可信执行环境赋能的云数据动态群组访问控制

doi:10.19665/j.issn1001-2400.2023.04.019

Abstract

Abstract:

The prevalence of cloud storage service has attracted many users to outsource their data to cloud platforms.In order to protect personal privacy,data are encrypted before being outsourced to the cloud,which brings great inconvenience for data sharing through the cloud platforms.The key challenge lies in how to design a cryptography-based group access control scheme to support users to share ciphertext data safely and conveniently with reasonable computing/storage overhead.To this end,by considering the existing research efforts,and based on an existing scheme that combines identity-based broadcast encryption,attribute encryption and proxy re-encryption,a low-overhead,fine-grained cloud storage data dynamic group access control mechanism based on trusted computing environment is proposed.By introducing a trusted execution environment,such as Intel^® software guard extensions (SGX),the cryptographic operation within the original scheme is significantly simplified.At the same time,by introducing the idea of subgroup partition,the management overhead of dynamic group access control is further optimized.Simulation results show that,compared with the original scheme,this scheme not only effectively protects data privacy,but also provides dynamic access control capabilities for fine-grained ciphertext data,which greatly reduces computational complexity.

Key words: identity based broadcast encryption, SGX, dynamic group access control

CLC Number:

TP309.2

LI Yue,SONG Qipeng,JIA Hao,DENG Xin,MA Jianfeng. Trusted execution environment enabled dynamic group access control for data in cloud[J].Journal of Xidian University, 2023, 50(4): 194-205.

Figures/Tables 9

References 21

[1]	GOH E J, SHACHAM H, MODADYGU N, et al. SiRiUS:Securing Remote Untrusted Storage[C]// Proceedings of the Network and Distributed System Security Symposium (NDSS). San Diego: NDSS, 2003:131-145.
[2]	KIM J, SUSILO W, AU M H, et al. Adaptively Secure Identity-Based Broadcast Encryption with A Constant-Sized Ciphertext[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(3):679-693. doi: 10.1109/TIFS.2014.2388156
[3]	DELERABLEE C. Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys[C]// International Conference on the Theory and Application of Cryptology and Information Security.Heidelberg:Springer, 2007:200-215.
[4]	GOYAL V, PANDEY O, SAHAI A, et al. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data[C]// Proceedings of the 13th ACM Conference on Computer and Communications Security. New York: ACM, 2006:89-98.
[5]	BLAZE M, BLEUMER G, STRAUSS M. Divertible Protocolsand Atomic Proxy Cryptography[C]// International Conference on the Theory and Applications of Cryptographic Techniques.Heidelberg:Springer, 1998:127-144.
[6]	GE C, LIU Z, XIA J, et al. Revocable Identity-Based Broadcast Proxy Re-Encryption for Data Sharing in Clouds[J]. IEEE Transactions on Dependable and Secure Computing, 2019, 18(3):1214-1226. doi: 10.1109/TDSC.2019.2899300
[7]	WENG J, DENG R H, DING X, et al. Conditional Proxy Re-Encryption Secure Against Chosen-ciphertext Attack[C]// Proceedings of the 4th International Symposium on Information,Computer,and Communications Security. New York: ACM, 2009:322-332.
[8]	GE C, SUSILO W, WANG J, et al. Identity-Based Conditional Proxy Re-Encryption with Fine Grain Policy[J]. Computer Standards & Interfaces, 2017, 52:1-9. doi: 10.1016/j.csi.2016.12.005
[9]	GE C, ZHOU L, XIA J, et al. A Secure Fine-Grained Identity-Based Proxy Broadcast Re-Encryption Scheme for Micro-Video Subscribing System in Clouds[C]// International Symposium on Security and Privacy in Social Networks and Big Data.Heidelberg:Springer, 2019:139-151.
[10]	DENG H, ZHANG J, QIN Z, et al. Policy-Based Broadcast Access Authorization for Flexible Data Sharing in Clouds[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 19(5):3024-3037. doi: 10.1109/TDSC.2021.3080282
[11]	GE C, WILLY S, JOONASNG B, et al. A Verifiable and Fair Attribute-Based Proxy Re-Encryption Scheme for Data Sharing in Clouds[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(5):2907-2919. doi: 10.1109/TDSC.2021.3076580
[12]	MD A I, MADRIA S K. Attribute-Based Encryption Scheme for Secure Multi-Group Data Sharing in Cloud[J]. IEEE Transactions on Services Computing, 2022, 15(4):2158-2172. doi: 10.1109/TSC.2020.3038836
[13]	曾辉祥, 习宁, 谢晴晴, 等. 抗属性篡改的去中心化密文数据安全共享[J]. 西安电子科技大学学报, 2022, 49(2):135-145.
	ZENG Huixiang, XI Ning, XIE Qingqing, et al. Decentralized Ciphertext Sharing Based on Blockchain[J]. Journal of Xidian University, 2022, 49(2):135-145.
[14]	牛淑芬, 杨平平, 谢亚亚, 等. 区块链上基于云辅助的密文策略属性基数据共享加密方案[J]. 电子与信息学报, 2021, 43(7):1864-1871.
	NIU Shufen, YANG Pingping, XIE Yaya, et al. Cloud-Assisted Ciphertext Policy Attribute Based Encryption Data Sharing Encryption Scheme Based on BlockChain[J] Journal of Electronics & Information Technology, 2021, 43(7):1864-1871.
[15]	邱云翔, 张红霞, 曹琪, 等. 基于CP-ABE算法的区块链数据访问控制方案[J]. 网络与信息安全学报, 2020, 6(3):88-98.
	QIU Yunxiang, ZHANG Hongxia, CAO Qi, et al. Blockchain Data Access Control Scheme Based on CP-ABE Algorithm[J]. Chinese Journal of Network and Information Security, 2020, 6(3):88-98.
[16]	GAO S, PIAO G, ZHU J, et al. Trustaccess:A Trustworthy Secure Ciphertext-Policy And Attribute Hiding Access Control Scheme Based on Blockchain[J]. IEEE Transactions on Vehicular Technology, 2020, 69(6):5784-5798. doi: 10.1109/TVT.25
[17]	LI T, ZHANG J, LIN Y, et al. Blockchain-Based Fine-Grained Data Sharing For Multiple Groups in Internet of Things[J]. Security and Communication Networks, 2021, 2021:1-13.
[18]	SUN J, XU G, ZHANG T, et al. Verifiable,Fairand Privacy-Preserving Broadcast Authorization for Flexible Data Sharing in Clouds[J]. IEEE Transactions on Information Forensics and Security, 2022, 18:683-698. doi: 10.1109/TIFS.2022.3226577
[19]	SUN J, XIONG H, LIU X, et al. Lightweightand Privacy-aware Fine-grained Access Control for IoT-oriented Smart Health[J]. IEEE Internet of Things Journal, 2020, 7(7):6566-6575. doi: 10.1109/JIoT.6488907
[20]	GARRISON W C, SHULL A, MYERS S, et al. On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud[C]// 2016 IEEE Symposium on Security and Privacy (SP).Piscataway:IEEE, 2016:819-838.
[21]	赵波, 袁安琪, 安杨. SGX在可信计算中的应用分析[J]. 网络与信息安全学报, 2021, 7(6):126-142.
	ZHAO Bo, YUAN Anqi, AN Yang. Application Progress of SGX in Trusted Computing Area[J]. Chinese Journal of Network and Information Security, 2021, 7(6):126-142.

操作	PBAA	PBAA-SGX
系统设置阶段	O(\|S\|)	O(\|p\|)
用户注册阶段	O(1)	O(1)
加密阶段	O(\|S\|²)	O(\|p\|)
委托密钥生成阶段	O(\|S'\|²)	O(\|p\|)
重加密阶段	O(\|S'\|²)	O(\|p\|)
原始密文解密阶段	O(\|S\|²)	O(\|p\|²)
重加密密文解密阶段	O(\|S'\|²)	O(\|p\|²)

Trusted execution environment enabled dynamic group access control for data in cloud

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 21

Related Articles 14

Metrics

Comments

Recommended 10

[1]	YAN Yan,DONG Zhuoyue,XU Fei,FENG Tao. Localized location privacy protection method using the Hilbert encoding [J]. Journal of Xidian University, 2023, 50(2): 147-160.
[2]	MIAO Meixia,WU Panru,WANG Yunling. Research progress and applications of cryptographic accumulators [J]. Journal of Xidian University, 2022, 49(1): 78-91.
[3]	SI Chengxiang,GAO Feng,ZHU Liehuang,GONG Guopeng,ZHANG Can,CHEN Zhuo,LI Ruiguang. Covert data transmission mechanism based on dynamic label in blockchain [J]. Journal of Xidian University, 2020, 47(5): 94-102.
[4]	MA Zhuoran, MA Jianfeng, MIAO Yinbin, SUN Cong. State transition-based access control model in the UAV network [J]. Journal of Xidian University, 2018, 45(6): 44-50.
[5]	ZHANG Hongbin;PEI Qingqi;WANG Chao;WANG Meihua. Sensing insider threat based on access vectors [J]. J4, 2014, 41(1): 110-115.
[6]	LI Huixian. Design and analysis of the light-weight mutual authentication protocol for RFID [J]. J4, 2012, 39(1): 172-178.
[7]	ZHOU Hua;MENG Xiang-ru;ZHANG Li;QIAO Xiang-dong. Proactive recovery algorithm in the distributed intrusion-tolerance system [J]. J4, 2009, 36(2): 378-384.
[8]	LI Hui-xian1;CAI Wan-dong1;PEI Qing-qi2. Design and analysis of a verifiable secret sharing scheme [J]. J4, 2008, 35(1): 148-151.
[9]	ZHANG Fan;MA Jian-feng. Security analysis of the Chinese wireless LAN standard implementation plan [J]. J4, 2005, 32(4): 545-548.
[10]	WEI Bao-dian;LIU Jing-wei;WANG Xin-mei. Two novel calculations of coordinates of finite field elements [J]. J4, 2004, 31(4): 518-522.
[11]	WEI Bao-dian1;2;LIU Jing-wei1;WANG Xin-mei1. The NESSIE block ciphers and their security [J]. J4, 2004, 31(3): 377-382.
[12]	WEI Bao-dian;LIU Dong-su;WANG Xin-mei. The correctional Square-6 attack [J]. J4, 2004, 31(1): 67-71.
[13]	ZHU Jian-ming1;2;MA Jian-feng1. Intrusion-tolerant based architecture for database system security [J]. J4, 2003, 30(1): 85-89.
[14]	WEI Bao-dian;MA Wen-ping;WANG Xin-mei. The algebraic expression for the AES Sbox [J]. J4, 2003, 30(1): 29-32.