CN110049000B - Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces - Google Patents

Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces Download PDF

Info

Publication number
CN110049000B
CN110049000B CN201910069048.0A CN201910069048A CN110049000B CN 110049000 B CN110049000 B CN 110049000B CN 201910069048 A CN201910069048 A CN 201910069048A CN 110049000 B CN110049000 B CN 110049000B
Authority
CN
China
Prior art keywords
data
user
plaintext
aggregation
internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910069048.0A
Other languages
Chinese (zh)
Other versions
CN110049000A (en
Inventor
鲍海勇
王勋
陆荣幸
吴锡委
吴子渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Gongshang University
Original Assignee
Zhejiang Gongshang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Gongshang University filed Critical Zhejiang Gongshang University
Priority to CN201910069048.0A priority Critical patent/CN110049000B/en
Publication of CN110049000A publication Critical patent/CN110049000A/en
Application granted granted Critical
Publication of CN110049000B publication Critical patent/CN110049000B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/38Services specially adapted for particular environments, situations or purposes for collecting sensor information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to a large and small space plaintext aggregation and difference safety Internet of things communication method and system, wherein a credible authority is responsible for managing the whole system; the control center is responsible for integrating, processing and analyzing the real-time report data of the user and providing comprehensive intelligent service; the gateway is responsible for forwarding the reported data to the control center and aggregating the data; the sensing node of the sensing end of the Internet of things is responsible for collecting and periodically reporting the size plaintext spatial data of the user in real time, and the method comprises the following specific steps: a system initialization stage; a user data reporting stage; a secure data aggregation stage; and an aggregated data recovery phase. The invention is innovated to construct
Figure DDA0001956682590000011
An algebraic structure which simultaneously supports the requirements of large and small plaintext space data security aggregation on the group; the differential privacy effectiveness and the differential privacy security of the data aggregation system are optimized and balanced, so that differential attack is effectively prevented; by constructing a hierarchical architecture, an attacker can be effectively resisted to steal the privacy information of the user through differential attack.

Description

Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces
Technical Field
The invention belongs to the technical field of Internet of things communication, and particularly relates to an Internet of things communication method and system with safe plaintext aggregation and difference in large and small spaces.
Background
In the prior art, by introducing a distributed blind factor, Shi and the like perform blind processing on report data of users, and a control center obtains aggregated data of all users through blind operation. However, the system only realizes (epsilon, delta) differential privacy security, each user adds noise in a distributed mode with a certain probability delta, so that the added noise information has uncertainty, and the differential privacy has low effectiveness. Acs et al designs a data aggregation system by sharing a secret key among users, but the secret key distribution algorithm has huge storage, communication and calculation costs and serious network delay; aiming at possible network packet loss and potential differential attack, the system adds extra noise based on the hypothetical network packet loss rate so as to meet the safety requirement of differential privacy, and the average utility of the differential privacy of the system is very low because the actual communication fault and physical fault are difficult to predict accurately. Based on the BGN homomorphic encryption technology, relevant scholars propose some data aggregation schemes for protecting personal privacy of users in the communication system of the Internet of things. Since the data aggregation scheme based on the BGN mechanism relies on a brute force search technique to decrypt and obtain the aggregated plaintext of users, the report data of each user must be limited in a small plaintext space, and this constraint greatly limits the practicability of the system. In addition, the relatives design some data aggregation schemes based on the technologies of homomodulo addition encryption, polynomial coefficient hiding, distributed storage of communication data, and the like. However, the existing data aggregation system cannot support the data aggregation of a small plaintext space and a large plaintext space at the same time; moreover, potential differential attacks of a network system, especially a communication system of the internet of things, cannot be effectively resisted, and the effectiveness of differential privacy is low. Therefore, an efficient, secure, wide-area (while supporting large and small plaintext spatial information) data aggregation system for internet of things communication systems is lacking.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide an Internet of things communication method and system with large and small space plaintext aggregation and difference safety. The communication system of the Internet of things relates to a large number of intelligent devices, and realizes automatic intelligent monitoring, data analysis and collaborative decision under the condition of no human intervention through information acquisition, transmission and sharing. Due to the low deployment cost and the universal applicability, the method has wide application prospects in the fields of traffic monitoring, intelligent metering, environment monitoring, industrial control, weather forecasting and the like. Although there is some difference in the communication systems of the internet of things for different application fields, the overall architecture is basically similar, and usually has three major parts: a sensing domain, a network domain and an application domain, as shown in fig. 1. Under the framework, information is generated by a sensor in a perception domain, then is transmitted in a wired/wireless mode in a network domain, and finally is transmitted to an application domain through a gateway for centralized processing, analysis and decision making. However, the open internet makes the internet of things application system face many serious challenges in information security and privacy protection. Therefore, the invention realizes a safe data communication system of the internet of things, and the main innovation points comprise that: 1) an algebraic structure for simultaneously supporting the requirements of safe aggregation of large and small plaintext spatial data is innovatively constructed; 2) based on theoretical support, a practical and efficient safety data aggregation algorithm and an application system which protect the privacy of the Internet of things perception terminal user are designed; 3) aiming at the dispersive and random topological structure of the communication node of the Internet of things, distributed Laplace noise is skillfully integrated, and the differential privacy utility (small noise) and the differential privacy security of a data aggregation system are optimized and balanced while the lower calculation, storage and communication cost is ensured, so that the differential attack is effectively prevented; 4) a typical Internet of things communication system is subjected to intelligent simulation and bionics, a hierarchical architecture of a sensing node, a gateway and a control center is designed based on a sensing domain, a network domain and an application domain, and internal and external attackers are effectively prevented from stealing privacy information of users through network attack, data analysis and differential attack through customized security software algorithm design.
The invention is realized by the following technical scheme:
the Internet of things communication method for plaintext aggregation and difference safety in large and small spacesThe method is characterized in that the method is based on an application scene of the communication system of the Internet of things, and a credible authority is responsible for managing the whole system; the control center is responsible for integrating, processing and analyzing the real-time report data of the users and providing overall comprehensive intelligent service; the gateway is responsible for forwarding the report data of each user to the control center and aggregating the data submitted by each user; n sensing nodes with internet of things sensors at sensing end of the internet of things are responsible for collecting and periodically reporting large plaintext spatial data m of users in real timeiAnd small plaintext spatial data xiThe method comprises the following specific steps:
(1) system initialization phase
1) The credible authority randomly generates a security prime number p according to an input security parameter tau, wherein p is 2q +1, p is lambda, and q is also a large prime number; randomly selecting groups
Figure BDA0001956682570000031
Generating element of
Figure BDA0001956682570000032
Calculating h as gp mod p2(ii) a Selecting cryptographically secure hash functions
Figure BDA0001956682570000033
2) Under the above system parameter setting conditions, in the group
Figure BDA0001956682570000034
There is the following relationship: i)
Figure BDA0001956682570000035
xp(p-1)=1mod p2(ii) a ii) let y equal 1+ p, yp=1mod p2
3) The trusted authority performs the following operation, distributing all users U ═ U1,U2,…,UnSecret information of gateway and control center:
randomly selecting s for each useri∈Zp(p-1)(wherein i is 1,2,…, n), and respectively adding siAssigned to each user Ui
Selecting and calculating sc,sg∈Zp(p-1)Satisfy the following requirements
Figure BDA0001956682570000041
Figure BDA0001956682570000042
Respectively combine s withc、sgAnd si(where i is 1,2, …, n) to control centers, gateways and individual users UiAs respective secret information;
4) the credible authority issues PK (p, g, H, H) as a system public key;
(2) user data reporting phase
Each user Ui(where i is 1,2, …, n) at the data reporting time tγPerform the following operation, 2 types of data<mi,xi>Reporting to a gateway:
1) computing
Figure BDA0001956682570000043
Figure BDA0001956682570000044
Wherein G is1(n,λ)、 G2(n,λ)、G1' (n, lambda) and G2' (n, λ) is 4 obedient gamma distributions
Figure BDA0001956682570000045
Figure BDA0001956682570000046
The independent and uniformly distributed random variables (wherein x is more than or equal to 0, and gamma (1/n) is the function value of the gamma function at the point 1/n;
Figure BDA0001956682570000047
large plaintext spatial data; x is the number ofiE {0,1,2, …, delta } is a small plaintext spaceData, where Δ is the maximum value of reported data per user);
2) will be provided with
Figure BDA0001956682570000048
Reporting to a gateway;
(3) secure data aggregation stage
When the gateway receives all
Figure BDA0001956682570000049
(where i is 1,2, …, n), the following operations are performed:
1) computing
Figure BDA0001956682570000051
2) Will be provided with
Figure BDA0001956682570000052
Reporting to a control center;
(4) aggregated data recovery phase
When the control center receives the encrypted aggregation information
Figure BDA0001956682570000053
Thereafter, the following operations are performed:
1) computing
Figure BDA0001956682570000054
Figure BDA0001956682570000055
2) Computing
Figure BDA0001956682570000056
Figure BDA0001956682570000057
3) Computing
Figure BDA0001956682570000058
Namely, it is
Figure BDA0001956682570000059
Based on the discrete logarithm with h as the base, the small plaintext space aggregation data containing noise information of all users is recovered
Figure BDA00019566825700000510
Due to the fact that
Figure BDA00019566825700000511
Figure BDA00019566825700000512
Still in the small plaintext space {0,1,2, …, n Δ }, using Pollard method, can be used in
Figure BDA00019566825700000513
Completing the operation within the calculation complexity;
4) computing
Figure BDA00019566825700000514
Figure BDA0001956682570000061
Because of the fact that
Figure BDA0001956682570000062
Therefore, it is not only easy to use
Figure BDA0001956682570000063
Therefore, the temperature of the molten metal is controlled,
Figure BDA0001956682570000064
5) computing
Figure BDA0001956682570000065
Recovering large plaintext space aggregation data containing noise information of all users
Figure BDA0001956682570000066
The Internet of things communication method for plaintext aggregation and difference safety in large and small spaces is characterized in that i)
Figure BDA0001956682570000067
xp(p-1)=1mod p2(ii) a ii) let y equal 1+ p, yp= 1mod p2Derived by the following derivation:
according to the Euler function, phi (p)2)=p2(1-1/p) ═ p (p-1) ═ 2pq, so groups
Figure BDA0001956682570000068
The total number of elements is 2 pq. For integers less than p
Figure BDA0001956682570000069
According to Fermat theorem, xp-11mod p, so for some integer k, x is satisfiedp-11+ k p. Thereby to obtain
Figure BDA00019566825700000610
When k is equal to 1, the first step is carried out,
Figure BDA00019566825700000611
let y be 1+ p, then gcd (y, p)2) 1, thus yp=1mod p2
The internet of things communication system with the functions of plaintext aggregation and difference safety in large and small spaces is characterized by comprising the following components:
a trusted authority: the authority center is responsible for managing the whole system and has high credibility and strong computing power;
the control center: the system is responsible for integrating, processing and analyzing real-time report data of each user and providing overall comprehensive intelligent service;
a gateway: the relay function is responsible for forwarding the report data of each user to the control center; the aggregation function is responsible for aggregating data submitted by each user;
sensing nodes: the sensing end of the Internet of things has N nodes N ═ N1,N2,…,NnOr user U ═ U1,U2,…,UnN is the maximum value of nmaxEach node NiThe E.N is provided with an internet of things sensor and is used for collecting and periodically reporting 2 types of data of the user in real time<mi,xi>Wherein m isiAs large plaintext spatial data, xiIs small plaintext spatial data.
The internet of things communication system with the functions of plaintext aggregation and difference security in large and small spaces is characterized by further comprising:
(1) system initialization module
1) With the help of trusted authorities, constructs
Figure BDA0001956682570000071
An algebraic structure for simultaneously supporting large and small plaintext spatial data aggregation application on a group and a method for protecting privacy and security of personal data of a user;
2) with the help of a credible authority, a distributed technology is adopted, and a sensing node N is equal to { N ═ N1,N2,…,NnShared secret information s between gateway and control centeri(where i is 1,2, …, n), sgAnd scSatisfy the following requirements
Figure BDA0001956682570000072
A constraint for a method of protecting user privacy;
3) combining with the Fermat theorem, the Euler function and the binomial theorem, constructing an algebraic structure and a practical algorithm applied to the secure data communication of the Internet of things, and a method for protecting the privacy and the security of personal data of a user;
(2) user data reporting module
1) The method adapts to the dispersive and random topological structure of the communication system of the Internet of things and simultaneouslyDistributed data reporting technology supporting aggregation of large and small plaintext spatial data
Figure BDA0001956682570000081
Figure BDA0001956682570000082
(where i ═ 1,2, …, n), a method for protecting privacy security of each sensing node;
2) using laplace noise
Figure BDA0001956682570000083
(wherein G is1(n, lambda) and G2(n, λ) is 2 obedient gamma distributions
Figure BDA0001956682570000084
The independent and uniformly distributed random variables of the sensing node are independent and uniformly distributed, x is more than or equal to 0, and gamma (1/n) is a function value of a gamma function at a 1/n point), and gamma noise is added in a distributed mode, so that the technology that the overall effect is equivalent to that of the centralized addition of Laplace noise is obtained, and the method is used for sensing the node to resist differential attack;
(3) secure data aggregation module
1) A method for realizing bidirectional security data forwarding between a perception node and a control center by using a technology of routing and relaying the communication data of the Internet of things through a gateway;
2) safety aggregation of report data of all perception nodes in Internet of things through gateway
Figure BDA0001956682570000085
Figure BDA0001956682570000086
The method reduces the calculation load of the control center and reduces the network overhead of the system, thereby obviously improving the data reporting efficiency and the safety of the communication system of the Internet of things;
3) secret information s through implanted gatewaygA communication and cooperative control center and a sensing node, and a technology for reducing the operation authority of the control center,a method for sensing node privacy protection and secure data reporting;
(4) aggregated data recovery module
1) By incorporating secret information s in the control centrecIs eliminated and satisfied
Figure BDA0001956682570000087
Figure BDA0001956682570000088
The technology of the aggregation ciphertext additional information of the constraint condition is used for protecting the privacy of personal data of a user and ensuring the safety of a communication system;
2) based on
Figure BDA0001956682570000091
Mathematical relationship (1+ p) derived from groupp=1mod p2Separating out small plaintext aggregate data cipher text
Figure BDA0001956682570000092
A method for protecting privacy of user's personal data and securing a communication system;
3) pollard method based calculation of small plaintext aggregation data ciphertext
Figure BDA0001956682570000093
Recovering small plaintext aggregation data based on h-based discrete logarithm
Figure BDA0001956682570000094
A method for protecting privacy of user's personal data and securing a communication system;
4) obtaining big plaintext aggregation data ciphertext through small plaintext aggregation data separation
Figure BDA0001956682570000095
And then recovering large plaintext aggregated data based on Fermat's small theorem and binomial theorem
Figure BDA0001956682570000096
A method for protecting privacy of user's personal data and securing a communication system;
5) the method for resisting the user data differential attack by utilizing the infinite decomposability attribute of the Laplace noise and embedding the distributed gamma noise which is equivalent to the centralized Laplace noise into the aggregated data of the user.
Compared with the prior art, the invention has the following beneficial effects:
1) based on theoretical basis and mathematical characteristics such as number theory, algebraic geometry and the like, innovatively construct
Figure BDA0001956682570000097
An algebraic structure which simultaneously supports the requirements of large and small plaintext space data security aggregation on the group;
2) the application requirements of the communication system of the Internet of things are focused, and a safe data communication method and a safe data communication system which protect the privacy of users, are practical and efficient and simultaneously support the aggregation of large and small plaintext space data are designed;
3) aiming at the dispersive and random topological structure of the communication node of the Internet of things, distributed Laplace noise is skillfully integrated, and the differential privacy utility (small noise) and the differential privacy security of the data aggregation system are optimized and balanced while the lower calculation, storage and communication costs are ensured, so that the differential attack is effectively prevented.
4) Hardware intelligent simulation is carried out on the communication system of the Internet of things by constructing a hierarchical architecture of 'sensing node-gateway-control center', and internal and external attackers are effectively prevented from stealing the privacy information of users through differential attack by virtue of customized security software algorithm design.
Drawings
FIG. 1 is a diagram of an Internet of things architecture;
fig. 2 is a system architecture diagram.
Detailed Description
The invention is further described in detail and specific embodiments are given below with reference to the accompanying drawings.
A big and small space plaintext aggregation and difference safety Internet of things communication method is based on a typical Internet of things communication system application scene, and the overall system architecture is shown in FIG. 2 and comprises the following four participants: a trusted authority: an authority center with high reliability and strong computing power is responsible for managing the whole system; the control center: the system has high reliability, is responsible for integrating, processing and analyzing real-time report data of each user, and provides global comprehensive intelligent service; a gateway: the main functions include 2 aspects: firstly, the relay function is responsible for forwarding the report data of each user to a control center; secondly, the aggregation function is responsible for aggregating the data submitted by each user; sensing nodes: the sensing end of the Internet of things has N nodes N ═ N1,N2,…,Nn} (or user U ═ U1,U2,…,UnN) has a maximum value of nmaxEach node NiThe E.N is provided with an internet of things sensor and is used for collecting and periodically reporting 2 types of data of the user in real time< mi,xi>Wherein m isiAs large plaintext spatial data, xiIs small plaintext spatial data.
The method specifically comprises the following steps:
(1) system initialization phase
1) The credible authority randomly generates a security prime number p according to an input security parameter tau, wherein p is 2q +1, p is lambda, and q is also a large prime number; randomly selecting groups
Figure BDA0001956682570000111
Generating element of
Figure BDA0001956682570000112
Calculating h as gp mod p2(ii) a Selecting cryptographically secure hash functions
Figure BDA0001956682570000113
2) Under the above system parameter setting conditions, in the group
Figure BDA0001956682570000114
There is the following relationship: i)
Figure BDA0001956682570000115
xp(p-1)=1mod p2(ii) a ii) let y equal 1+ p, yp=1mod p2
The above relationship holds by the following derivation:
according to the Euler function, phi (p)2)=p2(1-1/p) ═ p (p-1) ═ 2pq, so groups
Figure BDA0001956682570000116
The total number of elements is 2 pq. For integers less than p
Figure BDA0001956682570000117
According to Fermat theorem, xp-11mod p, so for some integer k, x is satisfiedp-11+ k p. Thereby to obtain
Figure BDA0001956682570000118
When k is equal to 1, the first step is carried out,
Figure BDA0001956682570000119
let y be 1+ p, then gcd (y, p)2) 1, thus yp=1mod p2
3) The trusted authority performs the following operation, distributing all users U ═ U1,U2,…,UnSecret information of gateway and control center:
randomly selecting s for each useri∈Zp(p-1)(wherein i is 1,2, …, n), and converting s into eachiAssigned to each user Ui
Selecting and calculating sc,sg∈Zp(p-1)Satisfy the following requirements
Figure BDA00019566825700001110
Figure BDA00019566825700001111
Respectively combine s withc、sgAnd si(where i is 1,2, …, n) to control centers, gateways and individual users UiAs respective secret information;
4) the credible authority issues PK (p, g, H, H) as a system public key;
(2) user data reporting phase
Each user Ui(where i is 1,2, …, n) at the data reporting time tγPerform the following operation, 2 types of data<mi,xi>Reporting to a gateway:
1) computing
Figure BDA0001956682570000121
Figure BDA0001956682570000122
Wherein G is1(n,λ)、 G2(n,λ)、G1' (n, lambda) and G2' (n, λ) is 4 obedient gamma distributions
Figure BDA0001956682570000123
Figure BDA0001956682570000124
The independent and uniformly distributed random variables (wherein x is more than or equal to 0, and gamma (1/n) is the function value of the gamma function at the point 1/n;
Figure BDA0001956682570000125
large plaintext spatial data; x is the number ofiE {0,1,2, …, Δ } is small plaintext space data, where Δ is the maximum value of each user report data);
2) will be provided with
Figure BDA0001956682570000126
Reporting to a gateway;
(3) secure data aggregation stage
When the gateway receives all
Figure BDA0001956682570000127
(where i is 1,2, …, n), the following operations are performed:
1) computing
Figure BDA0001956682570000128
2) Will be provided with
Figure BDA0001956682570000131
Reporting to a control center;
(4) aggregated data recovery phase
When the control center receives the encrypted aggregation information
Figure BDA0001956682570000132
Thereafter, the following operations are performed:
1) computing
Figure BDA0001956682570000133
Figure BDA0001956682570000134
2) Computing
Figure BDA0001956682570000135
Figure BDA0001956682570000136
3) Computing
Figure BDA0001956682570000137
Namely, it is
Figure BDA0001956682570000138
Based on the discrete logarithm with h as the base, the small plaintext space aggregation data containing noise information of all users is recovered
Figure BDA0001956682570000139
Due to the fact that
Figure BDA00019566825700001310
Figure BDA00019566825700001311
Still in the small plaintext space {0,1,2, …, n Δ }, using Pollard method, can be used in
Figure BDA00019566825700001312
Completing the operation within the calculation complexity;
4) computing
Figure BDA00019566825700001313
Because of the fact that
Figure BDA00019566825700001314
Therefore, it is not only easy to use
Figure BDA00019566825700001315
Therefore, the temperature of the molten metal is controlled,
Figure BDA00019566825700001316
Figure BDA0001956682570000141
5) computing
Figure BDA0001956682570000142
Recovering large plaintext space aggregation data containing noise information of all users
Figure BDA0001956682570000143
A communication system of the Internet of things with plaintext aggregation and difference security in large and small spaces comprises:
a trusted authority: the authority center is responsible for managing the whole system and has high credibility and strong computing power; the control center: is responsible for integrating, processing and dividingAnalyzing real-time report data of each user and providing global comprehensive intelligent service; a gateway: the relay function is responsible for forwarding the report data of each user to the control center; the aggregation function is responsible for aggregating data submitted by each user; sensing nodes: the sensing end of the Internet of things has N nodes N ═ N1,N2,…,NnOr user U ═ U1,U2,…,UnN is the maximum value of nmaxEach node NiThe E.N is provided with an internet of things sensor and is used for collecting and periodically reporting 2 types of data of the user in real time<mi,xi>Wherein m isiAs large plaintext spatial data, xiIs small plaintext spatial data. The system further comprises:
(1) system initialization module
1) With the help of trusted authorities, constructs
Figure BDA0001956682570000144
An algebraic structure for simultaneously supporting large and small plaintext spatial data aggregation application on a group and a method for protecting privacy and security of personal data of a user;
2) with the help of a credible authority, a distributed technology is adopted, and a sensing node N is equal to { N ═ N1,N2,…,NnShared secret information s between gateway and control centeri(where i is 1,2, …, n), sgAnd scSatisfy the following requirements
Figure BDA0001956682570000145
A constraint for a method of protecting user privacy;
3) combining with the Fermat theorem, the Euler function and the binomial theorem, constructing an algebraic structure and a practical algorithm applied to the secure data communication of the Internet of things, and a method for protecting the privacy and the security of personal data of a user;
(2) user data reporting module
1) Distributed data reporting technology adaptive to dispersive and random topological structure of communication system of Internet of things and supporting aggregation of large and small plaintext spatial data
Figure BDA0001956682570000151
Figure BDA0001956682570000152
(where i ═ 1,2, …, n), a method for protecting privacy security of each sensing node;
2) using laplace noise
Figure BDA0001956682570000153
(wherein G is1(n, lambda) and G2(n, λ) is 2 obedient gamma distributions
Figure BDA0001956682570000154
The independent and uniformly distributed random variables of the sensing node are independent and uniformly distributed, x is more than or equal to 0, and gamma (1/n) is a function value of a gamma function at a 1/n point), and gamma noise is added in a distributed mode, so that the technology that the overall effect is equivalent to that of the centralized addition of Laplace noise is obtained, and the method is used for sensing the node to resist differential attack;
(3) secure data aggregation module
1) A method for realizing bidirectional security data forwarding between a perception node and a control center by using a technology of routing and relaying the communication data of the Internet of things through a gateway;
2) safety aggregation of report data of all perception nodes in Internet of things through gateway
Figure BDA0001956682570000155
Figure BDA0001956682570000156
The method reduces the calculation load of the control center and reduces the network overhead of the system, thereby obviously improving the data reporting efficiency and the safety of the communication system of the Internet of things;
3) secret information s through implanted gatewaygThe technology for communicating and coordinating the control center and the sensing node, reducing the operation authority of the control center and the method for privacy protection and safety data report of the sensing node are provided;
(4) aggregated data recovery module
1) By incorporating secret information s in the control centrecIs eliminated and satisfied
Figure BDA0001956682570000161
Figure BDA0001956682570000162
The technology of the aggregation ciphertext additional information of the constraint condition is used for protecting the privacy of personal data of a user and ensuring the safety of a communication system;
2) based on
Figure BDA0001956682570000163
Mathematical relationship (1+ p) derived from groupp=1mod p2Separating out small plaintext aggregate data cipher text
Figure BDA0001956682570000164
A method for protecting privacy of user's personal data and securing a communication system;
3) pollard method based calculation of small plaintext aggregation data ciphertext
Figure BDA0001956682570000165
Recovering small plaintext aggregation data based on h-based discrete logarithm
Figure BDA0001956682570000166
A method for protecting privacy of user's personal data and securing a communication system;
4) obtaining big plaintext aggregation data ciphertext through small plaintext aggregation data separation
Figure BDA0001956682570000167
And then recovering large plaintext aggregated data based on Fermat's small theorem and binomial theorem
Figure BDA0001956682570000168
For protecting privacy of user's personal data anda method for ensuring the security of a communication system;
5) the method for resisting the user data differential attack by utilizing the infinite decomposability attribute of the Laplace noise and embedding the distributed gamma noise which is equivalent to the centralized Laplace noise into the aggregated data of the user.
The system has the following technical characteristics:
(1) based on theoretical basis and mathematical characteristics such as number theory, algebraic geometry and the like, innovatively construct
Figure BDA0001956682570000169
An algebraic structure which simultaneously supports the requirements of large and small plaintext space data security aggregation on the group;
(2) the application requirements of the communication system of the Internet of things are focused, and a safe data communication method and a safe data communication system which protect the privacy of users, are practical and efficient and simultaneously support the aggregation of large and small plaintext space data are designed;
(3) aiming at the dispersive and random topological structure of the communication node of the Internet of things, distributed Laplace noise is skillfully integrated, and the differential privacy utility (small noise) and the differential privacy security of the data aggregation system are optimized and balanced while the lower calculation, storage and communication costs are ensured, so that the differential attack is effectively prevented.
(4) Hardware intelligent simulation is carried out on the communication system of the Internet of things by constructing a hierarchical architecture of a sensing node, a gateway and a control center, and internal and external attackers are effectively prevented from stealing the privacy information of users through differential attack by virtue of customized security software algorithm design.

Claims (3)

1. A big space plaintext polymerization and difference safe thing networking communication method, characterized by that this method is based on thing networking communication system application scene, responsible for managing the whole system by the credible authority; the control center is responsible for integrating, processing and analyzing the real-time report data of the users and providing overall comprehensive intelligent service; the gateway is responsible for forwarding the report data of each user to the control center and aggregating the data submitted by each user; byThe n sensing nodes with the sensors of the Internet of things at the sensing end of the Internet of things are responsible for collecting and periodically reporting the large plaintext spatial data m of the user in real timeiAnd small plaintext spatial data xiThe method comprises the following specific steps:
(1) system initialization phase
1) The credible authority randomly generates a security prime number p according to an input security parameter tau, wherein p is 2q +1, p is lambda, and q is a large prime number; randomly selecting groups
Figure FDA0003289555480000011
Generating element of
Figure FDA0003289555480000012
Calculating h as gp mod p2(ii) a Selecting cryptographically secure hash functions
Figure FDA0003289555480000013
2) Under the conditions of the above step 1), in the group
Figure FDA0003289555480000014
There is the following relationship: i)
Figure FDA0003289555480000015
xp(p-1)=1 mod p2(ii) a ii) let y equal 1+ p, yp=1 mod p2
3) The trusted authority performs the following operation, distributing all users U ═ U1,U2,…,UnSecret information of gateway and control center:
randomly selecting s for each useri∈Zp(p-1)Where i is 1,2, …, n, and s isiAssigned to each user Ui
Selecting and calculating sc,sg∈Zp(p-1)Satisfy the following requirements
Figure FDA0003289555480000016
Figure FDA0003289555480000017
Respectively combine s withc、sgAnd siWhere i is 1,2, …, n, assigned to the control center, the gateway and the individual users UiAs respective secret information;
4) the credible authority issues PK (p, g, H, H) as a system public key;
(2) user data reporting phase
Each user UiWhere i is 1,2, …, n, at the data reporting time tγPerform the following operation, 2 types of data mi,xiReporting to a gateway:
1) computing
Figure FDA0003289555480000021
Figure FDA0003289555480000022
Wherein G is1(n,λ)、G2(n,λ)、G1' (n, lambda) and G2' (n, λ) is 4 obedient gamma distributions
Figure FDA0003289555480000023
Figure FDA0003289555480000024
The independent and uniformly distributed random variables of (1) are provided, x is more than or equal to 0, and gamma function is a function value of point 1/n;
Figure FDA0003289555480000025
large plaintext spatial data; x is the number ofiE {0,1,2, …, delta } is small plaintext space data, and delta is the maximum value of each user report data;
2) will be provided with
Figure FDA0003289555480000026
Reporting to a gateway;
(3) secure data aggregation stage
When the gateway receives all
Figure FDA0003289555480000027
Thereafter, where i is 1,2, …, n, the following operations are performed:
1) computing
Figure FDA0003289555480000028
2) Will be provided with
Figure FDA0003289555480000029
Reporting to a control center;
(4) aggregated data recovery phase
When the control center receives the encrypted aggregation information
Figure FDA0003289555480000031
Thereafter, the following operations are performed:
1) computing
Figure FDA0003289555480000032
Figure FDA0003289555480000033
2) Computing
Figure FDA0003289555480000034
Figure FDA0003289555480000035
3) Computing
Figure FDA0003289555480000036
Namely, it is
Figure FDA0003289555480000037
Based on the discrete logarithm with h as the base, the small plaintext space aggregation data containing noise information of all users is recovered
Figure FDA0003289555480000038
Due to the fact that
Figure FDA0003289555480000039
Figure FDA00032895554800000310
Still in the small plaintext space {0,1,2, …, n · Δ }, where Δ is the maximum value of the reported data for each user, Pollard method can be used
Figure FDA00032895554800000311
Completing the operation within the calculation complexity;
4) computing
Figure FDA00032895554800000312
Because of the fact that
Figure FDA00032895554800000313
Therefore, it is not only easy to use
Figure FDA00032895554800000314
Therefore, the temperature of the molten metal is controlled,
Figure FDA00032895554800000315
5) computing
Figure FDA0003289555480000041
Recovering large plaintext space aggregation data containing noise information of all users
Figure FDA0003289555480000042
2. The method according to claim 1, wherein i)
Figure FDA0003289555480000043
xp(p-1)=1 mod p2(ii) a ii) let y equal 1+ p, yp=1 mod p2Derived by the following derivation:
according to the Euler function, phi (p)2)=p2(1-1/p) ═ p (p-1) ═ 2pq, so groups
Figure FDA0003289555480000044
In total 2pq elements, for integers less than p
Figure FDA0003289555480000045
According to Fermat theorem, xp-11mod p, so for some integer k, x is satisfiedp-11+ k p, thereby
Figure FDA0003289555480000046
When k is equal to 1, the first step is carried out,
Figure FDA0003289555480000047
let y be 1+ p, then
gcd(y,p2) 1, thus yp=1 mod p2
3. The utility model provides a big small space plaintext is gathered and safe thing networking communication system of difference which characterized in that, this system includes:
a trusted authority: the authority center is responsible for managing the whole system and has high credibility and strong computing power;
the control center: the system is responsible for integrating, processing and analyzing real-time report data of each user and providing overall comprehensive intelligent service;
a gateway: the relay function is responsible for forwarding the report data of each user to the control center; the aggregation function is responsible for aggregating data submitted by each user;
sensing nodes: the sensing end of the Internet of things has N nodes N ═ N1,N2,…,NnOr user U ═ U1,U2,…,UnN is the maximum value of nmaxEach node NiThe E.N is provided with an internet of things sensor and is used for collecting and periodically reporting 2 types of data m of the user in real timeiAnd xiWherein m isiAs large plaintext spatial data, xiSmall plaintext spatial data;
the communication system further comprises:
(1) system initialization module
1) Constructing a group with the help of a trusted authority
Figure FDA0003289555480000051
Meanwhile, an algebraic structure for aggregation application of large and small plaintext spatial data is supported, and the algebraic structure is used for protecting privacy and safety of personal data of a user;
2) with the help of a credible authority, a distributed technology is adopted, and a sensing node N is equal to { N ═ N1,N2,…,NnShared secret information s between gateway and control centeri、sgAnd scWherein i is 1,2, …, n, satisfies
Figure FDA0003289555480000052
The constraint condition is used for protecting the privacy of the user, wherein p is a security prime number;
3) combining with the Fermat theorem, the Euler function and the binomial theorem, constructing an algebraic structure and a practical algorithm applied to the secure data communication of the Internet of things, and protecting the privacy and the security of personal data of a user;
(2) user data reporting module
1) Distributed data reporting technology adaptive to dispersive and random topological structure of communication system of Internet of things and supporting aggregation of large and small plaintext spatial data
Figure FDA0003289555480000053
Figure FDA0003289555480000054
Wherein i is 1,2, …, n, for protecting privacy security of each sensing node; g is a randomly selected group
Figure FDA0003289555480000055
A generator of (2);
2) using laplace noise
Figure FDA0003289555480000056
Of infinite resolvability, wherein G1(n,λ)、G2(n,λ)、G1' (n, lambda) and G2' (n, λ) is 4 obedient gamma distributions
Figure FDA0003289555480000061
The gamma function is a function value of the gamma function at a 1/n point, and gamma noise is added in a distributed mode, so that the overall effect is equivalent to the technology of adding Laplace noise in a centralized mode and the technology is used for sensing nodes to resist differential attack;
(3) secure data aggregation module
1) The technology of routing and relaying the communication data of the Internet of things through the gateway realizes the bidirectional security data forwarding between the sensing node and the control center;
2) safety aggregation of report data of all perception nodes in Internet of things through gateway
Figure FDA0003289555480000062
Figure FDA0003289555480000063
The computing load of the control center is reduced, and the network overhead of the system is reduced, so that the data reporting efficiency and the safety of the communication system of the Internet of things are obviously improved;
3) secret information s through implanted gatewaygThe control center and the sensing node are communicated and cooperated, the technology of reducing the operation authority of the control center, and the privacy protection and safety data report of the sensing node are realized;
(4) aggregated data recovery module
1) By incorporating secret information s in the control centrecIs eliminated and satisfied
Figure FDA0003289555480000064
Figure FDA0003289555480000065
The technology of the ciphertext additional information aggregation of the constraint conditions protects the privacy of the personal data of the user and ensures the safety of a communication system;
2) based on
Figure FDA0003289555480000066
Mathematical relationship (1+ p) derived from groupp=1 mod p2Separating out small plaintext aggregate data cipher text
Figure FDA0003289555480000067
The technology of (2) protects the privacy of the personal data of the user and ensures the safety of the communication system; wherein h is gp mod p2
3) Pollard method based calculation of small plaintext aggregation data ciphertext
Figure FDA0003289555480000068
Recovering small plaintext aggregation data based on h-based discrete logarithm
Figure FDA0003289555480000071
The technology of (2) protects the privacy of the personal data of the user and ensures the safety of the communication system;
4) obtaining big plaintext aggregation data ciphertext through small plaintext aggregation data separation
Figure FDA0003289555480000072
And then recovering large plaintext aggregated data based on Fermat's small theorem and binomial theorem
Figure FDA0003289555480000073
The technology of (2) protects the privacy of the personal data of the user and ensures the safety of the communication system;
5) by utilizing the infinite decomposability property of the Laplace noise, the user data differential attack is resisted through a technology of embedding distributed gamma noise equivalent to centralized Laplace noise in the aggregated data of the user.
CN201910069048.0A 2019-01-24 2019-01-24 Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces Active CN110049000B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910069048.0A CN110049000B (en) 2019-01-24 2019-01-24 Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910069048.0A CN110049000B (en) 2019-01-24 2019-01-24 Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces

Publications (2)

Publication Number Publication Date
CN110049000A CN110049000A (en) 2019-07-23
CN110049000B true CN110049000B (en) 2021-11-23

Family

ID=67274147

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910069048.0A Active CN110049000B (en) 2019-01-24 2019-01-24 Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces

Country Status (1)

Country Link
CN (1) CN110049000B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8238290B2 (en) * 2010-06-02 2012-08-07 Erik Ordentlich Compressing data in a wireless multi-hop network
CN104007336A (en) * 2014-05-06 2014-08-27 昆明理工大学 Transformer on-line monitoring information polymerization method based on internet of things
CN104580061A (en) * 2015-01-12 2015-04-29 浙江工商大学 Aggregation method and system supporting fault tolerance and resisting differential attacks in smart power grid
CN104579781A (en) * 2015-01-12 2015-04-29 浙江工商大学 Smart power grid aggregation method and system for differential privacy security and fault tolerance
CN104639311A (en) * 2015-01-12 2015-05-20 浙江工商大学 Combining method and system for protecting power utilization privacy and integrity in smart power grid
CN105279315A (en) * 2015-09-29 2016-01-27 昆明理工大学 Related analysis and Mahalanobis distance based transformer online monitoring information aggregation analysis method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120197856A1 (en) * 2011-01-28 2012-08-02 Cisco Technology, Inc. Hierarchical Network for Collecting, Aggregating, Indexing, and Searching Sensor Data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8238290B2 (en) * 2010-06-02 2012-08-07 Erik Ordentlich Compressing data in a wireless multi-hop network
CN104007336A (en) * 2014-05-06 2014-08-27 昆明理工大学 Transformer on-line monitoring information polymerization method based on internet of things
CN104580061A (en) * 2015-01-12 2015-04-29 浙江工商大学 Aggregation method and system supporting fault tolerance and resisting differential attacks in smart power grid
CN104579781A (en) * 2015-01-12 2015-04-29 浙江工商大学 Smart power grid aggregation method and system for differential privacy security and fault tolerance
CN104639311A (en) * 2015-01-12 2015-05-20 浙江工商大学 Combining method and system for protecting power utilization privacy and integrity in smart power grid
CN105279315A (en) * 2015-09-29 2016-01-27 昆明理工大学 Related analysis and Mahalanobis distance based transformer online monitoring information aggregation analysis method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
A Lightweight Privacy-Preserving Data Aggregation Scheme for Fog Computing-Enhanced IoT;Rongxing Lu;《IEEE Access》;20170302;第3302-3312页 *
A New Differentially Private Data Aggregation With Fault Tolerance for Smart Grid Communications;Haiyong Bao;《IEEE Internet of Things Journal》;20150312;第248-258页 *
Reliable and Privacy-Preserving Selective Data Aggregation for Fog-Based IoT;Rongxing Lu;《2018 IEEE International Conference on Communications (ICC)》;20180731;第1-6页 *

Also Published As

Publication number Publication date
CN110049000A (en) 2019-07-23

Similar Documents

Publication Publication Date Title
Ruj et al. A decentralized security framework for data aggregation and access control in smart grids
Jokar et al. A survey on security issues in smart grids
Fouda et al. A lightweight message authentication scheme for smart grid communications
Bao et al. A new differentially private data aggregation with fault tolerance for smart grid communications
He et al. Distributed privacy-preserving data aggregation against dishonest nodes in network systems
Merad-Boudia et al. An efficient and secure multidimensional data aggregation for fog-computing-based smart grid
CN110650116B (en) Multi-type multi-dimensional data aggregation method for security smart power grid
CN109640299B (en) Aggregation method and system for ensuring M2M communication integrity and fault tolerance
Dong et al. An ElGamal-based efficient and privacy-preserving data aggregation scheme for smart grid
CN112532389B (en) Smart power grid lightweight privacy protection data aggregation method based on block chain
Zhang et al. A privacy-preserving distributed smart metering temporal and spatial aggregation scheme
Ge et al. FGDA: Fine-grained data analysis in privacy-preserving smart grid communications
CN110839028A (en) Privacy protection method for fog-assisted industrial Internet of things
Romdhane et al. At the cross roads of lattice-based and homomorphic encryption to secure data aggregation in smart grid
Parvez et al. A key management-based two-level encryption method for AMI
CN115118756A (en) Method and device for designing safety interaction protocol in energy internet scene
Ramyasri et al. Data transmission using secure hybrid techniques for smart energy metering devices
Jiang et al. Lightweight data security protection method for AMI in power Internet of Things
Huang et al. A lightweight and fault-tolerable data aggregation scheme for privacy-friendly smart grids environment
CN110049000B (en) Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces
CN110661771B (en) Secure smart power grid access control method and system for resisting differential attack
CN109889501B (en) Method and system for multi-dimensional data aggregation and multi-function analysis in internet of things
Wang et al. Preen: An aggregation mechanism for privacy-preserving smart-metering communications
Guan et al. Protecting user privacy based on secret sharing with fault tolerance for big data in smart grid
Lim et al. Security system architecture for data integrity based on a virtual smart meter overlay in a smart grid system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant