轻量级窄带物联网应用系统中高效可验证加密方案
|
摘要
窄带物联网(narrowband Internet of things, NB-IoT)是互联网中的一个重要分支.NB-IoT依托云计算强大的资源处理能力提供应用层的各项服务以及实现信息智能化.然而由于数据异地存储,云平台服务提供商并不完全可信,用户数据暴露在不完全安全的环境下,带来了诸多安全问题,比如被外部用户恶意攻击、云服务器共谋攻击等.针对NB-IoT终端节点极易受到攻击、资源不足、功耗受限等问题,提出一种基于属性的云存储快速访问控制方案.在多个属性授权机构的背景下,以高效可验证的轻量级加密方案为目标,借鉴在线/离线加密思想,并结合外包解密技术,构造了具备选择明文攻击(chosen-plaintext attack, CPA)安全的在线/离线加密和外包解密的多机构密文策略属性基加密方案(online/offline and outsourced multi-authority ciphertext-policy attribute-based encryptin scheme, OO-MA-CP-ABE),提高加解密算法效率的同时最小化用户的计算开销,很适合计算能力弱且资源受限的终端设备.并进一步通过验证算法确保外包计算的正确性.还给出了云计算环境下轻量级NB-IoT应用系统安全性分析,保证资源共享过程中,灵活可扩展的访问控制策略以及用户数据的机密性和隐私保护.最后,给出了OO-MA-CP-ABE方案的性能分析,从功能性、计算开销和通信开销3个方面同现有方案进行比较.
Narrowband Internet of things(NB-IoT) is an important branch of the Internet. It can provide application-level services and achieve information intellectualization, relying on the powerful resource processing capability offered by cloud computing. However, due to the storage of data in different places, cloud platform service providers are not completely trusted. User data is exposed in a not completely secured environment and this brings many security problems, such as external malicious attack and cloud server collusion. Aiming at these NB-IoT's issues like its terminal nodes are vulnerable to attacks, lacking in resources, limit in power consumption, a property-based cloud storage fast access control scheme is proposed. Under the background of multiple attribute authorities, an efficient and verifiable lightweight cryptographic encryption schemes is the goal. So using the idea of online/offline encryption and combining outsourced decryption technology, an online/offline and outsourced multi-authority ciphertext-policy attribute-based encryption scheme(OO-MA-CP-ABE) which can be secured from chosen-plaintext attack(CPA) is constructed. It improves the efficiency of the encryption and decryption algorithm while minimizing user's computational overhead, quite suitable for terminal equipment with weak computing power and limited resources, and can further ensure the correctness of outsourced computing by verifying the algorithm as well. It also gives the security analysis of the lightweight NB-IoT application system under cloud computing environment, in order to ensure the flexible and extensible access control strategy and the confidentiality and privacy protection of user data during the resource sharing process. Finally, the performance analysis of the OO-MA-CP-ABE scheme is given, and compared with the existing schemes in terms of functionality, computational overhead and storage overhead.
Narrowband Internet of things(NB-IoT) is an important branch of the Internet. It can provide application-level services and achieve information intellectualization, relying on the powerful resource processing capability offered by cloud computing. However, due to the storage of data in different places, cloud platform service providers are not completely trusted. User data is exposed in a not completely secured environment and this brings many security problems, such as external malicious attack and cloud server collusion. Aiming at these NB-IoT's issues like its terminal nodes are vulnerable to attacks, lacking in resources, limit in power consumption, a property-based cloud storage fast access control scheme is proposed. Under the background of multiple attribute authorities, an efficient and verifiable lightweight cryptographic encryption schemes is the goal. So using the idea of online/offline encryption and combining outsourced decryption technology, an online/offline and outsourced multi-authority ciphertext-policy attribute-based encryption scheme(OO-MA-CP-ABE) which can be secured from chosen-plaintext attack(CPA) is constructed. It improves the efficiency of the encryption and decryption algorithm while minimizing user's computational overhead, quite suitable for terminal equipment with weak computing power and limited resources, and can further ensure the correctness of outsourced computing by verifying the algorithm as well. It also gives the security analysis of the lightweight NB-IoT application system under cloud computing environment, in order to ensure the flexible and extensible access control strategy and the confidentiality and privacy protection of user data during the resource sharing process. Finally, the performance analysis of the OO-MA-CP-ABE scheme is given, and compared with the existing schemes in terms of functionality, computational overhead and storage overhead.
引文
[1]Wang Y P E,Lin X,Adhikary A,et al.A primer on 3GPP narrowband Internet of things[J].IEEE Communications Magazine,2017,55(3):117- 123
[2]Zayas A D,Merino P.The 3GPP NB-IoT system architec-ture for the Internet of things[C] //Proc of IEEE Int Conf on Communications Workshops.Piscataway,NJ:IEEE,2017:277- 282
[3]Oh S M,Shin J S.An efficient small data transmission scheme in the 3GPP NB-IoT system[J].IEEE Communications Letters,2017,21(3):660- 663
[4]Yu Changsheng,Yu Li,Hong Zhen,et al.Research on the security capacity of narrow-band Internet of things physical layer based on amplified forwarding and collaborative congestion[J].Journal of Transduction Technology,2017,30(4):575- 581 (in Chinese)(余昌盛,俞立,洪榛,等.基于放大转发和协作拥塞的窄带物联网物理层安全容量研究[J].传感技术学报,2017,30(4):575- 581)
[5]Sun Zhixin,Hong Hanshu.Some reflections on security issues in NB-IoT[J].ZTE Technologies,2017,23(1):47- 50 (in Chinese)(孙知信,洪汉舒.NB-IoT中安全问题的若干思考[J].中兴通讯技术,2017,23(1):47- 50)
[6]Shamir A.Identity-based cryptosystems and signature schemes[G] //Advances in Cryptology.Berlin:Springer,1984:47- 53
[7]Sahai A,Waters B.Fuzzy Identity-based encryption[G] //LNCS 3494:Proc of EUROCRYPT’05.Berlin:Springer,2005:457- 473
[8]Goyal V,Pandey O,Sahai A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C] //Proc of the 13th ACM Conf on Computer and Communications Security.New York:ACM,2006:89- 98
[9]Bethencourt J,Sahai A,Waters B.Ciphertext-policy attribute-based encryption[C] //Proc of IEEE Symp on Security and Privacy(SP’07).Piscataway,NJ:IEEE,2007:321- 334
[10]Chase M.Multi-authority attribute based encryption[C] //Proc of the 4th Conf on Theory of Cryptography.Berlin:Springer,2007:515- 534
[11]Ma Dandan,Chen Qin,Dang Zhengqin,et al.Ciphertext policy encryption mechanism based on multi-attributes organization[J].Computer Engineering,2012,38(10):114- 116 (in Chinese)(马丹丹,陈勤,党正芹,等.基于多属性机构的密文策略加密机制[J].计算机工程,2012,38(10):114- 116)
[12]Hohenberger S,Waters B.Online/offline attribute-based encryption[G] //LNCS 8383:Proc of Public-Key Cryptography.Berlin:Springer,2014:293- 310
[13]Green M,Hohenberger S,Waters B.Outsourcing the decryption of ABE ciphertexts[C] //Proc of the USENIX Security Symp.Berkeley,CA:USENIX Association,2011:3- 23
[14]Zhou Kai,Ren Jian.Secure fine-grained access control of mobile user data through untrusted cloud[C] //Proc of the 23rd IEEE Int Conf on Computer Communication and Networks.Piscataway,NJ:IEEE,2016:49- 54
[15]Lewko A,Waters B.Decentralizing attribute-based encryption[C] //Proc of Advances in Cryptology EUROCRYPT’11.Berlin:Springer,2011:568- 588
[16]Cheng M.The pairing-based cryptography library[OL].[2017-08-10].https://crypto.stanford.edu/pbc/download.html
[17]Ma Haiying,Zeng Guojun,Wang Zhanjun,et al.Efficient and provably secure attribute-based online/offline encryption mechanism[J].Journal on Communications,2014,35(7):104- 112 (in Chinese)(马海英,曾国荪,王占君,等.高效可证明安全的基于属性的在线/离线加密机制[J].通信学报,2014,35(7):104- 112)
[18]Ruj S,Stojmenovic M,Nayak A.Privacy preserving access control with authentication for securing data in clouds[C] //Proc of the 12th IEEE/ACM Int Symp on Cluster,Cloud and Grid Computing.Piscataway,NJ:IEEE,2012:556- 563
[2]Zayas A D,Merino P.The 3GPP NB-IoT system architec-ture for the Internet of things[C] //Proc of IEEE Int Conf on Communications Workshops.Piscataway,NJ:IEEE,2017:277- 282
[3]Oh S M,Shin J S.An efficient small data transmission scheme in the 3GPP NB-IoT system[J].IEEE Communications Letters,2017,21(3):660- 663
[4]Yu Changsheng,Yu Li,Hong Zhen,et al.Research on the security capacity of narrow-band Internet of things physical layer based on amplified forwarding and collaborative congestion[J].Journal of Transduction Technology,2017,30(4):575- 581 (in Chinese)(余昌盛,俞立,洪榛,等.基于放大转发和协作拥塞的窄带物联网物理层安全容量研究[J].传感技术学报,2017,30(4):575- 581)
[5]Sun Zhixin,Hong Hanshu.Some reflections on security issues in NB-IoT[J].ZTE Technologies,2017,23(1):47- 50 (in Chinese)(孙知信,洪汉舒.NB-IoT中安全问题的若干思考[J].中兴通讯技术,2017,23(1):47- 50)
[6]Shamir A.Identity-based cryptosystems and signature schemes[G] //Advances in Cryptology.Berlin:Springer,1984:47- 53
[7]Sahai A,Waters B.Fuzzy Identity-based encryption[G] //LNCS 3494:Proc of EUROCRYPT’05.Berlin:Springer,2005:457- 473
[8]Goyal V,Pandey O,Sahai A,et al.Attribute-based encryption for fine-grained access control of encrypted data[C] //Proc of the 13th ACM Conf on Computer and Communications Security.New York:ACM,2006:89- 98
[9]Bethencourt J,Sahai A,Waters B.Ciphertext-policy attribute-based encryption[C] //Proc of IEEE Symp on Security and Privacy(SP’07).Piscataway,NJ:IEEE,2007:321- 334
[10]Chase M.Multi-authority attribute based encryption[C] //Proc of the 4th Conf on Theory of Cryptography.Berlin:Springer,2007:515- 534
[11]Ma Dandan,Chen Qin,Dang Zhengqin,et al.Ciphertext policy encryption mechanism based on multi-attributes organization[J].Computer Engineering,2012,38(10):114- 116 (in Chinese)(马丹丹,陈勤,党正芹,等.基于多属性机构的密文策略加密机制[J].计算机工程,2012,38(10):114- 116)
[12]Hohenberger S,Waters B.Online/offline attribute-based encryption[G] //LNCS 8383:Proc of Public-Key Cryptography.Berlin:Springer,2014:293- 310
[13]Green M,Hohenberger S,Waters B.Outsourcing the decryption of ABE ciphertexts[C] //Proc of the USENIX Security Symp.Berkeley,CA:USENIX Association,2011:3- 23
[14]Zhou Kai,Ren Jian.Secure fine-grained access control of mobile user data through untrusted cloud[C] //Proc of the 23rd IEEE Int Conf on Computer Communication and Networks.Piscataway,NJ:IEEE,2016:49- 54
[15]Lewko A,Waters B.Decentralizing attribute-based encryption[C] //Proc of Advances in Cryptology EUROCRYPT’11.Berlin:Springer,2011:568- 588
[16]Cheng M.The pairing-based cryptography library[OL].[2017-08-10].https://crypto.stanford.edu/pbc/download.html
[17]Ma Haiying,Zeng Guojun,Wang Zhanjun,et al.Efficient and provably secure attribute-based online/offline encryption mechanism[J].Journal on Communications,2014,35(7):104- 112 (in Chinese)(马海英,曾国荪,王占君,等.高效可证明安全的基于属性的在线/离线加密机制[J].通信学报,2014,35(7):104- 112)
[18]Ruj S,Stojmenovic M,Nayak A.Privacy preserving access control with authentication for securing data in clouds[C] //Proc of the 12th IEEE/ACM Int Symp on Cluster,Cloud and Grid Computing.Piscataway,NJ:IEEE,2012:556- 563
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |