CN110059503B - Traceable social information anti-leakage method - Google Patents

Traceable social information anti-leakage method Download PDF

Info

Publication number
CN110059503B
CN110059503B CN201910331606.6A CN201910331606A CN110059503B CN 110059503 B CN110059503 B CN 110059503B CN 201910331606 A CN201910331606 A CN 201910331606A CN 110059503 B CN110059503 B CN 110059503B
Authority
CN
China
Prior art keywords
node
information
data
user
social
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910331606.6A
Other languages
Chinese (zh)
Other versions
CN110059503A (en
Inventor
黄希
聂贻俊
刘翼
张登星
胡松波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Pvirtech Co ltd
Original Assignee
Chengdu Pvirtech Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Pvirtech Co ltd filed Critical Chengdu Pvirtech Co ltd
Priority to CN201910331606.6A priority Critical patent/CN110059503B/en
Publication of CN110059503A publication Critical patent/CN110059503A/en
Application granted granted Critical
Publication of CN110059503B publication Critical patent/CN110059503B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a traceable social information leakage prevention method, which comprises the following steps: in the social platform area server cluster node, the social network data is encrypted and signed, the social network data is recorded by adopting a Merkle tree structure, and a tamper-resistant and traceable social platform block chain is formed. The invention provides a traceable social information leakage prevention method, which realizes decentralized storage and authentication of user privacy data in a social network, completes the authentication process in a block chain, ensures the validity of user identity by utilizing the non-tamperability of the block chain, replaces a user personal information plaintext with a data abstract, matches information for a user according to the data abstract, cannot check the user privacy information plaintext even if a malicious attacker intercepts the user information, and protects the privacy of the user.

Description

Traceable social information leakage prevention method
Technical Field
The invention relates to a social network, in particular to a traceable social information leakage prevention method.
Background
In recent years, social networks such as WeChat, forum, microblog and the like are rapidly developed, and people usually join a plurality of social platforms at the same time to enjoy convenience and complete services provided by the Internet. Taking two social platforms as an example, if a user who is registered in one of the platforms wants to newly join the other platform, a request is sent to the original platform to inquire basic information of the user so as to provide personalized services for the user. The traditional identity authentication method has the problems of user privacy disclosure, forged authentication information and repudiation of the platform to the authenticated behavior. More seriously, the social network platform surveys the massive user related information, and the user provides massive clear text information for the system and finally collects the information uniformly to form a centralized database. The platform utilizes the personal information and the session information of the user to carry out data mining and collect personal characteristics or hobbies of the user. For example, a Facebook company is suspected of invading the privacy of users for many times, in 2018, a third-party company acquires data information of over 5000 ten thousand Facebook users, constructs user images through an algorithm and designs a software program, so that the voting intention and behavior of voters are predicted and interfered. Even a third-party platform continuously recommends and harasses the user by using massive user information, and personal privacy safety of the user cannot be guaranteed.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a traceable social information leakage prevention method, which comprises the following steps:
in the cluster nodes of the server in the social platform area, the social network data is encrypted and signed, and the social network data is recorded by adopting a Merkle tree structure, so that a tamper-resistant and traceable block chain of the social platform is formed.
Preferably, the encrypting and signing are performed on the social network data, and the method further comprises the steps of encrypting original information of the social platform by adopting a symmetric encryption algorithm, forming an encrypted information abstract by adopting a HASH algorithm, signing by adopting an asymmetric encryption algorithm, and designing a bloom filter which accords with the privacy information protection characteristic.
Preferably, the method further includes setting a centralized key center in the blockchain system, performing unified management on keys of all nodes, where the nodes need to register in the key center before accessing the blockchain, and distribute corresponding public keys and private keys, and only obtaining the private key of the cluster node can decrypt information encrypted by the public key.
Preferably, the types of the social network data records include user identity information, personal attribute information, user status information, and social session information.
Preferably, before each node of the regional server cluster enters the P2P network, a network access license is preset, and the license is generated by offline encryption using a regional private key based on a region to which the node belongs, a node type, a node unique identifier, and validity period information; when a node enters a network, after receiving a management node list and establishing communication connection with the management node, the management node verifies whether the unique identifier of the node is used, if so, whether the node corresponding to the unique identifier is online, and if so, the node connection is rejected; if the node unique identifier is valid, verifying whether the node license is valid, firstly confirming that the license is not falsified by the management node, then decrypting the license by using the public key, confirming that the node unique identifier in the license is consistent with the unique identifier reported by the current node, and if the node unique identifier is verified to be valid, accepting the node.
Preferably, the method further includes setting an authority limit on the block chain, and each cluster node determines accessible social network communication content through negotiation.
Compared with the prior art, the invention has the following advantages:
the invention provides a traceable social information leakage prevention method, which realizes decentralized storage and authentication of user privacy data in a social network, completes the authentication process in a block chain, ensures the validity of user identity by utilizing the non-tamperability of the block chain, replaces a user personal information plaintext with a data abstract, matches information for a user according to the data abstract, cannot check the user privacy information plaintext even if a malicious attacker intercepts the user information, and protects the privacy of the user.
Drawings
FIG. 1 is a flow chart of a traceable social information anti-leakage method according to an embodiment of the invention.
Detailed Description
A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details.
One aspect of the present invention provides a traceable social information leakage prevention method. FIG. 1 is a flowchart of a traceable social information anti-disclosure method according to an embodiment of the invention.
The invention provides a social platform user privacy protection system based on a block chain, which adopts a P2P network structure, constructs the block chain by using a social platform regional server cluster node, and establishes an authorized access and safety protection mechanism of a distributed cluster database system. Each regional server cluster node stores user personal data in a block chain, and the individual block chains are connected end to end in a verification mode of encrypted signatures. The social platform blockchain system comprises a data storage module, a password module, a consensus module and an intelligent contract module.
In the data storage module, a block head storage structure comprises a version number, a timestamp, a record type, a type number, a node code, a node identifier, a node authority, an algorithm counter, a Merkle root and a precursor block head; the version number records the system version information to which the current block belongs when being generated. The time stamp records a generation time stamp for the current block. The record type records the type of the social information contained in the current block, each bit of the identification character string represents one type, and the record type comprises user identity information, personal attribute information, user state information, social session information and other information in the social network. The type number records the number of social information records contained in the block body of the current block, and the number is counted according to the record type. The node code records the HASH value of the generation node of the current block, so that the generation node corresponding to the block can be positioned quickly. And when the node identification records the current block, the grade information of the node is correspondingly generated. When the node authority record is established in the current block, the authority information of the node is correspondingly generated, and identifiable information is provided for different consensus algorithms. The algorithm counter provides data support for the consensus algorithm, and records key information required by the consensus algorithm into the block. The Merkle root records the tree root HASH value of the transaction tree. This field needs to be recalculated once each time a block is packed, and the Merkle root is the root node HASH value for all recorded transactions in that block. The predecessor block header is the HASH value of the block header of the block preceding the current block.
Secondly, the block body contains social network data records of communication data block information, user identity information, personal attribute information and session content information, and the social network data records are recorded by adopting a Merkle tree structure. The method comprises the steps of encrypting original information by adopting a symmetric encryption algorithm, forming an encrypted information abstract by adopting a HASH algorithm, signing by adopting an asymmetric encryption algorithm, and designing a block chain Merkle tree and a bloom filter which accord with the protection characteristics of social privacy information, thereby forming a tamper-resistant traceable trusted data chain.
Social network data records are generated in chronological order. And each time the social network data record has an index number for querying. The record includes details such as the generation timestamp, the HASH value, the index number of the data record, and key information. Each data record corresponds to a Merkle node value and the HASH value is part of the Merkle tree, so that each address cannot be rewritten or forged. Each event is time-stamped, becomes part of a long chain, and cannot be tampered with after the fact. By setting authority limit on the block chain, each cluster node determines accessible communication content through negotiation, so that the privacy of user data is maintained.
The cipher module is used for encrypting the block data. In the encryption process, the symmetric key for encrypting the user information is encrypted by using a private key, and the encrypted symmetric key information is decrypted by using a public key. After decryption, the owner of the private key can use the symmetric key to obtain the user information after decryption. The private key signs the user information, and the public key verifies the signature. The information verified by the public key signature is confirmed to be issued by the owner of the private key. Because there is no trusted center, the conventional method has the advantages that each node independently stores the private key, and in order to avoid the loss of the private key to permanently disable the authentication information, the cryptographic module of the invention is provided with a centralized key center to uniformly manage the keys of all nodes, all nodes need to be registered in the key center before accessing the block chain, corresponding public keys and private keys are distributed, only the private key of the cluster node is obtained to decrypt the information encrypted by the public key, and the lost private key is obtained through the key center, so that the data on the block chain can be really restored.
In order to implement the joint storage and maintenance of the ciphertext by all the nodes, in a further preferred embodiment, the cryptographic module generates the ciphertext by pseudo-random mapping of the plaintext, then delivers the ciphertext to the blocks on the block chain for encrypted storage according to a random sequence, and feeds the block number information of the stored data back to the encryption node to generate the corresponding authority. And then, the ciphertext is maintained by the block chain together, and only the block nodes with corresponding authority in the license have the data decryption information.
First, using two pseudo-random mappings, set μ 0 And mu 1 Key branch parameters, x, for two pseudo-random mappings, respectively 0 And x 1 Two initial values of key sequence are respectively according to mu 0 ,x 0 ,μ 1 ,x 1 Respectively generating m × n random numbers, where 0 And mu 1 Branch parameters, x, for two pseudo-random mappings, respectively 0 And x 1 Generating sequences L for two pseudo-randomly mapped sequence initial values respectively 1 (k)、L 2 (k) And synthesizing a random matrix Z of m × n size 1 (i,j) m×n ,Z 2 (i,j) m×n (ii) a Wherein i ∈ [1,m ]],j∈[l,n];
According to the formula a i And b i Respectively extract L 1 (k)、L 2 (k) Corresponding bits are taken as initial bits for next extraction;
Figure BDA0002037868760000051
Figure BDA0002037868760000052
wherein, the initial position b 0 And determining the information entropy according to the information entropy of the plaintext data, wherein the information entropy is represented by h.
Figure BDA0002037868760000053
Iterative computation of a i And b i Let k =1,2, \ 8230;, m × n, up to L 1 (k)、L 2 (k) Traversing the sequence to obtain a k And b k
From the sequence a k And b k Synthesizing the m × n intermediate matrix F (i, j), and converting the m × n intermediate matrix into a binary random matrix Z according to the following formula 3 (i,j) m×n
Figure BDA0002037868760000061
Will Z 3 (i,j) m×n Carrying out standard complementary pairing coding to obtain a corresponding coding matrix Z 4 (i,j) m×n
Converting the original plaintext data into binary K (i, j) m×n Specifically, the matrix is encoded according to a complementary pairing encoding rule, and then a permutation rule is selected to generate an out-of-order code K disorder (i,j) m×n
Calculating the matrix Z 4 (i,j) m×n +K disorder (i,j) m×n =H disorder (i,j) m×n And correspondingly decoding the data according to the pre-selected replacement rule to obtain K 1 (i,j) m×n
Selecting a random matrix Z 1 (i,j) m×n ,Z 2 (i,j) m×n The matrix K is aligned according to the following formula 1 (i,j) m×n Scrambling is carried out:
temp=K 1 (i,j);
K 1 (i,j)=K(X(i,j),Y(i,j));
K(X(i,j),Y(i,j))=temp;
wherein:
Figure BDA0002037868760000062
Figure BDA0002037868760000063
x and y are row and column values of the plaintext matrix respectively;
repeating the scrambling step until the matrix K is formed 1 (i,j) m×n And traversing for w times, wherein the traversal times w can be selected according to the encryption strength, so that the scrambled encryption matrix is obtained, corresponding information data is generated, and encryption is completed.
The ciphertext is divided into N ciphertext blocks, which are numbered (0, 1,2,3, \ 8230;, N-l). And storing the block head in the cluster management node, scrambling the numbers of the rest ciphertext blocks, and sending the scrambled numbers to the cluster nodes on the chain according to the block chain connection sequence. The node receiving the data re-encrypts the received data according to a local encryption algorithm, and the encryption information is stored in the license of the node. Because the ciphertext is jointly stored and maintained by the node of the block chain node, the decoding difficulty is increased. Only when the license in a certain node has the authority, the index information can be obtained, and then the encrypted data on the other blocks are obtained and the ciphertext is restored, so that the privacy of the information is guaranteed.
On a storage framework of a social network cluster node, firstly, a plurality of management nodes are selected from a plurality of regional server cluster nodes, the management nodes and common nodes form a P2P network cluster, the management nodes store all routing information of other common nodes in the current region and partial routing information of other nodes in the whole network, and the routing information and a discovery algorithm are synchronized among the management nodes.
When each node is started, firstly calculating the calculation capability value of the node, then searching a management node in a local area network through broadcasting, namely returning to a list of n names and node addresses before the highest calculation capability value in the current network of the node, comparing the calculation capability value calculated by the node according to the list, if the node belongs to a common node, saving the list, and selecting one management node from the list to carry out information index synchronization and resource acquisition routing; if the own computing power value is higher, then communicate with the node with the lowest ranked list, hand over the management node location, copy its index and routing information, and broadcast the latest management node list.
If a cluster node misses a management node list update, it will be informed of the latest management node list when connecting to the old management node. If the management node with the lowest ranking can not communicate, the node tries to connect with other management nodes, recommends itself to become a management node, and after the recommendation is received, the latest management node list is also broadcast. If some management nodes exit the network, the management nodes negotiate with the management node group, the management node list is updated, and the common nodes can recommend and upgrade the management nodes according to the self computing capability value.
The management node saves the resource data and performs synchronization within the management node. The common node does not store the resource data and acquires the resource data through the management node when the resource is needed. When the cluster is broadcasted, the common nodes transfer the information to the management nodes, the information is transmitted among the management nodes, and the management nodes realize the information transmission to each common node. When the whole network is required to be broadcast, the management node realizes the information routing to the full distribution structured P2P network.
And synchronizing the public key information of the region among the management nodes of each region server cluster. Before each node enters a P2P network, a network access license is preset, and the license is generated by using an area private key for off-line encryption based on an area to which the node belongs, a node type, a node unique identifier and validity period information. When a node enters a network, after a management node list is received and communication connection is established between the management nodes, the management nodes need to verify whether the unique identifier of the node is used, if so, whether the node corresponding to the unique identifier is online, and if so, the node connection is rejected; if the node unique identifier is valid, verifying whether the node license is valid, firstly confirming that the license is not falsified by the management node, then decrypting the license by using the public key, confirming that the node unique identifier in the license is consistent with the unique identifier reported by the current node, and if the node unique identifier is verified to be valid, accepting the node.
In the P2P network of the present invention, all nodes are treated as leaf nodes of a binary tree, and the position of each node is uniquely determined by its ID value. The logical distance can be calculated by an exclusive-or operation for each node in the binary tree, that is, a node distance routing table is stored in each node, and a plurality of node information (node address, port, node code) is stored in each routing table.
When the node joins the full-distributed structured network, multicast is carried out, the node identification of the node is released, and the node in the network is searched. The current node receives a plurality of pieces of node information which are closest to the current node, a binary tree and a routing table of the current node are constructed according to the node identification, and the nodes of the binary tree are checked until no new node appears. When node x receives another node y message, the information of the sending node updates the corresponding routing table and binary tree data, which is specifically as follows:
first, a logical distance d (x, y) = x ≦ y between the node x and the node y is calculated
Secondly, selecting a routing table corresponding to the logical distance according to the logical distance d (x, y) for updating.
If node y already exists in the routing table, the node moves to the tail of the routing table, which indicates that the node is updated recently; if node y is not recorded in this routing table, it is added to the binary tree and node y (node address, port, node identification) is inserted at the tail of the queue in the routing table.
Each node periodically issues all self-stored data resource indexes, a neighbor closest to the node needs to verify whether resource content is updated or not, the resource needing to be updated is selected for updating, and even if the node fails later, the resource data stored by the node is updated to other new nodes, so that the node fails and the data cannot be lost.
When social data needs to be transmitted, firstly, the SHA1 hash value of the data message is calculated to obtain a message digest, and on a P2P network, the message at least needs to be stored on a node with the node identification consistent with the message digest and a neighbor node close to the node. The method comprises the following specific steps:
first, a logical distance d (x, m) = x ≦ m of x from the message digest m is calculated, where the log of the slave node x is 2 And a nodes are taken out from the d (x, m) routing tables, if the number of the nodes in the routing table at the distance is less than a, the node closest to d (x, m) is selected from the tables at other distances, and the message represented by the message digest is forwarded to the nodes.
Secondly, each node receiving the forwarding message finishes the forwarding if no node closer to the message abstract is found in the routing table of the node; otherwise, continuing to select a nodes to return.
Thirdly, the node x forwards the messages of the received a nodes until each branch replies finally, and then a nodes closest to the message digest are obtained. And the node x transmits the directional message to other nodes after excluding the node which has transmitted the message according to the binary tree established by the node x, and the other nodes which receive the directional message transmit the directional message according to the random distance and the random node number.
After acquiring the addresses of other nodes, the node sends version information of the node to the opposite node to try to establish connection. The version information includes the system version of the node, the synchronized blocks, and the current system time of the node. And the opposite end node replies the version information of itself after receiving the version information. When both parties acquire the version information of the other party, a confirmation message is sent. After two nodes trying to establish connection receive the version information sent by the opposite end, the system time is checked, and the system time of the two nodes is confirmed to be synchronous. And if the heartbeat information of the opposite terminal is not received in a preset period, the node disconnects the link.
When a node is initialized after first joining the social network blockchain system, the node first downloads all blockchain data on the longest blockchain in the network. After receiving the request, the synchronized node replies a header message according to the request in the message. This header includes the header HASH value of all blocks on the block chain starting from the first block. After receiving the header information replied by the synchronization node, the new node judges the correctness of the header information HASH value in the header information according to the consensus mechanism and the target number. After that, the new node sends the request header again to request the next block header HASH value. The new node then repeats the same block initialization process to the other nodes. After confirming that the acquired header information belongs to the optimal block chain in the current network, the new node sends a request data message to the complete node in the network to acquire complete block information.
The consensus module is used for maintaining the data consistency of the whole network, and each node independently checks the new blocks and assembles the new blocks into a block chain. For social networks, independent checks based on session and user data are employed, taking into account the trustworthiness of the private chain. Specifically, firstly, according to the record type sent by each terminal, according to the convention of the social network data record, writing the content of the session; inputting the latest block HASH value, the session information attribute and the encrypted user attribute of the node; verifying that the terminal node submitting the data update is a valid node; if the verification fails, the data write will be rejected; each input unlock script must be verified against the corresponding output lock script; and recording the difference value between the latest block generation time and the verification completion time of the node. After receiving the data records, each node verifies the transactions before broadcasting over the network and establishes a pool of data blocks for valid new data blocks in the corresponding order as received.
After the data blocks are verified, the cluster node adds the data blocks to its own memory pool for temporarily storing records that have not been added to the block. In this process, the cluster node collects, validates, and relays new sessions and integrates them into one candidate tile. While the cluster node records and verifies the transaction, it continues to monitor social network sessions, trying to mine new blocks, and also monitoring blocks discovered by other nodes.
The process of building blocks can be divided into: firstly, a cluster node initializes an unregistered candidate block; secondly, acquiring the accounting right by solving a workload certification algorithm; thirdly, writing the verified data block to become a registration formal block.
After the generated new block is propagated through the network and before the generated new block is forwarded by the cluster node, the new block needs to be verified, wherein the new block comprises whether a data structure is valid or not and whether grammar is correct or not; then verifying whether the parent block of the new block is verified correctly; whether the timestamp of the new block meets a preset time interval earlier than the verification time in the future; finally, judging whether the data in the block meets the compliance; and if the conditions are met, the new block is successfully verified, and a verification result is output.
And finally, assembling the block chain by the consensus module. After verifying the new block, the cluster node connects the new block to the current main chain and assembles the new block, and firstly, a new block father block is searched in a block chain; linking the new block, and if the parent block is not found in the current effective block, putting the new block into an independent block sequence; searching a sub-block taking the new chain block as a parent block from the independent block sequence, and directly linking the sub-block into a chain; verifying the data block within the block; if the verification is successful, the assembly is complete. Once the parent block is received and connected to the existing block chain, the node is taken from the independent block sequence and connected to its parent block as part of the block chain.
The intelligent contract module is used for designing and deploying an intelligent contract based on the private block chain of the social network, namely, a business process of interaction between a user and a system in a social network communication link is defined in a code mode. The intelligent contract compiling comprises the steps of confirming the format of the service information, the service state, the condition of the service state change, the triggering mode of the service state change and the service information needing to be updated when the service state is changed. The writing process of the code only needs to pay attention to the processing of the business function.
Through the written intelligent contract, the user can check and change the access authority of the owned social network data record, and the access control of the user on the private data is realized; the social network data can be safely transferred among different nodes, so that the privacy data is protected; the cluster stores the symmetric encryption key and the user personal attribute information into the blockchain, and the user changes the access right of the attribute information and acquires the encryption key to decrypt the attribute information by interacting with the intelligent contract on the blockchain. The third-party social platform acquires the information of the user through the block chain, determines whether a new node of the third-party social platform is legal or not by using a voting algorithm, and realizes the functions of node adding, permission granting and automatic registration based on the determination result.
The intelligent contract comprises a consensus contract, the consensus contract defines that when a third-party social platform has a node to initiate registration, a management node of the regional server cluster verifies whether the registered node is valid, if the registered node obtains votes of common nodes in the regional server cluster with a preset proportion, the votes can be added into the system, and the situation of repeated registration can be avoided. The consensus contract can also classify legal nodes and store the classification result and the node address in the classification contract. The classification contract stores the classification information of all the nodes, and when a new node is registered, whether the node information is stored in the classification contract can be firstly inquired, so that the registration process is simplified.
The intelligent contracts include historical contracts, all-relationship contracts, and access rights contracts. Each user node is provided with a history contract used for storing node information which is in social connection with the node and addresses of all relation contracts. All relationship contracts store the address of the attribute information owner and the access rights contract, the primary function of which is to track the data stored by the cluster. The user can check whether the own data is stored in a legal position through the database information stored in the contract, and the data integrity is established by checking the HASH value of the attribute information. The access authority contract stores authority information of user nodes, and defines corresponding authority according to different types of nodes. Initially, all nodes have ciphertext rights, that is, only the attribute information ciphertexts of other nodes can be viewed.
The intelligent contract further comprises a second-time contractAnd the secondary encryption is used for generating a conversion key aiming at the third-party social platform node by the owner user of the attribute information through the cluster node, and the cluster node can convert the ciphertext obtained by encrypting the public key of the owner user of the attribute information into the ciphertext obtained by encrypting the public key by the third-party social platform node by using the conversion key. The secondary encryption process is as follows: the encryption contract first obtains a master key and sends a public key of a receiver to each cluster node, and if i cluster nodes exist, each cluster node generates a random number p which is marked as p i Using a master key and a public key pair p, respectively i Generating p by encryption i The ciphertext pair is sent to the cryptographic contract. Cryptographic contracts use homomorphic multiplication operations to encrypt p i And integrating the random number p and returning the random number p to the cluster node, solving the value of the converted message mp from the cluster node, sending the message mp to an encryption contract, and calculating a new key of a receiver, namely a third-party social platform node by the contract.
The smart contract further includes an automatic registration contract in which the user's personal attribute information specific HASH value encrypted by the symmetric encryption key is stored. And the third-party social platform uses the private key to decrypt and obtain a registration result by accessing the numerical value in the registration contract, returns the result of whether the registration condition is met to the contract, and automatically registers the user to the third-party social platform in an anonymous mode if the registration condition is met.
Specifically, a third-party social platform firstly sends an adding request to a user, the user sends an address of the third-party social platform to a classification contract, the classification contract searches whether the node exists in a database, if not, the requested address and type are sent to a consensus contract, a management node verifies whether the node accords with the classification of the request, a result is returned to the classification contract after voting is completed, the classification contract confirms authorization, and the address of the third-party social platform and the classification result are stored in a contract database; and if the third-party social platform address is already stored in the classification contract but the stored classification is inconsistent with the required classification, voting verification is performed on the node again, and the voting result is stored in the contract.
In order to protect the privacy of the sensitive data of the user, the third-party social platform only has the authority of reading the attribute data record ciphertext. Any role addition or change rights need to be granted by the user. After the third-party social platform has the ciphertext authority, the user acquires addresses of all relation contracts from the history contracts, requests the addresses of the access authority contracts from all relation contracts, sends a request for changing the authority of the third-party social platform to the third-party social platform after obtaining the access authority contract address recorded by the attribute data, retrieves whether the information of the node is stored or not by the access authority contract, and directly adds the address of the third-party social platform node and the requested authority into the contract if the node information does not exist. When the cluster requests to change the authority of the third-party social platform, the cluster finds out the address of the access authority contract by accessing the historical contract of the cluster, the access authority contract searches whether the address and the authority of the node are stored, and when the access authority contract confirms that the authority of the third-party social platform is changed, the cluster firstly inquires whether the user agrees to change, namely the user still has the ownership of the attribute data record.
Assume that the third party social platform and social network area server cluster have contracted to use encryption algorithm E before registration pk The public-private key pair is (P) k ,S k ) The private key is maintained by the third party social platform. The automatic registration contract creation process is specifically as follows:
1. the regional server cluster stores the attribute information of the user to a distributed database.
2. The cluster requests cross-platform registration information of the user from a third-party social platform;
3. the third-party social platform respectively encrypts the attribute information of the user in response to the request (the form is E (M) 1 ),E(M 2 ),…,E(M n ) To a cluster, M) i The attribute information of the ith item;
4. the cluster creates a registration contract and calculates the HASH value of the attribute M recorded in the attribute data record encrypted by the symmetric encryption key and the user attribute data record; calculation of E (M) 1 )×E(M) -1 ,E(M 2 )×E(M) -1 ,…,E(M n )×E(M) -1 And placing the calculation results into the attribute encryption array out of order. The user address, HASH value, and attribute encryption array are stored to the auto-registration contract.
At this time, when the user initiates a registration request, the user does not directly interact with the third-party social platform, but initiates the request to the cluster, and the cluster receives the request and sends the address of the automatic registration contract to the third-party social platform. The third party social platform accesses the registration contract, obtains the calculation result in the attribute encryption array, and uses the private key S k Decryption is performed. If the decryption result is 0, 2 plaintexts are proved to be the same, and registration can be carried out; otherwise, the registration is refused. Because the third-party social platform cannot distinguish which plaintext is matched with the ciphertext, any plaintext attribute information of the user cannot be acquired, and the privacy safety of the user is ensured.
Furthermore, the user address is generated by a user public key, the identity information of the user cannot be inferred through the address, when a third-party social platform accesses a registration contract, the identity of the user cannot be judged through the address, namely, the function of hiding the identity information of the user is realized through an intelligent contract; second, during the registration process, the third party social platform may also request encrypted attribute information from the cluster to compare with the HASH value in the auto-registration contract to verify data integrity.
In conclusion, the invention provides a traceable social information leakage prevention method, which realizes decentralized storage and authentication of user privacy data in a social network, completes the authentication process in a block chain, ensures the validity of user identity by utilizing the non-falsification of the block chain, replaces the plaintext of user personal information with a data abstract, matches information for a user according to the data abstract, cannot check the plaintext of the user privacy information even if a malicious attacker intercepts the user information, and protects the privacy of the user.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented in a general purpose computing system, centralized on a single computing system, or distributed across a network of computing systems, and optionally implemented in program code that is executable by the computing system, such that the program code is stored in a storage system and executed by the computing system. Thus, the present invention is not limited to any specific combination of hardware and software.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modifications, equivalents, improvements and the like which are made without departing from the spirit and scope of the present invention shall be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.

Claims (4)

1. A traceable social information anti-disclosure method, comprising:
in a social platform area server cluster node, encrypting and signing social network data, and recording the social network data by adopting a Merkle tree structure to form a tamper-resistant and traceable social platform block chain;
encrypting and signing social network data, further comprising encrypting original information of a social platform by adopting a symmetric encryption algorithm, forming an encrypted information abstract by using an HASH algorithm, signing by using an asymmetric encryption algorithm, and designing a bloom filter which accords with the privacy information protection characteristic;
the method also comprises the steps that a centralized key center is arranged in the block chain system, all node keys are managed in a unified mode, the nodes need to be registered in the key center before being accessed into the block chain, corresponding public keys and private keys are distributed, and only the private key of the cluster node is obtained, so that the information encrypted by the public key can be decrypted;
the method comprises the steps that a key center is utilized to uniformly manage keys of all nodes, all the nodes are registered in the key center before accessing a block chain, corresponding public keys and private keys are distributed, and only the private key of a cluster node is obtained, so that information encrypted by the public key can be decrypted;
generating a ciphertext from a plaintext through pseudo-random mapping, delivering the ciphertext to a block on a block chain according to a random sequence for encryption storage, and feeding back block number information of stored data to an encryption node to generate a corresponding authority; then, the ciphertext is maintained by the block chain together, and only the block nodes with corresponding authority in the license have the data decryption information;
first, using two pseudo-random mappings, μ is set 0 And mu 1 Key branch parameters, x, for two pseudo-random mappings, respectively 0 And x 1 Are respectively two initial values of key sequence according to mu 0 ,x 0 ,μ 1 ,x 1 Respectively generating m × n random numbers, where 0 And mu 1 Branch parameters, x, for two pseudo-random mappings, respectively 0 And x 1 Generating sequences L for two pseudo-randomly mapped sequence initial values respectively 1 (k)、L 2 (k) And synthesizing a random matrix Z of m × n size 1 (i,j) m×n ,Z 2 (i,j) m×n (ii) a Wherein i ∈ [1,m ]],j∈[l,n];
According to the formula a i And b i Respectively extract L 1 (k)、L 2 (k) Corresponding bits are taken as initial bits for next extraction;
Figure FDA0004020597830000023
Figure FDA0004020597830000022
wherein, the initial position b 0 Determining according to the information entropy of the plaintext data, wherein the information entropy value is represented by h;
Figure FDA0004020597830000024
iterative computation of a i And b i Let k =1,2, \ 8230;, m × n, up to L 1 (k)、L 2 (k) Traversing the sequence to obtain a k And b k
From the sequence a k And b k Synthesizing the m × n intermediate matrix F (i, j), and converting the m × n intermediate matrix into a binary random matrix Z according to the following formula 3 (i,j) m×n
Figure FDA0004020597830000021
Will Z 3 (i,j) m×n Carrying out standard complementary pairing coding to obtain a corresponding coding matrix Z 4 (i,j) m×n
Converting the original plaintext data into binary system K (i, j) m×n The matrix is firstly coded according to the complementary pairing coding rule, and then the permuting rule is selected to generate the disordered code K disorder (i,j) m×n
Calculating the matrix Z 4 (i,j) m×n +K disorder (i,j) m×n =H disorder (i,j) m×n And correspondingly decoding the K according to the pre-selected replacement rule to obtain K 1 (i,j) m×n
Selecting a random matrix Z 1 (i,j) m×n ,Z 2 (i,j) m×n The matrix K is aligned according to the following formula 1 (i,j) m×n Scrambling is carried out:
temp=K 1 (i,j);
K 1 (i,j)=K(X(i,j),Y(i,j));
K(X(i,j),Y(i,j))=temp;
wherein:
Figure FDA0004020597830000025
Figure FDA0004020597830000026
x and y are row and column values of the plaintext matrix respectively;
repeating the scrambling step until the matrix K is formed 1 (i,j) m×n Traversing for w times to obtain the scrambled encryption matrix and generate corresponding information data to finish encryption;
dividing the ciphertext into N ciphertext blocks, numbering the ciphertext blocks (0, 1,2,3, \ 8230;, N-l); storing the block head in a cluster management node, scrambling the serial numbers of the rest ciphertext blocks, and sending the scrambled serial numbers to cluster nodes on a chain according to the block chain connection sequence; the node receiving the data re-encrypts the received data according to a local encryption algorithm, and the encryption information is stored in the license of the node.
2. The method of claim 1, wherein the types of social network data records comprise user identity information, personal attribute information, user status information, social session information.
3. The method of claim 1, further comprising, before each node of the regional server cluster enters the P2P network, presetting a network access license, wherein the license is generated by off-line encryption using a regional private key based on a region to which the node belongs, a node type, a node unique identifier, and validity period information; when a node enters a network, after receiving a management node list and establishing communication connection with the management node, the management node verifies whether the unique identifier of the node is used, if so, whether the node corresponding to the unique identifier is online, and if so, the node connection is rejected; if the node unique identification is valid, verifying whether the node license is valid, firstly, the management node confirms that the license is not falsified, then, the management node decrypts the license by using a public key, confirms that the node unique identification in the license is consistent with the unique identification reported by the current node, the validity period is available, and if the node is verified to be valid, the node is accepted.
4. The method of claim 1, further comprising setting an authority limit on the blockchain, wherein each cluster node determines social network communication content accessible through negotiation.
CN201910331606.6A 2019-04-24 2019-04-24 Traceable social information anti-leakage method Active CN110059503B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910331606.6A CN110059503B (en) 2019-04-24 2019-04-24 Traceable social information anti-leakage method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910331606.6A CN110059503B (en) 2019-04-24 2019-04-24 Traceable social information anti-leakage method

Publications (2)

Publication Number Publication Date
CN110059503A CN110059503A (en) 2019-07-26
CN110059503B true CN110059503B (en) 2023-03-24

Family

ID=67320388

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910331606.6A Active CN110059503B (en) 2019-04-24 2019-04-24 Traceable social information anti-leakage method

Country Status (1)

Country Link
CN (1) CN110059503B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110557266B (en) * 2019-09-06 2022-08-19 腾讯科技(深圳)有限公司 People-seeking inspiring publishing method, device, equipment and computer-readable storage medium
CN110909074A (en) * 2019-10-21 2020-03-24 北京海益同展信息科技有限公司 Method and device for processing social data, computer equipment and storage medium
CN111177747B (en) * 2019-12-13 2022-10-28 南京理工大学 Block chain-based social network privacy data protection method
CN111147227B (en) * 2019-12-27 2023-04-18 杭州中科先进技术研究院有限公司 Communication method and communication platform based on block chain
CN111698218A (en) * 2020-05-20 2020-09-22 厦门区块链云科技有限公司 Super node election system of block chain community
CN111597585B (en) * 2020-05-26 2023-08-11 牛津(海南)区块链研究院有限公司 Privacy protection method, system and related components of blockchain data
CN112004140A (en) * 2020-05-30 2020-11-27 陈议尊 Live broadcast method and system based on personal social big data
CN112437063B (en) * 2020-11-11 2022-08-23 张银杏 Data fusion and access method, platform and system
CN112988893B (en) * 2021-03-15 2023-05-12 中国联合网络通信集团有限公司 Information management method, system, block chain node and medium based on block chain
CN113223654B (en) * 2021-06-04 2022-09-02 杭州云呼网络科技有限公司 Intelligent reading management platform for medical examination report sheet
CN113505155B (en) * 2021-07-06 2023-05-12 中国联合网络通信集团有限公司 Transaction information retrieval method and retrieval device based on blockchain network
CN114266061B (en) * 2021-12-28 2024-03-26 航天科工智能运筹与信息安全研究院(武汉)有限公司 Offline data tamper-proof method based on hash chain

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107798708A (en) * 2017-11-16 2018-03-13 深圳大学 A kind of out of order codings of DNA and the image encryption and decryption method of chaotic maps
CN107911216A (en) * 2017-10-26 2018-04-13 矩阵元技术(深圳)有限公司 A kind of block chain transaction method for secret protection and system
CN108021821A (en) * 2017-11-28 2018-05-11 北京航空航天大学 Multicenter block chain transaction intimacy protection system and method
US10108811B1 (en) * 2013-06-27 2018-10-23 Interacvault Inc. Dynamic secure interactive electronic vault
CN109325342A (en) * 2018-09-10 2019-02-12 平安科技(深圳)有限公司 Identity information management method, apparatus, computer equipment and storage medium

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107045650B (en) * 2016-10-25 2021-06-11 罗轶 Network car booking system based on block chain
GB2569278A (en) * 2017-10-23 2019-06-19 Cygnetise Ltd Methods and apparatus for verifying a user transaction
CN108390891A (en) * 2018-03-28 2018-08-10 电子科技大学天府协同创新中心 Information protecting method based on privately owned block chain
CN108880995B (en) * 2018-07-10 2020-08-04 成都知链技术转移有限公司 Block chain-based unfamiliar social network user information and message pushing encryption method
CN109086629B (en) * 2018-09-19 2019-07-30 海南大学 The imitative block chain cryptosystem of aging sensitivity based on social networks
CN109359978B (en) * 2018-10-08 2021-10-08 全链通有限公司 Intelligent contract trading method and system based on block chain network
CN109492993A (en) * 2018-10-19 2019-03-19 平安科技(深圳)有限公司 Date storage method, electronic device and the storage medium of social platform
CN109639632B (en) * 2018-11-02 2021-06-22 远光软件股份有限公司 User information management method based on block chain, electronic equipment and storage medium
CN109559117B (en) * 2018-11-14 2022-05-20 北京科技大学 Block linkage contract privacy protection method and system based on attribute-based encryption
CN109543434B (en) * 2018-11-28 2020-10-09 深圳市墨者安全科技有限公司 Block chain information encryption method, decryption method, storage method and device
CN109587132B (en) * 2018-11-29 2021-03-26 南京苏宁软件技术有限公司 Data transmission method and device based on alliance chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10108811B1 (en) * 2013-06-27 2018-10-23 Interacvault Inc. Dynamic secure interactive electronic vault
CN107911216A (en) * 2017-10-26 2018-04-13 矩阵元技术(深圳)有限公司 A kind of block chain transaction method for secret protection and system
CN107798708A (en) * 2017-11-16 2018-03-13 深圳大学 A kind of out of order codings of DNA and the image encryption and decryption method of chaotic maps
CN108021821A (en) * 2017-11-28 2018-05-11 北京航空航天大学 Multicenter block chain transaction intimacy protection system and method
CN109325342A (en) * 2018-09-10 2019-02-12 平安科技(深圳)有限公司 Identity information management method, apparatus, computer equipment and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Blockchain-based trusted computing in social network;Dongqi Fu等;《2016 2nd IEEE International Conference on Computer and Communications (ICCC)》;20170311;19-22 *
分布式网络环境下基于区块链的密钥管理方案;戴千一等;《网络与信息安全学报》;20180915(第09期);27-39 *

Also Published As

Publication number Publication date
CN110059503A (en) 2019-07-26

Similar Documents

Publication Publication Date Title
CN110046521B (en) Decentralized privacy protection method
CN110059503B (en) Traceable social information anti-leakage method
CN110191153B (en) Social communication method based on block chain
CN110493347B (en) Block chain-based data access control method and system in large-scale cloud storage
CN108429759B (en) Decentralized storage safety implementation method
CN111970129B (en) Data processing method and device based on block chain and readable storage medium
JP2022504420A (en) Digital certificate issuance methods, digital certificate issuance centers, storage media and computer programs
KR102307574B1 (en) Cloud data storage system based on blockchain and method for storing in cloud
JP5432999B2 (en) Encryption key distribution system
CN109146479B (en) Data encryption method based on block chain
US11729175B2 (en) Blockchain folding
JP2005539441A (en) Method and system for providing secure data delivery over public networks
CN101589591A (en) Data transfer controlling method, content transfer controlling method, content processing information acquisition method and content transfer system
KR100656402B1 (en) Method and apparatus for the secure digital contents distribution
US20190020648A1 (en) Systems and methods for managing device association
CN105659231A (en) Enabling access to data
CN109714170B (en) Data isolation method in alliance chain and corresponding alliance chain system
CN112801664B (en) Intelligent contract supply chain trusted service method based on block chain
JP4525609B2 (en) Authority management server, authority management method, authority management program
KR102399667B1 (en) Security system for data trading and data storage based on block chain and method therefor
CN114329529A (en) Asset data management method and system based on block chain
CN112311538A (en) Identity authentication method, device, storage medium and equipment
CN111639952A (en) Returned goods checking method, returned goods checking system, returned goods checking server and returned goods checking terminal based on block chain
CN105847009A (en) RFID bidirectional authentication method meeting requirement on backward security
KR102647433B1 (en) The Method to prove an Existence utilizing Hybrid bloc-chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant