Search

CN-122002281-A - Low-altitude big data access control method and system based on comparable attribute in low-altitude trusted data space

CN122002281ACN 122002281 ACN122002281 ACN 122002281ACN-122002281-A

Abstract

The invention discloses a low-altitude big data access control method and a system based on comparable attributes in a low-altitude trusted data space, wherein a data user DU sends an access request for target data to a low-altitude trusted data space LADS; the access request comprises an attribute set and a tag set of the DU, the low-altitude trusted data space LADS judges whether the attribute set of the DU is matched with a target data access strategy, if so, returns a ciphertext of target data to the DU, the DU checks whether a puncture tag set contained in the ciphertext of the target data is matched with a target decryption key, if not, and determines that a target time trap in the ciphertext of the target data is released, and then decrypts the ciphertext of the target data based on the target decryption key to obtain the target data. The invention realizes flexible and efficient user revocation to ensure forward security, can flexibly decide the access behavior of the data user according to access time and attribute comparison, and supports the correctness verification of the decryption process.

Inventors

  • ZHANG JIAWEI
  • MA JIANFENG
  • XI NING

Assignees

  • 西安电子科技大学

Dates

Publication Date
20260508
Application Date
20260306

Claims (8)

  1. 1. A method for low-altitude big data access control in a low-altitude trusted data space based on comparable attributes, comprising: The method comprises the steps that a data user DU sends an access request for target data to a low-altitude trusted data space LADS, wherein the access request comprises an attribute set and a tag set of the data user DU; The low-altitude trusted data space LADS judges whether the attribute set of the data user DU is matched with a target data access strategy, if so, returns ciphertext of target data to the data user DU, wherein the target data access strategy and the ciphertext of the target data are received from a data owner DO in advance; The method comprises the steps of checking whether a puncture tag set contained in ciphertext of target data is matched with a target decryption key or not by a data user DU, and if the puncture tag set is not matched with the target decryption key and a target time trapdoor in the ciphertext of the target data is determined to be released, decrypting the ciphertext of the target data based on the target decryption key to obtain the target data, wherein the target decryption key is generated by a key generation center KGC in advance according to an attribute set and a tag set of the data user DU.
  2. 2. The method of low-altitude big data access control in a low-altitude trusted data space based on comparable attributes of claim 1, further comprising: the key generation center KGC sends a time token to the low-altitude trusted data space LADS according to a preset time interval; And if so, calculating the target time trapdoor based on the time token to obtain a released target time trapdoor, and embedding the released target time trapdoor into ciphertext of corresponding target data.
  3. 3. The method of low-altitude big data access control in a low-altitude trusted data space based on comparable attributes of claim 1, further comprising: The data owner DO encrypts the target data based on a symmetric encryption algorithm and the predefined target data access strategy to obtain a ciphertext and a key verification parameter of the target data, and hosts the ciphertext to a low-altitude trusted data space LADS.
  4. 4. A low-altitude big data access control method based on comparable attributes in a low-altitude trusted data space according to any of the claims 3, characterized in that the method further comprises: the data owner DO sends a puncture strategy to the low-altitude trusted data space LADS; The low-altitude trusted data space LADS punctures the ciphertext of the target data based on the puncturing strategy to obtain the punctured ciphertext of the target data, wherein the punctured ciphertext of the target data comprises a puncturing key and a puncturing tag set; The data owner DO verifies the piercing signature based on a pre-generated LADS signature public key.
  5. 5. The method for low-altitude big data access control based on comparable attributes in a low-altitude trusted data space according to claim 4, wherein decrypting ciphertext of the target data based on the target decryption key to obtain the target data comprises: The data user DU decrypts the ciphertext of the target data based on the target decryption key to obtain a symmetric key, verifies the symmetric key based on the key verification parameter, and decrypts the ciphertext of the target data by adopting the symmetric key if the symmetric key passes the verification to obtain the target data.
  6. 6. A low-altitude big data access control method based on comparable attributes in a low-altitude trusted data space as claimed in claim 1, said method further comprising: the data owner DO carries out code conversion on the attribute of each leaf node according to the size relation between the attribute of each leaf node in the target data access strategy and a preset threshold value to obtain a strategy coding attribute set; the policy coding attribute set comprises 0 codes and 1 codes, wherein the 0 codes represent that the size relation is larger than, and the 1 codes represent that the size relation is not larger than.
  7. 7. The method for low-altitude big data access control based on comparable attributes in a low-altitude trusted data space as claimed in claim 6, wherein said low-altitude trusted data space LADS determining whether the set of attributes of said data user DU matches a target data access policy comprises: the low-altitude trusted data space LADS judges whether the attribute set of the data user DU is matched with the strategy coding attribute set.
  8. 8. A low-altitude big data access control system based on comparable attributes in a low-altitude trusted data space is characterized by comprising a data user DU, a low-altitude trusted data space LADS, a data owner DO and a key generation center KGC, wherein, The data user DU is used for sending an access request for target data to the low-altitude trusted data space LADS, wherein the access request comprises an attribute set and a tag set of the data user DU; The low-altitude trusted data space LADS is used for judging whether the attribute set of the data user DU is matched with a target data access strategy, and if so, returning ciphertext of target data to the data user DU, wherein the target data access strategy and the ciphertext of the target data are received from a data owner DO in advance; The data user DU is also used for checking whether a puncture tag set contained in the ciphertext of the target data is matched with a target decryption key, if the puncture tag set is not matched with the target decryption key, and the target time trapdoor in the ciphertext of the target data is released, the ciphertext of the target data is decrypted based on the target decryption key to obtain the target data, wherein the target decryption key is generated by a key generation center KGC in advance according to the attribute set and the tag set of the data user DU.

Description

Low-altitude big data access control method and system based on comparable attribute in low-altitude trusted data space Technical Field The invention belongs to the technical field of low-altitude data security, and particularly relates to a low-altitude big data access control method based on comparable attributes in a low-altitude trusted data space. Background With the advent of new digital transformation wave, technologies such as 5G, cloud computing, artificial intelligence and the Internet of things are widely applied, and the deep transformation and the vigorous development of low-altitude economy of the unmanned aerial vehicle industry are promoted. The data are taken as key production elements in the low-altitude economic age, the value of the data is increasingly outstanding, and the data become an important power source for global economic growth and value creation. Explosive growth and circulation utilization of data demands present new challenges for low-altitude big data management, access control, mining analysis, etc. The data space is used as a new data organization management mode, and unified standard and interoperation of data in the industry field are promoted by protecting data main rights, ensuring data security, promoting data cross-domain circulation, mining analysis and secondary utilization of focused data value. In the low-altitude field, the low-altitude trusted data space provides an effective solution for realizing the orderly release of the low-altitude data element values, and becomes an important infrastructure in the low-altitude economic age. In the low-altitude trusted data space, the risk of stealing, tampering and misuse of low-altitude big data is often accompanied in the process of sharing data to a data user by a data owner, so that data ownership is lost. The data access control can realize accurate delivery and access management during low-altitude big data sharing by uniformly managing the digital identities and the data access strategies of all participating main bodies, and becomes one of key technologies for realizing low-altitude big data circulation and trusted sharing in a low-altitude trusted data space. Currently, when data confidentiality and access control are realized, a large number of ciphertext-policy-based attribute encryption (CP-ABE) technologies are adopted in the low-altitude trusted data space, namely, a data provider designates a specific access policy for data of the data provider and performs low-altitude big data encryption, and only a data user with authority conforming to the access policy can decrypt and obtain correct plaintext data. While CP-ABE is capable of flexible fine-grained access control to ciphertext data, its direct application to data space for secure data sharing faces a number of problems. Firstly, the traditional attribute-based encryption scheme has large calculation overhead when users cancel, and cannot meet the scene of adding or exiting a large number of dynamic users in the low-altitude trusted data space. Secondly, the low-altitude trusted data space needs to flexibly access and control the shared low-altitude big data according to user attribute comparison and access time, and can verify the decryption result. Disclosure of Invention In order to solve the problems in the prior art, the invention provides a low-altitude big data access control method and a system based on comparable attributes in a low-altitude trusted data space. The technical problems to be solved by the invention are realized by the following technical scheme: in a first aspect, the present invention provides a low-altitude big data access control method based on comparable attributes in a low-altitude trusted data space, including: The data user DU sends an access request for target data to the low-altitude trusted data space LADS, wherein the access request comprises an attribute set and a tag set of the data user DU; The low-altitude trusted data space LADS judges whether the attribute set of the data user DU is matched with the target data access strategy, if so, the target data ciphertext is returned to the data user DU, wherein the target data access strategy and the target data ciphertext are received from the data owner DO in advance; the method comprises the steps of checking whether a puncture tag set contained in ciphertext of target data is matched with a target decryption key by a data user DU, if the puncture tag set is not matched with the target decryption key, determining that a target time trapdoor in the ciphertext of the target data is released, decrypting the ciphertext of the target data based on the target decryption key to obtain the target data, wherein the target decryption key is generated by a key generation center KGC in advance according to an attribute set and the tag set of the data user DU. In a second aspect, the invention provides a low-level big data access control system based on comparable attributes in a l