通信学报 ›› 2021, Vol. 42 ›› Issue (5): 75-86.doi: 10.11959/j.issn.1000-436x.2021058

• 学术论文 • 上一篇    

具有可撤销功能的属性协同访问控制方案

彭长根1,2,3, 彭宗凤1,2, 丁红发1,4, 田有亮1,2,3, 刘荣飞5   

  1. 1 贵州省公共大数据重点实验室(贵州大学),贵州 贵阳 550025
    2 贵州大学计算机科学与技术学院, 贵州 贵阳 550025
    3 贵州大学密码学与数据安全研究所,贵州 贵阳 550025
    4 贵州财经大学信息学院,贵州 贵阳 550025
    5 云上贵州大数据产业发展有限公司,贵州 贵阳 550025
  • 修回日期:2020-11-20 出版日期:2021-05-01 发布日期:2021-05-01
  • 作者简介:彭长根(1963- ),男,贵州锦屏人,博士,贵州大学教授、博士生导师,主要研究方向为隐私保护、密码学和大数据安全
    彭宗凤(1995- ),女,贵州遵义人,贵州大学硕士生,主要研究方向为密码学与访问控制
    丁红发(1988- ),男,河南南阳人,贵州大学在站博士后,主要研究方向为隐私保护和大数据安全
    田有亮(1982- ),男,贵州六盘水人,博士,贵州大学教授、博士生导师,主要研究方向为算法博弈论、密码学与安全协议、大数据安全与隐私保护等
    刘荣飞(1987- ),男,云南宣威人,云上贵州大数据产业发展有限公司高级工程师,主要研究方向为大数据安全
  • 基金资助:
    国家自然科学基金资助项目(U1836205);国家自然科学基金资助项目(61772008);贵州省科技计划基金资助项目([2018]2159);贵州省科技计划基金资助项目([2019]2004);贵州省科技计划基金资助项目([2020]5017);贵州省科技计划基金资助项目([2018]3001);贵州省高等学校创新人才基金资助项目([2013]09);“十三五”国家密码发展基金资助项目(MMJJ20170129)

Attribute-based revocable collaborative access control scheme

Changgen PENG1,2,3, Zongfeng PENG1,2, Hongfa DING1,4, Youliang TIAN1,2,3, Rongfei LIU5   

  1. 1 Guizhou Provincial Key Laboratory of Public Big Data (Guizhou University), Guiyang 550025, China
    2 College of Computer Science and Technology, Guizhou University, Guiyang 550025, China
    3 Institute of Cryptography and Data Security, Guizhou University, Guiyang 550025, China
    4 College of Information, Guizhou University of Finance and Economics, Guiyang 550025, China
    5 Yunshang Guizhou Big Data Industry and Development Co., Ltd., Guiyang 550025, China
  • Revised:2020-11-20 Online:2021-05-01 Published:2021-05-01
  • Supported by:
    The National Natural Science Foundation of China(U1836205);The National Natural Science Foundation of China(61772008);The Science and Technology Program of Guizhou Province([2018]2159);The Science and Technology Program of Guizhou Province([2019]2004);The Science and Technology Program of Guizhou Province([2020]5017);The Science and Technology Program of Guizhou Province([2018]3001);The Project of Innovative Group in Guizhou Education Department([2013]09);The 13th Five-Year National Cryptography Development Foundation(MMJJ20170129)

摘要:

针对属性协同访问控制面临更复杂的权限动态更新问题,提出了具有属性即时撤销、属性级用户撤销和协同策略撤销的属性协同访问控制方案。所提方案给出了形式化定义与安全模型,以分组属性组内成员列表信息的变化反映用户权限的动态更新,进一步设计高效的重加密算法实现属性即时撤销和用户撤销。在协同策略撤销方面,利用转移节点的转移值特性,快速更新协同属性对应的密文以实现细粒度的协同策略撤销。安全证明表明,所提方案在选择明文攻击下能保证数据机密性,前向、后向安全性,并能抵抗共谋攻击。与已有方案相比,所提方案具有更完备的细粒度撤销功能以及更高的撤销运行效率。

关键词: 属性协同访问控制, 基于密文策略的属性加密, 撤销, 转移节点, 属性组

Abstract:

To solve the dynamic update of access rights in attribute-based collaborative access control, a novel scheme was proposed with the revocation of attribute, user and collaborative policy.A formal definition and a security model were presented, the group-based attribute group were changed to reflect the update of rights, and further, an efficient re-encryption algorithm was used to realize the immediate revocation of attributes and users.The translation value was used to achieve the revocation of collaborative policy by update corresponding ciphertext.The security analysis shows the scheme can guarantee data confidentiality, forward/backward security, and resist collusion attack under chosen plaintext attack.Compared with the related works, the proposal achieved more complete and efficient revocation scheme.

Key words: attribute-based collaborative access control, CP-ABE, revocation, translation node, attribute group

中图分类号: 

No Suggested Reading articles found!