可实现丰富认证策略的两方属性基会话密钥协商协议  

作　　者：胡声洲[1] 钟婷婷 何华[2] 王幸福 Hu Shengzhou;Zhong Tingting;He Hua;Wang Xingfu(Gannan Normal University,Ganzhou Jiangxi 341000,China;First Affiliated Hospital of Gannan Medical College,Ganzhou Jiangxi 341000,China)

机构地区：[1]赣南师范大学,江西赣州341000 [2]赣南医学院第一附属医院,江西赣州341000

出　　处：《计算机应用研究》2022年第4期1213-1217,1223,共6页Application Research of Computers

基　　金：国家自然科学基金资助项目(61562003,31660321);江西省科技厅重点研发计划资助项目(20171BBE50065);江西省教育厅科技项目(GJJ201402)。

摘　　要：为解决云环境中基于传统属性基加密技术会话密钥协商协议的数据访问策略不能反映跨多个属性之间复杂关系,导致其用户认证能力和灵活性不足问题,提出一种基于附加属性关系条件的线性密钥分享方案的用户认证结构,并基于该结构构造了一种属性基会话密钥协商协议。该协议提供了更加通用的基于用户属性的认证策略,同时维护了其模糊身份认证特性,实现对满足复杂属性关系条件的用户之间交换会话密钥。该协议在基于属性的Blake-Johnson-Menezes(BJM)模型、选择访问结构安全模型和判定性q-并行双线性Diffie-Hellman指数(q-PBDHE)假设下证明了该协议的安全性。通过实验比较分析类似协议的性能,结果表明该协议在包含较多复杂属性条件认证场景中使用具有较高效率,具有广泛的应用场景。In the cloud environment,the data access policy based on the traditional attribute-based encryption(ABE)techno-logy in the session key agreement protocol cannot reflect the complex relationships of many attributes,which leads to the lack of user authentication ability and the flexibility.To solve the problem,this paper presented a user authentication structure of linear secret sharing scheme(LSSS)based on the attached condition expression of complex attribute relations,and introduced an attribute-based key agreement protocol based on the structure.The protocol realized a more general user authentication policy based on user attributes,maintained the fuzzy identity authentication feature,and provided the exchange of session keys between the users who both met the conditions of the attribute relationships.Under the attribute-based Blake-Johnson-Menezes(AB-BJM)model,the security model of selective access structure and the decisional q-parallel bilinear Diffie-Hellman exponent(q-PBDHE)hypothesis,the protocol proves to be secure.Compared and analyzed the similar protocols through experiment,the protocol has better performance in the application scenarios containing the more complicated relationships of attributes,and has wide application prospect.

关 键 词：丰富认证策略 线性秘密分享方案 属性基加密 密钥协商协议 属性条件 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]