基于CP-ABE的可撤销属性加密访问控制算法  被引量：4

作　　者：屠袁飞[1,2,3] 高振宇 李荣雨 TU Yuan-fei;GAO Zhen-yu;LI Rong-yu(College of Communications&Information Engineering,Nanjing University of Posts and Telecommunications,Nanjing 210003,China;Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks,Nanjing 210003,China;College of Computer Science&Technology,Nanjing Tech University,Nanjing 211800,China)

机构地区：[1]南京邮电大学通信与信息工程学院,南京210003 [2]江苏省无线传感网高技术研究重点实验室,南京210003 [3]南京工业大学计算机科学与技术学院,南京211800

出　　处：《计算机科学》2018年第11期176-179,共4页Computer Science

基　　金：国家自然科学基金资助项目(61572263;61272084);江苏省高校自然科学研究重大项目:无线传感器网络数据融合安全关键技术研究(11KJA520002);高等学校博士学科点专项科研基金资助课题(20113223110003);中国博士后科学基金(2015M581794);江苏省博士后科研资助计划(1501023C);南京邮电大学校级科研基金(NY214127)资助

摘　　要：为了增强计算机网络的安全性,保证网络中的信息资源不被非法使用,需要进行访问控制。当前基于网格虚拟组织的访问控制算法通过在网格中建立不同的信任域、在主机之间建立基于身份和行为的访问控制策略,实现以任务发起者为中心的网格虚拟组织的跨域访问控制,建立互信的核心算法并进行逻辑推理,从而实现访问控制算法。但是,这类算法可能会使非法使用的网络被判定为安全网络,因此访问控制的准确度不高。为此,提出一种基于CPABE的可撤销属性加密访问控制算法,为实现访问控制,首先构建基于CP-ABE的可撤销属性加密访问控制的访问树,并通过CP-ABE完成访问控制的初始构建和密钥生成。在此基础上,为提高可撤销属性加密访问控制算法的访问控制效果,在加密算法以及解密算法中写入新文件创建、新用户授权、吊销用户、文件访问等方面过程的设计,实现基于CP-ABE的可撤销属性加密访问控制算法。实验结果表明,采用所提算法进行访问控制时耗时缩短,控制效果较好,且实现过程有所简化,对该领域的研究发展起到了积极作用。In order to enhance the security of the computer network and ensure that the information resources in the network will not be used illegally,access control is needed.Based on the access control algorithm of grid virtual organization,the existing algorithms established a different trust domain in the grid,achieved the identity and behavior based access control strategy between the hosts,realized the cross-domain access control of grid virtual organization and the establishment of mutual trust in the core algorithm and logical reasoning,so as to achieve access control algorithm.But these algorithms may make the illegal network as a secure network,so the accuracy of access control is not high.In order to achieve the access control,a removable attribute encryption access control algorithm based on CP-ABE was proposed.First,the access tree based on CP-ABE which can be used to encrypt the access control is constructed.Initial building and key generation of access control are completed through CP-ABE.On the basis of this,writing new file creation,new user authorization,revocation of users,file access and other aspects of the process are designed in the encryption algorithm and decryption algorithm,so as to improve the access control effect of revocable attribute encryption access control algorithm.The experimental results show that the proposed algorithm is easy to control,the consuming time of access control is reduced and the control effect is better.In addition,the implementation process of proposed method is simplified,and this study plays a positive role in the development of research in this field.

关 键 词：CP-ABE 可撤销属性加密 访问控制 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]