具有可撤销功能的属性协同访问控制方案  被引量：4

作　　者：彭长根[1,2,3] 彭宗凤 丁红发 田有亮[1,2,3] 刘荣飞[5] PENG Changgen;PENG Zongfeng;DING Hongfa;TIAN Youliang;LIU Rongfei(Guizhou Provincial Key Laboratory of Public Big Data(Guizhou University),Guiyang 550025,China;College of Computer Science and Technology,Guizhou University,Guiyang 550025,China;Institute of Cryptography and Data Security,Guizhou University,Guiyang 550025,China;College of Information,Guizhou University of Finance and Economics,Guiyang 550025,China;Yunshang Guizhou Big Data Industry and Development Co.,Ltd.,Guiyang 550025,China)

机构地区：[1]贵州省公共大数据重点实验室(贵州大学),贵州贵阳550025 [2]贵州大学计算机科学与技术学院,贵州贵阳550025 [3]贵州大学密码学与数据安全研究所,贵州贵阳550025 [4]贵州财经大学信息学院,贵州贵阳550025 [5]云上贵州大数据产业发展有限公司,贵州贵阳550025

出　　处：《通信学报》2021年第5期75-86,共12页Journal on Communications

基　　金：国家自然科学基金资助项目(No.U1836205,No.61772008);贵州省科技计划基金资助项目(黔科合支撑No.[2018]2159,黔科合支撑No.[2019]2004,黔科合平台人才No.[2020]5017,黔科合重大专项字No.[2018]3001);贵州省高等学校创新人才基金资助项目(黔教合人才No.[2013]09);“十三五”国家密码发展基金资助项目(No.MMJJ20170129)。

摘　　要：针对属性协同访问控制面临更复杂的权限动态更新问题,提出了具有属性即时撤销、属性级用户撤销和协同策略撤销的属性协同访问控制方案。所提方案给出了形式化定义与安全模型,以分组属性组内成员列表信息的变化反映用户权限的动态更新,进一步设计高效的重加密算法实现属性即时撤销和用户撤销。在协同策略撤销方面,利用转移节点的转移值特性,快速更新协同属性对应的密文以实现细粒度的协同策略撤销。安全证明表明,所提方案在选择明文攻击下能保证数据机密性,前向、后向安全性,并能抵抗共谋攻击。与已有方案相比,所提方案具有更完备的细粒度撤销功能以及更高的撤销运行效率。To solve the dynamic update of access rights in attribute-based collaborative access control,a novel scheme was proposed with the revocation of attribute,user and collaborative policy.A formal definition and a security model were presented,the group-based attribute group were changed to reflect the update of rights,and further,an efficient re-encryption algorithm was used to realize the immediate revocation of attributes and users.The translation value was used to achieve the revocation of collaborative policy by update corresponding ciphertext.The security analysis shows the scheme can guarantee data confidentiality,forward/backward security,and resist collusion attack under chosen plaintext attack.Compared with the related works,the proposal achieved more complete and efficient revocation scheme.

关 键 词：属性协同访问控制 基于密文策略的属性加密 撤销 转移节点 属性组 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]