ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (5): 1112-1122.doi: 10.7544/issn1000-1239.2019.20180217

• 信息安全 • 上一篇    下一篇

轻量级窄带物联网应用系统中高效可验证加密方案

钱涵佳1,王宜怀1,2,彭涛1,陈成1,罗喜召1   

  1. 1(苏州大学计算机科学与技术学院 江苏苏州 215006); 2(苏州市嵌入式技术及应用重点实验室(苏州大学) 江苏苏州 215006) (20164227026@stu.suda.edu.cn)
  • 出版日期: 2019-05-01
  • 基金资助: 
    国家自然科学基金项目(61672369)

Efficient and Verifiable Encryption Scheme in Lightweight Narrowband Internet of Things Applications

Qian Hanjia1, Wang Yihuai1,2, Peng Tao1, Chen Cheng1, Luo Xizhao1   

  1. 1(College of Computer Science and Technology, Soochow University, Suzhou, Jiangsu 215006); 2(Suzhou Municipal Key Laboratory of Embedded Technology and Applications (Soochow University), Suzhou, Jiangsu 215006)
  • Online: 2019-05-01

摘要: 窄带物联网(narrowband Internet of things, NB-IoT)是互联网中的一个重要分支.NB-IoT依托云计算强大的资源处理能力提供应用层的各项服务以及实现信息智能化.然而由于数据异地存储,云平台服务提供商并不完全可信,用户数据暴露在不完全安全的环境下,带来了诸多安全问题,比如被外部用户恶意攻击、云服务器共谋攻击等.针对NB-IoT终端节点极易受到攻击、资源不足、功耗受限等问题,提出一种基于属性的云存储快速访问控制方案.在多个属性授权机构的背景下,以高效可验证的轻量级加密方案为目标,借鉴在线/离线加密思想,并结合外包解密技术,构造了具备选择明文攻击(chosen-plaintext attack, CPA)安全的在线/离线加密和外包解密的多机构密文策略属性基加密方案(online/offline and outsourced multi-authority ciphertext-policy attribute-based encryptin scheme, OO-MA-CP-ABE),提高加解密算法效率的同时最小化用户的计算开销,很适合计算能力弱且资源受限的终端设备.并进一步通过验证算法确保外包计算的正确性.还给出了云计算环境下轻量级NB-IoT应用系统安全性分析,保证资源共享过程中,灵活可扩展的访问控制策略以及用户数据的机密性和隐私保护.最后,给出了OO-MA-CP-ABE方案的性能分析,从功能性、计算开销和通信开销3个方面同现有方案进行比较.

关键词: 窄带物联网, 多授权机构, 隐私保护, 在线/离线加密, 外包解密

Abstract: Narrowband Internet of things (NB-IoT) is an important branch of the Internet. It can provide application-level services and achieve information intellectualization, relying on the powerful resource processing capability offered by cloud computing. However, due to the storage of data in different places, cloud platform service providers are not completely trusted. User data is exposed in a not completely secured environment and this brings many security problems, such as external malicious attack and cloud server collusion. Aiming at these NB-IoT’s issues like its terminal nodes are vulnerable to attacks, lacking in resources, limit in power consumption, a property-based cloud storage fast access control scheme is proposed. Under the background of multiple attribute authorities, an efficient and verifiable lightweight cryptographic encryption schemes is the goal. So using the idea of online/offline encryption and combining outsourced decryption technology, an online/offline and outsourced multi-authority ciphertext-policy attribute-based encryption scheme (OO-MA-CP-ABE) which can be secured from chosen-plaintext attack (CPA) is constructed. It improves the efficiency of the encryption and decryption algorithm while minimizing user’s computational overhead, quite suitable for terminal equipment with weak computing power and limited resources, and can further ensure the correctness of outsourced computing by verifying the algorithm as well. It also gives the security analysis of the lightweight NB-IoT application system under cloud computing environment, in order to ensure the flexible and extensible access control strategy and the confidentiality and privacy protection of user data during the resource sharing process. Finally, the performance analysis of the OO-MA-CP-ABE scheme is given, and compared with the existing schemes in terms of functionality, computational overhead and storage overhead.

Key words: narrowband Internet of things, multiple authorized institutions, privacy protection, online/offline encryption, outsourcing decryption

中图分类号: