计算机应用 ›› 2017, Vol. 37 ›› Issue (6): 1587-1592.DOI: 10.11772/j.issn.1001-9081.2017.06.1587

• 网络空间安全 • 上一篇    下一篇

基于动态信用等级的密文访问控制方案

陈丹伟, 杨晟   

  1. 南京邮电大学 计算机学院, 南京 210003
  • 收稿日期:2016-11-16 修回日期:2017-01-13 出版日期:2017-06-10 发布日期:2017-06-14
  • 通讯作者: 杨晟
  • 作者简介:陈丹伟(1970-),男,陕西商洛人,教授,博士,主要研究方向:计算机通信网与安全、云计算、大数据、嵌入式系统;杨晟(1992-),男,江苏南京人,硕士研究生,主要研究方向:信息安全、云计算、大数据。
  • 基金资助:
    国家242信息安全计划项目(2015A051,2012A138);国家十一五科技支撑计划项目(2007BAK34B06);国家十五科技攻关计划项目(2004BA811B04)。

Dynamic trust level based ciphertext access control scheme

CHEN Danwei, YANG Sheng   

  1. College of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210003, China
  • Received:2016-11-16 Revised:2017-01-13 Online:2017-06-10 Published:2017-06-14
  • Supported by:
    This work is partially supported by the National Information Security Program (242 Program) of China (2015A051, 2012A138), the Key Projects in the National Science and Technology Pillar Program during the 11th Five-year Plan Period (2007BAK34B06), the National Key Technology Research and Development Program of China during the 10th Five-year Plan Period (2004BA811B04).

摘要: 针对属性基加密机制(ABE)在移动互联网环境中计算开销较大且不够灵活的问题,提出了一种基于动态信用等级的密文策略属性基加密(CP-ABE)方案。首先,该方案引入"信用等级"属性用来标识用户的"信用"并以此划分用户等级,高"信用等级"用户仅需常数级的计算开销即可解密;同时,中央授权中心(CA)在设定的时间阈值评估用户的访问行为并动态更新用户的"信用等级",更新算法避免私钥的完全重新生成。理论分析和实验结果表明,随着高"信用等级"用户占比升高,所提方案系统总时间开销不断减少,最终达到稳定并优于传统方案。该方案在保证安全性的前提下,总体上提高了移动互联网环境中访问控制的效率。

关键词: 访问控制, 属性基加密, 信用等级, 行为评估, 属性更新

Abstract: Concerning the problems of Attribute-Based Encryption (ABE) such as high computational consumption and lack of flexibility in mobile Internet, a dynamic trust level based Ciphertext-Policy ABE (CP-ABE) scheme was proposed. Firstly, the "trust level" attribute was defined to indicate user's trusted level and divide users into different classes. User with high "trust level" was be able to decrypt the message in a constant computational overhead. Meanwhile, Central Authority (CA) was allowed to evaluate user's access behavior within the certain time threshold. Only the user's "trust level" was updated dynamically by the updating algorithm instead of complete re-generating of secret key. Theoretical analysis and experimental results show that, with the growing proportion of high "trust level" user, the total time consumption of the proposed scheme was decreased until being stable and finally was superior to the traditional scheme. The proposed scheme can improve the access control efficiency in mobile Internet on the premise of keeping the security standard.

Key words: access control, Attribute-Based Encryption (ABE), trust level, behavior evaluating, attribute updating

中图分类号: