基于属性加密的SWIM授权服务和访问控制方法的研究

发布时间：2018-11-13 13:51

【摘要】：广域信息管理SWIM(System Wide Information Management)被国际民航组织ICAO(International Civil Aviation Organization)定为下一代空中交通管理NGATM(Next Generation Air Traffic Management)的信息共享机制。美国下一代航空运输系统NextGen(Next Generation Air Transportation System)和欧洲的单一天空空中交通管理研究计划SESAR(Single European Sky Air Traffic Management Research)均采用SWIM构筑统一、灵活、高效的信息共享架构,作为实现新型空中交通管理ATM业务信息共享与交换的基础和关键技术之一。为了保证SWIM系统和底层服务或不被攻击,保障数据完整性,以及对系统或用户存取数据类型和途径等进行管理,本文研究了SWIM系统的访问控制策略和方法。首先,在比较分析各种访问控制方法的优缺点基础上,结合SWIM的SOA(Service-Oriented Architecture)体系结构,在基于属性加密ABE(Attribute-Based Encryption)的SWIM访问控制策略的基础上,研究了SWIM系统三种实体的属性,对系统中的属性进行了定义;设计了基于密文策略的属性加密CP-ABE(Ciphertext Policy ABE)方法的SWIM系统访问控制方法,并对其安全性进行了分析。仿真实验结果表明该方法可以实现SWIM细粒度的属性授权,保障SWIM系统数据安全和实现其隐私保护。为了实现SWIM系统的灵活属性授权服务,提出了一种属性撤销方法。该方法将密钥版本号与密钥加密密钥KEK(Key Encryption Key)树相结合,引入代理重加密机制,实现SWIM系统的属性撤销,并分析了数据的机密性和安全性。分析结果说明该方法能够实现SWIM系统中的属性撤销,保证了SWIM的数据安全,实现了权限的有效控制,可以为SWIM安全服务框架的构建提供保障。
[Abstract]:Wide area Information Management (SWIM (System Wide Information Management) has been adopted by ICAO (International Civil Aviation Organization) as the information sharing mechanism of next generation air traffic management NGATM (Next Generation Air Traffic Management). The next Generation Air Transport system (NextGen (Next Generation Air Transportation System) in the United States and the single Sky Air Traffic Management Research Program (SESAR (Single European Sky Air Traffic Management Research) in Europe both use SWIM to build a unified, flexible and efficient information sharing framework. As one of the key technologies to realize the new air traffic management ATM service information sharing and exchange. In order to ensure that the SWIM system and the underlying services are not attacked, to ensure the integrity of the data, and to manage the data types and ways of accessing the system or the user, this paper studies the access control policies and methods of the SWIM system. Firstly, on the basis of comparing and analyzing the advantages and disadvantages of various access control methods, combined with the SOA (Service-Oriented Architecture) architecture of SWIM and the SWIM access control strategy based on attribute encryption ABE (Attribute-Based Encryption), The attributes of three entities in SWIM system are studied, and the attributes in the system are defined. The access control method of SWIM system based on attribute encryption CP-ABE (Ciphertext Policy ABE) method based on ciphertext policy is designed and its security is analyzed. The simulation results show that this method can realize the fine-grained attribute authorization of SWIM, guarantee the data security of SWIM system and realize its privacy protection. In order to realize the flexible attribute authorization service in SWIM system, a method of attribute revocation is proposed. This method combines the key version number with the key encryption key KEK (Key Encryption Key) tree, and introduces the proxy reencryption mechanism to realize the attribute revocation of the SWIM system, and analyzes the confidentiality and security of the data. The analysis results show that this method can realize attribute revocation in SWIM system, guarantee the data security of SWIM, realize the effective control of authority, and provide guarantee for the construction of SWIM security service framework.
【学位授予单位】：中国民航大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：V355.1;TN918.4

【相似文献】