CN113507369A

CN113507369A - Black box data access method based on block chain and cloud storage

Info

Publication number: CN113507369A
Application number: CN202110679487.0A
Authority: CN
Inventors: 曲强; 张孟秋
Original assignee: Shenzhen Institute of Advanced Technology of CAS
Current assignee: Shenzhen Institute of Advanced Technology of CAS
Priority date: 2021-06-18
Filing date: 2021-06-18
Publication date: 2021-10-15

Abstract

The invention discloses a black box data access method based on a block chain and cloud storage. The method comprises the following steps: organizing the black box data into a first key-value key value pair structure, wherein the key value is a time stamp, and the value is real-time data required to be saved; according to the key-value key value pair structure, encrypting the value based on the attribute to obtain encrypted data; signing the encrypted data by using a private key of the black box, and storing signature data corresponding to the encrypted data in a cloud database; and carrying out Hash operation on the encrypted data, executing Merkle Hash tree operation aiming at the Hash value of the data block contained in the set time period, obtaining a second key-value key value pair structure, and further storing the second key-value key value pair structure into the block chain network, wherein the key value is a timestamp, and the value is Merkle Tree root Hash. According to the invention, data are jointly stored through the cloud and the block chain, so that various emergency situations can be dealt with, and the real and credible data information can be obtained.

Description

Black box data access method based on block chain and cloud storage

Technical Field

The invention relates to the technical field of computers, in particular to a black box data access method based on a block chain and cloud storage.

Background

The black box is one of electronic recording devices special for airplanes, and is also called an aviation flight recorder. The black box is equipped with flight data recorder and cabin sound recorder, and all the mechanical parts of the airplane and electronic instruments and meters are equipped with sensors connected with them. The black box can record flight technical parameters and sounds in the cockpit of the airplane for a period of time before the airplane stops working or crashes, and flight experiments, accident reasons and the like can be analyzed according to the recorded parameters when needed. The technology of the black box on the airplane is relatively mature, however, under special environments such as airplane loss or airplane falling, the black box can not be found out, and the accident reason can not be analyzed. In addition, no black box device is arranged on the current automobile, under some scenes such as brake failure, automatic driving out of control and the like, real-time data information of the automobile body is beneficial to restoring an accident site, and automobile enterprises can obtain real-time data of the automobile under a test environment to optimize and upgrade products.

In recent years, the market of electric automobiles is flourishing, and meanwhile, the problem of product control such as brake failure is brought. The steep increase in car inventory also leads to further traffic safety issues. How to restore the accident scene situation to the maximum extent so as to facilitate the accident analysis is a difficult problem. Except the road condition information which can be recorded by the automobile data recorder, the driving data such as the brake force, the accelerator state, the vehicle speed, the vehicle body posture and the like are not easy to be known, and the site information is difficult to restore. On the other hand, for an aircraft, the real-time information data of the aircraft is generally recorded in a black box. Compared with the situation that the plane crashes on the land, when the plane crashes on the sea, the black box is difficult to find, and even cannot be found at all. In addition, it becomes difficult to obtain the black box data when an airplane is disconnected or the black box is damaged.

In the prior art, black box data on an airplane is mainly used for searching a black box to restore data after an accident, and the existing scheme of real-time body data on an automobile is to store the data on a block chain so as to ensure the reality and effectiveness of the data. However, a large amount of real-time data is directly uploaded to the blockchain, due to low efficiency, real-time updating may not be achieved, and due to the characteristics of the additional blockchain, the data is public and transparent, and can be viewed by anyone, so that private information such as automobile coordinates is leaked. Moreover, since all the stored data are not trusted to endorse, it is impossible to verify whether the data are the real data of the vehicle.

Disclosure of Invention

The invention aims to overcome the defects of the prior art, and provides a black box data access method based on a block chain and cloud storage.

The technical scheme of the invention is to provide a black box data access method based on a block chain and cloud storage. The method comprises the following steps:

step S1: organizing the black box data into a first key-value key value pair structure, wherein the key value is a time stamp, and the value is real-time data required to be saved;

step S2: according to the key-value key value pair structure, encrypting the value based on the attribute to obtain encrypted data;

step S3: signing the encrypted data by using a private key of the black box, and storing signature data corresponding to the encrypted data in a cloud database;

step S4: and carrying out Hash operation on the encrypted data, executing Merkle Hash tree operation aiming at the Hash value of the data block contained in the set time period, obtaining a second key-value key value pair structure, and further storing the second key-value key value pair structure into the block chain network, wherein the key value is a timestamp, and the value is Merkle Tree root Hash.

Compared with the prior art, the method has the advantages that in order to solve the problems of loss of special conditions of black box data on an airplane, efficiency and privacy protection of automobile data stored on the basis of a block chain, a black box data access method based on the block chain and cloud storage is provided, real-time automobile body information is encrypted on the basis of attributes and then stored in a cloud database, only roles which accord with the attributes are set, and the original text information can be decrypted, so that the privacy of user data is effectively guaranteed. The data stored in the cloud database are accompanied by the signature of the black box, so that each piece of data is real and reliable real-time data; in addition, in order to ensure the real-time performance of data updating, Hash values corresponding to all data are stored through Merkle-Hash tree operation, a root Hash is finally obtained, the root Hash and a corresponding timestamp are linked and stored, the real-time performance of data updating is ensured, and whether the data are tampered or not is verified, so that the authenticity and reliability of cloud data are ensured.

Other features of the present invention and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description, serve to explain the principles of the invention.

Fig. 1 is a flowchart of a black box data access method based on a block chain and cloud storage according to an embodiment of the present invention;

FIG. 2 is a block chain process diagram of a black box data cloud and block chain storage according to an embodiment of the invention;

FIG. 3 is a structural diagram of a Merkle hash tree, according to an embodiment of the invention.

Detailed Description

Various exemplary embodiments of the present invention will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.

The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses.

Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.

In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.

It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.

In the following, a black box data access method based on block chain and cloud database cooperative storage will be described, taking car or airplane real-time data information as an example, where the cloud database stores real-time data, and the block chain stores hash values of the cloud data after calculation, so as to ensure the real validity of the data.

Specifically, with reference to fig. 1 and fig. 2, the black box data access method based on a block chain and cloud storage includes the following steps.

Step S110, the black box data is organized into a key value as a Timestamp (Timestamp), and a value as real-time data to be saved.

In this step, the black box data is organized into a key-value storage structure in which a time stamp is used as a key value for indicating the time at which the data is acquired and real-time data at that time is used as a value for reflecting the operating conditions of the automobile or the airplane.

For example, for an automobile, the value to be stored is real-time Body information including, but not limited to, Body coordinates (Location), time, Throttle status (Throttle status), brake force (Braking force), and Body posture (Body position), and is combined into a key-value pair with a timestamp as the key value for convenient storage and search.

And step S120, carrying out ABE encryption on the value.

And carrying out ABE encryption on the value aiming at the key-value storage structure. ABE is Attribute-Based Encryption (Attribute-Based Encryption), which can solve the sharing problem of private data by effectively configuring a sharing policy. In security system research, the access structure of a system refers to the architecture of the authorized set. When the user attribute is contained in the access structure of the system, the user can decrypt the ciphertext encrypted based on the attribute encryption algorithm.

Various types of attribute-based encryption methods may be employed, such as KP-ABE (key policy attribute encryption) or CP-ABE (ciphertext policy attribute encryption).

In one embodiment, a CP-ABE encryption scheme is used, which is ciphertext policy attribute-based encryption, meaning that an attribute set embeds a key, an access structure embeds a ciphertext, and decryption occurs if and only if the attribute matches the access structure. The data owner specifies the access structure so the data owner can control the rights of the visitor by specifying a policy. For example, after the real-time data is encrypted by using a CP-ABE encryption strategy, only the attribute set of the user, the airline company or the vehicle and enterprise can be set to decrypt the ciphertext.

And step S130, the black box signs the encrypted data key value pair and stores the signed data key value pair into a cloud database.

Specifically, the black box signs the encrypted data by using its own private key, and proves that the data stored in the cloud is the content sent by the determined black box, and the user verifies the signature by using the public key of the black box. By the mode, the data stored in the cloud database are accompanied by the signature of the black box, so that each piece of data can be real and reliable real-time data of the vehicle body or the airplane.

For the data stored in the cloud database, only the roles conforming to the attributes can decrypt the original text information, and the settings are such that only the owner or the enterprise manufacturer can decrypt the original text information, so that the privacy of the user data is effectively ensured. The data stored in the cloud database are accompanied by the signature of the black box, so that each piece of data can be real and reliable real-time data of the vehicle body.

Step S140, performing hash operation on the encrypted value to obtain a hash value.

And the black box performs Hash operation on the data encrypted in the step S120 to obtain a Hash value of the data. The hash value corresponding to the data may be calculated by using an existing hash algorithm, such as MD5 algorithm or SHA-256.

Step S150, performing a Merkle-Hash tree operation on the Hash value of the data included in the set time period.

Taking the millisecond-level update of black box data as an example, the update is performed once every millisecond, in order to improve the efficiency of storing the Hash value on a block chain subsequently, in one embodiment, the data Hash value of every millisecond is not chained, 1000 Hash values in 1s are subjected to a Merkle-Hash tree operation, and finally a root Hash value is obtained. The black box stores the root hash value and the timestamp of 1s to the blockchain. In this way, the density of data stored to the blockchain and the frequency of updates are significantly reduced, while not affecting the storage efficiency while taking advantage of the blockchain characteristics.

As shown in fig. 3, from bottom to top, the leaf node of the first layer stores Hash values of corresponding data blocks, which correspond to 1000 data blocks within 1 second, respectively, and the Hash value of each parent node is associated with data corresponding to its child node (for example, equal to the result of Hash after adding data of its child node).

In step S160, the computed Merkle root hash value is stored as a value in the blockchain.

After the Merkle root hash value is obtained through operation, a key-value key value pair consisting of the root timestamp and the hash value is stored in the block chain network, namely the Merkle root hash value obtained through operation is stored in the block chain as a value. In one embodiment, HyperLegendr Fabric is used as the blockchain platform, which has high access efficiency and good performance such as pluggable consensus mechanism.

In the embodiment, the root Hash and the timestamp of the second are uplink-stored, so that the real-time performance of data updating is ensured, and the Merkle-Hash tree can conveniently verify whether data is tampered, so that the cloud data is true and reliable.

Step S170, when the data is read from the cloud database, the same operation process is performed on the data after the verification signature passes, and the result is compared with the result stored in the block chain.

When special conditions occur and a user or a vehicle enterprise needs to acquire real-time information in the motion process of a vehicle body at a certain moment, a specific information ciphertext of a required time point is retrieved and acquired in a cloud database by using a timestamp, and data is checked. The checkmark passes real-time body or machine condition information indicating that the data is indeed collected and uploaded by the black box of the vehicle or aircraft. After the cloud database acquires all the information of the required time period, hash operation of the step S140 and the step S150 is carried out on the information, a root hash value of each 1S is calculated, the root hash value is compared with the root hash value stored on the block chain, and the comparison result is consistent and shows that the data is not tampered, and the method is real and effective.

And step S180, if the comparison result is consistent, the data is real and credible data, and ABE decryption is carried out to obtain the original data.

After the comparison is passed, the user or the vehicle enterprise is required to provide the identity attribute to decrypt the data acquired by the cloud, and real-time data information of the vehicle or the airplane at a specific time is restored, so that accident reasons are analyzed.

In order to further verify the effect of the invention, a plurality of simulation tests are carried out. Experiments prove that the method can meet expected design indexes and can be used for data access of black boxes in the fields of airplanes, automobiles and the like. The invention ensures real-time data updating by jointly storing data through the cloud and the block chain, can cope with various emergency conditions, and ensures that real and credible real-time data information can be obtained when needed.

In summary, the black box data access method based on the block chain and the cloud storage provided by the invention solves the storage efficiency problem and the privacy protection problem in the prior art by the block chain and the cloud database for cooperative storage, and has at least the following advantages:

1) compared with the existing airplane black box scheme, the method has the advantages that the needed black box data can be obtained from the cloud database through cloud storage when special conditions such as black box loss occur, and the data of the block chain is used for verifying the reality and effectiveness of the data;

2) compared with the existing black box data block chain storage method on the automobile, the method does not directly store the data on the block chain, but jointly stores the data through the cloud and the block chain, and the efficiency can be updated at millisecond level. The cloud stores data subjected to attribute encryption, and only the role with specific identity attribute can decrypt the original text, so that the privacy and safety of the user are greatly protected. The cloud database stores real-time encryption information, the block chain stores Hash verification information, the real-time efficiency of the database is fully utilized by the combined use of the cloud and the block chain, and the anti-tampering and safety of the block chain platform ensure the real validity of data, and the closed loop of data trust is realized.

The present invention may be a system, method and/or computer program product. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied therewith for causing a processor to implement various aspects of the present invention.

The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as punch cards or in-groove projection structures having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.

The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.

The computer program instructions for carrying out operations of the present invention may be assembler instructions, Instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + +, Python, or the like, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, aspects of the present invention are implemented by personalizing an electronic circuit, such as a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA), with state information of computer-readable program instructions, which can execute the computer-readable program instructions.

Aspects of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.

These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.

The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. It is well known to those skilled in the art that implementation by hardware, by software, and by a combination of software and hardware are equivalent.

Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein. The scope of the invention is defined by the appended claims.

Claims

1. A black box data access method based on a block chain and cloud storage comprises the following steps:

2. The method according to claim 1, wherein in step S4, it is set that, for the real-time data collected on the millisecond level, the Merkle hash tree operation is performed on the hash values of 1000 data blocks included in 1 second.

3. The method of claim 1, wherein the Merkle tree comprises a plurality of levels of nodes, wherein leaf nodes are configured to store hash values corresponding to the data blocks, and the hash value of each parent node is equal to the result of the hash of the added data of its child nodes.

4. The method according to claim 1, wherein in step S2, the attribute-based encryption of the value comprises:

adopting attribute encryption based on a ciphertext strategy, embedding a key into an attribute set, and embedding a ciphertext into an access structure, wherein a black box data owner specifies the access structure;

the black box data owner sets decryption if and only if the attributes conform to the access structure.

5. The method of claim 4, wherein the black box data owner sets a set of attributes of the user, airline or vehicle enterprise that can decrypt the ciphertext.

6. The method of claim 1, wherein the black box data reflects an operating condition of an aircraft or an operating condition of an automobile.

7. The method of claim 1, wherein the real-time data to be saved is vehicle running state information including body coordinates, time, throttle status, brake force, and body attitude.

8. The method of claim 1, further comprising obtaining data stored in a cloud database according to the following steps:

searching and acquiring encrypted data of a required time point by using a timestamp in a cloud database, and signing and checking the encrypted data;

carrying out hash operation on the encrypted data passing the verification, calculating a Merkle root hash value of each set time period, and comparing the Merkle root hash value with a corresponding Merkle root hash value stored on a block chain network;

and if the comparison result is consistent, performing attribute-based decryption on the acquired encrypted data.

9. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 8.

10. A computer device comprising a memory and a processor, on which memory a computer program is stored which is executable on the processor, characterized in that the steps of the method of any of claims 1 to 8 are implemented when the processor executes the program.