CN112788068A - CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing - Google Patents

CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing Download PDF

Info

Publication number
CN112788068A
CN112788068A CN202110305453.5A CN202110305453A CN112788068A CN 112788068 A CN112788068 A CN 112788068A CN 202110305453 A CN202110305453 A CN 202110305453A CN 112788068 A CN112788068 A CN 112788068A
Authority
CN
China
Prior art keywords
encryption
key
cloud computing
module
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110305453.5A
Other languages
Chinese (zh)
Inventor
刘犇
屠袁飞
杨小健
杨志祥
何淑华
丁辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Tech University
Original Assignee
Nanjing Tech University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Tech University filed Critical Nanjing Tech University
Priority to CN202110305453.5A priority Critical patent/CN112788068A/en
Publication of CN112788068A publication Critical patent/CN112788068A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a CP-ABE-based fixed ciphertext length proxy re-encryption system and a method in cloud computing.

Description

CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing
Technical Field
The invention relates to the technical field of re-encryption systems, in particular to a CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing.
Background
Cloud computing is a dynamic and easily extensible way of resource computing, typically providing virtualization over the internet. By transferring the computing and storage responsibilities to the cloud from the local place, the cloud computing service can save a large amount of cost for users, has a wide application prospect, and becomes a hot spot direction for the next generation of internet technology application. Since a large amount of data generated by the cloud computing service is usually in a user-uncontrollable domain, security has always been a primary consideration for enterprises to implement cloud computing, and security technology has become an important research content of the cloud computing service. Currently, many Cloud Service Providers (CSPs) are not fully trusted, and may deliver user data to a third party without permission of a user, thereby causing data information leakage. For sensitive data, therefore, the Data Owner (DO) must perform access control by encrypting and controlling the decryption capability of the user, which is called ciphertext access control. The ciphertext access control technology is a technology in an ABE encryption scheme and is used for solving the problem of data confidentiality of CSP in an untrusted scene. The ABE refers to attribute-based encryption, and the attribute-based encryption scheme is divided into two types, namely Key-Policy ABE (KP-ABE) based attribute encryption of a Key Policy and attribute-based encryption of a Ciphertext Policy (CP-ABE). In CP-ABE, the key is associated with a set of attributes, and the ciphertext is associated with an access policy. In cloud computing, a large number of scenes needing ciphertext conversion exist, if decryption and re-Encryption processing are performed at the cloud end by an incompletely trusted CSP, the risk of user data leakage is easily caused, and the proxy re-Encryption (PRE) scheme can well solve the problem and ensure safe access and sharing of data. The encryption principle of the current re-encryption system is complex and the security degree is low, so that improvement is needed.
Disclosure of Invention
The invention aims to provide a CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: a CP-ABE-based fixed ciphertext length proxy re-encryption system in cloud computing comprises a user login module, a re-encryption module, a key generation module, a decryption module and a main control unit, wherein the main control unit is respectively connected with the user login module, the re-encryption module, the key generation module and the decryption module; the user login module is used for verifying the information of a login user and entering the cloud computing system after the verification is passed; the re-encryption module is used for encrypting the cloud computing data, so that an authorized person can safely access and share the data file in the future to obtain an encrypted data file; the key generation module is used for generating a master key; the decryption module is used for decrypting the encrypted cloud computing data so as to obtain an original text of the data file.
Preferably, an encryption method of a CP-ABE-based fixed ciphertext length proxy re-encryption system in cloud computing includes the following steps:
A. firstly, a user performs identity authentication through a user login module, enters a cloud computing system after the authentication is passed, and exits a login interface if the authentication is not passed for 3 times;
B. the key generation module generates a master key and encrypts the cloud computing data once to obtain ciphertext data once;
C. the re-encryption module carries out secondary encryption on the primary ciphertext data by using an encryption algorithm with a fixed ciphertext length based on CP-ABE to obtain secondary encrypted ciphertext data;
D. and the decryption module generates a decryption key to decrypt the secondary encrypted ciphertext data so as to obtain the original text of the data file.
Preferably, the master key generation method in step B is as follows:
a. obtaining a first key factor;
b. setting a first fixed key, wherein the first fixed key is preset and stored in encryption equipment;
c. generating a first dynamic key by an encryption device;
d. performing first logic operation on the first key factor, the first fixed key and the first dynamic key to obtain a first encryption key;
e. and carrying out Hash operation on the first encryption key to obtain a second encryption key, wherein the second encryption key is the master key.
Preferably, the re-encryption method in step C is as follows:
a. the key generation center respectively generates system parameters and a user key;
b. an encryptor encrypts the cloud computing data by a ciphertext strategy attribute-based encryption method to obtain an original ciphertext;
c. the re-encryption authorizer generates a re-encryption key and sends the re-encryption key to the re-encryption agent;
d. and the re-encryption agent re-encrypts the original ciphertext by using the system public key and the legal re-encryption key to generate a re-encrypted ciphertext.
Preferably, the step D specifically includes: the authorizer generates a decryption key according to the attribute of the content applicant, embeds the public key information of the content applicant into the decryption key in the process of generating the decryption key, and then sends the decryption key to the content applicant.
Compared with the prior art, the invention has the beneficial effects that: the re-encryption system has simple working principle and high encryption safety, and ensures the safe access and sharing of user data; the adopted master key generation method is high in complexity, the safety of data transmission is improved, and the cracking difficulty is improved; the adopted re-encryption method can resist a stronger attacker, improve the operation efficiency and realize the re-encryption control of the encryptor on the ciphertext.
Drawings
FIG. 1 is a schematic block diagram of an encryption system of the present invention;
FIG. 2 is a flow chart of the present invention;
FIG. 3 is a flow chart of a re-encryption method of the present invention;
in the figure: the system comprises a user login module 1, a re-encryption module 2, a key generation module 3, a decryption module 4 and a main control unit 5.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "upper", "lower", "inner", "outer", "front", "rear", "both ends", "one end", "the other end", and the like indicate orientations or positional relationships based on those shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the referred device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it is to be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "disposed," "connected," and the like are to be construed broadly, such as "connected," which may be fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Referring to fig. 1-3, the present invention provides a technical solution: a CP-ABE-based fixed ciphertext length proxy re-encryption system in cloud computing comprises a user login module 1, a re-encryption module 2, a key generation module 3, a decryption module 4 and a main control unit 5, wherein the main control unit 5 is respectively connected with the user login module 1, the re-encryption module 2, the key generation module 3 and the decryption module 4; the user login module is used for verifying the information of a login user and entering the cloud computing system after the verification is passed; the re-encryption module is used for encrypting the cloud computing data, so that an authorized person can safely access and share the data file in the future to obtain an encrypted data file; the key generation module is used for generating a master key; the decryption module is used for decrypting the encrypted cloud computing data so as to obtain an original text of the data file.
The working principle is as follows: an encryption method of a CP-ABE-based fixed ciphertext length proxy re-encryption system in cloud computing comprises the following steps:
A. firstly, a user performs identity authentication through a user login module, enters a cloud computing system after the authentication is passed, and exits a login interface if the authentication is not passed for 3 times;
B. the key generation module generates a master key and encrypts the cloud computing data once to obtain ciphertext data once;
C. the re-encryption module carries out secondary encryption on the primary ciphertext data by using an encryption algorithm with a fixed ciphertext length based on CP-ABE to obtain secondary encrypted ciphertext data;
D. and the decryption module generates a decryption key to decrypt the secondary encrypted ciphertext data so as to obtain the original text of the data file.
In the invention, the method for generating the master key in the step B is as follows:
a. obtaining a first key factor;
b. setting a first fixed key, wherein the first fixed key is preset and stored in encryption equipment;
c. generating a first dynamic key by an encryption device;
d. performing first logic operation on the first key factor, the first fixed key and the first dynamic key to obtain a first encryption key;
e. and carrying out Hash operation on the first encryption key to obtain a second encryption key, wherein the second encryption key is the master key.
In the invention, the re-encryption method in the step C is as follows:
a. the key generation center respectively generates system parameters and a user key;
b. an encryptor encrypts the cloud computing data by a ciphertext strategy attribute-based encryption method to obtain an original ciphertext;
c. the re-encryption authorizer generates a re-encryption key and sends the re-encryption key to the re-encryption agent;
d. and the re-encryption agent re-encrypts the original ciphertext by using the system public key and the legal re-encryption key to generate a re-encrypted ciphertext.
In addition, in the present invention, step D specifically includes: the authorizer generates a decryption key according to the attribute of the content applicant, embeds the public key information of the content applicant into the decryption key in the process of generating the decryption key, and then sends the decryption key to the content applicant.
In conclusion, the re-encryption system has simple working principle and high encryption safety, and ensures the safe access and sharing of user data; the adopted master key generation method is high in complexity, the safety of data transmission is improved, and the cracking difficulty is improved; the adopted re-encryption method can resist a stronger attacker, improve the operation efficiency and realize the re-encryption control of the encryptor on the ciphertext.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.

Claims (5)

1. A CP-ABE-based fixed ciphertext length proxy re-encryption system in cloud computing is characterized in that: the re-encryption system comprises a user login module (1), a re-encryption module (2), a key generation module (3), a decryption module (4) and a main control unit (5), wherein the main control unit (5) is respectively connected with the user login module (1), the re-encryption module (2), the key generation module (3) and the decryption module (4); the user login module is used for verifying the information of a login user and entering the cloud computing system after the verification is passed; the re-encryption module is used for encrypting the cloud computing data, so that an authorized person can safely access and share the data file in the future to obtain an encrypted data file; the key generation module is used for generating a master key; the decryption module is used for decrypting the encrypted cloud computing data so as to obtain an original text of the data file.
2. The encryption method for realizing the CP-ABE-based fixed ciphertext length proxy re-encryption system in the cloud computing, according to claim 1, is characterized in that: the method comprises the following steps:
A. firstly, a user performs identity authentication through a user login module, enters a cloud computing system after the authentication is passed, and exits a login interface if the authentication is not passed for 3 times;
B. the key generation module generates a master key and encrypts the cloud computing data once to obtain ciphertext data once;
C. the re-encryption module carries out secondary encryption on the primary ciphertext data by using an encryption algorithm with a fixed ciphertext length based on CP-ABE to obtain secondary encrypted ciphertext data;
D. and the decryption module generates a decryption key to decrypt the secondary encrypted ciphertext data so as to obtain the original text of the data file.
3. The encryption method of the CP-ABE-based fixed ciphertext length proxy re-encryption system in the cloud computing according to claim 2, wherein: the method for generating the master key in the step B is as follows:
a. obtaining a first key factor;
b. setting a first fixed key, wherein the first fixed key is preset and stored in encryption equipment;
c. generating a first dynamic key by an encryption device;
d. performing a first logic operation on the first key factor, the first fixed key and the first dynamic key to obtain a first key factor
A first encryption key;
e. and carrying out Hash operation on the first encryption key to obtain a second encryption key, wherein the second encryption key is the master key.
4. The encryption method of the CP-ABE-based fixed ciphertext length proxy re-encryption system in the cloud computing according to claim 2, wherein: the re-encryption method in the step C is as follows:
a. the key generation center respectively generates system parameters and a user key;
b. an encryptor encrypts the cloud computing data by a ciphertext strategy attribute-based encryption method to obtain an original ciphertext;
c. the re-encryption authorizer generates a re-encryption key and sends the re-encryption key to the re-encryption agent;
d. and the re-encryption agent re-encrypts the original ciphertext by using the system public key and the legal re-encryption key to generate a re-encrypted ciphertext.
5. The encryption method of the CP-ABE-based fixed ciphertext length proxy re-encryption system in the cloud computing according to claim 1, wherein: the step D specifically comprises the following steps: the authorizer generates a decryption key according to the attribute of the content applicant, embeds the public key information of the content applicant into the decryption key in the process of generating the decryption key, and then sends the decryption key to the content applicant.
CN202110305453.5A 2021-03-23 2021-03-23 CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing Withdrawn CN112788068A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110305453.5A CN112788068A (en) 2021-03-23 2021-03-23 CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110305453.5A CN112788068A (en) 2021-03-23 2021-03-23 CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing

Publications (1)

Publication Number Publication Date
CN112788068A true CN112788068A (en) 2021-05-11

Family

ID=75762857

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110305453.5A Withdrawn CN112788068A (en) 2021-03-23 2021-03-23 CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing

Country Status (1)

Country Link
CN (1) CN112788068A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320393A (en) * 2014-10-24 2015-01-28 西安电子科技大学 Effective attribute base agent re-encryption method capable of controlling re-encryption
CN104580205A (en) * 2015-01-05 2015-04-29 南京邮电大学 CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing
CN110798316A (en) * 2019-09-20 2020-02-14 西安瑞思凯微电子科技有限公司 Encryption key generation method, decryption key generation method, encryption key generation program, decryption key generation program, and decryption program
CN111698240A (en) * 2020-06-08 2020-09-22 南京工业大学 CP-ABE encryption outsourcing

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320393A (en) * 2014-10-24 2015-01-28 西安电子科技大学 Effective attribute base agent re-encryption method capable of controlling re-encryption
CN104580205A (en) * 2015-01-05 2015-04-29 南京邮电大学 CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing
CN110798316A (en) * 2019-09-20 2020-02-14 西安瑞思凯微电子科技有限公司 Encryption key generation method, decryption key generation method, encryption key generation program, decryption key generation program, and decryption program
CN111698240A (en) * 2020-06-08 2020-09-22 南京工业大学 CP-ABE encryption outsourcing

Similar Documents

Publication Publication Date Title
CN108881314B (en) Privacy protection method and system based on CP-ABE ciphertext under fog computing environment
CN102655508B (en) Method for protecting privacy data of users in cloud environment
CN106487765B (en) Authorized access method and device using the same
US12003634B2 (en) Systems and methods for encrypted content management
CN101296086B (en) Method, system and device for access authentication
CN103957109A (en) Cloud data privacy protection security re-encryption method
CN112383391B (en) Data security protection method based on data attribute authorization, storage medium and terminal
CN111954211B (en) Novel authentication key negotiation system of mobile terminal
CN110958219A (en) SM2 proxy re-encryption method and device for medical cloud shared data
CN113961959A (en) Proxy re-encryption method and system for data sharing community
CN115426136A (en) Cross-domain access control method and system based on block chain
CN116244750A (en) Secret-related information maintenance method, device, equipment and storage medium
Xia et al. Design of secure FTP system
CN116132025A (en) Key negotiation method, device and communication system based on preset key group
CN115694922A (en) File transmission encryption method and equipment under domestic CPU and OS
CN112671729B (en) Internet of vehicles oriented anonymous key leakage resistant authentication method, system and medium
CN112788068A (en) CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing
Wu et al. A trusted and efficient cloud computing service with personal health record
CN114244501A (en) Power data privacy protection system and implementation method thereof, and encryption attribute revocation method
CN111083140A (en) Data sharing method under hybrid cloud environment
CN115529194B (en) Data management method, system, equipment and storage medium
Wang et al. Secure Data Deduplication And Sharing Method Based On UMLE And CP-ABE
CN114448600A (en) Key management method and system suitable for zero trust network
Zhang et al. Improved CP-ABE Algorithm Based on Identity and Access Control
Fu et al. Research on Computer Information Security Technology Based on DES Data Encryption Algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20210511

WW01 Invention patent application withdrawn after publication