基于代理重加密的云端多要素访问控制方案

苏铓; 史国振; 付安民; 俞研; 金伟

doi:10.11959/j.issn.1000-436x.2018028

您当前的位置：

首页 >

文章列表页 >

基于代理重加密的云端多要素访问控制方案

学术论文 | 更新时间：2024-06-05

- 基于代理重加密的云端多要素访问控制方案
- Proxy re-encryption based multi-factor access control scheme in cloud
- 通信学报 2018年39卷第2期页码：96-104
- 作者机构：
  
  1. 南京理工大学计算机科学与工程学院，江苏南京 210094
  2. 北京电子科技学院信息安全系，北京 100070
  3. 中国科学院信息工程研究所，北京 100093
- 作者简介：
  
  [ "苏铓（1987-），女，内蒙古赤峰人，博士，南京理工大学讲师，主要研究方向为云安全、访问控制、隐私保护等。" ]
  [ "史国振（1974-），男，河南济源人，博士，北京电子科技学院副教授、硕士生导师，主要研究方向为嵌入式系统、网络安全、访问控制等。" ]
  [ "付安民（1981-），男，湖北通城人，博士，南京理工大学副教授，主要研究方向为云安全、隐私保护等。" ]
  [ "俞研（1972-），男，吉林长春人，博士，南京理工大学副教授，主要研究方向为无线网络、网络空间安全等。" ]
  [ "金伟（1994-），女，北京人，中国科学院信息工程研究所博士生，主要研究方向为访问控制。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2016YFB0800303);国家自然科学基金资助项目(61702266);国家自然科学基金资助项目(61572255);江苏省自然科学基金资助项目(BK20150787);江苏省自然科学基金资助项目(BK20141404);北京市自然科学基金资助项目(4152048)
- DOI：10.11959/j.issn.1000-436x.2018028
  中图分类号： TP393
- 网络出版日期：2018-02，
  
  纸质出版日期：2018-02-25
- 稿件说明：
移动端阅览
苏铓, 史国振, 付安民, 等. 基于代理重加密的云端多要素访问控制方案[J]. 通信学报, 2018,39(2):96-104.

Mang SU, Guozhen SHI, Anmin FU, et al. Proxy re-encryption based multi-factor access control scheme in cloud[J]. Journal on communications, 2018, 39(2): 96-104.
苏铓, 史国振, 付安民, 等. 基于代理重加密的云端多要素访问控制方案[J]. 通信学报, 2018,39(2):96-104. DOI： 10.11959/j.issn.1000-436x.2018028.

Mang SU, Guozhen SHI, Anmin FU, et al. Proxy re-encryption based multi-factor access control scheme in cloud[J]. Journal on communications, 2018, 39(2): 96-104. DOI： 10.11959/j.issn.1000-436x.2018028.

摘要

云服务是天地一体化信息网络的重要应用形式之一，用户可以通过云快捷、方便地获取信息和服务。云端数据的机密性、完整性直接关系到天地一体化信息网络的数据安全，所以云端数据多以密文形式进行流通。云端访问控制技术的研究则需要面向密文数据，同时兼顾复杂环境下的多要素描述需求。以此为背景，结合代理重加密技术，提出一种云端多要素访问控制（PRE-MFAC

proxy re-encryption based multi-factor access control）方案，首先，明确设计目标和前提假设；其次，构造具体方案，描述PRE-MFAC系统模型和相关算法；最后，对PRE-MFAC的安全性、特点进行比较分析。PRE-MFAC通过将代理重加密技术和多要素访问控制融合，实现云端密文数据的多要素化授权管理，同时，充分发挥云端服务器的运算和存储能力，降低个人用户加解密运算量和密钥管理难度。

Abstract

Cloud computing is one of the space-ground integration information network applications.Users can access data and retrieve service easily and quickly in cloud.The confidentiality and integrity of the data cloud have a direct correspondence to data security of the space-ground integration information network.Thus the data in cloud is transferred with encrypted form to protect the information.As an important technology of cloud security

access control should take account of multi-factor and cipher text to satisfy the complex requirement for cloud data protection.Based on this

a proxy re-encryption based multi-factor access control (PRE-MFAC) scheme was proposed.Firstly

the aims and assumptions of PRE-MFAC were given.Secondly

the system model and algorithm was defined.Finally

the security and properties of PRE-MFAC were analyzed.The proposed scheme has combined the PRE and multi-factor access control together and realized the multi-factor permission management of cipher text in cloud.Meanwhile

it can make the best possible use of cloud in computing and storing

then reduce the difficulty of personal user in cryptographic computing and key managing.

关键词

Keywords

references

李凤华 , 殷丽华 , 吴巍 , 等 . 天地一体化信息网络安全保障技术研究进展及发展趋势 [J ] . 通信学报 , 2016 , 37 ( 11 ): 156 - 168 .

LI F H , YIN L H , WU W , et al . Research status and development trends of security assurance for space-ground integration information network [J ] . Journal on Communications , 2016 , 37 ( 11 ): 156 - 168 .

JHA S , SURAL S , VAIDYA J , et al . Security analysis of temporal RBAC under an administrative model [J ] . Computers ＆ Security , 2014 ( 46 ): 154 - 172 .

杨柳 , 唐卓 , 李仁发 , 等 . 云计算环境中基于用户访问需求的角色查找算法 [J ] . 通信学报 , 2011 , 32 ( 7 ): 169 - 175 .

YANG L , TANG Z , LI R F , et al . Roles query algorithm in cloud computing environment based on user require [J ] . Journal on Communications , 2011 , 32 ( 7 ): 169 - 175 .

LUO J , WANG H , GONG X , et al . A novel role-based access control model in cloud environments [J ] . International Journal of Computational Intelligence Systems , 2016 , 9 ( 1 ): 1 - 9 .

LI J W , SQUICCIARINI A , LIN D J , et al . SecLoc:securing location-sensitive storage in the cloud [C ] // The 20th ACM Symposium on Access Control Models and Technologies . 2015 : 51 - 61 .

ZHOU L , VARADHARAJAN V , HITCHENS M . Trust enhanced cryptographic role-based access control for secure cloud data storage [J ] . IEEE Transactions on Information Forensics and Security , 2015 , 10 ( 11 ): 2381 - 2395 .

ZHOU L , VARADHARAJAN V , GOPINATH K . A secure role-based cloud storage system for encrypted patient-centric health records [J ] . Computer Journal , 2016 , 59 ( 11 ): 1593 - 1611 .

XU P , JIAO T , WU Q , et al . Conditional identity-based broadcast proxy re-encryption and its application to cloud email [J ] . IEEE Transactions on Computers , 2015 , 65 ( 1 ): 66 - 79 .

ZHANG Y , LI J , CHEN X , et al . Anonymous attribute based proxy re-encryption for access control in cloud computing [J ] . Security and Communication Networks , 2016 , 9 ( 14 ): 2397 - 2411 .

LI J , ZHAO X , ZHANG Y , et al . Provably secure certificate-based conditional proxy re-encryption [J ] . Journal of Information Science ＆Engineering , 2016 , 32 ( 4 ): 813 - 830 .

LIU Q , WANG G , WU J . Time-based proxy re-encryption scheme for secure data sharing in a cloud environment [J ] . Information Sciences , 2014 , 258 ( 3 ): 355 - 370 .

YANG Y , LU H , WENG J , et al . Fine-grained conditional proxy re-encryption and application [C ] // International Conference on Provable Security . 2014 : 206 - 222 .

苏铓 , 史国振 , 谢绒娜 , 等 . 面向移动云计算的多要素代理重加密方案 [J ] . 通信学报 , 2015 , 36 ( 11 ): 73 - 79 .

SU M , SHI G Z , XIE R N , et al . Multi-element based on proxy re-encryption scheme for mobile cloud computing [J ] . Journal on Communications , 2015 , 36 ( 11 ): 73 - 79 .

SU M , LI F , SHI G , et al . A user-centric data secure creation scheme in cloud computing [J ] . Chinese Journal of Electronics , 2016 , 25 ( 4 ): 753 - 760 .

TANG Q , . Type-based proxy re-encryption and its construction [C ] // International Conference on Cryptology in India:Progress in Cryptology . 2008 : 130 - 144 .

YANG K , LIU Z , JIA X , et al . Time-domain attribute-based access control for cloud-based video content sharing:a cryptographic approach [J ] . IEEE Transactions on Multimedia , 2016 , 18 ( 5 ): 940 - 950 .

浏览量

1588

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向云存储且支持重加密的多关键词属性基可搜索加密方案

基于NTRU的多密钥同态代理重加密方案及其应用

面向云存储的高效动态密文访问控制方法

云计算环境中基于用户访问需求的角色查找算法

基于Hyperledger Fabric的电子病历共享方案