支持时空属性的安全访问控制技术研究

项目名称： 支持时空属性的安全访问控制技术研究

项目编号： No.61472032

项目类型： 面上项目

立项/批准年度： 2015

项目学科： 自动化技术、计算机技术

项目作者： 朱岩

作者单位： 北京科技大学

项目金额： 84万元

中文摘要： 鉴于云存储的蓬勃发展以及移动智能终端在获取时空信息的便利，本课题旨在研究面向云计算的安全数据与服务访控机制，通过探索数据加密中各类时空属性的数学表示方法与各种范围谓词的安全计算方法，设计并实现支持时间与空间上的复杂访控策略以及加密与解密委派机制的密码系统构建。研究内容包括：1）研究基于范围谓词的多维度时空访控技术，采用保序函数和加法同态，探索隐藏时空信息的安全比较算法，并研究支持多维度范围谓词的有效表示与算法实现方法，解决满足时空约束的基于属性加密构造；2）基于委派的时空访控和密文检索技术研究，研究基于加密委派的策略约束动态化问题，使其对各种时空动态属性予以支持，并探索面向范围谓词的解密委派，实现服务器端的时空属性策略授权验证方法。上述研究将为安全云计算构建和实现高效、细粒度的时空访控提供理论基础。

中文关键词： 公钥密码学；访问控制；安全比较运算；时空属性；委派

英文摘要： With the vigorous development of cloud storage services and the greater convenient of acquiring spatial and temporal information from mobile intelligent terminals, the objective of this project is to develop access control mechanisms for securely sharing resources and services across untrusted cloud providers. To achieve this goal, in this project we will explore effective mathematical representation of various spatial and temporal attributes, as well as secure computing algorithms on various range predicates. On this basis, we will design and implement cryptosystem with complex access control policy on spatial and temporal attributes and delegation mechanisms on encryption and decryption. Our proposed work includes the following two aspects: 1) Secure computing algorithms with multi-dimension policy enforcement on complex range predicates. We will investigate attribute-hidding predicate encryption supporting various integer comparison predicates by constructing order-preserving functions and homomorphic additions. Then, effective representations on multi-dimensional range predicates and secure computing algorithms will be implemented to develop the attribute-based encryption schemes with spatial and temporal constraints commonly required by fine-grained access control. 2) Delegation machanisms for temporal-spatial access control and secure retrieval over encrypted data. We will focus on encryption delegation for dynamic policy enforcement to support a variety of dynamic spatial and temporal attributes. Moreover, we will pursue attribute-hidding decryption delegation on range predicates to realize server-side verification of user's authentication levels on spatial-temporal attributes. The proposed work will provide a good theoretical and practical foundation for efficient and fine-grained access control in untrusted cloud environment. They will also lay a theoretical foundation for addressing some fundamental issues of access control in a variety of future network services.

英文关键词： Public-key Cryptography;Access Control;Secure Comparison Computing;Temporal-Spatial Attributes;Delegation