雾计算中细粒度属性更新的外包计算访问控制方案

doi:10.11959/j.issn.1000-436x.2021063

通信学报 ›› 2021, Vol. 42 ›› Issue (3): 160-170.doi: 10.11959/j.issn.1000-436x.2021063

雾计算中细粒度属性更新的外包计算访问控制方案

杜瑞忠¹^,², 闫沛文¹, 刘妍¹

¹ 河北大学网络空间安全与计算机学院，河北保定 071000
² 河北省高可信信息系统重点实验室，河北保定 071000

修回日期:2020-12-07 出版日期:2021-03-25 发布日期:2021-03-01
作者简介:杜瑞忠（1975- ），男，河北献县人，博士，河北大学教授、博士生导师，主要研究方向为可信计算、信息安全等。
闫沛文（1994- ），男，河北张家口人，河北大学硕士生，主要研究方向为信息安全、访问控制、雾计算等。
刘妍（1994- ），女，河北保定人，河北大学硕士生，主要研究方向为网络安全、物联网安全、边缘计算等。
基金资助:
国家自然科学基金资助项目(61572170);河北省自然科学基金资助项目(F2018201153);河北省自然科学基金重点资助项目(F2019201290)

Fine-grained attribute update and outsourcing computing access control scheme in fog computing

Ruizhong DU¹^,², Peiwen YAN¹, Yan LIU¹

¹ School of Cyber Security and Computer, Hebei University, Baoding 071000, China
² Key Lab on High Trusted Information System in Hebei Province, Baoding 071000, China

Revised:2020-12-07 Online:2021-03-25 Published:2021-03-01
Supported by:
The National Natural Science Foundation of China(61572170);The Natural Science Foundation of Hebei Province(F2018201153);The Key Project of Natural Science Foundation of Hebei Province(F2019201290)

摘要/Abstract

摘要：

针对基于密文策略的属性加密（CP-ABE）在低时延需求较高的雾计算环境中，存在加解密开销大、属性更新效率低的问题，提出了一种雾计算中细粒度属性更新的外包计算访问控制方案，使用模加法一致性秘密（密钥）分享技术构建访问控制树，将加解密计算操作外包给雾节点，降低用户加解密开销；结合重加密机制，在雾节点建立组密钥二叉树对密文进行重加密，实现对用户属性的灵活更新。安全性分析表明，所提方案在决策双线性 Diffie-Hellman 假设下是安全的。仿真实验结果表明，所提方案中用户加解密时间开销相比其他方案更小，属性更新效率更高。

关键词: 访问控制, 雾计算, 外包计算, 属性更新, 基于密文策略属性加密

Abstract:

To slove the problem that in the fog computing environment with comparatively high low latency demand, ciphertext policy attribute based encryption (CP-ABE) faced the problems of high encryption and decryption overhead and low efficiency of attribute update, an fine-grained attribute update and outsourcing computing access control scheme in fog computing was proposed.The unanimous consent control by modular addition technique was used to construct an access control tree, and the computing operations of ecryption and decryption were outsourced to fog nodes in order to reduce user encryption and decryption overhead.Combined with the re-encryption mechanism, a group key binary tree was established at the fog node to re-encrypt the ciphertext so that user attribute can be updated flexibly.The security analysis shows that the proposed scheme is safe under the decision bilinear Diffie-Hellman hypothesis.Compared with other schemes, the results of simulation experiment prove that the time cost of user encryption and decryption in this scheme is lower and the efficiency of attribute update is higher.

Key words: access control, fog computing, outsourcing computing, attribute update, CP-ABE

中图分类号:

TP309

杜瑞忠, 闫沛文, 刘妍. 雾计算中细粒度属性更新的外包计算访问控制方案[J]. 通信学报, 2021, 42(3): 160-170.

Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing[J]. Journal on Communications, 2021, 42(3): 160-170.

图/表 9

图1

图2

图3

表1

表2

表3

图4

图5

图6

参考文献 25

[1]	HABIBI P , FARHOUDI M , KAZEMIAN S ,et al. Fog computing:a comprehensive architectural survey[J]. IEEE Access, 2020,8: 69105-69133.
[2]	GUO R , ZHUANG C , SHI H ,et al. A lightweight verifiable outsourced decryption of attribute-based encryption scheme for blockchain-enabled wireless body area network in fog computing[J]. International Journal of Distributed Sensor Networks, 2020,DOI:10.1177/1550147720906796.
[3]	JIANG J F , TANG L Y , GU K ,et al. Secure computing resource allocation framework for open fog computing[J]. The Computer Journal, 2020,63(4): 567-592.
[4]	SHAHID M H , HAMEED A R , ISLAM S U ,et al. Energy and delay efficient fog computing using caching mechanism[J]. Computer Communications, 2020,154: 534-541.
[5]	DESIKAN K E S , KOTAGI V J , MURTHY C S R . Topology control in fog computing enabled IoT networks for smart cities[J]. Computer Networks, 2020,167: 107270.
[6]	VILELA P H , RODRIGUES J J P C , RIGHI R R ,et al. Looking at fog computing for E-health through the lens of deployment challenges and applications[J]. Sensors, 2020,20(9): 2553.
	李琦, 朱洪波, 熊金波 ,等. mHealth中可追踪多授权机构基于属性的访问控制方案[J]. 通信学报, 2018,39(6): 1-10.
	LI Q , ZHONG H B , XIONG J B ,et al. Multi-authority attribute-based access control system in mHealth with traceability[J]. Journal on Communications, 2018,39(6): 1-10.
[7]	ALEISA M A , ABUHUSSEIN A , SHELDON F T . Access control in fog computing:challenges and research agenda[J]. IEEE Access, 2020,8: 83986-83999.
[8]	ZHANG P Y , ZHOU M C , FORTINO G . Security and trust issues in fog computing:a survey[J]. Future Generation Computer Systems, 2018,88: 16-27.
[9]	BETHENCOURT J , AMIT S , WATERS B . Ciphertext-policy attribute based encryption[C]// 2007 IEEE Symposium on Security ＆ Privacy. Piscataway:IEEE Press, 2007: 321-334.
[10]	WANG H , ZHENG Z H , WU L ,et al. New large-universe multi-authority ciphertext-policy ABE scheme and its application in cloud storage systems[J]. Journal of High Speed Networks, 2016,22(2): 153-167.
[11]	LIANG K T , SUSILO W . Searchable attribute-based mechanism with efficient data sharing for secure cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2015,10(9): 1981-1992.
[12]	IBRAIMI L , TANG Q , HARTEL P H . Efficient and provable secure ciphertext-policy attribute-based encryption schemes lecture notes in computer science[C]// 2009 International Conference on Information Security Practice and Experience(ISPEC). Berlin:Springer, 2009: 1-12.
[13]	WANG H Q , HE D B , HAN J G . VOD-ADAC:anonymous distributed fine-grained access control protocol with verifiable outsourced decryption in public cloud[J]. IEEE Transactions on Services Computing, 2017,13(3): 572-583.
[14]	WANG H Q , HE D B , YU J ,et al. Incentive and unconditionally anonymous identity-based public provable data possession[J]. IEEE Transactions on Services Computing, 2016,12(5): 824-835.
[15]	JIN Y , TIAN C , HE H ,et al. A secure and lightweight data access control scheme for mobile cloud computing[C]// 2015 IEEE Fifth International Conference on Big Data and Cloud Computing. Piscataway:IEEE Press, 2015: 172-179.
[16]	GREEN M , HOHENBERGER S , WATERS B . Outsourcing the decryption of ABE ciphertexts[C]// Proceedings of the 20th USENIX Conference on Security. Berkeley:USENIX Association, 2011: 523-538.
[17]	MAO X P , LAI J Z , MEI Q X ,et al. Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption[J]. IEEE Transactions on Dependable and Secure Computing, 2016,13(5): 533-546.
[18]	KUMAR P P , KUMAR P S , ALPHONSE P J A . A new verifiable outsourced ciphertext-policy attribute based encryption for big data privacy and access control in cloud[J]. Journal of Ambient Intelligence and Humanized Computing, 2019,10: 2693-2707.
[19]	KIBIWOTT K P , FENGLI Z , ANYEMBE O A ,et al. Secure cloudlet-based ehealth big data system with fine-grained access control and outsourcing decryption from ABE[J]. International Journal of Network Security, 2018,20(6): 1149-1162.
[20]	AL-DAHHAN R R , SHI Q , LEE G M ,et al. Revocable,decentralized multi-authority access control system[C]// 2018 IEEE/ACM International Conference on Utility and Cloud Computing Companion. Piscataway:IEEE Press, 2018: 220-225.
[21]	ZHANG P , CHEN Z , LIU J K ,et al. An efficient access control scheme with outsourcing capability and attribute update for fog computing[J]. Future Generation Computer Systems, 2018,78(2): 753-762.
[22]	CHEN N , GERLA M , HUANG D ,et al. Secure,selective group broadcast in vehicular networks using dynamic attribute based encryption[C]// 2010 The 9th IFIP Annual Mediterranean Ad Hoc Networking Workshop. Piscataway:IEEE Press, 2010,DOI:10.1109/ MEDHOCNET.2010.5546877.
[23]	HUR J , NOH D K . Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2011,22(7): 1214-1221.
[24]	LIU Z H , DUAN S H , ZHOU P L ,et al. Traceable-then-revocable ciphertext-policy attribute-based encryption scheme[J]. Future Generation Computer Systems, 2019,93: 903-913.
[25]	张凯, 马建峰, 李辉 ,等. 支持高效撤销的多机构属性加密方案[J]. 通信学报, 2017,38(3): 83-91.
	ZHANG K , MA J F , LI H ,et al. Multi-authority attribute-based encryption with efficient revocation[J]. Journal on Communications, 2017,38(3): 83-91.

方案	外包加密	外包解密	属性撤销
文献[12]方案	No	No	No
文献[18]方案	Yes	Yes	No
文献[21]方案	Yes	Yes	Yes
文献[24]方案	No	No	Yes
本文方案	Yes	Yes	Yes

符号	含义
n₁	访问树中的属性个数或者矩阵中的行数
n₂	用户持有属性个数
n₃	与用户关联属性个数
n₄	满足访问树中的最小节点
t_e	双线性配对运算
G_i(i=0,T)	乘法循环群内的幂运算或乘法运算
H	哈希运算
δ	对称解密

方案	用户加密	外包加密	外包解密	用户解密	属性撤销
文献[12]方案	(n₁+2)G₀	×	×	(n₃+1)t_e+n₃G_T	×
文献[18]方案	2G₀+G_T+H	(n₁+1)G₀	(n₃+3)t_e+n₄G_T	δ	×
文献[21]方案	4G₀+2G_T	(n₁+2)G₀	(n ₃+2)t_e+(2n₄+2)G_T	t_e+2G_T	n₃G₀
文献[24]方案	(2n₁+3)G₀	×	×	(2n₄+3)t_e+(T+2)G_T	n₂G₀
本文方案	2G₀+2G_T	(n₁+2)G₀	(n ₃+2)t_e	t_e+G_T	G₀
注释：×表示方案中不涉及该项功能。

雾计算中细粒度属性更新的外包计算访问控制方案

Fine-grained attribute update and outsourcing computing access control scheme in fog computing

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 25

相关文章 15

Metrics

推荐阅读 0

[1]	金伟, 李凤华, 余铭洁, 郭云川, 周紫妍, 房梁. 面向HDFS的密钥资源控制机制[J]. 通信学报, 2022, 43(9): 27-41.
[2]	梁晓艳, 杜瑞忠. IoT下CapBAC规则语义表示及其时间间隔粗糙性分析[J]. 通信学报, 2021, 42(9): 43-53.
[3]	董江涛, 闫沛文, 杜瑞忠. 雾计算中基于无配对CP-ABE可验证的访问控制方案[J]. 通信学报, 2021, 42(8): 139-150.
[4]	彭长根, 彭宗凤, 丁红发, 田有亮, 刘荣飞. 具有可撤销功能的属性协同访问控制方案[J]. 通信学报, 2021, 42(5): 75-86.
[5]	应作斌, 斯元平, 马建峰, 刘西蒙. 基于区块链的分布式EHR细粒度可追溯方案[J]. 通信学报, 2021, 42(5): 205-215.
[6]	张嘉伟, 马建峰, 马卓, 李腾. 云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案[J]. 通信学报, 2021, 42(10): 81-94.
[7]	诸天逸,李凤华,金伟,郭云川,房梁,成林. 互操作性与自治性平衡的跨域访问控制策略映射[J]. 通信学报, 2020, 41(9): 29-48.
[8]	周清雷,班绍桓,韩英杰,冯峰. 针对物理访问控制的拟态防御认证方法[J]. 通信学报, 2020, 41(6): 80-87.
[9]	贾春福,哈冠雄,李瑞琪. 密文去重系统中的数据访问控制策略[J]. 通信学报, 2020, 41(5): 72-83.
[10]	付永贵,朱建明. 基于区块链的数据库访问控制机制设计[J]. 通信学报, 2020, 41(5): 130-140.
[11]	谢绒娜,李晖,史国振,郭云川. 基于属性轻量级可重构的访问控制策略[J]. 通信学报, 2020, 41(2): 112-122.
[12]	刘敖迪, 杜学绘, 王娜, 乔蕊. 基于深度学习的ABAC访问控制策略自动化生成技术[J]. 通信学报, 2020, 41(12): 8-20.
[13]	谢绒娜, 李晖, 史国振, 郭云川, 张铭, 董秀则. 基于区块链的可溯源访问控制机制[J]. 通信学报, 2020, 41(12): 82-93.
[14]	王田,沈雪微,罗皓,陈柏生,王国军,贾维嘉. 基于雾计算的可信传感云研究进展[J]. 通信学报, 2019, 40(3): 170-181.
[15]	丁红发,彭长根,田有亮,向淑文. 基于演化博弈的隐私风险自适应访问控制模型[J]. 通信学报, 2019, 40(12): 9-20.