期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

面向发布-订阅系统的多级安全访问控制方案

Multi-Level Security Access Control Scheme for Publish-Subscribe Systems
下载PDF
导出
摘要 当前的访问控制方案难以满足发布-订阅系统的多级安全需求.一方面存在高安全级数据泄露给低安全级订阅者的风险;另一方面,由于密钥总数随着用户数的增长而迅速增加,密钥管理面临更大的挑战.为此,本文提出了一个面向发布-订阅系统的多级安全访问控制方案.首先,结合EMDK和HKAS设计了多级密钥分配机制,基于该机制实现了对发布数据的多级安全访问控制以及灵活且可扩展的密钥管理.其次,采用签密算法批量分发同一安全级的授权信息和加密密钥,保证安全性的同时提高分发效率.最后,对所提出的方案进行安全性和性能分析,结果表明所提方案能够实现静态敌手下的密钥不可区分性,并且有效降低了密钥分发的计算开销. Existing access control schemes can hardly meet the multi-level security requirements of publish-subscribe systems.On the one hand,there is a leakage risk of data with high level security to subscribers with low level security.On the other hand,as the total number of keys increases rapidly when the number of security levels increases,key management faces even greater challenges,and hierarchical key assignment scheme provides a viable solution for solving this problem.This paper proposes a multi-level security access control scheme for publish-subscribe systems.Firstly,combining EMDK and HKAS,a multi-level key assignment mechanism is designed,which enables multi-level security access control of published data with flexible and scalable key management.Secondly,a signcryption algorithm is used to distribute the authorization information and encryption key of the same security class in batches,which ensures the security and improves the distribution efficiency.The security and performance analysis of the proposed scheme show that,the proposed scheme can achieve key indistinguishability under static adversaries,and effectively reduce the computational cost of key assignment.
作者 姜奇 叶远伊 孙建国 王金花 陈婷 JIANG Qi;YE Yuan-Yi;SUN Jian-Guo;WANG Jin-Hua;CHEN Ting(School of Cyber Engineering,Xidian University,Xi’an 710071,China;Hangzhou Institute of Technology,Xidian University,Hangzhou 311231,China;Science and Technology on Communication Security Laboratory,Chengdu 610041,China)
机构地区 西安电子科技大学网络与信息安全学院 西安电子科技大学杭州研究院 保密通信重点实验室
出处 《密码学报》 CSCD 2023年第4期752-768,共17页 Journal of Cryptologic Research
基金 国家自然科学基金重大研究计划(92167203) 国家自然科学基金(62072352,62125205,62072359) 陕西省教育厅科研计划(20JY016) 陕西省重点产业链项目(2020ZDLGY09-06)。
关键词 发布-订阅系统 访问控制 多级安全 密钥管理 publish-subscribe system access control multi-level security key management
分类号 TP309.7 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献9

二级参考文献60

  • 1吴艳辉,王伟平,陈建二.匿名通信研究综述[J].小型微型计算机系统,2007,28(4):583-588. 被引量:15
  • 2S G Akl, P D Taylor. Cryptographic solution to a problem of access control in a hierarchy[J].ACM Transaction on Computer System, 1983,1(3) :239 - 248.
  • 3J Crampton, et al. On key assignment for hierarchical access control[ A ]. In Proceedings of the 19th IEEE workshop on Computer Security Foundations (CSFW' 06) [C]. Washington, DC, USA: IEEE Computer Society,2006.98 - 111.
  • 4Q Zhang, Y Wang. A centralized key management scheme for hierarchical access control[ A]. In Proceedings of IEEE Global Telecommunications Conference (GLOBECOM' 04 ) Vol. 4 [ C]. Dallas TX, 2004.2067 - 2071.
  • 5H R Hassen, A BouabdaUah, H Bettahar, et al. Key management for content access control in a hierarchy [ J ]. Computer Networks , 2037 , 51 (11) :3197 - 3219.
  • 6J C Birget, X Zou, G Noubir. Hierarchy-based access control in distributed environments[ A]. In IEEE International Conference on Communications ( ICC ' 01 ) Vol. 1[ C]. 2001. 229 - 233.
  • 7J Z Yan,J F Ma, H Y Liu. Key Hierarchies for Hierarchical Access Control in Secure Group Communications[J]. Computer Networks,2009,53(3) :353 - 364.
  • 8B Davey,H Priestley. Introduction to Lattices and Order[M]. Cambridge University Press, 1990.
  • 9F Harary. Graph Theory[M]. Reading, MA: Addison-Wesley, 1994.
  • 10W Diffie. New directions in cryptography[ J]. IEEE Transactions on Information Theory, 1976,22(6):644-654.

共引文献117

密码学报
2023年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部