属性基代理重加密算法研究

发布时间：2018-10-09 18:57

【摘要】：云计算作为近年来兴起的一种基于互联网的服务模式,逐渐地得到推广和普及。它能将网络中不同地域、不同类型的资源整合起来协同工作,以此来满足用户存储和处理海量数据的需求,极大地提高了资源利用率,降低了用户使用成本。但云存储的服务模式也带来了新的安全隐患,其中一个必须考虑的问题就是如何在存储介质位于用户控制范围之外的条件下,在保护用户数据机密性的同时实现合法用户对资源细粒度的访问控制及高效的共享。基于属性的密码学是近年来密码学研究中的一个热门方向,它能够有效的实现数据细粒度的非交互访问控制,因此具有广泛的应用前景。代理重加密技术适用于需要进行密文转换的场景,并且通过将密文转换工作交给代理减轻用户端的工作负担,可以满足云端加密数据高效共享的需求。在这种情况下,将代理重加密技术应用到属性基密码体制中,提出了属性基代理重加密。在属性基代理重加密系统中,若用户A拥有解密权限,则用户A可以给一个被称作是重加密代理的半可信代理服务器发送针对用户B的重加密密钥,重加密代理就利用接收到的重加密密钥将原始密文转换成用户B利用自己的私钥就可以解密的重加密密文,从而实现用户之间高效的数据共享。我们称用户A为重加密授权者,用户B为重加密解密者。且在上述密文转换过程中,重加密代理无法获取重加密授权者和重加密解密者的私钥以及密文中对应明文的任何信息。然而,现有属性基代理重加密方案在安全性及效率方面均存在不足,针对这些问题,本文提出一个新的属性基代理重加密方案。新的方案可以被证明是适应性安全的,消除了较弱安全模型中对攻击者攻击能力的限制,可以抵御更强类型的攻击者。同时,加密者还具有重加密控制功能,即加密者可以决定一个密文是否能被重加密。通过与现有的方案进行对比,可知新的属性基代理重加密方案在计算量和性能等方面都具有明显优势,更适合于实际的应用。新的方案可以被用于分布式文件系统、云存储环境以及电子医疗服务等场景,能够解决数据在公共服务器中的安全存储和细粒度访问控制等问题。
[Abstract]:Cloud computing, as a service model based on internet, has been popularized and popularized gradually in recent years. It can integrate different regions and different types of resources to work together to meet the needs of users to store and process large amounts of data. It greatly improves the utilization of resources and reduces the cost of users. However, the service mode of cloud storage also brings new security risks. One of the problems that must be considered is how to store media outside the user's control. While protecting the confidentiality of user data, the access control and efficient sharing of resource by legitimate users are realized. Attribute-based cryptography is a hot research direction in cryptography in recent years. It can effectively realize non-interactive access control of data fine-grained, so it has a wide application prospect. Proxy reencryption technology is suitable for scenarios where ciphertext conversion is needed and can meet the requirement of efficient sharing of encrypted data in cloud by handing ciphertext conversion over to agent to lighten the workload of client. In this case, agent reencryption technology is applied to attribute-based cryptosystem, and attribute-based agent reencryption is proposed. In the attribute base agent reencryption system, if user A has decryption permission, user A can send a reencryption key for user B to a semi-trusted proxy server called reencryption agent. The reencryption agent converts the original ciphertext into a reencrypted ciphertext which can be decrypted by the user B using its own private key using the received reencryption key so as to achieve efficient data sharing among users. We call user A heavy encryption Authorizer and user B heavy encryption decryptor. In the process of ciphertext conversion, the reencryption agent is unable to obtain the private key of the reencryption authorizer and the decryptor and any information corresponding to the plaintext in the ciphertext. However, the existing attribute-based agent reencryption schemes are insufficient in terms of security and efficiency. In order to solve these problems, a new property-based agent reencryption scheme is proposed in this paper. The new scheme can be proved to be adaptive, which eliminates the limitation of the attacker's attack ability in the weaker security model, and can resist the stronger type of attacker. At the same time, the encryptor also has the function of reencrypting, that is, the encryptor can decide whether a ciphertext can be reencrypted. By comparing with the existing schemes, it can be seen that the new attribute-based agent reencryption scheme has obvious advantages in computation and performance, and is more suitable for practical applications. The new scheme can be used in distributed file system, cloud storage environment, electronic medical service and so on. It can solve the problem of secure storage and fine-grained access control of data in public server.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TN918.4

【参考文献】