通信学报 ›› 2017, Vol. 38 ›› Issue (7): 96-104.doi: 10.11959/j.issn.1000-436x.2017150

• 学术论文 • 上一篇    下一篇

支持树形访问结构的多权威基于属性的签名方案

莫若1,马建峰1,刘西蒙2,李琦3   

  1. 1 西安电子科技大学网络与信息安全学院,陕西 西安 710071
    2 新加坡管理大学信息系统学院,新加坡 178902
    3 南京邮电大学计算机学院、软件学院,江苏 南京 210046
  • 修回日期:2017-05-10 出版日期:2017-07-01 发布日期:2017-08-25
  • 作者简介:莫若(1990-),男,陕西渭南人,西安电子科技大学博士生,主要研究方向为密码学、信息安全等。|马建峰(1963-),男,陕西西安人,博士,西安电子科技大学教授、博士生导师,主要研究方向为网络与信息安全等。|刘西蒙(1989-),男,陕西西安人,博士,新加坡管理大学助理研究员,主要研究方向为密码学、网络安全等。|李琦(1989-),男,江苏淮安人,博士,南京邮电大学讲师,主要研究方向为密码学、信息安全等。
  • 基金资助:
    国家自然科学基金资助项目(U1135002);国家自然科学基金资助项目(U1405255);国家高技术研究发展计划(“863”计划)基金资助项目(2015AA016007);国家高技术研究发展计划(“863”计划)基金资助项目(2015AA017203)

Multi-authority ABS supporting dendritic access structure

Ruo MO1,Jian-feng MA1,Xi-meng LIU2,Qi LI3   

  1. 1 School of Cyber Engineering,Xidian University,Xi’an 710071,China
    2 School of Information Systems,Singapore Management University,Singapore 178902,Singapore
    3 School of Computer Science and Technology,School of Software,Nanjing University of Posts and Telecommunications,Nanjing 210046,China
  • Revised:2017-05-10 Online:2017-07-01 Published:2017-08-25
  • Supported by:
    The National Natural Science Foundation of China(U1135002);The National Natural Science Foundation of China(U1405255)

摘要:

基于属性的签名能够实现细粒度的访问控制,被认为是云计算环境中一种重要的匿名认证手段。但常见的属性基签名只能通过门限结构提供简单的访问控制,无法应对云环境中的大规模用户属性集。同时,用户属性集由唯一的属性权威管理,增加了属性权威的计算和存储开销,一旦属性权威被攻破,整个系统就会面临崩溃的风险。针对以上问题,提出了一种支持树形访问结构的多权威属性签名方案,可以支持任意形式的与、或和门限结构,提供了更灵活的访问控制。将用户属性集由不同属性权威分类管理,减少开销的同时也降低了系统的风险。此外,在随机预言机模型下证明了方案是给定策略选择消息攻击(SP-CMA)安全的。

关键词: 基于属性的签名, 树形访问结构, 多属性权威, 随机预言机模型, 给定策略选择消息攻击

Abstract:

Attribute-based signature (ABS),which could realize fine-grained access control,was considered to be an important method for anonymous authentication in cloud computing.However,normal ABS only provided simple access control through threshold structure and thus could not cope with the large-scale attribute sets of users in the cloud.Moreover,the attribute sets were supervised by only one attribute authority,which increased the cost of computation and storage.The whole system was in danger of collapsing once the attribute authority was breached.Aiming at tackling the problems above,a novel scheme,was proposed called multi-authority ABS supporting dendritic access structure which supported any AND,OR and threshold gates and affords more flexible access control.Meanwhile,the attribute sets of users were classified by diverse attribute authorities which reduced the overhead and the risk of systems.Besides,the scheme is proved to be selective predicate chosen message attack secure in the random oracle model.

Key words: attribute-based signature, dendritic access structure, multi-authority, random oracle model

中图分类号: 

No Suggested Reading articles found!