面向物联网数据安全共享的属性基加密方案
|
摘要
物联网的发展一直面临着严峻的安全威胁和挑战,而物联网数据的安全共享及细粒度访问控制是其急需应对的安全问题之一.针对该问题,提出一种面向物联网数据安全共享的访问结构隐藏的属性基加密方案.该方案在保证数据隐私的情况下,能够实现密文数据的细粒度访问控制.首先提出一种将身份加密方案(identity-based encryption, IBE)转换为支持多值属性与门的密文策略属性基加密方案(ciphertext-policy attribute-based encryption, CP-ABE)的通用转换方法,并且转换后的CP-ABE能够继承IBE的特征.然后基于该转换方法将Wee提出的接收者匿名IBE方案转换为访问结构隐藏的CP-ABE方案,实现了密文、用户私钥、公钥和主私钥长度恒定,且解密只需一个双线对运算.而后将该CP-ABE方案应用于物联网中的智慧医疗应用场景,并给出应用的系统模型及步骤.最后,理论分析与实验结果表明所提方案在实现访问结构隐藏时,在计算效率、存储负担及安全性方面具有优势,在实际应用于物联网环境时更加高效和安全.
The development of Internet of things(IoT) has always been faced with serious security threats and challenges. The security sharing and fine-grained access control of data in the IoT is one of the security issues that urgently need to deal with. In order to solve this problem, an attribute-based encryption(ABE) scheme with the hidden access structure for data security sharing of IoT is proposed. This scheme can achieve fine-grained access control of ciphertext and guarantee data privacy. In this paper, a universal method to convert identity-based encryption(IBE) into ciphertext-policy attribute-based encryption(CP-ABE) is proposed, which supports AND-gate access structure with multiple values. The converted CP-ABE can inherit the characteristics of IBE. Then, the receiver anonymous IBE scheme proposed by Wee is converted to the CP-ABE scheme with the hidden access structure based on the conversion method, which realizes the fixed length of ciphertext, user secret key, public key and master secret key, and only needs one bilinear pairing computation in the decryption phase. The converted scheme is applied to the intelligent medical application scene and the system model and application steps are given. Finally, the results of theoretical analysis and experimental simulation show that the proposed scheme implements the hidden access structure and has advantages in computing efficiency, storage burden and security. It is more efficient and secure when the scheme is applied to the IoT environment.
The development of Internet of things(IoT) has always been faced with serious security threats and challenges. The security sharing and fine-grained access control of data in the IoT is one of the security issues that urgently need to deal with. In order to solve this problem, an attribute-based encryption(ABE) scheme with the hidden access structure for data security sharing of IoT is proposed. This scheme can achieve fine-grained access control of ciphertext and guarantee data privacy. In this paper, a universal method to convert identity-based encryption(IBE) into ciphertext-policy attribute-based encryption(CP-ABE) is proposed, which supports AND-gate access structure with multiple values. The converted CP-ABE can inherit the characteristics of IBE. Then, the receiver anonymous IBE scheme proposed by Wee is converted to the CP-ABE scheme with the hidden access structure based on the conversion method, which realizes the fixed length of ciphertext, user secret key, public key and master secret key, and only needs one bilinear pairing computation in the decryption phase. The converted scheme is applied to the intelligent medical application scene and the system model and application steps are given. Finally, the results of theoretical analysis and experimental simulation show that the proposed scheme implements the hidden access structure and has advantages in computing efficiency, storage burden and security. It is more efficient and secure when the scheme is applied to the IoT environment.
引文
[1]Bangcle Reserach Institute.2016 White paper on Internet of things security[J].Information Security and Communica-tions Privacy,2017,5(2):110- 121 (in Chinese)(梆梆安全研究院.2016物联网安全白皮书[J].信息安全与通信保密,2017,5(2):110- 121)
[2]Statista Inc.Internet of things (IoT) connected devices installed base worldwide from 2015 to 2025 (in billions) [EB/OL].2016 [2018-01-15].https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/
[3]Zhang Yuqing,Zhou Wei,Peng Anni.Survey of Internet of things security[J].Journal of Computer Research and Development,2017,54(10):2130- 2143 (in Chinese)(张玉清,周威,彭安妮.物联网安全综述[J].计算机研究与发展,2017,54(10):2130- 2143)
[4]Subashini S,Kavitha V.A survey on security issues in service delivery models of cloud computing[J].Journal of Network and Computer Applications,2011,34(1):1- 11
[5]Sahai A,Waters B.Fuzzy identity-based encryption[G] //LNCS 3494:Proc of Int Conf on the Theory and Applications of Cryptographic Techniques.Berlin:Springer,2005:457- 473
[6]Dong Xiaolei.Advances of privacy preservation in Internet of things[J].Journal of Computer Research and Development,2015,52(10):2341- 2352 (in Chinese)(董晓蕾.物联网隐私保护研究进展[J].计算机研究与发展,2015,52(10):2341- 2352)
[7]Goyal V,Pandey O,Sahai A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C] //Proc of the 13th ACM Conf on Computer and Communications Security.New York:ACM,2006:89- 98
[8]Bethencourt J,Sahai A,Waters B.Ciphertext-policy attribute-based encryption[C] //Proc of the 28th IEEE Symp on Security and Privacy.Los Alamitos,CA:IEEE Computer Society,2007:321- 334
[9]Sookhak M,Yu F R,Khan M K,et al.Attribute-based data access control in mobile cloud computing:Taxonomy and open issues[J].Future Generation Computer Systems,2017,72(C):273- 287
[10]Nishide T,Yoneyama K,Ohta K.Attribute-based encryption with partially hidden encryptor-specified access structures[G] //LNCS 5037:Proc of the 6th Int Conf on Applied Cryptography and Network Security.Berlin:Springer,2008:111- 129
[11]Lai Junzuo,Deng R H,Li Yingjiu.Fully secure cipertext-policy hiding CP-ABE[G] //LNCS 6672:Proc of the 7th Int Conf on Information Security Practice and Experience.Berlin:Springer,2011:24- 39
[12]Song Yan,Han Zhen,Liu Fengmei,et al.Attribute-based encryption with hidden policies in the access tree[J].Journal on Communications,2015,36(9):119- 126 (in Chinese)(宋衍,韩臻,刘凤梅,等.基于访问树的策略隐藏属性加密方案[J].通信学报,2015,36(9):119- 126)
[13]Xu Runhua,Lang Bo.A CP-ABE scheme with hidden policy and its application in cloud computing[J].International Journal of Cloud Computing,2015,4(4):279- 298
[14]Wang Zhiwei,He Mingjun.CP-ABE with hidden policy from Waters efficient construction[J].International Journal of Distributed Sensor Networks,2016,12(1):ID:3257029
[15]Cheung L,Newport C.Provably secure ciphertext policy ABE[C] //Proc of the 14th ACM Conf on Computer and Communications Security.New York:ACM,2007:456- 465
[16]Emura K,Miyaji A,Omote K,et al.A ciphertext-policy attribute-based encryption scheme with constant ciphertext length[J].International Journal of Applied Cryptography,2010,2(1):46- 59
[17]Herranz J,Laguillaumie F,Ràfols C.Constant size ciphertexts in threshold attribute-based encryption[G] //LNCS 6056:Proc of the Int Conf on Practice and Theory in Public Key Cryptography.Berlin:Springer,2010:19- 34
[18]Chen Cheng,Zhang Zhenfeng,Feng Dengguo.Efficient ciphertext policy attribute-based encryption with constant-size ciphertext and constant computation-cost[G] //LNCS 6980:Proc of the 5th Int Conf on Provable Security.Berlin:Springer,2011:84- 101
[19]Attrapadung N,Herranz J,Laguillaumie F,et al.Attribute-based encryption schemes with constant-size ciphertexts[J].Theoretical Computer Science,2012,422(3):15- 38
[20]Zhang Yinghui,Zheng Dong,Chen Xiaofeng,et al.Computationally efficient ciphertext-policy attribute-based encryption with constant-size ciphertexts[G] //LNCS 8782:Proc of the 8th Int Conf on Provable Security.Berlin:Springer,2014:259- 273
[21]Odelu V,Das A K,Rao Y,et al.Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment[J].Computer Standards and Interfaces,2016,54(1):3- 9
[22]Teng Wei,Yang Geng,Xiang Yang,et al.Attribute-based access control with constant-size ciphertext in cloud computing[J].IEEE Transactions on Cloud Computing,2017,5(4):617- 627
[23]Rao Y S,Dutta R.Recipient anonymous ciphertext-policy attribute based encryption[G] //LNCS 8303:Proc of the Int Conf on Information Systems Security.Berlin:Springer,2013:329- 344
[24]Zhou Zhibin,Huang Dijiang,Wang Zhijie.Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption[J].IEEE Transactions on Computers,2015,64(1):126- 138
[25]Zhang Leyou,Yin Hongjian.Recipient anonymous ciphertext-policy attribute-based broadcast encryption[J].International Journal of Network Security,2018,20(1):168- 176
[26]Wee H.Déjà Q:Encore! un petit IBE[G] //LNCS 9563:Proc of the Theory of Cryptography Conf.Berlin:Springer,2016:237- 258
[27]Babu R,Jayashree K.Prominence of IoT and cloud in health care[J].International Journal of Advanced Research in Computer Engineering and Technology,2016,5(2):420- 424
[28]Zhou Jun,Cao Zhenfu,Dong Xiaolei,et al.Securing m-healthcare social networks:Challenges,counter-measures and future directions[J].IEEE Wireless Communications,2013,20(4):12- 21
[29]Zhang Hua,Wen Qiaoyan,Jin Zhengping.Provable Security Algorithms and Protocols[M].Beijing:Science Press,2012 (in Chinese)(张华,温巧燕,金正平.可证明安全算法与协议[M].北京:科学出版社,2012)
[30]Lynn B.The pairing-based cryptography (PBC) library[EB/OL].2006 [2018-01-15].http://crypto.stanford.edu/pbc
[31]Bethencourt J,Sahai A,Waters B.Advanced crypto software collection:The cpabetoolkit[EB/OL].(2011-03-24) [2018-01-15].http://acsc.cs.utexas.edu/cpabe
[2]Statista Inc.Internet of things (IoT) connected devices installed base worldwide from 2015 to 2025 (in billions) [EB/OL].2016 [2018-01-15].https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/
[3]Zhang Yuqing,Zhou Wei,Peng Anni.Survey of Internet of things security[J].Journal of Computer Research and Development,2017,54(10):2130- 2143 (in Chinese)(张玉清,周威,彭安妮.物联网安全综述[J].计算机研究与发展,2017,54(10):2130- 2143)
[4]Subashini S,Kavitha V.A survey on security issues in service delivery models of cloud computing[J].Journal of Network and Computer Applications,2011,34(1):1- 11
[5]Sahai A,Waters B.Fuzzy identity-based encryption[G] //LNCS 3494:Proc of Int Conf on the Theory and Applications of Cryptographic Techniques.Berlin:Springer,2005:457- 473
[6]Dong Xiaolei.Advances of privacy preservation in Internet of things[J].Journal of Computer Research and Development,2015,52(10):2341- 2352 (in Chinese)(董晓蕾.物联网隐私保护研究进展[J].计算机研究与发展,2015,52(10):2341- 2352)
[7]Goyal V,Pandey O,Sahai A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C] //Proc of the 13th ACM Conf on Computer and Communications Security.New York:ACM,2006:89- 98
[8]Bethencourt J,Sahai A,Waters B.Ciphertext-policy attribute-based encryption[C] //Proc of the 28th IEEE Symp on Security and Privacy.Los Alamitos,CA:IEEE Computer Society,2007:321- 334
[9]Sookhak M,Yu F R,Khan M K,et al.Attribute-based data access control in mobile cloud computing:Taxonomy and open issues[J].Future Generation Computer Systems,2017,72(C):273- 287
[10]Nishide T,Yoneyama K,Ohta K.Attribute-based encryption with partially hidden encryptor-specified access structures[G] //LNCS 5037:Proc of the 6th Int Conf on Applied Cryptography and Network Security.Berlin:Springer,2008:111- 129
[11]Lai Junzuo,Deng R H,Li Yingjiu.Fully secure cipertext-policy hiding CP-ABE[G] //LNCS 6672:Proc of the 7th Int Conf on Information Security Practice and Experience.Berlin:Springer,2011:24- 39
[12]Song Yan,Han Zhen,Liu Fengmei,et al.Attribute-based encryption with hidden policies in the access tree[J].Journal on Communications,2015,36(9):119- 126 (in Chinese)(宋衍,韩臻,刘凤梅,等.基于访问树的策略隐藏属性加密方案[J].通信学报,2015,36(9):119- 126)
[13]Xu Runhua,Lang Bo.A CP-ABE scheme with hidden policy and its application in cloud computing[J].International Journal of Cloud Computing,2015,4(4):279- 298
[14]Wang Zhiwei,He Mingjun.CP-ABE with hidden policy from Waters efficient construction[J].International Journal of Distributed Sensor Networks,2016,12(1):ID:3257029
[15]Cheung L,Newport C.Provably secure ciphertext policy ABE[C] //Proc of the 14th ACM Conf on Computer and Communications Security.New York:ACM,2007:456- 465
[16]Emura K,Miyaji A,Omote K,et al.A ciphertext-policy attribute-based encryption scheme with constant ciphertext length[J].International Journal of Applied Cryptography,2010,2(1):46- 59
[17]Herranz J,Laguillaumie F,Ràfols C.Constant size ciphertexts in threshold attribute-based encryption[G] //LNCS 6056:Proc of the Int Conf on Practice and Theory in Public Key Cryptography.Berlin:Springer,2010:19- 34
[18]Chen Cheng,Zhang Zhenfeng,Feng Dengguo.Efficient ciphertext policy attribute-based encryption with constant-size ciphertext and constant computation-cost[G] //LNCS 6980:Proc of the 5th Int Conf on Provable Security.Berlin:Springer,2011:84- 101
[19]Attrapadung N,Herranz J,Laguillaumie F,et al.Attribute-based encryption schemes with constant-size ciphertexts[J].Theoretical Computer Science,2012,422(3):15- 38
[20]Zhang Yinghui,Zheng Dong,Chen Xiaofeng,et al.Computationally efficient ciphertext-policy attribute-based encryption with constant-size ciphertexts[G] //LNCS 8782:Proc of the 8th Int Conf on Provable Security.Berlin:Springer,2014:259- 273
[21]Odelu V,Das A K,Rao Y,et al.Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment[J].Computer Standards and Interfaces,2016,54(1):3- 9
[22]Teng Wei,Yang Geng,Xiang Yang,et al.Attribute-based access control with constant-size ciphertext in cloud computing[J].IEEE Transactions on Cloud Computing,2017,5(4):617- 627
[23]Rao Y S,Dutta R.Recipient anonymous ciphertext-policy attribute based encryption[G] //LNCS 8303:Proc of the Int Conf on Information Systems Security.Berlin:Springer,2013:329- 344
[24]Zhou Zhibin,Huang Dijiang,Wang Zhijie.Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption[J].IEEE Transactions on Computers,2015,64(1):126- 138
[25]Zhang Leyou,Yin Hongjian.Recipient anonymous ciphertext-policy attribute-based broadcast encryption[J].International Journal of Network Security,2018,20(1):168- 176
[26]Wee H.Déjà Q:Encore! un petit IBE[G] //LNCS 9563:Proc of the Theory of Cryptography Conf.Berlin:Springer,2016:237- 258
[27]Babu R,Jayashree K.Prominence of IoT and cloud in health care[J].International Journal of Advanced Research in Computer Engineering and Technology,2016,5(2):420- 424
[28]Zhou Jun,Cao Zhenfu,Dong Xiaolei,et al.Securing m-healthcare social networks:Challenges,counter-measures and future directions[J].IEEE Wireless Communications,2013,20(4):12- 21
[29]Zhang Hua,Wen Qiaoyan,Jin Zhengping.Provable Security Algorithms and Protocols[M].Beijing:Science Press,2012 (in Chinese)(张华,温巧燕,金正平.可证明安全算法与协议[M].北京:科学出版社,2012)
[30]Lynn B.The pairing-based cryptography (PBC) library[EB/OL].2006 [2018-01-15].http://crypto.stanford.edu/pbc
[31]Bethencourt J,Sahai A,Waters B.Advanced crypto software collection:The cpabetoolkit[EB/OL].(2011-03-24) [2018-01-15].http://acsc.cs.utexas.edu/cpabe