基于可撤销外包属性加密的二维码加密

摘要/Abstract

摘要： 二维码技术应用广泛,性能优越,但传统的二维码技术的安全性较低,仅适合单一权限对单一信息的扫码获取,不能实现不同权限用户扫码获取不同信息的功能。密文策略属性加密(CP-ABE)作为一种细粒度的数据加密方式,可在保证数据安全的同时实现对用户的访问控制,实现一对多模式的信息传输获取。结合二维码和密文策略属性加密技术的特点和优点,提出一种基于可撤销外包属性加密的二维码加密方案,对基于权限划分的信息块进行二次加密后外包给服务器进行相应的解密和权限匹配,再把初次解密的密文返回给用户,用户通过扫码获得私钥后进行二次解密得到明文,二维码的生成可随随机密钥的不同而变化。通过方案的安全性分析,证明了该方案具有前向安全、后向安全和在双线性q-BDHE假设下的选择明文攻击安全(IND-CPA);通过设计的实验,验证了方案在保障二维码信息安全的同时,可实现二维码的一对多的信息有选择获取,具有用户端计算开销低、属性可撤销、二维码生成随机的优点。

关键词: 二维码, 可撤销, 外包, 属性加密

Abstract: The two-dimensional code technology has a wide range of applications and superior performance,but the traditional two-dimensional code technology has low security and is only suitable for single-privilege scanning of a single information,and cannot implement different functions for users to scan different codes.As a fine-grained data encryption method,ciphertext policy attribute-based encryption (CP-ABE) can realize user access control while ensuring data security,and realize information transmission in one-to-many mode.Combining the characteristics and advantages of two-dimensional code and ciphertext policy attribute-based encryption technology,a two-dimensional code encryption scheme based on revocable outsourcing attribute encryption was proposed.The information block based on the rights division is secondarily encrypted,and then outsourced to the server for corresponding decryption and permission matching.Then the first decrypts ciphertext is returned to the user,and the user obtains the private key by scanning the code and decrypts it twice to get the plaintext.The generation of the two-dimensional code can vary with the different random keys.Through the analysis of the security of the scheme,it is proved that the scheme has forward security,backward security and selective plaintext attack security (IND-CPA) under the bilinear q-BDHE assumption.Through the design experiments,it is verified that the scheme can realize the one-to-many information of the two-dimensional code while ensuring the security of the two-dimensional code information.This scheme has the advantages of low computational overhead on the client side,reversible attributes,and random generation of two-dimensional codes.

Key words: Attribute encryption, Outsourcing, Revocable, Two-dimensional code

中图分类号:

TP309

高丹, 凌捷, 陈家辉. 基于可撤销外包属性加密的二维码加密[J]. 计算机科学, 2019, 46(12): 186-191. https://doi.org/10.11896/jsjkx.181102187

GAO Dan, LING Jie, CHEN Jia-hui. Two-dimensional Code Encryption Based on Revocable Outsourced Attribute Encryption[J]. Computer Science, 2019, 46(12): 186-191. https://doi.org/10.11896/jsjkx.181102187

参考文献

[1]YANG K,YUAN H D,GUO Y B.Two-dimensional code hierarchical encryption algorithm based on attribute encryption[J].Computer Engineering,2018,44(6):136-140.(in Chinese)
杨康,袁海东,郭渊博.基于属性加密的二维码分级加密算法[J].计算机工程,2018,44(6):136-140.
[2]LAI J,DENG R H,GUAN C,et al.Attribute-Based Encryption With Verifiable Outsourced Decryption[J].IEEE Transactions on Information Forensics and Security,2013,8(8):1343-1354.
[3]GREEN M,HOHENBERGER S,WATERS B.Outsourcing the Decryption of ABE Ciphertexts[C]//Usenix Conference on Security.San Francisco,CA,2011:34-34.
[4]MAO X,LAI J,MEI Q,et al.Generic and Efficient Constructions of Attribute-Based Encryption with Verifiable Outsourced Decryption[J].IEEE Transactions on Dependable & Secure Computing,2016,13(5):533-546.
[5]LI J,WANG Y,ZHANG Y,et al.Full Verifiability for Out- sourced Decryption in Attribute Based Encryption[J].IEEE Transactions on Services Computing,2017,5(99):1-1.
[6]LI W,XUE K,XUE Y,et al.TMACS:A Robust and Verifiable Threshold Multi-Authority Access Control System in Public Cloud Storage[J].IEEE Transactions on Parallel and Distributed Systems,2015,27(5):1484-1496.
[7]WU X,JIANG R,BHARGAVA B.On the Security of Data Access Control for Multiauthority Cloud Storage Systems[J].IEEE Transactions on Services Computing,2015,10(2):258-272.
[8]WANG Y,LI F,XIONG J,et al.Achieving Lightweight and Secure Access Control in Multi-authority Cloud[C]//Trustcom/BigDataSE/ispa.IEEE,2015:459-466.
[9]ZHANG Z Y,LI C,GUPTA B B,et al.Efficient Compressed Ciphertext Length Scheme Using Multi-Authority CP-ABE for Hierarchical Attributes[J].IEEE Access,2018,6(1):38273-38284.
[10]ZHANG R,HUI L,YIU S,et al.A Traceable Outsourcing CP-ABE Scheme with Attribute Revocation[C]//2017 IEEE Trustcom/BigDataSE/ICESS.IEEE,2017:363-370.
[11]LIU Z,WONG D S.Practical Ciphertext-Policy Attribute-Based Encryption:Traitor Tracing,Revocation,and Large Universe[C]//International Conference on Applied Cryptography and Network Security.Springer,Cham,2015:127-146.
[12]QIN B,DENG R H,LIU S,et al.Attribute-based encryption with efficient verifiable outsourced decryption[J].IEEE Transactions on Information Forensics and Security,2015,10(7):1384-1393.
[13]ZHANG P,CHEN Z,LIANG K,et al.A Cloud-Based Access Control Scheme with User Revocation and Attribute Update[M]//Information Security and Privacy.Springer International Publishing,2016.
[14]LI X,TANG S,XU L,et al.Two-Factor Data Access Control With Efficient Revocation for Multi-Authority Cloud Storage Systems[J].IEEE Access,2017,5(99):393-405.
[15]YANG K,JIA X.Expressive,Efficient,and Revocable Data Access Control for Multi-Authority Cloud Storage[J].IEEE Transactions on Parallel and Distributed Systems,2014,25(7):1735-1744.
[16]WU X,JIANG R,BHARGAVA B.On the Security of Data Access Control for Multiauthority Cloud Storage Systems[J].IEEE Transactions on Services Computing,2017,10(2):258-272.
[17]LEWKO A,WATERS B.Decentralizing Attribute-Based En- cryption[C]//Advances in Cryptology-eurocrypt-International Conference on the Theory and Applications of Cryptographic Techniques.2011:568-588.
[18]BEIMEL A.Secure Schemes for Secret Sharing and Key Distribution[D].Israel:Israel Institute of Technology,1996.
[19]DING S,LI C,LI H.A Novel Efficient Pairing-free CP-ABE Based on Elliptic Curve Cryptography for IoT[J].IEEE Access,2018,6(99):27336-27345.

相关文章 15

[1]	王梦宇, 殷新春, 宁建廷. 支持访问策略隐藏和密钥追踪的轻量级医疗数据共享方案 Lightweight Medical Data Sharing Scheme with Access Policy Hiding and Key Tracking 计算机科学, 2022, 49(3): 77-85. https://doi.org/10.11896/jsjkx.210800001
[2]	高诗尧, 陈燕俐, 许玉岚. 云环境下基于属性的多关键字可搜索加密方案 Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing 计算机科学, 2022, 49(3): 313-321. https://doi.org/10.11896/jsjkx.201100214
[3]	何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳. 多云环境中基于属性加密的高效多关键词检索方案 Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment 计算机科学, 2021, 48(11A): 576-584. https://doi.org/10.11896/jsjkx.201000026
[4]	辜双佳, 刘万平, 黄东. 基于AES和QR的快递信息加密应用 Application of Express Information Encryption Based on AES and QR 计算机科学, 2021, 48(11A): 588-591. https://doi.org/10.11896/jsjkx.210100024
[5]	陈静娴. 基于二维码技术·微信小程序技术的实验室设备管理的设计与实现 Design and Realization of Laboratory Equipment Management System Based on QR Code Technology and WeChat Mini-program Technology 计算机科学, 2020, 47(11A): 673-677. https://doi.org/10.11896/jsjkx.200400063
[6]	白利芳, 祝跃飞, 芦斌. 云数据存储安全审计研究及进展 Research and Development of Data Storage Security Audit in Cloud 计算机科学, 2020, 47(10): 290-300. https://doi.org/10.11896/jsjkx.191000111
[7]	江泽涛,黄锦,胡硕,徐智. 云计算下可撤销的全外包CP-ABE方案 Fully-outsourcing CP-ABE Scheme with Revocation in Cloud Computing 计算机科学, 2019, 46(7): 114-119. https://doi.org/10.11896/j.issn.1002-137X.2019.07.018
[8]	刘胜杰, 王静. 云环境下SNS隐私保护方案 Privacy Preserving Scheme for SNS in Cloud Environment 计算机科学, 2019, 46(2): 133-138. https://doi.org/10.11896/j.issn.1002-137X.2019.02.021
[9]	戴华, 李啸, 朱向洋, 杨庚, 易训. 面向云环境的多关键词密文排序检索研究综述 Research on Multi-keyword Ranked Search over Encrypted Cloud Data 计算机科学, 2019, 46(1): 6-12. https://doi.org/10.11896／j.issn.1002-137X.2019.01.002
[10]	张光华, 刘会梦, 陈振国. 云计算环境下基于属性的撤销方案 Attribute-based Revocation Scheme in Cloud Computing Environment 计算机科学, 2018, 45(8): 134-140. https://doi.org/10.11896/j.issn.1002-137X.2018.08.024
[11]	任晖,戴华,杨庚. 基于安全比较码的云环境隐私保护排序方法 Secure Comparator Based Privacy-preserving Sorting Algorithms for Clouds 计算机科学, 2018, 45(5): 139-142. https://doi.org/10.11896/j.issn.1002-137X.2018.05.023
[12]	葛娅敬, 赵礼峰. 基于奇异值分解的二维码加密算法 Two-dimensional Code Encryption Algorithm Based on Singular Value Decomposition 计算机科学, 2018, 45(11A): 342-343.
[13]	陶孙杰, 余涛. 基于二维码的数据传输系统设计 Design of Data Transmission System Based on 2D Code 计算机科学, 2018, 45(11A): 587-590.
[14]	初晓璐, 刘培顺. 基于公私属性的多授权中心加密方案 Multi-authority Encryption Scheme Based on Public and Private Attributes 计算机科学, 2018, 45(11): 124-129. https://doi.org/10.11896／j.issn.1002-137X.2018.11.018
[15]	王健一, 王箭. 单云服务器下的安全外包模幂运算 Secure Outsourcing Modular Exponentiations with Single Untrusted Cloud Server 计算机科学, 2018, 45(11): 155-159. https://doi.org/10.11896／j.issn.1002-137X.2018.11.023

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed