Research On Attribute-based Anonymous Information Sharing Model

With the rapid development of information technology,resource sharing on the Internet greatly improves the convenience of information acquisition.On the one hand,various application domains contain a wealth of resources and the resource sharing among different application domains has become a trend.Therefore,to ensure the safety of cross-domain resource sharing has become a top priority.On the other hand,when users try to get resources from an application domain,they are often asked to submit personal identity information while there is a hidden risk of privacy leak.Users hope that resources could be acquired without submitting personal information.In traditional access control,role-based access control is widely used in enterprises.However,it is too simple to comprehensively express users'authority and to be applied to cross-domain access control.In terms of identity privacy protection,some scholars have proposed anonymous authentication scheme based on PKI/PMI system,but security problems including impersonation attack and middle attack still exist in these schemes.In order to solve the above problems,this paper presents a solution to implement anonymous cross-domain authentication and authorization management.This paper firstly gives an introduction of PKI/PMI system,the development of access control technology,and the strategy language model of XACML as well as its characteristics.Then it analyzes the deficiency of relative anonymous authentication and authorization management schemes.On the basis of the above,this paper designs an anonymous authentication scheme to realize both intra-domain and cross-domain anonymous authentication and the entire anonymous authentication process is anonymous and secure.On the basis of anonymous authentication,this paper also proposes an attribute-based anonymous information sharing model.This model uses the attribute certificate as the carrier of the users' attributes to implement attribute-based cross-domain access control,and gives the strategy formulation and strategy evaluation algorithm through which different strategies can be made for users of different application domains,and can achieve the management of users' rights.Finally,this paper gives a specific test scenario.With strategies being set up by the upload module and the process of the access control being simulated,the correctness of strategy and the access decision is verified by comparing test results with theoretical results.