首页 | 本学科首页   官方微博 | 高级检索  
     

具有细粒度访问控制的隐藏关键词可搜索加密方案
引用本文:杨旸,林柏钢,马懋德. 具有细粒度访问控制的隐藏关键词可搜索加密方案[J]. 通信学报, 2013, 34(Z1): 12-100. DOI: 10.3969/j.issn.1000-436x.2013.z1.012
作者姓名:杨旸  林柏钢  马懋德
作者单位:1. 福州大学 数学与计算机工程学院,福建 福州 350108;2. 福州大学 网络系统信息安全福建省高校重点实验室,福建 福州 350108;3. 南洋理工大学 电子与电气工程学院,新加坡 新加坡 639798
基金项目:国家自然科学基金资助项目(60970119, 61100231, 61103175, 61173151);国家重点基础研究发展计划(“973”计划)基金资助项目(2007CB311201)
摘    要:针对现有的可搜索加密算法在多用户环境中密钥管理难度大并且缺乏细粒度访问控制机制的问题,利用基于密文策略的属性加密机制(CP-ABE, ciphertext-policy attribute based encryption)实现了对隐藏关键词可搜索加密方案的细粒度访问控制。数据拥有者可以为其在第三方服务器中存储的加密指定灵活的访问策略,只有自身属性满足该访问策略的用户才有权限对数据进行检索和解密。同时还能够实现对用户的增加与撤销。安全性分析表明方案不仅可以有效地防止隐私数据的泄露,还可以隐藏关键词的信息,使得第三方服务器在提供检索功能的同时无法窃取用户的任何敏感信息。方案的效率分析表明,该系统的检索效率仅为数十微秒,适合在大型应用系统中使用。

关 键 词:隐藏关键词检索;可搜索加密;细粒度访问控制;用户增加与撤销

Secure hidden keyword searchable encryption schemewith fine-grained and flexible access control
Yang YANG,Bo-gang LIN,Mao-de MA. Secure hidden keyword searchable encryption schemewith fine-grained and flexible access control[J]. Journal on Communications, 2013, 34(Z1): 12-100. DOI: 10.3969/j.issn.1000-436x.2013.z1.012
Authors:Yang YANG  Bo-gang LIN  Mao-de MA
Affiliation:1. College of Mathematics and Computer Science, Fuzhou University, Fuzhou 350108, China;2. Key Lab of Information Security of Networks Systems of Fujian Province, Fuzhou University, Fuzhou 350108, China;3. School of Electrical & Electronic Engineering, Nanyang Technological University, Singapore 639798, Singapore
Abstract:Existing searchable encryption schemes have difficulties in key management for multiple users and could not provide fine-grained access control mechanism. Aiming at solving these problems, a hidden keyword searchable encryp-tion scheme with fine-grained access control was proposed utilizing CP-ABE (ciphertext-policy attribute based encryp-tion) algorithm. Data owners allocate specific and flexible access policy on their data that is stored on a third-party data server. Only those users that has attributes satisfing the access policy are authorized to search encrypted data and decrypt returned results. Moreover, the suggested system has the function to add and revoke user. Security analysis shows that the scheme could not only prevent the leakage of private data but also hide the information of keywords. It deters a third-party storage provider from intercepting users' sensitive information when a search function is provided. The effi-ciency analysis shows that the efficiency of retrieval keeps no more than tens of microsecond and this scheme is suitable for large scale system.
Keywords:hidden keyword search   searchable encryption   fine-grained access control   add and revoke user
点击此处可从《通信学报》浏览原始摘要信息
点击此处可从《通信学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号