基于身份多条件代理重加密的文件分级访问控制方案  被引量：4

作　　者：李莉 杨鸿飞 董秀则 LI Li;YANG Hongfei;DONG Xiuze(Department of Electronic and Communication Engineering,Beijing Electronic Science and Technology Institute,Beijing 100070,China;School of Computer Science and Technology,Xidian University,Xi’an Shaanxi 710071,China)

机构地区：[1]北京电子科技学院电子与通信工程系,北京100070 [2]西安电子科技大学计算机科学与技术学院,西安710071

出　　处：《计算机应用》2021年第11期3251-3256,共6页journal of Computer Applications

基　　金：国家重点研发计划项目(2017YFB0801803)。

摘　　要：针对传统文件共享方案存在文件易泄露、文件去向难以控制、访问控制复杂等问题,以及云端文件分级分类管理及共享的应用需求,提出了一种基于身份多条件代理重加密的文件分级访问控制方案。首先,将文件的权限等级作为密文生成条件,并引入可信分级管理单元确定并管理用户等级;然后,生成用户分级访问权限重加密密钥,解决了基于身份的条件代理重加密方案只能限制代理服务器的重加密行为而对用户权限限制不足的问题;同时,减轻了用户端的负担,即用户只需进行加解密操作。不同方案的对比分析结果表明,所提方案与现有访问控制方案相比有明显优势,无需用户直接参与即可完成用户访问权限的更新,并且具有上传者匿名的特点。In view of the problems of traditional file sharing schemes,such as easy leakage of files,difficult control of file destination,and complex access control,as well as the application requirements of cloud file hierarchical classification management and sharing,a hierarchical file access control scheme with identity-based multi-conditional proxy re-encryption was proposed.Firstly,the permission level of file was taken as the condition of ciphertext generation,and the trusted hierarchical management unit was introduced to determine and manage the user levels.Secondly,the re-encryption key of user’s hierarchical access permission was generated,which solved the problem that the identity-based conditional proxy re-encryption scheme only restricts the re-encryption behavior of proxy servers,and lacks the limitation of the user’s permission.Meanwhile,the burden of client was reduced,which means only encryption and decryption operations were needed for users.The results of comparison and analysis of different schemes show that,compared with the existing access control schemes,the proposed scheme has obvious advantages,it can complete the update of the user’s access permission without the direct participation of users,and has the characteristic of uploader anonymity.

关 键 词：基于身份的代理重加密 文件分级访问控制 分级管理单元 访问权限 上传者匿名 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]