基于雾节点的分布式属性基加密方案  被引量：2

作　　者：马佳佳 张志强 曹素珍 窦凤鸽 丁晓晖 王彩芬 MA Jiajia;ZHANG Zhiqiang;CAO Suzhen;DOU Fengge;DING Xiaohui;WANG Caifen(College of Computer Science and Engineering,Northwest Normal University,Lanzhou 730070,China;College of Big Data and Internet,Shenzhen University of Technology,Shenzhen,Guangdong 518118,China)

机构地区：[1]西北师范大学计算机科学与工程学院,兰州730070 [2]深圳技术大学大数据与互联网学院,广东深圳518118

出　　处：《计算机工程》2021年第6期38-43,共6页Computer Engineering

基　　金：国家自然科学基金(61662069,61662071)。

摘　　要：为解决云存储中对用户访问数据权限划分笼统、细粒度化控制访问权限受限以及单授权机构中存在的单点失效问题,提出基于雾节点的分布式密文策略属性基加密方案。将数据的部分解密运算外包给雾节点,减少终端用户的计算开销,并由不同的属性授权机构为用户生成属性密钥,以适用于细粒度的访问控制要求,使用全局身份将属于特定用户的各种属性进行“捆绑”,防止各属性机构间的共谋攻击,同时引入权重属性简化访问结构,节省系统的存储空间。实验结果表明,基于判定性q⁃parallel BDHE问题证明了该方案的安全性,与基于区块链的多授权机构访问控制方案和mHealth中可追踪多授权机构基于属性的访问控制方案相比,该方案终端用户在解密阶段具有更小的计算开销。The existing cloud storage schemes have multiple limitations,including the general division of user rights to access data,fine-grained control access permissions,and single point of failure in single authority.This paper proposes a distributed ciphertext-policy attribute-based encryption scheme based on fog nodes.In the scheme,part of the data decryption operations are outsourced to the fog nodes,reducing the computing overhead of the end users.Different attribute authorities generate attribute keys for users to meet the fine-grained access control requirements,and the attributes of a specific user are bundled together by using the global identity,which effectively prevents collusion attacks among various attribute agencies.At the same time,the introduction of the weight attribute simplifies the access structure and saves system storage space.The scheme is tested with the q⁃parallel BDHE deterministic problem,and the results have verified the security of the scheme.Compared with the blockchain-based multi-authority access control scheme and the attribute-based access control scheme of mHealth that can track multiple authorities,the proposed scheme reduces the computing overhead of the end users in the decryption phase.

关 键 词：雾计算 分布式授权 密文策略 权重属性 解密外包 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]