边云协同场景中基于动态属性权限的群组密钥协商协议  

作　　者：张启坤 朱亮[2] 韩桂锋 刘梦琪 金保华 李元章[3] ZHANG Qi-kun;ZHU Liang;HAN Gui-feng;LIU Meng-qi;JIN Bao-hua;LI Yuan-zhang(School of Computer and Communication Engineering,Zhengzhou University of Light Industry,Zhengzhou,Henan 450002,China;School of Software Engineering,East China Normal University,Shanghai 200062,China;School of Computer Science and Technology,Beijing Institute of Technology,Beijing 100081,China)

机构地区：[1]郑州轻工业大学计算机与通信工程学院,河南郑州450002 [2]华东师范大学软件工程学院,上海200062 [3]北京理工大学计算机学院,北京100081

出　　处：《电子学报》2024年第6期1911-1924,共14页Acta Electronica Sinica

基　　金：国家自然科学基金(No.61971380,No.62072037,No.61772477);郑州市协同创新专项(No.2021ZDPY0206)。

摘　　要：针对边云协同应用场景中多域间终端的安全通信、信息安全交换及安全资源共享等问题,提出一种基于动态属性权限的群组密钥协商(Group Key Agreement,GKA)协议,为应用场景中的群组终端之间建立了一条安全的通信信道.协议提出了一种密钥证实算法,解决了传统方案中密钥生成和密钥分发造成的安全隐患;采用隐藏属性认证技术实现对终端身份认证,同时,保障了终端的身份和属性信息不被泄露;采用属性基加密(Attribute-Based Encryption,ABE)与牛顿插值多项式相结合的方式,能够支持安全细粒度的GKA;采用非对称计算,将计算任务转移到边缘服务器上执行,减轻终端的计算量;利用区块链技术不可篡改的特性,实现终端身份和通信信息的完整性验证和数据的可追溯性.此外,该协议支持属性权限动态更新,保障群组密钥的新鲜性.通过与应用的文献进行对比分析,本协议在计算时间、计算能耗和通信能耗方面具有较好的性能.In the edge-cloud collaborative application scenario,there are many problems in the secure communication,information security exchange and secure resource sharing of multi domain terminals.In order to solve these problems,a group key agreement(GKA)protocol based on dynamic attribute permissions is proposed.In the protocol,a key verification algorithm is proposed to solve the security problems caused by key generation and key distribution in the traditional scheme.The hidden attribute authentication technology is adopted to realize terminal identity authentication.At the same time,hidden attribute authentication technology ensures that the terminal identity and attribute information are not disclosed.In the protocol,the combination of attribute-based encryption(ABE)and Newton interpolation polynomial is adopted,which can support secure fine-grained group key agreement.By adopting asymmetric computing,the computing tasks are transferred to the edge server for execution to reduce the computing load of the terminal.The tamper-proof characteristics of blockchain technology are applied to realize the integrity verification of terminal identity and communication information so that the data can be traced.In addition,the protocol supports dynamic updating of attribute permissions to ensure the freshness of groups.Compared with the applied literature,this protocol has good performance in computing time,computing energy consumption and communication energy consumption.

关 键 词：边云协同 群组密钥协商 牛顿插值多项式 属性基加密 动态属性权限 隐藏属性认证 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]