排序方式: 共有55条查询结果,搜索用时 123 毫秒
1.
2.
The Internet of Things (IoT) provides anywhere, anything, anytime connections, for which user privacy is vulnerable and authentication methods that favor policy over attributes are essential. Thus, a signature scheme that considers user privacy and implements an attributes policy is required. Emerging attribute-based signature (ABS) schemes allow a requester of a resource to generate a signature with attributes satisfying the policy without leaking more information. However, few existing approaches simultaneously achieve an expressive policy and security under the standard Diffie–Hellman assumption. Here we describe ePASS, a novel ABS scheme that uses an attribute tree and expresses any policy consisting of AND, OR threshold gates under the computational Diffie–Hellman problem. Users cannot forge signatures with attributes they do not possess, and the signature provides assurance that only a user with appropriate attributes satisfying the policy can endorse the message, resulting in unforgeability. However, legitimate signers remain anonymous and are indistinguishable among all users whose attributes satisfy the policy, which provides attribute privacy for the signer. Compared to existing schemes, our approach delivers enhanced performance by reducing the computational cost and signature size. 相似文献
3.
Secure provenance that records the ownership and process history of data objects is vital to the success of data forensics in cloud computing. In this paper, we propose a new secure provenance scheme based on group signature and attribute-based signature techniques. The proposed provenance scheme provides confidentiality on sensitive documents stored in a cloud, unforgeability of the provenance record, anonymous authentication to cloud servers, fine-grained access control on documents, and provenance tracking on disputed documents. Furthermore, it is assumed that the cloud server has huge computation capacity, while users are regarded as devices with low computation capability. Aiming at this, we show how to utilize the cloud server to outsource and decrease the user’s computational overhead during the process of provenance. With provable security techniques, we formally demonstrate the security of the proposed scheme under standard assumptions. 相似文献
4.
存储在云端服务器中的敏感数据的保密和安全访问是云计算安全研究的重要内容。提出了一种安全、高效、细粒度的云计算访问控制方案。密文的加密采用了借助线性秘密共享矩阵的CP-ABE加密算法,并将大部分密文重加密工作转移给云服务提供商执行,在保证安全性的前提下,降低了数据属主的计算代价。该方案在用户属性撤销时,引入SD广播加密技术,有效降低了撤销时的计算开销和通信开销。理论分析表明该方案具有数据机密性、抗合谋攻击性、前向安全和后向安全,最后的实验结果验证了方案具有较高的撤销效率。 相似文献
5.
6.
7.
8.
针对跨域云数据访问控制中的安全性和有效性问题,提出了一种云存储下基于多授权机构ABE的可撤销访问控制方案。通过建立分散授权结构,由各属性授权机构(AA, Attribute Authority)和数据属主(DO, Data Owner)分别产生各部分密钥组件,从而避免由于中央授权机构(CA,Central Authority)而引入的安全风险,以及用户和授权机构之间的联合攻击。此外,本方案将权限撤销分为用户权限撤销和属性权限撤销,以较少的计算代价实现了访问控制权限的细粒度撤销。最后,利用双线性判定Diffie-Hellman(DBDH)假设理论分析了方案的安全性。并且通过实验验证了此方案在多授权主体共存的云存储环境下能够安全、高效的实现访问控制和权限撤销。 相似文献
9.
在电子健康记录系统(E-Healthcare Record Systems,EHRS)中,一些方案利用密钥策略ABE(KP-ABE)来保护隐私。由用户指定一个访问策略,密文只有与访问策略相匹配时才能被解密。现有的KP-ABE要求在生成密钥期间必须先确定访问策略,这在EHRS中是不可行的,因为有时访问策略在密钥生成后才被决定。基于KP-ABE,提出一种灵活访问且模糊可搜索的EHR云服务系统。该系统不仅实现了基于关键字容错的云端密文搜索,而且允许用户重新定义访问策略并为之生成密钥,因此一个精确的访问策略将不再是必需的。最后,证明了该方案的安全性。 相似文献
10.
基于属性的加密方法可以简化云计算环境中的密钥管理和访问控制问题,是适用于云环境的加密方案。文中提出了一种基于公私属性的多授权中心加密方案。该方案将属性分为公有属性和私有属性,将用户的角色权限信息等作为用户的公有属性,将用户登录密码、设备上的标识码等作为用户的私有属性。利用公有属性实现访问控制,在云服务器上安全地共享数据;利用私有属性实现信息流的安全控制,确保只有特定用户在特定设备上使用数据。提出的方案可以实现密钥追踪和属性撤销,基于私有属性的加密还可以实现抗合谋攻击。 相似文献
