Research On Group-Based Access Control Technology

The space-ground integration information network,which has the characteristics of militarycivilian sharing and the interconnection of heterogeneous network.It carries massive user,information and data interaction and has more widespread application of group communication and information sharing.However,the characteristics of its node exposure and channel openness bring huge security risks to data access for users.Therefore,safe and effective access control technology is an important technical measure to ensure the spaceground integration information network.However,the existing access control model still has a gap in the organized,fine-grained,flexible and scalable requirements of the space-ground integration information network.In order to realize the fine-grained and organized access control in the space-ground integration information network,this thesis proposes a groupbased access control model by the idea of dividing group and dividing attributes.Moreover,it also proposes a corresponding management model,which can make security management for the group–based access control model.The thesis applies this model to the secure sharing of the broadcast information scenario in satellite networks to propose a group access control scheme with policy hiding.The main contributions and innovations of this thesis are as follows.Analyze the communication characteristics and access control requirements of large-scale users and complex network environments under the space-ground integration information network.This thesis proposes a group-based access control model,which takes user attributes,resource attributes and scene elements into consideration.Associating users with user groups,objects with object groups by using the idea of group not only simplifies the complexity of access control attributes,but also achieves fine-grained control for user attributes,resource attributes and access control elements during information dissemination process.We define user attribute hierarchy to realize the inheritance of resource access rights by different user groups and scene attribute hierarchy to realize the inheritance of operation rights of specific resource by users in same groups in different scenarios.The corresponding management model is proposed to make secure management for user attributes,object attributes and scene attributes.The analysis shows that our group-based access control model can make effectively and safely controllable to the communication of the space-ground integration information network.It is highly flexible and scalable,and can meet a variety of actual business needs.Analyze the security issues of broadcast data dissemination and access control requirements in satellite networks.This thesis proposes a group-based access control scheme with police hiding for the scenario of data security sharing of broadcast data in satellite networks.Develop a user group operation rules by refining the "temporal" elements in above groupbased access control for information sharing in shared groups.In terms of protecting the secure data dissemination in satellite networks,it proposes a multi-authority access control with policy hiding,which improves existing multi-authorized CP-ABE scheme without policy hiding.The security and performance analysis show that the scheme can satisfy the security requirements of data confidentiality,collusion resistant and complete policy hidden,and it's suitable for secure transmission of broadcast data and secure sharing within groups in satellite networks.