CN113965372A - Safe communication mechanism based on attribute encryption - Google Patents

Safe communication mechanism based on attribute encryption Download PDF

Info

Publication number
CN113965372A
CN113965372A CN202111218206.8A CN202111218206A CN113965372A CN 113965372 A CN113965372 A CN 113965372A CN 202111218206 A CN202111218206 A CN 202111218206A CN 113965372 A CN113965372 A CN 113965372A
Authority
CN
China
Prior art keywords
key
ciphertext
data
cloud
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111218206.8A
Other languages
Chinese (zh)
Inventor
刘犇
屠袁飞
杨小健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Tech University
Original Assignee
Nanjing Tech University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Tech University filed Critical Nanjing Tech University
Priority to CN202111218206.8A priority Critical patent/CN113965372A/en
Publication of CN113965372A publication Critical patent/CN113965372A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a safe communication mechanism based on attribute encryption, which relates to the field of information safety and industrial control and consists of a central authority, a data owner, a fog node, a cloud platform and a data user. The industrial data is encrypted by adopting an AES symmetric encryption algorithm, and the AES key is encrypted by using an encryption algorithm based on attributes, so that the safety of industrial data communication is ensured; encryption and decryption outsourcing is used, a large amount of complex computation is outsourced to the cloud and the plurality of fog nodes, the computation overhead of the equipment side and the user side is reduced, and meanwhile the confidentiality of data is guaranteed; in addition, the access strategy is updated, so that the calculation consumption that the data file needs to be downloaded from the cloud and then encrypted again when the access strategy is changed is avoided, and the calculation overhead of the equipment end is further reduced.

Description

Safe communication mechanism based on attribute encryption
Technical Field
The invention relates to the field of information security, in particular to a security communication mechanism based on attribute encryption in an industrial cloud environment.
Background
In recent years, cloud computing, internet of things, and a conventional Industrial Control System (ICS) are integrated to form an Industrial cloud System. It connects products, factories, systems, machines and users together and provides advanced analysis functions to harness the mass data generated in the network, thereby converting data into knowledge, converting knowledge into value, achieving efficiency improvement and cost reduction. For a long time, enterprises pay more attention to Security, namely equipment and production Safety, but do not pay attention to Security, namely the problem of information Security protection. This is because the conventional ICS system is proprietary, independent, and isolated from outside networks. In order to meet continuous and stable production requirements, industrial communication protocols pay more attention to meeting the requirements of real-time performance and lack security protection on transmitted data so as to avoid generating additional overhead. However, in an industrial cloud environment, the identities of users are complex and diverse, and enterprises face risks of diverse sources, especially, logic executed in an industrial system has a direct influence on the physical world, and a system attacked maliciously can cause serious damage and loss to human health safety, environment and equipment, that is, a production safety problem can be caused by an information safety problem. In addition, the public cloud is a semi-trusted environment, and after an enterprise hosts data into a cloud storage system, it cannot be determined whether the storage of the data is actually protected. Therefore, a confidentiality protection method in the processes of data transmission, storage and sharing in the industrial cloud environment needs to be researched, and the requirements of real-time performance and availability of industrial production control are met.
In order to avoid industrial data leakage, the secure transmission of data in the industrial control system can be protected through an encryption method. For an ICS system, a symmetric encryption scheme (AES) has small computation overhead and good real-time performance, but how to manage its keys is a problem that must be considered. The asymmetric encryption scheme (RSA, homomorphic encryption) has higher security, but has large calculation overhead, which affects practical use. In addition, in an actual industrial cloud environment, users are numerous and various in identity, and how to ensure that the users obtain data in the authority range of the users and achieve fine-grained access control is also a problem to be solved urgently.
Attribute Based Encryption (ABE) is one of data protection and access control methods in cloud environment, and has two formalized definitions: Key-Policy Attribute Based Encryption (KP-ABE) and Ciphertext-Policy Attribute Based Encryption (CP-ABE). The CP-ABE encrypts data according to an Access policy, and distributes a corresponding private key to the CP-ABE according to a user attribute, and decryption is successful only if the user attribute satisfies the Access policy, which is conceptually similar to a traditional Access Control model such as Role Based Access Control (RBAC). Therefore, researchers have also applied CP-ABE to the industrial field to achieve data confidentiality protection and access control.
However, simply applying ABE in an industrial environment is not an optimal solution. Firstly, in the process of encryption and decryption, the ABE needs to perform bilinear pairing operation with large calculation overhead and exponential operation on the group, and the calculation and storage overhead increases with the increase of the number of attributes, thereby preventing the ABE from being used in an industrial environment with limited resources. In addition, the encryption and storage overhead of the device is still linearly related to the number of attributes, which is not favorable for practical deployment in the production field.
Disclosure of Invention
The invention provides a data security communication mechanism suitable for an industrial cloud environment, aiming at the problem that the data security is guaranteed while a large amount of data is transmitted in an industrial control system. The invention adopts mixed encryption combining AES and ABE, the equipment end uses AES to encrypt a large amount of industrial data collected from an industrial control system, and then uses ABE to encrypt AES key, thus solving the problems of insufficient security of a symmetric encryption scheme and overlarge calculation cost of an encryption scheme based on attributes. The invention combines encryption and decryption outsourcing with access strategy updating, outsourcing complex encryption calculation and decryption calculation to fog, and carrying out strategy updating in the cloud, thereby greatly reducing the calculation overhead and storage overhead of the equipment end and the user end. In addition, the scheme also realizes 'one-time pad', and updates an AES key after AES encryption is carried out on data by the equipment end each time by utilizing chaotic mapping, so that the safety of data communication is enhanced.
The invention constructs a system model according to an encryption mechanism based on attributes as shown in fig. 1, wherein the system model comprises five entities: central Authority (CA), Data Owner (DO), Fog node (Fog), Cloud Platform (Cloud Platform, Cloud), and Data Consumer (DC). The CA executes a system initialization procedure, generates a public key and a master key, and manages attributes in the system. The DO collects field data such as temperature, pressure, etc. and encrypts it by a symmetric encryption Algorithm (AES) with good real-time. The Fog each receives an AES subkey from the device and generates ciphertext for the subkey using the CP-ABE algorithm. In addition to storing user data, Cloud receives and combines the child key ciphertexts from the fog nodes, thereby generating a final cipher text for the key. The DC declares the attributes it owns to the CA, obtaining the attribute private key.
The invention adopts bilinear pairing to construct a CP-ABE algorithm, which comprises the following steps:
firstly, initializing a system, inputting a system security parameter lambda, and outputting a public parameter PP and a master key MSK;
step two, generating a ciphertext according to the symmetric key KaGenerating a ciphertext CT by using the Data file Data, the public parameter PP, the master key MSK and the access structure (M, rho);
step three, authorization is carried out according to the public parameter PP, the master key MSK and the attribute set
Figure RE-GSB0000197071480000031
Figure RE-GSB0000197071480000032
Generating a transformation key TK and a user private key SK;
step four, file conversion is carried out, and partial decrypted ciphertext is output according to the TK and the CT
Figure RE-GSB0000197071480000033
Step five, accessing the file, and decrypting the ciphertext according to the user private key SK and the part
Figure RE-GSB0000197071480000034
Decrypt to obtain the symmetric key Ka
And step six, changing the access strategy, and outputting a new ciphertext CT ' according to the public parameter PP, the ciphertext CT and the access structure (M ', rho ').
The specific algorithm of each step is as follows:
step one, system initialization: setup (1)λ)→(PP,MSK)
The CA performs system initialization and generates encryption and decryption related parameters. CA first selects a security parameter λ, and then selects a bilinear map e: g → GTWherein G and GTIs two cyclic groups of order p, and G is the generator of group G. Then CA randomly selects G, u, h, w, v belonging to G and alpha belonging to ZpAnd generating the following public key PP and master key MSK:
PP={g,u,h,w,v,e(g,g)α}
MSK={α}
step two, generating a ciphertext:
(a)AES(Ka,Data)→(F)
random selection of K by field devicesa1And Ka2And order Ka1·Ka2=KaThen K is addedaAs a symmetric key, encrypting the field Data by using an AES algorithm to obtain a Data ciphertext
F=AES(Ka,Data)
F is then sent to cloud storage.
(b)Encrypt.fog(PP,Kak,(M,ρ))→(ITk)
The field device sets a LSSS access policy (M, ρ), where M is an l × n matrix and ρ is a function that maps the row number of the matrix to the attributes. Then the strategy and the secret key K are combineda1Sending the strategy and the secret key K to the fog node 1a2To the fog node 2. Each fog node is based on the public key PP and the symmetric sub-key KakAnd an access policy (M, p) for producing intermediate ciphertexts IT of the respective subkeyskWhere k is 1, 2.
Subsequently, the fog node 1 first selects a random vector
Figure RE-GSB0000197071480000041
Wherein s is1To share the secret to each participant, for τ 1= Mτv1Where M isτRepresenting the row τ of matrix M. Then the fog node 1 selects a random number t11,t12,...,t1l∈ZpGenerating intermediate cryptograph IT1The following were used:
Figure RE-GSB0000197071480000051
according to the same steps, the fog node 2 generates an intermediate ciphertext IT2The following were used:
Figure RE-GSB0000197071480000052
then the fog node 1 and the fog node 2 respectively send the ciphertext IT1And IT2And sending the data to the cloud platform.
(c)Encrypt.cloud(IT1,IT2)→(CT)
The cloud receives the ciphertext IT1And IT2The following operations are carried out
Figure RE-GSB0000197071480000053
Figure RE-GSB0000197071480000054
Figure RE-GSB0000197071480000055
Figure RE-GSB0000197071480000056
Figure RE-GSB0000197071480000057
Finally, the cloud generates a symmetric key KaThe ciphertext of (a):
CT={(M,ρ),C,C0,{Cτ,1,Cτ,2,Cτ,3}τ∈[l]}
step three, authorization:
Figure RE-GSB0000197071480000058
attribute aggregation based on a set of data user assertions
Figure RE-GSB0000197071480000059
CA selects random number r, r1,r2,...rk∈ZpCalculating K1=gαwr,K2=gr. For any τ ═ 1,. ·, k }, a calculation is made
Figure RE-GSB00001970714800000510
Figure RE-GSB0000197071480000061
CA selects random number Z belonged to ZpAnd generating an attribute private key AK ═ TK, SK >.
Figure RE-GSB0000197071480000062
SK={z}
The TK is called a conversion key, is associated with the attribute set S and is sent to the fog node to be used for partially decrypting the ciphertext; SK is called the private key of the user, and is kept secret by the data user.
Step four, file conversion:
Figure RE-GSB0000197071480000063
the fog decrypts the partial ciphertext CT from the cloud by using the conversion key TK of the user according to the following formula to generate a conversion ciphertext
Figure RE-GSB0000197071480000064
Figure RE-GSB0000197071480000065
In the above-mentioned formula, the compound of formula,
Figure RE-GSB0000197071480000066
while selecting constant [ omega ]i∈Zp}i∈I. According to the access policy defined by the data owner, when sigmai∈IωiλiWhen is ═ s, { λiCan be considered a shared value valid for the secret s. Otherwise, the algorithm outputs ≠ T.
Step five, accessing the file:
Figure RE-GSB0000197071480000067
when the user obtains the transformed ciphertext from fog, he decrypts the ciphertext using his private key SK as follows
Figure RE-GSB0000197071480000068
Figure RE-GSB0000197071480000069
Step six, changing an access strategy: PolicyUpd (PP, CT, (M ', ρ ')) → (CT ')
And setting the new access policy to be (M ', rho '), running the algorithm by the cloud to update the original policy (M, rho), and converting the original policy (M ', rho ') into the ciphertext CT ' defined by the new policy (M ', rho ') under the condition of not changing the format of the original ciphertext CT.
Data owner selection random vector M'i=(mi1,mi2,...,min') to correspond to the i-th row of the l' × n 'matrix M'. Then cloud selects a random number t'τ∈ZpAnd vector
Figure RE-GSB0000197071480000071
Suppose that
Figure RE-GSB0000197071480000072
It means that the cloud can get the vector
Figure RE-GSB0000197071480000073
According to the ciphertext structure, the cloud performs the following calculations:
Figure RE-GSB0000197071480000074
Figure RE-GSB0000197071480000075
Figure RE-GSB0000197071480000076
Figure RE-GSB0000197071480000077
Figure RE-GSB0000197071480000078
thereby completing the policy update and forming the key KaNew cipher text of
Figure RE-GSB0000197071480000079
Compared with the prior art, the invention can achieve the following beneficial effects: fine-grained access control is realized for users with different attributes; outsourcing encryption and decryption to cloud and fog, and adopting a mixed encryption mode to ensure that the equipment end and the user end only need to carry out simple AES encryption and decryption, the calculation loss is small, and the calculation overhead is a constant value; the access policy is supported to be updated, when the access policy is changed, the file does not need to be downloaded from the cloud, and then the file is encrypted according to the new access policy. And the access strategy is directly updated on the cloud, so that the computing overhead of the equipment end is further reduced. And after the chaotic mapping is used for encrypting at the equipment end each time, the AES key is updated, one-time pad is realized, and the safe transmission of data is ensured.
Drawings
Fig. 1 is a system model diagram of a secure communication mechanism based on attribute encryption according to the present invention, which includes the following entities: 1. a Central Authority (CA); 2. data Owner (DO); 3. fog nodes (Fog); 4. cloud platform (Cloud); 5. data user (DC).
FIG. 2 is a diagram of a policy update model according to the present invention.
Fig. 3 is a file transmission format of a hybrid encrypted data communication scheme according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are described in detail below with reference to the accompanying drawings in the embodiments of the present invention.
Referring to a system model diagram of fig. 1, a symmetric key of a one-time pad is constructed by using Logistic mapping, and real-time and safe direct communication between human and machines is realized by combining the CP-ABE algorithm proposed in the foregoing, which specifically comprises the following steps:
1. establishing a channel
The method comprises the following steps: and initializing the system, and obtaining an attribute private key issued by the CA by the user.
Step two: numbered IDcThe user of (2) requests the field device to establish a session, wishing to update the parameters Para. The field device selects and stores random parameters r and xiWhere i represents the number of communications, r ∈ (3.56995, 4)], x(i)∈[0,1]. While recording the parameters in the database. In this round of requesting session establishment, i is set to 0.
Step three: field device generating symmetric key k0Then, the subkey and the parameter r which form the key are sent to a fog node, the fog node and the cloud respectively process the parameter to generate a CP-ABE ciphertext
(Encrypt(kTcurrent))|DO→DU
Wherein k isTcurrent=r||k0And | currenttime, which is then sent to the user.
Step four: the user can utilize the fog node pair Encrypt (k)Tcurrent) Partial decryption is carried out, final decryption is finished by using a private key of the partial decryption, and K is obtainedTdate. The field device and user can then utilize the secret parameter r, x according to the Logistic mapping0Establishing a secret direct communication channel, and continuously generating communication keys k of each round after iterationiAnd safe one-time pad communication is realized.
2. Data communication
The method comprises the following steps: take the example that the user sends an instruction to the device, assume that the key k of the ith round of communication is owned between the usersi. The user first maps x according to Logistic(i+1)=r*x(i)*(1-x(i)) Generating a communication key ki+1Then, the optimization parameter para, the current time currenttime, is sent to the device encrypted as follows.
{AES(ki+1,currenttime||para),H(currenttime||para)}|DC→DO
Step two: after the field device obtains the instruction from the user, x is also mapped according to Logistic(i+1)= r*x(i)*(1-x(i)) Calculating a session key ki+1Then using the session key ki+1Decrypting the message to obtain a new parameter para, finally comparing whether H ═ H (currentitime | | | para) is equal to H, and if so, proving the authenticity and integrity of the message.
Step three: the field device updates the parameter para, executing the command.
The symmetric key of the next round of conversation is obtained by iteration of the two communication parties by using the Logistic function, so that the working process of man-machine communication of 'one-time pad' is realized.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent substitutions made by using the contents of the present specification and the drawings, or directly or indirectly applied to the related technical fields, are included in the scope of the present invention.

Claims (7)

1. A secure communication mechanism based on attribute encryption, comprising the steps of:
firstly, initializing a system, inputting a system security parameter lambda, and outputting a public parameter PP and a master key MSK;
step two, the user generates a new data file according to the symmetric key KaGenerating a ciphertext CT by using the Data file Data, the public parameter PP, the master key MSK and the access structure (M, rho);
step three, generating a key according to the public parameter PP, the master key MSK and the attribute set
Figure FSA0000255282160000011
Figure FSA0000255282160000012
Generating a transformation key TK and a user private key SK;
step four, generating a conversion key, and outputting a part of decrypted ciphertext according to the TK and the CT
Figure FSA0000255282160000013
Step five, user decryption is carried out, and the ciphertext is decrypted partially according to the user private key SK
Figure FSA0000255282160000014
Decrypt to obtain the symmetric key Ka
And step six, updating the access strategy, and outputting a new ciphertext CT ' according to the public parameter PP, the ciphertext CT and the access structure (M ', rho ').
2. The mechanism of claim 1, wherein the first step comprises:
the CA carries out system initialization and generates parameters related to encryption and decryption, firstly, the CA selects a security parameter lambda, and then selects a bilinear mapping e: g → GTWhich isMiddle G and GTIs a cyclic group of two orders of p, and G is set as a generator of the group G, then CA randomly selects G, u, h, w, v belongs to G, and alpha belongs to ZpAnd generating the following public key PP and master key MSK:
PP={g,u,h,w,v,e(g,g)α}
MSK={α}。
3. the mechanism of claim 1, wherein the second step comprises:
step one, respectively and randomly selecting K by field equipmenta1And Ka2And order Ka1.Ka2=KaThen K is addedaAs a symmetric key, encrypting the field Data by using an AES algorithm to obtain a Data ciphertext
F=AES(Ka,Data)
Then sending F to cloud storage;
step two: setting an LSSS access policy (M, rho) by the field device, wherein M is an l multiplied by n matrix, and rho is a function for mapping the row number of the matrix to the attribute; then the strategy and the secret key K are combineda1Sending the strategy and the secret key K to the fog node 1a2Sending to the fog nodes 2, each fog node will be according to the public key PP, the symmetric sub-key KakAnd an access policy (M, p) for producing intermediate ciphertexts IT of the respective subkeyskWhere k is 1, 2;
subsequently, the fog node 1 first selects a random vector
Figure FSA0000255282160000021
Wherein s is1To share the secret to each participant, for τ 1=Mτv1Where M isτRow τ representing matrix M; then the fog node 1 selects a random number t11,t12,...,t1l∈ZpGenerating intermediate cryptograph IT1The following were used:
Figure FSA0000255282160000022
according to the same steps, the fog node 2 generates an intermediate ciphertext IT2The following were used:
Figure FSA0000255282160000023
then the fog node 1 and the fog node 2 respectively send the ciphertext IT1And IT2Sending the data to a cloud platform;
step three: the cloud receives the ciphertext IT1And IT2The following operations are carried out
Figure FSA0000255282160000024
Figure FSA0000255282160000025
Figure FSA0000255282160000026
Figure FSA0000255282160000027
Figure FSA0000255282160000028
Finally, the cloud generates a symmetric key KaThe ciphertext of (a):
CT={(M,ρ),C,C0,{Cτ,1,Cτ,2,Cτ,3}τ∈[l]}。
4. the mechanism of claim 1, wherein the third step comprises:
attribute aggregation based on a set of data user assertions
Figure FSA0000255282160000031
CA selects random number r, r1,r2,...rk∈ZpCalculating K1=gαwr,K2=grFor any τ ═ 1,. ·, k }, a calculation is made
Figure FSA0000255282160000032
Figure FSA0000255282160000033
CA selects random number Z belonged to ZpGenerating an attribute private key AK ═<TK,SK>;
Figure FSA0000255282160000034
SK={z}
The TK is called a conversion key, is associated with the attribute set S and is sent to the fog node to be used for partially decrypting the ciphertext; SK is called the private key of the user, and is kept secret by the data user.
5. The mechanism of claim 1, wherein the fourth step comprises:
the fog decrypts the partial ciphertext CT from the cloud by using the conversion key TK of the user according to the following formula to generate a conversion ciphertext
Figure FSA0000255282160000035
Figure FSA0000255282160000036
In the above-mentioned formula, the compound of formula,
Figure FSA0000255282160000037
while selecting constant [ omega ]i∈Zp}i∈IAccording to the access policy defined by the data owner, when ∑i∈IωiλiWhen is ═ s, { λiIt can be considered a share value valid for secret s, otherwise the algorithm outputs ×.
6. The mechanism of claim 1, wherein said step five comprises:
when the user obtains the transformed ciphertext from fog, he decrypts the ciphertext using his private key SK as follows
Figure FSA0000255282160000041
Figure FSA0000255282160000042
7. The mechanism of claim 1, wherein the sixth step comprises:
setting a new access policy as (M ', rho '), operating the algorithm by the cloud to update the original policy (M, rho), and converting the original policy (M, rho) into a ciphertext CT ' defined by the new policy (M ', rho ') under the condition of not changing the format of the original ciphertext CT;
data owner selection random vector M'i=(mi1,mi2,...,min′) Corresponding to the ith row of the l '× n' matrix M ', and then cloud selects a random number t'τ∈ZpAnd vector
Figure FSA0000255282160000043
Suppose that
Figure FSA0000255282160000044
It means that the cloud can get the vector
Figure FSA0000255282160000045
According to the ciphertext structure, the cloud performs the following calculations:
Figure FSA0000255282160000046
Figure FSA0000255282160000047
Figure FSA0000255282160000048
Figure FSA0000255282160000049
Figure FSA00002552821600000410
thereby completing the policy update and forming the key KaNew cipher text of
Figure FSA00002552821600000411
CN202111218206.8A 2021-10-19 2021-10-19 Safe communication mechanism based on attribute encryption Pending CN113965372A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111218206.8A CN113965372A (en) 2021-10-19 2021-10-19 Safe communication mechanism based on attribute encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111218206.8A CN113965372A (en) 2021-10-19 2021-10-19 Safe communication mechanism based on attribute encryption

Publications (1)

Publication Number Publication Date
CN113965372A true CN113965372A (en) 2022-01-21

Family

ID=79464682

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111218206.8A Pending CN113965372A (en) 2021-10-19 2021-10-19 Safe communication mechanism based on attribute encryption

Country Status (1)

Country Link
CN (1) CN113965372A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150379280A1 (en) * 2014-06-30 2015-12-31 Nicira, Inc. Method and Apparatus for Dynamically Creating Encryption Rules
CN105897812A (en) * 2015-04-10 2016-08-24 杭州远眺科技有限公司 Safe data sharing method suitable for hybrid cloud environment
CN108881314A (en) * 2018-08-28 2018-11-23 南京邮电大学 Mist calculates the method and system for realizing secret protection under environment based on CP-ABE ciphertext access control
CN112104619A (en) * 2020-08-27 2020-12-18 西南大学 Data access control system and method based on outsourcing ciphertext attribute encryption

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150379280A1 (en) * 2014-06-30 2015-12-31 Nicira, Inc. Method and Apparatus for Dynamically Creating Encryption Rules
CN105897812A (en) * 2015-04-10 2016-08-24 杭州远眺科技有限公司 Safe data sharing method suitable for hybrid cloud environment
CN108881314A (en) * 2018-08-28 2018-11-23 南京邮电大学 Mist calculates the method and system for realizing secret protection under environment based on CP-ABE ciphertext access control
CN112104619A (en) * 2020-08-27 2020-12-18 西南大学 Data access control system and method based on outsourcing ciphertext attribute encryption

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YUANFEI TU等: "A secure, efficient and verifiable multimedia data sharing", 《CLUSTER COMPUTING》 *

Similar Documents

Publication Publication Date Title
Liang et al. Searchable attribute-based mechanism with efficient data sharing for secure cloud storage
CN104113408B (en) It is a kind of realize the revocation of timely user property based on ciphertext policy ABE encryption method
Guo et al. TABE-DAC: Efficient traceable attribute-based encryption scheme with dynamic access control based on blockchain
CN110602086B (en) Repealable and outsourced multi-authorization center attribute-based encryption method in fog computing
CN108632030B (en) CP-ABE-based fine-grained access control method
WO2021190452A1 (en) Lightweight attribute-based signcryption method for cloud and fog-assisted internet of things
CN110247767B (en) Revocable attribute-based outsourcing encryption method in fog calculation
Jin et al. A secure and lightweight data access control scheme for mobile cloud computing
Lai et al. Adaptable ciphertext-policy attribute-based encryption
Touati et al. Batch-based CP-ABE with attribute revocation mechanism for the Internet of Things
Zhao et al. A verifiable hidden policy CP‐ABE with decryption testing scheme and its application in VANET
CN105897812A (en) Safe data sharing method suitable for hybrid cloud environment
Ming et al. Efficient revocable multi-authority attribute-based encryption for cloud storage
CN104158880A (en) User-end cloud data sharing solution
CN111917721B (en) Attribute encryption method based on block chain
CN110933033A (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
CN114697042A (en) Block chain-based Internet of things security data sharing proxy re-encryption method
CN106169996B (en) Multi-area optical network key management method based on key hypergraph and identification cipher
Mahdavi et al. IoT-friendly, pre-computed and outsourced attribute based encryption
Wang et al. Enabling privacy and leakage resistance for dynamic blockchain-based access control systems
CN115189903B (en) Distributed access control method supporting privacy protection in Internet of vehicles
CN118337367B (en) Intelligent networking vehicle track prediction method and related device based on federal learning
CN110890961B (en) Novel safe and efficient multi-authorization attribute-based key negotiation protocol
CN114244567B (en) CP-ABE method for supporting circuit structure in cloud environment
CN113938275B (en) Quantum homomorphic signature method based on d-dimension Bell state

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20220121