高效可撤销的雾协同云访问控制方案

doi:10.3778/j.issn.1002-8331.2102-0181

摘要/Abstract

摘要： 密文策略属性加密技术在实现基于云存储的物联网系统中数据细粒度访问控制的同时，也带来了用户与属性的撤销问题。然而，在现有的访问控制方案中，基于时间的方案往往撤销并不即时，基于第三方的方案通常需要大量重加密密文，效率较低且开销较大。为此，基于RSA密钥管理机制提出了一种高效的支持用户与属性即时撤销的访问控制方案，固定了密钥与密文的长度，借助雾节点实现了用户撤销，同时将部分加解密工作从用户端卸载到临近的雾节点，降低了用户端的计算负担。基于aMSE-DDH假设的安全性分析结果表明，方案能够抵抗选择密文攻击。通过理论分析和实验仿真表明，所提方案能够为用户属性变更频繁且资源有限的应用场景提供高效的访问控制。

关键词: 雾计算, 访问控制, 用户与属性撤销, 密钥与密文定长, 外包

Abstract: Ciphertext-policy attribute-based encryption not only realizes the fine-grained access control of data in IoT system based on cloud storage, but also brings the problem of user and attribute revocation. However, in the existing access control schemes, the time-based schemes are difficult to achieve immediate revocation, and the third-party-based schemes usually require a large number of re-encrypted ciphertexts, the efficiency is low and the cost is large. Therefore, an efficient access control scheme supports immediate revocation of user and attribute based on RSA key management mechanism is proposed. The length of the keys and ciphertexts are fixed. With the help of fog nodes, user revocation is realized. At the same time, part of the encryption and decryption work is unloaded from the client to the nearby fog node, which reduces the computing burden of the client. The results of security analysis based on aMSE-DDH hypothesis show that the scheme can resist chosen-ciphertext attack. Theoretical analysis and experiments prove that the proposed scheme can provide efficient access control for application scenarios with frequent user and attribute changes and limited resources.

Key words: fog computing, access control, user and attribute revocation, constant-size keys and ciphertexts, outsourcing

孙枭, 王峥, 李玲. 高效可撤销的雾协同云访问控制方案[J]. 计算机工程与应用, 2022, 58(13): 112-118.

SUN Xiao, WANG Zheng, LI Ling. Efficient and Revocable Fog-Assisted Cloud Access Control Scheme[J]. Computer Engineering and Applications, 2022, 58(13): 112-118.

参考文献

[1] SICARI S，RIZZARDI A，COEN-PORISINI A.5G in the internet of things era：An overview on security and privacy challenges[J].Computer Networks，2020，179.
[2] ZHANG C H.Design and application of fog computing and Internet of things service platform for smart city[J].Future Generation Computer Systems，2020，112：630-640.
[3] STOLFO S，SALEM M，A.KEROMYTIS A.Fog computing：Mitigating insider data theft attacks in the cloud[C]//Proceedings of 2012 IEEE Symposium on Security and Privacy Workshops，2012：125-128.
[4] TEDESCHI P，SCIANCALEPORE S.Edge and fog computing in critical infrastructures：Analysis，security threats，and research challenges[C]//Proceedings of 2019 IEEE European Symposium on Security and Privacy Workshops，2019：1-10.
[5] ZHANG P，K.LIU J，YU F，et al.A survey on access control in fog computing[J].IEEE Communications Magazine，2018，56（2）：144-149.
[6] BETHENCOURT J，SAHAI A，WATERS B.Ciphertext-policy attribute?based encryption[C]//Proceedings of 2007 IEEE Symposium on Security and Privacy，Berkeley，2007：321-334.
[7] PIRRETTI M，TRAYNOR P，MCDANIEL P，et al.Secure attribute-based systems[J].Journal of Computer Security，2010，18（5）：799-837.
[8] 唐忠原，何利文，陈超，等.固定密钥与密文长度的访问控制方案[J].计算机技术与发展，2018，28（11）：128-134.
TANG Z Y，HE L W，CHEN C，et al.An access control scheme based on constant-size keys and ciphertexts[J].Computer Technology and Development，2018，28（11）：128-134.
[9] 陈红松，沈强磊.云计算环境下支持高效撤销的新型属性基加密方案[J].北京邮电大学学报，2018，41（3）：113-118.
CHEN H S，SHEN Q L.A new type of attribute-based encryption scheme supporting efficient revocation in cloud computing environment[J].Journal of Beijing University of Posts and Telecommunications，2018，41（3）：113-118.
[10] CUI H，DENG R H，LI Y，et al.Server-aided revocable attribute-based encryption[C]//Proceedings of the 21st European Symposium on Research in Computer Security，2016：570-587.
[11] JUNG T，LI X，WAN Z G，et al.Privacy preserving cloud data access with multi-authorities[C]//Proceedings of IEEE INFOCOM，Turin，Italy，2013：2625-2633.
[12] WAN Z G，LIU J，DENG R H.HASBE：A hierarchical attribute-based solution for flexible and scalable access control in cloud computing[J].IEEE Transactions on Information Forensics and Security，2012，7（2）：743-754.
[13] 李继国，石岳蓉，张亦辰.隐私保护且支持用户撤销的属性基加密方案[J].计算机研究与发展，2015，52（10）：2281-2292.
LI J G，SHI Y R，ZHANG Y C.A privacy preserving attribute-based encryption scheme with user revocation[J].Journal of Computer Research and Development，2015，52（10）：2281-2292.
[14] IBRAIMI L，PETKOVIC M，NIKOVA S，et al.Mediated ciphertext-policy attribute-based encryption and its application[C]//Proceedings of 10th International Workshop on Information Security Applications，2009：309-323.
[15] HUR J，NOH D K.Attribute-based access control with efficient revocation in data outsourcing systems[J].IEEE Transactions on Parallel and Distributed Systems，2010，22（7）：1214-1221.
[16] LI J G，YAO W，HAN J G，et al.User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage[J].IEEE Systems Journal，2017，12（2）：1767-1777.
[17] LI L，WANG Z，LI N.Efficient attribute-based encryption outsourcing scheme with user and attribute revocation for fog-enabled IoT[J].IEEE Access，2020，8：176738-176749.
[18] 强衡畅，王晓明.一种高效细粒度云存储访问控制方案[J].计算机与数字工程，2014，42（9）：1673-1677.
QIANG H C，WANG X M.Fine-grained access control with efficient revocation in cloud storage[J].Computer and Digital Engineering，2014，42（9）：1673-1677.
[19] 宋可，吴宏建.云存储中基于隐私保护的高效的微型加密方案[J].电子技术应用，2016，42（7）：111-113.
SONG K，WU H J.Cloud storage based on privacy protection and efficient micro-encryption scheme[J].Application of Electronic Technique，2016，42（7）：111-113.
[20] WANG W，ZHANG G D，SHEN Y J.A CP-ABE scheme supporting attribute revocation and policy hiding in outsourced environment[C]//Proceedings of IEEE International Conference on Software Engineering and Service Sciences，2018：96-99.
[21] GUO F，MU Y，SUSILO W，et al.CP-ABE with constant-size keys for lightweight devices[J].IEEE Transactions on Information Forensics and Security，2014，9（5）：763-771.
[22] BOWE S，CHIESA A，GREEN M，et al.ZEXE：Enabling decentralized private computation[C]///Proceedings of 2020 IEEE Symposium on Security and Privacy，2020：947-964.