Research On Secure And Privacy-preserving Of Information Sharing In Internet Of Things

With the development of the information technology, the Internet of Things (IoT) has gradually become the third wave of the information revolution worldwide after the computer and the Internet. IoT, based on the traditional Internet technology, achieves the information sensing between things and things, people and things, and further realize these informa-tion sharing. However, subject to the terminal devices, network structures, communication modes, application scenarios and so on, people raised concerns about information security and privacy when they share the sensory information. There exists contradictory relationship between the information sharing and privacy protection, since the open sharing of informa-tion will inevitably result in the leakage of privacy, while the enclosed privacy protection will increase the difficulty of the information sharing. Thus, this dissertation studies the se-curity and privacy issues of vehicular ad hoc networks (VANETs), mobile health and cloud storage, which focuses on the secure sharing of the sensing data, including the data sensing security, data sharing security and information retrieval security. Specifically, contents of this dissertation are listed as follows:For VANETs, in order to improve traffic safety and alter driving habits, the vehicle needs to periodically broadcast its traffic-related information, including its identity, position, speed and other information. However, because of the feature of wireless communication, it is easy for an attacker to get the contents of communications, which reveals the user’s private in-formation, such as identity, trace, preferences, etc., and further results in other attacks based on these information. Moreover, another feature of VANETs is high-speed mobility and the dynamic topology of the network structure, which leads to the limited survival time of com-munication links among vehicles. Furthermore, the traditional certificate revocation lists are generally adopted to revoke illegal vehicles in VANETs, while it performs poorly. Therefore, faced with these challenges, it is desirable to design a reliable and practical authentication scheme to achieve privacy preservation and efficient revocation in VANETs.Mobile health is used to achieve personal health information (PHI) and treatment experi-ence sharing among patients. However, since the PHI contains sensitive information about patients, patients should be able to control the sharing process of their PHI. This means that even under a random and anonymous condition, the PHI owner can decide how to encrypt his/her files and with which set of users to share the PHI. In addition, the patient’s identity and social attributes are sensitive and private, so they cannot be revealed during the sharing process. Finally, considering the hardware environment, the sharing process should be effi-cient and time-saving. Therefore, we should design a privacy protection scheme to achieve secure PHI sensing and sharing in mobile health.For the security issue of outsourcing cloud storage, searchable symmetric encryption (SSE) is used by the data owner to encrypt the outsourced data in order to protect the data confidentiality. At the same time, the data users can retrieval the outsourced data in the cloud by SSE. However, due to the nature of the delegation/outsourcing, the cloud server can fully control the outsourced data and decide the SSE query result, which causes issues of trust. Therefore, the integrity verification for the query result is significantly important to achieve secure data sharing and information retrieval.According to the above research contents, we have designed corresponding schemes to address these challenges. Specifically, the main contributions of this dissertation are listed as follows:(1) To protect vehicular traffic information sharing in VANETs, we have jointly used the techniques of distributed management, hash-based message authentication code (HMAC), batch group signature verification, and cooperative authentication to design an efficient and privacy-preserving authentication scheme. First, we divide the whole network into sev-eral domains, which allows local management. Then, we use the HMAC to avoid time-consuming certificate revocation list (CRL) checking and to ensure the integrity of messages before batch group authentication. Finally, we also use cooperative authentication to further improve the efficiency of our scheme. Through the above methods, we can achieve efficient security and privacy protection of vehicular traffic information sharing in VANETs.(2) We propose an efficient anonymous batch authenticated scheme based on HMAC to achieve secure and privacy-preserving vehicular traffic information sharing in VANETs. To avoid the large communication overhead and storage space required by CRLs in vehicles, we use group-based scheme and HMAC to ensure only legal vehicles are in groups. Thus, the time-consuming CRLs checking process can be avoided. At the same time, to deal with the additional authentication delay caused by invalid request messages of batch authentication, we use HMAC to ensure the integrity of messages. Therefore, efficient batch authentication is achieved. Finally, for different types of value-added services in VANETs, a corresponding group key and a session key are generated to ensure the security of the communication process.(3) We propose a scalable and fine-grained access control scheme based on attribute-based encryption (ABE) to ensure that patients can completely control their PHI sharing process. In our scheme, each attribute contains an attribute name and the corresponding attribute value. To avoid sensitive attribute leakage and unnecessary repeating decryption attempts in anonymous ABE, we use Bloom filter to realize partial access policy hidden from intended users and conduct the access policy matching before decryption. Finally, considering the resource and energy limitation of smartphones, we outsource ABE decryption to the cloud without leaking information privacy and verify the correctness of partial decryption.(4) We propose a query result integrity verification scheme for the dynamic outsourced encrypted data in order to verify the authenticity, freshness and completeness of the Boolean query results. By constructing the accumulation tree, we can map Boolean query opera-tions to the corresponding set operations to achieve the query integrity verification while keeping privacy-preserving and practical. The security analysis shows that without protect-ing the access pattern, our scheme can keep privacy-preserving information retrieval. The performance demonstrates our scheme is scalable.