命名数据网中基于CP-ABE 的访问控制方法

中国民航大学学报 ›› 2020, Vol. 38 ›› Issue (2): 18-24.

命名数据网中基于CP-ABE 的访问控制方法

吴志军，许恩中

（中国民航大学电子信息与自动化学院，天津300300）

收稿日期:2019-03-01 修回日期:2019-04-23 出版日期:2020-04-25 发布日期:2020-05-13
作者简介:吴志军（1965—），男，新疆库尔勒人，教授，博士，研究方向为航空电信网及网络安全、航空信息系统及信息安全、大数据和云计算安全.
基金资助:
国家自然科学基金项目（61601467）；天津市自然科学基金项目（17JCZDJC30900）；中央高校基本科研业务费专项（3122018D007）

Access control method based on CP-ABE in NDN

WU Zhijun, XU Enzhong

（College of Electronic Information and Automation, CAUC, Tianjin 300300, China）

Received:2019-03-01 Revised:2019-04-23 Online:2020-04-25 Published:2020-05-13

摘要/Abstract

摘要： 命名数据网络中信息缓存技术使数据发布者和数据解耦，导致存储节点中的数据由于缺少安全控制而面临安全威胁。针对该问题提出一种基于密文策略的属性加密（CP-ABE）的访问控制方法，将改进的CPABE算法与对称加密算法相结合，在边缘路由器引入一个重加密模块协调访问受保护数据和实现权限撤销，同时构建哈希表兴趣包过滤机制，在半可信缓存路由器上实现了细粒度访问控制和权限撤销。实验结果表明：该方法减少了数据发布尧数据请求处理的开销，同时提高了数据访问效率。

关键词: 命名数据网络, CP-ABE, 访问控制, 重加密, 哈希表

Abstract: Information caching technology in NDN improves data distribution efficiency. However, information caching decouples data publishers from data. The data in the storage node is at risk due to lack of security controls.Therefore, an access control method based on CP-ABE is proposed in NDN, which combines the improved CPABE algorithm with symmetric encryption, and introduces a re-encryption module in the edge router for protected data access coordination and privilege revocation. At the same time, a hash table-based interest packet filtering mechanism is built, implementing fine-grained access control and privilege revocation on a semi-trusted cache router. Theoretical analysis and experimental simulation results show that the proposed method reduces the overhead of data publishing and data request processing and improves data access efficiency.

Key words: NDN, CP-ABE, access control, re-encryption, Hash table

中图分类号:

TP393

吴志军, 许恩中. 命名数据网中基于CP-ABE 的访问控制方法[J]. 中国民航大学学报, 2020, 38(2): 18-24.

WU Zhijun, XU Enzhong. Access control method based on CP-ABE in NDN[J]. Journal of Civil Aviation University of China, 2020, 38(2): 18-24.

参考文献 12

[1]	HAMDANE B, MSAHLI M, SERHROUCHNA A. Data-based access controlin named data networking[C]//International Conference on Collaborative Computing Networking, Austin, USA, IEEE, 2013: 531-536.
[2]	周自飞, 谭小彬, 牛玉坤, 等. 信息中心网络中授权视频访问控制[J].电信科学, 2014, 30（9）: 53-60.
[3]	BETHENCOURTJ,SAHAIA, WATERS B. Ciphertext-policy attributebased encryption[C]//2007 IEEE Symposium on Security and Privacy,Berkeley, California, USA, IEEE Computer Society, 2007: 321-334.
[4]	TOURANI R , MICK T , MISRA S, et al. Security, privacy, and access control in information-centric networking: a survey[J]. IEEE Communications Surveys & Tutorials, 2018(20): 566-600.
[5]	LI BING, VERLEKER A P, HUANG DIJIANG, et al. Attribute-based access control for ICN naming scheme[C]//Proceedings of 2014 IEEE Conference on Communications and Network Security(CNS), San Francisco, CA, USA, IEEE, 2014: 391-399.
[6]	WOOD C A, UZUN E. Flexible end-to-end content security in CCN[C]// 2014 IEEE 11th Consumer Communications and Networking Conference. Las Vegas, Nevada, USA, IEEE, 2014: 858-865.
[7]	TAO FENG, GUOJIAQI.A new access control system based on CP-ABE in named data networking[J]. International Journal of Network Security,2018, 20(4): 710-720.
[8]	SIMOES DA, SILVA R, DONIZETTI ZORZO S. An access control mechanism to ensure privacy in named data networking using attribute based encryption with immediate revocation of privileges[C]//Consumer Communications and Networking Conference(CCNC), Las Vegas, NV,USA, IEEE, 2015: 128-133.
[9]	JAHID S, MITTTAL P, BORISOV N. EASiER: Encryption-based access control in social networks with efficient revocation[C]//ACM Symposium on Information, Computer and Communications Security, Hong Kong, China, DBLP, 2011: 411-415.
[10]	SO W, NARAYANAN A, ORAN DAVE, et al. Toward fast NDN software forwarding lookup engine based on Hash tables[C]//Proceedings of 8thACM/IEEE Symposium on Architectures for Networking Communications Systems, Austin, Texas, USA, ACM, 2012: 85-86.
[11]	ZHANG XINWEN, CHANG KATHARINE, XIONG HUIJUN. Towards namebased trust and security for content-centric network[C]//2011 19th IEEE International Conference on Network Protocols, Vancouver, BC Canada,IEEE, 2011: 1-6.
[12]	JACOBSON V, SMETTERS D K, THORNTON J D. Networking named content[C]//Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, New York, USA, ACM,2009: 1-12.