CN116707854A - Robust cloud storage access control method based on attribute encryption - Google Patents

Robust cloud storage access control method based on attribute encryption Download PDF

Info

Publication number
CN116707854A
CN116707854A CN202310318030.6A CN202310318030A CN116707854A CN 116707854 A CN116707854 A CN 116707854A CN 202310318030 A CN202310318030 A CN 202310318030A CN 116707854 A CN116707854 A CN 116707854A
Authority
CN
China
Prior art keywords
key
ciphertext
data
user
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310318030.6A
Other languages
Chinese (zh)
Inventor
赵兴文
张喆
李晖
彭灿玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202310318030.6A priority Critical patent/CN116707854A/en
Publication of CN116707854A publication Critical patent/CN116707854A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a robust cloud storage access control method based on attribute encryption, which comprises the processes of system initialization, proxy encryption, data encryption, user private key generation, proxy decryption and data decryption, wherein in the process of system initialization, a CA can calculate public key parameters related to a secret key alpha under the condition that the secret key alpha is not required to be known. When generating the user private key, any t AA calculates a user private key share respectively, and the data user calculates the user private key by using the user private key share. Because any entity in the system cannot acquire the secret key alpha independently, a data user can decrypt ciphertext data to be accessed only under the condition that the attribute meets the access policy by the aid of the cloud server and t AA. Therefore, the application ensures that an attacker cannot generate a specific user private key to decrypt the data ciphertext as long as not more than t AA are attacked at the same time, and simultaneously improves the safety and the reliability of an access control system.

Description

Robust cloud storage access control method based on attribute encryption
Technical Field
The application belongs to the technical field of network security, and particularly relates to a robust cloud storage access control method based on attribute encryption.
Background
With the rapid development of computer technology, demands for data storage and high-performance computing have increased dramatically, and cloud computing technology has been developed and widely used. Cloud storage is one of the main services provided by cloud computing, and uses a cloud server to remotely host data of users, so that the cost of IT management and maintenance of the users is reduced, and great convenience is brought to individuals and enterprises for sharing the data on the Internet. However, cloud storage also faces many challenges in the application process, where data security has been the most of the data owner's concerns.
Attribute-based encryption (ABE) is an effective means for protecting confidentiality of cloud storage data as a data encryption technology capable of realizing flexible and fine-grained access control. Attribute-based encryption is a public key encryption mechanism in which a sender encrypts a message using the public key of a receiver and the receiver decrypts the message using the private key. Unlike traditional public key encryption, in attribute-based encryption, one public key can correspond to a plurality of private keys, each private key and data ciphertext are associated with a group of attributes, and only the private key meeting the attribute requirements can be used for decrypting the corresponding ciphertext, so that flexible and fine-grained access control is realized while data confidentiality is ensured. According to the difference of the related objects of the access strategies, the encryption based on the attributes can be divided into two categories of key strategy based on attribute encryption (KP-ABE) and ciphertext strategy based on attribute encryption (CP-ABE), wherein the access strategies of the CP-ABE are generated by a data owner in the encryption process and are related to the data ciphertext, so that only users with the attributes meeting the access strategies can decrypt the data, and the access control method is more suitable for realizing the security access control centered on the data owner in cloud storage. In addition, according to the different quantity of the authorities for managing the attributes in the system model, the attribute-based encryption scheme can be divided into a single-mechanism type and a multi-mechanism type based encryption scheme, and the structural design of the multi-mechanism type generally reduces the workload and the potential safety hazard of a single authority and can realize distributed access control.
Many existing multi-mechanism based on attribute encryption schemes expand classical schemes in terms of functional characteristics, security, cost, efficiency and the like, and can realize performance advantages of user privacy protection, traceability, policy hiding, ciphertext and secret keys with fixed sizes, outsourcing calculation and the like. For example, in a multi-mechanism based attribute encryption scheme suitable for industrial internet of things, a cloud server acts as a semi-trusted proxy server, a data owner and a data user respectively entrust a part with complex computation in encryption and decryption processes to the cloud server for computation, so that the computation cost of a user side can be reduced, the cloud server encrypts a ciphertext access policy in a proxy encryption stage, and the cloud server recovers the access policy when the proxy decrypts, so that the data user cannot know the plaintext access policy, and the access policy is prevented from being acquired by malicious users. In addition, the sizes of the ciphertext and the secret key in the scheme are constant levels, so that the size of the ciphertext and the secret key cannot be increased along with the increase of the number of the attributes, and extra communication cost and storage cost are avoided.
In the prior art, although a plurality of Attribute Authorities (AA) manage the attributes of the system, so that the workload of the user private key generation request can be balanced, the whole attribute set of the system is divided into a plurality of disjoint attribute subsets, each attribute subset is independently managed by one AA, and when a certain AA goes offline due to a fault, the user corresponding to the managed attribute set cannot normally acquire the private key, so that the normal operation of the system is affected. In addition, an attacker can easily obtain a master key for calculating a user private key by attacking any AA, and further generates the user private key corresponding to a specific attribute set to crack the ciphertext, so that the cloud storage data is revealed. Therefore, the prior art scheme has single-point bottleneck problems in performance and safety, and influences the reliability of the system. In addition, in the system initialization stage of the prior art scheme, each AA needs to negotiate a shared seed key with the rest of AA, and calculate a corresponding pseudo-random function for the subsequent private key generation process. Moreover, when each user requests to generate the private key, all AA are needed to participate in calculation, so that the communication cost and the storage cost of the scheme in the implementation process are high, the efficiency is low, and the user experience is affected.
Disclosure of Invention
In order to solve the problems in the prior art, the application provides a robust cloud storage access control method based on attribute encryption. The technical problems to be solved by the application are realized by the following technical scheme:
the application provides a robust cloud storage access control method based on attribute encryption, which is applied to a cloud storage access control system, wherein the cloud storage access control system comprises the following steps: a unique central authority CA, n attribute authorities AA, a data owner, a data user and a cloud server, the robust attribute encryption based cloud storage access control method comprising:
step 1, a central authority completes system initialization according to a secret key shared by all attribute authorities, so as to generate a system public key and a master key, and the system public key and the master key are sent to all authorities and a cloud server;
step 2, the cloud server encrypts the access strategy according to the access strategy and the system public key set by the data owner to obtain partial ciphertext and sends the partial ciphertext to the data owner;
step 3, the data owner sends the access strategy to the cloud server, the cloud server calculates partial ciphertext, the plaintext data is symmetrically encrypted by using a random symmetric key, a complete ciphertext is obtained according to the access strategy, the system public key and the partial ciphertext encryption symmetric key, and the complete ciphertext is sent to the cloud server;
step 4, the attribute authority authenticates the identity of the data user by using an authentication key of the central authority, an attribute set is distributed to the data user according to the authority of the data user after the authentication is passed, a private key parameter is generated for the data user by using an access structure corresponding to the attribute set and a master key, and a plurality of private key shares are calculated for the data user by using a system public key and a secret key share; the data user calculates the private key of the user according to the private key share;
step 5, the cloud server carries out partial decryption on the partial ciphertext according to the partial ciphertext, the processed user private key and the system public key, so as to calculate dense partial parameters in the decryption process, and the access structure of the data user meets the ciphertext access policy, calculates a decryption token and sends the decryption token to the data user;
and 6, the data user firstly requests the ciphertext to be accessed from the cloud server, then, part of the ciphertext and the processed user private key are sent to the cloud server, the cloud server calculates a decryption token, and the data user decrypts the rest ciphertext in the complete ciphertext according to the decryption token to obtain a plaintext or an empty message.
The application has the beneficial effects that:
the application designs a robust cloud storage access control method based on attribute encryption, wherein all AA commonly manage attribute sets of a system, a secret key alpha is implicitly arranged in the system through a threshold secret sharing mechanism, each AA calculates a public key share according to own secret shares and shares the public key share to a CA, and the CA can calculate public key parameters related to the secret key alpha by utilizing the public key shares of any t AA under the condition that the secret key alpha is not required to be known. In the process of generating the user private key, any t AA calculates a user private key share according to own secret shares, a data user calculates a private key parameter related to the secret key alpha by using the collected t user private key shares, and then the user private key can be calculated. Because any entity in the system cannot acquire the secret key alpha independently, any entity except the data owner does not have the capability of completely decrypting the ciphertext, and the data user can decrypt ciphertext data which want to be accessed through the assistance of the cloud server and t AA only under the condition that the attribute meets the access policy. Therefore, the application eliminates single-point performance and safety bottleneck in the prior art scheme, ensures that an attacker cannot generate a specific user private key to illegally decrypt data ciphertext as long as t AA are not attacked at the same time, and can generate the user private key corresponding to the attribute set of any legal user as long as at least t AA work normally in the system, thereby improving the safety and reliability of the access control system.
The present application will be described in further detail with reference to the accompanying drawings and examples.
Drawings
FIG. 1 is a system model diagram of the present application;
FIG. 2 is a schematic flow chart of a robust attribute encryption-based cloud storage access control method;
FIG. 3 is a system initialization flow chart of the present application;
FIG. 4 is a proxy encryption flow chart of the present application;
FIG. 5 is a flow chart of data encryption according to the present application;
FIG. 6 is a flow chart of user private key generation in accordance with the present application;
FIG. 7 is a proxy decryption flow chart of the present application;
fig. 8 is a data decryption flow chart of the present application.
Detailed Description
The present application will be described in further detail with reference to specific examples, but embodiments of the present application are not limited thereto.
The application provides a robust cloud storage access control method based on attribute encryption, which is applied to a cloud storage access control system. As shown in fig. 1, the cloud storage access control system comprises 5 entities, namely a unique Central Authority (CA), n Attribute Authorities (AA), a data owner, a data user and a cloud server. The CA is a completely trusted entity and is responsible for setting system public parameters and attribute public keys corresponding to different attributes in the system initialization stage. In addition, the CA also receives registration requests from users and AA, and assigns unique identity and credentials to each legitimate user and each AA. The CA also determines a threshold for the number of AAs that each participate in the user's private key generation process. However, the CA does not participate in the user private key generation process; the AA is mainly responsible for attribute management and user private key generation. In addition, the AA also participates in the system initialization process. In the technical scheme of the application, a plurality of AA commonly manage the whole attribute set of the system, but any AA can not independently generate and distribute a secret key for a user because all AA share a secret key of the system. Each AA obtains a secret share as its own private key and then sends the corresponding public key to the CA to generate a system public key. In the user private key generation stage, each AA only needs to generate own user private key share independently, and communication among a plurality of AA is not needed; the data owner is responsible for encrypting his own data and defining the access policies for the data. First, the data owner encrypts his own data using a symmetric key through a symmetric encryption algorithm (e.g., AES), then defines an access policy on a set of attributes, and encrypts the symmetric key with the system public key according to the policy. Then, the data owner sends the data ciphertext and the symmetric key ciphertext to a cloud server for storage; the data user obtains the globally unique identity from the CA and applies for the private keys of the user from a plurality of AA by utilizing the identity. The data user can acquire any ciphertext stored in the cloud server, but can decrypt the data only when the attribute of the ciphertext meets the access policy in the ciphertext; the cloud server provides a platform for storing and sharing ciphertext data for the data owners, the cloud server is not responsible for executing data access control for the data owners, and the ciphertext data in the cloud can be downloaded by users at will. In addition, in the technical scheme of the application, the cloud server is also used as a proxy server to execute partial encryption and decryption operation, so that the calculation cost of a user is reduced, and the efficiency of the system is improved.
The robust cloud storage access control method based on attribute encryption, disclosed by the application, specifically comprises the following steps:
step 1, completing system initialization by a central authority according to secret keys shared by all attribute authorities, thereby generating a system public key and a master key, and sending the system public key and the master key to all authorities and a cloud server;
referring to fig. 3, step 1 of the present application is a system initialization process, which is completed by CA and all n AA's, where n AA's implicitly set a secret key α in the system through a threshold secret sharing scheme, and the CA generates a system public key PK and a master key MK, and specifically includes:
(1) CA generates system public parameter G= { G according to security parameter 1 ,G 2 ,G t P, e }, where G 1 ,G 2 And G t Are cyclic multiplication groups of order prime number p, G and h are each G 1 And G 2 Is mapped to e: G 1 ×G 2 →G t Satisfy e (g) a ,h b )=e(g,h) ab Is a modulo-p multiplication group;
(2) CA selects 4 anti-collision one-way hash functions: wherein l σ And l k The lengths of the security parameter and the symmetric key k are respectively represented;
(3) The CA registers with the data consumer and AA, and the CA generates a key pair (k S ,k V ) For signing and authentication; wherein the authentication key k V Is disclosed within the system. The method specifically comprises the following steps:
data user registration: after the CA receives the registration request of each data user, the CA firstly authenticates the validity of the data user and then distributes a unique identity for the data userAnd use k S Issuing a certificate Cert for a data user uid
AA registration: after the CA receives the registration request of each AA, a unique identity is allocated to each legal AAAnd a certificate Cert aid
(4) The CA sets a threshold value t of a secret sharing scheme according to the number n of AA in the system;
(5) N AA's within the system cooperate with each other to share a system secret key α using a threshold secret sharing scheme, each AA i (i∈[1,n]) Randomly selectAs a secondary secret value, the secret key α is implicitly set to +.>Each AA (AA) i Randomly generating a polynomial f with degree t-1 i (x) Satisfy f i (0)=α i . Each AA (AA) i For other n-1 AA j (j=1, 2,) i-1, i+1, n) calculates the sub-secret shares s, respectively ij =f i (aid j ) And safely sent to AA j At the same time calculate s for oneself ii =f i (aid i ). When AA is i Receiving n-1 s ji Thereafter, the self-contained secret shares can be calculatedThen the corresponding public key share is calculated +.>After the above process is completed, each AA i Will pk i Sharing to the CA;
(6) CA based on public key share pk of any t AA i (i=1 to t), a first public key parameter is calculated:and ω=h 1 (e(g,h) α );
(7) CA selects random numberCalculating a second public key parameter for N attributes within the system: />And
(8) CA according to the first public keyThe number and the second public key parameter output a system public key PK and a master key MK; pk= (G, h, e (G, h) α ,ω,n,t,{(u i ,v i ),i=1~N},H j (j=1~4)),MK=(k 1 ,k 2 );
(9) CA will master key mk= (k 1 ,k 2 ) Send to all AA's and let k 2 To a semi-trusted cloud server (i.e., proxy server). The secret key a need not be acquired by any entity within the system, including the CA.
Step 2, the cloud server encrypts the access strategy according to the access strategy and the system public key set by the data owner to obtain partial ciphertext and sends the partial ciphertext to the data owner;
referring to fig. 4, step 2 of the present application is a proxy encryption process, which is performed by a semi-trusted cloud server according to an access policy P and a random number σ set by a data owner 1 And a system public key PK for completing the computationally intensive part of the data encryption process, wherein the encryption processing of the access strategy P is included, and a part of ciphertext C' is obtained and sent to a data owner, and the method specifically comprises the following steps:
(1) The cloud server calculates a polynomial according to the access strategy PThe highest degree of the polynomial does not exceed N, q i Represents x i Coefficients of the term;
(2) Encrypting the access policy P to obtain an encrypted access policy
(3) Calculating partial ciphertext parameters by using the system public key PK and coefficients of a polynomial:
(4) Outputting a partial ciphertext C' = (EP, L) containing the encrypted access policy and the partial ciphertext parameter 1 ′,L 2 ′)。
Step 3, the data owner sends the access strategy to the cloud server, the cloud server calculates partial ciphertext, the plaintext data is symmetrically encrypted by using a random symmetric key, a complete ciphertext is obtained according to the access strategy, the system public key and the partial ciphertext encryption symmetric key, and the complete ciphertext is sent to the cloud server;
referring to fig. 5, step 3 of the present application is a data encryption process, which is performed by the data owner, and the access policy P and the random number σ 1 And sending the encrypted ciphertext C to a cloud server, entrusting the cloud server to calculate a partial ciphertext C', continuing to encrypt the partial ciphertext C to obtain a complete ciphertext C, and then sending the ciphertext C to the cloud server for storage. The method specifically comprises the following steps:
(1) The data owner chooses a random number sigma 1Define access policy p= { P 1 ,p 2 ,...,p N Then executing proxy encryption algorithm on the cloud server to obtain partial ciphertext C' = (EP, L) 1 ′,L 2 ′);
(2) Data owner selects a random numberAs symmetric key, then symmetric encryption is performed on plaintext M by using symmetric key k to obtain E κ (M);
(3) Encrypting the symmetric key kappa according to the access strategy P, the partial ciphertext C' and the public key PK, and calculating a complete ciphertext parameter: λ=h 1 (P,κ,σ 2 ),R=g ωλ
(4) Outputting a complete ciphertext c= (EP, σ) comprising a complete ciphertext parameter 1 ,R,L 1 ,L 2 ,C 1 ,C 2 ,E κ (M)) and will complete ciphertext c= (EP, σ) 1 ,R,L 1 ,L 2 ,C 1 ,C 2 ,E κ (M)) to the cloud server.
Step 4, the attribute authority authenticates the identity of the data user by using an authentication key of the central authority, an attribute set is distributed to the data user according to the authority of the data user after the authentication is passed, then a private key parameter is generated for the data user by using an access structure and a master key corresponding to the attribute set, and a private key share is calculated for the data user by using a system public key and a secret share; the data user calculates the private key of the user according to the private key share;
referring to FIG. 6, step 4 of the present application is a user private key generation process, which is performed by a data user and any t AA, which uses the CA's public key k V Authenticating the identity of the data user, generating a private key parameter for the data user according to the authority of the data user and the master key MK after the authentication is passed, and utilizing the public key PK and the secret share sk i T private key shares are calculated for the data user, and the data user calculates own private key K after collecting the information u . The method specifically comprises the following steps:
(1) The data user selects any AA in the system to communicate, so that the AA completes the identity authentication process of the data user, and an attribute set and a corresponding access structure are distributed to the data user according to the role and the authority of the data user under the authentication success, and partial private key parameters and private key shares are calculated and sent to the data user;
wherein the data user firstly sends the data to AA i Sending signature request message containing self identity and certificate, AA i With public key k of CA V Verifying the validity of the certificate, and then verifying the signature information to complete the identity authentication process of the data user. If authentication is successful, AA i The data user is assigned an attribute set according to the role and authority of the data user, and is expressed as an access structure A u ={a 1 ,a 2 ,...,a N -calculating a polynomialThen calculate θ 1 =1/k 1 q(ω,A u ),θ 2 =k 2 /k 1 Private key share->Will A u ,θ 1 ,θ 2 ,aid i And (b) i ,d i ) Sending the data to a data user;
(2) The data user selects other arbitrary t-1 AA to communicate respectively, and obtains the private key share of t-1 AAAnd aid j Where j ε (1, t) and j+.i;
(3) The data user selects a random number according to the access structure, part of the private key parameters and t private key sharesCalculating a complete private key parameter;
wherein the data user collects A u ,θ 1 ,θ 2 T private key shares (b i ,d i ) And aid i After (i=1 to t), selecting a random numberCalculate the complete private key parameter +.>
(4) Outputting user private key K containing complete private key parameters u =(A u ,b μ ,b θ ,d)。
Step 5, the cloud server decrypts the partial ciphertext according to the partial ciphertext sent by the data user, the processed user private key and the system public key so as to calculate dense partial parameters in the decryption process, calculates a decryption token when the access structure of the data user meets the ciphertext access policy, and sends the decryption token to the data user;
referring to fig. 7, step 5 of the present application is a proxy decryption process, which is performed by a semi-trusted cloud server according to a partial ciphertext C sent by a data user p And a processed user private key K u ' and public Key PK, to complete the computationally intensive part of the decryption process if and only if K u Access Structure A contained in' u When the ciphertext access policy P is satisfied, the decryption token M' can be calculated and sent to the data user. The method specifically comprises the following steps:
(1) The cloud server recovers the access strategy from partial ciphertext sent by the data userThen pass verification->Whether the access structure of the data user meets the access policy is checked, if not, the calculation is terminated; if so, calculating a polynomial according to the access structure and the access policyThe degree of the polynomial is N-P (P represents the number of 1 in P) at most, Q i Represents x i Coefficient of term and Q 0 ≠0;
(2) The cloud server utilizes the processed user private key K u The' sum system public key PK decrypts part of the ciphertext and calculates decryption parameters:
(3) The cloud server outputs a decryption token M' = (T, UV) according to the decryption parameters,Q 0 ) To the data user.
And 6, the data user firstly requests the ciphertext to be accessed from the cloud server, then, part of the ciphertext and the processed user private key are sent to the cloud server, a decryption token calculated by the cloud server is obtained, and the data user decrypts the rest ciphertext in the complete ciphertext according to the decryption token, so that a plaintext or an empty message is obtained.
Referring to fig. 8, step 6 of the present application is completed by the data user in the data decryption process, and the ciphertext C to be accessed is requested to the cloud server first, and then part of the ciphertext C is used for decrypting the data p And a processed user private key K u 'send to cloud server, entrust it to calculate decryption token M', continue to finish decryption and get plaintext M or empty message T. The method specifically comprises the following steps:
(1) The data user selects a random numberAnd its inverse element eta', randomizing the user private key to obtain the processed user private key K u ′=(A u ,b μη ,b θη ,d η η'), then processing the user private key and part of ciphertext C p =(EP,σ 1 ,L 1 ,L 2 ) Transmitting to a cloud server, and performing a proxy decryption algorithm by the cloud server to obtain a decryption token M' = (T, UV, Q) 0 );
(2) The data user decrypts the remaining ciphertext using the decryption token M' to calculate the decryption parameters:
λ′=H 1 (P,κ′,σ 2 ′);
(3) Verifying the decryption parameters, if e (g, h) αλ ≡e(g,h) αλ′ The verification is true, otherwise, the verification is not true, the failure indicates decryption failure,outputting an empty message T; if the verification is true, the decryption is successful, and the output kappa' is the symmetric key kappa;
(4) After the data user obtains the symmetric key k, the data portion E in the complete secret is decrypted κ And (M) obtaining a final plaintext M, and finishing the data access process.
In the application, the CA registers each AA and each data user respectively in the system initialization process and distributes globally unique identity and certificate, the identity of the AA is used for calculating the secret share of each member AA in the threshold secret sharing scheme, and recovering the secret key alpha shared among all member AA, thereby ensuring that the public key and the private key parameters related to the secret key alpha can be calculated only under the participation of t AA, and improving the attack resistance of the AA and the security of the key. The identity and the certificate of the data user can prevent an illegal user from invading the system to acquire the private key and collusion of users.
In the application, the secret key alpha is shared between the AA through a threshold secret sharing scheme, and the safe sharable public key share is calculated by utilizing the secret key share, so that the CA is assisted to generate partial public key parameters, and the method is safer than the method in the prior art that the partial public key is calculated by directly utilizing the respective parameters between the AA. When generating a user private key, only any t AA but not all n AA are needed to participate, each AA calculates the private key share by utilizing own secret share and then sends the private key share to a data user to calculate the private key, while in the prior art, each AA needs to negotiate a seed key with other AA and calculate a corresponding pseudo-random function respectively, and each AA can calculate the private key share for the data user by utilizing the pseudo-random functions so as to generate the private key. Therefore, compared with the prior art, the technical scheme of the application obviously improves the calculation efficiency and simultaneously reduces the communication cost and the storage cost of each entity in the system.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. In the description of the present application, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
Although the application is described herein in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a study of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the "a" or "an" does not exclude a plurality.
The foregoing is a further detailed description of the application in connection with the preferred embodiments, and it is not intended that the application be limited to the specific embodiments described. It will be apparent to those skilled in the art that several simple deductions or substitutions may be made without departing from the spirit of the application, and these should be considered to be within the scope of the application.

Claims (7)

1. A robust cloud storage access control method based on attribute encryption is applied to a cloud storage access control system, and the cloud storage access control system comprises: a unique central authority CA, n attribute authorities AA, a data owner, a data user and a cloud server, wherein the robust attribute encryption based cloud storage access control method comprises:
step 1, a central authority completes system initialization according to a secret key shared by all attribute authorities, so as to generate a system public key and a master key, and the system public key and the master key are sent to all authorities and a cloud server;
step 2, the cloud server encrypts the access strategy according to the access strategy and the system public key set by the data owner to obtain partial ciphertext and sends the partial ciphertext to the data owner;
step 3, the data owner sends the access strategy to the cloud server, the cloud server calculates partial ciphertext, the plaintext data is symmetrically encrypted by using a random symmetric key, a complete ciphertext is obtained according to the access strategy, the system public key and the partial ciphertext encryption symmetric key, and the complete ciphertext is sent to the cloud server;
step 4, the attribute authority authenticates the identity of the data user by using an authentication key of the central authority, an attribute set is distributed to the data user according to the authority of the data user after the authentication is passed, a private key parameter is generated for the data user by using an access structure corresponding to the attribute set and a master key, and a plurality of private key shares are calculated for the data user by using a system public key and a secret key share; the data user calculates the private key of the user according to the private key share;
step 5, the cloud server carries out partial decryption on the partial ciphertext according to the partial ciphertext, the processed user private key and the system public key, so as to calculate dense partial parameters in the decryption process, and the access structure of the data user meets the ciphertext access policy, calculates a decryption token and sends the decryption token to the data user;
and 6, the data user firstly requests the ciphertext to be accessed from the cloud server, then, part of the ciphertext and the processed user private key are sent to the cloud server, the cloud server calculates a decryption token, and the data user decrypts the rest ciphertext in the complete ciphertext according to the decryption token to obtain a plaintext or an empty message.
2. The robust attribute-based encryption cloud storage access control method of claim 1, wherein step 1 comprises:
(1) The central authority CA generates public parameters of the system according to the security parameters;
(2) The CA selects 4 anti-collision one-way hash functions according to the public parameters of the system:
(3) The CA registers with the data consumer and AA, and the CA generates a key pair (k S ,k V ) For signing and authentication;
(4) The CA sets a threshold value t of a secret sharing scheme according to the number n of AA in the system;
(5) N AA in the system cooperate with each other by utilizing a threshold secret sharing scheme to share a system secret key alpha, calculate the corresponding public key share of each AA, and share the public key share to the CA;
(6) The CA calculates a first public key parameter according to public key shares of any t AA;
(7) CA selects random numberCalculating a second public key parameter for N attributes in the system;
(8) The CA outputs a system public key PK and a master key MK according to the first public key parameter and the second public key parameter;
(9) The CA sends the master key to all AA's and sends some of the master keys to the cloud server.
3. The robust attribute-based encryption cloud storage access control method of claim 1, wherein step 2 comprises:
(1) The cloud server calculates a polynomial according to the access strategy P;
(2) Encrypting the access policy P to obtain an encrypted access policy;
(3) Calculating partial ciphertext parameters by using the system public key PK and the coefficients of the polynomial;
(4) And outputting the partial ciphertext comprising the encrypted access policy and the partial ciphertext parameter.
4. The robust attribute-based encryption cloud storage access control method of claim 1, wherein step 3 comprises:
(1) Data owner selects a random numberDefine access policy p= { P 1 ,p 2 ,...,p N Then executing proxy encryption algorithm on the cloud server to obtain partial ciphertext C' = (EP, L) 1 ′,L 2 ′);
(2) Data owner selects a random numberAs symmetric key, then symmetric encryption is performed on plaintext M by using symmetric key k to obtain E κ (M);
(3) Encrypting a symmetric key kappa according to the access strategy P, the partial ciphertext C' and the public key PK, and calculating a complete ciphertext parameter;
(4) And outputting the complete ciphertext containing the complete ciphertext parameter, and uploading the complete ciphertext to the cloud server.
5. The robust attribute-based encryption cloud storage access control method of claim 1, wherein step 4 comprises:
(1) The data user selects any AA in the system to communicate, so that the AA completes the identity authentication process of the data user, and an attribute set and a corresponding access structure are distributed to the data user according to the role and the authority of the data user under the authentication success, and partial private key parameters and private key shares are calculated and sent to the data user;
(2) The data user selects other arbitrary t-1 AA to communicate respectively, and the private key share of the t-1 AA is obtained;
(3) The data user selects a random number according to the access structure, part of the private key parameters and t private key sharesCalculating a complete private key parameter;
(4) A user private key is output that includes the complete private key parameter.
6. The robust attribute-based encryption cloud storage access control method of claim 1, wherein step 5 comprises:
(1) The cloud server recovers the access strategy from the partial ciphertext sent by the data user, checks whether the access structure of the data user meets the access strategy, and if so, calculates a polynomial according to the access structure and the access strategy;
(2) Cloud server utilizationProcessed user private key K u Decrypting part of the ciphertext by the' sum system public key PK, and calculating decryption parameters;
(3) And the cloud server outputs the decryption token to the data user according to the decryption parameters.
7. The robust attribute-based encryption cloud storage access control method of claim 6, wherein step 6 comprises:
(1) The data user selects a random numberAnd the inverse element eta' of the method carries out randomization treatment on the user private key to obtain a treated user private key, then the treated user private key and partial ciphertext are sent to a cloud server, and the cloud server executes a proxy decryption algorithm to obtain a decryption token;
(2) The data user decrypts the residual ciphertext by using the decryption token M', and calculates decryption parameters;
(3) Verifying the decryption parameters, if the verification is not established, failing to decrypt, and outputting an empty message T; if the verification is true, the decryption is successful, and the output kappa' is the symmetric key kappa;
(4) After the data user obtains the symmetric key k, the data portion E in the complete secret is decrypted κ And (M) obtaining a final plaintext M, and finishing the data access process.
CN202310318030.6A 2023-03-28 2023-03-28 Robust cloud storage access control method based on attribute encryption Pending CN116707854A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310318030.6A CN116707854A (en) 2023-03-28 2023-03-28 Robust cloud storage access control method based on attribute encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310318030.6A CN116707854A (en) 2023-03-28 2023-03-28 Robust cloud storage access control method based on attribute encryption

Publications (1)

Publication Number Publication Date
CN116707854A true CN116707854A (en) 2023-09-05

Family

ID=87836314

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310318030.6A Pending CN116707854A (en) 2023-03-28 2023-03-28 Robust cloud storage access control method based on attribute encryption

Country Status (1)

Country Link
CN (1) CN116707854A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117955752A (en) * 2024-03-27 2024-04-30 暨南大学 Data privacy protection method and system with controllable computation and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117955752A (en) * 2024-03-27 2024-04-30 暨南大学 Data privacy protection method and system with controllable computation and storage medium
CN117955752B (en) * 2024-03-27 2024-06-07 暨南大学 Data privacy protection method and system with controllable computation and storage medium

Similar Documents

Publication Publication Date Title
US10903991B1 (en) Systems and methods for generating signatures
EP4046325B1 (en) Digital signature generation using a cold wallet
WO2007103906A2 (en) Secure data transmission using undiscoverable or black data
CN111277412B (en) Data security sharing system and method based on block chain key distribution
JPH1041932A (en) Ciphering key recovery method and equipment
CN112187798B (en) Bidirectional access control method and system applied to cloud-side data sharing
Wang et al. A pre-authentication approach to proxy re-encryption in big data context
CN110933033A (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
MacKenzie et al. Delegation of cryptographic servers for capture-resilient devices
US20090276622A1 (en) Secret authentication system
CN116702191A (en) Federally learned local model parameter aggregation method
CN115766033A (en) Threshold single sign-on method for privacy protection
CN116707854A (en) Robust cloud storage access control method based on attribute encryption
CN113079177B (en) Remote sensing data sharing method based on time and decryption frequency limitation
CN114697042A (en) Block chain-based Internet of things security data sharing proxy re-encryption method
Sarkar et al. A multi-instance cancelable fingerprint biometric based secure session key agreement protocol employing elliptic curve cryptography and a double hash function
CN113098681A (en) Port order enhanced and updatable blinded key management method in cloud storage
JP2006227411A (en) Communications system, encryption device, key generator, key generating method, restoration device, communication method, encryption method, and cryptography restoration method
Kavuri et al. An improved integrated hash and attributed based encryption model on high dimensional data in cloud environment
CN114900283A (en) Deep learning user gradient aggregation method based on multi-party security calculation
CN111541538B (en) Data transmission method and device, server, computer equipment and storage medium
Abdalla et al. Anonymous Pairing-Free and Certificateless Key Exchange Protocol for DRM System.
CN110572257A (en) Anti-quantum computing data source identification method and system based on identity
CN114172654B (en) Distributed attribute-based server assisted signature system and method
CN114900288B (en) Industrial environment authentication method based on edge service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination