Abstract
With the development and application of the Internet of Things (IoT), the volume of data generated daily by IoT devices is growing exponentially. These IoT devices, such as smart wearable devices, produce data containing sensitive personal information. However, since IoT devices and users often operate in untrusted external environments, their encrypted data remain vulnerable to potential privacy leaks and security threats from malicious coercion. Additionally, access control and management of these data remain critical issues. To address these challenges, this paper proposes a novel coercion-resistant ciphertext-policy attribute-based encryption scheme. The scheme leverages chameleon hashing to enhance deniable encryption, achieving coercion resistance, thereby enabling IoT data to resist coercion attacks. Moreover, the scheme employs attribute-based encryption to secure IoT data, enabling fine-grained access control and dynamic user access management, providing a secure and flexible solution for vast IoT data. We construct the scheme on a composite order bilinear group and provide formal proofs for its coercion resistance, correctness, and security. Finally, through experimental comparisons, we demonstrate the efficiency and feasibility of the proposed scheme.