CN110213036B - Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things - Google Patents

Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things Download PDF

Info

Publication number
CN110213036B
CN110213036B CN201910521504.0A CN201910521504A CN110213036B CN 110213036 B CN110213036 B CN 110213036B CN 201910521504 A CN201910521504 A CN 201910521504A CN 110213036 B CN110213036 B CN 110213036B
Authority
CN
China
Prior art keywords
data
calculation
module
fog
internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910521504.0A
Other languages
Chinese (zh)
Other versions
CN110213036A (en
Inventor
陈艳格
平源
兰雷
张永
马慧
李萌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Xuchang University
Original Assignee
Xidian University
Xuchang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University, Xuchang University filed Critical Xidian University
Priority to CN201910521504.0A priority Critical patent/CN110213036B/en
Publication of CN110213036A publication Critical patent/CN110213036A/en
Application granted granted Critical
Publication of CN110213036B publication Critical patent/CN110213036B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The invention belongs to the technical field of data storage and calculation, and discloses a safe data storage and calculation method based on fog calculation-edge calculation of the Internet of things, wherein localized epsilon differential privacy is realized through a data acquisition module, and data encryption is realized at a fog node, so that the safety of local area data is protected; the data storage module realizes encrypted data storage and protects the privacy of the data on the fog server; the data access module realizes data security decryption and protects data information security sharing; the distribution module uploads the own distribution task to the scheduler, so that the privacy of the computing terminal can be effectively protected; meanwhile, the calculation tasks are decomposed through the task processing module, and the plurality of decomposed calculation sub-tasks are subjected to parallel calculation. The invention improves the processing speed of the calculation task and ensures the data security and the data privacy of the whole system.

Description

Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things
Technical Field
The invention belongs to the technical field of data storage and calculation, and particularly relates to a safe data storage and calculation method based on fog calculation-edge calculation of the Internet of things.
Background
The internet of things is an important component of a new generation of information technology, and is a network for connecting any article with the internet for information exchange and communication according to an agreed protocol through information sensing equipment such as Radio Frequency Identification (RFID), an infrared sensor, a global positioning system, a laser scanner and the like so as to realize intelligent identification, positioning, tracking, monitoring and management of the article.
At present, the internet of things industry has remarkable effects in aspects of core technology research and industrialization, key standard research and formulation, industry chain establishment and perfection, important application demonstration and popularization and the like, the internet of things has become one of strategic high points of new economic and technological development in the world at present, and particularly, the internet of things is applied to demonstration engineering in 9 major key fields of intelligent industry, intelligent agriculture, intelligent logistics, intelligent transportation, intelligent power grid, intelligent environmental protection, intelligent security and protection, intelligent medical treatment and intelligent home.
The development of the intelligent industry directly influences the development of the national post industry, so that the use of the appropriate internet of things technology becomes an indispensable tool and means for realizing industrial informatization, networking and intellectualization, improving the operation management and working environment of enterprises, reducing the cost and promoting the integration of electronic products with communication and computer technologies; meanwhile, the safety of the industrial Internet of things network and data is guaranteed.
Edge computing refers to an open platform integrating network, computing, storage and application core capabilities at one side close to an object or a data source to provide nearest-end services nearby. The application program is initiated at the edge side, so that a faster network service response is generated, and the basic requirements of the industry in the aspects of real-time business, application intelligence, safety, privacy protection and the like are met. The edge computation is between the physical entity and the industrial connection, or on top of the physical entity.
The fog calculation emphasizes the function of edge equipment, and the core idea of the method is intelligent front-end, namely, a layer, namely a fog layer, is added between a cloud layer and a terminal equipment layer. Through calculation, storage and network communication services provided by the fog layer, the calculation, analysis and processing of data are closer to users, so that the response delay and storage overhead of the Internet of things service processed by the cloud layer are reduced, the consumption of wireless resources is reduced, the energy consumption of terminal equipment is reduced, the standby time of the terminal equipment is prolonged, and even the calculation services can be continuously provided in the area without the Internet coverage.
The fog calculation mainly has the following characteristics.
a) Real-time interaction is supported, and time delay and energy consumption are lower.
b) The lower bandwidth requirement relieves the congestion caused when the mass equipment is connected with the cloud.
c) And the distributed processing of the data reduces the storage requirement of mass data.
d) The device position is accurately sensed, and the wider range of mobility is supported.
e) Supporting isomerism, supporting diversified heterogeneous software and hardware equipment.
However, privacy and randomness of arrival of computing tasks cannot be protected in the existing edge computing task allocation process; meanwhile, the computing task usually has a large data volume; when performing sequential calculations for each sub-calculation task, a lot of time is consumed. Therefore, the conventional method has a slow processing speed of the calculation task.
In summary, the problems of the prior art are as follows:
privacy and randomness of arriving of computing tasks cannot be protected in the existing edge computing task allocation process; the data security of the data during transmission cannot be guaranteed. Meanwhile, the computing task usually has a large data volume; when performing sequential calculations for each sub-calculation task, a lot of time is consumed. Therefore, the conventional method has a slow processing speed of the calculation task.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a safe data storage and calculation method based on fog calculation-edge calculation of the Internet of things.
The invention is realized in such a way that a system for storing and calculating the safety data of fog calculation-edge calculation based on the Internet of things comprises:
the system comprises a data acquisition module, a main control module, a data storage module, a data access module, a distribution module, a task processing module, a data calculation module, a safety module and a display module;
the data acquisition module is connected with the main control module and used for acquiring required data, disturbing the acquired data through a random disturbance function to realize localized differential privacy and realizing the security of local area data through encryption at a fog node;
the main control module is connected with the data acquisition module, the data storage module, the data access module, the distribution module, the task processing module, the data calculation module, the safety module and the display module and is used for controlling the operation work of each module through the central processing unit;
the data storage module is connected with the main control module and used for storing the converged data through the fog server;
the data access module is connected with the main control module and used for applying for accessing the converged data contents through encryption retrieval;
the distribution module is connected with the main control module and used for distributing the calculation tasks through a verifiable key distribution algorithm;
the task processing module is connected with the main control module and used for processing the distributed computing tasks through a processing program;
the data calculation module is connected with the main control module and is used for calculating and processing data;
the safety module is connected with the main control module, is used for carrying out safety management and monitoring on data, is responsible for the access authority control, data safety and authentication functions of a user and protects the data integrity and privacy;
and the display module is connected with the main control module and used for displaying the converged data through the display.
Another object of the present invention is to provide a secure data storage and calculation method based on fog computing-edge computing of the internet of things. The method comprises the following steps:
acquiring required data through a data acquisition module, and disturbing the acquired data through a random disturbance function to realize localized differential privacy;
step two, the main control module stores the acquired data by using a fog server through a data storage module and integrates and converges the data;
thirdly, the data access module utilizes the encryption retrieval application to access the converged data content;
step four, distributing the calculation tasks by utilizing a verifiable key distribution algorithm through a distribution module;
processing the distributed computing tasks by a task processing module through a processing program; calculating the data through a data calculating module; the security management and monitoring are carried out on the data through the security module, and the security management and monitoring module is responsible for the access authority control, data security and authentication functions of the user and protects the data integrity and privacy;
and sixthly, displaying the converged data through a display module.
Further, the data acquisition module 1 has the following acquisition method:
firstly, in the same area of an edge sensor of the Internet of things, each sensor node collects required information to form a data set of the node, and the data are transmitted to a fog node after being locally disturbed. In the collected data set M, a sampling typical algorithm is used for disturbing the data, so that the localization differential privacy is realized, and the safety of the local data is ensured.
The method comprises selecting collected data set to divide data into K parts, and executing query function f to obtain query result f (d)1),f(d2),…,f(dK) Wherein d is a selection category. And adding a random response algorithm (including a perturbation and correction process) to the query result to obtain a perturbation statistical result y, thereby realizing the localized epsilon difference privacy. Local disturbance statistical algorithm piGRR(a) The formula is as follows:
Figure BDA0002096846250000041
wherein epsilon is the privacy protection budget, P is the probability, e is a constant, and a belongs to M.
Secondly, self-organizing K adjacent users or fog nodes in the same area anonymouslyForming a neighbor group; then, data disturbance is carried out among K anonymous users or fog nodes, data are encrypted in the fog nodes, the processed data transmit the disturbed encrypted data to a fog server through cluster nodes in the group, and the fog server operates and corrects tauGRR(a) To obtain the formula:
Figure BDA0002096846250000042
i is the number of samples, j is an integer, Q is the reverse probability, and u is the number of nodes;
and finally, a plurality of users or nodes transmit data to the fog server for data storage by using the same Ad hoc K anonymous privacy protection method. As shown in fig. 3.
Further, the data storage module storage method is as follows:
generating relevant parameter information by the fog node, encrypting the acquired disturbance data by the fog node to generate C ═ Enc (pk, m, r), and sending the C ═ Enc (pk, m, r) to the fog server; the adopted encryption algorithm is a paillier public key encryption scheme. The specific encryption process is as follows:
and a key generation process:
KeyGen(1λ) → (n, p, q): two large prime numbers p, q are selected, and n is calculated to be pq, so that safety parameters are met: λ ═ lcm [ (p-1), (q-1)](ii) a Where lcm is the least common multiple. g belongs to
Figure BDA0002096846250000052
A random integer satisfying l (x) or (x-1)/n; wherein the public key is (n, g), and the private key is (p, q);
and (3) encryption process:
m is a plaintext message, r is a random number, C is a ciphertext of message m, then
C=gmrnmodn2 (3)
For data which needs to be obtained through homomorphic calculation, the homomorphic algorithm is adopted as follows:
in that
Figure BDA0002096846250000051
Given a plaintext message m1,m2When two ciphertexts C1、C2When adding, wherein is set C1Is E (m)1,r1),C2Is E (m)2,r2). The result of ciphertext addition remains homomorphic as:
Cadd=E(m1,r1)E(m2,r2)mod n2=E(m1+m2,r1r2) (4)
with the increase of the storage data on the fog server, the data size is larger and larger, the problem of insufficient space is larger and larger, and the fog server realizes the storage service of the data by cleaning useless data or transferring the data.
Further, the data access module access method is as follows:
(1) if the fog nodes or users access data on the fog server or stored calculation data obtained through safe multi-party calculation, the nodes or users firstly encrypt own related information and retrieval content, and then send the encrypted information to the fog server for access;
(2) the fog server sends the query result to the access node, and the access node utilizes the private key sk of the access node2Decrypting the inquired encrypted data to obtain plaintext data; the specific decryption method comprises the following steps:
1) for ciphertext C (C)<n2) When decryption operation is carried out, the decryption method of the ciphertext of a single plain text comprises the following steps:
Figure BDA0002096846250000061
the decryption method of homomorphic encryption comprises the following steps:
D(C1C2modn2)=m1+m2mod n (6)
for the decryption method of homomorphic multiplication, according to the multiplication property of the pailliar encryption scheme, the specific steps are as follows:
Figure BDA0002096846250000062
further, the data calculation module has the following calculation method:
(1) carrying out simple data processing on the fog nodes in the same area;
(2) for complex calculation, distributed safe multi-party calculation is combined with homomorphic encryption, a plurality of nodes participate in the calculation at the same time, and encryption protection is carried out on encryption data by using random numbers in the interaction process of each node, so that any original content cannot be leaked in the data processing process; using a key sharing scheme, a sender divides a secret into a plurality of interrelated secret information siWherein s isiBelong to
Figure BDA0002096846250000063
I is 1 ≦ N, z is a prime number greater than N, t-1 elements are selected, labeled { a ≦ N1,...,at-1And then distributed to t-1 members of the group:
Figure BDA0002096846250000064
wherein a is0=s,
Figure BDA0002096846250000065
(3) Every fog node is using a vast pseudo-random number Rk(xi) Calculating own random share;
Figure BDA0002096846250000066
wherein k is (z, g, m, a)0,a1,…,at) Is information of fixed length; w is a prime number, a0,a1,…,atBelong to
Figure BDA0002096846250000067
Calculating A from Lagrange polynomialsi(x) And the calculation coefficient of the fog node in the Internet of things is as follows:
Figure BDA0002096846250000068
then, a calculated value y (x) of the fog node of the Internet of things is obtainedi) The formula is as follows:
Figure BDA0002096846250000071
(4) when the user or node pair in possession of the key processes the data y (x)i) Respectively transmitted to a fog server, and the fog server stores the result f (x) of the safe multi-party calculation, wherein f (x) is as follows:
Figure BDA0002096846250000072
further, the task processing module processing method comprises the following steps:
firstly, a chain task container is set, and task linking is realized through a Hash double-chain table;
secondly, receiving a calculation task sent by external terminal equipment;
then, decomposing the computing task into at least two sub-computing tasks;
and finally, performing parallel computation on the decomposed subtasks according to the chain task container to obtain a computation result required by the computation task.
It is a further object of the present invention to provide a computer program for implementing the method for secure data storage and computation of internet of things based fog computing-edge computing.
Another object of the present invention is to provide an information data processing terminal implementing the secure data storage and calculation method for fog calculation-edge calculation based on the internet of things.
It is another object of the present invention to provide a computer-readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method for secure data storage and computation based on fog computing-edge computing of the internet of things.
Another object of the present invention is to provide a fog computing-edge computing platform of the internet of things, which carries the system for secure data storage and computation based on fog computing-edge computing of the internet of things.
The invention has the advantages and positive effects that:
according to the invention, the data acquisition module is used for realizing the localization epsilon difference privacy, so that the safety of locally acquired data is protected; the data storage module realizes data encryption storage and protects data privacy of the data on the fog server and the fog nodes; the data access module realizes data security decryption and protects data information security sharing; the data calculation module applies a verifiable key distribution algorithm to perform homomorphic parallel calculation, and multi-party cooperative calculation is realized through multi-party safety calculation, so that the safety of data in the calculation process is guaranteed. Meanwhile, the method and the system realize data disturbance among K anonymous users or nodes in the region by constructing the near region, and ensure the data privacy of the local region.
Therefore, the method and the device improve the processing speed of the calculation task, and simultaneously greatly improve the data safety and data privacy problems under most scenes of the Internet of things.
Drawings
Fig. 1 is a flowchart of a secure data storage and calculation method based on fog calculation-edge calculation of the internet of things according to an embodiment of the present invention.
Fig. 2 is a block diagram of a system structure for secure data storage and computation based on fog computing-edge computing of the internet of things according to an embodiment of the present invention.
Fig. 3 is a data aggregation storage diagram provided in an embodiment of the present invention.
Fig. 4 is a data calculation diagram provided by an embodiment of the present invention.
In fig. 2: 1. a data acquisition module; 2. a main control module; 3. a data storage module; 4. a data access module; 5. a distribution module; 6. a task processing module; 7. a data calculation module; 8. a security module; 9. and a display module.
Detailed Description
In order to further understand the contents, features and effects of the present invention, the following embodiments are illustrated and described in detail with reference to the accompanying drawings.
The structure of the present invention will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the method for secure data storage and calculation based on fog calculation-edge calculation of internet of things provided by the present invention comprises the following steps:
s101, acquiring needed data through a data acquisition module, disturbing the acquired data through a random disturbance function to realize localized differential privacy, and encrypting at a fog node to realize the security of local area data;
s102, the main control module stores the converged data by using a fog server through a data storage module;
s103, the converged data content is accessed by the data access module through encrypted retrieval application;
s104, distributing a computing task by a distribution module by using a verifiable key distribution algorithm;
s105, processing the distributed computing tasks by a task processing module through a processing program; calculating the data through a data calculating module; the security management and monitoring are carried out on the data through the security module, and the security management and monitoring module is responsible for the access authority control, data security and authentication functions of the user and protects the data integrity and privacy;
and S106, displaying the converged data through a display module.
As shown in fig. 2, the system for secure data storage and computation based on fog computation-edge computation of internet of things provided by the present invention comprises: the system comprises a data acquisition module 1, a main control module 2, a data storage module 3, a data access module 4, a distribution module 5, a task processing module 6, a data calculation module 7, a safety module 8 and a display module 9.
The data acquisition module 1 is connected with the main control module 2 and used for acquiring required data and disturbing the acquired data through a random disturbance function to realize localized differential privacy;
the main control module 2 is connected with the data acquisition module 1, the data storage module 3, the data access module 4, the distribution module 5, the task processing module 6, the data calculation module 7, the safety module 8 and the display module 9 and is used for controlling the operation of each module through a central processing unit;
the data storage module 3 is connected with the main control module 2 and used for storing the converged data through the fog server;
the data access module 4 is connected with the main control module 2 and used for applying for accessing the converged data contents through encryption retrieval;
the distribution module 5 is connected with the main control module 2 and used for distributing calculation tasks through a verifiable key distribution algorithm;
the task processing module 6 is connected with the main control module 2 and used for processing the distributed computing tasks through a processing program;
the data calculation module 7 is connected with the main control module 2 and is used for calculating and processing data;
and the display module 8 is connected with the main control module 2 and used for displaying the converged data through a display.
The data acquisition module 1 provided by the invention has the following acquisition method:
firstly, in the same area of an edge sensor of the Internet of things, each sensor node collects required information to form a data set of the node, and the data are transmitted to a fog node after being locally disturbed. In the collected data set M, a sampling typical algorithm is used for disturbing the data, so that the localization differential privacy is realized, and the safety of the local data is ensured.
The method comprises selecting collected data set to divide data into K parts, and executing query function f to obtain query result f (d)1),f(d2),…,f(dK) Wherein d is a selection category. And adding a random response algorithm (including a perturbation and correction process) to the query result to obtain a perturbation statistical result y, thereby realizing the localized epsilon difference privacy. Local disturbance statistical algorithm piGRR(a) The formula is as follows:
Figure BDA0002096846250000101
wherein epsilon is the privacy protection budget, P is the probability, e is a constant, and a belongs to M.
Secondly, self-organizing K adjacent users or fog nodes in the same area anonymously to form an adjacent group; then, data disturbance is carried out among K anonymous users or fog nodes, data are encrypted in the fog nodes, the processed data transmit the disturbed encrypted data to a fog server through cluster nodes in the group, and the fog server operates and corrects tauGRR(a) To obtain the formula:
Figure BDA0002096846250000102
i is the number of samples, j is an integer, Q is the reverse probability, and u is the number of nodes;
and finally, a plurality of users or nodes transmit data to the fog server for data storage by using the same Ad hoc K anonymous privacy protection method. As shown in fig. 3.
The storage method of the data storage module 3 provided by the invention is as follows:
generating relevant parameter information by the fog node, encrypting the acquired disturbance data by the fog node to generate C ═ Enc (pk, m, r), and sending the C ═ Enc (pk, m, r) to the fog server; the adopted encryption algorithm is a paillier public key encryption scheme. The specific encryption process is as follows:
and a key generation process:
KeyGen(1λ) → (n, p, q): two large prime numbers p, q are selected, and n is calculated to be pq, so that safety parameters are met: λ ═ lcm [ (p-1), (q-1)](ii) a Where lcm is the least common multiple. g is in Zn * 2A random integer satisfying l (x) or (x-1)/n; wherein the public key is (n, g), and the private key is (p, q);
and (3) encryption process:
m is a plaintext message, r is a random number, C is a ciphertext of message m, then
C=gmrnmod n2 (3)
For data which needs to be obtained through homomorphic calculation, the homomorphic algorithm is adopted as follows:
in that
Figure BDA0002096846250000113
Given a plaintext message m1,m2When two ciphertexts C1、C2When adding, wherein is set C1Is E (m)1,r1),C2Is E (m)2,r2). The result of ciphertext addition remains homomorphic as:
Cadd=E(m1,r1)E(m2,r2)mod n2=E(m1+m2,r1r2) (4)
with the increase of the storage data on the fog server, the data size is larger and larger, the problem of insufficient space is larger and larger, and the fog server realizes the storage service of the data by cleaning useless data or transferring the data.
The data access module 4 access method provided by the invention comprises the following steps:
(1) if the fog nodes or users access data on the fog server or stored calculation data obtained through safe multi-party calculation, the nodes or users firstly encrypt own related information and retrieval content, and then send the encrypted information to the fog server for access;
(2) the fog server sends the query result to the access node, and the access node utilizes the private key sk of the access node2Decrypting the inquired encrypted data to obtain plaintext data; the specific decryption method comprises the following steps:
1) for ciphertext C (C)<n2) When decryption operation is carried out, the decryption method of the ciphertext of a single plain text comprises the following steps:
Figure BDA0002096846250000111
the decryption method of homomorphic encryption comprises the following steps:
D(C1C2modn2)=m1+m2mod n (6)
for the decryption method of homomorphic multiplication, according to the multiplication property of the pailliar encryption scheme, the specific steps are as follows:
Figure BDA0002096846250000112
as shown in fig. 4, the calculation method of the data calculation module 7 provided by the present invention is as follows:
(1) carrying out simple data processing on the fog nodes in the same area;
(2) for complex calculation, distributed safe multi-party calculation is combined with homomorphic encryption, a plurality of nodes participate in the calculation at the same time, and encryption protection is carried out on encryption data by using random numbers in the interaction process of each node, so that any original content cannot be leaked in the data processing process; using a key sharing scheme, a sender divides a secret into a plurality of interrelated secret information siWherein s isiBelong to
Figure BDA0002096846250000121
I is 1 ≦ N, z is a prime number greater than N, t-1 elements are selected, labeled { a ≦ N1,...,at-1And then distributed to t-1 members of the group:
Figure BDA0002096846250000122
wherein a is0=s,
Figure BDA0002096846250000123
(3) Every fog node is using a vast pseudo-random number Rk(xi) Calculating own random share;
Figure BDA0002096846250000124
wherein k is (z, g, m, a)0,a1,…,at) Is information of fixed length; w is a prime number, a0,a1,…,atBelong to
Figure BDA0002096846250000125
Calculating A from Lagrange polynomialsi(x) And the calculation coefficient of the fog node in the Internet of things is as follows:
Figure BDA0002096846250000126
then, a calculated value y (x) of the fog node of the Internet of things is obtainedi) The formula is as follows:
Figure BDA0002096846250000127
(4) when the user or node pair in possession of the key processes the data y (x)i) Respectively transmitted to a fog server, and the fog server stores the result f (x) of the safe multi-party calculation, wherein f (x) is as follows:
Figure BDA0002096846250000128
the distribution module 5 distribution method provided by the invention comprises the following steps:
in the allocation module, a scheduler sends task information of input and output data quantity, CPU calculation cycle number and the like to be allocated, after a calculation terminal receives the task information, the calculation terminal calculates cost and determines an allocation task according to sub-models of the allocation task, energy consumption, cost estimation and the like, then the calculation terminal applies for the task from the scheduler, after the scheduler receives the task of each calculation terminal in the same region, the task is allocated to each calculation terminal after re-planning allocation through a preset task allocation model, secret sharing, homomorphic calculation and other task calculation are achieved, and the sum of the tasks of each task is optimal.
The processing method of the task processing module 6 provided by the invention comprises the following steps:
firstly, a chain task container is set, and task linking is realized through a Hash double-chain table;
secondly, receiving a calculation task sent by external terminal equipment;
then, decomposing the computing task into at least two sub-computing tasks;
and finally, performing parallel computation on the decomposed subtasks according to the chain task container to obtain a computation result required by the computation task.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and all simple modifications, equivalent changes and modifications made to the above embodiment according to the technical spirit of the present invention are within the scope of the technical solution of the present invention.

Claims (5)

1. A method for secure data storage and calculation based on fog calculation-edge calculation of the Internet of things is characterized in that the method for secure data storage and calculation based on fog calculation-edge calculation of the Internet of things comprises the following steps:
acquiring required data through a data acquisition module, disturbing the acquired data through a random disturbance function to realize localized differential privacy, and encrypting at a fog node to realize the safety of local area data;
secondly, the main control module stores and collects the disturbed and encrypted data by using a fog server through a data storage module, and integrates and converges the data;
thirdly, the data access module utilizes the encryption retrieval application to access the converged data content;
step four, distributing the calculation tasks by utilizing a verifiable key distribution algorithm through a distribution module;
processing the distributed computing tasks by a task processing module through a processing program; calculating the data through a data calculating module; the security management and monitoring are carried out on the data through the security module, and the security management and monitoring module is responsible for the access authority control, data security and authentication functions of the user and protects the data integrity and privacy;
displaying the converged data through a display module;
the step one data acquisition module acquisition and processing method comprises the following steps:
firstly, in the same area of an edge sensor of the Internet of things, each sensor node collects required information to form a data set of the node, and the data is locally disturbed and then transmitted to a fog node; in the collected data set M, a sampling typical algorithm is used for disturbing the data, so that the localization differential privacy is realized, and the safety of the local data is ensured;
the method comprises selecting an acquired data set to divide the data into K parts, and operating a query function f on each part of the data to obtain a query result f (d)1),f(d2),…,f(dK) Wherein d is a selection category; adding a random response algorithm containing disturbance and correction processes to the query result to obtain a disturbance statistical result y, and realizing localized epsilon difference privacy; local disturbance statistical algorithm piGRR(a) The formula is as follows:
Figure FDA0003076238940000021
wherein epsilon is a privacy protection budget, P is a probability, e is a constant, and a belongs to M;
secondly, self-organizing K adjacent users or fog nodes in the same area anonymously to form an adjacent group; then, data disturbance is carried out among K anonymous users or fog nodes, data are encrypted in the fog nodes, the processed data transmit the disturbed encrypted data to a fog server through cluster nodes in the group, and the fog server operates and corrects tauGRR(a) To obtain the formula:
Figure FDA0003076238940000022
i is the number of samples, j is an integer, Q is the reverse probability, and u is the number of nodes;
finally, a plurality of users or nodes transmit data to the fog server for data storage by using the same Ad hoc Ad hoc K anonymous privacy protection method;
the second data storage module storage method comprises the following steps:
generating relevant parameter information by the fog node, encrypting the acquired disturbance data by the fog node to generate C ═ Enc (pk, m, r), and sending the C ═ Enc (pk, m, r) to the fog server; the adopted encryption algorithm is a paillier public key encryption scheme; the specific encryption process is as follows:
and a key generation process:
KeyGen(1λ) → (n, p, q): two large prime numbers p, q are selected, and n is calculated to be pq, so that safety parameters are met: λ ═ lcm [ (p-1), (q-1)](ii) a Where lcm is the least common multiple; g belongs to
Figure FDA0003076238940000023
A random integer satisfying l (x) or (x-1)/n; wherein the public key is (n, g), and the private key is (p, q);
and (3) encryption process:
m is a plaintext message, r is a random number, C is a ciphertext of message m, then
C=gmrnmod n2 (3)
For data which needs to be obtained through homomorphic calculation, the homomorphic algorithm is adopted as follows:
in that
Figure FDA0003076238940000031
Given a plaintext message m1,m2When two ciphertexts C1、C2When adding, wherein is set C1Is E (m)1,r1),C2Is E (m)2,r2) Then the result of ciphertext addition remains homomorphism as:
Cadd=E(m1,r1)E(m2,r2)mod n2=E(m1+m2,r1r2) (4)
with the increase of the storage data on the fog server, the data size is larger and larger, the problem of insufficient space is larger and larger, and the fog server realizes the storage service of the data by cleaning useless data or transferring the data;
the third step data access module access method comprises the following steps:
(1) if the fog nodes or users access data on the fog server or stored calculation data obtained through safe multi-party calculation, the nodes or users firstly encrypt own related information and retrieval content, and then send the encrypted information to the fog server for access;
(2) the fog server sends the query result to the access node, and the access node utilizes the private key sk of the access node2Decrypting the inquired encrypted data to obtain plaintext data; the specific decryption method comprises the following steps:
1) when the ciphertext C is decrypted, C<n2The decryption method of the ciphertext of a single plaintext is as follows:
Figure FDA0003076238940000032
the decryption method of homomorphic encryption comprises the following steps:
D(C1C2modn2)=m1+m2mod n (6)
for the decryption method of homomorphic multiplication, according to the multiplication property of the pailliar encryption scheme, the specific steps are as follows:
Figure FDA0003076238940000033
the calculation method of the five-step data calculation module comprises the following steps:
(1) carrying out simple data processing on the fog nodes in the same area;
(2) for complex calculation, distributed safe multi-party calculation is combined with homomorphic encryption, a plurality of nodes participate in the calculation at the same time, and encryption protection is carried out on encryption data by using random numbers in the interaction process of each node, so that any original content cannot be leaked in the data processing process; using a key sharing scheme, a sender divides a secret into a plurality of interrelated secret information siWherein s isiBelong to
Figure FDA0003076238940000034
I is 1 ≦ N, z is a prime number greater than N, t-1 elements are selected, labeled { a ≦ N1,…,at-1And then distributed to t-1 members of the group:
Figure FDA0003076238940000041
wherein a is0=s,
Figure FDA0003076238940000042
(3) Every fog node is using a vast pseudo-random number Rk(xi) Calculating own random share;
Figure FDA0003076238940000043
wherein k is z, g, m, a0,a1,…,atIs information of fixed length; w is a prime number, a0,a1,…,atBelong to
Figure FDA0003076238940000044
Calculating A from Lagrange polynomialsi(x) And the calculation coefficient of the fog node in the Internet of things is as follows:
Figure FDA0003076238940000045
then, a calculated value y (x) of the fog node of the Internet of things is obtainedi) The formula is as follows:
Figure FDA0003076238940000046
(4) when the user or node pair in possession of the key processes the data y (x)i) Separate transmissionTo the fog server, the fog server stores the results of the secure multiparty computation f (x), f (x) as follows:
Figure FDA0003076238940000047
2. the method for secure data storage and computation of fog computing-edge computing based on the internet of things of claim 1, wherein the task processing module processing method comprises:
firstly, a chain task container is set, and task linking is realized through a Hash double-chain table;
secondly, receiving a calculation task sent by external terminal equipment;
then, decomposing the computing task into at least two sub-computing tasks;
and finally, performing parallel computation on the decomposed subtasks according to the chain task container to obtain a computation result required by the computation task.
3. An information data processing terminal for implementing the safe data storage and calculation method based on fog calculation-edge calculation of the internet of things as claimed in any one of claims 1-2.
4. A computer-readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method of secure data storage and computation for internet of things based fog computing-edge computing as claimed in any of claims 1-2.
5. An internet of things based fog computing-edge computing secure data storage and computation system implementing the internet of things based fog computing-edge computing secure data storage and computation method according to any one of claims 1-2, wherein the internet of things based fog computing-edge computing secure data storage and computation system comprises:
the data acquisition module is connected with the main control module and used for acquiring required data and disturbing the acquired data through a random disturbance function to realize localized differential privacy;
the main control module is connected with the data acquisition module, the data storage module, the data access module, the distribution module, the task processing module, the data calculation module, the safety module and the display module and is used for controlling the operation work of each module through the central processing unit;
the data storage module is connected with the main control module and used for storing the converged data through the fog server;
the data access module is connected with the main control module and used for applying for accessing the converged data contents through encryption retrieval;
the distribution module is connected with the main control module and used for distributing the calculation tasks through a verifiable key distribution algorithm;
the task processing module is connected with the main control module and used for processing the distributed computing tasks through a processing program;
the data calculation module is connected with the main control module and is used for calculating and processing data;
the safety module is connected with the main control module and is used for carrying out safety management and monitoring on data, taking charge of the access authority control, data safety and authentication functions of a user and protecting the data integrity and privacy;
and the display module is connected with the main control module and used for displaying the converged data through the display.
CN201910521504.0A 2019-06-17 2019-06-17 Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things Active CN110213036B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910521504.0A CN110213036B (en) 2019-06-17 2019-06-17 Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910521504.0A CN110213036B (en) 2019-06-17 2019-06-17 Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things

Publications (2)

Publication Number Publication Date
CN110213036A CN110213036A (en) 2019-09-06
CN110213036B true CN110213036B (en) 2021-07-06

Family

ID=67792899

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910521504.0A Active CN110213036B (en) 2019-06-17 2019-06-17 Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things

Country Status (1)

Country Link
CN (1) CN110213036B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112511576A (en) * 2019-09-16 2021-03-16 触景无限科技(北京)有限公司 Internet of things data processing system and data processing method
CN111381545B (en) * 2020-04-03 2021-03-26 北京奥德威特电力科技股份有限公司 Protection measurement and control intelligent terminal based on edge calculation
CN112398868A (en) * 2020-05-20 2021-02-23 郝鹏 Communication data processing method and system based on block chain and cloud computing
CN111832044B (en) * 2020-06-30 2023-01-03 中国船舶集团有限公司第七一六研究所 Safe collaborative computing processing method and system
CN111737011B (en) * 2020-07-31 2021-01-29 支付宝(杭州)信息技术有限公司 Method and device for realizing secure multi-party computation
CN112182644B (en) * 2020-09-11 2023-05-12 华控清交信息科技(北京)有限公司 Data processing method and device and electronic equipment
CN112272227B (en) * 2020-10-22 2022-04-15 华侨大学 Edge computing task scheduling method based on computation graph
CN112738225B (en) * 2020-12-29 2022-06-10 浙江经贸职业技术学院 Edge calculation method based on artificial intelligence
CN112769568B (en) * 2021-01-29 2022-07-22 华中师范大学 Security authentication communication system and method in fog computing environment and Internet of things equipment
CN112989369B (en) * 2021-02-09 2022-03-25 山东大学 Data encryption learning method suitable for dynamic distributed Internet of things system
CN113378187A (en) * 2021-05-11 2021-09-10 广西电网有限责任公司电力科学研究院 Intelligent power grid data query method and system based on Internet of things

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105262587A (en) * 2015-10-30 2016-01-20 西安电子科技大学 Group key distribution method for machine-type communication based on proxy re-encryption
CN107493268A (en) * 2017-07-27 2017-12-19 华中科技大学 A kind of difference method for secret protection based on front position vector
CN107968780A (en) * 2017-11-20 2018-04-27 上海海事大学 A kind of method for secret protection of mobile cloud storage shared data
CN108684038A (en) * 2018-05-14 2018-10-19 华侨大学 The hiding data attack detection method that mechanism is evaluated with hierarchical trust is calculated based on mist
CN109495476A (en) * 2018-11-19 2019-03-19 中南大学 A kind of data flow difference method for secret protection and system based on edge calculations
CN109523611A (en) * 2018-11-28 2019-03-26 百度在线网络技术(北京)有限公司 Identifying code Picture Generation Method and device
CN109617947A (en) * 2018-11-07 2019-04-12 重庆光电信息研究院有限公司 The heterologous Internet of Things edge calculations system and method in city being arranged according to management category

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10628222B2 (en) * 2016-05-17 2020-04-21 International Business Machines Corporation Allocating compute offload resources
CN106357395B (en) * 2016-09-13 2019-04-23 深圳大学 A kind of outsourcing access control method and its system towards mist calculating
US10742457B2 (en) * 2017-09-11 2020-08-11 Apple Inc. Initialization of pseudo noise sequences for reference signals and data scrambling
US10841808B2 (en) * 2017-10-16 2020-11-17 Apple Inc. Apparatus and medium for enabling multi-carrier operation
CN107947913B (en) * 2017-11-15 2020-08-07 武汉大学 Anonymous authentication method and system based on identity
US11580034B2 (en) * 2017-11-16 2023-02-14 Micron Technology, Inc. Namespace encryption in non-volatile memory devices
CN108521329B (en) * 2018-03-23 2020-11-20 华东师范大学 Dynamic security channel establishment method in fog system
US11327735B2 (en) * 2018-10-16 2022-05-10 Intel Corporation Attestation manifest derivation and distribution using software update image

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105262587A (en) * 2015-10-30 2016-01-20 西安电子科技大学 Group key distribution method for machine-type communication based on proxy re-encryption
CN107493268A (en) * 2017-07-27 2017-12-19 华中科技大学 A kind of difference method for secret protection based on front position vector
CN107968780A (en) * 2017-11-20 2018-04-27 上海海事大学 A kind of method for secret protection of mobile cloud storage shared data
CN108684038A (en) * 2018-05-14 2018-10-19 华侨大学 The hiding data attack detection method that mechanism is evaluated with hierarchical trust is calculated based on mist
CN109617947A (en) * 2018-11-07 2019-04-12 重庆光电信息研究院有限公司 The heterologous Internet of Things edge calculations system and method in city being arranged according to management category
CN109495476A (en) * 2018-11-19 2019-03-19 中南大学 A kind of data flow difference method for secret protection and system based on edge calculations
CN109523611A (en) * 2018-11-28 2019-03-26 百度在线网络技术(北京)有限公司 Identifying code Picture Generation Method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Fog Computing Assisted Efficient Privacy Preserving Data Collection for Big Sensory Data;Siguang Chen ect.;《IEEE》;20190221 *
基于综合信任的边缘计算资源协同研究;邓晓衡等;《计算机研究与发展》;20180315 *

Also Published As

Publication number Publication date
CN110213036A (en) 2019-09-06

Similar Documents

Publication Publication Date Title
CN110213036B (en) Safe data storage and calculation method based on fog calculation-edge calculation of Internet of things
Touati et al. Collaborative kp-abe for cloud-based internet of things applications
CN103873236B (en) One kind can search for encryption method and equipment
CN106506474A (en) A kind of efficient traceable data sharing method based on mobile cloud environment
Fan et al. Secure, efficient and revocable data sharing scheme for vehicular fogs
Murugesan et al. Analysis on homomorphic technique for data security in fog computing
Sun et al. An IoT data sharing privacy preserving scheme
Hasan et al. Encryption as a service for smart grid advanced metering infrastructure
CN115664629A (en) Homomorphic encryption-based data privacy protection method for intelligent Internet of things platform
Li et al. Secure and temporary access delegation with equality test for cloud-assisted IoV
Shao et al. Secure outsourced computation in connected vehicular cloud computing
Kumar et al. An efficient ciphertext policy-attribute based encryption for big data access control in cloud computing
CN110611571A (en) Revocable access control method of smart grid system based on fog
Chen et al. Implement of agent with role-based hierarchy access control for secure grouping IoTs
Li et al. A Dynamic Location Privacy Protection Scheme Based on Cloud Storage.
Shen et al. Secure and membership-based data sharing scheme in V2G networks
Wang et al. An efficient KP-ABE scheme for content protection in information-centric networking
Kerschbaum Distance-preserving pseudonymization for timestamps and spatial data
Wang et al. Distributed access control with outsourced computation in fog computing
CN114362939A (en) Trusted relay quantum secret communication network-based dynamic routing forwarding method, storage device and intelligent terminal
Marandi et al. Lattice-Based Homomorphic Encryption For Privacy-Preserving Smart Meter Data Analytics
Li et al. A location privacy protection scheme based on hybrid encryption
Ali et al. A Lightweight Trust-less Authentication Framework for Massive IoT Systems
Niu et al. Spatial ciphertext aggregation computing scheme for mobile crowd sensing privacy protection
Kumar et al. Design and analysis of elliptic curve cryptography-based multi-round authentication protocols for resource-constrained devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant