Renewable Energy Systems(RES)provide a sustainable solution to climate warming and environmental pollution by enhancing stability and reliability through status acquisition and analysis on cloud platforms and intellig...Renewable Energy Systems(RES)provide a sustainable solution to climate warming and environmental pollution by enhancing stability and reliability through status acquisition and analysis on cloud platforms and intelligent processing on edge servers(ES).However,securely distributing encrypted data stored in the cloud to terminals that meet decryption requirements has become a prominent research topic.Additionally,managing attributes,including addition,deletion,and modification,is a crucial issue in the access control scheme for RES.To address these security concerns,a trust-based ciphertext-policy attribute-based encryption(CP-ABE)device access control scheme is proposed for RES(TB-CP-ABE).This scheme effectivelymanages the distribution and control of encrypted data on the cloud through robust attribute key management.By introducing trust management mechanisms and outsourced decryption technology,the ES system can effectively assess and manage the trust worthiness of terminal devices,ensuring that only trusted devices can participate in data exchange and access sensitive information.Besides,the ES system dynamically evaluates trust scores to set decryption trust thresholds,thereby regulating device data access permissions and enhancing the system’s security.To validate the security of the proposed TB-CP-ABE against chosen plaintext attacks,a comprehensive formal security analysis is conducted using the widely accepted random oraclemodel under the decisional q-Bilinear Diffie-Hellman Exponent(q-BDHE)assumption.Finally,comparative analysis with other schemes demonstrates that the TB-CP-ABE scheme cuts energy/communication costs by 43%,and scaleswell with rising terminals,maintaining average latency below 50ms,ensuring real-time service feasibility.The proposed scheme not only provides newinsights for the secure management of RES but also lays a foundation for future secure energy solutions.展开更多
Security attributes are the premise and foundation for implementing Attribute-Based Access Control(ABAC)mechanisms.However,when dealing with massive volumes of unstructured text big data resources,the current attribut...Security attributes are the premise and foundation for implementing Attribute-Based Access Control(ABAC)mechanisms.However,when dealing with massive volumes of unstructured text big data resources,the current attribute management methods based on manual extraction face several issues,such as high costs for attribute extraction,long processing times,unstable accuracy,and poor scalability.To address these problems,this paper proposes an attribute mining technology for access control institutions based on hybrid capsule networks.This technology leverages transfer learning ideas,utilizing Bidirectional Encoder Representations from Transformers(BERT)pre-trained language models to achieve vectorization of unstructured text data resources.Furthermore,we have designed a novel end-to-end parallel hybrid network structure,where the parallel networks handle global and local information features of the text that they excel at,respectively.By employing techniques such as attention mechanisms,capsule networks,and dynamic routing,effective mining of security attributes for access control resources has been achieved.Finally,we evaluated the performance level of the proposed attribute mining method for access control institutions through experiments on the medical referral text resource dataset.The experimental results show that,compared with baseline algorithms,our method adopts a parallel network structure that can better balance global and local feature information,resulting in improved overall performance.Specifically,it achieves a comprehensive performance enhancement of 2.06%to 8.18%in the F1 score metric.Therefore,this technology can effectively provide attribute support for access control of unstructured text big data resources.展开更多
Ciphertext-policy attribute-based encryption(CP-ABE) is widely employed for secure data sharing and access control. However, its dependence on a single authority introduces security and performance challenges. Despite...Ciphertext-policy attribute-based encryption(CP-ABE) is widely employed for secure data sharing and access control. However, its dependence on a single authority introduces security and performance challenges. Despite the existence of multi-authority CPABE approaches, persistent issues such as single points of failure and high computation cost on the user side remain. This study proposes a novel solution named blockchain-based and decentralized attribute-based encryption(BDAE) for data sharing. BDAE enhances traditional scheme by integrating blockchain and distributed key generation technology. The scheme employs an(n, t) threshold secret sharing algorithm, coupled with the Pedersen verifiable secret sharing method, for attribute key generation. This combination ensures key credibility,facilitates joint attribute management, and addresses single bottleneck and key verification issues. Integrated into a blockchain system, the scheme utilizes smart contracts for fine-grained access control and outsourced computing. Blockchain's decentralization and access logs make data sharing tamper-resistant and auditable. Moreover, simulation comparisons demonstrate that the scheme effectively reduces decryption overhead on the user side, meeting practical application requirements.展开更多
In the environment of big data,the traditional access control lacks effective and flexible access mechanism.Based on attribute access control,this paper proposes a HBMC-ABAC big data access control framework.It solves...In the environment of big data,the traditional access control lacks effective and flexible access mechanism.Based on attribute access control,this paper proposes a HBMC-ABAC big data access control framework.It solves the problems of difficult authority change,complex management,over-authorization and lack of authorization in big data environment.At the same time,binary mapping codes are proposed to solve the problem of low efficiency of policy retrieval in traditional ABAC.Through experimental analysis,the results show that our proposed HBMC-ABAC model can meet the current large and complex environment of big data.展开更多
Access control is one of the core problems in data management system.In this paper,the system requirements were described in three aspects:the traditional access control model,the access control model in the Internet ...Access control is one of the core problems in data management system.In this paper,the system requirements were described in three aspects:the traditional access control model,the access control model in the Internet era and the access control model in the cloud computing environment.Meanwhile,the corresponding major models were listed and their characteristics and problems were analyzed.Finally,the development trend of the corresponding model was proposed.展开更多
The Energy Internet has generated huge amounts of information on the production devices,transmission devices,and energy consumption devices.The leakage of data in the collection,transmission,and storage process will c...The Energy Internet has generated huge amounts of information on the production devices,transmission devices,and energy consumption devices.The leakage of data in the collection,transmission,and storage process will cause serious security problems.The existing Energy Internet security methods rely on traditional access control mechanisms and specific network boundary defense mechanisms,which has the limitations of static strategies and coarse design.We combine the advantages of role-based access control(RBAC)and attribute-based access control(ABAC),and propose a trusted Energy Internet fine-grained access control model based on devices'attribute and users'roles.We have not only achieved fine-grained Energy Internet resource allocation,but also ensured that the access control process is related to the security status of the environment in real time.Experimental results show that the access control model can safely and accurately execute access decisions in the Energy Internet scenario,and the processing performance is more stable.展开更多
Aiming at the problem that network topology changes frequently in SDN (Software Defined Network) environment and it is difficult to implement fine-grained access control, utilizing the characteristics of SDN transfer ...Aiming at the problem that network topology changes frequently in SDN (Software Defined Network) environment and it is difficult to implement fine-grained access control, utilizing the characteristics of SDN transfer control separation and software programming, the ABAC model (Attribute-Based Access Control) is extended by introducing security level, and the security level is defined for the attributes of subject and object to establish the access mapping relationship based on mandatory access rules. At the same time, with secure access path as SDN access control attribute, a dynamic generation method of access control path based on PSO (Particle Swarm Optimization) algorithm is designed to ensure the security of access data flow. The prototype system experiments show that the proposed method takes into account the fine-grained and dynamic requirements of SDN access control, and improves the access security of SDN while ensuring the access efficiency.展开更多
Several unique characteristics of Internet of Things(IoT)devices,such as distributed deployment and limited storage,make it challenging for standard centralized access control systems to enable access control in today...Several unique characteristics of Internet of Things(IoT)devices,such as distributed deployment and limited storage,make it challenging for standard centralized access control systems to enable access control in today’s large-scale IoT ecosystem.To solve these challenges,this study presents an IoT access control system called Ether-IoT based on the Ethereum Blockchain(BC)infrastructure with Attribute-Based Access Control(ABAC).Access Contract(AC),Cache Contract(CC),Device Contract(DC),and Policy Contract(PC)are the four central smart contracts(SCs)that are included in the proposed system.CC offers a way to save user characteristics in a local cache system to avoid delays during transactions between BC and IoT devices.AC is the fundamental program users typically need to run to build an access control technique.DC offers a means for storing the resource data created by devices and a method for querying that data.PC offers administrative settings to handle ABAC policies on users’behalf.Ether-IoT,combined with ABAC and the BC,enables IoT access control management that is decentralized,fine-grained and dynamically scalable.This research gives a real-world case study to illustrate the suggested framework’s implementation.In the end,a simulation experiment is performed to evaluate the system’s performance.To ensure data integrity in dispersed systems,the results show that Ether-IoT can sustain high throughput in contexts with a large number of requests.展开更多
To share data securely with secure attribute revocation,anti-collusion,and dynamic user management in the 5G device-to-device(D2D)environment,a novel dynamic anti-collusion ciphertext policy attribute-based encryption...To share data securely with secure attribute revocation,anti-collusion,and dynamic user management in the 5G device-to-device(D2D)environment,a novel dynamic anti-collusion ciphertext policy attribute-based encryption(NDA-CP-ABE)scheme in the 5G D2D environment is proposed.On the basis of the ciphertext policy attribute-based encryption algorithm,fine-grained access control and secure attribute revocation are realized,and the confidentiality of data is guaranteed.A polynomial function is adopted in the ciphertext generation phase to realize dynamic user management.A random number is used to prevent a collusion attack among the legitimate user equipment(UE),revoked UE,and external network attackers.Finally,on the basis of the Diffie-Hellman problem,the NDA-CP-ABE scheme is formally proved,and the simulation performances are compared with those of similar schemes.The results show that data can be securely shared through a D2D channel with secure attribute revocation,anti-collusion,and dynamic user management.Moreover,compared with similar schemes,the NDA-CP-ABE scheme has higher efficiency in encryption,decryption,and storage.展开更多
Fog computing is a concept that extends the paradigm of cloud computing to the network edge. The goal of fog computing is to situate resources in the vicinity of end users. As with cloud computing, fog computing provi...Fog computing is a concept that extends the paradigm of cloud computing to the network edge. The goal of fog computing is to situate resources in the vicinity of end users. As with cloud computing, fog computing provides storage services. The data owners can store their confidential data in many fog nodes, which could cause more challenges for data sharing security. In this paper, we present a novel architecture for data sharing in a fog environment. We explore the benefits of fog computing in addressing one-to-many data sharing applications. This architecture sought to outperform the cloud-based architecture and to ensure further enhancements to system performance, especially from the perspective of security. We will address the security challenges of data sharing, such as fine-grained access control, data confidentiality, collusion resistance, scalability, and the issue of user revocation. Keeping these issues in mind, we will secure data sharing in fog computing by combining attributebased encryption and proxy re-encryption techniques. Findings of this study indicate that our system has the response and processing time faster than classical cloud systems. Further, experimental results show that our system has an efficient user revocation mechanism, and that it provides high scalability and sharing of data in real time with low latency.展开更多
Attribute-based encryption is cryptographic techniques that provide flexible data access control to encrypted data content in cloud storage.Each trusted authority needs proper management and distribution of secret key...Attribute-based encryption is cryptographic techniques that provide flexible data access control to encrypted data content in cloud storage.Each trusted authority needs proper management and distribution of secret keys to the user’s to only authorized user’s attributes.However existing schemes cannot be applied multiple authority that supports only a single keywords search compare to multi keywords search high computational burden or inefficient attribute’s revocation.In this paper,a ciphertext policy attribute-based encryption(CP-ABE)scheme has been proposed which focuses on multi-keyword search and attribute revocation by new policy updating feathers under multiple authorities and central authority.The data owner encrypts the keywords index under the initial access policy.Moreover,this paper addresses further issues such as data access,search policy,and confidentiality against unauthorized users.Finally,we provide the correctness analysis,performance analysis and security proof for chosen keywords attack and search trapdoor in general group model using DBDH and DLIN assumption.展开更多
With the wide application of the Internet of Things(IoT),storing large amounts of IoT data and protecting data privacy has become a meaningful issue.In general,the access control mechanism is used to prevent illegal u...With the wide application of the Internet of Things(IoT),storing large amounts of IoT data and protecting data privacy has become a meaningful issue.In general,the access control mechanism is used to prevent illegal users from accessing private data.However,traditional data access control schemes face some non-ignorable problems,such as only supporting coarse-grained access control,the risk of centralization,and high trust issues.In this paper,an attribute-based data access control scheme using blockchain technology is proposed.To address these problems,attribute-based encryption(ABE)has become a promising solution for encrypted data access control.Firstly,we utilize blockchain technology to construct a decentralized access control scheme,which can grant data access with transparency and traceability.Furthermore,our scheme also guarantees the privacy of policies and attributes on the blockchain network.Secondly,we optimize an ABE scheme,which makes the size of system parameters smaller and improves the efficiency of algorithms.These optimizations enable our proposed scheme supports large attribute universe requirements in IoT environments.Thirdly,to prohibit attribute impersonation and attribute replay attacks,we design a challenge-response mechanism to verify the ownership of attributes.Finally,we evaluate the security and performance of the scheme.And comparisons with other related schemes show the advantages of our proposed scheme.Compared to existing schemes,our scheme has more comprehensive advantages,such as supporting a large universe,full security,expressive policy,and policy hiding.展开更多
本文针对高校财务报销流程中存在的信任缺失、报销效率低下等问题,提出了一种以项目为导向的区块链高校报销平台模型。针对多项目环境下参与者角色的动态性,引入基于属性的访问控制(attribute-based access control,ABAC)模型,实现了细...本文针对高校财务报销流程中存在的信任缺失、报销效率低下等问题,提出了一种以项目为导向的区块链高校报销平台模型。针对多项目环境下参与者角色的动态性,引入基于属性的访问控制(attribute-based access control,ABAC)模型,实现了细粒度的权限管理。针对传统单链结构难以有效处理项目和发票之间的复杂逻辑关系,设计了主链-副链的双链存储结构以及对应的逻辑交易算法,解决了不同报销状态及与项目之间复杂的对应关系。为提高查询效率,设计了一种基于Merkle树索引表(Merkle tree index table,MTIT)的查询算法。实验结果表明,本设计在不同交易量下均展现出良好的性能稳定性,能够满足高校日常财务管理的需求。展开更多
The National Institute of Standards and Technology(NIST)has identified natural language policies as the preferred expression of policy and implicitly called for an automated translation of ABAC natural language access...The National Institute of Standards and Technology(NIST)has identified natural language policies as the preferred expression of policy and implicitly called for an automated translation of ABAC natural language access control policy(NLACP)to a machine-readable form.To study the automation process,we consider the hierarchical ABAC model as our reference model since it better reflects the requirements of real-world organizations.Therefore,this paper focuses on the questions of:how can we automatically infer the hierarchical structure of an ABAC model given NLACPs;and,how can we extract and define the set of authorization attributes based on the resulting structure.To address these questions,we propose an approach built upon recent advancements in natural language processing and machine learning techniques.For such a solution,the lack of appropriate data often poses a bottleneck.Therefore,we decouple the primary contributions of this work into:(1)developing a practical framework to extract authorization attributes of hierarchical ABAC system from natural language artifacts,and(2)generating a set of realistic synthetic natural language access control policies(NLACPs)to evaluate the proposed framework.Our experimental results are promising as we achieved-in average-an F1-score of 0.96 when extracting attributes values of subjects,and 0.91 when extracting the values of objects’attributes from natural language access control policies.展开更多
The National Institute of Standards and Technology(NIST)has identified natural language policies as the preferred expression of policy and implicitly called for an automated translation of ABAC natural language access...The National Institute of Standards and Technology(NIST)has identified natural language policies as the preferred expression of policy and implicitly called for an automated translation of ABAC natural language access control policy(NLACP)to a machine-readable form.To study the automation process,we consider the hierarchical ABAC model as our reference model since it better reflects the requirements of real-world organizations.Therefore,this paper focuses on the questions of:how can we automatically infer the hierarchical structure of an ABAC model given NLACPs;and,how can we extract and define the set of authorization attributes based on the resulting structure.To address these questions,we propose an approach built upon recent advancements in natural language processing and machine learning techniques.For such a solution,the lack of appropriate data often poses a bottleneck.Therefore,we decouple the primary contributions of this work into:(1)developing a practical framework to extract authorization attributes of hierarchical ABAC system from natural language artifacts,and(2)generating a set of realistic synthetic natural language access control policies(NLACPs)to evaluate the proposed framework.Our experimental results are promising as we achieved-in average-an F1-score of 0.96 when extracting attributes values of subjects,and 0.91 when extracting the values of objects’attributes from natural language access control policies.展开更多
基金supported by the Science and Technology Project of the State Grid Corporation of China,Grant number 5700-202223189A-1-1-ZN.
文摘Renewable Energy Systems(RES)provide a sustainable solution to climate warming and environmental pollution by enhancing stability and reliability through status acquisition and analysis on cloud platforms and intelligent processing on edge servers(ES).However,securely distributing encrypted data stored in the cloud to terminals that meet decryption requirements has become a prominent research topic.Additionally,managing attributes,including addition,deletion,and modification,is a crucial issue in the access control scheme for RES.To address these security concerns,a trust-based ciphertext-policy attribute-based encryption(CP-ABE)device access control scheme is proposed for RES(TB-CP-ABE).This scheme effectivelymanages the distribution and control of encrypted data on the cloud through robust attribute key management.By introducing trust management mechanisms and outsourced decryption technology,the ES system can effectively assess and manage the trust worthiness of terminal devices,ensuring that only trusted devices can participate in data exchange and access sensitive information.Besides,the ES system dynamically evaluates trust scores to set decryption trust thresholds,thereby regulating device data access permissions and enhancing the system’s security.To validate the security of the proposed TB-CP-ABE against chosen plaintext attacks,a comprehensive formal security analysis is conducted using the widely accepted random oraclemodel under the decisional q-Bilinear Diffie-Hellman Exponent(q-BDHE)assumption.Finally,comparative analysis with other schemes demonstrates that the TB-CP-ABE scheme cuts energy/communication costs by 43%,and scaleswell with rising terminals,maintaining average latency below 50ms,ensuring real-time service feasibility.The proposed scheme not only provides newinsights for the secure management of RES but also lays a foundation for future secure energy solutions.
基金supported by National Natural Science Foundation of China(No.62102449).
文摘Security attributes are the premise and foundation for implementing Attribute-Based Access Control(ABAC)mechanisms.However,when dealing with massive volumes of unstructured text big data resources,the current attribute management methods based on manual extraction face several issues,such as high costs for attribute extraction,long processing times,unstable accuracy,and poor scalability.To address these problems,this paper proposes an attribute mining technology for access control institutions based on hybrid capsule networks.This technology leverages transfer learning ideas,utilizing Bidirectional Encoder Representations from Transformers(BERT)pre-trained language models to achieve vectorization of unstructured text data resources.Furthermore,we have designed a novel end-to-end parallel hybrid network structure,where the parallel networks handle global and local information features of the text that they excel at,respectively.By employing techniques such as attention mechanisms,capsule networks,and dynamic routing,effective mining of security attributes for access control resources has been achieved.Finally,we evaluated the performance level of the proposed attribute mining method for access control institutions through experiments on the medical referral text resource dataset.The experimental results show that,compared with baseline algorithms,our method adopts a parallel network structure that can better balance global and local feature information,resulting in improved overall performance.Specifically,it achieves a comprehensive performance enhancement of 2.06%to 8.18%in the F1 score metric.Therefore,this technology can effectively provide attribute support for access control of unstructured text big data resources.
文摘Ciphertext-policy attribute-based encryption(CP-ABE) is widely employed for secure data sharing and access control. However, its dependence on a single authority introduces security and performance challenges. Despite the existence of multi-authority CPABE approaches, persistent issues such as single points of failure and high computation cost on the user side remain. This study proposes a novel solution named blockchain-based and decentralized attribute-based encryption(BDAE) for data sharing. BDAE enhances traditional scheme by integrating blockchain and distributed key generation technology. The scheme employs an(n, t) threshold secret sharing algorithm, coupled with the Pedersen verifiable secret sharing method, for attribute key generation. This combination ensures key credibility,facilitates joint attribute management, and addresses single bottleneck and key verification issues. Integrated into a blockchain system, the scheme utilizes smart contracts for fine-grained access control and outsourced computing. Blockchain's decentralization and access logs make data sharing tamper-resistant and auditable. Moreover, simulation comparisons demonstrate that the scheme effectively reduces decryption overhead on the user side, meeting practical application requirements.
文摘In the environment of big data,the traditional access control lacks effective and flexible access mechanism.Based on attribute access control,this paper proposes a HBMC-ABAC big data access control framework.It solves the problems of difficult authority change,complex management,over-authorization and lack of authorization in big data environment.At the same time,binary mapping codes are proposed to solve the problem of low efficiency of policy retrieval in traditional ABAC.Through experimental analysis,the results show that our proposed HBMC-ABAC model can meet the current large and complex environment of big data.
文摘Access control is one of the core problems in data management system.In this paper,the system requirements were described in three aspects:the traditional access control model,the access control model in the Internet era and the access control model in the cloud computing environment.Meanwhile,the corresponding major models were listed and their characteristics and problems were analyzed.Finally,the development trend of the corresponding model was proposed.
基金the State Grid Corporation of China Science and Technology Project Funding。
文摘The Energy Internet has generated huge amounts of information on the production devices,transmission devices,and energy consumption devices.The leakage of data in the collection,transmission,and storage process will cause serious security problems.The existing Energy Internet security methods rely on traditional access control mechanisms and specific network boundary defense mechanisms,which has the limitations of static strategies and coarse design.We combine the advantages of role-based access control(RBAC)and attribute-based access control(ABAC),and propose a trusted Energy Internet fine-grained access control model based on devices'attribute and users'roles.We have not only achieved fine-grained Energy Internet resource allocation,but also ensured that the access control process is related to the security status of the environment in real time.Experimental results show that the access control model can safely and accurately execute access decisions in the Energy Internet scenario,and the processing performance is more stable.
文摘Aiming at the problem that network topology changes frequently in SDN (Software Defined Network) environment and it is difficult to implement fine-grained access control, utilizing the characteristics of SDN transfer control separation and software programming, the ABAC model (Attribute-Based Access Control) is extended by introducing security level, and the security level is defined for the attributes of subject and object to establish the access mapping relationship based on mandatory access rules. At the same time, with secure access path as SDN access control attribute, a dynamic generation method of access control path based on PSO (Particle Swarm Optimization) algorithm is designed to ensure the security of access data flow. The prototype system experiments show that the proposed method takes into account the fine-grained and dynamic requirements of SDN access control, and improves the access security of SDN while ensuring the access efficiency.
基金This work was supported by Universiti Kebangsaan Malaysia under“Dana Pecutan Penerbitan FTSM 2022,Dana Softam 2022”。
文摘Several unique characteristics of Internet of Things(IoT)devices,such as distributed deployment and limited storage,make it challenging for standard centralized access control systems to enable access control in today’s large-scale IoT ecosystem.To solve these challenges,this study presents an IoT access control system called Ether-IoT based on the Ethereum Blockchain(BC)infrastructure with Attribute-Based Access Control(ABAC).Access Contract(AC),Cache Contract(CC),Device Contract(DC),and Policy Contract(PC)are the four central smart contracts(SCs)that are included in the proposed system.CC offers a way to save user characteristics in a local cache system to avoid delays during transactions between BC and IoT devices.AC is the fundamental program users typically need to run to build an access control technique.DC offers a means for storing the resource data created by devices and a method for querying that data.PC offers administrative settings to handle ABAC policies on users’behalf.Ether-IoT,combined with ABAC and the BC,enables IoT access control management that is decentralized,fine-grained and dynamically scalable.This research gives a real-world case study to illustrate the suggested framework’s implementation.In the end,a simulation experiment is performed to evaluate the system’s performance.To ensure data integrity in dispersed systems,the results show that Ether-IoT can sustain high throughput in contexts with a large number of requests.
基金The National Natural Science Foundation of China(No.61372103)the Natural Science Foundation of Jiangsu Province(No.SBK2020020282)+1 种基金the Program of Key Laboratory of Information Network Security of the Ministry of Public Security(No.C19607)the Program of Key Laboratory of Computer Network Technology of Jiangsu Province.
文摘To share data securely with secure attribute revocation,anti-collusion,and dynamic user management in the 5G device-to-device(D2D)environment,a novel dynamic anti-collusion ciphertext policy attribute-based encryption(NDA-CP-ABE)scheme in the 5G D2D environment is proposed.On the basis of the ciphertext policy attribute-based encryption algorithm,fine-grained access control and secure attribute revocation are realized,and the confidentiality of data is guaranteed.A polynomial function is adopted in the ciphertext generation phase to realize dynamic user management.A random number is used to prevent a collusion attack among the legitimate user equipment(UE),revoked UE,and external network attackers.Finally,on the basis of the Diffie-Hellman problem,the NDA-CP-ABE scheme is formally proved,and the simulation performances are compared with those of similar schemes.The results show that data can be securely shared through a D2D channel with secure attribute revocation,anti-collusion,and dynamic user management.Moreover,compared with similar schemes,the NDA-CP-ABE scheme has higher efficiency in encryption,decryption,and storage.
文摘Fog computing is a concept that extends the paradigm of cloud computing to the network edge. The goal of fog computing is to situate resources in the vicinity of end users. As with cloud computing, fog computing provides storage services. The data owners can store their confidential data in many fog nodes, which could cause more challenges for data sharing security. In this paper, we present a novel architecture for data sharing in a fog environment. We explore the benefits of fog computing in addressing one-to-many data sharing applications. This architecture sought to outperform the cloud-based architecture and to ensure further enhancements to system performance, especially from the perspective of security. We will address the security challenges of data sharing, such as fine-grained access control, data confidentiality, collusion resistance, scalability, and the issue of user revocation. Keeping these issues in mind, we will secure data sharing in fog computing by combining attributebased encryption and proxy re-encryption techniques. Findings of this study indicate that our system has the response and processing time faster than classical cloud systems. Further, experimental results show that our system has an efficient user revocation mechanism, and that it provides high scalability and sharing of data in real time with low latency.
基金supported by the Foundational Research Funds for the Central University(No.30918012204).
文摘Attribute-based encryption is cryptographic techniques that provide flexible data access control to encrypted data content in cloud storage.Each trusted authority needs proper management and distribution of secret keys to the user’s to only authorized user’s attributes.However existing schemes cannot be applied multiple authority that supports only a single keywords search compare to multi keywords search high computational burden or inefficient attribute’s revocation.In this paper,a ciphertext policy attribute-based encryption(CP-ABE)scheme has been proposed which focuses on multi-keyword search and attribute revocation by new policy updating feathers under multiple authorities and central authority.The data owner encrypts the keywords index under the initial access policy.Moreover,this paper addresses further issues such as data access,search policy,and confidentiality against unauthorized users.Finally,we provide the correctness analysis,performance analysis and security proof for chosen keywords attack and search trapdoor in general group model using DBDH and DLIN assumption.
基金supported by the Defense Industrial Technology Development Program,China(JCKY2021208B036).
文摘With the wide application of the Internet of Things(IoT),storing large amounts of IoT data and protecting data privacy has become a meaningful issue.In general,the access control mechanism is used to prevent illegal users from accessing private data.However,traditional data access control schemes face some non-ignorable problems,such as only supporting coarse-grained access control,the risk of centralization,and high trust issues.In this paper,an attribute-based data access control scheme using blockchain technology is proposed.To address these problems,attribute-based encryption(ABE)has become a promising solution for encrypted data access control.Firstly,we utilize blockchain technology to construct a decentralized access control scheme,which can grant data access with transparency and traceability.Furthermore,our scheme also guarantees the privacy of policies and attributes on the blockchain network.Secondly,we optimize an ABE scheme,which makes the size of system parameters smaller and improves the efficiency of algorithms.These optimizations enable our proposed scheme supports large attribute universe requirements in IoT environments.Thirdly,to prohibit attribute impersonation and attribute replay attacks,we design a challenge-response mechanism to verify the ownership of attributes.Finally,we evaluate the security and performance of the scheme.And comparisons with other related schemes show the advantages of our proposed scheme.Compared to existing schemes,our scheme has more comprehensive advantages,such as supporting a large universe,full security,expressive policy,and policy hiding.
文摘本文针对高校财务报销流程中存在的信任缺失、报销效率低下等问题,提出了一种以项目为导向的区块链高校报销平台模型。针对多项目环境下参与者角色的动态性,引入基于属性的访问控制(attribute-based access control,ABAC)模型,实现了细粒度的权限管理。针对传统单链结构难以有效处理项目和发票之间的复杂逻辑关系,设计了主链-副链的双链存储结构以及对应的逻辑交易算法,解决了不同报销状态及与项目之间复杂的对应关系。为提高查询效率,设计了一种基于Merkle树索引表(Merkle tree index table,MTIT)的查询算法。实验结果表明,本设计在不同交易量下均展现出良好的性能稳定性,能够满足高校日常财务管理的需求。
文摘The National Institute of Standards and Technology(NIST)has identified natural language policies as the preferred expression of policy and implicitly called for an automated translation of ABAC natural language access control policy(NLACP)to a machine-readable form.To study the automation process,we consider the hierarchical ABAC model as our reference model since it better reflects the requirements of real-world organizations.Therefore,this paper focuses on the questions of:how can we automatically infer the hierarchical structure of an ABAC model given NLACPs;and,how can we extract and define the set of authorization attributes based on the resulting structure.To address these questions,we propose an approach built upon recent advancements in natural language processing and machine learning techniques.For such a solution,the lack of appropriate data often poses a bottleneck.Therefore,we decouple the primary contributions of this work into:(1)developing a practical framework to extract authorization attributes of hierarchical ABAC system from natural language artifacts,and(2)generating a set of realistic synthetic natural language access control policies(NLACPs)to evaluate the proposed framework.Our experimental results are promising as we achieved-in average-an F1-score of 0.96 when extracting attributes values of subjects,and 0.91 when extracting the values of objects’attributes from natural language access control policies.
基金supported by Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.
文摘The National Institute of Standards and Technology(NIST)has identified natural language policies as the preferred expression of policy and implicitly called for an automated translation of ABAC natural language access control policy(NLACP)to a machine-readable form.To study the automation process,we consider the hierarchical ABAC model as our reference model since it better reflects the requirements of real-world organizations.Therefore,this paper focuses on the questions of:how can we automatically infer the hierarchical structure of an ABAC model given NLACPs;and,how can we extract and define the set of authorization attributes based on the resulting structure.To address these questions,we propose an approach built upon recent advancements in natural language processing and machine learning techniques.For such a solution,the lack of appropriate data often poses a bottleneck.Therefore,we decouple the primary contributions of this work into:(1)developing a practical framework to extract authorization attributes of hierarchical ABAC system from natural language artifacts,and(2)generating a set of realistic synthetic natural language access control policies(NLACPs)to evaluate the proposed framework.Our experimental results are promising as we achieved-in average-an F1-score of 0.96 when extracting attributes values of subjects,and 0.91 when extracting the values of objects’attributes from natural language access control policies.
