基于CP-ABE的命名数据网络访问控制研究

发布时间：2018-06-16 02:09

本文选题：命名数据网络 + 访问控制　；参考：《兰州理工大学》2017年硕士论文

【摘要】：目前,传统的以主机为中心的TCP/IP网络架构已经无法适应新的用户需求,如内容分发、移动性、安全性等,越来越多的专家学者投入到未来互联网的研究当中,设计新的网络架构从根本上解决这个问题。命名数据网络(Named Data Networking,NDN)作为未来互联网的代表,在设计之初就将新的用户需求考虑在内,提出了一种新的通信模型。NDN中的所有路由器都可以缓存数据,用户可以方便地从任意邻近路由器获取内容。但是,这种网内缓存技术使发布者与发布内容解耦,失去了对发布内容的访问控制。因此,制定NDN中的访问控制方案对NDN的安全尤为必要。但是现有的NDN访问控制方案中,大部分需要发布者时刻在线完成用户认证,影响了NDN网内缓存技术发挥作用,而且这些方案很少考虑实际应用中的撤销和隐私保护问题。首先,本文针对以上问题,充分结合NDN的网内缓存特性,设计了一种新的NDN访问控制模型,并详细阐述了该访问控制模型的系统结构及工作原理,定义了该访问控制模型中方案的安全属性和安全模型,在具体的安全假设下实现了基于CP-ABE(Cipher text Policy-Attribute Based Encryption)的NDN访问控制方案。其次,针对NDN访问控制方案在实际应用中的可行性、撤销及隐私保护三个问题,本文做了如下三点改进:(1)在基于无中心权威机构的多授权CP-ABE方案中,使用基于素数阶群构造CP-ABE算法,实现了高效可行的NDN访问控制系统;(2)考虑NDN的网内缓存特性,加入基于周期性密钥更新的间接撤销方法,实现了该访问控制方案的用户撤销、用户属性撤销和系统属性撤销;(3)针对访问结构泄露用户隐私的问题,运用半隐藏访问结构,将属性分为属性名称和属性值两部分,访问结构只包含属性名称,关系到敏感信息的属性值始终隐藏,从而达到接收者匿名来保护用户隐私。最后,本文在静态安全性模型下证明了设计方案的安全性,对定义的安全属性进行了证明,包括细粒度的访问控制、前向安全性和后向安全性、抗共谋和隐私保护。并对该方案的功能和效率进行了分析比较,说明本方案功能丰富且高效实用。
[Abstract]:At present, the traditional host centric TCP / IP network architecture has been unable to adapt to new user needs, such as content distribution, mobility, security, and so on. More and more experts and scholars are investing in the future research on the Internet. Design a new network architecture to solve this problem fundamentally. As a representative of the future Internet, named data Network (NDN) is designed to take new user requirements into account, and a new communication model, named NDN, is proposed, in which all routers can cache data. Users can easily obtain content from any adjacent router. However, this caching technology decouples publishers from published content and loses access control to published content. Therefore, it is necessary to establish access control scheme in NDN for NDN security. However, most of the existing NDN access control schemes require publishers to complete user authentication online at all times, which affects the role of cache technology in NDN network. Moreover, these schemes seldom consider revocation and privacy protection in practical applications. Firstly, considering the above problems, a new NDN access control model is designed, and the system structure and working principle of the access control model are described in detail. The security attribute and security model of the scheme are defined, and the access control scheme based on CP-ABE Cipher text Policy-Attribute based encryption is implemented under specific security assumptions. Secondly, aiming at the feasibility, revocation and privacy protection of NDN access control scheme in practical application, this paper makes the following three improvements: 1) in the multi-authorization CP-ABE scheme based on non-central authority. The CP-ABE algorithm based on prime order group is used to realize the efficient and feasible NDN access control system. Considering the intra-network cache characteristics of NDN, an indirect revocation method based on periodic key updating is added to realize the user revocation of the access control scheme. User attribute revocation and system attribute revocation / 3) aiming at the problem that user privacy is revealed by access structure, semi-hidden access structure is used to divide attributes into two parts: attribute name and attribute value, and access structure only contains attribute name. Attribute values related to sensitive information are always hidden so that the recipient is anonymous to protect the user's privacy. Finally, this paper proves the security of the design scheme under the static security model, and proves the defined security attributes, including fine-grained access control, forward and backward security, anti-collusion and privacy protection. The function and efficiency of the scheme are analyzed and compared, which shows that the scheme is rich in function and efficient and practical.
【学位授予单位】：兰州理工大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.0

【相似文献】