Research On Anonymous Authorization Attribute-Based Access Control Model

With the development of network technology,emerging industries such as cloud computing and Internet of Things have become key areas for national development.Cloud computing and Internet of Things represent an open distributed computing environment.On these platforms,massive amounts of data are uploaded by users every day,but a large amount of data may be illegally accessed,and it is inevitable to face the risk of privacy leakage when users are acquiring data,information security issues are becoming more prominent.In this open distributed environment,information sharing is more frequent and convenient,and information sharing will inevitably lead to more security risks.Access control technology is an effective means to solve the above security problems.However,it is found that common access control models such as DAC,MAC and RBAC are not applicable in an open distributed network environment.The ABAC model supports fine-grained authorization and dynamic authorization,and is not based on identity authorization,so it is more suitable for the current computing environment.However,ABAC cannot fully support anonymous authorization to protect user privacy.The existing access control methods supporting anonymous authorization mainly use the cryptographic token to replace the user identity,but these method does not change the essence of access using the unique identifier,and cannot eliminate the risk of privacy leakage caused by the unique identifier.In order to solve these problems,this paper uses the ABAC model's characteristic of not based on the identity authorization to extend the authorization framework of the ABAC model,and proposes an access control model that can meet the security requirements of the current computing environment,namely anonymous authorization ABAC model.The model is implemented by the homomorphic attribute-based signature algorithm and the design experiment is carried out to discuss the feasibility of the model.The core work and innovations of this paper are as follows:Firstly,this paper analyzes the problems existing in the application of common access control in the current open distributed computing environment,summarizes the basic characteristics of ABAC,and analyzes the advantages of ABAC model compared to other access control model in the current computing environment.Secondly,privacy protection has become more and more concerned due to events such as Facebook's massive privacy disclosure,and anonymous authorization is an effective way to protect user privacy.Therefore,this paper studies the authorization framework of the ABAC model and analyzes the reasons why the ABAC model cannot fully support anonymous authorization.By extending the authorization framework of the ABAC model,an ABAC authorization framework supporting anonymous authorization is proposed.In order to implement the anonymous authorization framework,the functional requirements and security requirements for algorithm implementation are given.Then,for the anonymous authorization framework's requirement of Implementation algorithm,the common attribute-based anonymous authorization algorithm is studied.By analyzing the implementation process and security features of these algorithms,the homomorphic attribute-based signature algorithm is used to implement the anonymous authorization framework.Finally,combined with the anonymous authorization framework and the homomorphic attribute-based signature algorithm,an ABAC model supporting anonymous authorization is proposed.The working process and algorithm implementation of the model are described in detail and the security of the model is analyzed.The mathematical proof can show that the model has the security features of anonymity,unlinkability,unforgeability and anonymous revocation.This shows that the user can obtain authorization anonymously without worrying about privacy leakage,and all the behaviors of the user are Auditable.This paper also gives an experimental simulation of the model and discusses the feasibility of the model.Compared with other access control schemes that support anonymous authorization,this model does not need to obtain authorization through unique identification,which can avoid the risk of privacy leakage caused by unique identification.This model is an extension of the ABAC model,which can well retain ABAC model's characteristic of fine-grained authorization and flexible policy;and the model also supports auditing and attribute negotiation.Attribute negotiation can help users obtain authorization with minimal attribute information.