TSA-IPFE: A Secure Solution for Authorization Revocation and Dynamic Identity Assignment in IoT

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Internet of Things Journal Pub Date : 2025-02-21 DOI:10.1109/JIOT.2025.3544641

Haoxuan Yang;Changgen Peng

{"title":"TSA-IPFE: A Secure Solution for Authorization Revocation and Dynamic Identity Assignment in IoT","authors":"Haoxuan Yang;Changgen Peng","doi":"10.1109/JIOT.2025.3544641","DOIUrl":null,"url":null,"abstract":"Inner product functional encryption (IPFE) offers strong privacy protection for smart devices by outputting only the results of function computations, minimizing data leakage. This makes it well-suited for privacy-preserving operations in edge cloud environments, however, the edge cloud increases the complexity of the information authorization system, and traditional static authorization methods hinder collaboration between smart devices. Moreover, existing IPFE schemes fail to revoke computational authorizations when a smart device switches edge clouds. To address these challenges, we propose the two-step authentication IPFE scheme (TSA-IPFE), specifically designed for the three-tier “cloud-edge cloud-smart device” architecture. TSA-IPFE enables dynamic authorization management through a two-step identity-matching process. This process revokes computational authorizations as devices move between edge clouds. It also facilitates dynamic authorization by setting up identity validation processes at different network locations, enabling seamless collaboration between smart devices from different vendors within the same cloud architecture. Finally, we prove the semantic security and anonymity of TSA-IPFE through a simulation-based proof, utilizing indistinguishable transformations in the dual system, a comparison with other algorithms demonstrates the efficiency of TSA-IPFE on a common platform.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 12","pages":"20288-20300"},"PeriodicalIF":8.9000,"publicationDate":"2025-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10899827/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Inner product functional encryption (IPFE) offers strong privacy protection for smart devices by outputting only the results of function computations, minimizing data leakage. This makes it well-suited for privacy-preserving operations in edge cloud environments, however, the edge cloud increases the complexity of the information authorization system, and traditional static authorization methods hinder collaboration between smart devices. Moreover, existing IPFE schemes fail to revoke computational authorizations when a smart device switches edge clouds. To address these challenges, we propose the two-step authentication IPFE scheme (TSA-IPFE), specifically designed for the three-tier “cloud-edge cloud-smart device” architecture. TSA-IPFE enables dynamic authorization management through a two-step identity-matching process. This process revokes computational authorizations as devices move between edge clouds. It also facilitates dynamic authorization by setting up identity validation processes at different network locations, enabling seamless collaboration between smart devices from different vendors within the same cloud architecture. Finally, we prove the semantic security and anonymity of TSA-IPFE through a simulation-based proof, utilizing indistinguishable transformations in the dual system, a comparison with other algorithms demonstrates the efficiency of TSA-IPFE on a common platform.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

TSA-IPFE：物联网中授权撤销和动态身份分配的安全解决方案

内积功能加密（Inner product functional encryption， IPFE）通过只输出函数计算的结果，最大限度地减少数据泄露，为智能设备提供强大的隐私保护。这使得它非常适合边缘云环境中的隐私保护操作，然而，边缘云增加了信息授权系统的复杂性，传统的静态授权方法阻碍了智能设备之间的协作。此外，现有的IPFE方案无法在智能设备切换边缘云时撤销计算授权。为了应对这些挑战，我们提出了专为三层“云边缘云智能设备”架构设计的两步认证IPFE方案（TSA-IPFE）。TSA-IPFE通过两步身份匹配过程实现动态授权管理。当设备在边缘云之间移动时，此过程会撤销计算授权。它还通过在不同的网络位置设置身份验证流程来促进动态授权，从而在同一云架构中实现来自不同供应商的智能设备之间的无缝协作。最后，我们利用对偶系统中的不可区分变换，通过仿真证明了TSA-IPFE的语义安全性和匿名性，并与其他算法进行了比较，证明了TSA-IPFE在通用平台上的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.