面向边缘智能控制器的多授权策略隐藏属性基加密方案

doi:10.3969/j.issn.1671-1122.2026.05.006

信息网络安全 ›› 2026, Vol. 26 ›› Issue (5): 736-746.doi: 10.3969/j.issn.1671-1122.2026.05.006

面向边缘智能控制器的多授权策略隐藏属性基加密方案

尚文利¹^,², 李集浩¹^,², 丁磊²^,³(), 陈晓斌¹^,²

¹ 广州大学电子与通信工程学院, 广州 510006
² 片上通信与传感器芯片广东省普通高校重点实验室, 广州 510006
³ 广州大学网络空间安全学院, 广州 510006

收稿日期:2025-10-29 出版日期:2026-05-10 发布日期:2026-06-03
通讯作者: 丁磊 dloftjcu@163.com
作者简介:尚文利（1974—）,男,黑龙江,教授,博士,主要研究方向为计算智能、机器学习、工业物联网安全|李集浩（1997—）,男,广东,硕士研究生,主要研究方向为工业物联网安全、属性基加密|丁磊（1995—）,男,天津,博士研究生,主要研究方向为网络安全、数据安全|陈晓斌（2000—）,男,广东,硕士研究生,主要研究方向为边缘计算、隐私保护
基金资助:
国家自然科学基金(62173101);广东省教育厅普通高校重点项目(2025ZDZX3018)

Multi-Authority Policy-Hidden Attribute-Based Encryption Scheme for Edge Intelligent Controllers

SHANG Wenli¹^,², LI Jihao¹^,², DING Lei²^,³(), CHEN Xiaobin¹^,²

¹ School of Electronics and Communication Engineering, Guangzhou University, Guangzhou 510006, China
² Key Laboratory of On-Chip Communication and Sensor Chip of Guangdong Higher Education Institutes, Guangzhou 510006, China
³ Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China

Received:2025-10-29 Online:2026-05-10 Published:2026-06-03

摘要/Abstract

摘要：

针对边缘计算在工业物联网场景下的边缘智能控制器数据访问控制问题,文章提出一种面向边缘智能控制器的多授权策略隐藏属性基加密方案。该方案通过中央授权机构、密钥生成中心和边缘智能控制器协同实现多授权机构密钥生成,并采用单向匿名密钥协商协议实现访问策略全隐藏。为提高加密效率,该方案融入离线/在线计算技术,采用外包解密策略将大部分密文计算任务转移至边缘服务器,有效降低用户计算开销。此外,该方案还具备用户追踪功能,根据解密密钥追踪并撤销恶意用户权限。实验结果表明,该方案在用户密钥生成和文件加解密方面有一定优势,在q-DBDHE假设下验证了安全性。

关键词: 边缘智能控制器, 属性基加密, 多授权机构, 策略隐藏

Abstract:

For the data access control problem of edge intelligent controllers in industrial Internet of things scenarios under edge computing, this paper proposed a multi-authority policy-hidden attribute-based encryption scheme for edge intelligent controllers. This scheme achieved multi-authority key generation through the collaboration of a central authorization authority, a key generation center, and the edge intelligent controllers. It also employed a one-way anonymous key agreement protocol to achieve full policy hiding. To improve encryption efficiency, the scheme integrated online/offline techniques and employed outsourced decryption technology, delegating most of the ciphertext computation tasks to edge servers, thereby reducing the computational overhead for users. In addition, the scheme also featured user tracking functionality, allowing the tracking and revocation of malicious user based on the decryption key. Analysis results show that the proposed scheme exhibits high performance in user key generation and file encryption/decryption, and its security is validated under the q-DBDHE assumption.

Key words: edge intelligent controllers, attribute-based encryption, multi-authority, policy-hidden

中图分类号:

TP309

尚文利, 李集浩, 丁磊, 陈晓斌. 面向边缘智能控制器的多授权策略隐藏属性基加密方案[J]. 信息网络安全, 2026, 26(5): 736-746.

SHANG Wenli, LI Jihao, DING Lei, CHEN Xiaobin. Multi-Authority Policy-Hidden Attribute-Based Encryption Scheme for Edge Intelligent Controllers[J]. Netinfo Security, 2026, 26(5): 736-746.

图/表 7

图1

表1

表2

表3

图2

图3

图4

参考文献 24

[1]	SISINNI E, SAIFULLAH A, HAN Song, et al. Industrial Internet of Things: Challenges, Opportunities, and Directions[J]. IEEE Transactions on Industrial Informatics, 2018, 14(11): 4724-4734. doi: 10.1109/TII.2018.2852491 URL
[2]	GUO Rui, WEI Xin, CHEN Li. An Outsourceable and Policy-Hidden Attribute-Based Encryption Scheme in the IIoT System[J]. Netinfo Security, 2023, 23(3): 1-12.
	郭瑞, 魏鑫, 陈丽. 工业物联网环境下可外包的策略隐藏属性基加密方案[J]. 信息网络安全, 2023, 23(3): 1-12.
[3]	YANG Chaowei, HUANG Qunying, LI Zhenlong, et al. Big Data and Cloud Computing: Innovation Opportunities and Challenges[J]. International Journal of Digital Earth, 2017, 10(1): 13-53. doi: 10.1080/17538947.2016.1239771 URL
[4]	CAO Zhong, CHEN Zhuo, SHANG Wenli, et al. Efficient Revocable Anonymous Authentication Mechanism for Edge Intelligent Controllers[J]. IEEE Internet of Things Journal, 2023, 10(12): 10357-10367. doi: 10.1109/JIOT.2023.3237609 URL
[5]	ZHANG Ke, LONG Jiahuan, WANG Xiaofen, et al. Lightweight Searchable Encryption Protocol for Industrial Internet of Things[J]. IEEE Transactions on Industrial Informatics, 2021, 17(6): 4248-4259. doi: 10.1109/TII.2020.3014168 URL
[6]	LI Li, ZHU Jiangwen, YANG Chunyan. Overview of Research on the Revocable Mechanism of Attribute-Based Encryption[J]. Netinfo Security, 2023, 23(4): 39-50.
	李莉, 朱江文, 杨春艳. 基于属性加密的可撤销机制研究综述[J]. 信息网络安全, 2023, 23(4): 39-50.
[7]	BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-Policy Attribute-Based Encryption[C]//IEEE. 2007 IEEE Symposium on Security and Privacy (SP’07). New York: IEEE, 2007: 321-334.
[8]	CHASE M. Multi-Authority Attribute Based Encryption[C]//Springer. The 4th Theory of Cryptography. Heidelberg: Springer, 2007: 515-534.
[9]	LEWKO A, WATERS B. Decentralizing Attribute-Based Encryption[C]//Springer. Annual International Conference on the Theory and Applications of Cryptographic Techniques. Heidelberg: Springer, 2011: 568-588.
[10]	FAN Kai, XU Huiyue, GAO Longxiang, et al. Efficient and Privacy Preserving Access Control Scheme for Fog-Enabled IoT[J]. Future Generation Computer Systems, 2019, 99: 134-142. doi: 10.1016/j.future.2019.04.003
[11]	SARMA R, KUMAR C, BARBHUIYA F A. MACFI: A Multi-Authority Access Control Scheme with Efficient Ciphertext and Secret Key Size for Fog-Enhanced IoT[EB/OL]. (2022-02-03)[2025-04-23]. https://www.sciencedirect.com/science/article/abs/pii/S1383762121002393.
[12]	LI Li, CHEN Jie, ZHU Jiangwen. Multi-Authority Revocable Ciphertext-policy Attribute-Based Encryption Data Sharing Scheme[J]. Computer Science, 2025, 52(9): 388-395.
	李莉, 陈介, 朱江文. 多权威可撤销密文策略属性基加密数据共享方案[J]. 计算机科学, 2025, 52(9): 388-395.
[13]	NISHIDE T, YONEYAMA K, OHTA K. Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures[C]//Springer. Applied Cryptography and Network Security (ACNS 2008). Heidelberg: Springer, 2008: 111-129.
[14]	LAI Junzuo, DENG R H, LI Yingjiu. Expressive CP-ABE with Partially Hidden Access Structures[C]//ACM. The 7th ACM Symposium on Information, Computer and Communications Security. New York: ACM, 2012: 18-19.
[15]	YANG Kan, HAN Qi, LI Hui, et al. An Efficient and Fine-Grained Big Data Access Control Scheme with Privacy-Preserving Policy[J]. IEEE Internet of Things Journal, 2017, 4(2): 563-571. doi: 10.1109/JIOT.2016.2571718 URL
[16]	ZHONG Hong, ZHU Wenlong, XU Yan, et al. Multi-Authority Attribute-Based Encryption Access Control Scheme with Policy Hidden for Cloud Storage[J]. Soft Computing, 2018, 22(1): 243-251. doi: 10.1007/s00500-016-2330-8 URL
[17]	LUO Wei, LYU Ziyi, YANG Laipu, et al. FOC-PH-CP-ABE: An Efficient CP-ABE Scheme with Fully Outsourced Computation and Policy Hidden in the Industrial Internet of Things[J]. IEEE Sensors Journal, 2024, 24(18): 28971-28981. doi: 10.1109/JSEN.2024.3432276 URL
[18]	LIU Zhen, CAO Zhenfu, WONG D S. White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting any Monotone Access Structures[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(1): 76-88. doi: 10.1109/TIFS.2012.2223683 URL
[19]	LIU Zhenhua, DUAN Shuhong, ZHOU Peilin, et al. Traceable-Then-Revocable Ciphertext-Policy Attribute-Based Encryption Scheme[J]. Future Generation Computer Systems, 2019, 93: 903-913. doi: 10.1016/j.future.2017.09.045
[20]	HAN Dezhi, PAN Nannan, LI K C. A Traceable and Revocable Ciphertext-Policy Attribute-Based Encryption Scheme Based on Privacy Protection[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(1): 316-327. doi: 10.1109/TDSC.2020.2977646 URL
[21]	XIONG Hu, ZHAO Yanan, PENG Li, et al. Partially Policy-Hidden Attribute-Based Broadcast Encryption with Secure Delegation in Edge Computing[J]. Future Generation Computer Systems, 2019, 97: 453-461. doi: 10.1016/j.future.2019.03.008 URL
[22]	ZHANG Shaobo, WANG Yuechao, LUO Entao, et al. A Traceable and Revocable Decentralized Multi-Authority Privacy Protection Scheme for Social Metaverse[EB/OL]. (2023-07-01)[2025-04-23]. https://www.sciencedirect.com/science/article/abs/pii/S1383762123000784.
[23]	GUO Zhenzhen, WANG Gaoli, LI Yingxin, et al. Attribute-Based Data Sharing Scheme Using Blockchain for 6G-Enabled VANETs[J]. IEEE Transactions on Mobile Computing, 2024, 23(4): 3343-3360. doi: 10.1109/TMC.2023.3273222 URL
[24]	KATE A, ZAVERUCHA G, GOLDBERG I. Pairing-Based Onion Routing[C]//Springer. The 7th International Symposium. Heidelberg: Springer, 2007: 95-112.

方案	多授权	策略隐藏	可追踪	用户撤销	离线/ 在线计算	外包解密
文献[2]方案	×	部分隐藏	√	√	×	√
文献[10] 方案	√	全隐藏	×	√	×	√
文献[12] 方案	√	×	×	√	×	√
文献[20] 方案	×	部分隐藏	√	√	×	×
文献[22] 方案	√	部分隐藏	√	√	×	×
本文方案	√	全隐藏	√	√	√	√

符号	定义
${{E}_{{{G}_{1}}}}/{{E}_{{{G}_{T}}}}$	${{G}_{1}}$/${{G}_{T}}$中的指数运算时间
${{M}_{{{G}_{1}}}}/{{M}_{{{G}_{T}}}}$	${{G}_{1}}$/${{G}_{T}}$间的乘法运算时间
$P$	双线性配对运算时间
$m$	用户属性数量
$l$	访问策略的属性数量
n	用户满足访问策略的属性数量
$r$	撤销列表覆盖集合的长度
$\left\| A \right\|$	属性授权机构数量

方案	密钥生成	加密	解密
文献[2]方案	(m+7)E_G₁+ (m+2)M_G₁	(4l+3r+2)E_G₁+ E_GT+lM_G₁	(2r+1)E_G₁+E_GT+ (3n+3)P+ 7M_G₁+2nM_GT
文献[10]方案	(3m+2)E_G₁+ mE_GT+mP+ (m+1)M_G₁	(5l+1)E_G₁+(l+ 1)E_GT+2lM_G₁+ (\|A\|+1)M_GT	E_GT+M_GT
文献[12]方案	(2m+2)E_G₁+M_G₁	(4l+1)E_G₁+ E_GT+lM_G₁	E_GT+M_GT
文献[20]方案	(m+6)E_G₁+ (m+1)M_G₁	(4l+r+2)E_G₁+ E_GT+lM_G₁+M_GT	2E_G₁+(n+1)E_GT+ (3n+2)P+2M_G₁+ (2n+3)M_GT
文献[22]方案	5mE_G₁+2mM_G₁	(6l+r)E_G₁+2lE_GT+ (2l+1)M_GT	3nE_G₁+nE_GT+ 3nP+3nM_G₁+ (3n+1)M_GT
本文方案	(2m+3)E_G₁	2lE_G₁+lP+M_GT	E_GT+2M_GT

面向边缘智能控制器的多授权策略隐藏属性基加密方案

Multi-Authority Policy-Hidden Attribute-Based Encryption Scheme for Edge Intelligent Controllers

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 24

相关文章 15

编辑推荐

Metrics

本文评价

[1]	张新有, 刘庆夫, 冯力, 邢焕来. 基于多权威属性基加密的智能电网数据安全共享模型[J]. 信息网络安全, 2025, 25(1): 98-109.
[2]	张学旺, 陈思宇, 罗欣悦, 雷志滔, 谢昊飞. 面向云辅助工业物联网的高效可搜索属性基加密方案[J]. 信息网络安全, 2024, 24(9): 1352-1363.
[3]	谢小凤, 张鑫涛, 王鑫, 鲁秀青. 基于云存储的多关键字可搜索加密方案[J]. 信息网络安全, 2024, 24(9): 1444-1457.
[4]	刘芹, 王卓冰, 余纯武, 王张宜. 面向云安全的基于格的高效属性基加密方案[J]. 信息网络安全, 2023, 23(9): 25-36.
[5]	石润华, 谢晨露. 云边缘环境中基于属性加密的可验证EMR外包解决方案[J]. 信息网络安全, 2023, 23(7): 9-21.
[6]	李莉, 朱江文, 杨春艳. 基于属性加密的可撤销机制研究综述[J]. 信息网络安全, 2023, 23(4): 39-50.
[7]	郭瑞, 魏鑫, 陈丽. 工业物联网环境下可外包的策略隐藏属性基加密方案[J]. 信息网络安全, 2023, 23(3): 1-12.
[8]	李家辉, 秦素娟, 高飞, 孙东旭. 基于属性加密的区块链组织交易可控可监管隐私保护方案[J]. 信息网络安全, 2023, 23(12): 103-112.
[9]	崔皓宇, 马利民, 王佳慧, 张伟. 基于区块链的属性加密多授权机构安全模型研究[J]. 信息网络安全, 2022, 22(5): 84-93.
[10]	张学旺, 姚亚宁, 黎志鸿, 张豪. 基于联盟链和Asmuth-Bloom秘密共享算法的数据共享方案[J]. 信息网络安全, 2022, 22(11): 17-23.
[11]	芦效峰, 付淞兵. 属性基加密和区块链结合的可信数据访问控制方案[J]. 信息网络安全, 2021, 21(3): 7-8.
[12]	汪金苗, 谢永恒, 王国威, 李易庭. 基于属性基加密的区块链隐私保护与访问控制方法[J]. 信息网络安全, 2020, 20(9): 47-51.
[13]	施国峰, 张兴兰. 面向云存储的支持范围密文搜索的属性基加密方案[J]. 信息网络安全, 2020, 20(6): 75-81.
[14]	刘鹏, 何倩, 刘汪洋, 程序. 支持撤销属性和外包解密的CP-ABE方案[J]. 信息网络安全, 2020, 20(3): 90-97.
[15]	许盛伟, 王飞杰. 多机构授权下可追踪可隐藏的属性基加密方案[J]. 信息网络安全, 2020, 20(1): 33-39.