网络与信息安全学报 ›› 2019, Vol. 5 ›› Issue (2): 40-49.doi: 10.11959/j.issn.2096-109x.2019015

• 学术论文 • 上一篇    下一篇

权限可控传递的物联网共享设备委托授权访问机制

宋宇波(),戚姗姗,胡爱群   

  1. 东南大学网络空间安全学院,江苏 南京 211111
  • 修回日期:2018-12-20 出版日期:2019-04-15 发布日期:2019-04-16
  • 作者简介:宋宇波(1977- ),男,江苏无锡人,博士,东南大学网络空间安全学院副教授,主要研究方向为移动通信安全,物联网安全及安全协议设计。|戚姗姗(1992- ),女,浙江余姚人,东南大学博士生,主要研究方向为物联网安全。|胡爱群(1952- ),男,江苏南通人,博士,东南大学教授,主要研究方向为通信网络安全。
  • 基金资助:
    国家自然科学基金资助项目(61601113);赛尔网络下一代互联网技术创新基金资助项目(NGII20150409);中央高校基本科研业务费专项基金资助项目(2242017K40013)

Delegation authorization mechanism with controllable permissions propagation for IoT devices sharing

Yubo SONG(),Shanshan QI,Aiqun HU   

  1. School of Cyber Science and Engineering,Southeast University,Nanjing 211111,China
  • Revised:2018-12-20 Online:2019-04-15 Published:2019-04-16
  • Supported by:
    The National Natural Science Foundation of China(61601113);CERNET Innovation Project(NGII20150409);Fundamental Research Funds for the Central Universities(2242017K40013)

摘要:

为了解决在共享模式下设备所有者在委托授权时权限敏感度保护以及中间代理滥用授权的问题,综合基于信任度访问控制模型和代理签名的特征,提出了一种基于信任度的可控部分权限委托授权机制。该机制采用基于角色和信任度值的授权策略,通过代理签名实现可控的部分权限委托传递。经安全分析证明,该机制可满足权限传递所需的可验证性、不可否认性、可区分性、可识别性和不可滥用性等安全属性,确保了设备所有者权限的可控安全传递,有效防止中间代理过度授权的问题。

关键词: 共享设备, 委托授权, 信任度, 代理签名

Abstract:

In order to solve the problems of privilege sensitivity protection and the abuse of authorization by the agent when the device owner delegates authorization in IoT devices sharing environment,a trust-based delegation mechanism for controllable partial permissions was proposed with the trust access control model and the proxy signature.This mechanism generates trust values and authorization policies based on the relationship between the users,and implements controllable partial authority delegation through the proxy signature.According to the security analysis,the mechanism can meet the security attributes such as verifiability,non-repudiation,distinguishability,identifiability and non-abuse required by the permission transfer,and ensure the controllable security transfer of the device owner's permission.The problem of over authorization of an intermediary agent is effectively prevented.

Key words: devices sharing, delegation authorization, trust value, proxy signature

中图分类号: 

No Suggested Reading articles found!