基于国密的工业物联网门限签密方案

doi:10.19678/j.issn.1000-3428.0069329

摘要/Abstract

摘要：

针对工业物联网(IIoT)中数据采集与监视控制(SCADA)系统和终端设备之间通信易受篡改、窃听、假冒等攻击的问题, 提出一种基于国密的门限签密方案(SM-TSC)。首先, 对终端设备进行注册、分组, 基于Shamir秘密共享设计群组秘密值分配方法, 防止IIoT场景下终端设备节点权力过于集中所造成的密钥泄露、签密伪造等问题; 其次, 将国密SM2签名算法作为基础, 结合国密SM3算法、国密SM4算法以及群组秘密值分配方法, 设计一种安全高效的面向群组的门限签密算法, 保障SCADA系统与终端设备群组之间通信消息的真实性和机密性; 最后, 在随机谕言机模型下, 利用安全归约方法对SM-TSC方案进行安全性分析。分析结果表明, SM-TSC方案在自适应选择密文攻击下能达到语义安全, 在自适应选择消息攻击下是存在性不可伪造的, 可以有效保障群组通信中数据的机密性和真实性。实验结果表明, 与现有的基于椭圆曲线的门限签密方案相比, SM-TSC方案在门限签密阶段和解签密阶段的计算开销分别降低了75%与79.66%, 其在IIoT群组通信中具有更高的适用性。

关键词: 签密, 国密算法, 门限密码学, 可证明安全, 工业物联网

Abstract:

The communication between the Supervisory Control And Data Acquisition (SCADA) system and terminal devices in the Industrial Internet of Things (IIoT) is vulnerable to tampering, eavesdropping, forgery, and other attacks. This paper presents a threshold signcryption scheme based on the SM2 algorithm, SM-TSC, to address this problem. First, terminal devices are registered and grouped, and a group secret value distribution method is designed based on Shamir secret sharing to prevent key leakage, signcryption forgery, and other problems caused by the excessive concentration of power in the terminal device nodes in IIoT scenarios. Second, using the SM2 signature algorithm as the basis, combined with the SM3 algorithm, SM4 algorithm, and group secret value distribution methods, a secure and efficient group-oriented threshold signcryption algorithm is designed to ensure the authenticity and confidentiality of communication messages between the SCADA system and terminal device groups. Finally, under the random oracle model, a security reduction method is used to analyze the security of the SM-TSC scheme. The analysis results show that the SM-TSC scheme can achieve semantic security under adaptive chosen-ciphertext attacks and existential unforgeability under adaptive chosen-message attacks, effectively ensuring the confidentiality and authenticity of group communication data. Experimental analysis shows that, compared with other threshold signcryption schemes based on elliptic curves, the SM-TSC scheme reduces the calculation cost by 75% in the threshold signcryption stage and approximately 79.66% in the unsigncryption stage; thus, it has higher feasibility in IIoT group communication.

Key words: signcryption, SM algorithm, threshold cryptography, provable security, Industrial Internet of Things (IIoT)

李斯琦, 田有亮, 彭长根. 基于国密的工业物联网门限签密方案[J]. 计算机工程, 2025, 51(7): 210-222.

LI Siqi, TIAN Youliang, PENG Changgen. Industrial Internet of Things Threshold Signcryption Scheme Based on SM Algorithm[J]. Computer Engineering, 2025, 51(7): 210-222.

https://www.ecice06.com/CN/Y2025/V51/I7/210

图/表 8

图1 系统模型

Fig.1 The system model

图2 机密性证明中的敌手交互

Fig.2 Adversary interaction in confidentiality proof

图3 不可伪造性证明中的敌手交互

Fig.3 Adversary interaction in proof of unforgeability

图4 签密计算量对比

Fig.4 Comparison of signcryption calculation quantity

图5 解签密计算量对比

Fig.5 Comparison of unsigncryption calculation quantity

参考文献 42

1	MADAKAM S , RAMASWAMY R , TRIPATHI S . Internet of Things (IoT): a literature review. Journal of Computer and Communications, 2015, 3 (5): 164- 173.
2	李金华. 德国"工业4.0" 与"中国制造2025" 的比较及启示. 中国地质大学学报(社会科学版), 2015, 15 (5): 71- 79.
	LI J H . Comparison and enlightenment of German industry 4.0 and made in China 2025. Journal of China University of Geosciences (Social Sciences Edition), 2015, 15 (5): 71- 79.
3	KAGERMANN H , WAHLSTER W . Ten years of industrie 4.0. Sci, 2022, 4 (3): 26.
4	SCHNEIDER S. The Industrial Internet of Things (IIoT): applications and taxonomy[EB/OL]. [2023-09-05]. https://www.researchgate.net/publication/317759436_The_industrial_internet_of_things_IIoT_Applications_and_taxonomy.
5	PANCHAL A C, KHADSE V M, MAHALLE P N. Security issues in IIoT: a comprehensive survey of attacks on IIoT and its countermeasures[C]//Proceedings of the IEEE Global Conference on Wireless Computing and Networking (GCWCN). Washington D.C., USA: IEEE Press, 2018: 124-130.
6	GEBREMICHAEL T , LEDWABA L P I , ELDEFRAWY M H , et al. Security and privacy in the industrial Internet of Things: current standards and future challenges. IEEE Access, 2020, 8, 152351- 152366. URL
7	SENGUPTA J , RUJ S , DAS BIT S . A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT. Journal of Network and Computer Applications, 2020, 149, 102481.
8	杨小东, 田甜, 王嘉琪, 等. 基于云边协同的无证书多用户多关键字密文检索方案. 通信学报, 2022, 43 (5): 144- 154.
	YANG X D , TIAN T , WANG J Q , et al. Certificateless ciphertext retrieval scheme with multi-user and multi-keyword based on cloud-edge collaboration. Journal on Communications, 2022, 43 (5): 144- 154.
9	JIANG H , SHEN F , CHEN S , et al. A secure and scalable storage system for aggregate data in IoT. Future Generation Computer Systems, 2015, 49, 133- 141. URL
10	MAHALLE P N, PRASAD N R, PRASAD R. Threshold Cryptography-based Group Authentication (TCGA) scheme for the Internet of Things (IoT)[C]//Proceedings of the 4th International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems (VITAE). Washington D.C., USA: IEEE Press, 2014: 1-5.
11	TOUATI L, CHALLAL Y, BOUABDALLAH A. C-CP-ABE: cooperative ciphertext policy attribute-based encryption for the Internet of Things[C]//Proceedings of the International Conference on Advanced Networking Distributed Systems and Applications. Washington D.C., USA: IEEE Press, 2014: 64-69.
12	NING H S , LIU H , YANG L T . Cyberentity security in the Internet of Things. Computer, 2013, 46 (4): 46- 53. URL
13	YU K P , TAN L , YANG C X , et al. A blockchain-based Shamir's threshold cryptography scheme for data protection in industrial Internet of Things settings. IEEE Internet of Things Journal, 2022, 9 (11): 8154- 8167.
14	YU X J, GUO H Q. A survey on IIoT security[C]//Proceedings of the IEEE VTS Asia Pacific Wireless Communications Symposium (APWCS). Washington D.C., USA: IEEE Press, 2019: 1-5.
15	KUMAR R, KANDPAL B, AHMAD V. Industrial IoT (IIoT): security threats and countermeasures[C]//Proceedings of the International Conference on Innovative Data Communication Technologies and Application (ICIDCA). Washington D.C., USA: IEEE Press, 2023: 829-833.
16	ZHOU L , YEH K H , HANCKE G , et al. Security and privacy for the industrial Internet of Things: an overview of approaches to safeguarding endpoints. IEEE Signal Processing Magazine, 2018, 35 (5): 76- 87. URL
17	KARATI A , ISLAM S H , KARUPPIAH M . Provably secure and lightweight certificateless signature scheme for IIoT environments. IEEE Transactions on Industrial Informatics, 2018, 14 (8): 3701- 3711. URL
18	ZHANG Y H , DENG R H , ZHENG D , et al. Efficient and robust certificateless signature for data crowdsensing in cloud-assisted industrial IoT. IEEE Transactions on Industrial Informatics, 2019, 15 (9): 5099- 5108.
19	SHAHZAD A, KIM Y G, ELGAMOUDI A. Secure IoT platform for industrial control systems[C]//Proceedings of the International Conference on Platform Technology and Service (PlatCon). Washington D.C., USA: IEEE Press, 2017: 1-6.
20	ZHENG Y L. Digital signcryption or how to achieve cost(signature & encryption) ≪ cost(signature) + cost(encryption)[EB/OL]. [2023-09-05]. https://link.springer.com/chapter/10.1007/BFb0052234.
21	彭长根, 李祥, 罗文俊. 一种面向群组通信的通用门限签密方案. 电子学报, 2007, 35 (1): 64- 67.
	PENG C G , LI X , LUO W J . A generalized group-oriented threshold signcryption schemes. Acta Electronica Sinica, 2007, 35 (1): 64- 67.
22	秦艳琳, 吴晓平, 胡卫. 高效的无证书多接收者匿名签密方案. 通信学报, 2016, 37 (6): 129- 136.
	QIN Y L , WU X P , HU W . Efficient certificateless multi-receiver anonymous signcryption scheme. Journal on Communications, 2016, 37 (6): 129- 136.
23	牛淑芬, 杨喜艳, 王彩芬, 等. 基于异构密码系统的混合群组签密方案. 电子与信息学报, 2019, 41 (5): 1180- 1186.
	NIU S F , YANG X Y , WANG C F , et al. Hybrid group signcryption scheme based on heterogeneous cryptosystem. Journal of Electronics & Information Technology, 2019, 41 (5): 1180- 1186.
24	赖建昌, 黄欣沂, 何德彪, 等. 基于商密SM9的高效标识签密. 密码学报, 2021, 8 (2): 314- 329.
	LAI J C , HUANG X Y , HE D B , et al. An efficient identity-based signcryption scheme based on SM9. Journal of Cryptologic Research, 2021, 8 (2): 314- 329.
25	XU G , DONG J , MA C , et al. A certificateless signcryption mechanism based on blockchain for edge computing. IEEE Internet of Things Journal, 2023, 10 (14): 11960- 11974.
26	DOHARE I , SINGH K , AHMADIAN A , et al. Certificateless Aggregated Signcryption Scheme (CLASS) for cloud-fog centric industry 4.0. IEEE Transactions on Industrial Informatics, 2022, 18 (9): 6349- 6357.
27	KUMAR A , SAHA R , ALAZAB M , et al. A lightweight signcryption method for perception layer in Internet-of-Things. Journal of Information Security and Applications, 2020, 55, 102662. URL
28	XIE Z , CHEN Y , ALI I , et al. Efficient and secure certificateless signcryption without pairing for edge computing-based Internet of vehicles. IEEE Transactions on Vehicular Technology, 2023, 72 (5): 5642- 5653.
29	陈福安, 柳毅. 基于区块链的V2G无证书环签密隐私保护方案. 计算机工程, 2023, 49 (6): 34-41, 52. doi: 10.19678/j.issn.1000-3428.0065767
	CHEN F A , LIU Y . Blockchain-based V2G certificateless ring signcryption privacy protection scheme. Computer Engineering, 2023, 49 (6): 34-41, 52. doi: 10.19678/j.issn.1000-3428.0065767
30	邢丹丹, 曹素珍, 赵晓, 等. 车联网环境下多接收者匿名签密方案. 计算机工程, 2024, 50 (10): 205- 215. doi: 10.19678/j.issn.1000-3428.0068383
	XING D D , CAO S Z , ZHAO X , et al. Multi-receiver anonymous signcryption scheme in IoV. Computer Engineering, 2024, 50 (10): 205- 215. doi: 10.19678/j.issn.1000-3428.0068383
31	ZHENG Y L , IMAI H . How to construct efficient signcryption schemes on elliptic curves. Information Processing Letters, 1998, 68 (5): 227- 233. URL
32	SHAMIR A . How to share a secret. Communications of the ACM, 1979, 22 (11): 612- 613.
33	尚铭, 马原, 林璟锵, 等. SM2椭圆曲线门限密码算法. 密码学报, 2014, 1 (2): 155- 166.
	SHANG M , MA Y , LIN J Q , et al. A threshold scheme for SM2 elliptic curve cryptographic algorithm. Journal of Cryptologic Research, 2014, 1 (2): 155- 166.
34	GENNARO R, JARECKI S, KRAWCZYK H, et al. Robust threshold DSS signatures[EB/OL]. [2023-09-05]. https://link.springer.com/chapter/10.1007/3-540-68339-9_31.
35	BAEK J , STEINFELD R , ZHENG Y L . Formal proofs for the security of signcryption. Journal of Cryptology, 2007, 20 (2): 203- 235.
36	陈伟东, 冯登国. 签密方案在分布式协议中的应用. 计算机学报, 2005, 28 (9): 1421- 1430.
	CHEN W D , FENG D G . Some applications of signcryption schemes to distributed protocols. Chinese Journal of Computers, 2005, 28 (9): 1421- 1430.
37	韩益亮, 杨晓元. ECDSA可公开验证广义签密. 计算机学报, 2006, 29 (11): 2003- 2012.
	HAN Y L , YANG X Y . New ECDSA-verifiable generalized signcryption. Chinese Journal of Computers, 2006, 29 (11): 2003- 2012.
38	王小云, 于红波. SM3密码杂凑算法. 信息安全研究, 2016, 2 (11): 983- 994.
	WANG X Y , YU H B . SM3 cryptographic hash algorithm. Journal of Information Security Research, 2016, 2 (11): 983- 994.
39	吕述望, 苏波展, 王鹏, 等. SM4分组密码算法综述. 信息安全研究, 2016, 2 (11): 995- 1007.
	LV S W , SU B Z , WANG P , et al. Overview on SM4 algorithm. Journal of Information Security Research, 2016, 2 (11): 995- 1007.
40	ZHANG Z F, YANG K, ZHANG J, et al. Security of the SM2 signature scheme against generalized key substitution attacks[EB/OL]. [2023-09-05]. https://link.springer.com/chapter/10.1007/978-3-319-27152-1_7.
41	任瑞芳, 汪学明. 基于ECC的广义门限签密方案设计. 计算机工程与设计, 2011, 32 (1): 17- 20.
	REN R F , WANG X M . Design of generalization of threshold signcryption scheme based on ECC. Computer Engineering and Design, 2011, 32 (1): 17- 20.
42	YU H F , WANG S B . Certificateless threshold signcryption scheme with secret sharing mechanism. Knowledge-Based Systems, 2021, 221, 106981.

[1]	许晋, 贾向东, 韩向花, 张兴元. 非线性能量采集的工业物联网非线性信息年龄分析[J]. 计算机工程, 2024, 50(8): 198-206.
[2]	陈纪成, 包子健, 罗敏, 何德彪. 一种面向工业物联网的远程安全指令控制方案[J]. 计算机工程, 2024, 50(3): 28-35.
[3]	邢丹丹, 曹素珍, 赵晓, 周大伟, 王正. 车联网环境下多接收者匿名签密方案[J]. 计算机工程, 2024, 50(10): 205-215.
[4]	陈福安, 柳毅. 基于区块链的V2G无证书环签密隐私保护方案[J]. 计算机工程, 2023, 49(6): 34-41,52.
[5]	王翊丞, 郭瑞, 蒙彤, 刘颖菲. 智能电网中基于代理盲签密的隐私保护方案[J]. 计算机工程, 2023, 49(5): 150-164.
[6]	李斌, 吴坡, 王丹, 安浩杨, 何德彪. 一种适用于电力终端设备的无证书在线/离线签密方案[J]. 计算机工程, 2023, 49(12): 146-151, 160.
[7]	牛淑芬, 闫森, 吕锐曦, 周思玮, 张美玲. V2V车联网中隐私保护性异构聚合签密方案[J]. 计算机工程, 2022, 48(9): 20-27,36.
[8]	王杰昌, 张平, 高远, 刘玉岭. 融合可链接环签密的智能合约电子投票协议[J]. 计算机工程, 2022, 48(4): 126-132.
[9]	刘晶, 朱炳旭, 梁佳杭, 任女尔, 季海鹏. 基于主侧链合作的区块链访问控制策略[J]. 计算机工程, 2022, 48(3): 10-16,22.
[10]	陈虹, 侯宇婷, 郭鹏飞, 周沫, 赵菊芳, 肖成龙. 可公开验证的高效无证书聚合签密方案[J]. 计算机工程, 2022, 48(10): 146-157.
[11]	李秋贤, 周全兴, 王振龙, 丁红发, 潘齐欣. 基于隐私保护的可证明安全委托计算协议[J]. 计算机工程, 2021, 47(5): 131-137.
[12]	王众, 韩益亮. 基于Niederreiter密码体制的抗量子签密方案[J]. 计算机工程, 2020, 46(5): 193-199.
[13]	吕佳, 曹素珍, 寇邦艳, 张志强, 韩龙博. 5G网络下的无证书身份隐藏签密方案[J]. 计算机工程, 2020, 46(3): 34-39.
[14]	杨小东, 裴喜祯, 安发英, 李婷, 王彩芬. 基于身份聚合签名的车载自组网消息认证方案[J]. 计算机工程, 2020, 46(2): 170-174,182.
[15]	牛淑芬,杨喜艳,王彩芬,田苗,贾向东. 基于异构密码系统的混合盲签密方案[J]. 计算机工程, 2018, 44(8): 151-154,160.

选择文件类型/文献管理软件名称

选择包含的内容