卫星网络中支持策略隐藏的多授权访问控制方案

doi:10.11772/j.issn.1001-9081.2018081959

计算机应用 ›› 2019, Vol. 39 ›› Issue (2): 470-475.DOI: 10.11772/j.issn.1001-9081.2018081959

卫星网络中支持策略隐藏的多授权访问控制方案

王亚琼^1,2, 史国振², 谢绒娜³, 李凤华⁴, 王雅哲³

1. 西安电子科技大学通信工程学院, 西安 710071;
2. 北京电子科技学院电子与通信工程系, 北京 100070;
3. 北京电子科技学院密码科学与技术系, 北京 100070;
4. 中国科学院信息工程研究所信息安全国家重点实验室, 北京 100093

收稿日期:2018-09-20 修回日期:2018-11-15 出版日期:2019-02-10 发布日期:2019-02-15
通讯作者: 史国振
作者简介:王亚琼(1994-),女,山西朔州人,硕士研究生,主要研究方向:访问控制;史国振(1974-),男,河南济源人,副教授,博士,主要研究方向:网络与系统安全、嵌入式安全;谢绒娜(1976-),女,山西永济人,副教授,博士,主要研究方向:访问控制、网络安全;李凤华(1966-),男,湖北黄冈人,研究员,博士生导师,博士,主要研究方向:网络与系统安全、信息保护、隐私计算;王雅哲(1995-),女,河北邯郸人,硕士研究生,主要研究方向:访问控制、网络安全。
基金资助:
国家重点研发计划项目（2016YFB0800304）。

Multi-authority access control scheme with policy hiding of satellite network

WANG Yaqiong^1,2, SHI Guozhen², XIE Rongna³, LI Fenghua⁴, WANG Yazhe³

1. School of Telecommunications Engineering, Xidian University, Xi'an Shaanxi 710071, China;
2. Department of Electronics and Communication Engineering, Beijing Electronic Science and Technology Institute, Beijing 100070, China;
3. Department of Cryptography and Technology, Beijing Electronic Science and Technology Institute, Beijing 100070, China;
4. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China

Received:2018-09-20 Revised:2018-11-15 Online:2019-02-10 Published:2019-02-15
Supported by:
This work is partially supported by the National Key Research and Development Program of China (2016YFB0800304).

摘要/Abstract

摘要： 卫星网络具有信道开放、节点暴露、星上处理能力受限等独有特征，但现有的基于密文策略的属性加密（CP-ABE）的访问控制不支持策略完全隐藏且属性授权方式不适用于卫星网络，为此，提出支持策略隐藏的多授权访问控制方案。该方案采用更灵活的线性秘密共享（LSSS）矩阵访问结构，不仅能有效保证数据机密性，而且能通过混淆访问结构实现策略完全隐藏；采用多授权机构实现细粒度的属性管控，能消除中心授权机构的性能瓶颈；各属性授权机构独立工作且密钥生成分权，能有效抵抗合谋攻击。安全性及性能分析表明，所提方案满足数据机密性、抗合谋攻击和完全策略隐藏的安全需求，比对比方案更适合卫星网络。

关键词: 访问控制, 密文策略的属性加密, 策略隐藏, 多授权机构, 卫星网络

Abstract: Satellite network has unique characteristics that differ from traditional networks, such as channel openness, node exposure and limited onboard processing capability. However, existing Ciphertext-Policy Attribute-Based Encryption (CP-ABE) access control is not suitable for the satellite network due to its policy explosion and attribute-based authorization manner. To address this problem, a multi-authority access control scheme with policy hiding of satellite network was proposed. Linear Secret Sharing Scheme (LSSS) matrix access structure was adopted to guarantee data confidentiality and hide the access control policy completely by obfuscating the access structure. In addition, multi-authority was used to achieve fine-grained attribute management, eliminating the performance bottleneck of central authority. Each attribute authority worked independently and generated partial key of the user, which makes it resistant to collusion attacks. The security and performance analysis show that the proposed scheme can satisfy the security requirements of data confidentiality, collusion attack resistance and complete policy hiding, and is more suitable for satellite network than the comparison solutions.

Key words: access control, ciphertext-policy attribute-based encryption, policy hiding, multi-authority, satellite network

中图分类号:

TP302

王亚琼, 史国振, 谢绒娜, 李凤华, 王雅哲. 卫星网络中支持策略隐藏的多授权访问控制方案[J]. 计算机应用, 2019, 39(2): 470-475.

WANG Yaqiong, SHI Guozhen, XIE Rongna, LI Fenghua, WANG Yazhe. Multi-authority access control scheme with policy hiding of satellite network[J]. Journal of Computer Applications, 2019, 39(2): 470-475.

参考文献

[1] 李凤华,殷丽华,吴巍,等.天地一体化信息网络安全保障技术研究进展及发展趋势[J].通信学报,2016,37(11):156-168.(LI F H, YIN L H, WU W, et al. Research status and development trends of security assurance for space-ground integration information network[J]. Journal on Communications, 2016, 37(11):156-168.)
[2] 封孝生,刘德生,乐俊,等.临近空间信息资源访问控制策略初探[J].计算机应用研究,2008,25(12):3702-3704.(FENG X S, LIU D S, LE J, et al. Exploration on access control to near space information resources[J]. Application Research of Computers, 2008, 25(12):3702-3704.)
[3] QI H, MA H, LI J, et al. Access control model based on role and attribute and its applications on space-ground integration networks[C]//Proceedings of the 4th International Conference on Computer Science and Network Technology. Piscataway, NJ:IEEE, 2015:1118-1122
[4] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, LNCS 3494. Berlin:Springer, 2005:457-473.
[5] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy. Washington, DC:IEEE Computer Society, 2007:321-334.
[6] YADAV U C, ALI S T. Ciphertext policy-hiding attribute-based encryption[C]//Proceedings of the 2015 International Conference on Advances in Computing, Communications and Informatics. Washington, DC:IEEE Computer Society, 2015:2067-2071.
[7] PHUONG T V X, YANG G, SUSILO W. Hidden ciphertext policy attribute-based encryption under standard assumptions[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(1):35-45.
[8] ZHOU Z, HUANG D, WANG Z. Efficient privacy-preserving ciphertext-policy attribute based encryption and broadcast encryption[J]. IEEE Transactions on Computers, 2014, 64(1):126-138.
[9] XU R, LANG B. A CP-ABE scheme with hidden policy and its application in cloud computing[J]. International Journal of Cloud Computing, 2015, 4(4):279-298.
[10] 宋衍,韩臻,刘凤梅,等.基于访问树的策略隐藏属性加密方案[J].通信学报,2015,36(9):119-126.(SONG Y, HAN Z, LIU F M, et al. Attribute-based encryption with hidden policies in the access tree[J]. Journal on Communications, 2015, 36(9):119-126.)
[11] 孙国梓,董宇,李云.基于CP-ABE算法的云存储数据访问控制[J].通信学报,2011,32(7):146-152.(SUN G Z, DONG Y, LI Y. CP-ABE based data access control for cloud storage[J]. Journal on Communications, 2011, 32(7):146-152.)
[12] 雷蕾,蔡权伟,荆继武,等.支持策略隐藏的加密云存储访问控制机制[J].软件学报,2016,27(6):1432-1450.(LEI L, CAI Q W, JIN J W, et al. Enforcing access controls on encrypted cloud storage with policy hiding[J]. Journal of Software, 2016, 27(6):1432-1450.)
[13] LAI J, DENG R H, LI Y. Expressive CP-ABE with partially hidden access structures[C]//Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. New York:ACM, 2012:18-19.
[14] NISHIDE T, YONEYAMA K, OHTA K. Attribute-based encryption with partially hidden encryptor-specified access structures[C]//Proceedings of the 2008 International Conference on Applied Cryptography and Network Security, LNCS 5037. Berlin:Springer, 2008:111-129.
[15] CHASE M. Multi-authority attribute based encryption[C]//Proceedings of the 2007 Conference on Theory of Cryptography, LNCS 4392. Berlin:Springer, 2007:515-534
[16] MVLLER S, KATZENBEISSER S, ECKERT C. Distributed attribute-based encryption[C]//Proceedings of the 2008 International Conference on Information Security and Cryptology, LNCS 5461. Berlin:Springer, 2008:20-36.
[17] LIU Z, CAO Z, HUANG Q, et al. Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles[C]//Proceedings of the 2011 European Symposium on Research in Computer Security, LNCS 6879. Berlin:Springer, 2011:278-297.
[18] DE S J, RUJ S. Decentralized access control on data in the cloud with fast encryption and outsourced decryption[C]//Proceedings of the 2015 IEEE Global Communications Conference. Piscataway, NJ:IEEE, 2015:1-6.
[19] CHASE M, CHOW S S M. Improving privacy and security in multi-authority attribute-based encryption[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security. New York:ACM, 2009:121-130.
[20] LIN H, CAO Z, LAING X, et al. Secure threshold multi authority attribute based encryption without a central authority[C]//Proceedings of the 2008 International Conference on Cryptology in India, LNCS 5365. Berlin:Springer, 2008:426-436.
[21] LEWKO A, WATERS B. Decentralizing attribute-based encryption[C]//Proceedings of the 2011 Annual International Conference on the Theory and Applications of Cryptographic Techniques, LNCS 6632. Berlin:Springer, 2011:568-588.
[22] BEIMEL A. Secure schemes for secret sharing and key distribution[D]. Technion:Israel Institute of Technology, 1996.
[23] KATE A, ZAVERUCHA G, GOLDBERG I. Pairing-based onion routing[C]//Proceedings of the 7th International Conference on Privacy Enhancing Technologies, LNCS 4776. Berlin:Springer, 2007:95-112.

卫星网络中支持策略隐藏的多授权访问控制方案

Multi-authority access control scheme with policy hiding of satellite network

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	葛纪红, 沈韬. 基于区块链的能源数据访问控制方法[J]. 计算机应用, 2021, 41(9): 2615-2622.
[2]	葛丽娜, 胡雨谷, 张桂芬, 陈园园. 云计算环境基于客体属性匹配的逆向混合访问控制方案[J]. 计算机应用, 2021, 41(6): 1604-1610.
[3]	杜心雨, 王化群. LTE-A网络中基于动态组的有效的身份认证和密钥协商方案[J]. 计算机应用, 2021, 41(6): 1715-1722.
[4]	包玉龙, 朱雪阳, 张文辉, 孙鹏飞, 赵颖琪. 物联网应用中访问控制智能合约的形式化验证[J]. 计算机应用, 2021, 41(4): 930-938.
[5]	李莉, 杨鸿飞, 董秀则. 基于身份多条件代理重加密的文件分级访问控制方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3251-3256.
[6]	王海勇, 潘启青, 郭凯璇. 基于区块链和用户信用度的访问控制模型[J]. 计算机应用, 2020, 40(6): 1674-1679.
[7]	史锦山, 李茹, 松婷婷. 基于区块链的物联网访问控制框架[J]. 计算机应用, 2020, 40(4): 931-941.
[8]	付伟, 顾晨阳, 高强. 基于属性加密的多用户共享ORAM方案[J]. 计算机应用, 2020, 40(2): 497-502.
[9]	王海勇, 彭垚, 郭凯璇. 云存储中基于代理重加密的CP-ABE访问控制方案[J]. 计算机应用, 2019, 39(9): 2611-2616.
[10]	贾梦瑶, 王兴伟, 张爽, 易波, 黄敏. 基于软件定义网络的卫星网络容错路由机制[J]. 计算机应用, 2019, 39(6): 1772-1779.
[11]	罗霄峰, 杨兴春, 胡勇. 改进的基于属性的访问控制策略评估管理决策图[J]. 计算机应用, 2019, 39(12): 3569-3574.
[12]	明洋, 何宝康. 支持属性撤销的可验证外包的多授权属性加密方案[J]. 计算机应用, 2019, 39(12): 3556-3562.
[13]	曹震寰, 蔡小孩, 顾梦鹤, 顾小卓, 李晓伟. 基于访问控制列表机制的Android权限管控方案[J]. 计算机应用, 2019, 39(11): 3316-3322.
[14]	杨宏宇, 宁宇光. 云平台访问控制自适应风险评估指标权重分配方法[J]. 计算机应用, 2018, 38(6): 1614-1619.
[15]	周逊, 周海东, 任智, 邹明芮, 李光彬. 高效快速的太赫兹无线个域网双信道MAC协议[J]. 计算机应用, 2018, 38(5): 1436-1441.