School of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, Republic of Korea.
Decentralized Network Research Section, Electronics and Telecommunications Research Institute, Daejeon 34129, Republic of Korea.
Sensors (Basel). 2023 May 29;23(11):5173. doi: 10.3390/s23115173.
Recently, with the increasing application of the Internet of Things (IoT), various IoT environments such as smart factories, smart homes, and smart grids are being generated. In the IoT environment, a lot of data are generated in real time, and the generated IoT data can be used as source data for various services such as artificial intelligence, remote medical care, and finance, and can also be used for purposes such as electricity bill generation. Therefore, data access control is required to grant access rights to various data users in the IoT environment who need such IoT data. In addition, IoT data contain sensitive information such as personal information, so privacy protection is also essential. Ciphertext-policy attribute-based encryption (CP-ABE) technology has been utilized to address these requirements. Furthermore, system structures applying blockchains with CP-ABE are being studied to prevent bottlenecks and single failures of cloud servers, as well as to support data auditing. However, these systems do not stipulate authentication and key agreement to ensure the security of the data transmission process and data outsourcing. Accordingly, we propose a data access control and key agreement scheme using CP-ABE to ensure data security in a blockchain-based system. In addition, we propose a system that can provide data nonrepudiation, data accountability, and data verification functions by utilizing blockchains. Both formal and informal security verifications are performed to demonstrate the security of the proposed system. We also compare the security, functional aspects, and computational and communication costs of previous systems. Furthermore, we perform cryptographic calculations to analyze the system in practical terms. As a result, our proposed protocol is safer against attacks such as guessing attacks and tracing attacks than other protocols, and can provide mutual authentication and key agreement functions. In addition, the proposed protocol is more efficient than other protocols, so it can be applied to practical IoT environments.
近年来,随着物联网(IoT)的应用日益广泛,各种 IoT 环境,如智能工厂、智能家居和智能电网等,正在不断涌现。在 IoT 环境中,实时生成大量数据,生成的 IoT 数据可用作人工智能、远程医疗和金融等各种服务的源数据,也可用于生成电费等目的。因此,需要对 IoT 环境中的各种需要此类 IoT 数据的数据用户授予访问权限,以进行数据访问控制。此外,IoT 数据包含个人信息等敏感信息,因此隐私保护也是必不可少的。密文策略属性基加密(CP-ABE)技术已被用于满足这些要求。此外,还研究了应用带有 CP-ABE 的区块链的系统结构,以防止云服务器的瓶颈和单点故障,并支持数据审计。然而,这些系统没有规定身份验证和密钥协议,以确保数据传输过程和数据外包的安全性。因此,我们提出了一种使用 CP-ABE 的数据访问控制和密钥协议方案,以确保基于区块链的系统中的数据安全性。此外,我们还提出了一个利用区块链提供数据不可否认性、数据问责制和数据验证功能的系统。通过正式和非正式的安全验证来证明所提出系统的安全性。我们还比较了以前系统的安全性、功能方面以及计算和通信成本。此外,我们还进行了密码计算,以从实际角度分析系统。结果表明,与其他协议相比,我们的协议更能抵御猜测攻击和追踪攻击等攻击,并且可以提供相互认证和密钥协议功能。此外,与其他协议相比,我们的协议效率更高,因此可以应用于实际的 IoT 环境。
