面向工业物联网的策略隐藏属性基加密方案  被引量：1

作　　者：尹建标 张言 史培中 古春生 YIN Jianbiao;ZHANG Yan;SHI Peizhong;GU Chunsheng(School of Computer Engineering,Jiangsu University of Technology,Changzhou 213001,China)

机构地区：[1]江苏理工学院计算机工程学院,江苏常州213001

出　　处：《现代电子技术》2025年第1期90-96,共7页Modern Electronics Technique

基　　金：国家自然科学基金项目(61672270);国家自然科学基金项目(61602216)。

摘　　要：针对工业物联网中的生产和监管数据易泄露与数据获取中断的问题,提出支持策略隐藏的属性基加密方案。将属性信息分为属性名和属性值进行方案构造,属性值在构造过程中并未暴露并且上传到云服务器的访问策略仅由属性名构成,工业物联网设备在获取生产信息时不会完整的访问策略,防止了不法分子对设备信息盗取进而导致访问策略及生产信息的泄露。同时,授权多个半可信云服务器,当某个半可信云服务器不能正常工作时可快速根据服务器密钥更新用户私钥,使得其他半可信云服务器接替其工作,保证物联网设备读取数据的连续性。此外,引入属性认证,在撤销过程中无需重更新密文,适用于产生大量数据的物联网环境的撤销。经过安全性分析和性能分析,该方案能抵抗选择明文攻击,且系统初始化、用户密钥生成、加密、解密都具有较高的运行效率。An attribute-based encryption(ABE)scheme supporting policy hiding is proposed to eliminate the production and regulatory data leakage and data acquisition interruption in the industrial Internet of Things(IIoT).The attribute information is categorized into attribute names and attribute values for scheme construction.The attribute values are not exposed during the process of construction,and the access policy uploaded to the cloud server only consists of attribute names.The IIoT devices do not have complete access policies when obtaining production information,which prevents unauthorized elements from stealing device information and causing the leakage of access policies and production information.Multiple semi-trusted cloud servers are authorized.When a semi-trusted cloud server fails to function properly,the user private key can be quickly updated based on the server key,which allows other semi-trusted cloud servers to take over its work,so as to ensure the continuity of data read by IoT devices.In addition,the introduction of attribute authentication eliminates the need to update the ciphertext during the process of revocation,making it suitable for revocation in the IoT environments that generate a large amount of data.After security and performance analysis,the scheme can resist plaintext attacks and has high operational efficiency in system initialization,user key generation,encryption,and decryption.

关 键 词：工业物联网 数据安全 策略隐藏 单点故障 属性认证 属性撤销 

分 类 号：TN918-34[电子电信—通信与信息系统]