Research On IoT Data Security And Cross-domain Authentication Model

With the rapid development of the Internet of Things(Io Ts)technology and the increasing popularity of 5G mobile communication services,Io T has become a megatrend in the 4th industrial Revolution,and human society has gradually entered the Internet of Everything Era.The Internet of Things is a very powerful and sophisticated distributed network,which is composed of different networked entities(such as smart devices)that provide users with comfortable life experience and make more suitable development decisions to be performed by analyzing,transmitting and other operations on the collected data.Different types of application devices exchange information on the same task and achieve better integration,which has led to the integration of iot access architecture evolve from vertical integration to horizontal structure,making the process of obtaining data between devices more complex.As more and more heterogeneous devices cooperate across domains,many small devices with weak computing capabilities have to upload and outsource their computing tasks to professional data processing centers by means of communication networks,which leads to the problems such as the integrity of outsourced data and the correctness of outsourced results.Therefore,this article takes Io T data security as the core,and focuses on cross-domain devices using communication channels to upload data,outsourcing calculations,and result verification issues.Based on the theoretical knowledge of Io T identity authentication,it will do research from cross-domain authentication and D2 D group communication,group ciphertext data dynamic sharing and outsourcing computing and verification four aspects of research.A series of efficient,safe and reliable,user identity privacy Io T data security and cross-domain identity authentication schemes are proposed.The main work and contributions of this paper include the following aspects:(1)A cross-domain authentication model based on dynamic accumulator is studied to solve the problem of high computational overhead and anonymity of cross-domain authentication for devices in the Io T.A general undirected graph is used to represent the relationship between devices requiring authentication in the Io Ts,supporting trusted cross-domain,encryption accumulation and transferability.This scheme first abstracts the relationship between the Io Ts devices into a general undirected graph,and uses the transferability of digital signature authentication to construct a digital authentication relationship between vertices without edges,so as to ensure that the signature is in different management domains.The signer can also directly verify the signature's transferability to prove its legitimacy.Secondly,after updating the vertex witness and signature,the signer only needs to publish and link the new witness and signature,and the verifier can verify the correctness of the new witness and signature,thereby deciding whether to carry out signature verification.In addition,the advantages of the dynamic accumulator provide a feasible solution for the addition/removal of edges.Finally,the solution formally defines the security model of the system,and gives a detailed security proof based on adaptive selection of ciphertext attacks.Security analysis shows that the protocol meets the security requirements of accumulator authentication in the industrial Io Ts.And it can guarantee the protection of device identity privacy and the feasibility of adding/deleting users.In addition,the performance of the scheme is analyzed from the perspective of theory and experiment,and the results show that the scheme has high efficiency and feasibility.(2)In order to solve the problem of the lack of identity anonymous authentication and key security negotiation between related devices in D2 D group communication,a constant-round authentication and dynamic group key agreement protocol(CRA-DGK),which realizes a group of D2 D users mutual authentication without the help of the service network and constructs an “out-of-coverage” D2 D group session key negotiation communication scenario.Firstly,the scheme combines the group key agreement with the Gap Diffie-Hellman group-based signature scheme to realize secure D2 D group communication and detect the existence of corrupted group members.Secondly,in the protocol,anonymous identities are used to create secure D2 D group session keys to protect privacy,and users share a low entropy public key cryptosystem for information transmission in the public channel,thereby ensure the security of parameters in the process of session key generation.Thirdly,according to the premise that the e NB and the service network are unavailable in the protocol,the user as the initiator is responsible for initializing the protocol,selecting initial parameters,verifying the identity of the initial participant and updating the group negotiation key in D2 D group communication protocol.Finally,the security analysis shows that the protocol meets the security requirements of D2 D group communication,and the experimental results show that it can resist external attacks without a service network and key agreement protocol.This solution is feasible in practical applications.(3)In view of the dynamic update and dynamic changes of group members in shared ciphertext data stored on cloud servers,a remote encrypted data integrity audit scheme stored in the cloud service is proposed to solve the integrity audit problem of these encrypted data shared by multiple members.In this scheme,the initiator of the shared data group is the project leader,who is responsible for initializing system parameters,selecting some private keys for project members,and generating original ciphertext blocks for sub-projects.Secondly,based on the theory of certificateless signature,the synchronization between ciphertext block and label is realized,and the integrity audit problem of ciphertext block is transformed into equation verification problem related to label,so as to get rid of the key escrow and certificate management problems in public key cryptosystem.Thirdly,in terms of withdrawing/joining members,the ciphertext of the revoked member is converted into the ciphertext of the existing member in combination with the homomorphic hash function,without revealing the ciphertext information.Finally,the security of the protocol against adaptive selective ciphertext attacks is proved based on the bilinear pair theory and the known difficult assumptions CDH and DL.Experimental results show that the scheme is effective in computing and communication overhead,and has higher security in cloud storage sharing groups.(4)Aiming at the problems of collusion and conspiracy to deceive users in the process of outsourcing computing and outsourcing verification,a safe,reliable and anti-collusion scheme based on blockchain is studied for outsourcing data calculation and public verification of the Io T.By means of distributed storage method,the smart device encrypts the collected data and uploads it to the DHT for storage along with the results of the data given by the cloud server.The protocol first guarantees the privacy of the outsourced data through symmetrically encrypting the original data,overcomes the shortcomings of the Io Ts devices that are vulnerable to privacy leaks due to data outsourcing,and enhances the security of private data stored by individuals.Secondly,with the help of the blockchain,the outsourcing calculation results are submitted to the smart contract of Ethereum by embedding a new polynomial decomposition algorithm in advance,which can not only achieve the outsourcing results without any trusted third parties,but also resist collusion attacks.Thirdly,the validation process can be checked publicly without specifying a verifier to prevent collusion between the cloud server and the verifier.Finally,combined with the knowledge of cryptography,the symmetric ciphertext is re-encrypted into public-key cryptographic ciphertext,and then the cryptographic ciphertext is calculated by fully homomorphic encryption,and an application example based on the blockchain online payment protocol is given.