当前位置: X-MOL 学术Future Gener. Comput. Syst. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A partially hidden policy CP-ABE scheme against attribute values guessing attacks with online privacy-protective decryption testing in IoT assisted cloud computing
Future Generation Computer Systems ( IF 7.5 ) Pub Date : 2021-05-11 , DOI: 10.1016/j.future.2021.04.022
Zhishuo Zhang , Wei Zhang , Zhiguang Qin

In recent years, to address the security defect that the explicit attribute values in access policies may reveal the privacy, a new variant of ciphertext-policy attribute-based encryption(CP-ABE)——hidden policy CP-ABE (HP-CP-ABE) is proposed in some recent works. But there are two tremendous flaws in most existing HP-CP-ABE schemes. The one issue is that an attacker can launch the attribute values guessing attacks (AVGA) to detect the attribute values in access policies of many HP-CP-ABE schemes. And another issue is that, if the HP-CP-ABE schemes are using the “Linear Secret Sharing Schemes (LSSS)” as their access structures, as the rows of the LSSS matrix grows, the time complexity of the decryption testing algorithm will boost rapidly which will greatly aggravate the computing burden of the user. So in this paper, we propose a partially HP-CP-ABE (PHP-CP-ABE) scheme which can perfectly withstand the attribute values guessing attacks (AVGA). As our access structure is using the LSSS, to alleviate the computing burden of the user, we design a online privacy-protective decryption testing algorithm for the users to privately and securely outsource the decryption testing phase to the cloud server. Our online testing algorithm is privacy-protective which means during running the privacy-protective decryption testing algorithm, the cloud server has no chance to know anything about the attribute values in the access policy and the attribute values of the user. This will prevent the privacy from leaking out to the third party cloud server. Then we rigorously prove that our scheme is selectively indistinguishable secure under chosen plaintext attacks (IND-CPA). Next, by reduction to the computational q-PBDHE assumption which is firstly proposed in our paper, we prove that our HP-CP-ABE scheme is indistinguishable secure under the attribute values guessing attacks (IND-AVGA). Finally through the comparison with the state-of-art HP-CP-ABE schemes from the perspective of functionality and efficiency, it is easily to observe that our scheme has high-security and high-efficiency. In appendix, we give a straightaway analysis to some relevant works to point out the security vulnerabilities in their schemes.



中文翻译:

物联网辅助云计算中针对属性值猜测攻击的部分隐藏策略CP-ABE方案,通过在线隐私保护解密测试进行攻击

近年来,为了解决访问策略中显式属性值可能泄露隐私的安全缺陷,基于密文策略基于属性的加密(CP-ABE)的新变种​​-隐藏策略CP-ABE(HP-CP- ABE)是在最近的一些工作中提出的。但是,大多数现有的HP-CP-ABE方案都有两个巨大的缺陷。一个问题是,攻击者可以发起属性值猜测攻击(AVGA),以检测许多HP-CP-ABE方案的访问策略中的属性值。另一个问题是,如果HP-CP-ABE方案使用“线性秘密共享方案(LSSS)”作为它们的访问结构,则随着LSSS矩阵的行数的增加,解密测试算法的时间复杂度将会提高快速,这将大大加重用户的计算负担。所以在本文中,我们提出了部分HP-CP-ABE(PHP-CP-ABE)方案,该方案可以完美地抵抗属性值猜测攻击(AVGA)。由于我们的访问结构使用LSSS来减轻用户的计算负担,因此我们设计了一种在线隐私保护解密测试算法,供用户将解密测试阶段私下和安全地外包给云服务器。我们的在线测试算法具有保护隐私的功能,这意味着在运行保护隐私的解密测试算法期间,云服务器没有机会了解有关访问策略中的属性值和用户的属性值的任何信息。这将防止隐私泄露给第三方云服务器。然后,我们严格证明了在选择的纯文本攻击(IND-CPA)下,我们的方案是选择性地难以区分的安全性。下一个,通过简化本文首先提出的计算q-PBDHE假设,我们证明了在属性值猜测攻击(IND-AVGA)下,我们的HP-CP-ABE方案是无法区分的安全性。最后,从功能和效率的角度与最先进的HP-CP-ABE方案进行比较,很容易看出我们的方案具有高安全性和高效率。在附录中,我们对一些相关工作进行了直接分析,以指出其方案中的安全漏洞。最后,从功能和效率的角度与最先进的HP-CP-ABE方案进行比较,很容易看出我们的方案具有高安全性和高效率。在附录中,我们对一些相关工作进行了直接分析,以指出其方案中的安全漏洞。最后,从功能和效率的角度与最先进的HP-CP-ABE方案进行比较,很容易看出我们的方案具有高安全性和高效率。在附录中,我们对一些相关工作进行了直接分析,以指出其方案中的安全漏洞。

更新日期:2021-05-18
down
wechat
bug