Research And Implementation Of Ciphertext Policy Attribute-based Access Control With Policy Updating In Internet Of Things

The Internet of Things is widely used in the area of national economy and military.There are a large number of low-smart terminal nodes(Restricted IoT devices)at the sensing layer.The data at the sensing layer is usually stored on third-party's cloud servers,which poses great challenges to security.The attribute-based encryption has strong security,supports fine-grained security access control.And access control policies are related to the number of attributes,reducing the complexity of key management and attribute authorization and adapting to dynamic authorization of large-scale entities.Therefore,CP-ABE can be applied to the Internet of Things.However,CP-ABE still has some problems that affect practical applications.The performance is as follows: Attribute authority has a large workload for key management and attribute authorization;Encryption and decryption operations require extensive bilinear pairing operations,but limited IoT devices have limited computing and communication capabilities;The IoT devices do not retain data locally,and access control policy updates are difficult.Based on the traditional CP-ABE scheme,we propose a CP-ABE access control scheme that can be applied to the security of the Internet of Things and is fine-grained,strategically updated and hierarchically outsourced.Aiming at the large workload of the attribute authority in the CP-ABE scheme,we introduce the concept of hierarchical attribute authorization and design multiple authority models.By sharing the attribute authorization and key management through the domain attribute authority,the workload of the central attribute authority is reduced,and the scalability of the Internet of Things equipment is achieved.For the computational burden of encryption and decryption,we propose a hierarchical outsourcing encryption and decryption scheme,design the overall framework of the system,introduce intelligent gateway outsourcing encryption,outsource most of the encryption calculations to semi-trusted gateways,and outsource most decryption calculations to semi-trusted cloud server.Our scheme ensures that the data transmitted between devices is ciphertext,improves system security,and meets the requirements of the restricted IoT devices.For the difficulty of updating the access control policy,we adopted the method of generating a policy update key from the IoT devices and outsourcing policy updates to the cloud server.However,the update process does not leak sensitive data to the cloud server.Our program conducted security analysis from data confidentiality,fine-grained access control,prevention of collusion attacks,and security policy updates.It is proved to be secure under bilinear mapping model and random oracle model.Compared with other technical solutions,our solution has excellent comprehensive performance in multi-attribute authority,outsourced encryption and decryption,strategy update,and applying to IoT devices.Efficiency analysis shows that the time cost of data encryption and decryption is smaller than that of CFAC,DAAC,etc.The time cost of the strategy update phase is less than that of the DAAC solution.The simulation experiment results show that the proposed scheme outperforms the CFAC scheme in the encryption and decryption stage and the DAAC scheme in the strategy update stage.