摘要
智能物联网具有高灵活性、自适应性、持续演化等特性,为用户带来更加极致的体验的同时也带来了新的挑战,智能物联网难以杜绝的未知漏洞和后门等不确定威胁导致的物联网边域智能终端内生安全问题和安全传输问题正备受关注。为此,提出了一种基于拟态防御和Paillier加密的智能物联网终端安全防护方法。首先,基于拟态防御理论构建了智能物联网终端安全防护架构,以确保边域智能终端在自身存在安全基因缺陷时仍能保障系统的可靠性和鲁棒性。然后,在该架构中设计了一种基于Paillier加密的安全盲签名(SBSPE,secure blind signing with paillier encryption)算法,以确保边域智能终端在数据处理全流程中的数据与隐私安全。SBSPE算法在Paillier半同态加密算法的基础上引入盲签名技术,在对数据加密的同时基于盲因子技术进行盲签名,使攻击者即使获得Paillier加密算法的解密密钥,也无法解密密文信息,有效支撑了智能物联网设备的数据高效、可靠传输。最后,以拟态智能物联网系统为应用场景,从性能和安全两方面对基于拟态防御的智能物联网终端半同态加密传输方法进行理论分析和实验验证,证明所提方法的有效性和安全性。
Smart internet of things(IoT),with its high flexibility,adaptability,and continuous evolution,brings both new challenges and enhanced user experiences.In particular,the endogenous security and secure transmission issues faced by IoT edge-area smart terminals,due to uncertain threats like unknown vulnerabilities and backdoors,are of considerable concern in the realm of smart IoT.To address these challenges,a security protection method based on mimic defense and Paillier encryption for smart IoT terminals was proposed.First,a security architecture was constructed based on the mimic defense theory to ensure the reliability and robustness of the system even when the edge domain smart terminal had its own security genetic defects.Then,a secure blind signature with Paillier encryption(SBSPE)algorithm was designed in this architecture to safeguard the data and privacy of the edge-area smart terminals throughout the data processing lifecycle of edge-area smart terminals.Blind signature technology was integrated into SBSPE algorithm on the basis of Paillier semi-homomorphic encryption algorithm.During data encryption,it employed blind factor technology to execute a blind signature,rendering ciphertext information indecipherable even if an attacker obtained access to the decryption key of the Paillier encryption algorithm.It also effectively supported the efficient and reliable transmission of data of the intelligent IoT devices.Finally,taking the mimic smart IoT system as an application scenario,the proposed method was theoretically analyzed and experimentally validated for its improved performance and security.
作者
顾天晟
曾福康
邵思思
聂一君
纪宗凯
郑雨璐
石雨辰
刘尚东
季一木
GU Tiansheng;ZENG Fukang;SHAO Sisi;NIE Yijun;JI Zongkai;ZHENG Yulu;SHI Yuchen;LIU Shangdong;JI Yimu(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;School of Internet of Things,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Institute of High Performance Computing and Big Data Processing,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;National High Performance Computing Center Nanjing Branch,Nanjing 210023,China)
出处
《网络与信息安全学报》
2024年第6期164-176,共13页
Chinese Journal of Network and Information Security
基金
国家自然科学基金(62176264)
国家重点研发计划项目(2023YFB2904000,2023YFB2904004)
江苏省重点发展规划项目(BE20230042)
江苏省自然科学及高校自然科学重大项目(20KJA520001)
中国电信江苏分公司2023年科技项目(JSSGS2301022EGN00)
未来网络科学研究基金项目(FNSRFP-2021-YB-15)。
