云计算环境中支持隐私保护的数字版权保护方案_黄勤龙

20142JournalonCommunicationsFebruary2014352Vol.35No.21,2,31,2,31,2,31,21,21.1008762.1008763.1000864TP309A1000-436X(2014)02-0095-09Privacy-preservingdigitalrightsmanagementschemeincloudcomputingHUANGQin-long1,2,3,MAZhao-feng1,2,3,FUJing-yi1,2,3,YANGYi-xian1,2,NIUXin-xin1,2(1.InformationSecurityCenter,BeijingUniversityofPostsandTelecommunications,Beijing100876,China;2.NationalEngineeringLaboratoryforDisasterBackupandRecovery,BeijingUniversityofPostsandTelecommunications,Beijing100876,China;3.BeijingNationalSecurityScienceandTechnologyCoLtd,Beijing100086,China)Abstract:Inordertomeettheneedsofdigitalcontentanduserprivacyprotectionincloudcomputingenvironment,aprivacy-preservingdigitalrightsmanagement(DRM)schemeincloudcomputingwasproposed.Theframeworkofdigitalcontentcopyrightlifecycleprotectionanduserprivacyprotectionincloudcomputingwasfirstlydesigned,whichincludesfourprotocols:systemsetup,contentencryption,licenseacquisitionandcontentdecryption,andthenacontentencryptionkeyprotectionanddistributionmechanismbasedonattribute-basedencryptionandadditivelyhomomorphicencryptionwasproposed,whichensuresthesecurityofcontentencryptionkey.Inaddition,thepro-posedschemealsoallowstheuserstopurchasecontentandacquirelicenseanonymouslyfromcloudserviceprovider,whichprotectstheuserprivacyandpreventscloudserviceprovider,licenseserverandkeyserverinthecloudfromcollectingtheuser’ssensitiveinformation.ComparedwithexistingDRMschemesincloudcomputing,theproposedschemewhichnotonlyprotectsthedatasecurityanduserprivacy,butalsosupportsfine-grainedaccesscontrol,andsupportsonlineandsuper-distributionapplicationmodes,ismoreapplicableinthecopyrightprotectionforcloudcomputing.Keywords:digitalrightsmanagement;privacypreserving;attribute-basedencryption;homomorphicencryption;cloudcomputing2013-07-012013-09-20(60803157,90812001,61272519)FoundationItem:TheNationalNaturalScienceFoundationofChina(60803157,90812001,61272519)doi:10.3969/j.issn.1000-436x.2014.02.01396351[1]DRMdigitalrightsmanagement[2~5],31)42)3)2[6~15]1)JAFARI2011ACMDRM[6]JAFARIWANGSIMCS-DRM[7]SIMPETRLIC[8]SAMANTHULA[9]CORENA[10]2)WU[11][12]297MULLER[13]3)CONRADO[14]PERLMAN[15]PERLMANPETRLIC[16]33.1CP-ABEABESAHAIWATERS[17]ABEKP-ABECP-ABE2CP-ABECP-ABE41)ABE.Setup()PKMK2)ASK=ABE.KeyGen(AS,MK)ASMKASK3)CT=ABE.Encrypt(AP,M,PK)APPKMCT4)M=ABE.Decrypt(ASK,CT)ASAPASKCTM3.2[18]1978RIVEST2009GENTRY[19]2010DIJK[20]CASTELLUCCIA[21]11c=Enc(m,k,M)=m+k(modM)Mm[0,M−1],k[0,M−1]Dec(c,k,M)=c–k(modM)c1=Enc(m1,k1,M),c2=Enc(m2,k2,M),m1+m2[0,M−1]Dec(c1+c2,k1+k2,M)=m1+m241)2)98353)5CP-ABE111)2)3)4)5)6)DRMDRM422SP,US,KPK,MK/ASAPASKCIDPCD,ECDCMK,LK,AKCEKUKHKLICTEnc(),Dec()/Sig()2995.1A={a1,a2,a3,,an}PKMKASASKASK=ABE.KeyGen(AS,MK)5.2CEKCEKStep1lCMKLKAKCEKCEK=CMK+LK+AK[0,M−1]M2l+1Step2CEKPCDECDECD=Enc(CEK,PCD)Step3APCP-ABEAPCMKPKSLKPKKAKCPS:ABE.Enc(AP,CMK,PK)||Enc(PKS,LK)CPK:Enc(PKK,AK)5.3LICLIC22Step1UKCIDREXLAQLAQCIDREXUKPKSLAQ=Enc(PKS,CID||REX||UK)USP:CID||REX||LAQStep2LSQLSQLAQTLSQ=LAQ||TSPS:LSQ||Sig(SKSP,LSQ)Step3LSQLSQTSKSCIDREXUKCIDlHKSHKKHKS+HKK[0,M−1]HKKLICLICAPCMKHKSLKLATLIDSKSLAT=Enc(PKK,CID||HKK||LID||T)||Sig(SKS,CID||HKK||LID||T)LCC=ABE.Enc(AP,CMK,PK)||Enc(HKS,LK)||Enc(UK,HKS+HKK)||LAT||LID||REXSSP:LIC=LCC||Sig(SKS,LCC)Step4LICPKSLICLIC5.4LICLATAKAKLKAK3310035Step1LICLICLICLATAKUK:Enc(PKK,CID||HKK||LID||T)||Sig(SKS,CID||HKK||LID||T)Step2LATPKSLATSKKCIDHKKSKKAKHKKAKEnc(HKK,AK)KU:Enc(HKK,AK)Step3ASKLICCMKCMK=ABE.Dec(ASK,ABE.Enc(AP,CMK,PK))Step4UKLICHKS+HKKHKS+HKK=Dec(UK,Enc(UK,HKS+HKK))Step5(HKS+HKK)(LK+AK)LK+AK=Dec(HKS+HKK,Enc(HKS,LK)+Enc(HKK,AK))Step6CEKECDLICREXPCD=Dec(CMK+LK+AK,ECD)61)DRM2)CDN77.1HKS+HKK[0,M−1]LK+AK[0,M−1]MCASTELLUCCIA[21]Enc(HKS,LK)+Enc(HKK,AK)=Enc(HKS+HKK,LK+AK)(LK+AK)=Dec(HKS+HKK,Enc(HKS,LK)+Enc(HKK,AK))CEK=CMK+LK+AK7.21CEKCEKLICLICAPCMKHKSLKEnc(UK,HKS+HKK)LATLICLATEnc(HKK,AK)ASKCMKCEKAK2CMKAPCEKEnc(PKK,AK)AKCMKLKCEKLATHKK'Enc(PKK,CID||HKK'||T)||Sig(SKS',CID||HKK'||T)PKSSig(SKS',CID||HKK'||T)AK2101CEK3LSQ’||Sig(SKSP,LSQ’)LSQ’SKSLAQ||T’LAQT’T’7.31)UKLAT2)UKUKTLATHKKHKK7.41)Ubuntu12.10IntelCorei52.53GHz2GBcpabe[22]128bitAES2)48510M1s457.5CP-ABE3[6,7]10235[16][12,13]84,[1],,.[J].,2011,22(1):71-83.FENGDG,ZHANGM,ZHANGY,etal.Studyoncloudcomputingsecurity[J].JournalofSoftware,2011,22(1):71-83.[2],.[J].,2005,28(12):957-968.YUYY,TANGZ.Asurveyoftheresearchondigitalrightsmanage-ment[J].ChineseJournalofComputers,2005,28(12):957-968.[3],,.[J].,2008,29(10):153-164.MAZF,FANKF,CHENM,etal.Trusteddigitalrightsmanagementprotocolsupportingfortimeandspaceconstraint[J].JournalonCom-munications,2008,29(10):153-164.[4]ZHANGZY,PEIQQ,YANGL,etal.Establishingmulti-partytrustarchitectureforDRMbyusinggame-theoreticanalysisofsecuritypoli-cies[J].ChineseJournalofElectronics,2009,18(3):519-524.[5]QIUQ,TANGZ,LIF,etal.ApersonalDRMschemebasedonsocialtrust[J].ChineseJournalofElectronics,2012,21(4):719-724.[6]JAFARIM,SAFAVI-NAINIR,SHEPPARDNP.Arightsmanage-mentapproachtoprotectionofprivacyinacloudofelectronichealthrecords[A].Proceedingsofthe11thAnnualACMWorkshoponDigitalRightsManagement[C].Chicago,USA,2011.23-29.[7]WANGCK