摘要
属性基加密利用属性集和访问结构之间的匹配关系实现用户解密权限的控制,从功能上高效灵活地解决了"一对多"的密数据共享问题,在云计算、物联网、大数据等细粒度访问控制和隐私保护领域有光明的应用前景。然而,在属性基加密系统中(以密文策略属性基加密为例),一个属性集合会同时被多个用户拥有,即一个解密私钥会对应多个用户,因此用户敢于共享其解密私钥以非法获利。此外,半可信的中心存在为未授权用户非法颁发私钥的可能。针对属性基加密系统中存在的两类私钥滥用问题,通过用户和中心分别对私钥进行签名的方式,提出一个密文策略属性基加密方案。该方案支持追踪性和公开定责性,任何第三方可以对泄露私钥的原始持有者的身份进行追踪,审计中心可以利用公开参数验证私钥是用户泄露的还是半可信中心非法颁发的。最后,可以证明方案的安全性基于其依赖的加密方案、签名方案。
Ciphertext-policy attribute-based encryption (ABE) enables fine-grained access control of decryption privi- lege by using the matching relation between the attribute set and the access structure, and is a promising one-to-many encryption primitive which has a bright application prospect in cloud computing, big data etc. However, an attribute set may be owned by many users in ABE, i.e. one decryption key may belong to many users. Thus,malicious users dare to leak their decryption privileges to others for profits. Furthermore,a semi-trust authority may illegally generate decryp- tion keys to unauthorized users. To solve these two kinds of key abuses in ABE, we proposed a publicly accountable ci- phertext-policy attribute-based encryption scheme by embedding both signatures of user and authority into the secret key. The proposed scheme can achieve traceability and accountability, in which anybody can trace the identity of a leaked decryption key, and an auditor can verify whether the leaked key is shared by a malicious user or is illegally generated by a semi-trust authority. At last, the security of the proposed scheme can be proved based on the security of its atomic en- cryption and signature schemes.
出处
《计算机科学》
CSCD
北大核心
2017年第5期160-165,共6页
Computer Science
基金
国家自然科学基金(61371083)
中国博士后科学基金(2016M591629)
河南省高等学校重点科研项目(16A420006)资助
关键词
属性基加密
可追踪性
可公开定责性
不可否认性
Attribute-based encryption,Traceability, Public accountability, Nonrepudiation
