雾计算中用户和属性可撤销的访问控制方案

doi:10.13190/j.jbupt.2020-092

北京邮电大学学报 ›› 2020, Vol. 43 ›› Issue (6): 88-95.doi: 10.13190/j.jbupt.2020-092

雾计算中用户和属性可撤销的访问控制方案

王峥¹, 李玲¹, 李娜²

1. 太原理工大学信息与计算机学院, 晋中 030600;
2. 国网山西省电力公司, 太原 030024

收稿日期:2020-07-17 出版日期:2020-12-28 发布日期:2020-11-30
通讯作者: 李玲(1996-),女,硕士生,E-mail:liling_li_ling@163.com. E-mail:liling_li_ling@163.com
作者简介:王峥(1974-),男,讲师.

Access Control Scheme Supporting Userand Attribute Revocation in Fog Computing

WANG Zheng¹, LI Ling¹, LI Na²

1. College of Information and Computer, Taiyuan University of Technology, Jinzhong 030600, China;
2. State Grid Shanxi Electric Power Company, Taiyuan 030024, China

Received:2020-07-17 Online:2020-12-28 Published:2020-11-30

摘要/Abstract

摘要： 雾计算中的属性基加密技术在解决数据细粒度访问控制问题的同时也带来了用户和属性的撤销问题，对此，提出一种用户和属性可撤销的访问控制方案.改进了现有的基于属性组撤销属性的访问控制方案，使其适用于雾计算，同时提高了密钥更新效率.另外，利用雾节点实现了用户的撤销，同时为了降低用户端的负担，将部分计算和存储开销从用户端转移到了临近的雾节点.基于判定双线性diffie-hellman （DBDH）假设的安全性分析结果表明，所提方案可以抵抗选择明文攻击.对方案进行了理论和实验，分析结果表明，所提方案具有较高的撤销效率和实用价值.

关键词: 雾计算, 访问控制, 撤销, 外包, 属性基加密

Abstract: In fog computing, attribute-based encryption technology not only solves the problem of fine-grained access control of data, but also brings the problem of user and attribute revocation. To solve this problem, an access control scheme that supports user and attribute revocation in fog computing is proposed. The proposed scheme improves the existing access control scheme based on attribute group revocation attributes, making it used in fog computing and improving the efficiency of key update. In addition, users can be revoked by fog nodes. In order to reduce the burden on the user side, part of the calculation overhead is transferred from the user side to the adjacent fog node. The security analysis based on the decisional bilinear diffie-hellman (DBDH) assumption shows that the proposed scheme can resist chosen plaintext attack. Finally, the scheme is analyzed in both theory and experiment. The analysis results show that the proposed scheme has high revocation efficiency and practical value.

Key words: fog computing, access control, revocation, outsourcing, attribute-based encryption

中图分类号:

TP309

王峥, 李玲, 李娜. 雾计算中用户和属性可撤销的访问控制方案[J]. 北京邮电大学学报, 2020, 43(6): 88-95.

WANG Zheng, LI Ling, LI Na. Access Control Scheme Supporting Userand Attribute Revocation in Fog Computing[J]. Journal of Beijing University of Posts and Telecommunications, 2020, 43(6): 88-95.

参考文献

[1] Bonomi F, Milito R, Zhu Jiang, et al. Fog computing and its role in the internet of things[C]//Proceedings of the First Edition of the MCC Workshop on Mobile Cloud Computing. New York:ACM, 2012:13-16.
[2] Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption[C]//2007 IEEE Symposium on Security and Privacy(SP'07). Berkeley:IEEE, 2007:321-334.
[3] Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonic access structures[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security. New York:ACM, 2007:195-203.
[4] Li Yang, Zhu Jianming, Wang Xiuli, et al. Optimized ciphertext-policy attribute-based encryption with efficient revocation[J]. International Journal of Security & Its Applications, 2013, 7(6):385-394.
[5] 陈红松, 沈强磊. 云计算环境下支持高效撤销的新型属性基加密方案[J]. 北京邮电大学学报, 2018, 41(3):113-118. Chen Hongsong, Shen Qianglei. A new type of attribute-based encryption scheme supporting efficient revocation in cloud computing environment[J]. Journal of Beijing University of Posts and Telecommunications, 2018, 41(3):113-118.
[6] 赵志远, 朱智强, 王建华, 等. 云存储环境下无密钥托管可撤销属性基加密方案研究[J]. 电子与信息学报, 2018, 40(1):1-10. Zhao Zhiyuan, Zhu Zhiqiang, Wang Jianhua, et al. Research on keyless escrow and revocable attribute-based encryption scheme in cloud storage environment[J]. Journal of Electronics and Information, 2018, 40(1):1-10.
[7] Attrapadung N, Imai H. Conjunctive broadcast and attribute-based encryption[C]//International Conference on Pairing-Based Cryptography. Berlin:Springer, 2009:248-265.
[8] Liu Zhen, Wong Duncan S. Practical attribute-based encryption:traitor tracing, revocation and large universe[J]. The Computer Journal, 2016, 59(7):983-1004.
[9] Debnath S, Bhuyan B. Large universe attribute based encryption enabled secured data access control for cloud storage with computation outsourcing[J]. Multiagent and Grid Systems, 2019, 15(2):99-119.
[10] Dhal K, Pattnaik P K, Rai S C. RACC:An efficient and revocable fine grained access control model for cloud storage[J]. International Journal of Knowledge-Based and Intelligent Engineering Systems, 2019, 23(1):21-32.
[11] Lian Huijie, Wang Qingxian, Wang Guangbo. Large universe ciphertext-policy attribute-based encryption with attribute level user revocation in cloud storage[J]. International Arab Journal of Information Technology, 2020, 17(1):107-117.
[12] Li Dawei, Liu Jianwei, Wu Qianhong, et al. Efficient CCA2 secure flexible and publicly-verifiable fine-grained access control in fog computing[J]. IEEE Access, 2019, 7:11688-11697.
[13] Hur J, Noh D K. Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2010, 22(7):1214-1221.
[14] Li Jiguo, Yao Wei, Han Jinguang, et al. User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage[J]. IEEE Systems Journal, 2017, 12(2):1767-1777.
[15] Zhang Peng, Chen Zehong, Liu Joseph K, et al. An efficient access control scheme with outsourcing capability and attribute update for fog computing[J]. Future Generation Computer Systems, 2018, 78:753-762.
[16] Qi Qinglin, Tao Fei. A smart manufacturing service system based on edge computing, fog computing, and cloud computing[J]. IEEE Access, 2019, 7:86769-86777.

雾计算中用户和属性可撤销的访问控制方案

Access Control Scheme Supporting Userand Attribute Revocation in Fog Computing

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	康海燕, 张沙沙. 云链协同的工业互联网数据共享访问控制方法[J]. 北京邮电大学学报, 2023, 46(3): 56-61.
[2]	杨华, 耿烜, 孔宁. 一种采用dueling-DDQN算法的无线网络MAC协议[J]. 北京邮电大学学报, 2023, 46(3): 25-30.
[3]	黄龙杨张楠刘笑笑申滨. 异构蜂窝网络中基于雾节点协作贡献度的计算卸载算法[J]. 北京邮电大学学报, 2023, 46(2): 37-42.
[4]	黄晓舸王凡陈志陈前斌. 雾计算网络中联邦学习协同的内容缓存方案[J]. 北京邮电大学学报, 2023, 46(2): 22-28.
[5]	申滨, 刘笑笑, 黄晓舸. 基于多属性决策模型的雾计算用户关联算法[J]. 北京邮电大学学报, 2021, 44(4): 68-74.
[6]	刘宁春, 郜帅, 侯心迪, 国兴昌. 一种信息中心移动自组网中的数据访问控制机制[J]. 北京邮电大学学报, 2021, 44(2): 54-60.
[7]	张静, 罗守山, 杨义先, 辛阳. 安全两方集合交集云外包计算协议[J]. 北京邮电大学学报, 2019, 42(2): 13-18.
[8]	陈红松, 沈强磊. 云计算环境下支持高效撤销的新型属性基加密方案[J]. 北京邮电大学学报, 2018, 41(3): 113-118.
[9]	赵斌, 何泾沙, 张伊璇, 及歆荣, 轩兴刚. 访问控制中基于粗糙集的授权规则知识发现[J]. 北京邮电大学学报, 2016, 39(2): 48-52.
[10]	白磊, 冯振兴, 田立勤. 基于CDMA的水下传感器网络MAC协议设计[J]. 北京邮电大学学报, 2015, 38(s1): 107-110.
[11]	陈丹伟, 吴琼, 陈林铃, 潘甦. 属性基无中央授权中心DMA-ABE方案[J]. 北京邮电大学学报, 2015, 38(5): 77-80.
[12]	谢丽霞, 薄夫宽, 邓强. 多安全域角色信任访问控制模型[J]. 北京邮电大学学报, 2014, 37(3): 83-88.
[13]	范艳芳, 蔡英, 耿秀华. 具有时空约束的强制访问控制模型[J]. 北京邮电大学学报, 2012, 35(5): 111-114.
[14]	张宏海黄赞杰周颢赵保华. 协作的HLBP无线局域网多播差错控制协议[J]. 北京邮电大学学报, 2012, 35(2): 121-125.
[15]	赵保华，池信泽，李濛，周颢. 无线局域网络的可靠多播差错控制协议 [J]. 北京邮电大学学报, 2012, 35(1): 81-84.