基于属性的多授权中心身份认证方案

doi:10.11959/j.issn.1000-436x.2021047

通信学报 ›› 2021, Vol. 42 ›› Issue (3): 220-228.doi: 10.11959/j.issn.1000-436x.2021047

基于属性的多授权中心身份认证方案

唐飞¹^,², 包佳立¹, 黄永洪², 黄东³, 王惠莅⁴^,⁵

¹ 重庆邮电大学计算机科学与技术学院，重庆 400065
² 重庆邮电大学网络空间安全与信息法学院，重庆 400065
³ 重庆机电职业技术大学信息工程学院，重庆 402760
⁴ 中国电子技术标准化研究院信息安全研究中心，北京 100076
⁵ 西安电子科技大学综合业务网理论及关键技术国家重点实验室，陕西西安 710071

修回日期:2021-01-05 出版日期:2021-03-25 发布日期:2021-03-01
作者简介:唐飞（1986- ），男，重庆人，博士，重庆邮电大学副教授、硕士生导师，主要研究方向为公钥密码、隐私保护、区块链等。
包佳立（1994- ），女，重庆人，重庆邮电大学硕士生，主要研究方向为公钥密码、区块链。
黄永洪（1974- ），男，重庆人，重庆邮电大学讲师，主要研究方向为信息安全、密码学等。
黄东（1981- ），男，重庆人，重庆机电职业技术大学教授，主要研究方向为通信安全、公钥密码学等。
王惠莅（1977- ），女，河南清丰人，中国电子技术标准化研究院高级工程师，主要研究方向为信息安全、云计算等。
基金资助:
国家重点研发计划基金资助项目(2018YFB0803905);国家自然科学基金资助项目(61702067);重庆市自然科学基金资助项目(cstc2017jcyjAX0201);重庆市自然科学基金资助项目(cstc2020jcyj-msxmX0343)

Multi-authority attribute-based identification scheme

Fei TANG¹^,², Jiali BAO¹, Yonghong HUANG², Dong HUANG³, Huili WANG⁴^,⁵

¹ College of Computer Science and Technology, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
² School of Cyber Security and Information Law, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
³ Information Engineering Institute, Chongqing Vocational and Technical University of Mechatronics, Chongqing 402760, China
⁴ Information Security Research Center, China Electronic Technology Standardization Institute, Beijing 100076, China
⁵ State Key Laboratory of Integrated Services Networks, Xidian University, Xi’an 710071, China

Revised:2021-01-05 Online:2021-03-25 Published:2021-03-01
Supported by:
The National Key Research and Development Program of China(2018YFB0803905);The National Natural Science Foundation of China(61702067);The Natural Science Foundation of Chongqing(cstc2017jcyjAX0201);The Natural Science Foundation of Chongqing(cstc2020jcyj-msxmX0343)

摘要/Abstract

摘要：

针对现有的基于属性的身份认证方案均是基于单授权中心实现的，存在密钥托管问题，即密钥生成中心知道所有用户的私钥，提出了一种基于属性的多授权中心的身份认证方案。所提方案结合分布式密钥生成技术实现用户属性私钥的(t,n)门限生成机制，可以抵抗最多来自 t-1 个授权中心的合谋攻击。利用双线性映射构造了所提方案，分析了所提方案的安全性、计算开销和通信开销，并与同类型方案做比较。最后，以多因子身份认证为例，分析了所提方案在电子凭据应用场景中的可行性。分析结果表明，所提方案具有更优的综合性能。

关键词: 身份认证, 属性密码, 多授权中心, 分布式密钥生成

Abstract:

Based on the problem that the existing attribute-based identification scheme is all based on one single authority, which has a key escrow problem, that is, the key generation center knows all users’ private keys, an multi-authority attribute-based identification scheme was proposed.Distributed key generation technology was integrated to realize the (t,n) threshold generation mechanism of the user’s private key, which could resist collusion attacks from at most t-1 authorities.Utilizing bilinear mapping, a specific multi-authority attribute-based identification scheme was constructed.The security, computation cost and communication cost of the proposed scheme was analyzed, and it was compared with the same type of schemes.Finally, taking multi-factor identification as an example, the feasibility of the proposed scheme in the application scenario of electronic credentials was analyzed.The result shows that the proposed scheme has better comprehensive performance.

Key words: identification, attribute-based cryptography, multi-authority, distributed key generation

中图分类号:

TP309

唐飞, 包佳立, 黄永洪, 黄东, 王惠莅. 基于属性的多授权中心身份认证方案[J]. 通信学报, 2021, 42(3): 220-228.

Fei TANG, Jiali BAO, Yonghong HUANG, Dong HUANG, Huili WANG. Multi-authority attribute-based identification scheme[J]. Journal on Communications, 2021, 42(3): 220-228.

图/表 3

参考文献 29

[1]	FIAT A , SHAMIR A . How to prove yourself:practical solutions to identification and signature problems[C]// Advances in Cryptology-CRYPTO’ 86. Berlin:Springer, 1987: 186-194.
[2]	SCHNORR C P . Efficient signature generation by smart cards[J]. Journal of Cryptology, 1991,4(3): 161-174.
[3]	GUILLOU L C , QUISQUATER J J . A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory[C]// Workshop on Advances in Cryptology-Eurocrypt. Berlin:Springer, 1988: 123-128.
[4]	SHAMIR A , . Identity-based cryptosystems and signature schemes[C]// International Cryptology Conference. Berlin:Springer, 1985: 47-53.
[5]	KUROSAWA K , HENG S . Identity-based identification without random oracles[C]// International Conference on Computational Science and Its Applications. Berlin:Springer, 2005: 603-613.
[6]	BONEH D , BOYEN X . Short signatures without random oracles[C]// Theory and Application of Cryptographic Techniques. Berlin:Springer, 2004: 56-73.
[7]	CHIN J J , HENG S H , GOI B M . An efficient and provable secure identity-based identification scheme in the standard model[C]// Public Key Infrastructure,5th European PKI Workshop:Theory and Practice,EuroPKI. Berlin:Springer, 2008: 60-73.
[8]	BARAPATRE P , RANGAN C P . Identity-based identification schemes from ID-KEMs[C]// International Conference on Security. Berlin:Springer, 2013: 111-129.
[9]	SAHAI A , WATERS B . Fuzzy identity-based encryption[C]// International Conference on Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2005: 457-473.
[10]	GOVAL V , PANDEY O , SAHAI A ,et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// Proceedings of the 13th ACM Conference on Computer and Communications Security. New York:ACM Press, 2006: 89-98.
[11]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2007: 321-334.
[12]	MAJI H , PRABHAKARAN M , ROULEK M . Attribute-based signatures[C]// Topics in Cryptology-CT-RSA. Berlin:Springer, 2011: 376-392.
[13]	TANG F , LI H , LIANG B . Attribute-based signatures for circuits from multilinear maps[C]// International Conference on Information Security. Berlin:Springer, 2014: 54-71.
[14]	LI J , AU M H , SUSILO W ,et al. Attribute-based signature and its applications[C]// ACM Symposium on Information. New York:ACM Press, 2010: 60-69.
[15]	OKAMOTO T , TAKASHIMA K . Efficient attribute-based signatures for non-monotone predicates in the standard model[J]. IEEE International Conference on Cloud Computing Technology and Science, 2014,2(4): 409-421.
[16]	YONEYANAMA K , . Strongly secure two-pass attribute-based authenticated key exchange[C]// International Conference on Pairing-Based Cryptography. Saarland:DBLP, 2010: 147-166.
[17]	TANG F , ZHANG R , LI H . Attribute-based non-interactive key exchange[J]. Science China Information Sciences, 2017,60(2): 206.
[18]	ANADA H , ARITA S , HANDA S ,et al. Attribute-based identification:definitions and efficient constructions[C]// Australasian Conference on Information Security and Privacy. Berlin:Springer, 2013: 168-186.
[19]	CHASE M , . Multi-authority attribute based encryption[C]// Theory of Cryptography Conference. Berlin:Springer, 2007: 515-534.
[20]	LIN H , CAO Z , LIANG X ,et al. Secure threshold multi authority attribute based encryption without a central authority[J]. Information Sciences, 2010,180(13): 2618-2632.
[21]	GENNARO R , JARECKI S , KRAWCZYK H ,et al. Secure distributed key generation for discrete-log based cryptosystems[C]// Theory and Application of Cryptographic Techniques. Berlin:Springer, 1999: 295-310.
[22]	TANG F , MA S , XIANG Y ,et al. An efficient authentication scheme for blockchain-based electronic health records[J]. IEEE Access, 2019,7: 41678-41689.
[23]	CAO D , ZHAO B , WANG X ,et al. Multi-authority attribute-based signature[C]// Third International Conference on Intelligent Networking and Collaborative Systems. Piscataway:IEEE Press, 2011: 668-672.
[24]	LIU X , ZHANG R , XUE R ,et al. Multi-central-authority attribute-based signature[C]// Proceedings of the 2012 Fourth International Symposium on Information Science and Engineering. New York:ACM Press, 2012: 173-178.
[25]	GUO R , SHI H , ZHAO Q ,et al. Secure attribute-based signature scheme with multiple authorities for blockchain in electronic health records systems[J]. IEEE Access, 2018,6: 11676-11686.
[26]	莫若, 马建峰, 刘西蒙 ,等. 支持树形访问结构的多权威基于属性的签名方案[J]. 通信学报, 2017,38(7): 96-104.
	MO R , MA J F , LIU X M ,et al. Multi-authority ABS supporting dendritic access structure[J]. Journal on Communications, 2017,38(7): 96-104.
[27]	张凯, 马建峰, 李辉 ,等. 支持高效撤销的多机构属性加密方案[J]. 通信学报, 2017,38(3): 83-91.
	ZHANG K , MA J F , LI H ,et al. Multi-authority attribute-based encryption with efficient revocation[J]. Journal on Communications, 2017,38(3): 83-91.
[28]	路世翠 . 电子凭据服务系统的多元身份管理机制研究[D]. 西安电子科技大学, 2019.
	LU S C . Research on the multi-identity management mechanism of electronic credential service system[D]. Xi’an:Xidian University, 2019.
[29]	张敏, 何远德, 张阳 . 多服务器环境下可实现访问控制的身份认方案[J]. 计算机工程与应用, 2017,53(17): 123-129.
	ZHANG M , HE Y D , ZHANG Y . Authentication scheme for multi-server enviroment based on Chebyshev chaotic map with access control[J]. Computer Engineering and Applications, 2017,53(17): 123-129.

方案	证明计算开销	验证计算开销
文献[24]方案	(4m+2)T_exp+(m+3)T_mul+T_mtp	(m+k+2)T_par+(m+k)T_exp+(k+2)T_mul+T_mtp
文献[25]方案	mT_par+(6+k)T_exp+mT_mul	(2km+1)T_par+T_exp+T_mul
文献[26]方案	(2kl+2)T_exp	2klT_par+kτT_exp
本文方案	(2m+2k+2)T_exp+(m+2k+2)T_mul+(m+1)T_mtp	(m+3)T_par+(m+2)T_mul+(m+1)T_mtp

方案	通信开销
文献[24]方案	(k+2)\|G\|
文献[25]方案	(5+k)\|G\|+\|G_T\|
文献[26]方案	(k+2)\|G\|+k\|G_T\|
本文方案	(m+2)\|G\|

基于属性的多授权中心身份认证方案

Multi-authority attribute-based identification scheme

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 3

参考文献 29

相关文章 15

Metrics

推荐阅读 0

[1]	王后珍, 蔡鑫伟, 郭岩, 张焕国. 基于矩阵填充问题的五轮零知识身份认证方案[J]. 通信学报, 2021, 42(11): 79-86.
[2]	朱智强,林韧昊,胡翠云. 基于数字证书的openstack身份认证协议[J]. 通信学报, 2019, 40(2): 188-196.
[3]	祝烈煌,王龙,李嘉盛,张川,原卫华. 卫星通信网中一种新的实体认证与访问控制方案[J]. 通信学报, 2018, 39(6): 73-80.
[4]	赵森,甘庆晴,王晓明,余芳. 多云环境下基于智能卡的认证方案[J]. 通信学报, 2018, 39(4): 131-138.
[5]	张佳乐,赵彦超,陈兵,胡峰,朱琨. 边缘计算数据安全与隐私保护研究综述[J]. 通信学报, 2018, 39(3): 1-21.
[6]	沈伟国,王巍. 基于顽健线性判别分析的击键特征识别方法[J]. 通信学报, 2017, 38(Z2): 26-29.
[7]	罗恩韬,王国军,陈淑红,PINIALKhan-butt. 移动社交网络中跨域代理重加密朋友发现隐私保护方案研究[J]. 通信学报, 2017, 38(10): 81-93.
[8]	董颖娣,彭进业,张晓博,张振龙. 基于测量设备无关协议的量子身份认证方案[J]. 通信学报, 2016, 37(2): 152-157.
[9]	关志涛,杨亭亭,徐茹枝,王竹晓. 面向云存储的基于属性加密的多授权中心访问控制方案[J]. 通信学报, 2015, 36(6): 116-126.
[10]	肖敏,王春蕾,周由胜. 云存储系统中支持用户隐私保护的细粒度访问控制[J]. 通信学报, 2014, 35(Z2): 42-47.
[11]	肖敏，王春蕾，周由胜. 云存储系统中支持用户隐私保护的细粒度访问控制[J]. 通信学报, 2014, 35(Z2): 7-47.
[12]	吴志军，赵婷，雷缙. 基于改进的diameter/EAP-MD5的SWIM认证方法[J]. 通信学报, 2014, 35(8): 1-7.
[13]	吴志军,赵婷,雷缙. 基于改进的Diameter/EAP-MD5的SWIM认证方法[J]. 通信学报, 2014, 35(8): 1-7.
[14]	吕洁,陈萍,王文清,张扬,张蓓. 基于联盟身份认证和CALIS联合认证的图书馆资源访问方案[J]. 通信学报, 2013, 34(Z2): 69-73.
[15]	吕洁1, 2，陈萍1, 2，王文清3，张扬1, 2，张蓓1, 2. 基于联盟身份认证和CALIS联合认证的图书馆资源访问方案[J]. 通信学报, 2013, 34(Z2): 14-73.