雾计算中基于无配对CP-ABE可验证的访问控制方案  被引量：8

作　　者：董江涛[1] 闫沛文 杜瑞忠 DONG Jiangtao;YAN Peiwen;DU Ruizhong(The 54th Research Institute of CETC,Shijiazhuang 050081,China;School of Cyber Security and Computer,Hebei University,Baoding 071002,China)

机构地区：[1]中国电子科技集团公司第五十四研究所,河北石家庄050081 [2]河北大学网络空间安全与计算机学院,河北保定071002

出　　处：《通信学报》2021年第8期139-150,共12页Journal on Communications

基　　金：国家自然科学基金资助项目(No.61572170);河北省自然科学基金资助项目(No.F2018201153);河北省自然科学基金重点资助项目(No.F2019201290)。

摘　　要：雾计算将计算能力和数据分析应用扩展至网络边缘,解决了云计算的时延问题,也为数据的安全性带来新的挑战。基于密文策略的属性加密(CP-ABE)是保证数据机密性与细粒度访问控制的技术,其中双线性配对的计算开销过大制约了其应用与发展。针对此,提出了一种雾计算中基于无配对CP-ABE可验证的访问控制方案,为了使CP-ABE更加高效,使用椭圆曲线加密中的简单标量乘法代替双线性配对,从而减少总体计算开销;将解密操作外包给雾节点来降低用户计算复杂度,根据区块链防篡改可溯源的特性实现了对访问事务的正确性验证并记录访问授权过程。安全性与性能分析表明,所提方案在椭圆曲线的决策DBDH假设下是安全的,且计算效率更高。Fog computing extends computing power and data analysis applications to the edge of the network,solves the latency problem of cloud computing,and also brings new challenges to data security.Attribute encryption based on ci-phertext strategy(CP-ABE)is a technology to ensure data confidentiality and fine-grained access control.The excessive computational overhead of bilinear pairing restricts its application and development.In response to this,a verifiable access control scheme was proposed based on unpaired CP-ABE in fog computing.In order to make CP-ABE more effi-cient,simple scalar multiplication in elliptic curve encryption was used to replace bilinear pairing,thereby reducing the overall computational overhead.Decryption operations were outsourced to fog nodes to reduce user computational com-plexity,and based on the tamper-proof and traceable characteristics of the blockchain,the correctness of the access trans-action was verified and the access authorization process was recorded.Security and performance analysis shows that the scheme is safe under the elliptic curve decision-making DBDH(Diffie-Hellman)assumption,and the calculation effi-ciency is higher.

关 键 词：访问控制 雾计算 基于密文策略属性加密 椭圆曲线加密 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]