物联网感知层基于资源分层的多用户访问控制方案

doi:10.3969/j.issn.0372-2112.2014.01.005

电子学报

物联网感知层基于资源分层的多用户访问控制方案

马骏^1,2, 郭渊博², 马建峰^1,3, 刘西蒙¹, 李琦¹

1. 西安电子科技大学计算机学院, 陕西西安 710071;
2. 解放军信息工程大学, 河南郑州 450004;
3. 西安电子科技大学陕西省网络与系统安全重点实验室, 陕西西安 710071

收稿日期:2013-07-08 修回日期:2013-10-03 出版日期:2014-01-25
- 作者简介:
- 马骏 男.1981年1月出生，山西阳泉人.西安电子科技大学博士生.主要从事无线网络安全、密钥管理有关研究. E-mail:sijunhan@163.com 郭渊博 男.1975年7月出生，陕西周至人.解放军信息工程大学副教授、硕士生导师.主要从事容忍入侵、无线网络安全、态势感知有关研究. E-mail:yuanbo_-g@hotmail.com
- 基金资助:
- 长江学者和创新团队发展计划 (No.IRT1078）; 国家自然基金委员会-广东联合基金重点基金 (No.U1135002）; 国家科技重大专项 (No.2011ZX03005-002）; 国家自然科学基金 (No.61170251）; 国家863高技术研究发展计划 (No.2012AA013102）; 中央高校基本科研业务费 (No.JY10000903001）

Multi-User Access Control Scheme Based on Resources Hierarchies for Perceptual Layer of IoT

MA Jun^1,2, GUO Yuan-bo², MA Jian-feng^1,3, LIU Xi-meng¹, LI Qi¹

1. School of Computer Science and Technology, Xidian University, Xi'an, Shaanxi 710071, China;
2. PLA Information Engineering University, Zhengzhou, Henan 450004, China;
3. Shaanxi Key Laboratory of Network and System Security, Xidian University, Xi'an, Shaanxi 710071, China

Received:2013-07-08 Revised:2013-10-03 Online:2014-01-25 Published:2014-01-25

摘要/Abstract

摘要： 针对物联网感知层节点计算、存储能力受限情况下，多用户安全高效的资源访问需求，提出一种分层访问控制方案.将提供同级别资源的节点划分为一个层次节点，利用层次节点之间形成的偏序关系，设计了安全高效的密钥推导算法，使用户在掌握单个密钥材料的情况下，能够访问更多层次资源.同时引入Merkle树机制，使多个用户通过相互独立的哈希链，安全高效的获取层次节点的密钥材料.方案在存储开销、计算开销、可证明安全和可扩展方面，比现有类似方案更适合多用户在物联网感知层环境下资源的访问.

关键词: 物联网, 感知层, 访问控制, 资源分层, 可证明安全

Abstract: A novel hierarchical access control scheme for perceptual layer of the IoT is presented based on resources hierarchies,which could conform to the secure and efficient access requirement of multi-user.In the scheme,every hierarchical node is composed of perceptual nodes which provide resources with the same levels of security.More hierarchical nodes can be modeled as a set of partially ordered classes.With this mode,a deterministic key derivation algorithm is designed,which makes every user and perceptual node possesses a single key material to get some keys,and obtains the resources at the presented class and all descendant classes in the hierarchy.Furthermore,a mechanism of Merkle tree is introduced to guarantee secure and efficient multi-user key material derivation by independent of each hash link.Compared with previous proposals,the scheme is more suitable for multi-user to access resources of perceptual layer in IoT.

Key words: internet of things, perceptual layer, access control, resources hierarchies, provable security

中图分类号:

TP309

马骏, 郭渊博, 马建峰, 刘西蒙, 李琦. 物联网感知层基于资源分层的多用户访问控制方案[J]. 电子学报, DOI: 10.3969/j.issn.0372-2112.2014.01.005.

MA Jun, GUO Yuan-bo, MA Jian-feng, LIU Xi-meng, LI Qi. Multi-User Access Control Scheme Based on Resources Hierarchies for Perceptual Layer of IoT[J]. Acta Electronica Sinica, DOI: 10.3969/j.issn.0372-2112.2014.01.005.

参考文献

[1] 工业和信息化部.物联网"十二五"发展规划[EB/OL].http://www.gov.cn/zwgk/2012-02/14/content-2065999.htm.[2012-02-14].

[2] M Tuters,K Varnelis.Beyond locative media:Giving shape to the internet of things [J].Leonardo,2006,39(4):357-363.

[3] 孙其博,刘杰,等.物联网:概念、架构与关键技术研究综述[J].2010,33(3):1-9. SUN Qibo,LIU Jie,et al.Internet of things:Summarize on concepts,architecture and key technology problem[J].Journal of Beijing University of Posts and Telecommunications,2010,33(3):1-9.(in Chinese)

[4] 吴振强,周彦伟,马建峰.物联网安全传输模型[J].计算机学报,2011,34(8):1351-1364. Wu Zhenqiang,Zhou Yanwei,Ma Jianfeng.A securitytransmission model for internet of things [J].Chinese Journal of Computers,2011,34(8):1351-1364.(in Chinese)

[5] N Gershenfeld,R Krikorian,D Cohen.The internet of things[J].Scientific American,2004,291(4):76-81.

[6] Ashton K.That 'internet of things’ thing[J].RFID Journal,2009:97-114.

[7] L Atzori,A Iera,G Morabito.The internet of things:A survey[J].Computer Networks,2010,54(15):2787-2805.

[8] S Akl,P Taylor.Cryptographic solution to a problem of access control in a hierarchy[J].ACM Transactions on Computer Systems,1983,1(3):239-248.

[9] A De Santis,A Ferrara,B Masucci.Cryptographic key assignment schemes for any access control policy[J].Information Processing Letters (IPL),2004,92(4):199-205.

[10] ElGamal T.A public key cryptosystem and a signature scheme based on discrete logarithms [A].Advances in Cryptology [C].Berlin Heidelberg:Springer,1985.10-18.

[11] 阎军智,李凤华,马建峰.基于Diffie Hellman算法的分层密钥分配方案[J].电子学报,2011,39(1):119-123. Yan Junzhi,Li Fenghua,Ma Jianfeng.Ahierarchical key assignment scheme based on diffie-hellman algorithm[J].Acta Electronica Sinica,2011,39(1):119-123.(in Chinese)

[12] M Hwang,W Yang.Controlling access in large partially ordered hierarchies using cryptographic keys[J].Journal of Systems and Software,2003,67(2):99-107.

[13] 姬东耀,张福泰,王育民.多级安全系统中访问控制新方案[J].计算机研究与发展,2001,38(6):715-720. JI Dongyao,ZHANG Futai,WANG Yumin.Anew scheme for access control in multilevel security system[J].Journal of Computer Research & Development,2001,38(6):715-720.(in Chinese)

[14] 李凤华,王巍,马建峰.适用于传感器网络的分级群组密钥管理[J].电子学报,2008,36(12):2405-2411. LI Fenghua,WANG Wei,MA Jianfeng.Leveled group key management for wireless sensor networks[J].Acta Electronica Sinica,2008,36(12):2405-2411.(in Chinese)

[15] S Y Wang,C S Laih.Cryptanalysis of Hwang-Yang scheme for controlling access in large partially ordered hierarchies[J].Journal of Systems and Software,2005,75(1-2):189-192.

[16] Chen T S,Huang J Y.A novel key management scheme for dynamic access control in a user hierarchy[J].Applied Mathematics and Computation,2005,162(1):339-351.

[17] Hwang M S,Yang W P.Controlling access in large partially ordered hierarchies using cryptographic keys[J].Journal of Systems and Software,2003,67(2):99-107.

[18] Chien H Y,Jan J K.New hierarchical assignment without public key cryptography .Computers & Security,2003,22(6):523-526.

[19] Sorniotti A,Molva R,Gomez L,et al.Efficient access control for wireless sensor data[J].International Journal of Wireless Information Networks,2009,16(3):165-174.

[20] Zou X,Ramamurthy B,Magliveras S S.Chinese remainder theorem based hierarchical access control for secure group communication [A].Proceedings of the Third International Conference Information and Communications Security [C].London,UK:Springer,2001.381-385.

[21] Gudes E.The design of a cryptography based secure file system[J].IEEE Transactions on Software Engineering,1980,SE-6(5):411-420.

[22] Atallah M J,et al.Incorporating temporal capabilities in existing key management schemes [A].Proceedings of the 12th European Symposium on Research in Computer Security [C].Berlin Heidelberg:Springer,2007.515-530.

[23] De Santis A,Ferrara A L,Masucci B.Efficient Provably-secure Hierarchical Key Assignment Schemes[M].Berlin Heidelberg:Springer,2007.371-382.

[24] Sa ndhu R,Coyne E,Feinstein H,et al.Role-based access control models[J].IEEE Computer,1996,29(2):38-47.

[25] Martínez-García C,Navarro-Arribas G,Borrell J.Fuzzy role-based access control[J].Iformation Processing Letters,2011,111(10):483-487.

[26] Goyal V,PandeyO,et al.Attribute-based encryption for fine-grained access control of encrypted data [A].Proceedings of the 13th ACM Conference on Computer and Communications Security [C].Alexandria,Virginia,USA:ACM,2006.89-98.

[27] XIONG Jin-bo1,YAO Zhi-qiang,MA Jian-feng1,et al.Multilevel access control model for video database[J].Journal on Communications,2012,33(8):147-154.

[28] Waters B.Ciphertext-policy attribute-based encryption:An expressive,efficient,and provably secure realization [A].Proceedings of Public Key Cryptography-PKC [C].Taormina,Italy:Springer,2011.53-70.

[29] Goldreich O,et al.How to construct random functions[J].Journal of the ACM,1986,33(4):792-807.

[30] Mrkle R C.A certified digital signature [A].Proceedings of Advances in Cryptology—CRYPTO [C].New York:Springer,1990.218-238.

[31] Jakobsson M,Leighton T,et al.Fractal merkle tree representation and traversal [A].Proceedings of Topics in Cryptology—CT-RSA [C].Berlin Heidelberg:Springer,2003.314-326.

[32] Atallah M J,Frikken K B,Blanton M.Dynamic and efficient key management for access hierarchies [A].Proceedings of the 12th ACM Conference on Computer and Communications Security [C].NY,USA:ACM,2005.190-202.

物联网感知层基于资源分层的多用户访问控制方案

Multi-User Access Control Scheme Based on Resources Hierarchies for Perceptual Layer of IoT

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	尹安琪, 曲彤洲, 郭渊博, 汪定, 陈琳, 李勇飞. 格上基于密文标准语言的可证明安全两轮口令认证密钥交换协议[J]. 电子学报, 2022, 50(5): 1140-1149.
[2]	李玮, 张雨希, 谷大武, 张金煜, 朱晓铭, 刘春, 蔡天培, 李嘉耀. 轻量级密码MANTIS的唯密文故障分析[J]. 电子学报, 2022, 50(4): 967-976.
[3]	陈书仪, 刘亚丽, 林昌露, 李涛, 董永权. 面向物联网的轻量级可验证群组认证方案[J]. 电子学报, 2022, 50(4): 990-1001.
[4]	孟超, 周倩, 郭林, 王攀, 孙知信. 基于相关性传输模型的无线链路质量估计方法及路由优化算法[J]. 电子学报, 2022, 50(10): 2409-2424.
[5]	陈亮, 李峰, 任保全, 杨建喜. 软件定义物联网研究综述[J]. 电子学报, 2021, 49(5): 1019-1032.
[6]	焦贤龙, 郭松涛, 黎勇, 李艳涛, 向朝参. 基于相继干扰消除和跨层并发传输的物联网数据聚合调度[J]. 电子学报, 2021, 49(10): 1982-1992.
[7]	吴立强, 韩益亮, 杨晓元, 张敏情, 杨凯. 基于理想格的鲁棒门限代理重加密方案[J]. 电子学报, 2020, 48(9): 1786-1794.
[8]	侯红霞, 杨波, 张丽娜, 张明瑞. 安全的两方协作SM2签名算法[J]. 电子学报, 2020, 48(1): 1-8.
[9]	黄美根, 郁滨. 软件定义WSN规则一致更新研究[J]. 电子学报, 2019, 47(9): 1965-1971.
[10]	徐诚, 何杰, 张晓彤, 姚翠, 段世红, 齐悦. IMU/TOA融合人体运动追踪性能评估方法[J]. 电子学报, 2019, 47(8): 1748-1754.
[11]	王巍, 彭力, 赵继军, 常存喜, 黄晓丹, 田立勤. 移动物联网非完整约束中继的协同任务规划[J]. 电子学报, 2019, 47(6): 1251-1259.
[12]	李森森, 黄一才, 郁滨, 鲍博武. 基于PUF的低开销物联网安全通信方案[J]. 电子学报, 2019, 47(4): 812-817.
[13]	唐晓庆, 谢桂辉, 佘亚军, 俞杨. 基于MCU的无源Wi-Fi散射通信方法[J]. 电子学报, 2019, 47(10): 2069-2075.
[14]	李子臣, 张卷美, 杨亚涛, 张峰娟. 基于NTRU的全同态加密方案[J]. 电子学报, 2018, 46(4): 938-944.
[15]	杨晓东, 陈益强, 于汉超, 张迎伟, 钟习, 胡子昂, 刘弘. 面向帕金森病的多模态异构协同感知方法[J]. 电子学报, 2018, 46(3): 659-664.