| With the application of Io T technology in many industries and fields such as transportation,manufacturing,and home,our lives have undergone tremendous changes.However,the storage of the massive data that comes with it also brings many security problems,which will be one of the great challenges facing the development of the Internet of Things.Cryptography is the core technology to protect data security.The Attribute-Based Encryption can flexibly implement fine-grained access control,which is favored by scholars.Applying the Attribute-Based Encryption to the Internet of Things can achieve data privacy protection,but also need to consider the following issues,such as the number of node devices with a large number of Io T accesses with limited storage resources and weak computing power;the Internet of Things is dynamic,which causes attributes change frequently,increasing the difficulty of attribute revocation,and so on.Aiming at the above problems,after in-depth study of the existing revocation scheme,this paper proposes two Ciphertext Policy AttributeBased Encryption schemes that can be effectively revoked in the Io T distributed environment.Specifically,the main work of this thesis is summarized as follows:The first scheme adopts the linear secret sharing access control structure.By introducing the attribute group and RSA key management,a multi-authority Ciphertext Policy AttributeBased Encryption scheme that can be immediately revoked in an indirect mode is constructed(RSA-MA-CP-ABE),which implements user revocation and user attribute revocation.By using the RSA key to encrypt the attribute group key,the time complexity of decrypting the attribute group key is reduced,and the risk of attribute group key leakage is solved.At the same time,the cloud storage server with strong computing power is introduced to realize outsourcing storage and outsourcing decryption,which greatly reduces the storage capacity and calculation amount of users.In particular,for the revocation problem caused by dynamic change of attributes,the authority is responsible for updating the attribute group key,and the cloud storage server updates the re-encrypted ciphertext,and the user does not need to participate in the work of updating of the key and ciphertext.Finally,through security analysis and experimental simulation,it is proved that the scheme can resist the choose plaintext attack and has high efficiency,while ensuring anti-collusion attack and forward security and backward security.The second scheme improves the previous one and introduces the attribute authentication idea.Based on the semi-trusted mediator,a multi-authority Ciphertext Policy AttributeBased Encryption scheme that can be immediately revoked in an indirect mode is constructed(AU-MA-CP-ABE),which implements user revocation and user attribute revocation.Before the user decrypts,the semi-trusted mediator authenticates whether the user has all the attributes in the access structure.If the authentication passes,the cloud storage server is requested to preform pre-decryption for the user whose attribute set satisfies the access structure.Users whose permissions have changed will not be authenticated until the next time they decrypt.In particular,for the revocation problem caused by the dynamic change of attributes,the authority is responsible for updating the attribute authentication key.The user does not need to update the key,and the cloud storage server does not need to reencrypt the ciphertext,which greatly reduces the the calculation amount of the cloud storage server at the time of revocation.Finally,through security analysis and experimental simulation,it proves that the scheme achieves choose plaintext attack security safety and is more suitable for the Internet of Things,while also ensuring anti-collusion attacks and forward security and backward security. |
PDF Full Text Request