An Efficient Attribute Revocation Scheme of Supporting Rights Management

Abstract

Abstract: Aiming at the problem of permission determination after attributes revocation existing in the attribute based access control model, the paper proposes an efficient attribute revocation scheme supporting rights management. The scheme implements ciphertext access control by introducing attribute encryption mechanism CP-ABE based on ciphertext policy. On the basis of that, the scheme uses the main disjunctive normal form to express the access tree. Every subset in the main disjunctive normal form is called the minimum attribute set of the restrictive condition that the access subject needs to satisfy to access resource. Once occurring attribute revocation, the scheme considers the relationship between the minimum attribute set and the revoked attributes to determine whether the subject’s access permission is changed. The performance analysis shows that the scheme has high security, which not only can determine the authority after the attribute is revoked, but also can resist collusion attacks.

Key words: access control, attribute revocation, CP-ABE, minimum attribute set, permission

LIU Xue-zhen, CUI Yan, DENG Xiao-fei, PENG Jie. An Efficient Attribute Revocation Scheme of Supporting Rights Management[J]. Computer and Modernization, 2021, 0(07): 95-101.

References

［1］郭瑞鹏. 云计算安全关键技术分析［J］. 计算机与现代化, 2012(6):176-178.
［2］ RIVERA D, GARCIA A, MARTIN-RUIZ M L, et al. Secure communication and protected data for an Internet of things smart toy platform［J］. IEEE Internet of Things Journal, 2019,6(2):3785-3795.
［3］ DIAO Z, WANG Q H, SU N Z, et al. Study on data security policy based on cloud storage［C］// 2017 IEEE 3rd International Conference on Big Data Security on Cloud (Big Data Security), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS). 2017:145-149.
［4］尚靖伟,姜茸,胡潇涵,等. 医疗大数据及隐私泄露［J］. 计算机与现代化, 2019(7):111-115.
［5］ CHANG R M, KAUFFMAN R J, KWON Y. Understanding the paradigm shift to computational social science in the presence of big data［J］. Decision Support Systems, 2014,63(1):67-80.
［6］曹珍富. 密码学的新发展［J］. 四川大学学报(工程科学版), 2015,47(1):1-12.
［7］房梁,殷丽华,郭云川,等. 基于属性的访问控制关键技术研究综述［J］. 计算机学报, 2017,40(7):1680-1698.
［8］冯登国,陈成. 属性密码学研究［J］. 密码学报, 2014,1(1):1-12.
［9］邓宇乔,杨波,唐春明,等. 基于密文策略的流程加密研究［J］. 计算机学报, 2019,42(5):1063-1075.
［10］高福城. 物联网中基于属性密文策略更新的访问控制研究与实现［D］. 西安:西安电子科技大学, 2018.
［11］WU Q X. A generic construction of ciphertext-policy attribute-based encryption supporting attribute revocation［J］. China Communications, 2014,11(13):93-100.
［12］苏铓,吴槟,付安民,等. 基于代理重加密的云数据访问授权确定性更新方案［J］. 软件学报, 2020,31(5):1563-1572.
［13］田秋亭,韩德志. 云存储中属性撤销机制研究综述［J］. 小型微型计算机系统, 2019,40(1):190-193.
［14］WANG W, ZHANG G D, SHEN Y J. A CP-ABE scheme supporting attribute revocation and policy hiding in outsourced environment［C］// 2018 IEEE 9th International Conference on Software Engineering and Service Science (ICSESS). 2018:96-99.
［15］BOUCHAALA M, GHAZEL C, SAIDANE L A. Dual revocation: Attribute and user revocation based on CPABE in cloud computing［C］// 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). 2019:1-6.
［16］EDEMACU K, JANG B, KIM J W. Collaborative eHealth privacy and security: An access control with attribute revocation based on OBDD access structure［J］. IEEE Journal of Biomedical and Health Informatics, 2020,24(10):2960-2972.
［17］张应辉,郑东,李进,等. 密文长度恒定且属性直接可撤销的基于属性的加密［J］. 密码学报, 2014,1(5):465-480.
［18］马华,白翠翠,李宾,等. 支持属性撤销和解密外包的属性基加密方案［J］. 西安电子科技大学学报(自然科学版), 2015,42(6):6-10.
［19］高嘉昕,孙加萌,秦静. 支持属性撤销的可追踪外包属性加密方案［J］. 计算机研究与发展, 2019,56(10):2160-2169.
［20］周惠泉. 支持属性撤销与外包的云密文访问控制研究［D］. 深圳:深圳大学, 2016.
［21］迪力夏提·吾普尔,韩舒艳,古丽米热·尔肯,等. 基于时间限制的用户撤销CP_ABE方案［J］. 新疆大学学报(自然科学版), 2019,36(3):324-329.
［22］王鹏翩,冯登国,张立武. 一种支持完全细粒度属性撤销的CP-ABE方案［J］. 软件学报, 2012,23(10):2805-2816.
［23］CHEN G L, XU Z Q, ZHANG J J, et al. Generic attribute revocation systems for attribute-based encryption in cloud storage［J］. Frontiers of Information Technology & Electronic Engineering, 2019,20(6):773-786.

[1]	ZHU Ke1, XUAN Jiaxing2, XUE Wenhao2. An Electronic License Access Control Method Based on Aggregation and Association of Smart Contracts [J]. Computer and Modernization, 2024, 0(06): 103-108.
[2]	Gulbostan Akim, Nurmamat Helil. ABAC Decision Recycling with Dynamic Policy Change [J]. Computer and Modernization, 2022, 0(10): 47-54.
[3]	LIU Zheng, WU Ke-hua, YE Chun-xiao. Security-enhanced Data Access Control for Multi-authority Cloud Storage [J]. Computer and Modernization, 2021, 0(10): 119-126.
[4]	LI Wen-quan, XU Su-ping. Tourism Resource Information Database System Based on Geographic Information [J]. Computer and Modernization, 2021, 0(08): 100-103.
[5]	ZHAO Wei, QIN Li-han, YUN Chen-chao. Cross Platform Access Control of Technology Achievement Data Based on Portal Authentication Technology#br# [J]. Computer and Modernization, 2021, 0(07): 102-106.
[6]	SUN Guang-cheng, LI Hong-zhe, LI Sai-fei, ZHANG Xiao-wei. Internet of Things Access Control System Based on Blockchain [J]. Computer and Modernization, 2020, 0(11): 100-108.
[7]	ZHOU Li-jing, WANG Min, QIN Lu-lu . CP-ABE Scheme with Attribute Revocation Under Environment of Multi-attribute Authority [J]. Computer and Modernization, 2019, 0(11): 60-.
[8]	MIAO Si-wei1， YU Wen-hao1， YAO Feng2， GAO Jing3. Security Analysis for PLC Access Control [J]. Computer and Modernization, 2019, 0(09): 41-.
[9]	YANG Yang, CAO Yan. Adaptive Access Control Model Based on Hazardous Events [J]. Computer and Modernization, 2019, 0(08): 98-.
[10]	ZHANG Peng, ZHOU Liang. Trust-based Dynamic Multi-level Access Control Model [J]. Computer and Modernization, 2019, 0(07): 116-.
[11]	BAI Jun-ze, YANG Hong-li, ZHANG Biao. Importance Analysis for Android Permission Groups [J]. Computer and Modernization, 2018, 0(08): 102-.
[12]	CHEN Cheng, Nurmamat HELIL. Hidden Attribute Outsourced Decryption Access Control Scheme Based on CP-ABE [J]. Computer and Modernization, 2018, 0(05): 74-.
[13]	LIU Sai1, NIE Qing-jie1, LIU Jun1, LI Dong-min2, LI Jing2. A New Access Control Model for Real Time Database #br# Backup System Based on Quantified Action [J]. Computer and Modernization, 2018, 0(01): 116-122.
[14]	XIAO Cheng-wang, LU Jun, YU Li-geng. Design and Verification of New Defense Model for Android Mobile Phone Access Vulnerability [J]. Computer and Modernization, 2017, 0(9): 56-60,119.
[15]	SHI Ting-jun, ZHANG Ying-jie. Method of Access Control of Attribute-based Ciphertext Policy for Cloud Storage [J]. Computer and Modernization, 2017, 0(7): 111-116.