摘要
工业物联网(industrial Internet of things,IIoT)设备通过云端收集和存储数据时,会遇到数据认证和隐私保护等问题.属性基签名(attribute-based signature,ABS)不仅可以实现数据认证,而且可以保护签名者的身份隐私.目前存在的SA-ABS(server-aided ABS)方案中,借助服务器减小了签名者和验证者的计算开销,而且通过抵抗签名者和服务器的共谋攻击保证了服务器辅助验证阶段的安全性.但是,现有的SA-ABS方案都不能对服务器产生的部分签名进行有效性验证,所以存在服务器对部分签名伪造的安全隐患.为克服这一挑战,提出一种服务器辅助且可验证的属性基签名(server-aided and verifiable ABS,SA-VABS)方案,该方案不仅减小了签名者和验证者的计算开销,而且通过抵抗签名者和服务器的共谋攻击来保证服务器辅助验证阶段的安全性,最重要的是对服务器产生的部分签名进行了有效性验证,从而保证了服务器辅助签名产生阶段的安全性.形式化安全性分析表明SA-VABS方案是安全的.仿真实验和对比分析表明SA-VABS方案在保证效率的同时提高了安全性.
Industrial Internet of things(IIoT)devices encounter problems such as data authentication and privacy protection when collecting and storing data through the cloud.Attribute-based signature(ABS)can not only realize the data authentication,but also protect the identity privacy of the signer.In the existing server-aided ABS(SA-ABS)schemes,the computational overhead of the signer and the verifier is reduced with the help of the server,and the security of the server-aided verification phase is guaranteed by the defense of collusion attack of the signer and the server.However,none of the existing SV-ABS schemes can verify the validity of partial signature generated by the server,which will lead to a potential risk of partial signature forgery by the server.To overcome this challenge,a novel server-aided and verifiable ABS(SA-VABS)scheme is proposed in this paper,which not only reduces the computational overhead of the signer and the verifier,but also ensures the security of the server-aided verification phase by resisting the collusion attack of the signer and the server.The most important is that the scheme could verify the validity of partial signature generated by the server,so as to ensure the security of generation phase of the server-aided signature.Finally,our formal security analysis verifies the security of the SA-VABS scheme,and simulation experiments as well as comparative analysis indicate that the SA-VABS scheme improves security while ensuring efficiency.
作者
张应辉
贺江勇
郭瑞
郑东
Zhang Yinghui;He Jiangyong;Guo Rui;Zheng Dong(School of Cyberspace Security,Xi'an University of Posts and Telecommunications,Xi'an 710121;National Engineering Laboratory for Wireless Security(Xi'an University of Posts and Telecommunications),Xi'an 710121;Westone Cryptologic Research Center,Beijing 100070)
出处
《计算机研究与发展》
EI
CSCD
北大核心
2020年第10期2177-2187,共11页
Journal of Computer Research and Development
基金
国家重点研发计划项目(2017YFB0802000)
国家自然科学基金项目(61772418,61671377,61802303)
陕西省创新能力支撑计划项目(2020KJXX-052)
陕西省特支计划青年拔尖人才支持计划项目
陕西省重点研发计划项目(2019KW-053,2020ZDLGY08-04)
陕西省自然科学基础研究计划项目(2019JQ-866)
四川省科技计划项目(2017GZDZX0002)
青海省基础研究计划项目(2020-ZJ-701)
西邮新星团队支持计划项目(2016-02)。
关键词
属性基签名
服务器辅助
共谋攻击
可验证
隐私保护
attribute-based signature(ABS)
server-aided(SA)
collusion attack
verifiable
privacy protection
