CN110446108B - Media cloud system and video encryption and decryption method - Google Patents

Abstract

The invention provides a media cloud system and a video encryption and decryption method, and relates to the field of media cloud. The video encryption method comprises the following steps: acquiring a video to be encrypted, wherein the video is subjected to compression coding processing, and the format of the video is a set containing a plurality of elements; constructing an access structure based on the video, wherein the access structure is a composite tree containing virtual nodes; generating a system public key and a system management key; and acquiring network adaptation layer unit data in the video, and encrypting the video by combining the system public key and the access structure to generate a ciphertext.

Description

Media cloud system and video encryption and decryption method

Technical Field

The invention relates to the field of media cloud, in particular to a media cloud system and a video encryption and decryption method.

Background

The advent of the big data age has brought about great challenges to data storage, transmission, management, use, and the like. Cloud computing is used as a novel service mode, massive computing resources such as networks, servers, storage, application software and services are integrated to form a configurable resource sharing pool, and users can conveniently and quickly access and acquire nearly 'endless' computing capacity through the networks without a large amount of early investment. Due to this characteristic, cloud computing has also become a necessary choice to address many of the problems of the big data era.

Multimedia data (videos, sounds, pictures and the like) are used as important sources of big data, and the construction of a 'media cloud' is also one of important solutions in the media industry. The "media cloud" may provide services to users to store, process, distribute multimedia files, and provide qos (quality of service) guarantees.

Currently, media clouds mainly focus on business challenges facing video services, and steal and hotlinking are the two most common security threats. Video streaming refers to illegal persons illegally downloading unauthorized video content and distributing the content on own webpage or APP application. Video chaining is that a group or an individual does not agree with a legal operator to construct a webpage or an APP, so that an end user does not access video resources of the legal operator but a specified page or the APP of a chaining owner instead of the legal operator. Video theft and chaining can compromise the interests of legitimate operators (advertising revenue, copyright purchase expense, promotional value, bandwidth overhead, etc.).

Disclosure of Invention

In view of this, the present invention provides a media cloud system and a video encryption and decryption method, so as to solve the technical problems of stream stealing and link stealing from a media cloud in the prior art.

A first aspect of an embodiment of the present invention provides a video encryption method, including:

acquiring a video to be encrypted, wherein the video is subjected to compression coding processing, and the format of the video is a set containing a plurality of elements;

constructing an access structure based on the video, wherein the access structure is a composite tree containing virtual nodes;

generating a system public key and a system management key;

and acquiring network adaptation layer unit data in the video, and encrypting the video by combining the system public key and the access structure to generate a ciphertext.

Preferably, the acquiring the video to be encrypted includes:

and acquiring a video to be encrypted, and judging the video to be a public video or a private video.

Preferably, after the video to be encrypted is acquired, the method further includes:

if the video is judged to be the public video, acquiring the network adaptation layer unit encryption of the video, which contains video compression content;

and if the video is judged to be a private video, acquiring the network adaptation layer unit encryption of the video, which contains video global information.

Preferably, the generating the system public key and the system management key includes:

acquiring a bilinear group;

establishing a bilinear mapping function of the bilinear group;

acquiring a first random number and a second random number, wherein the first random number and the second random number are both positive integer sets smaller than the order number of the bilinear group;

and generating the system public key and the system management key based on the bilinear group, the bilinear mapping function, the first random number and the second random number.

Preferably, the acquiring the network adaptation layer unit data in the video, and generating the ciphertext by combining the system public key and the access structure includes:

traversing the access structure, dividing the access structure based on the virtual nodes in the access structure, and establishing an independent access tree, wherein the independent access tree comprises a trunk-branch hierarchical structure tree and a basic tree, and the trunk-branch hierarchical structure tree takes the virtual nodes as root nodes;

for each node in each independent access tree, a polynomial is constructed, wherein the highest degree of the polynomial is the threshold value of the node minus one, and a constant term of the polynomial is related to the parent node of the node and the position of the child node where the node is located;

acquiring a third random number, a fourth random number, a fifth random number and a sixth random number, wherein the third random number and the fourth random number are positive integer sets smaller than the order number of the bilinear group;

determining a key corresponding to each element of the video one by one based on the third random number and the fourth random number;

determining constant items of the polynomials corresponding to the root nodes of the basic trees based on the fifth random number, and determining constant items of the polynomials corresponding to the root nodes of the trunk-branch hierarchical structure trees based on the sixth random number;

distributing secret sharing fragments of the fifth random number and the sixth random number to each leaf node of the access structure based on a polynomial corresponding to each node;

acquiring corresponding attributes of each leaf node of the access structure based on the secret sharing fragments;

taking the straight line when the input value of the corresponding polynomial is 0 as a secret fragment for each node on the trunk of the trunk-branch hierarchical structure tree;

generating a ciphertext based on the first random number, the second random number, the third random number, the fourth random number, the fifth random number, the sixth random number, and corresponding attributes of a key, a secret sharing fragment, and each leaf node of the access structure, which correspond to each element of the video one to one, in combination with the system public key.

An attribute encryption method suitable for a media cloud is proposed. The method is realized based on an eM-CP-ABE algorithm, wherein a virtual node concept is introduced, and algorithm components such as a composite tree with high expression efficiency, a key chain and the like are constructed. On the basis, access control of massive video fragment levels is achieved, massive attributes are set, hierarchical expansion of an authorization center and user revocation are supported, algorithm complexity is reduced through an access tree with design efficiency, a single access tree can encrypt a single file, and meanwhile, access control description of multiple files and multiple levels can be achieved corresponding to multiple files.

A second aspect of the embodiments of the present invention provides a video decryption method, including:

acquiring an attribute set provided by a video consumer user;

generating a private key required by the video consumer user according to the attribute set and by combining a system management key;

and based on the private key, performing decryption processing on the video.

Preferably, generating the private key required by the video consumer user according to the attribute set and by combining a system management key includes:

acquiring a seventh random number;

acquiring a random number set according to each parameter in the attribute set;

generating a private key required by the video consumer user based on the random number and second random number, the seventh set of random numbers and random numbers, and the system management key.

Preferably, the decrypting the video based on the private key includes:

when the attribute set is judged to meet the access structure, determining an access node corresponding to the private key in the access structure;

when the access node is positioned in a basic tree of the access structure, a key corresponding to a root node of the basic tree is obtained through recursive processing, and decryption processing is carried out based on the key corresponding to the root node;

when the access node is located in the trunk-branch hierarchical structure tree of the access structure, a key corresponding to a root node of the trunk-branch hierarchical structure tree is obtained through recursive processing, a key chain of the trunk-branch hierarchical structure tree is obtained according to the relation of each node on the trunk-branch hierarchical structure tree, the key of the access node is determined, and decryption processing is performed based on the key of the access node.

A third aspect of an embodiment of the present invention provides a media cloud system, including:

an edge distribution server for storing the encrypted video;

and the index management server is used for storing the video information and the key.

Preferably, the content stored in the index management server is based on random storage, reorganization and dynamic generation of indexes of the video slices.

Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.

Drawings

In order to more clearly illustrate the technical solution in the embodiments of the present invention, the following briefly introduces the drawings required in the description of the embodiments:

FIG. 1 is a schematic structural diagram of a simple composite tree according to an embodiment of the present invention;

FIG. 2 is a schematic structural diagram of a basic unit of a composite tree according to an embodiment of the present invention;

FIG. 3 is a schematic structural diagram of two separated control trees with the composite tree unit exploded according to an embodiment of the present invention;

fig. 4 is a schematic structural diagram of a hierarchical attribute authorization group according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of a 1-n composite tree structure according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of a video encryption method according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of a video decryption method according to an embodiment of the present invention.

Detailed Description

To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

By relying on powerful resources provided by the media cloud, a video operator can conveniently provide high-quality video service with QoS guarantee for users. However, the implementation of efficient video management and distribution via media cloud also faces serious security challenges. These challenges come primarily from two areas: 1) the video has high-value attribute, traditional video operators face the infringement problems of steal, chain stealing and the like, and personal videos, monitoring videos, video conferences and the like face the protection problems of personal privacy, business privacy and the like; 2) the security risk brought by cloud computing and the cloud end of data cause failure of local physical protection, and bring new security threats to the integrity, confidentiality and access controllability of the data.

Video streaming refers to illegal persons illegally downloading unauthorized video content and distributing the content on own webpage or APP application. Video chaining is that a group or an individual does not agree with a legal operator to construct a webpage or an APP, so that an end user does not access video resources of the legal operator but a specified page or the APP of a chaining owner instead of the legal operator. Video theft and chaining can compromise the interests of legitimate operators (advertising revenue, copyright purchase expense, promotional value, bandwidth overhead, etc.).

Identity authentication, access control, content protection, service virtualization, data encryption, intrusion detection, key management, etc. are the basic security capabilities that constitute a security system. And finally, a multi-level and deep information security protection scheme needs to be constructed when the security target is achieved. The embodiment of the invention combines the cloud computing security requirement and the video service characteristics, and divides the media cloud security protection into three parts from the bottom.

The method is characterized in that firstly, the system security is adopted, system protection measures such as vulnerability scanning, intrusion detection, operation and maintenance audit, host security, identity authentication, access control, internal and external isolation, secure communication and the like are deployed and realized, and the security protection on the system level can be in butt joint with third-party remote cloud services (public cloud services and cloud security strategies) to form a complete system protection system.

Secondly, two levels of safety protection are provided for content safety protection, high-level safety protection is achieved through video slice encryption, sliced video slices are randomly stored in a plurality of storage gateways, and unified operation of the slices as low-level safety protection can be achieved only through obtaining dynamic indexes.

Finally, the invention designs a safe access control protocol (Sec _ ABAC protocol) based on ABAC, the protocol has fine granularity and high expandability, can well meet the expansion requirements of a service mode and an access control means, supports a service and content access control mode with high flexibility, high elasticity and high expandability, and can adapt to the processing capability of a terminal.

The embodiment of the invention is based on the security threat in the process of providing the service by the media cloud, adopts the design idea of ' zoning and domain division ', constructs a cloud-edge-end ' media cloud service hierarchical architecture, determines the information domain and the network physical boundary, distinguishes the security problem of data in the network, forms a depth access system, and proposes and constructs a media cloud security framework which takes the protection of the security of multimedia contents and the management and control of services as the core for the first time. The framework comprises three layers of media cloud security boundaries, and system level security is ensured through boundary division and system security; the framework supports random storage of video fragments, dynamic generation of indexes and optional video encryption, and provides two levels of content security protection for video content so as to ensure confidentiality and integrity of video data stored in a media cloud.

The framework provides two levels of video storage security policies, including a high-level content security policy and a low-level content security policy, namely an edge distribution server and an index management server.

Among them, as for a high-level content security policy, the encryption-based content storage security policy may be divided into two levels, video slicing encryption and video index encryption.

While low-level content security policies rely on random storage, reorganization of video slices, and dynamic generation of indexes. Suppose a Size of Size_VThe video V of 1.42G has a code rate f of 2500kb/s, where the length T is calculated as follows:

if press T_sliceWhen video slicing is performed for 10s, the number of slices N is obtained_V＝T/T_slice486. Suppose that 486 video slices are stored randomly in N_servOn 10 edge servers, the probability that a video fragment can be completely obtained and the recombination is successful under the condition that the index is unknown is as follows:

when there are more edge distribution servers and there are video fragments of multiple videos in the edge distribution servers, the probability that a complete video can be obtained on the premise that the index is unknown is lower. Therefore, acquiring the video index is the only way to obtain the complete video, and the security anchor point for acquiring the video index is in the security of the protocol.

Embodiments of the present invention turn video produced with the intention of attracting more viewers to watch it for the benefit of the benefit into public video. Such as programming made by a traditional content producer, UGC, short video, etc.

The public video has higher economic value, and reasonable copyright protection measures can protect the rights and interests of video producers and operators to the maximum extent. The purpose of disclosing video is to attract more viewers to watch it, so the encryption of public video has relatively special requirements: 1) encrypting the video only reduces the quality of the video, but still retains the general information of the picture to attract the purchase desire of the user; 2) the encrypted video can be decoded by an unauthorized decoder to part of the video information; 3) the encryption mechanism guarantees efficiency while guaranteeing certain security.

In addition, the embodiment of the invention changes the video which is produced by the ordinary user and is not used for obtaining benefits into the private video. Such as home videos, surveillance videos, video conferences, etc.

Private video has high privacy. Private video leaks can have adverse consequences for individuals, homes, and companies. The privacy of private video is mainly reflected in that it contains a large amount of personal information or company information of users in life and work, and once the information is leaked, immeasurable loss is caused to individuals, companies and the like. At the same time, privacy is a very hard-to-define concept; it is more difficult to define privacy in such unstructured files rich in various information as video.

Therefore, protection of private video privacy should have better security: 1) the quality of all pictures of the video is reduced as much as possible; 2) since private video involves a large number of individual users, video protection is preferably provided in the form of a service; 3) has certain safety on the premise of ensuring the efficiency.

In summary, public video and private video face serious security problems in their life cycle, and encryption is an important way to ensure video security. Due to different purposes, the public video and the private video have different encryption requirements.

From the encrypted content, video encryption can be divided into full encryption and selective encryption. As the name implies, full encryption means that video is encrypted as ordinary data, the encryption method completely destroys the video structure, and meanwhile, full encryption of data brings high computation amount. The selective encryption algorithm selects effective information in the video instead of the structure identification information for encryption, thereby ensuring the operability of video encryption, reducing the data volume to be encrypted to a great extent and improving the encryption efficiency.

Selective encryption algorithms in the encoding process, which are common at present, can be roughly divided into two categories: the first is to encrypt the original video compression information; the second category is encryption algorithms that combine entropy coding with semantic elements. In the former, as the encryption process occurs in the first stage of video coding, a more accurate selective encryption effect can be achieved, and meanwhile, the method has complete format compatibility, but can cause serious video compression loss; the latter often occurs after quantization of video compressed data, before entropy coding, or after entropy decoding of compressed video, the selective accuracy effect is slightly lower than that of the former, and meanwhile, because some bottom semantic elements are inevitably encrypted, only the format compatible effect that a player can play can be achieved, and complete format compatibility cannot be achieved. At the same time, it also brings about a smaller compression loss than the former.

In order to encrypt a video file, an embodiment of the present invention provides a video index encryption algorithm based on abe (attribute based encryption), which solves the security problem or the deployment problem of the Sec _ ABAC protocol while achieving fine-grained and extensible access control of video index content.

The ABE scheme designed by the embodiment of the invention can meet the related requirements of media cloud.

Firstly: the ABE scheme needs to meet the access control requirement of video service, an object for access control of the video service is a video, and the video content has the characteristics of large volume and poor content structure. Therefore, how to achieve fine grain access control to video content is the first limitation of the algorithm herein.

Second, video services are deployed in the media cloud, again with the challenges facing the cloud. When a large number of users access a specific content at the same time, access control is bound to become a bottleneck of the system. Therefore, the ABE algorithm proposed herein should be scalable to accommodate the high-elasticity, multi-user characteristics of media clouds.

Thirdly, users enjoying video service are in shapes and colors, so that malicious users are inevitable, and behaviors of maliciously distributing and abusing own private keys exist. This action not only wastes the bandwidth of the video operator and damages the revenue of the operator, but also strikes the enthusiasm of the video producer, thereby threatening the whole video service industry. Therefore, the ABE algorithm proposed herein should have a function of user key revocation to prevent a user's key abuse behavior.

Then, since the ABE algorithm involves a large number of exponential operations and bilinear operations, the computation strength is large. The terminal devices that watch the video are often passive devices. Therefore, controlling the computational complexity, spatial complexity of the algorithm, and minimizing the computational and communication consumption of the authentication authority is also one of the ABE algorithm requirements presented herein.

Finally, because the ABE algorithm needs to make complex access control trees, the expression efficiency of the access control trees is not high. Meanwhile, the media cloud needs to undertake proxy encryption of a large number of videos, a large number of access control trees are correspondingly generated, and generation and maintenance of the trees need to cost huge cost. Therefore, the ABE algorithm proposed herein should improve the expression efficiency of the access control tree to the maximum capacity.

The eM-CP-ABE algorithm provided by the embodiment of the invention has the following characteristics:

1. deployment in Large scenes (Large Universal) can be realized. Under the condition of a large scene, theoretically, the attributes of a subject, an object or an environment can be set to be a plurality of, the length of a public key is fixed, and the length of a ciphertext and the length of a private key are only related to related attributes and are not related to the total number of the attributes;

2. the method is suitable for video service and realizes fine-grained access control of video content. The embodiment of the invention provides an algorithm which can realize the encryption of multiple authority levels of one video. The permission level corresponds to the video index file, and the index file marks the position of a certain video fragment. Therefore, the unstructured video data is structured by the index file. The algorithm can realize the authority control of video slice granularity size units.

3. A delegation mechanism is provided that allows the keys of the access control structure Y to be generated by all entities that possess the key of the access control structure X if and only if Y is more restrictive than X. Therefore, the algorithm can be conveniently expanded into a mode of multiple authorization centers, and the bottleneck problem of access control when massive users access video services is solved. The expandability of authorization is improved, and the characteristics of high elasticity of the media cloud are met.

4. When the authority of a certain user is revoked, the system can ensure that the revoked user can not access the related resources any more, and can ensure that other users with the authority can still normally access the resources.

First, some terms to be used in the following of the embodiments of the present invention are defined:

access Structure (Access Structure): let { P₁，P₂，...，P_nIs a collection of parties.

Is monotonous, if and only if

If it is

And is

Then there is

An access structure (or monotonic access structure) is a non-empty subset, i.e. a non-uniform access structure

In that

Is called an authorization set, and is not

Is called an unauthorized set.

In the CP-ABE algorithm, a set of descriptive attributes is used as a decryption key. While the plaintext is encrypted by an access structure. We describe the access structure using the form of an access tree. The ciphertext can be decrypted if and only if the set of description attributes can satisfy the access tree structure yes.

Media cloud subordinate attribute encryption has many problems, such as 1) video content has poor structure and difficult granularity control; 2) a large number of users access resources simultaneously, and the real-time performance is difficult to ensure in a massive computing environment; 3) the problem of malicious users abusing the private key; 4) the passive equipment has the problems of reducing algorithm calculation consumption and communication consumption under the realistic conditions of poor calculation capability and insufficient cruising ability.

In order to solve the problems, an Attribute Encryption algorithm eM-CP-ABE (enhanced media-Ciphertext-Policy Attribute-Based Encryption) suitable for a media cloud is provided. The algorithm introduces a virtual node concept, and constructs algorithm components such as a composite tree with high expression efficiency, a key chain and the like. On the basis, access control of massive video fragment levels is achieved, massive attributes are set, hierarchical expansion of an authorization center and user revocation are supported, algorithm complexity is reduced through an access tree with design efficiency, a single access tree can encrypt a single file, and meanwhile, access control description of multiple files and multiple levels can be achieved corresponding to multiple files.

Firstly, in consideration of a system level, cloud computing is characterized in that a user or an enterprise outsources data to a cloud computing service provider, and the service requirement of the user or the enterprise is realized by utilizing the computing capacity or the storage capacity provided by the user or the enterprise, so that a new security risk is brought by a new mode of processing data in different places. Videos stored in the "media cloud" are divided into public videos and private videos, the public videos for viewers are collected and the producer's mind and production cost are therefore of high value, and private videos for individuals are related to the user privacy, so that it is urgent to establish a "media cloud technology security framework with the core of protecting the security of multimedia contents and managing and controlling businesses".

Secondly, from the data of the load bearing content, encryption is an important means for solving the problem of processing/storing data in different places and ensuring the data security. In a media cloud, a large number of video files exist, particularly VR, 4K and other data are large in size and complex in structure. The video encryption algorithm with the advantages of high mass, high efficiency, variable granularity and expandability is realized, and a basic role is played for the content security in the media cloud.

Finally, from the access control angle analysis of the video service, the high-efficiency, fine-grained and expandable access control technology is an important measure for ensuring the safety and controllability of the video service. In the media cloud, the video sources are various, the transmission channels are different, and the performance difference of the terminal equipment is large, so that the access control algorithm is required to have high efficiency and meet various heterogeneous environments; secondly, the traditional video access control means are coarse-grained, and often only a single video/channel whole is taken as a basic unit for data sharing, so that a viewer can obtain a unique decryption key of the video or a clear stream copy of the video, and the fine-grained access control is difficult to realize; finally, with the diversification of video services, the strong dynamic of cloud users changes. Scalability of the access control algorithm is also necessary. Therefore, how to realize a set of efficient, fine-grained and extensible access control algorithm can support the development of multiple services in the media cloud by safely distributing video data with smaller granularity.

Each internal node of the tree represents a threshold and the leaf nodes of the tree are associated with attributes. In the following, we first give the construction of the access tree.

And accessing a tree T: let T be an access tree. Each non-leaf node in the tree acts as a threshold and is described by its children and threshold values. If num_xIs a sub-node of node x, k_xIs the threshold value of node x, then 0 < k_x≤num_x. When k is_xWhen the number is 1, the node is an or gate. Similarly, when k_x＝num_xA node represents an and gate. Each leaf node is described by an attribute, the threshold k of the leaf node_x＝1。

For convenience of description, we define several functions of the access tree. The parent node of the node x is parent (x), and when the node x is a leaf node, the attribute on the node is represented as: att (x). Defining the order of the child nodes in the access tree, from 1 to num_x. Function index (x) represents the location of node x at its parent node.

Satisfying one access tree: let the root node of the access tree T be r. Definition of T_xIs a subtree of the access tree T whose root node is x. Thus, T may also be denoted as T_r. If an attribute set y can satisfy the access tree T_xThen there is T_xAnd (gamma) is 1, otherwise, returns. Let us deliverCalculation of Return T_x(γ): when x is a non-leaf node, T of all sub-nodes x' of x are evaluated_x′(γ)。T_x(γ) will return 1 if and only if at least k_xThe child node returns 1; if x is a leaf node, T_x(γ) will return 1 if and only if att (x) ε γ.

Bilinear Maps (Bilinear Maps): is provided with

Are two cyclic multiplicative groups of order p. g is

E is a bilinear map,

the bilinear map e has the following characteristics:

bilinear: for all

And

then there is e (u)^a，v^b)＝e(u，v)^ab。

Non-degradability: e (g, g) ≠ 1.

We say that

Is a bilinear group if

Operations in (1) and bilinear mapping

Can be calculated very conveniently. At the same time, the mapping e has symmetry, i.e. e (g)^a，g^b)＝e(g，g)^ab＝e(g^b，g^a)。

DBDH hypothesis (precision Biliner Diffie-Hellman assertion): is arranged at

In the random, four numbers are taken, there

g is

The generator of (1). DBDH is assumed to be: polynomial-free time algorithm

Tuples can be distinguished with a non-negligible advantage (a ═ g)^a，B＝g^b，C＝g^c，e(g，g)^abc) And (a ═ g)^a，B＝g^b，C＝g^c，e(g，g)^z). Algorithm

The advantages of (d) can be expressed as:

large universal mechanism: in the CP-ABE algorithm, the length of the key is linearly proportional to the number of elements | S | of the input attribute set S. We define a set

All of the elements in (a) may be attributes. At the same time, we specify that the maximum set of attributes for the application key contains the number of elements | S_MaxL. Function of collision resistance

We can be made to use arbitrary fields as attributes. Thus, the input attribute set can be derived within the elementsAn extremely Large scale expansion is called the Large Universal mechanism. We assume a complete set of all available attributes as

The video index encryption system suitable for the media cloud comprises five parts, namely a video owner, a video consumer, an Attribute authorization group (Attribute Authority), a trusted encryption center and the media cloud.

The video owner produces video that is technically processed to form encrypted randomly distributed stored video segments while at the same time generating a video index is the main content that needs to be protected in the system. Thus, it is assumed herein that the video owner owns the video index, i.e., ownership of the video.

Video consumers desire to obtain video by various means. For ease of introduction, it is specified herein that consumers can only enjoy the right to view video.

The trusted encryption center: trusted computing resources to assist the video owner in performing attribute encryption.

Attribute authorization group: an extensible attribute authority is a hierarchical authority structure. Each attribute authorization body can be used as an authorization center to directly authorize the user; and the system can also be used as a parent authorization center to expand a child authorization center. The attribute sets responsible for the authorization centers of the same level are mutually exclusive in pairs, and the attribute sets responsible for the child authorization centers are non-empty subsets of the parent center pair factor attribute sets.

Media cloud: and the system is responsible for storing the encrypted video clips and providing corresponding video services, such as live broadcasting and on-demand broadcasting.

In order to improve the expression efficiency of the existing access structure and solve the problem that the unified access structure of the data of different authority layers of the video cannot be efficiently described, the concept of virtual nodes is introduced to form a composite tree. Virtual node x is defined by a threshold value k_xNumber of children nodes num_xAnd (4) performing joint representation. Different from the common node, the threshold value of the virtual node is fixed to k_x0. Of virtual nodes, similar to the common access structureThe parent node may be denoted as y ═ parent (x), and the parent node has a number num of child nodes_yWherein the number of virtual nodes is num'_yThen the threshold value is k is not less than 0_y≤num_y-num′_y. If num_y＝num′_yI.e. k_yIf 0, the node y is a virtual node, and its child nodes are independent trees using the virtual node as a root node. The child nodes of a virtual node must be a hierarchical access tree consisting of "trunks" and "slaves", that is, the child nodes of a virtual node cannot be virtual nodes, and the parent nodes thereof cannot be virtual nodes.

Determining how the attribute set S satisfies the composite tree

For clarity of description of the determination process, a simple composite tree shown in fig. 1 is used as an example for illustration. Wherein k/num in fig. 1 refers to the number of threshold/sub-nodes, the square represents an attribute node, the ellipse represents a common node, and the polygon represents a virtual node. The decision process can be extended to more complex composite trees.

Step 1: and (4) proposing a basic tree, and deleting all the virtual nodes with k equal to 0 and the descendants thereof to obtain the basic tree

Step 2: listing all independent hierarchical access trees formed by trunks and subbranches with a virtual node y of which k is 0 as a parent node

And step 3: to pair

Making judgment to finally judge

The final access rights are obtained. It should be noted that, since the base tree is generated, the virtual nodes and their childrenAll grandchildren are deleted, so that the virtual nodes can not judge

An influence is produced.

Without loss of generality, we assume an access control structure (1-1 composite tree), i.e. implementing the corresponding l index files m of a video file₁，...，m_lIs encrypted (for simplicity we assume one privilege level per index file) while having an access structure (base tree) of m common attributes. The permission level of the jth index file is L_jThe corresponding user has a right of p_jJ is 0. We define { p }₁，...，p_lThe binary dominance relationship on ≦ is: p is a radical of_i≤p_jAnd if and only if

For example:

L₁＝{m₁}；

L_j+1＝L_j∪{m_j+1}，j＝1，2，...，l-1；

p₁≤p₂≤…≤p_l。

multiple index files for a video must have common attributes such as video name, video vendor, expiration time, etc. Aiming at the condition that the access structure formed by the common attributes is low in efficiency in the prior art, the composite tree concept is provided to complete the same access right description of different access right contents of the same video. Fig. 2 is a basic constituent unit of a composite tree. Also, more complex composite trees can be constructed using the basic unit of the composite number.

Basic unit based on composite tree of fig. 2

The aims that we need to achieve are: assuming that a user has access to layer i content, the user should have at least the key parameter a₀，a_iThrough a₀，a_iThe user can push out { a } in one direction_j：1≤j≤i}。

Our design is as follows:

step 1, defining a one-way hash function H₂The method has the following characteristics:

inputting data with any length and outputting a fixed-length message abstract;

for a given input, the output can be easily calculated;

and for H₂(. x), finding two different inputs but the same output is computationally infeasible. I.e. unidirectional.

There are many hash functions that meet the above conditions, such as SHA-1, etc.

Step 2, for the composite tree unit

Set its root node as

Highest privilege unit m_lCorresponding node N_lRandomly selecting a unique value

The highest privilege unit m can be generated_lCorresponding encryption key k_l＝H₂(a_l||a₀). Where x | y denotes that two strings are connected. Then there is a_j＝H₂(k_j+1| j), k can be obtained_j＝H₂(a_j||a₀) And j satisfies 1 ≤ j < l-1.

The resulting keychain k₁，...，k_lThe index file may be encrypted in units of one file by using a symmetric encryption algorithm, such as an encryption key of AES. When the user attribute set can meet the common access control requirement, the user attribute set can meet the common access control requirementWhen the access control of a certain level j +1 is satisfied, the user can obtain the encryption key of the j +1 unit content and can derive the key lower than the j +1 level. Due to H₂Unidirectional, low-level keys cannot be computed to obtain high-level keys.

The eM-CP-ABE algorithm proposed herein consists of five functions: setup, Encrypt, KeyGen, Decrypt, Delegate.

Setup (λ) is generated by the attribute authority group root node center, and the input is the security parameter λ, and the output is the system public key PK and the system management key MK.

The trusted encryption center is entrusted by a video owner and executes an attribute encryption algorithm. The input is the system public key PK, the plaintext M to be encrypted, and an access control structure

The algorithm encrypts the plaintext M to generate the ciphertext CT. We assume that the ciphertext CT includes an access control structure

KeyGen (MK, S), Attribute corpus Mark for Cryptographic systems

Video consumers provide their own set of attributes

And applying for the own key SK to a certain node in the attribute authorization group. The attribute authority node executes a KeyGen function, takes MK and S as input, and outputs the input as a private key SK of the video consumer.

Decrypt (PK, CT, SK), the video consumer receives the system public key PK, ciphertext CT. Meanwhile, Decrypt is executed by KeyGen generating its own private key SK, hopefully obtaining the plaintext M.

Delegate (SK, S '), after entrusting algorithm, inputting a private key SK corresponding to attribute set S, and the owner of the private key can add the private key to the attribute set S' through entrusting algorithm, and meet the requirement

And is

Share the key. We will implement multiple authority extensions using the Delegate algorithm.

This section introduces details of the implementation process of the eM-CP-ABE algorithm, and for simplifying the description process, it is assumed that the access control structure is a 1-1 composite tree, that is, it implements l rights level encryption of corresponding l index file units of one video file (for simplicity, we assume that each index file corresponds to one rights level), and at the same time, it has an access structure (base tree) composed of m common attributes, and it will be discussed later that the access structure is extended to multiple composite tree units:

setup (λ), the algorithm selects a bilinear group

The order of which is a large prime number p,

the generator is g; bilinear mapping function

Randomly selecting two numbers to satisfy

The key is then issued, as follows:

wherein: g₁＝g^β，g₂＝e(g，g)^α，f₁＝g^1/βMK＝(β，g^α)

Performing an encryption algorithm based on the access structure

Make plaintext M ═ M₁，...，m_lAnd encrypting and outputting ciphertext CTs. First, before performing encryption, the access structure is traversed

The virtual node vN is obtained (only one virtual node exists because the foregoing definition includes only one composite tree unit), and 2 independent access control trees are obtained (fig. 3 is two independent trees separated from fig. 2, including a trunk-branch hierarchical structure tree and a base tree). For each node N in the tree, the algorithm selects a polynomial f_NWherein f is_NThe highest degree of (2) is k_N-1 (when k)_NWhen q is 0_N0), the constant term is associated with its parent node and its child node position, a_N＝f_parent(N)(index(N))。

The algorithm randomly selects 4 random numbers

Set a basic tree as

Root node is N_RThe tree with the virtual node vN as the root node is

Respectively setting root node corresponding polynomial f_NConstant term of (c):

f_vN(0)＝a_vN＝s_lthen there is k_l＝H₂(x_l||x₀)，x_j＝H₂(k_j+1||j)_1≤j≤l-1The corresponding key is k_l，...k₁}(k_j＝H₂(x_j||x₀)). Then, using each node established polynomial, distributing s to leaf nodes respectively₀，s_lShare shards with the secrets. Collection table

For corresponding access control structure

Set of leaf nodes of, n_iFor a certain leaf node, the corresponding attribute is att (n)_i). Tree (R)

The node set on the trunk is { N₁，...，N_lGet the secret shard correspondingly

Node N_l-i+1Corresponding authority level is p_jJ 1, 2. The finally generated ciphertext consists of two parts, wherein the first part is a symmetrical encryption part, and the symmetrical encryption algorithm is set as epsilon (m, k); the second part is an attribute encryption part. The ciphertext may be represented as:

CTs＝EM||CT

wherein the content of the first and second substances,

wherein the content of the first and second substances,

wherein H₁(as hash function against collision)

For users with both top-level and unified rights, the user expects to obtain x₀And x_lCalculating to obtain top layer key k_lObtaining other bottom layer keys through a key chain; and for possession of p_jThe user of the authority, the user expecting to obtain the corresponding parameter x_iWhen the user has the uniform authentication right at the same time, all rights below (including j) j can be obtained. If the unified authentication authority cannot be passed, any secret key cannot be acquired. Because all the secret trees are dynamically generated each time the application is made, the method has the function of resisting collusion attack.

KeyGen (MK, S): and after receiving the attribute set S provided by the video consumer user, the attribute authorization center outputs a private key SK required by the user in combination with a system management key MK. The algorithm first selects a value arbitrarily

Then randomly selecting

The private key SK is then calculated:

SK＝(D，{D_j，D′_j}_j∈s)

wherein D ═ g^α+r/β，

Decrypt (PK, CTs, SK): the video consumer user receives the ciphertexts CTs, obtains the private key SK of the video consumer user from the attribute authorization center, and executes the following operations to complete content decryption:

step 1, judging whether the attribute set S of the user meets the access tree or not

Namely, it is

The determination method is shown in the second section of this chapter. If not, returning to the position T, wherein the current key has no authority to decrypt the ciphertext; if yes, returning to step 1 and continuing to step 2.

Step 2, firstly, defining a recursive algorithm DecryptNode (CTs, SK, x), where CTs is the obtained ciphertext, SK is the key corresponding to the attribute set S, and x is the key corresponding to the attribute set S

One node of. Here, we discuss separately

And

two cases are:

case 1 when

The method comprises the following steps:

if x is a leaf node, when i ═ att (x) e S:

when in use

Then, DecryptNode (CTs, SK, x) outputs ^ T.

If x is a non-leaf node, the algorithm DecryptNode (CTs, SK, x) performs recursion, considering all the sub-nodes z of x, and setting F_zDecryptNode (CTs, SK, z), S_xIs any k_xF is_zReturn value ofSet of sub-nodes of ^ t. If not, the number of returned values is not enough_xDecryptNode (CTs, SK, x) returns ^ T, otherwise:

can obtain the product

Thus, recurse to

When r is the root node of (1), then

Then calculate

It is thus obtained that the key shares x obtained for satisfying the unified access tree are satisfied₀。

Case 2: when in use

The method comprises the following steps:

if x is a leaf node, when i ═ att (x) e S: calculation and

the same;

if the current user has the highest authority, recursion DecryptNode (CTs, SK, r), it can obtain

Calculation of B₁/(e(C₁，D)/A)＝x_lThe highest authority key k is available_l＝H₂(x_l||x₀) Lower-rights keys can be derived using a keychain.

If the current user has p_jPermission level, where j is more than or equal to 1 and less than or equal to l, recursion DecryptNode (CTs, SK, N)_j) And the method can obtain the product,

computing

Then k is_j＝H₂(x_j||x₀) Lower-rights keys can be derived using a keychain.

Delegate (SK, S'): the input is a key SK corresponding to the attribute set S and having

And is

Selecting random numbers

Then randomly selecting

A new key can be created:

wherein

In a cloud environment, a large number of users intensively access a certain hot content in a short time, which will bring great pressure to an attribute authorization center. Therefore, the single authorization center is expanded to multiple authorization centers, and the bottleneck problem of algorithm operation can be effectively relieved. In this section we use the KeyGen and Delegate algorithms to extend the single authorization center to the attribute authorization group, as shown in fig. 4.

For simply describing a multi-authority extension scheme of an eM-CP-ABE algorithm and simultaneously supporting a Large Universal mechanism, the following assumptions are made: each attribute authorization server can perform authorization services independently without association, i.e. AA_ij→S_ijAnd | S_ij|≥|S_MaxL. For the central server there are

The multi-authorization center extension is realized as follows:

to AA_CenterApplying for a secondary authorization server:

let AA_CenterExisting child Server is denoted as AA₁₁，...，AA_1nCorresponding to the attribute set as S₁₁，...，S_1n. Having AA_1(n+1)→S_1(n+1)Satisfy 1 | S_1(n+1)| S of |)_Max|；2.

It is desirable to add secondary authorization. AA_CenterAfter verifying its validity, arbitrarily selecting one value

Then randomly selecting

Executing:

wherein D ═ g^α+r/β，

Administering MK to a mammal_i(n+1)Is sent to AA_1(n+1)And finishing the secondary authorization.

To AA ≠ AA_Center→ S application grant:

let AA already have sub-server AA₁，...，AA_n，AA_n+1→S_(n+1)Satisfies 1) | S_(n+1)|≥|S_Max|；2)

AA_n+1Applying for joining authorization group, AA verifies AA_n+1After legitimacy, a random number is selected

Then randomly selecting

And setting the AA to possess the management key as MK, executing the following steps:

wherein

Administering MK to a mammal_n+1Is sent to AA_n+1And completing the authorization.

When a user is revoked, the system should ensure that the revoker cannot normally access the relevant data. Meanwhile, the system needs to ensure that other users having the right can normally access.

The eM-CP-ABE algorithm may be accomplished by adding a timestamp to the access tree and the private key applied by the user, followed by an integer comparison. Compared with other CP-ABE algorithms, the eM-CP-ABE algorithm proposed herein is more expressive: when designing the access tree, the expiration time of the data corresponding to a certain authority can be set independently on the 'subordinate branch' under the virtual node, and meanwhile, the time constraint of a plurality of files can be met by setting an expiration time tree which meets the condition on the basic tree.

Assuming that the message m is encrypted, the timestamp is set to x. When the user u acquires the key, the corresponding expiration time is y. And only when y is larger than or equal to x, the user can be ensured to decrypt the message m normally.

When the attribute encryption is used, different access control trees are required to be formulated for data contents with different access requirements so as to ensure that the data contents are legally accessed according to the actual requirements of access control. The generation and maintenance of a large number of access control trees bring huge workload. The composite tree proposed in this section can use the same access control tree to describe access control rules of multiple data files in batch, where the base tree is responsible for describing unified rules of multiple files, and the root node is a hierarchical access tree of virtual nodes to describe that different videos have different access control rights. The operation required by encryption is greatly reduced, and the generation and maintenance cost of the access control tree is reduced.

As shown in FIG. 5, the access control structure

The method is a 1-n composite tree, namely L' authority level encryption (n hierarchical access trees) of corresponding L index file units of n video files is realized, and meanwhile, the method has an access structure (basic tree) formed by m common attributes. Let us say that each video file contains an index number of l_iI is more than or equal to 1 and less than or equal to n, and each index file is corresponding to one authority level. Then:

l ═ L. Finally, the finished ciphertext is:

wherein CT_j' is the ciphertext of the jth video file;

is a 1-n composite tree.

We assume the sub-component security capabilities in the system model: the media cloud is honest and curious, and can perform instructions loyally, but for its own benefit, the media cloud wants to know more information about the data content stored thereon.

Video consumers are not trusted and may combine to obtain more video content in a legal and illegal way. In the attribute authorization group, the authorization center is credible and is responsible for the sub authorization centers and authorized users. A trusted encryption center is an encryption center that is trusted by the video owner.

We define a selective model based on a chosen-plaintext attack to prove the security of the eM-CP-ABE algorithm. The model is described in detail as follows:

initialization: attacker selection of challenging access structure

And will be

And submitting to the challenger.

Establishing: the challenger executes the Setup algorithm and then sends the public parameter PK to the attacker.

Interrogation phase l: an attacker obtains keys from a challenger for multiple times, and the keys respectively correspond to the attribute sets

Attribute collection needs to be satisfied

Challenge: the attacker submits two messages M of the same length₀And M₁. The challenger gets b by throwing a coin and then at

Lower encrypted message M_b. Finally, the ciphertext CT^*And sending to the attacker.

Interrogation stage 2: the attacker repeats the phase 1 operation. Again, the following set of attributes

All can not satisfy

A guessing stage: the attacker guesses the result b' of the challenge throwing the coin.

The probability that an attacker can win the game is defined as Pr [ b' ═ b ] -1/2.

Definition 1: the eM-CP-ABE algorithm is secure if all polynomial time attackers have at most a negligible advantage in the game described above.

We generalize the security of the eM-CP-ABE algorithm presented herein to DBDH difficulty using the above security model.

Definition 2. if an attacker can break the eM-CP-ABE security model, one simulator can play the DBDH game with a non-negligible advantage.

And (3) proving that: assuming that there is a polynomial time attacker

The eM-CP-ABE security model can be broken by the advantage epsilon which is not negligible, and then a simulator can be constructed

And the DBDH game is played with the advantage of epsilon/2. The simulation process is as follows:

first, the challenger provides a multiplicative cyclic group

The order of which is a large prime number p,

the generator is g; bilinear mapping function

The challenger is

Throwing a fair coin outside the field of viewMu.m. If μ is 0, the challenger sets the quadruple to (a, B, C, Z) ═ g^a，g^b，g^c，e(g，g)^abc) Otherwise, (A, B, C, Z) ═ g^a，g^b，g^c，e(g，g)^z). a, b, c and z are all arbitrary values.

Initialization: simulator

Operation of

Selecting an access structure to challenge

Establishing: simulator

Selecting a random number

And α ═ a' -a + ab.

Calculate g₂＝e(g，g)^α＝e(g，g)^a′-ae(g，g)^ab. At the same time, the user can select the desired position,

specify g₁＝g^β＝B＝g^b。

Delivery of PK to

Interrogation phase 1: in the interrogation stage 1, it is possible to,

submitting a collection of attributes

To the direction of

Any private key SK is queried.

Randomly selecting a number

Let r ═ r' + a-ab. Then there is D ═ g^α+r/β＝g^a′+r′/β. For each attribute j ∈ S, randomly selecting

The remaining key portion may construct:

returning the composed private key to

Challenge: a challenge phase in which the user is presented with,

to the direction of

Submitting two messages M of equal length₀And M₁. The challenger gets b by throwing a coin and then at

Lower encrypted message M_b. Finally, the ciphertext CT^*Sent to an attacker, CT^*The ciphertext fragment of (1) comprises:

is provided with

Then there is

Where ψ ═ a' -a) (s + c + b/c) (abs + ac).

Interrogation stage 2: the same steps as interrogation phase 1 are repeated.

Guessing:

determine its guess b'. If b' ═ b, then,

output 0, then

Will face guesses of T ═ e (g, g)^abc(ii) a If b' ≠ b,

output 1, where T is a group

One random number above: and T is R.

If T ═ e (g, g)^abc，

Have the advantage of e to accomplish the guess, have:

if T ═ R, ciphertext CT^*Is a piece of completely random ciphertext,

since no valid information can be obtained from the ciphertext, the probability of b' is close to 1/2, and there are:

thus, the simulators

The advantages when playing a DBDH game are:

in summary, the algorithm eM-CP-ABE algorithm herein is CPA secure.

In combination with the eM-CP-ABE algorithm in this section, a fine-grained video encryption strategy is proposed, the strategy is divided into two layers, the first layer uses a traditional symmetric encryption algorithm (AES/RC4) to encrypt a video fragment file, and an encryption key and fragment information of the video fragment file are both stored in an m3u8 index file generated by an HLS protocol; second layer executing eM-CP-ABE algorithm

The encryption of the index file is completed.

The flow of the overall system block is described below from both an encryption and decryption perspective:

encryption:

as shown in fig. 6, the video encryption method provided by the embodiment of the present invention includes the following steps:

step S11, obtaining a video to be encrypted, wherein the video is processed by compression coding, and the format of the video is a set containing a plurality of elements.

And step S12, constructing an access structure based on the video, wherein the access structure is a composite tree containing virtual nodes.

And step S13, generating a system public key and a system management key.

And step S14, acquiring the network adaptation layer unit data in the video, and encrypting the video by combining the system public key and the access structure to generate a ciphertext.

A set of two-layer streaming media file encryption strategies based on the HLS transport protocol is described as follows:

a first layer: the encryption objects are n video fragments of a video v, the encryption algorithm uses an AES algorithm, the encryption key is generated by the encryption algorithm, and the encryption steps are as follows:

step 1, receiving a streaming media video segment generated by HLS protocol fragmentation;

step 2, generating an encryption key needing to encrypt the fragments_v，1，...，key_v，n；

Step 3, encrypting the video stream by using the encryption key;

and 4, returning the encrypted video stream and storing the encryption key into a database.

At this layer, the method is completed by a fragmentation encryption server. The video fragments are taken as the granularity, different video fragments correspond to different encryption keys, and the control of the whole system on the video access authority can be ensured to reach the video fragment level.

A second layer: this layer is done in a sharded encryption server, inputting a number of m3u8 index files generated for video v and an access control structure. Let us assume that video v generates l index files, each index file corresponds to a different access right, and the number of keys needed to encrypt m3u8 file corresponding to video v is l.

The algorithm randomly selects 4 random numbers

Set a basic tree as

Root node is N_RThe tree with the virtual node vN as the root node is

Respectively setting root node corresponding polynomial f_NConstant term of (c):

f_vN(0)＝a_vN＝s_lthen there is k_l＝H₂(x_l||x₀)，x_j＝H₂(k_j+1||j)_1≤j＜l-1The corresponding key is k_l，...k₁}(k_j＝H₂(x_j||x₀)). Then, using each node established polynomial, distributing s to leaf nodes respectively₀，s_lShare shards with the secrets. Device set

For corresponding access control structure

Set of leaf nodes of, n_iFor a certain leaf node, the corresponding attribute is att (n)_i). Tree (R)

The node set on the trunk is { N₁，...，N_lGet the secret shard correspondingly

Node N_l-j+1Corresponding authority level is p_jJ 1, 2. The finally generated ciphertext consists of two parts, wherein the first part is a symmetrical encryption part, and the symmetrical encryption algorithm is set as epsilon (m, k); the second part is an attribute encryption part. The ciphertext may be represented as:

CTs＝EM||CT

wherein the content of the first and second substances,

wherein the content of the first and second substances,

the steps of decrypting the streaming video are described in detail below from a decryption perspective.

As shown in fig. 7, the decryption process generally includes the following steps:

and S21, acquiring the attribute set provided by the video consumer user.

And S22, generating a private key required by the video consumer user according to the attribute set and by combining a system management key.

And S23, decrypting the video based on the private key.

Specifically, first, the terminal applies for accessing a certain video resource to obtain a corresponding ciphertext index.

Secondly, the terminal applies a private key to the attribute authorization server by using the attribute set S of the terminal. The attribute authority server executes a KeyGen (MK, S) function, outputting the key SK. The algorithm first selects a value arbitrarily

Then randomly selecting

The private key SK is then calculated:

wherein D ═ g^α+r/β，

Then, the terminal decrypts the obtained private key SK to obtain a plaintext index within the authority range. And the terminal acquires the video fragments according to the video fragment URL in the index and decrypts the video fragments by using the corresponding symmetric encryption key recorded in the index.

And finally, the terminal packages and plays the decrypted video fragments.

In summary, an attribute encryption method suitable for a media cloud is provided. The method is realized based on an eM-CP-ABE algorithm, wherein a virtual node concept is introduced, and algorithm components such as a composite tree with high expression efficiency, a key chain and the like are constructed. On the basis, access control of massive video fragment levels is achieved, massive attributes are set, hierarchical expansion of an authorization center and user revocation are supported, algorithm complexity is reduced through an access tree with design efficiency, a single access tree can encrypt a single file, and meanwhile, access control description of multiple files and multiple levels can be achieved corresponding to multiple files.

Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (6)

1. A method for video encryption, comprising:

acquiring a video to be encrypted, wherein the video is subjected to compression coding processing, the video is a set containing a plurality of elements, and the elements are index files;

constructing an access structure based on the video, wherein the access structure is a composite tree containing virtual nodes, the virtual nodes are jointly represented by threshold values and child node numbers, and the composite tree is composed of key parameters;

acquiring a bilinear group;

establishing a bilinear mapping function of the bilinear group;

acquiring a first random number and a second random number, wherein the first random number and the second random number are both positive integer sets smaller than the order number of the bilinear group;

generating a system public key and a system management key based on the bilinear group, the bilinear mapping function, the first random number and the second random number;

traversing the access structure, dividing the access structure based on the virtual nodes in the access structure, and establishing an independent access tree, wherein the independent access tree comprises a trunk-branch hierarchical structure tree and a basic tree, and the trunk-branch hierarchical structure tree takes the virtual nodes as root nodes;

for each node in each independent access tree, a polynomial is constructed, wherein the highest degree of the polynomial is the threshold value of the node minus one, and a constant term of the polynomial is related to the parent node of the node and the position of the child node where the node is located;

acquiring a third random number, a fourth random number, a fifth random number and a sixth random number, wherein the third random number and the fourth random number are positive integer sets smaller than the order number of the bilinear group;

determining a key corresponding to each element of the video one by one based on the third random number and the fourth random number;

determining constant items of the polynomials corresponding to the root nodes of the basic trees based on the fifth random number, and determining constant items of the polynomials corresponding to the root nodes of the trunk-branch hierarchical structure trees based on the sixth random number;

distributing secret sharing fragments of the fifth random number and the sixth random number to each leaf node of the access structure based on a polynomial corresponding to each node;

acquiring corresponding attributes of each leaf node of the access structure based on the secret sharing fragments;

for each node on the trunk of the trunk-branch hierarchical structure tree, taking the value of the corresponding polynomial with the input value of 0 as a secret fragment;

generating a ciphertext based on the first random number, the second random number, the third random number, the fourth random number, the fifth random number, the sixth random number, and corresponding attributes of a key, a secret sharing fragment, and each leaf node of the access structure, which correspond to each element of the video one to one, in combination with the system public key.

2. The method of claim 1, wherein obtaining the video to be encrypted comprises:

and acquiring a video to be encrypted, and judging the video to be a public video or a private video.

3. The method of claim 2, wherein after obtaining the video to be encrypted, further comprising:

if the video is judged to be the public video, acquiring the network adaptation layer unit encryption of the video, which contains video compression content;

and if the video is judged to be a private video, acquiring the network adaptation layer unit encryption of the video, which contains video global information.

4. A video decryption method of the video encryption method according to any one of claims 1 to 3, comprising:

acquiring an attribute set provided by a video consumer user;

in accordance with the set of attributes,

acquiring a seventh random number;

acquiring a random number set according to each parameter in the attribute set, wherein the random number set comprises a plurality of elements;

generating the video consumer user needs based on the first and second random numbers, the seventh set of random numbers and random numbers, and the system management keyA desired private key, data of said private key comprising

And

，

is the first random number, and is,

is the second random number, and is,

for the purpose of the seventh random number,

is the first in the random number setjThe number of the elements is one,

is a generator of a bilinear group,

as a hash function, a private key

，

Wherein

，

，

；

When the attribute set is judged to meet the access structure, determining an access node corresponding to the private key in the access structure;

when the access node is positioned in a basic tree of the access structure, a key corresponding to a root node of the basic tree is obtained through recursive processing, and decryption processing is carried out based on the key corresponding to the root node;

when the access node is located in the trunk-branch hierarchical structure tree of the access structure, a key corresponding to a root node of the trunk-branch hierarchical structure tree is obtained through recursive processing, a key chain of the trunk-branch hierarchical structure tree is obtained according to the relation of each node on the trunk-branch hierarchical structure tree, the key of the access node is determined, and decryption processing is performed based on the key of the access node.

5. A media cloud system, comprising:

an edge distribution server for storing a video encrypted by the encryption method according to any one of claims 1 to 3;

and the index management server is used for storing the video information and the key.

6. The media cloud system of claim 5,

the content stored in the index management server is based on random storage, recombination and dynamic generation of indexes of video slices.

Images