基于密文策略属性加密体制的匿名云存储隐私保护方案

针对云存储中数据机密性问题,为解决密钥泄漏与属性撤销问题,从数据的机密性存储以及访问的不可区分性两个方面设计了基于密文策略属性加密体制(CP_ABE)的匿名云存储隐私保护方案。提出了关于密钥泄漏的前向安全的不可逆密钥更新算法;在层次化用户组以及改进的Subset-Difference算法基础上,利用云端数据重加密算法实现属性的细粒度撤销;基于同态加密算法实现k匿名l多样性数据请求,隐藏用户潜在兴趣,并在数据应答中插入数据的二次加密,满足关于密钥泄漏的后向安全。在标准安全模型下,基于l阶双线性Diffie-Hellman(判定性l-BDHE)假设给出所提出方案的选择性安全证明,并分别从计算开销、密钥长度以及安全性等方面验证了方案的性能优势。

Anonymous privacy-preserving scheme for cloud storage based on CP_ABE

In order to solve the confidentiality issues such as key exposure and attribute revocation of data stored in cloud server, an advanced anonymous privacy-preserving scheme based on Ciphertext-Policy Attributed-Based Encryption (CP_ABE) was proposed by considering confidentiality of data storage and indistinguishability of access. First, the scheme constructed a forward-secure irreversible key-update algorithm to solve key exposure. On the basis of the classified user-group and the advanced Subset-Difference algorithm, fine-grained attribute revocation was implemented with the help of cloud data re-encryption algorithm. The potential interests of user would be concealed when k-anonymity l-diversity data request was introduced based on the homomorphic encryption algorithm. The backward-security of key exposure was realized on the basis of secondary encryption inserted in data response. Under the l-Bilinear Diffie-Hellman Exponent Problem (l-BDHE) assumption, selective security of the proposed scheme was proved in the standard model. The performance advantage of the proposed scheme was demonstrated respectively in terms of efficiency, key length and security.