摘要
针对工业物联网环境下数据访问控制方案存在解密设备计算负担过重,无法保护解密设备隐私信息,以及不能追踪恶意设备等问题,文章提出一种工业物联网环境下可外包的策略隐藏属性基加密方案。该方案借助边缘计算技术将海量工业数据的大部分解密操作外包给边缘计算节点,极大减轻了解密设备的计算负担。该方案将属性基加密中的访问结构进行拆分,引入策略隐藏技术,在实现工业数据机密性的同时保护解密设备的隐私信息。此外,文章利用区块链技术对系统内设备进行监管和审计。安全性分析表明,该方案在选择明文攻击下是安全的。文章在PBC密码库和Hyperledger Fabric区块链平台上将该方案与同类方案进行模拟仿真,结果表明,该方案具有较高的计算效率,适用于工业物联网环境。
The data access control scheme in the IIoT environment has some prominent problems,such as the heavy computing burden of the decryption device,failure to protect the private information of the decryption device,and failure to track illegal device.To solve the above problems,an outsourced policy-hidden attribute-based encryption scheme in the IIoT environment was proposed.In the scheme,with the help of edge computing technology,most of the decryption operations of massive industrial data were outsourced to edge computing nodes,thus significantly reducing the computational burden of decryption devices.The access structure in ABE was divided into two parts in the scheme,thus introducing the technology of policy hiding,which protected the privacy information of decryption devices while achieving the confidentiality of the industrial data.In addition,blockchain technology was used to achieve the supervision and audit of equipment in the system.Through formal analysis,it is proven to be secure in a selectively chosen-plaintext attack(CPA).By using the PBC cryptographic library and Hyperledger Fabric blockchain platform,simulations of this scheme with existing schemes are performed.The experiment results show that this scheme has high computational efficiency and is suitable for IIoT environments.
作者
郭瑞
魏鑫
陈丽
GUO Rui;WEI Xin;CHEN Li(School of Cyberspace Security,Xi’an University of Posts and Telecommunications,Xi’an 710121,China;National Engineering Laboratory for Wireless Security,Xi’an University of Posts and Telecommunications,Xi’an 710121,China)
出处
《信息网络安全》
CSCD
北大核心
2023年第3期1-12,共12页
Netinfo Security
基金
国家自然科学基金[62072369]
陕西省重点研发计划[2020ZDLGY08-04]
陕西省创新能力支持计划[2020KJXX-052]。
