基于属性的多授权中心身份认证方案

唐飞; 包佳立; 黄永洪; 黄东; 王惠莅

doi:10.11959/j.issn.1000-436x.2021047

您当前的位置：

首页 >

文章列表页 >

基于属性的多授权中心身份认证方案

学术通信 | 更新时间：2024-06-05

- 基于属性的多授权中心身份认证方案
- Multi-authority attribute-based identification scheme
- 通信学报 2021年42卷第3期页码：220-228
- 作者机构：
  
  1. 重庆邮电大学计算机科学与技术学院，重庆 400065
  2. 重庆邮电大学网络空间安全与信息法学院，重庆 400065
  3. 重庆机电职业技术大学信息工程学院，重庆 402760
  4. 中国电子技术标准化研究院信息安全研究中心，北京 100076
  5. 西安电子科技大学综合业务网理论及关键技术国家重点实验室，陕西西安 710071
- 作者简介：
  
  [ "唐飞（1986- ），男，重庆人，博士，重庆邮电大学副教授、硕士生导师，主要研究方向为公钥密码、隐私保护、区块链等。" ]
  [ "包佳立（1994- ），女，重庆人，重庆邮电大学硕士生，主要研究方向为公钥密码、区块链。" ]
  [ "黄永洪（1974- ），男，重庆人，重庆邮电大学讲师，主要研究方向为信息安全、密码学等。" ]
  [ "黄东（1981- ），男，重庆人，重庆机电职业技术大学教授，主要研究方向为通信安全、公钥密码学等。" ]
  [ "王惠莅（1977- ），女，河南清丰人，中国电子技术标准化研究院高级工程师，主要研究方向为信息安全、云计算等。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2018YFB0803905);国家自然科学基金资助项目(61702067);重庆市自然科学基金资助项目(cstc2017jcyjAX0201);重庆市自然科学基金资助项目(cstc2020jcyj-msxmX0343)
- DOI：10.11959/j.issn.1000-436x.2021047
  中图分类号： TP309
- 网络出版日期：2021-03，
  
  纸质出版日期：2021-03-25
- 稿件说明：
移动端阅览
唐飞, 包佳立, 黄永洪, 等. 基于属性的多授权中心身份认证方案[J]. 通信学报, 2021,42(3):220-228.

Fei TANG, Jiali BAO, Yonghong HUANG, et al. Multi-authority attribute-based identification scheme[J]. Journal on communications, 2021, 42(3): 220-228.
唐飞, 包佳立, 黄永洪, 等. 基于属性的多授权中心身份认证方案[J]. 通信学报, 2021,42(3):220-228. DOI： 10.11959/j.issn.1000-436x.2021047.

Fei TANG, Jiali BAO, Yonghong HUANG, et al. Multi-authority attribute-based identification scheme[J]. Journal on communications, 2021, 42(3): 220-228. DOI： 10.11959/j.issn.1000-436x.2021047.

摘要

针对现有的基于属性的身份认证方案均是基于单授权中心实现的，存在密钥托管问题，即密钥生成中心知道所有用户的私钥，提出了一种基于属性的多授权中心的身份认证方案。所提方案结合分布式密钥生成技术实现用户属性私钥的(t

n)门限生成机制，可以抵抗最多来自 t-1 个授权中心的合谋攻击。利用双线性映射构造了所提方案，分析了所提方案的安全性、计算开销和通信开销，并与同类型方案做比较。最后，以多因子身份认证为例，分析了所提方案在电子凭据应用场景中的可行性。分析结果表明，所提方案具有更优的综合性能。

Abstract

Based on the problem that the existing attribute-based identification scheme is all based on one single authority

which has a key escrow problem

that is

the key generation center knows all users’ private keys

an multi-authority attribute-based identification scheme was proposed.Distributed key generation technology was integrated to realize the (t

n) threshold generation mechanism of the user’s private key

which could resist collusion attacks from at most t-1 authorities.Utilizing bilinear mapping

a specific multi-authority attribute-based identification scheme was constructed.The security

computation cost and communication cost of the proposed scheme was analyzed

and it was compared with the same type of schemes.Finally

taking multi-factor identification as an example

the feasibility of the proposed scheme in the application scenario of electronic credentials was analyzed.The result shows that the proposed scheme has better comprehensive performance.

关键词

Keywords

references

FIAT A , SHAMIR A . How to prove yourself:practical solutions to identification and signature problems [C ] // Advances in Cryptology-CRYPTO’ 86 . Berlin:Springer , 1987 : 186 - 194 .

SCHNORR C P . Efficient signature generation by smart cards [J ] . Journal of Cryptology , 1991 , 4 ( 3 ): 161 - 174 .

GUILLOU L C , QUISQUATER J J . A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory [C ] // Workshop on Advances in Cryptology-Eurocrypt . Berlin:Springer , 1988 : 123 - 128 .

SHAMIR A , . Identity-based cryptosystems and signature schemes [C ] // International Cryptology Conference . Berlin:Springer , 1985 : 47 - 53 .

KUROSAWA K , HENG S . Identity-based identification without random oracles [C ] // International Conference on Computational Science and Its Applications . Berlin:Springer , 2005 : 603 - 613 .

BONEH D , BOYEN X . Short signatures without random oracles [C ] // Theory and Application of Cryptographic Techniques . Berlin:Springer , 2004 : 56 - 73 .

CHIN J J , HENG S H , GOI B M . An efficient and provable secure identity-based identification scheme in the standard model [C ] // Public Key Infrastructure,5th European PKI Workshop:Theory and Practice,EuroPKI . Berlin:Springer , 2008 : 60 - 73 .

BARAPATRE P , RANGAN C P . Identity-based identification schemes from ID-KEMs [C ] // International Conference on Security . Berlin:Springer , 2013 : 111 - 129 .

SAHAI A , WATERS B . Fuzzy identity-based encryption [C ] // International Conference on Theory and Applications of Cryptographic Techniques . Berlin:Springer , 2005 : 457 - 473 .

GOVAL V , PANDEY O , SAHAI A , et al . Attribute-based encryption for fine-grained access control of encrypted data [C ] // Proceedings of the 13th ACM Conference on Computer and Communications Security . New York:ACM Press , 2006 : 89 - 98 .

BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption [C ] // IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2007 : 321 - 334 .

MAJI H , PRABHAKARAN M , ROULEK M . Attribute-based signatures [C ] // Topics in Cryptology-CT-RSA . Berlin:Springer , 2011 : 376 - 392 .

TANG F , LI H , LIANG B . Attribute-based signatures for circuits from multilinear maps [C ] // International Conference on Information Security . Berlin:Springer , 2014 : 54 - 71 .

LI J , AU M H , SUSILO W , et al . Attribute-based signature and its applications [C ] // ACM Symposium on Information . New York:ACM Press , 2010 : 60 - 69 .

OKAMOTO T , TAKASHIMA K . Efficient attribute-based signatures for non-monotone predicates in the standard model [J ] . IEEE International Conference on Cloud Computing Technology and Science , 2014 , 2 ( 4 ): 409 - 421 .

YONEYANAMA K , . Strongly secure two-pass attribute-based authenticated key exchange [C ] // International Conference on Pairing-Based Cryptography . Saarland:DBLP , 2010 : 147 - 166 .

TANG F , ZHANG R , LI H . Attribute-based non-interactive key exchange [J ] . Science China Information Sciences , 2017 , 60 ( 2 ): 206 .

ANADA H , ARITA S , HANDA S , et al . Attribute-based identification:definitions and efficient constructions [C ] // Australasian Conference on Information Security and Privacy . Berlin:Springer , 2013 : 168 - 186 .

CHASE M , . Multi-authority attribute based encryption [C ] // Theory of Cryptography Conference . Berlin:Springer , 2007 : 515 - 534 .

LIN H , CAO Z , LIANG X , et al . Secure threshold multi authority attribute based encryption without a central authority [J ] . Information Sciences , 2010 , 180 ( 13 ): 2618 - 2632 .

GENNARO R , JARECKI S , KRAWCZYK H , et al . Secure distributed key generation for discrete-log based cryptosystems [C ] // Theory and Application of Cryptographic Techniques . Berlin:Springer , 1999 : 295 - 310 .

TANG F , MA S , XIANG Y , et al . An efficient authentication scheme for blockchain-based electronic health records [J ] . IEEE Access , 2019 , 7 : 41678 - 41689 .

CAO D , ZHAO B , WANG X , et al . Multi-authority attribute-based signature [C ] // Third International Conference on Intelligent Networking and Collaborative Systems . Piscataway:IEEE Press , 2011 : 668 - 672 .

LIU X , ZHANG R , XUE R , et al . Multi-central-authority attribute-based signature [C ] // Proceedings of the 2012 Fourth International Symposium on Information Science and Engineering . New York:ACM Press , 2012 : 173 - 178 .

GUO R , SHI H , ZHAO Q , et al . Secure attribute-based signature scheme with multiple authorities for blockchain in electronic health records systems [J ] . IEEE Access , 2018 , 6 : 11676 - 11686 .

莫若 , 马建峰 , 刘西蒙 , 等 . 支持树形访问结构的多权威基于属性的签名方案 [J ] . 通信学报 , 2017 , 38 ( 7 ): 96 - 104 .

MO R , MA J F , LIU X M , et al . Multi-authority ABS supporting dendritic access structure [J ] . Journal on Communications , 2017 , 38 ( 7 ): 96 - 104 .

张凯 , 马建峰 , 李辉 , 等 . 支持高效撤销的多机构属性加密方案 [J ] . 通信学报 , 2017 , 38 ( 3 ): 83 - 91 .

ZHANG K , MA J F , LI H , et al . Multi-authority attribute-based encryption with efficient revocation [J ] . Journal on Communications , 2017 , 38 ( 3 ): 83 - 91 .

路世翠 . 电子凭据服务系统的多元身份管理机制研究 [D ] . 西安电子科技大学 , 2019 .

LU S C . Research on the multi-identity management mechanism of electronic credential service system [D ] . Xi’an:Xidian University , 2019 .

张敏 , 何远德 , 张阳 . 多服务器环境下可实现访问控制的身份认方案 [J ] . 计算机工程与应用 , 2017 , 53 ( 17 ): 123 - 129 .

ZHANG M , HE Y D , ZHANG Y . Authentication scheme for multi-server enviroment based on Chebyshev chaotic map with access control [J ] . Computer Engineering and Applications , 2017 , 53 ( 17 ): 123 - 129 .

浏览量

699

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向云存储的基于属性加密的多授权中心访问控制方案

云存储系统中支持用户隐私保护的细粒度访问控制