An improved scheme of policy hiding based on group signature
Zhu Lin,Zhang Wei,Xie Baowen
(School of Computer Science and Information Engineering,Harbin Normal University,Harbin 150025,China)
Abstract: Aiming at the problem that the access strategy reveal privacy in the decryption phase of Ciphertext policy attribute based encryption(CPABE)scheme,an improved scheme of group signature strategy hiding is proposed.Firstly,the attribute set is constructed by the weight threshold access structure,and the attribute set of the challenger and the enemy is determined in the security model.Secondly,the group signature method is applied to realize the hiding of the access policy.Finally,an algorithm for the improved strategy hiding scheme is constructed to prove the security of the scheme.We prove that the improved group signature scheme can protect the privacy of users,also can be used in a wider range by comparative analysis.
Key words : hidden policy;attributebased encryption;attribute weight;group signature
0 引言
云計算、邊緣計算等新型的計算模式興起,使得對數(shù)據(jù)的處理效率顯著提高,但也存在一些安全問題,比如存儲在云端的隱私被泄露、云端的數(shù)據(jù)被濫用、云端被黑客入侵等。為了解決這些安全問題,SAHAI A等人提出了基于屬性的加密機制(Attribute-Based Encryption,ABE),以實現(xiàn)細粒度的訪問控制。GOYAL V等人根據(jù)制定訪問策略角色的不同情況,進一步將ABE細分為基于密鑰策略的屬性加密(Key Policy Attribute Based Encryption,KP-ABE)以及基于密文策略的屬性加密(Ciphertext Policy Attribute Based Encryption,CP-ABE)兩種方案。首先在KPABE方案中,密鑰對應(yīng)一個訪問策略,密文對應(yīng)一個數(shù)據(jù)擁有者的屬性集合,如要實現(xiàn)成功解密,用戶屬性集合中的子屬性就必須滿足訪問策略的結(jié)構(gòu)。在CP-ABE方案中,與KP-ABE方案相反,密鑰對應(yīng)一個數(shù)據(jù)擁有者的屬性集合,密文對應(yīng)一個訪問策略,如要實現(xiàn)成功解密,用戶屬性集合中的子屬性也必須要滿足訪問策略的結(jié)構(gòu)。但是在這種方案下,會出現(xiàn)一個隱患,由于訪問策略自身就包含了隱私信息,解密時,又會將密文以及訪問策略一同發(fā)給用戶,極大增加了用戶的安全風險。