Research On Secure Data Sharing Mechanisms In Internet Of Things

In the big data environment of the Internet of things,different institutions and organizations have established their own data centers to meet their application needs.In many cases,different organizations also need to blend and share data to further tap the potential value of data.However,there are still some problems in data resources,such as low degree of centralization and industry barriers in data sharing,resulting in the waste and loss of data resources.Therefore,it is necessary to integrate data into a unified cloud platform of Internet of things.But there are many problems in the process of data sharing.On the one hand,the platform is not completely trusted.On the other hand,the platform with a large amount of data is easy to be the target of attackers.Encrypting data is a common and easy way to protect data security.The security of data and the flexibility of access depend on the establishment of encryption mechanism.However,traditional encryption algorithms such as symmetric encryption can not support fine-grained access control,and it is difficult to deal with the scenarios for big data sharing.Attribute based encryption can achieve fine-grained access control,but the cost of encryption and decryption is related to the number of attributes,so we need to solve the efficiency problem of attribute based encryption.In addition,the user's attributes will change frequently in the Internet of things environment,so it is necessary to implement an efficient attribute revocation mechanism and reduce the cost to the data owner as much as possible.To address these issues,a secure data sharing scheme in the Internet of things environment is proposed in this thesis,including: a CP-ABE attribute revocation mechanism is proposed to deal with the frequent changes of user attributes;a data parallel encryption and decryption scheme based on spark is proposed to solve the efficiency problem in the process of data sharing.The main contributions of the thesis are:1)A CP-ABE attribute revocation scheme based on re-encryption is proposed.The scheme consists of two parts: key update and ciphertext update.When the keys need to be updated,the authority regenerates the attribute private keys and user keys.When the ciphertext need to be updated,the ciphertext is updated by re-encryption.The re-encryption key is generated by the authorized organization,and then it is used by the cloud platform of the Internet of things to complete the re-encryption work of the ciphertext,so as to ensure that the user who has not been revoked can still decrypt correctly.The whole process of attribute revocation does not need the participation of the data owner,and the communication and calculation costs are relatively small.2)A data parallel encryption and decryption scheme based on spark is proposed.The scheme consists of two parts: parallel symmetric encryption and decryption,parallel attribute based encryption and decryption.In parallel symmetric encryption and decryption,plaintext or ciphertext is divided into blocks and distributed to each node in the cluster for parallel processing,and block obfuscation mechanism is added to ensure data security.In parallel attribute based encryption,the linear secret sharing matrix is segmented by lines,and the elements of the lines corresponding to each attribute are processed in parallel to get the ciphertext components.When decrypting,the attributes needed for decryption are distributed to each node,then the ciphertext component and key component corresponding to each attribute are paired to calculate to get plaintext.When the attribute is revoked,the new user key component and ciphertext component are computed in parallel.3)The prototype system of secure data sharing based on the two schemes above is designed and implemented.Finally,the function and performance of the prototype system are tested.The experimental results show that the secure data sharing scheme can effectively reduce the time cost of data encryption or decryption,as well as attribute revocation,which meets the needs of secure and efficient data sharing in the Internet of things environment.