雾计算中基于无配对CP-ABE可验证的访问控制方案

doi:10.11959/j.issn.1000-436x.2021162

通信学报 ›› 2021, Vol. 42 ›› Issue (8): 139-150.doi: 10.11959/j.issn.1000-436x.2021162

雾计算中基于无配对CP-ABE可验证的访问控制方案

董江涛¹, 闫沛文², 杜瑞忠²

¹ 中国电子科技集团公司第五十四研究所，河北石家庄 050081
² 河北大学网络空间安全与计算机学院，河北保定 071002

修回日期:2021-08-06 出版日期:2021-08-25 发布日期:2021-08-01
作者简介:董江涛（1981- ），男，河北石家庄人，中国电子科技集团公司第五十四研究所高级工程师，主要研究方向为航天地面运控应用
闫沛文（1994- ），男，河北张家口人，河北大学硕士生，主要研究方向为信息安全、访问控制、雾计算等
杜瑞忠（1975- ），男，河北保定人，博士，河北大学教授、博士生导师，主要研究方向为可信计算、信息安全等
基金资助:
国家自然科学基金资助项目(61572170);河北省自然科学基金资助项目(F2018201153);河北省自然科学基金重点资助项目(F2019201290)

Verifiable access control scheme based on unpaired CP-ABE in fog computing

Jiangtao DONG¹, Peiwen YAN², Ruizhong DU²

¹ The 54th Research Institute of CETC, Shijiazhuang 050081, China
² School of Cyber Security and Computer, Hebei University, Baoding 071002, China

Revised:2021-08-06 Online:2021-08-25 Published:2021-08-01
Supported by:
The National Natural Science Foundation of China(61572170);The Natural Science Foundation of Hebei Province(F2018201153);Key Project of Natural Science Foundation of Hebei Province(F2019201290)

摘要/Abstract

摘要：

雾计算将计算能力和数据分析应用扩展至网络边缘，解决了云计算的时延问题，也为数据的安全性带来新的挑战。基于密文策略的属性加密（CP-ABE）是保证数据机密性与细粒度访问控制的技术，其中双线性配对的计算开销过大制约了其应用与发展。针对此，提出了一种雾计算中基于无配对CP-ABE可验证的访问控制方案，为了使CP-ABE更加高效，使用椭圆曲线加密中的简单标量乘法代替双线性配对，从而减少总体计算开销；将解密操作外包给雾节点来降低用户计算复杂度，根据区块链防篡改可溯源的特性实现了对访问事务的正确性验证并记录访问授权过程。安全性与性能分析表明，所提方案在椭圆曲线的决策DBDH假设下是安全的，且计算效率更高。

关键词: 访问控制, 雾计算, 基于密文策略属性加密, 椭圆曲线加密

Abstract:

Fog computing extends computing power and data analysis applications to the edge of the network, solves the latency problem of cloud computing, and also brings new challenges to data security.Attribute encryption based on ciphertext strategy (CP-ABE) is a technology to ensure data confidentiality and fine-grained access control.The excessive computational overhead of bilinear pairing restricts its application and development.In response to this, a verifiable access control scheme was proposed based on unpaired CP-ABE in fog computing.In order to make CP-ABE more efficient, simple scalar multiplication in elliptic curve encryption was used to replace bilinear pairing, thereby reducing the overall computational overhead.Decryption operations were outsourced to fog nodes to reduce user computational complexity, and based on the tamper-proof and traceable characteristics of the blockchain, the correctness of the access transaction was verified and the access authorization process was recorded.Security and performance analysis shows that the scheme is safe under the elliptic curve decision-making DBDH (Diffie-Hellman) assumption, and the calculation efficiency is higher.

Key words: access control, fog computing, CP-ABE, elliptic curve cryptography

中图分类号:

TP309

董江涛, 闫沛文, 杜瑞忠. 雾计算中基于无配对CP-ABE可验证的访问控制方案[J]. 通信学报, 2021, 42(8): 139-150.

Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing[J]. Journal on Communications, 2021, 42(8): 139-150.

图/表 7

图1

图2

表1

表2

图3

图4

图5

参考文献 29

[1]	贾维嘉, 周小杰 . 雾计算的概念、相关研究与应用[J]. 通信学报, 2018,39(5): 153-165.
	JIA W J , ZHOU X J . Concepts,issues,and applications of fog computing[J]. Journal on Communications, 2018,39(5): 153-165.
[2]	GUO R , ZHUANG C Y , SHI H X ,et al. A lightweight verifiable outsourced decryption of attribute-based encryption scheme for blockchain-enabled wireless body area network in fog computing[J]. International Journal of Distributed Sensor Networks, 2020,16(2): 155014772090679.
[3]	JIANG J F , TANG L Y , GU K ,et al. Secure computing resource allocation framework for open fog computing[J]. The Computer Journal, 2020,63(4): 567-592.
[4]	SHAHID M H , HAMEED A R , ISLAM S U ,et al. Energy and delay efficient fog computing using caching mechanism[J]. Computer Communications, 2020,154: 534-541.
[5]	DESIKAN K E S , KOTAGI V J , MURTHY C S R . Topology control in fog computing enabled IoT networks for smart cities[J]. Computer Networks, 2020,176:107270.
[6]	VILELA P H , RODRIGUES J J P C , RIGHI R D R ,et al. Looking at fog computing for E-health through the lens of deployment challenges and applications[J]. Sensors, 2020,20(9): 2553.
[7]	FERRAIOLO D , CUGINI J , KUHN D R . Role-based access control (RBAC):features and motivations[C]// Proceedings of 11th Annual Computer Security Application Conference. Piscataway:IEEE Press, 1995: 241-248.
[8]	ZHANG P Y , ZHOU M C , FORTINO G . Security and trust issues in fog computing:a survey[J]. Future Generation Computer Systems, 2018,88: 16-27.
[9]	BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption[C]// 2007 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2007: 321-334.
[10]	WANG H , ZHENG Z H , WU L . New large-universe multi-authority ciphertext-policy ABE scheme and its application in cloud storage systems[J]. Journal of High Speed Networks, 2016,22(2): 153-167.
[11]	LIANG K T , SUSILO W . Searchable attribute-based mechanism with efficient data sharing for secure cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2015,10(9): 1981-1992.
[12]	LEWKO A , WATERS B . Decentralizing attribute-based encryption[C]// Advances in Cryptology – EUROCRYPT 2011. Berlin:Springer, 2011: 568-588.
[13]	HORVATH M , . Attribute-based encryption optimized for cloud computing[C]// Theory and Practice of Computer Science. Berlin:Springer, 2015,DOI:10.1007/978-3-662-46078-8_47.
[14]	HUR J . Improving security and efficiency in attribute-based data sharing[J]. IEEE Transactions on Knowledge and Data Engineering, 2013,25(10): 2271-2282.
[15]	LIANG K T , SUSILO W . Searchable attribute-based mechanism with efficient data sharing for secure cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2015,10(9): 1981-1992.
[16]	WANG S L , LIANG K T , LIU J K ,et al. Attribute-based data sharing scheme revisited in cloud computing[J]. IEEE Transactions on Information Forensics and Security, 2016,11(8): 1661-1673.
[17]	LI J G , WANG Y , ZHANG Y C ,et al. Full verifiability for outsourced decryption in attribute based encryption[J]. IEEE Transactions on Services Computing, 2020,13(3): 478-487.
[18]	ZHANG K , LI H , MA J F ,et al. Efficient large-universe multi-authority ciphertext-policy attribute-based encryption with white-box traceability[J]. Science China Information Sciences, 2017,61(3): 1-13.
[19]	FREEMAN D , SCOTT M , TESKE E . A taxonomy of pairing-friendly elliptic curves[J]. Journal of Cryptology, 2010,23(2): 224-280.
[20]	SCOTT M , . On the efficient implementation of pairing-based protocols[C]// Cryptography and Coding. Berlin:Springer, 2011: 296-308.
[21]	PONTIE S , MAISTRI P , LEVEUGLE R . Dummy operations in scalar multiplication over elliptic curves:a tradeoff between security and performance[J]. Microprocessors ＆ Microsystems, 2016,47: 23-36.
[22]	CHEVALLIER-MAMES B , CORON J S , MCCULLAGH N ,et al. Secure delegation of elliptic-curve pairing[C]// Lecture Notes in Computer Science. Berlin:Springer, 2010: 24-35.
[23]	CHEN X F , SUSILO W , LI J ,et al. Efficient algorithms for secure outsourcing of bilinear pairings[J]. Theoretical Computer Science, 2015,562: 112-121.
[24]	ODELU V , DAS A K . Design of a new CP-ABE with constant-size secret keys for lightweight devices using elliptic curve cryptography[J]. Security and Communication Networks, 2016,9(17): 4048-4059.
[25]	MAESA D D F , MORI P , RICCI L . Blockchain based access control[C]// Distributed Applications and Interoperable Systems. Berlin:Springer, 2017: 206-220.
[26]	DAGHER G G , MOHLER J , MILOJKOVIC M ,et al. Ancile:privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology[J]. Sustainable Cities and Society, 2018,39: 283-297.
[27]	DORRI A , KANHERE S S , JURDAK R ,et al. Blockchain for IoT security and privacy:the case study of a smart home[C]// 2017 IEEE International Conference on Pervasive Computing and Communications Workshops. Piscataway:IEEE Press, 2017: 618-623.
[28]	谢绒娜, 李晖, 史国振 ,等. 基于区块链的可溯源访问控制机制[J]. 通信学报, 2020,41(12): 82-93.
	XIE R N , LI H , SHI G Z ,et al. Blockchain-based access control mechanism for data traceability[J]. Journal on Communications, 2020,41(12): 82-93.
[29]	应作斌, 斯元平, 马建峰 ,等. 基于区块链的分布式EHR细粒度可追溯方案[J]. 通信学报, 2021,42(5): 205-215.
	YING Z B , SI Y P , MA J F ,et al. Blockchain-based distributed EHR fine-grained traceability scheme[J]. Journal on Communications, 2021,42(5): 205-215.

方案	访问结构	多授权机构	双线性配对	外包计算
文献[17]方案	LSSS	No	Yes	Yes
文献[18]方案	LSSS	Yes	Yes	No
文献[24]方案	与门	No	No	No
本文方案	LSSS	Yes	No	Yes

方案	用户加密	用户解密	外包解密
文献[17]方案	(4L+2)E_g+4E_T	E_T	(L+2)P+2LE_g
文献[18]方案	6 LE+(2L+1)E_T+(2 L+1)P	3 L_sP+3 L_sE_g	—
文献[24]方案	(N-ω+2)E	(N-ω+3)E	—
本文方案	(4L+1)E	2E	(7L+1)E
注：—表示方案中不涉及该项功能。

雾计算中基于无配对CP-ABE可验证的访问控制方案

Verifiable access control scheme based on unpaired CP-ABE in fog computing

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 29

相关文章 15

Metrics

推荐阅读 0

[1]	金伟, 李凤华, 余铭洁, 郭云川, 周紫妍, 房梁. 面向HDFS的密钥资源控制机制[J]. 通信学报, 2022, 43(9): 27-41.
[2]	梁晓艳, 杜瑞忠. IoT下CapBAC规则语义表示及其时间间隔粗糙性分析[J]. 通信学报, 2021, 42(9): 43-53.
[3]	彭长根, 彭宗凤, 丁红发, 田有亮, 刘荣飞. 具有可撤销功能的属性协同访问控制方案[J]. 通信学报, 2021, 42(5): 75-86.
[4]	应作斌, 斯元平, 马建峰, 刘西蒙. 基于区块链的分布式EHR细粒度可追溯方案[J]. 通信学报, 2021, 42(5): 205-215.
[5]	杜瑞忠, 闫沛文, 刘妍. 雾计算中细粒度属性更新的外包计算访问控制方案[J]. 通信学报, 2021, 42(3): 160-170.
[6]	张嘉伟, 马建峰, 马卓, 李腾. 云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案[J]. 通信学报, 2021, 42(10): 81-94.
[7]	诸天逸,李凤华,金伟,郭云川,房梁,成林. 互操作性与自治性平衡的跨域访问控制策略映射[J]. 通信学报, 2020, 41(9): 29-48.
[8]	周清雷,班绍桓,韩英杰,冯峰. 针对物理访问控制的拟态防御认证方法[J]. 通信学报, 2020, 41(6): 80-87.
[9]	贾春福,哈冠雄,李瑞琪. 密文去重系统中的数据访问控制策略[J]. 通信学报, 2020, 41(5): 72-83.
[10]	付永贵,朱建明. 基于区块链的数据库访问控制机制设计[J]. 通信学报, 2020, 41(5): 130-140.
[11]	谢绒娜,李晖,史国振,郭云川. 基于属性轻量级可重构的访问控制策略[J]. 通信学报, 2020, 41(2): 112-122.
[12]	刘敖迪, 杜学绘, 王娜, 乔蕊. 基于深度学习的ABAC访问控制策略自动化生成技术[J]. 通信学报, 2020, 41(12): 8-20.
[13]	谢绒娜, 李晖, 史国振, 郭云川, 张铭, 董秀则. 基于区块链的可溯源访问控制机制[J]. 通信学报, 2020, 41(12): 82-93.
[14]	王田,沈雪微,罗皓,陈柏生,王国军,贾维嘉. 基于雾计算的可信传感云研究进展[J]. 通信学报, 2019, 40(3): 170-181.
[15]	丁红发,彭长根,田有亮,向淑文. 基于演化博弈的隐私风险自适应访问控制模型[J]. 通信学报, 2019, 40(12): 9-20.