CN110213036B - Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things - Google Patents
Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things Download PDFInfo
- Publication number
- CN110213036B CN110213036B CN201910521504.0A CN201910521504A CN110213036B CN 110213036 B CN110213036 B CN 110213036B CN 201910521504 A CN201910521504 A CN 201910521504A CN 110213036 B CN110213036 B CN 110213036B
- Authority
- CN
- China
- Prior art keywords
- data
- calculation
- module
- fog
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The invention belongs to the technical field of data storage and calculation, and discloses a safe data storage and calculation method based on fog calculation-edge calculation of the Internet of things, wherein localized epsilon differential privacy is realized through a data acquisition module, and data encryption is realized at a fog node, so that the safety of local area data is protected; the data storage module realizes encrypted data storage and protects the privacy of the data on the fog server; the data access module realizes data security decryption and protects data information security sharing; the distribution module uploads the own distribution task to the scheduler, so that the privacy of the computing terminal can be effectively protected; meanwhile, the calculation tasks are decomposed through the task processing module, and the plurality of decomposed calculation sub-tasks are subjected to parallel calculation. The invention improves the processing speed of the calculation task and ensures the data security and the data privacy of the whole system.
Description
Technical Field
The invention belongs to the technical field of data storage and calculation, and particularly relates to a safe data storage and calculation method based on fog calculation-edge calculation of the Internet of things.
Background
The internet of things is an important component of a new generation of information technology, and is a network for connecting any article with the internet for information exchange and communication according to an agreed protocol through information sensing equipment such as Radio Frequency Identification (RFID), an infrared sensor, a global positioning system, a laser scanner and the like so as to realize intelligent identification, positioning, tracking, monitoring and management of the article.
At present, the internet of things industry has remarkable effects in aspects of core technology research and industrialization, key standard research and formulation, industry chain establishment and perfection, important application demonstration and popularization and the like, the internet of things has become one of strategic high points of new economic and technological development in the world at present, and particularly, the internet of things is applied to demonstration engineering in 9 major key fields of intelligent industry, intelligent agriculture, intelligent logistics, intelligent transportation, intelligent power grid, intelligent environmental protection, intelligent security and protection, intelligent medical treatment and intelligent home.
The development of the intelligent industry directly influences the development of the national post industry, so that the use of the appropriate internet of things technology becomes an indispensable tool and means for realizing industrial informatization, networking and intellectualization, improving the operation management and working environment of enterprises, reducing the cost and promoting the integration of electronic products with communication and computer technologies; meanwhile, the safety of the industrial Internet of things network and data is guaranteed.
Edge computing refers to an open platform integrating network, computing, storage and application core capabilities at one side close to an object or a data source to provide nearest-end services nearby. The application program is initiated at the edge side, so that a faster network service response is generated, and the basic requirements of the industry in the aspects of real-time business, application intelligence, safety, privacy protection and the like are met. The edge computation is between the physical entity and the industrial connection, or on top of the physical entity.
The fog calculation emphasizes the function of edge equipment, and the core idea of the method is intelligent front-end, namely, a layer, namely a fog layer, is added between a cloud layer and a terminal equipment layer. Through calculation, storage and network communication services provided by the fog layer, the calculation, analysis and processing of data are closer to users, so that the response delay and storage overhead of the Internet of things service processed by the cloud layer are reduced, the consumption of wireless resources is reduced, the energy consumption of terminal equipment is reduced, the standby time of the terminal equipment is prolonged, and even the calculation services can be continuously provided in the area without the Internet coverage.
The fog calculation mainly has the following characteristics.
a) Real-time interaction is supported, and time delay and energy consumption are lower.
b) The lower bandwidth requirement relieves the congestion caused when the mass equipment is connected with the cloud.
c) And the distributed processing of the data reduces the storage requirement of mass data.
d) The device position is accurately sensed, and the wider range of mobility is supported.
e) Supporting isomerism, supporting diversified heterogeneous software and hardware equipment.
However, privacy and randomness of arrival of computing tasks cannot be protected in the existing edge computing task allocation process; meanwhile, the computing task usually has a large data volume; when performing sequential calculations for each sub-calculation task, a lot of time is consumed. Therefore, the conventional method has a slow processing speed of the calculation task.
In summary, the problems of the prior art are as follows:
privacy and randomness of arriving of computing tasks cannot be protected in the existing edge computing task allocation process; the data security of the data during transmission cannot be guaranteed. Meanwhile, the computing task usually has a large data volume; when performing sequential calculations for each sub-calculation task, a lot of time is consumed. Therefore, the conventional method has a slow processing speed of the calculation task.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a safe data storage and calculation method based on fog calculation-edge calculation of the Internet of things.
The invention is realized in such a way that a system for storing and calculating the safety data of fog calculation-edge calculation based on the Internet of things comprises:
the system comprises a data acquisition module, a main control module, a data storage module, a data access module, a distribution module, a task processing module, a data calculation module, a safety module and a display module;
the data acquisition module is connected with the main control module and used for acquiring required data, disturbing the acquired data through a random disturbance function to realize localized differential privacy and realizing the security of local area data through encryption at a fog node;
the main control module is connected with the data acquisition module, the data storage module, the data access module, the distribution module, the task processing module, the data calculation module, the safety module and the display module and is used for controlling the operation work of each module through the central processing unit;
the data storage module is connected with the main control module and used for storing the converged data through the fog server;
the data access module is connected with the main control module and used for applying for accessing the converged data contents through encryption retrieval;
the distribution module is connected with the main control module and used for distributing the calculation tasks through a verifiable key distribution algorithm;
the task processing module is connected with the main control module and used for processing the distributed computing tasks through a processing program;
the data calculation module is connected with the main control module and is used for calculating and processing data;
the safety module is connected with the main control module, is used for carrying out safety management and monitoring on data, is responsible for the access authority control, data safety and authentication functions of a user and protects the data integrity and privacy;
and the display module is connected with the main control module and used for displaying the converged data through the display.
Another object of the present invention is to provide a secure data storage and calculation method based on fog computing-edge computing of the internet of things. The method comprises the following steps:
acquiring required data through a data acquisition module, and disturbing the acquired data through a random disturbance function to realize localized differential privacy;
step two, the main control module stores the acquired data by using a fog server through a data storage module and integrates and converges the data;
thirdly, the data access module utilizes the encryption retrieval application to access the converged data content;
step four, distributing the calculation tasks by utilizing a verifiable key distribution algorithm through a distribution module;
processing the distributed computing tasks by a task processing module through a processing program; calculating the data through a data calculating module; the security management and monitoring are carried out on the data through the security module, and the security management and monitoring module is responsible for the access authority control, data security and authentication functions of the user and protects the data integrity and privacy;
and sixthly, displaying the converged data through a display module.
Further, the data acquisition module 1 has the following acquisition method:
firstly, in the same area of an edge sensor of the Internet of things, each sensor node collects required information to form a data set of the node, and the data are transmitted to a fog node after being locally disturbed. In the collected data set M, a sampling typical algorithm is used for disturbing the data, so that the localization differential privacy is realized, and the safety of the local data is ensured.
The method comprises selecting collected data set to divide data into K parts, and executing query function f to obtain query result f (d)1),f(d2),…,f(dK) Wherein d is a selection category. And adding a random response algorithm (including a perturbation and correction process) to the query result to obtain a perturbation statistical result y, thereby realizing the localized epsilon difference privacy. Local disturbance statistical algorithm piGRR(a) The formula is as follows:
wherein epsilon is the privacy protection budget, P is the probability, e is a constant, and a belongs to M.
Secondly, self-organizing K adjacent users or fog nodes in the same area anonymouslyForming a neighbor group; then, data disturbance is carried out among K anonymous users or fog nodes, data are encrypted in the fog nodes, the processed data transmit the disturbed encrypted data to a fog server through cluster nodes in the group, and the fog server operates and corrects tauGRR(a) To obtain the formula:
i is the number of samples, j is an integer, Q is the reverse probability, and u is the number of nodes;
and finally, a plurality of users or nodes transmit data to the fog server for data storage by using the same Ad hoc K anonymous privacy protection method. As shown in fig. 3.
Further, the data storage module storage method is as follows:
generating relevant parameter information by the fog node, encrypting the acquired disturbance data by the fog node to generate C ═ Enc (pk, m, r), and sending the C ═ Enc (pk, m, r) to the fog server; the adopted encryption algorithm is a paillier public key encryption scheme. The specific encryption process is as follows:
and a key generation process:
KeyGen(1λ) → (n, p, q): two large prime numbers p, q are selected, and n is calculated to be pq, so that safety parameters are met: λ ═ lcm [ (p-1), (q-1)](ii) a Where lcm is the least common multiple. g belongs toA random integer satisfying l (x) or (x-1)/n; wherein the public key is (n, g), and the private key is (p, q);
and (3) encryption process:
m is a plaintext message, r is a random number, C is a ciphertext of message m, then
C=gmrnmodn2 (3)
For data which needs to be obtained through homomorphic calculation, the homomorphic algorithm is adopted as follows:
in thatGiven a plaintext message m1,m2When two ciphertexts C1、C2When adding, wherein is set C1Is E (m)1,r1),C2Is E (m)2,r2). The result of ciphertext addition remains homomorphic as:
Cadd=E(m1,r1)E(m2,r2)mod n2=E(m1+m2,r1r2) (4)
with the increase of the storage data on the fog server, the data size is larger and larger, the problem of insufficient space is larger and larger, and the fog server realizes the storage service of the data by cleaning useless data or transferring the data.
Further, the data access module access method is as follows:
(1) if the fog nodes or users access data on the fog server or stored calculation data obtained through safe multi-party calculation, the nodes or users firstly encrypt own related information and retrieval content, and then send the encrypted information to the fog server for access;
(2) the fog server sends the query result to the access node, and the access node utilizes the private key sk of the access node2Decrypting the inquired encrypted data to obtain plaintext data; the specific decryption method comprises the following steps:
1) for ciphertext C (C)<n2) When decryption operation is carried out, the decryption method of the ciphertext of a single plain text comprises the following steps:
the decryption method of homomorphic encryption comprises the following steps:
D(C1C2modn2)=m1+m2mod n (6)
for the decryption method of homomorphic multiplication, according to the multiplication property of the pailliar encryption scheme, the specific steps are as follows:
further, the data calculation module has the following calculation method:
(1) carrying out simple data processing on the fog nodes in the same area;
(2) for complex calculation, distributed safe multi-party calculation is combined with homomorphic encryption, a plurality of nodes participate in the calculation at the same time, and encryption protection is carried out on encryption data by using random numbers in the interaction process of each node, so that any original content cannot be leaked in the data processing process; using a key sharing scheme, a sender divides a secret into a plurality of interrelated secret information siWherein s isiBelong toI is 1 ≦ N, z is a prime number greater than N, t-1 elements are selected, labeled { a ≦ N1,...,at-1And then distributed to t-1 members of the group:
(3) Every fog node is using a vast pseudo-random number Rk(xi) Calculating own random share;
wherein k is (z, g, m, a)0,a1,…,at) Is information of fixed length; w is a prime number, a0,a1,…,atBelong to
Calculating A from Lagrange polynomialsi(x) And the calculation coefficient of the fog node in the Internet of things is as follows:
then, a calculated value y (x) of the fog node of the Internet of things is obtainedi) The formula is as follows:
(4) when the user or node pair in possession of the key processes the data y (x)i) Respectively transmitted to a fog server, and the fog server stores the result f (x) of the safe multi-party calculation, wherein f (x) is as follows:
further, the task processing module processing method comprises the following steps:
firstly, a chain task container is set, and task linking is realized through a Hash double-chain table;
secondly, receiving a calculation task sent by external terminal equipment;
then, decomposing the computing task into at least two sub-computing tasks;
and finally, performing parallel computation on the decomposed subtasks according to the chain task container to obtain a computation result required by the computation task.
It is a further object of the present invention to provide a computer program for implementing the method for secure data storage and computation of internet of things based fog computing-edge computing.
Another object of the present invention is to provide an information data processing terminal implementing the secure data storage and calculation method for fog calculation-edge calculation based on the internet of things.
It is another object of the present invention to provide a computer-readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method for secure data storage and computation based on fog computing-edge computing of the internet of things.
Another object of the present invention is to provide a fog computing-edge computing platform of the internet of things, which carries the system for secure data storage and computation based on fog computing-edge computing of the internet of things.
The invention has the advantages and positive effects that:
according to the invention, the data acquisition module is used for realizing the localization epsilon difference privacy, so that the safety of locally acquired data is protected; the data storage module realizes data encryption storage and protects data privacy of the data on the fog server and the fog nodes; the data access module realizes data security decryption and protects data information security sharing; the data calculation module applies a verifiable key distribution algorithm to perform homomorphic parallel calculation, and multi-party cooperative calculation is realized through multi-party safety calculation, so that the safety of data in the calculation process is guaranteed. Meanwhile, the method and the system realize data disturbance among K anonymous users or nodes in the region by constructing the near region, and ensure the data privacy of the local region.
Therefore, the method and the device improve the processing speed of the calculation task, and simultaneously greatly improve the data safety and data privacy problems under most scenes of the Internet of things.
Drawings
Fig. 1 is a flowchart of a secure data storage and calculation method based on fog calculation-edge calculation of the internet of things according to an embodiment of the present invention.
Fig. 2 is a block diagram of a system structure for secure data storage and computation based on fog computing-edge computing of the internet of things according to an embodiment of the present invention.
Fig. 3 is a data aggregation storage diagram provided in an embodiment of the present invention.
Fig. 4 is a data calculation diagram provided by an embodiment of the present invention.
In fig. 2: 1. a data acquisition module; 2. a main control module; 3. a data storage module; 4. a data access module; 5. a distribution module; 6. a task processing module; 7. a data calculation module; 8. a security module; 9. and a display module.
Detailed Description
In order to further understand the contents, features and effects of the present invention, the following embodiments are illustrated and described in detail with reference to the accompanying drawings.
The structure of the present invention will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the method for secure data storage and calculation based on fog calculation-edge calculation of internet of things provided by the present invention comprises the following steps:
s101, acquiring needed data through a data acquisition module, disturbing the acquired data through a random disturbance function to realize localized differential privacy, and encrypting at a fog node to realize the security of local area data;
s102, the main control module stores the converged data by using a fog server through a data storage module;
s103, the converged data content is accessed by the data access module through encrypted retrieval application;
s104, distributing a computing task by a distribution module by using a verifiable key distribution algorithm;
s105, processing the distributed computing tasks by a task processing module through a processing program; calculating the data through a data calculating module; the security management and monitoring are carried out on the data through the security module, and the security management and monitoring module is responsible for the access authority control, data security and authentication functions of the user and protects the data integrity and privacy;
and S106, displaying the converged data through a display module.
As shown in fig. 2, the system for secure data storage and computation based on fog computation-edge computation of internet of things provided by the present invention comprises: the system comprises a data acquisition module 1, a main control module 2, a data storage module 3, a data access module 4, a distribution module 5, a task processing module 6, a data calculation module 7, a safety module 8 and a display module 9.
The data acquisition module 1 is connected with the main control module 2 and used for acquiring required data and disturbing the acquired data through a random disturbance function to realize localized differential privacy;
the main control module 2 is connected with the data acquisition module 1, the data storage module 3, the data access module 4, the distribution module 5, the task processing module 6, the data calculation module 7, the safety module 8 and the display module 9 and is used for controlling the operation of each module through a central processing unit;
the data storage module 3 is connected with the main control module 2 and used for storing the converged data through the fog server;
the data access module 4 is connected with the main control module 2 and used for applying for accessing the converged data contents through encryption retrieval;
the distribution module 5 is connected with the main control module 2 and used for distributing calculation tasks through a verifiable key distribution algorithm;
the task processing module 6 is connected with the main control module 2 and used for processing the distributed computing tasks through a processing program;
the data calculation module 7 is connected with the main control module 2 and is used for calculating and processing data;
and the display module 8 is connected with the main control module 2 and used for displaying the converged data through a display.
The data acquisition module 1 provided by the invention has the following acquisition method:
firstly, in the same area of an edge sensor of the Internet of things, each sensor node collects required information to form a data set of the node, and the data are transmitted to a fog node after being locally disturbed. In the collected data set M, a sampling typical algorithm is used for disturbing the data, so that the localization differential privacy is realized, and the safety of the local data is ensured.
The method comprises selecting collected data set to divide data into K parts, and executing query function f to obtain query result f (d)1),f(d2),…,f(dK) Wherein d is a selection category. And adding a random response algorithm (including a perturbation and correction process) to the query result to obtain a perturbation statistical result y, thereby realizing the localized epsilon difference privacy. Local disturbance statistical algorithm piGRR(a) The formula is as follows:
wherein epsilon is the privacy protection budget, P is the probability, e is a constant, and a belongs to M.
Secondly, self-organizing K adjacent users or fog nodes in the same area anonymously to form an adjacent group; then, data disturbance is carried out among K anonymous users or fog nodes, data are encrypted in the fog nodes, the processed data transmit the disturbed encrypted data to a fog server through cluster nodes in the group, and the fog server operates and corrects tauGRR(a) To obtain the formula:
i is the number of samples, j is an integer, Q is the reverse probability, and u is the number of nodes;
and finally, a plurality of users or nodes transmit data to the fog server for data storage by using the same Ad hoc K anonymous privacy protection method. As shown in fig. 3.
The storage method of the data storage module 3 provided by the invention is as follows:
generating relevant parameter information by the fog node, encrypting the acquired disturbance data by the fog node to generate C ═ Enc (pk, m, r), and sending the C ═ Enc (pk, m, r) to the fog server; the adopted encryption algorithm is a paillier public key encryption scheme. The specific encryption process is as follows:
and a key generation process:
KeyGen(1λ) → (n, p, q): two large prime numbers p, q are selected, and n is calculated to be pq, so that safety parameters are met: λ ═ lcm [ (p-1), (q-1)](ii) a Where lcm is the least common multiple. g is in Zn * 2A random integer satisfying l (x) or (x-1)/n; wherein the public key is (n, g), and the private key is (p, q);
and (3) encryption process:
m is a plaintext message, r is a random number, C is a ciphertext of message m, then
C=gmrnmod n2 (3)
For data which needs to be obtained through homomorphic calculation, the homomorphic algorithm is adopted as follows:
in thatGiven a plaintext message m1,m2When two ciphertexts C1、C2When adding, wherein is set C1Is E (m)1,r1),C2Is E (m)2,r2). The result of ciphertext addition remains homomorphic as:
Cadd=E(m1,r1)E(m2,r2)mod n2=E(m1+m2,r1r2) (4)
with the increase of the storage data on the fog server, the data size is larger and larger, the problem of insufficient space is larger and larger, and the fog server realizes the storage service of the data by cleaning useless data or transferring the data.
The data access module 4 access method provided by the invention comprises the following steps:
(1) if the fog nodes or users access data on the fog server or stored calculation data obtained through safe multi-party calculation, the nodes or users firstly encrypt own related information and retrieval content, and then send the encrypted information to the fog server for access;
(2) the fog server sends the query result to the access node, and the access node utilizes the private key sk of the access node2Decrypting the inquired encrypted data to obtain plaintext data; the specific decryption method comprises the following steps:
1) for ciphertext C (C)<n2) When decryption operation is carried out, the decryption method of the ciphertext of a single plain text comprises the following steps:
the decryption method of homomorphic encryption comprises the following steps:
D(C1C2modn2)=m1+m2mod n (6)
for the decryption method of homomorphic multiplication, according to the multiplication property of the pailliar encryption scheme, the specific steps are as follows:
as shown in fig. 4, the calculation method of the data calculation module 7 provided by the present invention is as follows:
(1) carrying out simple data processing on the fog nodes in the same area;
(2) for complex calculation, distributed safe multi-party calculation is combined with homomorphic encryption, a plurality of nodes participate in the calculation at the same time, and encryption protection is carried out on encryption data by using random numbers in the interaction process of each node, so that any original content cannot be leaked in the data processing process; using a key sharing scheme, a sender divides a secret into a plurality of interrelated secret information siWherein s isiBelong toI is 1 ≦ N, z is a prime number greater than N, t-1 elements are selected, labeled { a ≦ N1,...,at-1And then distributed to t-1 members of the group:
(3) Every fog node is using a vast pseudo-random number Rk(xi) Calculating own random share;
wherein k is (z, g, m, a)0,a1,…,at) Is information of fixed length; w is a prime number, a0,a1,…,atBelong to
Calculating A from Lagrange polynomialsi(x) And the calculation coefficient of the fog node in the Internet of things is as follows:
then, a calculated value y (x) of the fog node of the Internet of things is obtainedi) The formula is as follows:
(4) when the user or node pair in possession of the key processes the data y (x)i) Respectively transmitted to a fog server, and the fog server stores the result f (x) of the safe multi-party calculation, wherein f (x) is as follows:
the distribution module 5 distribution method provided by the invention comprises the following steps:
in the allocation module, a scheduler sends task information of input and output data quantity, CPU calculation cycle number and the like to be allocated, after a calculation terminal receives the task information, the calculation terminal calculates cost and determines an allocation task according to sub-models of the allocation task, energy consumption, cost estimation and the like, then the calculation terminal applies for the task from the scheduler, after the scheduler receives the task of each calculation terminal in the same region, the task is allocated to each calculation terminal after re-planning allocation through a preset task allocation model, secret sharing, homomorphic calculation and other task calculation are achieved, and the sum of the tasks of each task is optimal.
The processing method of the task processing module 6 provided by the invention comprises the following steps:
firstly, a chain task container is set, and task linking is realized through a Hash double-chain table;
secondly, receiving a calculation task sent by external terminal equipment;
then, decomposing the computing task into at least two sub-computing tasks;
and finally, performing parallel computation on the decomposed subtasks according to the chain task container to obtain a computation result required by the computation task.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and all simple modifications, equivalent changes and modifications made to the above embodiment according to the technical spirit of the present invention are within the scope of the technical solution of the present invention.
Claims (5)
1. A method for secure data storage and calculation based on fog calculation-edge calculation of the Internet of things is characterized in that the method for secure data storage and calculation based on fog calculation-edge calculation of the Internet of things comprises the following steps:
acquiring required data through a data acquisition module, disturbing the acquired data through a random disturbance function to realize localized differential privacy, and encrypting at a fog node to realize the safety of local area data;
secondly, the main control module stores and collects the disturbed and encrypted data by using a fog server through a data storage module, and integrates and converges the data;
thirdly, the data access module utilizes the encryption retrieval application to access the converged data content;
step four, distributing the calculation tasks by utilizing a verifiable key distribution algorithm through a distribution module;
processing the distributed computing tasks by a task processing module through a processing program; calculating the data through a data calculating module; the security management and monitoring are carried out on the data through the security module, and the security management and monitoring module is responsible for the access authority control, data security and authentication functions of the user and protects the data integrity and privacy;
displaying the converged data through a display module;
the step one data acquisition module acquisition and processing method comprises the following steps:
firstly, in the same area of an edge sensor of the Internet of things, each sensor node collects required information to form a data set of the node, and the data is locally disturbed and then transmitted to a fog node; in the collected data set M, a sampling typical algorithm is used for disturbing the data, so that the localization differential privacy is realized, and the safety of the local data is ensured;
the method comprises selecting an acquired data set to divide the data into K parts, and operating a query function f on each part of the data to obtain a query result f (d)1),f(d2),…,f(dK) Wherein d is a selection category; adding a random response algorithm containing disturbance and correction processes to the query result to obtain a disturbance statistical result y, and realizing localized epsilon difference privacy; local disturbance statistical algorithm piGRR(a) The formula is as follows:
wherein epsilon is a privacy protection budget, P is a probability, e is a constant, and a belongs to M;
secondly, self-organizing K adjacent users or fog nodes in the same area anonymously to form an adjacent group; then, data disturbance is carried out among K anonymous users or fog nodes, data are encrypted in the fog nodes, the processed data transmit the disturbed encrypted data to a fog server through cluster nodes in the group, and the fog server operates and corrects tauGRR(a) To obtain the formula:
i is the number of samples, j is an integer, Q is the reverse probability, and u is the number of nodes;
finally, a plurality of users or nodes transmit data to the fog server for data storage by using the same Ad hoc Ad hoc K anonymous privacy protection method;
the second data storage module storage method comprises the following steps:
generating relevant parameter information by the fog node, encrypting the acquired disturbance data by the fog node to generate C ═ Enc (pk, m, r), and sending the C ═ Enc (pk, m, r) to the fog server; the adopted encryption algorithm is a paillier public key encryption scheme; the specific encryption process is as follows:
and a key generation process:
KeyGen(1λ) → (n, p, q): two large prime numbers p, q are selected, and n is calculated to be pq, so that safety parameters are met: λ ═ lcm [ (p-1), (q-1)](ii) a Where lcm is the least common multiple; g belongs toA random integer satisfying l (x) or (x-1)/n; wherein the public key is (n, g), and the private key is (p, q);
and (3) encryption process:
m is a plaintext message, r is a random number, C is a ciphertext of message m, then
C=gmrnmod n2 (3)
For data which needs to be obtained through homomorphic calculation, the homomorphic algorithm is adopted as follows:
in thatGiven a plaintext message m1,m2When two ciphertexts C1、C2When adding, wherein is set C1Is E (m)1,r1),C2Is E (m)2,r2) Then the result of ciphertext addition remains homomorphism as:
Cadd=E(m1,r1)E(m2,r2)mod n2=E(m1+m2,r1r2) (4)
with the increase of the storage data on the fog server, the data size is larger and larger, the problem of insufficient space is larger and larger, and the fog server realizes the storage service of the data by cleaning useless data or transferring the data;
the third step data access module access method comprises the following steps:
(1) if the fog nodes or users access data on the fog server or stored calculation data obtained through safe multi-party calculation, the nodes or users firstly encrypt own related information and retrieval content, and then send the encrypted information to the fog server for access;
(2) the fog server sends the query result to the access node, and the access node utilizes the private key sk of the access node2Decrypting the inquired encrypted data to obtain plaintext data; the specific decryption method comprises the following steps:
1) when the ciphertext C is decrypted, C<n2The decryption method of the ciphertext of a single plaintext is as follows:
the decryption method of homomorphic encryption comprises the following steps:
D(C1C2modn2)=m1+m2mod n (6)
for the decryption method of homomorphic multiplication, according to the multiplication property of the pailliar encryption scheme, the specific steps are as follows:
the calculation method of the five-step data calculation module comprises the following steps:
(1) carrying out simple data processing on the fog nodes in the same area;
(2) for complex calculation, distributed safe multi-party calculation is combined with homomorphic encryption, a plurality of nodes participate in the calculation at the same time, and encryption protection is carried out on encryption data by using random numbers in the interaction process of each node, so that any original content cannot be leaked in the data processing process; using a key sharing scheme, a sender divides a secret into a plurality of interrelated secret information siWherein s isiBelong toI is 1 ≦ N, z is a prime number greater than N, t-1 elements are selected, labeled { a ≦ N1,…,at-1And then distributed to t-1 members of the group:
(3) Every fog node is using a vast pseudo-random number Rk(xi) Calculating own random share;
wherein k is z, g, m, a0,a1,…,atIs information of fixed length; w is a prime number, a0,a1,…,atBelong to
Calculating A from Lagrange polynomialsi(x) And the calculation coefficient of the fog node in the Internet of things is as follows:
then, a calculated value y (x) of the fog node of the Internet of things is obtainedi) The formula is as follows:
(4) when the user or node pair in possession of the key processes the data y (x)i) Separate transmissionTo the fog server, the fog server stores the results of the secure multiparty computation f (x), f (x) as follows:
2. the method for secure data storage and computation of fog computing-edge computing based on the internet of things of claim 1, wherein the task processing module processing method comprises:
firstly, a chain task container is set, and task linking is realized through a Hash double-chain table;
secondly, receiving a calculation task sent by external terminal equipment;
then, decomposing the computing task into at least two sub-computing tasks;
and finally, performing parallel computation on the decomposed subtasks according to the chain task container to obtain a computation result required by the computation task.
3. An information data processing terminal for implementing the safe data storage and calculation method based on fog calculation-edge calculation of the internet of things as claimed in any one of claims 1-2.
4. A computer-readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method of secure data storage and computation for internet of things based fog computing-edge computing as claimed in any of claims 1-2.
5. An internet of things based fog computing-edge computing secure data storage and computation system implementing the internet of things based fog computing-edge computing secure data storage and computation method according to any one of claims 1-2, wherein the internet of things based fog computing-edge computing secure data storage and computation system comprises:
the data acquisition module is connected with the main control module and used for acquiring required data and disturbing the acquired data through a random disturbance function to realize localized differential privacy;
the main control module is connected with the data acquisition module, the data storage module, the data access module, the distribution module, the task processing module, the data calculation module, the safety module and the display module and is used for controlling the operation work of each module through the central processing unit;
the data storage module is connected with the main control module and used for storing the converged data through the fog server;
the data access module is connected with the main control module and used for applying for accessing the converged data contents through encryption retrieval;
the distribution module is connected with the main control module and used for distributing the calculation tasks through a verifiable key distribution algorithm;
the task processing module is connected with the main control module and used for processing the distributed computing tasks through a processing program;
the data calculation module is connected with the main control module and is used for calculating and processing data;
the safety module is connected with the main control module and is used for carrying out safety management and monitoring on data, taking charge of the access authority control, data safety and authentication functions of a user and protecting the data integrity and privacy;
and the display module is connected with the main control module and used for displaying the converged data through the display.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910521504.0A CN110213036B (en) | 2019-06-17 | 2019-06-17 | Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910521504.0A CN110213036B (en) | 2019-06-17 | 2019-06-17 | Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110213036A CN110213036A (en) | 2019-09-06 |
CN110213036B true CN110213036B (en) | 2021-07-06 |
Family
ID=67792899
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910521504.0A Active CN110213036B (en) | 2019-06-17 | 2019-06-17 | Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110213036B (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112511576A (en) * | 2019-09-16 | 2021-03-16 | 触景无限科技(北京)有限公司 | Internet of things data processing system and data processing method |
CN111381545B (en) * | 2020-04-03 | 2021-03-26 | 北京奥德威特电力科技股份有限公司 | Protection measurement and control intelligent terminal based on edge calculation |
CN112398868A (en) * | 2020-05-20 | 2021-02-23 | 郝鹏 | Communication data processing method and system based on block chain and cloud computing |
CN111832044B (en) * | 2020-06-30 | 2023-01-03 | 中国船舶集团有限公司第七一六研究所 | Safe collaborative computing processing method and system |
CN111737011B (en) * | 2020-07-31 | 2021-01-29 | 支付宝(杭州)信息技术有限公司 | Method and device for realizing secure multi-party computation |
CN112182644B (en) * | 2020-09-11 | 2023-05-12 | 华控清交信息科技(北京)有限公司 | Data processing method and device and electronic equipment |
CN112272227B (en) * | 2020-10-22 | 2022-04-15 | 华侨大学 | Edge computing task scheduling method based on computation graph |
CN112738225B (en) * | 2020-12-29 | 2022-06-10 | 浙江经贸职业技术学院 | Edge calculation method based on artificial intelligence |
CN112769568B (en) * | 2021-01-29 | 2022-07-22 | 华中师范大学 | Security authentication communication system and method in fog computing environment and Internet of things equipment |
CN112989369B (en) * | 2021-02-09 | 2022-03-25 | 山东大学 | Data encryption learning method suitable for dynamic distributed Internet of things system |
CN113378187A (en) * | 2021-05-11 | 2021-09-10 | 广西电网有限责任公司电力科学研究院 | Intelligent power grid data query method and system based on Internet of things |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105262587A (en) * | 2015-10-30 | 2016-01-20 | 西安电子科技大学 | Group key distribution method for machine-type communication based on proxy re-encryption |
CN107493268A (en) * | 2017-07-27 | 2017-12-19 | 华中科技大学 | A kind of difference method for secret protection based on front position vector |
CN107968780A (en) * | 2017-11-20 | 2018-04-27 | 上海海事大学 | A kind of method for secret protection of mobile cloud storage shared data |
CN108684038A (en) * | 2018-05-14 | 2018-10-19 | 华侨大学 | The hiding data attack detection method that mechanism is evaluated with hierarchical trust is calculated based on mist |
CN109495476A (en) * | 2018-11-19 | 2019-03-19 | 中南大学 | A kind of data flow difference method for secret protection and system based on edge calculations |
CN109523611A (en) * | 2018-11-28 | 2019-03-26 | 百度在线网络技术(北京)有限公司 | Identifying code Picture Generation Method and device |
CN109617947A (en) * | 2018-11-07 | 2019-04-12 | 重庆光电信息研究院有限公司 | The heterologous Internet of Things edge calculations system and method in city being arranged according to management category |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10628222B2 (en) * | 2016-05-17 | 2020-04-21 | International Business Machines Corporation | Allocating compute offload resources |
CN106357395B (en) * | 2016-09-13 | 2019-04-23 | 深圳大学 | A kind of outsourcing access control method and its system towards mist calculating |
US10742457B2 (en) * | 2017-09-11 | 2020-08-11 | Apple Inc. | Initialization of pseudo noise sequences for reference signals and data scrambling |
US10841808B2 (en) * | 2017-10-16 | 2020-11-17 | Apple Inc. | Apparatus and medium for enabling multi-carrier operation |
CN107947913B (en) * | 2017-11-15 | 2020-08-07 | 武汉大学 | Anonymous authentication method and system based on identity |
US11580034B2 (en) * | 2017-11-16 | 2023-02-14 | Micron Technology, Inc. | Namespace encryption in non-volatile memory devices |
CN108521329B (en) * | 2018-03-23 | 2020-11-20 | 华东师范大学 | Dynamic security channel establishment method in fog system |
US11327735B2 (en) * | 2018-10-16 | 2022-05-10 | Intel Corporation | Attestation manifest derivation and distribution using software update image |
-
2019
- 2019-06-17 CN CN201910521504.0A patent/CN110213036B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105262587A (en) * | 2015-10-30 | 2016-01-20 | 西安电子科技大学 | Group key distribution method for machine-type communication based on proxy re-encryption |
CN107493268A (en) * | 2017-07-27 | 2017-12-19 | 华中科技大学 | A kind of difference method for secret protection based on front position vector |
CN107968780A (en) * | 2017-11-20 | 2018-04-27 | 上海海事大学 | A kind of method for secret protection of mobile cloud storage shared data |
CN108684038A (en) * | 2018-05-14 | 2018-10-19 | 华侨大学 | The hiding data attack detection method that mechanism is evaluated with hierarchical trust is calculated based on mist |
CN109617947A (en) * | 2018-11-07 | 2019-04-12 | 重庆光电信息研究院有限公司 | The heterologous Internet of Things edge calculations system and method in city being arranged according to management category |
CN109495476A (en) * | 2018-11-19 | 2019-03-19 | 中南大学 | A kind of data flow difference method for secret protection and system based on edge calculations |
CN109523611A (en) * | 2018-11-28 | 2019-03-26 | 百度在线网络技术(北京)有限公司 | Identifying code Picture Generation Method and device |
Non-Patent Citations (2)
Title |
---|
Fog Computing Assisted Efficient Privacy Preserving Data Collection for Big Sensory Data;Siguang Chen ect.;《IEEE》;20190221 * |
基于综合信任的边缘计算资源协同研究;邓晓衡等;《计算机研究与发展》;20180315 * |
Also Published As
Publication number | Publication date |
---|---|
CN110213036A (en) | 2019-09-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110213036B (en) | Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things | |
Touati et al. | Collaborative kp-abe for cloud-based internet of things applications | |
CN103873236B (en) | One kind can search for encryption method and equipment | |
CN106506474A (en) | A kind of efficient traceable data sharing method based on mobile cloud environment | |
Fan et al. | Secure, efficient and revocable data sharing scheme for vehicular fogs | |
Murugesan et al. | Analysis on homomorphic technique for data security in fog computing | |
Sun et al. | An IoT data sharing privacy preserving scheme | |
Hasan et al. | Encryption as a service for smart grid advanced metering infrastructure | |
CN115664629A (en) | Homomorphic encryption-based data privacy protection method for intelligent Internet of things platform | |
Li et al. | Secure and temporary access delegation with equality test for cloud-assisted IoV | |
Shao et al. | Secure outsourced computation in connected vehicular cloud computing | |
Kumar et al. | An efficient ciphertext policy-attribute based encryption for big data access control in cloud computing | |
CN110611571A (en) | Revocable access control method of smart grid system based on fog | |
Chen et al. | Implement of agent with role-based hierarchy access control for secure grouping IoTs | |
Li et al. | A Dynamic Location Privacy Protection Scheme Based on Cloud Storage. | |
Shen et al. | Secure and membership-based data sharing scheme in V2G networks | |
Wang et al. | An efficient KP-ABE scheme for content protection in information-centric networking | |
Kerschbaum | Distance-preserving pseudonymization for timestamps and spatial data | |
Wang et al. | Distributed access control with outsourced computation in fog computing | |
CN114362939A (en) | Trusted relay quantum secret communication network-based dynamic routing forwarding method, storage device and intelligent terminal | |
Marandi et al. | Lattice-Based Homomorphic Encryption For Privacy-Preserving Smart Meter Data Analytics | |
Li et al. | A location privacy protection scheme based on hybrid encryption | |
Ali et al. | A Lightweight Trust-less Authentication Framework for Massive IoT Systems | |
Niu et al. | Spatial ciphertext aggregation computing scheme for mobile crowd sensing privacy protection | |
Kumar et al. | Design and analysis of elliptic curve cryptography-based multi-round authentication protocols for resource-constrained devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |