移动APP端电网用户访问控制方案

doi:10.3969/j.issn.1000-3428.2018.04.032

摘要/Abstract

摘要： 针对电力企业中敏感数据保护和用户安全访问问题,提出一种在电网环境下的用户访问控制方案。当用户需要查询相关数据时,就必须与电力系统的内网服务器产生交互,从内网服务器获取需要的数据。在此过程中,恶意用户可能假冒合法用户的身份向服务器发出请求,非法获得数据。通过建立多授权机构,采用属性加密技术,对APP用户进行授权从而控制用户对数据的访问,防止恶意用户对电网系统造成安全威胁。通过对敏感数据进行加密处理,保证敏感数据的机密性。分析和评估结果表明,该方案具有较好的安全性,计算代价较低。

关键词: 电力系统, 访问控制, 敏感数据保护, 属性加密, 机密性

Abstract: For sensitive data protection and user security access issues in electric power enterprise,this paper proposes an access control scheme for user of electrified wire netting.When the user wants to query the data,he must interact with the network server in the power system,and obtain the required data from the internal network server.In this process,the malicious user may fake the legitimate user to make a request and obtains the data illegally.Users are authorized and controlled to access the data through building attribute authorities and using attribute-based encryption to prevent the malicious user from threating the power grid system.The scheme also encrypts the sensitive data and ensures the confidentiality of sensitive data.The results of analysis and evaluation show that the proposed scheme has better security and lower computing cost.

Key words: electric system, access control, sensitive data protection, attribute encryption, confidentiality

中图分类号:

TP39

李明,方圆,刘军,俞骏豪. 移动APP端电网用户访问控制方案[J]. 计算机工程, doi: 10.3969/j.issn.1000-3428.2018.04.032.

LI Ming,FANG Yuan,LIU Jun,YU Junhao. User Access Control Scheme for Electrified Wire Netting on Mobile APP [J]. Computer Engineering, doi: 10.3969/j.issn.1000-3428.2018.04.032.

参考文献

参考文献［1］张珊珊.移动互联网发展［C］//北京通信学会2011信息通信网技术业务发展研讨会论文集.北京:［出版者不详］,2011. ［2］辛阳,杨义先.移动终端安全模块技术研究［J］.电子技术应用,2005,31(11):45-47. ［3］徐桂.移动互联网络安全认证及安全应用中关键技术研究［J］.网络安全技术与应用,2014(1):38-39. ［4］冉军.基于云存储的智能电网访问控制研究［D］.北京:华北电力大学,2014. ［5］陈树勇,宋书芳,李兰欣,等.智能电网技术综述［J］.电网技术,2009,33(8):1-7. ［6］张文亮,刘壮志,王明俊,等.智能电网的研究进展及发展趋势［J］.电网技术,2009,33(13):1-11. ［7］王德文,宋亚奇,朱永利.基于云计算的智能电网信息平台［J］.电力系统自动化,2010,34(22):7-12. ［8］王保义,王蓝婧.电力信息系统中基于属性的访问控制模型的设计［J］.电力系统自动化,2007,31(7):81-84. ［9］DONG C,RUSSELLO G,DULAY N.Shared and searchable encrypted data for untrusted servers［J］.Journal of Computer Security,2011,19(3):367-397. ［10］KALLAHALLA M,RIEDEL E,SWAMINATHAN R,et al.Plutus:scalable secure file sharing on untrusted storage［C］//Proceedings of Usenix Conference on File & Storage Technologies.Berlin,Germany:Springer,2003:29-42. ［11］SAHAI A,WATERS B.Fuzzy identity-based encryption［C］//Proceedings of International Conference on Theory & Applications of Cryptographic Techniques.Berlin,Germany:Springer,2005:457-473. ［12］HAN Jinguang,SUSILO W,MU Yi,et al.Improving privacy and security in decentralized ciphertext-policy attribute-based encryption［J］.IEEE Transactions on Information Forensics and Security,2015,10(3):665-678. ［13］TANG Heyi,CUI Yong,GUAN Chaowen,et al.Enabling ciphertext deduplication for secure cloud storage and access control［C］//Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security.New York,USA:ACM Press,2016:59-70. ［14］LI Jiguo,YAO Wei,ZHANG Yichen,et al.Flexible and fine-grained attribute-based data storage in cloud computing［J］.IEEE Transactions on Services Computing,2016,10(5):785-796. ［15］YANG Kan,JIA Xiaohua,REN Kui,et al.DAC-MACS:effective data access control for multi-authority cloud storage systems［J ］.IEEE Transactions on Information Forensics and Security,2013,8(11):1790-1801. ［16］SHAO Jun,LU Rongxing,LIN Xiaodong.Fine-grained data sharing in cloud computing for mobile devices［C］//Proceedings of IEEE Conference on Computer Communications.Washington D.C.,USA:IEEE Press,2015:2677-2685. ［17］DE S J,RUJ S.Decentralized access control on data in the cloud with fast encryption and outsourced decryption［C］//Proceedings of IEEE Global Com-munications Conference.Washington D.C.,USA:IEEE Press,2015:1-6. ［18］苏金树,曹丹,王小峰,等.属性基加密机制［J］.软件学报,2011,22(6):1299-1315. 编辑顾逸斐

[1]	李民政, 资文彬, 王浩. LoRa无线网络MAC层TDMA时隙分配协议研究[J]. 计算机工程, 2019, 45(9): 95-99,118.
[2]	谭跃生,鲁黎明,王静宇. 基于安全三方计算的密文策略加密方案[J]. 计算机工程, 2019, 45(1): 115-120,128.
[3]	杨小东,安发英,杨苗苗,杨平,王彩芬. 支持多授权中心与属性变更的云访问控制方案[J]. 计算机工程, 2018, 44(8): 1-6.
[4]	谭跃生,郉晨烁,王静宇. 一种支持细粒度属性变更的云访问控制方案[J]. 计算机工程, 2018, 44(8): 7-13.
[5]	范运东,吴晓平. 基于策略隐藏属性加密的云存储访问控制方案[J]. 计算机工程, 2018, 44(7): 139-144,149.
[6]	杨康,袁海东,郭渊博. 基于属性加密的二维码分级加密算法[J]. 计算机工程, 2018, 44(6): 136-140.
[7]	霍颖瑜,马莉,刘英,钟勇. 一种社交网络环境下的数字权利保护模型[J]. 计算机工程, 2018, 44(5): 133-139.
[8]	梁才,涂国庆,刘梦君. 基于属性加密的细粒度家庭文件安全共享方案[J]. 计算机工程, 2018, 44(4): 206-211.
[9]	杜远志,杜学绘,杨智. 云计算环境下基于属性加密的信息流控制及实现[J]. 计算机工程, 2018, 44(3): 27-36.
[10]	谢佳筠,伏晓,骆斌. Android防护技术研究进展 [J]. 计算机工程, 2018, 44(2): 163-170,176.
[11]	刘晓威,周雷,王国军. 基于环境属性的访问控制系统设计与实现[J]. 计算机工程, 2018, 44(2): 171-176.
[12]	汤海婷,汪学明. 一种基于格的属性多重加密方案 [J]. 计算机工程, 2018, 44(2): 193-196.
[13]	丁祥武,张东辉. Hadoop平台的安全加固方案[J]. 计算机工程, 2018, 44(12): 94-101.
[14]	杜军龙,周剑涛. 多种MAC机制并存的动态装载方法[J]. 计算机工程, 2018, 44(11): 62-66.
[15]	易文康,程骅,程耕国. Shiro框架在Web系统安全性上的改进与应用[J]. 计算机工程, 2018, 44(11): 135-139.