ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2017, Vol. 54 ›› Issue (2): 328-337.doi: 10.7544/issn1000-1239.2017.20150925

• 信息安全 • 上一篇    下一篇

一种基于时间约束的分层访问控制方案

马骏1,2,郭渊博2,马建峰1,张琦2   

  1. 1(西安电子科技大学计算机学院 西安 710071); 2(解放军信息工程大学 郑州 450001) (sijunhan@163.com)
  • 出版日期: 2017-02-01
  • 基金资助: 
    长江学者和创新团队发展计划基金项目(IRT1078);中央高校基本科研业务费专项资金项目(JY10000903001);国家自然科学基金项目(61602515);河南省科技攻关项目(2016170162);信息保障重点实验室开放课题(KJ-15-103)

A Time-Bound Hierarchical Access Control Scheme for Ubiquitous Sensing Network

Ma Jun1,2, Guo Yuanbo2, Ma Jianfeng1, Zhang Qi2   

  1. 1(School of Computer Science and Technology, Xidian University, Xi'an 710071);2(PLA Information Engineering University, Zhengzhou 450001)
  • Online: 2017-02-01

摘要: 提出一种时间约束条件下的分层访问控制方案.根据用户对感知节点资源的访问控制需求,充分考虑感知节点计算、存储能力受限且节点数海量的特点,从用户掌握密钥数、密钥获取时间和产生公共信息数3方面进行优化设计,以实现高效、安全的分层访问控制. 与现有其他方案对比,该方案的优势在于:1)用户对大量感知节点资源进行的一次访问,仅需要掌握单个密钥材料;2)通过优化设计,使用户访问节点资源密钥的获取时间与产生的公共信息数达到最佳平衡;3)提出的方案是可证明安全的.

关键词: 时间约束, 树重心, 分层访问控制, 泛在感知, 密钥获取

Abstract: In order to realize an effective access control of sensitive data captured by sensor nodes, researchers have made great achievements on secure and efficient hierarchical access control to satisfy the features of widespread distribution, large universe, limited computation and storage capacity of sensor nodes in ubiquitous sensing network. However, time is the main factor that makes the requirements of hierarchical access control scheme in ubiquitous sensing network different from that in traditional Internet networks, leading to the limited actual application scenario. According to the users' requirement on the nodes for gathering resources, an efficient and secure time-bound hierarchical access control scheme is presented in this paper. Based on the characteristics of perception node in ubiquitous sensing network, including the limited power and computation capability, as well as the storage resource, the scheme optimizes the key storage of user, key derivation time, and public information. The advantages of our scheme include that 1) only one key material is required in each users'access; 2) the balance can be achieved between the time for key acquisition and the amount of public information and 3) the scheme is provably secure without random oracle model. Theoretical analysis indicates that our proposed schedule adapts to user' access control requirement of ubiquitous sensing network.

Key words: time-bound, centroid of tree, hierarchical access control, ubiquitous sensing, key derivation

中图分类号: