计算机与现代化 ›› 2022, Vol. 0 ›› Issue (12): 118-122.

• 信息安全 • 上一篇    

基于雾计算的工业互联网安全数据访问方法

  

  1. (1.陕西师范大学信息化建设与管理处,陕西西安710119;2.工业和信息化部电子第五研究所,广东广州510000)
  • 出版日期:2023-01-04 发布日期:2023-01-04
  • 作者简介:李静元(1986—),男,陕西西安人,工程师,硕士,研究方向:网络信息安全,大数据分析,E-mail: huxianfangyuan@foxmail.com; 张珂(1982—),男,陕西潼关人,工程师,本科,研究方向:区块链,网络安全,E-mail: zhangke@snnu.edu.cn。
  • 基金资助:
    西安市“人工智能”产业创新链推进工程项目(20RGZN0025); 国家重点研发计划项目(2018YFB1802403)

Secure Data Access Method of Industrial Internet Based on Fog Computing

  1. (1.Information Construction and Management Division, Shaanxi Normal University, Xi’an 710119, China;
    2. The Fifth Electronic Research Institute of the Ministry of Industry and Information Technology, Guangzhou 510000, China)
  • Online:2023-01-04 Published:2023-01-04

摘要: 针对工业互联网应用场景中的低时延、低功耗和安全性要求,提出一种雾计算架构的工业互联网数据安全访问方法,基于属性集生成对应的非对称密钥对进行加密消息并存储在云端服务器,由雾节点层来完成密文的部分加解密任务,消除对云服务层的信任依赖和降低设备层的计算开销负担。雾节点层和云服务层对密文数据来说是半信任状态,它们无法根据密文获取任何原始消息,只有授权的设备使用私钥才能完成完全解密获取原始消息,实现工业互联网中端到端的高效安全数据访问方式。通过性能分析验证,提出的方法相比其他方案计算开销和响应延迟更低,安全隐私性更可靠。

关键词: industrial Internet, fog calculation, access control, privacy protection; , attribute-based encryption

Abstract: Aiming at the requirements of low delay, low power consumption and security in the industrial Internet application scenario, a secure access method of industrial Internet data based on fog computing architecture is proposed. The corresponding asymmetric key pair is generated based on the attribute set to encrypt the message and stored in the cloud server. Part of the encryption and decryption tasks of the ciphertext are completed by the fog node layer, which eliminates trust dependency in the cloud service layer and reduces the computing overhead burden of the device layer. The fog node layer and cloud service layer are semi trusted to the ciphertext data. They cannot obtain any original message according to the ciphertext. Only the authorized device can complete the complete decryption and obtain the original message by using the private key, so as to realize the end-to-end efficient and secure data access in the industrial Internet. The performance analysis shows that the proposed method has lower computational overhead and response delay and more reliable security and privacy than other schemes.

Key words: 工业互联网, 雾计算, 访问控制, 隐私保护, 属性基加密