TY - JOUR
T1 - Blockchain-Enhanced Data Sharing with Traceable and Direct Revocation in IIoT
AU - Yu, Keping
AU - Tan, Liang
AU - Aloqaily, Moayad
AU - Yang, Hekun
AU - Jararweh, Yaser
N1 - Funding Information:
This work was supported in part by the National Natural Science Foundation of China under Grant 61373162, in part by Sichuan Provincial Science and Technology Department Project under Grant 2019YFG0183, and in part by the Japan Society for the Promotion of Science (JSPS) Grants-in-Aid for Scientific Research (KAKENHI) under Grant JP18K18044
Funding Information:
revocationofmalicioususershasbecomeanurgentprob-deletionforsmartfactorydata,aswellasthetrackingand HE INDUSTRIAL Internet of Things (IIoT) aims to realize lem.Tosolvetheseproblems,inthisarticle,ablockchain-Tintelligent industry through the application of intelligent enhanced security access control scheme that supports terminals with sensing capabilities, ubiquitous mobile comput-traceabilityandrevocabilityhasbeenproposedinIIoTfor ing patterns, and pervasive mobile network communication to smartfactories.Theblockchainfirstperformsunifiediden- all aspects of industrial production [1]. IIoT as well as green sets,and revocation list.Thesystemadministratorthentityauthentication,andstoresallpublickeys,userattribute IoT is designed to collect large amounts of data, and then use generates system parameters and issues private keys to that data to troubleshoot, identify performance bottlenecks, and users. The domain administrator is responsible for formu- detect malicious behavior [2]. Therefore, the realization of a latingdomainsecurityandprivacy-protectionpolicies,and smart factory with IIoT as the core is crucial to the development performingencryptionoperations.Iftheattributesmeetthe of smart manufacturing [3]. Smart factory is a new stage in the list,theycanobtaintheintermediatedecryptionparame-accesspoliciesandtheuser’sIDisnotintherevocation development of information technology for modern factories. tersfromtheedge/cloudservers.Malicioususerscanbe It uses IIoT technology to enhance information management tracked and revoked during all stages if needed, which and services [4]. In smart factories, a wide range of sensors ensuresthesystemsecurityundertheDecisionalBilinear in each domain and each application are used to collect data. Diffie–Hellman(DBDH)assumptionandcanresistmultiple With the rapid growth of advanced IIoT technology, processing, lic/privatekeysissmallercomparedtootherschemes,andattacks.Theevaluationhasshownthatthesizeofthepub- storage, light-weight security protocols, and data acquisition are theoverheadtimeislessforpublickeygeneration,data increasingly more easy and convenient for smart factories. This encryption, and data decryption stages. supports the functionality and value of industrial big data, known as smart factory big data (SFBD) [5]. SFBD has been widely ManuscriptreceivedJuly29,2020;revisedOctober28,2020and studied due to its huge application value to workers, managers, December 5, 2020; accepted December 15, 2020. Date of publication and decision-makers. In particular, how SFBD can be securely January5,2021;dateofcurrentversionJuly26,2021.Thisworkwas shared and privacy protected on the IIoT cloud platform becomes underGrant61373162,inpartbySichuanProvincialScienceandTech-supportedinpartbytheNationalNaturalScienceFoundationofChina particularly important [6]. nology Department Project under Grant 2019YFG0183, and in part by Currently, there are many mature IIoT clouds platforms for theJapanSocietyforthePromotionofScience(JSPS)Grants-in-Aid smart factories, such as Siemens mindsphere and GE predix [7]. no.TII-20-3659.(Correspondingauthor:LiangTan.)forScientificResearch(KAKENHI)underGrantJP18K18044.Paper These IIoT cloud platforms enable the integration of various Keping Yu is with the College of Computer Science, Sichuan Nor- devices in a smart factory, thus, solving the information island malUniversity,Chengdu610101,China,andalsowiththeGlobalIn- problem between devices. IIoT cloud platform has become the 169-8050,Japan(e-mail:keping.yu@aoni.waseda.jp).formationandTelecommunicationInstitute,WasedaUniversity,Tokyo future development trend of smart factory in terms of data Liang Tan is with the College of Computer Science, Sichuan Nor- management and information sharing services. However, as a malUniversity,Chengdu610101,China,andalsowiththeInstituteof semitrusted third party, the IIoT cloud platform has a great China(e-mail:jkxy_tl@sicnu.edu.cn).ComputingTechnology,ChineseAcademyofSciences,Beijing100190, security risk when managing factory information. Management Moayad Aloqaily is with Qatar University, 2713 Doha, Qatar (e-mail: privileges can be abused and leak factory private information. maloqaily@ieee.org). To solve the problems of data confidentiality and integrity, many University,Chengdu610101,China(e-mail:1014191945@qq.com).HekunYangiswiththeCollegeofComputerScience,SichuanNormal data encryption technologies have been applied to the security of Yaser Jararweh is with the Jordan University of Science and Technol- cloud outsourcing data. Ciphertext or attribute-based encryption ogy,Irbid3030,Jordan(e-mail:yijararweh@just.edu.jo). are just examples of access control technologies for an untrusted https://doi.org/10.1109/TII.2021.3049141.Colorversionsofoneormorefiguresinthisarticleareavailableat cloud storage server [8]. Related Cryptographic schemes have Digital Object Identifier 10.1109/TII.2021.3049141 been proposed earlier to achieve confidentiality and protect
Publisher Copyright:
© 2005-2012 IEEE.
PY - 2021/11
Y1 - 2021/11
N2 - The industrial Internet of Things (IIoT) supports recent developments in data management and information services, as well as services for smart factories. Nowadays, many mature IIoT cloud platforms are available to serve smart factories. However, due to the semicredibility nature of the IIoT cloud platforms, how to achieve secure storage, access control, information update and deletion for smart factory data, as well as the tracking and revocation of malicious users has become an urgent problem. To solve these problems, in this article, a blockchain-enhanced security access control scheme that supports traceability and revocability has been proposed in IIoT for smart factories. The blockchain first performs unified identity authentication, and stores all public keys, user attribute sets, and revocation list. The system administrator then generates system parameters and issues private keys to users. The domain administrator is responsible for formulating domain security and privacy-protection policies, and performing encryption operations. If the attributes meet the access policies and the user's ID is not in the revocation list, they can obtain the intermediate decryption parameters from the edge/cloud servers. Malicious users can be tracked and revoked during all stages if needed, which ensures the system security under the Decisional Bilinear Diffie-Hellman (DBDH) assumption and can resist multiple attacks. The evaluation has shown that the size of the public/private keys is smaller compared to other schemes, and the overhead time is less for public key generation, data encryption, and data decryption stages.
AB - The industrial Internet of Things (IIoT) supports recent developments in data management and information services, as well as services for smart factories. Nowadays, many mature IIoT cloud platforms are available to serve smart factories. However, due to the semicredibility nature of the IIoT cloud platforms, how to achieve secure storage, access control, information update and deletion for smart factory data, as well as the tracking and revocation of malicious users has become an urgent problem. To solve these problems, in this article, a blockchain-enhanced security access control scheme that supports traceability and revocability has been proposed in IIoT for smart factories. The blockchain first performs unified identity authentication, and stores all public keys, user attribute sets, and revocation list. The system administrator then generates system parameters and issues private keys to users. The domain administrator is responsible for formulating domain security and privacy-protection policies, and performing encryption operations. If the attributes meet the access policies and the user's ID is not in the revocation list, they can obtain the intermediate decryption parameters from the edge/cloud servers. Malicious users can be tracked and revoked during all stages if needed, which ensures the system security under the Decisional Bilinear Diffie-Hellman (DBDH) assumption and can resist multiple attacks. The evaluation has shown that the size of the public/private keys is smaller compared to other schemes, and the overhead time is less for public key generation, data encryption, and data decryption stages.
KW - Big data
KW - Blockchain
KW - Data sharing
KW - Industrial Internet-of-Thing (IIoT)
KW - Smart factory
KW - Traceable and revocation
UR - http://www.scopus.com/inward/record.url?scp=85099422238&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85099422238&partnerID=8YFLogxK
U2 - 10.1109/TII.2021.3049141
DO - 10.1109/TII.2021.3049141
M3 - Article
AN - SCOPUS:85099422238
SN - 1551-3203
VL - 17
SP - 7669
EP - 7678
JO - IEEE Transactions on Industrial Informatics
JF - IEEE Transactions on Industrial Informatics
IS - 11
M1 - 9314268
ER -