ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2020, Vol. 57 ›› Issue (10): 2177-2187.doi: 10.7544/issn1000-1239.2020.20200421

所属专题: 2020密码学与数据隐私保护研究专题

• 信息安全 • 上一篇    下一篇

工业物联网中服务器辅助且可验证的属性基签名方案

张应辉1,2,贺江勇1,2,郭瑞1,2,郑东1,2,3   

  1. 1(西安邮电大学网络空间安全学院 西安 710121);2(无线网络安全技术国家工程实验室(西安邮电大学) 西安 710121);3(卫士通摩石实验室 北京 100070) 1(yhzhaang@163.com)
  • 出版日期: 2020-10-01
  • 基金资助: 
    国家重点研发计划项目(2017YFB0802000);国家自然科学基金项目(61772418,61671377,61802303);陕西省创新能力支撑计划项目(2020KJXX-052);陕西省特支计划青年拔尖人才支持计划项目;陕西省重点研发计划项目(2019KW-053,2020ZDLGY08-04);陕西省自然科学基础研究计划项目(2019JQ-866);四川省科技计划项目(2017GZDZX0002);青海省基础研究计划项目(2020-ZJ-701);西邮新星团队支持计划项目(2016-02)

Server-Aided and Verifiable Attribute-Based Signature for Industrial Internet of Things

Zhang Yinghui1,2, He Jiangyong1,2, Guo Rui1,2, Zheng Dong1,2,3   

  1. 1(School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710121);2(National Engineering Laboratory for Wireless Security (Xi’an University of Posts and Telecommunications), Xi’an 710121);3(Westone Cryptologic Research Center, Beijing 100070)
  • Online: 2020-10-01
  • Supported by: 
    This work was supported by the National Key Research and Development Program of China (2017YFB0802000), the National Natural Science Foundation of China (61772418, 61671377, 61802303), the Innovation Capability Support Program of Shaanxi (2020KJXX-052), the Shaanxi Special Support Program Youth Top-notch Talent Program, the Key Research and Development Program of Shaanxi (2019KW-053, 2020ZDLGY08-04), the Natural Science Basic Research Plan in Shaanxi Province of China (2019JQ-866), the Sichuan Science and Technology Program (2017GZDZX0002), the Basic Research Program of Qinghai Province (2020-ZJ-701), and the New Star Team Program of Xi’an University of Posts and Telecommunications (2016-02).

摘要: 工业物联网(industrial Internet of things, IIoT)设备通过云端收集和存储数据时,会遇到数据认证和隐私保护等问题.属性基签名(attribute-based signature, ABS)不仅可以实现数据认证,而且可以保护签名者的身份隐私.目前存在的SA-ABS(server-aided ABS)方案中,借助服务器减小了签名者和验证者的计算开销,而且通过抵抗签名者和服务器的共谋攻击保证了服务器辅助验证阶段的安全性.但是,现有的SA-ABS方案都不能对服务器产生的部分签名进行有效性验证,所以存在服务器对部分签名伪造的安全隐患.为克服这一挑战,提出一种服务器辅助且可验证的属性基签名(server-aided and verifiable ABS, SA-VABS)方案,该方案不仅减小了签名者和验证者的计算开销,而且通过抵抗签名者和服务器的共谋攻击来保证服务器辅助验证阶段的安全性,最重要的是对服务器产生的部分签名进行了有效性验证,从而保证了服务器辅助签名产生阶段的安全性.形式化安全性分析表明SA-VABS方案是安全的.仿真实验和对比分析表明SA-VABS方案在保证效率的同时提高了安全性.

关键词: 属性基签名, 服务器辅助, 共谋攻击, 可验证, 隐私保护

Abstract: Industrial Internet of things (IIoT) devices encounter problems such as data authentication and privacy protection when collecting and storing data through the cloud. Attribute-based signature (ABS) can not only realize the data authentication, but also protect the identity privacy of the signer. In the existing server-aided ABS (SA-ABS) schemes, the computational overhead of the signer and the verifier is reduced with the help of the server, and the security of the server-aided verification phase is guaranteed by the defense of collusion attack of the signer and the server. However, none of the existing SV-ABS schemes can verify the validity of partial signature generated by the server, which will lead to a potential risk of partial signature forgery by the server. To overcome this challenge, a novel server-aided and verifiable ABS (SA-VABS) scheme is proposed in this paper, which not only reduces the computational overhead of the signer and the verifier, but also ensures the security of the server-aided verification phase by resisting the collusion attack of the signer and the server. The most important is that the scheme could verify the validity of partial signature generated by the server, so as to ensure the security of generation phase of the server-aided signature. Finally, our formal security analysis verifies the security of the SA-VABS scheme, and simulation experiments as well as comparative analysis indicate that the SA-VABS scheme improves security while ensuring efficiency.

Key words: attribute-based signature (ABS), server-aided (SA), collusion attack, verifiable, privacy protection

中图分类号: