支持数据敏感度分级的属性访问控制方案  

作　　者：张绮文 袁凌云[1,2] 王孜冉 Zhang Qiwen;Yuan Lingyun;Wang Ziran(College of Information Science&Technology,Yunnan Normal University,Kunming 650500,China;Key Laboratory of Educational Information for Nationalities,Ministry of Education,Yunnan Normal University,Kunming 650500,China)

机构地区：[1]云南师范大学信息学院,云南昆明650500 [2]云南师范大学民族教育信息化教育部重点实验室,云南昆明650500

出　　处：《网络安全与数据治理》2024年第10期20-27,共8页CYBER SECURITY AND DATA GOVERNANCE

基　　金：国家自然科学基金(62262073);云南省应用基础研究计划(202101AT070098);云南省重大科技专项计划(202402AD080002);云南师范大学“大学生科研训练基金项目”(KX2023019)。

摘　　要：在大数据时代,数据的多源异构性为数据安全管理带来了严峻挑战,同时基于传统密文策略的属性基加密(CP-ABE)方案中仍然存在用户属性撤销性能低下等问题,面向敏感数据群体,提出一种支持数据敏感度分级的属性访问控制方案。首先,设计数据敏感度分级分类策略,对数据进行精准的敏感度评估和分级,为不同敏感度数据提出了差异化的加密策略;在此基础上,结合变色龙哈希(Chameleon Hash)技术,利用其陷门碰撞特点实现CP-ABE加密用户属性的可撤销性,并证明了该方案在一般群模型和随机预言模型下满足IND-CPA安全。性能分析与实验结果表明,所提方案提高了数据存储和加密的效率,降低了链上存储负荷,减少了用户属性撤销时的计算成本,极大地提高了数据管理的灵活性和安全性。In the era of big data,heterogeneous data from multiple sources brings severe challenges to data security management.At the same time,the attribute-based encryption scheme for traditional ciphertext strategies exhibits poor performance in terms of user attribute revocation.Aiming at these problems,an attribute access control scheme that classifies data sensitivity for sensitive data groups is proposed in the paper.Firstly,we establish a data sensitivity classification and grading strategy.Then,we accurately assess and classify data sensitivity and propose differentiated encryption strategies for data with varying sensitivities.Additionally,we achieve the revocability of CP-ABE encrypted user attributes based on the trapdoor collision feature of chameleon hash algorithm.The scheme is proven to satisfy IND-CPA security under the general group and random oracle models.Furthermore,performance analysis and experimental results show that the proposed scheme can improve the efficiency of data storage and encryption,reduce the burden of blockchain storage and computational costs when user attributes are revoked.As a result,this scheme dramatically improves the flexibility and security of data management.

关 键 词：数据分级分类 属性基加密 属性撤销 变色龙哈希 区块链 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术] TP309[自动化与计算机技术—计算机科学与技术]