CN110446108B - A media cloud system and video encryption and decryption method - Google Patents

Abstract

Translated fromChinese

本发明提供了一种媒体云系统及视频加密、解密方法，涉及媒体云领域。该视频加密方法包括：获取待加密的视频，所述视频经过压缩编码处理，所述视频的格式为包含多个元素的集合；基于所述视频，构建访问结构，所述访问结构为包含虚拟节点的复合树；生成系统公开密钥和系统管理密钥；获取所述视频中的网络适配层单元数据，结合所述系统公开密钥和访问结构，对所述视频进行加密，生成密文。

The invention provides a media cloud system and a video encryption and decryption method, and relates to the field of media cloud. The video encryption method includes: acquiring a video to be encrypted, the video is subjected to compression and encoding processing, and the format of the video is a set including a plurality of elements; based on the video, constructing an access structure, the access structure includes virtual nodes generate a system public key and a system management key; obtain network adaptation layer unit data in the video, encrypt the video in combination with the system public key and access structure, and generate ciphertext.

Description

Translated fromChinese

一种媒体云系统及视频加密、解密方法A media cloud system and video encryption and decryption method

技术领域technical field

本发明涉及媒体云领域，尤其是涉及一种媒体云系统及视频加密、解密方法。The invention relates to the field of media cloud, in particular to a media cloud system and a video encryption and decryption method.

背景技术Background technique

大数据时代的到来对数据存储、传输、管理、使用等各方面都带来了巨大的挑战。云计算作为一种新型的服务模式，整合网络、服务器、存储、应用软件、服务等海量计算资源，形成可配置的资源共享池，用户通过网络可以方便、快捷的访问、获取近乎“无尽”的计算能力，而不需要大量的前期投入。由于这种特性，云计算也成为了处理大数据时代的诸多问题的必然选择。The advent of the era of big data has brought huge challenges to data storage, transmission, management, and use. As a new type of service model, cloud computing integrates massive computing resources such as networks, servers, storage, application software, and services to form a configurable resource sharing pool. computing power without requiring a large up-front investment. Due to this characteristic, cloud computing has also become an inevitable choice for dealing with many problems in the era of big data.

多媒体数据(视频、声音、图片等)作为大数据的重要来源，构建“媒体云”(mediacloud)也成了媒体行业的重要解决方案之一。“媒体云”可以向用户提供存储、处理、分发多媒体文件的服务，并且提供QoS(Quality of Service)保证。Multimedia data (video, sound, picture, etc.) is an important source of big data, and the construction of "media cloud" has also become one of the important solutions in the media industry. "Media Cloud" can provide users with services for storing, processing and distributing multimedia files, and provides QoS (Quality of Service) guarantees.

当前媒体云主要专注于视频服务面临的业务挑战，盗流和盗链是最常见的两种安全威胁。视频盗流是指不法分子非法下载未经授权的视频内容，并在自己的网页或APP应用上进行分发。视频盗链是指集体或个人不经过合法运营商同意，自行构建网页或APP应用程序，使最终用户不经过合法运营商而是盗链者的指定页面或APP应用程序访问到合法运营商的视频资源。视频盗流和盗链会损害合法运营商的利益(广告收益、版权购买花销、宣传价值、带宽开销等)。The current media cloud mainly focuses on the business challenges faced by video services, and the two most common security threats are theft and theft. Video piracy refers to criminals illegally downloading unauthorized video content and distributing it on their own web pages or APPs. Video hotlinking refers to the collective or individual building a web page or APP application without the consent of the legal operator, so that the end user does not go through the legal operator but the designated page or APP application of the hotlinker to access the video of the legal operator. resource. Video piracy and hotlinking can harm the interests of legitimate operators (advertising revenue, copyright purchase costs, publicity value, bandwidth costs, etc.).

发明内容SUMMARY OF THE INVENTION

有鉴于此，本发明提供了一种媒体云系统及视频加密、解密方法，以解决现有技术中存在的从媒体云中盗流和盗链的技术问题。In view of this, the present invention provides a media cloud system and a video encryption and decryption method, so as to solve the technical problems of stealing streams and links from the media cloud existing in the prior art.

本发明实施例第一方面提供了一种视频加密方法，包括：A first aspect of the embodiments of the present invention provides a video encryption method, including:

获取待加密的视频，所述视频经过压缩编码处理，所述视频的格式为包含多个元素的集合；Obtain the video to be encrypted, the video is subjected to compression and encoding processing, and the format of the video is a set containing multiple elements;

基于所述视频，构建访问结构，所述访问结构为包含虚拟节点的复合树；Based on the video, construct an access structure, the access structure is a compound tree comprising virtual nodes;

生成系统公开密钥和系统管理密钥；Generate system public key and system management key;

获取所述视频中的网络适配层单元数据，结合所述系统公开密钥和访问结构，对所述视频进行加密，生成密文。Obtain the network adaptation layer unit data in the video, encrypt the video in combination with the system public key and the access structure, and generate a ciphertext.

优选的，获取待加密的视频包括：Preferably, obtaining the video to be encrypted includes:

获取待加密的视频，判断所述视频为公开视频或私有视频。Obtain the video to be encrypted, and determine whether the video is a public video or a private video.

优选的，获取待加密的视频之后，还包括：Preferably, after acquiring the video to be encrypted, the method further includes:

若判断到所述视频为公开视频，获取所述视频的包含视频压缩内容的网络适配层单元加密；If it is determined that the video is a public video, obtain the network adaptation layer unit encryption of the video including the video compression content;

若判断到所述视频为私有视频，获取所述视频的包含视频全局信息的网络适配层单元加密。If it is determined that the video is a private video, the network adaptation layer unit encryption of the video containing the global information of the video is obtained.

优选的，所述生成系统公开密钥和系统管理密钥包括：Preferably, the generating the system public key and the system management key includes:

获取双线性群；get bilinear group;

建立所述双线性群的双线性映射函数；establishing a bilinear mapping function of the bilinear group;

获取第一随机数和第二随机数，其中，所述第一随机数和第二随机数均为小于所述双线性群的阶数的正整数集；obtaining a first random number and a second random number, wherein the first random number and the second random number are both sets of positive integers smaller than the order of the bilinear group;

基于所述双线性群、所述双线性映射函数、所述第一随机数和第二随机数，生成所述系统公开密钥和所述系统管理密钥。The system public key and the system management key are generated based on the bilinear group, the bilinear mapping function, the first random number and the second random number.

优选的，获取所述视频中的网络适配层单元数据，结合所述系统公开密钥和访问结构，生成密文包括：Preferably, acquiring the network adaptation layer unit data in the video, and combining the system public key and the access structure, generating the ciphertext includes:

遍历访问结构，基于其中的虚拟结点，划分访问结构，建立独立访问树，独立访问树包括主干-分支层次化结构树和基础树，其中主干-分支层次化结构树以虚拟结点为根节点；Traverse the access structure, divide the access structure based on the virtual nodes in it, and establish an independent access tree. The independent access tree includes a trunk-branch hierarchical structure tree and a basic tree, and the trunk-branch hierarchical structure tree takes the virtual node as the root node. ;

对于每一颗独立访问树中的每一个结点，构建多项式，其中多项式的最高次数为结点的门限值减一，多项式的常数项与结点的父结点及结点所在子结点位置有关；For each node in each independent access tree, construct a polynomial, where the highest degree of the polynomial is the threshold value of the node minus one, and the constant term of the polynomial is related to the parent node of the node and the child node where the node is located. location-related;

获取第三随机数、第四随机数、第五随机数和第六随机数，所述第三随机数、所述第四随机数均为小于所述双线性群的阶数的正整数集；Obtain a third random number, a fourth random number, a fifth random number, and a sixth random number, where the third random number and the fourth random number are all sets of positive integers smaller than the order of the bilinear group ;

基于所述第三随机数和所述第四随机数，确定与所述视频的各元素一一对应的密钥；Based on the third random number and the fourth random number, determine a key corresponding to each element of the video one-to-one;

基于所述第五随机数，确定各基础树的根结点对应的多项式的常数项，基于所述第六随机数，确定各主干-分支层次化结构树的根结点对应的多项式的常数项；Based on the fifth random number, the constant term of the polynomial corresponding to the root node of each basic tree is determined, and based on the sixth random number, the constant term of the polynomial corresponding to the root node of each trunk-branch hierarchical structure tree is determined ;

基于各结点对应的多项式，向所述访问结构的各叶子节点分发所述第五随机数和所述第六随机数的秘密分享碎片；Based on the polynomial corresponding to each node, distribute the secret sharing fragments of the fifth random number and the sixth random number to each leaf node of the access structure;

基于秘密分享碎片，获取所述访问结构的各叶子结点的对应属性；Obtain the corresponding attributes of each leaf node of the access structure based on the secret sharing fragment;

对主干-分支层次化结构树的主干上的各结点，取对应多项式的输入值为0时的直，作为秘密碎片；For each node on the trunk of the trunk-branch hierarchical structure tree, take the straight when the input value of the corresponding polynomial is 0, as the secret fragment;

基于所述第一随机数、所述第二随机数、所述第三随机数、所述第四随机数、所述第五随机数、所述第六随机数，以及与所述视频的各元素一一对应的密钥、秘密分享碎片、所述访问结构的各叶子结点的对应属性，结合所述系统公开密钥，生成密文。Based on the first random number, the second random number, the third random number, the fourth random number, the fifth random number, the sixth random number, and the respective The ciphertext is generated based on the one-to-one corresponding key of the elements, the secret sharing fragment, the corresponding attribute of each leaf node of the access structure, and the public key of the system.

本文提出了一种适宜于媒体云的属性加密方法。该方法基于eM-CP-ABE算法实现，其中引入虚拟结点概念，构造高表达效率的复合树以及密钥链等算法组件。在此基础上实现海量视频分片级别的访问控制，支持设置海量的属性、授权中心的层次化扩展、用户撤销，通过设计效率的访问树降低算法复杂度，单个的访问树可以加密单个文件，同时也可以对应多个文件，实现多文件、多层级的访问控制描述。This paper proposes an attribute encryption method suitable for media cloud. The method is implemented based on the eM-CP-ABE algorithm, in which the concept of virtual nodes is introduced to construct a composite tree with high expression efficiency and algorithm components such as key chains. On this basis, access control at the level of massive video slices is realized, and it supports the setting of massive attributes, hierarchical expansion of authorization centers, and user revocation. The complexity of the algorithm is reduced by designing an efficient access tree. A single access tree can encrypt a single file. At the same time, it can also correspond to multiple files to realize multi-file and multi-level access control description.

本发明实施例第二方面提供了一种视频解密方法，包括：A second aspect of the embodiments of the present invention provides a video decryption method, including:

获取视频消费者用户提供的属性集合；Get the attribute collection provided by the video consumer user;

依据所述属性集合，结合系统管理密钥，生成所述视频消费者用户需要的私有密钥；According to the attribute set, in combination with the system management key, the private key required by the video consumer user is generated;

基于所述私有密钥，对视频进行解密处理。Based on the private key, the video is decrypted.

优选的，依据所述属性集合，结合系统管理密钥，生成所述视频消费者用户需要的私有密钥包括：Preferably, according to the attribute set, in combination with the system management key, generating the private key required by the video consumer user includes:

获取第七随机数；Get the seventh random number;

根据所述属性集合中的每一个参数，获取随机数集合；Obtain a random number set according to each parameter in the attribute set;

基于所述随机数和第二随机数、所述第七随机数和随机数集合，以及所述系统管理密钥，生成所述视频消费者用户需要的私有密钥。Based on the random number and the second random number, the seventh random number and the set of random numbers, and the system management key, a private key required by the video consumer user is generated.

优选的，基于所述私有密钥，对视频进行解密处理包括：Preferably, based on the private key, decrypting the video includes:

当判断到所述属性集合满足访问结构时，确定所述访问结构中与所述私有密钥对应的访问结点；When judging that the attribute set satisfies the access structure, determine the access node corresponding to the private key in the access structure;

当所述访问结点位于所述访问结构的基础树中，通过递归处理，获得所述基础树的根结点对应的密钥，基于所述根结点对应的密钥进行解密处理；When the access node is located in the base tree of the access structure, through recursive processing, the key corresponding to the root node of the base tree is obtained, and decryption processing is performed based on the key corresponding to the root node;

当所述访问结点位于所述访问结构的主干-分支层次化结构树中，通过递归处理，获得主干-分支层次化结构树的根结点对应的密钥，根据主干-分支层次化结构树上各结点的关系，获得主干-分支层次化结构树的密钥链，确定所述访问结点的密钥，基于所述访问结点的密钥进行解密处理。When the access node is located in the trunk-branch hierarchical structure tree of the access structure, through recursive processing, the key corresponding to the root node of the trunk-branch hierarchical structure tree is obtained. According to the trunk-branch hierarchical structure tree The relationship between the above nodes is obtained, the key chain of the trunk-branch hierarchical structure tree is obtained, the key of the access node is determined, and the decryption process is performed based on the key of the access node.

本发明实施例第三方面提供了一种媒体云系统，包括：A third aspect of the embodiments of the present invention provides a media cloud system, including:

边缘分发服务器，用于存储经过加密的视频；Edge distribution server for storing encrypted video;

索引管理服务器，用于存储视频信息和密钥。Index management server for storing video information and keys.

优选的，所述索引管理服务器中存储的内容依托于视频切片的随机存储、重组以及索引的动态生成。Preferably, the content stored in the index management server relies on random storage and reorganization of video slices and dynamic generation of indexes.

本发明的其他特征和优点将在随后的说明书中阐述，并且，部分地从说明书中变得显而易见，或者通过实施本发明而了解。本发明的目的和其他优点在说明书、权利要求书以及附图中所特别指出的结构来实现和获得。Other features and advantages of the present invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the description, claims and drawings.

为使本发明的上述目的、特征和优点能更明显易懂，下文特举较佳实施例，并配合所附附图，作详细说明如下。In order to make the above-mentioned objects, features and advantages of the present invention more obvious and easy to understand, preferred embodiments are given below, and are described in detail as follows in conjunction with the accompanying drawings.

附图说明Description of drawings

为了更清楚的说明本发明实施例中的技术方案，下面将对实施例描述中所需要的附图做简单的介绍：In order to illustrate the technical solutions in the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings required in the description of the embodiments:

图1为本发明实施例提供的简单的复合树的结构示意图；1 is a schematic structural diagram of a simple compound tree provided by an embodiment of the present invention;

图2为本发明实施例提供的复合树的基本单元的结构示意图；2 is a schematic structural diagram of a basic unit of a compound tree provided by an embodiment of the present invention;

图3为本发明实施例提供的复合树单元分解出的两个独立控制树的结构示意图；3 is a schematic structural diagram of two independent control trees decomposed from a composite tree unit provided in an embodiment of the present invention;

图4为本发明实施例提供的层次化属性授权群的结构示意图；4 is a schematic structural diagram of a hierarchical attribute authorization group provided by an embodiment of the present invention;

图5为本发明实施例提供的1-n复合树结构示意图；5 is a schematic diagram of a 1-n composite tree structure provided by an embodiment of the present invention;

图6为本发明实施例提供的视频加密方法的结构示意图；6 is a schematic structural diagram of a video encryption method provided by an embodiment of the present invention;

图7为本发明实施例提供的视频解密方法的结构示意图。FIG. 7 is a schematic structural diagram of a video decryption method provided by an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚，下面将结合附图对本发明的技术方案进行清楚、完整地描述，显然，所描述的实施例是本发明一部分实施例，而不是全部的实施例。基于本发明中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本发明保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are part of the embodiments of the present invention, but not all of them. example. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

依托媒体云提供的强大资源，视频运营商可以很便捷的向用户提供QoS保证的高质量视频服务。然而借助媒体云实现视频高效管理、分发同时也面临着严峻的安全挑战。这些挑战主要来自两个方面：1)视频本身具有高价值的属性，传统的视频运营商都面临着盗流、盗链等侵权问题，个人视频、监控视频、视频会议等面临着个人隐私、商业隐私等的保护问题；2)云计算带来的安全风险，数据的云端化，导致本地物理防护失效，对数据的完整性、机密性，以及访问的可控性带来新的安全威胁。Relying on the powerful resources provided by the media cloud, video operators can easily provide users with high-quality video services with guaranteed QoS. However, using the media cloud to achieve efficient video management and distribution also faces severe security challenges. These challenges mainly come from two aspects: 1) Video itself has high-value attributes. Traditional video operators are faced with infringement problems such as stolen streaming and hotlinking. Personal videos, surveillance videos, and video conferences are faced with personal privacy and business privacy. 2) The security risks brought by cloud computing and the cloudification of data lead to the failure of local physical protection, and bring new security threats to the integrity, confidentiality, and access controllability of data.

视频盗流是指不法分子非法下载未经授权的视频内容，并在自己的网页或APP应用上进行分发。视频盗链是指集体或个人不经过合法运营商同意，自行构建网页或APP应用程序，使最终用户不经过合法运营商而是盗链者的指定页面或APP应用程序访问到合法运营商的视频资源。视频盗流和盗链会损害合法运营商的利益(广告收益、版权购买花销、宣传价值、带宽开销等)。Video piracy refers to criminals illegally downloading unauthorized video content and distributing it on their own web pages or APPs. Video hotlinking refers to the collective or individual building a web page or APP application without the consent of the legal operator, so that the end user does not go through the legal operator but the designated page or APP application of the hotlinker to access the video of the legal operator. resource. Video piracy and hotlinking can harm the interests of legitimate operators (advertising revenue, copyright purchase costs, publicity value, bandwidth costs, etc.).

身份认证、访问控制、内容保护、业务虚拟化、数据加密、入侵检测、密钥管理等是构建一个安全系统的基础安全能力。最终达到安全目标则需要构建多层次、有纵深的信息安全保护方案。本发明实施例结合云计算安全需求和视频业务服务特点，自底而上将媒体云安全防护分为三个部分。Identity authentication, access control, content protection, business virtualization, data encryption, intrusion detection, key management, etc. are the basic security capabilities for building a security system. Ultimately, to achieve the security goal, it is necessary to build a multi-level and in-depth information security protection scheme. The embodiment of the present invention divides the media cloud security protection into three parts from the bottom up in combination with cloud computing security requirements and video service service characteristics.

首先是系统安全，部署实现漏洞扫描、入侵检测、运维审计、主机安全、身份认证、访问控制、内外隔离、安全通信等系统防护措施，系统层面的安全防护可以与第三方远程云服务(公有云服务、云安全策略)对接，形成完整的系统防护体系。The first is system security. Deploy and implement system protection measures such as vulnerability scanning, intrusion detection, operation and maintenance audit, host security, identity authentication, access control, internal and external isolation, and secure communication. System-level security protection can be integrated with third-party remote cloud services (public Cloud services, cloud security policies) are connected to form a complete system protection system.

其次为内容安全保护提供两个等级的安全防护，通过视频切片加密实现高等级的安全防护，切片后的视频切片随机的存储在众多的存储网关内，只能通过获取动态索引，实现切片的统一操作为低等级的安全防护。Secondly, two levels of security protection are provided for content security protection. High-level security protection is achieved through video slice encryption. The sliced video slices are randomly stored in numerous storage gateways, and the unification of slices can only be achieved by obtaining dynamic indexes. The operation is a low level of safety protection.

最后，业务安全防护，本发明设计了一种基于ABAC的安全访问控制协议(Sec_ABAC协议)，协议具有细粒度、高可扩展性，能够很好的满足业务模式和访问控制手段的扩展需求，支持高灵活度、高弹性、高可扩展性的业务和内容访问控制方式，同时能够适配终端的处理能力。Finally, for business security protection, the present invention designs an ABAC-based security access control protocol (Sec_ABAC protocol). A highly flexible, highly elastic, and highly scalable business and content access control method, and can adapt to the processing capability of the terminal.

本发明实施例基于媒体云提供服务过程中面临的安全威胁，采用“分区分域”的设计思想，构建了“云-边-端”的媒体云服务层次架构，确定信息域和网络物理边界，区分网络中数据面临的安全问题，形成纵深访问体系，第一次提出构建“以保护多媒体内容安全、业务管控为核心”的媒体云安全框架。框架包含三层的媒体云安全边界，通过边界划分、系统安防来保证系统层面安全；框架支持随机存储视频片段，动态生成索引以及可选择的视频加密，向视频内容提供两个层级的内容安全保护，以保证视频数据在媒体云中存储的机密性、完整性。Based on the security threats faced by the media cloud in the process of providing services, the embodiment of the present invention adopts the design idea of "division and domain", constructs a "cloud-edge-end" media cloud service hierarchy, and determines the information domain and network physical boundary, Distinguish the security problems faced by data in the network, form an in-depth access system, and for the first time propose to build a media cloud security framework "centered on the protection of multimedia content security and business management and control". The framework includes a three-layer media cloud security boundary, which ensures system-level security through boundary division and system security; the framework supports random storage of video clips, dynamic index generation and optional video encryption, providing two levels of content security protection for video content , to ensure the confidentiality and integrity of video data stored in the media cloud.

本框架提出了两个层级的视频存储安全策略，包括高层级的内容安全策略和低层级的内容安全策略，即分别为边缘分发服务器和索引管理服务器。This framework proposes two levels of video storage security policies, including high-level content security policies and low-level content security policies, namely edge distribution servers and index management servers, respectively.

其中，就高层级的内容安全策略而言，基于加密的内容存储安全策略可以分为视频分片加密和视频索引加密两个层级。Among them, in terms of high-level content security policies, encryption-based content storage security policies can be divided into two levels: video fragmentation encryption and video index encryption.

而低层级的内容安全策略依托于视频切片的随机存储、重组以及索引的动态生成。假设一个大小为Size_V＝1.42G的视频V，码率为f＝2500kb/s，其时长T计算如下：The low-level content security strategy relies on the random storage, reorganization and dynamic generation of indexes of video slices. Assuming a size_V = 1.42G video V, the code rate is f = 2500kb/s, its duration T is calculated as follows:

若按T_slice＝10s大小进行视频切片，则可得切片个数N_V＝T/T_slice＝486。假设将486个视频分片随机的存储在N_serv＝10个边缘服务器上，则在索引未知的前提下能够完全获得视频分片并且重组成功的概率为：If video slices are performed according to the size of T_slice =10s, the number of slices N_V =T/T_slice =486 can be obtained. Assuming that 486 video fragments are randomly stored on N_serv = 10 edge servers, the probability that the video fragments can be completely obtained and the reorganization is successful under the premise of unknown indexes is:

当存在更多边缘分发服务器，且边缘分发服务器中存在多个视频的视频分片时，索引未知前提下能够获得完整视频的可能性将更低。因此，获取视频索引是得到完整视频的唯一方式，而获取视频索引的安全锚点在协议的安全性上。When there are more edge distribution servers and there are video segments of multiple videos in the edge distribution servers, the possibility of obtaining a complete video under the premise of unknown index will be lower. Therefore, obtaining the video index is the only way to obtain the complete video, and the security anchor of obtaining the video index is the security of the protocol.

本发明实施例将那些意在吸引更多的观众观看，以获得利益为目的生产的视频成为公开视频。例如传统内容生产商制作的节目、UGC、短视频等等。In the embodiment of the present invention, the videos produced for the purpose of attracting more viewers to watch and to obtain profits become public videos. For example, programs produced by traditional content producers, UGC, short videos, etc.

公开视频具有较高的经济价值，合理的版权保护措施能够最大限度的保护视频生产方、运营方的权益。公开视频的目的是为了吸引更多的观众观看，因此公开视频的加密具有相对特殊的要求：1)加密视频只是降低了视频的质量，但是仍然保留画面的大致信息以吸引用户的购买欲；2)加密视频可以任意被未授权的解码器解码部分视频信息；3)加密机制在保证一定安全性的同时保证效率。Public video has high economic value, and reasonable copyright protection measures can protect the rights and interests of video producers and operators to the greatest extent. The purpose of public video is to attract more viewers to watch, so the encryption of public video has relatively special requirements: 1) Encrypted video only reduces the quality of the video, but still retains the general information of the picture to attract users' desire to buy; 2 ) Encrypted video can be arbitrarily decoded by unauthorized decoders for part of video information; 3) The encryption mechanism guarantees efficiency while ensuring certain security.

另外，本发明实施例将那些普通用户自己生产的，不以获得利益为目的视频成为私有视频。例如家庭视频，监控视频、视频会议等等。In addition, in the embodiment of the present invention, videos produced by ordinary users themselves and not for the purpose of obtaining profits become private videos. Such as home video, surveillance video, video conferencing and so on.

私有视频具有很高的私密性。私有视频泄露会对个人、家庭、公司造成恶劣的后果。私有视频的私密性主要表现在，它包含了大量的用户在生活、工作中的个人信息或公司信息，而这些信息一旦被泄露，则会对个人、公司等造成不可估量的损失。与此同时，隐私又是一个非常难以界定的概念；在视频这种富含各种信息的非结构文件中界定隐私更是难上加难。Private videos are highly private. Private video leaks can have bad consequences for individuals, families, and companies. The privacy of private video is mainly manifested in that it contains a large number of personal information or company information of users in life and work, and once this information is leaked, it will cause immeasurable losses to individuals and companies. At the same time, privacy is a very difficult concept to define; it is even more difficult to define privacy in an unstructured document rich in various information such as video.

因此，对于私有视频隐私性的保护应该具有更好的安全性：1)尽最大可能降低视频全部画面质量；2)由于私有视频涉及到大量的个人用户，因此视频保护最好以服务的形式提供；3)在保证效率的前提下具有一定的安全性。Therefore, the privacy protection of private videos should have better security: 1) Reduce the overall picture quality of the video as much as possible; 2) Since private videos involve a large number of individual users, video protection is best provided in the form of services 3) Under the premise of ensuring efficiency, it has certain security.

综上，公开视频和私有视频在其生存周期内都面临着严重的安全问题，而加密则是保证视频安全的重要方式。由于用途的不同，公开视频和私有视频又有不同的加密需求。To sum up, both public and private videos face serious security problems in their life cycles, and encryption is an important way to ensure video security. Due to different uses, public videos and private videos have different encryption requirements.

从加密内容出发，视频加密可以分为全加密和选择性加密两种。顾名思义，全加密即将视频当作普通数据进行加密，这种加密方式完全破坏了视频结构，同时数据全部加密带来了高额的计算量。选择性加密算法选取视频中的有效信息，而不是结构标识信息进行加密，从而保证了加密视频的可操作性，同时很大程度上减少了待加密数据量，提高加密效率。From the perspective of encrypted content, video encryption can be divided into two types: full encryption and selective encryption. As the name implies, full encryption encrypts the video as ordinary data. This encryption method completely destroys the video structure, and at the same time, all data encryption brings a high amount of computation. The selective encryption algorithm selects the valid information in the video instead of the structural identification information for encryption, thereby ensuring the operability of the encrypted video, and at the same time greatly reducing the amount of data to be encrypted and improving the encryption efficiency.

目前常见的编码过程中选择性加密算法，可以大致分为两类：第一类为对原始视频压缩信息进行加密；第二类为结合熵编码和语义元素的加密算法。前者由于加密过程发生在视频编码的第一阶段，因此可以达到更精确选择性加密效果，同时具有完全的格式兼容，但是会造成严重的视频压缩损失；后者常常发生在视频压缩数据量化之后，熵编码之前，或者已压缩视频进行熵解码之后，选择性的精确效果比前者略有降低，同时由于一些底层语义元素不可避免的被加密，只能达到播放器可以播放的格式兼容效果，并不能达到完全的格式兼容。同时，也会带来比前者较小的压缩损失。At present, the common selective encryption algorithms in the encoding process can be roughly divided into two categories: the first type is to encrypt the original video compression information; the second type is an encryption algorithm that combines entropy coding and semantic elements. The former can achieve more precise and selective encryption because the encryption process occurs in the first stage of video coding, and at the same time has complete format compatibility, but it will cause serious video compression losses; the latter often occurs after the quantization of video compression data, Before entropy encoding, or after entropy decoding of compressed video, the precise effect of selectivity is slightly lower than that of the former. At the same time, because some underlying semantic elements are inevitably encrypted, it can only achieve the format compatibility effect that the player can play, and cannot. achieve full format compatibility. At the same time, it will also bring a smaller compression loss than the former.

为了对视频文件进行加密，本发明实施例提供了一种基于ABE(Attribute basedEncryption)的视频索引加密算法，在实现视频索引内容细粒度、可扩展的访问控制的同时，解决了Sec_ABAC协议存在的安全问题或部署难题。In order to encrypt the video file, the embodiment of the present invention provides a video index encryption algorithm based on ABE (Attribute based Encryption), which solves the security problem of the Sec_ABAC protocol while realizing the fine-grained and scalable access control of the video index content. problems or deployment challenges.

本发明实施例设计的ABE方案需要能够满足“媒体云”的相关需求。The ABE solution designed in the embodiment of the present invention needs to be able to meet the relevant requirements of the "media cloud".

首先：本文ABE方案需要符合视频业务的访问控制需求，视频业务访问控制的客体对象为视频，而视频内容具有体积大，内容结构性差的特点。因此，如何实现对视频内容的细粒度访问控制是本文算法的第一个限制。First: the ABE solution in this paper needs to meet the access control requirements of video services. The object of video service access control is video, and the video content has the characteristics of large volume and poor content structure. Therefore, how to implement fine-grained access control to video content is the first limitation of our algorithm.

其次，视频业务部署在媒体云中，同样需要面临云中的挑战。当大量的用户在同一时间访问某一个特定的内容是，访问控制势必会成为系统的瓶颈。因此，本文提出的ABE算法应该具有可扩展性，以适应媒体云高弹性、多用户的特点。Second, video services are deployed in the media cloud, which also faces challenges in the cloud. When a large number of users access a specific content at the same time, access control is bound to become the bottleneck of the system. Therefore, the ABE algorithm proposed in this paper should be scalable to adapt to the high elasticity and multi-user characteristics of media cloud.

再次，享受视频服务的用户形形色色，不可避免会有恶意用户，存在恶意分发、滥用自己的私有密钥的行为。这种行为不仅会浪费视频运营商的带宽，损害运营商的收益，同时也会打击视频制作商的积极性，从而威胁整个的视频业务行业。因此，本文提出的ABE算法应该具有用户密钥撤销的功能，以防止用户的密钥滥用行为。Thirdly, there are all kinds of users who enjoy video services, and it is inevitable that there will be malicious users who distribute maliciously and abuse their private keys. This kind of behavior will not only waste the bandwidth of video operators and damage the revenue of operators, but also discourage the enthusiasm of video producers, thus threatening the entire video service industry. Therefore, the ABE algorithm proposed in this paper should have the function of user key revocation to prevent the user's key abuse.

然后，由于ABE算法涉及到大量的指数运算和双线性运算，计算强度大。观看视频的终端设备常常是一些无源设备。因此，控制算法的计算复杂度、空间复杂度，尽最大能力减少认证授权的计算消耗和通信消耗，也是本文提出的ABE算法需求之一。Then, since the ABE algorithm involves a large number of exponential operations and bilinear operations, it is computationally intensive. The terminal devices for watching videos are often passive devices. Therefore, controlling the computational complexity and space complexity of the algorithm and reducing the computational consumption and communication consumption of authentication and authorization as much as possible are also one of the requirements of the ABE algorithm proposed in this paper.

最后，由于ABE算法需要制作复杂的访问控制树，而往往这些访问控制树的表达效率并不高。同时，媒体云需要承担大量的视频的代理加密，对应着产生大量的访问控制树，这些树的生成、维护需要花费巨大的代价。因此，本文提出的ABE算法应该尽最大能力提高访问控制树的表达效率。Finally, because the ABE algorithm needs to make complex access control trees, the expression efficiency of these access control trees is often not high. At the same time, the media cloud needs to undertake the proxy encryption of a large number of videos, which corresponds to the generation of a large number of access control trees. The generation and maintenance of these trees require huge costs. Therefore, the ABE algorithm proposed in this paper should try its best to improve the expression efficiency of the access control tree.

本发明实施例提出的eM-CP-ABE算法具有以下的特点：The eM-CP-ABE algorithm proposed in the embodiment of the present invention has the following characteristics:

1、可以实现大场景下的部署(Large Universe)。在大场景的情况下，理论上主体、客体或者环境的属性可以设置无数多个，公开密钥长度固定，密文长度、私钥长度只与相关属性相关，与属性的总数无关；1. It can realize deployment in large scenarios (Large Universe). In the case of a large scene, theoretically, the attributes of the subject, object or environment can be set to an infinite number, the length of the public key is fixed, the length of the ciphertext and the length of the private key are only related to the relevant attributes, and have nothing to do with the total number of attributes;

2、适用于视频服务，实现视频内容的细粒度访问控制。本发明实施例提出算法可以实现一个视频的多个权限层级加密。权限层级与视频索引文件相对应，而索引文件则标注了某一视频分片的位置。因此，将非结构性的视频数据通过索引文件结构化。本文提出算法可以实现视频分片粒度大小单位的权限控制。2. It is suitable for video services and realizes fine-grained access control of video content. The algorithm proposed in the embodiment of the present invention can implement encryption of multiple rights levels of a video. The permission level corresponds to the video index file, and the index file marks the location of a video segment. Therefore, the unstructured video data is structured through the index file. The algorithm proposed in this paper can realize the permission control of video slice granularity unit.

3、提供委托机制，允许拥有访问控制结构X密钥的机构都可以生成访问控制结构Y的密钥，当且仅当Y比X更严格。因此，算法可以很方便的扩展为多授权中心的模式，改善海量用户访问视频业务时，访问控制存在的瓶颈问题。提高授权的可扩展性，符合媒体云高弹性的特点。3. Provide a delegation mechanism that allows any organization that has the key of access control structure X to generate the key of access control structure Y, if and only if Y is stricter than X. Therefore, the algorithm can be easily extended to the mode of multi-authorization centers to improve the bottleneck problem of access control when a large number of users access video services. Improve the scalability of authorization, in line with the high elasticity of the media cloud.

4、支持便捷的用户撤销，当某一个用户权限被撤销时，系统可以保证被撤销权限的用户不能再访问相关资源，同时还能保证其他拥有权限的用户依旧可以正常访问资源。4. Support convenient user revocation. When a certain user authority is revoked, the system can ensure that the user whose authority has been revoked can no longer access related resources, and at the same time, it can also ensure that other users with authority can still access resources normally.

首先，对本发明实施例接下来将要用到的一些名词进行定义：First, some terms that will be used in the following embodiments of the present invention are defined:

访问结构(Access Structure)：设{P₁，P₂，...，P_n}是一个多方的集合。

是单调的，当且仅当

若

且

则有

一个访问结构(或单调访问结构)是一个非空子集，即

在

中的集合称为授权集合，而不在

中的称为非授权集合。Access Structure: Let {P₁ , P₂ , ..., P_n } be a set of many parties.

is monotonic if and only if

like

and

then there are

An access structure (or monotonic access structure) is a non-empty subset, i.e.

exist

The collection in is called the authorization collection, not in

is called an unauthorized set.

在CP-ABE算法中，一个描述属性的集合被用来当作解密密钥。而明文被一个访问结构加密。我们使用访问树的形式描述访问结构。当且仅当描述属性的集合能够满足访问树结构是，密文才能够被解密。In the CP-ABE algorithm, a set of descriptive properties is used as the decryption key. The plaintext is encrypted by an access structure. We describe the access structure in the form of an access tree. The ciphertext can be decrypted if and only if the set of description attributes can satisfy the access tree structure.

媒体云下属性加密存在很多问题，比如1)视频内容结构性差，粒度控制困难；2)大量用户同时访问资源，海量计算环境下难以保证实时性的问题；3)恶意用户滥用私钥的问题；4)无源设备存在计算能力差、续航能力不足的现实状况下，减少算法计算消耗和通信消耗的问题。There are many problems in attribute encryption under the media cloud, such as 1) the video content is poorly structured and granular control is difficult; 2) a large number of users access resources at the same time, and it is difficult to ensure real-time performance in a massive computing environment; 3) malicious users abuse private keys; 4) In the real situation that the passive device has poor computing power and insufficient battery life, it reduces the problem of algorithm calculation consumption and communication consumption.

针对以上问题，本文提出了一种适宜于媒体云的属性加密算法eM-CP-ABE(enhancedMedia-Ciphertext-Policy Attribute-Based Encryption)。算法引入虚拟结点概念，构造高表达效率的复合树以及密钥链等算法组件。在此基础上实现海量视频分片级别的访问控制，支持设置海量的属性、授权中心的层次化扩展、用户撤销，通过设计效率的访问树降低算法复杂度，单个的访问树可以加密单个文件，同时也可以对应多个文件，实现多文件、多层级的访问控制描述。In view of the above problems, this paper proposes an attribute encryption algorithm eM-CP-ABE (enhancedMedia-Ciphertext-Policy Attribute-Based Encryption) suitable for media cloud. The algorithm introduces the concept of virtual nodes to construct high-efficiency compound trees and algorithm components such as key chains. On this basis, access control at the level of massive video slices is realized, and it supports the setting of massive attributes, hierarchical expansion of authorization centers, and user revocation. The complexity of the algorithm is reduced by designing an efficient access tree. A single access tree can encrypt a single file. At the same time, it can also correspond to multiple files to realize multi-file and multi-level access control description.

首先，从系统层面考虑，云计算的特点是用户或企业将数据外包给云计算服务商，利用其提供的计算能力或者存储能力来实现自己的业务需求，这种异地处理数据的新模式带来了新的安全风险。存储在“媒体云”中的视频分为公开视频和私有视频，面向观众的公开视频汇集制作者的心血和制作成本因此具有高价值的特性，面向个人的私有视频涉及到用户隐私，因此建立“以保护多媒体内容安全、业务管控为核心的媒体云技术安全框架”迫在眉睫。First of all, from the perspective of the system, the characteristic of cloud computing is that users or enterprises outsource data to cloud computing service providers, and use the computing power or storage capacity provided by them to achieve their own business needs. This new mode of processing data in different places brings new security risks. The videos stored in the "media cloud" are divided into public videos and private videos. The public videos for the audience gather the efforts and production costs of the producers, so they have high-value features. The private videos for individuals involve user privacy, so the establishment of " A media cloud technology security framework centered on the protection of multimedia content security and business management and control is imminent.

其次，从承载内容数据出发，加密是解决异地处理/存储数据，保证数据安全的重要手段。在媒体云中，存在着大量的视频文件，其中尤以VR、4K等数据体积庞大、结构复杂。实现海量、高效率、可变粒度、可扩展的视频加密算法，为媒体云中的内容安全起到了基础的作用。Secondly, from the perspective of carrying content data, encryption is an important means to solve data processing/storage in different places and ensure data security. In the media cloud, there are a large number of video files, especially VR, 4K and other data are huge and complex in structure. The realization of massive, high-efficiency, variable granularity, and scalable video encryption algorithms plays a fundamental role in the security of content in the media cloud.

最后，从视频服务的访问控制角度分析，高效、细粒度、可扩展的访问控制技术是保证视频服务安全可控的重要措施。在“媒体云”中，视频的来源多种多样，传播渠道各异，终端设备性能差异大，因此要求访问控制算法具有高效性，满足各式各样的异构环境；其次，传统的视频访问控制手段都是粗粒度的，往往只能以单个视频/频道整体为基本单位进行数据分享，观看者或者得到该视频唯一的解密密钥，或者得到一份该视频的清流拷贝，很难实现细粒度的访问控制；最后，随着视频业务的多样化，云用户的强动态变化。访问控制算法的可扩展性也十分必要。因此，如何实现一套高效、细粒度、可扩展的访问控制算法，能够支持视频数据以更小的粒度进行安全分发对媒体云中多种业务的开展，是一个非常迫切的问题。Finally, from the perspective of access control of video services, efficient, fine-grained, and scalable access control technology is an important measure to ensure the security and control of video services. In the "media cloud", there are various sources of video, different dissemination channels, and large differences in the performance of terminal devices. Therefore, access control algorithms are required to be efficient and meet various heterogeneous environments; secondly, traditional video access The control methods are coarse-grained, and data sharing can often only be carried out based on a single video/channel as a whole. The viewer can either obtain the unique decryption key of the video, or obtain a clear copy of the video, which is difficult to achieve. Granular access control; finally, with the diversification of video services, the strong dynamic change of cloud users. The scalability of the access control algorithm is also necessary. Therefore, how to implement a set of efficient, fine-grained, and scalable access control algorithms that can support the secure distribution of video data at a smaller granularity for the development of various services in the media cloud is a very urgent problem.

树的每一个内部结点代表一个门限，而树的叶子结点与属性相关联。下面，我们首先给出访问树的构造。Each interior node of the tree represents a threshold, and the leaf nodes of the tree are associated with attributes. Below, we first give the construction of the access tree.

访问树T：设T为一个访问树。树中的每一个非叶子节点作为一个门限，使用它的子结点及门限值来描述。如果num_x为结点x的子结点，k_x为结点x的门限值，则0＜k_x≤num_x。当k_x＝1时，结点为一个或门。同理，当k_x＝num_x时，结点代表一个与门。每个叶子结点由一个属性来描述，叶子结点的门限值k_x＝1。Access tree T: Let T be an access tree. Each non-leaf node in the tree is used as a threshold, which is described by its child nodes and the threshold value. If num_x is the child node of node x, and k_x is the threshold value of node x, then 0<k_x ≤num_x . When k_x =1, the node is an OR gate. Similarly, when k_x =num_x , the node represents an AND gate. Each leaf node is described by an attribute, and the threshold value of the leaf node is k_x =1.

为了方便描述，我们定义了访问树的几个函数。结点x的父结点为parent(x)，当结点x为叶子结点时，其结点上的属性表示为：att(x)。在访问树中定义子结点的顺序，从1到num_x。函数index(x)表示结点x在其父结点的位置。For the convenience of description, we define several functions for accessing the tree. The parent node of node x is parent(x). When node x is a leaf node, the attribute on the node is expressed as: att(x). Defines the order of child nodes in the access tree, from 1 to num_x . The function index(x) represents the position of node x in its parent node.

满足一个访问树：设访问树T的根结点为r。定义T_x为访问树T的子树，其根结点为x。因此，T也可以表示为T_r。如果一个属性集合γ能够满足访问树T_x，则有T_x(γ)＝1，否则返回⊥。我们递归的计算T_x(γ)：当x为非叶子节点时，评估x的所有子结点x′的T_x′(γ)。T_x(γ)将返回1，当且仅当至少k_x个子节点返回1；如果x为叶子结点，则T_x(γ)将返回1，当且仅当att(x)∈γ。Satisfy an access tree: Let the root node of the access tree T be r. Define T_x as a subtree of the access tree T whose root node is x. Therefore, T can also be denoted as_Tr . If an attribute set γ can satisfy the access tree T_x , then there is T_x (γ)=1, otherwise it returns ⊥. We recursively compute T_x (γ): when x is a non-leaf node, evaluate T_x '(γ) for all child nodes x' of x. T_x (γ) will return 1 if and only if at least k_x child nodes return 1; if x is a leaf node, T_x (γ) will return 1 if and only if att(x)∈γ.

双线性映射(Bilinear Maps)：设

是两个阶为p的循环乘法群。g为

的生成元，e为双线性映射，

双线性映射e有如下的特性：Bilinear Maps: Let

are two cyclic multiplicative groups of order p. g is

The generator of , e is a bilinear map,

The bilinear map e has the following properties:

双线性：对于所有的

和

则有e(u^a，v^b)＝e(u，v)^ab。Bilinear: for all

and

Then e(u^a , v^b )=e(u, v)^ab .

非退化性：e(g，g)≠1。Non-degenerate: e(g, g)≠1.

我们说

为一个双线性群，如果

中的运算以及双线性映射

都可以非常方便的计算。同时，映射e具有对称性，即e(g^a，g^b)＝e(g，g)^ab＝e(g^b，g^a)。we say

is a bilinear group, if

Operations in and Bilinear Maps

can be calculated very easily. Meanwhile, the mapping e has symmetry, ie e(g^a , g^b )=e(g, g)^ab =e(g^b , g^a ).

DBDH假设(Decisional Bilinear Diffie-Hellman Assumption)：设在

中随机取四个数，有

g为

的生成元。DBDH假设为：不存在多项式时间算法

可以以不可忽略的优势区分元组(A＝g^a，B＝g^b，C＝g^c，e(g，g)^abc)和(A＝g^a，B＝g^b，C＝g^c，e(g，g)^z)。算法

的优势可以表示为：DBDH assumption (Decisional Bilinear Diffie-Hellman Assumption): set in

Four random numbers are taken from the

g is

generator of . The DBDH assumption is: there is no polynomial time algorithm

Tuples (A=^ga ,^B =gb,^C =gc, e(g, g)^abc ) and (^A =ga,^B =gb,^C =gc) can be distinguished with non-negligible advantage, e(g, g)^z ). algorithm

The advantage can be expressed as:

Large Universe机制：在CP-ABE算法中，密钥的长度与输入属性集合S的元素个数|S|线性成比例。我们定义集合

中所有元素都可以作为属性。同时，我们规定申请密钥的最大属性集合包含元素个数|S_Max|。抗碰撞函数

可以使我们使用任意的字段作为属性。这样，输入属性集合可以取得的元素内容将极大范围的扩张，称为LargeUniverse机制。我们设所有可用属性全集合为

Large Universe mechanism: In the CP-ABE algorithm, the length of the key is linearly proportional to the number of elements |S| of the input attribute set S. we define the set

All elements in can be used as attributes. At the same time, we stipulate that the maximum attribute set for applying a key contains the number of elements |S_Max |. Anti-collision function

This allows us to use arbitrary fields as properties. In this way, the content of the elements that can be obtained by the input attribute set will be greatly expanded, which is called the LargeUniverse mechanism. We set the full set of all available properties as

适宜于媒体云的视频索引加密系统由五个部分组成，视频拥有者，视频消费者，属性授权群(Attribute Authority)，可信加密中心，媒体云。The video index encryption system suitable for media cloud consists of five parts, video owner, video consumer, Attribute Authority, trusted encryption center, and media cloud.

视频拥有者生产视频，视频经过技术处理，形成加密的随机分布存储的视频片段，而与此同时生成视频索引是本系统中需要保护的主要内容。因此，本文假设视频拥有者拥有视频索引，即拥有该视频的所有权。The video owner produces the video, and the video undergoes technical processing to form encrypted video clips that are randomly distributed and stored. At the same time, the generation of video index is the main content that needs to be protected in this system. Therefore, this article assumes that the video owner owns the video index, i.e. owns the video.

视频消费者希望通过各种手段来获取视频。为方便介绍，本文规定消费者只能享受观看视频的权限。Video consumers want to acquire video through various means. For the convenience of introduction, this article stipulates that consumers can only enjoy the right to watch videos.

可信加密中心：用来辅助视频拥有者完成属性加密的可信计算资源。Trusted Encryption Center: A trusted computing resource used to assist video owners to complete attribute encryption.

属性授权群：可扩展的属性授权中心是一个层次的授权结构。每个属性授权体可以作为授权中心，直接向用户授权；也可以作为父授权中心，拓展子授权中心。我们规定同一级别的授权中心负责的属性集合两两互斥，子授权中心所负责的属性集合是父中心对因属性集合的非空子集。Attribute authorization group: The scalable attribute authorization center is a hierarchical authorization structure. Each attribute authorization body can be used as an authorization center to directly authorize users; it can also be used as a parent authorization center to expand child authorization centers. We stipulate that the attribute sets responsible for the authorization center at the same level are mutually exclusive, and the attribute set responsible for the child authorization center is a non-empty subset of the attribute set by the parent center.

媒体云：负责存储加密后的视频片段，并提供相应的视频服务，比如直播，点播。Media cloud: responsible for storing encrypted video clips and providing corresponding video services, such as live broadcast and on-demand.

为提高现有的访问结构的表达效率，解决其无法效率的描述视频不同权限层数据统一访问结构的问题，本文引入了虚拟结点的概念，形成复合树。虚拟结点x由门限值k_x，孩子结点个数num_x联合表示。与普通结点不同的是，虚拟结点的门限值固定为k_x＝0。与普通的访问结构相似，虚拟结点的父结点可以表示为y＝parent(x)，父结点拥有子结点个数num_y，其中虚拟结点个数为num′_y，则其门限取值为0≤k_y≤num_y-num′_y。若num_y＝num′_y，即k_y＝0，则结点y为虚拟结点，其子结点分别为以虚拟结点作为根结点的独立树。虚拟结点的子结点必须是一个以“主干”和“从支”构成的层次化访问树，也就是说，虚拟结点的子结点不能是虚拟结点，其父结点也不能为虚拟结点。In order to improve the expression efficiency of the existing access structure and solve the problem that it cannot effectively describe the unified access structure of data in different permission layers of video, this paper introduces the concept of virtual node to form a compound tree. The virtual node x is jointly represented by the threshold value k_x and the number of child nodes num_x . Different from ordinary nodes, the threshold value of virtual nodes is fixed as k_x =0. Similar to the ordinary access structure, the parent node of a virtual node can be expressed as y=parent(x), the parent node has the number of child nodes num_y , and the number of virtual nodes is num′_y , then its threshold The value is 0≤k_y ≤num_y -num′_y . If num_y =num′_y , that is,_ky =0, the node y is a virtual node, and its child nodes are independent trees with the virtual node as the root node respectively. The child node of a virtual node must be a hierarchical access tree composed of "trunk" and "subordinate branches", that is, the child node of a virtual node cannot be a virtual node, and its parent node cannot be virtual node.

判断属性集合S如何满足复合树

为清楚的描述判断过程，本文以图1所示的简单的复合树为例进行说明。其中，图1中的k/num指代门限/子结点数，方形代表属性结点，椭圆代表普通结点，多边形代表虚拟结点。判断过程可以扩展到更复杂的复合树。Determine how the attribute set S satisfies the compound tree

In order to describe the judgment process clearly, this paper takes the simple compound tree shown in FIG. 1 as an example for illustration. Among them, k/num in Fig. 1 refers to the threshold/number of child nodes, squares represent attribute nodes, ellipses represent common nodes, and polygons represent virtual nodes. The decision process can be extended to more complex compound trees.

步骤1：提出基础树，将k＝0的虚拟结点及其子孙全部删除，得到基础树

Step 1: Propose the basic tree, delete all the virtual nodes with k=0 and their descendants, and get the basic tree

步骤2：列出以k＝0的虚拟结点y为父结点的所有以主干和从支构成的独立层次化访问树

Step 2: List all independent hierarchical access trees composed of trunks and subordinate branches with the virtual node y of k=0 as the parent node

步骤3：对

进行判断，可以最终判断

获得最终的访问权限。需要指出的是，由于在生成基础树时，虚拟结点及其子孙全部删除，因此虚拟结点不会对判断

产生影响。Step 3: Right

make a final judgment

Get ultimate access. It should be pointed out that since the virtual node and its descendants are all deleted when the base tree is generated, the virtual node will not judge

make an impact.

不失一般性，我们假设一个访问控制结构(1-1复合树)，即实现一个视频文件的对应的l个索引文件m₁，...，m_l的权限层级L加密(为简单起见，我们假设每个索引文件对应一个权限层级)，同时具有m个共同属性组成的访问结构(基础树)。第j个索引文件的权限层级为L_j，对应用户拥有的权限为p_j，j＝0，...，l。我们定义{p₁，...，p_l}上的二进制支配关系≤：p_i≤p_j，当且仅当

例如：Without loss of generality, we assume an access control structure (1-1 compound tree), that is to implement the permission level L encryption of the corresponding_l index files m₁ , . . . , ml of a video file (for simplicity, We assume that each index file corresponds to a permission level) and has an access structure (base tree) composed of m common attributes. The authority level of the jth index file is L_j , and the authority possessed by the corresponding user is p_j , j=0, . . . , l. We define the binary dominance relation on {p₁ , ..., p_l } ≤: p_i ≤ p_j if and only if

E.g:

L₁＝{m₁}；L₁ ={m₁ };

L_j+1＝L_j∪{m_j+1}，j＝1，2，...，l-1；L_j+1 =L_j ∪{m_j+1 }, j=1, 2, ..., l-1;

p₁≤p₂≤…≤p_l。p₁ ≤p₂ ≤...≤p_l .

对于一个视频的多个索引文件肯定具有共同的属性，比如视频名称、视频厂商、过期时间等。针对现有技术描述这些共同属性构成的访问结构效率低的情况，本文提出了复合树的概念，来完成同一视频不同访问权限内容的相同访问权限描述。图2是复合树的基本构成单元。同样，利用复合数的基本单元可以构造更复杂的复合树。Multiple index files for a video must have common attributes, such as video name, video manufacturer, expiration time, and so on. Aiming at the low efficiency of describing the access structure formed by these common attributes in the prior art, this paper proposes the concept of compound tree to complete the description of the same access rights for the content of the same video with different access rights. Figure 2 is the basic building block of a compound tree. Likewise, more complex compound trees can be constructed using the basic units of compound numbers.

基于图2复合树的基本单元

我们需要达到的目的是：设用户拥有接入第i层内容的权限，那么该用户至少应该拥有密钥参数a₀，a_i，通过a₀，a_i用户可以单向推出{a_j：1≤j≤i}。Based on the basic unit of the compound tree in Figure 2

The goal we need to achieve is: if the user has the right to access the content of the i-th layer, then the user should at least have key parameters a₀ , a_i , through a₀ , a_i user can unidirectionally push {_aj : 1 ≤j≤i}.

我们的设计如下：Our design is as follows:

步骤1.定义一个单向散列函数H₂(*)，具有如下特点：Step 1. Define a one-way hash function H₂ (*) with the following characteristics:

输入任意长度数据，输出固定长度消息摘要；Input data of any length, output fixed-length message digest;

对于给定的输入，可以很容易的计算出输出；For a given input, the output can be easily calculated;

而对于H₂(*)，找到两个不同输入但相同输出，在计算上是不可行的。即满足单向性。For H₂ (*), it is computationally infeasible to find two different inputs but the same output. That is, unidirectionality is satisfied.

符合以上条件的散列函数很多，例如SHA-1等。There are many hash functions that meet the above conditions, such as SHA-1 and so on.

步骤2.对于复合树单元

设其根结点为

最高权限单元m_l对应结点N_l，随机选择唯一值

则可以生成最高权限单元m_l对应的加密密钥k_l＝H₂(a_l||a₀)。其中x||y表示两个字符串连接。则有，a_j＝H₂(k_j+1||j)，可得k_j＝H₂(a_j||a₀)，此时j满足1≤j＜l-1。Step 2. For compound tree cells

Let its root node be

The highest authority unit m_l corresponds to the node N_l , and randomly selects a unique value

Then the encryption key k_l =H₂ (a_l ||a₀ ) corresponding to the highest authority unit_ml can be generated. where x||y represents the concatenation of two strings. Then, a_j =H₂ (k_j+1 ||j), k_j =H₂ (a_j ||a₀ ) can be obtained, at this time, j satisfies 1≤j<l-1.

最终形成的密钥链{k₁，...，k_l}可以作为某一种对称加密算法，如AES的加密密钥，来加密索引文件对应的l个文件单元。当用户属性集合可以满足共同访问控制要求，同时满足某一等级j+1的访问控制时，用户可以获得j+1单元内容的加密密钥，同时也可以推出低于j+1等级的密钥。由于H₂(*)的单向性，低等级的密钥无法通过计算获得高等级的密钥。The finally formed key chain {k₁ , . . . , k_l } can be used as a certain symmetric encryption algorithm, such as the encryption key of AES, to encrypt l file units corresponding to the index file. When the user attribute set can meet the common access control requirements and meet the access control of a certainlevel j+1, the user can obtain the encryption key of the j+1 unit content, and can also deduce the key lower than the j+1 level. . Due to the unidirectionality of H₂ (*), low-level keys cannot be calculated to obtain high-level keys.

本文提出的eM-CP-ABE算法由五个函数组成：Setup，Encrypt，KeyGen，Decrypt，Delegate。The eM-CP-ABE algorithm proposed in this paper consists of five functions: Setup, Encrypt, KeyGen, Decrypt, and Delegate.

Setup(λ)，由属性授权群根节点中心生成，输入为安全参数λ，输出为系统公开密钥PK及系统管理密钥MK。Setup(λ) is generated by the attribute authorization group root node center, the input is the security parameter λ, and the output is the system public key PK and the system management key MK.

可信加密中心受视频拥有者委托，执行属性加密算法。输入为系统公开密钥PK，待加密明文M，以及一个访问控制结构

算法将明文M加密，生成密文CT。我们假设，密文CT中包含访问控制结构

The trusted encryption center is entrusted by the video owner to execute the attribute encryption algorithm. The input is the system public key PK, the plaintext M to be encrypted, and an access control structure

The algorithm encrypts the plaintext M and generates the ciphertext CT. We assume that the ciphertext CT contains access control structures

KeyGen(MK，S)，加密系统的属性全集标记为

视频消费者提供自己拥有的属性集合

向属性授权群中某一结点申请自己的密钥SK。属性授权结点执行KeyGen函数，将MK和S作为输入，输出为视频消费者私有密钥SK。KeyGen(MK, S), the complete set of properties of the encryption system is marked as

Video consumers provide a collection of properties they own

Apply to a node in the attribute authorization group for its own key SK. The attribute authorization node executes the KeyGen function, takes MK and S as input, and outputs the video consumer's private key SK.

Decrypt(PK，CT，SK)，视频消费者在接受到系统公开密钥PK，密文CT。同时，通过KeyGen生成自己的私有密钥SK，执行Decrypt，希望获得明文M。Decrypt (PK, CT, SK), the video consumer receives the system public key PK, ciphertext CT. At the same time, generate its own private key SK through KeyGen, execute Decrypt, and hope to obtain the plaintext M.

Delegate(SK，S′)，委托算法完输入为一个对应属性集合为S的私有密钥SK，私钥拥有者可以通过委托算法，向属性集合为S′，且满足

且

的个体分享密钥。我们将利用Delegate算法实现多授权中心扩展。Delegate(SK, S'), the input of the delegation algorithm is a private key SK whose corresponding attribute set is S, the private key owner can pass the delegation algorithm to the attribute set S', and satisfy the

and

individuals share the key. We will use the Delegate algorithm to achieve multi-authorization center expansion.

本节详细介绍eM-CP-ABE算法实现过程，为简化描述过程，假设访问控制结构为1-1复合树，即实现一个视频文件的对应的l个索引文件单元的l个权限层级加密(为简单起见，我们假设每个索引文件对应一个权限层级)，同时具有m个共同属性组成的访问结构(基础树)，稍后将讨论扩展到多个复合树单元的情况：This section introduces the implementation process of the eM-CP-ABE algorithm in detail. In order to simplify the description process, it is assumed that the access control structure is a 1-1 compound tree, that is, the encryption of l rights levels of the corresponding l index file units of a video file (for For simplicity, we assume that each index file corresponds to a permission level), and has an access structure (base tree) composed of m common attributes, which will be discussed later to expand to multiple compound tree units:

Setup(λ)，算法选择一个双线性群

其阶为大质数p，

生成元为g；双线性映射函数

随机选取两个数，满足

然后，发布密钥，如下所示：Setup(λ), the algorithm selects a bilinear group

Its order is a large prime number p,

The generator is g; the bilinear mapping function

Two random numbers are chosen that satisfy

Then, publish the key as follows:

其中：g₁＝g^β，g₂＝e(g，g)^α，f₁＝g^1/βMK＝(β，g^α)where: g₁ =g^β , g₂ =e(g, g)^α , f₁ =g^1/β MK=(β, g^α )

执行加密算法，根据访问结构

将明文M＝{m₁，...，m_l}加密，输出密文CTs。首先，执行加密之前，遍历访问结构

取得虚拟结点vN(由于前文定义，只包含一个复合树单元，因此只存在一个虚拟结点)，得到独立访问控制树2个(图3为从图2中分离出来的两个独立树，包含一个主干-分支层次化结构树，一个基础树)。对于树中的每一个结点N，算法选取一个多项式f_N，其中f_N的最高次数为k_N-1(当k_N＝0时，q_N＝0)，常数项与其父结点，及所在子结点位置相关联，为a_N＝f_parent(N)(index(N))。

Execute the encryption algorithm according to the access structure

The plaintext M={m₁ , . . . , m_l } is encrypted, and the ciphertext CTs is output. First, before performing encryption, traverse the access structure

Obtain the virtual node vN (due to the previous definition, it contains only one compound tree unit, so there is only one virtual node), and obtain 2 independent access control trees (Figure 3 is two independent trees separated from Figure 2, including a trunk-branch hierarchy tree, a base tree). For each node N in the tree, the algorithm chooses a polynomial f_N , where the highest degree of f_N is k_N -1 (when k_N =0, q_N =0), the constant term and its parent node, and The position of the child node is associated, which is a_N =f_parent(N) (index(N)).

算法随机选取4个随机数

设基础树为

根结点为N_R，虚拟结点vN作为根结点的树为

分别设置根结点对应多项式f_N的常数项：

f_vN(0)＝a_vN＝s_l，则有k_l＝H₂(x_l||x₀)，x_j＝H₂(k_j+1||j)_1≤j≤l-1，对应的密钥为{k_l，...k₁}(k_j＝H₂(x_j||x₀))。然后，利用各个结点既定多项式，分别向叶子结点分发s₀，s_l的秘密分享碎片。设集台

为对应访问控制结构

的叶子结点集合，n_i为其某一叶子结点，对应属性为att(n_i)。树

“主干”上结点集合为{N₁，...，N_l}，对应获得秘密碎片为

结点N_l-i+1对应权限等级为p_j，j＝1，2...，l。最终生成的密文由两部分组成，第一部分为对称加密部分，这里设对称加密算法为ε(m，k)；第二部分为属性加密部分。密文可以表示为：The algorithm randomly selects 4 random numbers

Let the base tree be

The root node is_NR , and the tree with the virtual node vN as the root node is

Set the constant term of the polynomial f_N corresponding to the root node respectively:

f_vN (0)=a_vN =s_l , then k_l =H₂ (x_l ||x₀ ), x_j =H₂ (k_j+1 ||j)_1≤j≤l-1 , The corresponding keys are {k_l , . . . k₁ }(k_j =H₂ (x_j ||x₀ )). Then, using the given polynomial of each node, the secret sharing fragments of s₀ and s_l are distributed to the leaf nodes respectively. set up stand

for the corresponding access control structure

The set of leaf nodes of , n_i is one of the leaf nodes, and the corresponding attribute is att(n_i ). Tree

The set of nodes on the "backbone" is {N₁ ,...,N_l }, and the corresponding secret fragments obtained are

The corresponding authority level of the node N_l-i+1 is p_j , j=1, 2..., l. The final generated ciphertext consists of two parts, the first part is the symmetric encryption part, where the symmetric encryption algorithm is set as ε(m, k); the second part is the attribute encryption part. The ciphertext can be expressed as:

CTs＝EM||CTCTs=EM||CT

其中，

in,

其中，

in,

其中，H₁(*)为抗碰撞的哈希函数

对于同时拥有顶层权限和统一权限的用户，用户期待获得x₀及x_l，计算获得顶层密钥k_l，通过密钥链获得其他底层密钥；而对于拥有p_j权限的用户，用户期待获得相应参数x_i，当用户同时拥有统一认证权限时，可以获得j以下(包括j)的所有权限。若无法通过统一认证权限，则无法获取任何密钥。因为每次申请所有的秘密树都是动态生成的，因此具有抗共谋攻击。Among them, H₁ (*) is the anti-collision hash function

For users with both top-level and unified permissions, the user expects to obtain x₀ and x_l , obtain the top-level key k_l by calculation, and obtain other bottom-level keys through the key chain; while for users with p_j authority, the user expects to obtain Corresponding parameter x_i , when the user has the unified authentication authority at the same time, he can obtain all authority below j (including j). If the unified authentication authority cannot be passed, no key can be obtained. Because all secret trees are dynamically generated for each application, it is resistant to collusion attacks.

KeyGen(MK，S)：属性授权中心收到视频消费者用户提供的属性集合S之后，结合系统管理密钥MK，输出用户需要的私有密钥SK。算法首先任意选取一个值

然后随机选取

然后计算私有密钥SK：KeyGen(MK, S): After receiving the attribute set S provided by the video consumer user, the attribute authorization center outputs the private key SK required by the user in combination with the system management key MK. The algorithm first arbitrarily selects a value

Then randomly select

Then calculate the private key SK:

SK＝(D，{D_j，D′_j}_j∈s)SK=(D, {D_j , D′_j }_j∈s )

其中D＝g^α+r/β，

where D=g^α+r/β ,

Decrypt(PK，CTs，SK)：视频消费者用户接受到密文CTs，并从属性授权中心获得自己的私钥SK，执行以下操作，完成内容解密：Decrypt(PK, CTs, SK): The video consumer user receives the ciphertext CTs and obtains his own private key SK from the attribute authorization center, and performs the following operations to complete the content decryption:

步骤1.判定自身属性集合S是否满足访问树

即

判定方法如本章第二节所示。若不满足，则返回⊥，当前密钥没有解密密文的权限；若满足，则返回1，继续步骤2。Step 1. Determine whether its own attribute set S satisfies the access tree

which is

The determination method is shown in the second section of this chapter. If not satisfied, return ⊥, the current key does not have the right to decrypt the ciphertext; if satisfied,return 1, continue to step 2.

步骤2.首先，定义一个递归的算法DecryptNode(CTs，SK，x)，CTs为获取的密文，SK为属性集合S对应的密钥，x为

中的一个结点。这里，我们分别讨论

和

两种情况：Step 2. First, define a recursive algorithm DecryptNode(CTs, SK, x), CTs is the obtained ciphertext, SK is the key corresponding to the attribute set S, and x is

a node in . Here, we discuss separately

and

Two cases:

情况1.当

时：Case 1. When

Time:

若x为叶子节点，当i＝att(x)∈S：If x is a leaf node, when i=att(x)∈S:

当

时，DecryptNode(CTs，SK，x)输出⊥。when

, DecryptNode(CTs, SK, x) outputs ⊥.

若x为非叶子节点，算法DecryptNode(CTs，SK，x)执行递归，考虑x的所有子结点z，设F_z＝DecryptNode(CTs，SK，z)，设S_x为任意k_x个F_z返回值不为⊥的子结点集合。若非⊥返回值个数不够k_x，DecryptNode(CTs，SK，x)返回⊥，否则计算：If x is a non-leaf node, the algorithm DecryptNode(CTs, SK, x) performs recursion, considering all child nodes z of x, let F_z = DecryptNode(CTs, SK, z), let S_x be any k_x F_z returns the set of child nodes whose value is not ⊥. If the number of non-⊥ return values is not enough for k_x , DecryptNode(CTs, SK, x) returns ⊥, otherwise calculate:

可得

Available

因此，递归至

的根结点r时，则有

接下来计算So, recurse to

When the root node r of , then there is

Calculate next

由此可得，满足统一访问树获得的密钥份额x₀。From this, it can be obtained that the key share x₀ obtained by the unified access tree is satisfied.

情况2：当

时：Case 2: When

Time:

若x为叶子节点，当i＝att(x)∈S：计算与

相同；If x is a leaf node, when i=att(x)∈S: calculate and

same;

若当前用户拥有最高权限，递归DecryptNode(CTs，SK，r)，可得

计算B₁/(e(C₁，D)/A)＝x_l，可得最高权限密钥k_l＝H₂(x_l||x₀)，利用密钥链可以推出较低权限密钥。If the current user has the highest authority, recursively DecryptNode(CTs, SK, r), we can get

Calculate B₁ /(e(C₁ , D)/A)=x_l , the highest authority key k_l =H₂ (x_l ||x₀ ) can be obtained, and the lower authority key can be deduced by using the key chain .

若当前用户拥有p_j权限等级，其中1≤j≤l，递归DecryptNode(CTs，SK，N_j)，可得，

计算

则k_j＝H₂(x_j||x₀)，利用密钥链可以推出更低权限密钥。If the current user has the privilege level of p_j , where 1≤j≤l, recursively DecryptNode(CTs, SK, N_j ), we can get,

calculate

Then k_j =H₂ (x_j ||x₀ ), the lower authority key can be deduced by using the key chain.

Delegate(SK，S’)：输入为属性集合S对应的密钥SK，且有

且

选择随机数

然后随机选取

则可以创建新的密钥：Delegate(SK, S'): The input is the key SK corresponding to the attribute set S, and there are

and

choose random number

Then randomly select

Then you can create a new key:

其中

in

在云环境中，大量用户短时间集中访问某一热点内容将会给属性授权中心带来极大的压力。因此，拓展单授权中心至多授权中心，可以有效的缓解算法运行的瓶颈问题。本节我们利用KeyGen和Delegate算法，将单授权中心拓展为属性授权群，如图4所示。In the cloud environment, a large number of users accessing a certain hot content in a short time will bring great pressure to the attribute authorization center. Therefore, expanding a single authorization center to a maximum of authorization centers can effectively alleviate the bottleneck problem of algorithm operation. In this section, we use the KeyGen and Delegate algorithms to expand a single authorization center into an attribute authorization group, as shown in Figure 4.

为简单描述eM-CP-ABE算法的多授权中心扩展方案，同时支持Large Universe机制，我们做以下假设：每个属性授权服务器可以单独完成授权服务，不需要联合，即AA_ij→S_ij，且|S_ij|≥|S_Max|。对于中心服务器有

In order to simply describe the multi-authorization center extension scheme of the eM-CP-ABE algorithm and support the Large Universe mechanism, we make the following assumptions: each attribute authorization server can complete the authorization service independently without the need for association, that is, AA_ij →S_ij , and |S_ij |≥|S_Max |. for the central server

多授权中心扩展实现：Multi-authorization center extension implementation:

向AA_Center申请二级授权服务器：Apply to AA_Center for a secondary authorization server:

设AA_Center已有子服务器记为AA₁₁，...，AA_1n，对应属性集合为S₁₁，...，S_1n。有AA_1(n+1)→S_1(n+1)，满足1.|S_1(n+1)|之|S_Max|；2.

希望加入二级授权。AA_Center验证其合法性之后，任意选取一个值

然后随机选取

执行：Let the existing sub-servers of AA_Center be denoted as AA₁₁ , . . . , AA_1n , and the corresponding attribute sets are S₁₁ , . . . , S_1n . There is AA_1(n+1) →S_1(n+1) , satisfying |S_Max | of 1.|S_1(n+1) |; 2.

Want to join the secondary authorization. After AA_Center verifies its legitimacy, select a value arbitrarily

Then randomly select

implement:

其中D＝g^α+r/β，

where D=g^α+r/β ,

将MK_i(n+1)发送给AA_1(n+1)，完成二级授权。Send MK_i(n+1) to AA_1(n+1) to complete secondary authorization.

向AA≠AA_Center→S申请授权：Apply for authorization from AA≠AA_Center →S:

设AA已经有子服务器AA₁，...，AA_n，AA_n+1→S_(n+1)满足1)|S_(n+1)|≥|S_Max|；2)

AA_n+1申请加入授权群，则AA验证AA_n+1合法性之后，选择随机数

然后随机选取

设AA拥有管理密钥为MK，执行：Let_AA already have sub_- servers_AA1,.

AA_n+1 applies to join the authorization group, then AA selects a random number after verifying the legitimacy of AA_n+1

Then randomly select

Let AA own the management key as MK, execute:

其中

in

将MK_n+1发送给AA_n+1，完成授权。Send MK_n+1 to AA_n+1 to complete authorization.

当一个用户被撤销时，系统应该保证撤销者无法正常接入相关数据。同时，系统需要保证任拥有权限的其他用户可以正常接入。When a user is revoked, the system should ensure that the revoker cannot access related data normally. At the same time, the system needs to ensure that any other users with permissions can access it normally.

eM-CP-ABE算法可以通过在访问树及用户申请的私钥中添加时间戳，然后通过整数比较来完成。相比于其他CP-ABE算法，本文提出的eM-CP-ABE算法更具表现力：设计访问树的时候，即可以在虚拟节点下的“从支”上单独设置某一权限对应数据的过期时间，同时也可以在基础树上通过设置一个符合条件的过期时间树来满足多个文件的时间约束。The eM-CP-ABE algorithm can be completed by adding a timestamp to the access tree and the private key applied by the user, and then comparing integers. Compared with other CP-ABE algorithms, the eM-CP-ABE algorithm proposed in this paper is more expressive: when designing an access tree, it is possible to independently set a certain permission on the "slave branch" under the virtual node to expire the corresponding data. At the same time, you can also set a qualified expiration time tree on the base tree to meet the time constraints of multiple files.

假设消息m被加密的时候，设置时间戳为x。用户u在获取密钥时，对应的过期时间为y。只有y≥x时，才能保证用户能够正常解密消息m。Assume that when message m is encrypted, set the timestamp to x. When user u obtains the key, the corresponding expiration time is y. Only when y≥x can the user be guaranteed to decrypt the message m normally.

使用属性加密时，对于不同访问需求的数据内容需要制定不同的访问控制树以保证其按访问控制的实际需求合法访问。大量的访问控制树的生成、维护带来了巨大的工作量。本章提出的“复合树”可以使用同一访问控制树来批量的描述多个数据文件的访问控制规则，其中基础树负责描述多个文件的统一规则，而根节点为虚拟节点的层次化访问树来描述不同视频具有不同的访问控制权限。极大的减少加密所需操作，同时降低了访问控制树的生成和维护成本。When attribute encryption is used, different access control trees need to be formulated for data content with different access requirements to ensure legal access according to the actual requirements of access control. The generation and maintenance of a large number of access control trees bring a huge workload. The "composite tree" proposed in this chapter can use the same access control tree to describe the access control rules of multiple data files in batches. The basic tree is responsible for describing the unified rules of multiple files, and the root node is the hierarchical access tree of virtual nodes. Describes that different videos have different access control rights. The operations required for encryption are greatly reduced, and the cost of generating and maintaining access control trees is reduced.

如图5所示，访问控制结构

为1-n复合树，即实现n个视频文件的对应的L个索引文件单元的L′个权限层级加密(n个层次化访问树)，同时具有m个共同属性组成的访问结构(基础树)。我们设每个视频文件包含索引个数为l_i，1≤i≤n，同时设每个索引文件对应一个权限层级。则：

L′＝L。最后，完成密文为：As shown in Figure 5, the access control structure

It is a 1-n compound tree, that is, L' permission level encryption (n hierarchical access trees) corresponding to L index file units of n video files, and an access structure composed of m common attributes (basic tree) ). We set the number of indexes contained in each video file to be l_i , 1≤i≤n, and set each index file to correspond to a permission level. but:

L'=L. Finally, the completed ciphertext is:

其中CT_j′为第j个视频文件的密文；

Wherein CT_j ′ is the ciphertext of the jth video file;

为1-n复合树。

is a 1-n compound tree.

我们假设系统模型中的各部分组件安全能力：媒体云是诚实而好奇的，媒体云可以忠诚的执行各项指令，但是为了其本身利益，媒体云希望知道其上存储数据内容的更多信息。We assume the security capabilities of various components in the system model: the media cloud is honest and curious, and the media cloud can faithfully execute various instructions, but for its own interests, the media cloud wants to know more about the content of the data stored on it.

视频消费者是非可信的，他们可能联合起来，通过合法、非法的方式获取更多的视频内容。属性授权群中，授权中心是可信的，同时对其子授权中心及授权用户负责。可信加密中心是受视频拥有者信任的加密中心。Video consumers are untrustworthy, and they may join forces to acquire more video content through legal and illegal means. In the attribute authorization group, the authorization center is credible and is responsible for its sub-authorization centers and authorized users. A trusted encryption center is an encryption center trusted by video owners.

我们定义了一个基于选择明文攻击的选择性模型，来证明eM-CP-ABE算法的安全性。模型的具体描述如下：We define a selective model based on chosen-plaintext attack to demonstrate the security of the eM-CP-ABE algorithm. The specific description of the model is as follows:

初始化：攻击者选择一个挑战的访问结构

并将

提交给挑战者。Initialization: The attacker chooses a challenging access structure

and will

Submit to the challenger.

建立：挑战者执行Setup算法，然后将公开参数PK发送给攻击者。Setup: The challenger executes the Setup algorithm, and then sends the public parameter PK to the attacker.

询问阶段l：攻击者多次向挑战者获取密钥，分别对应属性集合

属性集合需要满足

Inquiry Phase 1: The attacker obtains the key from the challenger multiple times, corresponding to the attribute set respectively

The property set needs to satisfy

挑战：攻击者提交两个相同长度的消息M₀和M₁。挑战者通过投掷硬币得到b，然后在

下加密消息M_b。最后将密文CT^*发送给攻击者。Challenge: The attacker submits two messages M₀ and M₁ of the same length. The challenger gets b by tossing a coin and then

down encrypted message M_b . Finally, the ciphertext CT^* is sent to the attacker.

询问阶段2：攻击者重复阶段1的操作。同样，接下来的属性集合

都不能满足

Challenge Phase 2: The attacker repeats the actions ofPhase 1. Likewise, the next set of properties

can not satisfy

猜测阶段：攻击者猜测挑战者投掷硬币的结果b’。Guessing phase: The attacker guesses the result b' of the challenger's coin toss.

攻击者能够赢得这个游戏的概率定义为Pr[b′＝b]-1/2。The probability that the attacker can win the game is defined as Pr[b'=b]-1/2.

定义1：eM-CP-ABE算法是安全的，如果所有多项式时间攻击者在上述游戏中至多含有可忽略的优势。Definition 1: The eM-CP-ABE algorithm is safe if all polynomial-time attackers have at most a negligible advantage in the above game.

我们利用上面的安全模型，将本文提出的eM-CP-ABE算法的安全性归纳于DBDH困难。Using the above security model, we generalize the security of the eM-CP-ABE algorithm proposed in this paper to the DBDH difficulty.

定义2.如果攻击者可以攻破eM-CP-ABE安全模型，则一个模拟者可以以不可忽略的优势进行DBDH游戏。Definition 2. If an attacker can break the eM-CP-ABE security model, an emulator can play the DBDH game with a non-negligible advantage.

证明：假设存在一个多项式时间攻击者

可以以不可忽略的优势∈攻破eM-CP-ABE安全模型，那么我们可以构造一个模拟者

以∈/2的优势进行DBDH游戏。模拟过程如下：Proof: Suppose there is a polynomial-time attacker

can break the eM-CP-ABE security model with a non-negligible advantage ∈, then we can construct a simulator

Play the DBDH game with an advantage of ∈/2. The simulation process is as follows:

首先，挑战者提供乘法循环群

其阶为大质数p，

生成元为g；双线性映射函数

挑战者在

的视野外投掷一个公平硬币μ。如果μ＝0，挑战者设置四元组为(A，B，C，Z)＝(g^a，g^b，g^c，e(g，g)^abc)，否则(A，B，C，Z)＝(g^a，g^b，g^c，e(g，g)^z)。a，b，c，z均为任意取值。First, the challenger provides the multiplicative cyclic group

Its order is a large prime number p,

The generator is g; the bilinear mapping function

challenger in

toss a fair coin μ out of sight. If μ=0, the challenger sets the quad as (A, B, C, Z) = (^{ga , g b , g c,e} (g, g)^abc ), otherwise (A, B, C, Z )=(g^a , g^b , g^c , e(g, g)^z ). a, b, c, z are all arbitrary values.

初始化：模拟者

运行

选择将要挑战的访问结构

Init: Simulator

run

Select the access structure that will be challenged

建立：模拟者

选择一个随机数

并记α＝a′-a+ab。

计算g₂＝e(g，g)^α＝e(g，g)^a′-ae(g，g)^ab。同时，

指定g₁＝g^β＝B＝g^b。

将PK传递给

Build: Simulator

pick a random number

Also note α=a'-a+ab.

Calculate g₂ =e(g,g)^α =e(g,g)^a′-a e(g,g)^ab . at the same time,

Specify g₁ =g^β =B=g^b .

Pass the PK to

询问阶段1：在询问阶段1，

提交一个属性集合

向

询问任何私钥SK。

随机选取一个数字

设r＝r′+a-ab。则有D＝g^α+r/β＝g^a′+r′/β。对每一个属性j∈S，随机选择

则剩余密钥部分可以构建：

将构成的私钥返回给

Inquiry Phase 1: InInquiry Phase 1,

Submit a property set

Towards

Ask for any private key SK.

pick a number at random

Let r=r'+a-ab. Then D=g^α+r/β =g^a′+r′/β . For each attribute j∈S, randomly choose

Then the remaining key part can be constructed:

Return the constructed private key to

挑战：挑战阶段，

向

提交两个长度相等的消息M₀和M₁。挑战者通过投掷硬币得到b，然后在

下加密消息M_b。最后将密文CT^*发送给攻击者，CT^*中的密文片段包含：

设

则有

Challenge: Challenge stage,

Towards

Submit two messages M₀ and M₁ of equal length. The challenger gets b by tossing a coin and then

down encrypted message M_b . Finally, the ciphertext CT^* is sent to the attacker, and the ciphertext fragment in CT^* contains:

Assume

then there are

其中ψ＝(a′-a)(s+c+b/c)(abs+ac)。where ψ=(a'-a)(s+c+b/c)(abs+ac).

询问阶段2：重复与询问阶段1一样的步骤。Inquiry Phase 2: Repeat the same steps as inInquiry Phase 1.

猜测：

确定自己的猜测b′。若b′＝b，

输出0，接下来

将面临着猜测T＝e(g，g)^abc；若b′≠b，

输出1，此时T为群

上的一个随机数：T＝R。guess:

Determine your guess b'. If b'=b,

output 0, next

will be faced with guessing T=e(g, g)^abc ; if b′≠b,

Output 1, at this time T is a group

A random number on : T=R.

若T＝e(g，g)^abc，

拥有∈的优势来完成猜测，有：If T=e(g, g)^abc ,

With the advantage of ∈ to complete the guess, there are:

若T＝R，密文CT^*为一份完全随机的密文，

无法从密文中获取任何的有效信息，因此b′＝b的概率接近1/2，有：If T=R, the ciphertext CT^* is a completely random ciphertext,

No valid information can be obtained from the ciphertext, so the probability of b'=b is close to 1/2, there are:

因此，模拟者

在进行DBDH游戏时的优势为：Therefore, the simulator

The advantages when playing DBDH games are:

综上，本文算法eM-CP-ABE算法是CPA安全的。To sum up, the algorithm eM-CP-ABE algorithm in this paper is CPA safe.

结合本节的eM-CP-ABE算法，本文提出一种细粒度的视频加密策略，策略分为两层，第一层使用传统的对称加密算法(AES/RC4)对视频分片文件进行加密，而其加密密钥和分片信息均存于HLS协议生成的m3u8索引文件中；第二层执行eM-CP-ABE算法

完成索引文件的加密。Combined with the eM-CP-ABE algorithm in this section, this paper proposes a fine-grained video encryption strategy. The strategy is divided into two layers. The first layer uses the traditional symmetric encryption algorithm (AES/RC4) to encrypt video fragmented files. And its encryption key and fragmentation information are stored in the m3u8 index file generated by the HLS protocol; the second layer executes the eM-CP-ABE algorithm

Complete the encryption of the index file.

下面从加密和解密两个角度描述整体系统框的流程：The following describes the process of the overall system box from the perspective of encryption and decryption:

加密：encryption:

如图6所示，本发明实施例提供的视频加密方法包括如下几个步骤：As shown in FIG. 6 , the video encryption method provided by the embodiment of the present invention includes the following steps:

步骤S11、获取待加密的视频，所述视频经过压缩编码处理，所述视频的格式为包含多个元素的集合。Step S11: Obtain a video to be encrypted, the video is subjected to compression and encoding processing, and the format of the video is a set containing multiple elements.

步骤S12、基于所述视频，构建访问结构，所述访问结构为包含虚拟节点的复合树。Step S12, constructing an access structure based on the video, where the access structure is a compound tree including virtual nodes.

步骤S13、生成系统公开密钥和系统管理密钥。Step S13, generate a system public key and a system management key.

步骤S14、获取所述视频中的网络适配层单元数据，结合所述系统公开密钥和访问结构，对所述视频进行加密，生成密文。Step S14: Obtain the network adaptation layer unit data in the video, encrypt the video in combination with the system public key and the access structure, and generate a ciphertext.

如下描述了一套基于HLS传输协议的二层流媒体文件加密策略：The following describes a set of two-layer streaming media file encryption policies based on the HLS transmission protocol:

第一层：加密对象为视频v的n个视频分片，加密算法使用AES算法，加密密钥由自己生成，加密步骤如下所示：The first layer: the encryption object is the n video segments of the video v, the encryption algorithm uses the AES algorithm, and the encryption key is generated by itself. The encryption steps are as follows:

步骤1、接受经过HLS协议分片生成的流媒体视频片段；Step 1. Accept the streaming video clips generated by HLS protocol fragmentation;

步骤2、生成需要加密分片的加密密钥key_v，1，...，key_v，n；Step 2. Generate the encryption keys key_{v, 1} , ..., key_{v, n} that need to be encrypted shards;

步骤3、使用加密密钥对视频流片进行加密；Step 3, use the encryption key to encrypt the video stream;

步骤4、返回加密之后的视频流片，同时将加密密钥保存入数据库。Step 4. Return the encrypted video stream, and save the encryption key into the database at the same time.

在本层，由分片加密服务器完成。以视频分片为粒度，不同的视频分片对应不同的加密密钥，保证整个系统对视频访问权限的控制可以达到视频分片级别。At this layer, it is done by the shard encryption server. Taking video shards as the granularity, different video shards correspond to different encryption keys, ensuring that the entire system can control video access rights at the video shard level.

第二层：本层在分片加密服务器中完成，输入为视频v产生的若干m3u8索引文件和访问控制结构。我们假设视频v产生了l个索引文件，每个索引文件对应不同的访问权限，则加密视频v对应的m3u8文件需要的密钥个数为l。The second layer: This layer is completed in the shard encryption server, and the input is several m3u8 index files and access control structures generated by the video v. We assume that video v generates l index files, each index file corresponds to different access rights, then the number of keys required to encrypt the m3u8 file corresponding to video v is l.

算法随机选取4个随机数

设基础树为

根结点为N_R，虚拟结点vN作为根结点的树为

分别设置根结点对应多项式f_N的常数项：

f_vN(0)＝a_vN＝s_l，则有k_l＝H₂(x_l||x₀)，x_j＝H₂(k_j+1||j)_1≤j＜l-1，对应的密钥为{k_l，...k₁}(k_j＝H₂(x_j||x₀))。然后，利用各个结点既定多项式，分别向叶子结点分发s₀，s_l的秘密分享碎片。设集合

为对应访问控制结构

的叶子结点集合，n_i为其某一叶子结点，对应属性为att(n_i)。树

“主干”上结点集合为{N₁，...，N_l}，对应获得秘密碎片为

结点N_l-j+1对应权限等级为p_j，j＝1，2...，l。最终生成的密文由两部分组成，第一部分为对称加密部分，这里设对称加密算法为ε(m，k)；第二部分为属性加密部分。密文可以表示为：The algorithm randomly selects 4 random numbers

Let the base tree be

The root node is_NR , and the tree with the virtual node vN as the root node is

Set the constant term of the polynomial f_N corresponding to the root node respectively:

f_vN (0)=a_vN =s_l , then k_l =H₂ (x_l ||x₀ ), x_j =H₂ (k_j+1 ||j)_1≤j<l-1 , The corresponding keys are {k_l , . . . k₁ }(k_j =H₂ (x_j ||x₀ )). Then, using the given polynomial of each node, the secret sharing fragments of s₀ and s_l are distributed to the leaf nodes respectively. set

for the corresponding access control structure

The set of leaf nodes of , n_i is one of the leaf nodes, and the corresponding attribute is att(n_i ). Tree

The set of nodes on the "backbone" is {N₁ ,...,N_l }, and the corresponding secret fragments obtained are

The corresponding authority levels of nodes N_l-j+1 are p_j , j=1, 2..., l. The final generated ciphertext consists of two parts, the first part is the symmetric encryption part, where the symmetric encryption algorithm is set as ε(m, k); the second part is the attribute encryption part. The ciphertext can be expressed as:

CTs＝EM||CTCTs=EM||CT

其中，

in,

其中，

in,

下面从解密角度详细地说明解密流媒体视频的各个步骤。Each step of decrypting the streaming media video will be described in detail below from the perspective of decryption.

如图7所示，解密过程大致包括如下步骤：As shown in Figure 7, the decryption process roughly includes the following steps:

S21、获取视频消费者用户提供的属性集合。S21. Acquire an attribute set provided by a video consumer user.

S22、依据所述属性集合，结合系统管理密钥，生成所述视频消费者用户需要的私有密钥。S22. Generate a private key required by the video consumer user in combination with the system management key according to the attribute set.

S23、基于所述私有密钥，对视频进行解密处理。S23. Decrypt the video based on the private key.

具体的，首先，终端申请访问某一视频资源，获取相应的密文索引。Specifically, first, the terminal applies for accessing a certain video resource, and obtains the corresponding ciphertext index.

其次，终端使用自己的属性集合S向属性授权服务器申请私钥。属性授权服务器执行KeyGen(MK，S)函数，输出密钥SK。算法首先任意选取一个值

然后随机选取

然后计算私有密钥SK：Second, the terminal uses its own attribute set S to apply for a private key from the attribute authorization server. The attribute authorization server executes the KeyGen(MK, S) function and outputs the key SK. The algorithm first arbitrarily selects a value

Then randomly select

Then calculate the private key SK:

其中D＝g^α+r/β，

where D=g^α+r/β ,

然后，终端使用获得的私有密钥SK解密得到权限范围内的明文索引。终端根据索引中的视频分片URL获取视频分片，并使用索引内部记录的对应对称加密密钥解密视频分片。Then, the terminal uses the obtained private key SK to decrypt to obtain the plaintext index within the authority. The terminal obtains the video segment according to the video segment URL in the index, and decrypts the video segment using the corresponding symmetric encryption key recorded in the index.

最后，终端将解密视频分片组包，播放。Finally, the terminal will decrypt the video fragment and group package and play it.

综上，本文提出了一种适宜于媒体云的属性加密方法。该方法基于eM-CP-ABE算法实现，其中引入虚拟结点概念，构造高表达效率的复合树以及密钥链等算法组件。在此基础上实现海量视频分片级别的访问控制，支持设置海量的属性、授权中心的层次化扩展、用户撤销，通过设计效率的访问树降低算法复杂度，单个的访问树可以加密单个文件，同时也可以对应多个文件，实现多文件、多层级的访问控制描述。In conclusion, this paper proposes an attribute encryption method suitable for media cloud. The method is implemented based on the eM-CP-ABE algorithm, in which the concept of virtual nodes is introduced to construct a composite tree with high expression efficiency and algorithm components such as key chains. On this basis, access control at the level of massive video slices is realized, and it supports the setting of massive attributes, hierarchical expansion of authorization centers, and user revocation. The complexity of the algorithm is reduced by designing an efficient access tree. A single access tree can encrypt a single file. At the same time, it can also correspond to multiple files to realize multi-file and multi-level access control description.

最后应说明的是：以上所述实施例，仅为本发明的具体实施方式，用以说明本发明的技术方案，而非对其限制，本发明的保护范围并不局限于此，尽管参照前述实施例对本发明进行了详细的说明，本领域的普通技术人员应当理解：任何熟悉本技术领域的技术人员在本发明揭露的技术范围内，其依然可以对前述实施例所记载的技术方案进行修改或可轻易想到变化，或者对其中部分技术特征进行等同替换；而这些修改、变化或者替换，并不使相应技术方案的本质脱离本发明实施例技术方案的精神和范围，都应涵盖在本发明的保护范围之内。因此，本发明的保护范围应所述以权利要求的保护范围为准。Finally, it should be noted that the above-mentioned embodiments are only specific implementations of the present invention, and are used to illustrate the technical solutions of the present invention, but not to limit them. The protection scope of the present invention is not limited thereto, although referring to the foregoing The embodiment has been described in detail the present invention, and those of ordinary skill in the art should understand: any person skilled in the art who is familiar with the technical field of the present invention can still modify the technical solutions described in the foregoing embodiments within the technical scope disclosed by the present invention. Or can easily think of changes, or equivalently replace some of the technical features; and these modifications, changes or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the embodiments of the present invention, and should be covered in the present invention. within the scope of protection. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.

Claims (6)

1. A method for video encryption, comprising:

acquiring a video to be encrypted, wherein the video is subjected to compression coding processing, the video is a set containing a plurality of elements, and the elements are index files;

constructing an access structure based on the video, wherein the access structure is a composite tree containing virtual nodes, the virtual nodes are jointly represented by threshold values and child node numbers, and the composite tree is composed of key parameters;

acquiring a bilinear group;

establishing a bilinear mapping function of the bilinear group;

acquiring a first random number and a second random number, wherein the first random number and the second random number are both positive integer sets smaller than the order number of the bilinear group;

generating a system public key and a system management key based on the bilinear group, the bilinear mapping function, the first random number and the second random number;

traversing the access structure, dividing the access structure based on the virtual nodes in the access structure, and establishing an independent access tree, wherein the independent access tree comprises a trunk-branch hierarchical structure tree and a basic tree, and the trunk-branch hierarchical structure tree takes the virtual nodes as root nodes;

for each node in each independent access tree, a polynomial is constructed, wherein the highest degree of the polynomial is the threshold value of the node minus one, and a constant term of the polynomial is related to the parent node of the node and the position of the child node where the node is located;

acquiring a third random number, a fourth random number, a fifth random number and a sixth random number, wherein the third random number and the fourth random number are positive integer sets smaller than the order number of the bilinear group;

determining a key corresponding to each element of the video one by one based on the third random number and the fourth random number;

determining constant items of the polynomials corresponding to the root nodes of the basic trees based on the fifth random number, and determining constant items of the polynomials corresponding to the root nodes of the trunk-branch hierarchical structure trees based on the sixth random number;

distributing secret sharing fragments of the fifth random number and the sixth random number to each leaf node of the access structure based on a polynomial corresponding to each node;

acquiring corresponding attributes of each leaf node of the access structure based on the secret sharing fragments;

for each node on the trunk of the trunk-branch hierarchical structure tree, taking the value of the corresponding polynomial with the input value of 0 as a secret fragment;

generating a ciphertext based on the first random number, the second random number, the third random number, the fourth random number, the fifth random number, the sixth random number, and corresponding attributes of a key, a secret sharing fragment, and each leaf node of the access structure, which correspond to each element of the video one to one, in combination with the system public key.

2. The method of claim 1, wherein obtaining the video to be encrypted comprises:

and acquiring a video to be encrypted, and judging the video to be a public video or a private video.

3. The method of claim 2, wherein after obtaining the video to be encrypted, further comprising:

if the video is judged to be the public video, acquiring the network adaptation layer unit encryption of the video, which contains video compression content;

and if the video is judged to be a private video, acquiring the network adaptation layer unit encryption of the video, which contains video global information.

4. A video decryption method of the video encryption method according to any one of claims 1 to 3, comprising:

acquiring an attribute set provided by a video consumer user;

in accordance with the set of attributes,

acquiring a seventh random number;

acquiring a random number set according to each parameter in the attribute set, wherein the random number set comprises a plurality of elements;

generating the video consumer user needs based on the first and second random numbers, the seventh set of random numbers and random numbers, and the system management keyA desired private key, data of said private key comprising

And

，

is the first random number, and is,

is the second random number, and is,

for the purpose of the seventh random number,

is the first in the random number setjThe number of the elements is one,

is a generator of a bilinear group,

as a hash function, a private key

，

Wherein

，

，

；

When the attribute set is judged to meet the access structure, determining an access node corresponding to the private key in the access structure;

when the access node is positioned in a basic tree of the access structure, a key corresponding to a root node of the basic tree is obtained through recursive processing, and decryption processing is carried out based on the key corresponding to the root node;

when the access node is located in the trunk-branch hierarchical structure tree of the access structure, a key corresponding to a root node of the trunk-branch hierarchical structure tree is obtained through recursive processing, a key chain of the trunk-branch hierarchical structure tree is obtained according to the relation of each node on the trunk-branch hierarchical structure tree, the key of the access node is determined, and decryption processing is performed based on the key of the access node.

5. A media cloud system, comprising:

an edge distribution server for storing a video encrypted by the encryption method according to any one of claims 1 to 3;

and the index management server is used for storing the video information and the key.

6. The media cloud system of claim 5,

the content stored in the index management server is based on random storage, recombination and dynamic generation of indexes of video slices.

Images