基于属性的签名能够实现细粒度的访问控制,被认为是云计算环境中一种重要的匿名认证手段.但常见的属性基签名只能通过门限结构提供简单的访问控制,无法应对云环境中的大规模用户属性集.同时,用户属性集由唯一的属性权威管理,增加了属性权威的计算和存储开销,一旦属性权威被攻破,整个系统就会面临崩溃的风险.针对以上问题,提出了一种支持树形访问结构的多权威属性签名方案,可以支持任意形式的与、或和门限结构,提供了更灵活的访问控制.将用户属性集由不同属性权威分类管理,减少开销的同时也降低了系统的风险.此外,在随机预言机模型下证明了方案是给定策略选择消息攻击(SP-CMA)安全的.%Attribute-based signature (ABS), which could realize fine-grained access control, was considered to be an im-portant method for anonymous authentication in cloud computing. However, normal ABS only provided simple access control through threshold structure and thus could not cope with the large-scale attribute sets of users in the cloud. More-over, the attribute sets were supervised by only one attribute authority, which increased the cost of computation and sto-rage. The whole system was in danger of collapsing once the attribute authority was breached. Aiming at tackling the problems above, a novel scheme, was proposed called multi-authority ABS supporting dendritic access structure which supported any AND, OR and threshold gates and affords more flexible access control. Meanwhile, the attribute sets of users were classified by diverse attribute authorities which reduced the overhead and the risk of systems. Besides, the scheme is proved to be selective predicate chosen message attack secure in the random oracle model.
展开▼
