PECD-DSIIoT：用于工业物联网的隐私增强跨域数据共享方案

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-06-13 DOI:10.1016/j.jisa.2025.104128

Luyao Yang , Weiming Tong , Zhongwei Li , Jinxiao Zhao , Feng Pan , Xianji Jin

{"title":"PECD-DSIIoT：用于工业物联网的隐私增强跨域数据共享方案","authors":"Luyao Yang , Weiming Tong , Zhongwei Li , Jinxiao Zhao , Feng Pan , Xianji Jin","doi":"10.1016/j.jisa.2025.104128","DOIUrl":null,"url":null,"abstract":"<div><div>With the rapid development of the Industrial Internet of Things (IIoT) under emerging manufacturing paradigms, the demand for cross-domain data interaction has significantly increased. However, challenges related to cross-domain trust management and data privacy protection remain key obstacles to achieving efficient data sharing. Existing solutions primarily focus on identity authentication and data sharing within a single management domain. The limited number of cross-domain approaches available tend to either emphasize authentication alone or adopt a single-chain architecture, which fails to meet the complex trust requirements in IIoT environments. To address these challenges, we propose a Privacy-Enhanced Cross-Domain Data Sharing Scheme for IIoT (PECD-DSIIoT). First, the proposed scheme adopts a dual-chain architecture that integrates a consortium blockchain and a private blockchain, enabling secure and controlled cross-domain data sharing. In this architecture, the consortium blockchain is responsible for cross-domain identity authentication, ensuring secure authentication across different management domains, while the private blockchain is used for storing sensitive data, enabling controlled data sharing. Additionally, the scheme employs an attribute obfuscation function to conceal access policies, preventing the exposure of access control rules. A verifiable pre-decryption mechanism is incorporated to ensure the integrity and correctness of data before decryption. Moreover, a non-interactive zero-knowledge proof is used to enable privacy-preserving identity authentication. Finally, a hybrid on-chain and off-chain storage strategy is adopted to alleviate blockchain storage overhead. Theoretical analysis and experimental results demonstrate that the proposed scheme not only enhances system security and privacy protection but also achieves low computational overhead and efficient data sharing, making it a highly feasible and practical solution.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104128"},"PeriodicalIF":3.7000,"publicationDate":"2025-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"PECD-DSIIoT: Privacy-enhanced cross-domain data sharing scheme for IIoT\",\"authors\":\"Luyao Yang , Weiming Tong , Zhongwei Li , Jinxiao Zhao , Feng Pan , Xianji Jin\",\"doi\":\"10.1016/j.jisa.2025.104128\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>With the rapid development of the Industrial Internet of Things (IIoT) under emerging manufacturing paradigms, the demand for cross-domain data interaction has significantly increased. However, challenges related to cross-domain trust management and data privacy protection remain key obstacles to achieving efficient data sharing. Existing solutions primarily focus on identity authentication and data sharing within a single management domain. The limited number of cross-domain approaches available tend to either emphasize authentication alone or adopt a single-chain architecture, which fails to meet the complex trust requirements in IIoT environments. To address these challenges, we propose a Privacy-Enhanced Cross-Domain Data Sharing Scheme for IIoT (PECD-DSIIoT). First, the proposed scheme adopts a dual-chain architecture that integrates a consortium blockchain and a private blockchain, enabling secure and controlled cross-domain data sharing. In this architecture, the consortium blockchain is responsible for cross-domain identity authentication, ensuring secure authentication across different management domains, while the private blockchain is used for storing sensitive data, enabling controlled data sharing. Additionally, the scheme employs an attribute obfuscation function to conceal access policies, preventing the exposure of access control rules. A verifiable pre-decryption mechanism is incorporated to ensure the integrity and correctness of data before decryption. Moreover, a non-interactive zero-knowledge proof is used to enable privacy-preserving identity authentication. Finally, a hybrid on-chain and off-chain storage strategy is adopted to alleviate blockchain storage overhead. Theoretical analysis and experimental results demonstrate that the proposed scheme not only enhances system security and privacy protection but also achieves low computational overhead and efficient data sharing, making it a highly feasible and practical solution.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"93 \",\"pages\":\"Article 104128\"},\"PeriodicalIF\":3.7000,\"publicationDate\":\"2025-06-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212625001656\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625001656","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

随着新兴制造模式下工业物联网（IIoT）的快速发展，对跨域数据交互的需求显著增加。然而，与跨域信任管理和数据隐私保护相关的挑战仍然是实现有效数据共享的主要障碍。现有的解决方案主要关注于单个管理域中的身份验证和数据共享。可用的跨域方法数量有限，往往要么强调单独的身份验证，要么采用单链架构，这无法满足工业物联网环境中复杂的信任需求。为了应对这些挑战，我们提出了一个隐私增强的工业物联网跨域数据共享方案（PECD-DSIIoT）。首先，该方案采用双链架构，集成了财团区块链和私有区块链，实现了安全可控的跨域数据共享。在该体系结构中，财团区块链负责跨域身份验证，确保跨不同管理域的安全身份验证，而私有区块链用于存储敏感数据，实现受控数据共享。此外，该方案还利用属性混淆功能隐藏访问策略，防止访问控制规则暴露。采用可验证的预解密机制，确保数据在解密前的完整性和正确性。此外，使用非交互式零知识证明来实现保护隐私的身份认证。最后，采用链上和链下混合存储策略来减轻区块链存储开销。理论分析和实验结果表明，该方案不仅增强了系统的安全性和隐私保护，而且实现了较低的计算开销和高效的数据共享，是一种高度可行和实用的解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

PECD-DSIIoT: Privacy-enhanced cross-domain data sharing scheme for IIoT

With the rapid development of the Industrial Internet of Things (IIoT) under emerging manufacturing paradigms, the demand for cross-domain data interaction has significantly increased. However, challenges related to cross-domain trust management and data privacy protection remain key obstacles to achieving efficient data sharing. Existing solutions primarily focus on identity authentication and data sharing within a single management domain. The limited number of cross-domain approaches available tend to either emphasize authentication alone or adopt a single-chain architecture, which fails to meet the complex trust requirements in IIoT environments. To address these challenges, we propose a Privacy-Enhanced Cross-Domain Data Sharing Scheme for IIoT (PECD-DSIIoT). First, the proposed scheme adopts a dual-chain architecture that integrates a consortium blockchain and a private blockchain, enabling secure and controlled cross-domain data sharing. In this architecture, the consortium blockchain is responsible for cross-domain identity authentication, ensuring secure authentication across different management domains, while the private blockchain is used for storing sensitive data, enabling controlled data sharing. Additionally, the scheme employs an attribute obfuscation function to conceal access policies, preventing the exposure of access control rules. A verifiable pre-decryption mechanism is incorporated to ensure the integrity and correctness of data before decryption. Moreover, a non-interactive zero-knowledge proof is used to enable privacy-preserving identity authentication. Finally, a hybrid on-chain and off-chain storage strategy is adopted to alleviate blockchain storage overhead. Theoretical analysis and experimental results demonstrate that the proposed scheme not only enhances system security and privacy protection but also achieves low computational overhead and efficient data sharing, making it a highly feasible and practical solution.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.