面向工業(yè)物聯(lián)網(wǎng)的策略隱藏屬性基加密方案

摘" 要： 針對工業(yè)物聯(lián)網(wǎng)中的生產(chǎn)和監(jiān)管數(shù)據(jù)易泄露與數(shù)據(jù)獲取中斷的問題，提出支持策略隱藏的屬性基加密方案。將屬性信息分為屬性名和屬性值進行方案構造，屬性值在構造過程中并未暴露并且上傳到云服務器的訪問策略僅由屬性名構成，工業(yè)物聯(lián)網(wǎng)設備在獲取生產(chǎn)信息時不會完整的訪問策略，防止了不法分子對設備信息盜取進而導致訪問策略及生產(chǎn)信息的泄露。同時，授權多個半可信云服務器，當某個半可信云服務器不能正常工作時可快速根據(jù)服務器密鑰更新用戶私鑰，使得其他半可信云服務器接替其工作，保證物聯(lián)網(wǎng)設備讀取數(shù)據(jù)的連續(xù)性。此外，引入屬性認證，在撤銷過程中無需重更新密文，適用于產(chǎn)生大量數(shù)據(jù)的物聯(lián)網(wǎng)環(huán)境的撤銷。經(jīng)過安全性分析和性能分析，該方案能抵抗選擇明文攻擊，且系統(tǒng)初始化、用戶密鑰生成、加密、解密都具有較高的運行效率。

關鍵詞： 工業(yè)物聯(lián)網(wǎng)； 數(shù)據(jù)安全； 策略隱藏； 單點故障； 屬性認證； 屬性撤銷

中圖分類號： TN918?34" " " " " " " " " " " " " "文獻標識碼： A" " " " " " " " " " " " 文章編號： 1004?373X（2025）01?0090?07

Strategy?hidden attribute?based encryption scheme for industrial Internet of Things

YIN Jianbiao， ZHANG Yan， SHI Peizhong， GU Chunsheng

（School of Computer Engineering， Jiangsu University of Technology， Changzhou 213001， China）

Abstract： An attribute?based encryption （ABE） scheme supporting policy hiding is proposed to eliminate the production and regulatory data leakage and data acquisition interruption in the industrial Internet of Things （IIoT）. The attribute information is categorized into attribute names and attribute values for scheme construction. The attribute values are not exposed during the process of construction， and the access policy uploaded to the cloud server only consists of attribute names. The IIoT devices do not have complete access policies when obtaining production information， which prevents unauthorized elements from stealing device information and causing the leakage of access policies and production information. Multiple semi?trusted cloud servers are authorized. When a semi?trusted cloud server fails to function properly， the user private key can be quickly updated based on the server key， which allows other semi?trusted cloud servers to take over its work， so as to ensure the continuity of data read by IoT devices. In addition， the introduction of attribute authentication eliminates the need to update the ciphertext during the process of revocation， making it suitable for revocation in the IoT environments that generate a large amount of data. After security and performance analysis， the scheme can resist plaintext attacks and has high operational efficiency in system initialization， user key generation， encryption， and decryption.

Keywords： IIoT; data security; strategy hiding; failure of single point; attribute authentication; attribute revocation

0" 引" 言

物聯(lián)網(wǎng)（IoT）是指通過連接各種不同的傳感設備和互聯(lián)網(wǎng)，使得人、機、物之間實現(xiàn)互聯(lián)互通，從而達到自動化、智能化的目的。2012年，工業(yè)物聯(lián)網(wǎng)（IIoT）首次被提出，工業(yè)物聯(lián)網(wǎng)理論的產(chǎn)生和技術的普及為工業(yè)化的生產(chǎn)帶來了巨大的變革。目前，工業(yè)物聯(lián)網(wǎng)已應用在大型家電、汽車等多種工業(yè)智能制造系統(tǒng)[1?3]。工業(yè)部門把物聯(lián)網(wǎng)引入傳統(tǒng)制造業(yè)[4]，在提高工業(yè)生產(chǎn)力的同時，也會帶來不同的數(shù)據(jù)安全問題。……