雾计算中基于无配对CP-ABE可验证的访问控制方案

董江涛; 闫沛文; 杜瑞忠

doi:10.11959/j.issn.1000-436x.2021162

您当前的位置：

首页 >

文章列表页 >

雾计算中基于无配对CP-ABE可验证的访问控制方案

学术论文 | 更新时间：2024-06-05

- 雾计算中基于无配对CP-ABE可验证的访问控制方案
- Verifiable access control scheme based on unpaired CP-ABE in fog computing
- 通信学报 2021年42卷第8期页码：139-150
- 作者机构：
  
  1. 中国电子科技集团公司第五十四研究所，河北石家庄 050081
  2. 河北大学网络空间安全与计算机学院，河北保定 071002
- 作者简介：
  
  [ "董江涛（1981- ），男，河北石家庄人，中国电子科技集团公司第五十四研究所高级工程师，主要研究方向为航天地面运控应用" ]
  [ "闫沛文（1994- ），男，河北张家口人，河北大学硕士生，主要研究方向为信息安全、访问控制、雾计算等" ]
  [ "杜瑞忠（1975- ），男，河北保定人，博士，河北大学教授、博士生导师，主要研究方向为可信计算、信息安全等" ]
- 基金信息：
  
  国家自然科学基金资助项目(61572170);河北省自然科学基金资助项目(F2018201153);河北省自然科学基金重点资助项目(F2019201290)
- DOI：10.11959/j.issn.1000-436x.2021162
  中图分类号： TP309
- 网络首发：2021-08，
  
  纸质出版：2021-08-25
- 稿件说明：
移动端阅览
董江涛, 闫沛文, 杜瑞忠. 雾计算中基于无配对CP-ABE可验证的访问控制方案[J]. 通信学报, 2021,42(8):139-150.

Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing[J]. Journal on Communications, 2021, 42(8): 139-150.
董江涛, 闫沛文, 杜瑞忠. 雾计算中基于无配对CP-ABE可验证的访问控制方案[J]. 通信学报, 2021,42(8):139-150. DOI： 10.11959/j.issn.1000-436x.2021162.

Jiangtao DONG, Peiwen YAN, Ruizhong DU. Verifiable access control scheme based on unpaired CP-ABE in fog computing[J]. Journal on Communications, 2021, 42(8): 139-150. DOI： 10.11959/j.issn.1000-436x.2021162.

摘要

雾计算将计算能力和数据分析应用扩展至网络边缘，解决了云计算的时延问题，也为数据的安全性带来新的挑战。基于密文策略的属性加密（CP-ABE）是保证数据机密性与细粒度访问控制的技术，其中双线性配对的计算开销过大制约了其应用与发展。针对此，提出了一种雾计算中基于无配对CP-ABE可验证的访问控制方案，为了使CP-ABE更加高效，使用椭圆曲线加密中的简单标量乘法代替双线性配对，从而减少总体计算开销；将解密操作外包给雾节点来降低用户计算复杂度，根据区块链防篡改可溯源的特性实现了对访问事务的正确性验证并记录访问授权过程。安全性与性能分析表明，所提方案在椭圆曲线的决策DBDH假设下是安全的，且计算效率更高。

Abstract

Fog computing extends computing power and data analysis applications to the edge of the network

solves the latency problem of cloud computing

and also brings new challenges to data security.Attribute encryption based on ciphertext strategy (CP-ABE) is a technology to ensure data confidentiality and fine-grained access control.The excessive computational overhead of bilinear pairing restricts its application and development.In response to this

a verifiable access control scheme was proposed based on unpaired CP-ABE in fog computing.In order to make CP-ABE more efficient

simple scalar multiplication in elliptic curve encryption was used to replace bilinear pairing

thereby reducing the overall computational overhead.Decryption operations were outsourced to fog nodes to reduce user computational complexity

and based on the tamper-proof and traceable characteristics of the blockchain

the correctness of the access transaction was verified and the access authorization process was recorded.Security and performance analysis shows that the scheme is safe under the elliptic curve decision-making DBDH (Diffie-Hellman) assumption

and the calculation efficiency is higher.

关键词

Keywords

references

贾维嘉 , 周小杰 . 雾计算的概念、相关研究与应用 [J ] . 通信学报 , 2018 , 39 ( 5 ): 153 - 165 .

JIA W J , ZHOU X J . Concepts,issues,and applications of fog computing [J ] . Journal on Communications , 2018 , 39 ( 5 ): 153 - 165 .

GUO R , ZHUANG C Y , SHI H X , et al . A lightweight verifiable outsourced decryption of attribute-based encryption scheme for blockchain-enabled wireless body area network in fog computing [J ] . International Journal of Distributed Sensor Networks , 2020 , 16 ( 2 ): 155014772090679 .

JIANG J F , TANG L Y , GU K , et al . Secure computing resource allocation framework for open fog computing [J ] . The Computer Journal , 2020 , 63 ( 4 ): 567 - 592 .

SHAHID M H , HAMEED A R , ISLAM S U , et al . Energy and delay efficient fog computing using caching mechanism [J ] . Computer Communications , 2020 , 154 : 534 - 541 .

DESIKAN K E S , KOTAGI V J , MURTHY C S R . Topology control in fog computing enabled IoT networks for smart cities [J ] . Computer Networks , 2020 ,176:107270.

VILELA P H , RODRIGUES J J P C , RIGHI R D R , et al . Looking at fog computing for E-health through the lens of deployment challenges and applications [J ] . Sensors , 2020 , 20 ( 9 ): 2553 .

FERRAIOLO D , CUGINI J , KUHN D R . Role-based access control (RBAC):features and motivations [C ] // Proceedings of 11th Annual Computer Security Application Conference . Piscataway:IEEE Press , 1995 : 241 - 248 .

ZHANG P Y , ZHOU M C , FORTINO G . Security and trust issues in fog computing:a survey [J ] . Future Generation Computer Systems , 2018 , 88 : 16 - 27 .

BETHENCOURT J , SAHAI A , WATERS B . Ciphertext-policy attribute-based encryption [C ] // 2007 IEEE Symposium on Security and Privacy . Piscataway:IEEE Press , 2007 : 321 - 334 .

WANG H , ZHENG Z H , WU L . New large-universe multi-authority ciphertext-policy ABE scheme and its application in cloud storage systems [J ] . Journal of High Speed Networks , 2016 , 22 ( 2 ): 153 - 167 .

LIANG K T , SUSILO W . Searchable attribute-based mechanism with efficient data sharing for secure cloud storage [J ] . IEEE Transactions on Information Forensics and Security , 2015 , 10 ( 9 ): 1981 - 1992 .

LEWKO A , WATERS B . Decentralizing attribute-based encryption [C ] // Advances in Cryptology – EUROCRYPT 2011 . Berlin:Springer , 2011 : 568 - 588 .

HORVATH M , . Attribute-based encryption optimized for cloud computing [C ] // Theory and Practice of Computer Science . Berlin:Springer , 2015 ,DOI:10.1007/978-3-662-46078-8_47.

HUR J . Improving security and efficiency in attribute-based data sharing [J ] . IEEE Transactions on Knowledge and Data Engineering , 2013 , 25 ( 10 ): 2271 - 2282 .

WANG S L , LIANG K T , LIU J K , et al . Attribute-based data sharing scheme revisited in cloud computing [J ] . IEEE Transactions on Information Forensics and Security , 2016 , 11 ( 8 ): 1661 - 1673 .

LI J G , WANG Y , ZHANG Y C , et al . Full verifiability for outsourced decryption in attribute based encryption [J ] . IEEE Transactions on Services Computing , 2020 , 13 ( 3 ): 478 - 487 .

ZHANG K , LI H , MA J F , et al . Efficient large-universe multi-authority ciphertext-policy attribute-based encryption with white-box traceability [J ] . Science China Information Sciences , 2017 , 61 ( 3 ): 1 - 13 .

FREEMAN D , SCOTT M , TESKE E . A taxonomy of pairing-friendly elliptic curves [J ] . Journal of Cryptology , 2010 , 23 ( 2 ): 224 - 280 .

SCOTT M , . On the efficient implementation of pairing-based protocols [C ] // Cryptography and Coding . Berlin:Springer , 2011 : 296 - 308 .

PONTIE S , MAISTRI P , LEVEUGLE R . Dummy operations in scalar multiplication over elliptic curves:a tradeoff between security and performance [J ] . Microprocessors ＆ Microsystems , 2016 , 47 : 23 - 36 .

CHEVALLIER-MAMES B , CORON J S , MCCULLAGH N , et al . Secure delegation of elliptic-curve pairing [C ] // Lecture Notes in Computer Science . Berlin:Springer , 2010 : 24 - 35 .

CHEN X F , SUSILO W , LI J , et al . Efficient algorithms for secure outsourcing of bilinear pairings [J ] . Theoretical Computer Science , 2015 , 562 : 112 - 121 .

ODELU V , DAS A K . Design of a new CP-ABE with constant-size secret keys for lightweight devices using elliptic curve cryptography [J ] . Security and Communication Networks , 2016 , 9 ( 17 ): 4048 - 4059 .

MAESA D D F , MORI P , RICCI L . Blockchain based access control [C ] // Distributed Applications and Interoperable Systems . Berlin:Springer , 2017 : 206 - 220 .

DAGHER G G , MOHLER J , MILOJKOVIC M , et al . Ancile:privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology [J ] . Sustainable Cities and Society , 2018 , 39 : 283 - 297 .

DORRI A , KANHERE S S , JURDAK R , et al . Blockchain for IoT security and privacy:the case study of a smart home [C ] // 2017 IEEE International Conference on Pervasive Computing and Communications Workshops . Piscataway:IEEE Press , 2017 : 618 - 623 .

谢绒娜 , 李晖 , 史国振 , 等 . 基于区块链的可溯源访问控制机制 [J ] . 通信学报 , 2020 , 41 ( 12 ): 82 - 93 .

XIE R N , LI H , SHI G Z , et al . Blockchain-based access control mechanism for data traceability [J ] . Journal on Communications , 2020 , 41 ( 12 ): 82 - 93 .

应作斌 , 斯元平 , 马建峰 , 等 . 基于区块链的分布式EHR细粒度可追溯方案 [J ] . 通信学报 , 2021 , 42 ( 5 ): 205 - 215 .

YING Z B , SI Y P , MA J F , et al . Blockchain-based distributed EHR fine-grained traceability scheme [J ] . Journal on Communications , 2021 , 42 ( 5 ): 205 - 215 .

浏览量

1127

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

雾计算中细粒度属性更新的外包计算访问控制方案

基于细粒度访问控制的密文域可逆信息隐藏

支持拜占庭容错的分布式物联网访问控制机制

基于时间自动机的数据流通控制建模及验证

面向云存储且支持重加密的多关键词属性基可搜索加密方案