CN111130767A - Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking - Google Patents

Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking Download PDF

Info

Publication number
CN111130767A
CN111130767A CN201911208101.7A CN201911208101A CN111130767A CN 111130767 A CN111130767 A CN 111130767A CN 201911208101 A CN201911208101 A CN 201911208101A CN 111130767 A CN111130767 A CN 111130767A
Authority
CN
China
Prior art keywords
internet
things
user
data
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911208101.7A
Other languages
Chinese (zh)
Inventor
张涛
宋雄飞
沈玉龙
秦睿阳
祝幸辉
何英杰
杨书华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Research Institute of Radio Wave Propagation CRIRP
Original Assignee
Tianbo Electronic Information Technology Co ltd
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianbo Electronic Information Technology Co ltd, Xidian University filed Critical Tianbo Electronic Information Technology Co ltd
Priority to CN201911208101.7A priority Critical patent/CN111130767A/en
Publication of CN111130767A publication Critical patent/CN111130767A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of attribute encryption, and discloses an attribute-based secure communication method of an Internet of things capable of verifying outsourcing and revoking, which comprises the following steps of initializing a system; the authorization center distributes an attribute set for the data user and generates a key required by decryption for the data user; the Internet of things node symmetrically encrypts data; the node of the Internet of things encrypts the symmetric key by using encryption based on attributes; a data user sends a data access request to the Internet of things platform and decrypts the data; and the platform of the Internet of things withdraws a specific user in the system. The method has the advantages of low equipment computing cost, capability of verifying outsourcing computation, resistance to malicious auxiliary node collusion attack, support of dynamic authority management of a system and the like, and can be used for solving the problems of batch access control, large number of keys, limited equipment resources and the like in the application of the Internet of things. The invention realizes a lightweight secure communication method and realizes the revocable function of the secret key.

Description

Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking
Technical Field
The invention belongs to the technical field of attribute encryption, and particularly relates to an attribute support-based Internet of things secure communication method capable of verifying outsourcing and revoking.
Background
Currently, the closest prior art: the Internet of Things (IoT) has raised one of the largest technological waves in recent decades. It is expected that by 2020, 500 billion devices will interconnect to form a network that may cover everything around us. The internet of things will affect billions of people across industrial, commercial, medical, automotive and other applications. The development of the internet of things is so fast that a large number of data objects are generated, however, since the internet of things equipment needs to send sensitive data to the cloud, security measures must be considered to control access to the data, and confidentiality of the data during communication needs to be guaranteed. The traditional encryption mechanism based on public key infrastructure can protect the data confidentiality, but has several major defects that firstly, the security authorization cost of a single node of the Internet of things is large, the security certificate needs to be generated one by one, otherwise, the node identity cannot be verified; secondly, the computing capacity of the nodes of the internet of things is limited, and large-scale computing is needed when public key encryption is used, so that the computing load of the nodes of the internet of things is too large, and the resource consumption of the internet of things is too fast. And thirdly, the nodes in the Internet of things system are deployed with space-time correlation, so that physical copying and stealing cannot be avoided, and the existing mechanism is difficult to eliminate the safe communication after the nodes are damaged. Attribute-based encryption (ABE) is a one-to-many encryption scheme that can be implemented and is widely used in access control systems. However, the ABE requires a large amount of complex operations, which causes a heavy overhead in the encryption process, which is a difficulty in using the ABE in an environment with limited resources, such as the internet of things. Therefore, it is necessary to provide a lightweight secure communication method of the internet of things that supports verifiable outsourcing and revocable based on attributes.
In summary, the problems of the prior art are as follows: the traditional public key encryption mode is not suitable for large-scale encryption of Internet of things equipment, the basic ABE encryption and decryption computation complexity is high, and the dynamic revocation of the user authority is difficult, so that the public key encryption mode is difficult to adapt to the Internet of things environment.
The difficulty of solving the technical problems is as follows: the application of the internet of things urgently needs a mode supporting one-to-many communication to solve the difficulty of large-scale safe communication and the problem of insufficient computing capacity of the internet of things equipment.
The significance of solving the technical problems is as follows: the encryption based on the attributes just can realize one-to-many encryption, and the encryption based on the attributes cannot be directly applied to the environment of the Internet of things due to overlarge computing overhead; the verifiability of outsourcing calculation, the collusion attack of a malicious auxiliary node resistance and the realization of an efficient revocable ABE encryption mode adapt to the dynamic change of participants in the environment of the Internet of things.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an attribute-based secure communication method of the Internet of things, which can verify outsourcing and revocable.
The invention is realized in such a way that the attribute-based method for supporting the internet of things capable of verifying outsourcing and revoking comprises the following steps:
firstly, initializing a system, and generating a public parameter and a master key;
secondly, the platform distributes an attribute set for the user and generates a decryption private key and a private key component of the user;
step three, randomly generating symmetric key encryption data by the Internet of things equipment, encrypting the symmetric keys by using ABE, partially outsourcing the process, verifying an outsourcing result and realizing final encryption;
fourthly, the user sends a data acquisition request to the platform, the platform decrypts by using a decryption private key of the platform and sends the semi-decrypted data to the user, and if the user is not revoked, the semi-decrypted data is finally decrypted;
and fifthly, revoking the specific user in the system.
Further, the system is initialized, an authorization center, namely an Internet of things platform is initialized, and firstly, a system security parameter lambda and an attribute domain U are selected; two multiplication cyclic groups G of order p are then chosen1,G2G is G1Bilinear mapping of the generator of (1) as e: G1×G1→G2(ii) a Corresponding identity identification is distributed to users in the system, and for each attribute i belonging to U, a random number t is selectedi∈ZPCalculating
Figure BDA0002297373150000021
Selecting a random number y ∈ ZpCalculating public parameters
Figure BDA0002297373150000022
Y=e(g,g)yTherein is the master key t1,...,t|U|,y。
Further, the platform allocates an attribute set to the user, and generates a decryption private key and a private key component of the user specifically includes: the authorization center firstly distributes an attribute set for each legal user, the user constructs an access structure according to the attribute of the user, and the authorization center generates a corresponding private key component for the user through the access structure of each user. The authority selects a polynomial q for each level of nodes in the access structurexThe degree d of the polynomial is a threshold k-1, where q is givenr(0) Y, embedding the secret value into the function value of the root node, computing a function value for each node from top to bottom, and then selecting a random number epsilon ZpComputing private key components of a leaf node when the leaf node is reached
Figure BDA0002297373150000031
The platform's decryption private key epsilon.
Further, the data are encrypted by using the symmetric key, and the internet of things device randomly generates the symmetric key K to encrypt the data C to be sent, which is EM (K, M).
Further, the internet of things equipment encrypts the symmetric key K by using the ABE specifically as follows: firstly, two random numbers s are selected, r belongs to Zp, wherein s is a larger random number, r is a smaller random number, d1 is s mod r, d2 is (s-d1)/r, and r is divided into different combinations ra1,rb1…ran,rbnAgainst potential collusion attacks, where rai+rbiR; wrapping part of raiAnd gamma is sent to different auxiliary nodes to calculate
Figure BDA0002297373150000032
And
Figure BDA0002297373150000033
then the temporary result sum is summed with raiCorresponding rbiSending the data to different auxiliary nodes together, and obtaining Y through twice calculationrAnd { Ti r}i∈γJudging whether the calculation result of the auxiliary node is correct or not by comparing whether the intermediate result calculated by the auxiliary node is consistent or not; if there is a set of intermediate results that are consistent, the calculation is correct, and the final result E' KY can be calculated by the result equipmentr*d2+d1=KYs,{Ti r*d2+d1}i∈γ={Ti s}i∈γ. E ═ KY (γ, C, E ═ KY)s,{Ei=Ti s}i∈γ) And sending the data to the Internet of things platform.
Further, the platform of the Internet of things semi-decrypts the data, and the platform uses a decryption private key epsilon to semi-decrypt the encrypted data and EiPerforming an exponential operation to obtain Ei zAnd sending the semi-decrypted data to the user.
Further, the user completes the final decryption, the user carries out decryption after taking the semi-encrypted data and the private key assembly, and if the attribute of the user meets the decryption attribute and the user is not revoked, the user decrypts the data
Figure BDA0002297373150000034
When recursing to a vertex, since qr(0)=y,
Figure BDA0002297373150000041
By solving the symmetric encryption key K, the data M ═ DM (K, C) is decrypted by K.
Further, the specific implementation of the revocation scheme includes: when the decryption right of a specific user needs to be revoked, the platform updates the private key component of the un-revoked user and the platform decryption private key,
Figure BDA0002297373150000042
Figure BDA0002297373150000043
when epsilon in E and D is consistent, the calculation is cancelled to obtain
Figure BDA0002297373150000044
If not, decryption cannot be performed; when the user right is revoked, the encrypted data ciphertext and the ABE encryption structure do not need to be modified.
The invention further aims to provide application of the internet of things secure communication method for supporting verifiable outsourcing and revocable based on the attributes in data encryption of the internet of things.
The invention further aims to provide the internet of things information data processing terminal applying the internet of things safety communication method for supporting verifiable outsourcing and revocable based on the attributes.
In summary, the advantages and positive effects of the invention are: the invention provides a one-to-many encryption mode for the Internet of things, effectively reduces the expense of key distribution and storage, solves the problem of safe communication between large-scale nodes of the Internet of things and users, introduces a new outsourcing scheme, reduces the calculation expense of equipment of the Internet of things, realizes a light-weight safe communication method, realizes the revocable function of the key, and adapts to the dynamic change of participants in the environment of the Internet of things.
Drawings
Fig. 1 is a flowchart of a secure communication method for supporting verifiable outsourcing and revocable internet of things based on attributes according to an embodiment of the present invention.
Fig. 2 is a flowchart of an implementation of the method for supporting verifiable outsourcing and revocable secure communication of the internet of things based on attributes according to the embodiment of the present invention.
Fig. 3 is a sub-flowchart of outsourcing encryption by a node of the internet of things according to the embodiment of the present invention.
Fig. 4 is a sub-flow diagram of revocation as provided by an embodiment of the present invention.
Fig. 5 is a time-simulated graph of encryption consumption provided by an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the problems in the prior art, the invention provides an attribute-based secure communication method of the internet of things for supporting verifiable outsourcing and revocable, and the invention is described in detail with reference to the attached drawings.
As shown in fig. 1, the method for supporting verifiable outsourcing and revocable secure communication of the internet of things based on attributes provided by the embodiment of the present invention includes the following steps:
s101: initializing a system, and generating a public parameter and a master key;
s102: the platform distributes an attribute set for the user and generates a decryption private key and a private key component of the user;
s103: randomly generating symmetric key encryption data by the Internet of things equipment, encrypting the symmetric key by using ABE, partially outsourcing the process, verifying an outsourcing result and realizing final encryption;
s104: the user sends a data acquisition request to the platform, the platform decrypts by using a decryption private key of the platform and sends the semi-decrypted data to the user, and if the user is not revoked, the semi-decrypted data can be finally decrypted;
s105: revoking a particular user in the system.
The technical solution of the present invention is further described below with reference to the accompanying drawings.
As shown in fig. 2, the method for supporting verifiable outsourcing and revocable internet of things secure communication based on attributes provided by the embodiment of the present invention specifically includes the following steps:
the method comprises the following steps: and (5) initializing the system.
An authorization center, namely an Internet of things platform, is initialized, a system security parameter lambda and an attribute domain U are selected firstly, and then two multiplication cycle groups G with the order of p are selected1,G2G is G1Bilinear mapping of the generator of (1) as e: G1×G1→G2(ii) a Corresponding identity identification is distributed to users in the system, and for each attribute i belonging to U, a random number t is selectedi∈ZPCalculating
Figure BDA0002297373150000051
Selecting a random number y ∈ ZPCalculating public parameters
Figure BDA0002297373150000052
Wherein is the master key t1,...,t|U|,y。
Step two: the platform assigns a set of attributes to the user and generates a decryption private key and a private key component of the user.
The authorization center firstly distributes an attribute set for each legal user, the user constructs an access structure according to the attribute of the user, and the authorization center generates a corresponding private key component for the user through the access structure of each user. The authority selects a polynomial q for each level of nodes in the access structurexThe degree d of the polynomial is a threshold k-1, where q is givenr(0) Embedding the secret value into the function value of the root node, computing a function for each node from top to bottomNumerical value, then selecting a random number epsilon ZpComputing private key components of a leaf node when the leaf node is reached
Figure BDA0002297373150000061
The platform's decryption private key epsilon.
Step three: the data is encrypted using a symmetric key.
The Internet of things equipment randomly generates a symmetric key K to encrypt data C to be sent, wherein the data C is EM (K, M).
Step four: the Internet of things equipment encrypts a symmetric key K by using ABE.
As shown in fig. 3, this step is specifically implemented as follows: firstly, two random numbers s are selected, r belongs to Zp, wherein s is a larger random number, r is a smaller random number, d1 is smodr, d2 is (s-d1)/r, and r is divided into different combinations ra1,rb1…ran,rbnAgainst potential collusion attacks, where rai+rbiR. Wrapping part of raiAnd gamma is sent to different auxiliary nodes to calculate
Figure BDA0002297373150000062
And
Figure BDA0002297373150000063
then the temporary result sum is summed with raiCorresponding rbiSending the data to different auxiliary nodes together, and obtaining Y through twice calculationrAnd { Ti r}i∈γAnd judging whether the calculation result of the auxiliary node is correct or not by comparing whether the intermediate result calculated by the auxiliary node is consistent or not. If there is a set of intermediate results that are consistent, the calculation is correct, and the final result E' KY can be calculated by the result equipmentr*d2+d1=KYs,{Ti r*d2+d1}i∈γ={Ti s}i∈γ. E ═ KY (γ, C, E ═ KY)s,{Ei=Ti s}i∈γ) And sending the data to the Internet of things platform. The outsourcing mode provided by the invention can quickly realize outsourcing calculation and reduceThe communication overhead is low, and collusion attack of semi-trusted auxiliary nodes can be resisted.
Step five: and the Internet of things platform semi-decrypts the data.
The platform uses the decryption private key epsilon to semi-decrypt the encrypted data, pair EiPerforming an exponential operation to obtain Ei εAnd sending the semi-decrypted data to the user.
Step six: the user completes the final decryption.
The user carries out decryption after taking the semi-encrypted data and the private key assembly, and if the attribute of the user meets the decryption attribute and the user is not revoked, the user can decrypt
Figure BDA0002297373150000064
Figure BDA0002297373150000065
When recursing to a vertex, since
Figure BDA0002297373150000066
Figure BDA0002297373150000067
The symmetric encryption key K can be solved by this formula, and then the data M ═ DM (K, C) can be decrypted by K.
As shown in fig. 4, the revocation scheme of the present invention is specifically implemented as follows: when the decryption right of a specific user needs to be revoked, the platform updates the private key component of the un-revoked user and the platform decryption private key,
Figure BDA0002297373150000071
Figure BDA0002297373150000072
when epsilon in E and D are consistent, the calculation can cancel it out
Figure BDA0002297373150000073
If not, decryption cannot be performed. In the invention, when the user right is revoked, the encrypted data ciphertext and the ABE encryption structure do not need to be modified, thereby reducing the cost of the methodThe computational overhead of the platform.
The application effect of the present invention will be described in detail with reference to the simulation.
1. Simulation conditions
The simulation environment is as follows: the notebook is configured by Intel (R) core (TM) i5-3210M CPU @2.50GHz8.00GBRAM, and the operating system is 64-bit Windows 7. Based on an eclipse tool, the implementation language is Java.
2. Content and result analysis of guidelines
The method of the invention is adopted to outsource encryption, the result is shown in figure 5, the number of auxiliary nodes is fixed in the simulation process, the encryption time is calculated by changing the credible proportion of the auxiliary nodes, the simulation process has randomness, and therefore, the average value of multiple test results is used as the final result. The time consumed by the encryption of the auxiliary node in the encryption process is much longer than the time consumed by the encryption of the equipment, and the higher the credibility ratio of the auxiliary node is, the less time is consumed. The encryption time of the internet of things equipment is about 150ms, the encryption time is specifically dependent on the number of times of verifying the outsourcing result, when the credibility ratio of the auxiliary node is higher, the number of times of verification is smaller, the number of times of encryption of the auxiliary node is smaller, and the overall encryption time is shorter. Because the complex calculation is outsourced to the auxiliary node, the equipment of the Internet of things only needs to verify whether the result is correct and calculate the final result, and the calculation cost of the equipment of the Internet of things is greatly reduced.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. The attribute-based method for supporting verifiable outsourcing and revocable secure communication of the Internet of things is characterized by comprising the following steps of:
firstly, initializing a system, and generating a public parameter and a master key;
secondly, the platform distributes an attribute set for the user and generates a decryption private key and a private key component of the user;
thirdly, randomly generating symmetric key encryption data by the Internet of things equipment, encrypting the symmetric key by using ABE (Attribute-based encryption), partially outsourcing the process, verifying an outsourcing result and realizing final encryption;
fourthly, the user sends a data acquisition request to the platform, the platform decrypts by using a decryption private key of the platform and sends the semi-decrypted data to the user, and if the user is not revoked, the semi-decrypted data is finally decrypted;
and fifthly, revoking the specific user in the system.
2. The method for supporting certified outsourcing and revocable internet of things secure communication based on attributes as claimed in claim 1, wherein the system initialization, the authorization center namely the internet of things platform initialization, first selects a system security parameter λ and an attribute domain U; two multiplication cyclic groups G of order p are then chosen1,G2G is G1Bilinear mapping is e: g1×G1→G2(ii) a Corresponding identity identification is distributed to users in the system, and for each attribute i belonging to U, a random number t is selectedi∈ZpCalculating
Figure FDA0002297373140000011
Selecting a random number y ∈ ZpCalculating public parameters
Figure FDA0002297373140000012
Y=e(g,g)yTherein is the master key t1,...,t|U|,y。
3. The method for attribute-based support of verifiable outsourcing and revocable internet of things secure communication of claim 1, wherein the platform assigns a set of attributes to the user and generates the decryption private key and the private key component of the user specifically comprises: the authorization center firstly distributes attribute sets for each legal user, and the users construct access structure according to their own attributesThe authorization center generates a corresponding private key component for each user through the access structure of the user; the authority selects a polynomial q for each level of nodes in the access structurexThe degree d of the polynomial is a threshold k-1, where q is givenr(0) Y, embedding the secret value into the function value of the root node, computing a function value for each node from top to bottom, and then selecting a random number epsilon ZpComputing private key components of a leaf node when the leaf node is reached
Figure FDA0002297373140000021
The platform's decryption private key epsilon.
4. The method for internet of things secure communication based on attribute support verifiable outsourcing and revocable according to claim 1, wherein the data is encrypted by using a symmetric key, and the internet of things device randomly generates a symmetric key K to encrypt data C ═ EM (K, M) to be transmitted.
5. The method for attribute-based support of verifiable outsourcing and revocable internet of things secure communication according to claim 1, wherein the internet of things device encrypts the symmetric key K using ABE as follows: firstly, two random numbers s are selected, r belongs to Zp, wherein s is a larger random number, r is a smaller random number, d1 is s mod r, d2 is (s-d1)/r, and r is divided into different combinations ra1,rb1...ran,rbnAgainst potential collusion attacks, where rai+rbiR; wrapping part of raiAnd sending the gamma to different auxiliary nodes to calculate
Figure FDA0002297373140000029
And
Figure FDA0002297373140000022
then the temporary result sum is summed with raiCorresponding rbiSending the data to different auxiliary nodes together, and obtaining Y through twice calculationrAnd { Ti r}i∈ΥJudging whether the calculation result of the auxiliary node is correct or not by comparing whether the intermediate result calculated by the auxiliary node is consistent or not; if there is a set of intermediate results that are consistent, the calculation is correct, and the final result E' KY can be calculated by the result equipmentr*d2+d1=KYs,{Ti r*d2+d1}i∈Υ={Ti s}i∈ΥExtracting E ═ y (` y, C, E' KY)s,{Ei=Ti s}i∈Υ) And sending the data to the Internet of things platform.
6. The method for attribute-based support of verifiable outsourcing and revocable secure communications for the internet of things of claim 1, wherein the internet of things platform semi-decrypts data, the platform semi-decrypts encrypted data using a decryption private key epsilon, and pair EiIs subjected to an exponential operation to obtain
Figure FDA0002297373140000026
And sending the semi-decrypted data to the user.
7. The method of claim 1, wherein the user completes the final decryption, the user decrypts after getting to the semi-encrypted data and private key component, and the user decrypts if the user's attributes satisfy the decryption attributes and the user is not revoked
Figure FDA0002297373140000027
When recursing to a vertex, since qr(0)=y,
Figure FDA0002297373140000028
By solving the symmetric encryption key K, the data M ═ DM (K, C) is decrypted by K.
8. The attribute-based support of verifiable outsourcing and revocable internet of things secure communicant of claim 1The method is characterized in that the specific implementation of the revocation scheme comprises the following steps: when the decryption right of a specific user needs to be revoked, the platform updates the private key component of the un-revoked user and the platform decryption private key,
Figure FDA0002297373140000031
Figure FDA0002297373140000032
when epsilon in E and D is consistent, the calculation is cancelled to obtain
Figure FDA0002297373140000033
If not, decryption cannot be performed; when the user right is revoked, the encrypted data ciphertext and the ABE encryption structure do not need to be modified.
9. Use of the method for supporting verifiable outsourcing and revocable secure communication of the internet of things based on attributes according to any one of claims 1 to 8 in data encryption of the internet of things.
10. An internet of things information data processing terminal applying the internet of things information data processing terminal supporting the internet of things secure communication method capable of verifying outsourcing and revoking based on attributes as claimed in any one of claims 1 to 8.
CN201911208101.7A 2019-11-30 2019-11-30 Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking Pending CN111130767A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911208101.7A CN111130767A (en) 2019-11-30 2019-11-30 Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911208101.7A CN111130767A (en) 2019-11-30 2019-11-30 Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking

Publications (1)

Publication Number Publication Date
CN111130767A true CN111130767A (en) 2020-05-08

Family

ID=70496463

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911208101.7A Pending CN111130767A (en) 2019-11-30 2019-11-30 Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking

Country Status (1)

Country Link
CN (1) CN111130767A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132097A (en) * 2021-03-07 2021-07-16 西安电子科技大学 Lightweight certificateless cross-domain authentication method, system and application suitable for Internet of things

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106452735A (en) * 2016-07-04 2017-02-22 广东工业大学 Outsourcing attribute encryption method supporting attribute cancellation
CN107359986A (en) * 2017-07-03 2017-11-17 暨南大学 The outsourcing encryption and decryption CP ABE methods of user revocation
CN107819578A (en) * 2017-12-12 2018-03-20 电子科技大学 Outsourcing solution label decryption method and its system can verify that based on attribute
CN108390876A (en) * 2018-02-13 2018-08-10 西安电子科技大学 Revocation outsourcing is supported to can verify that more authorization center access control methods, Cloud Server
CN108810004A (en) * 2018-06-22 2018-11-13 西安电子科技大学 More authorization center access control methods, cloud storage system can be revoked based on agency

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106452735A (en) * 2016-07-04 2017-02-22 广东工业大学 Outsourcing attribute encryption method supporting attribute cancellation
CN107359986A (en) * 2017-07-03 2017-11-17 暨南大学 The outsourcing encryption and decryption CP ABE methods of user revocation
CN107819578A (en) * 2017-12-12 2018-03-20 电子科技大学 Outsourcing solution label decryption method and its system can verify that based on attribute
CN108390876A (en) * 2018-02-13 2018-08-10 西安电子科技大学 Revocation outsourcing is supported to can verify that more authorization center access control methods, Cloud Server
CN108810004A (en) * 2018-06-22 2018-11-13 西安电子科技大学 More authorization center access control methods, cloud storage system can be revoked based on agency

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
方雪锋等: ""可撤销用户的外包加解密CP-ABE方案"", 《计算机工程》 *
白翠翠: ""支持撤销和外包的属性密码方案研究"", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
董晓蕾等: ""物联网隐私保护研究进展"", 《计算机研究与发展》 *
赵志远等: ""云存储环境下属性基加密综述"", 《计算机应用与研究》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132097A (en) * 2021-03-07 2021-07-16 西安电子科技大学 Lightweight certificateless cross-domain authentication method, system and application suitable for Internet of things

Similar Documents

Publication Publication Date Title
Liu et al. Achieving reliable and secure services in cloud computing environments
Riad et al. A dynamic and hierarchical access control for IoT in multi-authority cloud storage
Belguith et al. Analysis of attribute‐based cryptographic techniques and their application to protect cloud services
CN101938473B (en) Single-point login system and single-point login method
CN112104619A (en) Data access control system and method based on outsourcing ciphertext attribute encryption
JP2023500570A (en) Digital signature generation using cold wallet
CN114036539A (en) Safety auditable Internet of things data sharing system and method based on block chain
Hosen et al. SPTM-EC: A security and privacy-preserving task management in edge computing for IIoT
Hahn et al. Efficient IoT management with resilience to unauthorized access to cloud storage
Dey et al. An integrated model to make cloud authentication and multi-tenancy more secure
Jamal et al. Reliable access control for mobile cloud computing (MCC) with cache-aware scheduling
Sivaselvan et al. SUACC-IoT: Secure unified authentication and access control system based on capability for IoT
CN113055164A (en) Cipher text strategy attribute encryption algorithm based on state cipher
CN111130767A (en) Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking
CN113132097B (en) Lightweight certificateless cross-domain authentication method, system and application suitable for Internet of things
Lahmer et al. Towards a virtual domain based authentication on MapReduce
Zagrouba et al. Authenblue: a new authentication protocol for the industrial Internet of Things
Merzeh et al. GDPR compliance IoT authentication model for smart home environment
Abdelkader et al. A new strong user authentication scheme with local certification authority for internet of things based cloud computing services
Ali et al. Credential-based authentication mechanism for IoT devices in fog-cloud computing
Almagrabi A pervasive controlled access with privacy delegation design for smart internet of things applications
Anakath et al. Fingerprint Agreement Using Enhanced Kerberos Authentication Protocol on M-Health.
CN113556236B (en) Energy data middlebox sensitive content entrusting and authorizing method based on proxy signature
Ko et al. Viotsoc: Controlling access to dynamically virtualized iot services using service object capability
Sugumar et al. Key Escrow with Certificateless Elliptic Curve Segmentation for Grouping of Shared Data in Mobile Networks.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20210223

Address after: 453000 84 Jianshe East Road, Muye District, Xinxiang City, Henan Province

Applicant after: THE 22ND RESEARCH INSTITUTE OF CHINA ELECTRONICS TECHNOLOGY Group Corp.

Address before: 710071 Xi'an Electronic and Science University, 2 Taibai South Road, Shaanxi, Xi'an

Applicant before: XIDIAN University

Applicant before: TIANBO ELECTRONIC INFORMATION TECHNOLOGY Co.,Ltd.

TA01 Transfer of patent application right
RJ01 Rejection of invention patent application after publication

Application publication date: 20200508

RJ01 Rejection of invention patent application after publication