<p>Tactical Edge Networks (TENs) serve as critical infrastructure for disseminating time-sensitive intelligence under resource-constrained and hostile conditions such as Network-Centric Warfare (NCW) and the Internet of Battlefield Things (IoBT), where secure and efficient data sharing is a core requirement. To ensure security and privacy in such environments, strict adherence to the ”need-to-know” principle is imperative, requiring that sensitive mission data are accessible only to entities with specific authorization attributes. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) binds fine-grained access policies to ciphertexts and permits decryption only for attribute-satisfying users, rendering it inherently suitable for need-to-know control in these settings. However, the prohibitive computational overhead of bilinear pairings in CP-ABE is often impractical for lightweight frontline terminals in tactical edge networks. While outsourcing decryption to Tactical Cloud Nodes (TCNs) can alleviate this burden, it brings critical vulnerabilities in zero-trust deployments, including key exposure upon node capture, incorrect computation results, and the leakage of query intent to an honest-but-curious Command Center (CC). To address these issues, we present a novel resilient and verifiable outsourced attribute-based non-interactive oblivious transfer protocol. The proposed framework balances system efficiency with security and privacy, as well as addresses the inherent computational asymmetry between resource-constrained tactical edge devices and powerful cloud nodes. We integrate a receiver-privacy-only, NIOT-style index-hiding mechanism (RP-NIOT) into an offline/online encryption pipeline to conceal the user’s query index from an honest-but-curious command center (CC). We do not claim classical OT sender privacy; unauthorized-record confidentiality is enforced by the CP-ABE/KEM–DEM layer. In addition, we incorporate a user-held blinding factor into the transformation keys to decouple the outsourcing capability from final decryption to ensure resilience against TCN compromise. A novel lightweight hash-based verification mechanism is designed to guarantee the correctness of outsourced computations. Detailed security and efficiency analysis show that the proposed protocol achieves resilience and data confidentiality as well as other security objectives at a cost of constant (policy-size independent) online terminal overhead—dominated by two exponentiations (plus one <InlineEquation ID="IEq1"> <EquationSource Format="TEX">\(\mathbb {Z}_p\)</EquationSource> </InlineEquation> inversion), one MAC verification, two hash/KDF evaluations, and one symmetric decryption per query—making it suitable for latency-sensitive tactical applications.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Resilient and verifiable outsourced attribute-based non-interactive oblivious transfer protocol for tactical edge networks

  • Weiwei Liu,
  • Binghao Fu,
  • Lulin Wang

摘要

Tactical Edge Networks (TENs) serve as critical infrastructure for disseminating time-sensitive intelligence under resource-constrained and hostile conditions such as Network-Centric Warfare (NCW) and the Internet of Battlefield Things (IoBT), where secure and efficient data sharing is a core requirement. To ensure security and privacy in such environments, strict adherence to the ”need-to-know” principle is imperative, requiring that sensitive mission data are accessible only to entities with specific authorization attributes. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) binds fine-grained access policies to ciphertexts and permits decryption only for attribute-satisfying users, rendering it inherently suitable for need-to-know control in these settings. However, the prohibitive computational overhead of bilinear pairings in CP-ABE is often impractical for lightweight frontline terminals in tactical edge networks. While outsourcing decryption to Tactical Cloud Nodes (TCNs) can alleviate this burden, it brings critical vulnerabilities in zero-trust deployments, including key exposure upon node capture, incorrect computation results, and the leakage of query intent to an honest-but-curious Command Center (CC). To address these issues, we present a novel resilient and verifiable outsourced attribute-based non-interactive oblivious transfer protocol. The proposed framework balances system efficiency with security and privacy, as well as addresses the inherent computational asymmetry between resource-constrained tactical edge devices and powerful cloud nodes. We integrate a receiver-privacy-only, NIOT-style index-hiding mechanism (RP-NIOT) into an offline/online encryption pipeline to conceal the user’s query index from an honest-but-curious command center (CC). We do not claim classical OT sender privacy; unauthorized-record confidentiality is enforced by the CP-ABE/KEM–DEM layer. In addition, we incorporate a user-held blinding factor into the transformation keys to decouple the outsourcing capability from final decryption to ensure resilience against TCN compromise. A novel lightweight hash-based verification mechanism is designed to guarantee the correctness of outsourced computations. Detailed security and efficiency analysis show that the proposed protocol achieves resilience and data confidentiality as well as other security objectives at a cost of constant (policy-size independent) online terminal overhead—dominated by two exponentiations (plus one \(\mathbb {Z}_p\) inversion), one MAC verification, two hash/KDF evaluations, and one symmetric decryption per query—making it suitable for latency-sensitive tactical applications.