CN103491535A

CN103491535A - Sensor network-oriented approximate query method commonly used for privacy protection

Info

Publication number: CN103491535A
Application number: CN201310389413.9A
Authority: CN
Inventors: 陈红; 范永健; 李翠平; 张晓莹
Original assignee: Renmin University of China
Current assignee: Renmin University of China
Priority date: 2013-08-31
Filing date: 2013-08-31
Publication date: 2014-01-01
Anticipated expiration: 2033-08-31
Also published as: CN103491535B

Abstract

The invention provides a sensor network-oriented approximate query method commonly used for privacy protection. The method includes the following steps that the shared data structure of a base station and sensor nodes is used for enabling the numbers and collection data of the sensor nodes to be hidden in a vector; gathering nodes transmit the vector to the base station through a tree route; a linear system of equations is constructed in the base station, and a column diagram with global statistical information and a corresponding sensor node number are solved; the needed approximate query is completed according to the statistical information of the column diagram. According to the sensor network-oriented approximate query method, under the condition that privacy information is not leaked, approximate query energy consumption is reduced by the adoption of the strategies like network internal data gathering and a filter, and under the condition that the model does not need to be modified, accuracy control over the privacy protection approximate query can be achieved by the way of parameter adjustment.

Description

The general approximate enquiring method of secret protection of facing sensing device network

Technical field

The present invention relates to a kind of sensor network query method, relate in particular under a kind of prerequisite meeting the secret protection requirement, the general approximate enquiring method of facing sensing device network, belong to the technology of Internet of things field.

Background technology

Sensor network is the important component part of Internet of Things, in fields such as environmental monitoring, health care, intelligent transportation, national defense and military, has broad application prospects.Along with the application development of sensor network, expose the threat that serious private data leaks or is tampered in the practical application deployment, caused researcher's great attention.At present, secret protection technology becomes one of the study hotspot in Internet of Things field.

The secret protection technology mainly can be divided three classes: data perturbation technology, data encryption technology and data anonymization technology.Wherein, the secret protection that the secret protection technology in data mining and data issue field is sensor network provides technological borrowing and support, but often large due to energy consumption or be not suitable for the factor such as distributed environment and can not directly apply to sensor network.Therefore, existing sensor network secret protection technology mainly concentrates on secret protection data gathering and secret protection data query two aspects.

Aspect the secret protection data gathering; in prior art, studied in the situation that do not reveal privacy information; complete the aggregation operators such as SUM, MIX, MAX or Median; but these technical schemes realize aggregation operator in the situation that aggregation node can not obtain the True Data value; owing to there is no carry sensors node serial number information in gathering information; so can not realize needing the complex query of sensor node ID, as inquiry or range query etc.Aspect the secret protection data query; secret protection technology in the inquiries such as range query (Range Query), inquiry has been discussed respectively in prior art; but can not in the situation that do not reveal privacy information, complete the complex queries operations such as inquiry, range query simultaneously.In addition, because approximate query is inquiry mode important in sensor network, in the situation that not high to required precision, can between precision and energy consumption, carry out balance.Also study the approximate enquiring method in the sensor network in prior art, but do not considered Privacy Protection.

On the other hand, the energy consumption in sensor network often directly affects network life, and in net, data gathering is the energy saving technology that sensor network is commonly used.In actual applications; the front k(k that had usually both needed to inquire about acquired data values the highest (or minimum) is positive integer) individual sensor node; need again to inquire about the sensor node of acquired data values in certain scope, the secret protection agreement that only can realize single query type is limited in actual applications.So research is used the secret protection general polling method of data gathering in net to have positive effect.

Summary of the invention

For the deficiencies in the prior art, technical problem to be solved by this invention is to provide a kind of general approximate enquiring method of secret protection of facing sensing device network.The method can, under the prerequisite that meets the secret protection requirement, realize the approximate queries such as Top-k inquiry, range query, SUM, MAX/MIN.

For realizing above-mentioned goal of the invention, the present invention adopts following technical scheme:

A kind of general approximate enquiring method of secret protection of facing sensing device network, be used in the similar sensor network of node, comprises the steps:

(1) by base station and the shared data structure of sensor node, the numbering of sensor node and image data are hidden among vector;

(2) aggregation node transmits described vector by tree-shaped route to base station;

(3) at base station structure system of linear equations, solve with the histogram of global statistics information and corresponding sensor node numbering;

(4) the statistical information had according to described histogram, complete required approximate query.

Wherein more preferably, described step (1) in, base station for each sensor node produce unique random vector as with reference to the vector, be issued to corresponding sensor node after encryption; Described sensor node is used image data and with reference to vector, and the calculated response vector is hidden in the numbering of sensor node and image data among response vector, according to tree-shaped route, described response vector is uploaded to the father node as aggregation node.

Wherein more preferably, described step (2) in, described aggregation node is used the summation aggregate function to be assembled all data of receiving.

Wherein more preferably, described step (3) in, the response vector structure system of linear equations after assembling is used in described base station, and solve linear equations obtains the data interval that the image data of each sensor node falls into, and then obtains the numbering with the histogram of global statistics information and corresponding sensor node.

Wherein more preferably, described step (4) in, come balance inquiry precision and energy consumption by regulating described histogrammic granularity of division.

Wherein more preferably, the general approximate enquiring method of described secret protection has the H-PGAQ pattern;

In described H-PGAQ pattern, described base station generates unique perturbation vector and single channel hash function for each sensor node, and aggregation node is carried out sum operation to the vector of receiving, and adds the vector of this section dot generation, the vector that meets with a response, upload and participate in summation and assemble; Base station obtains assembling result vector to institute's directed quantity summation of receiving, described gathering result vector deducts the noisy data of processing through described single channel hash function, obtains described system of linear equations.

Wherein more preferably, the general approximate enquiring method of described secret protection has the F-PGAQ pattern;

In described F-PGAQ pattern, described base station generates with reference to vector for each sensor node; In continuous-query, described sensor node divides histogram as the filter window, if the epicycle image data with on take turns image data and fall into same histogram division, uploading data not.

Wherein more preferably, when the scale of sensor network need to be expanded, described base station is that newly-increased sensor node generates accordingly with reference to the vector sum perturbation vector, and after using base station and the shared secret key encryption of sensor node, be issued to newly-increased sensor node, what will newly produce adds with reference to matrix with reference to vector simultaneously, not the changing with reference to the vector sum perturbation vector of other sensor nodes.

Compared with prior art, the present invention proposes a kind of general approximate enquiring method of secret protection that can complete the inquiries such as Top-k inquiry, range query, SUM, MAX/MIN of novelty.The method is not in the situation that leak privacy information, the strategy minimizing approximate query energy consumption such as data gathering and filter in the use net; In the situation that do not need to revise model, by parameter, regulate and can realize secret protection approximate query precision is controlled.

The accompanying drawing explanation

The basic step schematic diagram that Fig. 1 is the general approximate enquiring method of secret protection provided by the present invention;

Fig. 2 is the schematic diagram that equi-depth histogram is divided;

Fig. 3 is that histogram mixes the schematic diagram of dividing;

The traffic schematic diagram that Fig. 4 is system initialisation phase;

Fig. 5 is n=20, in the situation of t=100, and the affect comparison diagram of interval division number on the traffic;

Fig. 6 is n=20, in the situation of t=100, and the several comparison diagrams that affect on the traffic of image data wheel;

Fig. 7 is n=50, in the situation of t=100, and the affect comparison diagram of interval division number on the traffic;

Fig. 8 is n=50, in the situation of t=100, and the several comparison diagrams that affect on the traffic of image data wheel;

Fig. 9 is n=88, in the situation of t=100, and the affect comparison diagram of interval division number on the traffic;

Figure 10 is n=88, in the situation of t=100, and the several comparison diagrams that affect on the traffic of image data wheel;

Figure 11 is the schematic diagram that concerns that interval division is counted h and data value error threshold.

Embodiment

The basic ideas of the general approximate enquiring method of secret protection provided by the present invention (be called for short PGAQ method) are the data structures shared with sensor node by the design base station, by the Information hiding such as perception data of sensor node numbering and its collection in the random vector of constructing.Middle aggregation node transmits this vector by tree-shaped route to base station, netted interior summation and assemble with energy saving in uploading this vectorial process.At base station structure system of linear equations, solve with the histogram of global statistics information and corresponding sensor node numbering.The statistical information had according to histogram does not complete the approximate queries such as Top-k inquiry, range query, SUM, MAX/MIN, Median, Histogram with not revealing privacy.In above-mentioned PGAQ method, use summation in net to assemble with energy saving, and come balance inquiry precision and energy consumption by regulating the histogram granularity of division.Launch detailed specific description below in conjunction with the drawings and specific embodiments.

PGAQ method provided by the present invention is the sensor network modelling similar for node.In this sensor network model, net inner sensor node is being all similar aspect primary power, storage capacity, communication capacity, and all net interior nodes all likely become the node that aggregation node etc. is born more multitask.This sensor network model is positive integer by base station and n(n) individual sensor node formation.The node serial number of each transducer is unique, is designated as { s ₁, s ₂..., s _n.Base station has sufficient storage, calculating and communication capacity, and can obtain the topology information of the network overall situation.Network can form tree routing, and base station issues query demand by tree routing, sensor node by tree routing by the inquiry response data upload to base station.In uploading the inquiry response process, non-leaf node is assembled fusion to its child nodes data and this node image data, only uploads and assembles rear data.Aggregate function may be defined as wherein

for node s _ithe data that gather in the t time period.The present invention uses the summation aggregate function to be

f (t) = Σ_{i = 1}^{n} V_{s_{i}} (t) .

As shown in Figure 1, at first base station is each sensor node s _i(s _i∈ G) produce unique random vector as reference vector (a _1i, a _2i..., a _mi) ^t, be issued to corresponding sensor node s after encryption _i.Sensor node s _iuse the data of its collection

with reference vector (a _1i, a _2i..., a _mi) ^t, calculated response vector (r _1i, r _2i..., r _mi) ^t, according to tree-shaped route, response vector being uploaded to father node, father node is as aggregation node, use the summation aggregate function to be assembled all data of receiving, generate the response vector of this sensor node, then send and assemble result to its father node, be sent to successively base station.Base station is used all data of receiving to calculate statistic histogram, according to this histogram, completes the secret protection approximate query.

In PGAQ method provided by the present invention, can be divided into two kinds of patterns of H-PGAQ and F-PGAQ.Wherein, H-PGAQ pattern using disturbance of data technology and single channel hash function, strengthened Information Security.F-PGAQ pattern using filter reduces the continuous-query traffic.The below at first detailed explanation to the H-PGAQ mode expansion.

In the H-PGAQ pattern, be divided into system initialization and two stages of inquiry.Below mean the number of sensor network nodes with n, net inner sensor node is carried out to Unified number and is expressed as respectively { s ₁, s ₂..., s _n, with [v _min, v _max] mean the codomain of sensor node image data.

(1) system initialisation phase

Base station

1,2,3 ..., 2 ^γselect m * n different positive integer a at random in (wherein γ is system parameters) _ij(i=1,2 ..., m; J=1,2 ..., n), what form m * n with reference to matrix G is:

(\begin{matrix} a_{11} & q_{12} & \cdot \cdot \cdot & a_{1 n} \\ a_{21} & a_{22} & \cdot \cdot \cdot & a_{2 n} \\ \cdot \cdot \cdot & \cdot \cdot \cdot & \cdot \cdot \cdot & \cdot \cdot \cdot \\ a_{m 1} & a_{m 2} & \cdot \cdot \cdot & a_{mn} \end{matrix})

Sensor node s _i(i=1,2 ..., n) with reference to i column vector (a in matrix G _1i, a _2i..., a _mi) ^tcorrespondence, by (a _1i, a _2i..., a _mi) ^tas sensor node s _i(i=1,2 ..., reference vector n).

Base station is each sensor node s _i(i=1,2 ..., n) generate perturbation vector (sn unique and that length is m _1i, sn _2i..., sn _mi) ^twith single channel hash function h (), single channel hash function h () can map data into

set

1,2 ..., M}, wherein M=n * v _max* 2 ^γ, v _maxfor image data codomain [v _min, v _max] the upper bound.

In base station, image data codomain [v _min, v _max] be divided into continuously h interval, be expressed as (H ₁..., H _h).

Base station is used and each sensor node s _i(i=1,2 ..., n) shared key is encrypted, and in order to increase fail safe, the PGAQ employing cycle is changed the mode of key, uses k _i,tthe t of indication cycle inner sensor node s _ithe key shared with Sink, have k _i,t=hash (k _{i, t-1}).

With mean ciphering process, to sensor node s _i(i=1,2 ..., n) transmit following message:

Sink→s _i(i＝1,2,…,n):

i, E_{k_{i, t}} \{\begin{matrix} {(a_{1 i}, a_{2 i}, \cdot \cdot \cdot, a_{mi})}^{T}, \\ {({sn}_{1 i}, {sn}_{2 i}, \cdot \cdot \cdot, {sn}_{mi})}^{T}, h (\cdot), \\ (H_{1}, \cdot \cdot \cdot, H_{h}) \end{matrix}\}

Sensor node s _i(i=1,2 ..., n) after receiving message, use and base station shared key k _ibe decrypted, obtain and the exclusive shared following information in base station: with reference to vector (a _1i, a _2i..., a _mi) ^t, perturbation vector (sn _1i, sn _2i..., sn _mi) ^t, single channel hash function h () and image data codomain demarcation interval (H ₁..., H _h).

(2) inquiry phase

Sensor node is hidden in image data place demarcation interval information and sensor node number information in the response vector that length is m, and sends aggregation node to.Aggregation node is carried out sum operation to the vector of receiving, and adds the vector of this section dot generation, obtains the response vector that this node length is m, uploads and participates in summation and assemble; Base station obtains assembling result vector to institute's directed quantity summation of receiving, assemble result vector and deduct noisy data, the system of linear equations that to obtain take the reference matrix be coefficient matrix, solve system of linear equations and obtain histogram and the respective sensor node serial number with statistical information, use histogram and respective sensor node serial number to calculate the approximate query result.

A. leaf node processing procedure

Leaf node s _iadopt leaf node calculated response vector algorithm by image data v _i,tplace demarcation interval information and sensor node number information are hidden in the response vector that length is m.This algorithm is described as follows:

Demand: with reference to vector (a _1i, a _2i..., a _mi) ^t, perturbation vector (sn _1i, sn _2i..., sn _mi) ^t, single channel hash function h (), image data codomain demarcation interval (H ₁..., H _h)

Input: leaf node s _iacquired data values v in polling cycle t _i,t

Output: leaf node s _iresponse vector (r _1i, r _2i..., r _mi) ^t

1:IFv _i,tin ≠ null//polling cycle t, image data is arranged

2：FORk＝1,2,…,hdo

3:IFv _i,t∈ H _ktHEN//image data v _i,tfall into H _k

4：N _i＝k

(r _1i,r _2i,…,r _mi) ^T＝

5：N _i×(a _1i,a _2i,…,a _mi) ^T

+(h(sn _1i),h(sn _2i),…,h(sn _mi)) ^T

6：END?IF

7：END?FOR

There is no image data in 8:ELSE//polling cycle t

9：(r _1i,r _2i,…,r _mi) ^T

＝(h(sn _1i),h(sn _2i),…,h(sn _mi)) ^T

10：RETURN(r _1i,r _2i,…,r _mi) ^T

Leaf node s _iwhile in polling cycle t, image data being arranged, adopt above-mentioned algorithm calculated response vector to be:

(\begin{matrix} r_{1 i} \\ r_{2 i} \\ \cdot \\ \cdot \\ \cdot \\ r_{mi} \end{matrix}) = (\begin{matrix} a_{1 i} \times N_{i} + h ({sn}_{1 i}) \\ a_{2 i} \times N_{i} + h ({sn}_{2 i}) \\ \cdot \\ \cdot \\ \cdot \\ a_{mi} \times N_{i} + h ({sn}_{mi}) \end{matrix})

Wherein, N _ifor sensor node s _ithe image data v of institute in polling cycle t _i,tplace demarcation interval numbering,

v_{i, t} &Element; H_{N_{i}} .

Leaf node s _iwhile in polling cycle t, there is no image data, adopt algorithm 1 calculated response vector to be:

(r _1i,r _2i,…,r _mi) ^T＝(h(sn _1i),h(sn _2i),…,h(sn _mi)) ^T

Leaf node s _iby response vector (r _1i, r _2i..., r _mi) ^tbe uploaded to father node and participate in gathering.

B. aggregation node accumulation process

Suppose aggregation node s _jcn is arranged _jindividual child nodes, the child nodes numbering is respectively { j-cn _j, j-cn _j+ 1 ..., j-1}, aggregation node s _jin polling cycle t, image data is v _j,t.Aggregation node s _jadopt aggregation node calculated response vector algorithm to be sued for peace to the child nodes response vector of receiving and increase the vector that this node produces, generate the aggregation node response vector and upload.This algorithm is described as follows:

Demand: with reference to vector (a _1j, a _2j..., a _mj) ^t, perturbation vector (sn _1j, sn _2j..., sn _mj) ^t, single channel hash function h (), image data codomain demarcation interval (H ₁..., H _h)

Input: aggregation node s _jacquired data values v in polling cycle t _j,t, the response vector that child nodes is uploaded

Output: aggregation node s _jresponse vector (r _1j, r _2j..., r _mj) ^t

1: use above-mentioned leaf node calculated response vector algorithm, input v _j,t, obtain vector (r _1j, r _2j..., r _mj) ^t

2：FORk＝j-cn _j,j-cn _j+1,…,j-1do

3：(r _1j,r _2j,…,r _mj) ^T＝(r _1j,r _2j,…,r _mj) ^T+(r _1k,r _2k,…,r _mk) ^T

4：END?FOR

5：RETURN(r _1j,r _2j,…,r _mj) ^T

Aggregation node s _jby response vector (r _1j, r _2j..., r _mj) ^tbe uploaded to father node and participate in gathering, if father node is not base station, use aggregation node calculated response vector algorithm generate response vector and continue to upload, until be uploaded to base station.

C. base station processing procedure

Following processing is carried out after receiving its all child nodes in base station:

All child nodes response vectors are carried out to sum operation, obtain assembling result vector:

(\begin{matrix} Σ_{i = 1}^{n} a_{1 i} \times N_{i} + Σ_{i = 1}^{n} h ({sn}_{1 i}) \\ Σ_{i = 1}^{n} a_{2 i} \times N_{i} + Σ_{i = 1}^{n} h ({sn}_{2 i}) \\ \cdot \\ \cdot \\ \cdot \\ Σ_{i = 1}^{n} a_{mi} \times N_{i} + Σ_{i = 1}^{n} h ({sn}_{mi}) \end{matrix})

To assemble result vector and deduct the noisy data sum that all nodes were processed through single channel hash function h (), obtain vector (b ₁, b ₂... b _n) ^t.

(\begin{matrix} b_{1} \\ b_{2} \\ \cdot \\ \cdot \\ \cdot \\ b_{m} \end{matrix}) = (\begin{matrix} Σ_{i = 1}^{n} a_{1 i} \times N_{i} + Σ_{i = 1}^{n} h ({sn}_{1 i}) \\ Σ_{i = 1}^{n} a_{2 i} \times N_{i} + Σ_{i = 1}^{n} h ({sn}_{2 i}) \\ \cdot \\ \cdot \\ \cdot \\ Σ_{i = 1}^{n} a_{mi} \times N_{i} + Σ_{i = 1}^{n} h ({sn}_{mi}) \end{matrix}) - (\begin{matrix} Σ_{i = 1}^{n} h ({sn}_{1 i}) \\ Σ_{i = 1}^{n} h ({sn}_{2 i}) \\ \cdot \\ \cdot \\ \cdot \\ Σ_{i = 1}^{n} h ({sn}_{mi}) \end{matrix})

Be

(\begin{matrix} b_{1} \\ b_{2} \\ \cdot \\ \cdot \\ \cdot \\ b_{m} \end{matrix}) = (\begin{matrix} Σ_{i = 1}^{n} a_{1 i} \times N_{i} \\ Σ_{i = 1}^{n} a_{2 i} \times N_{i} \\ \cdot \\ \cdot \\ \cdot \\ Σ_{i = 1}^{n} a_{mi} \times N_{i} \end{matrix})

Be following system of linear equations:

\{\begin{matrix} a_{11} \times N_{1} + a_{12} \times N_{2} + \cdot \cdot \cdot + a_{1 n} \times N_{n} = b_{1} \\ a_{21} \times N_{1} + a_{22} \times N_{2} + \cdot \cdot \cdot + a_{2 n} \times N_{n} = b_{2} \\ \cdot \\ \cdot \\ \cdot \\ a_{m 1} \times N_{1} + a_{m 2} \times N_{2} + \cdot \cdot \cdot + a_{mn} \times N_{n} = b_{m} \end{matrix} - - - (1)

The coefficient matrix of equation group (1) is with reference to matrix G.When m is enough large, can solve set { N ₁, N ₂..., N _n.When m=n, be n * n square formation with reference to matrix G, and have | G| ≠ 0.According to Cramer's rule (Cramer'sRule), equation group when m=n (1) can accurately solve.Sensor node s ₁, s ₂..., s _nin polling cycle t, the interval at image data place is respectively

statistics (H ₁..., H _h) in number and the corresponding sensor node numbering of the sensor node image data that comprises of each interval, obtain with (H ₁..., H _h) be the statistic histogram of dividing.Can solve general approximate query Q according to histogram _gthe approximate query result of the query type T that middle user needs.

Above-mentioned H-PGAQ pattern using disturbance of data technology and single channel hash function, even aggregation node can obtain sensor node and base station shared key like this, can decipher and obtain the reference vector that base station issues, aggregation node can not calculate perception data, strengthened Information Security, but the H-PGAQ pattern needs all the sensors node uploading data, communication cost during continuous-query is higher.

In the F-PGAQ pattern, suppose that aggregation node can not obtain the shared key of sensor node and base station, use with reference to vector and replace true image data to carry out secret protection.The traffic while using filter to reduce continuous-query in the F-PGAQ pattern, divide histogram as the filter window, if the epicycle image data with on take turns image data and fall into same histogram division, do not need uploading data.The processing procedure of F-PGAQ pattern and H-PGAQ pattern is substantially similar, and the main distinction is: in (I) F-PGAQ pattern, to uploading vector, do not add noisy data; Use filter in (II) F-PGAQ pattern, in continuous-query, if the epicycle image data and on take turns image data and fall into same histogram and divide, do not need uploading data.

In the F-PGAQ pattern, also be divided into system initialization and two stages of inquiry.Be described as follows:

(1) system initialisation phase

Method demarcation interval (the H in the H-PGAQ pattern is used in base station ₁..., H _h), and be each sensor node s _i(i=1,2 ..., n) generate with reference to vector (a _1i, a _2i..., a _mi) ^t.Use and sensor node s _ishared key k _i,tbe encrypted, base station is to sensor node s _i(i=1,2 ..., n) transmit following message:

Sink→s _i(i＝1,2,…,n):

i, E_{k_{i, t}} \{\begin{matrix} {(a_{1 i}, a_{2 i}, \cdot \cdot \cdot, a_{mi})}^{T}, \\ (H_{1}, \cdot \cdot \cdot, H_{h}) \end{matrix}\}

Sensor node s _ideciphering obtains (a _1i, a _2i..., a _mi) ^t(H ₁..., H _h).

(2) inquiry phase

A. leaf node processing procedure

In continuous-query, leaf node at first judge the epicycle image data and on take turns the same interval division (H whether data fall into ₁..., H _h), if fall into same demarcation interval, do not need uploading data.If the epicycle image data from take turns data and drop on different intervals, with reference to leaf node calculated response vector algorithm (not adding noisy data) calculated response vector, be:

(r _1i,r _2i,…,r _mi) ^T＝(a _1i×N _i,a _2i×N _i,…a _mi×N _i)

B. aggregation node accumulation process

Aggregation node is used the leaf node processing procedure to produce this node vector.Aggregation node is sued for peace and is added the child nodes response vector of receiving

the vector that this node produces, generate the response vector of aggregation node and upload.

If all child nodes do not have uploading data and aggregation node there is no image data, aggregation node does not need uploading data.

C. base station processing procedure

Supposing has n in the epicycle inquiry in query region _g(n _g≤ n) individual sensor node is uploaded vector and is participated in gathering.For explaining conveniently, supposing to upload vectorial sensor node, be.Sum operation is carried out by the child nodes response vector of receiving in base station, obtains assembling result vector:

(\begin{matrix} b_{1} \\ b_{2} \\ \cdot \\ \cdot \\ \cdot \\ b_{m} \end{matrix}) = (\begin{matrix} Σ_{i = 1}^{n_{G}} a_{1 i} \times N_{i} \\ Σ_{i = 1}^{n_{G}} a_{2 i} \times N_{i} \\ \cdot \\ \cdot \\ \cdot \\ Σ_{i = 1}^{n_{G}} a_{mi} \times N_{i} \end{matrix})

Be following system of linear equations:

\{\begin{matrix} a_{11} \times N_{1} + a_{12} \times N_{2} + \cdot \cdot \cdot + a_{{1 n}_{G}} \times N_{n_{G}} = b_{1} \\ a_{21} \times N_{1} + a_{22} \times N_{2} + \cdot \cdot \cdot + a_{{2 n}_{G}} \times N_{n_{G}} = b_{2} \\ \cdot \\ \cdot \\ \cdot \\ a_{m 1} \times N_{1} + a_{m 2} \times N_{2} + \cdot \cdot \cdot + a_{{mn}_{G}} \times N_{n_{G}} = b_{m} \end{matrix} - - - (2)

When m is enough large, can solve set

work as m=n _gthe time equation group (2) can accurately solve.Base station is for the node s that there is no uploading data _iuse last round of s _icorresponding N _i, the histogram data { N that obtains having the whole node image data of query region information ₁, N ₂..., N _n.Solve general approximate query Q according to histogram _gthe approximate query result of the query type T that middle user needs.

Below the F-PGAQ pattern is illustrated.Suppose that sensor network is comprised of 3 nodes, use tree-shaped route transmission data, wherein node 2 and node 3 are leaf node, and node 1 is aggregation node.

At initial phase, base station produces at random 3 * 3 matrix G and is:

(\begin{matrix} 39 & 92 & 72 \\ 67 & 25 & 82 \\ 18 & 59 & 30 \end{matrix}) .

Using the 1st column vector in G as node, 1 with reference to vector, i.e. (a ₁₁, a ₂₁..., a _m1) ^t=(39,67,18) ^t; Using the 2nd column vector in G as node, 2 with reference to vector, i.e. (a ₁₂, a ₂₂..., a _m2) ^t=(92,25,59) ^t; Using the 3rd column vector in G as node, 3 with reference to vector, i.e. (a ₁₃, a ₂₃..., a _m3) ^t=(72,82,30) ^t.

Suppose that the image data codomain is for [0,10], parameter h gets 10, adopts equivalent division methods, and image data codomain [0,10] is divided continuously, obtains (H ₁=[0,1), H ₂=[1,2) ..., H ₁₀=[9,10]).Base station is used respectively with node 1, node 2 and node 3 shared keys (39,67,18) ^t, (92,25,59) ^t, (72,82,30) ^t(H ₁, H ₂, H ₁₀) encrypt, being issued to respective nodes, intermediate node can not be deciphered.Obtain this node with reference to vector (39,67,18) after node 1 deciphering ^tand division (H ₁, H ₂, H ₁₀), other nodes are same.If node 1 acquired data values is 6.72, according to (H ₁, H ₂, H ₁₀), because 6.7 ∈ H ₇so, N ₁=7, use (r _1i, r _2i..., r _mi) ^t=N _i* (a _1i, a _2i..., a _mi) ^tcalculated response vector (r ₁₁, r ₂₁..., r _m1) ^t=N ₁* (a ₁₁, a ₂₁..., a _m1) ^t=7 * (39,67,18) ^t=(273,469,126) ^t; If node 2 image data are 2.13, because 2.13 ∈ H ₃so, N ₂=3, calculate (r ₁₂, r ₂₂..., r _m2) ^t=(276,75,177) ^t; If node 3 image data are 8.29, because 8.29 ∈ H ₉so, N ₃=9, calculate (r ₁₃, r ₂₃..., r _m3) ^t=(648,738,270) ^t, node 2 and node 3 are respectively by (276,75,177) ^t(648,738,270) ^tpass to node 1(aggregation node), node 1 aggregation operator of being sued for peace generates new response vector (r ₁₁, r ₂₁..., r _m1) ^t=(273,469,126) ^t+ (276,75,177) ^t+ (648,738,270) ^t=(1197,1282,573) ^t, node 1 is by (1197,1282,573) ^tpass to base station.In base station, make (b ₁, b ₂, b ₃) ^t=(1197,1282,573) ^t, according to the matrix G produced at initial phase

G = (\begin{matrix} a_{11} & a_{12} & a_{13} \\ a_{21} & a_{22} & a_{23} \\ a_{31} & a_{32} & a_{33} \end{matrix}) = (\begin{matrix} 39 & 92 & 72 \\ 67 & 25 & 82 \\ 18 & 59 & 30 \end{matrix})

Be constructed as follows equation group,

\{\begin{matrix} a_{11} \times N_{1} + a_{12} \times N_{2} + a_{13} \times N_{3} = b_{1} \\ a_{21} \times N_{1} + a_{22} \times N_{2} + a_{23} \times N_{3} = b_{2} \\ a_{31} \times N_{1} + a_{32} \times N_{2} + a_{33} \times n_{3} = b_{m} \end{matrix}

?

\{\begin{matrix} 39 \times N_{1} + 92 \times N_{2} + 72 \times N_{3} = 1197 \\ 67 \times N_{1} + 25 \times N_{2} + 82 \times N_{3} = 1282 \\ 18 \times N_{1} + 59 \times N_{2} + 30 \times n_{3} = 573 \end{matrix} - - - (3)

Solve linear equations (3) obtains N ₁=7, N ₂=3, N ₃=9.Base station knows that the perception data of node 1, node 2 and node 3 falls into respectively H like this ₇=[6,7), H ₃=[2,3), H ₉=[8,9) interval.General approximate query, according to these data configuration statistic histograms, is realized in base station.

In the present invention, interrogation model is divided into interrogation model in general approximate query model and net.The user uses general approximate query model to send querying command to base station, base station is used interrogation model in net to be handed down to sensor node by routing tree, sensor node is assembled perception data upload by non-leaf node, histogram is derived according to assembling result in base station, go out according to histogram calculation the general approximate query result that the user needs, it is returned to the user.General approximate query model description is:

Q _G＝(query?region=G)^(epoch=t)^(query?type=T)

^(query?parameter=P)^(?approximate?parameter=ò)

Wherein G is query region, and t is polling cycle, the query type set that T need to return for the user, and P is the required parameter sets of query type in T, ò is approximate query precision threshold parameter.

In PGAQ method provided by the present invention, the query type of supporting has Top-k inquiry, range query, MAX MIN, SUM, Median, Histogram etc.In T, can be the single query type, can be also a plurality of PGAQ query types that method is supported.In P, parameter should be corresponding with query type in T.When query type is the Top-k inquiry, in P, parameter is the k value; When query type is range query, in P, parameter is query context [a, b].

In the net that base station issues to query region G inner sensor node by tree routing, interrogation model is:

Q _t＝{t,(H ₁,…,H _h)}

Wherein t is polling cycle, (H ₁..., H _h) for the histogram of being calculated by approximate query precision threshold parameter ò, divide, as ò is default value, do not need to transmit (H ₁..., H _h).

Secret protection approximate enquiring method provided by the present invention need to meet following performance requirement and balance requires:

(1) inquiry precision

In the situation that not high to required precision, approximate query can carry out balance between precision and energy consumption, with energy saving.Simultaneously, the precision of approximate query should be able to meet the demand of application, so the approximate query precision should be able to be controlled by system parameters, to reach, meets application demand precision and the energy balance between consuming.

(2) secret protection demand

Because the assailant can eavesdrop and capture sensor node by wireless link, attacked, the secret protection approximate enquiring method should meet following requirement: in order to protect privacy information, and arbitrary node s in sensor network _i(s _i∈ G) data that gather

can not be known by the wireless link listener-in, simultaneously can not be by other arbitrary nodes s in network _j(s _j∈ G and i ≠ j) know; In sensor network, arbitrary node can not be known the Query Result data set; In sensor network, arbitrary node can not be known the sensor node ID that the Query Result data item is corresponding.

(3) energy consumption

Energy consumption often directly affects sensor network life, and energy saving is the important performance requirement of sensor network protocol.The secret protection technology often needs to increase sensor network communication amount and energy consumption, and the secret protection vlan query protocol VLAN should reduce the traffic and energy consumption as far as possible.In net, data gathering and fusion can reduce volume of transmitted data and then energy saving effectively.In netting, data gathering and fusion application are significant in the secret protection approximate enquiring method.

For this reason, come balance inquiry precision and energy consumption by regulating the histogram granularity of division in the present invention.Wherein, the inquiry precision mainly is subject to system parameters h and to interval (H ₁..., H _h) impact of dividing mode.Interval (H ₁..., H _h) dividing mode determines the histogrammic type calculate in base station, (H between system parameters h determining area ₁..., H _h) granularity of division.For the needs of control precision, the present invention adopts wide histogram and two kinds of histogram dividing mode of equi-depth histogram.The histogram dividing mode can be selected by the user of sensor network system.

Through further investigation, the inventor thinks that the approximate query error can, by two parametric descriptions, be respectively data value error amount ò _vwith data item number error amount ò _n.Data value error amount ò _vfor inquiry returns results the middle data value range error upper limit, i.e. max{|v _pmax-v _rmax|, | v _pmin-v _rmin|≤ò _v.Wherein, v _pmaxand v _pminbe respectively R _pmiddle maximum and minimum value, v _rmaxand v _rminbe respectively R _rmiddle maximum and minimum value, R _pfor the approximate query result data item set that base station is returned, R _rfor meeting the accurate data query item set of querying condition.Data item number error amount ò _ndo not meet the data item number upper limit of querying condition in returning results for inquiry, || R _p|-| R _r||≤ _n.Wherein, R _pfor the approximate query result data item set that base station is returned, R _rfor meeting the accurate data query item set of querying condition.

On this basis, the inventor finds to use wide histogram dividing mode can control approximate query result data values error amount ò _vso wide histogram dividing mode is suitable for the range query type more.When query type T is range query, parameter sets P is range query parameter [a, b].The PGAQ method is calculated the minimum histogram that covers [a, b] and is divided set, and all these histograms that fall into are divided to the result set of the data item of set as approximate query, returns to the user.

On the other hand, the inventor also finds to use the equi-depth histogram dividing mode can control approximate query result data item number error amount ò _n.As if statistics distribution function f (x) is normal distribution

number of partitions h is 7, and the schematic diagram that equi-depth histogram is divided as shown in Figure 2.Because the equi-depth histogram dividing mode can be controlled approximate query result data item number error amount ò _nso, wait the histogram dividing mode more to be suitable for the Top-k query type.When query type T is the Top-k inquiry, parameter sets P is Top-k query argument k.The PGAQ method is calculated the data item number that falls into the highest (low) demarcation interval and is greater than the minimum demarcation interval set that (being less than) equals k, and all these histograms that fall into are divided to the result set of the data item of set as approximate query, returns to the user.

In order to take into account Query Result data value error and data item number error, histogram can adopt the mixing dividing mode.As if statistics distribution function f (x) is normal distribution

number of partitions h is 9, and the schematic diagram that the histogram mixing is divided as shown in Figure 3.Wherein, H ₁=H ₂=H ₈=H ₉,

\underset{x &Element; H_{3}}{&Integral;} f (x) = \underset{x &Element; H_{4}}{&Integral;} f (x) = \underset{x &Element; H_{5}}{&Integral;} f (x) = \underset{x &Element; H_{6}}{&Integral;} f (x) = \underset{x &Element; H_{7}}{&Integral;} f (x) .

Falling into the intensive regional H of data item _conadopt the dividing mode of equi-depth histogram.At regional H _coninside have

due at regional H _conin can control approximate query result data item number error amount ò _n, simultaneously, due to regional H _coninside fall into the data item comparatively dense, the demarcation interval that the dividing mode of use equi-depth histogram obtains is narrower, makes the data value error less, has taken into account Query Result data value error.On the other hand, falling into the sparse regional H of data item _sparadopt wide histogrammic dividing mode, at regional H _sparinside have

due at regional H _sparin can control approximate query result data values error amount ò _v, simultaneously, due to regional H _sparinside fall into data item more sparse, use wide histogram dividing mode will make to fall into the data item number of each demarcation interval less, make data item number error less, taken into account Query Result data item number error.

In sensor network, for the attack of private data, can be divided into external attack and internal attack two kinds of attack model.Because sensor network adopts radio communication, when data are transmitted between node, the assailant may eavesdrop and obtain sensitive data by link layer, and this attack mode is called external attack.While being internaled attack, the assailant becomes the participant of network by capturing or copy the means such as sensor node, can obtain all data of capturing sensor node.The present invention is based on the previous sincerity of using of inventor but curious model (referring to the paper " can verify secret protection Top-k vlan query protocol VLAN in two-layer sensor network " of Fan Yongjian, Chen Hong; be published in " Chinese journal of computers " the 35th the 3rd phase of volume in 2012); the assailant is by record or infer that sensitive data carries out steal information; but it is abided by the agreement and altered data not, only destroy the privacy of data but do not destroy the integrality of data.On this basis, the hypothesize attack person adopts two kinds of attack patterns to steal sensitive information: (1) is used the external attack pattern, when data are transmitted between node, by link layer, eavesdrops and obtains sensitive data; (2) use and to internal attack pattern, capture after sensor node by record or infer that sensitive data carries out steal information.The corresponding Security Target of the present invention is: sincere but, under curious model, the PGAQ method can be tackled external attack and internal attack the attack of two kinds of patterns, in the situation that do not leak the privacy information usage data, has assembled general approximate Aggregation Query.Specifically, general approximate query Q in sensor network _g=G, and t, T, P, while correctly carrying out, if the assailant can not obtain following sensitive information, inquire about Q _gmeet the requirement of privacy: (1) query region G inner sensor node s _i(i=1,2 ..., n) acquired data values v _i,t; (2) histogram information that comprises the image data statistical information; (3) sensor node numbering corresponding to Query Result data.

For this reason, the present invention considers that the assailant can carry out by capturing two kinds of attack patterns of external attack of internaling attack and passing through the eavesdropping link layer of aggregation node.Through further investigation, in the situation that the hypothesis aggregation node can not obtain the shared key of sensor node and base station, the F-PGAQ pattern can meet the requirement of general approximate query privacy in sensor network.Be described as follows: in the system initialisation phase of F-PGAQ pattern, the reference vector that base station is corresponding to each sensor node, use the shared secret key encryption of itself and sensor node, be issued to sensor node, because the hypothesis aggregation node can not obtain the shared key of sensor node and base station, aggregation node can not obtain with reference to vector.Leaf node is by image data information and node serial number Information hiding in response vector and be uploaded to aggregation node, and aggregation node is not known with reference to vector, so can not derive image data information and node ID information.Simultaneously, because the data of transmitting in wireless link are response vector, so external attacker can not obtain above-mentioned sensitive information.

On the other hand, no matter whether aggregation node can obtain the shared key of sensor node and base station, and the H-PGAQ pattern can meet the requirement of general approximate query privacy in sensor network.Be described as follows: on the basis of F-PGAQ pattern, H-PGAQ pattern using disturbance of data technology and single channel hash function.As the above analysis, in the situation that aggregation node can not obtain the shared key of sensor node and base station, the F-PGAQ pattern meets general approximate query privacy in sensor network.When aggregation node can obtain sensor node and the shared key in base station, aggregation node can be known with reference to vector, but, owing to comprising the noisy data that the single channel hash function was processed in response vector in the H-PGAQ pattern, aggregation node can not obtain above-mentioned sensitive information equally.

In addition, utilize PGAQ method provided by the invention, in system initialisation phase, base station is used the delivering key shared with sensor node with reference to vector, each sensor node of m can not obtain the reference vector of other sensor nodes, even therefore know that the response vector of other sensor nodes can not obtain other sensor node True Datas by collusion (ganging up).

Aspect energy consumption, the energy consumption of sensor network is affected by system parameters mainly.In the PGAQ method, the response vector that leaf node is m to aggregation node transmission length, aggregation node is the gathering of suing for peace of the response vector of all child nodes of receiving, and adds this nodal information to generate the response vector that this node length is m, uploads and participate in the gathering of father node.So, in the PGAQ method, assemble the vector that length is m that is of uploading in routing tree.Below by emulated data, the energy consumption relation of system parameters and sensor network is tested and analyzed.

The cost of PGAQ method provided by the invention can be divided into following two parts: in system initialisation phase, transmission encrypt with reference to vector sum interval division cost; Be mainly the sensor node image data in inquiry phase, generate the cost of assembling response vector and transmission response vector.Wherein the network system performance is affected by the inquiry phase cost mainly.For sensor node, communication energy consumption is much larger than calculating energy consumption, and the usage data traffic of the present invention is estimated the validity of algorithm.

The present invention uses and discloses obtainable True Data collection LUCE dataset, on the OMNeT++ platform, the PGAQ method is tested.LUCE dataset data set is the 11 dimension attribute data such as the ambient temperature that gathers of 2006 and 2007, soil moisture, and environment for use temperature data of the present invention is tested, and the experimental data codomain of use is [20,30].In one embodiment of the invention, use the node location data in LUCE dataset, according to scale, be divided into 3 groups of experiments.450 * 300 hypothesis sensor node effective propagation paths are 60 meters, use the TAG algorithm to set up route.The 1st group of experiment, 20 sensor nodes are distributed in 200 * 200 square metres of rectangular areas, and sensor node on average needs 2.5 jumpings to unit header node transmission data, and each sensor node on average has 4.5 neighbor nodes; The 2nd group of experiment, 50 sensor nodes are distributed in 350 * 250 square metres of rectangular areas, and sensor node on average needs 2.9 jumpings to unit header node transmission data, and each sensor node on average has 6.4 neighbor nodes; The 3rd group of experiment, 88 sensor nodes are distributed in square metre rectangular area, and sensor node on average needs 3.1 jumpings to unit header node transmission data, and each sensor node on average has 11.1 neighbor nodes.

Fig. 4 has shown that the PGAQ method is in system initialisation phase, in the experiment of 3 groups of heterogeneous networks scales, and the traffic that base station needs to the sensor node transmitting encrypted data.In above-mentioned experiment, the present invention uses 16 keys to be encrypted.

In order to investigate PGAQ method traffic when inquiring about, the present invention compares H-PGAQ pattern, F-PGAQ pattern and KIPDA, end-to-end (end to end) encipherment scheme.In network size in different 3 groups of experiments, investigated respectively the wheel number of the number of interval division and image data to query communication amount C _qimpact.For ease of describing, data are taken turns in 1 chronomere's sensor node collection 1 of this experimental hypothesis, in polling cycle t, gather t wheel data.What this experiment adopted equals the net internal segment n that counts with reference to vector length m, to guarantee that base station can go out system of linear equations by Exact Solutions, obtains histogram information.Establishing parameter k in KIPDA in this experiment is 5.

Fig. 5, Fig. 7 and Fig. 9 have shown that respectively at polling cycle t be while being 100 times (be image data wheel number) at 100 o'clock, and interval division is counted the impact of h on the sensor node continuous data transfer traffic.Can find out: the traffic of KIPDA and H-PGAQ pattern is higher than the traffic of F-PGAQ pattern, and KIPDA is a little more than the H-PGAQ pattern, this be because the F-PGAQ pattern using filter mechanism, reduced the traffic.In the 1st group of experiment, the end-to-end scheme traffic is lower than KIPDA and H-PGAQ pattern, higher than the F-PGAQ pattern.In the 2nd group and the 3rd group experiment, the end-to-end scheme traffic is lower than KIPDA and H-PGAQ pattern, and the traffic curve of F-PGAQ pattern has intersection, and the 2nd group of crosspoint is near h=175, and the 3rd group of crosspoint is near h=100.It is very little on KIPDA and the impact of H-PGAQ pattern that interval division is counted h, and the traffic of F-PGAQ pattern increases with h, this is because interval division is counted the width that h has determined F-PGAQ middle filtrator window, it is larger that interval division is counted h, F-PGAQ pattern middle filtrator window is narrower, the traffic is larger, inquires about precision higher simultaneously.Data value error amount ò _vwith the pass of wide histogram number of partitions h be ò _v=(v _max-v _min)/h.Figure 11 has shown that interval division is counted the relation of h and data value error threshold when the image data codomain is [20,30].

Fig. 6, Fig. 8 and Figure 10 have shown that respectively counting h in interval division is at 100 o'clock, and image data wheel number t(is polling cycle t) on the impact of the sensor node continuous data transfer traffic.Can find out: the traffic is followed successively by from high to low: KIPDA, H-PGAQ pattern, end-to-end scheme and F-PGAQ pattern.KIPDA is a little more than the H-PGAQ pattern.KIPDA, H-PGAQ pattern and the end-to-end scheme traffic be higher than the traffic of F-PGAQ pattern, same because F-PGAQ pattern using filter mechanism, reduced the traffic.KIPDA, H-PGAQ pattern, end-to-end scheme and F-PGAQ pattern all increase with image data wheel number, because KIPDA, H-PGAQ pattern and end-to-end scheme are not used strobe utility, so increase and substantially be linear growth with image data wheel number.

As can be seen from the above analysis, H-PGAQ pattern using disturbance of data technology and single channel hash function, even aggregation node can obtain sensor node and base station shared key like this, can decipher and obtain the reference vector that base station issues, aggregation node can not calculate perception data, strengthened Information Security, but the H-PGAQ pattern needs all the sensors node uploading data, during continuous-query, communication cost is higher.F-PGAQ pattern hypothesis aggregation node can not obtain the shared key of sensor node and base station, uses and carries out secret protection with reference to vector.F-PGAQ pattern using filter reduces the continuous-query traffic, histogram is divided as the filter window, if the epicycle image data with on take turns image data and fall into same histogram division, do not need uploading data.By theory analysis and experimental verification, the F-PGAQ pattern has significantly reduced the traffic and energy consumption.

On the other hand, aspect network size, the PGAQ method can more easily adapt to the expansion of network size.In the PGAQ method, base station is each sensor node s in net _i(i=1,2 ..., n) distribute different reference vector (a _1i, a _2i..., a _mi) ^t, base station need to produce m * n with reference to matrix G, and n need to be not less than net inner sensor node number.When the sensor network scale need to be expanded, base station is that newly-increased sensor node generates accordingly with reference to the vector sum perturbation vector, and after using base station and the shared secret key encryption of sensor node, be issued to newly-increased sensor node, what will newly produce adds with reference to matrix with reference to vector simultaneously, other sensor nodes with reference to the vector sum perturbation vector, do not need to change.Like this, after generating new gathering route, the PGAQ method can be carried out on the network after expansibility of network size.

The above has been described in detail the general approximate enquiring method of sensor network secret protection provided by the present invention.For one of ordinary skill in the art, any apparent change of under the prerequisite that does not deviate from connotation of the present invention, it being done, all will form infringement of patent right of the present invention, will bear corresponding legal liabilities.

Claims

1. the general approximate enquiring method of secret protection of a facing sensing device network, be used in the similar sensor network of node, it is characterized in that comprising the steps:

2. the general approximate enquiring method of secret protection as claimed in claim 1 is characterized in that:

Described step (1) in, described base station for each sensor node produce unique random vector as with reference to the vector, be issued to corresponding sensor node after encryption; Described sensor node is used image data and with reference to vector, and the calculated response vector is hidden in the numbering of sensor node and image data among response vector, according to tree-shaped route, described response vector is uploaded to the father node as aggregation node.

3. the general approximate enquiring method of secret protection as claimed in claim 1 is characterized in that:

Described step (2) in, described aggregation node is used the summation aggregate function to be assembled all data of receiving.

4. the general approximate enquiring method of secret protection as claimed in claim 1 is characterized in that:

Described step (3) in, the response vector structure system of linear equations after assembling is used in described base station, solve linear equations obtains the data interval that the image data of each sensor node falls into, and then obtains the numbering with the histogram of global statistics information and corresponding sensor node.

5. the general approximate enquiring method of secret protection as claimed in claim 1 is characterized in that:

Described step (4) in, come balance inquiry precision and energy consumption by regulating described histogrammic granularity of division.

6. the general approximate enquiring method of secret protection as claimed in claim 5 is characterized in that:

Use wide histogram dividing mode to control approximate query result data values error amount.

7. the general approximate enquiring method of secret protection as claimed in claim 5 is characterized in that:

Use the equi-depth histogram dividing mode to control approximate query result data item number error amount.

8. the general approximate enquiring method of secret protection as claimed in claim 1 is characterized in that:

The general approximate enquiring method of described secret protection has the H-PGAQ pattern;

9. the general approximate enquiring method of secret protection as claimed in claim 1 is characterized in that:

The general approximate enquiring method of described secret protection has the F-PGAQ pattern;

10. the general approximate enquiring method of secret protection as claimed in claim 1 is characterized in that:

When the scale of sensor network need to be expanded, described base station is that newly-increased sensor node generates accordingly with reference to the vector sum perturbation vector, and after using base station and the shared secret key encryption of sensor node, be issued to newly-increased sensor node, what will newly produce adds with reference to matrix with reference to vector simultaneously, not the changing with reference to the vector sum perturbation vector of other sensor nodes.