基于代理重加密的云端多要素访问控制方案

doi:10.11959/j.issn.1000-436x.2018028

Abstract

Abstract:

Cloud computing is one of the space-ground integration information network applications.Users can access data and retrieve service easily and quickly in cloud.The confidentiality and integrity of the data cloud have a direct correspondence to data security of the space-ground integration information network.Thus the data in cloud is transferred with encrypted form to protect the information.As an important technology of cloud security,access control should take account of multi-factor and cipher text to satisfy the complex requirement for cloud data protection.Based on this,a proxy re-encryption based multi-factor access control (PRE-MFAC) scheme was proposed.Firstly,the aims and assumptions of PRE-MFAC were given.Secondly,the system model and algorithm was defined.Finally,the security and properties of PRE-MFAC were analyzed.The proposed scheme has combined the PRE and multi-factor access control together and realized the multi-factor permission management of cipher text in cloud.Meanwhile,it can make the best possible use of cloud in computing and storing,then reduce the difficulty of personal user in cryptographic computing and key managing.

Key words: proxy re-encryption, multi-factor, access control, cloud computing, space-ground integration information network

CLC Number:

TP393

Mang SU,Guozhen SHI,Anmin FU,Yan YU,Wei JIN. Proxy re-encryption based multi-factor access control scheme in cloud[J]. Journal on Communications, 2018, 39(2): 96-104.

Figures/Tables 6

References 16

[14]	SU M , LI F , SHI G ,et al. A user-centric data secure creation scheme in cloud computing[J]. Chinese Journal of Electronics, 2016,25(4): 753-760.
[15]	TANG Q , . Type-based proxy re-encryption and its construction[C]// International Conference on Cryptology in India:Progress in Cryptology. 2008: 130-144.
[1]	李凤华, 殷丽华, 吴巍 ,等. 天地一体化信息网络安全保障技术研究进展及发展趋势[J]. 通信学报, 2016,37(11): 156-168.
	LI F H , YIN L H , WU W ,et al. Research status and development trends of security assurance for space-ground integration information network[J]. Journal on Communications, 2016,37(11): 156-168.
[2]	JHA S , SURAL S , VAIDYA J ,et al. Security analysis of temporal RBAC under an administrative model[J]. Computers ＆ Security, 2014(46): 154-172.
[3]	杨柳, 唐卓, 李仁发 ,等. 云计算环境中基于用户访问需求的角色查找算法[J]. 通信学报, 2011,32(7): 169-175.
	YANG L , TANG Z , LI R F ,et al. Roles query algorithm in cloud computing environment based on user require[J]. Journal on Communications, 2011,32(7): 169-175.
[4]	LUO J , WANG H , GONG X ,et al. A novel role-based access control model in cloud environments[J]. International Journal of Computational Intelligence Systems, 2016,9(1): 1-9.
[5]	LI J W , SQUICCIARINI A , LIN D J ,et al. SecLoc:securing location-sensitive storage in the cloud[C]// The 20th ACM Symposium on Access Control Models and Technologies. 2015: 51-61.
[6]	ZHOU L , VARADHARAJAN V , HITCHENS M . Trust enhanced cryptographic role-based access control for secure cloud data storage[J]. IEEE Transactions on Information Forensics and Security, 2015,10(11): 2381-2395.
[7]	ZHOU L , VARADHARAJAN V , GOPINATH K . A secure role-based cloud storage system for encrypted patient-centric health records[J]. Computer Journal, 2016,59(11): 1593-1611.
[8]	XU P , JIAO T , WU Q ,et al. Conditional identity-based broadcast proxy re-encryption and its application to cloud email[J]. IEEE Transactions on Computers, 2015,65(1): 66-79.
[9]	ZHANG Y , LI J , CHEN X ,et al. Anonymous attribute based proxy re-encryption for access control in cloud computing[J]. Security and Communication Networks, 2016,9(14): 2397-2411.
[10]	LI J , ZHAO X , ZHANG Y ,et al. Provably secure certificate-based conditional proxy re-encryption[J]. Journal of Information Science ＆Engineering, 2016,32(4): 813-830.
[11]	LIU Q , WANG G , WU J . Time-based proxy re-encryption scheme for secure data sharing in a cloud environment[J]. Information Sciences, 2014,258(3): 355-370.
[12]	YANG Y , LU H , WENG J ,et al. Fine-grained conditional proxy re-encryption and application[C]// International Conference on Provable Security. 2014: 206-222.
[13]	苏铓, 史国振, 谢绒娜 ,等. 面向移动云计算的多要素代理重加密方案[J]. 通信学报, 2015,36(11): 73-79.
	SU M , SHI G Z , XIE R N ,et al. Multi-element based on proxy re-encryption scheme for mobile cloud computing[J]. Journal on Communications, 2015,36(11): 73-79.
[16]	YANG K , LIU Z , JIA X ,et al. Time-domain attribute-based access control for cloud-based video content sharing:a cryptographic approach[J]. IEEE Transactions on Multimedia, 2016,18(5): 940-950.

Metrics

Recommended 0

No Suggested Reading articles found!

名称	说明
p _ik	用户i的公钥
s _ik	用户i的私钥
K(M)	对称密钥K加密产生的消息M的密文
E(K)_i	用户i私钥可以解密的密文
Cert _i	用户i的公钥证书
con _i	用户i的访问控制条件
P_MFAC	访问控制策略
rk _i→j	用户i到j的代理重加密密钥

函数	开销
Enc	3t₁+t₂
ReEnc	2t₁+3t₂
Dec₁	3t₁+3t₂
Dec₂	3t₁+4t₂

属性模型	密文访问控制	细粒度	多要素	用户密钥管理量	加解密运算执行方
TAAC	×	×	√	—	—
JBE	√	×	×	较小	用户
CPRE	√	×	√	较大	用户
Type-PRE	√	√	×	较大	用户
ACC-PRE	√	×	×	较小	用户＆云服务器
PRE-MFAC	√	√	√	较小	用户＆云服务器
注：TAAC并未针对密文进行访问控制，因此，不涉及密钥管理问题。

Proxy re-encryption based multi-factor access control scheme in cloud

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 16

Related Articles 15

Metrics

Recommended 0

[1]	Ling MA, Qiliang FAN, Ting XU, Guanchen GUO, Shenglin ZHANG, Yongqian SUN, Yuzhi ZHANG. Scheduling framework based on reinforcement learning in online-offline colocated cloud environment [J]. Journal on Communications, 2023, 44(6): 90-102.
[2]	Wei JIN, Fenghua LI, Mingjie YU, Yunchuan GUO, Ziyan ZHOU, Liang FANG. HDFS-oriented cryptographic key resource control mechanism [J]. Journal on Communications, 2022, 43(9): 27-41.
[3]	Lingcui ZHANG, Yaobing XU, Fenghua LI, Liang FANG, Yunchuan GUO, Zifu LI. Dynamic security-empowering architecture for space-ground integration information network [J]. Journal on Communications, 2021, 42(9): 87-95.
[4]	Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing [J]. Journal on Communications, 2021, 42(8): 139-150.
[5]	Huaqun WANG, Zhe LIU, Debiao HE, Jiguo LI. Identity-based provable data possession scheme for multi-source IoT terminal data in public cloud [J]. Journal on Communications, 2021, 42(7): 52-60.
[6]	Changgen PENG, Zongfeng PENG, Hongfa DING, Youliang TIAN, Rongfei LIU. Attribute-based revocable collaborative access control scheme [J]. Journal on Communications, 2021, 42(5): 75-86.
[7]	Zuobin YING, Yuanping SI, Jianfeng MA, Ximeng LIU. Blockchain-based distributed EHR fine-grained traceability scheme [J]. Journal on Communications, 2021, 42(5): 205-215.
[8]	Jianhong ZHANG, Menglong WU, Jing WANG, Pei LIU, Zhengtao JIANG, Changgen PENG. Secure and verifiable multi-keyword searchable encryption scheme in cloud [J]. Journal on Communications, 2021, 42(4): 139-149.
[9]	Ruiqi LI, Chunfu JIA, Yafei WANG. Multi-key homomorphic proxy re-encryption scheme based on NTRU and its application [J]. Journal on Communications, 2021, 42(3): 11-22.
[10]	Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing [J]. Journal on Communications, 2021, 42(3): 160-170.
[11]	Xiaodong YANG, Wanting XI, Jiaqi WANG, Aijia CHEN, Caifen WANG. Electronic evidence sharing scheme of Internet of vehicles based on signcryption and blockchain [J]. Journal on Communications, 2021, 42(12): 236-246.
[12]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[13]	Wenjuan WANG, Xuehui DU, Dibin SHAN. Construction method of attack scenario in cloud environment based on dynamic probabilistic attack graph [J]. Journal on Communications, 2021, 42(1): 1-17.
[14]	Youliang TIAN,Qin LUO. Verifiable multi-keyword search scheme based on improved Merkle-Tree authentication method [J]. Journal on Communications, 2020, 41(9): 118-129.
[15]	Tianyi ZHU,Fenghua LI,Wei JIN,Yunchuan GUO,Liang FANG,Lin CHENG. Cross-domain access control policy mapping mechanism for balancing interoperability and autonomy [J]. Journal on Communications, 2020, 41(9): 29-48.