CN108632035B - Inadvertent transmission system and method with access control - Google Patents

Inadvertent transmission system and method with access control Download PDF

Info

Publication number
CN108632035B
CN108632035B CN201810471233.8A CN201810471233A CN108632035B CN 108632035 B CN108632035 B CN 108632035B CN 201810471233 A CN201810471233 A CN 201810471233A CN 108632035 B CN108632035 B CN 108632035B
Authority
CN
China
Prior art keywords
information
message
database server
user client
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810471233.8A
Other languages
Chinese (zh)
Other versions
CN108632035A (en
Inventor
阮鸥
周靖
杨阳
廖雅晴
王子豪
黄雄波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei University of Technology
Original Assignee
Hubei University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei University of Technology filed Critical Hubei University of Technology
Priority to CN201810471233.8A priority Critical patent/CN108632035B/en
Publication of CN108632035A publication Critical patent/CN108632035A/en
Application granted granted Critical
Publication of CN108632035B publication Critical patent/CN108632035B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses an accidental transmission system with access control and a method thereof, wherein the system comprises a database server, an authority issuing mechanism and a user client; the server has n pieces of information, and each piece of information has own access authority; the authority issuing mechanism issues authority for the user applying for accessing the information; the user client finally obtains the information that the user client wants from the database service. Firstly, initializing a system; then, carrying out first interaction, and encrypting the transmission user to obtain access authority; then, carrying out second interaction, encrypting and transmitting to generate information of each item in the database server; finally, decrypting to obtain required information, and verifying; the invention is particularly suitable for the safe data transmission of both communication parties; inadvertent transmission with access control is proposed; allowing a user to anonymously query a database, each message being protected by an access control policy; has high practicability.

Description

Inadvertent transmission system and method with access control
Technical Field
The invention belongs to the technical field of network information security, relates to an accidental transmission system with access control and a method thereof, and particularly relates to an accidental transmission system and a method thereof for a user with access control by utilizing encrypted transmission of elliptic curve operation.
Background
With the rapid development of mobile internet, data mining and big data, more and more network applications are popularized in people's life, such as online shopping and medical information inquiry. On one hand, information is transmitted on the Internet, so that the production and the life of people are more convenient, and the rise of emerging industries and the high-speed development of social economy are promoted; on the other hand, as people leave more access traces of themselves on network applications, the problem of privacy disclosure of users caused by the access traces is more and more prominent. The inadvertent transmission protocol is widely used, i.e. information is delivered in an obfuscated manner, thereby protecting the privacy of both parties. How to make the efficiency of the careless transmission more efficient, the transmission process is safer. Is a key technical element for further development of the inadvertent transmission technology.
In many practical applications, on the one hand, the database server wants to implement an access control policy on the database, prohibiting the client from retrieving information of its choice without any restriction, for example, when banking is involved, the user is not able to retrieve information of other users. On the other hand, user clients do not want the database server to know that they are learning about the messages they are retrieving, e.g., on social networking sites, users do not want the server to know how they are viewing the retrieved messages. Thus, an oblivious transport protocol with access control has practical significance.
In the past, in an Access Control over-the-clock (OTAC) scheme, on one hand, rights management of information is mostly given rights based on roles, Access rights of information are encapsulated in the roles, and system rights are distributed by distributing the roles, that is, database information is in a set manner. However, the management mode has the hidden dangers of inflexible authorization and inconvenient expansion. On the other hand, in the solution of the inadvertent transmission, the calculated amount is large, so that the resource consumption is increased in the system operation, and the operation speed is reduced; therefore, the method and the system for careless transmission with access control are designed, and have great theoretical and practical significance for improving the transmission efficiency on the premise of ensuring the safety.
Disclosure of Invention
In order to solve the above technical problems, the present invention provides a system and a method for realizing user accidental transmission with access control by using encrypted transmission of elliptic curve operation.
The technical scheme adopted by the system of the invention is as follows: an inadvertent transmission system with access control, comprising: the system comprises a database server, an authority issuing mechanism and a user client; the server has n pieces of information, and each piece of information has own access authority; the authority issuing mechanism issues authority for the user applying for accessing information; the user client finally obtains the information that the user client wants from the database service.
The method adopts the technical scheme that: an inadvertent transmission method with access control, comprising the steps of:
step 1: initializing;
the database server generates a unique message verification code for each piece of information to the user;
step 2: a first interaction;
the user client encrypts and transmits the acquired authority to the database server;
and step 3: performing second interaction;
the database server encrypts and transmits each plaintext to the user client;
and 4, step 4: calculating the required plaintext miAnd verify mi(ii) a Where i is the index number of the message the user client wants to obtain, miThe ith message owned by the database server.
The invention discloses an inadvertent transmission method with access control and a system thereof, which create a database for protecting privacy and prevent illegal users from accessing the database; data is allowed to query the database anonymously, where each message is protected by an access control policy and can only be obtained if the user has ownership rights. In addition, an elliptic curve is used for encrypting in the transmission process; and the correctness of the received information is verified at the end of each transmission process.
Compared with the prior art, the method of the invention has the following advantages:
in the traditional irregular transmission with access control, the authority management mostly adopts a set mode to carry out authority management and authority differentiation, so that the expansibility and maintainability of the system are poor, and the later management is complex. In the method, a piece of information is adopted to independently set a permission, and each piece of information is an independent individual. Thus, the problem of large-scale user dynamic expansion is solved. The expandability and maintainability of the system are improved.
Secondly, in the traditional protocol strategy of careless transmission, decryption operation is carried out on intermediate variables, and energy consumption is increased in system operation. In the method, after the encryption operation is performed on the intermediate variable, a mutual elimination strategy is adopted, and a decryption operation is not adopted. Therefore, the operation efficiency and the operation speed can be improved.
Drawings
FIG. 1: an instantiated system model diagram of the invention;
FIG. 2: a method flow diagram of an implementation of the present invention;
FIG. 3: the present invention is an instantiated data transfer process flow diagram.
Detailed Description
In order to facilitate understanding and implementation of the present invention for those of ordinary skill in the art, the present invention is further described in detail below with reference to the accompanying drawings and examples, it being understood that the implementation examples described herein are only for the purpose of illustration and explanation and are not intended to limit the present invention.
Referring to fig. 1, the system for transmitting an oblivious message with access control provided by the present invention includes a database server, an authority issuing mechanism, and a user client; the server has n pieces of information, and each piece of information has own access authority; the authority issuing mechanism issues authority for the user applying for accessing the information; the user client finally obtains the information that the user client wants from the database service.
Referring to fig. 2, the method for performing an inadvertent transmission with access control provided by the present invention specifically includes the following steps:
step 1: initializing;
the database server generates a unique message verification code for each piece of information to the user;
the specific implementation comprises the following substeps:
step 1.1: generating unique generated message hash value H for each piece of information in database server1、…、HnAs a message authentication code;
referring to fig. 3, the database server is a server composed of n pieces of secret information, and calculates Hj←H(j,mj,ACPj) Generating a message verification code H carrying plaintext informationj: wherein n represents the number of information held by the server, j represents the j-th information, mjPlaintext indicating j-th message, ACPjRepresenting the authority required for reading the jth message;
H(j,mj,ACPj) Is a collision-free hash function that maps each piece of data provided by the database server to a fixed-length value, called the hash value, and provides an error detection capability for the final client to authenticate the resulting message.
Step 1.2: the database server verifies the generated message verification code H1...HnAnd sending the information to the information receiver.
Step 2: a first interaction;
the user client encrypts and transmits the acquired authority to the database server;
the specific implementation comprises the following substeps:
step 2.1: the user client has two parameters i, ACPi(ii) a Calculate hi←H1(i,ACPi) Generating a message authentication code h without plaintext informationi: wherein i is an index number of a message that the user client wants to obtain;
H1(i,ACPi) Is a collision-free hash function, and is used for mapping the authority obtained by the user into a value belonging to Zq *;Zq *All prime numbers of the interval { 0.,. q-1}, and the value of q is generated by an elliptic curve public key system.
The hash function has the function that the authority acquired by the client can be encrypted by using the operation on the elliptic curve and then transmitted to the database server.
Step 2.2: the user client selects a random number a, which the user client uses (a, h)i) Encrypting (a, h) using elliptic curvesi) Generation of Ri
Wherein R isi=a·P+hiP, the point P is a base point generated by an elliptic curve public key system;
step 2.3: the user client will generate R from step 2.2iAnd sending the data to a database server.
And step 3: performing second interaction;
the database server encrypts and transmits each plaintext to the user client;
the specific implementation comprises the following substeps:
step 3.1: the database server has N pieces of information, and the hash value h without the plaintext message is calculated by using the first piece of information in step 2.11
Step 3.2: database service computation S1=m1+Ri-h1P; wherein m is1Is the first piece of information owned by the database server; riAfter step 2.3 is executed, the database server receives the message; h is1P is h1Data encrypted by an elliptic curve public key system;
step 3.3: and (3) circulating the steps 3.1 and 3.2, sequentially calculating the second message to the last message, and calculating S2...Sj....Sn(ii) a Wherein S isjRepresenting an encrypted value corresponding to the jth message in the database server;
step 3.4: message parameter (S) is sent by information owner1...Sn) And sending the information to the information receiver.
And 4, step 4: calculating the required plaintext miAnd verify mi;miThe ith message owned by the database server;
the specific implementation comprises the following substeps:
step 4.1: s obtained by user client using second interactioniGenerating a random number a only known by self in a first interaction manner, and calculating a plaintext mi=Si-a.p; the point P is a base point generated by an elliptic curve public key system;
step 4.2: using the message authentication code H generated in step 1iVerification miAccuracy of (2)。
User client using m obtained in step 4.1iAnd previously owned i, ACPiObtaining a message authentication code Hj←H(j,mj,ACPj). Judging H obtained in the stepi、hjWith H obtained in step 11...HnH in (1)iWhether they are the same or not, and if so, it indicates that the information receiver has obtained the desired information mi
The invention creates a database for protecting privacy and prevents illegal users from accessing the database. Data is allowed to query the database anonymously, where each message is protected by an access control policy, which can only be obtained if the user has ownership rights. The invention provides an accidental transmission method and system with access control by using an elliptic curve encryption algorithm on the premise of ensuring the anonymity of users.
The invention realizes the careless transmission with access control, which can make the information transmit the content in a fuzzification way, simultaneously considers the safety of both the user terminal and the server, improves the past proposal, effectively solves the problem of large-scale user dynamic expansion, increases the maintainability and reduces the unnecessary decryption step in the transmission process.
It should be understood that parts of the specification not set forth in detail are prior art.
It should be understood that the above description of the preferred embodiments is given for clarity and not for any purpose of limitation, and that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (4)

1. An inadvertent transmission method with access control adopts an inadvertent transmission system with access control;
the method is characterized in that: the system comprises a database server, a permission issuing mechanism and a user client; the server has n pieces of information, and each piece of information has own access authority; the authority issuing mechanism issues authority for the user applying for accessing information; the user client finally obtains the information which the user client wants from the database service;
the method comprises the following steps:
step 1: initializing;
the database server generates a unique message verification code for each piece of information to the user;
step 2: a first interaction;
the user client encrypts and transmits the acquired authority to the database server;
the specific implementation of the step 2 comprises the following substeps:
step 2.1: the user client has two parameters i, ACPiCalculating the hash value h without plaintext informationi
Wherein h isi←H1(i,ACPi) Generating a message authentication code h without plaintext informationi: where i represents the index of the message that the information recipient wants to obtain, ACPiThe authority required for reading the ith piece of information;
step 2.2: the user client selects a random number a, which the user client uses (a, h)i) Generating R by using elliptic curve public key system encryptioni
Wherein R isi=a·P+hiP; p is a point on the elliptic curve, and the point is a base point generated by an elliptic curve public key system;
step 2.3: the user client will generate R from step 2.2iSending the data to a database server;
and step 3: performing second interaction;
the database server encrypts and transmits each plaintext to the user client;
and 4, step 4: calculating the required plaintext miAnd verify mi(ii) a Where i is the index number of the message the user client wants to obtain, miThe ith message owned by the database server.
2. The method for inadvertent transmission with access control as claimed in claim 1, wherein the step 1 is implemented by the following sub-steps:
step 1.1: generating a unique message hash value for each piece of information in the database server, and finally generating H1…HnAs a message authentication code;
wherein Hj←H(j,mj,ACPj) Generating a message authentication code H carrying plaintext informationjJ denotes the jth information, mjPlaintext indicating j-th message, ACPjThe j is 1, 2, …, n represents the number of information held by the server;
step 1.2: the database server verifies the generated message verification code H1、…、HnAnd sending the information to the information receiver.
3. The method of claim 1, wherein the step 3 is implemented by the following sub-steps:
step 3.1: the database server has N pieces of information, and the hash value h without the plaintext message is calculated by using the first piece of information in step 2.11
Step 3.2: database service computation S1=m1+Ri-h1P; wherein m is1Is the first piece of information owned by the database server; riAfter step 2.3 is executed, the database server receives the message; h is1P is h1Data encrypted by an elliptic curve public key system;
step 3.3: and (3) circulating the steps 3.1 and 3.2, sequentially calculating the second message to the last message, and calculating S2...Sj....SnIn which S isjRepresenting an encrypted value corresponding to the jth message in the database server;
step 3.3: message parameter (S) is sent by information owner1...Sn) And sending the information to the information receiver.
4. The method of claim 3, wherein the step 4 is implemented by the following sub-steps:
step 4.1: s obtained by user client using second interactioniGenerating a random number a only known by self in a first interaction manner, and calculating a plaintext mi=Si-a.p; the point P is a base point generated by an elliptic curve public key system;
step 4.2: using the message authentication code H generated in step 1iVerification miThe correctness of the operation.
CN201810471233.8A 2018-05-17 2018-05-17 Inadvertent transmission system and method with access control Active CN108632035B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810471233.8A CN108632035B (en) 2018-05-17 2018-05-17 Inadvertent transmission system and method with access control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810471233.8A CN108632035B (en) 2018-05-17 2018-05-17 Inadvertent transmission system and method with access control

Publications (2)

Publication Number Publication Date
CN108632035A CN108632035A (en) 2018-10-09
CN108632035B true CN108632035B (en) 2021-02-19

Family

ID=63693482

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810471233.8A Active CN108632035B (en) 2018-05-17 2018-05-17 Inadvertent transmission system and method with access control

Country Status (1)

Country Link
CN (1) CN108632035B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110650119B (en) * 2019-08-20 2022-01-21 创新先进技术有限公司 Data transmission method and device and electronic equipment
CN110839030B (en) * 2019-11-15 2021-11-19 内蒙古大学 Authority transfer method in block chain access control
CN111092871B (en) * 2019-12-11 2021-06-08 支付宝(杭州)信息技术有限公司 Data sharing method and device for personal information protection and electronic equipment
CN111898157B (en) * 2020-07-23 2024-03-26 东南大学 Unintentional storage access method for machine learning multisource training set
CN112134682B (en) * 2020-09-09 2022-04-12 支付宝(杭州)信息技术有限公司 Data processing method and device for OTA protocol
CN113259329B (en) * 2021-04-26 2022-07-15 北京信安世纪科技股份有限公司 Method and device for data careless transmission, electronic equipment and storage medium
CN114301609B (en) * 2022-03-01 2022-05-17 华控清交信息科技(北京)有限公司 Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission
CN114301594B (en) * 2022-03-01 2022-05-17 华控清交信息科技(北京)有限公司 Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101183938A (en) * 2007-10-22 2008-05-21 华中科技大学 Wireless network security transmission method, system and equipment
CN102546650A (en) * 2012-01-19 2012-07-04 北京工业大学 End-to-end safety control method for wireless sensor network and internet intercommunication
CN103391192B (en) * 2013-07-16 2016-09-21 国家电网公司 A kind of based on secret protection across security domain access control system and control method thereof
US9569771B2 (en) * 2011-04-29 2017-02-14 Stephen Lesavich Method and system for storage and retrieval of blockchain blocks using galois fields

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101183938A (en) * 2007-10-22 2008-05-21 华中科技大学 Wireless network security transmission method, system and equipment
US9569771B2 (en) * 2011-04-29 2017-02-14 Stephen Lesavich Method and system for storage and retrieval of blockchain blocks using galois fields
CN102546650A (en) * 2012-01-19 2012-07-04 北京工业大学 End-to-end safety control method for wireless sensor network and internet intercommunication
CN103391192B (en) * 2013-07-16 2016-09-21 国家电网公司 A kind of based on secret protection across security domain access control system and control method thereof

Also Published As

Publication number Publication date
CN108632035A (en) 2018-10-09

Similar Documents

Publication Publication Date Title
CN108632035B (en) Inadvertent transmission system and method with access control
Guo et al. Blockchain meets edge computing: A distributed and trusted authentication system
Namasudra et al. Time efficient secure DNA based access control model for cloud computing environment
Luo et al. Hierarchical multi-authority and attribute-based encryption friend discovery scheme in mobile social networks
CN106254324B (en) A kind of encryption method and device of storage file
CN106375346B (en) Data guard method based on condition broadcast agent re-encryption under a kind of cloud environment
CN104158827B (en) Ciphertext data sharing method, device, inquiry server and upload data client
CN109768987A (en) A kind of storage of data file security privacy and sharing method based on block chain
CN103763319B (en) Method for safely sharing mobile cloud storage light-level data
Wang et al. Ultra super fast authentication protocol for electric vehicle charging using extended chaotic maps
CN104468615A (en) Data sharing based file access and permission change control method
CN104158880B (en) User-end cloud data sharing solution
CN106789042A (en) User in IBC domains accesses the authentication key agreement method of the resource in PKI domains
CN112383550B (en) Dynamic authority access control method based on privacy protection
CN101515947A (en) Method and system for the quick-speed and safe distribution of file based on P2P
CN110535626B (en) Secret communication method and system for identity-based quantum communication service station
CN110224816B (en) Anti-quantum computing application system based on key fob and serial number, near-field energy-saving communication method and computer equipment
Zhao et al. A verifiable hidden policy CP‐ABE with decryption testing scheme and its application in VANET
CN104993931A (en) Multi-user encrypted search method in cloud storage
CN115426136B (en) Cross-domain access control method and system based on block chain
CN105721146B (en) A kind of big data sharing method towards cloud storage based on SMC
Wang et al. KS-ABESwET: A keyword searchable attribute-based encryption scheme with equality test in the internet of things
CN102404329A (en) Method for validating and encrypting interaction between user terminal and virtual community platform
CN114697042A (en) Block chain-based Internet of things security data sharing proxy re-encryption method
CN111082930A (en) User encryption method based on quantum encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20181009

Assignee: TOMATO TECHNOLOGY (WUHAN) Co.,Ltd.

Assignor: HUBEI University OF TECHNOLOGY

Contract record no.: X2023980054595

Denomination of invention: An inadvertent transmission system and method with access control

Granted publication date: 20210219

License type: Common License

Record date: 20231228