雾计算中细粒度属性更新的外包计算访问控制方案

杜瑞忠; 闫沛文; 刘妍

doi:10.11959/j.issn.1000-436x.2021063

您当前的位置：

首页 >

文章列表页 >

雾计算中细粒度属性更新的外包计算访问控制方案

学术论文 | 更新时间：2024-06-05

- 雾计算中细粒度属性更新的外包计算访问控制方案
- Fine-grained attribute update and outsourcing computing access control scheme in fog computing
- 通信学报 2021年42卷第3期页码：160-170
- 作者机构：
  
  1. 河北大学网络空间安全与计算机学院，河北保定 071000
  2. 河北省高可信信息系统重点实验室，河北保定 071000
- 作者简介：
  
  [ "杜瑞忠（1975- ），男，河北献县人，博士，河北大学教授、博士生导师，主要研究方向为可信计算、信息安全等。" ]
  [ "闫沛文（1994- ），男，河北张家口人，河北大学硕士生，主要研究方向为信息安全、访问控制、雾计算等。" ]
  [ "刘妍（1994- ），女，河北保定人，河北大学硕士生，主要研究方向为网络安全、物联网安全、边缘计算等。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61572170);河北省自然科学基金资助项目(F2018201153);河北省自然科学基金重点资助项目(F2019201290)
- DOI：10.11959/j.issn.1000-436x.2021063
  中图分类号： TP309
- 网络出版日期：2021-03，
  
  纸质出版日期：2021-03-25
- 稿件说明：
移动端阅览
杜瑞忠, 闫沛文, 刘妍. 雾计算中细粒度属性更新的外包计算访问控制方案[J]. 通信学报, 2021,42(3):160-170.

Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing[J]. Journal on communications, 2021, 42(3): 160-170.
杜瑞忠, 闫沛文, 刘妍. 雾计算中细粒度属性更新的外包计算访问控制方案[J]. 通信学报, 2021,42(3):160-170. DOI： 10.11959/j.issn.1000-436x.2021063.

Ruizhong DU, Peiwen YAN, Yan LIU. Fine-grained attribute update and outsourcing computing access control scheme in fog computing[J]. Journal on communications, 2021, 42(3): 160-170. DOI： 10.11959/j.issn.1000-436x.2021063.

摘要

针对基于密文策略的属性加密（CP-ABE）在低时延需求较高的雾计算环境中，存在加解密开销大、属性更新效率低的问题，提出了一种雾计算中细粒度属性更新的外包计算访问控制方案，使用模加法一致性秘密（密钥）分享技术构建访问控制树，将加解密计算操作外包给雾节点，降低用户加解密开销；结合重加密机制，在雾节点建立组密钥二叉树对密文进行重加密，实现对用户属性的灵活更新。安全性分析表明，所提方案在决策双线性 Diffie-Hellman 假设下是安全的。仿真实验结果表明，所提方案中用户加解密时间开销相比其他方案更小，属性更新效率更高。

Abstract

To slove the problem that in the fog computing environment with comparatively high low latency demand

ciphertext policy attribute based encryption (CP-ABE) faced the problems of high encryption and decryption overhead and low efficiency of attribute update

an fine-grained attribute update and outsourcing computing access control scheme in fog computing was proposed.The unanimous consent control by modular addition technique was used to construct an access control tree

and the computing operations of ecryption and decryption were outsourced to fog nodes in order to reduce user encryption and decryption overhead.Combined with the re-encryption mechanism

a group key binary tree was established at the fog node to re-encrypt the ciphertext so that user attribute can be updated flexibly.The security analysis shows that the proposed scheme is safe under the decision bilinear Diffie-Hellman hypothesis.Compared with other schemes

the results of simulation experiment prove that the time cost of user encryption and decryption in this scheme is lower and the efficiency of attribute update is higher.

关键词

Keywords

references

HABIBI P , FARHOUDI M , KAZEMIAN S , et al . Fog computing:a comprehensive architectural survey [J ] . IEEE Access , 2020 , 8 : 69105 - 69133 .

GUO R , ZHUANG C , SHI H , et al . A lightweight verifiable outsourced decryption of attribute-based encryption scheme for blockchain-enabled wireless body area network in fog computing [J ] . International Journal of Distributed Sensor Networks , 2020 ,DOI:10.1177/1550147720906796.

JIANG J F , TANG L Y , GU K , et al . Secure computing resource allocation framework for open fog computing [J ] . The Computer Journal , 2020 , 63 ( 4 ): 567 - 592 .

SHAHID M H , HAMEED A R , ISLAM S U , et al . Energy and delay efficient fog computing using caching mechanism [J ] . Computer Communications , 2020 , 154 : 534 - 541 .

DESIKAN K E S , KOTAGI V J , MURTHY C S R . Topology control in fog computing enabled IoT networks for smart cities [J ] . Computer Networks , 2020 , 167 : 107270 .

VILELA P H , RODRIGUES J J P C , RIGHI R R , et al . Looking at fog computing for E-health through the lens of deployment challenges and applications [J ] . Sensors , 2020 , 20 ( 9 ): 2553 .

李琦 , 朱洪波 , 熊金波 , 等 . mHealth中可追踪多授权机构基于属性的访问控制方案 [J ] . 通信学报 , 2018 , 39 ( 6 ): 1 - 10 .

LI Q , ZHONG H B , XIONG J B , et al . Multi-authority attribute-based access control system in mHealth with traceability [J ] . Journal on Communications , 2018 , 39 ( 6 ): 1 - 10 .

ALEISA M A , ABUHUSSEIN A , SHELDON F T . Access control in fog computing:challenges and research agenda [J ] . IEEE Access , 2020 , 8 : 83986 - 83999 .

ZHANG P Y , ZHOU M C , FORTINO G . Security and trust issues in fog computing:a survey [J ] . Future Generation Computer Systems , 2018 , 88 : 16 - 27 .

BETHENCOURT J , AMIT S , WATERS B . Ciphertext-policy attribute based encryption [C ] // 2007 IEEE Symposium on Security ＆ Privacy . Piscataway:IEEE Press , 2007 : 321 - 334 .

WANG H , ZHENG Z H , WU L , et al . New large-universe multi-authority ciphertext-policy ABE scheme and its application in cloud storage systems [J ] . Journal of High Speed Networks , 2016 , 22 ( 2 ): 153 - 167 .

LIANG K T , SUSILO W . Searchable attribute-based mechanism with efficient data sharing for secure cloud storage [J ] . IEEE Transactions on Information Forensics and Security , 2015 , 10 ( 9 ): 1981 - 1992 .

IBRAIMI L , TANG Q , HARTEL P H . Efficient and provable secure ciphertext-policy attribute-based encryption schemes lecture notes in computer science [C ] // 2009 International Conference on Information Security Practice and Experience(ISPEC) . Berlin:Springer , 2009 : 1 - 12 .

WANG H Q , HE D B , HAN J G . VOD-ADAC:anonymous distributed fine-grained access control protocol with verifiable outsourced decryption in public cloud [J ] . IEEE Transactions on Services Computing , 2017 , 13 ( 3 ): 572 - 583 .

WANG H Q , HE D B , YU J , et al . Incentive and unconditionally anonymous identity-based public provable data possession [J ] . IEEE Transactions on Services Computing , 2016 , 12 ( 5 ): 824 - 835 .

JIN Y , TIAN C , HE H , et al . A secure and lightweight data access control scheme for mobile cloud computing [C ] // 2015 IEEE Fifth International Conference on Big Data and Cloud Computing . Piscataway:IEEE Press , 2015 : 172 - 179 .

GREEN M , HOHENBERGER S , WATERS B . Outsourcing the decryption of ABE ciphertexts [C ] // Proceedings of the 20th USENIX Conference on Security . Berkeley:USENIX Association , 2011 : 523 - 538 .

MAO X P , LAI J Z , MEI Q X , et al . Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption [J ] . IEEE Transactions on Dependable and Secure Computing , 2016 , 13 ( 5 ): 533 - 546 .

KUMAR P P , KUMAR P S , ALPHONSE P J A . A new verifiable outsourced ciphertext-policy attribute based encryption for big data privacy and access control in cloud [J ] . Journal of Ambient Intelligence and Humanized Computing , 2019 , 10 : 2693 - 2707 .

KIBIWOTT K P , FENGLI Z , ANYEMBE O A , et al . Secure cloudlet-based ehealth big data system with fine-grained access control and outsourcing decryption from ABE [J ] . International Journal of Network Security , 2018 , 20 ( 6 ): 1149 - 1162 .

AL-DAHHAN R R , SHI Q , LEE G M , et al . Revocable,decentralized multi-authority access control system [C ] // 2018 IEEE/ACM International Conference on Utility and Cloud Computing Companion . Piscataway:IEEE Press , 2018 : 220 - 225 .

ZHANG P , CHEN Z , LIU J K , et al . An efficient access control scheme with outsourcing capability and attribute update for fog computing [J ] . Future Generation Computer Systems , 2018 , 78 ( 2 ): 753 - 762 .

CHEN N , GERLA M , HUANG D , et al . Secure,selective group broadcast in vehicular networks using dynamic attribute based encryption [C ] // 2010 The 9th IFIP Annual Mediterranean Ad Hoc Networking Workshop . Piscataway:IEEE Press , 2010 ,DOI:10.1109/ MEDHOCNET.2010.5546877.

HUR J , NOH D K . Attribute-based access control with efficient revocation in data outsourcing systems [J ] . IEEE Transactions on Parallel and Distributed Systems , 2011 , 22 ( 7 ): 1214 - 1221 .

LIU Z H , DUAN S H , ZHOU P L , et al . Traceable-then-revocable ciphertext-policy attribute-based encryption scheme [J ] . Future Generation Computer Systems , 2019 , 93 : 903 - 913 .

张凯 , 马建峰 , 李辉 , 等 . 支持高效撤销的多机构属性加密方案 [J ] . 通信学报 , 2017 , 38 ( 3 ): 83 - 91 .

ZHANG K , MA J F , LI H , et al . Multi-authority attribute-based encryption with efficient revocation [J ] . Journal on Communications , 2017 , 38 ( 3 ): 83 - 91 .

浏览量

834

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

雾计算中基于无配对CP-ABE可验证的访问控制方案

面向云存储且支持重加密的多关键词属性基可搜索加密方案

基于区块链的噪声化数据分享控制协议

安全雾计算物联网的联合资源配置方法

基于区块链的可溯源访问控制机制