{"title":"面向信息中心物联网的可验证、灵活的数据共享机制","authors":"Ruidong Li, H. Asaeda, Jie Li, Xiaoming Fu","doi":"10.1109/ICC.2017.7996804","DOIUrl":null,"url":null,"abstract":"In an Information-Centric Internet of Things (ICIoT) environment for big data sharing, IoT data can be cached throughout the network. Such distributed data caching poses a challenge on flexible authorization and identity verification. For fine-grained data access authorization in a distributed manner, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has been identified as a promising approach. However in the existing CP-ABE based scheme, each publisher would need to retrieve the attributes from the centralized server for encrypting data, resulting in high communication overhead. Moreover, valid authorization period and distributed authentication are still not addressed and seamlessly incorporated. In this paper, we propose a Verifiable and Flexible Data Sharing (VFDS) mechanism for ICIoT, which exploits CP-ABE for authorization and Identity-Based Signature (IBS) for the distributed verification of the identities. In VFDS, publishers retrieve the attributes from the nearby cache holders. In addition, the Attribute Manifest (AM) and the Automatic Attribute Update (AAU) realize efficient attribute updates within the distributed caches to achieve valid authorization period. Meanwhile, VFDS provides the public parameters of IBS in local domain, which enables the efficient identity verifications. Our system evaluations show that the VFDS can achieve lower bandwidth cost compared to the existing schemes for both authentication and flexible authorization.","PeriodicalId":6517,"journal":{"name":"2017 IEEE International Conference on Communications (ICC)","volume":"55 1","pages":"1-7"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":"{\"title\":\"A Verifiable and Flexible Data Sharing mechanism for Information-Centric IoT\",\"authors\":\"Ruidong Li, H. Asaeda, Jie Li, Xiaoming Fu\",\"doi\":\"10.1109/ICC.2017.7996804\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In an Information-Centric Internet of Things (ICIoT) environment for big data sharing, IoT data can be cached throughout the network. Such distributed data caching poses a challenge on flexible authorization and identity verification. For fine-grained data access authorization in a distributed manner, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has been identified as a promising approach. However in the existing CP-ABE based scheme, each publisher would need to retrieve the attributes from the centralized server for encrypting data, resulting in high communication overhead. Moreover, valid authorization period and distributed authentication are still not addressed and seamlessly incorporated. In this paper, we propose a Verifiable and Flexible Data Sharing (VFDS) mechanism for ICIoT, which exploits CP-ABE for authorization and Identity-Based Signature (IBS) for the distributed verification of the identities. In VFDS, publishers retrieve the attributes from the nearby cache holders. In addition, the Attribute Manifest (AM) and the Automatic Attribute Update (AAU) realize efficient attribute updates within the distributed caches to achieve valid authorization period. Meanwhile, VFDS provides the public parameters of IBS in local domain, which enables the efficient identity verifications. Our system evaluations show that the VFDS can achieve lower bandwidth cost compared to the existing schemes for both authentication and flexible authorization.\",\"PeriodicalId\":6517,\"journal\":{\"name\":\"2017 IEEE International Conference on Communications (ICC)\",\"volume\":\"55 1\",\"pages\":\"1-7\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-05-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"19\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE International Conference on Communications (ICC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICC.2017.7996804\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE International Conference on Communications (ICC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICC.2017.7996804","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Verifiable and Flexible Data Sharing mechanism for Information-Centric IoT
In an Information-Centric Internet of Things (ICIoT) environment for big data sharing, IoT data can be cached throughout the network. Such distributed data caching poses a challenge on flexible authorization and identity verification. For fine-grained data access authorization in a distributed manner, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has been identified as a promising approach. However in the existing CP-ABE based scheme, each publisher would need to retrieve the attributes from the centralized server for encrypting data, resulting in high communication overhead. Moreover, valid authorization period and distributed authentication are still not addressed and seamlessly incorporated. In this paper, we propose a Verifiable and Flexible Data Sharing (VFDS) mechanism for ICIoT, which exploits CP-ABE for authorization and Identity-Based Signature (IBS) for the distributed verification of the identities. In VFDS, publishers retrieve the attributes from the nearby cache holders. In addition, the Attribute Manifest (AM) and the Automatic Attribute Update (AAU) realize efficient attribute updates within the distributed caches to achieve valid authorization period. Meanwhile, VFDS provides the public parameters of IBS in local domain, which enables the efficient identity verifications. Our system evaluations show that the VFDS can achieve lower bandwidth cost compared to the existing schemes for both authentication and flexible authorization.