高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

具有隐私保护的细粒度智能家居远程数据安全更新方案

张应辉 陈博文 曹进 郭瑞 郑东

张应辉, 陈博文, 曹进, 郭瑞, 郑东. 具有隐私保护的细粒度智能家居远程数据安全更新方案[J]. 电子与信息学报. doi: 10.11999/JEIT220957
引用本文: 张应辉, 陈博文, 曹进, 郭瑞, 郑东. 具有隐私保护的细粒度智能家居远程数据安全更新方案[J]. 电子与信息学报. doi: 10.11999/JEIT220957
ZHANG Yinghui, CHEN Bowen, CAO Jin, GUO Rui, ZHENG Dong. Fine-grained Remote Data Security Update Scheme for Smart Home with Privacy Protection[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT220957
Citation: ZHANG Yinghui, CHEN Bowen, CAO Jin, GUO Rui, ZHENG Dong. Fine-grained Remote Data Security Update Scheme for Smart Home with Privacy Protection[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT220957

具有隐私保护的细粒度智能家居远程数据安全更新方案

doi: 10.11999/JEIT220957
基金项目: 国家自然科学基金(62072369, 62072371),陕西省创新能力支撑计划(2020KJXX-052),陕西省特支计划青年拔尖人才支持计划,陕西高校青年创新团队,陕西省重点研发计划(2021ZDLGY06-02, 2020ZDLGY08-04),西安邮电大学研究生创新基金(CXJJZL2021024)
详细信息
    作者简介:

    张应辉:男,教授,研究方向为公钥密码学、云存储安全

    陈博文:男,硕士生,研究方向为云存储安全

    曹进:男,教授,研究方向为公钥密码学、无线网络安全

    郭瑞:男,副教授,研究方向为公钥密码学、云存储安全

    郑东:男,教授,研究方向为公钥密码学、云存储安全

    通讯作者:

    张应辉 yhzhazhang@163.com

  • 中图分类号: TN929.5

Fine-grained Remote Data Security Update Scheme for Smart Home with Privacy Protection

Funds: The National Natural Science Foundation of China (62072369, 62072371), The Innovation Capability Support Program of Shaanxi (2020KJXX-052), The Shaanxi Special Support Program Youth Top-notch Talent Program The Program of The Youth Innovation Team of Shaanxi Universities , The Key Research and Development Program of Shaanxi (2021ZDLGY06-02, 2020ZDLGY08-04), The Graduate Innovation Foundation of Xi’an University of Posts and Telecommunications (CXJJZL2021024)
  • 摘要: 针对现存智能家居软件更新方案中存在的粗粒度访问控制、单点服务失效、用户解密效率低下等问题,该文提出一种具有隐私保护的细粒度智能家居远程数据安全更新方案。该方案通过属性基加密技术实现了细粒度访问控制,并结合区块链和星际文件系统(IPFS)技术对数据进行存储。通过对访问策略进行隐藏,该方案进一步保护了用户的隐私。此外,通过设计面向轻量级用户的外包解密算法,所提方案有效减轻了轻量级用户的计算负担,并结合区块链和智能合约技术实现了外包解密过程的公平支付。最后,基于判定的双线性迪菲赫尔曼 (DBDH)假设,证明了所提方案是选择明文攻击下的不可区分 (IND-CPA)安全的。仿真实验结果表明,所提方案与现有方案相比终端用户解密成本和通信开销明显降低。
  • 图  1  系统框图

    图  2  系统初始化阶段的信息交换

    图  3  数据存储阶段的信息交换

    图  4  数据分享阶段的信息交换

    图  5  公平支付

    图  6  不同方案性能比较

    表  1  常用符号

    符号定义符号定义
    $ {\text{P}}{{\text{K}}_K},{\text{S}}{{\text{K}}_K} $密钥生成中心公、私钥$ {s_l} $合法用户
    $ {\text{T}}{{\text{K}}_{{u_t},A}} $密文转换令牌$ \mathcal{T} $访问树
    $ {I_j} $索引$ z $访问树节点
    $ M $明文文件$ {\text{S}}{{\text{K}}_{{u_l}}} $合法用户私钥
    $ {\text{CT}} $密文文件$ {S_u} $属性集合
    下载: 导出CSV
    算法1 更新密钥
     If $ {m_i} \in {S_u}\backslash \{ {m_j}\} $
       输入: $ {\text{SK}} $ and $ {\text{KE}}{{\text{Y}}_{j \to o}} $
       For $ \forall {m_i} \in {S_u}\backslash \{ {m_j}\} $ do
       $ {P_{i0}} = {({g^{{n_r}}}H{({m_i})^{{r_i}}})^{\gamma r_j^{ - 1}}} $;
       $ {P_{i1}} = {g^{{r_i}\gamma r_j^{ - 1}}} $;
       End
       $ {P_{o0}} = {({g^{rn_i^{ - 1}{\text{KE}}{{\text{Y}}_{j \to o}}}}H{(o)^{{r_o}}})^\gamma } $;
       $ {P_{o1}} = {g^{{r_o}\gamma r_j^{ - 1}{\text{KE}}{{\text{Y}}_{j \to o}}}} $;
       输出:$ {\text{S}}{{\text{K}}_{{u_t}{\text{update}}}} = \{ d,\forall {m_i} \in {S_u}\backslash \{ {m_i}\} : {P_{i0}},{P_{i1}};{P_{o0}},{P_{o1}}\} $
    下载: 导出CSV
    算法2 更新密钥
     输入:$ {\text{S}}{{\text{K}}_{{u_l}}},{\text{KE}}{{\text{Y}}_{no}} $
     For $ \forall {m_i} \in S\backslash \{ {m_j}\} $ $ {P_{j0}} = {({g^{{n_r}{\text{KE}}{{\text{Y}}_{no}}}}H{({m_j})^{{n_j}}})^{\gamma r_j^{ - 1}}}$,
     ${P_{j1}} = {g^{{n_j}\gamma r_j^{ - 1}{\text{KE}}{{\text{Y}}_{no}}}},P_j^{''} = H{({m_j})^\varepsilon } $
     输出:$ {\text{S}}{{\text{K}}_{{\text{unupdate}}}} = \{ d,\forall {m_i} \in {S_u}\backslash \{ {m_j}\} :{P_{i0}},{P_{i1}};{P_{j0}},{P_{j1}}\} $
    下载: 导出CSV
    算法3:更新密文
     输入:$ {\text{CT}},{\text{KE}}{{\text{Y}}_{ct}} $
     For $ \forall {m_i} = {\text{att}}(z) \in Y $
     If $ {m_i} = {m_j} $ then
       $ {E_{z0}} = {g^{{f_z}(0){n_i}}} $;
       $ {E_{z1}} = H{({\text{att}}(z))^{{f_z}(0){n_i}}} $;
     Else
       $ {E_{z0}} = {g^{{f_z}(0){n_i}{\text{KE}}{{\text{Y}}_{ct}}}} $;
       $ {E_{z1}} = H{({\text{att}}(z))^{{f_z}(0){n_i}{\text{KE}}{{\text{Y}}_{ct}}}} $;
     End
     输入:${\text{C} }{ {\text{T} }_{ {\text{update} } } } = \{ \mathcal{T},\mathop C\limits^\sim ,C,\forall {m_i} = {\text{att} }(y) \in Y,{E_{z0} },{E_{z1} }\}$
    下载: 导出CSV

    表  2  不同方案的功能对比

    方案区块链IPFS细粒度访问控制访问策略隐藏外包解密激励属性更新
    文献[14]×××××
    文献[15]××××
    文献[19]×××
    文献[21]×××××
    文献[22]×××××
    文献[23]×××××
    本文
    下载: 导出CSV

    表  3  不同方案的计算开销对比

    文献[22]文献[23]本文
    密钥生成$ (3 + 4{N_u})E $$ (5 + 3{N_u})E $$ (1 + 3{N_u})E $
    加密$ (1 + 2{A_c})E + 2{E_T} $$ 2{A_c}E + 3{E_T} $$ (1 + 2{A_c})E + {E_T} $
    外包解密$ (4 + 2{N_u})P + n{E_T} $$ (4 + 2{N_u})P + n{E_T} $$ 2{N_u}P + n{E_T} $
    本地解密$ (1 + {N_u})P + 3{E_T} $$ P + 2{E_T} $$ 2P + {E_T} $
    密钥更新$ 2{N_u}E $$ E $
    密文更新$ P{E_{_T}} $$ E $
    下载: 导出CSV
  • [1] JURKOVIC G and SRUK V. Remote firmware update for constrained embedded systems[C]. The 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, Croatia, 2014: 1019–1023.
    [2] CHOI B C, LEE S H, NA J C, et al. Secure firmware validation and update for consumer devices in home networking[J]. IEEE Transactions on Consumer Electronics, 2016, 62(1): 39–44. doi: 10.1109/tce.2016.7448561
    [3] YOHAN A and LO N W. FOTB: A secure blockchain-based firmware update framework for IoT environment[J]. International Journal of Information Security, 2020, 19(3): 257–278. doi: 10.1007/s10207-019-00467-6
    [4] NAKAMOTO S. Bitcoin: A peer-to-peer electronic cash system[EB/OL]. https://bitcoin.org/bitcoin.pdf, 2021.
    [5] LEE B and LEE J H. Blockchain-based secure firmware update for embedded devices in an internet of things environment[J]. The Journal of Supercomputing, 2017, 73(3): 1152–1167. doi: 10.1007/s11227-016-1870-0
    [6] CHOI S and LEE J H. Blockchain-based distributed firmware update architecture for IoT devices[J]. IEEE Access, 2020, 8: 37518–37525. doi: 10.1109/ACCESS.2020.2975920
    [7] LI Chunlin, ZHANG Jing, YANG Xianmin, et al. Lightweight blockchain consensus mechanism and storage optimization for resource-constrained IoT devices[J]. Information Processing & Management, 2021, 58(4): 102602. doi: 10.1016/j.ipm.2021.102602
    [8] BONEH D and FRANKLIN M. Identity-based encryption from the Weil pairing[C]. The 21st Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, USA, 2001: 213–229.
    [9] SAHAI A and WATERS B. Fuzzy identity-based encryption[C]. The 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, Aarhus, Denmark, 2005: 457–473.
    [10] WATERS B. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization[C]. The 14th International Conference on Practice and Theory in Public Key Cryptography, Taormina, Italy, 2011: 53–70.
    [11] GREEN M, HOHENBERGER S, and WATERS B. Outsourcing the decryption of ABE ciphertexts[C]. The 20th USENIX Conference on Security, San Francisco, USA, 2011: 34.
    [12] LIU Zechao, JIANG Z L, WANG Xuan, et al. Practical attribute-based encryption: Outsourcing decryption, attribute revocation and policy updating[J]. Journal of Network and Computer Applications, 2018, 108: 112–123. doi: 10.1016/j.jnca.2018.01.016
    [13] 赵志远, 孙磊, 户家富, 等. 可验证外包解密的离线/在线属性基加密方案[J]. 电子与信息学报, 2018, 40(12): 2998–3006. doi: 10.11999/JEIT180122

    ZHAO Zhiyuan, SUN Lei, HU Jiafu, et al. Efficient offline/online attribute based encryption with verifiable outsourced decryption[J]. Journal of Electronics &Information Technology, 2018, 40(12): 2998–3006. doi: 10.11999/JEIT180122
    [14] ZHONG Hong, ZHU Wenlong, XU Yan, et al. Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage[J]. Soft Computing, 2018, 22(1): 243–251. doi: 10.1007/s00500-016-2330-8
    [15] LIU Suhui, YU Jiguo, XIAO Yinhao, et al. BC-SABE: Blockchain-aided searchable attribute-based encryption for cloud-IoT[J]. IEEE Internet of Things Journal, 2020, 7(9): 7851–7867. doi: 10.1109/JIOT.2020.2993231
    [16] BELGUITH S, KAANICHE N, HAMMOUDEH M, et al. PROUD: Verifiable privacy-preserving outsourced attribute based SignCryption supporting access policy update for cloud assisted IoT applications[J]. Future Generation Computer Systems, 2020, 111: 899–918. doi: 10.1016/j.future.2019.11.012
    [17] CUI Hui, WAN Zhiguo, WEI Xinlei, et al. Pay as you decrypt: Decryption outsourcing for functional encryption using blockchain[J]. IEEE Transactions on Information Forensics and Security, 2020, 15: 3227–3238. doi: 10.1109/TIFS.2020.2973864
    [18] QIN Xuanmei, HUANG Yongfeng, YANG Zhen, et al. LBAC: A lightweight blockchain-based access control scheme for the internet of things[J]. Information Sciences, 2021, 554: 222–235. doi: 10.1016/j.ins.2020.12.035
    [19] CHEN Yongle, LI Hui, LI Kejiao, et al. An improved P2P file system scheme based on IPFS and blockchain[C]. 2017 IEEE International Conference on Big Data (Big Data), Boston, USA, 2017: 2652–2657.
    [20] BENET J. IPFS-content addressed, versioned, P2P file system[EB/OL].https://arxiv.org/abs/1407.3561, 2014.
    [21] KREJCI S, SIGWART M, and SCHULTE S. Blockchain-and IPFS-based data distribution for the internet of things[C]. The 8th IFIP WG 2.14 European Conference on Service-Oriented and Cloud Computing, Heraklion, Greece, 2020: 177–191.
    [22] ZHANG Jiawei, LI Teng, OBAIDAT M S, et al. Enabling efficient data sharing with auditable user revocation for IoV systems[J]. IEEE Systems Journal, 2022, 16(1): 1355–1366. doi: 10.1109/JSYST.2020.3044309
    [23] LI Haifeng, LAN Caihui, FU Xingbing, et al. A secure and lightweight fine-grained data sharing scheme for mobile cloud computing[J]. Sensors, 2020, 20(17): 4720. doi: 10.3390/s20174720
  • 加载中
图(6) / 表(6)
计量
  • 文章访问数:  49
  • HTML全文浏览量:  25
  • PDF下载量:  17
  • 被引次数: 0
出版历程
  • 收稿日期:  2022-07-18
  • 修回日期:  2022-09-09
  • 网络出版日期:  2022-09-14

目录

    /

    返回文章
    返回