ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (6): 1290-1301.doi: 10.7544/issn1000-1239.2019.20180288

• 信息安全 • 上一篇    下一篇

面向物联网数据安全共享的属性基加密方案

赵志远1,王建华2,朱智强2,孙磊2   

  1. 1(61516部队 北京 100071);2(战略支援部队信息工程大学 郑州 450001) (zzy_taurus@foxmail.com)
  • 出版日期: 2019-06-01
  • 基金资助: 
    国家“九七三”重点基础研究发展计划基金项目(2013CB338000);国家重点研发计划项目(2016YFB0501900)

Attribute-Based Encryption for Data Security Sharing of Internet of Things

Zhao Zhiyuan1, Wang Jianhua2, Zhu Zhiqiang2, Sun Lei2   

  1. 1(Troops 61516, Beijing 100071);2(Strategic Support Force Information Engineering University, Zhengzhou 450001)
  • Online: 2019-06-01
  • Supported by: 
    This work was supported by the National Basic Research Program of China (973 Program) (2013CB338000) and the National Key Research and Development Program of China (2016YFB0501900).

摘要: 物联网的发展一直面临着严峻的安全威胁和挑战,而物联网数据的安全共享及细粒度访问控制是其急需应对的安全问题之一.针对该问题,提出一种面向物联网数据安全共享的访问结构隐藏的属性基加密方案.该方案在保证数据隐私的情况下,能够实现密文数据的细粒度访问控制.首先提出一种将身份加密方案(identity-based encryption, IBE)转换为支持多值属性与门的密文策略属性基加密方案(ciphertext-policy attribute-based encryption, CP-ABE)的通用转换方法,并且转换后的CP-ABE能够继承IBE的特征.然后基于该转换方法将Wee提出的接收者匿名IBE方案转换为访问结构隐藏的CP-ABE方案,实现了密文、用户私钥、公钥和主私钥长度恒定,且解密只需一个双线对运算.而后将该CP-ABE方案应用于物联网中的智慧医疗应用场景,并给出应用的系统模型及步骤.最后,理论分析与实验结果表明所提方案在实现访问结构隐藏时,在计算效率、存储负担及安全性方面具有优势,在实际应用于物联网环境时更加高效和安全.

关键词: 物联网, 隐私保护, 数据共享, 密文策略属性基加密, 隐藏访问结构

Abstract: The development of Internet of things (IoT) has always been faced with serious security threats and challenges. The security sharing and fine-grained access control of data in the IoT is one of the security issues that urgently need to deal with. In order to solve this problem, an attribute-based encryption (ABE) scheme with the hidden access structure for data security sharing of IoT is proposed. This scheme can achieve fine-grained access control of ciphertext and guarantee data privacy. In this paper, a universal method to convert identity-based encryption (IBE) into ciphertext-policy attribute-based encryption (CP-ABE) is proposed, which supports AND-gate access structure with multiple values. The converted CP-ABE can inherit the characteristics of IBE. Then, the receiver anonymous IBE scheme proposed by Wee is converted to the CP-ABE scheme with the hidden access structure based on the conversion method, which realizes the fixed length of ciphertext, user secret key, public key and master secret key, and only needs one bilinear pairing computation in the decryption phase. The converted scheme is applied to the intelligent medical application scene and the system model and application steps are given. Finally, the results of theoretical analysis and experimental simulation show that the proposed scheme implements the hidden access structure and has advantages in computing efficiency, storage burden and security. It is more efficient and secure when the scheme is applied to the IoT environment.

Key words: Internet of things (IoT), privacy protection, data sharing, ciphertext-policy attribute-based encryption (CP-ABE), hidden access structure

中图分类号: