一种改进条件广播代理重加密的数据共享方案

doi:10.19665/j.issn1001-2400.20230410

摘要/Abstract

摘要：

传统的条件广播代理重加密数据共享方式过度依赖不可信第三方代理商,存在效率低、数据安全和隐私泄露等问题。针对以上问题,提出了一种将条件广播代理重加密与区块链共识机制相结合的信息安全保障方案。首先,为解决单个代理商的单点故障以及合谋攻击问题,所提方案使用区块链节点轮流担任代理商节点,同时利用融合信誉机制的委托权益证明共识算法筛选出高信誉度的代理商节点参与重加密过程,大大降低了单点故障和合谋攻击的风险。其次,针对代理商节点对重加密密钥使用的高权限问题,引入门限密钥思想,将重加密密钥分割为多个片段,这些片段分布于不同的代理商节点上。通过这种方式,任何单个代理商节点都无法单独完成数据的解密,从而有效提高了重加密过程的安全性。最后,通过对方案的安全性、正确性和可信度进行分析,表明提出的方案能有效解决传统方案中的安全隐患。仿真实验结果证明,与现有数据共享方案相比,所提方案在保障数据安全方面具有明显优势,同时计算成本较低。

关键词: 条件广播代理重加密, 门限密钥, 区块链, 共识机制

Abstract:

Traditional conditional broadcast proxy re-encryption data sharing approaches over-rely on untrustworthy third-party proxy servers,which leads to issues of a low efficiency,data security and privacy leaks.To address the above problems,this paper proposes an information security protection scheme that combines conditional broadcast proxy re-encryption with blockchain consensus mechanisms.First,to solve the single point of failure and collusion attacks of individual proxy servers,this scheme uses blockchain nodes to take turns to act as proxy servers.At the same time,it selects high-credibility proxy servers to participate in re-encryption through the Delegated Proof of Stake(DPoS) consensus algorithm that integrates credibility mechanisms,greatly reducing the risks of the single point of failure and collusion attacks.Second,to address the high permission issue of proxy servers using re-encryption keys,this paper introduces the threshold cryptosystem concept and splits the re-encryption key into multiple fragments distributed across different proxy servers.In this way,any single proxy server is unable to decrypt data independently,thus effectively improving the security of the re-encryption process.Finally,through the analysis of the security,correctness and credibility of the scheme,it is demonstrated that this scheme can effectively solve security vulnerabilities in traditional schemes.Related simulation experimental results also prove that compared with existing data sharing schemes,this scheme has significant advantages in ensuring data security while having lower computational costs.

Key words: conditional broadcast proxy re-encryption, threshold key, blockchain, consensus mechanism

中图分类号:

TP309

翟社平, 陆娴婧, 霍媛媛, 杨锐. 一种改进条件广播代理重加密的数据共享方案[J]. 西安电子科技大学学报, 2024, 51(2): 224-238.

ZHAI Sheping, LU Xianjing, HUO Yuanyuan, YANG Rui. Improved data sharing scheme based on conditional broadcast proxy re-encryptionn[J]. Journal of Xidian University, 2024, 51(2): 224-238.

图/表 8

图1

图2

表1

图3

图4

图5

图6

图7

参考文献 25

[1]	沈剑, 周天祺, 曹珍富. 云数据安全保护方法综述[J]. 计算机研究与发展, 2021, 58(10):2079-2098.
	SHEN Jian, ZHOU Tianqi, CAO Zhenfu. Overview of Cloud Data Security Protection Methods[J]. Journal of Computer Research and Development, 2021, 58(10):2079-2098.
[2]	DONG H D, KANG L, LIN P J, et al. Privacy Protection for Blockchains with Account and Multi-Asset Model[J]. China Communications, 2019, 16(6):69-79.
[3]	LIU J, JIANG W, SUN R, et al. Conditional Anonymous Remote Healthcare Data Sharing over Blockchain[J]. IEEE Journal of Biomedical and Health Informatics, 2023, 27(5):2231-2242.
[4]	BLAZE M, BLEUMER G, STRAUSS M. Divertible Protocols and Atomic Proxy Cryptography[C]//International Conference on the Theory and Application of Cryptographic Techniques. Berlin:Springer,1998:127-144.
[5]	SHAO J, CAO Z. CCA-Secure Proxy Re-Encryption without Pairings[C]//International Conference on Public Key Cryptography. Berlin:Springer,2009:357-376.
[6]	LUO S, SHEN Q N, CHEN Z. Fully Secure Unidirectional Identity-Based Proxy Re-Encryption[C]//International Conference on Information Security and Cryptology. Berlin:Springer,2012:109-126.
[7]	LIANG K, LIU J K, WONG D S, et al. An Efficient Cloud-Based Revocable Identity-Based Proxy Re-Encryption Scheme for Public Clouds Data Sharing[C]//European Symposium on Research in Computer Security. Berlin:Springer,2014:257-272.
[8]	RAWAL B S. Proxy Re-Encryption Architect for Storing and Sharing of Cloud Contents[J]. International Journal of Parallel,Emergent and Distributed Systems, 2020, 35(3):219-235.
[9]	QIAN X, YANG Z, WANG S H, et al. A No-Pairing Proxy Re-Encryption Scheme for Data Sharing in Untrusted Cloud[C]//International Conference on Artificial Intelligence and Security. Berlin:Springer,2019:85-96.
[10]	CHU C K, WENG J, CHOW S S, et al. Conditional Proxy Broadcast Re-Encryption[C]//Australasian Conference on Information Security and Privacy. Berlin:Springer,2009:327-342.
[11]	XU P, JIAO T, WU Q, et al. Conditional Identity-Based Broadcast Proxy Re-Encryption and Its Application to Cloud Email[J]. IEEE Transactions on Computers, 2016, 65(1):66-79.
[12]	LIU Y, REN Y, GE C, et al. A CCA-Secure Multi-Conditional Proxy Broadcast Re-Encryption Scheme for Cloud Storage System[J]. Journal of Information Security and Applications, 2019,47:125-131.
[13]	CHEN Z, CHEN J, MENG W. A New Dynamic Conditional Proxy Broadcast Re-Encryption Scheme for Cloud Storage and Sharing[C]//2020 IEEE Intl Conf on Dependable,Autonomic and Secure Computing,Intl Conf on Pervasive Intelligence and Computing,Intl Conf on Cloud and Big Data Computing,Intl Conf on Cyber Science and Technology Congress. Piscataway:IEEE, 2020: 569-576.
[14]	李兆斌, 赵洪, 魏占祯. 无双线性对的门限条件匿名代理重加密方案[J]. 电子与信息学报, 2021, 43(11):3350-3358.
	LI Zhaobin, ZHAO Hong, WEI Zhanzhen. Threshold-Based Pairing-Free Conditional Anonymous Proxy Re-Encryption Scheme[J]. Journal of Electronics & Information Technology, 2021, 43(11):3350-3358.
[15]	李兆斌, 张璐, 赵洪, 等. 基于无证书的门限条件代理重加密方案[J]. 北京邮电大学学报, 2023, 46(1):44-49.
	LI Zhaobin, ZHANG Lu, ZHAO Hong, et al. Certificateless Threshold-Based Conditional Proxy Re-Encryption Scheme[J]. Journal of Beijing University of Posts and Telecommunications, 2023, 46(1):44-49.
[16]	WU L Q, HAN Y L, YANG X Y, et al. Identity-Based Threshold Proxy Re-Encryption Scheme from Lattices and Its Applications[J]. Frontiers of Information Technology & Electronic Engineering, 2022, 23(2):258-278.
[17]	杨亚涛, 蔡居良, 张筱薇, 等. 基于SM9算法可证明安全的区块链隐私保护方案[J]. 软件学报, 2019, 30(6):1692-1704.
	YANG Yatao, CAI Juliang, ZHANG Xiaowei, et al. Proven Secure Blockchain Privacy Protection Scheme Based on SM9 Algorithm[J]. Journal of Software, 2019, 30(6):1692-1704.
[18]	曾辉祥, 习宁, 谢晴晴, 等. 抗属性篡改的去中心化密文数据安全共享[J]. 西安电子科技大学学报, 2022, 49(2):135-145.
	ZENG Huixiang, XI Ning, XIE Qingqing, et al. Decentralized Ciphertext Sharing Based on Blockchain[J]. Journal of Xidian University, 2022, 49(2):135-145.
[19]	李雪莲, 张夏川, 高军涛, 等. 支持属性和代理重加密的区块链数据共享方案[J]. 西安电子科技大学学报, 2022, 49(1):1-16.
	LI Xuelian, ZHANG Xiachuan, GAO Juntao, et al. A Blockchain Data Sharing Scheme That Supports Attribute and Proxy Re-Encryption[J]. Journal of Xidian University, 2022, 49(1):1-16.
[20]	翟社平, 汪一景, 陈思吉. 区块链技术在电子病历共享的应用研究[J]. 西安电子科技大学学报, 2020, 47(5):103-112.
	ZHAI Sheping, Wang Yijing, CHEN Siji. Research on the Application of Blockchain Technology in the Sharing of Electronic Medical Records[J]. Journal of Xidian University, 2020, 47(5):103-112.
[21]	杨小东, 席婉婷, 王嘉琪, 等. 基于签密和区块链的车联网电子证据共享方案[J]. 通信学报, 2021, 42(12):236-246. doi: 10.11959/j.issn.1000-436x.2021237
	YANG Xiaodong, XI Wanting, WANG Jiaqi, et al. Electronic Evidence Sharing Scheme of Internet of Vehicles Based on Signcryption and Blockchain[J]. Journal on Communications, 2021, 42(12):236-246. doi: 10.11959/j.issn.1000-436x.2021237
[22]	LI Q, ZHOU Y. Research and Application Based on A.Shamir’s(t,n) Threshold Secret Sharing Scheme[C]//7th International Conference on Computer Science and Education. Piscataway:IEEE,2012:671-674.
[23]	付瑶瑶, 李盛恩. 授权股份证明共识机制的改进方案[J]. 计算机工程与应用, 2020, 56(19):48-54. doi: 10.3778/j.issn.1002-8331.1906-0312
	FU Yaoyao, LI Sheng'en. Improved Scheme of Delegated Proof of Stake Consensus Mechanism[J]. Computer Engineering and Applications, 2020, 56(19):48-54. doi: 10.3778/j.issn.1002-8331.1906-0312
[24]	XIANG L, QIN Y, SHI P, et al. Transfer Mechanism of Data Decryption Authority in Joint Cloud Computing[C]//2021 IEEE International Conference on Joint Cloud Computing(JCC). Piscataway:IEEE, 2021: 38-43.
[25]	REN Y, LIU Y, QIAN C. A Fine-Grained Conditional Proxy Broadcast Re-Encryption Policy for File Sharing System[C]//12th EAI International Conference on Mobile Multimedia Communications. Gent:EAI,2019:1-13.

模型	去中心化	多代理节点	重加密密钥分割	一对多场景	可追溯	数据机密性
文献[12]	×	×	×	√	√	√
文献[13]	×	×	×	√	√	√
文献[14]	×	√	√	×	√	√
文献[19]	√	×	×	×	√	√
文献[24]	×	√	√	×	√	√
文献[25]	√	×	×	√	×	√
文中方案	√	√	√	√	√	√