面向云存储的属性基双边访问控制方案  

作　　者：李琦[1,2,3] 樊昊源[1] 陈伟 熊金波 韩立东[2] 李瑞[5] LI Qi;FAN Haoyuan;CHEN Wei;XIONG Jinbo;HAN Lidong;LI Rui(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Key Laboratory of Cryptography of Zhejiang Province,Hangzhou Normal University,Hangzhou 311121,China;Tongda College of Nanjing University of Posts and Telecommunications,Yangzhou 225127,China;College of Computer and Cyber Security,Fujian Normal University,Fuzhou 350117,China;The School of Computer Science and Technology,Xidian University,Xi’an 710071,China)

机构地区：[1]南京邮电大学计算机学院,江苏南京210023 [2]杭州师范大学浙江省密码技术重点实验室,浙江杭州311121 [3]南京邮电大学通达学院,江苏扬州225127 [4]福建师范大学计算机与网络空间安全学院,福建福州350117 [5]西安电子科技大学计算机科学与技术学院,陕西西安710071

出　　处：《通信学报》2024年第4期128-136,共9页Journal on Communications

基　　金：国家自然科学基金资助项目(No.62272102,No.62172320,No.U21A20466);江苏省高等学校基础科学(自然科学)研究基金资助项目(No.22KJB520029);浙江省密码技术重点实验室基金资助项目(No.ZCL21015);南京邮电大学校级自然科学基金资助项目(No.NY222141)。

摘　　要：针对目前云存储中细粒度双边访问控制机制安全模型较弱且外包解密结果缺乏验证的问题,提出了一种面向云存储数据的属性基双边访问控制方案。首先,提出了自适应安全可验证外包双边CP-ABE的形式化定义和安全模型;其次,以此为基础并结合批量可验证技术在合数阶群上设计了双边访问控制方案,支持数据拥有者与数据使用者同时为对方定义访问策略;最后,安全性分析表明,所提方案在自适应安全模型下针对选择明文攻击与选择消息攻击是不可区分的和存在性不可伪造的。实验结果显示,所提方案减轻了用户端的匹配、解密以及验证阶段的计算开销。In the existing cloud storage systems,the fine grained and bilateral access control schemes suffer from weak security model and unverifiable outsourced decryption result.To address this problem,an attribute-based bilateral access control scheme for cloud storage was proposed.Firstly,the formal definition and secure model of adaptively secure and verifiable outsourced bilateral CP-ABE was given.Secondly,combining with the batch verification technology,the attribute based bilateral access control scheme was constructed on the composite order groups,which enabled both the data owner and data user to simultaneously define the access policies for each other.Finally,the security analysis showed that the proposed scheme was indistinguishable and existential unforgeable under adaptive security models against chosen plaintext attacks and chosen message attacks,respectively.The experimental results show that the proposed scheme achieves high performance on the user side,where the computational overhead of matching,decryption,and verification is reduced.

关 键 词：云存储 双边访问控制 自适应安全 批量可验证 外包解密 

分 类 号：TN92[电子电信—通信与信息系统]