A Novel Attribute-Based Encryption Approach with Integrity Verification for CAD Assembly Models

Abstract

Cloud manufacturing is one of the three key technologies that enable intelligent manufacturing. This paper presents a novel attribute-based encryption (ABE) approach for computer-aided design (CAD) assembly models to effectively support hierarchical access control, integrity verification, and deformation protection for co-design scenarios in cloud manufacturing. An assembly hierarchy access tree (AHAT) is designed as the hierarchical access structure. Attribute-related ciphertext elements, which are contained in an assembly ciphertext (ACT) file, are adapted for content keys decryption instead of CAD component files. We modify the original Merkle tree (MT) and reconstruct an assembly MT. The proposed ABE framework has the ability to combine the deformation protection method with a content privacy of CAD models. The proposed encryption scheme is demonstrated to be secure under the standard assumption. Experimental simulation on typical CAD assembly models demonstrates that the proposed approach is feasible in applications.

Content

《1. Introduction》

1. Introduction

As investigated in a survey paper published in Engineering [1], intelligent manufacturing is the state-of-the-art product development philosophy, and comprises intelligent manufacturing technology, Internet of Things (IoT)-enabled manufacturing, and cloud manufacturing [1,2]. With the development and application of cloud computing [3–5], traditional computer-aided design (CAD), computer-aided engineering (CAE), and computer-aided manufacturing (CAM) systems are moving to cloud-based design and manufacturing (CBDM) [6–8], raising new information security problems for enterprises, especially for small and medium-sized enterprises (SMEs) [9].

Due to limitations of funds and resources, SMEs cannot build private clouds as large companies do. Well-known public cloud service providers (CSPs) have experienced various security problems; thus, semi-trusted or untrustworthy public clouds challenge the information security of SMEs in cloud-based co-design processes [10–13]. As a core ingredient of collaborative product development [14–18], CAD models contain abundant intellectual properties and therefore encounter security problems. Information security depends on the reliability of the industrial cloud [19,20]. A vital security issue for CBDM is how to avoid illegal access to the confidential information contained in CAD models within codesign environments [21–23].

One typical access-control method is to apply a standard encryption technique, such as attribute-based encryption (ABE) [24]. But a simple introduction of ABE access-control into CAD assembly models is inefficient and inflexible. Some flexible access-control approaches have been reported for cloud computing [25–28]. Therefore, how to develop an efficient and flexible accesscontrol approach to protect outsourced and co-designed CAD assembly models remains a challenge in CBDM.

This paper proposes a novel ABE approach with integrity verification for CAD assembly models. In contrast to existing ciphertext policy ABE (CP-ABE) and related methods [24–28], a hierarchical access-control encryption scheme that enables flexible authentication for users with different privilege levels is proposed for legitimate access to CAD assembly models.

The rest of this paper is organized as follows. In Section 2, related work is reviewed. In Section 3, we discuss our design goals and declare the problem formulation. In Section 4, we present a cloud-based sharing architecture for assembly models. In Section 5, we elaborate details of the encryption scheme for the proposed approach and illustrate its security proof and theoretical analysis. In Section 6, we demonstrate the performance of the proposed encryption scheme. Finally, the paper is concluded in Section 7.

《2. Related work》

2. Related work

《2.1. Access control》

2.1. Access control

Access control, which originated from the concept of the access matrix, is an important way of protecting data confidentiality and privacy [29–33]. A framework for access control in CAD environments (FACADE) has been presented to protect CAD models [34], and a data-security model for collaborative design and data management systems has been proposed to combine multiple security technologies with access control [35]. Chang et al. [36] reported an access-control system based on multiple methods for use in sharing CAD design drawings. Speier et al. [37] used hybrid access control for product data-security processing.

Roles-based access control is a mainstream approach for codesign [38,39]. However, with the expansion of complex processes, co-design users, and product models, ‘‘role explosion” problems can occur. Furthermore, existing access-control methods are based on a single model file and are thus inflexible.

《2.2. Encryption approaches》

2.2. Encryption approaches

Encryption has been extensively applied in multimedia data [40]. Nishchal and Naughton [41] proposed a multi-level encryption architecture based on optical principles, which can be used to handle three-dimensional (3D) holograms with parallax and multitude sharing. Huang et al. [42] reported an encryption method based on virtual holography for 3D cube data. This method was used to generate holographic images of a 3D cube for computersimulated holography, based on which the proposed encryption process was carried out. Kim and Yoo [43] and Chen and Tsai [44] proposed a hierarchical encryption method for assembly entity models, in which different users could gain access to data from different parts of an assembly model file. Each level of the file was encrypted with different keys, and each key was only authorized for the use of the designated user. Researchers have also extended the concept of encryption to shape deformation [45–48].

《2.3. Attribute-based encryption》

2.3. Attribute-based encryption

Fuzzy identity-based encryption (i.e., ABE) is the most promising encryption primitive for supporting fine-grained access control [24]. At present, ABE is mainly divided into two categories: CP-ABE [28] and key policy ABE (KP-ABE) [49]. In CP-ABE, ciphertext is associated with an access structure defined by the data owner, while keys are associated with attributes. On the contrary, in KPABE, ciphertext is associated with attributes while keys are associated with an access structure defined by the data owner. Both schemes are constructed in a single-file scenario.

Hierarchical attribute-based solutions have been studied for multi-file scenarios. Miao et al. [25] introduced the idea of hierarchical data into attribute-based key searching in cloud computing. Wan et al. [26] proposed a hierarchical attribute-set-based encryption (HASBE) scheme built upon an attribute-set-based scheme in order to realize a more precise attributes-satisfaction policy in a multi-file scenario. However, the hierarchical access structure was too complex to apply the scheme for huge CAD models. Wang et al. [27] presented a file hierarchical CP-ABE (FH-CP-ABE), in which a loophole in the recursive formula for ciphertext components might lead to illegal access.

《2.4. Contributions》

2.4. Contributions

For access-control authentication, this manuscript presents a novel ABE scheme for CAD assembly models, named the CAD assembly hierarchy file CP-ABE (CAD-CP-ABE) scheme. In the proposed technical method, a symmetrical encryption algorithm is utilized for plaintext encryption, and the CAD-CP-ABE scheme is used for content keys (CKs) management.

Unlike existing CP-ABE techniques, the access structure of the upper nodes in the proposed scheme is more concise than that of the lower nodes. Thus, we redefine the node definition and submit a new set of generation rules in order to avoid excessive redundant nodes. In this way, the proposed method makes the hierarchical access structure assembly hierarchy access tree (AHAT) applicable to CAD assembly models. The AHAT contains file nodes, attribute nodes, and threshold nodes. The assembly ciphertext (ACT) file contains the AHAT and all ciphertext elements, and will be used by co-design users with legitimate access rights.

For integrity verification, we propose an assembly Merkle tree (MT) technique after modification of the original MT, which can prevent CAD files from being illegally removed from or added to the cloud service. We also adopt a deformation-based technique to protect shape information. These two methods are combined together to enhance our approach.

《3. Problem formulation》

3. Problem formulation

Before presenting our architecture (Section 4), we analyze information security problems regarding design chain management (DCM) and collaborative design [38,50–52]. A typical DCM collaboration model is discussed in Ref. [50]. The model establishes six levels for collaboration. Collaboration problems include trusting communication, negotiation, and authority distribution.

In a cloud-based collaboration process, collaborators not only have to negotiate with others, but also have to deal with security problems. Therefore, authentication, integrity, and information privacy are key aspects of information sharing.

Based on the above analysis, we formally define our problems and then indicate our design goals.

《3.1. Threat model》

3.1. Threat model

The proposed architecture involves four entities: the data owner, data users, authority, and CSP. The data owner is trusted, and the data users are authorized by the authority and are collaborated. The authority is a completely trusted entity that is in charge of generating and distributing public and secret keys (SKs). The CSP is a semi-trusted outsourcing entity in cloud systems; therefore, ① the data could be illegally accessed, and/or ② the cloud services may deviate from the prescribed protocols and mount a data integrity attack. To enforce the confidentiality of information and hierarchy access control, the data owner first deforms the private features of the CAD models and then encrypts the data files with an attribute-based access policy before outsourcing the data files into the CSP. To decrypt the data files shared from various data owners, a data user submits her attributes to the authority in order to obtain her SK.

《3.2. Design goals》

3.2. Design goals

The proposed approach aims to achieve the following functions and security goals:

• Authentication. Each CAD model data file should be accessed through valid access privileges. Our approach ensures that plaintext data cannot be revealed. An adversary cannot learn any useful information from the ACT file. In addition to achieving authorization, we ensure that upper-level privileged users have access to all their lower level privileged user files.

• Integrity. A CAD assembly model is usually composed of a group of data files. It is necessary to ensure that none of the files of the model are tampered with, added, or deleted. With ABE, the plaintext of files can be completely hidden. This integrity ensures that the fixed-tree structure of the CAD model is not tampered with by the CSP or by malicious visitors through assembly MT technology.

• Confidentiality. Since confidential information is shared with the collaborators, who may be potential competitors, information leakage may occur. This problem is solved by deforming the sketches of CAD models before sharing them.

《3.3. Preliminaries》

3.3. Preliminaries

Bilinear maps: Let p be a prime number, G₀ and G_T be two multiplicative groups of integers modulo p. The generator of G₀ is g.

Bilinear mapping e : G₀ × G₀ → G_T satisfies the following properties:

• Bilinearity: For any u, v G₀ and , Z_p = {0, 1, 2, ..., p–1}, it has .

• Non-degeneracy: There exist u, v G₀, such that .

• Computability: For all u, v G₀, there is an efficient computation .

Definition 1: Bilinear Diffie-Hellman (BDH) generator. For a random algorithm with a security parameter k (k > 0) as input, the BDH generator outputs the description of two groups, G₀ and G_T, and common prime order p. Furthermore, if a bilinear mapping e, G₀ × G₀ → G_T, can be effectively calculated in the polynomial time of k, the algorithm is called as a BDH parameter generator.

Definition 2: Determinant BDH (DBDH) problem. Let G₀, G_T, and e be the outputs of the parameter generator in Definition 1, and then let g be the generator of group G₀. The DBDH problem is defined as follows: Given < > (in which the random elements ), determine whether the equation established is valid.

MT: In computer science, a hash tree is a tree-like data structure, also known as an MT [53]. As shown in Fig. 1, each leaf node uses the hash of itself as its label (e.g., H3 = hash(A)), while the non-leaf node uses the encrypted hashes of its sub-node labels as its label. An MT can validate the content of a large data structure with the following characteristics:

• The MT is a tree structure that possesses all the tree structure features.

• Without checking all the entire dataset, it can be concisely proved whether a datum belongs to a data group or not.

• The hash of each node in the MT will prove the integrity and correctness of the data content.

《Fig. 1》

Fig. 1. An example of an MT. A, B, C, and D are four files needed to be encrypted by MT; H0, H1, H2, H3, H4, H5, and H6 are labels of nodes in MT.

《4. Overview of the proposed approach》

4. Overview of the proposed approach

《4.1. System architecture》

4.1. System architecture

Fig. 2 illustrates the system architecture of our approach for CBDM.

《Fig. 2》

Fig. 2. The architecture of the proposed approach for a CBDM assembly MT. A, B, C, D, and R are five files of M. M₀: original CAD assembly model; M: deformed CAD assembly model; M' : ciphertext for M; Id: identity of each file node in assembly MT.

Authority: The authority is a completely trusted entity that can verify the identity attributes of the users.

Data owner: The data owner will store and share a CAD assembly model through CSP. This entity is in charge of creating an assembly MT and an AHAT, deforming sketches, and executing encryption functions. It uploads one model’s encrypted files, an ACT file, and an assembly MT to the CSP.

User: The user will download the ACT file and all or parts of encrypted files from one cloud server (B). Cloud server B executes decryption functions. The user will verify the structural integrity of the downloaded files with another cloud server (A).

CSP: The CSP is a semi-trusted outsourcing entity that provides ciphertext storage and transmission services.

《4.2. The building blocks of the proposed approach》

4.2. The building blocks of the proposed approach

A secure co-design for CAD assembly models involves three building blocks: the assembly MT, deform-based protection, and the CAD-CP-ABE scheme.

As shown in Figs. 3(a) and (b), an assembly, Assem02, has a fixed structure that can be presented abstractly as a tree graph. Each component (a collective name for the parts and assemblies) becomes a node of this tree graph.

We build an assembly MT to support integrity verification, as shown in Fig. 3. There are two kinds of nodes in the assembly MT. Part (leaf) nodes are represented as [identity (Id), value] pairs, where the value is the hash of the leaf file calculated by a collisionresistant hash function (e.g., message digest algorithm 5 (MD5) and secure hash algorithm (SHA)). Assembly (non-leaf) nodes are represented as [Id, value1, value2] pairs, where value1 is equal to its hash value and value2 is equal to the hash value of the string that is sequentially connected by all the children’s hashes.

When a user can access all the files of Assem6 with privilege and submits the Id Assem6-1 to the CSP, the contents of the correct hash value file produced by the cloud should be: [Assen6-1, H4, hash(H1 + H2)]; [Part004-1, H1]; and [Part003-1, H2], as shown in Fig. 3(c). The user will compute the hashes of the downloaded files and compare them with the received hashes. If the files have been modified or the structure has been destroyed, these problems can easily be found by the user.

《Fig. 3》

Fig. 3. An illustrative example of Assem02. (a) An assembly structure of Assem02 in SolidWorks; (b) an abstract structure tree of Assem02; (c) the assembly MT of Assem02.

4.2.1. Deformation-based protection

Typical CAD models consist of various features {F_i} (a set of model features), as shown in Fig. 4(a). Features are created based on a series of constraints and sketches {S_i } (a set of sketches of model features), both of which determine the model shapes. If the deformation method is applied to both the features and the benchmarks, the validity of the CAD models will be affected. We adopt a sketch-based deformation method to hide the confidential information of the CAD models. A sketch S_i is composed of sketch elements and constraint elements. Each sketch S_i has sketch points denoted as or and will be synthesized into a sketch matrix S_M.

We use a transformation matrix T_M to realize parametric deformation. After choosing the parameters of matrix T_M, we gradually increase the value of n from 0 until the sketches’ deformation by T_M will not destroy the model constraints. A new sketch matrix, S_M' , is obtained by multiplying S_M by T_M, as shown in Eq. (1).

This deformation method is robust and flexible for CAD models, because sketches can be restored to the original shapes according to the encryption matrix T_M, and CAD models can also be easily restored to their original states.

The transformation matrixes for two-dimensional (2D) and 3D features are defined as follows:

where means a decimal randomly selected between 0.9 and 1.1, and are two coefficient satisfied 0 < , < 1, and n is an integer increasing from 0. The deformation is explained in Fig. 4. As shown in Fig. 4(a), Cyt-Extrude1 is a private feature that cannot be shared with others. We modify its Sketch4 with the transformation matrix to obtain a deformed Part003, as shown in Fig. 4(c).

《Fig. 4》

Fig. 4. An example of feature sketch deformation for Part003. (a) The FeatureManager of Part003 in SolidWorks; (b) the original Part003; (c) the deformed Part003.

4.2.2. The CAD-CP-ABE scheme

The proposed scheme for CKs management is based on the bilinear maps definition and a CP-ABE encryption policy. It consists of four functions: Setup, KeyGen, Encrypt, and Decrypt.

(1) (PK, MSK) Setup(1^k ). This function inputs a security parameter k and a prime number p, and outputs public key (PK) and master SK (MSK).

(2) (SK) KeyGen(PK, MSK, S). This function inputs PK, MSK, and a set of attributes of one user S, and generates a SK for the attributes set S.

(3) (ACT) Encrypt(PK, CK, AT). This function inputs PK, the CKs, and a set of all attributes AT, and outputs ACT for CKs.

(4) Derypt(PK, ACT, SK). This function inputs PK, an ACT file, and the SK file of the user. SK is described by S. If S satisfies the access structure of the AHAT, some or all of the CKs,, can be decrypted. Then, the corresponding files will be decrypted with the corresponding CKs, ck_i, where num represents the number of all the CKs.

《4.3. System secure co-design process》

4.3. System secure co-design process

The secure co-design process comprises the following steps:

(1) Deform private features: For a CAD assembly model M₀ owned by the data owner (D), the private shape features (F_i) of the components inside the assembly will be hidden using a deformation-based method. M₀ is transferred into a new CAD assembly model M before sharing.

(2) Construct an assembly MT: The D will build an assembly MT, as shown in Fig. 3.

(3) Enact the encryption process: The files (i.e., plaintext) of M will be encrypted as model ciphertext with CK = by means of a symmetric encryption algorithm. The D will first generate an AHAT and then compute the ACT file for CK = through the Encrypt function in the CAD-CP-ABE scheme (i.e., the CAD-CP-ABE encryption process).

(4) Share data files: The D will upload the assembly MT, the M' , and the CKs ACT file to the CSP. The assembly MT is stored separately on cloud server A. M' and ACT are stored on cloud server B.

(5) Verify structural integrity: The co-design user (U) can send a set of files to the CSP, which stores the assembly MT in the cloud server with other shared files. This server will return a set of hash values for integrity verification.

(6) Obtain plaintext: The U will send its identity attributes to the trusted authority to retrieve the SKs. Ciphertext elements in the ACT file are combined with SKs to evaluate the CK. Then the encrypted model files M' are decrypted with the CKs.

《5. Detailed process of the CAD-CP-ABE scheme》

5. Detailed process of the CAD-CP-ABE scheme

《5.1. Hierarchy access structure construction for the CAD-AP-ABE scheme》

5.1. Hierarchy access structure construction for the CAD-AP-ABE scheme

The access structure T1 in Fig. 5(a) is based on a CP-ABE scheme to decrypt the source file m1. Each non-leaf node is a threshold node, and each leaf node is associated with attributes. The root node represents a source file. The threshold value is num1/num2, where num1 represents ‘‘the number of nodes that need to satisfy conditions” and num2 represents ‘‘the total number of children.”

For a CAD assembly model structure, as shown in Fig. 5(b), nodes on a higher level would be accessed by fewer users. If attribute nodes are inserted into the model structure, repeated attribute nodes will increase the unnecessary overhead, as shown in Fig. 5(b). At the same time, a duplicate component node will also add overhead.

《Fig. 5》

Fig. 5. An example of access structures in the CP-ABE scheme. (a) An example of an access structure tree. T1 is the access structure of m1. (b) The hierarchical access structure for Assem02 and Part004. Attri: attribute node.

Therefore, we specify the following rules to generate the AHAT in our scheme:

(1) Extract the integrated assembly model structure for AHAT generation.

(2) Divide the structure into component nodes and hidden nodes. As node 2 and node 3 represent the same attribute, if they have the same parent node 1, or if the parent of node 2 is the ancestor of node 3, set node 2 and its descendant nodes to be hidden nodes in the AHAT.

(3) Insert attribute nodes and/or threshold nodes for each component from the assembly to construct the AHAT. In order to decrease the complexity of the AHAT, it is necessary to prune the attribute structures. If any component node has the same access attribute structures as its parent/ancestor nodes, these attributes are cut off and the access structure is changed.

The identity attributes are defined hierarchically, as follows: chief engineer, deputy chief engineer, project engineer, engineer, and assistant engineer. The corresponding attributes collection AT = { 1, 2,3, 4, 5} . For example, we list the three companies C1, C2, and C3 as company attributes and define their values as 6, 7, and 8, respectively. The total attributes set AT = { 1, 2, 3, 4, 5, 6, 7, 8} .

As shown in Fig. 6, there is an AHAT that describes an access structure and contains several access levels. The terms and functions of the AHAT and nodes are as follows:

《Fig. 6》

Fig. 6. The AHAT that is the integrated hierarchical access structure of the assembly model.

(x, y): This binary denotes a non-hidden node in AHAT. The symbol x represents the node’s row (from the top to bottom), and y represents the node’s column (from left to right). For example, the binary of node Assem02 is (1, 1), the binary of node Part005-1 is (2, 1), and the binary of attribute 3 on level three is (3, 5) in Fig. 6.

num_(x,y): This denotes the number of non-hidden nodes in the children set of (x, y) in the AHAT. For example, num_(2,2) = 2 in Fig. 6.

k_(x,y): This denotes the threshold value of a non-hidden node (x, y), where 0 < k_(x,y) num_(x,y). If (x, y) is a leaf node, k_(x,y) = 1. For example, k_(1,1) = k_(2,2) = 2.

parent(x, y): This represents the parent of node (x, y) in the AHAT. For example, parent(5, 1) = (4, 3) in Fig. 6.

att(x, y): This denotes an attribute associated with the leaf node (x, y) in the AHAT.

index(x, y): This returns a unique value associated with the node(x, y). The index values are uniquely assigned to the nodes in the AHAT in an arbitrary manner for a given key.

《5.2. Encryption and decryption process of CKs》

5.2. Encryption and decryption process of CKs

DBDH is a bilinear parameter generator. Assume that the data owner shares files with num responding CKs, CK = { ck₁, ..., ck_num }. In addition, two hash functions H₁:{0,1}* → G₀ and H₂:{0,1}* → G_T are used in the CAD-CP-ABE scheme.

Setup(1^k). The authority executes this function within a security parameter k and random numbers . The DBDH will output PK and MSK as shown in Eqs. (2) and (3), respectively.

KeyGen(PK, MSK, S). The authority executes this function with a set of attributes of one user S, and creates SK as shown in Eq. (4), where r Z_p and r_j Z_p are randomly chosen for this user. D is a normal key parameter, D_j and D_j ' are key parameters that belong to attribute j. D, D_j, and D_j ' make up SK.

In the proposed approach, the attribute set of one user has two elements: a position attribute and a company attribute. Thus, S is usually two tuples.

Encrypt(PK, CK, A). The data owner selects num random numbers for CK = , and computes C_iand C_i' for all component nodes {i = 1, 2, ..., num}, as shown in Eq. (5). C_iand C_i' are key parameters that belong to ck_i.

Generate a polynomial q_(x,y) for each non-hidden node with polynomial rules in a top-down manner, as follows:

(1) Start from the root node.

(2) The degree of q_(x,y) is k_(x,y) – 1.

(3) If (x, y) is a component node, q_(x,y)(0) = s_i. Otherwise, q_(x,y)(0) = q_parent(x,y)(index(x, y)). Other polynomial information of q_(x,y) is randomly selected.

For each leaf node, the data owner computes and , as shown in Eq. (6). and are two key parameters used for decryption for node (x, y).

For each component node that has component nodes as children, the data owner computes as shown in Eq. (7), where the component children set is {child₁, ..., child_l, ...}. is a key parameter used between parent node and children nodes.

The data owner outputs the integrated ACT file, as shown in Eq. (8).

Decrypt(PK, ACT, SK). A user needs the PK and the SK described by S to decrypt ACT.

For the leaf node (x, y), we define DecryptNode(ACT, SK, (x, y) as Eq. (9), where j = att(x, y), and if , DecryptNode(ACT, SK, (x, y)) = null.

For each component/threshold node, we define DecryptNode (ACT, SK, (x, y)) as shown in Eq. (10), where z are the attribute/ threshold children of (x, y), S_(x,y) is an arbitrary k_(x,y)-sized attribute/threshold children set of (x, y) in the AHAT, S'_(x,y) = index(z) : , and val = index(z).

Because the random number s_iof component (x, y) is irrelevant with its parent’s random number, z cannot be the component node.

Next, e(g, g) ^as_i can be computed by means of Eq. (11), where i is the number of the component node (x, y).

Because the parent file needs to use all the children files, (x, y) has access to decrypt all the children files. The is the intermediate parameter of the decryption. We can compute of component child l for component node (x, y) in the AHAT using Eq. (12).

Then, the corresponding CKs, ck_i, are decrypted by executing Eq. (13), where i is the number of the component node (x, y).

Finally, ck_i is used to decrypt the corresponding file.

《5.3. Security proof for the CAD-CP-ABE scheme》

5.3. Security proof for the CAD-CP-ABE scheme

5.3.1. Security model

In the proposed scheme, the SK for the user is associated with an attribute set, and the ACT is associated with the access structure. The security model of our scheme should resist the CPA. The CPA security game between the adversary, A1, and the challenger, B1, requires that A1 select the challenging structure AT* and can require all SK where SK does not satisfy AT*.

(1) Initialization. A1 selects a challenging structure AT* and delivers it to B1.

(2) Setup. B1 runs the Setup(1^k ) algorithm and sends PK to A1.

(3) Query Phase 1. A1 selects a series of attribute sets S₁, ..., S_w; , to repeatedly query B1 for the SK. B1 answers these queries by running the KeyGen(PK, MSK, S_i) algorithm.

(4) Challenge. A1 selects two messages, m₀ and m₁, which are of equal length, to be challenged. Then B1 randomly selects a bit and encrypts m_μ with access structure AT*. Finally, B1 gives the ciphertext ACT* to A1.

(5) Query Phase 2. This is the same as Query Phase 1.

(6) Guess. A1 outputs a guess bit . If μ' = μ, A1 wins the security game; otherwise, it fails. The advantage of A1 in winning the CPA game is defined as , where Pr stands for probability.

Definition 3. The CAD-CP-ABE scheme is secure against the CPA if no probabilistic polynomial-time adversary A1 can win the security game.

5.3.2. Security proof for the proposed scheme

Theorem 1: Suppose the DBDH assumption holds in < G₀, G_T >, then no polynomial adversary can selectively break the proposed scheme.

Proof: Assume that adversary A1 comes against our construction with a non-negligible advantage in the selective security game. Challenge B1 can distinguish the DBDH tuple D_bdh and the random tuple D_rand with a non-negligible probability, ε/2. Let e : G₀ ×G₀ →G_T be an efficiently computable bilinear map, where G₀ has prime order p with generator g. The challenger randomly selects parameters , a random value , and a random element . If u = 0, then the challenger B1 sets (g, A, B, C, T)=; otherwise, the challenger sets(g, A, B, C, T)= . The ACT can be calculated as ACT = , according to Eq. (8).

(1) Initialization. Adversary A1 selects the challenging structure AT* and sends AT* to the challenger, B1.

(2) Setup. To provide a PK to A1, B1 randomly chooses a number , and defines . It computes = . Meanwhile, it sets . For given β, . Finally, B1 gives PK to A1.

(3) Query Phase 1. In this phase, A1 can query the SK by submitting an attribute set . Later, B1 randomly picks a number and sets . B1 can obtain D = . Then, for each attribute , B1 needs to randomly choose . It constructs the remaining SK as follows: , . Finally, B1 sends SK to A1.

(4) Challenge. A1 submits two messages, mess₀ and mess₁, of equal length to B1. B1 randomly generates a bit, . With the encryption operation under AT*, B1 computes ACT* as . Finally, B1 sends ACT* to A1.

(5) Query Phase 2. This is the same as Query Phase 1.

(6) Guess. Finally, A1 outputs a guess bit . If μ' = μ, B1 outputs 0 to indicate (g, A, B, C, T) . Otherwise, B1 outputs 1 to indicate (g, A, B, C, T) . The probability of success of adversary A1 in the game with challenger B1 is calculated as follows.

If , that is, T = g^abc, then ACT* is a valid ciphertext; in this case, the advantage of adversary A1 is ε.

If , the inequation holds. With an advantage of 1/2, adversary A1 has nothing to do with the distribution on . In this case, there is no advantage for adversary A1.

Lastly, the advantage of the challenge B1 is described as follows:

《5.4. Theoretical analysis》

5.4. Theoretical analysis

Let C_e be the e operation (bilinear pairing). Suppose that is the number of attribute nodes, A_c is the set of component nodes that have component nodes as children, and A_u is the attributes set of user U.

There are k CKs, and each node in A_c contains n component nodes as children. In the CAD-CP-ABE scheme, some attribute nodes of lower level component nodes are cut off in generating the AHAT. Thus, when the number of CKs is fixed, the encryption time is related to k, , and .

In our approach, is constant, which makes the decryption time independent of the leaf nodes. Suppose user U has privileges to access the root node. Because the minimum number of interior nodes satisfying a root access structure is two, there are just two attribute nodes. The root node is calculated as shown in Eq. (9). The decryption time is related to k and .

Moreover, the size of the ACT can be obtained by Eq. (8), as shown in Table 1, where L is the length of elements G_i , i .

《Table 1》

Table 1 Features of CAD-CP-ABE (CK ={ ck₁, ..., ck_k }).

《6. Experiments》

6. Experiments

《6.1. Experimental simulation》

6.1. Experimental simulation

This approach executes two encryption processes: plaintext encryption and CKs encryption. For plaintext encryption, we use the advanced encryption system (AES) algorithm to encrypt and decrypt the assembly files. For CKs encryption, we implement the CAD-CP-ABE scheme of the CKs based on a Java pairing-based cryptography (JPBC) library [54]. We use a Type A bilinear map. Type A pairings are constructed on the curve y² = x³ + x over the field of F_q. This pairing is symmetrical, and the order r is some prime factor of q + 1. Type A needs two parameters rBits = 160. All results are the averages of 20 experiments.

《6.2. Experimental results》

6.2. Experimental results

As shown in Fig. 7, we use the AES algorithm to encrypt and transform an assembly format to a text format, and the decryption process is the reverse procedure of encryption. This experiment confirms the practicability of an encryption algorithm on the assembly files, where the encryption and decryption processes will not destroy the content integrity.

《Fig. 7》

Fig. 7. An example of assembly file encryption and decryption with the AES algorithm.

As shown in Fig. 8(a), the generation time of SKs is approximately linear. Because some parameters of each experiment are newly selected, a slight computation error is caused in a linear relationship. We use method newElement() for Object Pairing to generate a SK. The time of this process is less than 2 s, and all processes are not greater than 50 s. We choose to use the method newRandomElement() to strengthen security in this process, which results in extra time cost.

The encryption and decryption experimental results are presented in Figs. 8(b)–(d). As shown in Fig. 8(b), we assume that there are various leaf nodes with two hierarchy files. Based on the rules of AHAT generation, the number of leaf nodes in CADCP-ABE is equal to |A_a2| in CP-ABE. As shown in Fig. 8(c), there are various hierarchy files with fixed leaf nodes (N = 30). Figs. 8(b) and (c) show that the results increasingly and approximately follow a linear relationship. Obviously, the number of leaf nodes has a greater impact on the time cost in CAD-CP-ABE.

The decryption time of the CKs is counted from the root node. In our approach, just two leaf nodes need to be satisfied for the root node in CAD-CP-ABE and for each component node in CP-ABE. When a user U obtains its CK for file A, then U can derive CKs for all other component nodes under A layer by layer within the ACT file. The decryption time cost is only related to the number CKs, as shown in Fig. 8(d).

《Fig. 8》

Fig. 8. Experimental results of CKs encryption and decryption. (a) SKs generation time and all number of attributes; (b) encryption time cost for two CKs; (c) encryption time cost for 30 leaf nodes; (d) decryption time cost of all CKs from the root node.

The experiments demonstrate that the proposed scheme improves the encryption and decryption efficiency.

《7. Conclusion》

7. Conclusion

In this paper, we proposed a hierarchical assembly files-sharing approach to protect CAD models for outsourcing and co-design in the era of cloud-based design and manufacture. This approach combines an ABE scheme, structural integrity checking, and deformation-based shape protection for CAD assembly models. The simulation experiments demonstrated that the approach is feasible in terms of computation efficiency and flexibility.

For future works, the first direction is to determine how to extend the shape encryption from sketch-based CAD part deformation to CAD assembly deformation. The second direction is to adopt multi-core computing techniques and optimization approaches [55–61] in order to accelerate the encryption and decryption for CAD big data. The third direction is to extend the proposed approach to other multimedia data [62–67]. Finally, we will integrate a searchable encryption scheme into the proposed approach [68,69].

《Acknowledgments》

Acknowledgments

The work is supported by the National Natural Science Foundation of China (62072348) and the Science and Technology Major Project of Hubei Province (Next-Generation AI Technologies; 2019AEA170).

《Compliance with ethics guidelines》

Compliance with ethics guidelines

Yueting Yang, Fazhi He, Soonhung Han, Yaqian Liang, and Yuan Cheng declare that they have no conflict of interest or financial conflicts to disclose.

Show More