Multi-authorization access control system and method based on attribute encryption

Abstract

The invention relates to a multi-authorization access control system and method based on attribute encryption, and the system and method employ an LSSS linear secret sharing model to replace an NAND gate model of shamir, and effectively improve the encryption and decryption efficiency of information. According to the method and the system, a secret key generation mode of multiple authorization centers is realized, a user collusion attack mode can be well defended, ciphertext encryption of data information is realized in DO, and the purpose of performing data encryption on the data informationis achieved. In each AA, an attribute set which is more owned by each independent user is generated to generate an independent corresponding secret key, and fine grit management of user permission control is realized.

Description

technical field [0001] The invention relates to the field of information encryption and decryption of network information security, in particular to a multi-authorization access control system and method based on attribute encryption. Background technique [0002] At present, the existing technologies commonly used in the industry are as follows: access control means that only users who have passed the authentication of the server can access relevant data. At present, cloud storage has attracted most users because of its convenience, low price, and ability to handle complex calculations. Or the company puts personal data or projects in the cloud environment, and as the amount of data continues to increase, the security of the data in the cloud server has also attracted attention. Therefore, the concept of encrypted access control system has been introduced. Among the existing encryption access control models, ABE is the most prominent. It is mainly divided into CP-ABE and KP...

AI Technical Summary

Problems solved by technology

However, the role-based access control method cannot encrypt data information and can only perform security control on information access, and does not manage fine-grained information itself, so there are potential security risks; the invention CN103220291A proposes a The basic implementation of the attribute-based control system, the invention combines the ABAC access strategy of the ciphertext strategy with the XACML language, and initially realizes the access control system based on attribute encryption, but the invention only focuses on the single authorization center mode, and adopts The traditional NAND gate model is used to construct the access decision tree, and there are problems such as encryption, decryption time-consuming, and security loopholes.

Invention CN106790119A proposes an attribute-based access control method that supports attribute revocation and granting. On the basis of realizing basic attribute-based access control, it realizes support for user attribute granting and revocation, and improves the flexibility of the system. However, the system The encryption and decryption efficiency is still very low and the security attack against user collusion cannot be well prevented

Images