CN109257167A - A kind of resource allocation methods for protecting privacy in mist calculating - Google Patents

A kind of resource allocation methods for protecting privacy in mist calculating Download PDF

Info

Publication number
CN109257167A
CN109257167A CN201811017910.5A CN201811017910A CN109257167A CN 109257167 A CN109257167 A CN 109257167A CN 201811017910 A CN201811017910 A CN 201811017910A CN 109257167 A CN109257167 A CN 109257167A
Authority
CN
China
Prior art keywords
mist
keyword
gateway
group
resource allocation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811017910.5A
Other languages
Chinese (zh)
Other versions
CN109257167B (en
Inventor
张磊
黄志刚
李江涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
East China Normal University
Original Assignee
East China Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by East China Normal University filed Critical East China Normal University
Priority to CN201811017910.5A priority Critical patent/CN109257167B/en
Publication of CN109257167A publication Critical patent/CN109257167A/en
Application granted granted Critical
Publication of CN109257167B publication Critical patent/CN109257167B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of resource allocation methods that privacy is protected in mist calculating, this method comprises: initialization, registration, Qun Shengcheng, keyword generate, message encapsulation, test authorization, resource allocation.Deficiency of the present invention for the resource allocation methods in the calculating of existing mist; provide a kind of resource allocation methods for protecting privacy; this method is in gateway malice or in the case where be tampered; still it can guarantee the privacy of data; and in the case that the private key of mist node is all revealed, any information of metadata will not be leaked cruelly.The present invention meets the features such as high efficiency, robustness.

Description

A kind of resource allocation methods for protecting privacy in mist calculating
Technical field
The invention belongs to mist calculating, resource allocation, information security field, and in particular to a kind of protection in mist calculating is hidden Private resource allocation methods.
Background technique
Internet of Things (IoT) is an efficient frame, so that can carry out message exchange between various terminal equipment.With The fast development of Internet of Things, various internet of things equipment generate huge data daily.Cloud computing is that a promising platform comes Handle the data of these internet of things equipment generation.It flexibly distributes required resource according to the demand of end subscriber for it.So And with the rapid growth of internet of things equipment, traditional method based on cloud possibly can not provide abundance in the future for end subscriber Service.Further that is, the application for those delay-sensitives, limitation and conventional cloud due to network bandwidth and some The factors such as remote geographical location between end subscriber, current cloud computing platform are difficult meet the needs of low latency.On meeting State the service quality of application, it is necessary to develop new cloud computing framework.
Mist calculating is the extension to cloud computing, and has shown that it is one of problems to above-mentioned conventional cloud effectively solution Certainly method.This new framework can directly be calculated in network edge.Since mist calculating is implemented in network edge, because This can provide better service quality and user experience for application.In mist calculating, mist node such as intelligent vehicle, edge are routed Device, cellular base station etc. can be distributed on geographical location and support mobility.End subscriber, mist and cloud form three layers of Hierarchical Network Network can support a series of application scenarios, such as intelligent transportation, industry automation, smart grid, wireless sensor network.
In order to realize different optimization functions, gateway needs to consider many factors to do decision.It is such a in order to realize System, task data needs and metadata bundles, the required factor of metadata definition.If metadata is not any Protection may reveal terminal device.
Summary of the invention
It is an object of the invention to: for the deficiency of the resource allocation in the calculating of existing mist, provide a kind of in mist calculating The resource allocation methods of privacy are protected, this method guarantees the information of terminal device in gateway malice or in the case where be tampered Safety.
Realizing the specific technical solution of the object of the invention is:
A kind of resource allocation methods for protecting privacy in mist calculating, including following entity: terminal device, mist node, life At the mechanism with dissemination system parameter, that is, trust authority TA, intelligent gateway, cloud;Method includes the following steps:
(1) it initializes
TA generates master key and system parameter;System parameter is disclosed;
(2) it registers
Mist node in system is registered by TA;TA receive the registration request sent of mist node that identity is ID it Afterwards, TA generates a private key based on this identity using master key;
(3) all living creatures at
One group of identity is ID1,...,IDkMist node by interacting with each other, generate group's public key;Group's public key is disclosed;
(4) keyword generates
Mist system is to need to need to set using the terminal of the mist system using the terminal device of the mist system or each group It is standby to generate a set of keyword;
(5) message encapsulates
Any one knows that the terminal device of group public key has the ability to generate encrypted metadata;Metadata include one or The keyword that the multiple group's public key encryptions by mist system of person are crossed;Encrypted metadata and task data is transmitted to net together It closes;
(6) test authorization
A keyword m is tested in order to authorize a gateway, and the mist node that identity is ID in group generates one about m's Part trapdoor;After gateway receives the part trapdoor that all mist nodes generate in group, final trapdoor is generated;
(7) resource allocation
After the metadata for receiving encryption, whether gateway is run in metadata of the testing algorithm to judge encryption has One legal keyword;Gateway can not know the particular content of metadata;Gateway carries out resource allocation according to test result.
The present invention still can guarantee the privacy of data, and mist section in gateway malice or in the case where be tampered In the case that the private key of point is all revealed, any information of metadata will not be leaked cruelly.The present invention meets the spies such as high efficiency, robustness Point.
Detailed description of the invention
Fig. 1 is flow chart of the invention.
Specific embodiment
Mist of the invention protects the resource allocation methods of privacy, including following entity in calculating: terminal device, mist node, Generate mechanism, that is, trust authority TA, the intelligent gateway, Cloud Server with dissemination system parameter;Method includes the following steps:
(1) it initializes
It inputs security parameter a p, TA and selects two ranks for the circulation multiplicative group of prime number q according to pWithLife Cheng Yuanwei g, there are bilinear mapsBilinear mapMeet following property:
Bilinearity: to arbitraryIt is the quotient group that a rank is q, hasIt sets up;
Non-degeneracy: existMeetNot equal to 1;
Computability: there are efficient algorithm, forIt can calculate
TA is randomly selectedMaster key as system;Calculate y=gη;Keyed Hash function H is selected, Open system parameter
(2) it registers
1) mist node requires to obtain private key in TA registration;For identity IDi∈{0,1}*Mist node, TA the following is Mist node generates private key:
2) f is calculatedi=H1(IDi);
3) private key is exported
(3) all living creatures at
Multiple mist nodes in system are negotiated to generate a unique group ID
GID=ID1‖ID2‖...‖IDk‖serialnumber
1) for 1≤i≤k, i-th of identity is IDiMist node select a random numberIt calculates uiThe channel authenticated by one is sent to other mist nodes;
2) mist node calculates simultaneously release group public key E=(u, Λ)
(4) keyword generates
Mist system generates a set of keyword, is sent to and is needed using one of mist system or one group end by safe lane End equipment;A random string is selected as keyword to resist keyword guessing attack;Terminal device and mist system note The correlativity between keyword and a required factor is recorded, required factor is the type of required service, temporal sensitivity, calculating Complexity;
(5) message encapsulates
One terminal device sends encrypted metadata and task data to gateway;For the keyword m in metadata, One terminal device selectionCalculate encrypted keyword (a, b)
(6) test authorization
Keyword (the m of generation1,...,mn) indicate, in order to authorize a gateway test keyword ml, l ∈ 1 ..., N }, i-th and GID=ID1‖ID2‖...‖IDkMist node calculating section trapdoor in the group of ‖ serialnumber,
By hidden passageway by vi,tagiIt is sent to gateway, tag ∈ { 0.1 };If tag=0, i-th of mist node is represented It is not desired to execute m task;If tag=1, represents i-th of mist node and have a mind to execute m task;Mist node receives { vi, tagi}1≤i≤k, calculate
It is that test is a piece of encrypted, group ID is whether the metadata of GID includes keyword mlTrapdoor;Mist node It can be many trapdoors about different keywords of gateway publication;Keyword illustrates whether task data is time-sensitive, Whether high calculating or storage cost are needed, if belong to specific theme address etc.;
(7) resource allocation
(aj,bj) it is j-th of encryption keyword in encrypted metadata;Possess trapdoorGateway follow below survey Trial and error procedure
If equation is set up, gateway is known that a legal keyword mlIt is contained in encrypted metadata;Equation It is invalid, keyword mlIt is not included in encrypted metadata;Test keyword all in encrypted metadata it Afterwards, gateway executes the resource allocation based on the label about trapdoor;If none mist node wishes to carry out some task, So this task is sent to cloud.

Claims (6)

1. a kind of resource allocation methods for protecting privacy in mist calculating, including following entity: terminal device, generates mist node With mechanism, that is, trust authority TA, the intelligent gateway, Cloud Server of dissemination system parameter, characterized in that it comprises the following steps:
Step 1: initialization
TA generates master key and system parameter;System parameter is disclosed;
Step 2: registration
Mist node in system is registered by TA;TA is ID receiving identityiThe registration request sent of mist node after, TA A private key based on this identity is generated using master key;
Step 3: Qun Shengcheng
One group of identity is ID1..., IDkMist node by interacting with each other, generate group's public key;Group's public key is disclosed;
Step 4: keyword generates
Mist system is to need to need the terminal device life using the mist system using the terminal device of the mist system or each group At a set of keyword;
Step 5: message encapsulation
Any one knows that the terminal device of group public key has the ability to generate encrypted metadata;Metadata is comprising one or more The keyword that a group's public key encryption by mist system is crossed;Encrypted metadata and task data is transmitted to gateway together, Task data refers to that terminal device i.e. mist user is sent to the data that the task of mist node is included;
Step 6: test authorization
Keyword m is the specific factor defined in the metadata;A keyword is tested in order to authorize a gateway M, identity is ID in groupiMist node generate a part trapdoor about m;Gateway receives the portion that all mist nodes generate in group Divide after trapdoor, generates final trapdoor;
Step 7: resource allocation
After the metadata for receiving encryption, gateway is run in metadata of the testing algorithm to judge encryption with the presence or absence of certain A legal keyword;Gateway can not know the particular content of metadata;Gateway carries out resource allocation according to test result.
2. resource allocation methods according to claim 1, which is characterized in that the step 3 specifically includes:
Identity is ID in system1..., IDkMultiple mist nodes negotiate generate a unique group ID, i.e. GID
GID=ID1||ID2||...||IDk||serialnumber
1) 1≤i≤k, i-th of identity are IDiMist node select a random number It is the quotient group that a rank is q; G is the generation member of group;It calculatesuiThe channel authenticated by one is sent to other mist nodes;
2) mist node calculates simultaneously release group public key E=(u, Λ)
Wherein,It is a bilinear map, It is two multiplicative groups;
H1It is a keyed Hash function,
3. resource allocation methods according to claim 1, which is characterized in that the step 4 specifically includes:
Mist system generates a set of keyword, is sent to by safe lane and needs to set using one of mist system or one group of terminal It is standby;A random string is selected as keyword to resist keyword guessing attack;Terminal device and mist system record close Correlativity between key word and a required factor, required factor are the type of required service, temporal sensitivity, calculate complexity Degree.
4. resource allocation methods according to claim 1, which is characterized in that the step 5 specifically includes:
One terminal device sends encrypted metadata and task data to gateway;For the keyword m in metadata, one Terminal device selectionCalculate encrypted keyword (a, b)
H2It is a keyed Hash function,
H3It is a keyed Hash function,P is a security parameter.
5. resource allocation methods according to claim 1, which is characterized in that the step 6 specifically includes:
Keyword (the m of generation1..., mn) indicate, keyword m is tested in order to authorize a gateway permissionl, l ∈ { 1 ..., n }, i-th and GID=ID1||ID2||...||IDk| | the mist node calculating section in the group of serialnumber Trapdoor:
siBe identity be IDiMist node private key,fi=H1(IDi), η is the master key of TA selection;
The mist node passes through hidden passageway for vi, tagiIt is sent to gateway, tag ∈ { 0.1 };If tag=0, i-th of mist is represented Node is not desired to execute m task;If tag=1, represents i-th of mist node and have a mind to execute m task;Gateway receives { vi, tagi}1≤i≤k, calculate
It is to be crossed for testing encryption, group ID is whether the metadata of GID includes keyword mlTrapdoor;Mist node can be net Close many trapdoors about different keywords of publication;Keyword illustrates whether task data is time-sensitive, if needs Want high calculating or storage cost, if belong to a specific theme address.
6. resource allocation methods according to claim 1, which is characterized in that the step 7 specifically includes:
(aj, bj) it is j-th of encryption keyword in encrypted metadata;Possess trapdoorGateway follow following test and calculate MethodWhether b is equal toj
If equation is set up, gateway is known that a legal keyword mlIt is contained in the encrypted metadata;Equation not at It is vertical, keyword mlIt is not included in the encrypted metadata;It tests after keyword all in encrypted metadata, Gateway executes the resource allocation based on the label about trapdoor;If none mist node, which participates in, executes some task, So this task is sent to cloud.
CN201811017910.5A 2018-09-03 2018-09-03 Resource allocation method for protecting privacy in fog calculation Active CN109257167B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811017910.5A CN109257167B (en) 2018-09-03 2018-09-03 Resource allocation method for protecting privacy in fog calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811017910.5A CN109257167B (en) 2018-09-03 2018-09-03 Resource allocation method for protecting privacy in fog calculation

Publications (2)

Publication Number Publication Date
CN109257167A true CN109257167A (en) 2019-01-22
CN109257167B CN109257167B (en) 2021-05-07

Family

ID=65048972

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811017910.5A Active CN109257167B (en) 2018-09-03 2018-09-03 Resource allocation method for protecting privacy in fog calculation

Country Status (1)

Country Link
CN (1) CN109257167B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109951869A (en) * 2019-03-01 2019-06-28 重庆邮电大学 A kind of car networking resource allocation methods calculated based on cloud and mist mixing
CN112910642A (en) * 2021-03-01 2021-06-04 北京邮电大学 Quantum key based internet of things resource allocation method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110145593A1 (en) * 2009-12-15 2011-06-16 Microsoft Corporation Verifiable trust for data through wrapper composition
US20150365389A1 (en) * 2014-06-17 2015-12-17 Cisco Technology, Inc. Authentication of devices having unequal capabilities
CN106888257A (en) * 2017-02-22 2017-06-23 西安电子科技大学 The storage resource distribution method of mist node in radio communication
CN108282333A (en) * 2018-03-02 2018-07-13 重庆邮电大学 Data safety sharing method under multiple edge node collaboration mode under industrial cloud environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110145593A1 (en) * 2009-12-15 2011-06-16 Microsoft Corporation Verifiable trust for data through wrapper composition
US20150365389A1 (en) * 2014-06-17 2015-12-17 Cisco Technology, Inc. Authentication of devices having unequal capabilities
CN106888257A (en) * 2017-02-22 2017-06-23 西安电子科技大学 The storage resource distribution method of mist node in radio communication
CN108282333A (en) * 2018-03-02 2018-07-13 重庆邮电大学 Data safety sharing method under multiple edge node collaboration mode under industrial cloud environment

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
MOHAMMAD AAZAM: "Fog computing and smart gateway based Communication for Cloud of Things", 《2014 INTERNATIONAL CONFERENCE ON FUTURE INTERNET OF THINGS AND CLOUD》 *
XIMENG LIU: "Hybrid privacy-preserving clinical decision support system in fog–cloud computing", 《FUTURE GENERATION COMPUTER SYSTEMS》 *
张佳乐: "边缘计算数据安全与隐私保护研究综述", 《通信学报》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109951869A (en) * 2019-03-01 2019-06-28 重庆邮电大学 A kind of car networking resource allocation methods calculated based on cloud and mist mixing
CN109951869B (en) * 2019-03-01 2022-04-29 重庆邮电大学 Internet of vehicles resource allocation method based on cloud and mist mixed calculation
CN112910642A (en) * 2021-03-01 2021-06-04 北京邮电大学 Quantum key based internet of things resource allocation method and system

Also Published As

Publication number Publication date
CN109257167B (en) 2021-05-07

Similar Documents

Publication Publication Date Title
Li et al. Privacy-preserved federated learning for autonomous driving
CN110971415B (en) Space-ground integrated space information network anonymous access authentication method and system
Yu et al. Toward data security in edge intelligent IIoT
CN103501352B (en) A kind of cloud storage data method for auditing safely allowing group user identity to cancel
Sharma et al. A novel approach for securing data against intrusion attacks in unmanned aerial vehicles integrated heterogeneous network using functional encryption technique
CN105637802B (en) Key device, key cloud system, decryption method and program
CN109067525A (en) Message authentication method based on half credible administrative center in car networking
CN105491076B (en) A kind of heterogeneous network end to end authentication key exchange method towards empty day Information Network
CN110932854B (en) Block chain key distribution system and method for Internet of things
CN110933033A (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
Li et al. A Lightweight Fine‐Grained Searchable Encryption Scheme in Fog‐Based Healthcare IoT Networks
CN115037556B (en) Authorized sharing method for encrypted data in smart city system
Badr et al. Blockchain-based ride-sharing system with accurate matching and privacy-preservation
Safi et al. Privacy protection scheme for mobile social network
Li et al. An identity-based data integrity auditing scheme for cloud-based maritime transportation systems
Olakanmi et al. FELAS: fog enhanced look ahead secure framework with separable data aggregation scheme for efficient information management in internet of things networks
CN114244838B (en) Encryption method and system, decryption method, device and equipment for block chain data
Kumar et al. Blockchain-enabled secure communication for unmanned aerial vehicle (UAV) networks
Wang et al. An Efficient Data Sharing Scheme for Privacy Protection Based on Blockchain and Edge Intelligence in 6G‐VANET
CN109257167A (en) A kind of resource allocation methods for protecting privacy in mist calculating
Hafeez et al. Beta-uav: Blockchain-based efficient and trusted authentication for uav communication
Gao et al. An Anonymous Access Authentication Scheme Based on Proxy Ring Signature for CPS‐WMNs
Hegde et al. Hash based integrity verification for vehicular cloud environment
Liu et al. Strong Identity‐Based Proxy Signature Schemes, Revisited
Braghin et al. Secure and policy-private resource sharing in an online social network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant