排序方式: 共有130条查询结果,搜索用时 406 毫秒
1.
基于PBAC模型和IBE的医疗数据访问控制方案 总被引:1,自引:0,他引:1
医疗卫生领域形成的医疗大数据中包含了大量的个人隐私信息,面临着外部攻击和内部泄密的潜在安全隐患。传统的访问控制模型没有考虑用户访问目的在侧重数据隐私的访问控制中的重要作用,现有的对称、非对称加密技术又都存在密钥管理、证书管理复杂的问题。针对这些问题,提出了综合应用PBAC模型和IBE加密技术的访问控制方案,支持针对医疗数据密文的灵活访问控制。通过加入条件目的概念对PBAC模型进行扩展,实现了对目的树的全覆盖;以病患ID、条件访问位和预期目的作为IBE身份公钥进行病患数据加密,只有通过认证并且访问目的符合预期的用户才能获得相应的私钥和加密数据,从而实现对病患信息的访问。实验结果证明,该方案达到了细粒度访问控制和隐私保护的目的,并具有较好的性能。 相似文献
2.
一种基于身份的多信任域网格认证模型 总被引:16,自引:0,他引:16
分析了现有的网格认证框架中存在的问题,提出了一种基于身份的多信任域网格认证模型.该模型以基于身份的PKI为基础,避免了基于传统PKI的认证框架的诸多缺点.同时,该模型提供了跨信任域的双向实体认证功能.模拟试验表明,该认证模型比基于传统PKI的认证框架更轻量、更高效.而且由于该模型可以在多信任域的环境下工作,故而比W Mao提出的只能在单一信任域中工作的认证框架更符合网格认证的实际需要. 相似文献
3.
Hierarchical identity-based signature(HIBS)has wide applications in the large network. However, the existing works cannot solve the trade-off between the security and efficiency. The main challenge at present is to construct a high efficient and strong secret HIBS with a low computation cost. In this paper, a new construction of HIBS scheme is proposed. The new scheme achieves the adaptive security which is a strong security in the identity-based cryptography. But our scheme has short public parameters and the private keys size shrinks as the hierarchy depth increases. The signature size is a constant and the cost of verification only requires four bilinear pairings, which are independent of hierarchy depth. Furthermore, under the q-strong computational diffie-Hellman problem(q-SDH)assumption, the scheme is provably secure against existential forgery for adaptive chosen message and identity attack in the standard model. 相似文献
4.
Pei Qingqi Li Hongning Pang Liaojun Hao Yin Hong Tang Key Lab of Computer Networks Information Security of Ministry of Education Xidian University Xi’an China Institute of China Electronic System Engineering Corporation Beijing China 《中国通信》2010,7(1):73-79
Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system cannot guarantee the security of the wireless sensor network for communications, this paper introduces a hierarchical key management scheme based on the different abilities of different sensor nodes in the clustered wireless sensor network. In this scheme, the nodes are distributed into several clusters, and a cluster head must be elected for each cluster. Private communication between cluster heads is realized through the encryption system based on the identity of each head while private communication between cluster nodes in a same cluster head is achieved through the random key preliminary distribution system. Considering the characteristics of WSN, we adopt dynamic means called dynamic cluster key management scheme to deal with master key, so master key will be updated according to the changed dynamic network topology. For cluster head node plays a pivotal role in this scheme, a trust manage-ment system should be introduced into the election of the cluster head which will exclude the malicious node from outside the cluster, thus improve the whole network security. 相似文献
5.
对指定测试者的基于身份可搜索加密(dIBEKS)方案进行了研究。指出Tseng等人所提dIBEKS方案并不是完全定义在基于身份密码系统架构上,而且方案不能满足dIBEKS密文不可区分性。首次提出了基于身份密码系统下的指定测试者可搜索加密方案的定义和安全需求,并设计了一个高效的dIBEKS新方案。证明了dIBEKS密文不可区分性是抵御离线关键字猜测攻击的充分条件,并证明了新方案在随机预言模型下满足适应性选择消息攻击的dIBEKS密文不可区分性、陷门不可区分性,从而可以有效抵御离线关键字猜测攻击。 相似文献
6.
7.
8.
文中对基于双线性对提出的可验证无证书环签密方案的安全性进行了密码分析,指出该方案不能抵抗替换公钥攻击,并给出了一种攻击方法,攻击者利用该攻击可以任意选定一组用户构成一个环对任意选择的消息进行环签密,密文可以顺利通过验证并正确解密,得出该方案是不安全的. 相似文献
9.
10.
一轮Diffie-Hellman密钥交换(One-Round Diff ie-Hellman key exchange,OR-DHKE)协议被认为无法实现完美的前向安全性(Perfect Forward Secrecy,PFS)。基于身份的OR-DHKE协议也是如此,现有研究仅实现了弱的完美 前向安全性(wPFS)。基于Cremers等人对密钥交换协议完美前向安全性的研究,文章提出 一种新的具有完美前向安全的基于身份认证密钥交换方案。文章首先提出一种较弱安全性的 基于身份 OR-DHKE协议π0,然后采用Cremers等人提出的SIG变换方法,将π0转化为具有完美前 向安全的基于身份认 证密钥交换方案π1。文章简要分析了CK、CK+、eCK和eCK-PFS安全模型的异同,在此 基 础上定义了基于身 份认证密钥交换协议分析的强安全模型ID-eCK-PFS。在ID-eCK-PFS模型下,协议π0和π1的安全性被规约为 求解判定性BDH(Decisional Bilinear Diffie-Hellman,DBDH)问题,规约过程未使用随 机预言机,实现了在标准模型下的完美前向安全性和可证明安全性。 相似文献