CN110049000A - A kind of size space Internet of Things communication means and system of polymerization and difference safety in plain text - Google Patents

A kind of size space Internet of Things communication means and system of polymerization and difference safety in plain text Download PDF

Info

Publication number
CN110049000A
CN110049000A CN201910069048.0A CN201910069048A CN110049000A CN 110049000 A CN110049000 A CN 110049000A CN 201910069048 A CN201910069048 A CN 201910069048A CN 110049000 A CN110049000 A CN 110049000A
Authority
CN
China
Prior art keywords
data
user
internet
things
responsible
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910069048.0A
Other languages
Chinese (zh)
Other versions
CN110049000B (en
Inventor
鲍海勇
王勋
陆荣幸
吴锡委
吴子渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Gongshang University
Original Assignee
Zhejiang Gongshang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Gongshang University filed Critical Zhejiang Gongshang University
Priority to CN201910069048.0A priority Critical patent/CN110049000B/en
Publication of CN110049000A publication Critical patent/CN110049000A/en
Application granted granted Critical
Publication of CN110049000B publication Critical patent/CN110049000B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/38Services specially adapted for particular environments, situations or purposes for collecting sensor information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

A kind of size space of the present invention polymerize in plain text and the Internet of Things communication means and system of difference safety, is responsible for managing whole system by trusted authority;It is responsible for the real-time report data of integrated processing and analysis user by control centre, and comprehensive intelligent Service is provided;It is responsible for report data being transmitted to control centre by gateway and data is polymerize;It is responsible for acquiring and periodically reporting the size plaintext space data of user in real time by the sensing node of Internet of Things sensing terminal, the specific steps are as follows: system initialisation phase;User data reports the stage;The secure data aggregation stage;Aggregated data Restoration stage.Of the invention innovative constructsThe Algebraic Structure of large and small plaintext space data safety polymerization demand is supported on group simultaneously;The difference privacy utility and difference personal secrets for optimizing and balancing data aggregate system, to effectively defend differential attack;By constructing hierarchy type framework, it is effective against the privacy information that attacker steals user by differential attack.

Description

A kind of size space Internet of Things communication means and system of polymerization and difference safety in plain text
Technical field
The invention belongs to Internet of Things fields of communication technology, and in particular to a kind of size space object of polymerization and difference safety in plain text Connection believes method and system.
Background technique
In the prior art, by introducing the distributed blind factor, Shi et al. carries out blinding processing to the report data of user, Control centre passes through again blinds the aggregated data that operation obtains whole users.However, only to realize (ε, δ) difference hidden for the system Private safety, each user adds noise by distributed mode with certain probability δ, therefore added noise information has The utility of uncertainty, difference privacy is very low.G.Acs et al. is by devising data aggregate in shared among users privacy key System, however the storage of privacy key distribution algorithms, communication, computing cost are huge, network delay is serious;For possible network Packet loss and potential differential attack, the system add additional noise based on imaginary network packet loss rate to meet difference privacy Safety requirements, since actual communication failure and physical fault are difficult accurately to predict, the average effect of system difference privacy It is very low with property.Based on BGN homomorphic cryptography technology, related scholar proposes some data aggregation schemes, for protecting Internet of Things logical The individual privacy of user in letter system.Due to being decrypted based on the data aggregation scheme of BGN mechanism dependent on force search technology And obtain the polymerization of user in plain text, it is therefore necessary to limit the report data of each user in some small plaintext space, the constraint item Part high degree limits the practicability of system.In addition, related scholar is based on hiding, logical with modulo addition encryption, multinomial coefficient The some data aggregation schemes of the Technology designs such as letter data distributed storage.But data with existing paradigmatic system all cannot be simultaneously Support small plaintext space and big plaintext space data aggregate;Moreover, not being highly resistant to network system especially Internet of Things communication system It unites potential differential attack, the utility of difference privacy is very low.Therefore, lack for Internet of Things network communication system it is efficient, safe, Wide area (while supporting size plaintext space information) data aggregate system.
Summary of the invention
Aiming at the problems existing in the prior art, what the present invention designed is designed to provide a kind of size space polymerization in plain text And the Internet of Things communication means and system of difference safety.Internet of Things network communication system is related to a large amount of smart machine, by information collection, It transmits and shared, realizes automation and intelligentification monitoring, data analysis and Coordination Decision in the case of unmanned intervention.Due to its tool Have lower lower deployment cost and universal applicability, therefore, traffic monitoring, intelligent metering, environmental monitoring, Industry Control and The fields such as weather forecast have broad application prospects.Although the Internet of Things network communication system for different application field exists centainly Otherness, but overall architecture is substantially similar, usually there are three parts: perception domain, network domains and application domain, as shown in Figure 1. Under this frame, information is generated by the sensor in perception domain, is then passed by the wire/wireless mode in network domains It is defeated, it is transferred to application domain finally by gateway, focused on, analyzed and decision.However, open internet makes Internet of Things Net application system faces the severe challenge in terms of many information securities and secret protection.Therefore, which realizes a safety Internet of things data communication system, main innovation point include: 1) innovative construct be used for while supporting large and small plaintext space The Algebraic Structure of data safety polymerization demand;2) be based on theory support, devise protection Internet of Things perception terminal privacy of user, Practical and efficient secure data aggregation algorithm and application system;3) for the dispersibility of Internet of Things communication node, randomness topology Structure, the distributed Laplce's noise of ingenious involvement, guarantee it is lower calculate, storage and while communication cost, optimization with The difference privacy utility (small noise) and difference personal secrets for balancing data aggregate system, to effectively defend difference Attack;4) bionical to the progress artificial intelligence of typical Internet of Things network communication system, based on perception domain, network domains and application domain, design The hierarchy type framework of " sensing node --- gateway --- control centre ", and by customizing the design of security software algorithm, have Effect has resisted the privacy information that inside and outside portion attacker steals user by network attack, data analysis and differential attack.
The present invention is realized by the following technical programs:
A kind of size space polymerize in plain text and the Internet of Things communication means of difference safety, it is characterised in that this method base In Internet of Things communication system applications scene, it is responsible for managing whole system by trusted authority;By control centre be responsible for integrated, processing and The real-time report data of user is analyzed, and global comprehensive intelligent Service is provided;It is responsible for by gateway by the report data of each user The data for being transmitted to control centre and being responsible for submitting each user polymerize;By being sensed with Internet of Things for Internet of Things sensing terminal N sensing node of device is responsible for acquiring and periodically reporting the big plaintext space data m of user in real timeiWith small plaintext spatial data xi, the specific steps are as follows:
(1) system initialisation phase
1) trusted authority generates safe prime p at random and meets p=2q+1 according to the security parameter τ of input, wherein | p |= λ, q are also Big prime;Randomly choose groupGeneration memberCalculate h=gp mod p2;Select cryptography meaning safety Hash function
2) under conditions of system above parameter setting, in groupIn there are following relationships: i)xp(p-1)= 1mod p2;Ii y=1+p, y) are enabledp=1mod p2
3) trusted authority executes following operation, distributes all user U={ U1, U2..., Un, gateway and control centre it is secret Confidential information:
S is randomly choosed for each useri∈Zp(p-1)(wherein i=1,2 ..., n), and respectively by siDistribute to each user Ui
It selects and calculates sc, sg∈Zp(p-1), meet
Respectively by sc、sgAnd si(wherein i=1,2 ..., n) distributes to control centre, gateway and each user Ui, make For respective secret information;
4) trusted authority publication PK=(p, g, h, H), as system public key;
(2) user data reports the stage
Each user Ui(wherein i=1,2 ..., n) is in data report time point tγ, following operation is executed, by 2 seed types Data < mi, xi> report to gateway:
1) it calculates Its Middle G1(n, λ), G2(n,λ)、G1' (n, λ) and G2' (n, λ) is 4 obedience gamma distributions I.i.d. random variables (wherein x >=0, Γ (1/n) be gamma function point 1/n function Value;For big plaintext space data;xi∈ 0,1,2 ..., and Δ } it is that small plaintext is empty Between data, wherein Δ be each user's report data maximum value);
2) willIt reports to gateway;
(3) the secure data aggregation stage
When gateway receive it is allAfter (wherein i=1,2 ..., n), following operation is executed:
1) it calculates
2) willIt reports to control centre;
(4) aggregated data Restoration stage
When control centre receives the aggregation information of encryptionAfter, execute following operation:
1) it calculates
2) it calculates
3) it calculatesI.e.It is the discrete logarithm at bottom based on h, to restore All users out, small plaintext spatial clustering data comprising noise informationDue to Still exist Small plaintext space { 0,1,2 ..., n Δ } can be using Pollard methodThe above behaviour is completed in computation complexity Make;
4) it calculates
BecauseSoTherefore,
5) it calculatesIt recovers All users', the big plaintext space aggregated data comprising noise information
A kind of size space polymerize in plain text and the Internet of Things communication means of difference safety, it is characterised in that i)xp(p-1)=1mod p2;Ii y=1+p, y) are enabledp=1mod p2It is derived from by following:
According to Euler's function, φ (p2)=p2(1-1/p)=p (p-1)=2pq, so groupIn share 2pq element. For being less than the integer of pAccording to fermat's little theorem, xp-1Therefore=1mod p for some integer k, meets xp-1= 1+k p.ToAs k=1,Y=1+p is enabled, then gcd (y, p2)=1, therefore yp=1mod p2
A kind of size space polymerize in plain text and the Internet of Things network communication system of difference safety, characterized by comprising:
Trusted authority: being responsible for management whole system, is authoritative center with a high credibility, that computing capability is strong;
Control centre: being responsible for integrating, handle and analyzing the real-time report data of each user, and provides global comprehensive intelligence Service;
Gateway: it is responsible for for the report data of each user being transmitted to the relay function of control centre;It is responsible for submitting each user The polymerizable functional that is polymerize of data;
Sensing node: Internet of Things sensing terminal shares n node N={ N1,N2,…,NnOr user U={ U1,U2,…,Un, The maximum value of n is nmax, each node Ni∈ N is provided with internet of things sensors, for acquiring in real time and periodically reporting user's 2 seed type data < mi,xi>, wherein miFor big plaintext space data, xiFor small plaintext spatial data.
A kind of size space polymerize in plain text and the Internet of Things network communication system of difference safety, it is characterised in that also wraps It includes:
(1) system initialization module
1) with the help of trusted authority, constructionThe generation of large and small plaintext space data aggregate application is supported on group simultaneously Table structure, the method for privacy and safety for protecting users personal data;
2) with the help of trusted authority, using distributed technology, in sensing node N={ N1,N2,…,Nn, gateway The shared secret information s between control centrei(wherein i=1,2 ..., n), sgAnd sc, meetConstraint condition, the method for protecting privacy of user;
3) fermat's little theorem, Euler's function, binomial theorem are combined, Structural application is in the generation of Internet of Things secure data communication Table structure and practical algorithm, the method for privacy and safety for protecting users personal data;
(2) user data reporting module
1) adaptation Internet of Things network communication system dispersibility, randomness topological structure, while supporting that large and small plaintext space data are poly- The technology that the distributed data of conjunction is reported (its Middle i=1,2 ..., n), the method for protecting each sensing node personal secrets;
2) Laplce's noise is utilized(wherein G1(n, λ) and G2 (n, λ) is 2 obedience gamma distributionsI.i.d. random variables, x >=0, Γ (1/n) be gamma function 1/n point functional value) limitlessly detachable solution attribute, gamma is added by distributed mode and is made an uproar Sound is resisted difference for sensing node and is attacked to obtain the technology that overall effect is equivalent to centralization addition Laplce's noise The method hit;
(3) secure data aggregation module
1) technology that Internet of Things communication data is routed and relayed by gateway realizes sensing node and control centre Between bidirectional safe data forwarding method;
2) safe polymeric is carried out by report data of the gateway to sensing node each in Internet of Things Reduce the calculated load of control centre, and mitigate the network overhead of system, thus significantly The method for promoting Internet of Things communication system data reporting efficiency and safety;
3) pass through the secret information s of implantation gatewayg, connection, collaborative center and sensing node reduce control centre behaviour The technology for making permission, the method reported for sensing node secret protection and secure data;
(4) aggregated data recovery module
1) pass through the secret information s of involvement control centrec, eliminate and meet The technology of the polymerization ciphertext additional information of constraint condition, for protect users personal data privacy and Guarantee the method for communication system security;
2) it is based onThe mathematical relationship (1+p) derived on groupp=1mod p2, isolate small plaintext aggregated data ciphertextTechnology, for protect users personal data privacy and guarantee communication system The method for safety of uniting;
3) small plaintext aggregated data ciphertext is calculated based on Pollard method It is the discrete logarithm at bottom based on h, recovers small plaintext aggregated dataSkill Art, for protecting users personal data privacy and guaranteeing the method for communication system security;
4) it is separated by small plaintext aggregated data, obtains big plaintext aggregated data ciphertextAnd then restored greatly in plain text based on fermat's little theorem and binomial theorem Aggregated dataTechnology, for protecting users personal data privacy and guarantee The method of communication system security;
5) the limitlessly detachable solution attribute for utilizing Laplce's noise, is equivalent to by being embedded in the aggregated data of user The technology of the distributed gamma noise of centralized Laplce's noise, the method for resisting user data differential attack.
Compared with the prior art, the present invention has the following beneficial effects:
1) based on number theory and algebraic geometry scheduling theory basis and mathematical characteristic, innovative is constructedIt is propped up simultaneously on group Hold the Algebraic Structure of large and small plaintext space data safety polymerization demand;
2) conglomeration connected network communication system application demand, devise protection privacy of user, it is practical and efficient while support The secure data communication method and system of large and small plaintext space data aggregate;
3) for the dispersibility of Internet of Things communication node, randomness topological structure, the distributed Laplce of ingenious involvement makes an uproar Sound, while guaranteeing lower calculating, storage and communication cost, the difference privacy for optimizing and balancing data aggregate system is imitated With property (small noise) and difference personal secrets, to effectively defend differential attack.
4) by the hierarchy type framework of building " sensing node --- gateway --- control centre ", to Internet of Things network communication system It is bionical to carry out hardware artificial intelligence, and by customizing the design of security software algorithm, has been effective against inside and outside portion attacker and has passed through Differential attack steals the privacy information of user.
Figure of description
Fig. 1 is internet of things system structure figure;
Fig. 2 is system architecture diagram.
Specific embodiment
Below in conjunction with Figure of description, the present invention is described in further details, and provides specific embodiment.
A kind of size space Internet of Things communication means of polymerization and difference safety in plain text, this method is based on typical Internet of Things Netcom Letter system application scenarios, system overall architecture is as shown in Fig. 2, include following four participant: trusted authority: a confidence level Management whole system is responsible at authoritative center high, computing capability is strong;Control centre: having high reliability, is responsible for integrated, processing With analyze the real-time report data of each user, and provide global comprehensive intelligent Service;Gateway: major function includes 2 aspects: First, relay function is responsible for the report data of each user being transmitted to control centre;Second, polymerizable functional is responsible for each user The data of submission are polymerize;Sensing node: Internet of Things sensing terminal shares n node N={ N1,N2,…,Nn(or user U= {U1,U2,…,Un), the maximum value of n is nmax, each node Ni∈ N is provided with internet of things sensors, for acquiring simultaneously week in real time 2 seed type data < m of phase property report useri,xi>, wherein miFor big plaintext space data, xiFor small plaintext spatial data.
This method specifically includes the following steps:
(1) system initialisation phase
1) trusted authority generates safe prime p at random and meets p=2q+1 according to the security parameter τ of input, wherein | p |= λ, q are also Big prime;Randomly choose groupGeneration memberCalculate h=gp mod p2;Select cryptography meaning safety Hash function
2) under conditions of system above parameter setting, in groupIn there are following relationships: i)xp(p-1)= 1mod p2;Ii y=1+p, y) are enabledp=1mod p2
Above-mentioned relation is set up to be derived from by following:
According to Euler's function, φ (p2)=p2(1-1/p)=p (p-1)=2pq, so groupIn share 2pq element. For being less than the integer of pAccording to fermat's little theorem, xp-1Therefore=1mod p for some integer k, meets xp-1 =1+k p.ToAs k=1,Y=1+p is enabled, then gcd (y, p2)=1, therefore yp=1mod p2
3) trusted authority executes following operation, distributes all user U={ U1,U2,…,Un, gateway and control centre it is secret Confidential information:
S is randomly choosed for each useri∈Zp(p-1)(wherein i=1,2 ..., n), and respectively by siDistribute to each user Ui
It selects and calculates sc,sg∈Zp(p-1), meet
Respectively by sc、sgAnd si(wherein i=1,2 ..., n) distributes to control centre, gateway and each user Ui, make For respective secret information;
4) trusted authority publication PK=(p, g, h, H), as system public key;
(2) user data reports the stage
Each user Ui(wherein i=1,2 ..., n) is in data report time point tγ, following operation is executed, by 2 seed types Data < mi,xi> report to gateway:
1) it calculates Its Middle G1(n,λ)、G2(n,λ)、G1' (n, λ) and G2' (n, λ) is 4 obedience gamma distributions I.i.d. random variables (wherein x >=0, Γ (1/n) be gamma function point 1/n function Value;For big plaintext space data;xi∈ 0,1,2 ..., and Δ } it is that small plaintext is empty Between data, wherein Δ be each user's report data maximum value);
2) willIt reports to gateway;
(3) the secure data aggregation stage
When gateway receive it is allAfter (wherein i=1,2 ..., n), following operation is executed:
1) it calculates
2) willIt reports to control centre;
(4) aggregated data Restoration stage
When control centre receives the aggregation information of encryptionAfter, execute following operation:
1) it calculates
2) it calculates
3) it calculatesI.e.It is the discrete logarithm at bottom based on h, to restore All users out, small plaintext spatial clustering data comprising noise informationDue to Still exist Small plaintext space { 0,1,2 ..., n Δ } can be using Pollard methodThe above behaviour is completed in computation complexity Make;
4) it calculates
BecauseSoTherefore,
5) it calculatesIt recovers All users', the big plaintext space aggregated data comprising noise information
A kind of size space Internet of Things network communication system of polymerization and difference safety in plain text, comprising:
Trusted authority: being responsible for management whole system, is authoritative center with a high credibility, that computing capability is strong;Control centre: negative Duty integrates, handles and analyzes the real-time report data of each user, and provides global comprehensive intelligent Service;Gateway: being responsible for will be each The report data of user is transmitted to the relay function of control centre;It is responsible for the polymerization function being polymerize to the data that each user submits Energy;Sensing node: Internet of Things sensing terminal shares n node N={ N1,N2,…,NnOr user U={ U1,U2,…,Un, n is most Big value is nmax, each node Ni∈ N is provided with internet of things sensors, for acquire in real time and periodically report user 2 types Type data < mi,xi>, wherein miFor big plaintext space data, xiFor small plaintext spatial data.The system further include:
(1) system initialization module
1) with the help of trusted authority, constructionThe generation of large and small plaintext space data aggregate application is supported on group simultaneously Table structure, the method for privacy and safety for protecting users personal data;
2) with the help of trusted authority, using distributed technology, in sensing node N={ N1,N2,…,Nn, gateway The shared secret information s between control centrei(wherein i=1,2 ..., n), sgAnd sc, meetConstraint condition, the method for protecting privacy of user;
3) fermat's little theorem, Euler's function, binomial theorem are combined, Structural application is in the generation of Internet of Things secure data communication Table structure and practical algorithm, the method for privacy and safety for protecting users personal data;
(2) user data reporting module
1) adaptation Internet of Things network communication system dispersibility, randomness topological structure, while supporting that large and small plaintext space data are poly- The technology that the distributed data of conjunction is reported (wherein i=1,2 ..., n), the method for protecting each sensing node personal secrets;
2) Laplce's noise is utilized(wherein G1(n, λ) and G2 (n, λ) is 2 obedience gamma distributionsI.i.d. random variables, x >=0, Γ (1/n) be gamma function 1/n point functional value) limitlessly detachable solution attribute, gamma is added by distributed mode and is made an uproar Sound is resisted difference for sensing node and is attacked to obtain the technology that overall effect is equivalent to centralization addition Laplce's noise The method hit;
(3) secure data aggregation module
1) technology that Internet of Things communication data is routed and relayed by gateway realizes sensing node and control centre Between bidirectional safe data forwarding method;
2) safe polymeric is carried out by report data of the gateway to sensing node each in Internet of Things Reduce the calculated load of control centre, and mitigate the network overhead of system, thus significantly The method for promoting Internet of Things communication system data reporting efficiency and safety;
3) pass through the secret information s of implantation gatewayg, connection, collaborative center and sensing node reduce control centre behaviour The technology for making permission, the method reported for sensing node secret protection and secure data;
(4) aggregated data recovery module
1) pass through the secret information s of involvement control centrec, eliminate and meet The technology of the polymerization ciphertext additional information of constraint condition, for protecting users personal data privacy and guaranteeing communication system security Method;
2) it is based onThe mathematical relationship (1+p) derived on groupp=1mod p2, isolate small plaintext aggregated data ciphertextTechnology, for protect users personal data privacy and guarantee communication system The method for safety of uniting;
3) small plaintext aggregated data ciphertext is calculated based on Pollard method It is the discrete logarithm at bottom based on h, recovers small plaintext aggregated dataSkill Art, for protecting users personal data privacy and guaranteeing the method for communication system security;
4) it is separated by small plaintext aggregated data, obtains big plaintext aggregated data ciphertextAnd then restored greatly in plain text based on fermat's little theorem and binomial theorem Aggregated dataTechnology, for protecting users personal data privacy and guarantee The method of communication system security;
5) the limitlessly detachable solution attribute for utilizing Laplce's noise, is equivalent to by being embedded in the aggregated data of user The technology of the distributed gamma noise of centralized Laplce's noise, the method for resisting user data differential attack.
The application system has following technical characteristic:
(1) based on number theory and algebraic geometry scheduling theory basis and mathematical characteristic, innovative is constructedIt is propped up simultaneously on group Hold the Algebraic Structure of large and small plaintext space data safety polymerization demand;
(2) conglomeration connected network communication system application demand, devise protection privacy of user, it is practical and efficient while support The secure data communication method and system of large and small plaintext space data aggregate;
(3) for the dispersibility of Internet of Things communication node, randomness topological structure, the distributed Laplce of ingenious involvement makes an uproar Sound, while guaranteeing lower calculating, storage and communication cost, the difference privacy for optimizing and balancing data aggregate system is imitated With property (small noise) and difference personal secrets, to effectively defend differential attack.
(4) by building " sensing node-gateway-control centre " hierarchy type framework, to Internet of Things network communication system into Row hardware artificial intelligence is bionical, and by customizing the design of security software algorithm, has been effective against inside and outside portion attacker and has passed through difference The privacy information for dividing attack to steal user.

Claims (4)

1. a kind of size space polymerize in plain text and the Internet of Things communication means of difference safety, it is characterised in that this method is based on Internet of Things Communication system applications scene is responsible for managing whole system by trusted authority;Integrated, processing and analysis user are responsible for by control centre Real-time report data, and provide global comprehensive intelligent Service;It is responsible for the report data of each user being transmitted to control by gateway Center processed and the data for being responsible for submitting each user polymerize;By the n with internet of things sensors of Internet of Things sensing terminal Sensing node is responsible for acquiring and periodically reporting the big plaintext space data m of user in real timeiWith small plaintext spatial data xi, specifically Steps are as follows:
(1) system initialisation phase
1) trusted authority generates safe prime p at random and meets p=2q+1 according to the security parameter τ of input, wherein | p |=λ, q For Big prime;Randomly choose groupGeneration memberCalculate h=gp mod p2;Select the Kazakhstan of cryptography meaning safety Uncommon function H:
2) under conditions of system above parameter setting, in groupIn there are following relationships: i)xp(p-1)=1 mod p2;Ii y=1+p, y) are enabledp=1 mod p2
3) trusted authority executes following operation, distributes all user U={ U1,U2,…,Un, the secret letter of gateway and control centre Breath:
S is randomly choosed for each useri∈Zp(p-1)(wherein i=1,2 ..., n), and respectively by siDistribute to each user Ui
It selects and calculates sc,sg∈Zp(p-1), meet
Respectively by sc、sgAnd si(wherein i=1,2 ..., n) distributes to control centre, gateway and each user Ui, as respective Secret information;
4) trusted authority publication PK=(p, g, h, H), as system public key;
(2) user data reports the stage
Each user Ui(wherein i=1,2 ..., n) in data report time point tγ, following operation is executed, by the data of 2 seed types <mi, xi > report is to gateway:
1) it calculates Wherein G1 (n,λ)、G2(n,λ)、G1' (n, λ) and G2' (n, λ) is 4 obedience gamma distributions I.i.d. random variables (wherein x >=0, Γ (1/n) be gamma function point 1/n functional value;For big plaintext space data;xi∈ 0,1,2 ..., and Δ } it is small plaintext space Data, wherein Δ is the maximum value of each user's report data);
2) willIt reports to gateway;
(3) the secure data aggregation stage
When gateway receive it is allAfter (wherein i=1,2 ..., n), following operation is executed:
1) it calculates
2) willIt reports to control centre;
(4) aggregated data Restoration stage
When control centre receives the aggregation information of encryptionAfter, execute following operation:
1) it calculates
2) it calculates
3) it calculatesI.e.It is the discrete logarithm at bottom based on h, to recover institute There is user, the small plaintext spatial clustering data comprising noise informationDue to Still exist Small plaintext space { 0,1,2 ..., n Δ } can be using Pollard methodThe above behaviour is completed in computation complexity Make;
4) it calculates
BecauseSoTherefore,
5) it calculatesIt recovers all User's, the big plaintext space aggregated data comprising noise information
2. the Internet of Things communication means of polymerization and difference safety, feature exist in plain text in a kind of size space as described in claim 1 In i)xp(p-1)=1mod p2;Ii y=1+p, y) are enabledp=1mod p2It is derived from by following:
According to Euler's function, φ (p2)=p2(1-1/p)=p (p-1)=2pq, so groupIn share 2pq element.For Integer less than pAccording to fermat's little theorem, xp-1Therefore=1mod p for some integer k, meets xp-1=1+k p.ToAs k=1,Y=1+p is enabled, then gcd (y, p2)=1, therefore yp=1mod p2
3. a kind of size space polymerize in plain text and the Internet of Things network communication system of difference safety, characterized by comprising:
Trusted authority: being responsible for management whole system, is authoritative center with a high credibility, that computing capability is strong;
Control centre: being responsible for integrating, handle and analyzing the real-time report data of each user, and provides global comprehensive Intellectual garment Business;
Gateway: it is responsible for for the report data of each user being transmitted to the relay function of control centre;It is responsible for the number submitted to each user According to the polymerizable functional being polymerize;
Sensing node: Internet of Things sensing terminal shares n node N={ N1,N2,…,NnOr user U={ U1,U2,…,Un, n's Maximum value is nmax, each node Ni∈ N is provided with internet of things sensors, for acquiring in real time and periodically reporting 2 kinds of user Categorical data < mi,xi>, wherein miFor big plaintext space data, xiFor small plaintext spatial data.
4. a kind of size space as claimed in claim 3 polymerize in plain text and the Internet of Things network communication system of difference safety, feature It is further include:
(1) system initialization module
1) with the help of trusted authority, constructionThe algebra knot of large and small plaintext space data aggregate application is supported on group simultaneously Structure, the method for privacy and safety for protecting users personal data;
2) with the help of trusted authority, using distributed technology, in sensing node N={ N1,N2,…,Nn, gateway and control Shared secret information s between center processedi(wherein i=1,2 ..., n), sgAnd sc, meetConstraint condition, the method for protecting privacy of user;
3) fermat's little theorem, Euler's function, binomial theorem are combined, Structural application is in the algebra knot of Internet of Things secure data communication Structure and practical algorithm, the method for privacy and safety for protecting users personal data;
(2) user data reporting module
1) adaptation Internet of Things network communication system dispersibility, randomness topological structure, while supporting large and small plaintext space data aggregate The technology that distributed data is reported (wherein i=1,2 ..., n), the method for protecting each sensing node personal secrets;
2) Laplce's noise is utilized(wherein G1(n, λ) and G2(n,λ) It is distributed for 2 obedience gammasI.i.d. random variables, x >=0, Γ (1/n) For gamma function 1/n point functional value) limitlessly detachable solution attribute, gamma noise is added by distributed mode, from And the technology that overall effect is equivalent to centralization addition Laplce's noise is obtained, the side of differential attack is resisted for sensing node Method;
(3) secure data aggregation module
1) technology that Internet of Things communication data is routed and relayed by gateway is realized between sensing node and control centre The method of bidirectional safe data forwarding;
2) safe polymeric is carried out by report data of the gateway to sensing node each in Internet of Things Reduce the calculated load of control centre, and mitigate the network overhead of system, to be obviously improved Internet of Things communication system data The method of reporting efficiency and safety;
3) pass through the secret information s of implantation gatewayg, connection, collaborative center and sensing node reduce control centre's operating rights The technology of limit, the method reported for sensing node secret protection and secure data;
(4) aggregated data recovery module
1) pass through the secret information s of involvement control centrec, eliminate and meet The technology of the polymerization ciphertext additional information of constraint condition, for protecting users personal data privacy and guaranteeing communication system security Method;
2) it is based onThe mathematical relationship (1+p) derived on groupp=1mod p2, isolate small plaintext aggregated data ciphertextTechnology, for protect users personal data privacy and guarantee communication The method of system safety;
3) small plaintext aggregated data ciphertext is calculated based on Pollard methodBase In the discrete logarithm that h is bottom, small plaintext aggregated data is recoveredTechnology, For protecting users personal data privacy and guaranteeing the method for communication system security;
4) it is separated by small plaintext aggregated data, obtains big plaintext aggregated data ciphertextAnd then restore big bright with binomial theorem based on fermat's little theorem Literary aggregated dataTechnology, for protecting users personal data privacy and guarantor The method for demonstrate,proving communication system security;
5) the limitlessly detachable solution attribute for utilizing Laplce's noise, is equivalent to concentrate by being embedded in the aggregated data of user The technology of the distributed gamma noise of formula Laplce's noise, the method for resisting user data differential attack.
CN201910069048.0A 2019-01-24 2019-01-24 Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces Active CN110049000B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910069048.0A CN110049000B (en) 2019-01-24 2019-01-24 Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910069048.0A CN110049000B (en) 2019-01-24 2019-01-24 Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces

Publications (2)

Publication Number Publication Date
CN110049000A true CN110049000A (en) 2019-07-23
CN110049000B CN110049000B (en) 2021-11-23

Family

ID=67274147

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910069048.0A Active CN110049000B (en) 2019-01-24 2019-01-24 Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces

Country Status (1)

Country Link
CN (1) CN110049000B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120197856A1 (en) * 2011-01-28 2012-08-02 Cisco Technology, Inc. Hierarchical Network for Collecting, Aggregating, Indexing, and Searching Sensor Data
US8238290B2 (en) * 2010-06-02 2012-08-07 Erik Ordentlich Compressing data in a wireless multi-hop network
CN104007336A (en) * 2014-05-06 2014-08-27 昆明理工大学 Transformer on-line monitoring information polymerization method based on internet of things
CN104579781A (en) * 2015-01-12 2015-04-29 浙江工商大学 Smart power grid aggregation method and system for differential privacy security and fault tolerance
CN104580061A (en) * 2015-01-12 2015-04-29 浙江工商大学 Aggregation method and system supporting fault tolerance and resisting differential attacks in smart power grid
CN104639311A (en) * 2015-01-12 2015-05-20 浙江工商大学 Combining method and system for protecting power utilization privacy and integrity in smart power grid
CN105279315A (en) * 2015-09-29 2016-01-27 昆明理工大学 Related analysis and Mahalanobis distance based transformer online monitoring information aggregation analysis method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8238290B2 (en) * 2010-06-02 2012-08-07 Erik Ordentlich Compressing data in a wireless multi-hop network
US20120197856A1 (en) * 2011-01-28 2012-08-02 Cisco Technology, Inc. Hierarchical Network for Collecting, Aggregating, Indexing, and Searching Sensor Data
CN104007336A (en) * 2014-05-06 2014-08-27 昆明理工大学 Transformer on-line monitoring information polymerization method based on internet of things
CN104579781A (en) * 2015-01-12 2015-04-29 浙江工商大学 Smart power grid aggregation method and system for differential privacy security and fault tolerance
CN104580061A (en) * 2015-01-12 2015-04-29 浙江工商大学 Aggregation method and system supporting fault tolerance and resisting differential attacks in smart power grid
CN104639311A (en) * 2015-01-12 2015-05-20 浙江工商大学 Combining method and system for protecting power utilization privacy and integrity in smart power grid
CN105279315A (en) * 2015-09-29 2016-01-27 昆明理工大学 Related analysis and Mahalanobis distance based transformer online monitoring information aggregation analysis method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
HAIYONG BAO: "A New Differentially Private Data Aggregation With Fault Tolerance for Smart Grid Communications", 《IEEE INTERNET OF THINGS JOURNAL》 *
RONGXING LU: "A Lightweight Privacy-Preserving Data Aggregation Scheme for Fog Computing-Enhanced IoT", 《IEEE ACCESS》 *
RONGXING LU: "Reliable and Privacy-Preserving Selective Data Aggregation for Fog-Based IoT", 《2018 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC)》 *

Also Published As

Publication number Publication date
CN110049000B (en) 2021-11-23

Similar Documents

Publication Publication Date Title
Kalidoss et al. QoS aware trust based routing algorithm for wireless sensor networks
Chen et al. MuDA: Multifunctional data aggregation in privacy-preserving smart grid communications
Bao et al. A new differentially private data aggregation with fault tolerance for smart grid communications
Fouda et al. A lightweight message authentication scheme for smart grid communications
CN104092668B (en) A kind of reconfigurable network security service building method
CN105577356B (en) Based on method of data capture in the smart grid protected to privacy of user
CN110650116B (en) Multi-type multi-dimensional data aggregation method for security smart power grid
Dong et al. An ElGamal-based efficient and privacy-preserving data aggregation scheme for smart grid
Alotaibi Improved blowfish algorithm-based secure routing technique in IoT-based WSN
Ni et al. EDAT: Efficient data aggregation without TTP for privacy-assured smart metering
Ibrahem et al. Privacy preserving and efficient data collection scheme for AMI networks using deep learning
Ni et al. Security-enhanced data aggregation against malicious gateways in smart grid
Zhang et al. PARK: A privacy-preserving aggregation scheme with adaptive key management for smart grid
CN109347829A (en) A kind of intelligent perception network true value discovery method based on secret protection
Wang et al. Lightweight and manageable digital evidence preservation system on bitcoin
Haseeb et al. Efficient data uncertainty management for health industrial internet of things using machine learning
Brindha et al. Fuzzy enhanced secure multicast routing for improving authentication in MANET
Abdallah et al. The impact of stealthy attacks on smart grid performance: Tradeoffs and implications
CN116488906A (en) Safe and efficient model co-building method
CN114760023A (en) Model training method and device based on federal learning and storage medium
Dong et al. Efficient privacy‐preserving temporal and spacial data aggregation for smart grid communications
CN102170407A (en) Method for realizing electronic mail credibility management on the basis of anti-fraud control logic unit
CN110661771B (en) Secure smart power grid access control method and system for resisting differential attack
CN110049000A (en) A kind of size space Internet of Things communication means and system of polymerization and difference safety in plain text
CN109889501A (en) The method and system of multidimensional data polymerization and polygamma function analysis in a kind of communication of Internet of Things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant