面向云辅助工业物联网的高效可搜索属性基加密方案  

作　　者：张学旺[1] 陈思宇 罗欣悦 雷志滔 谢昊飞[2] ZHANG Xuewang;CHEN Siyu;LUO Xinyue;LEI Zhitao;XIE Haofei(School of Software Engineering,Chongqing University of Posts and Telecommunications,Chongqing 400065,China;School of Automation,Chongqing University of Posts and Telecommunications,Chongqing 400065,China)

机构地区：[1]重庆邮电大学软件工程学院,重庆400065 [2]重庆邮电大学自动化学院,重庆400065

出　　处：《信息网络安全》2024年第9期1352-1363,共12页Netinfo Security

基　　金：国家重点研发计划[2022YFB3204503];重庆市城市管理科研项目[城管科字2023第35号]。

摘　　要：云存储可以有效存储和管理工业物联网生成的海量数据,但缺乏灵活安全的访问控制机制,且上传的加密数据难以高效检索。为解决这些问题,文章提出一种面向工业物联网的高效可搜索属性基加密方案,该方案具有隐私保护、多关键词搜索和数据验证等功能。方案利用对称加密和属性基加密以在线/离线加密方式加密明文,利用异或过滤器和随机秘密值实现部分访问策略隐藏,提高工业数据的安全性。此外,方案基于多项式方程实现支持子集查询的多关键词高效搜索,通过签名加密的方式验证云服务器中数据的完整性。安全性分析表明,该方案在DBDH困难问题假设下可以抵御选择明文攻击。理论分析和仿真实验结果表明,该方案在加密、陷门生成和搜索等阶段与对比方案相比具有更高的效率,功能更全面。Cloud storage can effectively store and manage the massive data generated by the industrial Internet of things,but it lacks a flexible and secure access control mechanism,and the uploaded encrypted data is difficult to retrieve efficiently.To solve these problems,this paper proposed an efficient and secure searchable attribute-based encryption scheme for the Industrial Internet of Things,which had the functions of privacy protection,multikeyword search and data verification.The scheme used symmetric encryption and attributebased encryption to encrypt plaintext in an online/offline encryption manner,and used XOR filters and random secret values to hide some access policies,further improving the security of industrial data.On the other hand,based on polynomial equations,multi-keyword efficient search supporting subset queries was implemented.In addition,the integrity of data in cloud storage was verified by signature encryption.The security proof proves that the proposed scheme can resist chosen plaintext attacks under the assumption of DBDH difficulty problem.Theoretical analysis and simulation experimental results show that the scheme has higher efficiency and more comprehensive functions than the comparative scheme in encryption,trapdoor generation and search stages.

关 键 词：工业物联网 属性基加密 可搜索加密 策略隐藏 数据验证 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]