Fused access control scheme for sensitive data sharing

Xi-xi YAN; Tao GENG

doi:10.3969/j.issn.1000-436x.2014.08.010

您当前的位置：

首页 >

文章列表页 >

Fused access control scheme for sensitive data sharing

Academic paper | 更新时间：2024-10-11

- Fused access control scheme for sensitive data sharing
- Journal on Communications Vol. 35, Issue 8, Pages: 71-77(2014)
- 作者机构：
  
  1. 河南理工大学计算机科学与技术学院，河南焦作 454003
  2. 中国科学院信息工程研究所，北京 100093
- 作者简介：
- 基金信息：
- DOI：10.3969/j.issn.1000-436x.2014.08.010
  CLC： TP309
- Online First：2014-08，
  
  Published：25 August 2014
- 稿件说明：
移动端阅览
Xi-xi YAN, Tao GENG. Fused access control scheme for sensitive data sharing[J]. Journal on Communications, 2014, 35(8): 71-77.
DOI：

Xi-xi YAN, Tao GENG. Fused access control scheme for sensitive data sharing[J]. Journal on Communications, 2014, 35(8): 71-77. DOI： 10.3969/j.issn.1000-436x.2014.08.010.

摘要

为解决敏感数据共享应用中的数据分发问题和提高数据共享的安全性，将属性基加密机制和使用控制技术相结合，提出一种融合访问控制机制。该机制一方面采用属性基加密机制保证了数据在存储和分发过程中的机密性，通过灵活且可扩展的访问控制策略控制敏感数据的共享范围；另一方面，通过使用控制技术实现对用户的权限控制，防止合法用户对敏感数据进行非法操作，解决共享用户中的权限滥用问题。最后，对机制的安全性和性能进行了分析，显著地降低了服务端的工作负荷，并通过实验测试了该机制的有效性。

Abstract

In order to improve security of sensitive data sharing and distributing

fused access control scheme based on the mechanism of attribute-based encryption (ABE) and usage control (UCON) was proposed. The scheme could ensure data confidentiality in the storage

distribution process and control sensitive data sharing scope with dynamic access poli-cies. Additionally

the scheme can prevent legal users operating sensitive data illegally and prohibit privilege abuse for domain user.The results of security analysis and efficiency analysis show that fused access control scheme alleviates the administering burdens on data management server and realizes secure storage and distribution for sensitive data.

关键词

Keywords

references

SAHAI A , WATERS B . Fuzzy identity-based encryption[A]. Cryptol-ogy-EUROCRYPT 2005 [C ] . Berlin, Heidelberg : Springer-Verlag , 2005 . 457 - 473 .

MIHAELA I , GIOVANNI R , BRUNO C . Design and implementation of a confidentiality and access control solution for publish/subscribe systems [J ] . Computer networks , 2012 , 56 ( 7 ): 2014 - 2037 .

MUNTES M V , NIN J . Privacy and anonymization for very large datasets [A ] . Proc of the ACM 18th Int'l Conf on Information and Knowledge Management,CIKM 2009 [C ] . New York: Association for Computing Machinery , 2009 . 2117 - 2118 .

WAN Z G , LIU J E , ROBERT H D . HASBE: a hierarchical attrib-ute-based solution for flexible and scalable access control in cloud computing [J ] . IEEE Transactions on Information Forensics and Secu-rity , 2012 , 7 ( 2 ): 743 - 754 .

NUTTAPONG A , JAVIER H , FABIEN L . Attribute-based encryption schemes with constant-size ciphertexts [J ] . Theoretical computer sci-ence , 2012 , 422 ( 9 ): 15 - 38 .

WANG Y T , CHEN K F , LONG Y . Attribute-based traitor tracing [J ] . Journal of Information Science and Engineering , 2011 , 27 ( 1 ): 181 - 195 .

WANG Y T , CHEN K F , LONG Y . Accountable authority key policy attribute-based encryption [J ] . Science China , 2012 , 55 ( 7 ): 1631 - 1638 .

CRAMPTON J , MARTIN K , WILD P . On key assignment for hierar-chical access control [J ] . Proc of the 19th IEEE Computer Security Foundations Workshop—CSFW 2006 [C ] . Venice , 2006 . 5 - 7 .

MALEK B , MIRI A . Combining attribute-based and access sys-tems [J ] . Proc of IEEE CSE2009, the 12th IEEE Int'l Conf on Com-putational Science and Engineering IEEE Computer Society [C ] 2009 . 305 - 312 .

BONEH D , FRANKLIN M . Identity-based encryption from the Weil pairing [J ] . SIAM Journal on Computing , 2003 , 32 ( 3 ): 586 - 615 .

IBRAMI L , PETKOVIC M , NIKOVA S , et al . Ciphertext-Policy Attribute-Based Threshold Decryption with Flexible Delegation and Revocation of User Attributes [R ] . Centre for Telematics and Informa-tion Technology, University of Twente , 2009 .

ROY S , CHUAH M . Secure Data Retrieval Based on Ciphertext Pol-icy Attribute-Based Encryption(CP-ABE) System for the DTN [R ] . 2009 .

BLAZE M , BLEUMER G , STRAISS M . Divertible protocols and atomic proxy cryptography [A ] . EUROCRYPT1998 [C ] . 1998 . 127 - 144 .

闫玺玺，马兆丰，杨义先等 . 多域环境下基于代理重加密的电子文档分发算法及协议分析 [J ] . 北京邮电大学学报， 2012 , 35 ( 5 ): 81 - 84 .

YAN X X , MA Z F , YANG Y X , et al . A distribution protocol based on proxy re-encryption in domain environment of E-document manage-ment [J ] . Journal of Beijing University of Posts and Telecommunica-tions , 2012 , 35 ( 5 ): 81 - 84

Views

704

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Security sharing scheme for encrypted data in cloud storage

Privilege separation of data sharing scheme using attribute-based encryption

Blockchain-based user-friendly data retrieval and sharing scheme in cloud-assisted industrial Internet of things

Reversible data hiding in encrypted domain based on fine-grained access control

Byzantine fault-tolerant distributed access control mechanism for the Internet of things

Related Author

Wen-bin YAO

Si HAN

Xiao-yong LI

Hui ZHU

Wan LEI

Rong HUANG

Hui LI

Xi-meng LIU

Related Institution

Beijing Key Lab of Intelligent Telecommunication Software and Multimedia,Beijing University of Posts and Telecommunications

State Key Laboratory of Integrated Services Networks, Xidian University

School of Information Science and Engineering, University of Jinan

Shandong Key Laboratory of Ubiquitous Intelligent Computing, University of Jinan

College of Cryptography Engineering, Engineering University of PAP

AI问答

⁰