计算机科学
加密
访问控制
客户端加密
计算机安全
钥匙(锁)
密码系统
计算机网络
动态加密
数据共享
基于属性的加密
云计算
密钥管理
公钥密码术
操作系统
医学
替代医学
病理
作者
Jinlu Liu,Jing Qin,Wenchao Wang,Minghua Lin,Huaxiong Wang
标识
DOI:10.1016/j.csi.2023.103800
摘要
Cloud computing has become the priority for users to store and share data due to its numerous tempting advantages. The “encryption-before-outsourcing” mechanism is necessary to protect data privacy against the semi-trusted cloud server. Key-Aggregate Cryptosystem (KAC) is a novel encryption paradigm for cloud data sharing. It enables users to decrypt multiple data encrypted with different keys using a constant size aggregate key. When selectively sharing data, the KAC effectively addresses the challenges of expensive key management in symmetric encryption (SE) and eliminates the need for multiple copies of ciphertexts in public key encryption (PKE). However, previous KAC schemes can only control what data users are allowed to receive by distributing aggregate keys, but not what data users can send. This limitation could potentially allow a malicious data owner to leak sensitive information by distributing aggregate keys to unauthorized users. Therefore, this paper aims to design the key-aggregate cryptosystem with bidirectional access control, which can control both what the user can receive and what the data owner can send. Inspired by access control encryption (ACE), we first propose a key-aggregate based access control encryption with user level (KA-ACE-UL) system that can control whether a sender can share his data with a receiver. Then, we investigate a finer-grained access control policy and propose a key-aggregate based access control encryption with user-data level (KA-ACE-UDL) system that can control the data classes a sender can share with a receiver. We instantiate the KA-ACE-UL and KA-ACE-UDL schemes based on Chu et al.’s KAC scheme. We prove our proposed schemes can achieve both secure data storage and controlled data sharing, ensuring security against unauthorized receivers and malicious senders. Finally, theoretical performance analysis and practical experiments show the efficiency of our proposed schemes.
科研通智能强力驱动
Strongly Powered by AbleSci AI