针对物联网感知层节点计算、存储能力受限情况下,多用户安全高效的资源访问需求,提出一种分层访问控制方案.将提供同级别资源的节点划分为一个层次节点,利用层次节点之间形成的偏序关系,设计了安全高效的密钥推导算法,使用户在掌握单个密钥材料的情况下,能够访问更多层次资源.同时引入Merkle树机制,使多个用户通过相互独立的哈希链,安全高效的获取层次节点的密钥材料.方案在存储开销、计算开销、可证明安全和可扩展方面,比现有类似方案更适合多用户在物联网感知层环境下资源的访问.
A novel hierarchical access control scheme for perceptual layer of the lot is presented based on resources hierar- chies, which could conform to the secure and efficient access requirement of multi-user. In the scheme, every hierarchical node is composed of perceptual nodes which provide resources with the same levels of security. More hierarchical nodes can be modeled as a set of partially ordered classes. With this mode, a deterministic key derivation algorithm is designed, which makes every user and perceptual node possesses a sIngle key material to get some keys,and obtains the resources at the presented class and all descendant classes in the hierarchy. Furthermore, a mechanism of Merkle tree is introduced to guarantee secure and efficient multi-user key ma- terial derivation by independent of each hash link. Compared with previous proposals, the scheme is more suitable for multi-user to access resources of perceptual layer in IoT.