CN106899937B - The home service range of secret protection inquires outsourcing method - Google Patents
The home service range of secret protection inquires outsourcing method Download PDFInfo
- Publication number
- CN106899937B CN106899937B CN201710082804.4A CN201710082804A CN106899937B CN 106899937 B CN106899937 B CN 106899937B CN 201710082804 A CN201710082804 A CN 201710082804A CN 106899937 B CN106899937 B CN 106899937B
- Authority
- CN
- China
- Prior art keywords
- hilbert
- poi
- poi data
- sub
- curve
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/021—Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/52—Network services specially adapted for the location of the user terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/023—Services making use of location information using mutual or relative location information between multiple location based services [LBS] targets or of distance thresholds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of home service ranges of secret protection to inquire outsourcing method; it include: step 1; location based service provider pre-processes POI data using Hilbert curve and Merkle Hash tree; the signature of POI data ciphertext collection and Merkle Hash tree tree root is obtained, and is sent to cloud service provider;Step 2, location based service provider pre-processes customer position information, obtains the Hilbert value range of customer position informationQ', and by Hilbert value rangeQ' it is sent to cloud service provider;Step 3, cloud service provider is by Hilbert value rangeQ' concentrate the Hilbert value of each POI data ciphertext to compare one by one with POI data ciphertext, it will be with Hilbert value rangeQ' included in the identical POI data ciphertext of Hilbert value return to user;Step 4, the integrality and correctness for the POI data ciphertext that user's checking returns.The method of the present invention can also reduce calculating and communication overhead, to improve efficiency while ensureing data privacy and query result integrality.
Description
Technical field
The invention belongs to be based on field of location service technology, model is serviced more particularly to a kind of home of secret protection
Enclose inquiry outsourcing method.
Background technique
Increasingly mature and mobile Internet with location technology is quickly popularized, and location-based service (Location- is based on
Based Services, LBS) every aspect for covering people's life is had become, changing people's lives mode and habit
It is used.LBS under typical LBS especially mobile environment refers to the global positioning system (GPS) that user uses mobile device to embed
Current location information is obtained, oneself interested service nearby is then inquired to LBSP according to its location information, such as inquire attached
The information such as close hospital, hotel, dining room, gas station.Industry has emerged in large numbers the application of large quantities of LBS, as Foursquare,
Facebook, Meituan, opal film, Baidu's glutinous rice, public comment etc..And market research agency, Sweden Berg Insight is predicted
Global LBS market scale, with 22.5% compound annual growth rate (CAGR), rises to 2020 for from 10,300,000,000 in 2014 Euros
34,800,000,000 Euros of year.It is contemplated that in the near future, LBS will obtain wider and deeper application.
In numerous inquiries based on location-based service, location-based range query seeks positional value in particular range
Point of interest (Point Of Interest, POI) set.Specifically, in LBS application environment, a point of interest POI is usually
It uses its position as a space attribute, and uses other many numerical attributes, such as food quality, price, the clothes in a restaurant
Business, sanitary condition.We say that a POI meets range query condition and is, if a POI has some numerical attribute, and
Space attribute is in current queries user query section.
With the fast development that LBS is applied, the especially rapid proliferation of mobile Internet in recent years, LBS data and service
Scale also increasingly increases, so that LBS service is calculating and is storing upper demand sharp increase, it is this to increase to location-based service offer
Quotient (Location-Based Service Provider, LBSP) limited operation resource constitutes huge challenge, fortunately
It is that the rise of cloud computing technology provides possibility to cope with this challenge.Cloud platform because of it with powerful storage and efficiently
Computing capability always by the high praise of industry, by the way that the LBS data of LBSP and service are outsourced to the powerful CSP of resource, allow
CSP provides always online service for user, can not only reduce the management cost of data, can also provide for user more efficient
Service, and have greatly deployment elasticity and scalability.This Outsourcing Model of LBS has been increasingly becoming mainstream in LBS application
Service mode.
Although LBS Outsourcing Model reduces the operation cost of LBSP and can provide more efficient LBS for user.But by
Insincere in CSP, LBS outsourcing application is also faced with many security risks.There are two typical problems in this, are outside LBSP first
The safety problem for the POI data contracted out is its dimension since POI data is the private privileges that LBSP spends vast resources to obtain
The capital of operation is held, if being leaked to cankered CSP, the interests of LBSP will be damaged.Further, since the position attribution of POI
Request position related to user, POI space attribute plaintext is contracted out to CSP, and will to reveal user location in user query hidden
It is private;The followed by authenticity questions of query result, since in LBS outsourcing application, the request of user is responded by CSP,
CSP may be for the interests of its own, the query result for the user that distorts.
Since the leitungskern of LBS service is the query demand for meeting user, previous question essence be how
In the case of not informing CSP LBS service initial data, carry out query demand with meeting privacy of the user on CSP, it is corresponding
Studying a question is the cloud position searching ciphertext of location privacy protection, and is resolved in some work on hands;And it is latter
How a the name of the game is in the integrality for allowing user to examine query result from the verification information that CSP is returned.To the two
Problem is individual, this problem is equally also resolved in some work on hands.However, ought consider two aspect problems simultaneously
When, work on hand cannot all solve the problems, such as simultaneously or efficiency is lower.
Summary of the invention
The object of the present invention is to provide a kind of home service ranges of secret protection to inquire outsourcing method, and the present invention can
When not informing CSP LBS initial data, allow users to obtain correct query service data from CSP, simultaneously
Ensure the data safety of LBSP and the query result integrality of user.
In order to achieve the above objectives, the home service range of secret protection provided by the invention inquires outsourcing method, packet
Include step:
The home service range of secret protection inquires outsourcing method, comprising steps of
Step 1, location based service provider pre-processes POI data;
This step further comprises sub-step:
1.1 obtain entire area of space according to POI data collection, and further obtain the external square of minimum in overall space region
Shape region;
1.2 by the minimum circumscribed rectangle region division be 4 sub- rectangular areas, which is denoted as the 1st layer
Sub- rectangular area;According to preset construction rule, the central point of 4 sub- rectangular areas is sequentially connected with three line segments, is obtained
Obtain the 1st layer of subtype curve;The construction rule includes starting point, direction, zoom factor and the order of Hilbert curve, is risen
Point select 4 sub- rectangular areas one of central point, direction be it is clockwise or counterclockwise, starting point and direction are random
Setting, zoom factor and order are customized according to practical security needs, and zoom factor and the bigger safety of order are stronger;
1.3 successively construct subtype curve, obtain Hilbert curve, specifically:
1.3a proceeds as follows m layers of each sub- rectangular area respectively, wherein the initial value of m is 1:
M layers of sub- rectangular area is divided into 4 sub- rectangular areas of (m+1) layer, it is regular according to preset construction,
The central point of 4 sub- rectangular areas of (m+1) layer is sequentially connected with three articles of line segments, obtains m layers of the sub- rectangle region
The subtype curve in domain;
For 1.3b along the trend of m layers of subtype curve, the subtype curve of each sub- rectangular area of m layers of connection obtains the
(m+1) the subtype curve of layer;
1.3c enables m=m+1, repeats sub-step 1.3a~1.3c, until M layers of subtype curve is obtained, M layers
The Hilbert curve of subtype curve, that is, final;M is the preset number of plies, rule of thumb value;
The 1.4 most boy rectangular area sequential encodings passed through along Hilbert curve to Hilbert curve, the coding are
Hilbert value;
1.5 concentrate the position of each POI object to obtain the Hilbert value of each POI object according to POI data, i.e., by each POI pairs
As the Hilbert value of the most boy rectangular area that position is fallen into encoded as the POI object;
1.6 according to Hilbert value from big to small to POI data ciphertext Ci' be ranked up, the POI data after being sorted
Ciphertext collectionWherein, n is the sum that POI data concentrates POI object, Ci' the Hilbert value comprising i-th of POI object
And ciphertext, the ciphertext are raw after being encrypted using location information and data content of the symmetric encipherment algorithm to i-th POI object
At ciphertext;
POI data ciphertext collection after 1.7 pairs of sequencesMerkle Hash tree is constructed, specifically:
1.7a judge n whether the exponential for being 2, if so, execute sub-step 1.7b;Otherwise, sub-step 1.7c is executed;
1.7b construction depth is the binary tree of d, and there are mathematical relationship n=2 by d and nd;In binary tree, each leaf node pair
Answer a POI data ciphertext Ci', and the sequence of Hilbert value from small to large is pressed by each POI data ciphertext Ci' sequentially it is assigned to each leaf
Child node;The cryptographic Hash of leaf node passes through to POI data ciphertext Ci' carry out Hash operation acquisition, each non-leaf nodes
Cryptographic Hash concatenated by the cryptographic Hash of its two direct child nodes;
1.7c construction depth is the binary tree of d', and there are mathematical relationship n'=2 by d' and n'd', n' is all 2 greater than n
Minimum value in exponential;In binary tree, preceding n leaf node respectively corresponds a POI data ciphertext Ci', and press Hilbert value
Sequence from small to large is by each POI data ciphertext Ci' sequentially it is assigned to preceding n leaf node;Other leaf nodes are redundancy leaf
Node;The cryptographic Hash of each non-leaf nodes is concatenated by the cryptographic Hash of its two direct child nodes;
1.7d uses Ci' and TiThe cryptographic Hash for calculating tree root, tree root cryptographic Hash is signed, TiIt is used to test to be all
Demonstrate,prove leaf node Ci' minimum intermediate node set;
1.8 by POI data ciphertext collectionCloud service provider is sent to signature;
Step 2, location based service provider pre-processes customer position information;
This step specifically:
All most boy squares in the regional scope Q of inquiry required for determining user according to customer position information, regional scope Q
The coding in shape region constitutes Hilbert value range Q', and Hilbert value range Q' is sent to cloud service provider;
Step 3, cloud service provider is by Hilbert value range Q' and POI data ciphertext collectionIn each POI data it is close
Text Hilbert value compare one by one, will with the identical POI data ciphertext of Hilbert value included in Hilbert value range Q' with
And for recovering the minimum intermediate node set of signature, signing and return to user;
Step 4, in the Hilbert value and Hilbert value range Q' of the POI data ciphertext that user's checking returns
Hilbert value quantity with it is numerically whether consistent, if inconsistent, abandon this return data;If consistent, using return
POI data ciphertext and minimum intermediate node set recover the signature of tree root, and verifying and the signature of location based service provider are
It is no consistent, if unanimously, this POI data ciphertext returned is decrypted, otherwise, abandon the data of this return.
It is 4 sub- rectangular areas by the minimum circumscribed rectangle region division in sub-step 1.2, specifically:
Using the minimum circumscribed rectangle regional center point two orthogonal straight lines, by the minimum circumscribed rectangle area
Domain is divided into 4 sub- rectangular areas.
Compared to the prior art, the invention has the advantages that and the utility model has the advantages that
While ensureing data privacy and query result integrality, it can also reduce calculating and communication overhead, to mention
High efficiency.
Detailed description of the invention
Fig. 1 is present system model structure schematic diagram;
Fig. 2 is the organigram of Hilbert curve in embodiment;
Fig. 3 is the Merkle Hash tree schematic diagram constructed in embodiment;
Fig. 4 is the schematic diagram for the regional scope inquired required for being determined according to customer position information;
Fig. 5 is the distribution schematic diagram of 6 POI data collection used by embodiment;
Fig. 6 is the computing cost comparison diagram of the method for the present invention and existing method at the end PC;
Fig. 7 is the computing cost comparison diagram of the method for the present invention and existing method in mobile phone terminal;
Fig. 8 is the communication overhead comparison diagram of the method for the present invention and existing method.
Specific embodiment
The definition of model involved in the present invention He the problem of being solved will be first provided below.
One, system model
Consider that one possesses point of interest POI data collection and provides the location based service provider of location-based service to mobile subscriber
LBSP.In order to reduce its operation and storage overhead, location based service provider LBSP is by his POI data collection and location-based
Query service is contracted out to third party cloud service provider CSP, then provides location-based inquiry clothes from CSP to mobile subscriber
Business, system model are shown in Fig. 1.
Two, security model
CSP is honest and curiosity (Honest-But-Curious, HBC), it can be in strict accordance in instruction execution system
Operation, but data that can be contacted from it maximize the private information of snooping user and LBSP, and CSP only knows in the present invention
The ciphertext data of LBSP outsourcing and the index constructed according to index construct algorithm belong to known ciphertext model.
Three, problem describes
The problem to be solved in the present invention includes the safe and associated with it user location privacy of outsourcing POI data, and is used
Two aspect of family query result integrity verification.In order to guarantee the data safety of outsourcing POI, LBSP is needed in advance to POI data
Confidentiality and integrity processing is carried out, but needs to guarantee that CSP can effectively retrieve POI after handling, it is contemplated that in LBS, Yong Hushi
Range query is carried out according to the position of POI, and location privacy of the location information concerning user, it cannot be exposed to CSP, needed
Carry out the position that protection POI is carried out when POI data outsourcing;Then, CSP to user return POI query service result when for
The interests of itself may distort the query result of user, and LBSP is how in outsourcing processing, to prevent CSP from distorting user's
Query result.
The present invention is by solving above-mentioned putd question to based on hibert curve (Hilbert curve) and Merkle Hash tree
Topic, below will be described in detail the specific implementation process of the method for the present invention.
1, the pretreatment of outsourcing POI data
To guarantee safety of the POI data on CSP, LBSP must pre-process original POI data.Pretreated purpose
Be protection POI data location information simultaneously, can make CSP to the range retrieval of POI to provide service for user.
POI object DOiIt is spatial data object, there is two-dimensional position loc (xi,yi), DOiIndicate that POI data concentrates i-th
A POI object, xiIt is DOiAbscissa, yiIt is DOiOrdinate.Since in LBS, position is sensitivity for users, no
It can be obtained by CSP, therefore the location information of POI cannot be directly contracted out to CSP, and need to convert it, and in order to
Guarantee CSP can to location information by conversion after POI inquire, it is necessary to allow the adjacent POI in space by conversion after according to
So there is propinquity.
Hilbert curve has above-mentioned characteristic, therefore the present invention carries out outsourcing POI location information using Hilbert curve
Encryption illustrates Hilbert curve is how to be formed and carry out privacy coding to area of space below in conjunction with small.
Firstly, obtaining overall space region according to POI data collection, and the minimum for further obtaining overall space region is external
Rectangular area.
Then, it is 4 sub- rectangular areas by the minimum circumscribed rectangle region division, which is denoted as the 1st
The sub- rectangular area of layer;According to preset construction rule, the central point of 4 sub- rectangular areas is sequentially connected with three line segments
It connects, obtains the 1st layer of subtype curve, see Fig. 2 (a).The construction rule includes the starting point of Hilbert curve, direction, scaling
The factor and order, starting point select one of the central point of 4 sub- rectangular areas, and direction can be clockwise or square counterclockwise
To.
The division of 4 sub- rectangular areas specifically:
Using the minimum circumscribed rectangle regional center point two orthogonal straight lines, by the minimum circumscribed rectangle area
Domain is divided into 4 sub- rectangular areas.
Then, subtype curve is successively constructed, Hilbert curve is obtained, reference can be made to Fig. 2 (b) and Fig. 2 (c).
This step specifically:
(a) m layers of each sub- rectangular area is proceeded as follows respectively, wherein the initial value of m takes 1:
M layers of sub- rectangular area is divided into 4 sub- rectangular areas of (m+1) layer, it is regular according to preset construction,
The central point of 4 sub- rectangular areas of (m+1) layer is sequentially connected with three articles of line segments, obtains m layers of the sub- rectangle region
The subtype curve in domain;
(b) along the trend of m layers of subtype curve, the subtype curve of each sub- rectangular area of m layers of connection obtains (m
+ 1) the subtype curve of layer;
(c) m=m+1 is enabled, sub-step (a)~(b) is repeated, until obtaining M layers of subtype curve, M layers of son
The Hilbert curve of type curve, that is, final;M is the preset number of plies, rule of thumb value.
Finally, along the most boy rectangular area sequential encoding that Hilbert curve passes through Hilbert curve, the coding
That is Hilbert value thereby realizes and converts one-dimensional value for two-dimensional space.
For ease of understanding, the mathematical sense of Hilbert curve will be described below.
IfFor the N rank Hilbert curve under two-dimensional space, formula (1) is seen in wherein N >=1:
H=f (x, y) (1)
Wherein, H indicates position loc (x, y) corresponding Hilbert value, H ∈ [0,22N-1];F indicates an one-way function, should
Function is used to indicate mapping relations between loc (x, y) and Hilbert value, x and y be respectively position loc (x, y) abscissa and
Ordinate.
It realizes two-dimentional integer space [0,22N-1]2It is transformed into one-dimensional set of integers [0,22N-1], one-way function f with
Parameter (the S of Hilbert curve0, θ, N, Γ) and related, S0Indicate the initial point position of Hilbert curve, θ indicates that Hilbert is bent
The direction of line, N indicate that Hilbert order of a curve number, Γ indicate the zoom factor of Hilbert curve.These parameters can all influence
The calculated result of function f, that is, Hilbert value, therefore these parameters together constitute the key HSK, HSK=of Hilbert curve encryption
(S0,θ,N,Γ).CSP or attacker be not in the case where knowing decruption key, it is impossible to release its generation by Hilbert value is counter
The location information of table.LBSP selects the Hilbert value of suitable Hilbert parameter of curve calculating outsourcing POI, Hilbert curve
Parameter is customized according to practical security needs, and N and the bigger safety of Γ are stronger, and θ is random.
POI data is denoted as Cj=< Hj, Encek(DOHj 1||...||DOHj k) >, wherein CjExpression Hilbert value is Hj's
All POI datas;HjIndicate j-th of Hilbert value;One Hilbert value may correspond to multiple POI objects, by Hilbert value
For HjPOI object be denoted as DOHj, DOHjLocation information and data content comprising POI object;By this multiple POI object DOHjFrom
1 is numbered to k, i.e. DOHj 1、…DOHj k, separately including Hilbert value is HjThe 1st ... the location information of k POI object
And data content;Encek(DOHj 1||...||DOHj k) indicate to be H to Hilbert valuejPOI object use symmetric encipherment algorithm
The ciphertext that (such as aes algorithm) generates after being encrypted indicates character splicing.
To construct Merkle Hash tree, LBSP is according to Hilbert value from big to small to POI data ciphertext Ci' be ranked up,
POI data ciphertext collection after being sortedCi' it is using symmetric encipherment algorithm to i-th of POI object DOiPosition letter
The ciphertext that breath and data content generate after being encrypted;I indicates POI object number, and POI object number and Hilbert value are compiled
Number relationship be denoted as i=HIDj, indicate the POI object DO that number is ii, Hilbert value number is j;N is POI data concentration
The sum of POI object.Then, by POI data ciphertext collectionIt is configured to a Merkle Hash tree, allows user high
Effect ground revene lookup result integrality.Specifically:
Assuming that meeting n=2 for some positive integer d, POI object sum nd, location based service provider LBSP construction depth
For the binary tree of d, in this binary tree, each leaf node corresponds to a POI data ciphertext Ci, and each n omicronn-leaf
The cryptographic Hash of child node is concatenated by the cryptographic Hash of its two direct child nodes.The present invention uses an auxiliary set T simultaneouslyiMake
For with leaf node CiThe non-leaf nodes set for calculating Merkle Hash tree tree root together, defines TiIt is used to verify to be all
Leaf node CiMinimum intermediate node set.Fig. 3 gives the simply example of a n=6, since 6 be not 2 any power
Number, then add redundancy leaf node, so that leaf node sum is 8.In the figure, C indicates POI data ciphertext, according to Hilbert
Value arranges POI data ciphertext from small to large;H indicates cryptographic Hash, hiIt indicates to CiCarry out the resulting cryptographic Hash of Hash operation, h0-1Table
Show to h0And h1Spliced cryptographic Hash, h2-3It indicates to h2And h3Spliced cryptographic Hash, h4-5It indicates to h4And h5It is spliced
Cryptographic Hash, h6-7It indicates to h6And h7Spliced cryptographic Hash;h0-3It indicates to junior h0-1And h2-3Spliced cryptographic Hash, h4-7Table
Show to junior h4-5And h6-7Spliced cryptographic Hash, h0-7It indicates to junior h0-3And h4-7Spliced cryptographic Hash.In this figure
In, there is the POI data ciphertext C of return3With auxiliary set T3={ h2,h0-1,h4-7, public affairs can be used in the cryptographic Hash root of tree root
Formula (2) calculates:
Root=H (H (h0-1||H(h2||H(C3)))||h4-7) (2)
In formula (2), | | indicate character splicing;H () indicates Hash operation.
If n is not 2 any exponential, when constructing Merkle Hash tree, need to add redundancy leaf node, so that leaf
The exponential that node total number is 2.
The cryptographic Hash of tree root is signed { H (root) } by location based service provider LBSPK-1, wherein { }K-1Expression makes
The signature that the private key K-1 described in subscript is calculated, private key K-1 are obtained in the user's registration stage.
Finally, LBSP is by POI data ciphertext collectionCSP is issued with signature, CSP uses POI data ciphertext collection
It calculates all for constructing the median of Merkle Hash tree.
2, range query is requested
It is assumed that user issues location-based service inquiry request to CSP in position loc (x, y), then the position letter to user is needed
Breath is pre-processed.Firstly, the regional scope Q=[loc of inquiry required for determining it according to customer position informationld,locru],
See Fig. 4.locldAnd locruFor two boundary bits of the regional scope Q (being abbreviated as " query context Q " hereinafter) of required inquiry
It sets, any position loc in query contextpAll meet locld.x≤locp.x≤locruAnd loc .xld.y≤locp.y≤
locru.y, locldAnd loc .xld.y boundary position loc is indicatedldAbscissa and ordinate, locruAnd loc .xru.y side is indicated
Boundary position locruAbscissa and ordinate, locpAnd loc .xp.y any position loc is indicatedpAbscissa and ordinate.It determines
After query context Q, two-dimensional range query Q is converted to one-dimensional Hilbert value using Hilbert Curve transform key HSK
Inquire Q'.See Fig. 4, in the present embodiment, the Hilbert value inquiry after range query Q is converted is 8,11,12,13, i.e. Q'=
{8,11,12,13}.Loc information therein is replaced finally, Q' is put into inquiry request Query.
3, query processing
The corresponding Hilbert value of query context Q is inquired the POI data ciphertext collection of Q' and LBSP outsourcing by CSPIn
The Hilbert value of each POI data ciphertext is compared one by one, by the identical POI data of Hilbert value included in all and Q'
Ciphertext returns to user.In addition, CSP also returns to all auxiliary set that can be used to auxiliary and recover signatureWith
And LBSP is to the signing messages { H (root) } of Merkle Hash tree root rootK-1。
4, query result is verified
Once receiving the query result of CSP return, user's authenticity of revene lookup result and correct with the following method
Property.
Firstly, whether the Hilbert value for the POI data ciphertext that user's checking returns inquires in Q' with Hilbert value
Hilbert value is consistent in quantity and numerically;Then, using the POI data ciphertext of return and auxiliary set verifying LBSP
It is whether correct to the signature of the root root of Hash tree.If correct, then it is assumed that CSP returns complete query result, otherwise looks into
It is imperfect to ask result.
Embodiment
Beneficial effects of the present invention are further illustrated below in conjunction with embodiment.
In the present embodiment, hash function uses SHA-1, and symmetric encipherment algorithm uses AES-128, processor Interl
(R) Core (TM) i5-2320CPU 3.00GHZ, inside saves as 4.0GB, operating system win7, the development language used for
JAVA, exploitation environment are JDK1.7 and eclipse3.6, and smart phone is millet 5:Valiant dragonTM820 4 cores
2.15GHz processor;3GB RAM;64GB ROM.
The data set used is common data set in location-based service research, including 4 real data sets and 2
Simulated data sets.Real data set is obtained from official website, University of Utah, including following four true road network POI datas
Collection: OldenBurg (OL:6105 POI data), City of San Joaquin County (TG:18263 POI data),
San Francisco (SF:174956 POI data), North America (NA:175813 POI data);Analogue data
Collection is that the spatial data generator SpatialDataGenerators provided by the website chorochronos is automatically generated, including
The equally distributed data set UN and skewed data set SK being made of 4 Gaussian Profiles, the data scale of data set UN and SK
It is all 100000, wherein UN is to be uniformly distributed, and SK is made of 4 Guass distributed data collection, wherein the central point of Guass distribution
To be randomly selected, the data scale of each distribution is 25000.The corresponding distribution of 6 data sets is as shown in figure 5, these are true
Data and analogue data have corresponded to location-based service outsourcing application scenarios well.
The general parameter setting of Hilbert curve is shown in Table 1 in the present embodiment, to make each POI spatial object in data set
Hilbert value is unique, and curve order used in each data set is shown in Table 2 in the present embodiment, under response curve order, each data
It is all unique for concentrating the Hilbert value of POI spatial object.
The general parameter of table 1Hilbert curve
Curve order used in each data set of table 2
Fig. 6 and Fig. 7 indicates that in same experiment parameter, scheme [1], scheme [2], the present invention program compare a logarithm
It is worth the computing cost at the end PC and mobile phone terminal, as seen from the figure, the computing cost of the present invention program is less than scheme [1] and scheme [2].
Again since the present invention program pertains only to HMAC and hash operation, it is not related to complicated Montgomery Algorithm and large number multiplication, therefore with
The computing cost growth of the increase of element digit, this present invention program is unobvious, and computing cost growth rate, which is much smaller than, is related to mould power
The scheme [1] and scheme [2] of operation.
Fig. 8 shows in same experiment parameter, scheme [1], scheme [2], the present invention program compare a logarithm
Communication overhead.As seen from the figure, the communication overhead of the present invention program is less than scheme [1], scheme [2].Due to leading to for the present invention program
Letter relates only to the transmission of Bloom filter, and scheme [1] and scheme [2] are relatively required to transmission 2 in numerical value in the processλIt is a whole
Number, while scheme [2] further relates to Oblivious Transfer, therefore with the increase of λ, scheme [1], scheme [2] communication overhead increase bright
Aobvious, in order to keep the error of Bloom filter minimum, the digit of Bloom filter of the present invention can also increase as λ increases, and lead to
Letter expense also can accordingly increase, but growth rate is smaller than scheme [1] and scheme [2].
By Fig. 6~Fig. 8 analysis it is found that the calculation amount and the traffic of the present invention program are all smaller, fully can accurately match,
Therefore, the present invention program is more suitably applied to the limited intelligent terminal of resource.
Above scheme [1] and scheme [2] refer to documented technical solution in following documents [1] and [2]:
[1]Yao AC.Protocols for secure computations[C]//Foundations of
Computer Science,1982.SFCS'08.23rd Annual Symposium on.IEEE,1982:160-164.
[2] efficient solutions [J] electronic letters, vol of Li Shundong, Dai Yiqi, You Qiyou Yao Shi millionaires' problem,
2005,33(5):769-773.
Claims (1)
1. the home service range of secret protection inquires outsourcing method, characterized in that comprising steps of
Step 1, location based service provider pre-processes POI data, and POI indicates point of interest;
This step further comprises sub-step:
1.1 obtain entire area of space according to POI data collection, and further obtain the minimum circumscribed rectangle area in overall space region
Domain;
1.2 by the minimum circumscribed rectangle region division be 4 sub- rectangular areas, which is denoted as the 1st layer of sub- square
Shape region;According to preset construction rule, the central point of 4 sub- rectangular areas is sequentially connected with three line segments, obtains the 1st
The subtype curve of layer;The construction rule includes starting point, direction, zoom factor and the order of Hilbert curve, starting point selection
One of the central point of 4 sub- rectangular areas, direction be it is clockwise or counterclockwise, starting point and direction are randomly provided,
Zoom factor and order are customized according to practical security needs, and zoom factor and the bigger safety of order are stronger;
It is 4 sub- rectangular areas by the minimum circumscribed rectangle region division in sub-step 1.2, specifically:
Using the minimum circumscribed rectangle regional center point two orthogonal straight lines, by the minimum circumscribed rectangle region draw
It is divided into 4 sub- rectangular areas;
1.3 successively construct subtype curve, obtain Hilbert curve, specifically:
1.3a proceeds as follows m layers of each sub- rectangular area respectively, wherein the initial value of m is 1:
M layers of sub- rectangular area is divided into 4 sub- rectangular areas of (m+1) layer, according to preset construction rule, with three
The central point of 4 sub- rectangular areas of (m+1) layer is sequentially connected with by article line segment, obtains m layers of the sub- rectangular area
Subtype curve;
1.3b connects the subtype curve of m layers of each sub- rectangular area, obtains (m+1) along the trend of m layers of subtype curve
The subtype curve of layer;
1.3c enables m=m+1, repeats sub-step 1.3a~1.3c, until obtaining M layers of subtype curve, M layers of subtype
The Hilbert curve of curve, that is, final;M is the preset number of plies, rule of thumb value;
The 1.4 most boy rectangular area sequential encodings passed through along Hilbert curve to Hilbert curve, the coding are
Hilbert value;
1.5 concentrate the position of each POI object to obtain the Hilbert value of each POI object according to POI data, i.e., by each POI object position
Set Hilbert value of the coding of the most boy rectangular area fallen into as the POI object;
1.6 according to Hilbert value from big to small to POI data ciphertext Ci' be ranked up, the POI data ciphertext collection after being sortedWherein, n is the sum that POI data concentrates POI object, Ci' Hilbert value and ciphertext comprising i-th of POI object,
The ciphertext be generated after being encrypted using location information and data content of the symmetric encipherment algorithm to i-th POI object it is close
Text;
POI data ciphertext collection after 1.7 pairs of sequencesMerkle Hash tree is constructed, specifically:
1.7a judge n whether the exponential for being 2, if so, execute sub-step 1.7b;Otherwise, sub-step 1.7c is executed;
1.7b construction depth is the binary tree of d, and there are mathematical relationship n=2 by d and nd;In binary tree, each leaf node corresponding one
A POI data ciphertext Ci', and the sequence of Hilbert value from small to large is pressed by each POI data ciphertext Ci' sequentially it is assigned to each leaf section
Point;The cryptographic Hash of leaf node passes through to POI data ciphertext Ci' carry out Hash operation acquisition, the Kazakhstan of each non-leaf nodes
Uncommon value is concatenated by the cryptographic Hash of its two direct child nodes;
1.7c construction depth is the binary tree of d', and there are mathematical relationship n'=2 by d' and n'd', n' is all 2 exponentials greater than n
In minimum value;In binary tree, preceding n leaf node respectively corresponds a POI data ciphertext Ci', and by Hilbert value from small
To big sequence by each POI data ciphertext Ci' sequentially it is assigned to preceding n leaf node;Other leaf nodes are redundancy leaf node;
The cryptographic Hash of each non-leaf nodes is concatenated by the cryptographic Hash of its two direct child nodes;
1.7d uses Ci' and TiThe cryptographic Hash for calculating tree root, tree root cryptographic Hash is signed, TiVerifying leaf is used to be all
Child node Ci' minimum intermediate node set;
1.8 by POI data ciphertext collectionCloud service provider is sent to signature;
Step 2, location based service provider pre-processes customer position information;
This step specifically:
All most boy rectangle regions in the regional scope Q of inquiry required for determining user according to customer position information, regional scope Q
The coding in domain constitutes Hilbert value range Q', and Hilbert value range Q' is sent to cloud service provider;
Step 3, cloud service provider is by Hilbert value range Q' and POI data ciphertext collectionIn each POI data ciphertext
Hilbert value compares one by one, will be with the identical POI data ciphertext of Hilbert value and use included in Hilbert value range Q'
To recover the minimum intermediate node set of signature, sign and return to user;
Step 4, the Hilbert value and the Hilbert value in Hilbert value range Q' for the POI data ciphertext that user's checking returns
Quantity with it is numerically whether consistent, if inconsistent, abandon this return data;It is close using the POI data of return if consistent
Text and minimum intermediate node set recover the signature of tree root, and whether verifying is consistent with the signature of location based service provider, if
Unanimously, then this POI data ciphertext returned is decrypted, otherwise, abandons the data of this return.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710082804.4A CN106899937B (en) | 2017-02-16 | 2017-02-16 | The home service range of secret protection inquires outsourcing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710082804.4A CN106899937B (en) | 2017-02-16 | 2017-02-16 | The home service range of secret protection inquires outsourcing method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106899937A CN106899937A (en) | 2017-06-27 |
CN106899937B true CN106899937B (en) | 2019-10-25 |
Family
ID=59198189
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710082804.4A Active CN106899937B (en) | 2017-02-16 | 2017-02-16 | The home service range of secret protection inquires outsourcing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106899937B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019104675A1 (en) * | 2017-11-30 | 2019-06-06 | 深圳大学 | Ciphertext search result verification method and system therefor |
CN108260084B (en) * | 2017-12-18 | 2020-01-07 | 西安电子科技大学 | Privacy protection method based on return verification |
CN111555861B (en) * | 2020-04-30 | 2023-04-18 | 山东师范大学 | Circular range query method and system in cloud environment based on position privacy protection |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7209758B1 (en) * | 2004-06-25 | 2007-04-24 | Sprint Spectrum L.P. | Method and system for sharing and/or centralizing mobile positioning information and geospatial data for roaming mobile subscriber terminals |
CN102349315A (en) * | 2009-03-09 | 2012-02-08 | 微软公司 | Device transaction model and services based on directional information of device |
CN104079665A (en) * | 2014-07-17 | 2014-10-01 | 百度在线网络技术(北京)有限公司 | Geographic position sharing method between terminals, application server and terminals of application server |
CN104219245A (en) * | 2014-09-19 | 2014-12-17 | 西安电子科技大学 | System and method for location based service-orientated user privacy protection |
CN104750784A (en) * | 2015-03-06 | 2015-07-01 | 西安交通大学 | Merkle tree structure-based space inquiring integrity verification method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7062279B2 (en) * | 2000-06-22 | 2006-06-13 | Openwave Systems Inc. | Anonymous positioning of a wireless unit for data network location-based services |
-
2017
- 2017-02-16 CN CN201710082804.4A patent/CN106899937B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7209758B1 (en) * | 2004-06-25 | 2007-04-24 | Sprint Spectrum L.P. | Method and system for sharing and/or centralizing mobile positioning information and geospatial data for roaming mobile subscriber terminals |
CN102349315A (en) * | 2009-03-09 | 2012-02-08 | 微软公司 | Device transaction model and services based on directional information of device |
CN104079665A (en) * | 2014-07-17 | 2014-10-01 | 百度在线网络技术(北京)有限公司 | Geographic position sharing method between terminals, application server and terminals of application server |
CN104219245A (en) * | 2014-09-19 | 2014-12-17 | 西安电子科技大学 | System and method for location based service-orientated user privacy protection |
CN104750784A (en) * | 2015-03-06 | 2015-07-01 | 西安交通大学 | Merkle tree structure-based space inquiring integrity verification method |
Also Published As
Publication number | Publication date |
---|---|
CN106899937A (en) | 2017-06-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Xu et al. | ECBC: A high performance educational certificate blockchain with efficient query | |
Li et al. | A searchable symmetric encryption scheme using blockchain | |
US8966273B2 (en) | Lightweight group signature system and method with short signature | |
CN108701309A (en) | A kind of distributed user profile authentication system for security of e-commerce transactions | |
CN102509030A (en) | Anonymous preservation of a relationship and its application in account system management | |
CN106899937B (en) | The home service range of secret protection inquires outsourcing method | |
CN105610910A (en) | Cloud storage oriented ciphertext full-text search method and system based on full homomorphic ciphers | |
US11128479B2 (en) | Method and apparatus for verification of social media information | |
CN103139761B (en) | The method and communication terminal of a kind of information real-time show | |
Zhang et al. | OAC-HAS: outsourced access control with hidden access structures in fog-enhanced IoT systems | |
CN104601586B (en) | The outsourcing statistical method that a kind of disclosure can verify that | |
CN110134718A (en) | A kind of support multiple key based on encryption attribute searches for method generally | |
Huang et al. | Privacy-preserving spatio-temporal keyword search for outsourced location-based services | |
Liu et al. | Offline/online attribute‐based encryption with verifiable outsourced decryption | |
CN112131471B (en) | Method, device, equipment and medium for recommending relationship based on unowned undirected graph | |
Xu et al. | PPSEB: a postquantum public-key searchable encryption scheme on blockchain for E-healthcare scenarios | |
Shao et al. | Achieve efficient and verifiable conjunctive and fuzzy queries over encrypted data in cloud | |
CN108052834B (en) | A kind of approximate shortest distance querying method towards close state graph structure | |
Zhang et al. | New efficient constructions of verifiable data streaming with accountability | |
Zhang et al. | Blockchain-assisted data sharing supports deduplication for cloud storage | |
CN105791283A (en) | Circle range search method specific to encrypted spatial data | |
Sucharitha et al. | Enhancing secure communication in the cloud through blockchain assisted-cp-dabe | |
Liu et al. | Privacy-preserving data outsourcing with integrity auditing for lightweight devices in cloud computing | |
Yao et al. | Topic-based rank search with verifiable social data outsourcing | |
Dewri et al. | Mobile local search with noisy locations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |