信息网络安全

信息网络安全 ›› 2025, Vol. 25 ›› Issue (3): 392-402.doi: 10.3969/j.issn.1671-1122.2025.03.003

• 理论研究 • 上一篇    下一篇

一种面向工业物联网环境的离线—在线签名方案

李强1, 沈援海2, 王锦泽3(), 黄晏瑜3, 孙建国3   

  1. 1.西安电子科技大学计算机科学与技术学院,西安 710071
    2.中移(杭州)信息技术有限公司,杭州 310023
    3.西安电子科技大学杭州研究院,杭州 311231
  • 收稿日期:2024-04-12 出版日期:2025-03-10 发布日期:2025-03-26
  • 通讯作者: 王锦泽 E-mail:wjzoreo@163.com
  • 作者简介:李强(1986—),男,陕西,高级工程师,博士研究生,主要研究方向为智慧家庭、光通信和人工智能|沈援海(1986—),男,江苏,工程师,硕士,主要研究方向为智慧家庭、人工智能和信息安全|王锦泽(1999—),男,浙江,硕士研究生,主要研究方向为网络安全|黄晏瑜(1993—),女,浙江,讲师,博士,主要研究方向为密码学和信息安全|孙建国(1981—),男,浙江,教授,博士,主要研究方向为工业信息安全、智能安全
  • 基金资助:
    国家自然科学基金(62302365);网络与信息安全安徽省重点实验室开放课题(AHNIS2022004);中移(杭州)2023-2024年工业互联网标识与平台互通中间件联合测试验收项目(CMHY-202300856)

An Offline-Online Signature Scheme for Industrial Internet of Things Environment

LI Qiang1, SHEN Yuanhai2, WANG Jinze3(), HUANG Yanyu3, SUN Jianguo3   

  1. 1. School of Computer Science and Technology, Xidian University, Xi’an 710071, China
    2. China Mobile (Hangzhou) Information Technology Co., Ltd., Hangzhou 310023, China
    3. Hangzhou Research Institute, Xidian University, Hangzhou 311231, China
  • Received:2024-04-12 Online:2025-03-10 Published:2025-03-26
  • Contact: WANG Jinze E-mail:wjzoreo@163.com

RichHTML

10

PDF (PC)

62

摘要:

近年来,工业物联网技术及相关产业发展迅速,工业设备的数据安全问题受到广泛关注。传统方案通常采用数字签名技术确保工业设备身份合法性及数据的真实性。然而,传统数字签名方案存在证书管理或密钥托管问题,难以满足当前需求。为此,文章提出一种面向工业物联网环境的离线—在线签名方案,旨在解决工业物联网环境下的身份认证问题。该方案基于双线性配对技术构建系统参数,并基于离线—在线技术将签名生成分为两个阶段。在离线签名阶段,无须消息参与,负责完成计算量较大的密码学操作,并生成离线签名值;在线签名阶段则仅需利用预先准备好的离线签名值、系统参数及待签名消息进行少量密码学运算,即可生成完整的签名值。此外,该方案在随机预言机模型中被证明能够抵御恶意攻击,具备较高的安全性。实验结果表明,该方案有效减少了在线签名阶段的长耗时计算次数,显著降低了计算成本,同时有效应对两类敌手的安全威胁。

关键词: 离线—在线签名, 身份认证, 无证书签名, 物联网

Abstract:

In recent years, industrial Internet of things (IIoT) technology and related industries have developed rapidly, and the data security issues of industrial equipment have received widespread attention. In the past to ensure the legitimacy of industrial equipment identity and data authenticity often use traditional digital signature technology, while the traditional digital signature program has a certificate management or key escrow problems, can not meet the current requirements. In this paper, an offline-online signature scheme for industrial Internet of things environment was proposed, constructing system parameters through bilinear pairing technology, and generating signatures that were divided into two-phase signatures based on offline-online technology. In the offline signature stage there was no need for message participation, responsible for completing computationally intensive cryptographic operations to generate offline signature values. In the online signature stage, only needed to use the prepared offline signature value, the system parameters, and the message that needed to be signed to carry out a small portion of the cryptographic operations to obtain the complete signature value. The scheme was proved to be secure against malicious attacks in the stochastic predicate machine model. This scheme reduces the number of time-consuming calculations in online signatures, significantly reduces the computational cost, while also overcoming the security issues of two types of adversaries.

Key words: offline-online signature, identity authentication, certificateless signature, Internet of things

中图分类号: