WO2021190452A1 - 用于云雾协助物联网的轻量级属性基签密方法 - Google Patents
用于云雾协助物联网的轻量级属性基签密方法 Download PDFInfo
- Publication number
- WO2021190452A1 WO2021190452A1 PCT/CN2021/082095 CN2021082095W WO2021190452A1 WO 2021190452 A1 WO2021190452 A1 WO 2021190452A1 CN 2021082095 W CN2021082095 W CN 2021082095W WO 2021190452 A1 WO2021190452 A1 WO 2021190452A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- signature
- key
- attribute
- decryption
- outsourcing
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Definitions
- the present invention relates to the field of attribute-based signcryption, in particular to a lightweight attribute-based signcryption method used for cloud-assisted Internet of Things.
- the Internet of Things is the development and extension of the traditional Internet. It connects physical objects in the real world with the network world, and provides more efficient and intelligent services for people's lives. Compared with traditional networks, the Internet of Things has two major differences: First, there are many Internet of Things devices. According to Cisco's annual visual network index, by 2022, machine-to-machine (M2M) connections that support Internet of Things applications will account for 28.5 billion globally. More than half of the connected devices; second, the Internet of Things devices are heterogeneous, and resources (storage and computing, etc.) are very limited. Therefore, data management issues in the Internet of Things are becoming more and more important.
- M2M machine-to-machine
- Cloud assisted Internet of Things is to store a large amount of data generated by the Internet of Things in a cloud storage center, which is managed by cloud devices with rich resources.
- outsourcing storage will inevitably cause a series of security problems.
- the confidentiality and reliability of data are difficult to guarantee.
- attribute-based encryption is considered the most promising solution to this problem. Attribute-based encryption cannot guarantee data security, and can achieve fine-grained data sharing. But regardless of whether it is encrypted first, then signed or signed first, then encrypted, the complexity of the scheme will be the sum of the complexity of the two cryptographic primitives. Based on this, how to reduce the computational burden required for signature and encryption is a problem that needs to be solved.
- the technical task of the present invention is to address the above shortcomings, and provide a lightweight attribute-based signcryption method for cloud-assisted Internet of Things. On the basis of achieving data confidentiality and reliability, it solves how to reduce the amount of signature and decryption required. The problem of computational burden.
- a lightweight attribute-based signcryption method for cloud-assisted IoT of the present invention includes the following steps:
- the central organization initializes the system, generates a system key pair, and discloses a public key, which includes a symmetric encryption algorithm and a key generation function;
- the central organization specifies a set of decryption attributes for the registered data user, and based on the set of decryption attributes, generates a decryption key and an outsourced decryption key corresponding to the data user, and the central organization specifies a signature access structure for the data owner , And generate a signature key and an outsourced signature key corresponding to the data owner based on the signature access structure;
- the data owner selects a set of attributes that satisfy the signature access structure, and calls the fog node based on the outsourcing signature key to perform outsourcing signatures.
- the data owner symmetrically encrypts the plaintext based on the symmetric key, and based on a custom encrypted access structure Perform attribute signcryption on the symmetric key, generate a signcryption text and send the signcryption text to the cloud storage center;
- the fog node For the data user whose attribute set meets the encrypted access structure, the fog node is called for outsourcing signature verification, and the fog node is called for outsourcing decryption. After the data user verifies that the signature is legal based on the outsourced signature verification result, the ciphertext is performed based on the outsourced decryption result. Decrypt symmetrically to get the plaintext.
- the data user symmetrically encrypts the plaintext data according to the symmetric key to generate the ciphertext.
- the structure performs attribute signcryption on the symmetric key, which not only guarantees the confidentiality and reliability of the symmetric key, but also realizes the one-to-many sharing of the symmetric key; access control is performed on the data user through the encrypted access structure, so that only the attribute Data users that meet the access structure can access encrypted data and prevent unauthorized users from accessing encrypted data; the cipher text is stored through the cloud storage center, and the fog node assists the data owner to sign and decrypt, which greatly reduces the burden on the equipment.
- the expression of the key pair (PP, MSK) is:
- G and G T are both p factorial group, g is the generator of G, and v is an element of G;
- e is the symmetric bilinear mapping function e: G ⁇ G ⁇ G T , H 1 , H 2 and H 3 are all anti-collision hash functions, H 3 : ⁇ 0,1 ⁇ * ⁇ 0,1 ⁇ 1 ;
- Y e(g,g) ⁇ , ⁇ is the subgroup Select a random value in;
- ⁇ SE (Enc, Dec) is the initialized symmetric encryption algorithm, and KDF is the initialized key generation function;
- ⁇ 1 , ⁇ 2 , u', v', K 0 , u 0 are all subgroups Random values selected in, the array ⁇ u i ⁇ i ⁇ [l] is the subgroup A set of random values selected in.
- the decryption key The expression is:
- uid is the user number generated by the data user after registering with the central organization
- U d,uid ⁇ U e is a set of decryption attributes selected by the central organization for data users
- t is the slave group Select a random value in
- ⁇ is an extra attribute selected from the attribute set
- r ⁇ is the subgroup for attribute ⁇ A random number selected in;
- (M s , ⁇ s ) is a signature access structure designated by the central organization for the data owner
- M s is the matrix of l s ⁇ k s
- ⁇ s is the row mapping function
- r i is for the i-th row in the M s matrix (M s , ⁇ s) from the group Choose a random value in.
- the data owner selects a set of attributes that satisfy the signature access structure, and calls the fog node to perform the outsourcing signature based on the outsourcing signature key, including the following steps:
- M s,i represents the ith row of the M s matrix
- i represents the attribute mapped by the ith row of the M s matrix in the attribute set I s
- w i represents the corresponding constant
- the data owner sets the set of constants And the outsourced decryption key is sent to the fog node, which serves as an outsourced signature fog node;
- the outsourced signature fog node sends the outsourced signature ⁇ 'to the data owner.
- the data owner performs symmetric encryption on the plaintext based on the symmetric key, and performs attribute signcryption on the symmetric key based on a custom encrypted access structure to generate a signcryption ciphertext, including the following steps:
- the data owner constructs a symmetric key based on the key generation function KDF, and symmetrically encrypts the plaintext according to the symmetric key to generate a ciphertext;
- a data owner custom encrypted access structure (M e, ⁇ e), M e l e ⁇ k e is a matrix, ⁇ e is the row mapping function;
- ⁇ 1 g ⁇ ⁇ '1
- tt represents the current time when signing, which is recorded as the signature time identifier
- the data user sends the encrypted access structure, the signed ciphertext, and the signature time identifier tt to the cloud storage center.
- calling the fog node to perform outsourcing signature verification includes the following steps:
- tt' represents the current time when the outsourcing signature verification is performed, which is recorded as the signature verification time identifier
- the data consumer calculates the following parameters:
- the data user sends the ⁇ , R, (f 1 ,..., f l ), and TCT s to the fog node, and the fog node serves as an outsourced verification fog node;
- the outsourcing verification fog node performs outsourcing signature verification and generates a signature verification result VR.
- the expression of the signature verification result VR is:
- calling the fog node to perform outsourcing decryption includes the following steps:
- a group of attribute sets satisfying the encrypted access structure (M e , ⁇ s ) is selected for decryption, and the attribute set is:
- I d ⁇ i: ⁇ s (i) ⁇ U s,sid ⁇ ;
- the outsourcing decryption fog node performs outsourcing decryption to obtain the outsourcing decryption result.
- the outsourcing decryption calculation formula is:
- the outsourced decryption fog node sends the outsourced decryption result to the data user.
- the data user verifies the validity of the signature according to the following signature verification formula:
- the data user verifies the integrity of the ciphertext through the following ciphertext verification formula after verifying that the signature is legal according to the signature verification result:
- Y s is recovered based on the outsourced decryption result, and a symmetric key is generated based on the key generation function, and symmetric decryption is performed according to the symmetric key.
- the plaintext data is encrypted by a symmetric encryption algorithm, which improves the efficiency and practicability of encryption, making it more suitable for mass data;
- This attribute-based signcryption method realizes the confidentiality and reliability of data at the same time.
- the attribute-based encryption of the ciphertext strategy is used to encrypt the symmetric key, which realizes the security of the symmetric key and one-to-many sharing.
- the access structure controls the access of data users. Only data users whose attributes meet the access structure can decrypt and recover the symmetric key, which can prevent illegal users from accessing the encrypted data; on the other hand, this method uses the attribute-based signature of the key strategy Compared with the ciphertext strategy, the signature practicability and applicability is better, and because the signature size is fixed, the system transmission consumption is reduced; in summary, this method is a practical mixed strategy attribute-based signcryption scheme;
- the data owner outsources ciphertext storage to the cloud storage center, and uses the fog node to assist in signing, which greatly reduces the storage and calculation burden; the data user performs outsourcing signature verification through the fog node, and outsources most of the decryption burden to the fog Nodes and devices have very low computational overhead, which is suitable for devices with limited resources.
- Fig. 1 is a flow diagram of an embodiment of a lightweight attribute-based signcryption method for cloud-assisted Internet of Things.
- the embodiment of the present invention provides a lightweight attribute-based signcryption method for cloud and fog assisting the Internet of Things, which is used to solve the problem of how to reduce the computational burden required for signature and decryption on the basis of realizing data confidentiality and reliability.
- the lightweight attribute-based signcryption method for cloud assisted IoT of the present invention includes the following steps:
- the central organization performs system initialization, generates a system key pair, and discloses a public key, where the public key includes a symmetric encryption algorithm and a key generation function;
- the central organization designates a set of decryption attributes for the registered data user, and generates a decryption key and an outsourced decryption key corresponding to the data user based on the decryption attribute set, and the central organization designates a signature for the data owner Access a structure, and generate a signature key and an outsourced signature key corresponding to the data owner based on the signature access structure;
- the data owner selects a set of attributes that satisfy the signature access structure, and calls the fog node to perform the outsourcing signature based on the outsourcing signature key.
- the data owner symmetrically encrypts the plaintext based on the symmetric key and based on custom encryption
- the access structure performs attribute signcryption on the symmetric key, generates a signcryption ciphertext and sends the signcryption ciphertext to the cloud storage center;
- step S100 the key pair is generated through the following steps:
- H 1 , H 2 and H 3 choose three anti-collision hash functions H 1 , H 2 and H 3 , respectively: H 3 : ⁇ 0,1 ⁇ * ⁇ 0,1 ⁇ 1 ;
- step S200 a decryption key is generated through the following steps:
- the data user applies for registration to the central agency and obtains its user number uid;
- the central organization selects a set of decryption attributes U d,uid ⁇ U e for data users;
- the central organization specifies a special signature access structure (M s , ⁇ s ) for the data owner, M s is a matrix of l s ⁇ k s , ⁇ s is the row mapping function, and the signature access structure (M s , ⁇ s) ) Is converted to the LSSS matrix to obtain the signature access matrix M s ;
- step S300 the fog node assists the data owner to sign, and the specific steps are as follows:
- M s,i represents the ith row of the M s matrix
- i represents the attribute mapped by the ith row of the M s matrix in the attribute set I s
- w i represents the corresponding constant
- the data owner sets the above set of constants And the outsourced decryption key is sent to the fog node, which serves as the outsourced signature fog node;
- the outsourced signature fog node sends the outsourced signature ⁇ 'to the data owner.
- the above outsourcing signature is a half-signature. After the half-signature is sent to the data owner, the data owner encrypts the plaintext and continues to sign.
- the specific steps include:
- the data owner constructs a symmetric key based on the key generation function KDF, and symmetrically encrypts the plaintext according to the symmetric key to generate a ciphertext;
- a data owner custom encrypted access structure (M e, ⁇ e), M e l e ⁇ k e is a matrix, ⁇ e is the row mapping function;
- E 4 Enc(SEK
- d is a symmetric key constructed by the data owner based on the key generation function KDF:
- tt represents the current time when signing, and it is recorded as the signature time identifier
- m is the plaintext data that the data owner wants to encrypt
- the data user sends the encrypted access structure, the signed ciphertext, and the signature time identifier tt to the cloud storage center.
- Step S400 The fog node assists the data user to decrypt the sign encryption.
- the outsourced signature verification is performed through the fog node. The specific steps are as follows:
- tt' represents the current time when the outsourcing signature verification is performed, which is recorded as the signature verification time identifier
- the data consumer calculates the following parameters:
- the data user sends the ⁇ , R, (f 1 ,..., f l ), and TCT s to the fog node, and the fog node serves as an outsourced verification fog node;
- the outsourcing verification fog performs outsourcing signature verification and generates a signature verification result VR.
- the expression of the signature verification result VR is:
- the outsourcing decryption fog node performs outsourcing decryption, the steps are as follows:
- a group of attribute sets satisfying the encrypted access structure (M e , ⁇ s ) is selected for decryption, and the attribute set is:
- I d ⁇ i: ⁇ s (i) ⁇ U s,sid ⁇ ;
- the outsourcing decryption fog node performs outsourcing decryption to obtain the outsourcing decryption result.
- the outsourcing decryption calculation formula is:
- the outsourced decryption fog node sends the outsourced decryption result to the data user.
- the outsourcing decryption result obtained through outsourcing decryption by the fog node is a semi-cipher text.
- the fog node sends the semi-cipher text to the data user, and the data user performs the decryption.
- the specific steps are as follows:
- Y s is recovered based on the outsourced decryption result, and a symmetric key is generated based on the key generation function, and symmetric decryption is performed according to the symmetric key to obtain the plaintext.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Storage Device Security (AREA)
Abstract
发明公开了一种用于云雾协助物联网的轻量级属性基签密方法,属于属性基签密领域,要解决的技术问题为在实现数据机密性和可靠性基础上,如何减少签名和解密所需计算负担的问题。方法包括:中心机构进行系统初始化生成系统密钥对并公开其中的公钥,包括一个对称加密算法和一个密钥生成函数;中心机构基于数据使用者的解密属性集为其生成解密密钥、外包解密密钥,基于签名访问结构为其生成签名密钥和外包签名密钥;数据拥有者调用雾节点进行外包签名,基于对称密钥对明文进行对称加密、并基于自定义的加密访问结构属性签密所述对称密钥;数据使用者调用雾节点进行外包签名验证,并调用雾节点进行外包解密,最后基于外包解密结果对密文进行对称解密。
Description
本发明涉及属性基签密领域,具体地说是一种用于云雾协助物联网的轻量级属性基签密方法。
物联网是传统互联网的发展和延伸,它将现实世界中的物理对象与网络世界联系起来,为人们的生活提供更高效、更智能的服务。物联网相较于传统网络有两个大的不同:第一、物联网设备众多,根据思科年度视觉网络指数,到2022年,支持物联网应用的机器对机器(M2M)连接将占全球285亿个连接设备的一半以上;第二、物联网设备异构、资源(存储和计算等)非常有限。因此,物联网中的数据管理问题越来越重要。
为了解决物联网大量数据与有限的设备存储资源之间的矛盾,云协助物联网被提出,云协助物联网即将物联网产生的大量数据存储到云存储中心,由资源丰富的云设备统一管理。但外包存储必然引起一系列的安全问题,数据的机密性和可靠性均难以保证,有两种直接的方法用于解决这些问题:先加密后签名,或者先签名后加密。
传统的公钥加密方法虽然可以保证数据的机密性,但是仅能实现一对一的共享,违背了物联网设计的初衷即通过数据共享提供更高效更智能的服务。目前,基于属性的加密被认为是这一问题最有前景的解决方法。基于属性的加密不能能保证数据的安全性,而且可以实现细粒度的数据共享。但不论先加密后签名还是先签名后加密,其方案的复杂性就会是两个密码原语的复杂性之和。基于此,如何减少签名和加密所需的计算负担是需要解决的问题。
近年来,为了在同时保证数据的机密性和可靠性条件下,尽量压缩计算所需的负担,提出了许多属性签密方案。基本的属性加密方案在应用到物联网场景下会遇到许多问题,首先,密文策略的签名方案意味着设备可自行定义访问结构,这与现实情况不符,通常来说,证物联网场景中的匿名认证大多由中心机构控制;其次,密钥策略的加密又导致数据拥有者无法自行定义访问结构, 这意味着访问控制权没有直接交到数据拥有者手中。此外,属性加密的安全性大多基于困难的数学假设,这意味着解密负担对资源有限的物联网设备来说难以负载。
如何在实现数据机密性和可靠性基础上,减少签名和解密所需的计算负担使方案更适用于资源有限的物联网,是需要解决的技术问题。
发明内容
本发明的技术任务是针对以上不足,提供一种用于云雾协助物联网的轻量级属性基签密方法,在实现数据机密性和可靠性基础上,来解决如何减少签名和解密所需的计算负担的问题。
本发明的一种用于云雾协助物联网的轻量级属性基签密方法,包括如下步骤:
中心机构进行系统初始化,生成系统密钥对,并公开公钥,所述公钥包括一个对称加密算法和一个密钥生成函数;
中心机构为注册的数据使用者指定一个解密属性集合,并基于所述解密属性集合生成与所述数据使用者对应的解密密钥和外包解密密钥,中心机构为数据拥有者指定一个签名访问结构,并基于所述签名访问结构生成与所述数据拥有者对应的签名密钥和外包签名密钥;
数据拥有者选择一组满足所述签名访问结构的属性集合,并基于外包签名密钥调用雾节点进行外包签名,数据拥有者基于对称密钥对明文进行对称加密、并基于自定义的加密访问结构对对称密钥进行属性签密,生成签密密文并将签密密文发送至云存储中心;
对于其属性集合满足加密访问结构的数据使用者,调用雾节点进行外包签名验证,并调用雾节点进行外包解密,数据使用者根据外包签名验证结果验证签名合法后,基于外包解密结果对密文进行对称解密,得到明文。
在上述实施方式中,数据使用者根据对称密钥对明文数据进行对称加密生成密文,相对于直接将大量数据进行属性加密,提高了运算速度和实用性;基于数据使用者自定义的加密访问结构对对称密钥进行属性签密,不仅保证了对称密钥的机密性和可靠性,还实现了对称密钥的一对多共享;通过加密访问结 构对数据使用者进行访问控制,从而仅属性满足访问结构的数据使用者可以访问加密的数据,阻止非法用户访问加密的数据;通过云存储中心存储密文,通过雾节点辅助数据拥有者签名和解密,大大减轻了设备负担。
作为优选,所述密钥对(PP,MSK)的表达式为:
MSK={α}
其中,G和G
T均为p阶乘法群,g为G的生成元,v为G的一个元素;
∏
SE(Enc,Dec)为初始化的对称加密算法,KDF为初始化的密钥生成函数;
SK=g
αv
t
SK'=g
t
其中,uid为数据使用者向中心机构注册后产生的用户号,
U
d,uid∈U
e,为中心机构为数据使用者选择的一个解密属性集合,
TK=g
α·t′v
t·t′
TK'=g
t·t′
签名密钥SK
s=(D
0,D'
0)的表达式为:
τ为从属性集合中选取的一个额外属性,
外包签名密钥TSK
s=({D
i,D'
iD
i,w}
i∈[ls])的表达式为:,
其中,(M
s,ρ
s)为中心机构为数据拥有者指定的一个签名访问结构,M
s为l
s×k
s的矩阵,ρ
s为行映射函数,
作为优选,数据拥有者选择一组满足所述签名访问结构的属性集合,并基于外包签名密钥调用雾节点进行外包签名,包括如下步骤:
数据拥有者选择一组满足签名访问结构(M
s,ρ
s)的属性集合用于签名,所述属性集合为:I
s={i:ρ
s(i)∈U
s,sid};
其中,M
s,i表示M
s矩阵的第i行,i表示属性集合I
s中M
s矩阵的第i行所映射的属性,w
i表示对应的常数;
外包签名雾节点将外包签名σ'发送至数据拥有者。
作为优选,数据拥有者基于对称密钥对明文进行对称加密、并基于自定义的加密访问结构对对称密钥进行属性签密,生成签密密文,包括如下步骤:
数据拥有者基于密钥生成函数KDF构建对称密钥,并根据对称密钥对明文进行对称加密,生成密文;
数据拥有者自定义一个加密访问结构(M
e,ρ
e),M
e为l
e×k
e的矩阵,ρ
e为行映射函数;
所述签密密文的表达式为:
E
1=g
s
E
4=Enc(SEK||d,m)
σ
0=u'
H(SEK)v'
H(d)
σ
1=g
ξσ'
1
其中,μ=H
1(E
1)
key=Y
s||σ
0||tt)
R=H
2(E
1||E
2||E
3||E
4||σ
0||σ
1||M
e||U
s,sid)
(f
1,.......,f
l)∈{0,1}
l=H
3(σ
1,tt,M
e,U
s,sid)
SEK||d表示密钥,
tt表示进行签名时当前时间,记为签名时间标识;
数据使用者将所述加密访问结构、签密密文以及签名时间标识tt发送至云存储中心。
作为优选,对于其属性集合满足加密访问结构的数据使用者,调用雾节点进行外包签名验证,包括如下步骤:
数据使用者验证下列等式是否成立:
其中,tt'表示进行外包签名验证时的当前时间,记为签名验证时间标识,
如果上述等式成立,验证数据使用者的属性集合是否满足加密访问结构;
如果数据使用者的属性集合满足加密访问结构,数据使用者计算如下参数:
μ=H
1(E
1)
R=H
2(E
1||E
2||E
3||E
4||σ
0||σ
1||M
e||U
s,sid)
(f
1,.......,f
l)∈{0,1}
l=H
3(σ
1,tt,M
e,U
s,sid);
数据使用者将所述μ、R、(f
1,.......,f
l)以及TCT
s发送至雾节点,所述雾节点作为外包验证雾节点;
外包验证雾节点进行外包签名验证,生成签名认证结果VR,签名认证结果VR的表达为:
作为优选,对于其属性集合满足加密访问结构的数据使用者,调用雾节点进行外包解密,包括如下步骤:
选择一组满足加密访问结构(M
e,ρ
s)的属性集合用于解密,所述属性集合为:
I
d={i:ρ
s(i)∈U
s,sid};
其中,下标i与M
e矩阵中的行一一对应;
外包解密雾节点进行外包解密得到外包解密结果,外包解密计算公式为:
外包解密雾节点将外包解密结果发送至数据使用者。
作为优选,数据使用者根据如下签名验证公式对签名合法性进行验证:
作为优选,数据使用者根据签名验证结果验证签名合法后,通过如下密文验证公式对密文进行完整性验证:
σ
4=u′
H(SEK)v′
H(d)
验证密文完整后,基于外包解密结果恢复出Y
s,并基于密钥生成函数生成对称密钥,根据对称密钥进行对称解密。
本发明的用于云雾协助物联网的轻量级属性基签密方法具有以下优点:
1、通过对称加密算法对明文数据进行加密,提高了加密的效率和实用性,使其更适用于海量数据;
2、此属性基签密方法同时实现了数据的机密性和可靠性,一方面采用密文策略的属性基加密加密对称密钥,实现了对称密钥的安全性和一对多共享,通过加密访问结构对数据使用者进行访问控制,仅属性满足访问结构的数据使用者可以解密恢复出对称密钥,可阻止非法用户访问加密的数据;另一方面,该方法采用密钥策略的属性基签名,相对于密文策略的签名实用性和适用性更好,且由于签名大小固定,降低了系统传输消耗;综上,该方法为一个实用的混合策略的属性基签密方案;
3、数据拥有者将密文存储外包给云存储中心,并通过雾节点辅助签名,大大减轻了存储和计算负担;数据使用者通过雾节点进行外包签名验证,并将大部分解密负担外包给雾节点,设备的计算开销非常低,适用于资源有限的设备。
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例中描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
下面结合附图对本发明进一步说明。
附图1为实施例用于云雾协助物联网的轻量级属性基签密方法的流程框图。
下面结合附图和具体实施例对本发明作进一步说明,以使本领域的技术人员可以更好地理解本发明并能予以实施,但所举实施例不作为对本发明的限定,在不冲突的情况下,本发明实施例以及实施例中的技术特征可以相互结合。
本发明实施例提供一种用于云雾协助物联网的轻量级属性基签密方法,用于解决在实现数据机密性和可靠性基础上,如何减少签名和解密所需的计算负担的问题。
实施例:
如附图1所示,本发明的用于云雾协助物联网的轻量级属性基签密方法,包括如下步骤:
S100、中心机构进行系统初始化,生成系统密钥对,并公开公钥,所述公钥包括一个对称加密算法和一个密钥生成函数;
S200、中心机构为注册的数据使用者指定一个解密属性集合,并基于所述解密属性集合生成与所述数据使用者对应的解密密钥和外包解密密钥,中心机构为数据拥有者指定一个签名访问结构,并基于所述签名访问结构生成与所述数据拥有者对应的签名密钥和外包签名密钥;
S300、数据拥有者选择一组满足所述签名访问结构的属性集合,并基于外包签名密钥调用雾节点进行外包签名,数据拥有者基于对称密钥对明文进行对称加密、并基于自定义的加密访问结构对对称密钥进行属性签密,生成签密密文并将签密密文发送至云存储中心;
S400、对于其属性集合满足加密访问结构的数据使用者,调用雾节点进行外包签名验证,并调用雾节点进行外包解密,数据使用者根据外包签名验证结果验证签名合法后,基于外包解密结果对密文进行对称解密,得到明文。
其中,步骤S100中通过如下步骤生成密钥对:
输入安全参数λ,选择两个p阶的乘法群G和G
T,g为G的生成元,v为G的一个元素;
选择一个对称双线性映射e:G×G→G
T;
初始化对称加密算法∏
SE(Enc,Dec),并初始化一个密钥生成函数KDF;
基于上述生成密钥对,密钥对(PP,MSK)的表达式为:
MSK={α}。
步骤S200中,通过如下步骤生成解密密钥:
数据使用者向中心机构申请注册,得到其用户号uid;
中心机构为数据使用者选择一个解密属性集合U
d,uid∈U
e;
SK=g
αv
t
SK'=g
t
通过如下步骤生成解密密钥:
TK=g
α·t′v
t·t′
TK'=g
t·t′
通过如下步骤生成签名密钥:
通过如下步骤生成外包签名密钥:
中心机构为数据拥有者指定一个特殊的签名访问结构(M
s,ρ
s),M
s为l
s×k
s的矩阵,ρ
s为行映射函数,将该签名访问结构(M
s,ρ
s)转换为LSSS矩阵,得到签名访问矩阵M
s;
步骤S300中通过雾节点辅助数据拥有者进行签名,具体步骤为:
数据拥有者选择一组满足签名访问结构(M
s,ρ
s)的属性集合用于签名,该属性集合为:I
s={i:ρ
s(i)∈U
s,sid}
其中,M
s,i表示M
s矩阵的第i行,i表示属性集合I
s中M
s矩阵的第i行所映射的属性,w
i表示对应的常数;
外包签名雾节点将外包签名σ'发送至数据拥有者。
上述外包签名得的为半签名,该半签名发送给数据拥有者后,数据拥有者进行对明文加密、并继续签名,具体步骤包括:
数据拥有者基于密钥生成函数KDF构建对称密钥,并根据对称密钥对明文进行对称加密,生成密文;
数据拥有者自定义一个加密访问结构(M
e,ρ
e),M
e为l
e×k
e的矩阵,ρ
e为行映射函数;
E
1=g
s
E
4=Enc(SEK||d,m)
σ
3=u'
H(SEK)v'
H(d)
其中,μ=H
1(E
1),
E
4=Enc(SEK||d,m),为根据对称密钥对明文对称加密生成的密文,
SEK||d为数据拥有者基于密钥生成函数KDF构建的对称密钥:
KDF(key,1)=SEK||d
key=Y
s||σ
0||tt,
tt表示进行签名时当前时间,记为签名时间标识,
m为数据拥有者想要加密的明文数据,
R=H
2(E
1||E
2||E
3||E
4||σ
0||σ
1||M
e||U
s,sid),
(f
1,.......,f
l)∈{0,1}
l=H
3(σ
1,tt,M
e,U
s,sid);
数据使用者将所述加密访问结构、签密密文以及签名时间标识tt发送至云存储中心。
步骤S400雾节点辅助数据使用者解签密,首先,通过雾节点进行外包签名验证,具体步骤为:
数据使用者验证下列等式是否成立:
其中,tt'表示进行外包签名验证时的当前时间,记为签名验证时间标识,
如果上述等式成立,验证数据使用者的属性集合是否满足加密访问结构;
如果数据使用者的属性集合满足加密访问结构,数据使用者计算如下参数:
μ=H
1(E
1)
R=H
2(E
1||E
2||E
3||E
4||σ
0||σ
1||M
e||U
s,sid)
(f
1,.......,f
l)∈{0,1}
l=H
3(σ
1,tt,M
e,U
s,sid);
数据使用者将所述μ、R、(f
1,.......,f
l)以及TCT
s发送至雾节点,所述雾节点作为外包验证雾节点;
外包验证雾进行外包签名验证,生成签名认证结果VR,签名认证结果VR的表达为:
外包签名验证通过后,外包解密雾节点进行外包解密,步骤为:
选择一组满足加密访问结构(M
e,ρ
s)的属性集合用于解密,所述属性集合为:
I
d={i:ρ
s(i)∈U
s,sid};
其中,下标i与M
e矩阵中的行一一对应;
外包解密雾节点进行外包解密得到外包解密结果,外包解密计算公式为:
外包解密雾节点将外包解密结果发送至数据使用者。
通过雾节点进行外包解密得到的外包解密结果为半密文,雾节点将半密文发送给数据使用者,数据使用者进行解密,具体步骤为:
数据使用者根据如下签名验证公式对签名合法性进行验证:
数据使用者根据签名验证结果验证签名合法后,通过如下密文验证公式对密文进行完整性验证:
σ
4=u′
H(SEK)v′
H(d)
验证密文完整后,基于外包解密结果恢复出Y
s,并基于密钥生成函数生成对称密钥,根据对称密钥进行对称解密,得到明文。
以上所述实施例仅是为充分说明本发明而所举的较佳的实施例,本发明的保护范围不限于此。本技术领域的技术人员在本发明基础上所作的等同替代或变换,均在本发明的保护范围之内。本发明的保护范围以权利要求书为准。
Claims (9)
- 用于云雾协助物联网的轻量级属性基签密方法,其特征在于包括如下步骤:中心机构进行系统初始化,生成系统密钥对,并公开公钥,所述公钥包括一个对称加密算法和一个密钥生成函数;中心机构为注册成功的数据使用者指定一个解密属性集合,并基于所述解密属性集合生成与所述数据使用者对应的解密密钥和外包解密密钥,中心机构为数据拥有者指定一个签名访问结构,并基于所述签名访问结构生成与所述数据拥有者对应的签名密钥和外包签名密钥;数据拥有者选择一组满足所述签名访问结构的属性集合,并基于外包签名密钥调用雾节点进行外包签名,数据拥有者基于对称密钥对明文进行对称加密、并基于自定义的加密访问结构对对称密钥进行属性签密,生成签密密文并将签密密文发送至云存储中心;对于其属性集合满足加密访问结构的数据使用者,调用雾节点进行外包签名验证,并调用雾节点进行外包解密,数据使用者根据外包签名验证结果验证签名合法后,基于外包解密结果对密文进行对称解密,得到明文。
- 根据权利要求1所述的用于云雾协助物联网的轻量级属性基签密方法,其特征在于所述密钥对(PP,MSK)的表达式为:MSK={α}其中,G和G T均为p阶乘法群,g为G的生成元,v为G的一个元素;U e为初始化后的加密属性的全集,U s为初始化后签名属性的全集;Π SE(Enc,Dec)为初始化的对称加密算法,KDF为初始化的密钥生成函数;
- SK=g αv tSK'=g t其中,uid为数据使用者向中心机构注册后产生的用户号,U d,uid∈U e,为中心机构为数据使用者指定的一个解密属性集合,TK=g α·t′v t·t′TK'=g t·t′签名密钥SK s=(D 0,D' 0)的表达式为:τ为从属性集合中选取的一个额外属性,外包签名密钥TSK s=({D i,D′ iD i,w} i∈[ls])的表达式为:,其中,(M s,ρ s)为中心机构为数据拥有者指定的一个签名访问结构,M s为l s×k s的矩阵,ρ s为行映射函数,
- [根据细则91更正 29.04.2021]
根据权利要求3所述的用于云雾协助物联网的轻量级属性基签密方法,其特征在于数据拥有者选择一组满足所述签名访问结构的属性集合,并基于外包签名密钥调用雾节点进行外包签名,包括如下步骤:
数据拥有者选择一组满足签名访问结构(M s,ρ s)的属性集合用于签名,所述属性集合为:
基于上述属性集合,找到一组常数 满足如下公式:
其中,M s,i表示M s矩阵的第i行,i表示属性集合I s中M s矩阵的第i行所映射的属性,w i表示对应的常数;
数据拥有者将所述一组常数 及外包解密密钥发送至雾节点,所述雾节点作为外包签名雾节点;
外包签名雾节点从群 中选择一个随机数ξ进行外包签名,得到的签名记为外包签名σ',外包签名σ'=(σ′ 1,σ′ 2)的表达式为:
外包签名雾节点将外包签名σ'发送至数据拥有者。 - 根据权利要求4所述的用于云雾协助物联网的轻量级属性基签密方法,其特征在于数据拥有者基于对称密钥对明文进行对称加密、并基于自定义的加密访问结构对对称密钥进行属性签密,生成签密密文,包括如下步骤:数据拥有者自定义一个加密访问结构(M e,ρ e),M e为l e×k e的矩阵,ρ e为行映射函数;E 1=g sE 4=Enc(SEK||d,m)σ 3=u' H(SEK)v' H(d)其中,μ=H 1(E 1),E 4=Enc(SEK||d,m),为根据对称密钥对明文对称加密生成的密文,SEK||d为数据拥有者基于密钥生成函数KDF构建的对称密钥:KDF(key,1)=SEK||dkey=Y s||σ 0||tt,tt表示进行签名时当前时间,记为签名时间标识,m为数据拥有者想要加密的明文数据,R=H 2(E 1||E 2||E 3||E 4||σ 0||σ 1||M e||U s,sid),(f 1,.......,f l)∈{0,1} l=H 3(σ 1,tt,M e,U s,sid);数据使用者将所述加密访问结构、签密密文以及签名时间标识tt发送至云存储中心。
- 根据权利要求5所述的用于云雾协助物联网的轻量级属性基签密方法,其特征在于对于其属性集合满足加密访问结构的数据使用者,调用雾节点进行外包签名验证,包括如下步骤:数据使用者验证下列等式是否成立:其中,tt'表示进行外包签名验证时的当前时间,记为签名验证时间标识,如果上述等式成立,验证数据使用者的属性集合是否满足加密访问结构;如果数据使用者的属性集合满足加密访问结构,数据使用者计算如下参数:μ=H 1(E 1)R=H 2(E 1||E 2||E 3||E 4||σ 0||σ 1||M e||U s,sid)(f 1,.......,f l)∈{0,1} l=H 3(σ 1,tt,M e,U s,sid);数据使用者将所述μ、R、(f 1,.......,f l)以及TCT s发送至雾节点,所述雾节点作为外包验证雾节点;外包验证雾节点进行外包签名验证,生成签名认证结果VR,签名认证结果VR的表达为:
- 根据权利要求8所述的用于云雾协助物联网的轻量级属性基签密方法,其特征在于数据使用者根据签名验证结果验证签名合法后,通过如下密文验证公式对密文进行完整性验证:σ 4=u′ H(SEK)v′ H(d)验证密文完整后,基于外包解密结果恢复出Y s,并基于密钥生成函数生成对称密钥,根据对称密钥进行对称解密。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/912,391 US20230131071A1 (en) | 2020-03-23 | 2021-03-22 | Lightweight attribute-based signcryption (absc) method for cloud-fog-assisted internet-of-things (iot) |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010205743.8 | 2020-03-23 | ||
CN202010205743.8A CN111447192B (zh) | 2020-03-23 | 2020-03-23 | 用于云雾协助物联网的轻量级属性基签密方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021190452A1 true WO2021190452A1 (zh) | 2021-09-30 |
Family
ID=71653375
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/082095 WO2021190452A1 (zh) | 2020-03-23 | 2021-03-22 | 用于云雾协助物联网的轻量级属性基签密方法 |
Country Status (3)
Country | Link |
---|---|
US (1) | US20230131071A1 (zh) |
CN (1) | CN111447192B (zh) |
WO (1) | WO2021190452A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114201748A (zh) * | 2021-12-14 | 2022-03-18 | 南湖实验室 | 高可信环境下计算移向数据端场景中数据源可信验证方法 |
CN116132048A (zh) * | 2023-01-04 | 2023-05-16 | 扬州大学 | 一种适用于医疗物联网场景下用户隐私数据安全共享的方法 |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111447192B (zh) * | 2020-03-23 | 2022-05-10 | 齐鲁工业大学 | 用于云雾协助物联网的轻量级属性基签密方法 |
CN116318690B (zh) * | 2023-05-25 | 2023-08-15 | 山东大学 | 一种基于矩阵奇异值分解的安全外包计算方法及系统 |
CN116599771B (zh) * | 2023-07-14 | 2023-09-22 | 浙江云针信息科技有限公司 | 数据分级保护传输方法及装置、存储介质和终端 |
US11861030B1 (en) * | 2023-08-17 | 2024-01-02 | Datchat, Inc. | Technology platform for providing secure group-based access to sets of digital assets |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140289513A1 (en) * | 2013-03-15 | 2014-09-25 | Arizona Board Of Regents On Behalf Of Arizona State University | Enabling Comparable Data Access Control for Lightweight Mobile Devices in Clouds |
CN108156138A (zh) * | 2017-12-13 | 2018-06-12 | 西安电子科技大学 | 一种用于雾计算的细粒度可搜索加密方法 |
CN108881314A (zh) * | 2018-08-28 | 2018-11-23 | 南京邮电大学 | 雾计算环境下基于cp-abe密文访问控制实现隐私保护的方法及系统 |
CN110247767A (zh) * | 2019-06-28 | 2019-09-17 | 北京工业大学 | 雾计算中可撤销的属性基外包加密方法 |
CN110602086A (zh) * | 2019-09-10 | 2019-12-20 | 北京工业大学 | 雾计算中可撤销和外包的多授权中心属性基加密方法 |
CN111447192A (zh) * | 2020-03-23 | 2020-07-24 | 齐鲁工业大学 | 用于云雾协助物联网的轻量级属性基签密方法 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104486315B (zh) * | 2014-12-08 | 2017-06-13 | 北京航空航天大学 | 一种基于内容属性的可撤销密钥外包解密方法 |
CN104993929B (zh) * | 2015-05-15 | 2018-05-18 | 西安邮电大学 | 一种支持系统属性扩展的属性基加密系统及方法 |
FR3043292B1 (fr) * | 2015-11-03 | 2017-10-27 | Commissariat Energie Atomique | Methode de chiffrement basee sur les attributs comprenant une phase de pre-calcul |
CN106230590B (zh) * | 2016-07-22 | 2019-04-16 | 安徽大学 | 一种多授权机构的密文策略属性基加密方法 |
-
2020
- 2020-03-23 CN CN202010205743.8A patent/CN111447192B/zh active Active
-
2021
- 2021-03-22 US US17/912,391 patent/US20230131071A1/en active Pending
- 2021-03-22 WO PCT/CN2021/082095 patent/WO2021190452A1/zh active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140289513A1 (en) * | 2013-03-15 | 2014-09-25 | Arizona Board Of Regents On Behalf Of Arizona State University | Enabling Comparable Data Access Control for Lightweight Mobile Devices in Clouds |
CN108156138A (zh) * | 2017-12-13 | 2018-06-12 | 西安电子科技大学 | 一种用于雾计算的细粒度可搜索加密方法 |
CN108881314A (zh) * | 2018-08-28 | 2018-11-23 | 南京邮电大学 | 雾计算环境下基于cp-abe密文访问控制实现隐私保护的方法及系统 |
CN110247767A (zh) * | 2019-06-28 | 2019-09-17 | 北京工业大学 | 雾计算中可撤销的属性基外包加密方法 |
CN110602086A (zh) * | 2019-09-10 | 2019-12-20 | 北京工业大学 | 雾计算中可撤销和外包的多授权中心属性基加密方法 |
CN111447192A (zh) * | 2020-03-23 | 2020-07-24 | 齐鲁工业大学 | 用于云雾协助物联网的轻量级属性基签密方法 |
Non-Patent Citations (1)
Title |
---|
ZENG PING, JIN QIAN, CHENGXIN MU, YUAN GAO, RONGLEI HU: "Light weight attribute-based encryption outsourced algorithm for fog computing", APPLICATION RESEARCH OF COMPUTERS, CHENGDU, CN, vol. 37, no. 2, 1 February 2020 (2020-02-01), CN, pages 498 - 500, 504, XP055853408, ISSN: 1001-3695 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114201748A (zh) * | 2021-12-14 | 2022-03-18 | 南湖实验室 | 高可信环境下计算移向数据端场景中数据源可信验证方法 |
CN114201748B (zh) * | 2021-12-14 | 2024-02-06 | 南湖实验室 | 高可信环境下计算移向数据端场景中数据源可信验证方法 |
CN116132048A (zh) * | 2023-01-04 | 2023-05-16 | 扬州大学 | 一种适用于医疗物联网场景下用户隐私数据安全共享的方法 |
Also Published As
Publication number | Publication date |
---|---|
CN111447192B (zh) | 2022-05-10 |
CN111447192A (zh) | 2020-07-24 |
US20230131071A1 (en) | 2023-04-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021190452A1 (zh) | 用于云雾协助物联网的轻量级属性基签密方法 | |
Li et al. | Full verifiability for outsourced decryption in attribute based encryption | |
CN109559117B (zh) | 基于属性基加密的区块链合约隐私保护方法与系统 | |
CN110636500B (zh) | 支持跨域数据共享的访问控制系统及方法、无线通信系统 | |
Huang et al. | Secure data access control with ciphertext update and computation outsourcing in fog computing for Internet of Things | |
Li et al. | User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage | |
Ateniese et al. | Secret handshakes with dynamic and fuzzy matching. | |
Zhang et al. | Efficient attribute-based data sharing in mobile clouds | |
CN110933033B (zh) | 智慧城市环境下多物联网域的跨域访问控制方法 | |
CN106487506B (zh) | 一种支持预加密和外包解密的多机构kp-abe方法 | |
WO2021190450A1 (zh) | 用于云协助物联网的带追踪的多属性机构属性基加密方法 | |
WO2021190453A1 (zh) | 用于云雾协助物联网的轻量级属性基签密方法 | |
CN106209790B (zh) | 一种隐藏密文策略的高效可验证外包属性基加密方法 | |
CN111277412B (zh) | 基于区块链密钥分发的数据安全共享系统及方法 | |
CN106713349B (zh) | 一种能抵抗选择密文攻击的群组间代理重加密方法 | |
CN113411323B (zh) | 基于属性加密的医疗病历数据访问控制系统及方法 | |
Li et al. | Efficient privacy-preserving access control of mobile multimedia data in cloud computing | |
Li et al. | Traceable Ciphertext‐Policy Attribute‐Based Encryption with Verifiable Outsourced Decryption in eHealth Cloud | |
Qin et al. | Simultaneous authentication and secrecy in identity-based data upload to cloud | |
CN104796260B (zh) | 一种满足前向安全的短密文身份基加密方法 | |
Fischer et al. | Using attribute-based encryption on iot devices with instant key revocation | |
CN114697042A (zh) | 一种基于区块链的物联网安全数据共享代理重加密方法 | |
Qin et al. | Flexible and lightweight access control for online healthcare social networks in the context of the internet of things | |
Zhang et al. | Fine-grained access control systems suitable for resource-constrained users in cloud computing | |
Zheng et al. | Threshold attribute‐based signcryption and its application to authenticated key agreement |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21774455 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21774455 Country of ref document: EP Kind code of ref document: A1 |