摘要
云服务是天地一体化信息网络的重要应用形式之一,用户可以通过云快捷、方便地获取信息和服务。云端数据的机密性、完整性直接关系到天地一体化信息网络的数据安全,所以云端数据多以密文形式进行流通。云端访问控制技术的研究则需要面向密文数据,同时兼顾复杂环境下的多要素描述需求。以此为背景,结合代理重加密技术,提出一种云端多要素访问控制(PRE-MFAC,proxy re-encryption based multi-factor access control)方案,首先,明确设计目标和前提假设;其次,构造具体方案,描述PRE-MFAC系统模型和相关算法;最后,对PRE-MFAC的安全性、特点进行比较分析。PRE-MFAC通过将代理重加密技术和多要素访问控制融合,实现云端密文数据的多要素化授权管理,同时,充分发挥云端服务器的运算和存储能力,降低个人用户加解密运算量和密钥管理难度。
Cloud computing is one of the space-ground integration information network applications. Users can access data and retrieve service easily and quickly in cloud. The confidentiality and integrity of the data cloud have a direct cor-respondence to data security of the space-ground integration information network. Thus the data in cloud is transferred with encrypted form to protect the information. As an important technology of cloud security, access control should take ac-count of multi-factor and cipher text to satisfy the complex requirement for cloud data protection. Based on this, a proxy re-encryption based multi-factor access control (PRE-MFAC) scheme was proposed. Firstly, the aims and assumptions of PRE-MFAC were given. Secondly, the system model and algorithm was defined. Finally, the security and properties of PRE-MFAC were analyzed. The proposed scheme has combined the PRE and multi-factor access control together and real-ized the multi-factor permission management of cipher text in cloud. Meanwhile, it can make the best possible use of cloud in computing and storing, then reduce the difficulty of personal user in cryptographic computing and key managing.
出处
《通信学报》
EI
CSCD
北大核心
2018年第2期96-104,共9页
Journal on Communications
基金
国家重点研发计划基金资助项目(No.2016YFB0800303)
国家自然科学基金资助项目(No.61702266
No.61572255)
江苏省自然科学基金资助项目(No.BK20150787
No.BK20141404)
北京市自然科学基金资助项目(No.4152048)~~
关键词
代理重加密
多要素
访问控制
云计算
天地一体化信息网络
proxy re-encryption, multi-factor, access control, cloud computing, space-ground integration information network