具有可撤销功能的属性协同访问控制方案

彭长根; 彭宗凤; 丁红发; 田有亮; 刘荣飞

doi:10.11959/j.issn.1000-436x.2021058

您当前的位置：

首页 >

文章列表页 >

具有可撤销功能的属性协同访问控制方案

学术论文 | 更新时间：2024-06-06

- 具有可撤销功能的属性协同访问控制方案
- Attribute-based revocable collaborative access control scheme
- 通信学报 2021年42卷第5期页码：75-86
- 作者机构：
  
  1. 贵州省公共大数据重点实验室(贵州大学)，贵州贵阳 550025
  2. 贵州大学计算机科学与技术学院, 贵州贵阳 550025
  3. 贵州大学密码学与数据安全研究所，贵州贵阳 550025
  4. 贵州财经大学信息学院，贵州贵阳 550025
  5. 云上贵州大数据产业发展有限公司，贵州贵阳 550025
- 作者简介：
  
  [ "彭长根（1963- ），男，贵州锦屏人，博士，贵州大学教授、博士生导师，主要研究方向为隐私保护、密码学和大数据安全" ]
  [ "彭宗凤（1995- ），女，贵州遵义人，贵州大学硕士生，主要研究方向为密码学与访问控制" ]
  [ "丁红发（1988- ），男，河南南阳人，贵州大学在站博士后，主要研究方向为隐私保护和大数据安全" ]
  [ "田有亮（1982- ），男，贵州六盘水人，博士，贵州大学教授、博士生导师，主要研究方向为算法博弈论、密码学与安全协议、大数据安全与隐私保护等" ]
  [ "刘荣飞（1987- ），男，云南宣威人，云上贵州大数据产业发展有限公司高级工程师，主要研究方向为大数据安全" ]
- 基金信息：
  
  国家自然科学基金资助项目(U1836205);国家自然科学基金资助项目(61772008);贵州省科技计划基金资助项目([2018]2159);贵州省科技计划基金资助项目([2019]2004);贵州省科技计划基金资助项目([2020]5017);贵州省科技计划基金资助项目([2018]3001);贵州省高等学校创新人才团队基金资助项目([2013]09);“十三五”国家密码发展基金资助项目(MMJJ20170129)
- DOI：10.11959/j.issn.1000-436x.2021058
  中图分类号： TP309
- 网络首发：2021-05，
  
  纸质出版：2021-05-25
- 稿件说明：
移动端阅览
彭长根, 彭宗凤, 丁红发, 等. 具有可撤销功能的属性协同访问控制方案[J]. 通信学报, 2021,42(5):75-86.

Changgen PENG, Zongfeng PENG, Hongfa DING, et al. Attribute-based revocable collaborative access control scheme[J]. Journal on Communications, 2021, 42(5): 75-86.
彭长根, 彭宗凤, 丁红发, 等. 具有可撤销功能的属性协同访问控制方案[J]. 通信学报, 2021,42(5):75-86. DOI： 10.11959/j.issn.1000-436x.2021058.

Changgen PENG, Zongfeng PENG, Hongfa DING, et al. Attribute-based revocable collaborative access control scheme[J]. Journal on Communications, 2021, 42(5): 75-86. DOI： 10.11959/j.issn.1000-436x.2021058.

摘要

针对属性协同访问控制面临更复杂的权限动态更新问题，提出了具有属性即时撤销、属性级用户撤销和协同策略撤销的属性协同访问控制方案。所提方案给出了形式化定义与安全模型，以分组属性组内成员列表信息的变化反映用户权限的动态更新，进一步设计高效的重加密算法实现属性即时撤销和用户撤销。在协同策略撤销方面，利用转移节点的转移值特性，快速更新协同属性对应的密文以实现细粒度的协同策略撤销。安全证明表明，所提方案在选择明文攻击下能保证数据机密性，前向、后向安全性，并能抵抗共谋攻击。与已有方案相比，所提方案具有更完备的细粒度撤销功能以及更高的撤销运行效率。

Abstract

To solve the dynamic update of access rights in attribute-based collaborative access control

a novel scheme was proposed with the revocation of attribute

user and collaborative policy.A formal definition and a security model were presented

the group-based attribute group were changed to reflect the update of rights

and further

an efficient re-encryption algorithm was used to realize the immediate revocation of attributes and users.The translation value was used to achieve the revocation of collaborative policy by update corresponding ciphertext.The security analysis shows the scheme can guarantee data confidentiality

forward/backward security

and resist collusion attack under chosen plaintext attack.Compared with the related works

the proposal achieved more complete and efficient revocation scheme.

关键词

Keywords

references

DU M X , WANG Q , HE M Q , et al . Privacy-preserving indexing and query processing for secure dynamic cloud storage [J ] . IEEE Transactions on Information Forensics and Security , 2018 , 13 ( 9 ): 2320 - 2332 .

SAHAI A , WATERS B . Fuzzy identity-based encryption [C ] // 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques . Berlin:Springer , 2005 : 457 - 473 .

GOYAL V , PANDEY O , SAHAI A , et al . Attribute-based encryption for fine-grained access control of encrypted data [C ] // Proceedings of the 13th ACM Conference on Computer and Communications Security . New York:ACM Press , 2006 : 89 - 98 .

BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption [C ] // 2007 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2007 : 321 - 334 .

WATERS B , . Ciphertext-policy attribute-based encryption:an expressive,efficient,and provably secure realization [C ] // International Workshop on Practice and Theory in Public Key Cryptography . Berlin:Springer , 2011 : 53 - 70 .

XUE K P , XUE Y J , HONG J N , et al . RAAC:robust and auditable access control with multiple attribute authorities for public cloud storage [J ] . IEEE Transactions on Information Forensics and Security , 2017 , 12 ( 4 ): 953 - 967 .

LI W , XUE K P , XUE Y J , et al . TMACS:a robust and verifiable threshold multi-authority access control system in public cloud storage [J ] . IEEE Transactions on Parallel and Distributed Systems , 2016 , 27 ( 5 ): 1484 - 1496 .

XUE K P , CHEN W K , LI W , et al . Combining data owner-side and cloud-side access control for encrypted cloud storage [J ] . IEEE Transactions on Information Forensics and Security , 2018 , 13 ( 8 ): 2062 - 2074 .

PACI F , SQUICCIARINI A , ZANNONE N . Survey on access control for community-centered collaborative systems [J ] . ACM Computing Surveys , 2018 , 51 ( 1 ): 1 - 38 .

SHAMIR A . How to share a secret [J ] . Communications of the ACM , 1979 , 22 ( 11 ): 612 - 613 .

TASSA T . Hierarchical threshold secret sharing [J ] . Journal of Cryptology , 2007 , 20 ( 2 ): 237 - 264 .

SUSILO W , JIANG P , GUO F C , et al . EACSIP:extendable access control system with integrity protection for enhancing collaboration in the cloud [J ] . IEEE Transactions on Information Forensics and Security , 2017 , 12 ( 12 ): 3110 - 3122 .

XUE Y J , XUE K P , GAI N , et al . An attribute-based controlled collaborative access control scheme for public cloud storage [J ] . IEEE Transactions on Information Forensics and Security , 2019 , 14 ( 11 ): 2927 - 2942 .

HUMBERT M , TRUBERT B , HUGUENIN K . A survey on interdependent privacy [J ] . ACM Computing Surveys , 2020 , 52 ( 6 ): 1 - 40 .

房梁 , 殷丽华 , 郭云川 , 等 . 基于属性的访问控制关键技术研究综述 [J ] . 计算机学报 , 2017 , 40 ( 7 ): 1680 - 1698 .

FANG L , YIN L H , GUO Y C , et al . A survey of key technologies in attribute-based access control scheme [J ] . Chinese Journal of Comput-ers , 2017 , 40 ( 7 ): 1680 - 1698 .

ATTRAPADUNG N , IMAI H . Conjunctive broadcast and attribute-based encryption [C ] // 3rd International Conference on Pairing-Based Cryptography . Berlin:Springer , 2009 : 248 - 265 .

LIU J K , YUEN T H , ZHANG P , et al . Time-based direct revocable ciphertext-policy attribute-based encryption with short revocation list [C ] // 16th International Conference on Applied Cryptography and Network Security . Berlin:Springer , 2018 : 516 - 534 .

YEH L Y , CHIANG P Y , TSAI Y L , et al . Cloud-based fine-grained health information access control framework for lightweight IoT devices with dynamic auditing and attribute revocation [J ] . IEEE Transactions on Cloud Computing , 2018 , 6 ( 2 ): 532 - 544 .

HAO J L , HUANG C , LIU J , et al . Efficient outsourced data access control with user revocation for cloud-based IoT [C ] // 2018 IEEE Global Communications Conference . Piscataway:IEEE Press , 2018 : 1 - 6 .

HUR J , NOH D K . Attribute-based access control with efficient revocation in data outsourcing systems [J ] . IEEE Transactions on Parallel and Distributed Systems , 2011 , 22 ( 7 ): 1214 - 1221 .

LI M T , HUANG X Y , LIU J K , et al . GO-ABE:group-oriented attribute-based encryption [M ] . Cham : Springer International Publishing , 2014 .

YEH S C , SU M Y , CHEN H H , et al . An efficient and secure approach for a cloud collaborative editing [J ] . Journal of Network and Computer Applications , 2013 , 36 ( 6 ): 1632 - 1641 .

史姣丽 , 黄传河 , 王晶 , 等 . 云存储下多用户协同访问控制方案 [J ] . 通信学报 , 2016 , 37 ( 1 ): 88 - 99 .

SHI J L , HUANG C H , WANG J , et al . Multi-user collaborative access control scheme in cloud storage [J ] . Journal on Communications , 2016 , 37 ( 1 ): 88 - 99 .

ILIA P , CARMINATI B , FERRARI E , et al . SAMPAC:Socially-aware collaborative multi-party access control [C ] // 7th ACM on Conference on Data and Application Security and Privacy . New York:ACM Press , 2017 : 71 - 82 .

HUANG Q L , LI N , YANG Y X . DACSC:dynamic and fine-grained access control for secure data collaboration in cloud computing [C ] // 2018 IEEE Global Communications Conference . Piscataway:IEEE Press , 2018 : 1 - 7 .

LI C H , XIE W R , ZHOU K . Efficient binary-encoding access control policy combination for large-scale collaborative scenarios [C ] // 2018 17th IEEE International Conference on Trust,Security and Privacy in Computing and Communications/ 12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE) . Piscataway:IEEE Press , 2018 : 560 - 566 .

BOBBA R , KHURANA H , PRABHAKARAN M . Attribute-sets:a practically motivated enhancement to attribute-based encryption [C ] // 14th European Conference on Research in Computer Security . Berlin:Springer , 2009 : 587 - 604 .

王光波 , 刘海涛 , 王晨露 , 等 . 云存储环境下可撤销属性加密 [J ] . 计算机研究与发展 , 2018 , 55 ( 6 ): 76 - 86 .

WANG G B , LIU H T , WANG C L , et al . Revocable attribute-based encryption in cloud storage [J ] . Journal of Computer Research and De-velopment , 2018 , 55 ( 6 ): 76 - 86 .

NAOR D , NAOR M , LOTSPIECH J . Revocation and tracing schemes for stateless receivers [C ] // 21st Annual International Cryptology Conference . Berlin:Springer , 2001 : 41 - 62 .

浏览量

950

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

支持访问策略部分隐藏的CP-ABE方案

支持高效撤销的多机构属性加密方案

Si基CeO₂薄膜的发光特性

In_0.2Ga_0.8As/GaAs单量子阱PL谱温度特性及其机制

前驱溶液的pH值对制备Ca₂Zn₄Ti₁₆O₃₈ ∶ Pr³⁺,Na⁺ 发光粉物相、形貌和发光性质的影响