信息网络安全 ›› 2024, Vol. 24 ›› Issue (9): 1352-1363.doi: 10.3969/j.issn.1671-1122.2024.09.004

• 密码技术 • 上一篇    下一篇

面向云辅助工业物联网的高效可搜索属性基加密方案

张学旺1(), 陈思宇1, 罗欣悦1, 雷志滔1, 谢昊飞2   

  1. 1.重庆邮电大学软件工程学院,重庆 400065
    2.重庆邮电大学自动化学院,重庆 400065
  • 收稿日期:2024-06-03 出版日期:2024-09-10 发布日期:2024-09-27
  • 通讯作者: 张学旺 zhangxw@cqupt.edu.cn
  • 作者简介:张学旺(1974—),男,湖南,副教授,博士,CCF会员,主要研究方向为区块链、物联网、数据安全、隐私保护、大数据、智能数据处理|陈思宇(1999—),男,四川,硕士研究生,主要研究方向为属性基加密、互联网软件及安全技术|罗欣悦(2001—),女,四川,硕士研究生,主要研究方向为区块链、互联网软件及安全技术|雷志滔(1998—),男,四川,硕士研究生,主要研究方向为区块链、互联网软件及安全技术|谢昊飞(1978—),男,湖南,教授,博士,CCF会员,主要研究方向为网络化控制系统、无线感知、工业物联网
  • 基金资助:
    国家重点研发计划(2022YFB3204503);重庆市城市管理科研项目(城管科字2023第35号)

Efficient Searchable Attribute-Based Encryption Scheme for Cloud-Assisted Industrial IoT

ZHANG Xuewang1(), CHEN Siyu1, LUO Xinyue1, LEI Zhitao1, XIE Haofei2   

  1. 1. School of Software Engineering, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
    2. School of Automation, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
  • Received:2024-06-03 Online:2024-09-10 Published:2024-09-27

摘要:

云存储可以有效存储和管理工业物联网生成的海量数据,但缺乏灵活安全的访问控制机制,且上传的加密数据难以高效检索。为解决这些问题,文章提出一种面向工业物联网的高效可搜索属性基加密方案,该方案具有隐私保护、多关键词搜索和数据验证等功能。方案利用对称加密和属性基加密以在线/离线加密方式加密明文,利用异或过滤器和随机秘密值实现部分访问策略隐藏,提高工业数据的安全性。此外,方案基于多项式方程实现支持子集查询的多关键词高效搜索,通过签名加密的方式验证云服务器中数据的完整性。安全性分析表明,该方案在DBDH困难问题假设下可以抵御选择明文攻击。理论分析和仿真实验结果表明,该方案在加密、陷门生成和搜索等阶段与对比方案相比具有更高的效率,功能更全面。

关键词: 工业物联网, 属性基加密, 可搜索加密, 策略隐藏, 数据验证

Abstract:

Cloud storage can effectively store and manage the massive data generated by the industrial Internet of things, but it lacks a flexible and secure access control mechanism, and the uploaded encrypted data is difficult to retrieve efficiently. To solve these problems, this paper proposed an efficient and secure searchable attribute-based encryption scheme for the Industrial Internet of Things, which had the functions of privacy protection, multi-keyword search and data verification. The scheme used symmetric encryption and attribute-based encryption to encrypt plaintext in an online/offline encryption manner, and used XOR filters and random secret values to hide some access policies, further improving the security of industrial data. On the other hand, based on polynomial equations, multi-keyword efficient search supporting subset queries was implemented. In addition, the integrity of data in cloud storage was verified by signature encryption. The security proof proves that the proposed scheme can resist chosen plaintext attacks under the assumption of DBDH difficulty problem. Theoretical analysis and simulation experimental results show that the scheme has higher efficiency and more comprehensive functions than the comparative scheme in encryption, trapdoor generation and search stages.

Key words: industrial IoT, attribute-based encryption, searchable encryption, policy hidden, data verification

中图分类号: