Research On Secure And Efficient Data Sharing Control Mechanism In Internet Of Things

Internet of Things(IoT)is one of the most promising technologies and has attracted broad attention from academia and industry in the recent years.It effectively integrates the physical world with the Internet over existing network infrastructure.Billions of devices,such as wearable devices,smart phones,smart cars,are connected to the Internet so that they can share data with each other in this novel paradigm.It facilitates sharing data among intelligent devices and brings a revolutionary transformation to data management at the same time.As most of these devices are resource-constrained,data are generally stored in the cloud instead of locally so that people and devices can conveniently upload and download data anytime and anywhere as long as they can access the Internet.However,this causes a knotty problem of how to ensure the security of data.As data management is out of data owner's direct control,it is not only important to enforce strict control of the data access,but also hide it from the cloud service provider(CSP),which should not be fully trusted.Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic technique which integrates access control with data encryption for ensuring data security in IoT systems.However,the efficiency problem of CP-ABE is still a bottle neck limiting its development and application.A widespread consensus is that the computation overhead of bilinear pairing is excessive,especially for the devices or the processors with limited computational resources and power supply.In this dissertation,we proposed a novel pairing-free data access control scheme based on CP-ABE using elliptic curve cryptography.We replace complicated bilinear pairing with simple scalar multiplication on elliptic curves,thereby reducing the overall computation overhead.And we designed a new way of key distribution which can directly revoke an user or an attribute without updating other users' keys during the attribute revocation phase.Besides,our scheme use linear secret sharing scheme(LSSS)access structure to enhance the expressiveness of the access policy.The security and performance analysis show that our scheme significantly improved the overall efficiency as well as ensured the security.In order to further improve the computational efficiency of ABE technology,we optimized the access structure of traditional ABE.We propose a new pairing-free CP-ABE scheme based on ordered binary decision diagram(OBDD)access structure.On the one hand,we replace the complex bilinear pairing operation in traditional CP-ABE with the relatively lightweight scalar multiplication based on the elliptic curve cryptography,thus reducing the overall computation overhead.On the other hand,we use OBDD as the access structure of CP-ABE.OBDD can not only represent any Boolean expression about attributes,but also support both positive and negative attributes.The length of the key is independent of the number of attributes and the length of the ciphertext is only related to the number of valid paths in the access policy.The security and performance analysis show that our scheme can resist chosen plaintext attack under the decisional Diffie-Hellman(DDH)assumption,and the computation efficiency of the proposed scheme can meet the practical application requirements of Internet of Things.With the rapid growth of the number of IoT devices,the increasingly complex network structure of IoT systems has made the traditional access control technologies be no longer suitable for the management of attributes and permissions of mass devices.In this dissertation,we proposed a novel attribute-based access control scheme for IoT systems that effectively simplifies the access management.We use blockchain technology to record the distribution of attributes in order to avoid single point failure and data tampering.The access control process has also been optimized to meet the need of high efficiency and lightweight calculation for IoT devices.Security and performance analysis show that our scheme could effectively resist multiple attacks and be efficiently implemented in IoT systems.