基于雾计算的工业互联网安全数据访问方法

摘要/Abstract

摘要： 针对工业互联网应用场景中的低时延、低功耗和安全性要求，提出一种雾计算架构的工业互联网数据安全访问方法，基于属性集生成对应的非对称密钥对进行加密消息并存储在云端服务器，由雾节点层来完成密文的部分加解密任务，消除对云服务层的信任依赖和降低设备层的计算开销负担。雾节点层和云服务层对密文数据来说是半信任状态，它们无法根据密文获取任何原始消息，只有授权的设备使用私钥才能完成完全解密获取原始消息，实现工业互联网中端到端的高效安全数据访问方式。通过性能分析验证，提出的方法相比其他方案计算开销和响应延迟更低，安全隐私性更可靠。

关键词: industrial Internet, fog calculation, access control, privacy protection, , attribute-based encryption

Abstract: Aiming at the requirements of low delay, low power consumption and security in the industrial Internet application scenario, a secure access method of industrial Internet data based on fog computing architecture is proposed. The corresponding asymmetric key pair is generated based on the attribute set to encrypt the message and stored in the cloud server. Part of the encryption and decryption tasks of the ciphertext are completed by the fog node layer, which eliminates trust dependency in the cloud service layer and reduces the computing overhead burden of the device layer. The fog node layer and cloud service layer are semi trusted to the ciphertext data. They cannot obtain any original message according to the ciphertext. Only the authorized device can complete the complete decryption and obtain the original message by using the private key, so as to realize the end-to-end efficient and secure data access in the industrial Internet. The performance analysis shows that the proposed method has lower computational overhead and response delay and more reliable security and privacy than other schemes.

Key words: 工业互联网, 雾计算, 访问控制, 隐私保护, 属性基加密

李静元, 张珂, 杨东裕. 基于雾计算的工业互联网安全数据访问方法[J]. 计算机与现代化, 2022, 0(12): 118-122.

LI Jing-yuan, ZHANG Ke, YANG Dong-yu. Secure Data Access Method of Industrial Internet Based on Fog Computing[J]. Computer and Modernization, 2022, 0(12): 118-122.

参考文献［27］

［1］	王时龙,王彦凯,杨波,等. 基于层次化数字孪生的工业互联网制造新范式——雾制造［J］. 计算机集成制造系统, 2019,25(12):3070-3080.
［2］	BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption［C］// 2007 IEEE Symposium on Security and Privacy (SP′07). 2007:321-334.
［3］	ESFAHANI A, MANTAS G, MATISCHEK R, et al. Alightweight authentication mechanism for M2M communications in industrial IoT environment［J］. IEEE Internet of Things Journal, 2019,6(1):288-296.
［4］	LIN C, HE D, HUANG X, et al.BSeIn: A blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0［J］. Journal of Network and Computer Applications, 2018,116:42-52.
［5］	PAREEK G, PURUSHOTHAMA B R. Proxy re-encryption for fine-grained access control: Its applicability, security under stronger notions and performance［J］. Journal of Information Security and Applications, 2020,54. DOI:10.1016/j.jisa.2020.102543.
［6］	DE S J, RUJ S. Efficient decentralized attribute based access control for mobile clouds［J］. IEEE Transactions on Cloud Computing, 2020,8(1):124-137.
［7］	ZUO C, SHAO J, WEI G, et al. CCA-secure ABE with outsourced decryption for fog computing［J］. Future Generation Computer Systems, 2018,78:730-738.
［8］	张尚韬. 一种基于椭圆曲线自双线性映射的多秘密共享方案［J］. 海南师范大学学报(自然科学版), 2016,29(1):36-39.
［9］	TIAN H, NAN F, CHANG C, et al. Privacy-preserving public auditing for secure data storage in fog-to-cloud computing［J］. Journal of Network and Computer Applications, 2019,127:59-69.
［10］	CHENG R, WU K H, SU Y L, et al. An efficient ECC-based CP-ABE scheme for power IoT［J］. Processes, 2021,9(7):1176-1176.
［11］	ZHOU C X, ZHAO Z Q, ZHOU W, et al. Certificateless key-insulated generalized signcryption scheme without bilinear pairings［J］. Security and Communication Networks, 2017,20(2): DOI: 10.1155/2017/8405879.
［12］	ZHOU S, CHEN G, HUANG G, et al. Research on multi-authority CP-ABE access control model in multicloud［J］. China Communications, 2020,17(8):220-233.
［13］	DENG H, WU Q, QIN B, et al. Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts［J］. Information Sciences, 2014,275:370-384.
［14］	Stanford University. PBC (Pairing-Based Cryptography) library ［EB/OL］. ［2021-09-15］. https://crypto.stanford.edu/pbc/.
［15］	KUMAR V. A bilinear pairing based secure data aggregation scheme for WSNs［C］// 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC). 2019:102-107.
［16］	ZHANG P, CHEN Z H, JOSEPH K L, et al. An efficient access control scheme with outsourcing capability and attribute update for fog computing［J］. Future Generation Computer Systems, 2018,78:753-762.
［17］	Shamus Software Ltd. MIRACL Library［EB/OL］. ［2021-08-29］. https://github.com/miracl/MIRACL.
［18］	ZHOU C X. An improved lightweight certificateless generalized signcryption scheme for mobile-health system［J］. International Journal of Distributed Sensor Networks, 2019. DOI: 10.1177/1550147718824465.
［19］	张露露,光笑黎,刘继增. 车载自组网中基于属性的可搜索加密和属性更新［J］. 计算机系统应用, 2021,30(2):117-124.
［20］	ZHU H, YUAN Y, CHEN Y, et al. A secure and efficient data integrity verification scheme for cloud-IoT based on short signature［J］. IEEE Access, 2019,7:90036-90044.
［21］	刘欣,李向东,耿立校,等. 工业互联网环境下的工业大数据采集与应用［J］. 物联网技术, 2021,11(8):62-65.
［22］	SHEN W, HU T, ZHANG C, et al. Secure sharing of big digital twin data for smart manufacturing based on blockchain［J］. Journal of Manufacturing Systems, 2021,61:338-350.
［23］	QI X, MEI G, CUOMO S, et al. A network-based method with privacy-preserving for identifying influential providers in large healthcare service systems［J］. Future Generation Computer Systems, 2020,109:293-305.
［24］	WANG P, LUO M. A digital twin-based big data virtual and real fusion learning reference framework supported by industrial internet towards smart manufacturing［J］. Journal of Manufacturing Systems, 2021,58:16-32.
［25］	LI J, HU S, ZHANG Y, et al. A decentralized multi-authority ciphertext-policy attribute-based encryption with mediated obfuscation［J］. Soft Computing,2020,24(3):1869-1882.
［26］	SUN Y, LIU Q, CHEN X, et al. An adaptive authenticated data structure with privacy-preserving for big data stream in cloud［J］. IEEE Transactions on Information Forensics and Security, 2020,15:3295-3310.
［27］	LI S, ZHANG Y, XU C, et al. Cryptoanalysis of anauthenticated data structure scheme with public privacy-preserving auditing［J］. IEEE Transactions on Information Forensics and Security, 2021,16:2564-2565.

[1]	陈春燕, 刘梦赤. 基于粒子群遗传算法的智能组卷策略[J]. 计算机与现代化, 2021, 0(08): 16-23.
[2]	宋鑫, 樊志强, . 基于Laguerre 前向神经网络的信息服务性能建模方法 [J]. 计算机与现代化, 2021, 0(03): 1-6.
[3]	魏健, 赵红涛, 刘敦楠, 加鹤萍 . 基于集成模型的超短时负荷预测方法[J]. 计算机与现代化, 2021, 0(03): 12-17.
[4]	段桂芹1，邹臣嵩2，刘锋2. 基于优化初始聚类中心的K中心点算法[J]. 计算机与现代化, 2019, 0(04): 1-.
[5]	李富星，蒙祖强 . 一种改进的类别区分词特征选择算法[J]. 计算机与现代化, 2019, 0(03): 73-.
[6]	白晓波1，邵景峰1，和征1，田建刚2. 基于学习的核偏最小二乘法优化扩展卡尔曼滤波[J]. 计算机与现代化, 2018, 0(09): 110-.
[7]	郑亚鹏，樊璐. 基于LSTM的临床血液需求预测方法[J]. 计算机与现代化, 2018, 0(05): 41-.
[8]	刘德春1，张秀国2，姜微2. 基于马尔科夫链的大学生自主学习能力预测方法[J]. 计算机与现代化, 2018, 0(05): 106-.
[9]	夏琨1，丁波1，刘俊1，刘子豪1，林亮成2. 基于内容分析的网络协议指纹识别[J]. 计算机与现代化, 2018, 0(05): 121-.
[10]	李华，江峰，于旭，杜军威，刘国柱. 基于粒度决策熵的属性约简[J]. 计算机与现代化, 2018, 0(04): 7-.
[11]	陈丽娟，谢伙生. 带负项值的onshelf效用项集并行挖掘算法[J]. 计算机与现代化, 2018, 0(04): 13-.
[12]	吴克介,王家伟. 基于知网与搜索引擎的词汇语义相似度计算[J]. 计算机与现代化, 2018, 0(04): 90-.
[13]	曲晓燕1，张勇亮2，吕晓峰1，马羚1. 基于模糊粒度相关向量机的缓变故障参数区间预测[J]. 计算机与现代化, 2017, 0(8): 5-.
[14]	付永忠，潘云峰. 基于改进蚁群算法的垂直旋转式贴片机贴装顺序优化[J]. 计算机与现代化, 2017, 0(8): 17-.
[15]	李春利，柳振东，惠康华. 基于余弦相似度的边界样本选择方法[J]. 计算机与现代化, 2017, 0(8): 66-.