支持撤销的多授权中心访问控制方案
发布时间:2019-04-19 17:40
【摘要】:为了缓解单授权中心的计算压力,近些年提出了多授权中心的访问控制方案.这些方案对于用户及属性的撤销问题并没有有效地解决.本文提出了一种基于CP-ABE的支持用户和属性撤销的多授权中心访问控制方案.通过引入密钥加密密钥(key encryption key,KEK)树实现用户和属性层级的撤销,同时将计算压力分散给多个授权中心,并将部分解密交给云服务器,减少了用户的计算消耗.通过安全性证明和实验结果表明,方案可以抵御合谋攻击,同时有效地降低撤销过程中密文和密钥更新的消耗时间.
[Abstract]:In order to relieve the computational pressure of single authorization center, a multi-authorization center access control scheme was proposed in recent years. These schemes do not solve the problem of user and attribute revocation effectively. This paper proposes a multi-authorization center access control scheme based on CP-ABE to support user and attribute revocation. The key encryption key (key encryption key,KEK) tree is introduced to realize the revocation of user and attribute level. At the same time, the computing pressure is dispersed to several authorization centers, and the partial decryption is given to the cloud server, which reduces the computing consumption of users. The security proof and experimental results show that the scheme can resist the collusion attack and effectively reduce the consumption time of ciphertext and key updating in the process of revocation.
【作者单位】: 北京交通大学电子信息工程学院;福建师范大学福建省网络安全与密码技术重点实验室;
【基金】:中央高校基本科研业务费专项资金资助项目(2016YJS003) 国家自然科学基金资助项目(61472032) 福建省网络安全与密码技术重点实验室(福建师范大学)开放课题资助项目(15007)
【分类号】:TP309
本文编号:2461140
[Abstract]:In order to relieve the computational pressure of single authorization center, a multi-authorization center access control scheme was proposed in recent years. These schemes do not solve the problem of user and attribute revocation effectively. This paper proposes a multi-authorization center access control scheme based on CP-ABE to support user and attribute revocation. The key encryption key (key encryption key,KEK) tree is introduced to realize the revocation of user and attribute level. At the same time, the computing pressure is dispersed to several authorization centers, and the partial decryption is given to the cloud server, which reduces the computing consumption of users. The security proof and experimental results show that the scheme can resist the collusion attack and effectively reduce the consumption time of ciphertext and key updating in the process of revocation.
【作者单位】: 北京交通大学电子信息工程学院;福建师范大学福建省网络安全与密码技术重点实验室;
【基金】:中央高校基本科研业务费专项资金资助项目(2016YJS003) 国家自然科学基金资助项目(61472032) 福建省网络安全与密码技术重点实验室(福建师范大学)开放课题资助项目(15007)
【分类号】:TP309
【相似文献】
相关期刊论文 前1条
1 甘泉;贺也平;韩乃平;;一种改进的基于角色的访问控制[J];计算机工程;2006年07期
相关硕士学位论文 前2条
1 刘雨龙;面向产业链协同SaaS平台的数据分级加解密系统设计与实现[D];西南交通大学;2016年
2 孟兆武;基于Web的工程管理软件的软件安全设计与实现[D];电子科技大学;2014年
,本文编号:2461140
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2461140.html
