基于属性的多授权中心身份认证方案  被引量：13

作　　者：唐飞[1,2] 包佳立 黄永洪 黄东 王惠莅 TANG Fei;BAO Jiali;HUANG Yonghong;HUANG Dong;WANG Huili(College of Computer Science and Technology,Chongqing University of Posts and Telecommunications,Chongqing 400065,China;School of Cyber Security and Information Law,Chongqing University of Posts and Telecommunications,Chongqing 400065,China;Information Engineering Institute,Chongqing Vocational and Technical University of Mechatronics,Chongqing 402760,China;Information Security Research Center,China Electronic Technology Standardization Institute,Beijing 100076,China;State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an 710071,China)

机构地区：[1]重庆邮电大学计算机科学与技术学院,重庆400065 [2]重庆邮电大学网络空间安全与信息法学院,重庆400065 [3]重庆机电职业技术大学信息工程学院,重庆402760 [4]中国电子技术标准化研究院信息安全研究中心,北京100076 [5]西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西西安710071

出　　处：《通信学报》2021年第3期220-228,共9页Journal on Communications

基　　金：国家重点研发计划基金资助项目(No.2018YFB0803905);国家自然科学基金资助项目(No.61702067);重庆市自然科学基金资助项目(No.cstc2017jcyjAX0201,No.cstc2020jcyj-msxmX0343)。

摘　　要：针对现有的基于属性的身份认证方案均是基于单授权中心实现的,存在密钥托管问题,即密钥生成中心知道所有用户的私钥,提出了一种基于属性的多授权中心的身份认证方案。所提方案结合分布式密钥生成技术实现用户属性私钥的(t,n)门限生成机制,可以抵抗最多来自t-1个授权中心的合谋攻击。利用双线性映射构造了所提方案,分析了所提方案的安全性、计算开销和通信开销,并与同类型方案做比较。最后,以多因子身份认证为例,分析了所提方案在电子凭据应用场景中的可行性。分析结果表明,所提方案具有更优的综合性能。Based on the problem that the existing attribute-based identification scheme is all based on one single authority,which has a key escrow problem,that is,the key generation center knows all users’private keys,an multi-authority attribute-based identification scheme was proposed.Distributed key generation technology was integrated to realize the(t,n)threshold generation mechanism of the user’s private key,which could resist collusion attacks from at most t-1 authorities.Utilizing bilinear mapping,a specific multi-authority attribute-based identification scheme was constructed.The security,computation cost and communication cost of the proposed scheme was analyzed,and it was compared with the same type of schemes.Finally,taking multi-factor identification as an example,the feasibility of the proposed scheme in the application scenario of electronic credentials was analyzed.The result shows that the proposed scheme has better comprehensive performance.

关 键 词：身份认证 属性密码 多授权中心 分布式密钥生成 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]