CN112788068A - CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing - Google Patents
CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing Download PDFInfo
- Publication number
- CN112788068A CN112788068A CN202110305453.5A CN202110305453A CN112788068A CN 112788068 A CN112788068 A CN 112788068A CN 202110305453 A CN202110305453 A CN 202110305453A CN 112788068 A CN112788068 A CN 112788068A
- Authority
- CN
- China
- Prior art keywords
- encryption
- key
- cloud computing
- module
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000012795 verification Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a CP-ABE-based fixed ciphertext length proxy re-encryption system and a method in cloud computing.
Description
Technical Field
The invention relates to the technical field of re-encryption systems, in particular to a CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing.
Background
Cloud computing is a dynamic and easily extensible way of resource computing, typically providing virtualization over the internet. By transferring the computing and storage responsibilities to the cloud from the local place, the cloud computing service can save a large amount of cost for users, has a wide application prospect, and becomes a hot spot direction for the next generation of internet technology application. Since a large amount of data generated by the cloud computing service is usually in a user-uncontrollable domain, security has always been a primary consideration for enterprises to implement cloud computing, and security technology has become an important research content of the cloud computing service. Currently, many Cloud Service Providers (CSPs) are not fully trusted, and may deliver user data to a third party without permission of a user, thereby causing data information leakage. For sensitive data, therefore, the Data Owner (DO) must perform access control by encrypting and controlling the decryption capability of the user, which is called ciphertext access control. The ciphertext access control technology is a technology in an ABE encryption scheme and is used for solving the problem of data confidentiality of CSP in an untrusted scene. The ABE refers to attribute-based encryption, and the attribute-based encryption scheme is divided into two types, namely Key-Policy ABE (KP-ABE) based attribute encryption of a Key Policy and attribute-based encryption of a Ciphertext Policy (CP-ABE). In CP-ABE, the key is associated with a set of attributes, and the ciphertext is associated with an access policy. In cloud computing, a large number of scenes needing ciphertext conversion exist, if decryption and re-Encryption processing are performed at the cloud end by an incompletely trusted CSP, the risk of user data leakage is easily caused, and the proxy re-Encryption (PRE) scheme can well solve the problem and ensure safe access and sharing of data. The encryption principle of the current re-encryption system is complex and the security degree is low, so that improvement is needed.
Disclosure of Invention
The invention aims to provide a CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: a CP-ABE-based fixed ciphertext length proxy re-encryption system in cloud computing comprises a user login module, a re-encryption module, a key generation module, a decryption module and a main control unit, wherein the main control unit is respectively connected with the user login module, the re-encryption module, the key generation module and the decryption module; the user login module is used for verifying the information of a login user and entering the cloud computing system after the verification is passed; the re-encryption module is used for encrypting the cloud computing data, so that an authorized person can safely access and share the data file in the future to obtain an encrypted data file; the key generation module is used for generating a master key; the decryption module is used for decrypting the encrypted cloud computing data so as to obtain an original text of the data file.
Preferably, an encryption method of a CP-ABE-based fixed ciphertext length proxy re-encryption system in cloud computing includes the following steps:
A. firstly, a user performs identity authentication through a user login module, enters a cloud computing system after the authentication is passed, and exits a login interface if the authentication is not passed for 3 times;
B. the key generation module generates a master key and encrypts the cloud computing data once to obtain ciphertext data once;
C. the re-encryption module carries out secondary encryption on the primary ciphertext data by using an encryption algorithm with a fixed ciphertext length based on CP-ABE to obtain secondary encrypted ciphertext data;
D. and the decryption module generates a decryption key to decrypt the secondary encrypted ciphertext data so as to obtain the original text of the data file.
Preferably, the master key generation method in step B is as follows:
a. obtaining a first key factor;
b. setting a first fixed key, wherein the first fixed key is preset and stored in encryption equipment;
c. generating a first dynamic key by an encryption device;
d. performing first logic operation on the first key factor, the first fixed key and the first dynamic key to obtain a first encryption key;
e. and carrying out Hash operation on the first encryption key to obtain a second encryption key, wherein the second encryption key is the master key.
Preferably, the re-encryption method in step C is as follows:
a. the key generation center respectively generates system parameters and a user key;
b. an encryptor encrypts the cloud computing data by a ciphertext strategy attribute-based encryption method to obtain an original ciphertext;
c. the re-encryption authorizer generates a re-encryption key and sends the re-encryption key to the re-encryption agent;
d. and the re-encryption agent re-encrypts the original ciphertext by using the system public key and the legal re-encryption key to generate a re-encrypted ciphertext.
Preferably, the step D specifically includes: the authorizer generates a decryption key according to the attribute of the content applicant, embeds the public key information of the content applicant into the decryption key in the process of generating the decryption key, and then sends the decryption key to the content applicant.
Compared with the prior art, the invention has the beneficial effects that: the re-encryption system has simple working principle and high encryption safety, and ensures the safe access and sharing of user data; the adopted master key generation method is high in complexity, the safety of data transmission is improved, and the cracking difficulty is improved; the adopted re-encryption method can resist a stronger attacker, improve the operation efficiency and realize the re-encryption control of the encryptor on the ciphertext.
Drawings
FIG. 1 is a schematic block diagram of an encryption system of the present invention;
FIG. 2 is a flow chart of the present invention;
FIG. 3 is a flow chart of a re-encryption method of the present invention;
in the figure: the system comprises a user login module 1, a re-encryption module 2, a key generation module 3, a decryption module 4 and a main control unit 5.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "upper", "lower", "inner", "outer", "front", "rear", "both ends", "one end", "the other end", and the like indicate orientations or positional relationships based on those shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the referred device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it is to be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "disposed," "connected," and the like are to be construed broadly, such as "connected," which may be fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Referring to fig. 1-3, the present invention provides a technical solution: a CP-ABE-based fixed ciphertext length proxy re-encryption system in cloud computing comprises a user login module 1, a re-encryption module 2, a key generation module 3, a decryption module 4 and a main control unit 5, wherein the main control unit 5 is respectively connected with the user login module 1, the re-encryption module 2, the key generation module 3 and the decryption module 4; the user login module is used for verifying the information of a login user and entering the cloud computing system after the verification is passed; the re-encryption module is used for encrypting the cloud computing data, so that an authorized person can safely access and share the data file in the future to obtain an encrypted data file; the key generation module is used for generating a master key; the decryption module is used for decrypting the encrypted cloud computing data so as to obtain an original text of the data file.
The working principle is as follows: an encryption method of a CP-ABE-based fixed ciphertext length proxy re-encryption system in cloud computing comprises the following steps:
A. firstly, a user performs identity authentication through a user login module, enters a cloud computing system after the authentication is passed, and exits a login interface if the authentication is not passed for 3 times;
B. the key generation module generates a master key and encrypts the cloud computing data once to obtain ciphertext data once;
C. the re-encryption module carries out secondary encryption on the primary ciphertext data by using an encryption algorithm with a fixed ciphertext length based on CP-ABE to obtain secondary encrypted ciphertext data;
D. and the decryption module generates a decryption key to decrypt the secondary encrypted ciphertext data so as to obtain the original text of the data file.
In the invention, the method for generating the master key in the step B is as follows:
a. obtaining a first key factor;
b. setting a first fixed key, wherein the first fixed key is preset and stored in encryption equipment;
c. generating a first dynamic key by an encryption device;
d. performing first logic operation on the first key factor, the first fixed key and the first dynamic key to obtain a first encryption key;
e. and carrying out Hash operation on the first encryption key to obtain a second encryption key, wherein the second encryption key is the master key.
In the invention, the re-encryption method in the step C is as follows:
a. the key generation center respectively generates system parameters and a user key;
b. an encryptor encrypts the cloud computing data by a ciphertext strategy attribute-based encryption method to obtain an original ciphertext;
c. the re-encryption authorizer generates a re-encryption key and sends the re-encryption key to the re-encryption agent;
d. and the re-encryption agent re-encrypts the original ciphertext by using the system public key and the legal re-encryption key to generate a re-encrypted ciphertext.
In addition, in the present invention, step D specifically includes: the authorizer generates a decryption key according to the attribute of the content applicant, embeds the public key information of the content applicant into the decryption key in the process of generating the decryption key, and then sends the decryption key to the content applicant.
In conclusion, the re-encryption system has simple working principle and high encryption safety, and ensures the safe access and sharing of user data; the adopted master key generation method is high in complexity, the safety of data transmission is improved, and the cracking difficulty is improved; the adopted re-encryption method can resist a stronger attacker, improve the operation efficiency and realize the re-encryption control of the encryptor on the ciphertext.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (5)
1. A CP-ABE-based fixed ciphertext length proxy re-encryption system in cloud computing is characterized in that: the re-encryption system comprises a user login module (1), a re-encryption module (2), a key generation module (3), a decryption module (4) and a main control unit (5), wherein the main control unit (5) is respectively connected with the user login module (1), the re-encryption module (2), the key generation module (3) and the decryption module (4); the user login module is used for verifying the information of a login user and entering the cloud computing system after the verification is passed; the re-encryption module is used for encrypting the cloud computing data, so that an authorized person can safely access and share the data file in the future to obtain an encrypted data file; the key generation module is used for generating a master key; the decryption module is used for decrypting the encrypted cloud computing data so as to obtain an original text of the data file.
2. The encryption method for realizing the CP-ABE-based fixed ciphertext length proxy re-encryption system in the cloud computing, according to claim 1, is characterized in that: the method comprises the following steps:
A. firstly, a user performs identity authentication through a user login module, enters a cloud computing system after the authentication is passed, and exits a login interface if the authentication is not passed for 3 times;
B. the key generation module generates a master key and encrypts the cloud computing data once to obtain ciphertext data once;
C. the re-encryption module carries out secondary encryption on the primary ciphertext data by using an encryption algorithm with a fixed ciphertext length based on CP-ABE to obtain secondary encrypted ciphertext data;
D. and the decryption module generates a decryption key to decrypt the secondary encrypted ciphertext data so as to obtain the original text of the data file.
3. The encryption method of the CP-ABE-based fixed ciphertext length proxy re-encryption system in the cloud computing according to claim 2, wherein: the method for generating the master key in the step B is as follows:
a. obtaining a first key factor;
b. setting a first fixed key, wherein the first fixed key is preset and stored in encryption equipment;
c. generating a first dynamic key by an encryption device;
d. performing a first logic operation on the first key factor, the first fixed key and the first dynamic key to obtain a first key factor
A first encryption key;
e. and carrying out Hash operation on the first encryption key to obtain a second encryption key, wherein the second encryption key is the master key.
4. The encryption method of the CP-ABE-based fixed ciphertext length proxy re-encryption system in the cloud computing according to claim 2, wherein: the re-encryption method in the step C is as follows:
a. the key generation center respectively generates system parameters and a user key;
b. an encryptor encrypts the cloud computing data by a ciphertext strategy attribute-based encryption method to obtain an original ciphertext;
c. the re-encryption authorizer generates a re-encryption key and sends the re-encryption key to the re-encryption agent;
d. and the re-encryption agent re-encrypts the original ciphertext by using the system public key and the legal re-encryption key to generate a re-encrypted ciphertext.
5. The encryption method of the CP-ABE-based fixed ciphertext length proxy re-encryption system in the cloud computing according to claim 1, wherein: the step D specifically comprises the following steps: the authorizer generates a decryption key according to the attribute of the content applicant, embeds the public key information of the content applicant into the decryption key in the process of generating the decryption key, and then sends the decryption key to the content applicant.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110305453.5A CN112788068A (en) | 2021-03-23 | 2021-03-23 | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110305453.5A CN112788068A (en) | 2021-03-23 | 2021-03-23 | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112788068A true CN112788068A (en) | 2021-05-11 |
Family
ID=75762857
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110305453.5A Withdrawn CN112788068A (en) | 2021-03-23 | 2021-03-23 | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112788068A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104320393A (en) * | 2014-10-24 | 2015-01-28 | 西安电子科技大学 | Effective attribute base agent re-encryption method capable of controlling re-encryption |
CN104580205A (en) * | 2015-01-05 | 2015-04-29 | 南京邮电大学 | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing |
CN110798316A (en) * | 2019-09-20 | 2020-02-14 | 西安瑞思凯微电子科技有限公司 | Encryption key generation method, decryption key generation method, encryption key generation program, decryption key generation program, and decryption program |
CN111698240A (en) * | 2020-06-08 | 2020-09-22 | 南京工业大学 | CP-ABE encryption outsourcing |
-
2021
- 2021-03-23 CN CN202110305453.5A patent/CN112788068A/en not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104320393A (en) * | 2014-10-24 | 2015-01-28 | 西安电子科技大学 | Effective attribute base agent re-encryption method capable of controlling re-encryption |
CN104580205A (en) * | 2015-01-05 | 2015-04-29 | 南京邮电大学 | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing |
CN110798316A (en) * | 2019-09-20 | 2020-02-14 | 西安瑞思凯微电子科技有限公司 | Encryption key generation method, decryption key generation method, encryption key generation program, decryption key generation program, and decryption program |
CN111698240A (en) * | 2020-06-08 | 2020-09-22 | 南京工业大学 | CP-ABE encryption outsourcing |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108881314B (en) | Privacy protection method and system based on CP-ABE ciphertext under fog computing environment | |
CN102655508B (en) | Method for protecting privacy data of users in cloud environment | |
CN106487765B (en) | Authorized access method and device using the same | |
US12003634B2 (en) | Systems and methods for encrypted content management | |
CN101296086B (en) | Method, system and device for access authentication | |
CN103957109A (en) | Cloud data privacy protection security re-encryption method | |
CN112383391B (en) | Data security protection method based on data attribute authorization, storage medium and terminal | |
CN111954211B (en) | Novel authentication key negotiation system of mobile terminal | |
CN110958219A (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
CN113961959A (en) | Proxy re-encryption method and system for data sharing community | |
CN115426136A (en) | Cross-domain access control method and system based on block chain | |
CN116244750A (en) | Secret-related information maintenance method, device, equipment and storage medium | |
Xia et al. | Design of secure FTP system | |
CN116132025A (en) | Key negotiation method, device and communication system based on preset key group | |
CN115694922A (en) | File transmission encryption method and equipment under domestic CPU and OS | |
CN112671729B (en) | Internet of vehicles oriented anonymous key leakage resistant authentication method, system and medium | |
CN112788068A (en) | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing | |
Wu et al. | A trusted and efficient cloud computing service with personal health record | |
CN114244501A (en) | Power data privacy protection system and implementation method thereof, and encryption attribute revocation method | |
CN111083140A (en) | Data sharing method under hybrid cloud environment | |
CN115529194B (en) | Data management method, system, equipment and storage medium | |
Wang et al. | Secure Data Deduplication And Sharing Method Based On UMLE And CP-ABE | |
CN114448600A (en) | Key management method and system suitable for zero trust network | |
Zhang et al. | Improved CP-ABE Algorithm Based on Identity and Access Control | |
Fu et al. | Research on Computer Information Security Technology Based on DES Data Encryption Algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20210511 |
|
WW01 | Invention patent application withdrawn after publication |