CN110581839B - Content protection method and device - Google Patents

Content protection method and device Download PDF

Info

Publication number
CN110581839B
CN110581839B CN201910664743.1A CN201910664743A CN110581839B CN 110581839 B CN110581839 B CN 110581839B CN 201910664743 A CN201910664743 A CN 201910664743A CN 110581839 B CN110581839 B CN 110581839B
Authority
CN
China
Prior art keywords
content
node
key
identity
publishing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201910664743.1A
Other languages
Chinese (zh)
Other versions
CN110581839A (en
Inventor
王厚天
刘乃金
陈清霞
王滔滔
张胜利
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Space Technology CAST
Original Assignee
China Academy of Space Technology CAST
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Space Technology CAST filed Critical China Academy of Space Technology CAST
Priority to CN201910664743.1A priority Critical patent/CN110581839B/en
Publication of CN110581839A publication Critical patent/CN110581839A/en
Application granted granted Critical
Publication of CN110581839B publication Critical patent/CN110581839B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present disclosure relates to a content protection method and apparatus, the method comprising: encrypting the content to be issued by using an encryption key, storing the encrypted content to an edge storage node of the tactical edge network, and acquiring a storage address of the encrypted content; formulating an access control strategy of the content to be published; and generating a transaction according to the storage address, the access control strategy and a public key, and uploading the transaction to a block chain consisting of the cascade backbone nodes of the tactical edge network, wherein the public key and the encryption key have a corresponding relation. Therefore, the content published by the content publishing node can be ensured to be accessed only by authorized users, so that the content at the tactical edge can be prevented from being stolen, damaged, invaded, controlled and the like.

Description

Content protection method and device
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a content protection method and apparatus.
Background
Currently in the military field, content is critical to combat operations. Modern war taking current ground operations as epitomes is conducted by tactical marginal small troops, and up-to-date information is key to success of the operational mission. However, currently edge fighters must return to a higher level facility to obtain battlefield content, lacking the ability to share information directly with other fighters or nearby troops. Therefore, the content is stored at the tactical edge, and the realization of the efficient content distribution of the tactical edge network is the key for realizing the efficient combat in the future.
Wherein, the serial command center and the individual soldier included in the small-sized troops at the tactical edge form a tactical edge network. However, due to the wide area open and wireless exposure characteristics of tactical edge networks, the networks have inherent vulnerabilities and face severe security threats at any time. For example, by detecting and analyzing signals to provide prior information support, and then adopting various attack means such as data stealing, spoofing attack, malicious program attack, data tampering and the like, information stealing, damage, intrusion, control and the like can be performed on the tactical edge network.
Therefore, in order to ensure that the contents distributed by the fighters are only accessed by authorized users, it is necessary to design an effective method for protecting the privacy of the contents applied to the tactical edge network.
Disclosure of Invention
In view of this, the present disclosure provides a content protection method and apparatus.
According to a first aspect of the present disclosure, there is provided a content protection method applied to a content distribution node of a tactical edge network, including:
encrypting the content to be issued by using an encryption key, storing the encrypted content to an edge storage node of the tactical edge network, and acquiring a storage address of the encrypted content;
formulating an access control policy of the content to be distributed, wherein the access control policy is defined by a five-tuple acs ═ (identity)req,identitypro,ro,ts,te) Is formed of, wherein, identityreqIdentity representing a content subscription node of the tactical edge networkproRepresenting an identity of the content publishing node, ro being a set consisting of a set of roles and a basic condition that the content subscribing node has content access only if the set comprises an identity of the content subscribing node, tsIndicating the start time of content access, teIndicating an end time of content access;
and generating a transaction according to the storage address, the access control strategy and a public key, and uploading the transaction to a block chain consisting of the cascade backbone nodes of the tactical edge network, wherein the public key and the encryption key have a corresponding relation.
According to a second aspect of the present disclosure, there is provided a content protection method applied to a blockchain consisting of concatenated backbone nodes of a tactical edge network, the method comprising:
receiving a content subscription request sent by a content subscription node of the tactical edge network, wherein the content subscription request carries an identifier and a role of the content subscription node and an identifier of a content publishing node, and the content to be subscribed by the content subscription node is published by the content publishing node;
judging whether the content subscription node meets an access control strategy in the transaction of the blocks on the block chain or not according to the identification and the role of the content subscription node and the identification of the content publishing node;
if the content subscription node is judged to meet the access control strategy, a public key and a storage address in the transaction are sent to the content subscription node, wherein the public key is used for decrypting the content published by the content publishing node, and the storage address is used for identifying the access address of the content published by the content publishing node,
wherein the access control policy is composed of a five-tuple acs ═ (identity)req,identitypro,ro,ts,te) Composition, identityreqRepresents the identity, of the content subscribing nodeproRepresenting an identity of the content publishing node, ro being a set consisting of a set of roles and a basic condition that the content subscribing node has content access only if the set comprises an identity of the content subscribing node, tsIndicating the start time of content access, teIndicating the end time of the content access.
According to a third aspect of the present disclosure, there is provided a content protection method applied to a content subscription node of a tactical edge network, the method including:
sending a content subscription request to a block chain consisting of connected backbone nodes of a tactical edge network, wherein the content subscription request carries an identifier and a role of the content subscription node and an identifier of a content publishing node, and the content to be subscribed by the content subscription node is published by the content publishing node;
receiving a public key and a storage address from the blockchain, wherein the public key is used for decrypting the content published by the content publishing node, and the storage address is used for identifying an access address of the content published by the content publishing node;
and obtaining the content published by the content publishing node from an edge storage node of the tactical edge network by using the storage address, and decrypting the obtained content by using the public key, wherein the public key and an encryption key have a corresponding relationship.
According to a fourth aspect of the present disclosure, there is provided a content protection apparatus applied to a content distribution node of a tactical edge network, the apparatus including:
the encryption processing module is used for encrypting the content to be issued by using an encryption key, storing the encrypted content to an edge storage node of the tactical edge network and acquiring a storage address of the encrypted content;
a formulating module, configured to formulate an access control policy of the content to be published, where the access control policy is defined by a five-tuple acs (identity)req,identitypro,ro,ts,te) Is formed of, wherein, identityreqIdentity representing a content subscription node of the tactical edge networkproRepresenting an identity of the content publishing node, ro being a set consisting of a set of roles and a basic condition that the content subscribing node has content access only if the set comprises an identity of the content subscribing node, tsIndicating the start time of content access, teIndicating an end time of content access;
and the transaction processing module is used for generating a transaction according to the storage address, the access control strategy and a public key and uploading the transaction to a block chain consisting of the cascade backbone nodes of the tactical edge network, wherein the public key and the encryption key have a corresponding relation.
According to a fifth aspect of the present disclosure, there is provided a content protection apparatus applied to a blockchain consisting of cascaded backbone nodes of a tactical edge network, the apparatus comprising:
a receiving module, configured to receive a content subscription request sent by a content subscription node of the tactical edge network, where the content subscription request carries an identifier and a role of the content subscription node and an identifier of a content publishing node, and a content to be subscribed by the content subscription node is published by the content publishing node;
the judging module is used for judging whether the content subscription node meets an access control strategy in the transaction of the blocks on the block chain or not according to the identification and the role of the content subscription node and the identification of the content publishing node;
a sending module, configured to send, if it is determined that the content subscription node satisfies the access control policy, a public key and a storage address in the transaction to the content subscription node, where the public key is used to decrypt the content published by the content publishing node, and the storage address is used to identify an access address of the content published by the content publishing node,
wherein the access control policy is composed of a five-tuple acs ═ (identity)req,identitypro,ro,ts,te) Composition, identityreqRepresents the identity, of the content subscribing nodeproRepresenting an identity of the content publishing node, ro being a set consisting of a set of roles and a basic condition that the content subscribing node has content access only if the set comprises an identity of the content subscribing node, tsIndicating the start time of content access, teIndicating the end time of the content access.
According to a sixth aspect of the present disclosure, there is provided a content protection apparatus applied to a content subscription node of a tactical edge network, the apparatus comprising:
a sending module, configured to send a content subscription request to a block chain formed by hierarchical backbone nodes of a tactical edge network, where the content subscription request carries an identifier and a role of the content subscription node and an identifier of a content publishing node, and a content to be subscribed by the content subscription node is published by the content publishing node;
a receiving module, configured to receive a public key and a storage address from the block link, where the public key is used to decrypt the content issued by the content issuing node, and the storage address is used to identify an access address of the content issued by the content issuing node;
an obtaining module, configured to obtain, from an edge storage node of the tactical edge network, content published by the content publishing node using the storage address, and decrypt the obtained content using the public key, where the public key and an encryption key have a correspondence.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: the content is stored at the tactical edge, and only the content subscribing nodes meeting the access control policy can acquire the storage address and the public key from the block chain network and then access the content by using the storage address and the public key, so that the content published by the content publishing node can be ensured to be accessed only by authorized users (namely, the content subscribing nodes meeting the access control policy), and the content at the tactical edge is prevented from being stolen, damaged, invaded, controlled and the like.
Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features, and aspects of the disclosure and, together with the description, serve to explain the principles of the disclosure.
Fig. 1 shows a typical structure of a block chain.
FIG. 2 is a system model upon which a content protection method relies, according to an example embodiment.
Fig. 3 is a flow chart illustrating a method of content protection according to an example embodiment.
Fig. 4 is a flow chart illustrating a method of content protection according to an example embodiment.
Fig. 5 is a block structure diagram of a block chain according to an exemplary embodiment.
Fig. 6 is a flow chart illustrating a method of content protection according to an example embodiment.
Fig. 7 is a framework for implementing a method of content protection according to an exemplary embodiment.
Fig. 8 is a block diagram illustrating a content protection device according to an example embodiment.
Fig. 9 is a block diagram illustrating a content protection device according to an example embodiment.
Fig. 10 is a block diagram illustrating a content protection device according to an example embodiment.
Detailed Description
Various exemplary embodiments, features and aspects of the present disclosure will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.
For convenience of explanation, a part of the concept related to the present disclosure will be explained first.
Blockchains are generally considered techniques used in distributed networks and maintain a consistent database among all members of the network. Unlike a centralized network architecture, there are no fixed central nodes in a blockchain based network. All members in the network have a relatively equal status and retain the same blockchain copy. For the block chain network, unless more than 51% of nodes in the system can be controlled simultaneously, the modification of the database on a single node is invalid, so that the data is prevented from being illegally tampered and used, and the integrity and reliability of the data are improved.
Fig. 1 shows a typical structure of a block chain. As shown in fig. 1, a blockchain is an ordered list of blocks made up of a series of blocks, each block storing a certain number of historical transactions. The transaction is generated by a trader and published over a network. In a chunk chain, each chunk is linked to the previous chunk by keeping the hash pointer of the previous chunk. Thus, any change on a particular block will inevitably destroy the integrity of the chain. In addition, each block typically contains a Nonce value, which is the answer to a mathematical puzzle. Nodes that can solve the puzzle are selected as temporary central nodes (i.e., miners' nodes) and the tiles that they generate are broadcast.
In blockchain based systems, some miner election schemes have been proposed, such as workload proofs, equity proofs, and the like. In these schemes, nodes with higher computing power and storage capacity are more likely to win elections. As future content is generated and stored at the tactical edge, the traditional centralized network architecture of "user request-remote server response" will gradually evolve towards a distributed or weakly centralized architecture, while blockchains provide a viable approach to ensure data security and consistency in a distributed or weakly centralized network.
Because the number of individual soldiers is large, the node mobility is strong, and simultaneously the individual soldiers and the continuous command center are closer to the front line of a battlefield, the possibility of attack by an enemy is higher, and therefore, the content protection problem of the tactical edge network needs to be solved urgently. Considering that the blockchain can ensure that data is not illegally tampered and used, the disclosure provides a content protection method and device for a tactical edge network based on the blockchain.
FIG. 2 is a system model upon which a content protection method relies, according to an example embodiment. As shown in fig. 2, the system model includes: the system comprises a content publishing node, a content subscribing node, an edge storage node and a block chain network.
In this embodiment, the content publishing node is configured to publish content, the content subscribing node is configured to subscribe content, and the edge storage node is configured to store content published by the content publishing node. The content publishing node may store the content to be published to the edge storage node and may also report a content access rule (an access control policy to be described later) and a storage address of the content to be published to the blockchain network, and the content subscribing node may query the blockchain network for the content access rule and the storage address of the content to be published, thereby enabling access to the content stored by the content publishing node at the edge storage node. The content publishing nodes and the content subscribing nodes are, for example, individual soldiers of a tactical edge network.
The block chain network is formed by interconnecting each level-connected backbone node, and the level-connected backbone nodes are portable ping-pong stations for example. Wherein, portable table tennis station mainly accomplishes two aspects's function: on the one hand, the method is used for realizing ground reflection and completing signal forwarding between satellites or unmanned aerial vehicles, on the other hand, the tactical edge network can be managed and serves as a cascade command center node, and particularly, quick networking can be realized under the condition that no ground fixed infrastructure exists.
Fig. 3 is a flow diagram illustrating a content protection method that may be applied to a content distribution node of a tactical edge network in accordance with an exemplary embodiment. As shown in fig. 3, the content protection method may include the following steps.
In step S310, the content to be distributed is encrypted using an encryption key, the encrypted content is stored to an edge storage node of the tactical edge network, and a storage address of the encrypted content is acquired.
In one possible implementation, the encryption key may be calculated as follows:
key using formula according to private keysec=Hash(keypri||randompri) To calculate a secondary key, wherein keysecRepresenting said secondary keypriRepresenting said private key, randompriA random number representing a random number known only to the content distribution node;
using a formula seq as Hash (key) according to the private keypri| num) to calculate a serial number of the content to be distributed, wherein seq represents the serial number, and num represents the number of times the content is encrypted;
using a formula key according to the secondary key and the serial numberseq=Hash(keysec| seq) to calculate the encryption key, wherein keyseqRepresenting the encryption key.
In this embodiment, as shown in the specific implementation framework shown in fig. 7, in the initialization stage, each content publishing node is assigned a certificate, which may include an Identity (ID) of the content publishing node and a pair of public key keyspubAnd private keypri. According to the private keypriCan calculate the secondary keysecThe calculation method is shown in the following formula (1).
keysec=Hash(keypri||randompri) (1)
In the above formula (1), randompriIs a random number known only to the content distribution node itself. As can be seen from the above formula (1), the content distribution node needs to have its own private keypriAnd random number randompriAnd performing effective management.
Before a content distribution node (e.g., an individual soldier node) distributes content to a blockchain network, the content distribution node needs to encrypt the content to be distributed. First, the content distribution node generates a sequence number seq for the content to be distributed, and the calculation method is as shown in the following formula (2).
seq=Hash(keypri||num) (2)
In the above equation (2), num denotes the number of times the content is encrypted, and the hash algorithm can map a binary sequence of any length to a binary sequence of a fixed length. For the hash function, if a hash operation is performed on a piece of plain text, even if only one letter in the text is changed, the corresponding hash function output value will change. For the hash function, in the existing computing power range, two different inputs corresponding to the same hash function output cannot be found. This meansIt is noted that if the ID of the content distribution node and the number of times a piece of content is encrypted are unique, the seq generated by equation (2) is also unique. By keysecAnd seq can calculate a key for encrypting the content to be distributed, as shown in the following equation (3).
keyseq=Hash(keysec||seq) (3)
Key for using content distribution nodeseqEncrypting the content to be released to obtain the ciphertext mes corresponding to the contentsec. The content publishing node can store the encrypted content in the edge storage node and obtain the storage address of the content.
In step S330, an access control policy of the content to be distributed is formulated, wherein the access control policy is defined by a five-tuple acs ═ (identity)req,identitypro,ro,ts,te) Is formed of, wherein, identityreqIdentity representing a content subscription node of the tactical edge networkproRepresenting an identity of the content publishing node, ro being a set consisting of a set of roles and a basic condition that the content subscribing node has content access only if the set comprises an identity of the content subscribing node, tsIndicating the start time of content access, teIndicating the end time of the content access.
In this embodiment, the content distribution node is more concerned about privacy protection of the content (information) as an owner of the content. Therefore, the content distribution node needs to make a reasonable access control policy. The access control policy can prevent unauthorized content subscribing nodes from obtaining the content published by the content publishing node. The access control policy designed by the present disclosure consists of the above five tuples.
In step S350, a transaction is generated according to the storage address, the access control policy, and a public key, and the transaction is uploaded to a block chain composed of the concatenated backbone nodes of the tactical edge network, where the public key and the encryption key have a corresponding relationship.
In this embodiment, the concrete implementation block shown in fig. 7Shown in the shelf, the content publishing node formulates an access control strategy, packs the formulated access control strategy and the storage address of the content to be published, and then uses a private keypriIt is signed so that a transaction can be generated and uploaded to the connected backbone nodes that make up the blockchain network.
The content protection method of the embodiment stores encrypted content to an edge storage node of a tactical edge network and obtains a storage address of the encrypted content, formulates an access control policy, generates a transaction according to the storage address, the access control policy and a public key, and uploads the transaction to a block chain consisting of hierarchical backbone nodes of the tactical edge network, so that the content is stored at the tactical edge, and only content subscribing nodes meeting the access control policy can obtain the storage address and the public key from the block chain network and further access the content by using the storage address and the public key, thereby ensuring that the content published by a content publishing node is only accessed by authorized users (namely, the content subscribing nodes meeting the access control policy), and preventing the content at the tactical edge from being stolen, damaged, invaded, controlled and the like.
In a possible implementation manner, the content protection method further includes:
saving the hash value of the encrypted content;
acquiring content from the edge storage node according to the storage address;
and if the stored hash value is the same as the hash value of the acquired content, determining that the content to be distributed is not tampered.
In this embodiment, the content publishing node stores the hash value of the encrypted content. If a malicious user (illegal user) replaces or modifies the encrypted content stored by the edge storage node, the content distribution node may determine whether the content is reliable by comparing the hash values. Thereby, it is possible to identify whether or not the distributed content is tampered.
Fig. 4 is a flow diagram illustrating a content protection method that may be applied to a blockchain consisting of cascaded backbone nodes of a tactical edge network in accordance with an exemplary embodiment. Fig. 5 is a block structure diagram of a block chain according to an exemplary embodiment.
As shown in fig. 5, the blockchain constructed by the present disclosure is a common, tamper-resistant distributed ledger, and is the core of the present disclosure. In a blockchain network consisting of the cascade backbone nodes, each node and other nodes in the network have the same account book copy, so that the consistency of the contents of all nodes in the network can be ensured. Fig. 5 shows the constituent units of the block designed by the present disclosure.
Each block has a block header. The "block ID" is used to identify each block in the block chain, the "generation time" refers to the generation time of a certain block, the "connected backbone node ID" is used to identify the connected backbone node generating a certain block, the "previous Hash pointer" is used to link the previous block of a certain block, and the "Nonce" and the "Hash threshold" are used to verify the validity of a certain block.
The second data structure in the block stores the hash values of the various "transactions" in a "Merkel tree" arrangement. As can be seen from fig. 5, each "transaction" (TX) contains the following: storage address: identifying the address of the content released by the content releasing node; signature of content publishing node: the digital signature of the content provider is used for judging the source and the authenticity of the content; a public key; and an access control policy: it is written in plain text for filtering illegal users, i.e. only users that satisfy the access control policy can get data from the tiles of the blockchain network. It should be understood that the data includes a memory address and a public key.
As illustrated by the implementation framework shown in fig. 7, a blockchain network of connected backbone nodes elect miners to handle transactions uploaded by content distribution nodes. Each node in the blockchain network has the right to vote, but each node can only vote once. The connected backbone node with the most votes will become the miners for the next time slot and generate a new block from it. After other connected backbone nodes in the blockchain network receive the block sent by the miners, the nodes verify the validity of the block through the Nonce value and the Hash threshold, and if the validity of the block is verified, the newly generated block is linked to the blockchain through the Hash value of the head of the newly generated block.
As shown in fig. 4, the content protection method may include the following steps.
In step S410, a content subscription request sent by a content subscription node of the tactical edge network is received, where the content subscription request carries an identifier and a role of the content subscription node and an identifier of a content publishing node, and the content to be subscribed by the content subscription node is published by the content publishing node.
In this embodiment, if a content subscribing node (e.g., an individual soldier node) wants to access a certain content, the content subscribing node needs to send a content subscription request to the blockchain to obtain the content of interest in the tactical edge network.
In step S430, it is determined whether the content subscription node satisfies an access control policy in the transaction of the block on the block chain according to the identifier and the role of the content subscription node and the identifier of the content publishing node.
Wherein the access control policy is formed by five-tuple acs ═ (identity)req,identitypro,ro,ts,te) Composition, identityreqRepresents the identity, of the content subscribing nodeproRepresenting an identity of the content publishing node, ro being a set consisting of a set of roles and a basic condition that the content subscribing node has content access only if the set comprises an identity of the content subscribing node, tsIndicating the start time of content access, teIndicating the end time of the content access.
In this embodiment, the identifier and role of the content subscription node and the identifier of the content publishing node may be matched with the access control policy in the transaction of each block of the block chain, and if the identifier of the content subscription node and the identity in the access control policy are the samereqThe same, the role of the content subscription node in the set ro, and the content distributionIdentity in the identity and access control policy of a distribution nodeproThen, it can be determined that the content subscribing node satisfies the access control policy, and the following step S450 can be executed. Otherwise, it can be determined that the content subscribing node does not satisfy the access control policy.
In step S450, if it is determined that the content subscription node satisfies the access control policy, a public key and a storage address in the transaction are sent to the content subscription node, where the public key is used to decrypt the content published by the content publishing node, and the storage address is used to identify an access address of the content published by the content publishing node.
The content protection method of this embodiment receives a content subscription request sent by a content subscription node, determines whether the content subscription node satisfies an access control policy in a transaction of a block on a block chain according to an identifier, a role, and an identifier of a content publishing node of the content subscription node, and sends a public key and a storage address in the transaction to the content subscription node if it is determined that the content subscription node satisfies the access control policy, so that the content subscription node can obtain decrypted content from an edge storage node. Therefore, the content is stored at the tactical edge, and only the content subscribing nodes meeting the access control policy can acquire the storage address and the public key from the block chain network, and then access the content by using the storage address and the public key, thereby ensuring that the content published by the content publishing node is only accessed by authorized users (i.e., the content subscribing nodes meeting the access control policy), and preventing the content at the tactical edge from being stolen, damaged, invaded, controlled and the like.
Fig. 6 is a flow diagram illustrating a content protection method that may be applied to a content subscribing node of a tactical edge network, according to an example embodiment. As shown in fig. 6, the content protection method may include the following steps.
In step S610, a content subscription request is sent to a blockchain composed of hierarchical backbone nodes of a tactical edge network, where the content subscription request carries an identifier and a role of the content subscription node and an identifier of a content publishing node, and the content to be subscribed by the content subscription node is published by the content publishing node.
In this embodiment, if a content subscribing node (e.g., an individual soldier node) wants to access a certain content, the content subscribing node needs to send a content subscription request to the blockchain to obtain the content of interest in the tactical edge network. The content subscribing nodes can be divided into different groups according to the interests of the content subscribing nodes. Content subscribing nodes of different interests have different tags, i.e. different identities, which may organically link users, although the content subscribing nodes may be in different locations.
In step S630, a public key and a storage address are received from the blockchain, where the public key is used to decrypt the content published by the content publishing node, and the storage address is used to identify an access address of the content published by the content publishing node.
Wherein the access control policy is formed by five-tuple acs ═ (identity)req,identitypro,ro,ts,te) Composition, identityreqRepresents the identity, of the content subscribing nodeproRepresenting an identity of the content publishing node, ro being a set consisting of a set of roles and a basic condition that the content subscribing node has content access only if the set comprises an identity of the content subscribing node, tsIndicating the start time of content access, teIndicating the end time of the content access.
In step S650, the content distributed by the content distribution node is acquired from an edge storage node of the tactical edge network using the storage address, and the acquired content is decrypted using the public key, where the public key and the encryption key have a correspondence relationship.
In this embodiment, as shown in the specific implementation framework shown in fig. 7, the content subscription node needs to satisfy the access control policy formulated by the content publishing node, and can acquire the public key and the storage address from the content publishing node only if the content subscription node satisfies the access control policy, download the content (i.e., the ciphertext) from the edge storage node using the storage address, calculate the decryption key using the public key and the correspondence between the public key and the decryption key, and decrypt the downloaded content using the decryption key to obtain the decrypted content (i.e., the plaintext).
The content protection method of this embodiment sends a content subscription request, receives a public key and a storage address from a block link, and obtains decrypted content from an edge storage node using the public key and the storage address. Therefore, the content is stored at the tactical edge, and only the content subscribing nodes meeting the access control policy can acquire the storage address and the public key from the block chain network, and then access the content by using the storage address and the public key, thereby ensuring that the content published by the content publishing node is only accessed by authorized users (i.e., the content subscribing nodes meeting the access control policy), and preventing the content at the tactical edge from being stolen, damaged, invaded, controlled and the like.
Fig. 8 is a block diagram illustrating a content protection device 800 that may be applied to a content distribution node of a tactical edge network according to an exemplary embodiment. As shown in fig. 8, the content protection apparatus 800 may include an encryption processing module 810, a formulation module 820, and a transaction processing module 830.
The encryption processing module 810 is configured to encrypt content to be distributed using an encryption key, store the encrypted content to an edge storage node of the tactical edge network, and obtain a storage address of the encrypted content.
The formulating module 820 is used for formulating an access control policy of the content to be published, wherein the access control policy is formed by a five-tuple acs (identity)req,identitypro,ro,ts,te) Is formed of, wherein, identityreqIdentity representing a content subscription node of the tactical edge networkproRepresenting an identity of the content publishing node, ro being a set consisting of a set of roles and a basic condition that the content subscribing node has content access only if the set comprises an identity of the content subscribing node, tsIndicating access to contentStarting time, teIndicating the end time of the content access.
The transaction processing module 830 is connected to the encryption processing module 810 and the formulating module 820, and configured to generate a transaction according to the storage address, the access control policy, and a public key, and upload the transaction to a block chain formed by hierarchical backbone nodes of the tactical edge network, where the public key and the encryption key have a corresponding relationship.
In a possible implementation manner, the content protection apparatus further includes:
a first calculation module (not shown) for using the formula key according to the private keysec=Hash(keypri||randompri) To calculate a secondary key, wherein keysecRepresenting said secondary keypriRepresenting said private key, randompriA random number representing a random number known only to the content distribution node;
a second calculation module (not shown) for using the formula seq ═ Hash (key) according to the private keypri| num) to calculate a serial number of the content to be distributed, wherein seq represents the serial number, and num represents the number of times the content is encrypted;
a third computing module (not shown) for using a formula key based on the secondary key and the serial numberseq=Hash(keysec| seq) to calculate the encryption key, wherein keyseqRepresenting the encryption key.
In a possible implementation manner, the content protection apparatus further includes:
a saving module (not shown) for saving the hash value of the encrypted content;
an obtaining module (not shown) for obtaining the content from the edge storage node according to the storage address;
and a judging module (not shown) configured to judge that the content to be distributed is not tampered if the saved hash value is the same as the obtained hash value of the content.
Fig. 9 is a block diagram illustrating a content protection device 900 that may be applied to a blockchain consisting of cascaded backbone nodes of a tactical edge network according to an example embodiment. As shown in fig. 9, the content protection apparatus 900 may include a receiving module 910, a determining module 920, and a transmitting module 930.
The receiving module 910 is configured to receive a content subscription request sent by a content subscription node of the tactical edge network, where the content subscription request carries an identifier and a role of the content subscription node and an identifier of a content publishing node, and content to be subscribed by the content subscription node is published by the content publishing node.
The determining module 920 is connected to the receiving module 910, and configured to determine whether the content subscribing node meets the access control policy in the transaction of the block on the block chain according to the identifier and the role of the content subscribing node and the identifier of the content publishing node.
The sending module 930 is connected to the determining module 920, and configured to send, if it is determined that the content subscription node satisfies the access control policy, a public key and a storage address in the transaction to the content subscription node, where the public key is used to decrypt the content published by the content publishing node, and the storage address is used to identify an access address of the content published by the content publishing node, and the access control policy is defined by a five-tuple acs (identity)req,identitypro,ro,ts,te) Composition, identityreqRepresents the identity, of the content subscribing nodeproRepresenting an identity of the content publishing node, ro being a set consisting of a set of roles and a basic condition that the content subscribing node has content access only if the set comprises an identity of the content subscribing node, tsIndicating the start time of content access, teIndicating the end time of the content access.
Fig. 10 is a block diagram illustrating a content protection device according to an exemplary embodiment, the content protection device 1000 may be applied to a content subscription node of a tactical edge network. As shown in fig. 10, the content protection apparatus 1000 may include a transmitting module 1010, a receiving module 1020, and an obtaining module 1030.
The sending module 1010 is configured to send a content subscription request to a blockchain formed by hierarchical backbone nodes of a tactical edge network, where the content subscription request carries an identifier and a role of the content subscription node and an identifier of a content publishing node, and content to be subscribed by the content subscription node is published by the content publishing node.
The receiving module 1020 is configured to receive a public key and a storage address from the blockchain, where the public key is used to decrypt the content published by the content publishing node, and the storage address is used to identify an access address of the content published by the content publishing node.
The obtaining module 1030 is connected to the receiving module 1020, and configured to obtain, from an edge storage node of the tactical edge network, content published by the content publishing node using the storage address, and decrypt the obtained content using the public key, where the public key and the encryption key have a corresponding relationship.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terms used herein were chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the techniques in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (10)

1. A content protection method applied to a content distribution node of a tactical edge network is characterized by comprising the following steps:
encrypting the content to be issued by using an encryption key, storing the encrypted content to an edge storage node of the tactical edge network, and acquiring a storage address of the encrypted content;
formulating an access control policy of the content to be distributed, wherein the access control policy is defined by a five-tuple acs ═ (identity)req,identitypro,ro,ts,te) Is formed of, wherein, identityreqIdentity representing a content subscription node of the tactical edge networkproRepresenting an identity of the content publishing node, ro being a set consisting of a set of roles and a basic condition that the content subscribing node has content access only if the set comprises an identity of the content subscribing node, tsIndicating the start time of content access, teIndicating an end time of content access;
generating a transaction according to the storage address, the access control policy and a public key, and uploading the transaction to a block chain consisting of the cascade backbone nodes of the tactical edge network, wherein the public key and the encryption key have a corresponding relationship;
wherein the content publishing node is configured to publish content to the edge storage node and is further configured to report the access control policy and the storage address to the blockchain.
2. The method of claim 1, further comprising:
key using formula according to private keysec=Hash(keypri||randompri) To calculate a secondary key, wherein keysecRepresenting said secondary keypriRepresenting said private key, randompriA random number representing a random number known only to the content distribution node;
using a formula seq as Hash (key) according to the private keypri| num) to calculate a serial number of the content to be distributed, wherein seq represents the serial number, and num represents the number of times the content is encrypted;
using a formula key according to the secondary key and the serial numberseq=Hash(keysec| seq) to calculate the encryption key, wherein keyseqRepresenting the encryption key.
3. The method of claim 1 or 2, further comprising:
saving the hash value of the encrypted content;
acquiring content from the edge storage node according to the storage address;
and if the stored hash value is the same as the hash value of the acquired content, determining that the content to be distributed is not tampered.
4. A method for content protection applied to a blockchain consisting of contiguous backbone nodes of a tactical edge network, the method comprising:
receiving a content subscription request sent by a content subscription node of the tactical edge network, wherein the content subscription request carries an identifier and a role of the content subscription node and an identifier of a content publishing node, and the content to be subscribed by the content subscription node is published by the content publishing node;
judging whether the content subscription node meets an access control strategy in the transaction of the blocks on the block chain or not according to the identification and the role of the content subscription node and the identification of the content publishing node;
if the content subscription node is judged to meet the access control strategy, a public key and a storage address in the transaction are sent to the content subscription node, wherein the public key is used for decrypting the content published by the content publishing node, and the storage address is used for identifying the access address of the content published by the content publishing node,
wherein the access control policy is composed of a five-tuple acs ═ (identity)req,identitypro,ro,ts,te) Composition, identityreqRepresents the identity, of the content subscribing nodeproRepresenting an identity of said content distribution node, ro being represented byA collection of group roles and a content subscription node is provided with a basic condition for content access only if the collection includes an identification of the content subscription node, tsIndicating the start time of content access, teIndicating an end time of content access;
the content publishing node is used for publishing content to an edge storage node and reporting the access control policy and the storage address to the blockchain.
5. A content protection method applied to a content subscription node of a tactical edge network is characterized by comprising the following steps:
sending a content subscription request to a block chain consisting of connected backbone nodes of a tactical edge network, wherein the content subscription request carries an identifier and a role of the content subscription node and an identifier of a content publishing node, and the content to be subscribed by the content subscription node is published by the content publishing node;
receiving a public key and a storage address from the blockchain, wherein the public key is used for decrypting the content published by the content publishing node, and the storage address is used for identifying an access address of the content published by the content publishing node;
acquiring content issued by the content issuing node from an edge storage node of the tactical edge network by using the storage address, and decrypting the acquired content by using the public key, wherein the public key and an encryption key have a corresponding relationship;
the content publishing node is used for publishing content to the edge storage node and reporting an access control policy and the storage address to the blockchain.
6. A content protection apparatus applied to a content distribution node of a tactical edge network, the apparatus comprising:
the encryption processing module is used for encrypting the content to be issued by using an encryption key, storing the encrypted content to an edge storage node of the tactical edge network and acquiring a storage address of the encrypted content;
a formulating module, configured to formulate an access control policy of the content to be published, where the access control policy is defined by a five-tuple acs (identity)req,identitypro,ro,ts,te) Is formed of, wherein, identityreqIdentity representing a content subscription node of the tactical edge networkproRepresenting an identity of the content publishing node, ro being a set consisting of a set of roles and a basic condition that the content subscribing node has content access only if the set comprises an identity of the content subscribing node, tsIndicating the start time of content access, teIndicating an end time of content access;
the transaction processing module is used for generating a transaction according to the storage address, the access control strategy and a public key and uploading the transaction to a block chain consisting of the cascade backbone nodes of the tactical edge network, wherein the public key and the encryption key have a corresponding relation;
wherein the content publishing node is configured to publish content to the edge storage node and is further configured to report the access control policy and the storage address to the blockchain.
7. The apparatus of claim 6, further comprising:
a first calculation module for using formula key according to the private keysec=Hash(keypri||randompri) To calculate a secondary key, wherein keysecRepresenting said secondary keypriRepresenting said private key, randompriA random number representing a random number known only to the content distribution node;
a second calculation module for using a formula seq ═ Hash (key) according to the private keypri| num) to calculate a serial number of the content to be distributed, wherein seq represents the serial number, and num represents the number of times the content is encrypted;
a third calculation module for using a formula key according to the secondary key and the serial numberseq=Hash(keysec| seq) to calculate the encryption key, wherein keyseqRepresenting the encryption key.
8. The apparatus of claim 6 or 7, further comprising:
the storage module is used for storing the hash value of the encrypted content;
the acquisition module is used for acquiring contents from the edge storage node according to the storage address;
and the judging module is used for judging that the content to be issued is not tampered if the stored hash value is the same as the obtained hash value of the content.
9. A content protection device for use in a blockchain consisting of cascaded backbone nodes of a tactical edge network, the device comprising:
a receiving module, configured to receive a content subscription request sent by a content subscription node of the tactical edge network, where the content subscription request carries an identifier and a role of the content subscription node and an identifier of a content publishing node, and a content to be subscribed by the content subscription node is published by the content publishing node;
the judging module is used for judging whether the content subscription node meets an access control strategy in the transaction of the blocks on the block chain or not according to the identification and the role of the content subscription node and the identification of the content publishing node;
a sending module, configured to send, if it is determined that the content subscription node satisfies the access control policy, a public key and a storage address in the transaction to the content subscription node, where the public key is used to decrypt the content published by the content publishing node, and the storage address is used to identify an access address of the content published by the content publishing node,
wherein the access control policy is composed of a five-tuple acs ═ (identity)req,identitypro,ro,ts,te) Composition, identityreqRepresents the identity, of the content subscribing nodeproRepresenting an identity of the content publishing node, ro being a set consisting of a set of roles and a basic condition that the content subscribing node has content access only if the set comprises an identity of the content subscribing node, tsIndicating the start time of content access, teIndicating an end time of content access;
the content publishing node is used for publishing content to an edge storage node and reporting the access control policy and the storage address to the blockchain.
10. A content protection apparatus applied to a content subscription node of a tactical edge network, the apparatus comprising:
a sending module, configured to send a content subscription request to a block chain formed by hierarchical backbone nodes of a tactical edge network, where the content subscription request carries an identifier and a role of the content subscription node and an identifier of a content publishing node, and a content to be subscribed by the content subscription node is published by the content publishing node;
a receiving module, configured to receive a public key and a storage address from the block link, where the public key is used to decrypt the content issued by the content issuing node, and the storage address is used to identify an access address of the content issued by the content issuing node;
an obtaining module, configured to obtain, from an edge storage node of the tactical edge network, content published by the content publishing node using the storage address, and decrypt the obtained content using the public key, where the public key and an encryption key have a correspondence;
the content publishing node is used for publishing content to the edge storage node and reporting an access control policy and the storage address to the blockchain.
CN201910664743.1A 2019-07-23 2019-07-23 Content protection method and device Expired - Fee Related CN110581839B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910664743.1A CN110581839B (en) 2019-07-23 2019-07-23 Content protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910664743.1A CN110581839B (en) 2019-07-23 2019-07-23 Content protection method and device

Publications (2)

Publication Number Publication Date
CN110581839A CN110581839A (en) 2019-12-17
CN110581839B true CN110581839B (en) 2021-12-14

Family

ID=68811079

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910664743.1A Expired - Fee Related CN110581839B (en) 2019-07-23 2019-07-23 Content protection method and device

Country Status (1)

Country Link
CN (1) CN110581839B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113315745A (en) * 2020-02-27 2021-08-27 华为技术有限公司 Data processing method, device, equipment and medium
CN111371790B (en) * 2020-03-05 2022-06-17 中国工商银行股份有限公司 Data encryption sending method based on alliance chain, related method, device and system
CN111431695A (en) * 2020-03-24 2020-07-17 武汉理工大学 Software defined tactical network node credit management method based on block chain
US11876903B2 (en) 2020-12-09 2024-01-16 International Business Machines Corporation Decentralized broadcast encryption and key generation facility
US11997218B2 (en) 2021-03-02 2024-05-28 International Business Machines Corporation Decentralized, dynamic media key block for broadcast encryption
CN113328864B (en) * 2021-08-03 2021-12-07 北京理工大学 Data transmission method and system based on function encryption, block chain and machine learning

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108462568A (en) * 2018-02-11 2018-08-28 西安电子科技大学 A kind of secure file storage and sharing method based on block chain
CN109040012A (en) * 2018-06-19 2018-12-18 西安电子科技大学 A kind of data security protecting and sharing method based on block chain and system and application
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A kind of storage of data file security privacy and sharing method based on block chain
US10326802B1 (en) * 2018-12-04 2019-06-18 Xage Security, Inc. Centrally managing data for orchestrating and managing user accounts and access control and security policies remotely across multiple devices
CN109951498A (en) * 2019-04-18 2019-06-28 中央财经大学 A kind of block chain access control method and device based on ciphertext policy ABE encryption

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108462568A (en) * 2018-02-11 2018-08-28 西安电子科技大学 A kind of secure file storage and sharing method based on block chain
CN109040012A (en) * 2018-06-19 2018-12-18 西安电子科技大学 A kind of data security protecting and sharing method based on block chain and system and application
US10326802B1 (en) * 2018-12-04 2019-06-18 Xage Security, Inc. Centrally managing data for orchestrating and managing user accounts and access control and security policies remotely across multiple devices
CN109768987A (en) * 2019-02-26 2019-05-17 重庆邮电大学 A kind of storage of data file security privacy and sharing method based on block chain
CN109951498A (en) * 2019-04-18 2019-06-28 中央财经大学 A kind of block chain access control method and device based on ciphertext policy ABE encryption

Also Published As

Publication number Publication date
CN110581839A (en) 2019-12-17

Similar Documents

Publication Publication Date Title
CN110581839B (en) Content protection method and device
CN110033258B (en) Service data encryption method and device based on block chain
US10296248B2 (en) Turn-control rewritable blockchain
Li et al. Efficient and privacy-preserving carpooling using blockchain-assisted vehicular fog computing
CN109033855B (en) Data transmission method and device based on block chain and storage medium
US10623387B2 (en) Distributed key secret for rewritable blockchain
CN109508552B (en) Privacy protection method of distributed cloud storage system
EP3070630A2 (en) Data system and method
CN108881195A (en) Data safety sharing method and device based on cloud environment
Cai et al. Hardening distributed and encrypted keyword search via blockchain
CN109600366A (en) The method and device of protection user data privacy based on block chain
CN110191153A (en) Social communication method based on block chain
CN114139203B (en) Block chain-based heterogeneous identity alliance risk assessment system and method and terminal
CN109104476B (en) Electric power information safety system based on block chain
CN110737915A (en) Anti-quantum-computation anonymous identity recognition method and system based on alliance chain and implicit certificate
CN114389878B (en) Block chain slicing method and block chain network system
Fu et al. Searchable encryption scheme for multiple cloud storage using double‐layer blockchain
CN105847009A (en) RFID bidirectional authentication method meeting requirement on backward security
CN109783456A (en) Go weight structure building method, De-weight method, file retrieval methods, machining system
CN116723511B (en) Position management method and system for realizing privacy protection in Internet of vehicles and Internet of vehicles
Mi et al. Secure data de-duplication based on threshold blind signature and bloom filter in internet of things
CN116781332A (en) Block chain-based network flow evidence obtaining and tracing method and system
CN106453300A (en) Data encryption and decryption method and device, and data transmission system
CN114884700A (en) Searchable public key encryption batch processing method and system for resisting keyword guessing attack
CN115604305B (en) Block chain-based privacy protection and traceable carbon transaction system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20211214