CN110049000B - Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces - Google Patents
Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces Download PDFInfo
- Publication number
- CN110049000B CN110049000B CN201910069048.0A CN201910069048A CN110049000B CN 110049000 B CN110049000 B CN 110049000B CN 201910069048 A CN201910069048 A CN 201910069048A CN 110049000 B CN110049000 B CN 110049000B
- Authority
- CN
- China
- Prior art keywords
- data
- user
- plaintext
- aggregation
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/38—Services specially adapted for particular environments, situations or purposes for collecting sensor information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a large and small space plaintext aggregation and difference safety Internet of things communication method and system, wherein a credible authority is responsible for managing the whole system; the control center is responsible for integrating, processing and analyzing the real-time report data of the user and providing comprehensive intelligent service; the gateway is responsible for forwarding the reported data to the control center and aggregating the data; the sensing node of the sensing end of the Internet of things is responsible for collecting and periodically reporting the size plaintext spatial data of the user in real time, and the method comprises the following specific steps: a system initialization stage; a user data reporting stage; a secure data aggregation stage; and an aggregated data recovery phase. The invention is innovated to constructAn algebraic structure which simultaneously supports the requirements of large and small plaintext space data security aggregation on the group; the differential privacy effectiveness and the differential privacy security of the data aggregation system are optimized and balanced, so that differential attack is effectively prevented; by constructing a hierarchical architecture, an attacker can be effectively resisted to steal the privacy information of the user through differential attack.
Description
Technical Field
The invention belongs to the technical field of Internet of things communication, and particularly relates to an Internet of things communication method and system with safe plaintext aggregation and difference in large and small spaces.
Background
In the prior art, by introducing a distributed blind factor, Shi and the like perform blind processing on report data of users, and a control center obtains aggregated data of all users through blind operation. However, the system only realizes (epsilon, delta) differential privacy security, each user adds noise in a distributed mode with a certain probability delta, so that the added noise information has uncertainty, and the differential privacy has low effectiveness. Acs et al designs a data aggregation system by sharing a secret key among users, but the secret key distribution algorithm has huge storage, communication and calculation costs and serious network delay; aiming at possible network packet loss and potential differential attack, the system adds extra noise based on the hypothetical network packet loss rate so as to meet the safety requirement of differential privacy, and the average utility of the differential privacy of the system is very low because the actual communication fault and physical fault are difficult to predict accurately. Based on the BGN homomorphic encryption technology, relevant scholars propose some data aggregation schemes for protecting personal privacy of users in the communication system of the Internet of things. Since the data aggregation scheme based on the BGN mechanism relies on a brute force search technique to decrypt and obtain the aggregated plaintext of users, the report data of each user must be limited in a small plaintext space, and this constraint greatly limits the practicability of the system. In addition, the relatives design some data aggregation schemes based on the technologies of homomodulo addition encryption, polynomial coefficient hiding, distributed storage of communication data, and the like. However, the existing data aggregation system cannot support the data aggregation of a small plaintext space and a large plaintext space at the same time; moreover, potential differential attacks of a network system, especially a communication system of the internet of things, cannot be effectively resisted, and the effectiveness of differential privacy is low. Therefore, an efficient, secure, wide-area (while supporting large and small plaintext spatial information) data aggregation system for internet of things communication systems is lacking.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide an Internet of things communication method and system with large and small space plaintext aggregation and difference safety. The communication system of the Internet of things relates to a large number of intelligent devices, and realizes automatic intelligent monitoring, data analysis and collaborative decision under the condition of no human intervention through information acquisition, transmission and sharing. Due to the low deployment cost and the universal applicability, the method has wide application prospects in the fields of traffic monitoring, intelligent metering, environment monitoring, industrial control, weather forecasting and the like. Although there is some difference in the communication systems of the internet of things for different application fields, the overall architecture is basically similar, and usually has three major parts: a sensing domain, a network domain and an application domain, as shown in fig. 1. Under the framework, information is generated by a sensor in a perception domain, then is transmitted in a wired/wireless mode in a network domain, and finally is transmitted to an application domain through a gateway for centralized processing, analysis and decision making. However, the open internet makes the internet of things application system face many serious challenges in information security and privacy protection. Therefore, the invention realizes a safe data communication system of the internet of things, and the main innovation points comprise that: 1) an algebraic structure for simultaneously supporting the requirements of safe aggregation of large and small plaintext spatial data is innovatively constructed; 2) based on theoretical support, a practical and efficient safety data aggregation algorithm and an application system which protect the privacy of the Internet of things perception terminal user are designed; 3) aiming at the dispersive and random topological structure of the communication node of the Internet of things, distributed Laplace noise is skillfully integrated, and the differential privacy utility (small noise) and the differential privacy security of a data aggregation system are optimized and balanced while the lower calculation, storage and communication cost is ensured, so that the differential attack is effectively prevented; 4) a typical Internet of things communication system is subjected to intelligent simulation and bionics, a hierarchical architecture of a sensing node, a gateway and a control center is designed based on a sensing domain, a network domain and an application domain, and internal and external attackers are effectively prevented from stealing privacy information of users through network attack, data analysis and differential attack through customized security software algorithm design.
The invention is realized by the following technical scheme:
the Internet of things communication method for plaintext aggregation and difference safety in large and small spacesThe method is characterized in that the method is based on an application scene of the communication system of the Internet of things, and a credible authority is responsible for managing the whole system; the control center is responsible for integrating, processing and analyzing the real-time report data of the users and providing overall comprehensive intelligent service; the gateway is responsible for forwarding the report data of each user to the control center and aggregating the data submitted by each user; n sensing nodes with internet of things sensors at sensing end of the internet of things are responsible for collecting and periodically reporting large plaintext spatial data m of users in real timeiAnd small plaintext spatial data xiThe method comprises the following specific steps:
(1) system initialization phase
1) The credible authority randomly generates a security prime number p according to an input security parameter tau, wherein p is 2q +1, p is lambda, and q is also a large prime number; randomly selecting groupsGenerating element ofCalculating h as gp mod p2(ii) a Selecting cryptographically secure hash functions
2) Under the above system parameter setting conditions, in the groupThere is the following relationship: i)xp(p-1)=1mod p2(ii) a ii) let y equal 1+ p, yp=1mod p2;
3) The trusted authority performs the following operation, distributing all users U ═ U1,U2,…,UnSecret information of gateway and control center:
randomly selecting s for each useri∈Zp(p-1)(wherein i is 1,2,…, n), and respectively adding siAssigned to each user Ui;
Respectively combine s withc、sgAnd si(where i is 1,2, …, n) to control centers, gateways and individual users UiAs respective secret information;
4) the credible authority issues PK (p, g, H, H) as a system public key;
(2) user data reporting phase
Each user Ui(where i is 1,2, …, n) at the data reporting time tγPerform the following operation, 2 types of data<mi,xi>Reporting to a gateway:
1) computing Wherein G is1(n,λ)、 G2(n,λ)、G1' (n, lambda) and G2' (n, λ) is 4 obedient gamma distributions The independent and uniformly distributed random variables (wherein x is more than or equal to 0, and gamma (1/n) is the function value of the gamma function at the point 1/n;large plaintext spatial data; x is the number ofiE {0,1,2, …, delta } is a small plaintext spaceData, where Δ is the maximum value of reported data per user);
(3) secure data aggregation stage
1) computing
(4) aggregated data recovery phase
When the control center receives the encrypted aggregation informationThereafter, the following operations are performed:
3) ComputingNamely, it isBased on the discrete logarithm with h as the base, the small plaintext space aggregation data containing noise information of all users is recoveredDue to the fact that Still in the small plaintext space {0,1,2, …, n Δ }, using Pollard method, can be used inCompleting the operation within the calculation complexity;
4) computing
Because of the fact thatTherefore, it is not only easy to useTherefore, the temperature of the molten metal is controlled,
5) computingRecovering large plaintext space aggregation data containing noise information of all users
The Internet of things communication method for plaintext aggregation and difference safety in large and small spaces is characterized in that i)xp(p-1)=1mod p2(ii) a ii) let y equal 1+ p, yp= 1mod p2Derived by the following derivation:
according to the Euler function, phi (p)2)=p2(1-1/p) ═ p (p-1) ═ 2pq, so groupsThe total number of elements is 2 pq. For integers less than pAccording to Fermat theorem, xp-11mod p, so for some integer k, x is satisfiedp-11+ k p. Thereby to obtainWhen k is equal to 1, the first step is carried out,let y be 1+ p, then gcd (y, p)2) 1, thus yp=1mod p2。
The internet of things communication system with the functions of plaintext aggregation and difference safety in large and small spaces is characterized by comprising the following components:
a trusted authority: the authority center is responsible for managing the whole system and has high credibility and strong computing power;
the control center: the system is responsible for integrating, processing and analyzing real-time report data of each user and providing overall comprehensive intelligent service;
a gateway: the relay function is responsible for forwarding the report data of each user to the control center; the aggregation function is responsible for aggregating data submitted by each user;
sensing nodes: the sensing end of the Internet of things has N nodes N ═ N1,N2,…,NnOr user U ═ U1,U2,…,UnN is the maximum value of nmaxEach node NiThe E.N is provided with an internet of things sensor and is used for collecting and periodically reporting 2 types of data of the user in real time<mi,xi>Wherein m isiAs large plaintext spatial data, xiIs small plaintext spatial data.
The internet of things communication system with the functions of plaintext aggregation and difference security in large and small spaces is characterized by further comprising:
(1) system initialization module
1) With the help of trusted authorities, constructsAn algebraic structure for simultaneously supporting large and small plaintext spatial data aggregation application on a group and a method for protecting privacy and security of personal data of a user;
2) with the help of a credible authority, a distributed technology is adopted, and a sensing node N is equal to { N ═ N1,N2,…,NnShared secret information s between gateway and control centeri(where i is 1,2, …, n), sgAnd scSatisfy the following requirementsA constraint for a method of protecting user privacy;
3) combining with the Fermat theorem, the Euler function and the binomial theorem, constructing an algebraic structure and a practical algorithm applied to the secure data communication of the Internet of things, and a method for protecting the privacy and the security of personal data of a user;
(2) user data reporting module
1) The method adapts to the dispersive and random topological structure of the communication system of the Internet of things and simultaneouslyDistributed data reporting technology supporting aggregation of large and small plaintext spatial data (where i ═ 1,2, …, n), a method for protecting privacy security of each sensing node;
2) using laplace noise(wherein G is1(n, lambda) and G2(n, λ) is 2 obedient gamma distributionsThe independent and uniformly distributed random variables of the sensing node are independent and uniformly distributed, x is more than or equal to 0, and gamma (1/n) is a function value of a gamma function at a 1/n point), and gamma noise is added in a distributed mode, so that the technology that the overall effect is equivalent to that of the centralized addition of Laplace noise is obtained, and the method is used for sensing the node to resist differential attack;
(3) secure data aggregation module
1) A method for realizing bidirectional security data forwarding between a perception node and a control center by using a technology of routing and relaying the communication data of the Internet of things through a gateway;
2) safety aggregation of report data of all perception nodes in Internet of things through gateway The method reduces the calculation load of the control center and reduces the network overhead of the system, thereby obviously improving the data reporting efficiency and the safety of the communication system of the Internet of things;
3) secret information s through implanted gatewaygA communication and cooperative control center and a sensing node, and a technology for reducing the operation authority of the control center,a method for sensing node privacy protection and secure data reporting;
(4) aggregated data recovery module
1) By incorporating secret information s in the control centrecIs eliminated and satisfied The technology of the aggregation ciphertext additional information of the constraint condition is used for protecting the privacy of personal data of a user and ensuring the safety of a communication system;
2) based onMathematical relationship (1+ p) derived from groupp=1mod p2Separating out small plaintext aggregate data cipher textA method for protecting privacy of user's personal data and securing a communication system;
3) pollard method based calculation of small plaintext aggregation data ciphertextRecovering small plaintext aggregation data based on h-based discrete logarithmA method for protecting privacy of user's personal data and securing a communication system;
4) obtaining big plaintext aggregation data ciphertext through small plaintext aggregation data separationAnd then recovering large plaintext aggregated data based on Fermat's small theorem and binomial theoremA method for protecting privacy of user's personal data and securing a communication system;
5) the method for resisting the user data differential attack by utilizing the infinite decomposability attribute of the Laplace noise and embedding the distributed gamma noise which is equivalent to the centralized Laplace noise into the aggregated data of the user.
Compared with the prior art, the invention has the following beneficial effects:
1) based on theoretical basis and mathematical characteristics such as number theory, algebraic geometry and the like, innovatively constructAn algebraic structure which simultaneously supports the requirements of large and small plaintext space data security aggregation on the group;
2) the application requirements of the communication system of the Internet of things are focused, and a safe data communication method and a safe data communication system which protect the privacy of users, are practical and efficient and simultaneously support the aggregation of large and small plaintext space data are designed;
3) aiming at the dispersive and random topological structure of the communication node of the Internet of things, distributed Laplace noise is skillfully integrated, and the differential privacy utility (small noise) and the differential privacy security of the data aggregation system are optimized and balanced while the lower calculation, storage and communication costs are ensured, so that the differential attack is effectively prevented.
4) Hardware intelligent simulation is carried out on the communication system of the Internet of things by constructing a hierarchical architecture of 'sensing node-gateway-control center', and internal and external attackers are effectively prevented from stealing the privacy information of users through differential attack by virtue of customized security software algorithm design.
Drawings
FIG. 1 is a diagram of an Internet of things architecture;
fig. 2 is a system architecture diagram.
Detailed Description
The invention is further described in detail and specific embodiments are given below with reference to the accompanying drawings.
A big and small space plaintext aggregation and difference safety Internet of things communication method is based on a typical Internet of things communication system application scene, and the overall system architecture is shown in FIG. 2 and comprises the following four participants: a trusted authority: an authority center with high reliability and strong computing power is responsible for managing the whole system; the control center: the system has high reliability, is responsible for integrating, processing and analyzing real-time report data of each user, and provides global comprehensive intelligent service; a gateway: the main functions include 2 aspects: firstly, the relay function is responsible for forwarding the report data of each user to a control center; secondly, the aggregation function is responsible for aggregating the data submitted by each user; sensing nodes: the sensing end of the Internet of things has N nodes N ═ N1,N2,…,Nn} (or user U ═ U1,U2,…,UnN) has a maximum value of nmaxEach node NiThe E.N is provided with an internet of things sensor and is used for collecting and periodically reporting 2 types of data of the user in real time< mi,xi>Wherein m isiAs large plaintext spatial data, xiIs small plaintext spatial data.
The method specifically comprises the following steps:
(1) system initialization phase
1) The credible authority randomly generates a security prime number p according to an input security parameter tau, wherein p is 2q +1, p is lambda, and q is also a large prime number; randomly selecting groupsGenerating element ofCalculating h as gp mod p2(ii) a Selecting cryptographically secure hash functions
2) Under the above system parameter setting conditions, in the groupThere is the following relationship: i)xp(p-1)=1mod p2(ii) a ii) let y equal 1+ p, yp=1mod p2。
The above relationship holds by the following derivation:
according to the Euler function, phi (p)2)=p2(1-1/p) ═ p (p-1) ═ 2pq, so groupsThe total number of elements is 2 pq. For integers less than pAccording to Fermat theorem, xp-11mod p, so for some integer k, x is satisfiedp-11+ k p. Thereby to obtainWhen k is equal to 1, the first step is carried out,let y be 1+ p, then gcd (y, p)2) 1, thus yp=1mod p2;
3) The trusted authority performs the following operation, distributing all users U ═ U1,U2,…,UnSecret information of gateway and control center:
randomly selecting s for each useri∈Zp(p-1)(wherein i is 1,2, …, n), and converting s into eachiAssigned to each user Ui;
Respectively combine s withc、sgAnd si(where i is 1,2, …, n) to control centers, gateways and individual users UiAs respective secret information;
4) the credible authority issues PK (p, g, H, H) as a system public key;
(2) user data reporting phase
Each user Ui(where i is 1,2, …, n) at the data reporting time tγPerform the following operation, 2 types of data<mi,xi>Reporting to a gateway:
1) computing Wherein G is1(n,λ)、 G2(n,λ)、G1' (n, lambda) and G2' (n, λ) is 4 obedient gamma distributions The independent and uniformly distributed random variables (wherein x is more than or equal to 0, and gamma (1/n) is the function value of the gamma function at the point 1/n;large plaintext spatial data; x is the number ofiE {0,1,2, …, Δ } is small plaintext space data, where Δ is the maximum value of each user report data);
(3) secure data aggregation stage
1) computing
(4) aggregated data recovery phase
When the control center receives the encrypted aggregation informationThereafter, the following operations are performed:
3) ComputingNamely, it isBased on the discrete logarithm with h as the base, the small plaintext space aggregation data containing noise information of all users is recoveredDue to the fact that Still in the small plaintext space {0,1,2, …, n Δ }, using Pollard method, can be used inCompleting the operation within the calculation complexity;
4) computing
Because of the fact thatTherefore, it is not only easy to useTherefore, the temperature of the molten metal is controlled,
5) computingRecovering large plaintext space aggregation data containing noise information of all users
A communication system of the Internet of things with plaintext aggregation and difference security in large and small spaces comprises:
a trusted authority: the authority center is responsible for managing the whole system and has high credibility and strong computing power; the control center: is responsible for integrating, processing and dividingAnalyzing real-time report data of each user and providing global comprehensive intelligent service; a gateway: the relay function is responsible for forwarding the report data of each user to the control center; the aggregation function is responsible for aggregating data submitted by each user; sensing nodes: the sensing end of the Internet of things has N nodes N ═ N1,N2,…,NnOr user U ═ U1,U2,…,UnN is the maximum value of nmaxEach node NiThe E.N is provided with an internet of things sensor and is used for collecting and periodically reporting 2 types of data of the user in real time<mi,xi>Wherein m isiAs large plaintext spatial data, xiIs small plaintext spatial data. The system further comprises:
(1) system initialization module
1) With the help of trusted authorities, constructsAn algebraic structure for simultaneously supporting large and small plaintext spatial data aggregation application on a group and a method for protecting privacy and security of personal data of a user;
2) with the help of a credible authority, a distributed technology is adopted, and a sensing node N is equal to { N ═ N1,N2,…,NnShared secret information s between gateway and control centeri(where i is 1,2, …, n), sgAnd scSatisfy the following requirementsA constraint for a method of protecting user privacy;
3) combining with the Fermat theorem, the Euler function and the binomial theorem, constructing an algebraic structure and a practical algorithm applied to the secure data communication of the Internet of things, and a method for protecting the privacy and the security of personal data of a user;
(2) user data reporting module
1) Distributed data reporting technology adaptive to dispersive and random topological structure of communication system of Internet of things and supporting aggregation of large and small plaintext spatial data (where i ═ 1,2, …, n), a method for protecting privacy security of each sensing node;
2) using laplace noise(wherein G is1(n, lambda) and G2(n, λ) is 2 obedient gamma distributionsThe independent and uniformly distributed random variables of the sensing node are independent and uniformly distributed, x is more than or equal to 0, and gamma (1/n) is a function value of a gamma function at a 1/n point), and gamma noise is added in a distributed mode, so that the technology that the overall effect is equivalent to that of the centralized addition of Laplace noise is obtained, and the method is used for sensing the node to resist differential attack;
(3) secure data aggregation module
1) A method for realizing bidirectional security data forwarding between a perception node and a control center by using a technology of routing and relaying the communication data of the Internet of things through a gateway;
2) safety aggregation of report data of all perception nodes in Internet of things through gateway The method reduces the calculation load of the control center and reduces the network overhead of the system, thereby obviously improving the data reporting efficiency and the safety of the communication system of the Internet of things;
3) secret information s through implanted gatewaygThe technology for communicating and coordinating the control center and the sensing node, reducing the operation authority of the control center and the method for privacy protection and safety data report of the sensing node are provided;
(4) aggregated data recovery module
1) By incorporating secret information s in the control centrecIs eliminated and satisfied The technology of the aggregation ciphertext additional information of the constraint condition is used for protecting the privacy of personal data of a user and ensuring the safety of a communication system;
2) based onMathematical relationship (1+ p) derived from groupp=1mod p2Separating out small plaintext aggregate data cipher textA method for protecting privacy of user's personal data and securing a communication system;
3) pollard method based calculation of small plaintext aggregation data ciphertextRecovering small plaintext aggregation data based on h-based discrete logarithmA method for protecting privacy of user's personal data and securing a communication system;
4) obtaining big plaintext aggregation data ciphertext through small plaintext aggregation data separationAnd then recovering large plaintext aggregated data based on Fermat's small theorem and binomial theoremFor protecting privacy of user's personal data anda method for ensuring the security of a communication system;
5) the method for resisting the user data differential attack by utilizing the infinite decomposability attribute of the Laplace noise and embedding the distributed gamma noise which is equivalent to the centralized Laplace noise into the aggregated data of the user.
The system has the following technical characteristics:
(1) based on theoretical basis and mathematical characteristics such as number theory, algebraic geometry and the like, innovatively constructAn algebraic structure which simultaneously supports the requirements of large and small plaintext space data security aggregation on the group;
(2) the application requirements of the communication system of the Internet of things are focused, and a safe data communication method and a safe data communication system which protect the privacy of users, are practical and efficient and simultaneously support the aggregation of large and small plaintext space data are designed;
(3) aiming at the dispersive and random topological structure of the communication node of the Internet of things, distributed Laplace noise is skillfully integrated, and the differential privacy utility (small noise) and the differential privacy security of the data aggregation system are optimized and balanced while the lower calculation, storage and communication costs are ensured, so that the differential attack is effectively prevented.
(4) Hardware intelligent simulation is carried out on the communication system of the Internet of things by constructing a hierarchical architecture of a sensing node, a gateway and a control center, and internal and external attackers are effectively prevented from stealing the privacy information of users through differential attack by virtue of customized security software algorithm design.
Claims (3)
1. A big space plaintext polymerization and difference safe thing networking communication method, characterized by that this method is based on thing networking communication system application scene, responsible for managing the whole system by the credible authority; the control center is responsible for integrating, processing and analyzing the real-time report data of the users and providing overall comprehensive intelligent service; the gateway is responsible for forwarding the report data of each user to the control center and aggregating the data submitted by each user; byThe n sensing nodes with the sensors of the Internet of things at the sensing end of the Internet of things are responsible for collecting and periodically reporting the large plaintext spatial data m of the user in real timeiAnd small plaintext spatial data xiThe method comprises the following specific steps:
(1) system initialization phase
1) The credible authority randomly generates a security prime number p according to an input security parameter tau, wherein p is 2q +1, p is lambda, and q is a large prime number; randomly selecting groupsGenerating element ofCalculating h as gp mod p2(ii) a Selecting cryptographically secure hash functions
2) Under the conditions of the above step 1), in the groupThere is the following relationship: i)xp(p-1)=1 mod p2(ii) a ii) let y equal 1+ p, yp=1 mod p2;
3) The trusted authority performs the following operation, distributing all users U ═ U1,U2,…,UnSecret information of gateway and control center:
randomly selecting s for each useri∈Zp(p-1)Where i is 1,2, …, n, and s isiAssigned to each user Ui;
Respectively combine s withc、sgAnd siWhere i is 1,2, …, n, assigned to the control center, the gateway and the individual users UiAs respective secret information;
4) the credible authority issues PK (p, g, H, H) as a system public key;
(2) user data reporting phase
Each user UiWhere i is 1,2, …, n, at the data reporting time tγPerform the following operation, 2 types of data mi,xiReporting to a gateway:
1) computing Wherein G is1(n,λ)、G2(n,λ)、G1' (n, lambda) and G2' (n, λ) is 4 obedient gamma distributions The independent and uniformly distributed random variables of (1) are provided, x is more than or equal to 0, and gamma function is a function value of point 1/n;large plaintext spatial data; x is the number ofiE {0,1,2, …, delta } is small plaintext space data, and delta is the maximum value of each user report data;
(3) secure data aggregation stage
When the gateway receives allThereafter, where i is 1,2, …, n, the following operations are performed:
1) computing
(4) aggregated data recovery phase
When the control center receives the encrypted aggregation informationThereafter, the following operations are performed:
3) ComputingNamely, it isBased on the discrete logarithm with h as the base, the small plaintext space aggregation data containing noise information of all users is recoveredDue to the fact that Still in the small plaintext space {0,1,2, …, n · Δ }, where Δ is the maximum value of the reported data for each user, Pollard method can be usedCompleting the operation within the calculation complexity;
4) computing
Because of the fact thatTherefore, it is not only easy to useTherefore, the temperature of the molten metal is controlled,
2. The method according to claim 1, wherein i)xp(p-1)=1 mod p2(ii) a ii) let y equal 1+ p, yp=1 mod p2Derived by the following derivation:
according to the Euler function, phi (p)2)=p2(1-1/p) ═ p (p-1) ═ 2pq, so groupsIn total 2pq elements, for integers less than pAccording to Fermat theorem, xp-11mod p, so for some integer k, x is satisfiedp-11+ k p, thereby
gcd(y,p2) 1, thus yp=1 mod p2。
3. The utility model provides a big small space plaintext is gathered and safe thing networking communication system of difference which characterized in that, this system includes:
a trusted authority: the authority center is responsible for managing the whole system and has high credibility and strong computing power;
the control center: the system is responsible for integrating, processing and analyzing real-time report data of each user and providing overall comprehensive intelligent service;
a gateway: the relay function is responsible for forwarding the report data of each user to the control center; the aggregation function is responsible for aggregating data submitted by each user;
sensing nodes: the sensing end of the Internet of things has N nodes N ═ N1,N2,…,NnOr user U ═ U1,U2,…,UnN is the maximum value of nmaxEach node NiThe E.N is provided with an internet of things sensor and is used for collecting and periodically reporting 2 types of data m of the user in real timeiAnd xiWherein m isiAs large plaintext spatial data, xiSmall plaintext spatial data;
the communication system further comprises:
(1) system initialization module
1) Constructing a group with the help of a trusted authorityMeanwhile, an algebraic structure for aggregation application of large and small plaintext spatial data is supported, and the algebraic structure is used for protecting privacy and safety of personal data of a user;
2) with the help of a credible authority, a distributed technology is adopted, and a sensing node N is equal to { N ═ N1,N2,…,NnShared secret information s between gateway and control centeri、sgAnd scWherein i is 1,2, …, n, satisfiesThe constraint condition is used for protecting the privacy of the user, wherein p is a security prime number;
3) combining with the Fermat theorem, the Euler function and the binomial theorem, constructing an algebraic structure and a practical algorithm applied to the secure data communication of the Internet of things, and protecting the privacy and the security of personal data of a user;
(2) user data reporting module
1) Distributed data reporting technology adaptive to dispersive and random topological structure of communication system of Internet of things and supporting aggregation of large and small plaintext spatial data Wherein i is 1,2, …, n, for protecting privacy security of each sensing node; g is a randomly selected groupA generator of (2);
2) using laplace noiseOf infinite resolvability, wherein G1(n,λ)、G2(n,λ)、G1' (n, lambda) and G2' (n, λ) is 4 obedient gamma distributionsThe gamma function is a function value of the gamma function at a 1/n point, and gamma noise is added in a distributed mode, so that the overall effect is equivalent to the technology of adding Laplace noise in a centralized mode and the technology is used for sensing nodes to resist differential attack;
(3) secure data aggregation module
1) The technology of routing and relaying the communication data of the Internet of things through the gateway realizes the bidirectional security data forwarding between the sensing node and the control center;
2) safety aggregation of report data of all perception nodes in Internet of things through gateway The computing load of the control center is reduced, and the network overhead of the system is reduced, so that the data reporting efficiency and the safety of the communication system of the Internet of things are obviously improved;
3) secret information s through implanted gatewaygThe control center and the sensing node are communicated and cooperated, the technology of reducing the operation authority of the control center, and the privacy protection and safety data report of the sensing node are realized;
(4) aggregated data recovery module
1) By incorporating secret information s in the control centrecIs eliminated and satisfied The technology of the ciphertext additional information aggregation of the constraint conditions protects the privacy of the personal data of the user and ensures the safety of a communication system;
2) based onMathematical relationship (1+ p) derived from groupp=1 mod p2Separating out small plaintext aggregate data cipher textThe technology of (2) protects the privacy of the personal data of the user and ensures the safety of the communication system; wherein h is gp mod p2;
3) Pollard method based calculation of small plaintext aggregation data ciphertextRecovering small plaintext aggregation data based on h-based discrete logarithmThe technology of (2) protects the privacy of the personal data of the user and ensures the safety of the communication system;
4) obtaining big plaintext aggregation data ciphertext through small plaintext aggregation data separationAnd then recovering large plaintext aggregated data based on Fermat's small theorem and binomial theoremThe technology of (2) protects the privacy of the personal data of the user and ensures the safety of the communication system;
5) by utilizing the infinite decomposability property of the Laplace noise, the user data differential attack is resisted through a technology of embedding distributed gamma noise equivalent to centralized Laplace noise in the aggregated data of the user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910069048.0A CN110049000B (en) | 2019-01-24 | 2019-01-24 | Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910069048.0A CN110049000B (en) | 2019-01-24 | 2019-01-24 | Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110049000A CN110049000A (en) | 2019-07-23 |
CN110049000B true CN110049000B (en) | 2021-11-23 |
Family
ID=67274147
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910069048.0A Active CN110049000B (en) | 2019-01-24 | 2019-01-24 | Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110049000B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8238290B2 (en) * | 2010-06-02 | 2012-08-07 | Erik Ordentlich | Compressing data in a wireless multi-hop network |
CN104007336A (en) * | 2014-05-06 | 2014-08-27 | 昆明理工大学 | Transformer on-line monitoring information polymerization method based on internet of things |
CN104580061A (en) * | 2015-01-12 | 2015-04-29 | 浙江工商大学 | Aggregation method and system supporting fault tolerance and resisting differential attacks in smart power grid |
CN104579781A (en) * | 2015-01-12 | 2015-04-29 | 浙江工商大学 | Smart power grid aggregation method and system for differential privacy security and fault tolerance |
CN104639311A (en) * | 2015-01-12 | 2015-05-20 | 浙江工商大学 | Combining method and system for protecting power utilization privacy and integrity in smart power grid |
CN105279315A (en) * | 2015-09-29 | 2016-01-27 | 昆明理工大学 | Related analysis and Mahalanobis distance based transformer online monitoring information aggregation analysis method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120197856A1 (en) * | 2011-01-28 | 2012-08-02 | Cisco Technology, Inc. | Hierarchical Network for Collecting, Aggregating, Indexing, and Searching Sensor Data |
-
2019
- 2019-01-24 CN CN201910069048.0A patent/CN110049000B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8238290B2 (en) * | 2010-06-02 | 2012-08-07 | Erik Ordentlich | Compressing data in a wireless multi-hop network |
CN104007336A (en) * | 2014-05-06 | 2014-08-27 | 昆明理工大学 | Transformer on-line monitoring information polymerization method based on internet of things |
CN104580061A (en) * | 2015-01-12 | 2015-04-29 | 浙江工商大学 | Aggregation method and system supporting fault tolerance and resisting differential attacks in smart power grid |
CN104579781A (en) * | 2015-01-12 | 2015-04-29 | 浙江工商大学 | Smart power grid aggregation method and system for differential privacy security and fault tolerance |
CN104639311A (en) * | 2015-01-12 | 2015-05-20 | 浙江工商大学 | Combining method and system for protecting power utilization privacy and integrity in smart power grid |
CN105279315A (en) * | 2015-09-29 | 2016-01-27 | 昆明理工大学 | Related analysis and Mahalanobis distance based transformer online monitoring information aggregation analysis method |
Non-Patent Citations (3)
Title |
---|
A Lightweight Privacy-Preserving Data Aggregation Scheme for Fog Computing-Enhanced IoT;Rongxing Lu;《IEEE Access》;20170302;第3302-3312页 * |
A New Differentially Private Data Aggregation With Fault Tolerance for Smart Grid Communications;Haiyong Bao;《IEEE Internet of Things Journal》;20150312;第248-258页 * |
Reliable and Privacy-Preserving Selective Data Aggregation for Fog-Based IoT;Rongxing Lu;《2018 IEEE International Conference on Communications (ICC)》;20180731;第1-6页 * |
Also Published As
Publication number | Publication date |
---|---|
CN110049000A (en) | 2019-07-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Ruj et al. | A decentralized security framework for data aggregation and access control in smart grids | |
Jokar et al. | A survey on security issues in smart grids | |
Fouda et al. | A lightweight message authentication scheme for smart grid communications | |
Bao et al. | A new differentially private data aggregation with fault tolerance for smart grid communications | |
He et al. | Distributed privacy-preserving data aggregation against dishonest nodes in network systems | |
Merad-Boudia et al. | An efficient and secure multidimensional data aggregation for fog-computing-based smart grid | |
CN110650116B (en) | Multi-type multi-dimensional data aggregation method for security smart power grid | |
CN109640299B (en) | Aggregation method and system for ensuring M2M communication integrity and fault tolerance | |
Dong et al. | An ElGamal-based efficient and privacy-preserving data aggregation scheme for smart grid | |
CN112532389B (en) | Smart power grid lightweight privacy protection data aggregation method based on block chain | |
Zhang et al. | A privacy-preserving distributed smart metering temporal and spatial aggregation scheme | |
Ge et al. | FGDA: Fine-grained data analysis in privacy-preserving smart grid communications | |
CN110839028A (en) | Privacy protection method for fog-assisted industrial Internet of things | |
Romdhane et al. | At the cross roads of lattice-based and homomorphic encryption to secure data aggregation in smart grid | |
Parvez et al. | A key management-based two-level encryption method for AMI | |
CN115118756A (en) | Method and device for designing safety interaction protocol in energy internet scene | |
Ramyasri et al. | Data transmission using secure hybrid techniques for smart energy metering devices | |
Jiang et al. | Lightweight data security protection method for AMI in power Internet of Things | |
Huang et al. | A lightweight and fault-tolerable data aggregation scheme for privacy-friendly smart grids environment | |
CN110049000B (en) | Internet of things communication method and system for plaintext aggregation and difference security in large and small spaces | |
CN110661771B (en) | Secure smart power grid access control method and system for resisting differential attack | |
CN109889501B (en) | Method and system for multi-dimensional data aggregation and multi-function analysis in internet of things | |
Wang et al. | Preen: An aggregation mechanism for privacy-preserving smart-metering communications | |
Guan et al. | Protecting user privacy based on secret sharing with fault tolerance for big data in smart grid | |
Lim et al. | Security system architecture for data integrity based on a virtual smart meter overlay in a smart grid system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |