2013 年 8 月 Journal on Communications August 2013
第 34 卷第 Z1 期
通 信 学 报
Vol.34
No. Z1
具有细粒度访问控制的隐藏关键词可搜索加密方案
扬旸
1,2
,林柏钢
1,2
,马懋德
1,3
(1. 福州大学 数学与计算机工程学院,福建 福州 350108;
2. 福州大学 网络系统信息安全福建省高校重点实验室,福建 福州 350108;
3. 南洋理工大学 电子与电气工程学院,新加坡 新加坡 639798)
摘 要:针对现有的可搜索加密算法在多用户环境中密钥管理难度大并且缺乏细粒度访问控制机制的问题,利用
基于密文策略的属性加密机制(CP-ABE, ciphertext-policy attribute based encryption)实现了对隐藏关键词可搜索加
密方案的细粒度访问控制。数据拥有者可以为其在第三方服务器中存储的加密指定灵活的访问策略,只有自身属
性满足该访问策略的用户才有权限对数据进行检索和解密。同时还能够实现对用户的增加与撤销。安全性分析表
明方案不仅可以有效地防止隐私数据的泄露,还可以隐藏关键词的信息,使得第三方服务器在提供检索功能的同
时无法窃取用户的任何敏感信息。方案的效率分析表明,该系统的检索效率仅为数十微秒,适合在大型应用系统
中使用。
关键词:隐藏关键词检索;可搜索加密;细粒度访问控制;用户增加与撤销
中图分类号:TN918.1 文献标识码:A 文章编号:1000-436X(2013)Z1-0092-09
Secure hidden keyword searchable encryption schemewith
fine-grained and flexible access control
YANG Yang
1,2
, LIN Bo-gang
1,2
, MA Mao-de
1,3
(1. College of Mathematics and Computer Science, Fuzhou University, Fuzhou 350108, China;
2. Key Lab of Information Security of Networks Systems of Fujian Province, Fuzhou University, Fuzhou 350108, China;
3. School of Electrical & Electronic Engineering, Nanyang Technological University, Singapore 639798, Singapore)
Abstract: Existing searchable encryption schemes have difficulties in key management for multiple users and could not
provide fine-grained access control mechanism. Aiming at solving these problems, a hidden keyword searchable encryp-
tion scheme with fine-grained access control was proposed utilizing CP-ABE (ciphertext-policy attribute based encryp-
tion) algorithm. Data owners allocate specific and flexible access policy on their data that is stored on a third-party data
server. Only those users that has attributes satisfing the access policy are authorized to search encrypted data and decrypt
returned results. Moreover, the suggested system has the function to add and revoke user. Security analysis shows that the
scheme could not only prevent the leakage of private data but also hide the information of keywords. It deters a
third-party storage provider from intercepting users’ sensitive information when a search function is provided. The effi-
ciency analysis shows that the efficiency of retrieval keeps no more than tens of microsecond and this scheme is suitable
for large scale system.
Key words: hidden keyword search; searchable encryption; fine-grained access control; add and revoke user
收稿日期:2013-06-10
基金项目:国家自然科学基金资助项目(60970119, 61100231, 61103175, 61173151);国家重点基础研究发展计划(“973”计划
基金资助项目(2007CB311201)
Foundation Items: The National Natural Science Foundation of China (60970119, 61100231, 61103175, 61173151)
Basic Research Program of China (973 Program) (2007CB311201)
doi:10.3969/j.issn.1000-436x.2013.z1.012