共查询到20条相似文献,搜索用时 203 毫秒
1.
密文策略属性基加密(ciphertext-policy attribute-based encryption,CP-ABE)类似于基于角色访问控制,可以为云存储系统提供灵活细粒度的访问控制.但大多数CP-ABE方案中,密文长度与访问策略复杂度成正相关,系统属性同时被多个用户共享而导致属性难以被撤销.针对上述问题,本文提出一种支持属性撤销且密文长度恒定的属性基加密方案.该方案中每个用户的属性群密钥不能通用,可以有效抵抗撤销用户与未撤销用户的合谋攻击.为减少属性授权机构和数据拥有者的计算负担,属性撤销过程所需的计算量外包给数据服务管理者;同时该方案采用支持多值属性和通配符的"AND"门策略,实现了密文长度恒定.所提方案基于决策性q-BDHE(q-bilinear Diffie-Hellman exponent)假设对方案进行了选择明文攻击的安全性证明.最后对方案进行了理论分析与实验验证,分析结果表明本文方案可以有效抵制用户合谋攻击,增加了方案的安全性.同时所提方案在功能和计算效率方面具有一定优势,适用于实际应用情况. 相似文献
2.
3.
近年来,基于l-多样性的多维敏感属性的隐私保护研究日趋增多,然而大部分多敏感属性隐私保护方法都是基于有损分解的思想,破坏了数据间的关系,降低了数据效用.为此,提出了一种面向多敏感属性的隐私模型,首先给出一种l-maximum原则用以满足多敏感属性l-多样性要求;其次,为了保护属性间的相关性,根据属性间的依赖度对属性进行划分;最后设计并实现了MSA l-maximum(Multiple Sensitive Attributes l-maximum)算法.实验结果表明,提出的模型在保护隐私不泄露的同时,减少了元组的隐匿率,并且保护了数据间的关系. 相似文献
4.
5.
已有基于属性的认证密钥交换协议都是在单属性机构环境下设计的,而实际应用中不同属性机构下的用户也有安全通信的需求。该文在Waters属性基加密方案的基础上提出了一个多属性机构环境下的属性基认证密钥交换协议,并在基于属性的eCK(extended Canetti-Krawczyk)模型中将该协议的安全性归约到GBDH(Gap Bilinear Diffie-Hellman)和CDH(Computational Diffie-Hellman)假设,又通过布尔函数传输用线性秘密共享机制设计的属性认证策略,在制订灵活多样的认证策略的同时,显著地降低了通信开销。 相似文献
6.
7.
8.
9.
属性约简是知识发现的重要步骤。但从属性集中选择最优子集属于NP-hard问题。文章提出的遗传属性抽取算法,以属性的可分性度量为偏置,并引入禁忌表搜索策略,降低了搜索空间;采用退火选择来保持种群的个体多样性,防止未成熟收敛;算法内置的分类器采用人工神经网络,并提出了基于有监督聚类的人工神经网络分类算法,有效地降低了人工神经网络分类器的训练时间。实验分析表明,算法能够从高维数、大数据集合中有效降低数据维数。提高数据的分类准确性。 相似文献
10.
陈化南 《卫星电视与宽带多媒体》2011,(16):30-31
随着网络带宽技术的进步,多样化的影音应用软件已使得消费者可以借助网络收看全球的电视节目。丰富且即时的数字影音节目,造就网络电视粉丝群的诞生并使得网络电视成为一股风潮。台湾的有线电视与无线电视普及,已具备多样的影音内容产品,但即使如此,网络电视所带来的即时性与丰富内容,依旧吸引多数消费者加入网络电视行列。 相似文献
11.
提出一种支持直接撤销的属性基加密方案,首先给出支持直接撤销的属性基加密定义和安全模型,其次给出具体的支持撤销的密文策略——属性基加密方案并对安全性进行证明,最后,与其他方案对比显示,该方案在密文和密钥长度方面都有所减少。该方案可以实现对用户进行即时撤销,当且仅当用户所拥有的属性满足密文的访问结构且不在用户撤销列表内时,才能使用自己的私钥解密出明文。 相似文献
12.
In order to support fine-grained attribute revocation in data outsourcing systems,an attribute-based encryption scheme with efficient revocation in indirect revocation model was proposed.The model of ABE supporting attribute revocation was given,and a concrete scheme was constructed which proved its security under the standard model.Compared to the existing related schemes,the size of ciphertext and private/secret key is reduced,and the new scheme achieves fine-grained and immediate attribute revocation which is more suitable for the practical applications. 相似文献
13.
Attribute-based encryption (ABE) scheme is widely used in the cloud storage due to its fine-grained access control.Each attribute in ABE may be shared by multiple users at the same time.Therefore,how to achieve attribute-level user revocation is currently facing an important challenge.Through research,it has been found that some attribute-level user revocation schemes currently can’t resist the collusion attack between the revoked user and the existing user.To solve this problem,an attribute-based encryption scheme that supported the immediate attribute revocation was proposed.The scheme could achieve attribute-level user revocation and could effectively resist collusion attacks between the revoked users and the existing users.At the same time,this scheme outsourced complex decryption calculations to cloud service providers with powerful computing ability,which reduced the computational burden of the data user.The scheme was proved secure based on computational Diffie-Hellman assumption in the standard model.Finally,the functionality and efficiency of the proposed scheme were analyzed and verified.The experimental results show that the proposed scheme can safely implement attribute-level user revocation and has the ability to quickly decrypt,which greatly improves the system efficiency. 相似文献
14.
Access control scheme is proposed for System Wide Information Management (SWIM) to address the problem of attribute revocation in practical applications. Based on the attribute based encryption (ABE), this scheme introduces the proxy re-encryption mechanism and key encrypting key (KEK) tree to realize fine-grained access control with attribute revocation. This paper defines the attributes according to the status quo of civil aviation. Compared with some other schemes proposed before, this scheme not only shortens the length of ciphertext (CT) and private key but also improves the efficiency of encryption and decryption. The scheme can resist collusion attacks and ensure the security of data in SWIM. 相似文献
15.
16.
How to effectively protect the security of data sharing in WBAN was a key problem to be solved urgently.The traditional CP-ABE mechanism had a 〝one to many〝 data security communication function which was suitable for access control in WBAN,but it had high computational complexity and did not support attribute revocation.Fully considering of limitations on computation and storage of sensor nodes and dynamic user attribute in WBAN,a CP-ABE scheme was proposed which was provably secure against CPA under the standard model and supported attributes revocation,outsourced encryption and decryption.Compared with the proposed schemes,the computation burden on senor nodes is greatly reduced and the user's attribution can be revoked immediately and fine grained while meeting the demand of its security in the proposed scheme. 相似文献
17.
SecCloudSharing: Secure data sharing in public cloud using ciphertext‐policy attribute‐based proxy re‐encryption with revocation
下载免费PDF全文
![点击此处可从《International Journal of Communication Systems》网站下载免费的PDF全文](/ch/ext_images/free.gif)
An efficient cryptography mechanism should enforce an access control policy over the encrypted data to provide flexible, fine‐grained, and secure data access control for secure sharing of data in cloud storage. To make a secure cloud data sharing solution, we propose a ciphertext‐policy attribute‐based proxy re‐encryption scheme. In the proposed scheme, we design an efficient fine‐grained revocation mechanism, which enables not only efficient attribute‐level revocation but also efficient policy‐level revocation to achieve backward secrecy and forward secrecy. Moreover, we use a multiauthority key attribute center in the key generation phase to overcome the single‐point performance bottleneck problem and the key escrow problem. By formal security analysis, we illustrate that our proposed scheme achieves confidentiality, secure key distribution, multiple collusions resistance, and policy‐ or attribute‐revocation security. By comprehensive performance and implementation analysis, we illustrate that our proposed scheme improves the practical efficiency of storage, computation cost, and communication cost compared to the other related schemes. 相似文献
18.
属性基加密因其细粒度访问控制在云存储中得到广泛应用。但原始属性基加密方案存在密钥托管和属性撤销问题。为解决上述问题,该文提出一种密文策略的属性基加密方案。该方案中属性权威与中央控制通过安全两方计算技术构建无密钥托管密钥分发协议解决密钥托管问题。通过更新属性版本密钥的方式达到属性级用户撤销,同时通过中央控制可以实现系统级用户撤销。为减少用户解密过程的计算负担,将解密运算过程中复杂对运算外包给云服务商,提高解密效率。该文基于q-Parallel BDHE假设在随机预言机模型下对方案进行了选择访问结构明文攻击的安全性证明。最后从理论和实验两方面对所提方案的效率与功能性进行了分析。实验结果表明所提方案无密钥托管问题,且具有较高系统效率。 相似文献
19.
20.
To protect the sensitive data outsourced to cloud server, outsourcing data in an encrypted way has become popular nowadays. However, it is not easy to find the corresponding ciphertext efficiently, especially the large ciphertext stored on cloud server. Besides, some data owners do not want those users who attempt to decrypt to know the sensitive access structure of the ciphertext because of some business or private reasons. In addition, the user attributes revocation and key updating are important issues, which affect application of ciphertext‐policy attribute‐based encryption (CP‐ABE) in cloud storage systems. To overcome the previous problems in cloud storage, we present a searchable CP‐ABE with attribute revocation, where access structures are partially hidden so that receivers cannot extract sensitive information from the ciphertext. The security of our scheme can be reduced to the decisional bilinear Diffie–Hellman (DBDH) assumption and decisional linear (DL) assumption. Copyright © 2015 John Wiley & Sons, Ltd. 相似文献