面向敏感数据共享环境下的融合访问控制机制

doi:10.3969/j.issn.1000-436x.2014.08.010

Abstract

Abstract:

In order to improve security of sensitive data sharing and distributing, fused access control scheme based on the mechanism of attribute-based encryption (ABE) and usage control (UCON) was proposed. The scheme could ensure data confidentiality in the storage, distribution process and control sensitive data sharing scope with dynamic access poli-cies. Additionally, the scheme can prevent legal users operating sensitive data illegally and prohibit privilege abuse for domain user.The results of security analysis and efficiency analysis show that fused access control scheme alleviates the administering burdens on data management server and realizes secure storage and distribution for sensitive data.

Key words: data sharing, access control, attribute-based encryption scheme, usage control

Xi-xi YAN,Tao GENG. Fused access control scheme for sensitive data sharing[J]. Journal on Communications, 2014, 35(8): 71-77.

Figures/Tables 5

References 14

[1]	SAHAI A , WATERS B . Fuzzy identity-based encryption[A]. Cryptol-ogy-EUROCRYPT 2005[C]. Berlin, Heidelberg: Springer-Verlag, 2005. 457-473.
[2]	MIHAELA I , GIOVANNI R , BRUNO C . Design and implementation of a confidentiality and access control solution for publish/subscribe systems[J]. Computer networks, 2012,56(7): 2014-2037.
[3]	MUNTES M V , NIN J . Privacy and anonymization for very large datasets[A]. Proc of the ACM 18th Int'l Conf on Information and Knowledge Management,CIKM 2009[C]. New York: Association for Computing Machinery, 2009. 2117-2118.
[4]	WAN Z G , LIU J E , ROBERT H D . HASBE: a hierarchical attrib-ute-based solution for flexible and scalable access control in cloud computing[J]. IEEE Transactions on Information Forensics and Secu-rity, 2012,7(2): 743-754.
[5]	NUTTAPONG A , JAVIER H , FABIEN L . Attribute-based encryption schemes with constant-size ciphertexts[J]. Theoretical computer sci-ence, 2012,422(9): 15-38.
[6]	WANG Y T , CHEN K F , LONG Y . Attribute-based traitor tracing[J]. Journal of Information Science and Engineering, 2011,27(1): 181-195.
[7]	WANG Y T , CHEN K F , LONG Y . Accountable authority key policy attribute-based encryption[J]. Science China, 2012,55(7): 1631-1638.
[8]	CRAMPTON J , MARTIN K , WILD P . On key assignment for hierar-chical access control[J]. Proc of the 19th IEEE Computer Security Foundations Workshop—CSFW 2006[C]. Venice, 2006. 5-7.
[9]	MALEK B , MIRI A . Combining attribute-based and access sys-tems[J]. Proc of IEEE CSE2009, the 12th IEEE Int'l Conf on Com-putational Science and Engineering IEEE Computer Society[C] 2009. 305-312.
[10]	BONEH D , FRANKLIN M . Identity-based encryption from the Weil pairing[J]. SIAM Journal on Computing, 2003,32(3): 586-615.
[11]	IBRAMI L , PETKOVIC M , NIKOVA S , et al. Ciphertext-Policy Attribute-Based Threshold Decryption with Flexible Delegation and Revocation of User Attributes[R]. Centre for Telematics and Informa-tion Technology, University of Twente, 2009.
[12]	ROY S , CHUAH M . Secure Data Retrieval Based on Ciphertext Pol-icy Attribute-Based Encryption(CP-ABE) System for the DTN[R]. 2009.
[13]	BLAZE M , BLEUMER G , STRAISS M . Divertible protocols and atomic proxy cryptography[A]. EUROCRYPT1998[C]. 1998. 127-144.
[14]	闫玺玺，马兆丰，杨义先等. 多域环境下基于代理重加密的电子文档分发算法及协议分析[J]. 北京邮电大学学报， 2012,35(5):81-84. YAN X X , MA Z F , YANG Y X , et al. A distribution protocol based on proxy re-encryption in domain environment of E-document manage-ment[J]. Journal of Beijing University of Posts and Telecommunica-tions, 2012,35(5):81-84

Metrics

Recommended 0

No Suggested Reading articles found!

实体标识符	描述
AU	用户，包括数据属主、数据使用者
RS	授权服务器
CS	内容服务器
O	数据属主
U	数据使用者
F	文件

符号	描述
PK	系统公钥
MK	系统私钥
ID_u	用户的身份信息
ID_f	文件的相关编号信息
A_u	属性证书
SKu	用户属性私钥
k_f	文件内容加密密钥
C_f	文件密文
C_k	内容加密密钥密文
A_c	属性集合，表示访问控制策略
R_u	文件的使用权限
sp	内容服务器的公钥
ss	内容服务器的私钥
E_x(y)	采用秘钥x加密数据y
D_x(y)	采用秘钥x解密数据y

比较者	数据属主	服务端	数据使用者
传统方案	E_s+E_a	D_a+E_a	D_a+D_s
本文方案	E_s+E_ab	0	D_ab+D_s

[1]	Tao FENG, Liqiu CHEN, Junli FANG, Jianming SHI. Blockchain data sharing scheme based on localized difference privacy and attribute-based searchable encryption [J]. Journal on Communications, 2023, 44(5): 224-233.
[2]	Xuejiao LIU, Tiancong CAO, Yingjie XIA. Research on efficient and secure cross-domain data sharing of IoV under blockchain architecture [J]. Journal on Communications, 2023, 44(3): 186-197.
[3]	Wei JIN, Fenghua LI, Mingjie YU, Yunchuan GUO, Ziyan ZHOU, Liang FANG. HDFS-oriented cryptographic key resource control mechanism [J]. Journal on Communications, 2022, 43(9): 27-41.
[4]	Ruizhong DU, Tianhe ZHANG, Pengliang SHI. Ciphertext policy hidden access control scheme based on blockchain and supporting data sharing [J]. Journal on Communications, 2022, 43(6): 168-178.
[5]	Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing [J]. Journal on Communications, 2021, 42(8): 139-150.
[6]	Youhuizi LI, Yuyu YIN, Honghao GAO, Yi JIN, Xinheng WANG. Survey on privacy protection in non-aggregated data sharing [J]. Journal on Communications, 2021, 42(6): 195-212.
[7]	Changgen PENG, Zongfeng PENG, Hongfa DING, Youliang TIAN, Rongfei LIU. Attribute-based revocable collaborative access control scheme [J]. Journal on Communications, 2021, 42(5): 75-86.
[8]	Zuobin YING, Yuanping SI, Jianfeng MA, Ximeng LIU. Blockchain-based distributed EHR fine-grained traceability scheme [J]. Journal on Communications, 2021, 42(5): 205-215.
[9]	Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing [J]. Journal on Communications, 2021, 42(3): 160-170.
[10]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[11]	Yang LIU, Jun LI, Wenyun CHEN, Mugen PENG. Research on endogenous security data sharing mechanism of F-RAN for 6G [J]. Journal on Communications, 2021, 42(1): 67-78.
[12]	Tianyi ZHU,Fenghua LI,Wei JIN,Yunchuan GUO,Liang FANG,Lin CHENG. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy [J]. Journal on Communications, 2020, 41(9): 29-48.
[13]	Shufen NIU,Wenke LIU,Lixia CHEN,Caifen WANG,Xiaoni DU. Electronic medical record data sharing scheme based on searchable encryption via consortium blockchain [J]. Journal on Communications, 2020, 41(8): 204-214.
[14]	Qinglei ZHOU,Shaohuan BAN,Yingjie HAN,Feng FENG. Mimic defense authentication method for physical access control [J]. Journal on Communications, 2020, 41(6): 80-87.
[15]	Chunfu JIA,Guanxiong HA,Ruiqi LI. Data access control policy of encrypted deduplication system [J]. Journal on Communications, 2020, 41(5): 72-83.

Fused access control scheme for sensitive data sharing

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 5

References 14

Related Articles 15

Metrics

Recommended 0