物联网感知层基于资源分层的多用户访问控制方案

doi:10.3969/j.issn.0372-2112.2014.01.005

PDF(938 KB)

电子学报 ›› 2014, Vol. 42 ›› Issue (1) : 28-35. DOI: 10.3969/j.issn.0372-2112.2014.01.005

学术论文

物联网感知层基于资源分层的多用户访问控制方案

马骏^1,2, 郭渊博², 马建峰^1,3, 刘西蒙¹, 李琦¹

作者信息 +

Multi-User Access Control Scheme Based on Resources Hierarchies for Perceptual Layer of IoT

MA Jun^1,2, GUO Yuan-bo², MA Jian-feng^1,3, LIU Xi-meng¹, LI Qi¹

Author information +

文章历史 +

摘要

针对物联网感知层节点计算、存储能力受限情况下，多用户安全高效的资源访问需求，提出一种分层访问控制方案.将提供同级别资源的节点划分为一个层次节点，利用层次节点之间形成的偏序关系，设计了安全高效的密钥推导算法，使用户在掌握单个密钥材料的情况下，能够访问更多层次资源.同时引入Merkle树机制，使多个用户通过相互独立的哈希链，安全高效的获取层次节点的密钥材料.方案在存储开销、计算开销、可证明安全和可扩展方面，比现有类似方案更适合多用户在物联网感知层环境下资源的访问.

Abstract

A novel hierarchical access control scheme for perceptual layer of the IoT is presented based on resources hierarchies,which could conform to the secure and efficient access requirement of multi-user.In the scheme,every hierarchical node is composed of perceptual nodes which provide resources with the same levels of security.More hierarchical nodes can be modeled as a set of partially ordered classes.With this mode,a deterministic key derivation algorithm is designed,which makes every user and perceptual node possesses a single key material to get some keys,and obtains the resources at the presented class and all descendant classes in the hierarchy.Furthermore,a mechanism of Merkle tree is introduced to guarantee secure and efficient multi-user key material derivation by independent of each hash link.Compared with previous proposals,the scheme is more suitable for multi-user to access resources of perceptual layer in IoT.

导出引用

马骏, 郭渊博, 马建峰, 刘西蒙, 李琦. 物联网感知层基于资源分层的多用户访问控制方案[J]. 电子学报, 2014, 42(1): 28-35. https://doi.org/10.3969/j.issn.0372-2112.2014.01.005

MA Jun, GUO Yuan-bo, MA Jian-feng, LIU Xi-meng, LI Qi. Multi-User Access Control Scheme Based on Resources Hierarchies for Perceptual Layer of IoT[J]. Acta Electronica Sinica, 2014, 42(1): 28-35. https://doi.org/10.3969/j.issn.0372-2112.2014.01.005

中图分类号： TP309

参考文献

[1] 工业和信息化部.物联网"十二五"发展规划[EB/OL].http://www.gov.cn/zwgk/2012-02/14/content-2065999.htm.[2012-02-14].

[2] M Tuters,K Varnelis.Beyond locative media:Giving shape to the internet of things [J].Leonardo,2006,39(4):357-363.

[3] 孙其博,刘杰,等.物联网:概念、架构与关键技术研究综述[J].2010,33(3):1-9. SUN Qibo,LIU Jie,et al.Internet of things:Summarize on concepts,architecture and key technology problem[J].Journal of Beijing University of Posts and Telecommunications,2010,33(3):1-9.(in Chinese)

[4] 吴振强,周彦伟,马建峰.物联网安全传输模型[J].计算机学报,2011,34(8):1351-1364. Wu Zhenqiang,Zhou Yanwei,Ma Jianfeng.A securitytransmission model for internet of things [J].Chinese Journal of Computers,2011,34(8):1351-1364.(in Chinese)

[5] N Gershenfeld,R Krikorian,D Cohen.The internet of things[J].Scientific American,2004,291(4):76-81.

[6] Ashton K.That 'internet of things’ thing[J].RFID Journal,2009:97-114.

[7] L Atzori,A Iera,G Morabito.The internet of things:A survey[J].Computer Networks,2010,54(15):2787-2805.

[8] S Akl,P Taylor.Cryptographic solution to a problem of access control in a hierarchy[J].ACM Transactions on Computer Systems,1983,1(3):239-248.

[9] A De Santis,A Ferrara,B Masucci.Cryptographic key assignment schemes for any access control policy[J].Information Processing Letters (IPL),2004,92(4):199-205.

[10] ElGamal T.A public key cryptosystem and a signature scheme based on discrete logarithms [A].Advances in Cryptology [C].Berlin Heidelberg:Springer,1985.10-18.

[11] 阎军智,李凤华,马建峰.基于Diffie Hellman算法的分层密钥分配方案[J].电子学报,2011,39(1):119-123. Yan Junzhi,Li Fenghua,Ma Jianfeng.Ahierarchical key assignment scheme based on diffie-hellman algorithm[J].Acta Electronica Sinica,2011,39(1):119-123.(in Chinese)

[12] M Hwang,W Yang.Controlling access in large partially ordered hierarchies using cryptographic keys[J].Journal of Systems and Software,2003,67(2):99-107.

[13] 姬东耀,张福泰,王育民.多级安全系统中访问控制新方案[J].计算机研究与发展,2001,38(6):715-720. JI Dongyao,ZHANG Futai,WANG Yumin.Anew scheme for access control in multilevel security system[J].Journal of Computer Research & Development,2001,38(6):715-720.(in Chinese)

[14] 李凤华,王巍,马建峰.适用于传感器网络的分级群组密钥管理[J].电子学报,2008,36(12):2405-2411. LI Fenghua,WANG Wei,MA Jianfeng.Leveled group key management for wireless sensor networks[J].Acta Electronica Sinica,2008,36(12):2405-2411.(in Chinese)

[15] S Y Wang,C S Laih.Cryptanalysis of Hwang-Yang scheme for controlling access in large partially ordered hierarchies[J].Journal of Systems and Software,2005,75(1-2):189-192.

[16] Chen T S,Huang J Y.A novel key management scheme for dynamic access control in a user hierarchy[J].Applied Mathematics and Computation,2005,162(1):339-351.

[17] Hwang M S,Yang W P.Controlling access in large partially ordered hierarchies using cryptographic keys[J].Journal of Systems and Software,2003,67(2):99-107.

[18] Chien H Y,Jan J K.New hierarchical assignment without public key cryptography .Computers & Security,2003,22(6):523-526.

[19] Sorniotti A,Molva R,Gomez L,et al.Efficient access control for wireless sensor data[J].International Journal of Wireless Information Networks,2009,16(3):165-174.

[20] Zou X,Ramamurthy B,Magliveras S S.Chinese remainder theorem based hierarchical access control for secure group communication [A].Proceedings of the Third International Conference Information and Communications Security [C].London,UK:Springer,2001.381-385.

[21] Gudes E.The design of a cryptography based secure file system[J].IEEE Transactions on Software Engineering,1980,SE-6(5):411-420.

[22] Atallah M J,et al.Incorporating temporal capabilities in existing key management schemes [A].Proceedings of the 12th European Symposium on Research in Computer Security [C].Berlin Heidelberg:Springer,2007.515-530.

[23] De Santis A,Ferrara A L,Masucci B.Efficient Provably-secure Hierarchical Key Assignment Schemes[M].Berlin Heidelberg:Springer,2007.371-382.

[24] Sa ndhu R,Coyne E,Feinstein H,et al.Role-based access control models[J].IEEE Computer,1996,29(2):38-47.

[25] Martínez-García C,Navarro-Arribas G,Borrell J.Fuzzy role-based access control[J].Iformation Processing Letters,2011,111(10):483-487.

[26] Goyal V,PandeyO,et al.Attribute-based encryption for fine-grained access control of encrypted data [A].Proceedings of the 13th ACM Conference on Computer and Communications Security [C].Alexandria,Virginia,USA:ACM,2006.89-98.

[27] XIONG Jin-bo1,YAO Zhi-qiang,MA Jian-feng1,et al.Multilevel access control model for video database[J].Journal on Communications,2012,33(8):147-154.

[28] Waters B.Ciphertext-policy attribute-based encryption:An expressive,efficient,and provably secure realization [A].Proceedings of Public Key Cryptography-PKC [C].Taormina,Italy:Springer,2011.53-70.

[29] Goldreich O,et al.How to construct random functions[J].Journal of the ACM,1986,33(4):792-807.

[30] Mrkle R C.A certified digital signature [A].Proceedings of Advances in Cryptology—CRYPTO [C].New York:Springer,1990.218-238.

[31] Jakobsson M,Leighton T,et al.Fractal merkle tree representation and traversal [A].Proceedings of Topics in Cryptology—CT-RSA [C].Berlin Heidelberg:Springer,2003.314-326.

[32] Atallah M J,Frikken K B,Blanton M.Dynamic and efficient key management for access hierarchies [A].Proceedings of the 12th ACM Conference on Computer and Communications Security [C].NY,USA:ACM,2005.190-202.

基金

长江学者和创新团队发展计划 (No.IRT1078）; 国家自然基金委员会-广东联合基金重点基金 (No.U1135002）; 国家科技重大专项 (No.2011ZX03005-002）; 国家自然科学基金 (No.61170251）; 国家863高技术研究发展计划 (No.2012AA013102）; 中央高校基本科研业务费 (No.JY10000903001）