共查询到19条相似文献,搜索用时 46 毫秒
1.
2.
3.
4.
为了保护用户在移动社交网络中的个人信息和交友偏好等隐私,该文提出支持外包解密的基于密文策略的属性基加密(CP-ABE)方案。在该方案中,将用户的交友偏好和自我描述分别生成属性列表,通过将交友偏好转换为密文控制策略,自我描述转化为属性密钥来隐藏属性,从而实现隐私保护。该方案提出了先匹配后解密的算法机制:社交平台对用户信息进行匹配验证,当满足相应的匹配条件时,该算法将计算量较大的双线性对运算外包给交友中心,之后用户再对密文解密。通过快速排除不匹配用户,避免了无效解密。外包解密在保护信息的同时,减少了移动设备的计算负担和通信开销。安全性分析表明,该方案是安全有效的,此外性能评估显示所提方案在计算和通信开销方面是高效且实用的。 相似文献
5.
电子云医疗正逐步取代传统纸质,成为记录患者医疗数据和信息的主要方式.电子云医疗将患者医疗数据存储于云上,既有助于医院对病人信息的高效管理,更有助于医生对患者病情做出精准判断.但由于数据存储在远程云上,患者医疗信息的私密性、安全性无法得到保证.文章基于密码学提出一个指定验证者签密方案,对存储于云上的医疗数据进行签密处理.... 相似文献
6.
7.
为解决发送者和接收者都具有匿名性的基于属性签密方案中密钥泄露的问题,将密钥隔离机制引入到基于属性签密方案中,给出了基于属性密钥隔离签密的形式化定义和安全模型,构建了随机预言模型下安全的基于属性的密钥隔离签密方案。改进后的方案不仅没有失去原有的双向匿名性,而且满足前向安全性和后向安全性的要求,减轻了密钥泄露带来的危害。最后在安全模型的基础上,给出了双向匿名的基于属性的密钥隔离签密的机密性、认证性和匿名性的安全性证明。 相似文献
8.
9.
为解决具有多个接收方时的消息安全传输问题,设计了一种基于编码的多接收方广义签密方案.首先,设计了一个能够满足IND-CCA2安全的多次加密McEliece方案;然后,与CFS签名方案相结合设计了基于编码的多接收方签密与广义签密方案.安全性分析表明,该多接收方广义签密方案在机密性方面能够满足IND-CCA2安全,在不可伪... 相似文献
10.
结合代理签密和自认证签密的理论,构造了一个基于pairings的自认证多接收者代理签密方案.由于用户公钥具有自认证性,无需权威机构签发证书,同时用户私钥也只有自己知道,因此,与已有文献相比,此方案具有很好的安全性和实用性. 相似文献
11.
针对现有属性基可搜索加密方案缺乏对云服务器授权的服务问题,该文提出一种基于授权的可搜索密文策略属性基加密(CP-ABE)方案。方案通过云过滤服务器、云搜索服务器和云存储服务器协同合作实现搜索服务。用户可将生成的授权信息和陷门信息分别发送给云过滤服务器和云搜索服务器,在不解密密文的情况下,云过滤服务器可对所有密文进行检测。该方案利用多个属性授权机构,在保证数据机密性的前提下能进行高效的细粒度访问,解决数据用户密钥泄露问题,提高数据用户对云端数据的检索效率。通过安全性分析,证明方案在提供数据检索服务的同时无法窃取数据用户的敏感信息,且能够有效地防止数据隐私的泄露。 相似文献
12.
《电子学报:英文版》2016,(4):632-640
In order to provide a secure, reliable and flexible way to hide information, a new attribute-based signcryption scheme based on ciphertext-policy and its se-curity proof are presented. This scheme not only can simul-taneously fulfil both authentication and confidentiality in an e?cient way, but also implements a hierarchical decryp-tion in one group and also between different groups accord-ing to user’s authority (different users satisfying the same access structure can be considered as a group). We provide a solution to information hiding using our proposed scheme which can embed ciphertext into a carrier. Because the hi-erarchical decryption property, different users will obtain different message from the same carrier. Illegal user can not get any information without private key because mes-sage existed in the carrier is ciphertext. Such solution can be applied in sharing important message under the public network. 相似文献
13.
Qinlong HUANG;Zhaofeng MA;Yixian YANG;Jingyi FU;Xinxin NIU 《电子学报:英文版》2015,24(4):862-868
Ciphertext-policy attribute-based encryption (CP-ABE) is becoming a promising solution to guarantee data security in cloud computing. In this paper, we present an attribute-based secure data sharing scheme with Efficient revocation (EABDS) in cloud computing. Our scheme first encrypts data with Data encryption key (DEK) using symmetric encryption and then encrypts DEK based on CP-ABE, which guarantees the data confidentiality and achieves fine-grained access control. In order to solve the key escrow problem in current attribute based data sharing schemes, our scheme adopts additively homomorphic encryption to generate attribute secret keys of users by attribute authority in cooperation with key server, which prevents attribute authority from accessing the data by generating attribute secret keys alone. Our scheme presents an immediate attribute revocation method that achieves both forward and backward security. The computation overhead of user is also reduced by delegating most of the decryption operations to the key server. The security and performance analysis results show that our scheme is more secure and efficient. 相似文献
14.
15.
Wei Song Yu Wu Yihui Cui Qilie Liu Yuan Shen Zicheng Qiu Jianjun Yao Zhiyong Peng 《Digital Communications & Networks》2022,8(1):33-43
Cloud data sharing service, which allows a group of people to access and modify the shared data, is one of the most popular and efficient working styles in enterprises. Recently, there is an uprising trend that enterprises tend to move their IT service from local to cloud to ease the management and reduce the cost. Under the new cloud environment, the cloud users require the data integrity verification to inspect the data service at the cloud side. Several recent studies have focused on this application scenario. In these studies, each user within a group is required to sign a data block created or modified by him. While a user is revoked, all the data previously signed by him should be resigned. In the existing research, the resigning process is dependent on the revoked user. However, cloud users are autonomous. They may exit the system at any time without notifying the system admin and even are revoked due to misbehaviors. As the developers in the cloud-based software development platform, they are voluntary and not strictly controlled by the system. Due to this feature, cloud users may not always follow the cloud service protocol. They may not participate in generating the resigning key and may even expose their secret keys after being revoked. If the signature is not resigned in time, the subsequent verification will be affected. And if the secret key is exposed, the shared data will be maliciously modified by the attacker who grasps the key. Therefore, forcing a revoked user to participate in the revocation process will lead to efficiency and security problems. As a result, designing a practical and efficient integrity verification scheme that supports this scenario is highly desirable. In this paper, we identify this challenging problem as the asynchronous revocation, in which the revocation operations (i.e., re-signing key generation and resigning process) and the user's revocation are asynchronous. All the revocation operations must be able to be performed without the participation of the revoked user. Even more ambitiously, the revocation process should not rely on any special entity, such as the data owner or a trusted agency. To address this problem, we propose a novel public data integrity verification mechanism in which the data blocks signed by the revoked user will be resigned by another valid user. From the perspectives of security and practicality, the revoked user does not participate in the resigning process and the re-signing key generation. Our scheme allows anyone in the cloud computing system to act as the verifier to publicly and efficiently verify the integrity of the shared data using Homomorphic Verifiable Tags (HVTs). Moreover, the proposed scheme resists the collusion attack between the cloud server and the malicious revoked users. The numerical analysis and experimental results further validate the high efficiency and scalability of the proposed scheme. The experimental results manifest that re-signing 10,000 data blocks only takes 3.815 ?s and a user can finish the verification in 300 ?ms with a 99% error detection probability. 相似文献
16.
医疗云存储服务是云计算技术的一个重要应用,同时外包医疗数据的完整性和用户的身份隐私保护已变得越来越重要。该文提出适用于无线医疗传感器网络的支持条件身份匿名的外包云存储医疗数据轻量级完整性验证方案。方案结合同态哈希函数设计了聚合签名,通过第三方审计者(TPA)对外包云存储医疗数据进行完整性验证,在TPA端存放审计辅助信息,利用同态哈希函数的同态性质将TPA端的计算优化为常量运算,大大降低了第三方审计者的计算开销,同时支持TPA对多个数据文件执行批量验证,其验证开销几乎是恒定的,与医疗数据文件的数量无关。方案有效防止了第三方审计者通过求解线性方程恢复原始医疗数据,并且设计了条件身份匿名算法,密钥生成中心(PKG)根据用户唯一标识的身份信息为用户生成匿名身份及对应的签名私钥。即使攻击者截获到用户传输的医疗数据,也无法获知拥有此数据的真实身份,有效避免了对公钥证书的复杂管理,同时使得密钥生成中心可以有效追踪医疗信息系统中具有恶意行为的用户。安全性分析与性能评估结果表明该方案能够安全高效地部署在云辅助无线医疗传感器网络。 相似文献
17.
18.
票据减联系统是指运用现代通信技术和计算机技术,实现票据的某些环节或全流程的电子化处理,从而满足主管部门监管及核查票据的需要。本文提出了一种采用完整性鉴别方法实现票据减联的技术,保证票据的正确生成、可靠存储以及完整准确核查功能。系统大幅度降低了票据印制和管理成本,具有广阔的市场应用前景。 相似文献
19.
The Online social networks (OSNs) offer attractive means for social interactions and data sharing, but also raise a number of security and privacy issues. Since the OSNs service provider is always semi-trusted, current solutions propose to encrypt data before sharing. However, data encryption causes a lot of inconveniences and large overheads for data dissemination and data retrieval. In this paper, we propose a secure data sharing and retrieval scheme in cloud-based OSNs. Based on ciphertext-policy attribute-based encryption, our scheme achieves multi- party access control, which allows data owners to outsource encrypted data to the OSNs service provider for sharing, and enables data disseminators to disseminate the data owners' data by customizing new access policy. Our scheme also provides searchable encryptlon scheme to support fast searches in massive amount of encrypted data from both data owners and data disseminators. Further, our scheme preserves the privacy of data owners and data retrievers during the data sharing and retrieval processes. In addition, the computation overhead of data retrievers is reduced by delegating most of the decryption operations to the OSNs service provider. The security and performance analysis results indicate that our scheme is secure and privacy-preserving. 相似文献