基于隐藏访问策略属性基的能源互联网数据保护

能源互联网中不同安全域中实体的通信数据包含敏感信息,基于密文策略属性基加密CPABE方案可实现细粒度的保护,但传统CP-ABE解密复杂度高,属性撤销需要对整个密文进行全部更新,以及访问策略易泄露隐私信息,导致其在能源互联网中应用受限。围绕着能源互联网云存储数据共享安全,设计基于隐藏访问策略的能源互联网数据保护方案,访问策略支持任意门限或者布尔表达式,将访问策略中的属性模糊化以实现策略的隐藏,引入解密代理将高复杂度的属性基解密过程的主要部分外包到服务端,减少了接收端的解密开销,在属性撤销过程中仅需要属性认证中心和解密代理参与,降低了属性撤销的难度。实验对比分析结果表明,本文方案的解密性能有较大的提升。

Energy internet data protection based on attribute based hidden access strategy

The communication data of the entities in different security domains in the energy internet contains sensitive information. The ciphertext-policy attribute based encryption (CP-ABE) scheme can achieve fine-grained protection. However, the traditional CP-ABE scheme is complicated to decrypt, and the revocation of attributes requires a complete update of the entire ciphertext. Besides, its access policy is prone to leaking private information, resulting in its limited application in the energy Internet. In order to solve the above problems, based on the data sharing security of the energy internet cloud storage, we propose an energy internet data protection scheme based on a hidden access strategy. The access strategy supports arbitrary thresholds or Boolean expressions, and the attributes in the access strategy are obscured to realize policy hiding. The scheme introduce the decryption agent to outsource the main part of the high-complexity attribute based decryption process to the server, thus reducing the decryption overhead of the receiving end. The attribute revocation process only requires the attribute authority and the decryption agent to participate, so the difficulty of the process is reduced. Analysis on comparative experiments shows that the decryption performance of this scheme is greatly improved.