Journal of Computer Applications ›› 2021, Vol. 41 ›› Issue (11): 3251-3256.DOI: 10.11772/j.issn.1001-9081.2020121998

• Cyber security • Previous Articles     Next Articles

Hierarchical file access control scheme with identity-based multi-conditional proxy re-encryption

Li LI1(), Hongfei YANG2, Xiuze DONG1   

  1. 1.Department of Electronic and Communication Engineering,Beijing Electronic Science and Technology Institute,Beijing 100070,China
    2.School of Computer Science and Technology,Xidian University,Xi’an Shaanxi 710071,China
  • Received:2020-12-18 Revised:2021-08-08 Accepted:2021-08-18 Online:2021-08-08 Published:2021-11-10
  • Contact: Li LI
  • About author:LI Li,born in 1974,Ph. D.,associate professor. Her research interests include network and system security,embedded system security
    YANG Hongfei,born in 1998,M. S. candidate. His research interests include information system security
    DONG Xiuze,born in 1976,M. S.,associate professor. His research interests include information security,cryptography engineering.
  • Supported by:
    the National Key Research and Development Program of China(2017YFB0801803)


李莉1(), 杨鸿飞2, 董秀则1   

  1. 1.北京电子科技学院 电子与通信工程系,北京 100070
    2.西安电子科技大学 计算机科学与技术学院,西安 710071
  • 通讯作者: 李莉
  • 作者简介:李莉(1974—),女,山东青岛人,副教授,博士,主要研究方向:网络与系统安全、嵌入式系统安全
    杨鸿飞(1998—),男,河南洛 阳人,硕士研究生,主要研究方向:信息系统安全
  • 基金资助:


In view of the problems of traditional file sharing schemes, such as easy leakage of files, difficult control of file destination, and complex access control, as well as the application requirements of cloud file hierarchical classification management and sharing, a hierarchical file access control scheme with identity-based multi-conditional proxy re-encryption was proposed. Firstly, the permission level of file was taken as the condition of ciphertext generation, and the trusted hierarchical management unit was introduced to determine and manage the user levels. Secondly, the re-encryption key of user’s hierarchical access permission was generated, which solved the problem that the identity-based conditional proxy re-encryption scheme only restricts the re-encryption behavior of proxy servers, and lacks the limitation of the user’s permission. Meanwhile, the burden of client was reduced, which means only encryption and decryption operations were needed for users. The results of comparison and analysis of different schemes show that, compared with the existing access control schemes, the proposed scheme has obvious advantages, it can complete the update of the user’s access permission without the direct participation of users, and has the characteristic of uploader anonymity.

Key words: identity-based proxy re-encryption, hierarchical file access control, hierarchical management unit, access permission, uploader anonymity



关键词: 基于身份的代理重加密, 文件分级访问控制, 分级管理单元, 访问权限, 上传者匿名

CLC Number: