribute authorization center is malicious, namely a key leakage person.
7. A key abuse resistant attribute-based encryption system employing the method of any one of claims 1-6, comprising:
the attribute authorization center is used for generating a master key MSK and a system public parameter PK; and is also used for processing the data according to the master key MSK, the system public parameter PK, the user identity ID and the user attribute setAnd a key series number KFN, calculating a user attribute key SK by using a key generation algorithm;
data owner for accessing the structure according to the plaintext m, the system disclosure parameter PKCalculating a ciphertext CT by using an encryption algorithm; and also for using the suspect data user key SKsuspectedSending the data to an auditing center;
the data user is used for calculating a plaintext according to the system public parameter PK, the ciphertext CT, the user attribute key SK and the user identity ID; and
an audit center for using the user key SK according to the suspicious datasuspectedAnd running a tracking algorithm, outputting the user ID and the KFN, then comparing and searching for the data user which is the same as the KFN of the suspicious data user, if the data user is found, judging that the found data user is a malicious user, namely a key divulger, and if the data user is not found, judging that the attribute authorization center is malicious, namely the key divulger.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010111296.XA CN111310214A (en) | 2020-02-24 | 2020-02-24 | Attribute-based encryption method and system capable of preventing key abuse |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010111296.XA CN111310214A (en) | 2020-02-24 | 2020-02-24 | Attribute-based encryption method and system capable of preventing key abuse |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111310214A true CN111310214A (en) | 2020-06-19 |
Family
ID=71149123
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010111296.XA Pending CN111310214A (en) | 2020-02-24 | 2020-02-24 | Attribute-based encryption method and system capable of preventing key abuse |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111310214A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113362147A (en) * | 2021-05-17 | 2021-09-07 | 杭州师范大学 | Traceable electronic auction method based on multiple authorization centers under Internet of things |
CN113489683A (en) * | 2021-06-11 | 2021-10-08 | 东莞职业技术学院 | Key abuse prevention decentralized attribute-based encryption method, system and storage medium |
CN113507359A (en) * | 2021-06-18 | 2021-10-15 | 泰安北航科技园信息科技有限公司 | Block chain-based digital copyright multi-authority attribute encryption management system |
CN113810410A (en) * | 2021-09-16 | 2021-12-17 | 东莞职业技术学院 | Unmisuse key decentralized attribute-based encryption method, system and storage medium |
WO2023134576A1 (en) * | 2022-01-17 | 2023-07-20 | 中兴通讯股份有限公司 | Data encryption method, attribute authorization center, and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109286491A (en) * | 2018-10-18 | 2019-01-29 | 上海海事大学 | A kind of key policy attribute base encryption method based on proxy revocation |
CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
CN110457930A (en) * | 2019-08-16 | 2019-11-15 | 上海海事大学 | The attribute base encryption method and system of the hiding traceable revocation malicious user of strategy |
-
2020
- 2020-02-24 CN CN202010111296.XA patent/CN111310214A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109286491A (en) * | 2018-10-18 | 2019-01-29 | 上海海事大学 | A kind of key policy attribute base encryption method based on proxy revocation |
CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
CN110457930A (en) * | 2019-08-16 | 2019-11-15 | 上海海事大学 | The attribute base encryption method and system of the hiding traceable revocation malicious user of strategy |
Non-Patent Citations (1)
Title |
---|
JIGUO LI, YICHEN ZHANG, JIANTING NING, XINYI HUANG, GEONG SEN PO: ""Attribute Based Encryption with Privacy Protection and Accountability for CloudIoT"", 《IEEE》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113362147A (en) * | 2021-05-17 | 2021-09-07 | 杭州师范大学 | Traceable electronic auction method based on multiple authorization centers under Internet of things |
CN113362147B (en) * | 2021-05-17 | 2023-02-10 | 杭州师范大学 | Traceable electronic auction method based on multiple authorization centers under Internet of things |
CN113489683A (en) * | 2021-06-11 | 2021-10-08 | 东莞职业技术学院 | Key abuse prevention decentralized attribute-based encryption method, system and storage medium |
CN113507359A (en) * | 2021-06-18 | 2021-10-15 | 泰安北航科技园信息科技有限公司 | Block chain-based digital copyright multi-authority attribute encryption management system |
CN113810410A (en) * | 2021-09-16 | 2021-12-17 | 东莞职业技术学院 | Unmisuse key decentralized attribute-based encryption method, system and storage medium |
WO2023134576A1 (en) * | 2022-01-17 | 2023-07-20 | 中兴通讯股份有限公司 | Data encryption method, attribute authorization center, and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108632032B (en) | Safe multi-keyword sequencing retrieval system without key escrow | |
Zhang et al. | Data security and privacy-preserving in edge computing paradigm: Survey and open issues | |
Riad et al. | A dynamic and hierarchical access control for IoT in multi-authority cloud storage | |
CN111310214A (en) | Attribute-based encryption method and system capable of preventing key abuse | |
Zhang et al. | Large-universe attribute-based encryption with public traceability for cloud storage | |
Shen et al. | Secure authentication in cloud big data with hierarchical attribute authorization structure | |
CN110933033B (en) | Cross-domain access control method for multiple Internet of things domains in smart city environment | |
Udendhran | A hybrid approach to enhance data security in cloud storage | |
Selvamani et al. | A review on cloud data security and its mitigation techniques | |
Zhou et al. | A secure and privacy-preserving machine learning model sharing scheme for edge-enabled IoT | |
Deng et al. | Tracing and revoking leaked credentials: accountability in leaking sensitive outsourced data | |
Hong et al. | An efficient and traceable KP-ABS scheme with untrusted attribute authority in cloud computing | |
Hosen et al. | SPTM-EC: A security and privacy-preserving task management in edge computing for IIoT | |
Kotha et al. | A comprehensive review on secure data sharing in cloud environment | |
Huang et al. | A parallel secure flow control framework for private data sharing in mobile edge cloud | |
Shiraishi et al. | Attribute revocable attribute-based encryption with forward secrecy for fine-grained access control of shared data | |
CN115834067A (en) | Ciphertext data sharing method in edge cloud collaborative scene | |
CN116805078A (en) | Logistics information platform data intelligent management system and method based on big data | |
Blömer et al. | Cloud architectures for searchable encryption | |
CN115378613A (en) | Anonymous information supervision method and system based on block chain | |
Hu et al. | Security and privacy protocols for perceptual image hashing | |
Salunke et al. | Secure data sharing in distributed cloud environment | |
An et al. | [Retracted] Anonymous Traceability Protocol Based on Group Signature for Blockchain | |
Zhou et al. | A Trustworthy Ciphertext-Policy Attribute-Based Encryption Access Control Method Based on FAME and Blockchain | |
Lingwei et al. | Method of secure, scalable, and fine-grained data access control with efficient revocation in untrusted cloud |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200619 |