基于动态信用等级的密文访问控制方案

Dynamic trust level based ciphertext access control scheme

针对属性基加密机制(ABE)在移动互联网环境中计算开销较大且不够灵活的问题,提出了一种基于动态信用等级的密文策略属性基加密(CP-ABE)方案。首先,该方案引入"信用等级"属性用来标识用户的"信用"并以此划分用户等级,高"信用等级"用户仅需常数级的计算开销即可解密;同时,中央授权中心(CA)在设定的时间阈值评估用户的访问行为并动态更新用户的"信用等级",更新算法避免私钥的完全重新生成。理论分析和实验结果表明,随着高"信用等级"用户占比升高,所提方案系统总时间开销不断减少,最终达到稳定并优于传统方案。该方案在保证安全性的前提下,总体上提高了移动互联网环境中访问控制的效率。

Concerning the problems of Attribute-Based Encryption （ABE） such as high computational consumption and lack of flexibility in mobile Internet, a dynamic trust level based Ciphertext-Policy ABE （CP-ABE） scheme was proposed. Firstly, the ＂trust level＂ attribute was defined to indicate user＇s trusted level and divide users into different classes. User with high ＂trust level＂ was be able to decrypt the message in a constant computational overhead. Meanwhile, Central Authority （CA） was allowed to evaluate user＇s access behavior within the certain time threshold. Only the user＇s ＂trust level＂ was updated dynamically by the updating algorithm instead of complete re-generating of secret key. Theoretical analysis and experimental results show that, with the growing proportion of high ＂trust level＂ user, the total time consumption of the proposed scheme was decreased until being stable and finally was superior to the traditional scheme. The proposed scheme can improve the access control efficiency in mobile Internet on the premise of keeping the security standard.