[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN106101093A - Intelligent grid attribute access control method based on Bloom Filter - Google Patents

Intelligent grid attribute access control method based on Bloom Filter Download PDF

Info

Publication number
CN106101093A
CN106101093A CN201610404962.2A CN201610404962A CN106101093A CN 106101093 A CN106101093 A CN 106101093A CN 201610404962 A CN201610404962 A CN 201610404962A CN 106101093 A CN106101093 A CN 106101093A
Authority
CN
China
Prior art keywords
data
user
authorization
bloom filter
center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610404962.2A
Other languages
Chinese (zh)
Other versions
CN106101093B (en
Inventor
万长胜
苏清玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN201610404962.2A priority Critical patent/CN106101093B/en
Publication of CN106101093A publication Critical patent/CN106101093A/en
Application granted granted Critical
Publication of CN106101093B publication Critical patent/CN106101093B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of intelligent grid attribute access control method based on Bloom Filter, comprise the steps: that data are stored in data center by (1) data owner;(2) if user wants to access data, then submit to access request and community set to control centre;(3) control centre utilizes Bloom Filter algorithm, it is judged that whether this user belongs to authorization set;(4) if it is determined that user belongs to authorization set then can obtain secret key decryption and obtain clear data.Otherwise will be unable to access data.The present invention uses bit array to represent the community set of user compactly, utilizes Bloom Filter that user carries out Fast Attribute ownership and judges, it is achieved that a kind of efficient attribute access controls.Compared with traditional algorithm, the present invention greatly reduces the program requirement to server memory, improves matching efficiency simultaneously, reduces the encryption attribute complexity of mass data in intelligent grid.

Description

Intelligent grid attribute access control method based on Bloom Filter
Technical field
The present invention relates to a kind of intelligent grid attribute access control method based on Bloom Filter, belong to intelligent grid Security technology area.
Background technology
Nowadays, along with the growing tension of electric power situation, building intelligent grid becomes the inevitable choice of electric power enterprise.Intelligent electric Net system has the data of magnanimity and substantial amounts of user, and different user is different to the access rights of data, it is therefore desirable to Realizing judging and access control to the user of different attribute, encryption attribute algorithm has just obtained the biggest application.
Ciphertext security access mechanism based on encryption attribute (Attribute Based Encryption, ABE) has because of it There is one of elastic granularity characteristic study hotspot becoming public key encryp in recent years accessing control flexibly.Access according to it The difference that control structure is disposed, ABE scheme can be divided into ABE (Key-Policy ABE, KP-ABE) and the ciphertext of key strategy The ABE (Ciphertext-Policy ABE, CP-ABE) of strategy.For application is upper, the latter, its data sender have more With oneself, big initiative, can determine that access structure encrypts a ciphertext.Substantially, encryption attribute can be regarded as one Access in the private key of control structure introducing user or in ciphertext, the user meeting this control structure i.e. belongs to authorization set, only User in sets of authorizations just can be with decrypting ciphertext, and the user of unauthorized concentration then cannot decrypting ciphertext.
In simple terms, an intelligent grid structural model comprises data owner, data center, authorization center and user's collection Close four parts.Data encryption is uploaded to data center by data owner, and this user owner may decide that and can access data Sets of authorizations.If user is to feedback, need to provide access request, the authorization center genus to user to authorization center Property judges, conduct interviews mandate.User could solve ciphertext data after obtaining mandate.
One attribute access control program that may be used for intelligent grid needs to meet claimed below: (1) correctness.Data The owner uploads after data encryption, and specifies authorization set.Attribute access control program allows for the attribute for user Making accurate judgment, the user only meeting access control structure could access, thus realize the proper authorization to data and access. (2) high efficiency.Intelligent grid has substantial amounts of data and user, a good attribute access control program attribute to be capable of Rapid matching judge and the quick access of data.(3) simplicity.Encryption attribute algorithm needs relatively low complexity, to carry The efficiency that high electric power system data accesses.(4) low carrying cost.Mass data in intelligent grid, adds the storage of system Pressure.One good intelligent grid access control algorithm should have relatively low memory requirement.
Obviously, designing an efficient intelligent grid access control scheme based on attribute is an important task, because of The mass data constantly produced for current intelligent grid is had higher requirement for accessing control.Current some are based on genus Property intelligent grid access control scheme can meet requirement (1) and preferably meet require (2).But, owing to attribute adds The complexity of close algorithm, these schemes are requiring that the performance of (3) and (4) aspect is not good enough.
Summary of the invention
Goal of the invention: for problems of the prior art with not enough, reduces carrying cost and improves encryption and decryption efficiency, The present invention provides a kind of intelligent grid attribute access control method based on Bloom Filter.
Technical scheme: a kind of intelligent grid attribute access control method based on Bloom Filter, including four parts:
(1)Setup()
Initialize: data owner can access data with authorized user, and sends authorization set to authorization center.
Respectively the community set of each user is mapped as a value that can carry out computing with hash function.Initialize one Individual array, authorization center selects multiple separate hash functions, carries out each element in sets of authorizations repeatedly respectively Hash computing, acquired results is mapped in certain scope and obtains a new bit array.
(2)Encrypt()
Encryption: data owner by data with private key encrypt after and store arrive data center.
(3)Judge()
Attributive judgment: if there being user curious to data, needs to send access request to authorization center, and submits self to Community set to authorization center.By authorization center, the property value of user is carried out Bloom Filter comparison.If it is determined that should User belongs to authorization set, then return the key that can solve ciphertext data.Otherwise, returning null value, user cannot obtain key.
(4)Decrypt()
Solve ciphertext data: after authorization center judges that user belongs to authorization set, return the data owner's private key for encryption.With Family can be decrypted from the data after data center obtains encryption after obtaining key, obtains in plain text.
Beneficial effect: the community set of user is become one and can carry out the two of hash functional operation and enter by the present invention Bit string processed or character string, such that it is able to carry out Bloom Filter matching judgment to it.Bloom Filter is a kind of space The random data structure that efficiency is the highest, it utilizes bit array to represent a set the most compactly, and can quickly judge one Whether element belongs to this set.The present invention utilizes this feature just, and the ownership using it for user property judges.With existing Intelligent grid encryption attribute scheme compare, present invention, avoiding in conventional attribute encipherment scheme complicated algorithm operating and access control Structure processed, it is possible to different length positioning string really is made a look up coupling simultaneously, and required memory space is less, has Feature rapidly and efficiently.Additionally, when data file is bigger, the complexity of ABE algorithm can limit its application at ciphering process, The most there is not this problem in the present invention.The present invention is the most useful for the efficiency improving intelligent grid attribute access control mechanism.
Accompanying drawing explanation
Fig. 1 is intelligent grid data access structural model;
Fig. 2 is that user property belongs to decision flow chart;
Fig. 3 is that Bloom Filter judges schematic diagram.
Detailed description of the invention
Below in conjunction with specific embodiment, it is further elucidated with the present invention, it should be understood that these embodiments are merely to illustrate the present invention Rather than restriction the scope of the present invention, after having read the present invention, the those skilled in the art's various equivalences to the present invention The amendment of form all falls within the application claims limited range.
A simple intelligent grid access structure model as shown in Figure 1, it includes entity and the reality that the present invention relates to Connection request between body.
The present invention relates to four entity: RTU (remote-terminal unit), data base, authorization center and customer group.RTU gathers Data, upload to data center by data encryption, additionally can specify that authorization set and authorization set is sent to authorization center. The authorization center authorization set to receiving carries out Bloom Filter algorithm computing, preserves the result obtained.User wants to access data, Then need to provide access request and community set to authorization center.Authorization center carries out Bloom Filter after receiving community set Matching judgment.Match authorization set and then can obtain secret key decryption ciphertext, otherwise cannot decipher.
Specifically it is described below:
(1) present invention proposes a kind of new initialization algorithm: RTU by authorization set transmission to authorization center.Authorization center is divided The community set of each user is not mapped as a value that can carry out computing with hash function.Initialize an array, choosing Select multiple separate hash function, respectively each element in sets of authorizations is carried out repeatedly hash computing, acquired results It is mapped in certain scope and obtains a new bit array.Step is described below:
Step1:RTU can access data with authorized user, and is used for the private key K and authorization set { u of encryption data1, u2,u3,...,unSend together to authorization center.
The different conditions of each attribute is corresponded to one digit number value or character by Step2: system respectively, and authorization center can root According to such corresponding relation by each user uiProperty set { Ai1,Ai2,Ai3,...,AiuBe mapped as one and can use hash letter Number carries out value x of computingi(xiCan be bit string or other character strings).
Step3: initializing the bit array of a L position, each all sets to 0.Authorization center selects m separate hash Function, respectively to each element x in sets of authorizationsiCarry out m hash computing, it is intended that a mapping ruler, by acquired results Be mapped to 1,2,3 ..., in L}.To any one element x, the position H that i-th hash function mapsiX () will be set to 1 (1≤i≤m) obtains a new bit array.
Initial phase completes data storage and preserves the attribute of authorization set.
(2) present invention proposes to use a simple encipherment scheme: after data attribute private key is encrypted by data owner And store data center.
Step4: data owner uses symmetric encipherment algorithm that data private key K encrypting plaintext M is obtained EK, and deposit (M) Store up data center (data center be half believable).
(3) present invention proposes a new attributive judgment algorithm: user if it is intended to access data, then carries to authorization center Hand over the community set of self.By authorization center, the property value of user is carried out Bloom Filter judgement.Step is described below:
Step5: user uiIf curious to data, send access request to authorization center and submit the property set of self simultaneously to Close { Ai1,Ai2,Ai3,...,AiuTo authorization center.
Community set { the A that Step6: authorization center is submitted to according to useri1,Ai2,Ai3,...,AiuCarry out mapping (method with Step2) obtain a real number value or bit string y as input, it is made m hash computing, if all Hi(y) Position is all 1 (1≤i≤m), then we are considered as y is the element in set, and being otherwise considered as y is not the element in set.
As Fig. 3 Bloom Fileter judges (for convenience of representing, it is illustrated that make m=3) shown in schematic diagram, Hi(y1) corresponding position Put and be not all 1, it is determined that y1It is not belonging to authorization set, Hi(y2) corresponding position is all 1, it is determined that y2Belong to authorization set.
(4) decipherment algorithm of the present invention: after authorization center judges that user belongs to authorization set, returns the data institute for encryption The person's of having private key.User can be decrypted from the data after data center obtains encryption after obtaining key, obtains in plain text.Step is divided State as follows:
Step7: if the property set of user belongs to authorization set, then control centre is that user distributes key KuiAnd encrypt with it The private key K of (can use symmetric encipherment algorithm) data owner is sent to user.
Step8: user receive after with the key K of oneselfuiThe deciphering carrying out symmetric encipherment algorithm obtains data owner's private Key K.
Step9: user uses the key K obtained to encryption data (EK(M)) carry out symmetry algorithm deciphering, obtain plaintext M.I.e.

Claims (5)

1. an intelligent grid attribute access control method based on Bloom Filter, it is characterised in that include four parts:
(1) initialize: data owner can access data with authorized user, and sends authorization set to authorization center;
Respectively the community set of each user is mapped as a value that can carry out computing with hash function;Initialize a number Group, authorization center selects multiple separate hash functions, respectively each element in sets of authorizations is carried out repeatedly hash Computing, acquired results is mapped in certain scope and obtains a new bit array;
(2) encryption: data owner by data with private key encrypt after and store arrive data center;
(3) attributive judgment: if there being user curious to data, needs to send access request to authorization center, and submits self to Community set to authorization center;By authorization center, the property value of user is carried out Bloom Filter comparison;If it is determined that should User belongs to authorization set, then return the key that can solve ciphertext data;Otherwise, returning null value, user cannot obtain key.
(4) solve ciphertext data: after authorization center judges that user belongs to authorization set, return the data owner's private key for encryption;With Family can be decrypted from the data after data center obtains encryption after obtaining key, obtains in plain text.
2. intelligent grid attribute access control method based on Bloom Filter as claimed in claim 1, it is characterised in that Initialization algorithm comprises the steps:
Step1: data owner can access data with authorized user, and is used for private key K and the authorization set of encryption data {u1,u2,u3,...,unSend together to authorization center;
Step2: authorization center is by each user uiProperty set { Ai1,Ai2,Ai3,...,AiuBe mapped as one and can use hash Function carries out value x of computingi
Step3: initialize an array, authorization center selects m separate hash function, respectively in sets of authorizations Each element xiCarry out m hash computing, acquired results be mapped to certain scope 1,2,3 ..., and L} obtains one new Bit array;To any one element x, the position H that i-th hash function mapsiX () will be set to 1 (1≤i≤m);If One position is repeatedly set to 1, then only for the first time can perform, after it will not be done any operation several times.
3. intelligent grid attribute access control method based on Bloom Filter as claimed in claim 1, it is characterised in that AES comprises the steps:
Data private key K encrypting plaintext M is obtained E by Step4: data ownerK, and store to data center (M).
4. intelligent grid attribute access control method based on Bloom Filter as claimed in claim 1, it is characterised in that Attributive judgment algorithm comprises the steps:
Step5: user uiIf curious to data, send access request to authorization center and submit the community set of self simultaneously to {Ai1,Ai2,Ai3,...,AiuTo authorization center;
Community set { the A that Step6: authorization center is submitted to according to useri1,Ai2,Ai3,...,AiuCarry out mapping and obtain a reality It, as input, is made m hash computing by numerical value or bit string y, if all HiThe position of (y) be all 1 (1≤i≤ M), then we are considered as y is the element in set, being otherwise considered as y is not the element in set.
5. intelligent grid attribute access control method based on Bloom Filter as claimed in claim 1, it is characterised in that Decipherment algorithm comprises the steps:
Step7: if the property set of user belongs to authorization set, then the attribute key that control centre generates according to the property set of user KuiAnd it is sent to user with its encryption data possessory private key K;
Step8: user receive after with the attribute key K of oneselfuiDeciphering obtains data owner private key K;
Step9: user, with the key K deciphering obtained, obtains plaintext M.
CN201610404962.2A 2016-06-08 2016-06-08 Smart grid attribute access control method based on Bloom Filter Active CN106101093B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610404962.2A CN106101093B (en) 2016-06-08 2016-06-08 Smart grid attribute access control method based on Bloom Filter

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610404962.2A CN106101093B (en) 2016-06-08 2016-06-08 Smart grid attribute access control method based on Bloom Filter

Publications (2)

Publication Number Publication Date
CN106101093A true CN106101093A (en) 2016-11-09
CN106101093B CN106101093B (en) 2019-03-12

Family

ID=57228396

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610404962.2A Active CN106101093B (en) 2016-06-08 2016-06-08 Smart grid attribute access control method based on Bloom Filter

Country Status (1)

Country Link
CN (1) CN106101093B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789996A (en) * 2016-12-12 2017-05-31 墨宝股份有限公司 A kind of smart power grid user access mandate control method
CN107094155A (en) * 2017-06-14 2017-08-25 广东工业大学 A kind of secure storage method of data and device based on alliance's block chain
CN107124268A (en) * 2017-04-01 2017-09-01 中国人民武装警察部队工程大学 A kind of privacy set common factor computational methods for resisting malicious attack
CN109766479A (en) * 2019-01-24 2019-05-17 北京三快在线科技有限公司 Data processing method, device, electronic equipment and storage medium
CN113343286A (en) * 2021-08-05 2021-09-03 江西农业大学 Data encryption and decryption method, data uploading end, data receiving end and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610264A (en) * 2009-07-24 2009-12-23 深圳市永达电子股份有限公司 The management method of a kind of firewall system, safety service platform and firewall system
CN103150394A (en) * 2013-03-25 2013-06-12 中国人民解放军国防科学技术大学 Distributed file system metadata management method facing to high-performance calculation
CN103618729A (en) * 2013-09-03 2014-03-05 南京邮电大学 Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage
CN104022868A (en) * 2014-02-18 2014-09-03 杭州师范大学 Outsourcing decryption method of attribute-based encryption based on ciphertext policy
CN104901948A (en) * 2015-04-15 2015-09-09 南方电网科学研究院有限责任公司 Encryption access control system and method based on hierarchical attributes in smart power grid
CN105208007A (en) * 2015-08-26 2015-12-30 中标软件有限公司 Data sharing system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610264A (en) * 2009-07-24 2009-12-23 深圳市永达电子股份有限公司 The management method of a kind of firewall system, safety service platform and firewall system
CN103150394A (en) * 2013-03-25 2013-06-12 中国人民解放军国防科学技术大学 Distributed file system metadata management method facing to high-performance calculation
CN103618729A (en) * 2013-09-03 2014-03-05 南京邮电大学 Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage
CN104022868A (en) * 2014-02-18 2014-09-03 杭州师范大学 Outsourcing decryption method of attribute-based encryption based on ciphertext policy
CN104901948A (en) * 2015-04-15 2015-09-09 南方电网科学研究院有限责任公司 Encryption access control system and method based on hierarchical attributes in smart power grid
CN105208007A (en) * 2015-08-26 2015-12-30 中标软件有限公司 Data sharing system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789996A (en) * 2016-12-12 2017-05-31 墨宝股份有限公司 A kind of smart power grid user access mandate control method
CN107124268A (en) * 2017-04-01 2017-09-01 中国人民武装警察部队工程大学 A kind of privacy set common factor computational methods for resisting malicious attack
CN107124268B (en) * 2017-04-01 2020-08-11 中国人民武装警察部队工程大学 Privacy set intersection calculation method capable of resisting malicious attacks
CN107094155A (en) * 2017-06-14 2017-08-25 广东工业大学 A kind of secure storage method of data and device based on alliance's block chain
CN107094155B (en) * 2017-06-14 2020-03-10 广东工业大学 Data security storage method and device based on alliance block chain
CN109766479A (en) * 2019-01-24 2019-05-17 北京三快在线科技有限公司 Data processing method, device, electronic equipment and storage medium
CN109766479B (en) * 2019-01-24 2020-06-09 北京三快在线科技有限公司 Data processing method and device, electronic equipment and storage medium
CN113343286A (en) * 2021-08-05 2021-09-03 江西农业大学 Data encryption and decryption method, data uploading end, data receiving end and system

Also Published As

Publication number Publication date
CN106101093B (en) 2019-03-12

Similar Documents

Publication Publication Date Title
Li et al. Full verifiability for outsourced decryption in attribute based encryption
CN103618729A (en) Multi-mechanism hierarchical attribute-based encryption method applied to cloud storage
CN104468615B (en) file access and modification authority control method based on data sharing
CN104780161B (en) Support multi-user's to can search for encryption method in a kind of cloud storage
CN106850652B (en) Arbitration searchable encryption method
CN109768987A (en) A kind of storage of data file security privacy and sharing method based on block chain
CN112019591A (en) Cloud data sharing method based on block chain
CN106101093B (en) Smart grid attribute access control method based on Bloom Filter
CN107395568A (en) A kind of cipher text retrieval method of more data owner's certifications
CN105100083B (en) A kind of secret protection and support user's revocation based on encryption attribute method and system
CN106127075A (en) The encryption method of can search for based on secret protection under a kind of cloud storage environment
CN105743645B (en) Stream code key generating means, method and data encryption, decryption method based on PUF
KR100839220B1 (en) Method for searching encrypted database and System thereof
Xue et al. Efficient and secure attribute-based access control with identical sub-policies frequently used in cloud storage
CN106059763B (en) The properties base multi-mechanism hierarchical Ciphertext policy weight encryption method of cloud environment
CN103236934B (en) A kind of method of cloud storage security control
CN103049466A (en) Full-text search method and system based on distributed cipher-text storage
CN106850228A (en) A kind of foundation of portable intelligent password management system and operating method
Xu et al. Enabling authorized encrypted search for multi-authority medical databases
CN105721485A (en) Secure nearest neighbor query method for multiple data owners in outsourcing cloud environment
CN106330934A (en) Distributed database system authority management method and device
CN110035067B (en) Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage
CN104967693A (en) Document similarity calculation method facing cloud storage based on fully homomorphic password technology
CN106161428A (en) A kind of ciphertext can the encryption attribute scheme of comparison of equalization
Huang et al. EABDS: Attribute‐Based Secure Data Sharing with Efficient Revocation in Cloud Computing

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant