CN108924081B - Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation - Google Patents
Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation Download PDFInfo
- Publication number
- CN108924081B CN108924081B CN201810412657.7A CN201810412657A CN108924081B CN 108924081 B CN108924081 B CN 108924081B CN 201810412657 A CN201810412657 A CN 201810412657A CN 108924081 B CN108924081 B CN 108924081B
- Authority
- CN
- China
- Prior art keywords
- user
- perception
- task
- data
- privacy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention belongs to the field of information security, and discloses a method for protecting user privacy and resisting malicious users in an Internet of things based on edge calculation, wherein a SHE homomorphic password system is introduced to calculate and update trust values of users on the basis of protecting the user privacy, so that malicious users are prevented from injecting malicious data; complex ciphertext operation is loaded to the edge node by utilizing an edge computing mode, so that the privacy of a user is protected; the method comprises the following steps: and executing the perception task, and updating the trust value of the user executing the perception task under the cooperation of the edge node of the target area and the trust management center. The invention introduces a new edge computing mode, relatively accords with the requirements of an actual network, can estimate the reliability of data on the premise of not revealing original data, and further realizes the resistance to malicious users by introducing a trust management mechanism on the basis of protecting the data privacy of the users.
Description
Technical Field
The invention belongs to the field of information security, and particularly relates to a method for protecting user privacy and resisting malicious users in an Internet of things based on edge computing.
Background
At present, technologies for protecting user privacy and resisting malicious users in the internet of things rely on a central cloud server, and data of all internet of things equipment are required to be transmitted to the cloud server for processing. However, with the development of the internet of things technology, the number of devices in the internet of things is large, and the amount of data required to be transmitted to the cloud server for processing is increased, which brings a serious challenge to transmission bandwidth and time delay. In addition, the protection of the user privacy and the resistance to malicious users are relatively independent processes, and the data reliability cannot correspond to specific users due to the protection of the user privacy, so that the resistance to malicious users by introducing a trust management mechanism becomes difficult. Therefore, the invention provides a method for protecting user privacy against malicious users in the Internet of things based on edge computing, which introduces an edge computing mode, processes data at a position close to a data source by deploying edge equipment with certain computing, storing and communicating capabilities, and effectively relieves the problems of bandwidth, delay and the like caused by a large amount of data transmission and processing. Meanwhile, a homomorphic password system is introduced, and the resistance to malicious users is realized on the basis of protecting the privacy of the users.
Because the privacy of the user must be protected, the general privacy protection mode is mainly divided into two modes of anonymization processing on the user and user data encryption. While anonymizing users makes the data unassociated with their providers, encrypting user data makes it particularly difficult to measure the reliability of the data. Both of these ways of protecting user privacy make it particularly difficult to detect erroneous or spurious data provided by malicious users.
The patent of university of large-courseware "P2P malicious node detection method based on FP-outler mining" (application number: 201510220656) discloses a malicious node detection method in a P2P network. The patent mainly includes: A. constructing a behavior mode of the nodes according to interactive data among the nodes in the network; B. extracting a local frequent behavior pattern in the P2P subnet by adopting a frequent pattern mining method; C. updating global frequent behavior patterns stored by each supernode through incremental propagation and aggregation of local frequent patterns among the supernodes in the P2P network, and evaluating influence factors of each global frequent behavior pattern; D. and calculating the outlier factors of the nodes by integrating the local and global frequent behavior patterns, and detecting the nodes with the outlier factors higher than the average value as malicious nodes. The technology disclosed by the patent can effectively detect malicious nodes, but the technology does not consider the privacy problem of network nodes, for example, mining interactive data between nodes in a network tends to reveal relationship information between the nodes, which is not allowed under the background that the privacy protection problem is more and more emphasized. A yulong computer communication technology (shenzhen) limited patent "privacy protection method and privacy protection device in vehicle communication" (application number: 201610933025.6) discloses a privacy protection method in vehicle communication, which mainly comprises: A. acquiring a first secret key distributed by an operator, wherein after the operator distributes the first secret key, a plurality of pairs (PMSI, KPMSI) are encrypted by the first secret key and then sent to an authentication management center; B. sending a request for signing the public key of the vehicle terminal to an operator, and receiving a signature result returned by the operator, wherein the operator signs the public key of the vehicle terminal by using a private key of the operator; C. the identification code of the vehicle terminal, the public key of the vehicle terminal and the signature result are sent to an authentication management center, and at least one pair (PMSI, KPMSI) which is sent by the authentication management center and encrypted by using the public key and the first secret key of the vehicle terminal is received; D. and decrypting the received (PMSI, KPMSI) according to the first secret key and a private key of the vehicle terminal, and performing vehicle communication based on the decrypted (PMSI, KPMSI). According to the invention, the privacy security in the vehicle communication process is greatly improved, however, the technology does not consider the situation that a malicious user sends wrong data, the detection of the malicious user becomes very difficult on the premise of privacy protection, the accuracy of the interaction result between vehicles is greatly reduced, and even traffic accidents are caused, so that the personal and property safety is endangered.
S. bassan et al in its article "a Privacy-Preserving lateral crown Monitoring-Based Road Surface conditioning Monitoring System Using wrapping Computing" (IEEE Internet of motions Journal, vol.4, No.3, pp.772-782,2017) provides a crowdsourcing sensing method for protecting user Privacy in a Fog Computing mode, which can resist certain malicious user attacks on the premise of protecting Privacy, but can only detect whether a user works according to a given protocol, and cannot process whether the user uploads a correct sensing result.
Fan et al in its paper "Privacy-Aware and trust Data Aggregation in Mobile Sensing" (IEEE CNS, 2015, pp.31-39) provide a reliable Data fusion method for protecting user Privacy, which can determine whether the perception result uploaded by the user is within a defined legal range, and if the range is large, the malicious user still cannot be processed. Wang et al in their paper "engineering in Privacy-Preserving Mobile Sensing" (IEEE Transactions on Mobile Computing, vol.13, No.12, pp.2777-2790,2014) propose a Privacy-Preserving Trust management mechanism against malicious users. However, the method protects the privacy of the user by using an anonymous method, so that sensitive information of the user can still be leaked under a tracing attack; furthermore, the updating of the trust value relies on an additional trust value redemption process, so that a malicious user can continue to send erroneous data at a high trust value for a short time by refusing to perform the redemption process.
In summary, the problems of the prior art are as follows:
(1) in the prior art, the P2P malicious node detection method based on FP-outlier mining does not consider the situation that a malicious user sends wrong data, so that the detection of the malicious user becomes more difficult on the premise of privacy protection, the accuracy of an interaction result between vehicles is greatly reduced, even traffic accidents are caused, and personal and property safety is endangered.
(2) In the prior art, a crowdsourcing sensing method for protecting user privacy in a fog computing mode can only detect whether a user works according to a set protocol, and cannot process whether the user uploads a correct sensing result.
(3) In the prior art, a reliable data fusion method for protecting user privacy can only detect whether provided data is in a defined effective range, and if the range is large, a malicious user can provide error data with a large difference from actual data in the effective range to influence a final fusion result.
(4) In the prior art, an anonymous method is used for protecting the privacy of a user by a trust management mechanism for protecting the privacy, so that sensitive information of the user can still be leaked under retroactive attack; meanwhile, the malicious user continuously transmits the error data with a high trust value for a short time by refusing to perform the trust value redemption process.
The technical problem is solved on the premise of protecting the privacy of the user. Since the anonymous method is difficult to resist the tracing attack, a data encryption mode is needed to protect the privacy of the user. However, the reliability of the data encrypted by using the traditional encryption mode cannot be measured, so that a malicious attacker continuously sends wrong sensing data without being detected, and further, the data fusion process of the internet of things is continuously influenced badly. Therefore, a new password system and a related scheme are required to be introduced to realize the resistance to malicious users on the basis of protecting the privacy of the users.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a method for protecting user privacy and resisting malicious users in the Internet of things based on edge computing. The invention realizes the inhibition of the attack of the malicious user through the trust management mechanism on the basis of protecting the privacy of the user.
The invention is realized in such a way that a method for protecting user privacy and resisting malicious users in the Internet of things based on edge calculation comprises the following steps:
(1) initialization: the trusted center determines security parameters required by the SHE homomorphic password system; the new user registers at the trust management centre and is assigned an initial trust value of 0.5.
(2) Performing perceptual tasks
2a) A user with a perception task request requests a public key and a private key for the perception task from a trusted center;
2b) the cloud scheduling center traces the sensing task through the edge node;
2c) broadcasting a task request by an edge node of a target area;
2d) the user executes the perception task and transmits the encrypted perception data to the edge node in the area;
2e) the edge nodes in the target area are subjected to perception result fusion;
2f) and sending the final fusion result to a user requesting the task through the cloud scheduling center.
(3) Trust value update
3a) Calculating the dispersion of each sensing data and the final fusion result after encryption by the edge node of the target area;
3b) sending the calculated encryption dispersion to a trust management center;
3c) the trust management center requests a private key for the task from a user initiating the perception task and decrypts the divergence;
3d) and updating the trust value of the user providing the perception data by using the decrypted dispersion.
The method specifically comprises the following steps:
(1) initialization:
the trusted center determines security parameters required by the SHE homomorphic cryptography for protecting user privacy. All users register at a trust management centre, which determines an initial trust value of 0.5 for each user.
(2) And (3) executing a perception task:
2a) when the user needs other users to perform the perception task, the requesting user obtains the public key pk and the private key sk for the request from the trusted center. And the pk is sent to an edge node near the requesting user along with the task request, and the sk is kept by the requesting user.
2b) When the edge node near the requesting user receives the user request, the edge node sends the request to the cloud scheduling center. And the cloud scheduling center selects an edge node positioned in the target area according to the requirement of the task request and sends the task request and pk thereof to the node.
2c) After receiving the task request and pk, the edge node of the target area broadcasts the task request and pk to the surrounding users.
2d) And the user in the target area executes the perception task, encrypts the acquired perception data by utilizing pk, and sends the ID and the encrypted result thereof to the edge node in the target area.
2e) After receiving the ID of the user who executes the perception task and the encrypted perception data, the edge node in the target area requests the trust value of the user to a trust management center, and determines the encrypted final perception result according to the following formula
2f) The encrypted final perception result is sent to the requesting user from the edge node of the target area through the cloud scheduling center and the edge node near the requesting user, the requesting user decrypts the encrypted final perception result by using the private key sk to obtain the plaintext of the final perception result, and the perception task is ended at this moment.
Description of the drawings: in the process, the original perception data of the user who performs the perception task is not leaked all the time.
(3) And (3) updating the trust value:
after the perception task is completed, the edge node and the trust management center of the target area update the trust value of the user executing the perception task according to the following steps:
3a) for each node i of the Internet of things executing the perception task, belonging to the P, the edge node of the target area is based onAndis calculated according to the following formula
Wherein ubjAnd lbjThe upper and lower bounds of the jth component of the perceptual data can be derived by analyzing historical data about the component's attributes.
3b) The edge nodes of the target area complete all the calculationAnd then sending the data to a trust management center.
3c) The trust management center requests the edge nodes near the userAnd requesting the request user to acquire the private key sk of the perception task. Trust management center decrypts with private key skObtaining di(i∈P)。
3d) The trust management center obtains di(i ∈ P), first find the number of bits in it, and useAnd (4) showing. And then updating the trust value of each node of the internet of things participating in the perception task by using the following formula:
wherein δ is 1.5, α is 10, γ is 3, β is 0.05, and η is 0.15.
Furthermore, edge computing nodes with certain computing, storage and communication capabilities are arranged in different areas, and a user can perform information interaction with the edge computing nodes through wireless communication technologies such as WIFI and Bluetooth. And data transmission is carried out between the edge computing node and the cloud data center through the Internet.
The SHE homomorphic password system gives a public key pk, a private key sk and any two binary expressed messages m and m ', and after the public key pk is used for encrypting m and m', respectively obtaining ciphertextAndby usingRepresenting pair cipher textAndperforming summation operation in its polynomial domain, and using sk to pairDecrypting to obtain m + m'; similarly, byRepresenting pair cipher textAndperforming an arithmetic operation in its polynomial domain, using sk pairsAfter decryption, m · m' is obtained. The security parameters of the SHE homomorphic password system are respectively as follows: modulo x of polynomial field2048+1, modulo 2 of the polynomial coefficient field60-214+1, and the range of the plaintext message [0,28-1]。
Another object of the present invention is to provide a computer program for implementing the method for protecting user privacy against malicious users in the internet of things based on edge computing.
In summary, the advantages and positive effects of the invention are:
according to the invention, the weight of the malicious user providing data in the data fusion process can be reduced through a trust management mechanism on the basis of protecting the privacy of the user by introducing a SHE homomorphic password system in the Internet of things based on the edge computing mode, so that the malicious user is resisted, and the reliability of data acquisition and fusion in the edge computing mode is improved. Meanwhile, the reliability of the data is estimated on the premise of not revealing the original data, and further, the malicious user is resisted by introducing a trust management mechanism on the basis of protecting the privacy of the user data. The concrete expression is as follows:
(1) when the sensing data is single data, the relationship between the number of users and the running time required for obtaining the fusion sensing result is as follows:
(2) defining MAE as the average absolute error between the data fusion result when the malicious user exists and the data fusion result when the malicious user does not exist, and defining P when 100 Internet of things users exist in the communication range of each edge nodemalThe number of malicious users in the users of the Internet of things accounts for the proportion of all the users, the MAE and the number n of the executed sensing taskssAt PmalThe relationship when different values are taken is as shown in fig. 3, it can be seen that along with the increase of the number of executed sensing tasks, the malicious device can be gradually detected, and further, the MAE is stabilized below 0.003. Therefore, the proposed scheme can prove to be capable of resisting malicious users on the basis of protecting the privacy of user data.
Drawings
Fig. 1 is a flowchart of a method for protecting user privacy against malicious users in an internet of things based on edge computing according to an embodiment of the present invention.
Fig. 2 is a scene diagram provided by an embodiment of the present invention.
FIG. 3 shows an MAE and the number of executed sensing tasks n according to an embodiment of the present inventionsAt PmalAnd (5) taking a relation diagram when different values are taken.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
According to the invention, by introducing an SHE homomorphic password system, on the basis of protecting the privacy of the user, the calculation and the update of the trust value of the user are realized, and finally, the malicious data injection by the malicious user is resisted. In addition, the complex ciphertext operation is loaded to the edge node by utilizing the edge computing mode, so that the load of a user in the aspect of privacy protection is reduced, and the method has strong practicability.
The application scenario of the invention is the internet of things based on the edge computing mode, as shown in fig. 2, a user in a network can be in a mobile state, and the user can be used as a data requester or a data provider; the edge devices are distributed in different regions and have certain storage, calculation and communication capacities; the trusted center, the trust management center and the scheduling center are located in the cloud center server and respectively realize the functions of key distribution, trust value storage and updating and scheduling request task tracing.
As shown in fig. 1, a method for protecting user privacy against malicious users in an internet of things based on edge computing according to an embodiment of the present invention includes:
(1) initialization:
the trusted center determines security parameters required by the SHE homomorphic cryptography for protecting user privacy. All users register at a trust management centre, which determines an initial trust value of 0.5 for each user. The SHE homomorphic cipher system is characterized in that a public key pk, a private key sk and any two binary expressed messages m and m 'are given, and after the public key pk is used for encrypting the m and the m', respectively obtaining ciphertextsAndwherein the content of the first and second substances,representing the ciphertext after encrypting a binary message. By usingRepresenting pair cipher textAndperforming a summation operation in its polynomial domainUsing sk pairsDecrypting to obtain m + m'; similarly, byRepresenting pair cipher textAndperforming an arithmetic operation in its polynomial domain, using sk pairsAfter decryption, m · m' is obtained. The security parameters of the SHE homomorphic password system are respectively as follows: modulo x of polynomial field2048+1, modulo 2 of the polynomial coefficient field60-214+1, and the range of the plaintext message [0,28-1]。
(2) And (3) executing a perception task:
2a) when the user needs other users to perform the perception task, the requesting user obtains the public key pk and the private key sk for the request from the trusted center. And the pk is sent to an edge node near the requesting user along with the task request, and the sk is kept by the requesting user.
2b) When the edge node near the requesting user receives the user request, the edge node sends the request to the cloud scheduling center. And the cloud scheduling center selects an edge node positioned in the target area according to the requirement of the task request and sends the task request and pk thereof to the node.
2c) After receiving the task request and pk, the edge node of the target area broadcasts the task request and pk to the surrounding users.
2d) And the user interested in the task request in the target area executes the perception task, encrypts the acquired perception data by utilizing pk, and sends the ID and the encrypted result thereof to the edge node in the target area.
2e) After receiving the ID of the user who executes the perception task and the encrypted perception data, the edge node in the target area requests the trust value of the user to a trust management center, and determines the encrypted final perception result according to the following formula
2f) The encrypted final perception result is sent to the requesting user from the edge node of the target area through the cloud scheduling center and the edge node near the requesting user, the requesting user decrypts the encrypted final perception result by using the private key sk to obtain the plaintext of the final perception result, and the perception task is ended at this moment.
Description of the drawings: in the process, the original perception data of the user who performs the perception task is not leaked all the time.
(3) And (3) updating the trust value:
after the perception task is completed, the edge node and the trust management center of the target area update the trust value of the user executing the perception task according to the following steps:
3a) for each user i e P performing the perception task, the edge node of the target area is based onAndis calculated according to the following formula
3b) The edge nodes of the target area complete all the calculationAnd then sending the data to a trust management center.
3c) And the trust management center requests the requesting user to acquire the private key sk of the perception task through the edge node near the requesting user. Trust management center decrypts with private key skObtaining di(i∈P)。
3d) The trust management center obtains di(i ∈ P), first find the number of bits in it, and useAnd (4) showing. Then, updating the trust value of each user participating in the perception task by using the following formula:
wherein δ is 1.5, α is 10, γ is 3, β is 0.05, and η is 0.15.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When used in whole or in part, can be implemented in a computer program product that includes one or more computer instructions. When loaded or executed on a computer, cause the flow or functions according to embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.)). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (5)
1. A method for protecting user privacy against malicious users in an Internet of things based on edge computing is characterized in that the method for protecting user privacy against malicious users in the Internet of things based on edge computing calculates and updates trust values of users on the basis of protecting user privacy by introducing a SHE homomorphic password system, and resists malicious users from injecting malicious data; complex ciphertext operation is loaded to the edge node by utilizing an edge computing mode, so that the privacy of a user is protected; the method comprises the following steps:
and (3) executing a perception task: a user with a perception task request requests a public key and a private key for the perception task from a trusted center; the cloud scheduling center traces the sensing task through the edge node; broadcasting a task request by an edge node of a target area; the user executes the perception task and transmits the encrypted perception data to the edge node in the area; the edge nodes in the target area are subjected to perception result fusion; sending the final fusion result to a user requesting the task through a cloud scheduling center;
and updating the trust value of the user executing the perception task under the cooperation of the target area edge node and the trust management center: calculating the dispersion of each sensing data and the final fusion result after encryption by the edge node of the target area; sending the calculated encryption dispersion to a trust management center; the trust management center requests a private key for the task from a user initiating the perception task and decrypts the divergence; and updating the trust value of the user providing the perception data by using the decrypted dispersion.
2. The method for protecting the privacy of the user against the malicious user in the internet of things based on the edge computing as claimed in claim 1, wherein the method for protecting the privacy of the user against the malicious user in the internet of things based on the edge computing specifically comprises:
1) initialization: the method comprises the steps that a trusted center determines security parameters required by an SHE homomorphic password system for protecting user privacy; all users register at a trust management center, and the trust management center determines an initial trust value of 0.5 for each user;
2) and (3) executing a perception task:
2a) when a user needs other users to execute a perception task, a requesting user acquires a public key pk and a private key sk for requesting from a trusted center; the pk is sent to an edge node near a requesting user along with a task request, and the sk is kept by the requesting user;
2b) when an edge node near a requesting user receives a user request, the edge node sends the request to a cloud scheduling center; the cloud scheduling center selects an edge node positioned in a target area according to the requirement of a task request and sends the task request and pk to the node;
2c) after receiving the task request and pk, the edge node of the target area broadcasts the task request and pk to surrounding users;
2d) a user in the target area executes a perception task, encrypts the acquired perception data by utilizing pk, and sends the ID and the encrypted result to an edge node in the target area;
2e) after receiving the ID of the user who executes the perception task and the encrypted perception data, the edge node in the target area requests the trust value of the user to a trust management center, and determines the encrypted final perception result according to the following formula
2f) The encrypted final perception result is sent to the requesting user from the edge node of the target area through the cloud scheduling center and the edge node near the requesting user, the requesting user decrypts the encrypted final perception result by using the private key sk to obtain a plaintext, and the perception task is finished;
3) and (3) updating the trust value:
after the perception task is completed, the edge node and the trust management center of the target area update the trust value of the user executing the perception task according to the following steps:
3a) for each internet of things node i ∈ p performing this perception task, the edge nodes of the target region are based onAndis calculated according to the following formula
Wherein ubjAnd lbjObtaining upper and lower bounds of jth component of the perception data by analyzing historical data about component attributes;
3b) the edge nodes of the target area complete all the calculationThen, sending the data to a trust management center;
3c) trust management center attaching by requesting userThe near edge node requests the requesting user to acquire the private key sk of the perception task; trust management center decrypts with private key skObtaining di(i∈Ρ);
3d) The trust management center obtains di(i e.p) first find the number of bits in it, and use itRepresents; and then updating the trust value of each node of the internet of things participating in the perception task by using the following formula:
wherein δ is 1.5, α is 10, γ is 3, β is 0.05, η is 0.15; sign (x) is a sign function defined as:
3. an information data processing terminal for implementing the method for protecting user privacy against malicious users in the internet of things based on edge computing according to any one of claims 1-2.
4. A computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform the method of protecting user privacy against malicious users in an edge computing-based internet of things as claimed in any of claims 1-2.
5. The control system for protecting the privacy of the user against the malicious user in the internet of things based on the edge computing according to any one of claims 1 to 2.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810412657.7A CN108924081B (en) | 2018-05-03 | 2018-05-03 | Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810412657.7A CN108924081B (en) | 2018-05-03 | 2018-05-03 | Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108924081A CN108924081A (en) | 2018-11-30 |
CN108924081B true CN108924081B (en) | 2021-04-30 |
Family
ID=64403457
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810412657.7A Active CN108924081B (en) | 2018-05-03 | 2018-05-03 | Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108924081B (en) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109784718A (en) * | 2019-01-14 | 2019-05-21 | 四川长虹电器股份有限公司 | It is a kind of that system and method is dispatched using the Discrete Manufacturing Process for more acting on behalf of edge calculations |
CN109862114B (en) * | 2019-03-12 | 2021-08-10 | 南京邮电大学 | Safe vehicle crowd-sourcing sensing method based on fog calculation |
CN110191089B (en) * | 2019-04-25 | 2021-06-25 | 西安邮电大学 | Non-interactive authentication method and system for data processing of Internet of things |
CN110650187B (en) * | 2019-09-09 | 2020-09-18 | 北京邮电大学 | Node type determination method for edge node and target network |
CN111062043B (en) * | 2019-11-29 | 2022-05-20 | 清华大学 | Medical image identification method and system based on edge calculation |
CN112600886B (en) * | 2020-12-04 | 2022-08-26 | 支付宝(杭州)信息技术有限公司 | Privacy protection method, device and equipment with combination of end cloud and device |
CN112787796B (en) * | 2021-01-06 | 2023-04-28 | 南京邮电大学 | Aggregation method and device for detecting false data injection in edge calculation |
CN113132360A (en) * | 2021-03-30 | 2021-07-16 | 湘潭大学 | False data detection method for ammeter metering system based on edge calculation |
CN113271598B (en) * | 2021-05-18 | 2022-09-27 | 全球能源互联网研究院有限公司 | Edge safety protection architecture for electric power 5G network |
CN114050914B (en) * | 2021-10-21 | 2022-08-02 | 广州大学 | Revocable lightweight group authentication method, system and medium for edge controller |
CN116074841B (en) * | 2023-03-07 | 2023-06-13 | 鹏城实验室 | Edge computing trusted access method, device, equipment and computer storage medium |
CN117195292B (en) * | 2023-09-08 | 2024-04-09 | 广州星屋智能科技有限公司 | Power business evaluation method based on data fusion and edge calculation |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102413474A (en) * | 2012-01-04 | 2012-04-11 | 西安电子科技大学 | Self-adaption trust management system and method of cognitive radio network |
CN107070644A (en) * | 2016-12-26 | 2017-08-18 | 北京科技大学 | A kind of decentralization public key management method and management system based on trust network |
CN107770263A (en) * | 2017-10-16 | 2018-03-06 | 电子科技大学 | A kind of internet-of-things terminal safety access method and system based on edge calculations |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8397063B2 (en) * | 2009-10-07 | 2013-03-12 | Telcordia Technologies, Inc. | Method for a public-key infrastructure for vehicular networks with limited number of infrastructure servers |
US9525692B2 (en) * | 2012-10-25 | 2016-12-20 | Imprivata, Inc. | Secure content sharing |
-
2018
- 2018-05-03 CN CN201810412657.7A patent/CN108924081B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102413474A (en) * | 2012-01-04 | 2012-04-11 | 西安电子科技大学 | Self-adaption trust management system and method of cognitive radio network |
CN107070644A (en) * | 2016-12-26 | 2017-08-18 | 北京科技大学 | A kind of decentralization public key management method and management system based on trust network |
CN107770263A (en) * | 2017-10-16 | 2018-03-06 | 电子科技大学 | A kind of internet-of-things terminal safety access method and system based on edge calculations |
Non-Patent Citations (1)
Title |
---|
"边缘计算数据安全与隐私保护研究综述";张佳乐;《通信学报》;20180331;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN108924081A (en) | 2018-11-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108924081B (en) | Method for protecting user privacy and resisting malicious users in Internet of things based on edge calculation | |
US10484185B2 (en) | Method and system for distributing attestation key and certificate in trusted computing | |
Khalid et al. | A survey on privacy and access control schemes in fog computing | |
Khaliq et al. | A secure and privacy preserved parking recommender system using elliptic curve cryptography and local differential privacy | |
CN109688119B (en) | Anonymous traceability identity authentication method in cloud computing | |
KR102219277B1 (en) | System and method for controlling the delivery of authenticated content | |
US20220286440A1 (en) | Secure Media Delivery | |
KR101311059B1 (en) | Revocation information management | |
CN104641592A (en) | Method and system for a certificate-less authentication encryption (CLAE) | |
US20210143986A1 (en) | Method for securely sharing data under certain conditions on a distributed ledger | |
CN110830245B (en) | Anti-quantum-computation distributed Internet of vehicles method and system based on identity secret sharing and implicit certificate | |
CN107248980B (en) | Mobile application recommendation system and method with privacy protection function under cloud service | |
Liu et al. | Dynamic anonymous identity authentication (DAIA) scheme for VANET | |
CN111294349B (en) | Method and device for sharing data of Internet of things equipment | |
US20220407701A1 (en) | Processing of requests to control information stored at multiple servers | |
JPWO2017033442A1 (en) | Information processing apparatus, authentication system, authentication method, and computer program | |
WO2018112482A1 (en) | Method and system for distributing attestation key and certificate in trusted computing | |
Salek et al. | A review on cybersecurity of cloud computing for supporting connected vehicle applications | |
Liu et al. | LVAP: Lightweight V2I authentication protocol using group communication in VANET s | |
Amuthan et al. | Hybrid GSW and DM based fully homomorphic encryption scheme for handling false data injection attacks under privacy preserving data aggregation in fog computing | |
US20180083778A1 (en) | Binding data to a network in the presence of an entity with revocation capabilities | |
Dai et al. | Pairing-free certificateless aggregate signcryption scheme for vehicular sensor networks | |
CN114731293A (en) | Preventing data manipulation and protecting user privacy when determining accurate location event measurements | |
Wang et al. | Secure content sharing protocol for D2D users based on profile matching in social networks | |
Jansi et al. | Efficient privacy-preserving fault tolerance aggregation for people-centric sensing system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |