共查询到18条相似文献,搜索用时 140 毫秒
1.
隐私保护是信息安全中的热点话题,其中属性基加密(ABE)中的隐私问题可分为数据内容隐私、策略隐私及属性隐私。针对数据内容、策略和属性3方面隐私保护需求,该文提出基于内积谓词的属性基隐私保护加密方案(PPES)。所提方案利用加密算法的机密性保障数据内容隐私,并通过向量承诺协议构造策略属性及用户属性盲化方法,实现策略隐私及属性隐私。基于混合论证技术,该文证明了所提方案满足标准模型下适应性选择明文安全,且具备承诺不可伪造性。性能分析结果显示,与现有方法相比,所提方案具有更优的运行效率。 相似文献
2.
3.
4.
传统的属性基加密方案虽然实现了一对多的访问控制,但仍存在单点故障、效率低下、不支持数据共享以及隐私泄露等挑战。针对以上问题,提出了一种基于区块链且支持数据共享的密文策略隐藏访问控制方案。利用素数阶双线性群和正负号与门访问结构,实现细粒度访问控制的同时避免了用户属性值的泄露;结合以太坊和星际文件系统解决了用户属性撤销问题和云存储模型中的单点故障问题,通过代理重加密的方法实现了数据共享。基于困难问题假设,证明了所提方案的安全性。仿真实验结果表明,所提方案在实现策略隐藏的同时具有较高的效率。 相似文献
5.
6.
在分布式应用中,难以在不损害用户隐私的情况下,一次性获取群体的规模与成员身份,而传统公钥加密机制由于需用接收群体每个成员的公钥加密后再分发,所以必须获取接收群体中每个成员的身份。针对这一矛盾,论文给出了一种基于CP-ABE(Ciphertext-Policy Attribute-Based Encryption,基于密文策略的属性加密体制)的访问控制系统的设计与实现方案。由于CP-ABE具有广播式的、授权人通过满足某些条件就能确定的特点,使本方案能够在保证访问控制安全性与用户隐私的前提下,对共享数据进行细粒度的访问控制,降低了共享处理开销和加密次数。通过笔者单位所开发的两套系统的实际应用,进一步证明本方案的正确性与优越性。 相似文献
7.
为解决敏感数据共享应用中的数据分发问题和提高数据共享的安全性,将属性基加密机制和使用控制技术相结合,提出一种融合访问控制机制。该机制一方面采用属性基加密机制保证了数据在存储和分发过程中的机密性,通过灵活且可扩展的访问控制策略控制敏感数据的共享范围;另一方面,通过使用控制技术实现对用户的权限控制,防止合法用户对敏感数据进行非法操作,解决共享用户中的权限滥用问题。最后,对机制的安全性和性能进行了分析,显著地降低了服务端的工作负荷,并通过实验测试了该机制的有效性。 相似文献
8.
在研究信息服务中心云存储用户的隐私保护问题时,基于属性的加密方案是一种前景看好的解决途径,它有效满足了匿名访问和数据加密等要求。然而,基于属性的加密方案只适用于对云存储服务中加密数据的认证访问。在云计算服务访问控制的环境中,部署这一方案是不切实际的。文章研究大数据中心云存储匿名访问控制的安全需求,介绍基于属性的访问控制方案构成,设计基于属性的k次匿名访问控制安全模型,描述方案的基本原理,给出方案的工作流程,并对方案的安全性和效率进行分析。 相似文献
9.
针对云计算环境中数字内容安全和用户隐私保护的需求,提出了一种云计算环境中支持隐私保护的数字版权保护方案。设计了云计算环境中数字内容版权全生命周期保护和用户隐私保护的框架,包括系统初始化、内容加密、许可授权和内容解密4个主要协议;采用基于属性基加密和加法同态加密算法的内容加密密钥保护和分发机制,保证内容加密密钥的安全性;允许用户匿名向云服务提供商订购内容和申请授权,保护用户的隐私,并且防止云服务提供商、授权服务器和密钥服务器等收集用户使用习惯等敏感信息。与现有的云计算环境中数字版权保护方案相比,该方案在保护内容安全和用户隐私的同时,支持灵活的访问控制,并且支持在线和超级分发应用模式,在云计算环境中具有较好的实用性。 相似文献
10.
11.
《中国邮电高校学报(英文版)》2014,21(6):45-77
The ciphertext-policy (CP) attribute-based encryption (ABE) (CP-ABE) emergings as a promising technology for allowing users to conveniently access data in cloud computing. Unfortunately, it suffers from several drawbacks such as decryption overhead, user revocation and privacy preserving. The authors proposed a new efficient and privacy-preserving attribute-based broadcast encryption (BE) (ABBE) named EP-ABBE, that can reduce the decryption computation overhead by partial decryption, and protect user privacy by obfuscating access policy of ciphertext and user's attributes. Based on EP-ABBE, a secure and flexible personal data sharing scheme in cloud computing was presented, in which the data owner can enjoy the flexibly of encrypting personal data using a specified access policy together with an implicit user index set. With the proposed scheme, efficient user revocation is achieved by dropping revoked user's index from the user index set, which is with very low computation cost. Moreover, the privacy of user can well be protected in the scheme. The security and performance analysis show that the scheme is secure, efficient and privacy-preserving. 相似文献
12.
Ciphertext-policy attribute-based searchable encryption (CP-ABSE) can achieve fine-grained access control for data sharing and retrieval, and secure deduplication can save storage space by eliminating duplicate copies. However, there are seldom schemes supporting both searchable encryption and secure deduplication. In this paper, a large universe CP-ABSE scheme supporting secure block-level deduplication are proposed under a hybrid cloud mechanism. In the proposed scheme, after the ciphertext is inserted into bloom filter tree (BFT), private cloud can perform fine-grained deduplication efficiently by matching tags, and public cloud can search efficiently using homomorphic searchable method and keywords matching. Finally, the proposed scheme can achieve privacy under chosen distribution attacks block-level (PRV-CDA-B) secure deduplication and match-concealing (MC) searchable security. Compared with existing schemes, the proposed scheme has the advantage in supporting fine-grained access control, block-level deduplication and efficient search, simultaneously. 相似文献
13.
Attribute-based fully homomorphic encryption scheme over rings 总被引:1,自引:0,他引:1
The fully homomorphic encryption has important applications in the area of data security and privacy security of cloud computing,but the size of secret keys and ciphertext in most of current homomorphic encryption schemes were too large,which restricted its practical.To improve these drawbacks,a recoding scheme and a attribute-based encryption scheme based on learning with errors problem over rings were provided,then a attribute-based fully homomorphic encryption was constructed.The new scheme overcame the above mentioned drawbacks,because it did't need public key certificate,meanwhile,it can achieve the fine-grained access control to the ciphertext.Compared with similar results,proposed method decreases the size of keys and ciphertext greatly. 相似文献
14.
To solve LWE-based proxy re-encryption schemes cannot achieve fine-grained access and low efficiency problem,a ciphertext-policy attribute-based proxy re-encryption scheme was proposed.The scheme based on linear secret sharing scheme,RLWE and attribute encryption could shorten the key size,reduce the ciphertext space and improve the efficiency of encryption and decryption.At the same time,the linear secret sharing matrix was used as an access matrix to meet the requirements of authorized person fine-grained commissioning control and to resist the collusion between the agent and the authorized person.In addition,the proposed scheme is shown to be secure under the ring learning with errors assumption in the standard model. 相似文献
15.
Mobile healthcare (mHealth) is an emerging technology which facilitates the share of personal health records (PHR),however,it also brings the risk of the security and privacy of PHR.Attribute-based encryption (ABE) is regarded as a new cryptology to enhance fine-grained access control over encrypted data.However,existing attribute-based mHealth systems either lack of efficient traceable approach,or support only single authority.A traceable multi-authority attribute-based access control mHealth scheme was proposed,which was constructed over composite order groups and supports any monotonic access structures described by linear secret sharing scheme (LSSS).The adaptive security was proved under subgroup decisional assumptions.The traceability was proved under k-strong Diffie-Hellman (k-SDH) assumption.The performance analysis indicates that the proposed scheme is efficient and available. 相似文献
16.
随着云计算的发展,越来越多的用户在使用个人健康记录(PHR)云管理系统,由于PHR包含了患者的隐私信息,因此一般在将PHR上传到云平台之前会先对其进行加密。基于比较的加密(CBE)在基于属性的访问策略中实现了时间比较,然而CBE加密时间与访问策略中的属性数目线性增长,从而导致其开销过大;同时,方案难以实时撤销用户的访问权限。该文提出支持用户撤销的细粒度访问控制(FGUR)方案,通过将属性层次引入到CBE中,同时结合广播密文策略的基于属性加密(BCP-ABE),高效地实现PHR云管理系统中的细粒度访问控制及用户实时撤销。实验结果表明,与CBE相比,FGUR方案在加密开销和动态访问权限方面具有更好的性能。 相似文献
17.
近年来,可搜索加密技术及细粒度访问控制的属性加密在云存储环境下得到广泛应用。考虑到现存的基于属性的可搜索加密方案存在仅支持单关键词搜索而不支持属性撤销的问题,以及单关键词搜索可能造成返回搜索结果部分错误并导致计算和宽带资源浪费的缺陷,该文提出一种支持属性撤销的可验证多关键词搜索加密方案。该方案允许用户检测云服务器搜索结果的正确性,同时在细粒度访问控制结构中支持用户属性的撤销,且在属性撤销过程中不需要更新密钥和重加密密文。该文在随机预言机模型下基于判定性线性假设被证明具有抵抗选择关键词集攻击安全性及关键词隐私性,同时从理论和实验两方面分析验证了该方案具有较高的计算效率与存储效率。
相似文献18.
The online social networks(OSNs) offer attractive means for social interactions and data sharing, as well as raise a number of security and privacy issues. Although current solutions propose to encrypt data before sharing, the access control of encrypted data has become a challenging task. Moreover, multiple owners may enforce different access policy to the same data because of their different privacy concerns. A digital rights management(DRM) scheme is proposed for encrypted data in OSNs. In order to protect users' sensitive data, the scheme allows users outsource encrypted data to the OSNs service provider for sharing and customize the access policy of their data based on ciphertext-policy attribute-based encryption. Furthermore, the scheme presents a multiparty access control model based on identity-based broadcast encryption and ciphertext-policy attribute-based proxy re-encryption, which enables multiple owners, such as tagged users who appear in a single data, customize the access policy collaboratively, and also allows the disseminators update the access policy if their attributes satisfy the existing access policy. Security analysis and comparison indicate that the proposed scheme is secure and efficient. 相似文献