Nothing Special   »   [go: up one dir, main page]

CN108418784B - Distributed cross-domain authorization and access control method based on attribute password - Google Patents

Distributed cross-domain authorization and access control method based on attribute password Download PDF

Info

Publication number
CN108418784B
CN108418784B CN201711260376.6A CN201711260376A CN108418784B CN 108418784 B CN108418784 B CN 108418784B CN 201711260376 A CN201711260376 A CN 201711260376A CN 108418784 B CN108418784 B CN 108418784B
Authority
CN
China
Prior art keywords
user
attribute
key
gid
service node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711260376.6A
Other languages
Chinese (zh)
Other versions
CN108418784A (en
Inventor
陈壮
肖敏
刘雪娇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Dayu Chuangfu Technology Co ltd
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN201711260376.6A priority Critical patent/CN108418784B/en
Publication of CN108418784A publication Critical patent/CN108418784A/en
Application granted granted Critical
Publication of CN108418784B publication Critical patent/CN108418784B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a distributed cross-domain authorization and access control method based on an attribute password, which is mainly used for solving the cross-domain authorization and access control problems in a large-scale distributed environment. The invention designs a multi-authority (AAs) and a Hierarchical Attribute Encryption mechanism (MA-HABE-CKD) with controlled key delegation, supports non-centralized and controlled security authorization for users in multiple domains, prevents key delegation abuse, and realizes non-interactive access control on the basis of the non-centralized and controlled security authorization. The method also supports outsourcing of decryption, and supports a lightweight user to obtain authorization to access the system.

Description

Distributed cross-domain authorization and access control method based on attribute password
Technical Field
The invention belongs to the field of data security storage access in the computer information security discipline, and particularly relates to a distributed cross-domain authorization and access control method in a distributed environment.
Background
With the rapid development of computer technology and the internet, a large amount of data generated every day is stored on a computer in a digitized form. Cloud computing is an emerging technology in which users can lease the storage and computing resources of a server (also called a cloud) provided by a company. The user only needs to connect to an internet terminal, a smart phone or a tablet computer. The application runs in the cloud, not the user's machine. The cloud can store large amounts of data so mobile users do not have to carry their data. Some cloud providers offer application services (e.g., Google Apps, Microsoft online), and some provide infrastructure support (e.g., Amazon's EC2, Eucalyptus, Nimbus). This distributed data access process is becoming a trend; the cloud computing technology provides an effective solution for storage and processing of mass data, and provides a large number of different types of services; the fog calculation is taken as a hot spot discussed by the public at present, and the advantages of low delay, location perception and widely distributed location nodes are utilized. In the real life environment, the related fog computing equipment can not only improve the computing efficiency of data, but also feed back the data to the user in time. By utilizing the characteristics of the geographical location where the mist devices are widely distributed, the user can effectively and quickly access the data. In technologies such as distributed processing, storage and virtualization relying on fog computing, fog computing is really an effective solution for solving management, analysis and mining of data. In a fog computing environment, a user can store data in a fog device, but the data storage mode can cause the user to lose safety management control over the data, so that great potential safety hazards are brought to the data on the fog device. For example, various sensitive data and the like stored in smart bracelets, smart homes and smart office systems can have a great negative effect on people's daily life and work once the private information is revealed.
However, the protection requirement of the user on the data privacy information can be realized through the data encryption technology and the access control method. The traditional access control method needs a completely trusted server and a trusted administrator to execute, the number of users in the system and the size of stored data become a bottleneck of the system efficiency, and if the server is attacked by an attacker, the user privacy data stored on the server will be leaked, so that the traditional access control method is not suitable for the existing fog computing environment. The traditional public key cryptography or symmetric encryption mechanism needs to generate different keys for different users, so that the same file is encrypted by using different keys for an encryptor and stored on a server. In the fog computing environment, a data owner does not need to know in advance which users need to access the data, and only needs to encrypt the data needing to be shared according to an encryption strategy, and in the environment, an encryption scheme constructed under a traditional access control mechanism cannot provide fine-grained access, so that the traditional encryption technology and the access control method cannot be effectively applied to the fog computing environment.
Based on the existing problems, Attribute-Based Encryption (ABE) is considered to be one of the technologies most suitable for solving the security protection of private data in a fog computing environment and realizing fine-grained data access at present, and the method can realize a one-to-many Encryption access control mechanism and has the characteristics of expandability and distribution. The ABE has two extended structures, one is an ABE based on a ciphertext policy (CP-ABE) and an ABE based on a key policy (KP-ABE), in the CP-ABE, a key of each user is related to a group of attribute sets, and the ciphertext is related to an access structure; in KP-ABE, instead, the ciphertext is associated with a set of attributes, and the user's key is associated with the access structure. When the ABE is applied to a fog computing environment, the CP-ABE is more suitable for data access control when the data owner can effectively manage and control the private data stored on the fog device, and the data owner can freely define which users with which attributes can access the private data stored on the fog device.
In a fog environment, however, there is a need for: the user needs to entrust the own key to other users in a specific environment, and the method not only can lead the user to fully utilize the own key, but also can reduce the calculation expense and the efficiency problem that the user needs to submit a registration request to the system each time to a certain extent. In the existing attribute encryption research, an author Wang and the like in a document of 'Hierarchical attribute-based encryption for defined access control in closed storage services', proposes an effective key delegation mechanism in a Hierarchical attribute encryption scheme, and can realize key delegation among users; an efficient key distribution method is proposed in CN105915333A, but only a single attribute authority distributes keys, which greatly increases the burden of authority in the actual implementation process. In chinese patent document CN2015101068880.5, a patent entitled "a distributed access control method based on attribute encryption" proposes an encryption method capable of protecting the privacy and security of data, and realizing efficient distributed and scalable fine-grained access control, which shares the workload of a single authority by using multiple authorities, and can realize efficient outsourcing decryption and user revocation, but does not perform hierarchical management on attributes, and is inefficient. CN106059763A proposes a hierarchical ciphertext encryption strategy based on multiple authorities, but does not support key delegation. In addition, the author Luan I and the like in the document "media signed Ciphertext-Policy Attribute-based encryption and Its Application" proposes an Attribute encryption mechanism with arbitration, proposes key separation, and realizes instant user revocation.
Disclosure of Invention
In view of this, the technical problem to be solved by the present invention is to provide a distributed cross-domain authorization and access control method Based on Attribute cryptography, and the present invention designs a multi-authority (AAs) and a Hierarchical Attribute Encryption mechanism (MA-HABE-CKD) with controlled key delegation, which supports non-centralized and controlled security authorization for users in multiple domains, prevents key delegation abuse, and realizes non-interactive access control Based on this. The method also supports decryption outsourcing and supports a lightweight user to obtain authorization to access the system, namely, the method not only can meet the requirement of high-efficiency multi-authority attribute encryption in a distributed environment, but also can realize an access control mechanism of key delegation.
In order to achieve the purpose, the invention provides the following technical scheme:
the system model of the present invention is shown in fig. 1, and the model is composed of five entities, namely trusted identity federation providers (FIPs), Service Providers (SPs), data owners, Service Nodes (SNs), and users. The FIP is responsible for authentication and registration of users and distributes Global Identity (GID), certificates and user global private keys to legal users; each SP operates independently and is responsible for managing attributes in its own domain, and at the same time, they are responsible for distributing attribute keys to registered legal subscribers and for distributing the subscriber's attribute key UASKGID,1And UASKGID,2Respectively sending the data to service equipment and a user; the data owner encrypts data based on the defined access structure and stores the encrypted data on a service node, and the service node provides storage and access services; when a legal user accesses authorized data, the service equipment firstly retrieves the attribute key of the user, then decrypts the ciphertext by using the attribute key to generate a Decryption Token (DT) and sends the DT and the ciphertext to the user, and then the user decrypts the ciphertext by using the global private key and the DT to finally obtain the data needing to be accessed.
The invention provides a hierarchical attribute encryption method in a distributed environment, which comprises the following steps:
s1: initializing a system: generating a system public parameter, a public/private key pair of a Service Provider (SPs), a public/private key pair of an attribute, and a public/private key pair of an Identity federation Provider (FIP);
s2: data encryption: the data owner encrypts the data and stores the encrypted data on a Service Node (SN);
s3: user registration and key generation: requesting registration, allocating a Global Identifier (GID) to the FIP, and distributing a signed attribute certificate and a Global private key to the user, wherein the SPs distribute a corresponding attribute private key to the user based on the attribute certificate of the user, and the attribute private key is divided into two parts, one part is sent to the user, and the other part is sent to the service node;
s4: accessing data: the user submits a data access request to the service node SN, if and only if the attribute set of the user meets the access structure in the ciphertext, the ciphertext is decrypted by the user and the service node in a combined manner, and the service node bears part of decryption calculation tasks, so that the burden of a terminal user is reduced;
s5: user attribute key delegation: only in the case of cooperation between the user and the service node SN, i.e. under the control of the service node, the superior user can generate an attribute key for the subordinate user, enabling secure key delegation.
Further, the step S1 includes the following steps:
s11: identity federation provider FIP initialization: inputting security parameters to generate public parameters of the system and public/private key pairs of identity alliance suppliers;
s12: service provider SPs initialization, including:
s121: each service provider SP receives the system public parameters and the public key of the FIP from the identity federation provider FIP;
s122: each service provider SP defines attributes, builds an attribute tree and generates public/private key pairs for the attributes it manages.
Further, the step S2 includes the following steps:
s21: the data owner receives the public key of the system public parameter and the attribute from the identity alliance supplier FIP and the service supplier respectively;
s22: for data M to be encrypted, the data owner defines an access structure a for the data based on a global attribute set S, denoted by (M, ρ, τ), where M is an access matrix of l rows and n columns, and the function ρ (i) maps the ith row of the matrix M to an attribute vector in S
Figure GDA0002568793780000041
Function(s)
Figure GDA0002568793780000042
Representing attribute vectors
Figure GDA0002568793780000043
Mapping to attribute tree τ;
s23: data owner from integer ZpSelecting random number s and random array
Figure GDA0002568793780000044
And let s be a vector
Figure GDA0002568793780000045
The first element of (a);
s24: computing
Figure GDA0002568793780000046
Wherein M isiIs row i, i ∈ {1, 2.., l } of matrix M;
s25: selecting a random number ri∈Zp,i∈{1,2,...,l};
S26: encrypting the message m and outputting a ciphertext CT;
s27: the data owner uploads the ciphertext CT to the service node.
Further, the step S3 includes the following steps:
s31: a user requests to join the system and submits identity information to an identity alliance provider (FIP) for registration;
s32: the FIP firstly authenticates the user;
s33: if the user is legal, distributing a global identity GID to the user, and distributing a certificate and a global private key to the user, wherein the certificate comprises the global identity GID of the user, an attribute list of the user and a global public key of the user, and the identity alliance provider FIP signs the certificate by using the private key and sends the certificate and the private key to the user in a safe mode; if the user is illegal, refusing the user to join the system;
s34: when the user receives the certificate and the global private key sent by the identity alliance provider FIP, the certificate is sent to the related service provider SPs;
s35: after receiving the user certificate, the service provider SPs verifies the certificate by using the public key of the identity alliance provider FIP;
s36: the service provider SPs verifies whether the global identity GID of the user belongs to a User Revocation List (URL); if it is
Figure GDA0002568793780000051
The service provider SPs generates two shares of the attribute private key UASK to the user based on the user's attribute listGID,1And UASKGID,2If GID ∈ URL, service provider SPs terminate operation;
s37: SPs private key UASK attribute of userGID,1And UASKGID,2Respectively to the service node SN and the user.
Further, the step S4 includes the following steps:
s41: a user with a global identity GID sends a data access request to the SN, and sends a certificate of the user to the SN;
s42: the service node SN verifies the certificate using the public key of the identity federation provider FIP and verifies whether the global identity GID of the user belongs to a User Revocation List (URL);
s43: if it is
Figure GDA0002568793780000052
If the GID ∈ URL, the service node SN terminates the operation;
s44: service node SN retrieves user's attribute private key UASKGID,1
S45: the service node SN uses the attribute private key of the user to pre-decrypt the ciphertext and generates a decryption token DT;
wherein S45 includes the following steps:
s451: order to
Figure GDA0002568793780000054
And I ═ I:ρ (I) ∈ RAIn which R isAAnd representing the attribute vector set corresponding to the access structure A. If according to the access matrix M, { λi}i∈IIs an efficient share of the encryption index s, then there is a recovery coefficient { wi∈Zp}i∈ICapable of reconstructing an encryption index of
Figure GDA0002568793780000053
First, the service node SN acquires the recovery coefficient wi∈Zp}i∈I
S452: then the service node SN calculates a decryption token DT;
s46: the service node SN sends the decryption token DT to the user;
s47: finally, the user uses the attribute private key UASKGID,2And the decryption token DT decrypts the ciphertext, if the attribute of the user meets the access structure in the ciphertext, the user successfully decrypts the ciphertext; if not, the decryption fails.
Further, the step S5 includes the following steps:
s51: a lower layer user with a global identity GID' requests a entrusting secret key from an upper layer user with the global identity GID;
s52: the upper layer user with the global identity GID calculates the UASKGID',2
S53: the upper layer user calculates a key token KT;
s54: upper layer user sets attribute key UASKGID',2Entrusted to the lower layer user;
s55: the upper layer user sends a key entrusting request to the service node SN and sends a key token KT to the service node SN;
s56: the service node SN firstly detects whether the user is legal or not according to the key token KT sent by the user;
s57: if the key is legal, executing a key delegation request; if not, rejecting the key delegation request;
s58: the service node SN generates a corresponding attribute key UASKGID',2And stored on the service node SN.
The invention has the advantages that: the invention provides a multi-authority hierarchical attribute encryption mechanism, each SP is independently operated and does not influence each other, the invention shares the workload of only one SP before by utilizing a plurality of SPs, and can effectively avoid the SP becoming the bottleneck and security loophole of the system; in addition, the present invention achieves a means to prevent user collusion by assigning a global identity GID to each user in the system using FIP, which must be fully trusted in the present system because FIP is uniquely present and owns the GID of all users in the system.
In addition, in the invention, the private key of the user is divided into a user global private key and a user attribute private key by using a key separation technology, wherein the user global private key is owned by the user only, the user attribute private key is divided into two parts, one part is stored by the user, and the other part is stored by the SN; therefore, in the invention, each of the three entities of the user, the SP and the SN has no capacity of completely decrypting the ciphertext, when the user needs to decrypt the ciphertext, the user can correctly decrypt the ciphertext under the assistance of the SN, and the SN can help the user to decrypt the ciphertext only when the attribute of the user meets the access structure in the ciphertext, so that the data access mode strengthens the safety of the system to a certain extent. In addition, the invention not only can realize the safe privacy protection of data in a distributed environment, but also can realize the effective and quick proceeding of data access, entrust the process of partially decrypting the ciphertext to the SN, and because the SN only has partial attribute private keys of users, the SN can only partially decrypt the ciphertext, thereby not only improving the decryption efficiency, but also ensuring the safety of the system.
The invention designs a novel method for entrusting the user attribute key. In the system, the attributes of the users are arranged in a layered mode, SP and FIP only need to distribute keys to upper layer users, when other lower layer users want to access data in SN, the lower layer users need to make key requests to the upper layer users, at this time, the upper layer users can request help of the SN, under the assistance of the two, the lower layer users can obtain a new attribute private key, and the SN can also generate and store a new attribute private key for the lower layer users; therefore, the key delegation method in the invention is controlled, which not only can prevent the misuse of the user key delegation, but also can make the key delegation work more safe and reliable by the cooperation of the user and the SN because the SN is not completely trusted.
Drawings
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail with reference to the accompanying drawings, in which:
FIG. 1 is a system model;
wherein: (1) registering a user; (2) distributing a global private key and a certificate to a user; (3) sending an attribute key request; (4) distributing the attribute key; (5) uploading the ciphertext; (6) sending an access request; (7) providing a decryption token; (8) requesting a key delegate; (9) key delegation; (10) sending a key token;
FIG. 2 is a block flow diagram of the present invention;
FIG. 3 is a block diagram of a system initialization process;
FIG. 4 is a block diagram of a data encryption flow;
FIG. 5 is a block diagram of a user key generation flow;
FIG. 6 is a block diagram of the access data flow;
fig. 7 is a block diagram of a key delegation process.
Detailed Description
So that the preferred embodiments of the present invention will be described in detail, with reference to the accompanying drawings.
The distributed cross-domain authorization and access control method based on the attribute password provided by the invention is shown in figure 2 and comprises the following steps:
s1: and (3) system initialization generation: system public parameters, public/private key pairs of Service Providers (SPs) and public/private key pairs of attributes, public/private key pairs of Identity federation Providers (FIP);
further, referring to fig. 3, the step S1 includes the following steps:
s11: identity federation provider FIP initialization: inputting security parameters and generating public/private key pairs of system public parameters and identity alliance suppliers, comprising:
s111: a safety parameter lambda is input and,
s112: generating a system common parameter PP, wherein the system common parameter comprises two bilinear groups G with order p1And G2Wherein G is G1Generator of (2) and bilinear map e: G1×G1→G2
S113: FIP public/private key pair (sk)FIP,pkFIP);
S12: service provider SPs initialization, including:
s121: each service provider SP receives the system common parameters G, G from the FIP1,G2E (g, g) } and the public key pk of FIPFIP
S122, each service provider SP selects three random numbers αkkk∈ZpThe private key as the attribute tree is { αkkkAnd then generating a public key for the attribute tree
Figure GDA0002568793780000081
In addition, for the attribute tree managed by the SP, the SP additionally selects a random number vk∈ZpAnd define hk,1,hk,2,…,hk,L∈ G, where L is the height of the attribute tree, and vk,hk,1,hk,2,…,hk,LAre all disclosed.
S2: data encryption: the data owner encrypts the data and stores the encrypted data on the service node;
further, referring to fig. 4, the step S2 includes the following steps:
s21: the data owner receives the system common parameters G, G from FIP and SP, respectively1,G2E (g, g) } and public key of attribute
Figure GDA0002568793780000082
S22: for a message M to be encrypted, the data owner defines an access structure a for the data, denoted (M, ρ, τ) based on a global attribute set S, where M is an access matrix of l rows and n columns, and the function ρ (i) maps the ith row of the matrix M to an attribute vector in S
Figure GDA0002568793780000083
Function(s)
Figure GDA0002568793780000084
Representing attribute vectors
Figure GDA0002568793780000085
Mapping to attribute tree τ;
s23: data owner from integer ZpSelecting random number s and random array
Figure GDA0002568793780000086
And let s be a vector
Figure GDA0002568793780000087
The first element of (a);
s24: computing
Figure GDA0002568793780000088
Wherein M isiIs row i, i ∈ {1, 2.., l } of matrix M;
s25: selecting a random number ri∈Zp,i∈{1,2,...,l};
S26: encrypt the message m, output the ciphertext CT as
Figure GDA0002568793780000091
Wherein R isARepresenting the set of attributes in access structure A;
s27: the data owner stores the ciphertext CT on the SN.
S3: user registration and key generation: requesting registration, allocating a Global Identifier (GID) to the FIP, and distributing a signed attribute certificate and a Global private key to the user, wherein the SPs distribute a corresponding attribute private key to the user based on the attribute certificate of the user, and the attribute private key is divided into two parts, one part is sent to the user, and the other part is sent to the service node;
further, referring to fig. 5, the step S3 includes the following steps:
s31: a user requests to join the system and submits identity information to an identity alliance provider (FIP) for registration;
s32: the FIP firstly authenticates the user;
s33: if the user is legal, a GID is allocated to the user and a random number u is selectedGID∈ZpAs a user global private key UGSKGIDThen generating a user global public key
Figure GDA0002568793780000092
The FIP then uses the private key skFIPGenerating certificates
Figure GDA0002568793780000093
Wherein ALGIDA list of attributes representing the user; FIP handle UGSKGIDAnd certificate AcertGIDSimultaneously sending the data to the user; if the user is illegal, refusing the user to join the system;
s34: when the user receives the certificate and the global private key sent by the identity alliance provider FIP, the certificate is sent to the related service provider SPs;
s35: when service provider SPs receive the certificate AcertGIDLater, SPs use the public key pk of FIPFIPAuthentication certificate AcertGID
S36: the service provider SPs verifies whether the global identity GID of the user belongs to a User Revocation List (URL); if it is
Figure GDA0002568793780000094
The service provider SPs generates two shares of the attribute private key UASK to the user based on the user's attribute listGID,1And UASKGID,2If GID ∈ URL, service provider SPs terminate operation;
s37: SPs then lists AL according to the user's attributesGIDAnd generating an attribute private key corresponding to the attribute private key for the user as follows:
Figure GDA0002568793780000101
wherein S37 includes the following steps:
s371: SP private Key user's Attribute
Figure GDA0002568793780000102
Sending the data to the SN;
s372: SP private Key user's Attribute
Figure GDA0002568793780000103
And sending the data to the user.
S4: accessing data: the user submits a data access request to the service node SN, if and only if the attribute set of the user meets the access structure in the ciphertext, the ciphertext is decrypted by the user and the service node in a combined manner, and the service node bears part of decryption calculation tasks, so that the burden of a terminal user is reduced;
further, referring to fig. 6, the step S4 includes the following steps:
s41: a user with a global identity GID sends a data access request to a service node SN and sends a certificate of the user to the service node SN;
s42: the service node SN verifies the certificate using the public key of the identity federation provider FIP and verifies whether the global identity GID of the user belongs to a User Revocation List (URL);
s43: if it is
Figure GDA0002568793780000104
If the GID ∈ URL, the service node SN terminates the operation;
s44: service node SN retrieves user's attribute private key UASKGID
S45: service node SN uses attribute private key UASK of userGID,1Decrypting the ciphertext and generating a decryption token DT;
wherein, S45 includes the following steps:
s451: : order to
Figure GDA0002568793780000106
And I ═ I:ρ (I) ∈ RAIn which R isAAnd representing the attribute vector set corresponding to the access structure A. If according to the access matrix M, { λi}i∈IIs an efficient share of the encryption index s, then there is a recovery coefficient { wi∈Zp}i∈ICapable of reconstructing an encryption index of
Figure GDA0002568793780000105
First, the service node SN acquires the recovery coefficient wi∈Zp}i∈I
S452: the SN then computes the decryption token DT:
Figure GDA0002568793780000111
s46: the service node SN sends the decryption token DT and the ciphertext to the user;
s47: finally, the user uses the attribute private key UGSKGID,2And the decryption token DT decrypts the ciphertext, if the attribute of the user meets the access structure in the ciphertext, the user successfully decrypts,
Figure GDA0002568793780000112
the end user obtains the data m ═ C0(ii)/M'; if not, the decryption fails.
S5: user attribute key delegation: only in the case of cooperation between the user and the service node SN, i.e. under the control of the service node, the superior user can generate an attribute key for the subordinate user, enabling secure key delegation.
Further, referring to fig. 7, the step S5 includes the following steps:
s51: a lower layer user with a global identity GID' requests a entrusting secret key from an upper layer user with the global identity GID;
s52, the upper layer user with the global identity GID randomly selects two random numbers u, t ∈ ZpThen user GID calculates UGSK(GID,2)={K′(x,2),K′(x,d+2),…,K′(x,L)Therein of
Figure GDA0002568793780000113
S53: upper layer user computing key token
Figure GDA0002568793780000121
S54: upper layer user sets attribute key UASKGID',2Entrusted to user GID';
s55: the upper layer user sends a key entrusting request to the service node SN and sends a key token KT to the service node SN;
s56: the service node SN firstly detects whether the user is legal or not according to the key token KT sent by the user;
s57: if the key is legal, executing a key delegation request; if not, rejecting the key delegation request;
s58: the service node SN generates a corresponding attribute key
Figure GDA0002568793780000122
And stored on the service node SN.
Finally, it is noted that the above preferred examples are only intended to illustrate the technical solutions of the present invention, and not to limit the same, and that various changes in form and details may be made therein by those skilled in the art according to the above technical solutions, but all such changes should be included in the scope of the claims of the present invention.

Claims (4)

1. A distributed cross-domain authorization and access control method based on attribute password is characterized in that: comprises the following steps
S1: initializing a system: generating a system public parameter, a public/private key pair of a service provider SPs, a public/private key pair of an attribute and a public/private key pair of an identity alliance provider FIP;
s2: data encryption: the data owner encrypts the data and stores the encrypted data on the service node SN;
s3: user registration and key generation: requesting registration, allocating a Global Identity (GID) by an identity alliance provider (FIP), and distributing a signed attribute certificate and a global private key to the user, wherein a Service Provider (SPs) distributes a corresponding attribute private key to the Service Provider (SPs) based on the attribute certificate of the user, the attribute private key is divided into two parts, one part is sent to the user, and the other part is sent to a service node;
s4: accessing data: the user submits a data access request to the service node SN, if and only if the attribute set of the user meets the access structure in the ciphertext, the ciphertext is decrypted by the user and the service node in a combined manner, and the service node bears part of decryption calculation tasks, so that the burden of a terminal user is reduced;
the step S4 includes the following steps:
s41: a user with a global identity GID sends a data access request to a service node SN and sends a certificate of the user to the service node SN;
s42: the service node SN uses the public key of the identity alliance supplier FIP to verify the certificate and verifies whether the global identity GID of the user belongs to the user revocation list URL;
s43: if it is
Figure FDA0002579491800000013
If the GID ∈ URL, the service node SN terminates the operation;
s44: service node SN retrieves user's attribute private key UASKGID,1
S45: the service node SN uses the attribute private key of the user to pre-decrypt the ciphertext and generates a decryption token DT;
wherein S45 includes the following steps:
s451: order to
Figure FDA0002579491800000011
And I ═ I:ρ (I) ∈ RAWhere i denotes the ith row of the matrix M, ρ (i) denotes the attribute corresponding to the ith row, and RAThe attribute vector set corresponding to the access structure A is shown, if according to the access matrix M, { lambda }i}i∈IIs an efficient share of the encryption index s, then there is a recovery coefficient { wi∈Zp}i∈ICapable of reconstructing an encryption index of
Figure FDA0002579491800000012
First, the service node SN acquires the recovery coefficient wi∈Zp}i∈I
S452: then the service node SN calculates a decryption token DT;
s46: the service node SN sends the decryption token DT to the user;
s47: finally, the user uses the attribute private key UASKGID,2And decrypting the ciphertext by the decryption token DT, and if the attribute of the user meets the access structure in the ciphertext, using the attributeThe user successfully decrypts; if not, the decryption fails;
s5: user attribute key delegation: only under the cooperation of the user and the service node SN, namely under the control of the service node, the superior user can generate an attribute key for the subordinate user, so that safe key delegation is realized;
the step S5 includes the following steps:
s51: a lower layer user with a global identity GID' requests a entrusting secret key from an upper layer user with the global identity GID;
s52: the upper layer user with the global identity GID calculates the UASKGID',2
S53: the upper layer user calculates a key token KT;
s54: upper layer user sets attribute key UASKGID',2Entrusted to the lower layer user;
s55: the upper layer user sends a key entrusting request to the service node SN and sends a key token KT to the service node SN;
s56: the service node SN firstly detects whether the user is legal or not according to the key token KT sent by the user;
s57: if the key is legal, executing a key delegation request; if not, rejecting the key delegation request;
s58: the service node SN generates a corresponding attribute key UASKGID',2And stored on the service node SN.
2. The distributed cross-domain authorization and access control method based on the attribute password as claimed in claim 1, wherein: the step S1 includes the following steps:
s11: identity federation provider FIP initialization: inputting security parameters to generate public parameters of the system and public/private key pairs of identity alliance suppliers;
s12: service provider SPs initialization, including:
s121: each service provider SP receives the system public parameters and the public key of the FIP from the identity federation provider FIP;
s122: each service provider SP defines attributes, builds an attribute tree and generates public/private key pairs for the attributes it manages.
3. The distributed cross-domain authorization and access control method based on the attribute password as claimed in claim 1, wherein: the step S2 includes the following steps:
s21: the data owner receives the public key of the system public parameter and the attribute from the identity alliance supplier FIP and the service supplier respectively;
s22: for a message M to be encrypted, the data owner defines an access structure a for the data, denoted (M, ρ, τ) based on a global attribute set S, where M is an access matrix of l rows and n columns, and the function ρ (i) maps the ith row of the matrix M to an attribute vector in S
Figure FDA0002579491800000031
Function(s)
Figure FDA0002579491800000032
Representing attribute vectors
Figure FDA0002579491800000033
Mapping to attribute tree τ;
s23: data owner from integer ZpSelecting random number s and random array
Figure FDA0002579491800000034
And let s be a vector
Figure FDA0002579491800000035
The first element of Z;
s24: computing
Figure FDA0002579491800000036
Wherein M isiIs row i, i ∈ {1, 2.., l } of matrix M;
s25: selecting a random number ri∈Zp,i∈{1,2,...,l};
S26: encrypting the message m and outputting a ciphertext CT;
s27: the data owner uploads the ciphertext CT to the service node.
4. The distributed cross-domain authorization and access control method based on the attribute password as claimed in claim 1, wherein: the step S3 includes the following steps:
s31: a user requests to join the system and submits identity information to an identity alliance provider (FIP) for registration;
s32: the FIP firstly authenticates the user;
s33: if the user is legal, distributing a global identity GID to the user, and distributing a certificate and a global private key to the user, wherein the certificate comprises the global identity GID of the user, an attribute list of the user and a global public key of the user, and the identity alliance provider FIP signs the certificate by using the private key and sends the certificate and the private key to the user in a safe mode; if the user is illegal, refusing the user to join the system;
s34: when the user receives the certificate and the global private key sent by the identity alliance provider FIP, the certificate is sent to the related service provider SPs;
s35: after receiving the user certificate, the service provider SPs verifies the certificate by using the public key of the identity alliance provider FIP;
s36: the service provider SPs verifies whether the global identity GID of the user belongs to the user revocation list URL; if it is
Figure FDA0002579491800000037
The service provider SPs generates two shares of the attribute private key UASK to the user based on the user's attribute listGID,1And UASKGID,2If GID ∈ URL, service provider SPs terminate operation;
s37: service provider SPs private key UASK attribute of userGID,1And UASKGID,2Respectively to the service node SN and the user.
CN201711260376.6A 2017-12-04 2017-12-04 Distributed cross-domain authorization and access control method based on attribute password Active CN108418784B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711260376.6A CN108418784B (en) 2017-12-04 2017-12-04 Distributed cross-domain authorization and access control method based on attribute password

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711260376.6A CN108418784B (en) 2017-12-04 2017-12-04 Distributed cross-domain authorization and access control method based on attribute password

Publications (2)

Publication Number Publication Date
CN108418784A CN108418784A (en) 2018-08-17
CN108418784B true CN108418784B (en) 2020-09-25

Family

ID=63125384

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711260376.6A Active CN108418784B (en) 2017-12-04 2017-12-04 Distributed cross-domain authorization and access control method based on attribute password

Country Status (1)

Country Link
CN (1) CN108418784B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3118382A1 (en) * 2020-12-21 2022-06-24 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method and device for enabling authorized and authenticated access for federated identities

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881314B (en) * 2018-08-28 2021-02-02 南京邮电大学 Privacy protection method and system based on CP-ABE ciphertext under fog computing environment
CN109327309A (en) * 2018-11-08 2019-02-12 北京中电华大电子设计有限责任公司 A kind of domain traversal key management method based on IBC Yu PKI mixed system
CN109728903B (en) * 2018-12-22 2021-09-17 复旦大学 Block chain weak center password authorization method using attribute password
CN109936630B (en) * 2019-02-27 2021-09-28 重庆邮电大学 Distributed service access authorization and access control method based on attribute-based password
CN109981263B (en) * 2019-02-28 2021-10-26 复旦大学 Distributed verifiable random number generation method based on CP-ABE
GB2587404B (en) 2019-09-27 2024-03-27 Airbus Defence & Space Ltd Encryption and verification method
CN110781508B (en) * 2019-10-25 2022-06-03 四川长虹电器股份有限公司 Personal data hosting method based on block chain technology
CN110933033B (en) * 2019-10-27 2021-08-06 西安电子科技大学 Cross-domain access control method for multiple Internet of things domains in smart city environment
CN111107071B (en) * 2019-12-10 2022-04-05 重庆邮电大学 Electric vehicle charging service method capable of protecting privacy
WO2021232193A1 (en) * 2020-05-18 2021-11-25 深圳技术大学 Cp-abe-based ciphertext search method, apparatus and device in fog computing, and storage medium
CN113127927B (en) * 2021-04-27 2022-03-18 泰山学院 Attribute reconstruction encryption method and system for license chain data sharing and supervision
CN113132117B (en) * 2021-06-18 2021-08-24 国网电子商务有限公司 Cross-domain distributed identity authentication method and system based on block chain
CN115250205B (en) * 2022-09-22 2023-01-24 湖北省楚天云有限公司 Data sharing method and system based on alliance chain, electronic device and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102916954A (en) * 2012-10-15 2013-02-06 南京邮电大学 Attribute-based encryption cloud computing safety access control method
CN104901942A (en) * 2015-03-10 2015-09-09 重庆邮电大学 Distributed access control method for attribute-based encryption
CN105592100A (en) * 2016-01-26 2016-05-18 西安电子科技大学 Government services cloud access control method based on attribute encryption
CN105915333A (en) * 2016-03-15 2016-08-31 南京邮电大学 High-efficiency secret key distribution method based on attribute encryption
CN105991278A (en) * 2016-07-11 2016-10-05 河北省科学院应用数学研究所 Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption)
CN106850652A (en) * 2017-02-21 2017-06-13 重庆邮电大学 One kind arbitration can search for encryption method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9705850B2 (en) * 2013-03-15 2017-07-11 Arizona Board Of Regents On Behalf Of Arizona State University Enabling comparable data access control for lightweight mobile devices in clouds

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102916954A (en) * 2012-10-15 2013-02-06 南京邮电大学 Attribute-based encryption cloud computing safety access control method
CN104901942A (en) * 2015-03-10 2015-09-09 重庆邮电大学 Distributed access control method for attribute-based encryption
CN105592100A (en) * 2016-01-26 2016-05-18 西安电子科技大学 Government services cloud access control method based on attribute encryption
CN105915333A (en) * 2016-03-15 2016-08-31 南京邮电大学 High-efficiency secret key distribution method based on attribute encryption
CN105991278A (en) * 2016-07-11 2016-10-05 河北省科学院应用数学研究所 Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption)
CN106850652A (en) * 2017-02-21 2017-06-13 重庆邮电大学 One kind arbitration can search for encryption method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Attribute-Based Access Control with Efficient Revocation in Data;Hur J et al;;《IEEE Transactions on Parallel & Distributed Systems》;20111231;第1214-1221页 *
属性加密机制在大数据安全中的应用研究;王明昕;《中国优秀硕士学位论文全文数据库信息科技辑 (月刊 )》;20170315(第03期);I138-356 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3118382A1 (en) * 2020-12-21 2022-06-24 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method and device for enabling authorized and authenticated access for federated identities

Also Published As

Publication number Publication date
CN108418784A (en) 2018-08-17

Similar Documents

Publication Publication Date Title
CN108418784B (en) Distributed cross-domain authorization and access control method based on attribute password
CN110099043B (en) Multi-authorization-center access control method supporting policy hiding and cloud storage system
Xue et al. RAAC: Robust and auditable access control with multiple attribute authorities for public cloud storage
CN109559124B (en) Cloud data security sharing method based on block chain
CN104901942B (en) A kind of distributed access control method based on encryption attribute
CN106487506B (en) Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption
CN106059763B (en) The properties base multi-mechanism hierarchical Ciphertext policy weight encryption method of cloud environment
Swathy et al. Providing advanced security mechanism for scalable data sharing in cloud storage
CN107465681B (en) Cloud computing big data privacy protection method
CN113901512B (en) Data sharing method and system
CN109936630B (en) Distributed service access authorization and access control method based on attribute-based password
CN110933033A (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
CN109587115B (en) Safe distribution and use method of data files
CN108429749B (en) Outsourcing mandatory access control method based on hierarchical attribute encryption
Ramachandran et al. Secure and efficient data forwarding in untrusted cloud environment
Chaudhari et al. A review on attribute based encryption
Malarvizhi et al. Secure file sharing using cryptographic techniques in cloud
Swetha et al. Security on mobile cloud computing using cipher text policy and attribute based encryption scheme
Chennam et al. Cloud security in crypt database server using fine grained access control
Imine et al. ABR: A new efficient attribute based revocation on access control system
KR20230056777A (en) Secure and Efficient Distribution of Cryptographic Keys
Feng et al. Secure data sharing solution for mobile cloud storage
Vijayalakshmi et al. An efficient security based multi owner data sharing for un-trusted groups using broadcast encryption techniques in cloud
Mishra et al. Privacy preserving hierarchical content distribution in multiparty multilevel DRM
Malik et al. Effective renewal and signing method to achieve secure storage and computation using hybrid RSA-MABC algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240326

Address after: Room 801, 85 Kefeng Road, Huangpu District, Guangzhou City, Guangdong Province

Patentee after: Guangzhou Dayu Chuangfu Technology Co.,Ltd.

Country or region after: China

Address before: 400065 Chongqing Nan'an District huangjuezhen pass Chongwen Road No. 2

Patentee before: CHONGQING University OF POSTS AND TELECOMMUNICATIONS

Country or region before: China