CN108924081B - Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation - Google Patents

Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation Download PDF

Info

Publication number
CN108924081B
CN108924081B CN201810412657.7A CN201810412657A CN108924081B CN 108924081 B CN108924081 B CN 108924081B CN 201810412657 A CN201810412657 A CN 201810412657A CN 108924081 B CN108924081 B CN 108924081B
Authority
CN
China
Prior art keywords
user
perception
task
data
privacy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810412657.7A
Other languages
Chinese (zh)
Other versions
CN108924081A (en
Inventor
裴庆祺
王军泰
马立川
马强业
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zontek Co ltd
Original Assignee
Zontek Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zontek Co ltd filed Critical Zontek Co ltd
Priority to CN201810412657.7A priority Critical patent/CN108924081B/en
Publication of CN108924081A publication Critical patent/CN108924081A/en
Application granted granted Critical
Publication of CN108924081B publication Critical patent/CN108924081B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention belongs to the field of information security, and discloses a method for protecting user privacy and resisting malicious users in an Internet of things based on edge calculation, wherein a SHE homomorphic password system is introduced to calculate and update trust values of users on the basis of protecting the user privacy, so that malicious users are prevented from injecting malicious data; complex ciphertext operation is loaded to the edge node by utilizing an edge computing mode, so that the privacy of a user is protected; the method comprises the following steps: and executing the perception task, and updating the trust value of the user executing the perception task under the cooperation of the edge node of the target area and the trust management center. The invention introduces a new edge computing mode, relatively accords with the requirements of an actual network, can estimate the reliability of data on the premise of not revealing original data, and further realizes the resistance to malicious users by introducing a trust management mechanism on the basis of protecting the data privacy of the users.

Description

Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation
Technical Field
The invention belongs to the field of information security, and particularly relates to a method for protecting user privacy and resisting malicious users in an Internet of things based on edge computing.
Background
At present, technologies for protecting user privacy and resisting malicious users in the internet of things rely on a central cloud server, and data of all internet of things equipment are required to be transmitted to the cloud server for processing. However, with the development of the internet of things technology, the number of devices in the internet of things is large, and the amount of data required to be transmitted to the cloud server for processing is increased, which brings a serious challenge to transmission bandwidth and time delay. In addition, the protection of the user privacy and the resistance to malicious users are relatively independent processes, and the data reliability cannot correspond to specific users due to the protection of the user privacy, so that the resistance to malicious users by introducing a trust management mechanism becomes difficult. Therefore, the invention provides a method for protecting user privacy against malicious users in the Internet of things based on edge computing, which introduces an edge computing mode, processes data at a position close to a data source by deploying edge equipment with certain computing, storing and communicating capabilities, and effectively relieves the problems of bandwidth, delay and the like caused by a large amount of data transmission and processing. Meanwhile, a homomorphic password system is introduced, and the resistance to malicious users is realized on the basis of protecting the privacy of the users.
Because the privacy of the user must be protected, the general privacy protection mode is mainly divided into two modes of anonymization processing on the user and user data encryption. While anonymizing users makes the data unassociated with their providers, encrypting user data makes it particularly difficult to measure the reliability of the data. Both of these ways of protecting user privacy make it particularly difficult to detect erroneous or spurious data provided by malicious users.
The patent of university of large-courseware "P2P malicious node detection method based on FP-outler mining" (application number: 201510220656) discloses a malicious node detection method in a P2P network. The patent mainly includes: A. constructing a behavior mode of the nodes according to interactive data among the nodes in the network; B. extracting a local frequent behavior pattern in the P2P subnet by adopting a frequent pattern mining method; C. updating global frequent behavior patterns stored by each supernode through incremental propagation and aggregation of local frequent patterns among the supernodes in the P2P network, and evaluating influence factors of each global frequent behavior pattern; D. and calculating the outlier factors of the nodes by integrating the local and global frequent behavior patterns, and detecting the nodes with the outlier factors higher than the average value as malicious nodes. The technology disclosed by the patent can effectively detect malicious nodes, but the technology does not consider the privacy problem of network nodes, for example, mining interactive data between nodes in a network tends to reveal relationship information between the nodes, which is not allowed under the background that the privacy protection problem is more and more emphasized. A yulong computer communication technology (shenzhen) limited patent "privacy protection method and privacy protection device in vehicle communication" (application number: 201610933025.6) discloses a privacy protection method in vehicle communication, which mainly comprises: A. acquiring a first secret key distributed by an operator, wherein after the operator distributes the first secret key, a plurality of pairs (PMSI, KPMSI) are encrypted by the first secret key and then sent to an authentication management center; B. sending a request for signing the public key of the vehicle terminal to an operator, and receiving a signature result returned by the operator, wherein the operator signs the public key of the vehicle terminal by using a private key of the operator; C. the identification code of the vehicle terminal, the public key of the vehicle terminal and the signature result are sent to an authentication management center, and at least one pair (PMSI, KPMSI) which is sent by the authentication management center and encrypted by using the public key and the first secret key of the vehicle terminal is received; D. and decrypting the received (PMSI, KPMSI) according to the first secret key and a private key of the vehicle terminal, and performing vehicle communication based on the decrypted (PMSI, KPMSI). According to the invention, the privacy security in the vehicle communication process is greatly improved, however, the technology does not consider the situation that a malicious user sends wrong data, the detection of the malicious user becomes very difficult on the premise of privacy protection, the accuracy of the interaction result between vehicles is greatly reduced, and even traffic accidents are caused, so that the personal and property safety is endangered.
S. bassan et al in its article "a Privacy-Preserving lateral crown Monitoring-Based Road Surface conditioning Monitoring System Using wrapping Computing" (IEEE Internet of motions Journal, vol.4, No.3, pp.772-782,2017) provides a crowdsourcing sensing method for protecting user Privacy in a Fog Computing mode, which can resist certain malicious user attacks on the premise of protecting Privacy, but can only detect whether a user works according to a given protocol, and cannot process whether the user uploads a correct sensing result.
Fan et al in its paper "Privacy-Aware and trust Data Aggregation in Mobile Sensing" (IEEE CNS, 2015, pp.31-39) provide a reliable Data fusion method for protecting user Privacy, which can determine whether the perception result uploaded by the user is within a defined legal range, and if the range is large, the malicious user still cannot be processed. Wang et al in their paper "engineering in Privacy-Preserving Mobile Sensing" (IEEE Transactions on Mobile Computing, vol.13, No.12, pp.2777-2790,2014) propose a Privacy-Preserving Trust management mechanism against malicious users. However, the method protects the privacy of the user by using an anonymous method, so that sensitive information of the user can still be leaked under a tracing attack; furthermore, the updating of the trust value relies on an additional trust value redemption process, so that a malicious user can continue to send erroneous data at a high trust value for a short time by refusing to perform the redemption process.
In summary, the problems of the prior art are as follows:
(1) in the prior art, the P2P malicious node detection method based on FP-outlier mining does not consider the situation that a malicious user sends wrong data, so that the detection of the malicious user becomes more difficult on the premise of privacy protection, the accuracy of an interaction result between vehicles is greatly reduced, even traffic accidents are caused, and personal and property safety is endangered.
(2) In the prior art, a crowdsourcing sensing method for protecting user privacy in a fog computing mode can only detect whether a user works according to a set protocol, and cannot process whether the user uploads a correct sensing result.
(3) In the prior art, a reliable data fusion method for protecting user privacy can only detect whether provided data is in a defined effective range, and if the range is large, a malicious user can provide error data with a large difference from actual data in the effective range to influence a final fusion result.
(4) In the prior art, an anonymous method is used for protecting the privacy of a user by a trust management mechanism for protecting the privacy, so that sensitive information of the user can still be leaked under retroactive attack; meanwhile, the malicious user continuously transmits the error data with a high trust value for a short time by refusing to perform the trust value redemption process.
The technical problem is solved on the premise of protecting the privacy of the user. Since the anonymous method is difficult to resist the tracing attack, a data encryption mode is needed to protect the privacy of the user. However, the reliability of the data encrypted by using the traditional encryption mode cannot be measured, so that a malicious attacker continuously sends wrong sensing data without being detected, and further, the data fusion process of the internet of things is continuously influenced badly. Therefore, a new password system and a related scheme are required to be introduced to realize the resistance to malicious users on the basis of protecting the privacy of the users.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a method for protecting user privacy and resisting malicious users in the Internet of things based on edge computing. The invention realizes the inhibition of the attack of the malicious user through the trust management mechanism on the basis of protecting the privacy of the user.
The invention is realized in such a way that a method for protecting user privacy and resisting malicious users in the Internet of things based on edge calculation comprises the following steps:
(1) initialization: the trusted center determines security parameters required by the SHE homomorphic password system; the new user registers at the trust management centre and is assigned an initial trust value of 0.5.
(2) Performing perceptual tasks
2a) A user with a perception task request requests a public key and a private key for the perception task from a trusted center;
2b) the cloud scheduling center traces the sensing task through the edge node;
2c) broadcasting a task request by an edge node of a target area;
2d) the user executes the perception task and transmits the encrypted perception data to the edge node in the area;
2e) the edge nodes in the target area are subjected to perception result fusion;
2f) and sending the final fusion result to a user requesting the task through the cloud scheduling center.
(3) Trust value update
3a) Calculating the dispersion of each sensing data and the final fusion result after encryption by the edge node of the target area;
3b) sending the calculated encryption dispersion to a trust management center;
3c) the trust management center requests a private key for the task from a user initiating the perception task and decrypts the divergence;
3d) and updating the trust value of the user providing the perception data by using the decrypted dispersion.
The method specifically comprises the following steps:
(1) initialization:
the trusted center determines security parameters required by the SHE homomorphic cryptography for protecting user privacy. All users register at a trust management centre, which determines an initial trust value of 0.5 for each user.
(2) And (3) executing a perception task:
2a) when the user needs other users to perform the perception task, the requesting user obtains the public key pk and the private key sk for the request from the trusted center. And the pk is sent to an edge node near the requesting user along with the task request, and the sk is kept by the requesting user.
2b) When the edge node near the requesting user receives the user request, the edge node sends the request to the cloud scheduling center. And the cloud scheduling center selects an edge node positioned in the target area according to the requirement of the task request and sends the task request and pk thereof to the node.
2c) After receiving the task request and pk, the edge node of the target area broadcasts the task request and pk to the surrounding users.
2d) And the user in the target area executes the perception task, encrypts the acquired perception data by utilizing pk, and sends the ID and the encrypted result thereof to the edge node in the target area.
2e) After receiving the ID of the user who executes the perception task and the encrypted perception data, the edge node in the target area requests the trust value of the user to a trust management center, and determines the encrypted final perception result according to the following formula
Figure BDA0001648452520000061
Figure BDA0001648452520000062
2f) The encrypted final perception result is sent to the requesting user from the edge node of the target area through the cloud scheduling center and the edge node near the requesting user, the requesting user decrypts the encrypted final perception result by using the private key sk to obtain the plaintext of the final perception result, and the perception task is ended at this moment.
Description of the drawings: in the process, the original perception data of the user who performs the perception task is not leaked all the time.
(3) And (3) updating the trust value:
after the perception task is completed, the edge node and the trust management center of the target area update the trust value of the user executing the perception task according to the following steps:
3a) for each node i of the Internet of things executing the perception task, belonging to the P, the edge node of the target area is based on
Figure BDA0001648452520000063
And
Figure BDA0001648452520000064
is calculated according to the following formula
Figure BDA0001648452520000069
Figure BDA0001648452520000065
Wherein ubjAnd lbjThe upper and lower bounds of the jth component of the perceptual data can be derived by analyzing historical data about the component's attributes.
3b) The edge nodes of the target area complete all the calculation
Figure BDA0001648452520000066
And then sending the data to a trust management center.
3c) The trust management center requests the edge nodes near the userAnd requesting the request user to acquire the private key sk of the perception task. Trust management center decrypts with private key sk
Figure BDA0001648452520000067
Obtaining di(i∈P)。
3d) The trust management center obtains di(i ∈ P), first find the number of bits in it, and use
Figure BDA0001648452520000068
And (4) showing. And then updating the trust value of each node of the internet of things participating in the perception task by using the following formula:
Figure BDA0001648452520000071
wherein δ is 1.5, α is 10, γ is 3, β is 0.05, and η is 0.15.
Furthermore, edge computing nodes with certain computing, storage and communication capabilities are arranged in different areas, and a user can perform information interaction with the edge computing nodes through wireless communication technologies such as WIFI and Bluetooth. And data transmission is carried out between the edge computing node and the cloud data center through the Internet.
The SHE homomorphic password system gives a public key pk, a private key sk and any two binary expressed messages m and m ', and after the public key pk is used for encrypting m and m', respectively obtaining ciphertext
Figure BDA0001648452520000072
And
Figure BDA0001648452520000073
by using
Figure BDA0001648452520000074
Representing pair cipher text
Figure BDA0001648452520000075
And
Figure BDA0001648452520000076
performing summation operation in its polynomial domain, and using sk to pair
Figure BDA0001648452520000077
Decrypting to obtain m + m'; similarly, by
Figure BDA0001648452520000078
Representing pair cipher text
Figure BDA0001648452520000079
And
Figure BDA00016484525200000710
performing an arithmetic operation in its polynomial domain, using sk pairs
Figure BDA00016484525200000711
After decryption, m · m' is obtained. The security parameters of the SHE homomorphic password system are respectively as follows: modulo x of polynomial field2048+1, modulo 2 of the polynomial coefficient field60-214+1, and the range of the plaintext message [0,28-1]。
Another object of the present invention is to provide a computer program for implementing the method for protecting user privacy against malicious users in the internet of things based on edge computing.
In summary, the advantages and positive effects of the invention are:
according to the invention, the weight of the malicious user providing data in the data fusion process can be reduced through a trust management mechanism on the basis of protecting the privacy of the user by introducing a SHE homomorphic password system in the Internet of things based on the edge computing mode, so that the malicious user is resisted, and the reliability of data acquisition and fusion in the edge computing mode is improved. Meanwhile, the reliability of the data is estimated on the premise of not revealing the original data, and further, the malicious user is resisted by introducing a trust management mechanism on the basis of protecting the privacy of the user data. The concrete expression is as follows:
(1) when the sensing data is single data, the relationship between the number of users and the running time required for obtaining the fusion sensing result is as follows:
Figure BDA0001648452520000081
(2) defining MAE as the average absolute error between the data fusion result when the malicious user exists and the data fusion result when the malicious user does not exist, and defining P when 100 Internet of things users exist in the communication range of each edge nodemalThe number of malicious users in the users of the Internet of things accounts for the proportion of all the users, the MAE and the number n of the executed sensing taskssAt PmalThe relationship when different values are taken is as shown in fig. 3, it can be seen that along with the increase of the number of executed sensing tasks, the malicious device can be gradually detected, and further, the MAE is stabilized below 0.003. Therefore, the proposed scheme can prove to be capable of resisting malicious users on the basis of protecting the privacy of user data.
Drawings
Fig. 1 is a flowchart of a method for protecting user privacy against malicious users in an internet of things based on edge computing according to an embodiment of the present invention.
Fig. 2 is a scene diagram provided by an embodiment of the present invention.
FIG. 3 shows an MAE and the number of executed sensing tasks n according to an embodiment of the present inventionsAt PmalAnd (5) taking a relation diagram when different values are taken.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
According to the invention, by introducing an SHE homomorphic password system, on the basis of protecting the privacy of the user, the calculation and the update of the trust value of the user are realized, and finally, the malicious data injection by the malicious user is resisted. In addition, the complex ciphertext operation is loaded to the edge node by utilizing the edge computing mode, so that the load of a user in the aspect of privacy protection is reduced, and the method has strong practicability.
The application scenario of the invention is the internet of things based on the edge computing mode, as shown in fig. 2, a user in a network can be in a mobile state, and the user can be used as a data requester or a data provider; the edge devices are distributed in different regions and have certain storage, calculation and communication capacities; the trusted center, the trust management center and the scheduling center are located in the cloud center server and respectively realize the functions of key distribution, trust value storage and updating and scheduling request task tracing.
As shown in fig. 1, a method for protecting user privacy against malicious users in an internet of things based on edge computing according to an embodiment of the present invention includes:
(1) initialization:
the trusted center determines security parameters required by the SHE homomorphic cryptography for protecting user privacy. All users register at a trust management centre, which determines an initial trust value of 0.5 for each user. The SHE homomorphic cipher system is characterized in that a public key pk, a private key sk and any two binary expressed messages m and m 'are given, and after the public key pk is used for encrypting the m and the m', respectively obtaining ciphertexts
Figure BDA0001648452520000091
And
Figure BDA0001648452520000092
wherein the content of the first and second substances,
Figure BDA0001648452520000093
representing the ciphertext after encrypting a binary message. By using
Figure BDA0001648452520000094
Representing pair cipher text
Figure BDA0001648452520000095
And
Figure BDA0001648452520000096
performing a summation operation in its polynomial domainUsing sk pairs
Figure BDA0001648452520000097
Decrypting to obtain m + m'; similarly, by
Figure BDA0001648452520000098
Representing pair cipher text
Figure BDA0001648452520000099
And
Figure BDA00016484525200000910
performing an arithmetic operation in its polynomial domain, using sk pairs
Figure BDA00016484525200000911
After decryption, m · m' is obtained. The security parameters of the SHE homomorphic password system are respectively as follows: modulo x of polynomial field2048+1, modulo 2 of the polynomial coefficient field60-214+1, and the range of the plaintext message [0,28-1]。
(2) And (3) executing a perception task:
2a) when the user needs other users to perform the perception task, the requesting user obtains the public key pk and the private key sk for the request from the trusted center. And the pk is sent to an edge node near the requesting user along with the task request, and the sk is kept by the requesting user.
2b) When the edge node near the requesting user receives the user request, the edge node sends the request to the cloud scheduling center. And the cloud scheduling center selects an edge node positioned in the target area according to the requirement of the task request and sends the task request and pk thereof to the node.
2c) After receiving the task request and pk, the edge node of the target area broadcasts the task request and pk to the surrounding users.
2d) And the user interested in the task request in the target area executes the perception task, encrypts the acquired perception data by utilizing pk, and sends the ID and the encrypted result thereof to the edge node in the target area.
2e) After receiving the ID of the user who executes the perception task and the encrypted perception data, the edge node in the target area requests the trust value of the user to a trust management center, and determines the encrypted final perception result according to the following formula
Figure BDA0001648452520000101
Figure BDA0001648452520000102
2f) The encrypted final perception result is sent to the requesting user from the edge node of the target area through the cloud scheduling center and the edge node near the requesting user, the requesting user decrypts the encrypted final perception result by using the private key sk to obtain the plaintext of the final perception result, and the perception task is ended at this moment.
Description of the drawings: in the process, the original perception data of the user who performs the perception task is not leaked all the time.
(3) And (3) updating the trust value:
after the perception task is completed, the edge node and the trust management center of the target area update the trust value of the user executing the perception task according to the following steps:
3a) for each user i e P performing the perception task, the edge node of the target area is based on
Figure BDA0001648452520000103
And
Figure BDA0001648452520000104
is calculated according to the following formula
Figure BDA0001648452520000105
Figure BDA0001648452520000106
3b) The edge nodes of the target area complete all the calculation
Figure BDA0001648452520000107
And then sending the data to a trust management center.
3c) And the trust management center requests the requesting user to acquire the private key sk of the perception task through the edge node near the requesting user. Trust management center decrypts with private key sk
Figure BDA0001648452520000111
Obtaining di(i∈P)。
3d) The trust management center obtains di(i ∈ P), first find the number of bits in it, and use
Figure BDA0001648452520000112
And (4) showing. Then, updating the trust value of each user participating in the perception task by using the following formula:
Figure BDA0001648452520000113
wherein δ is 1.5, α is 10, γ is 3, β is 0.05, and η is 0.15.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When used in whole or in part, can be implemented in a computer program product that includes one or more computer instructions. When loaded or executed on a computer, cause the flow or functions according to embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.)). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (5)

1. A method for protecting user privacy against malicious users in an Internet of things based on edge computing is characterized in that the method for protecting user privacy against malicious users in the Internet of things based on edge computing calculates and updates trust values of users on the basis of protecting user privacy by introducing a SHE homomorphic password system, and resists malicious users from injecting malicious data; complex ciphertext operation is loaded to the edge node by utilizing an edge computing mode, so that the privacy of a user is protected; the method comprises the following steps:
and (3) executing a perception task: a user with a perception task request requests a public key and a private key for the perception task from a trusted center; the cloud scheduling center traces the sensing task through the edge node; broadcasting a task request by an edge node of a target area; the user executes the perception task and transmits the encrypted perception data to the edge node in the area; the edge nodes in the target area are subjected to perception result fusion; sending the final fusion result to a user requesting the task through a cloud scheduling center;
and updating the trust value of the user executing the perception task under the cooperation of the target area edge node and the trust management center: calculating the dispersion of each sensing data and the final fusion result after encryption by the edge node of the target area; sending the calculated encryption dispersion to a trust management center; the trust management center requests a private key for the task from a user initiating the perception task and decrypts the divergence; and updating the trust value of the user providing the perception data by using the decrypted dispersion.
2. The method for protecting the privacy of the user against the malicious user in the internet of things based on the edge computing as claimed in claim 1, wherein the method for protecting the privacy of the user against the malicious user in the internet of things based on the edge computing specifically comprises:
1) initialization: the method comprises the steps that a trusted center determines security parameters required by an SHE homomorphic password system for protecting user privacy; all users register at a trust management center, and the trust management center determines an initial trust value of 0.5 for each user;
2) and (3) executing a perception task:
2a) when a user needs other users to execute a perception task, a requesting user acquires a public key pk and a private key sk for requesting from a trusted center; the pk is sent to an edge node near a requesting user along with a task request, and the sk is kept by the requesting user;
2b) when an edge node near a requesting user receives a user request, the edge node sends the request to a cloud scheduling center; the cloud scheduling center selects an edge node positioned in a target area according to the requirement of a task request and sends the task request and pk to the node;
2c) after receiving the task request and pk, the edge node of the target area broadcasts the task request and pk to surrounding users;
2d) a user in the target area executes a perception task, encrypts the acquired perception data by utilizing pk, and sends the ID and the encrypted result to an edge node in the target area;
2e) after receiving the ID of the user who executes the perception task and the encrypted perception data, the edge node in the target area requests the trust value of the user to a trust management center, and determines the encrypted final perception result according to the following formula
Figure FDA0002946789410000021
Figure FDA0002946789410000022
2f) The encrypted final perception result is sent to the requesting user from the edge node of the target area through the cloud scheduling center and the edge node near the requesting user, the requesting user decrypts the encrypted final perception result by using the private key sk to obtain a plaintext, and the perception task is finished;
3) and (3) updating the trust value:
after the perception task is completed, the edge node and the trust management center of the target area update the trust value of the user executing the perception task according to the following steps:
3a) for each internet of things node i ∈ p performing this perception task, the edge nodes of the target region are based on
Figure FDA0002946789410000023
And
Figure FDA0002946789410000024
is calculated according to the following formula
Figure FDA0002946789410000026
Figure FDA0002946789410000025
Wherein ubjAnd lbjObtaining upper and lower bounds of jth component of the perception data by analyzing historical data about component attributes;
3b) the edge nodes of the target area complete all the calculation
Figure FDA0002946789410000027
Then, sending the data to a trust management center;
3c) trust management center attaching by requesting userThe near edge node requests the requesting user to acquire the private key sk of the perception task; trust management center decrypts with private key sk
Figure FDA0002946789410000034
Obtaining di(i∈Ρ);
3d) The trust management center obtains di(i e.p) first find the number of bits in it, and use it
Figure FDA0002946789410000031
Represents; and then updating the trust value of each node of the internet of things participating in the perception task by using the following formula:
Figure FDA0002946789410000032
wherein δ is 1.5, α is 10, γ is 3, β is 0.05, η is 0.15; sign (x) is a sign function defined as:
Figure FDA0002946789410000033
3. an information data processing terminal for implementing the method for protecting user privacy against malicious users in the internet of things based on edge computing according to any one of claims 1-2.
4. A computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform the method of protecting user privacy against malicious users in an edge computing-based internet of things as claimed in any of claims 1-2.
5. The control system for protecting the privacy of the user against the malicious user in the internet of things based on the edge computing according to any one of claims 1 to 2.
CN201810412657.7A 2018-05-03 2018-05-03 Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation Active CN108924081B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810412657.7A CN108924081B (en) 2018-05-03 2018-05-03 Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810412657.7A CN108924081B (en) 2018-05-03 2018-05-03 Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation

Publications (2)

Publication Number Publication Date
CN108924081A CN108924081A (en) 2018-11-30
CN108924081B true CN108924081B (en) 2021-04-30

Family

ID=64403457

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810412657.7A Active CN108924081B (en) 2018-05-03 2018-05-03 Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation

Country Status (1)

Country Link
CN (1) CN108924081B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109784718A (en) * 2019-01-14 2019-05-21 四川长虹电器股份有限公司 It is a kind of that system and method is dispatched using the Discrete Manufacturing Process for more acting on behalf of edge calculations
CN109862114B (en) * 2019-03-12 2021-08-10 南京邮电大学 Safe vehicle crowd-sourcing sensing method based on fog calculation
CN110191089B (en) * 2019-04-25 2021-06-25 西安邮电大学 Non-interactive authentication method and system for data processing of Internet of things
CN110650187B (en) * 2019-09-09 2020-09-18 北京邮电大学 Node type determination method for edge node and target network
CN111062043B (en) * 2019-11-29 2022-05-20 清华大学 Medical image identification method and system based on edge calculation
CN112600886B (en) * 2020-12-04 2022-08-26 支付宝(杭州)信息技术有限公司 Privacy protection method, device and equipment with combination of end cloud and device
CN112787796B (en) * 2021-01-06 2023-04-28 南京邮电大学 Aggregation method and device for detecting false data injection in edge calculation
CN113132360A (en) * 2021-03-30 2021-07-16 湘潭大学 False data detection method for ammeter metering system based on edge calculation
CN113271598B (en) * 2021-05-18 2022-09-27 全球能源互联网研究院有限公司 Edge safety protection architecture for electric power 5G network
CN114050914B (en) * 2021-10-21 2022-08-02 广州大学 Revocable lightweight group authentication method, system and medium for edge controller
CN116074841B (en) * 2023-03-07 2023-06-13 鹏城实验室 Edge computing trusted access method, device, equipment and computer storage medium
CN117195292B (en) * 2023-09-08 2024-04-09 广州星屋智能科技有限公司 Power business evaluation method based on data fusion and edge calculation

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413474A (en) * 2012-01-04 2012-04-11 西安电子科技大学 Self-adaption trust management system and method of cognitive radio network
CN107070644A (en) * 2016-12-26 2017-08-18 北京科技大学 A kind of decentralization public key management method and management system based on trust network
CN107770263A (en) * 2017-10-16 2018-03-06 电子科技大学 A kind of internet-of-things terminal safety access method and system based on edge calculations

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8397063B2 (en) * 2009-10-07 2013-03-12 Telcordia Technologies, Inc. Method for a public-key infrastructure for vehicular networks with limited number of infrastructure servers
US9525692B2 (en) * 2012-10-25 2016-12-20 Imprivata, Inc. Secure content sharing

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413474A (en) * 2012-01-04 2012-04-11 西安电子科技大学 Self-adaption trust management system and method of cognitive radio network
CN107070644A (en) * 2016-12-26 2017-08-18 北京科技大学 A kind of decentralization public key management method and management system based on trust network
CN107770263A (en) * 2017-10-16 2018-03-06 电子科技大学 A kind of internet-of-things terminal safety access method and system based on edge calculations

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"边缘计算数据安全与隐私保护研究综述";张佳乐;《通信学报》;20180331;全文 *

Also Published As

Publication number Publication date
CN108924081A (en) 2018-11-30

Similar Documents

Publication Publication Date Title
CN108924081B (en) Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation
US10484185B2 (en) Method and system for distributing attestation key and certificate in trusted computing
Khalid et al. A survey on privacy and access control schemes in fog computing
Khaliq et al. A secure and privacy preserved parking recommender system using elliptic curve cryptography and local differential privacy
CN109688119B (en) Anonymous traceability identity authentication method in cloud computing
KR102219277B1 (en) System and method for controlling the delivery of authenticated content
US20220286440A1 (en) Secure Media Delivery
KR101311059B1 (en) Revocation information management
CN104641592A (en) Method and system for a certificate-less authentication encryption (CLAE)
US20210143986A1 (en) Method for securely sharing data under certain conditions on a distributed ledger
CN110830245B (en) Anti-quantum-computation distributed Internet of vehicles method and system based on identity secret sharing and implicit certificate
CN107248980B (en) Mobile application recommendation system and method with privacy protection function under cloud service
Liu et al. Dynamic anonymous identity authentication (DAIA) scheme for VANET
CN111294349B (en) Method and device for sharing data of Internet of things equipment
US20220407701A1 (en) Processing of requests to control information stored at multiple servers
JPWO2017033442A1 (en) Information processing apparatus, authentication system, authentication method, and computer program
WO2018112482A1 (en) Method and system for distributing attestation key and certificate in trusted computing
Salek et al. A review on cybersecurity of cloud computing for supporting connected vehicle applications
Liu et al. LVAP: Lightweight V2I authentication protocol using group communication in VANET s
Amuthan et al. Hybrid GSW and DM based fully homomorphic encryption scheme for handling false data injection attacks under privacy preserving data aggregation in fog computing
US20180083778A1 (en) Binding data to a network in the presence of an entity with revocation capabilities
Dai et al. Pairing-free certificateless aggregate signcryption scheme for vehicular sensor networks
CN114731293A (en) Preventing data manipulation and protecting user privacy when determining accurate location event measurements
Wang et al. Secure content sharing protocol for D2D users based on profile matching in social networks
Jansi et al. Efficient privacy-preserving fault tolerance aggregation for people-centric sensing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant