Zhai Yuan, Wang Tao, Zhou Yanwei, Zhu Feng, Yang Bo
School of Computer Science, Shaanxi Normal University, Xi'an 710062, China.
State Key Laboratory of Integrated Services Networks, Xidian University, Xi'an 710119, China.
Entropy (Basel). 2025 Jan 2;27(1):32. doi: 10.3390/e27010032.
With the development and application of the Internet of Things (IoT), the volume of data generated daily by IoT devices is growing exponentially. These IoT devices, such as smart wearable devices, produce data containing sensitive personal information. However, since IoT devices and users often operate in untrusted external environments, their encrypted data remain vulnerable to potential privacy leaks and security threats from malicious coercion. Additionally, access control and management of these data remain critical issues. To address these challenges, this paper proposes a novel coercion-resistant ciphertext-policy attribute-based encryption scheme. The scheme leverages chameleon hashing to enhance deniable encryption, achieving coercion resistance, thereby enabling IoT data to resist coercion attacks. Moreover, the scheme employs attribute-based encryption to secure IoT data, enabling fine-grained access control and dynamic user access management, providing a secure and flexible solution for vast IoT data. We construct the scheme on a composite order bilinear group and provide formal proofs for its coercion resistance, correctness, and security. Finally, through experimental comparisons, we demonstrate the efficiency and feasibility of the proposed scheme.
随着物联网(IoT)的发展与应用,物联网设备每日产生的数据量呈指数级增长。这些物联网设备,如智能可穿戴设备,会生成包含敏感个人信息的数据。然而,由于物联网设备和用户常常在不可信的外部环境中运行,其加密数据仍易遭受潜在的隐私泄露以及来自恶意胁迫的安全威胁。此外,这些数据的访问控制和管理仍是关键问题。为应对这些挑战,本文提出了一种新颖的基于密文策略属性的抗胁迫加密方案。该方案利用变色龙哈希来增强可否认加密,实现抗胁迫能力,从而使物联网数据能够抵御胁迫攻击。此外,该方案采用基于属性的加密来保护物联网数据,实现细粒度访问控制和动态用户访问管理,为海量物联网数据提供了一个安全且灵活的解决方案。我们在一个复合阶双线性群上构建该方案,并为其抗胁迫性、正确性和安全性提供形式化证明。最后,通过实验比较,我们证明了所提方案的效率和可行性。
