计算机科学

计算机科学 ›› 2018, Vol. 45 ›› Issue (11): 176-179.doi: 10.11896/j.issn.1002-137X.2018.11.027

• 信息安全 • 上一篇    下一篇

基于CP-ABE的可撤销属性加密访问控制算法

屠袁飞1,2,3, 高振宇3, 李荣雨3   

  1. (南京邮电大学通信与信息工程学院 南京210003)1
    (江苏省无线传感网高技术研究重点实验室 南京210003)2
    (南京工业大学计算机科学与技术学院 南京211800)3
  • 收稿日期:2017-07-21 发布日期:2019-02-25
  • 作者简介:屠袁飞(1984-),男,博士,助理工程师,主要研究领域为云计算安全与访问控制,E-mail:tuyuanfei01@163.com;高振宇(1992-),男,硕士生,主要研究领域为计算机应用技术、信息安全与密码学,E-mail:gaozhenyu_071027@163.com(通信作者);李荣雨(1977-),男,博士,副教授,主要研究领域为先进控制、机器学习、模拟优化。
  • 基金资助:
    本文受国家自然科学基金资助项目(61572263,61272084),江苏省高校自然科学研究重大项目:无线传感器网络数据融合安全关键技术研究(11KJA520002),高等学校博士学科点专项科研基金资助课题(20113223110003),中国博士后科学基金(2015M581794),江苏省博士后科研资助计划(1501023C),南京邮电大学校级科研基金(NY214127)资助。

Removable Attribute Encryption Access Control Algorithm Based on CP-ABE

TU Yuan-fei1,2,3, GAO Zhen-yu3, LI Rong-yu3   

  1. (College of Communications & Information Engineering,Nanjing University of Posts and Telecommunications,Nanjing 210003,China)1
    (Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks,Nanjing 210003,China)2
    (College of Computer Science & Technology,Nanjing Tech University,Nanjing 211800,China)3
  • Received:2017-07-21 Published:2019-02-25

PDF (PC)

793

摘要: 为了增强计算机网络的安全性,保证网络中的信息资源不被非法使用,需要进行访问控制。当前基于网格虚拟组织的访问控制算法通过在网格中建立不同的信任域、在主机之间建立基于身份和行为的访问控制策略,实现以任务发起者为中心的网格虚拟组织的跨域访问控制,建立互信的核心算法并进行逻辑推理,从而实现访问控制算法。但是,这类算法可能会使非法使用的网络被判定为安全网络,因此访问控制的准确度不高。为此,提出一种基于CP-ABE的可撤销属性加密访问控制算法,为实现访问控制,首先构建基于CP-ABE的可撤销属性加密访问控制的访问树,并通过CP-ABE完成访问控制的初始构建和密钥生成。在此基础上,为提高可撤销属性加密访问控制算法的访问控制效果,在加密算法以及解密算法中写入新文件创建、新用户授权、吊销用户、文件访问等方面过程的设计,实现基于CP-ABE的可撤销属性加密访问控制算法。实验结果表明,采用所提算法进行访问控制时耗时缩短,控制效果较好,且实现过程有所简化,对该领域的研究发展起到了积极作用。

关键词: CP-ABE, 访问控制, 可撤销属性加密

Abstract: In order to enhance the security of the computer network and ensure that the information resources in the network will not be used illegally,access control is needed.Based on the access control algorithm of grid virtual organization,the existing algorithms established a different trust domain in the grid,achieved the identity and behavior based access control strategy between the hosts,realized the cross-domain access control of grid virtual organization and the establishment of mutual trust in the core algorithm and logical reasoning,so as to achieve access control algorithm.But these algorithms may make the illegal network as a secure network,so the accuracy of access control is not high.In order to achieve the access control,a removable attribute encryption access control algorithm based on CP-ABE was proposed.First,the access tree based on CP-ABE which can be used to encrypt the access control is constructed.Initial building and key generation of access control are completed through CP-ABE.On the basis of this,writing new file creation,new user authorization,revocation of users,file access and other aspects of the processare designed in the encryption algorithm and decryption algorithm,so as to improve the access control effect of revocable attribute encryption access control algorithm.The experimental results show that the proposed algorithm is easy to control,the consuming time of access control is reduced and the control effect is better.In addition,the implementation process of proposed method is simplified,and this study plays a positive role in the development of research in this field.

第11期屠袁飞,等:基于CP-ABE的可撤销属性加密访问控制算法

Key words: Access control, CP-ABE, Revocable attribute encryption

中图分类号: 

  • TP393
[1]MA J.Design and implementation access control system based on the AWS[J].Electronic Design Engineering,2016,24(6):182-184.(in Chinese)
马洁.基于AWS的访问控制系统设计与实现[J].电子设计工程,2016,24(6):182-184.
[2]HU X Y.Cloud Storage Data Dynamic Access Control Method Research and Simulation[J].Computer Simulation,2017,34(3):365-368.(in Chinese)
胡晓燕.云计算存储数据动态访问控制方法研究与仿真[J].计算机仿真,2017,34(3):365-368.
[3]ZHOU M K.Design for Strategy of Safety Access Control Cloud Computing Based on CP-ABE and Improved Attribute Encryption[J].Computer Measurement & Control,2015,23(1):297-299.(in Chinese)
周明快.基于CP-ABE的云计算改进属性加密安全访问控制策略设计[J].计算机测量与控制,2015,23(1):297-299.
[4]HUANG Z P.Efficient Concurrent Access Control Algorithm Based on Distributed B Tree Encoding[J].Bulletin of Science and Technology,2015,31(8):81-83.(in Chinese)
黄正鹏.基于分布式B树编译的高效并发访问控制算法[J].科技通报,2015,31(8):81-83.
[5]WANG T,YU J P,HUANG M Q.A Fast ABE Scheme in Access Control of Cloud Storage[J].Science Technology and Engineering,2017,17(1):54-60.(in Chinese)
王廷,喻建平,黄敏强.云存储访问控制中的快速属性基加密方案[J].科学技术与工程,2017,17(1):54-60.
[6]LIU Y,CHEN C K,CUI Z R.Optimization Research on Adaptive Back off Tuning Medium Access Control Algorithm[J].Computer Engineering,2017,43(1):162-167.(in Chinese)
刘云,陈昌凯,崔自如.自适应退避调整介质访问控制算法的优化研究[J].计算机工程,2017,43(1):162-167.
[7]TU Y F,XIA F,YANG G.Privacy-preserving Ciphertext-Policy Attribute-Based Encryption in Hybrid Cloud[J].Microelectronics & Computer,2016,33(10):53-58.(in Chinese)
屠袁飞,夏峰,杨庚.混合云下面向隐私保护的访问控制方法[J].微电子学与计算机,2016,33(10):53-58.
[8]ZHANG X Y.Research on access control algorithm of heterogeneous services polymerizatio[J].Journal of Sichuan University(Natural Science Edition),2015,52(6):1277-1284.(in Chinese)
张秀玉.异构服务聚合的协同访问控制算法研究[J].四川大学学报(自然科学版),2015,52(6):1277-1284.
[9]PAN Y,YUAN C A,LI W J,et al.Access Control Method for Supporting Update Operations in Dataspace[J].Journal of Electronics & Information Technology,2016,38(8):1935-1941.(in Chinese)
潘颖,元昌安,李文敬,等.一种支持更新操作的数据空间访问控制方法[J].电子与信息学报,2016,38(8):1935-1941.
[10]WANG J Y,FENG L X,ZHENG X F.Attribute-based access control model for cloud computing[J].Journal of Central South University (Science and Technology),2015,46(6):2090-2097.(in Chinese)
王静宇,冯黎晓,郑雪峰.一种面向云计算环境的属性访问控制模型[J].中南大学学报(自然科学版),2015,46(6):2090-2097.
[11]HUANG Z P.Efficient Concurrent Access Control Algorithm Based on Distributed B Tree Encoding[J].Bulletin of Science and Technology,2015,31(8):81-83.(in Chinese)
黄正鹏.基于分布式B树编译的高效并发访问控制算法[J].科技通报,2015,31(8):81-83. LIU C Y,YU W S.Access Control Model of Learning Flow Based on Task and Role.Journal of Chongqing University of Technology(Natural Science),2013,27(12):72-76.(in Chinese)
刘长勇,余文森.基于任务和角色的学习流访问控制模型.重庆理工大学学报(自然科学),2013,27(12):72-76.
[1] 郭鹏军, 张泾周, 杨远帆, 阳申湘.
飞机机内无线通信网络架构与接入控制算法研究
Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft
计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220
[2] 阳真, 黄松, 郑长友.
基于区块链与改进CP-ABE的众测知识产权保护技术研究
Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE
计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075
[3] 郭显, 王雨悦, 冯涛, 曹来成, 蒋泳波, 张迪.
基于区块链的工业控制系统角色委派访问控制机制
Blockchain-based Role-Delegation Access Control for Industrial Control System
计算机科学, 2021, 48(9): 306-316. https://doi.org/10.11896/jsjkx.210300235
[4] 程学林, 杨小虎, 卓崇魁.
基于组织架构的数据权限控制模型研究与实现
Research and Implementation of Data Authority Control Model Based on Organization
计算机科学, 2021, 48(6A): 558-562. https://doi.org/10.11896/jsjkx.200700127
[5] 潘瑞杰, 王高才, 黄珩逸.
云计算下基于动态用户信任度的属性访问控制
Attribute Access Control Based on Dynamic User Trust in Cloud Computing
计算机科学, 2021, 48(5): 313-319. https://doi.org/10.11896/jsjkx.200400013
[6] 何亨, 蒋俊君, 冯可, 李鹏, 徐芳芳.
多云环境中基于属性加密的高效多关键词检索方案
Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment
计算机科学, 2021, 48(11A): 576-584. https://doi.org/10.11896/jsjkx.201000026
[7] 曹萌, 于洋, 梁英, 史红周.
基于区块链的大数据交易关键技术与发展趋势
Key Technologies and Development Trends of Big Data Trade Based on Blockchain
计算机科学, 2021, 48(11A): 184-190. https://doi.org/10.11896/jsjkx.210100163
[8] 徐堃, 付印金, 陈卫卫, 张亚男.
基于区块链的云存储安全研究进展
Research Progress on Blockchain-based Cloud Storage Security Mechanism
计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015
[9] 王静宇, 刘思睿.
大数据风险访问控制研究进展
Research Progress on Risk Access Control
计算机科学, 2020, 47(7): 56-65. https://doi.org/10.11896/jsjkx.190700157
[10] 顾荣杰, 吴治平, 石焕.
基于TFR 模型的公安云平台数据分级分类安全访问控制模型研究
New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model
计算机科学, 2020, 47(6A): 400-403. https://doi.org/10.11896/JsJkx.191000066
[11] 潘恒, 李景峰, 马君虎.
可抵御内部威胁的角色动态调整算法
Role Dynamic Adjustment Algorithm for Resisting Insider Threat
计算机科学, 2020, 47(5): 313-318. https://doi.org/10.11896/jsjkx.190800051
[12] 王辉, 刘玉祥, 曹顺湘, 周明明.
融入区块链技术的医疗数据存储机制
Medical Data Storage Mechanism Integrating Blockchain Technology
计算机科学, 2020, 47(4): 285-291. https://doi.org/10.11896/jsjkx.190400001
[13] 屠袁飞,张成真.
面向云端的安全高效的电子健康记录
Secure and Efficient Electronic Health Records for Cloud
计算机科学, 2020, 47(2): 294-299. https://doi.org/10.11896/jsjkx.181202256
[14] 乔毛,秦岭.
云存储服务中一种高效属性撤销的AB-ACCS方案
AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services
计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015
[15] 黄美蓉, 欧博, 何思源.
一种基于特征提取的访问控制方法
Access Control Method Based on Feature Extraction
计算机科学, 2019, 46(2): 109-114. https://doi.org/10.11896/j.issn.1002-137X.2019.02.017
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发