KR101220166B1 - Data access privilege managing method - Google Patents

Abstract

By separating the header and the body of the data file, the confidentiality of the data is ensured, and data access rights management method suitable for cloud computing environment is provided by introducing secret distribution and type-based proxy re-encryption. The data owner terminal encrypts the data file with a symmetric key to obtain a cipher text consisting of a header and a body, and encrypts the symmetric key by KP-ABE to include it in the header of the cipher text, the header of the cipher text including the encrypted symmetric key, and The body of the cipher text is provided to and stored in the authority manager terminal and the cloud service provider terminal, respectively. When the user group terminal requests the authority manager terminal to access the data file, when the authority manager terminal authenticates the validity of the user of the user group terminal through the confirmation of a system user list, the cloud service. Instructs the provider terminal to transmit the body of the cipher text and provides the header of the cipher text including the encrypted symmetric key to the user group terminal. The cloud service provider terminal provides the body of the cipher text to the user group terminal according to the instruction to transmit the body of the cipher text from the authority manager terminal. The user group terminal obtains the data file by decoding the body of the cipher text with the encrypted symmetric key included in the header of the cipher text.

Description

Data access privilege managing method

The present invention relates to a method for managing data access rights, and more particularly, to a method for managing data access rights using type information based proxy re-encryption in cloud storage.

Cloud computing, leveraging computing resources over the Internet, is a new computing paradigm that academia and industry are drawing attention. Cloud computing is used in internet businesses that provide computing resources as services, in particular storage management and provision services for data.

Cloud computing features include resource sharing, massive scalability, elasticity to obtain resources, and pay-as-you-go for resources. There are five self-provisioning resources. Leveraging these characteristics of cloud computing, companies can profit from rapid business processes and efficient investments.

Despite these advantages, there are a number of security threats to consider in order to introduce and use cloud computing in a business environment. On the other hand, in accessing the information as well as the confidentiality of the data, fine-grained access control according to the user's attributes, for example, the right to access the data according to the user's attributes of each individual such as positions such as the president, manager and manager This must be available for discrimination. In addition, there should be a function to revoke the authority to view a specific user's data. For example, if a user expires on November 1, 2010, there is a need for a method to efficiently remove a user who is withdrawn from the system.

To present this approach, Yu, SC, Wang, C., Ren, KI, and Lou, WJ, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing,” INFOCOM, 2010 Proceedings IEEE, 2010, In pp.321-334, KP-ABE (Key Policy-Attribute Based Encryption) ensures data confidentiality and fine-grained access control, and delegates work to cloud servers through Proxy Re-Encryption (PRE). In this paper, we solved the computational overload problem such as key generation by multiple users. It also presented a way to withdraw a particular user from the system.

However, the conventional method allows illegal data access (e.g., viewing data of an expired user) through collusion between the withdrawn user and the cloud server. In addition, since there is a lack of a privilege management function, which is a procedure for determining and approving an access right for a legitimate user, there is a problem of user rights management for information sharing and utilization. In addition, there is a need for a method to selectively delegate the full or partial portion of a message, depending on the level at which the delegate trusts the delegate. For example, the medical records of patients (services) should be selectively delegated to insurance company A and research institution B separately, and the rest of the information should not be exposed.

The present invention was created to improve the above-mentioned conventional problems, and ensures the confidentiality of data through the separation of the header and the body of the data file stored in the cloud server, secret sharing and type The purpose of this paper is to provide data access authority management method suitable for cloud computing environment by introducing based proxy re-encryption.

Data access authority management method according to the present invention (i) the data owner terminal encrypts the data file with a symmetric key to obtain a cipher text consisting of a header and the body and encrypts the symmetric key by KP-ABE (Key Policy Attribute Based Encryption) method Providing the header of the ciphertext including the encrypted symmetric key and the body of the ciphertext to the authority manager terminal and the cloud service provider terminal; (ii) when the user group terminal requests the authority manager terminal to access the data file, the authority manager terminal authenticates the validity of the user of the user group terminal by checking a system user list and is a legitimate user. Instructing the cloud service provider terminal to transmit the body of the cipher text and providing a header of the cipher text including the encrypted symmetric key to the user group terminal; (iii) providing, by the cloud service provider terminal, the body of the ciphertext to the user group terminal according to an instruction to transmit the body of the ciphertext from the authority manager terminal; And (iv) the user group terminal obtaining the data file by decoding the body of the cipher text with the encrypted symmetric key included in the header of the cipher text.

Cloud computing is a revolutionary computing paradigm that generates profits from efficient investments and rapid business processes for enterprise resources. Because of this, existing businesses will be transformed into cloud businesses that receive computing resources as services. However, cloud providers are not entirely trusted for data security management, so data security threats and privacy breaches must be considered. In particular, it is necessary to ensure data confidentiality. To address these issues, Yu, SC, Wang, C., Ren, KI, and Lou, WJ, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing,” INFOCOM, 2010 Proceedings IEEE, 2010, pp. 321-334 proposed a fine-grained access control scheme that ensures data confidentiality. However, data confidentiality is violated by collusion attacks between revoked users and cloud servers and by tampering vulnerability to proxy re-encryption keys. In order to solve this problem, in the present invention, by modifying the data file stored in the cloud server to ensure the confidentiality of the data. In addition, through the application of a secret distribution method, a procedure for determining and approving a user's authority to view data is performed, and type-based proxy re-encryption is used to selectively select the whole or part of the message depending on the level of trust of the delegator. I specified a way to delegate. Table 1 shows Yu, SC, Wang, C., Ren, KI, and Lou, WJ, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing,” INFOCOM, 2010 Proceedings IEEE, 2010, pp. 321. This table compares the characteristics of the method of -334. And the method proposed by the present invention.

1 is a view showing an example of an access structure that can be applied to the present invention.
2 is a block diagram illustrating an apparatus and method for managing data access rights according to an embodiment of the present invention.
3 is a diagram illustrating a data file format according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The following terms are defined in consideration of the functions of the present invention, and may be changed according to the intentions or customs of the user, the operator, and the like. Therefore, the definition should be based on the contents throughout this specification.

In the present invention, data loss and leakage among seven cloud computing security threats classified in CSA, Security Guidance for Critical Areas of Focus Cloud Computing, Vol.2.1, 2009. That is, the confidentiality of data stored in the cloud server ( Focusing on data confidentiality issues, we construct a system model that is suitable for cloud computing environments.

Bilinear  thought( Bilinear Mapping )

(G_T는 쌍선형 사상의 출력 공간)는 다음의 성질을 갖는다.Bilinear mapping for two cyclic groups G ₁ and G ₂

(G _T is an output space of bilinear mapping) has the following properties.

가 성립된다.Bilinear: for all u∈G ₁ , u∈G ₂ , and all a, b∈Z

.

Non-degenerate: e (g, g) ≠ 1 for the source g∈G _X of G _X (X = 1,2).

3. Computable: There is an efficient algorithm that calculates e (u, v) for all u∈G ₁ and u∈G ₂ .

The inventive scheme is described in Yu, SC, Wang, C., Ren, KI, and Lou, WJ, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing,” INFOCOM, 2010 Proceedings IEEE, 2010, pp. In the method of .321-334., Data files stored in the cloud server are divided into header and body and distributed to the authority manager and the cloud provider, respectively. In the header, the private key used to encrypt the message in the body is encrypted with KP-ABE. In other words, the user cannot obtain the secret key information in the header unless the user is justified by the authority manager, and the user cannot actually decrypt the body containing the message that the user wants to obtain. In other words, the data files stored in the cloud server are divided and stored in the header and the body to ensure confidentiality of the data.

In addition, the authority manager is placed in the cloud to determine the legitimacy of user access, and enable selective delegation according to the weight (type information) determined by the data owner. To refine these features, we use secret distribution and type-based proxy re-encryption.

Yu, SC, Wang, C., Ren, KI, and Lou, WJ, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing,” INFOCOM, 2010 Proceedings IEEE, 2010, pp. 321-334. The proxy re-encryption key rk _{i ↔ i '} ← t _i ' / t _i = R is divided into (k, n) schemes and each share R _ℓ (1 ≦ _ℓ ≦ n) is transmitted to the authority manager. The privilege manager reconstructs R by collecting k proxy re-encryption key shares, R _l , if the user wants to access the data, and if not, reconstructs R.

Type-based proxy re-encryption is used to encrypt messages by dividing the message into full or partial parts, depending on the level of trust that the data owner trusts the user population. This allows the data owner to selectively delegate decryption of the full or partial message to the user group.

2 is a block diagram illustrating an apparatus and method for managing data access rights according to an embodiment of the present invention. Referring to FIG. 2, the apparatus for managing data access rights according to an embodiment of the present invention includes a data owner terminal 100, a privilege manager terminal 210, and a cloud service provider (CSP) terminal 220. The cloud server 200, and a user group (300) composed of a total of three groups.

The data owner terminal 100 encrypts the data file with a symmetric key to obtain a ciphertext consisting of a header and a body, and encrypts the symmetric key in a key policy attribute based encryption (KP-ABE) scheme to include in the header of the ciphertext. The header of the ciphertext and the body of the ciphertext are transmitted separately.

The authority manager terminal 210 receives and stores a header of a cipher text including the encrypted symmetric key from the data owner terminal 100 and confirms a system user list according to a request for access to the data file from a user. If the legitimate user is authenticated through the user's legitimacy, the user is instructed to transmit the body of the cipher text and the header of the cipher text including the encrypted symmetric key is transmitted.

The cloud service provider terminal 220 receives and stores the body of the cipher text from the data owner terminal 100, and stores the body of the cipher text according to the instruction to transmit the body of the cipher text from the authority manager terminal 210. Provide as a user.

The user group terminal 300 requests the authority manager terminal 210 to access the data file, and obtains the data file by decoding the body of the cipher text with the encrypted symmetric key included in the header of the cipher text. .

The data owner terminal 100 attaches its signature to the ID of the data file to be deleted and sends it to the authority manager terminal 210 to request the deletion of the data file. The authority manager terminal 210 confirms the signature included in the ID from the data owner terminal 100 and requests the deletion of the body of the data file stored in the cloud service provider terminal 220 when validity is verified. The cloud service provider terminal 220 deletes the body of the data file according to the data deletion request from the authority manager terminal 210.

Yu, SC, Wang, C., Ren, KI, and Lou, WJ, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing,” INFOCOM, 2010 Proceedings IEEE, 2010, pp. 321-334. The scheme consists of six system levels according to the command of the cloud server and eight algorithm levels that operate specifically within the system level. The invention is described in Yu, SC, Wang, C., Ren, KI, and Lou, WJ, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing,” INFOCOM, 2010 Proceedings IEEE, 2010, pp. 321. Three algorithm levels (APrivilegeMgt, AEncryptB, ADecryptB) are added to the method of -334.

(1) System setting: The data owner terminal 100 inputs the system universe U = {1,2, ...., N} and the security parameter k to define the type information set T for PK and MK, user group. Level (PK, MK ← ASetup (k)).

, 속성 i에 대한 a_i∈Z_p,

를 생성한다. 시스템 공개키 PK = (Y, A_i, A₂,...,A_N)와 시스템 마스터 키 MK = (y, a_i, a₂,...,a_N, T)를 생성하고 PK에 서명을 덧붙인

를 권한 관리자 단말(210)에게 전송한다.The bilinear group G of the decimal order p with the constructor g and the bilinear mapping e: G ₁ × G ₁ → G ₂ , define the hash function H = {0, 1} ^* → Z _p ^* . The type information set T (T = (t ₁ , t ₂ ,..., T _N )) for the user group terminal 300 is defined (t ∈ {0,1} ^* ).

, A _i ∈Z _p for attribute i,

. Create a system public key PK = (Y, A _i , A ₂ , ..., A _N ) and a system master key MK = (y, a _i , a ₂ , ..., a _N , T) Signed

To the authority manager terminal 210.

(2) Create new file: The system level at which the data owner terminal 100 encrypts the data file before transmitting the data file to the authority manager terminal 210 and the CSP terminal 220:

를 계산하고, 대칭키 DEK로 데이터 m을 암호화한다

.Select ID for data m, select r∈Z _P ^* arbitrarily, and input r and arbitrary type information t.

Compute and encrypt data m with symmetric key DEK

.

Attribute Based Encryption Overview

Attribute Based Encryption uses Key Policy Attribute Based Encryption (KP-ABE) and Ciphertext Policy Attribute Based Encryption depending on whether the access structure is associated with a secret key or ciphertext. Separated by).

Since the present invention deals with KP-ABE, the introduction of CP-ABE is omitted. In KP-ABE, a user's private key is associated with an access structure and a ciphertext is associated with a set of attributes. That is, the ciphertext is decrypted when the attribute set in the ciphertext satisfies the specific decryption policy of the user secret key. This decoding structure may be configured as the access structure of FIG.

를 KP-ABE로 암호화. 즉,

이다.Define a set of properties I for data m

Encrypted with KP-ABE. In other words,

to be.

In the format as shown in FIG. 3, the header is stored in the authority manager terminal 210 and the body is stored in the CSP terminal 220.

(3) New User Approval: When the new user ω wants to join the system, the system level to which the data owner terminal 100 assigns the access structure P of the user ω:

를 생성(SK←AKeyGen(P,MK))한다. 접근 구조의 첫 번째 게이트는 AND 게이트로 시작하고 더미 속성 Att_D을 추가한다.

를 사용자 ω의 공개 키로 암호화하고 C로 표시. (Q, C, δ_{O,(Q, C)})를 권한 관리자 단말(210)에 전송한다(Q는 접근 구조 P의 더미 속성을 제외한 접근 구조). 권한 관리자 단말(210)은 (Q, C, δ_{O,(Q, C)})를 받는 즉시 δ_{O,(Q, C)}가 맞는지 확인. 시스템 사용자 리스트 UL에 Q를 저장하고 사용자 ω에게 C를 전달한다. 사용자 ω는 C를 자신의 비밀키로 복호한 후, δ_{O,(P, SK , PK )}가 맞는지 확인하고 P, SK, PK를 자신의 것으로 받아들인다.Define p _i (x) for each node i in access structure P. Define the root node of access structure P as p _r (0) = y and the leaf node as p _j (0)

Create (SK ← AKeyGen (P, MK)). The first gate of the access structure starts with an AND gate and adds a dummy attribute Att _D.

Encrypted with the public key of user ω and denoted by C. (Q, C, δ _{O, (Q, C)} ) is transmitted to the authority manager terminal 210 (Q is an access structure excluding the dummy attribute of the access structure P). The authority manager terminal 210 checks whether δ _{O, (Q, C)} is correct as soon as it receives (Q, C, δ _{O, (Q, C)} ). Store Q in the system user list UL and pass C to user ω. User ω decodes C with his private key, checks that δ _{O, (P, SK , PK )} is correct and accepts P, SK, PK as his.

(4) User revocation: System level to revoke user v's right to view data and output the redefined proxy re-encryption key as the components of the system master and public keys are updated:

Designing CNF (Conjunctive Normal Form) the access structure, and when there is a minimum set of attributes, selects a set of attributes D at a short section of CNF form (D ← AMinimalSet (P)). Data owner terminal 100 a _i '← Z _P and select A _i ' = a ^a'i and rk _{i ↔ i '} ← a _i ' / a _i Calculate each share R ₁ (1 ≦ _L ≦ n) by dividing R by the (k, n) method (R ← AUpdateAtt (i, MK)). R ₁ (1 ≦ _L ≦ n) and Att = (u, D, {i, A _i ', δ _{O, (i, A'i )} } _{i ∈ L} ) are transmitted to the authority manager terminal 210. The authority manager terminal 210 removes the user v from the system user list UL. Store (i, A _i ', δ _{O, (i, A'i )} ) and add R to the history list ALH _i of attribute i.

(5) File access: System level performed when user u accesses data:

User u generates an access request REQ for the data using the user group terminal 300 and transmits to the authority manager terminal 210.

Secret dispersion

Secret sharing has two (n, n) schemes in which plain text is restored when all shares are gathered, and (n, k) schemes that can be restored with as many as k thresholds. The (n, n) method causes an unrecoverable problem due to the modulation and loss of the share, but the (k, n) method is not affected by the modulation and loss of the share.

In the scheme of the present invention, the secret manager utilizes secret distribution to implement a procedure for determining and approving a user's right to view data. That is, after splitting the proxy re-encryption key into multiple shares in the (n, k) manner, the user's right to view the data is determined. If it is legitimate, the proxy re-encryption key is reconfigured into k shares, and if not, the operation is stopped. In addition, if only one share of n shares is needed, instead of the (n, n) method in which the plain text is restored only when all the shares are present, the possibility of restoration can be determined according to the amount of share information required for restoration. do.

The authority manager terminal 210 checks the user u in the UL and collects k shares of each share R ₁ (1 ≦ _ℓ ≦ n) obtained by dividing the proxy re-encryption key R in the (k, n) manner as described above. rk _{i ↔ i '} ← a _i ' / a _i = Reconstitute with R (R ← APrivilegeMgt ({R _l } _l∈k )). If the user u is present in the UL, the user u is authenticated as a legitimate user. If the user u is not present in the UL, all the following operations are suspended.

Proxy re-encryption

Proxy re-encryption is a method in which the proxy server re-encrypts A's ciphertext so that B can decrypt it without obtaining any information about the plain text. That is, A generates a re-encryption key for delegating decryption authority for its ciphertext and transmits it to the proxy server. The proxy server converts A's ciphertext into B's secret key and decrypts it with B's secret key. B then decrypts the ciphertext with its private key.

The method of the present invention is an atomic proxy cryptography (BBS method) disclosed in Blaze, M., Bleumer, G. and Strauss, M., “Divertible protocols and atomic proxy cryptography”, Proceedings of Eurocrypt '98, Volume 1403, 1998. And L.Ibraimi, Q.Tang, P.Hartel, W.Jonker, Type-and-Identity-based Proxy Re-Encryption Scheme and its Application in Healthcare, In: 5th VLDB Workshop on Secure Data Management, SDM, August 24 , 2008, pp. 185-198. It utilizes type-based proxy re-encryption. BBS converts A's ciphertext into B's ciphertext. Type-based proxy re-encryption is a further step in the existing proxy re-encryption, in which A can selectively delegate decryption right to B.

In the present invention, in order to reduce the computational overload of the data owner's key generation, the BBS scheme is used to delegate tasks to cloud operators, and the decryption authority of the full or partial message of the message is selectively selected according to the level of trust of the delegate. Encrypt the message by taking advantage of the concept of type-based proxy re-encryption that delegates.

를, CSP 단말(220)은 암호문의 본문 RESP₂ = ({i, sk_i', A_i',δ_{O,(i, A'i )}}_{i∈ Lp ＼ Attp}, mㆍg^H(r∥t))를 사용자 u의 사용자 집단 단말(300)로 전송한다.The authority manager terminal 210 retrieves all proxy re-encryption keys from AHL _i (if i is the latest version, no operation is performed. Assuming that the most recent MK is a _{i (n)} ). _{Rk i ↔i (n)} ← rk _{i ↔ i '} ㆍ rk _{i ↔ i'' , ...,} rk _{i (n-1) ↔i (n)} = a _i / a _{i (n )} calculation to calculate the _{E i (n) ← (E} i) rki ↔i (n) = g ai (n) S. And (rk _{i ↔i (n)} ) ^-1 ← rk _{i ↔ i '} ㆍ rk _{i ↔ i'' , ...,} rk _{i (n-1) ↔i (n)} = a _i / a _{i (n ) And transmits} (rk _{i ↔ i (n)} ) ^-1 and {sk _i } _{i ∈ Lp} to the CSP terminal 220, the CSP terminal 220 is sk _i '← (sk) ^{rki ↔} _i ^{(n )} = g ^{( pi (0) / ai ) · ( ai / ai (n))} = g ^{( pin (0) / ai (n))} Calculate (E _{i (n)} ← AUpdateAtt4File (i, E _i , AHL _i )), sk _i '← AUpdateSK (i, sk _i , AHL _i )). The authority manager terminal 210 includes a header of a cipher text including an encrypted symmetric key.

The CSP terminal 220 is the body of the cipher text RESP ₂ = ({i, sk _i ', A _i ', δ _{O, (i, A'i )} } _{i ∈ Lp ＼ Attp} , m · g ^{H (r∥ t)} ) is transmitted to the user group terminal 300 of the user u.

User u is _{O δ, (i, A'i)} and sk _i RESP in the body ₂ of the encrypted text by using the user group terminal 300 'and the check in sk sk SK _{i i'} and replaced with each leaf Calculate e (E _i , sk _i ) = e (g, g) ^{pi (0) S} for node, and calculate Y ^S = e (g, g) ^ys through the operation of AND and OR gates. Calculate E in the header as Y ^S. That is, E / Y ^S = DEK is calculated (DEK ← ADecryptH (P, SK, E)), and m · g ^{H (r∥t)} in the body is calculated by DEK to obtain data m (m ← ADecryptB ( m. DEK, DEK)).

(6) Data file deletion: The data owner terminal 100 performs the deletion of the body of the data file stored in the CSP terminal 220. In order to delete the data file, the data owner terminal 100 attaches its signature to the ID of the data file to be deleted and transmits it to the authority manager terminal 210. The authority manager terminal 210 confirms the signature from the data owner terminal 100 and if the validity is verified, requests that the authority manager delete the body of the data file stored in the CSP terminal 220 and the CSP terminal 220 deletes the data. System level.

Stability Analysis of Collusion Attacks from Withdrawn Users

An important security feature of the present invention is its safety against collusion attacks. The collusion attack is a user withdrawn from the system conspiracy with the cloud server to illegally read the data.

Yu, SC, Wang, C., Ren, KI, and Lou, WJ, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing,” INFOCOM, 2010 Proceedings IEEE, 2010, pp. 321-334. In this way, even if a withdrawal event occurs, there is no direct change to the private key SK possessed by the withdrawn user. Here, the symmetric key DEK used to encrypt data in the body is encrypted with KP-ABE and included in the header. Therefore, if the cloud server 200 transmits to the withdrawn user without executing the update of the secret key component in the header of the data file held by the cloud server 200, the header can be decrypted with its secret key SK. That is, the data can be viewed by obtaining the symmetric key DEK.

As a countermeasure against such collusion attack, the proposed method divides the data file into header and body, and stores them in the authority manager and cloud provider, respectively. The user cannot obtain information about the symmetric key DEK in the header unless the user is justified by the authority manager. In other words, the proposed scheme is safe against collusion attacks between users who have been withdrawn by the authority manager and the cloud server.

In addition, the authority manager is given the authority to determine the legitimacy of a user's data access. The procedure for determining and approving the legitimacy uses a method of dividing the proxy re-encryption key into (2) shares and reconstructing only when (1) shares are gathered. Only when the authority manager has determined and approved the user's data access legitimacy, reconfigures the proxy re-encryption key with k shares to perform the next operation.

Stability Analysis of Tampering Attacks on Proxy Re-Encryption Keys

A tamper attack on a proxy re-encryption key is an attack that causes the proxy re-encryption key R to lose its original function through loss or tampering. Yu, SC, Wang, C., Ren, KI, and Lou, WJ, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing,” INFOCOM, 2010 Proceedings IEEE, 2010, pp. 321-334. Since the proxy re-encryption key is unique in the scheme, the re-encryption cannot be performed if it is lost, leaked or tampered with. In comparison, the proposed scheme utilizes secret distribution for tampering attacks against proxy re-encryption keys, and the possibility of restoration is determined according to the amount of share information required for proxy re-encryption key restoration.

That is, the present invention divides the proxy re-encryption key into the proxy re-encryption key share R _ℓ (1≤ℓ≤n) in a (k, n) secret distribution method so that the number of k shares at the time of recombination is required to collect the proxy re-encryption key R. Is reconstructed. For example, when k = 3 and n = 5 for R ₁ (1≤l≤n), only three shares of R ₁ , R ₂ , R ₃ , R ₄ , and R ₅ will yield R. Can be. If only k shares exist, it is safe in that the proxy re-encryption key can be restored.

Although the present invention has been described as a specific preferred embodiment, the present invention is not limited to the above-described embodiments, and the present invention is not limited to the above-described embodiments without departing from the gist of the present invention as claimed in the claims. Anyone with a variety of variations will be possible.

100: data owner terminal 200: cloud server
210: authority manager terminal 220: CSP terminal
300: user group terminal

Claims (6)

(i) the data owner terminal encrypts the data file with a symmetric key to obtain a cipher text consisting of a header and a body, and encrypts the symmetric key by KP-ABE (Key Policy Attribute Based Encryption) to include it in the header of the cipher text. Providing and storing a header of the cipher text including the symmetric key and the body of the cipher text to the authority manager terminal and the cloud service provider terminal, respectively;
(ii) when the user group terminal requests the authority manager terminal to access the data file, the authority manager terminal authenticates the validity of the user of the user group terminal by checking a system user list and is a legitimate user. Instructing the cloud service provider terminal to transmit the body of the cipher text and providing a header of the cipher text including the encrypted symmetric key to the user group terminal;
(iii) providing, by the cloud service provider terminal, the body of the ciphertext to the user group terminal according to an instruction to transmit the body of the ciphertext from the authority manager terminal; And
(iv) the user group terminal obtaining the data file by decoding the body of the cipher text with the encrypted symmetric key included in the header of the cipher text,
In the step (i), the ID for the data m of the data file is selected, and r∈Z _P ^* is arbitrarily selected, and r and arbitrary type information t are inputted so that the symmetric key DEK = g ^{H (r∥t).} , Encrypt the data m with the symmetric key DEK (m · g ^{H (r∥t)} ) AEncryptB (m, DEK), define an attribute set I for the data m and set DEK = g ^{H ( r∥t)} is encrypted with KP-ABE

← AEncryptH (I, DEK, PK).
delete The method according to claim 1, wherein in step (ii) the authority manager terminal is a proxy re-encryption key obtained by retrieving all the proxy re-encryption keys from the history list AHL _i of attribute i rk _{i↔i (n)} ← rk _{i↔i '} rk _{i↔i '', ...,} rk _{i (n-1) ↔i (n)} = a _i / a _{i (n)} by calculating E _{i (n)} ← (E _i ) ^{rki↔i (n )} = g ^{ai (n) S} , and (rk _{i↔i (n)} ) ^-1 ← rk _{i↔i '} ㆍ rk _{i↔i'', ...,} rk _{i (n-1) ↔i (n)} = a _i / a _{i (n)} is calculated and _{transmits (} rk _{i↔i (n)} ) ^-1 and {sk _i } _i∈Lp to the cloud service provider terminal, and the encrypted symmetric key is Header of ciphertext included

Provides to the user group terminal,
In step (iii), the cloud service provider terminal is sk _i '← (sk) ^{rki↔i (n)} = g ^{(pi (0) / ai) · (ai / ai (n))} = g ^{(pin (0 ) / ai (n))} (E _{i (n)} ← AUpdateAtt4File (i, E _i , AHL _i )), sk _i '← AUpdateSK (i, sk _i , AHL _i )), and the body of the ciphertext RESP ₂ = ({i, sk _i ', A _i ', δ _{O, (i, A'i)} } _{i∈Lp＼Attp} , m · g ^{H (r∥t)} ) to the user group terminal,
In step (iv), the user group terminal _checks δ _{O, (i, A'i)} and sk _i 'in the text RESP ₂ of the ciphertext _, and replaces sk _i in SK with sk _i ' Calculate e (E _i , sk _i ) = e (g, g) ^{pi (0) S} , calculate Y ^S = e (g, g) ^ys through the operation of AND and OR gates, and E / Y ^S = Compute symmetric key (DEK ← ADecryptH (P, SK, E)), and obtain m data by calculating m · g ^{H (r∥t)} of the text with the symmetric key (m ← ADecryptB (m · DEK, DEK)) How to manage data access rights.
The method of claim 1, wherein the data owner terminal attaches its signature to the ID of the data file to be deleted and sends the signature to the authority manager terminal to request deletion of the data file;
Requesting the authority manager terminal to delete the body of the data file stored in the cloud service provider terminal if the validity of the signature included in the ID from the data owner terminal is verified; And
The cloud service provider terminal further comprises the step of deleting the body of the data file in response to the data deletion request from the authority manager terminal. delete delete

Images