CN106899937B - The home service range of secret protection inquires outsourcing method - Google Patents

The home service range of secret protection inquires outsourcing method Download PDF

Info

Publication number
CN106899937B
CN106899937B CN201710082804.4A CN201710082804A CN106899937B CN 106899937 B CN106899937 B CN 106899937B CN 201710082804 A CN201710082804 A CN 201710082804A CN 106899937 B CN106899937 B CN 106899937B
Authority
CN
China
Prior art keywords
hilbert
poi
poi data
sub
curve
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710082804.4A
Other languages
Chinese (zh)
Other versions
CN106899937A (en
Inventor
刘梦君
杨兵
丁永刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei University
Original Assignee
Hubei University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei University filed Critical Hubei University
Priority to CN201710082804.4A priority Critical patent/CN106899937B/en
Publication of CN106899937A publication Critical patent/CN106899937A/en
Application granted granted Critical
Publication of CN106899937B publication Critical patent/CN106899937B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/021Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/023Services making use of location information using mutual or relative location information between multiple location based services [LBS] targets or of distance thresholds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of home service ranges of secret protection to inquire outsourcing method; it include: step 1; location based service provider pre-processes POI data using Hilbert curve and Merkle Hash tree; the signature of POI data ciphertext collection and Merkle Hash tree tree root is obtained, and is sent to cloud service provider;Step 2, location based service provider pre-processes customer position information, obtains the Hilbert value range of customer position informationQ', and by Hilbert value rangeQ' it is sent to cloud service provider;Step 3, cloud service provider is by Hilbert value rangeQ' concentrate the Hilbert value of each POI data ciphertext to compare one by one with POI data ciphertext, it will be with Hilbert value rangeQ' included in the identical POI data ciphertext of Hilbert value return to user;Step 4, the integrality and correctness for the POI data ciphertext that user's checking returns.The method of the present invention can also reduce calculating and communication overhead, to improve efficiency while ensureing data privacy and query result integrality.

Description

The home service range of secret protection inquires outsourcing method
Technical field
The invention belongs to be based on field of location service technology, model is serviced more particularly to a kind of home of secret protection Enclose inquiry outsourcing method.
Background technique
Increasingly mature and mobile Internet with location technology is quickly popularized, and location-based service (Location- is based on Based Services, LBS) every aspect for covering people's life is had become, changing people's lives mode and habit It is used.LBS under typical LBS especially mobile environment refers to the global positioning system (GPS) that user uses mobile device to embed Current location information is obtained, oneself interested service nearby is then inquired to LBSP according to its location information, such as inquire attached The information such as close hospital, hotel, dining room, gas station.Industry has emerged in large numbers the application of large quantities of LBS, as Foursquare, Facebook, Meituan, opal film, Baidu's glutinous rice, public comment etc..And market research agency, Sweden Berg Insight is predicted Global LBS market scale, with 22.5% compound annual growth rate (CAGR), rises to 2020 for from 10,300,000,000 in 2014 Euros 34,800,000,000 Euros of year.It is contemplated that in the near future, LBS will obtain wider and deeper application.
In numerous inquiries based on location-based service, location-based range query seeks positional value in particular range Point of interest (Point Of Interest, POI) set.Specifically, in LBS application environment, a point of interest POI is usually It uses its position as a space attribute, and uses other many numerical attributes, such as food quality, price, the clothes in a restaurant Business, sanitary condition.We say that a POI meets range query condition and is, if a POI has some numerical attribute, and Space attribute is in current queries user query section.
With the fast development that LBS is applied, the especially rapid proliferation of mobile Internet in recent years, LBS data and service Scale also increasingly increases, so that LBS service is calculating and is storing upper demand sharp increase, it is this to increase to location-based service offer Quotient (Location-Based Service Provider, LBSP) limited operation resource constitutes huge challenge, fortunately It is that the rise of cloud computing technology provides possibility to cope with this challenge.Cloud platform because of it with powerful storage and efficiently Computing capability always by the high praise of industry, by the way that the LBS data of LBSP and service are outsourced to the powerful CSP of resource, allow CSP provides always online service for user, can not only reduce the management cost of data, can also provide for user more efficient Service, and have greatly deployment elasticity and scalability.This Outsourcing Model of LBS has been increasingly becoming mainstream in LBS application Service mode.
Although LBS Outsourcing Model reduces the operation cost of LBSP and can provide more efficient LBS for user.But by Insincere in CSP, LBS outsourcing application is also faced with many security risks.There are two typical problems in this, are outside LBSP first The safety problem for the POI data contracted out is its dimension since POI data is the private privileges that LBSP spends vast resources to obtain The capital of operation is held, if being leaked to cankered CSP, the interests of LBSP will be damaged.Further, since the position attribution of POI Request position related to user, POI space attribute plaintext is contracted out to CSP, and will to reveal user location in user query hidden It is private;The followed by authenticity questions of query result, since in LBS outsourcing application, the request of user is responded by CSP, CSP may be for the interests of its own, the query result for the user that distorts.
Since the leitungskern of LBS service is the query demand for meeting user, previous question essence be how In the case of not informing CSP LBS service initial data, carry out query demand with meeting privacy of the user on CSP, it is corresponding Studying a question is the cloud position searching ciphertext of location privacy protection, and is resolved in some work on hands;And it is latter How a the name of the game is in the integrality for allowing user to examine query result from the verification information that CSP is returned.To the two Problem is individual, this problem is equally also resolved in some work on hands.However, ought consider two aspect problems simultaneously When, work on hand cannot all solve the problems, such as simultaneously or efficiency is lower.
Summary of the invention
The object of the present invention is to provide a kind of home service ranges of secret protection to inquire outsourcing method, and the present invention can When not informing CSP LBS initial data, allow users to obtain correct query service data from CSP, simultaneously Ensure the data safety of LBSP and the query result integrality of user.
In order to achieve the above objectives, the home service range of secret protection provided by the invention inquires outsourcing method, packet Include step:
The home service range of secret protection inquires outsourcing method, comprising steps of
Step 1, location based service provider pre-processes POI data;
This step further comprises sub-step:
1.1 obtain entire area of space according to POI data collection, and further obtain the external square of minimum in overall space region Shape region;
1.2 by the minimum circumscribed rectangle region division be 4 sub- rectangular areas, which is denoted as the 1st layer Sub- rectangular area;According to preset construction rule, the central point of 4 sub- rectangular areas is sequentially connected with three line segments, is obtained Obtain the 1st layer of subtype curve;The construction rule includes starting point, direction, zoom factor and the order of Hilbert curve, is risen Point select 4 sub- rectangular areas one of central point, direction be it is clockwise or counterclockwise, starting point and direction are random Setting, zoom factor and order are customized according to practical security needs, and zoom factor and the bigger safety of order are stronger;
1.3 successively construct subtype curve, obtain Hilbert curve, specifically:
1.3a proceeds as follows m layers of each sub- rectangular area respectively, wherein the initial value of m is 1:
M layers of sub- rectangular area is divided into 4 sub- rectangular areas of (m+1) layer, it is regular according to preset construction, The central point of 4 sub- rectangular areas of (m+1) layer is sequentially connected with three articles of line segments, obtains m layers of the sub- rectangle region The subtype curve in domain;
For 1.3b along the trend of m layers of subtype curve, the subtype curve of each sub- rectangular area of m layers of connection obtains the (m+1) the subtype curve of layer;
1.3c enables m=m+1, repeats sub-step 1.3a~1.3c, until M layers of subtype curve is obtained, M layers The Hilbert curve of subtype curve, that is, final;M is the preset number of plies, rule of thumb value;
The 1.4 most boy rectangular area sequential encodings passed through along Hilbert curve to Hilbert curve, the coding are Hilbert value;
1.5 concentrate the position of each POI object to obtain the Hilbert value of each POI object according to POI data, i.e., by each POI pairs As the Hilbert value of the most boy rectangular area that position is fallen into encoded as the POI object;
1.6 according to Hilbert value from big to small to POI data ciphertext Ci' be ranked up, the POI data after being sorted Ciphertext collectionWherein, n is the sum that POI data concentrates POI object, Ci' the Hilbert value comprising i-th of POI object And ciphertext, the ciphertext are raw after being encrypted using location information and data content of the symmetric encipherment algorithm to i-th POI object At ciphertext;
POI data ciphertext collection after 1.7 pairs of sequencesMerkle Hash tree is constructed, specifically:
1.7a judge n whether the exponential for being 2, if so, execute sub-step 1.7b;Otherwise, sub-step 1.7c is executed;
1.7b construction depth is the binary tree of d, and there are mathematical relationship n=2 by d and nd;In binary tree, each leaf node pair Answer a POI data ciphertext Ci', and the sequence of Hilbert value from small to large is pressed by each POI data ciphertext Ci' sequentially it is assigned to each leaf Child node;The cryptographic Hash of leaf node passes through to POI data ciphertext Ci' carry out Hash operation acquisition, each non-leaf nodes Cryptographic Hash concatenated by the cryptographic Hash of its two direct child nodes;
1.7c construction depth is the binary tree of d', and there are mathematical relationship n'=2 by d' and n'd', n' is all 2 greater than n Minimum value in exponential;In binary tree, preceding n leaf node respectively corresponds a POI data ciphertext Ci', and press Hilbert value Sequence from small to large is by each POI data ciphertext Ci' sequentially it is assigned to preceding n leaf node;Other leaf nodes are redundancy leaf Node;The cryptographic Hash of each non-leaf nodes is concatenated by the cryptographic Hash of its two direct child nodes;
1.7d uses Ci' and TiThe cryptographic Hash for calculating tree root, tree root cryptographic Hash is signed, TiIt is used to test to be all Demonstrate,prove leaf node Ci' minimum intermediate node set;
1.8 by POI data ciphertext collectionCloud service provider is sent to signature;
Step 2, location based service provider pre-processes customer position information;
This step specifically:
All most boy squares in the regional scope Q of inquiry required for determining user according to customer position information, regional scope Q The coding in shape region constitutes Hilbert value range Q', and Hilbert value range Q' is sent to cloud service provider;
Step 3, cloud service provider is by Hilbert value range Q' and POI data ciphertext collectionIn each POI data it is close Text Hilbert value compare one by one, will with the identical POI data ciphertext of Hilbert value included in Hilbert value range Q' with And for recovering the minimum intermediate node set of signature, signing and return to user;
Step 4, in the Hilbert value and Hilbert value range Q' of the POI data ciphertext that user's checking returns Hilbert value quantity with it is numerically whether consistent, if inconsistent, abandon this return data;If consistent, using return POI data ciphertext and minimum intermediate node set recover the signature of tree root, and verifying and the signature of location based service provider are It is no consistent, if unanimously, this POI data ciphertext returned is decrypted, otherwise, abandon the data of this return.
It is 4 sub- rectangular areas by the minimum circumscribed rectangle region division in sub-step 1.2, specifically:
Using the minimum circumscribed rectangle regional center point two orthogonal straight lines, by the minimum circumscribed rectangle area Domain is divided into 4 sub- rectangular areas.
Compared to the prior art, the invention has the advantages that and the utility model has the advantages that
While ensureing data privacy and query result integrality, it can also reduce calculating and communication overhead, to mention High efficiency.
Detailed description of the invention
Fig. 1 is present system model structure schematic diagram;
Fig. 2 is the organigram of Hilbert curve in embodiment;
Fig. 3 is the Merkle Hash tree schematic diagram constructed in embodiment;
Fig. 4 is the schematic diagram for the regional scope inquired required for being determined according to customer position information;
Fig. 5 is the distribution schematic diagram of 6 POI data collection used by embodiment;
Fig. 6 is the computing cost comparison diagram of the method for the present invention and existing method at the end PC;
Fig. 7 is the computing cost comparison diagram of the method for the present invention and existing method in mobile phone terminal;
Fig. 8 is the communication overhead comparison diagram of the method for the present invention and existing method.
Specific embodiment
The definition of model involved in the present invention He the problem of being solved will be first provided below.
One, system model
Consider that one possesses point of interest POI data collection and provides the location based service provider of location-based service to mobile subscriber LBSP.In order to reduce its operation and storage overhead, location based service provider LBSP is by his POI data collection and location-based Query service is contracted out to third party cloud service provider CSP, then provides location-based inquiry clothes from CSP to mobile subscriber Business, system model are shown in Fig. 1.
Two, security model
CSP is honest and curiosity (Honest-But-Curious, HBC), it can be in strict accordance in instruction execution system Operation, but data that can be contacted from it maximize the private information of snooping user and LBSP, and CSP only knows in the present invention The ciphertext data of LBSP outsourcing and the index constructed according to index construct algorithm belong to known ciphertext model.
Three, problem describes
The problem to be solved in the present invention includes the safe and associated with it user location privacy of outsourcing POI data, and is used Two aspect of family query result integrity verification.In order to guarantee the data safety of outsourcing POI, LBSP is needed in advance to POI data Confidentiality and integrity processing is carried out, but needs to guarantee that CSP can effectively retrieve POI after handling, it is contemplated that in LBS, Yong Hushi Range query is carried out according to the position of POI, and location privacy of the location information concerning user, it cannot be exposed to CSP, needed Carry out the position that protection POI is carried out when POI data outsourcing;Then, CSP to user return POI query service result when for The interests of itself may distort the query result of user, and LBSP is how in outsourcing processing, to prevent CSP from distorting user's Query result.
The present invention is by solving above-mentioned putd question to based on hibert curve (Hilbert curve) and Merkle Hash tree Topic, below will be described in detail the specific implementation process of the method for the present invention.
1, the pretreatment of outsourcing POI data
To guarantee safety of the POI data on CSP, LBSP must pre-process original POI data.Pretreated purpose Be protection POI data location information simultaneously, can make CSP to the range retrieval of POI to provide service for user.
POI object DOiIt is spatial data object, there is two-dimensional position loc (xi,yi), DOiIndicate that POI data concentrates i-th A POI object, xiIt is DOiAbscissa, yiIt is DOiOrdinate.Since in LBS, position is sensitivity for users, no It can be obtained by CSP, therefore the location information of POI cannot be directly contracted out to CSP, and need to convert it, and in order to Guarantee CSP can to location information by conversion after POI inquire, it is necessary to allow the adjacent POI in space by conversion after according to So there is propinquity.
Hilbert curve has above-mentioned characteristic, therefore the present invention carries out outsourcing POI location information using Hilbert curve Encryption illustrates Hilbert curve is how to be formed and carry out privacy coding to area of space below in conjunction with small.
Firstly, obtaining overall space region according to POI data collection, and the minimum for further obtaining overall space region is external Rectangular area.
Then, it is 4 sub- rectangular areas by the minimum circumscribed rectangle region division, which is denoted as the 1st The sub- rectangular area of layer;According to preset construction rule, the central point of 4 sub- rectangular areas is sequentially connected with three line segments It connects, obtains the 1st layer of subtype curve, see Fig. 2 (a).The construction rule includes the starting point of Hilbert curve, direction, scaling The factor and order, starting point select one of the central point of 4 sub- rectangular areas, and direction can be clockwise or square counterclockwise To.
The division of 4 sub- rectangular areas specifically:
Using the minimum circumscribed rectangle regional center point two orthogonal straight lines, by the minimum circumscribed rectangle area Domain is divided into 4 sub- rectangular areas.
Then, subtype curve is successively constructed, Hilbert curve is obtained, reference can be made to Fig. 2 (b) and Fig. 2 (c).
This step specifically:
(a) m layers of each sub- rectangular area is proceeded as follows respectively, wherein the initial value of m takes 1:
M layers of sub- rectangular area is divided into 4 sub- rectangular areas of (m+1) layer, it is regular according to preset construction, The central point of 4 sub- rectangular areas of (m+1) layer is sequentially connected with three articles of line segments, obtains m layers of the sub- rectangle region The subtype curve in domain;
(b) along the trend of m layers of subtype curve, the subtype curve of each sub- rectangular area of m layers of connection obtains (m + 1) the subtype curve of layer;
(c) m=m+1 is enabled, sub-step (a)~(b) is repeated, until obtaining M layers of subtype curve, M layers of son The Hilbert curve of type curve, that is, final;M is the preset number of plies, rule of thumb value.
Finally, along the most boy rectangular area sequential encoding that Hilbert curve passes through Hilbert curve, the coding That is Hilbert value thereby realizes and converts one-dimensional value for two-dimensional space.
For ease of understanding, the mathematical sense of Hilbert curve will be described below.
IfFor the N rank Hilbert curve under two-dimensional space, formula (1) is seen in wherein N >=1:
H=f (x, y) (1)
Wherein, H indicates position loc (x, y) corresponding Hilbert value, H ∈ [0,22N-1];F indicates an one-way function, should Function is used to indicate mapping relations between loc (x, y) and Hilbert value, x and y be respectively position loc (x, y) abscissa and Ordinate.
It realizes two-dimentional integer space [0,22N-1]2It is transformed into one-dimensional set of integers [0,22N-1], one-way function f with Parameter (the S of Hilbert curve0, θ, N, Γ) and related, S0Indicate the initial point position of Hilbert curve, θ indicates that Hilbert is bent The direction of line, N indicate that Hilbert order of a curve number, Γ indicate the zoom factor of Hilbert curve.These parameters can all influence The calculated result of function f, that is, Hilbert value, therefore these parameters together constitute the key HSK, HSK=of Hilbert curve encryption (S0,θ,N,Γ).CSP or attacker be not in the case where knowing decruption key, it is impossible to release its generation by Hilbert value is counter The location information of table.LBSP selects the Hilbert value of suitable Hilbert parameter of curve calculating outsourcing POI, Hilbert curve Parameter is customized according to practical security needs, and N and the bigger safety of Γ are stronger, and θ is random.
POI data is denoted as Cj=< Hj, Encek(DOHj 1||...||DOHj k) >, wherein CjExpression Hilbert value is Hj's All POI datas;HjIndicate j-th of Hilbert value;One Hilbert value may correspond to multiple POI objects, by Hilbert value For HjPOI object be denoted as DOHj, DOHjLocation information and data content comprising POI object;By this multiple POI object DOHjFrom 1 is numbered to k, i.e. DOHj 1、…DOHj k, separately including Hilbert value is HjThe 1st ... the location information of k POI object And data content;Encek(DOHj 1||...||DOHj k) indicate to be H to Hilbert valuejPOI object use symmetric encipherment algorithm The ciphertext that (such as aes algorithm) generates after being encrypted indicates character splicing.
To construct Merkle Hash tree, LBSP is according to Hilbert value from big to small to POI data ciphertext Ci' be ranked up, POI data ciphertext collection after being sortedCi' it is using symmetric encipherment algorithm to i-th of POI object DOiPosition letter The ciphertext that breath and data content generate after being encrypted;I indicates POI object number, and POI object number and Hilbert value are compiled Number relationship be denoted as i=HIDj, indicate the POI object DO that number is ii, Hilbert value number is j;N is POI data concentration The sum of POI object.Then, by POI data ciphertext collectionIt is configured to a Merkle Hash tree, allows user high Effect ground revene lookup result integrality.Specifically:
Assuming that meeting n=2 for some positive integer d, POI object sum nd, location based service provider LBSP construction depth For the binary tree of d, in this binary tree, each leaf node corresponds to a POI data ciphertext Ci, and each n omicronn-leaf The cryptographic Hash of child node is concatenated by the cryptographic Hash of its two direct child nodes.The present invention uses an auxiliary set T simultaneouslyiMake For with leaf node CiThe non-leaf nodes set for calculating Merkle Hash tree tree root together, defines TiIt is used to verify to be all Leaf node CiMinimum intermediate node set.Fig. 3 gives the simply example of a n=6, since 6 be not 2 any power Number, then add redundancy leaf node, so that leaf node sum is 8.In the figure, C indicates POI data ciphertext, according to Hilbert Value arranges POI data ciphertext from small to large;H indicates cryptographic Hash, hiIt indicates to CiCarry out the resulting cryptographic Hash of Hash operation, h0-1Table Show to h0And h1Spliced cryptographic Hash, h2-3It indicates to h2And h3Spliced cryptographic Hash, h4-5It indicates to h4And h5It is spliced Cryptographic Hash, h6-7It indicates to h6And h7Spliced cryptographic Hash;h0-3It indicates to junior h0-1And h2-3Spliced cryptographic Hash, h4-7Table Show to junior h4-5And h6-7Spliced cryptographic Hash, h0-7It indicates to junior h0-3And h4-7Spliced cryptographic Hash.In this figure In, there is the POI data ciphertext C of return3With auxiliary set T3={ h2,h0-1,h4-7, public affairs can be used in the cryptographic Hash root of tree root Formula (2) calculates:
Root=H (H (h0-1||H(h2||H(C3)))||h4-7) (2)
In formula (2), | | indicate character splicing;H () indicates Hash operation.
If n is not 2 any exponential, when constructing Merkle Hash tree, need to add redundancy leaf node, so that leaf The exponential that node total number is 2.
The cryptographic Hash of tree root is signed { H (root) } by location based service provider LBSPK-1, wherein { }K-1Expression makes The signature that the private key K-1 described in subscript is calculated, private key K-1 are obtained in the user's registration stage.
Finally, LBSP is by POI data ciphertext collectionCSP is issued with signature, CSP uses POI data ciphertext collection It calculates all for constructing the median of Merkle Hash tree.
2, range query is requested
It is assumed that user issues location-based service inquiry request to CSP in position loc (x, y), then the position letter to user is needed Breath is pre-processed.Firstly, the regional scope Q=[loc of inquiry required for determining it according to customer position informationld,locru], See Fig. 4.locldAnd locruFor two boundary bits of the regional scope Q (being abbreviated as " query context Q " hereinafter) of required inquiry It sets, any position loc in query contextpAll meet locld.x≤locp.x≤locruAnd loc .xld.y≤locp.y≤ locru.y, locldAnd loc .xld.y boundary position loc is indicatedldAbscissa and ordinate, locruAnd loc .xru.y side is indicated Boundary position locruAbscissa and ordinate, locpAnd loc .xp.y any position loc is indicatedpAbscissa and ordinate.It determines After query context Q, two-dimensional range query Q is converted to one-dimensional Hilbert value using Hilbert Curve transform key HSK Inquire Q'.See Fig. 4, in the present embodiment, the Hilbert value inquiry after range query Q is converted is 8,11,12,13, i.e. Q'= {8,11,12,13}.Loc information therein is replaced finally, Q' is put into inquiry request Query.
3, query processing
The corresponding Hilbert value of query context Q is inquired the POI data ciphertext collection of Q' and LBSP outsourcing by CSPIn The Hilbert value of each POI data ciphertext is compared one by one, by the identical POI data of Hilbert value included in all and Q' Ciphertext returns to user.In addition, CSP also returns to all auxiliary set that can be used to auxiliary and recover signatureWith And LBSP is to the signing messages { H (root) } of Merkle Hash tree root rootK-1
4, query result is verified
Once receiving the query result of CSP return, user's authenticity of revene lookup result and correct with the following method Property.
Firstly, whether the Hilbert value for the POI data ciphertext that user's checking returns inquires in Q' with Hilbert value Hilbert value is consistent in quantity and numerically;Then, using the POI data ciphertext of return and auxiliary set verifying LBSP It is whether correct to the signature of the root root of Hash tree.If correct, then it is assumed that CSP returns complete query result, otherwise looks into It is imperfect to ask result.
Embodiment
Beneficial effects of the present invention are further illustrated below in conjunction with embodiment.
In the present embodiment, hash function uses SHA-1, and symmetric encipherment algorithm uses AES-128, processor Interl (R) Core (TM) i5-2320CPU 3.00GHZ, inside saves as 4.0GB, operating system win7, the development language used for JAVA, exploitation environment are JDK1.7 and eclipse3.6, and smart phone is millet 5:Valiant dragonTM820 4 cores 2.15GHz processor;3GB RAM;64GB ROM.
The data set used is common data set in location-based service research, including 4 real data sets and 2 Simulated data sets.Real data set is obtained from official website, University of Utah, including following four true road network POI datas Collection: OldenBurg (OL:6105 POI data), City of San Joaquin County (TG:18263 POI data), San Francisco (SF:174956 POI data), North America (NA:175813 POI data);Analogue data Collection is that the spatial data generator SpatialDataGenerators provided by the website chorochronos is automatically generated, including The equally distributed data set UN and skewed data set SK being made of 4 Gaussian Profiles, the data scale of data set UN and SK It is all 100000, wherein UN is to be uniformly distributed, and SK is made of 4 Guass distributed data collection, wherein the central point of Guass distribution To be randomly selected, the data scale of each distribution is 25000.The corresponding distribution of 6 data sets is as shown in figure 5, these are true Data and analogue data have corresponded to location-based service outsourcing application scenarios well.
The general parameter setting of Hilbert curve is shown in Table 1 in the present embodiment, to make each POI spatial object in data set Hilbert value is unique, and curve order used in each data set is shown in Table 2 in the present embodiment, under response curve order, each data It is all unique for concentrating the Hilbert value of POI spatial object.
The general parameter of table 1Hilbert curve
Curve order used in each data set of table 2
Fig. 6 and Fig. 7 indicates that in same experiment parameter, scheme [1], scheme [2], the present invention program compare a logarithm It is worth the computing cost at the end PC and mobile phone terminal, as seen from the figure, the computing cost of the present invention program is less than scheme [1] and scheme [2]. Again since the present invention program pertains only to HMAC and hash operation, it is not related to complicated Montgomery Algorithm and large number multiplication, therefore with The computing cost growth of the increase of element digit, this present invention program is unobvious, and computing cost growth rate, which is much smaller than, is related to mould power The scheme [1] and scheme [2] of operation.
Fig. 8 shows in same experiment parameter, scheme [1], scheme [2], the present invention program compare a logarithm Communication overhead.As seen from the figure, the communication overhead of the present invention program is less than scheme [1], scheme [2].Due to leading to for the present invention program Letter relates only to the transmission of Bloom filter, and scheme [1] and scheme [2] are relatively required to transmission 2 in numerical value in the processλIt is a whole Number, while scheme [2] further relates to Oblivious Transfer, therefore with the increase of λ, scheme [1], scheme [2] communication overhead increase bright Aobvious, in order to keep the error of Bloom filter minimum, the digit of Bloom filter of the present invention can also increase as λ increases, and lead to Letter expense also can accordingly increase, but growth rate is smaller than scheme [1] and scheme [2].
By Fig. 6~Fig. 8 analysis it is found that the calculation amount and the traffic of the present invention program are all smaller, fully can accurately match, Therefore, the present invention program is more suitably applied to the limited intelligent terminal of resource.
Above scheme [1] and scheme [2] refer to documented technical solution in following documents [1] and [2]:
[1]Yao AC.Protocols for secure computations[C]//Foundations of Computer Science,1982.SFCS'08.23rd Annual Symposium on.IEEE,1982:160-164.
[2] efficient solutions [J] electronic letters, vol of Li Shundong, Dai Yiqi, You Qiyou Yao Shi millionaires' problem, 2005,33(5):769-773.

Claims (1)

1. the home service range of secret protection inquires outsourcing method, characterized in that comprising steps of
Step 1, location based service provider pre-processes POI data, and POI indicates point of interest;
This step further comprises sub-step:
1.1 obtain entire area of space according to POI data collection, and further obtain the minimum circumscribed rectangle area in overall space region Domain;
1.2 by the minimum circumscribed rectangle region division be 4 sub- rectangular areas, which is denoted as the 1st layer of sub- square Shape region;According to preset construction rule, the central point of 4 sub- rectangular areas is sequentially connected with three line segments, obtains the 1st The subtype curve of layer;The construction rule includes starting point, direction, zoom factor and the order of Hilbert curve, starting point selection One of the central point of 4 sub- rectangular areas, direction be it is clockwise or counterclockwise, starting point and direction are randomly provided, Zoom factor and order are customized according to practical security needs, and zoom factor and the bigger safety of order are stronger;
It is 4 sub- rectangular areas by the minimum circumscribed rectangle region division in sub-step 1.2, specifically:
Using the minimum circumscribed rectangle regional center point two orthogonal straight lines, by the minimum circumscribed rectangle region draw It is divided into 4 sub- rectangular areas;
1.3 successively construct subtype curve, obtain Hilbert curve, specifically:
1.3a proceeds as follows m layers of each sub- rectangular area respectively, wherein the initial value of m is 1:
M layers of sub- rectangular area is divided into 4 sub- rectangular areas of (m+1) layer, according to preset construction rule, with three The central point of 4 sub- rectangular areas of (m+1) layer is sequentially connected with by article line segment, obtains m layers of the sub- rectangular area Subtype curve;
1.3b connects the subtype curve of m layers of each sub- rectangular area, obtains (m+1) along the trend of m layers of subtype curve The subtype curve of layer;
1.3c enables m=m+1, repeats sub-step 1.3a~1.3c, until obtaining M layers of subtype curve, M layers of subtype The Hilbert curve of curve, that is, final;M is the preset number of plies, rule of thumb value;
The 1.4 most boy rectangular area sequential encodings passed through along Hilbert curve to Hilbert curve, the coding are Hilbert value;
1.5 concentrate the position of each POI object to obtain the Hilbert value of each POI object according to POI data, i.e., by each POI object position Set Hilbert value of the coding of the most boy rectangular area fallen into as the POI object;
1.6 according to Hilbert value from big to small to POI data ciphertext Ci' be ranked up, the POI data ciphertext collection after being sortedWherein, n is the sum that POI data concentrates POI object, Ci' Hilbert value and ciphertext comprising i-th of POI object, The ciphertext be generated after being encrypted using location information and data content of the symmetric encipherment algorithm to i-th POI object it is close Text;
POI data ciphertext collection after 1.7 pairs of sequencesMerkle Hash tree is constructed, specifically:
1.7a judge n whether the exponential for being 2, if so, execute sub-step 1.7b;Otherwise, sub-step 1.7c is executed;
1.7b construction depth is the binary tree of d, and there are mathematical relationship n=2 by d and nd;In binary tree, each leaf node corresponding one A POI data ciphertext Ci', and the sequence of Hilbert value from small to large is pressed by each POI data ciphertext Ci' sequentially it is assigned to each leaf section Point;The cryptographic Hash of leaf node passes through to POI data ciphertext Ci' carry out Hash operation acquisition, the Kazakhstan of each non-leaf nodes Uncommon value is concatenated by the cryptographic Hash of its two direct child nodes;
1.7c construction depth is the binary tree of d', and there are mathematical relationship n'=2 by d' and n'd', n' is all 2 exponentials greater than n In minimum value;In binary tree, preceding n leaf node respectively corresponds a POI data ciphertext Ci', and by Hilbert value from small To big sequence by each POI data ciphertext Ci' sequentially it is assigned to preceding n leaf node;Other leaf nodes are redundancy leaf node; The cryptographic Hash of each non-leaf nodes is concatenated by the cryptographic Hash of its two direct child nodes;
1.7d uses Ci' and TiThe cryptographic Hash for calculating tree root, tree root cryptographic Hash is signed, TiVerifying leaf is used to be all Child node Ci' minimum intermediate node set;
1.8 by POI data ciphertext collectionCloud service provider is sent to signature;
Step 2, location based service provider pre-processes customer position information;
This step specifically:
All most boy rectangle regions in the regional scope Q of inquiry required for determining user according to customer position information, regional scope Q The coding in domain constitutes Hilbert value range Q', and Hilbert value range Q' is sent to cloud service provider;
Step 3, cloud service provider is by Hilbert value range Q' and POI data ciphertext collectionIn each POI data ciphertext Hilbert value compares one by one, will be with the identical POI data ciphertext of Hilbert value and use included in Hilbert value range Q' To recover the minimum intermediate node set of signature, sign and return to user;
Step 4, the Hilbert value and the Hilbert value in Hilbert value range Q' for the POI data ciphertext that user's checking returns Quantity with it is numerically whether consistent, if inconsistent, abandon this return data;It is close using the POI data of return if consistent Text and minimum intermediate node set recover the signature of tree root, and whether verifying is consistent with the signature of location based service provider, if Unanimously, then this POI data ciphertext returned is decrypted, otherwise, abandons the data of this return.
CN201710082804.4A 2017-02-16 2017-02-16 The home service range of secret protection inquires outsourcing method Active CN106899937B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710082804.4A CN106899937B (en) 2017-02-16 2017-02-16 The home service range of secret protection inquires outsourcing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710082804.4A CN106899937B (en) 2017-02-16 2017-02-16 The home service range of secret protection inquires outsourcing method

Publications (2)

Publication Number Publication Date
CN106899937A CN106899937A (en) 2017-06-27
CN106899937B true CN106899937B (en) 2019-10-25

Family

ID=59198189

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710082804.4A Active CN106899937B (en) 2017-02-16 2017-02-16 The home service range of secret protection inquires outsourcing method

Country Status (1)

Country Link
CN (1) CN106899937B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019104675A1 (en) * 2017-11-30 2019-06-06 深圳大学 Ciphertext search result verification method and system therefor
CN108260084B (en) * 2017-12-18 2020-01-07 西安电子科技大学 Privacy protection method based on return verification
CN111555861B (en) * 2020-04-30 2023-04-18 山东师范大学 Circular range query method and system in cloud environment based on position privacy protection

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7209758B1 (en) * 2004-06-25 2007-04-24 Sprint Spectrum L.P. Method and system for sharing and/or centralizing mobile positioning information and geospatial data for roaming mobile subscriber terminals
CN102349315A (en) * 2009-03-09 2012-02-08 微软公司 Device transaction model and services based on directional information of device
CN104079665A (en) * 2014-07-17 2014-10-01 百度在线网络技术(北京)有限公司 Geographic position sharing method between terminals, application server and terminals of application server
CN104219245A (en) * 2014-09-19 2014-12-17 西安电子科技大学 System and method for location based service-orientated user privacy protection
CN104750784A (en) * 2015-03-06 2015-07-01 西安交通大学 Merkle tree structure-based space inquiring integrity verification method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7062279B2 (en) * 2000-06-22 2006-06-13 Openwave Systems Inc. Anonymous positioning of a wireless unit for data network location-based services

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7209758B1 (en) * 2004-06-25 2007-04-24 Sprint Spectrum L.P. Method and system for sharing and/or centralizing mobile positioning information and geospatial data for roaming mobile subscriber terminals
CN102349315A (en) * 2009-03-09 2012-02-08 微软公司 Device transaction model and services based on directional information of device
CN104079665A (en) * 2014-07-17 2014-10-01 百度在线网络技术(北京)有限公司 Geographic position sharing method between terminals, application server and terminals of application server
CN104219245A (en) * 2014-09-19 2014-12-17 西安电子科技大学 System and method for location based service-orientated user privacy protection
CN104750784A (en) * 2015-03-06 2015-07-01 西安交通大学 Merkle tree structure-based space inquiring integrity verification method

Also Published As

Publication number Publication date
CN106899937A (en) 2017-06-27

Similar Documents

Publication Publication Date Title
Xu et al. ECBC: A high performance educational certificate blockchain with efficient query
Li et al. A searchable symmetric encryption scheme using blockchain
US8966273B2 (en) Lightweight group signature system and method with short signature
CN108701309A (en) A kind of distributed user profile authentication system for security of e-commerce transactions
CN102509030A (en) Anonymous preservation of a relationship and its application in account system management
CN106899937B (en) The home service range of secret protection inquires outsourcing method
CN105610910A (en) Cloud storage oriented ciphertext full-text search method and system based on full homomorphic ciphers
US11128479B2 (en) Method and apparatus for verification of social media information
CN103139761B (en) The method and communication terminal of a kind of information real-time show
Zhang et al. OAC-HAS: outsourced access control with hidden access structures in fog-enhanced IoT systems
CN104601586B (en) The outsourcing statistical method that a kind of disclosure can verify that
CN110134718A (en) A kind of support multiple key based on encryption attribute searches for method generally
Huang et al. Privacy-preserving spatio-temporal keyword search for outsourced location-based services
Liu et al. Offline/online attribute‐based encryption with verifiable outsourced decryption
CN112131471B (en) Method, device, equipment and medium for recommending relationship based on unowned undirected graph
Xu et al. PPSEB: a postquantum public-key searchable encryption scheme on blockchain for E-healthcare scenarios
Shao et al. Achieve efficient and verifiable conjunctive and fuzzy queries over encrypted data in cloud
CN108052834B (en) A kind of approximate shortest distance querying method towards close state graph structure
Zhang et al. New efficient constructions of verifiable data streaming with accountability
Zhang et al. Blockchain-assisted data sharing supports deduplication for cloud storage
CN105791283A (en) Circle range search method specific to encrypted spatial data
Sucharitha et al. Enhancing secure communication in the cloud through blockchain assisted-cp-dabe
Liu et al. Privacy-preserving data outsourcing with integrity auditing for lightweight devices in cloud computing
Yao et al. Topic-based rank search with verifiable social data outsourcing
Dewri et al. Mobile local search with noisy locations

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant