云环境下基于环签密的用户身份属性保护方案

身份属性泄漏是最严重的云计算安全威胁之一,为解决该问题,提出了一种基于环签密的身份属性保护方案.该方案以云服务的数字身份管理为研究对象,论述了去中心化的用户密钥分割管理机制,用户自主选择算子在本地生成并存储密钥,从而令注册管理者(registrar)无法获得用户完全私钥,达到消除证书管理负载的目的.另外,本方案以用户访问权限为中心设计身份属性盲环签密验证机制,令用户和CSP组成环,基于环和自身属性用户可对消息子线性盲签密以及非交互公开密文验证,用以阻止多个CSP共谋导致的身份属性泄露场景,从而保护身份属性的完整性和机密性.最后,给出密文和属性强不可伪造、盲性机制的证明结果,在DBDH困难问题假设和适应性选择密文攻击下,方案中的用户可生成3个完全私钥组件,成功阻止环成员身份伪装.为验证系统有效性,围绕身份属性保护方案的综合负载问题对盲环签密算法进行性能评估,并对比同类算法以证实系统优化结果.

Scheme on user identity attribute preserving based on ring signcryption for cloud computing

Identity attribute leak as the most severe security threat of cloud computing, in order to solve this problem, a protection scheme of identity attributes based on ring signcryption was proposed. Focused on digital identity management in cloud service, which discusses user key parting management with decentralization. Users can choose some seeds for generation and storage of key, then integrated user key cannot be acquired by registrar, based on this payload on certification management is reduced. In addition, access-centric blindness ring signcryption verification for identity attribute is designed, which constitutes ring of users and CSP, combined with own attribute users can accomplish ring-oriented sub-linear blindness signcryption and non-interactive public ciphertext verifiability for messages so that integrity and confidentiality of identity attribute can be protected avoiding identity attribute leakage in collusion of multi-CSP. At last, strong blindness and unforgeability of ciphertext and attribute is proved in proposed model, three private key components can be generated by users and identity forgeability of ring member can be prevented successfully on the condition of DBDH difficult assumption and adaptive chosen-ciphertex tattacking. Effectiveness of proposed mechanism is verified via performance evaluation of blindness ring signcryption algorithm based on comprehensive payload in identity attribute protection, and optimization is confirmed compared with similar algorithms.