CN109936562B - Extensible access control method for fog computing - Google Patents

Extensible access control method for fog computing Download PDF

Info

Publication number
CN109936562B
CN109936562B CN201910019362.8A CN201910019362A CN109936562B CN 109936562 B CN109936562 B CN 109936562B CN 201910019362 A CN201910019362 A CN 201910019362A CN 109936562 B CN109936562 B CN 109936562B
Authority
CN
China
Prior art keywords
user
ciphertext
data
access
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910019362.8A
Other languages
Chinese (zh)
Other versions
CN109936562A (en
Inventor
许建
雷喆
杨庚
戴华
陈燕俐
陈蕾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Posts and Telecommunications filed Critical Nanjing University of Posts and Telecommunications
Priority to CN201910019362.8A priority Critical patent/CN109936562B/en
Publication of CN109936562A publication Critical patent/CN109936562A/en
Application granted granted Critical
Publication of CN109936562B publication Critical patent/CN109936562B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a fog-calculation-oriented extensible access control method, which adopts a linear secret sharing matrix as an access structure to realize attribute-based access control, utilizes fog nodes as edge service nodes, and reduces the operation overhead of a terminal user in the access control by reasonably distributing encryption and decryption operations in the access control. The invention can add new legal members to form a new access strategy on the basis of keeping the original access strategy, and can detect whether the access user falsifies the original data when uploading the new access strategy, thereby realizing the integrity protection of the original data.

Description

Extensible access control method for fog computing
Technical Field
The invention belongs to the computer application technology, and particularly relates to an extensible access control method for fog computing.
Background
The cloud computing technology brings unprecedented computing power and almost unlimited storage space for users, and the users can realize the work of analyzing, processing, storing and the like of a series of mass data by means of a cloud platform. However, since the core network where the cloud platform server is located is often far from the end user, the cloud computing cannot provide reliable real-time response in practical applications, especially in application fields with high real-time requirements, which has also become a bottleneck problem limiting cloud computing applications. The fog calculation as a typical edge calculation mode is gradually becoming a research hotspot in recent years. The cloud computing has the advantages of low time delay, mobility, distribution and the like, so that cloud service can be well expanded to the edge of a network, and more convenient service response is provided for terminal users.
In research on fog computing, security issues for access control of data have been of great concern. Although access control technology has been widely studied in cloud computing, the existing access control strategy applicable to cloud computing cannot be directly applied to the field of fog computing in consideration of differences of fog computing in network architecture, system model and the like. Particularly, after the fog nodes are introduced, how to reasonably distribute the operation and communication overhead of the fog nodes and the end users in the process is to form simple, effective and safe access control among the cloud, the fog and the end users, and is the key for realizing safe data sharing in the fog environment.
Disclosure of Invention
The purpose of the invention is as follows: in view of the above-mentioned deficiencies of the prior art, the present invention provides a scalable access control method for fog computing.
The technical scheme is as follows: a scalable access control method facing fog computing comprises the following steps:
(1) initializing the system: generating system parameters and a master key, wherein the system parameters are arbitrarily open, and the master key is stored by a trusted authority;
(2) user registration: distributing a private key belonging to a user person according to the attribute owned by the user;
(3) data encryption: processing a plaintext uploaded by a data uploading user by using a Hash algorithm to obtain a processed value, and comprehensively calculating by using system parameters and the processed value of the plaintext to obtain a symmetric key; the data uploading user encrypts a plaintext through a symmetric key, uploads the encrypted data to a cloud server for storage, and transmits a preset access strategy to a fog node for further processing;
(4) forming an access strategy and a part of ciphertext, wherein the fog node converts the access strategy into an access structure according to the LSSS and undertakes calculation on the part of ciphertext;
(5) the data uploading user completes the ciphertext, supplements part of ciphertext completely according to the system parameters and the value processed by the plaintext, and then sends the ciphertext and the access structure to the cloud server for storage;
(6) the fog node again undertakes the calculation of the non-decrypted partial data, and the calculated value is transmitted to a common user for use in the subsequent decryption process;
(7) the user decrypts the ciphertext, constructs a secret key according to the private key of the user, and decrypts the ciphertext by using the secret key to obtain a plaintext;
(8) and carrying out integrity check on the data uploaded by the user subjected to the access policy expansion, checking new data by the cloud server, adding the new data into the cloud service if the new data passes the check, and if the new data fails, not expanding the new access policy again.
Further, the step (1) comprises inputting a safety parameter 1λThe number N of attributes set in the access policy is generated into a system parameter m and a master key mk by a trusted authority, wherein the system parameter m is arbitrarily disclosed, and the master key mk is stored by the trusted authority; the system parameter m is (PG, g, u, g)1,g2,…,gN,h,gα,e(h,h)α(E, D)), the master key mk ═ hαWherein the bilinear group PG ═ G, GTE, p) while selecting g, u, g1,g2,…,gNH is equal to G, from GPRandomly selecting a parameter alpha, and calculating gα,e(h,h)αAnd selecting a symmetric encryption algorithm to be marked as (E, D).
The step (2) includes inputting system parameter m, master key mk, attribute value set S of registered user, and trusted authority returning key sks and partial key sks' belonging to registered user, which specifically includes the following steps:
setting the attribute set owned by each user as S, wherein the number of attributes in the attribute set cannot exceed N, and after the user sends a registration request, receiving the attribute set S, the master key mk and the system parameter m by a trusted authority, and obtaining a private key sks and a partial key sks' after calculation;
the trusted authority randomly selects a random parameter r epsilon ZPThe calculation results are as follows:
Figure GDA0002952272530000021
and
Figure GDA0002952272530000022
finally, the user gets the private key to complete the registration and passes sks' to the fog node.
In the step (3), the data uploading person calculates the plaintext F by using a hash algorithm H to obtain an irreversible result F ═ H (F), and calculates a secret key k ═ e (H, H) at the same time
The step (4) comprises inputting an access strategy P, a system parameter m and a partial ciphertext ct returned by the fog node; the access policy P1 is converted into an access structure (M, rho) formed based on LSSS by the fog node as follows:
defining a function rho (i) epsilon { Att1, …, attN } according to each line corresponding to an attribute value, representing the one-to-one mapping relation between each line and each attribute, randomly selecting a random value t by the fog nodes, and calculating a vector
Figure GDA0002952272530000031
The fog node is recalculated to obtain
Figure GDA0002952272530000032
Where i represents the ith row of the M matrix and the fog nodes randomly select a set of Z1,Z2,Z3,...,Zm∈ZpFor calculating and then running the Fog algorithm to input the system parameters m and thetajCalculating a part of ciphertext ct; the partial ciphertext ct is represented as follows:
Figure GDA0002952272530000033
and after the calculation is finished, sending the ct and the access structure (M, rho) to a data uploading user.
The step (5) comprises inputting an access strategy P, a system parameter m and a partial ciphertext CT, a data uploader returns the ciphertext CT, the data uploader operates an Enc algorithm to input the partial ciphertext CT, the system parameter m and a hash value f to calculate the ciphertext CT, and the expression is as follows:
Figure GDA0002952272530000034
then Lp1(k) ═ ((M, ρ), CT), the data uploader will transfer Lp1(k) to the cloud server for storage.
The step (6) comprises inputting an access policy P, a system parameter M, a partial ciphertext ct, a calculated value W to be returned by the Fog node, running the Fog algorithm by the Fog node, inputting the system parameter M, the partial ciphertext ct, a partial private key sks' and the access policy (M, ρ) and calculating as follows:
generating a set IA,ρ={I1,...,Iq}: the set of minimal subsets of the attributes for which the user satisfies (M, ρ). If the user attributes satisfy the access structure, then the constant set { ω is found within the polynomial timei∈ZP}i∈IIn which IJ∈IA,ρJ is more than or equal to 1 and less than or equal to q, so that sigma isi∈Iωiθi=t;
Figure GDA0002952272530000035
Finally, the fog node transmits W to the user.
And the step (7) comprises inputting a private key sks, a system parameter m, a fog node calculation result W and a ciphertext CT, and a user constructs a key k and returns decrypted data F.
The user runs a Dec algorithm, and a secret key k is constructed through a private key sks, a ciphertext CT, a system parameter m and a fog node calculation result W:
Figure GDA0002952272530000036
finally, the user applies the key k to correspond to the symmetric secret algorithm pair Ek(F) And decrypting to obtain a plaintext.
Step (8) comprises inputting system parameter m, original access strategy P, original ciphertext CT, new access strategy P ', new ciphertext CT', and the cloud server will return success or failureIf the new access strategy P ' can be added into the cloud server successfully, the new access strategy P ' cannot be added if the new access strategy P ' fails; the cloud server checks the integrity of the data uploaded by the extended user; and (5) repeating the steps (4) and (5) through a new user of the original access policy to create a new access policy P2, and uploading Lp2 (k') to the cloud. Cloud server re-slave GPRandomly selecting a new parameter gamma to construct a pseudo master key, and calculating corresponding private keys SKS and NKS' under new and old access policies of the pseudo master key:
Figure GDA0002952272530000041
Figure GDA0002952272530000042
and (7) repeating the steps (6) and (7), calculating and comparing whether the keys corresponding to the two private keys are the same to judge whether the keys are damaged, if the keys are not damaged, the cloud server stores Lp2 (k') on the cloud, and at the moment, the data on the cloud are changed into (Lp2(k), Lp1(k), Ek(F))。
Has the advantages that: compared with the prior art, the method and the device have the advantages that the linear secret sharing matrix is used as the access structure to realize the access control based on the attribute, the fog node is used as the edge service node, the encryption and decryption operation in the access control is reasonably distributed, and the operation overhead of the terminal user in the access control is reduced. In addition, the method can add new legal members to form a new access strategy on the basis of keeping the original access strategy, and can detect whether the access user falsifies the original data when uploading the new access strategy, thereby realizing the integrity protection of the original data.
Drawings
Fig. 1 is a model schematic diagram of a cloud computing-oriented multi-keyword orderable ciphertext retrieval method.
Detailed Description
For the purpose of explaining the technical solution disclosed in the present invention in detail, the following description is further made with reference to the drawings and examples.
The invention discloses a fog-computing-oriented extensible access control method, wherein a model schematic diagram of a cloud-computing-oriented multi-keyword orderable ciphertext retrieval method is shown in figure 1, and the method specifically comprises the following steps:
step 1: input of safety parameters 1λAnd generating a system parameter m and a master key mk by the trusted authority according to the attribute number N set in the access policy, wherein the system parameter m is arbitrarily disclosed, and the master key mk is stored by the trusted authority. The specific determination method comprises the following steps:
the system parameter m is (PG, g, u, g)1,g2,…,gN,h,gα,e(h,h)α,(E,D));
Master key mk ═ hα(ii) a Wherein the bilinear group PG ═ G, GTE, p) while selecting g, u, g1,g2,…,gNH is equal to G, from GPRandomly selecting a parameter alpha, and calculating gα,e(h,h)αSelecting a symmetric encryption algorithm denoted as (E, D).
After the step1 is finished, continuing to execute the step 2;
step 2: the input system parameter m, master key mk, set of attribute values S for the registered user, and the trusted authority returns a key sks and a partial key sks' that belong to the registered user. The specific determination method comprises the following steps:
and setting the attribute set owned by each user as S, wherein the number of attributes in the attribute set cannot exceed N. After the user sends a registration request, the trusted authority receives the attribute set S, the master key mk, and the system parameter m, and calculates to obtain the private key sks and the partial key sks'.
The trusted authority randomly selects a random parameter r epsilon ZPThe calculation results are as follows:
Figure GDA0002952272530000051
and
Figure GDA0002952272530000052
the user gets the private key to complete the registration and passes sks' to the fog node.
After the step2 is finished, continuing to execute the step 3;
step 3: the data uploading person calculates the plain text F by using a Hash algorithm H to obtain an irreversible result F ═ H (F), and simultaneously calculates a secret key k ═ e (H, H)
After the step3 is finished, continuing to execute the step 4;
step 4: and inputting an access strategy P, a system parameter m and a partial ciphertext ct returned by the fog node.
The access policy P1 is converted by the foggy node into an access structure (M, ρ) formed based on LSSS (linear secret sharing scheme), as follows:
one attribute value for each row, and we define the function ρ (i) ∈ { Att1, …, AttN } to represent a one-to-one mapping relationship between each row and each attribute. The fog nodes randomly select a random value t and calculate a vector
Figure GDA0002952272530000053
Fog node recalculation to
Figure GDA0002952272530000054
Where i represents the ith row of the M matrix and the fog nodes randomly select a set of Z1,Z2,Z3,...,Zm∈ZpFor calculating and then running the Fog algorithm to input the system parameters m and thetajAnd calculating a partial ciphertext ct:
partial cipher text
Figure GDA0002952272530000055
And after the calculation is finished, sending the ct and the access structure (M, rho) to a data uploader.
After the step4 is finished, continuing to execute the step 5;
step 5: and inputting an access strategy P, a system parameter m and a partial ciphertext CT, and returning the ciphertext CT to a data uploading user.
The data uploading user operates the Enc algorithm to input part of ciphertext CT, the system parameter m and the hash value f to calculate the ciphertext CT:
Figure GDA0002952272530000061
then Lp1(k) ═ ((M, ρ), CT), the data uploader will transfer Lp1(k) to the cloud server for storage.
After the step5 is finished, continuing to execute the step 6;
step 6: and inputting an access strategy P, a system parameter m, a partial ciphertext ct and a fog node to return a calculated value W.
The Fog node runs the Fog algorithm, inputs the system parameter M, partial ciphertext ct, partial private key sks' and access policy (M, ρ) to calculate:
generating a set IA,ρ={I1,...,Iq}: the set of minimal subsets of the attributes for which the user satisfies (M, ρ). If the user attributes satisfy the access structure, then the constant set { ω is found within the polynomial timei∈ZP}i∈IIn which IJ∈IA,ρJ is more than or equal to 1 and less than or equal to q, so that sigma isi∈Iωiθi=t.
Figure GDA0002952272530000062
The fog node passes W to the user.
After the step6 is finished, continuing to execute the step 7;
step 7: inputting a private key sks, a system parameter m, a fog node calculation result W and a ciphertext CT, and enabling a user to construct a key k and return decrypted data F.
The user runs a Dec algorithm, and a secret key k is constructed through a private key sks, a ciphertext CT, a system parameter m and a fog node calculation result W:
Figure GDA0002952272530000063
finally, the user uses the key k pairCorresponding symmetric secret algorithm pair Ek(F) And decrypting to obtain a plaintext.
After the step7 is finished, continuing to execute the step 8;
step 8: inputting a system parameter m, an original access strategy P, an original ciphertext CT, a new access strategy P ', a new ciphertext CT ', and returning success or failure results to the cloud server, wherein success represents that the new access strategy P ' can be added to the cloud server, and failure does not exist. And the cloud server checks the integrity of the data uploaded by the extended user.
And repeating Step4 and Step5 by the new user of the original access policy to create a new access policy P2, and uploading Lp2 (k') to the cloud. Cloud server re-slave GPRandomly selecting a new parameter gamma to construct a pseudo master key, and calculating corresponding private keys SKS and NKS' under new and old access policies of the pseudo master key:
Figure GDA0002952272530000071
Figure GDA0002952272530000072
and repeating Step6 and Step ρ 7 calculation to compare whether the corresponding keys of the two private keys are the same. Because k is e (h, h)αfTherefore, if k is the same, F is obtained by hashing the plaintext, and if F is the same, the fact that the plaintext is the same can be represented, and whether the integrity of the data F is damaged can be detected. If not destroyed, the cloud server will store Lp2 (k') on the cloud, and the data on the cloud is changed to (Lp2(k), Lp1(k), E)k(F))。
The relation of data uploading and processing in the model of the cloud computing-oriented multi-keyword orderable ciphertext retrieval method is expressed as follows:
(1) the trusted authority is a complete trusted authority preset in the system, and when a user sends a registration request, the trusted authority distributes a private key and a part of the private key to the user according to the attribute of the user. We assume that the trusted authority is not involved with any other entity, nor is it attacked;
(2) and the fog node receives the access strategy created by the data uploader, represents the access strategy by using the LSSS, and generates a partial ciphertext by using the system parameters generated by the trusted authority and the access strategy. In the user decryption part, the fog node undertakes part of calculation and returns the calculation result to the user;
(3) and the data uploader creates an access strategy and sends the access strategy to the fog node, the plaintext is encrypted by a secret key by using a symmetric encryption algorithm, and meanwhile, a Hash algorithm is used for the plaintext. Calculating a ciphertext and a key by using the system parameters, the partial ciphertext calculated by the fog node and the access strategy, and uploading the ciphertext and the key to a cloud server for storage;
(4) the user sends out a registration request to obtain a private key distributed by the trusted authority according to the attribute of each user. Downloading the encrypted ciphertext and the key from the cloud server, and if the user accords with the access strategy set by the data uploader, calculating the key by using the calculation result obtained by the fog node and the private key and the ciphertext, and then decrypting by using the key to obtain the plaintext by using the user;
(5) the cloud server compares whether the key calculated through the new access strategy is the same as the original key, if the key is the same as the original key, the integrity of the plaintext data is not damaged, and the new access strategy can be added into the cloud server.
The method provided by the invention can expand the access strategy, namely, on the basis of keeping the original access strategy, a new legal member is added to form a new access strategy, and the addition of the new access strategy not only confirms whether the access user accords with the access strategy set by the data uploading person, but also can detect whether the access user falsifies the original data when uploading the new access strategy, namely, the integrity of the original data in the system can be protected, and the loyalty of the access user can be confirmed.

Claims (1)

1. A scalable access control method oriented to fog computing is characterized in that: the method comprises the following steps:
(1) initializing the system: generating system parameters and a master key, wherein the system parameters are arbitrarily open, and the master key is stored by a trusted authority;
(2) user registration: distributing a private key belonging to a user person according to the attribute owned by the user;
(3) data encryption: processing a plaintext uploaded by a data uploading user by using a Hash algorithm to obtain a processed value, and comprehensively calculating by using system parameters and the processed value of the plaintext to obtain a symmetric key; the data uploading user encrypts a plaintext through a symmetric key, uploads the encrypted data to a cloud server for storage, and transmits a preset access strategy to a fog node for further processing;
(4) forming an access strategy and a part of ciphertext, wherein the fog node converts the access strategy into an access structure according to the LSSS and undertakes calculation on the part of ciphertext;
(5) the data uploading user completes the ciphertext, supplements part of ciphertext completely according to the system parameters and the value processed by the plaintext, and then sends the ciphertext and the access structure to the cloud server for storage;
(6) the fog node bears the calculated amount of the data of the non-decrypted part again, and the value calculated by utilizing the FOg algorithm is transmitted to a common user for use in the subsequent decryption process;
(7) the user decrypts the ciphertext, the user constructs a key by using a Dec algorithm according to a private key of the user, and the ciphertext is decrypted by using the key to obtain a plaintext;
(8) the integrity of the data uploaded by the user after the access policy expansion is checked, the cloud server checks new data, if the new data passes the check, the new data is added into the cloud service, and if the new data fails, the new access policy cannot be expanded again;
the step (1) comprises inputting safety parameters
Figure 470124DEST_PATH_IMAGE002
The number of attributes N set in the access policy, the trusted authority generates the system parameter m and the master key mk, whereinThe system parameter m is arbitrarily disclosed, and the master key mk is saved by a trusted authority; the system parameters m are (PG, g, u,
Figure 558297DEST_PATH_IMAGE004
Figure 936189DEST_PATH_IMAGE006
,…,
Figure 68093DEST_PATH_IMAGE008
,h,
Figure 896548DEST_PATH_IMAGE010
, e
Figure 37679DEST_PATH_IMAGE012
(E, D)), master key mk =
Figure 83126DEST_PATH_IMAGE014
Wherein bilinear group PG = (G,
Figure 917090DEST_PATH_IMAGE016
e, p) while selecting g, u,
Figure DEST_PATH_IMAGE017
Figure 648155DEST_PATH_IMAGE018
,…,
Figure 592977DEST_PATH_IMAGE008
,h
Figure 289669DEST_PATH_IMAGE020
g, from
Figure 966638DEST_PATH_IMAGE022
In randomly selecting a parameter
Figure DEST_PATH_IMAGE024
Calculate out
Figure 515824DEST_PATH_IMAGE025
,e
Figure DEST_PATH_IMAGE027
Selecting a symmetric encryption algorithm as (E, D);
step (2) comprises inputting system parameter m, master key mk, attribute value set S of registered user, trusted authority returning sks and partial key belonging to registered user
Figure DEST_PATH_IMAGE029
The method specifically comprises the following steps:
setting the attribute set owned by each user as S, wherein the number of attributes in the attribute set cannot exceed N, when the user sends a registration request, receiving the attribute set S, the master key mk and the system parameter m by the trusted authority, and obtaining the private key sks and the partial key after calculation
Figure DEST_PATH_IMAGE031
The trusted authority randomly selects a random parameter r
Figure DEST_PATH_IMAGE033
The calculation results are as follows:
sks=(
Figure DEST_PATH_IMAGE035
Figure DEST_PATH_IMAGE037
Figure DEST_PATH_IMAGE039
Figure DEST_PATH_IMAGE041
Figure DEST_PATH_IMAGE043
) And
Figure DEST_PATH_IMAGE045
finally, the user obtains the private key to complete registration and will
Figure 296961DEST_PATH_IMAGE029
Transmitting to a fog node;
in the step (3), the data uploading user calculates the plaintext F by using a Hash algorithm H to obtain an irreversible result F = H (F), and calculates the key k = e
Figure DEST_PATH_IMAGE047
Step (4) comprises inputting an access strategy P, a system parameter m and a partial ciphertext ct returned by the fog node; the access policy P is converted into an access structure (M, rho) formed based on the LSSS by the fog node, and the process is as follows:
defining a function according to each line corresponding to an attribute value
Figure DEST_PATH_IMAGE049
(i)
Figure DEST_PATH_IMAGE051
{ Att1, …, AttN }, which represents a one-to-one mapping relationship between each line and each attribute, the fog nodes randomly select a random value t, and calculate a vector
Figure DEST_PATH_IMAGE053
(t,
Figure DEST_PATH_IMAGE055
Figure DEST_PATH_IMAGE057
)∈
Figure DEST_PATH_IMAGE059
(ii) a The fog node is recalculated to obtain
Figure DEST_PATH_IMAGE061
=
Figure DEST_PATH_IMAGE063
Where i represents the ith row of the M matrix, and the fog nodes randomly select a group
Figure DEST_PATH_IMAGE065
Figure DEST_PATH_IMAGE067
Figure DEST_PATH_IMAGE069
For calculating, rerunning the Fog algorithm input system parameters m and
Figure 349624DEST_PATH_IMAGE061
calculating a part of ciphertext ct; the partial ciphertext ct is represented as follows:
ct=
Figure 305816DEST_PATH_IMAGE071
after the calculation is finished, sending the ct and the access structure (M, rho) to a data uploading user;
and (5) inputting an access strategy P, a system parameter m and a part of ciphertext CT, returning the ciphertext CT by a data uploader, and operating an Enc algorithm by the data uploader to input the part of ciphertext CT, the system parameter m and a hash value f to calculate the ciphertext CT, wherein the expression is as follows:
CT=
Figure 903151DEST_PATH_IMAGE073
then
Figure 453691DEST_PATH_IMAGE075
= ((M, ρ), CT), data upload user will
Figure 311926DEST_PATH_IMAGE077
Transmitting the data to a cloud server for storage;
step (6) comprises inputting an access strategy P, a system parameter m, a part of ciphertext ct, a Fog node returning a calculated value W, the Fog node running a Fog algorithm, inputting the system parameter m, the part of ciphertext ct, a part of private key
Figure DEST_PATH_IMAGE078
And the access policy (M, ρ) is calculated as follows:
generating collections
Figure DEST_PATH_IMAGE080
: user satisfaction
Figure DEST_PATH_IMAGE082
A set of minimal subsets of attributes of (a);
if the user attributes satisfy the access structure, then find a constant set within the polynomial time
Figure DEST_PATH_IMAGE084
Wherein
Figure DEST_PATH_IMAGE086
Figure DEST_PATH_IMAGE088
To make
Figure DEST_PATH_IMAGE090
=t;
Figure DEST_PATH_IMAGE092
Figure DEST_PATH_IMAGE094
Figure DEST_PATH_IMAGE096
Finally, the fog node transmits W to the user;
step (7) comprises inputting a private key sks, a system parameter m, a fog node calculation result W, a ciphertext CT, and a user constructing a key k and returning decrypted data F; then, the user runs a Dec algorithm, and a secret key k is constructed through a private key sks, a ciphertext CT, a system parameter m and a fog node calculation result W:
k=
Figure DEST_PATH_IMAGE098
.
Figure DEST_PATH_IMAGE100
= e
Figure 878168DEST_PATH_IMAGE102
finally, the user applies the key k to correspond to the symmetric secret algorithm pair
Figure 25115DEST_PATH_IMAGE104
Decrypting to obtain a plaintext;
step (8) comprises inputting system parameter m, original access strategy P, original ciphertext CT, and new access strategy
Figure 866163DEST_PATH_IMAGE106
New cipher text
Figure 844484DEST_PATH_IMAGE108
The cloud server returns success or failure results, and the success represents a new access strategy
Figure 145409DEST_PATH_IMAGE106
The information can be added into the cloud server, and the information cannot be added when the information fails; the cloud server checks the integrity of the data uploaded by the extended user; repeating the steps (4) and (5) through a new user of the original access policy to create a new access policy P2, and forming uploading to the cloud end;
cloud server re-slave
Figure 514073DEST_PATH_IMAGE110
In which a new parameter is randomly selected
Figure DEST_PATH_IMAGE112
Constructing a pseudo master key, and calculating corresponding private keys SKS and SKS under new and old access policies of the pseudo master key
Figure DEST_PATH_IMAGE114
SKS=(
Figure DEST_PATH_IMAGE116
Figure 595030DEST_PATH_IMAGE117
Figure DEST_PATH_IMAGE118
Figure 693436DEST_PATH_IMAGE041
Figure DEST_PATH_IMAGE120
x∈S);
Figure DEST_PATH_IMAGE122
=(
Figure DEST_PATH_IMAGE124
Figure DEST_PATH_IMAGE126
Figure DEST_PATH_IMAGE128
Figure DEST_PATH_IMAGE130
Figure 447153DEST_PATH_IMAGE120
x∈
Figure DEST_PATH_IMAGE132
);
And (7) repeating the steps (6) and (7) to calculate and compare whether the keys corresponding to the two private keys are the same to judge whether the integrity of the plaintext data is damaged, if not, the cloud server will judge whether the integrity of the plaintext data is damaged or not
Figure DEST_PATH_IMAGE134
Stored on the cloud, then the data on the cloud is changed to (at this time)
Figure DEST_PATH_IMAGE136
Figure 942594DEST_PATH_IMAGE077
Figure 656604DEST_PATH_IMAGE104
)。
CN201910019362.8A 2019-01-09 2019-01-09 Extensible access control method for fog computing Active CN109936562B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910019362.8A CN109936562B (en) 2019-01-09 2019-01-09 Extensible access control method for fog computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910019362.8A CN109936562B (en) 2019-01-09 2019-01-09 Extensible access control method for fog computing

Publications (2)

Publication Number Publication Date
CN109936562A CN109936562A (en) 2019-06-25
CN109936562B true CN109936562B (en) 2021-07-27

Family

ID=66984959

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910019362.8A Active CN109936562B (en) 2019-01-09 2019-01-09 Extensible access control method for fog computing

Country Status (1)

Country Link
CN (1) CN109936562B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111062043B (en) * 2019-11-29 2022-05-20 清华大学 Medical image identification method and system based on edge calculation
CN111372243B (en) * 2020-03-18 2023-05-12 南京邮电大学 Security distributed aggregation and access system and method based on fog alliance chain
CN117632858B (en) * 2024-01-24 2024-05-31 中国信息通信研究院 File format verification method, system, equipment and medium based on distributed network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106357395A (en) * 2016-09-13 2017-01-25 深圳大学 Outsourcing access control method and system aiming at fog computing
CN107222843A (en) * 2017-06-30 2017-09-29 西安电子科技大学 Towards the mist real-time performance system and method for indoor positioning
CN108881314A (en) * 2018-08-28 2018-11-23 南京邮电大学 Mist calculates the method and system for realizing secret protection under environment based on CP-ABE ciphertext access control
CN108900621A (en) * 2018-07-10 2018-11-27 华侨大学 A kind of otherness cloud synchronous method calculating mode based on mist
EP3407194A2 (en) * 2018-07-19 2018-11-28 Erle Robotics, S.L. Method for the deployment of distributed fog computing and storage architectures in robotic modular components

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106357395A (en) * 2016-09-13 2017-01-25 深圳大学 Outsourcing access control method and system aiming at fog computing
CN107222843A (en) * 2017-06-30 2017-09-29 西安电子科技大学 Towards the mist real-time performance system and method for indoor positioning
CN108900621A (en) * 2018-07-10 2018-11-27 华侨大学 A kind of otherness cloud synchronous method calculating mode based on mist
EP3407194A2 (en) * 2018-07-19 2018-11-28 Erle Robotics, S.L. Method for the deployment of distributed fog computing and storage architectures in robotic modular components
CN108881314A (en) * 2018-08-28 2018-11-23 南京邮电大学 Mist calculates the method and system for realizing secret protection under environment based on CP-ABE ciphertext access control

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于属性的可搜索加密方案的应用研究;周静;《中国优秀硕士学位论文全文数据库 信息科技辑》;20180415;1-75 *
雾计算环境下资源管理模型及算法研究;孙岩;《中国博士学位论文全文数据库 信息科技辑》;20180715;1-107 *

Also Published As

Publication number Publication date
CN109936562A (en) 2019-06-25

Similar Documents

Publication Publication Date Title
CN109768858B (en) Multi-authorization-based attribute encryption access control system in cloud environment and design method
CN109660555B (en) Content secure sharing method and system based on proxy re-encryption
US9646168B2 (en) Data access control method in cloud
CN109936562B (en) Extensible access control method for fog computing
CN106506474B (en) Efficient traceable data sharing method based on mobile cloud environment
KR102050887B1 (en) METHOD AND SYSTEM FOR DATA SHARING FOR INTERNET OF THINGS(IoT) MANAGEMENT IN CLOUD COMPUTING
Saroj et al. Threshold cryptography based data security in cloud computing
CN109361644B (en) Fuzzy attribute based encryption method supporting rapid search and decryption
He et al. Lightweight attribute based encryption scheme for mobile cloud assisted cyber-physical systems
CN109951279B (en) Anonymous data storage method based on block chain and edge device
CN110035067B (en) Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage
CN108632385B (en) Time sequence-based cloud storage privacy protection method for multi-branch tree data index structure
CN104883254A (en) Cloud computing platform oriented cryptograph access control system and access control method thereof
Wen et al. A verifiable data deduplication scheme in cloud computing
Udendhran A hybrid approach to enhance data security in cloud storage
CN114528331A (en) Data query method, device, medium and equipment based on block chain
Zhang et al. Cerberus: Privacy-preserving computation in edge computing
Xu et al. Secure deduplication for big data with efficient dynamic ownership updates
Lin et al. Secure deduplication schemes for content delivery in mobile edge computing
Thokchom et al. Privacy Preserving and Public Auditable Integrity Checking on Dynamic Cloud Data.
Gang et al. Secure image deduplication in cloud storage
CN114760072B (en) Signature and signature verification method, device and storage medium
CN108494552B (en) Cloud storage data deduplication method supporting efficient convergence key management
Fan et al. Secure and private key management scheme in big data networking
Stading Secure communication in a distributed system using identity based encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant