CN115189903A - Distributed access control method supporting privacy protection in Internet of vehicles - Google Patents

Distributed access control method supporting privacy protection in Internet of vehicles Download PDF

Info

Publication number
CN115189903A
CN115189903A CN202210162394.5A CN202210162394A CN115189903A CN 115189903 A CN115189903 A CN 115189903A CN 202210162394 A CN202210162394 A CN 202210162394A CN 115189903 A CN115189903 A CN 115189903A
Authority
CN
China
Prior art keywords
user
attribute
key
ciphertext
authentication center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210162394.5A
Other languages
Chinese (zh)
Other versions
CN115189903B (en
Inventor
张乐友
张业
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202210162394.5A priority Critical patent/CN115189903B/en
Publication of CN115189903A publication Critical patent/CN115189903A/en
Application granted granted Critical
Publication of CN115189903B publication Critical patent/CN115189903B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0471Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a distributed access control method supporting privacy protection in the Internet of vehicles, which has the advantages that the method has the real-time data sharing function, and simultaneously, the practical functions of safer outsourcing encryption and decryption calculation, privacy protection and the like are added, and the calculation pressure of a system can be effectively reduced. The method mainly comprises the following implementation steps: 1. initializing a global authentication center, and generating a global public parameter and a master key of the system; 2. initializing a local authentication center, and generating a public key and a private key of the local authentication center by using the global public parameters obtained in the step (1); 3. data encryption; 4. generating a user attribute private key; 5. and (6) decrypting the ciphertext.

Description

Distributed access control method supporting privacy protection in Internet of vehicles
Technical Field
The invention belongs to the technical field of cloud storage safety and information safety, and particularly relates to a distributed access control method supporting privacy protection in a vehicle networking.
Background
With the rapid development of communication technology and industry, the automotive industry is transitioning from vehicle ad hoc networks (VANET) to internet of vehicles (IoV). The Internet of vehicles realizes intelligent transportation through real-time association of vehicles, roads and management mechanisms, provides services such as traffic safety, information sharing and flexible vehicle control, and the communication technology plays a key role in supporting the Internet of vehicles. At present, more and more vehicles are combined with intelligent equipment to form an internet of vehicles, which inevitably generates a large amount of data, and the internet of vehicles has higher requirements on data transmission, wherein transmission delay and consumption are reduced to the minimum. Nowadays, the latest 5G technology enables the car networking to be further developed, and has the advantages of ultra-low consumption, ultra-high transmission speed and the like. In addition, wireless communication between vehicles and between vehicles and infrastructure in the internet of vehicles is realized through a short-range communication protocol (DSRC), however, due to the small coverage of a single roadside unit (RSU), the vehicles must frequently transmit data during long-distance communication, and some privacy information (such as identity, location and the like) contained in the data is leaked. The secure transmission of data is the basis for all applications in the internet of vehicles. Malicious users may incur unpredictable losses by analyzing the relationship between the information and the sender to launch masquerading attacks or to tamper with the message.
To ensure the security of information in vehicle communications, conventional encryption mechanisms may not be applicable. The conventional Public Key Infrastructure (PKI) needs to encrypt the same piece of information multiple times, which causes a lot of unnecessary resource consumption. The proposal of the encryption based on the Attribute (ABE) solves the problem and realizes one-to-many data sharing. However, some solutions proposed before, while guaranteeing the confidentiality of data, still have privacy leakage problems in other respects. After the data owner establishes the access policy and publishes the access policy, some malicious users can roughly guess which attributes the vehicle has through simple analysis, which undoubtedly reveals the privacy of the users. In addition, although the data owner performs encryption before uploading to the cloud, whether the ciphertext and the access policy are tampered cannot be guaranteed.
In recent years, block chain technology has been widely studied. Due to the characteristics of decentralization, non-tampering, transparency, traceability and the like, the block chain is applied to various fields. For the traditional server single point of failure and bandwidth problem, the blockchain may provide a decentralized solution where each node may perform operations without a trusted intermediary. However, most of the solutions proposed at present are inefficient, and privacy disclosure is caused by the transparent public property of the block chain, so that the high-dynamic car networking system cannot be satisfied.
In summary, the problems of the prior art are as follows:
(1) Single point of failure and bandwidth. Once the cloud storage server is out of service or the data traffic is large, information transmission will be terminated, the whole system will be rushed, and if the cloud storage server is not trusted, data of a user will be leaked or tampered, which may cause serious consequences.
(2) And (4) revealing of user privacy. The risk of revealing the user privacy exists in two aspects, namely, the user needs to disclose the access strategy in the process of interaction between the user and the roadside unit or the cloud storage server, which may cause the revealing of the user privacy, and the transaction generated in the data transmission process is stored in a block chain, so that the revealing of the privacy information contained in the transaction may be caused due to the characteristic of the transparency of the disclosure.
(3) The calculation efficiency is low. The internet of vehicles is a highly dynamic system, and it becomes a challenge whether information can be transmitted in time. There are a large number of pairing operations and exponent operations in ABE, which results in a linear increase in the amount of computation consumed by the user in the encryption and decryption stages as the number of attributes increases. How to solve the three problems is the key point of applying the distributed access control strategy of data security sharing to the internet of vehicles.
Disclosure of Invention
Compared with the traditional scheme, the distributed access control method for supporting privacy protection in the Internet of vehicles has the advantages that the data are shared in real time, meanwhile, the safer practical functions of outsourcing encryption and decryption calculation, privacy protection and the like are added, and the calculation pressure of the system can be effectively relieved.
The specific technical scheme of the invention is as follows:
a distributed access control method supporting privacy protection in the Internet of vehicles comprises the following steps:
step 1: initializing a global authentication center CA to generate a global public parameter PP and a master key MSK of the system;
step 2: the local authentication center LA is initialized and generates a public key PK of itself by using the global public parameter PP obtained in the step 1 k And a private key SK k
And step 3: data encryption;
firstly, a fuzzy tree access strategy T is established by a data owner Obf Then, the data which needs to be sent is encrypted and calculated to obtain a local ciphertext CT loc And finally CT local cipher text loc Sending the data to a roadside unit RSU for final encryption to obtain a final ciphertext CT;
and 4, step 4: generating a user attribute private key;
the global authentication center CA distributes a static attribute key SK for a user st And certificate Cer Ui Then the local authentication center CA distributes the dynamic attribute key SK for the user dy (ii) a Wherein the static attribute key SK st And a dynamic attribute key SK dy Respectively generating parameters generated in respective initialization stages and attributes of the user;
and 5: decrypting the ciphertext; a legal user initiates an access request to a roadside unit RSU, the roadside unit RSU verifies whether the user attribute meets an access strategy or not by an intelligent contract after receiving the request, then outsourcing decryption is carried out through a part of private keys of the user, and a decrypted ciphertext is sent to the user; and the user receives the intermediate ciphertext and finally decrypts by using the private key of the user.
Further, the specific process steps of step 1 are as follows:
step 1.1: setting a safety parameter lambda of the system, and selecting multiplication cyclic groups G and G with prime order p in the cyclic domain 1 (ii) a G is a generator of G; e is a bilinear map satisfying e: G × G → G 1
Step 1.2: the system initializes and sets the static attribute set: s st ={x 1 ,x 2 ,x 3 ,…x j …,x n At Z p The method comprises the following steps of randomly selecting three integers of alpha, beta and a, and selecting two collusion resistant hash functions: h {0,1} * →G 0 ,H 1 :{0,1} * →G 0 And lagrange coefficient:
Figure BDA0003515349260000041
Wherein i, x ∈ Z p ,Z p The method comprises the following steps of (1) representing a modulus p remainder set, wherein l belongs to S, and S is an arbitrary attribute set;
step 1.3: in the static attribute set S st Selecting any attribute x j The global certificate authority CA is in Z p In the random number n j And calculate
Figure BDA0003515349260000042
Generating the common parameter PP of the system { G 0 ,H,H 1 ,g β ,g a ,e(g,g) α ,
Figure BDA0003515349260000043
And master key MSK: { a, beta, g α ,{n j |x j ∈S st }}。
Further, the specific implementation process of step 2 is as follows:
each local authentication center LA defines a set of dynamic attributes:
Figure BDA0003515349260000051
and in Z p Selecting random number b from the dynamic attribute set
Figure BDA0003515349260000052
Select any one of the attributes y j (ii) a Local authentication center LA at Z p In the random number v j Calculating
Figure BDA0003515349260000053
Finally, generating the public key PK of the local authentication center LA k And a private key SK k
Figure BDA0003515349260000054
Further, the specific implementation process of step 3 is as follows:
step 3.1: generating a fuzzy access strategy;
firstly, a data owner establishes a tree access strategy T;
then the data owner is in Z p Selecting h as medium random, calculating g h ,u i =H 1 (a i ),
Figure BDA0003515349260000055
Wherein, a i Is the attribute corresponding to each leaf node in the tree structure;
finally reuse the confusion attribute s i Alternative a i Thereby generating a fuzzy tree access strategy T Obf
Step 3.2: calculating a local ciphertext;
firstly, the data owner selects an AES symmetric encryption algorithm with the length of 128 bits to encrypt a message M, an encryption key is Syk, and H is obtained through calculation 1 (SE Syk (M));
Then, the data owner is in Z p Selecting a number s as a secret value of a root node;
next, the data owner accesses the policy T from the fuzzy tree Obf Starting from the root node R, selecting a polynomial q (-) from top to bottom, and setting q R (1)=s 1_1 ,q R (2)=s 2_2 ,s 1_1 Representing a fuzzy tree access policy T Obf Middle subtree T 1 Root node q R (1) The secret value of (a); s 2_2 Respectively representing fuzzy tree access policies T Obf Middle subtree T 2 Root node q R (2) The secret value of (a);
finally, local ciphertext CT is obtained by utilizing common parameter calculation loc
Figure BDA0003515349260000061
In the above formula, S 1 Accessing policy T for fuzzy trees Obf Subtree T of 1 The set of static attributes contained in (a); s 2 Accessing policy T for fuzzy trees Obf Subtree T of 2 The set of static attributes contained in (a);
step 3.3: calculating a final ciphertext; the roadside unit RSU in charge of the region receives the local ciphertext CT sent by the data owner loc Then, from subtree T 2 Starting from the root node, selecting a polynomial q from top to bottom 2 And computing the final ciphertext CT by using the common parameters:
Figure BDA0003515349260000062
Figure BDA0003515349260000063
further, the step 3 further includes a step 3.4: generating a transaction;
generating a transaction; the roadside unit RSU responsible for the region uploads the final ciphertext CT to the cloud storage server CSS to obtain a ciphertext Address, and the ciphertext Address is signed to generate a transaction
Figure BDA0003515349260000064
Further, the specific implementation process of step 4 is as follows:
step 4.1: generating a static attribute private key; the global certificate authority CA uses the master key MSK and the public parameter PP and the static attribute set of the user
Figure BDA0003515349260000065
Generating static Attribute private Key SK st
Figure BDA0003515349260000066
In the above formula: z, t, r are all at Z p Selecting randomly the number;
step 4.2: generating a certificate;
user submits to CA's own ID U The global authentication center CA firstly verifies the user identityThe effectiveness of (a);
then sent to the user with the signed certificate:
Figure BDA0003515349260000067
finally, the global authentication center CA uses the static attribute private key SK st Value g of (D) βt Sending the data to a local authentication center LA;
step 4.3: generating a dynamic attribute key; the local authentication center LA verifies the credentials of the user
Figure BDA0003515349260000071
If the certificate is valid, the local certificate authority LA's own public key PK is used k And a private key SK k And a common parameter PP, a set of dynamic attributes
Figure BDA0003515349260000072
Generation of dynamic attribute key SK for user dy
Figure BDA0003515349260000073
In the above formula, m is in Z p Of the random number.
Further, the specific implementation process of step 5 is as follows:
step 5.1: calculating an attribute value; firstly, the user uses its own partial key g ah ,g bh Calculating obfuscated attribute values
Figure BDA0003515349260000074
Then will be
Figure BDA0003515349260000075
s i And a certificate
Figure BDA0003515349260000076
To the roadside units RSU responsible for the area k
Step 5.2: outsourcing decryption; is responsible for thisRSU of region k First checking the user credentials
Figure BDA0003515349260000077
Whether it is recorded on the blockchain, and if not, to verify the user credentials before
Figure BDA0003515349260000078
The effectiveness of (a); after the verification is finished, the intelligent contract which is deployed in advance can be automatically transferred, and the intelligent contract is submitted according to the submitted attribute value s i Judging whether the user is the user meeting the access right, and judging whether the user is in the roadside unit RSU in charge of the area according to the vehicle speed, the distance from the vehicle, the pre-calculation time and the communication speed if the user is the user meeting the access right k An edge of a communication range; if the edge is close, the roadside unit RSU in charge of the area k After pre-decryption, the obtained intermediate ciphertext is directly returned to the roadside unit RSU responsible for the next region k+1 Returning the intermediate ciphertext to the user;
the intermediate ciphertext specifically is:
Figure BDA0003515349260000079
wherein T is Obf ,
Figure BDA00035153492600000710
C=g s Which is a part of the final ciphertext CT,
Figure BDA00035153492600000711
to iterate the computation by lagrange interpolation,
Figure BDA0003515349260000081
step 5.3: decrypting by the user;
first, user calculation
Figure BDA0003515349260000082
And then calculating the value of the root node: f R =e(g,g) βts
Finally, a symmetric key is calculated:
Figure BDA0003515349260000083
and decrypting according to the symmetric encryption algorithm to obtain the message M.
Further, step 5 also includes step 5.4 transaction generation;
roadside unit RSU in charge of the area k Using its own private key
Figure BDA0003515349260000084
Signing the certificate of the user:
Figure BDA0003515349260000085
then generating a transaction
Figure BDA0003515349260000086
Wherein Time out Representing the time at which decryption is complete.
Further, the method further comprises the step 6: updating the attribute; the specific implementation process of the step is as follows:
step 6.1: generating an updating key; the local authentication center LA generates three updated keys, UK respectively j→o ,UK no ,UK ct
Wherein, UK j→o =v j /v o The private key is updated for the user needing to update the attribute;
Figure BDA0003515349260000087
for updating private keys for users who do not need to update attributes;
Figure BDA0003515349260000088
for updating the final ciphertext CT;
step 6.2: updating a private key of a user;
when a user needing to update the attribute receives a local confirmationUK for updating keys distributed by LA in certificate center j→o Then the following calculation is performed:
Figure BDA0003515349260000091
when the user not needing to update the attribute receives the update key UK distributed by the local authentication center LA no Then the following calculation is performed:
Figure BDA0003515349260000092
step 6.3: updating the final ciphertext; to ensure that a user newly added to the system can decrypt the original ciphertext, the roadside unit RSU k If the final ciphertext needs to be updated, the following calculation is executed;
Figure BDA0003515349260000093
the beneficial effects of the invention are:
1. the distributed method is adopted, all roadside units in the system maintain a block chain together to solve the problem of single point failure of the cloud storage server, wherein each node can execute operation under the condition of no trusted intermediary, and the transaction containing the signature is recorded on the block chain through a consensus mechanism so as to ensure the integrity of an access strategy and a message and facilitate auditing;
2. the invention realizes the privacy protection of the user, and provides a pairing-operation-free hidden access strategy scheme, so that the privacy of the user is protected in the interaction process of the user and a cloud service or roadside unit, and the calculation burden of a vehicle user is reduced. Furthermore, the transaction information recorded on the chain does not reveal the privacy of any user;
3. the invention adds outsourcing encryption and outsourcing decryption in the encryption stage and the decryption stage respectively, which not only saves the calculation overhead of users and the calculation efficiency of the system, but also hands a large amount of encryption and decryption calculation to a third party, and the decryption stage of the users only needs one exponential operation and one bilinear pairing operation regardless of the number of attributes or the complexity of an access strategy; in addition, the use of the intelligent contract not only reduces the verification workload, but also ensures that the vehicle can receive the intermediate ciphertext in time within the transmission range of the RSU;
4. the invention adds attribute classification and updating. And classifying the attributes in the system, wherein the inherent attribute of the vehicle is a static attribute. In our model, the keys associated with static attributes are not updated often, thereby reducing update costs, and users who have updated dynamic attributes will not be able to decrypt new ciphertext.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of the operation of the present invention;
FIG. 2 is a flow chart of attribute update in the present invention;
Detailed Description
The related art in the present invention will be described clearly and completely with reference to the accompanying drawings in the following embodiments, and it is to be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a distributed access method for supporting privacy protection in the Internet of vehicles, which needs to construct a system in the implementation process, wherein the system comprises a global authentication center, a local authentication center, a data owner, a cloud server, a user and a roadside unit, and the global authentication center, the local authentication center, the data owner, the cloud server, the user and the roadside unit are cooperatively operated.
A: operation of global certificate authority and local certificate authority
The authentication center in the system comprises a global authentication center CA and a plurality of local authentication centers LA; after initializing the system, the global authentication center and the local authentication center respectively manage the dynamic and static attribute ranges of the global authentication center and the local authentication center, set the public key and the private key of the global authentication center and the local authentication center and sign the private key of the local authentication center, and are also responsible for generating a certificate and an attribute private key for a user. It should be noted that the present invention provides that the global certificate authority and the local certificate authority are trusted.
B: work of data owner
The data owner is a trusted entity that owns the data and can send the data to the roadside unit via outsourcing. It defines an obfuscated access policy and uses it to encrypt data that can only be accessed by users that satisfy the access policy. And finally, the data owner sends the encrypted message to the roadside unit, and then the roadside unit sends the message to the cloud storage server.
C: work of data users
Each resource-constrained data user has a set of attributes and a unique identity certificate in the system. The user can initiate a request to the roadside unit, and when the attribute meets the access policy, the ciphertext can be decrypted.
D: work of cloud storage servers
The cloud storage server is responsible for storing encrypted data from the data owner. It has strong storage capacity and can be stored for a long time. The present invention assumes that the cloud storage server is curious but honest, i.e. it can perform tasks honestly and efficiently, but will also try to learn as much information as possible, such as ciphertext.
E: operation of roadside units
Each roadside unit is responsible for a limited range and can communicate wirelessly with users within that range. In the invention, the roadside unit is used as a semi-trusted entity, has strong computing capability and is responsible for providing outsourcing encryption and pre-decryption services for vehicles with limited resources. Within a certain range, all roadside units form a block chain together, and the main roadside unit records the generated transaction on the chain.
As shown in fig. 1 and 2, the method of the present invention comprises the following steps:
step 1: initializing a global certification center CA to generate a global public parameter PP and a master key MSK of the system;
step 1.1: setting a safety parameter lambda of the system, and selecting multiplication cyclic groups G and G with prime order p in a cyclic domain 1 (ii) a G is a generator of G; e is a bilinear map satisfying e: G × G → G 1
Step 1.2: the system initializes and sets the static attribute set: s st ={x 1 ,x 2 ,x 3 ,…x j …,x n Selecting three integers of alpha, beta, a epsilon to Z p And selecting two collusion-resistant hash functions: h {0,1} * →G 0 ,H 1 :{0,1} * →G 0 And lagrangian coefficient:
Figure BDA0003515349260000121
wherein i ∈ Z p ;Z p Representing a modulo-p remainder set;
step 1.3: in static attribute set S st Selecting any attribute x j The global certificate authority CA is in Z p In the random number n j And calculate
Figure BDA0003515349260000122
Generating the common parameter PP of the system { G 0 ,H,H 1 ,g β ,g a ,e(g,g) α ,
Figure BDA0003515349260000123
And
master key MSK: { a, beta, g α ,{n j |x j ∈S st }};
Step 2, initializing a local authentication center LA, and generating a public key and a private key of the local authentication center LA by using the global public parameters obtained in the step 1;
each local authentication center LA defines a set of dynamic attributes:
Figure BDA0003515349260000131
and in Z p Selecting random number b from the dynamic attribute set
Figure BDA0003515349260000132
Select any one of the attributes y j (ii) a Local authentication center LA at Z p In the random number v j Calculating
Figure BDA0003515349260000133
Finally, generating the public key PK of the local authentication center LA k And a private key SK k
Figure BDA0003515349260000134
Step 3, encrypting data; firstly, a data owner carries out encryption calculation on data needing to be sent, and after encryption is finished, a ciphertext is sent to a roadside unit RSU for final encryption;
step 3.1: generating a fuzzy access policy; firstly, a data owner (the vehicle data owner in the embodiment) establishes a tree access strategy T; then the data owner is in Z p Selecting h as medium random, calculating g h ,u i =H 1 (a i ),
Figure BDA0003515349260000135
Wherein, a i Is the attribute corresponding to each leaf node in the tree structure; and then use the obfuscated attribute s i Alternative a i Thereby generating a fuzzy tree access strategy T Obf (ii) a The points to be noted are: the attribute obfuscation in this step is to prevent privacy disclosure of attributes contained in the access policy;
step 3.2: calculating a local ciphertext;
firstly, the data owner selects an AES symmetric encryption algorithm with the length of 128 bits to encrypt a message M, and the encryption is encryptedThe key is Syk, H is calculated 1 (SE Syk (M));
Then, the data owner is in Z p Selecting a number s as a secret value of a root node;
next, the data owner accesses the policy T from the fuzzy tree Obf Starting from the root node R, selecting a polynomial q (-) from top to bottom, and setting q R (1)=s 1_1 ,q R (2)=s 2_2 (ii) a Finally, local ciphertext CT is obtained by utilizing common parameter calculation loc
Figure BDA0003515349260000141
In the above formula, S 1 Accessing policy T for fuzzy trees Obf Subtree T of 1 The set of static attributes contained in (a); s. the 2 Accessing policy T for fuzzy trees Obf Subtree T of 2 The set of static attributes contained in (a);
step 3.3: encrypting a roadside unit RSU; the roadside unit RSU in charge of the region receives the local ciphertext CT sent by the data owner loc Then, from subtree T 2 Starting from the root node, selecting a polynomial q from top to bottom 2 (. To) calculate the final ciphertext CT using the common parameters:
Figure BDA0003515349260000142
in order to enable the user to verify the integrity of the encrypted message and also to comply with the public transparent traceability feature in the block chain, the step further includes step 3.4: generating a transaction;
the main realization process of the step is as follows: the roadside unit RSU responsible for the region uploads the final ciphertext CT to a cloud storage server CSS to obtain a ciphertext Address, and a transaction Tran is generated after the ciphertext Address is signed enc
Figure BDA0003515349260000143
And 4, step 4: generating a user attribute private key; firstly, a global authentication center CA distributes a static attribute key and a certificate for a user, and then a local authentication center CA distributes a dynamic attribute key for the user; wherein, the static attribute key and the dynamic attribute key are respectively generated by parameters generated in respective initialization stages and attributes of users;
step 4.1: generating a static attribute private key; the global certificate authority CA uses the master key MSK and the public parameter PP and the static attribute set of the user
Figure BDA0003515349260000144
Generating a static Attribute private Key SK st
Figure BDA0003515349260000145
In the above formula: z, t, r are all at Z p A randomly selected number;
step 4.2: generating a certificate; user submits to CA's own ID U The global certificate authority CA firstly verifies the validity of the user identity, and then sends the certificate with the signature to the user:
Figure BDA0003515349260000151
finally, the global authentication center CA uses the static attribute private key SK st Value g of D βt Sending the data to a local authentication center LA;
step 4.3: generating a dynamic attribute key; the local authentication center LA verifies the credentials of the user
Figure BDA0003515349260000152
If the certificate is valid, the local certificate authority LA's own public key PK is used k And a private key SK k And a common parameter PP, a set of dynamic attributes
Figure BDA0003515349260000153
Generation of dynamic attribute key SK for user dy
Figure BDA0003515349260000154
In the above formula: m is at Z p Selecting randomly the number;
step 5, ciphertext decryption; a legal user initiates an access request to a roadside unit RSU, the roadside unit RSU verifies whether the user attribute meets an access strategy or not through an intelligent contract after receiving the request, then the roadside unit RSU carries out outsourcing decryption through a part of private keys of the user, and sends a decrypted intermediate ciphertext to the user; after receiving the intermediate ciphertext, the user utilizes the private key of the user to carry out final decryption;
step 5.1: calculating an attribute value; firstly, the user uses the own partial secret key g ah ,g bh Calculating obfuscated attribute values
Figure BDA0003515349260000155
Then will be
Figure BDA0003515349260000156
s i And a certificate
Figure BDA0003515349260000157
To the roadside units RSU responsible for the area k
Step 5.2: outsourcing decryption; RSU responsible for this region k First checking the user credentials
Figure BDA0003515349260000158
Whether it is recorded on the blockchain, and if not, to verify the user credentials before
Figure BDA0003515349260000159
The effectiveness of (a); after the verification is finished, the intelligent contract which is deployed in advance can be automatically transferred, and according to the submitted attribute value s i Judging whether the user is a user meeting the access right, and if so, judging whether the user is in the area in charge of the user according to the vehicle speed, the distance from the vehicle, the pre-calculation time and the communication speedRoadside unit RSU k An edge of a communication range; if the edge is close, the roadside unit RSU in charge of the area k After pre-decryption, the obtained intermediate ciphertext is directly returned to the roadside unit RSU responsible for the next region k+1 Returning the intermediate ciphertext to the user;
the intermediate ciphertext specifically is:
Figure BDA0003515349260000161
roadside unit RSU k The process of pre-decrypting and obtaining the intermediate ciphertext is as follows:
for subtree T 1 Middle leaf node n, roadside Unit RSU k The following calculations are performed:
Figure BDA0003515349260000162
for subtree T in the same way 2 Leaf node n in (1), roadside unit RSU k The following calculations are performed:
Figure BDA0003515349260000163
for non-leaf nodes n ∈ T 1 Roadside units RSU k An iterative calculation is required:
Figure BDA0003515349260000164
step 5.3: decrypting by the user; first, user calculation
Figure BDA0003515349260000165
And then calculating the value of the root node: f R =e(g,g) βts And finally, calculating a symmetric key:
Figure BDA0003515349260000166
and decrypting according to the symmetric encryption algorithm to obtain the message M.
In order to realize the traceable accountability characteristic of the block chain, the step also comprises a step 5.4 of transaction generation;
the specific implementation process of the step is as follows: roadside unit RSU in charge of the area k Using its own private key
Figure BDA0003515349260000171
Signing the user's certificate:
Figure BDA0003515349260000172
then generating a transaction
Figure BDA0003515349260000173
Wherein Time out Representing the time at which decryption is complete.
Step 6: updating the attribute; updating the private key of the user using the updated key, and updating and dynamically associating the set of attributes
Figure BDA0003515349260000174
The associated ciphertext;
step 6.1: generating an updating key; the local authentication center LA generates three updated keys, UK respectively j→o ,UK no ,UK ct
Wherein, UK j→o =v j /v o The private key is updated for the user needing to update the attribute;
Figure BDA0003515349260000175
the private key is updated for the user who does not need to update the attribute;
Figure BDA0003515349260000176
for updating the final ciphertext CT;
step 6.2: updating a private key of a user;
when a user needing attribute updating receives an updating key UK distributed by a local authentication center LA j→o Then the following calculation is performed:
Figure BDA0003515349260000177
when the user not needing to update the attribute receives the update key UK distributed by the local authentication center LA no Then the following calculation is performed:
Figure BDA0003515349260000178
step 6.3: updating the final ciphertext; to ensure that a user newly added to the system can decrypt the original ciphertext, the roadside unit RSU k If the final ciphertext needs to be updated, the following calculation is executed;
Figure BDA0003515349260000181
in summary, the present invention relates to a secure sharing scheme of data in a car networking distributed environment; the ABE scheme with user privacy protection, center authority elimination, data security sharing and outsourcing encryption and decryption is realized; increasing the non-tamper property of block chain technology implementation information and access strategy; a plurality of roadside units are added to construct a distributed system so as to solve the problem of single point failure of a cloud storage server; an outsourcing encryption algorithm and an outsourcing decryption algorithm are added, the calculation cost of a data user is saved, a large amount of encryption and decryption calculation is handed to a third party, meanwhile, the workload of node verification is reduced by using an intelligent contract, and the user is ensured to receive an intermediate ciphertext in time in the roadside unit range; and adding attribute classification and updating the dynamic attribute. The scheme of the invention greatly improves the encryption and decryption efficiency, the confidentiality of the message and the access control flexibility on the basis of protecting the privacy, so that the practicability of the scheme of the invention is stronger. Therefore, the invention overcomes the defects of the prior art and has good application prospect.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (9)

1. A distributed access control method supporting privacy protection in the Internet of vehicles is characterized by comprising the following steps:
step 1: initializing a global authentication center CA to generate a global public parameter PP and a master key MSK of the system;
step 2: the local authentication center LA initializes and generates its public key PK by using the global public parameter PP obtained in step 1 k And a private key SK k
And step 3: data encryption;
firstly, a fuzzy tree access strategy T is established by a data owner Obf Then, the data which needs to be sent is encrypted and calculated to obtain the local ciphertext CT loc And finally CT local cipher text loc Sending the data to a roadside unit RSU for final encryption to obtain a final ciphertext CT;
and 4, step 4: generating a user attribute private key;
the global authentication center CA distributes a static attribute key SK for a user st And certificate Cer Ui Then the local authentication center CA distributes the dynamic attribute key SK for the user dy (ii) a Wherein the static attribute key SK st And a dynamic attribute key SK dy Respectively generating parameters generated in respective initialization stages and attributes of the user;
and 5: decrypting the ciphertext; a legal user initiates an access request to a roadside unit RSU, the roadside unit RSU verifies whether the user attribute meets an access strategy or not by an intelligent contract after receiving the request, then outsourcing decryption is carried out through a part of private keys of the user, and a decrypted ciphertext is sent to the user; and the user receives the intermediate ciphertext and finally decrypts by using the private key of the user.
2. The distributed access control method supporting privacy protection in the Internet of vehicles according to claim 1, characterized in that the specific process steps of the step 1 are as follows:
step 1.1: setting a safety parameter lambda of the system, and selecting multiplication cyclic groups G and G with prime order p in the cyclic domain 1 (ii) a G is a generator of G; e is a bilinear map satisfying e: G × G → G 1
Step 1.2: the system initializes and sets the static attribute set: s st ={x 1 ,x 2 ,x 3 ,...x j …,x n At Z p The method comprises the following steps of randomly selecting three integers of alpha, beta and a, and selecting two collusion-resistant hash functions: h {0,1} * →G 0 ,H 1 :{0,1} * →G 0 And lagrangian coefficient:
Figure FDA0003515349250000021
wherein i, x ∈ Z p ,Z p The method comprises the following steps of (1) representing a modulus p remainder set, wherein l belongs to S, and S is an arbitrary attribute set;
step 1.3: in static attribute set S st Selecting any attribute x j The global certificate authority CA is in Z p In the random number n j And calculate
Figure FDA0003515349250000028
Thereby generating the common parameters PP of the system:
Figure FDA0003515349250000022
and master key MSK: { a, beta, g α ,{n j |x j ∈S st }}。
3. The distributed access control method supporting privacy protection in the Internet of vehicles according to claim 2, wherein the specific implementation process of the step 2 is as follows:
each local authentication center LA defines a set of dynamic attributes:
Figure FDA0003515349250000023
and in Z p Selecting random number b from dynamic attribute set
Figure FDA0003515349250000024
Select any one of the attributes y j (ii) a Local authentication center LA at Z p In the random number v j Calculating
Figure FDA0003515349250000025
Finally, generating the public key PK of the local authentication center LA k And a private key SK k ;PK k :
Figure FDA0003515349250000026
SK k :
Figure FDA0003515349250000027
4. The distributed access control strategy for secure sharing of data in the internet of vehicles according to claim 3, wherein: the specific implementation process of the step 3 is as follows:
step 3.1: generating a fuzzy access strategy;
firstly, a data owner establishes a tree access strategy T;
then the data owner is in Z p Selecting h as medium random, calculating g h ,u i =H 1 (a i ),
Figure FDA0003515349250000031
Wherein, a i Is the attribute corresponding to each leaf node in the tree structure;
finally, reuse the obfuscated attribute s i Alternative a i Thereby generating a fuzzy tree access strategy T Obf
Step 3.2: calculating a local ciphertext;
firstly, the data owner selects an AES symmetric encryption algorithm with the length of 128 bits to encrypt a message M, an encryption key is Syk, and H is obtained through calculation 1 (SE Syk (M));
Then, the data owner is in Z p In which the number s is chosen as the root nodeA secret value;
next, the data owner accesses the policy T from the fuzzy tree Obf Starting from the root node R, selecting a polynomial q (-) from top to bottom, and setting q R (1)=s 1_1 ,q R (2)=s 2_2 ,s 1_1 Representing a fuzzy tree access policy T Obf Middle subtree T 1 Root node q R (1) The secret value of (a); s 2_2 Respectively representing fuzzy tree access policies T Obf Middle subtree T 2 Root node q R (2) The secret value of (a);
finally, local ciphertext CT is obtained by utilizing common parameter calculation loc
CT loc :
Figure FDA0003515349250000032
In the above formula, S 1 Accessing policy T for fuzzy trees Obf Subtree T of 1 The set of static attributes contained in (a); s 2 Accessing policy T for fuzzy trees Obf Subtree T of 2 The set of static attributes contained in (a);
step 3.3: calculating a final ciphertext; the road side unit RSU in charge of the region receives the local ciphertext CT sent by the data owner loc Then, from subtree T 2 Starting from the root node, selecting a polynomial q from top to bottom 2 And computing the final ciphertext CT by using the common parameters:
CT:
Figure FDA0003515349250000033
Figure FDA0003515349250000034
5. the distributed access control strategy for secure sharing of data in the internet of vehicles according to claim 4, wherein: step 3 further comprises step 3.4: generating a transaction;
generating a transaction; the roadside unit RSU in charge of the region uploads the final ciphertext CT to the cloud storage server CSS, obtaining the ciphertext Address, generating a transaction Tran after signing the ciphertext Address enc
Figure FDA0003515349250000041
6. The distributed access control strategy for secure sharing of data in the internet of vehicles according to claim 5, wherein: the specific implementation process of the step 4 is as follows:
step 4.1: generating a static attribute private key; the global certificate authority CA uses the master key MSK and the public parameter PP and the static attribute set of the user
Figure FDA0003515349250000042
Generating static Attribute private Key SK st
Figure FDA0003515349250000043
In the above formula: z, t, r are all at Z p A randomly selected number;
step 4.2: generating a certificate;
user submits to global certification center CA's own identity ID U The global authentication center CA firstly verifies the validity of the user identity;
then sent to the user with the signed certificate:
Figure FDA0003515349250000044
finally, the global authentication center CA uses the static attribute private key SK st Value g of (D) βt Sending the data to a local authentication center LA;
step 4.3: generating a dynamic attribute key; the local authentication center LA verifies the credentials of the user
Figure FDA0003515349250000045
If the certificate is valid, use the local authentication center LA's own public keyKey PK k And a private key SK k And a common parameter PP, a set of dynamic attributes
Figure FDA0003515349250000046
Generation of dynamic Attribute Key, SK, for A user dy
Figure FDA0003515349250000047
In the above formula, m is in Z p Of the first and second sets.
7. The distributed access control strategy for data security sharing in the internet of vehicles according to claim 6, wherein the specific implementation procedure of the step 5 is as follows:
step 5.1: calculating an attribute value; firstly, the user uses its own partial key g ah ,g bh Calculating obfuscated attribute values
Figure FDA0003515349250000051
Then will be
Figure FDA0003515349250000052
s i And a certificate
Figure FDA0003515349250000053
To the roadside units RSU responsible for the area k
Step 5.2: outsourcing decryption; RSU responsible for this region k First checking the user credentials
Figure FDA0003515349250000054
Whether it is recorded on the blockchain, and if not, to verify the user credentials before
Figure FDA0003515349250000055
The effectiveness of (a); after the verification is finished, the intelligent contract which is deployed in advance can be automatically mobilizedAccording to the submitted attribute value s i Judging whether the user is the user meeting the access right, and judging whether the user is in the roadside unit RSU in charge of the area according to the vehicle speed, the distance from the vehicle, the pre-calculation time and the communication speed if the user is the user meeting the access right k An edge of a communication range; if the edge is close, the roadside unit RSU in charge of the area k After pre-decryption, the obtained intermediate ciphertext is directly returned to the roadside unit RSU responsible for the next region k+1 Returning the intermediate ciphertext to the user;
the intermediate ciphertext specifically is:
Figure FDA0003515349250000056
wherein T is Obf ,
Figure FDA0003515349250000057
C=g s Which is a part of the final ciphertext CT,
Figure FDA0003515349250000058
to iterate the computation by lagrange interpolation,
Figure FDA0003515349250000059
step 5.3: decrypting by the user;
first, user calculation
Figure FDA00035153492500000510
And then calculating the value of the root node: f R =e(g,g) βts
Finally, a symmetric key is calculated:
Figure FDA00035153492500000511
and the message M can be obtained by decryption according to a symmetric encryption algorithm.
8. The distributed access control strategy for the secure sharing of data in the internet of vehicles according to claim 7, wherein: step 5 also includes step 5.4 transaction generation;
roadside unit RSU in charge of the area k Using its own private key
Figure FDA0003515349250000061
Signing the user's certificate:
Figure FDA0003515349250000062
then generating a transaction
Figure FDA0003515349250000063
Wherein Time out Representing the time at which decryption is complete.
9. The distributed access control policy for secure sharing of data in a networked vehicle of claim 8, wherein: the method also comprises the step 6: updating the attribute; the specific implementation process of the step is as follows:
step 6.1: generating an updating key; the local authentication center LA generates three updated keys, UK respectively j→o ,UK no ,UK ct
Wherein, UK j→o =v j /v o The private key is updated for the user needing to update the attribute;
Figure FDA0003515349250000064
the private key is updated for the user who does not need to update the attribute;
Figure FDA0003515349250000065
for updating the final ciphertext CT;
step 6.2: updating a private key of a user;
when a user needing attribute updating receives an updating key UK distributed by a local authentication center LA j→o Then to holdThe following calculations are performed:
Figure FDA0003515349250000066
Figure FDA0003515349250000067
when the user not needing to update the attribute receives the update key UK distributed by the local authentication center LA no Then the following calculation is performed:
Figure FDA0003515349250000071
Figure FDA0003515349250000072
step 6.3: updating the final ciphertext; to ensure that a user newly added to the system can decrypt the original ciphertext, the roadside unit RSU k If the final ciphertext needs to be updated, the following calculation is executed;
Figure FDA0003515349250000073
Figure FDA0003515349250000074
CN202210162394.5A 2022-02-22 2022-02-22 Distributed access control method supporting privacy protection in Internet of vehicles Active CN115189903B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210162394.5A CN115189903B (en) 2022-02-22 2022-02-22 Distributed access control method supporting privacy protection in Internet of vehicles

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210162394.5A CN115189903B (en) 2022-02-22 2022-02-22 Distributed access control method supporting privacy protection in Internet of vehicles

Publications (2)

Publication Number Publication Date
CN115189903A true CN115189903A (en) 2022-10-14
CN115189903B CN115189903B (en) 2023-09-15

Family

ID=83511933

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210162394.5A Active CN115189903B (en) 2022-02-22 2022-02-22 Distributed access control method supporting privacy protection in Internet of vehicles

Country Status (1)

Country Link
CN (1) CN115189903B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116827696A (en) * 2023-08-30 2023-09-29 北京航空航天大学 Vehicle-mounted network cleanable access control method and system with policy protection

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016197769A1 (en) * 2015-06-12 2016-12-15 深圳大学 Cloud storage ciphertext access control system based on table attributes
CN110099043A (en) * 2019-03-24 2019-08-06 西安电子科技大学 The hiding more authorization center access control methods of support policy, cloud storage system
CN112564903A (en) * 2020-12-08 2021-03-26 西安电子科技大学 Decentering access control method for data security sharing in smart power grid
CN113194078A (en) * 2021-04-22 2021-07-30 西安电子科技大学 Cloud-supported privacy protection sequencing multi-keyword search encryption method
CN113489733A (en) * 2021-07-13 2021-10-08 郑州轻工业大学 Block chain-based content center network privacy protection method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016197769A1 (en) * 2015-06-12 2016-12-15 深圳大学 Cloud storage ciphertext access control system based on table attributes
CN110099043A (en) * 2019-03-24 2019-08-06 西安电子科技大学 The hiding more authorization center access control methods of support policy, cloud storage system
CN112564903A (en) * 2020-12-08 2021-03-26 西安电子科技大学 Decentering access control method for data security sharing in smart power grid
CN113194078A (en) * 2021-04-22 2021-07-30 西安电子科技大学 Cloud-supported privacy protection sequencing multi-keyword search encryption method
CN113489733A (en) * 2021-07-13 2021-10-08 郑州轻工业大学 Block chain-based content center network privacy protection method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
YAO YU等: ""Privacy Protection Scheme Based on CP-ABE in Crowdsourcing-IoT for Smart Ocean"", 《IEEE INTERNET OF THINGS JOURNAL》, vol. 7, no. 10, XP011813870, DOI: 10.1109/JIOT.2020.2989476 *
严新成;陈越;翟雨畅;兰巨龙;黄恺翔;: "一种高效的CP-ABE云数据访问控制方案", 小型微型计算机系统, no. 10 *
李聪;杨晓元;王绪安;: "隐私保护的可验证外包属性基解密方案", 小型微型计算机系统, no. 09 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116827696A (en) * 2023-08-30 2023-09-29 北京航空航天大学 Vehicle-mounted network cleanable access control method and system with policy protection
CN116827696B (en) * 2023-08-30 2023-12-15 北京航空航天大学 Vehicle-mounted network cleanable access control method and system with policy protection

Also Published As

Publication number Publication date
CN115189903B (en) 2023-09-15

Similar Documents

Publication Publication Date Title
Guo et al. Blockchain meets edge computing: A distributed and trusted authentication system
CN111355745B (en) Cross-domain identity authentication method based on edge computing network architecture
Zhang et al. Data security and privacy-preserving in edge computing paradigm: Survey and open issues
CN108833393B (en) Revocable data sharing method based on fog computing
US9646168B2 (en) Data access control method in cloud
AU2003202511B2 (en) Methods for authenticating potential members invited to join a group
Feng et al. An efficient privacy-preserving authentication model based on blockchain for VANETs
Salowey et al. Specification for the derivation of root keys from an extended master session key (EMSK)
CN113783836A (en) Internet of things data access control method and system based on block chain and IBE algorithm
Memon et al. Design and implementation to authentication over a GSM system using certificate-less public key cryptography (CL-PKC)
CN113746632B (en) Multi-level identity authentication method for Internet of things system
CN111147460A (en) Block chain-based cooperative fine-grained access control method
CN114036539A (en) Safety auditable Internet of things data sharing system and method based on block chain
Qin et al. An ECC-based access control scheme with lightweight decryption and conditional authentication for data sharing in vehicular networks
Zhao et al. A verifiable hidden policy CP‐ABE with decryption testing scheme and its application in VANET
CN105721146B (en) A kind of big data sharing method towards cloud storage based on SMC
CN113872760A (en) SM9 key infrastructure and security system
CN113434875A (en) Lightweight access method and system based on block chain
CN115189903B (en) Distributed access control method supporting privacy protection in Internet of vehicles
Zhang et al. Blockchain-enabled efficient distributed attribute-based access control framework with privacy-preserving in IoV
Gao et al. An anonymous access authentication scheme based on proxy ring signature for CPS-WMNs
CN111444268A (en) Data encryption method based on block chain
CN114826716B (en) Internet of vehicles condition privacy protection method based on certificate-free group signcryption
Rasheed et al. Blockchain-based trust verification and streaming service awareness for big data-driven 5g and beyond vehicle-to-everything (v2x) communication
Nayudu et al. Dynamic Time and Location Information in Ciphertext-Policy Attribute-Based Encryption with Multi-Authorization.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant