CN111211903A - Mobile group perception data report duplication removing method based on fog calculation and privacy protection - Google Patents
Mobile group perception data report duplication removing method based on fog calculation and privacy protection Download PDFInfo
- Publication number
- CN111211903A CN111211903A CN201911211573.8A CN201911211573A CN111211903A CN 111211903 A CN111211903 A CN 111211903A CN 201911211573 A CN201911211573 A CN 201911211573A CN 111211903 A CN111211903 A CN 111211903A
- Authority
- CN
- China
- Prior art keywords
- report
- task
- signature
- fog
- data report
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Abstract
The invention discloses a mobile group perception data report duplication removing method based on fog calculation and privacy protection, which comprises the steps of firstly adopting encryption primitives to realize safe task allocation and ensuring the confidentiality of crowdsourcing reports; then, an MLE algorithm is improved to achieve mobile group perception data report deduplication capable of protecting privacy, meanwhile identities of contributors in the fog nodes are hidden, and repeated data counterfeiting attacks are effectively resisted. In addition, the invention also adopts an aggregation signature algorithm to realize efficient signature aggregation and verification, and fairly records the contribution of each participant under the condition of not checking the specific content of the mobile group perception data report; and finally, constructing an efficient retrieval method, and rewarding real contributors while detecting greedy participants. In practical application, the communication overhead is greatly reduced, but the communication efficiency is higher, and the privacy is greatly improved.
Description
Technical Field
The invention relates to a safe and efficient mobile group perception data report duplication elimination technology, in particular to a mobile group perception data report duplication elimination method based on fog calculation and privacy protection.
Background
With the popularization of a large number of mobile terminal devices such as smart phones, vehicle-mounted electronic devices, wireless communication devices and wearable electronic devices, each mobile terminal can become an information acquisition node, intelligent terminals all over the world form a huge intelligent antenna, relevant data of users can be rapidly acquired, and the data collection and information sharing mode based on swarm intelligence is called mobile swarm awareness.
Mobile group awareness allows a large number of individuals to collectively perceive data and extract relevant information that the user needs using their mobile devices (e.g., smartphones, smart glasses, drones, cameras, and computers). It supports more and more sensing applications, from restaurant recommendations, effective recommendations for parking space discovery, etc., to environmental monitoring, such as air quality measurements, noise level measurements, and dam water discharge warnings. By means of group intelligence and user mobility, the quality of sensing data is improved, the scale of sensing application is expanded, and the cost of high-quality data collection is reduced. The success of mobile crowd sensing depends greatly on the participating mobile users, and the wider the participation range is, the more sensing data is collected, and the more accurate the information is collected. However, this may generate more duplicate data, thereby causing unnecessarily heavy communication overhead. Therefore, it is important to eliminate duplicate data to improve communication efficiency (i.e., deduplication). Unfortunately, sensed data is often protected and deduplication is challenging.
In addition, security and privacy issues for public devices are a serious challenge: the mobile sensor collects real-time data from the surrounding environment, which may contain some sensitive information. An attacker can extract a variety of personal information (such as location information, personal preferences, health status, political aspects, etc.) from the quorum-sensing system data reports. Therefore, the protection of personal privacy in the mobile group awareness system is an urgent problem to be solved.
In addition, data encryption is widely used to achieve data confidentiality in order to protect the privacy of mobile users, but it poses a significant obstacle to the detection of duplicate data by middleware. At present, domestic and foreign researchers have already carried out a lot of research on the aspects of data report deduplication and encryption of a group sensing system, and the deduplication of the data report is usually realized by adopting Message Lock Encryption (MLE), and the original data cannot be leaked while the contribution of mobile terminal equipment is recorded by adopting a signature aggregation scheme. In the data report deduplication stage, the fog node judges whether the two reports are the same or not by comparing the ciphertext tags, and only one data copy is reserved for the same data, so that the system communication overhead is reduced.
In MLE, however, the same plaintext always maps to the same ciphertext, and the plaintext is encrypted by a randomly selected key. Unfortunately, MLE is vulnerable to offline brute force attacks, in which an adversary can obtain crowd-sourced data by guessing the possible plaintext in an encrypted crowd-sourced data report, which is particularly the case in some special applications, such as air quality measurements. Therefore, we should improve MLE to ensure the security of data reporting. In addition, during the deduplication process of the mobile community-aware data report, the fog node can distinguish whether the two reports are the same by comparing the tag parts of the ciphertext, and only one copy is reserved for reducing the overhead. But if the equality of the mobile community-aware data reports can be detected in public places, an attacker (external attacker or lazy participant) can easily forge a duplicate data report, not only destroying their plan in the aggregate signature authentication phase, but even being rewarded without performing the task. To counteract this copy-forgery attack, we should implement privacy-preserving mobile community-aware data report deduplication. Furthermore, after ensuring security and privacy in the data report deduplication process (without exposing the specific identity of the mobile terminal user to the fog node), only one copy of the duplicate data reports is returned to the mobile community awareness server. A lazy participant may steal a honest participant or a greedy participant to ask for a rewarded mobile group awareness data report multiple times to claim itself as a contributor to a duplicate data report.
In summary, it is also a challenge to determine the true contributors to repeated mobile community awareness data reporting. In summary, it is important not only to achieve secure and privacy-preserving data report deduplication, but also to fairly record the contributions of each mobile terminal user without revealing crowd-sensing data.
Disclosure of Invention
The purpose of the invention is as follows: the invention aims to solve the defects in the prior art and provides a mobile group perception data report deduplication method based on fog calculation and privacy protection.
The technical scheme is as follows: the invention discloses a mobile group perception data report duplication eliminating method based on fog calculation and privacy protection, which comprises the steps that a user uses the methodCloud service providerFog nodeAnd mobile terminal equipmentThe userCreating and submitting tasks to cloud facilitatorsThe cloud service providerFor the userProviding a mobile community awareness service; the fog nodeCompleting task distribution, data report deduplication and data uploading; the mobile terminal deviceThe data acquisition, processing and communication are completed;
the method specifically comprises the following steps:
(1) initializing a system;
(2) distributing tasks;
(3) collecting data;
(4) data report deduplication;
(5) data report acknowledgement;
(6) decrypting the data report;
(7) reward and revocation;
wherein, the detailed process of the system initialization in step (1) is as follows:
(1.1) inputting common parametersWhereinA multiplication loop group of prime order p, formed by elementsGenerating;is a multiplicative cyclic group of prime order q, so there is a pairingH1Is a hash functionH2Is a hash functionH3Is a hash function
(1.3) for each registered mobile terminal deviceFor which a private key for ECC-160 encryption/decryption is calculatedAnd public keyAnd cloud service providerCalculate its signature keyWhereinFor mobile terminal equipmentThe identity of (2);
(1.4) for each fog nodeCalculating private keys for ECDSA (elliptic Curve digital signature Algorithm) signature and verification operations, respectivelyAnd public key
Further, the step (2) of task allocation specifically comprises the following steps:
(2.1) when the user isWhen it is desired to initiate a task based on location loc for location loc,selecting a random numberAnd calculates a temporary public keyThen, the user can use the device to perform the operation,through secure channel to cloud facilitatorSending a task request, namely:
where loc is the location of the task, TeThe validity period of the task, T the task,is a temporary public key;
(2.2) cloud facilitatorAfter the task request is received, the task request is sent to the server,selectingAs a unique identifier for task T and selects a set of fog nodes based on location locThen, the cloud service providerTasking over secure channelsIs pushed to each selected
(2.3) acting as a fog nodeReceiving cloud service providerTask of sendingAfter that time, the user can use the device,selecting a series of mobile terminal equipment according to the requirement of task TThen theFor each oneSelecting a random number And calculates a temporary public keyThen, the process of the present invention is carried out,calculating KiAndwherein the content of the first and second substances,for the purpose of the ECC-160 encryption operation,signing an algorithm for ECDSA;
In this step, the temporary public key is passedAndto further achieve privacy protection, i.e. to generate one session key at a time, enabling the mobile terminal deviceIt is not known which initiator initiated the task.
Further, the data acquisition in the step (3) specifically comprises the following steps:
(3.1) Mobile terminal deviceReceive fog nodeTask request message ofAfter that, the air conditioner is started to work,authenticationValidity of the signature;
Tethe validity period of the task, T the task,in order to be the temporary public key,is a temporary public key;
(3.2) after passing the verification, the mobile terminal equipmentComputingThereby obtaining task T and temporary public keyWherein the content of the first and second substances,decrypt operations for ECC-160;
(3.3) then, the mobile terminal deviceCollecting data according to task T and generating mobile group perception data report Pi;
wherein Enc is AES-128 encryption operation;Liandare all temporary variables, i.e.:in order to calculate the material for the purposes of de-weighting,in order to calculate the hash value from the report,is based onCalculated hash value, LiIn order to report the encryption key(s),in order to report the encrypted ciphertext,computing material for the deduplication hiding portion andandvicalculating to obtain;
wherein the content of the first and second substances,in order to be a part of the signature,the intermediate part is calculated for the signature,being a signature part, epsiloniIn order to be a signature,hiding a portion for a signature identity;
in the step (3.1), the step (c),authenticationVerification of the signature using ECDSA, i.e. calculation, for validity of the signatureIf the verification is true, if the signature passes the verification immediately, the method isA legitimate message to send. WhereinIs the signature algorithm/verification algorithm of the ECDSA signature algorithm.
The steps are realized by abandoning the transmission of t in the prior art in an ECC encryption modeiIndirectly reveal the corresponding relation between the replied report and the identity of the reporter, and adopt the generation of temporary ti. At the same timeAnd LiIs generated such that subsequent usersNot only can decrypt, but also can solve the problems in the prior artIs aware ofThe identity of (according to the ECC public key). Meanwhile, the signature in step (3.5) can hide the identity of the reporter, that is, the hash value corresponding to the identity of the reporter, which is a fixed value in the comparison scheme, and the identity of the reporter can be tracked according to the hash value calculated according to the identity of the reporter (which implies that the identity of the reporter and the corresponding report message are already known by the fogger node).
Further, the data report deduplication in the step (4) specifically comprises the following steps:
(4.1) mist nodeFrom different mobile terminal devicesReceiving a Mobile group awareness report PiThen, therein is provided with PiThere are n reports in the set of n,performing data report deduplication and signature aggregation operations: first, for eachComputingThen, the user can use the device to perform the operation,according toTo detect duplicate data reports Q;
that is, since the step (3.4) describesAnd isThen pass throughCan be calculated to obtainThereby t can be recoveredi;
(4.2) to record the contribution of duplicate reports, fog nodesThe corresponding signatures are subjected to the following aggregation operations:
(4.3) mist nodeRandomly selecting one of the duplicate reportsAnd to cloud service providerThe following information is sent:
wherein the content of the first and second substances,e is a bilinear operation, and e is a bilinear operation,is a random specific element in Q and j is the remaining (n-Q) non-repeating elements in a set of reports.
Further, the data report confirmation in step (5) specifically includes the following steps:
(5.1) as a cloud facilitatorReceived fog nodeAfter the transmitted aggregation report, report signature confirmation is performed by judging whether the following equation stands:
the valid verification of the signature is described as follows:
(5.2) for other signatures 1 ≦ j ≦ n,cloud service providerReport signature validation is performed by determining whether the following equation holds:
wherein Q is a set of duplicate reports;
the valid verification of the signature is illustrated below:
further, the data report decryption in step (6) specifically comprises the following steps:
(6.1) when the user receives the crowd sensing data report, calculating the following formula:
(6.2) then, the step of,checking equationIf true, discard quorum-sensing data report P if the equality is not truei', if the equation holds true, the retained population perception data report Pi'。
In order to solve the problem of how to distribute rewards and solve the problem of greedy contributors (reporting multiple rewards for obtaining multiple rewards and reporting multiple rewards for once) while distributing rewards under privacy and deduplication conditions, the specific steps of rewarding and revoking in the step (7) are as follows:
(7.1) in the task allocation process, cloud service providerSelecting a random numberAnd calculateThen, the user can use the device to perform the operation,tasking over secure channelsForward to each selected fog nodeFinally, the process is carried out in a batch,calculating KiAnd to the mobile terminal deviceSending
(7.2) during the data collection process,computingAndfinally, the process is carried out in a batch,the following information is sent:
after passing report verification, pass checkWhether it holds to recover each contributor; and can recover the failed authentication of the internal attacker.
Has the advantages that: compared with the prior art, the invention has the following advantages:
(1) in order to reduce communication burden, an improved MLE algorithm is adopted, privacy protection in the data report deduplication process is achieved, and data forgery attacks are resisted. In particular, the label part of the ciphertext is hidden in the communication process, and the fog node does not check specific report contents while checking the uniqueness of the perception report, namely: allowing the fog node to check whether the crowd-sensing data reports are the same without knowing the detailed crowd-sensing data.
(2) In order to realize the record of contribution to the mobile terminal equipment in the report deduplication process, an improved identity-based multi-signature scheme is adopted to support signature aggregation, and anonymous signature aggregation operation is supported. Therefore, the efficient and safe aggregation confirmation function can be realized, and the mobile terminal equipment contributing to the group perception report can be recorded.
(3) To record the true contributors when detecting lazy or greedy participants, the present invention constructs an efficient method through cryptographic primitives to ensure that each contributor can only receive a corresponding reward once.
In summary, the present invention utilizes fog computing for mobile population awareness, supporting precise task allocation and secure deduplication, which is a new architecture providing data computation, storage, processing and networking services (including location awareness, geographical distribution and low latency) that approximate terminal devices. With the aid of fog computing, many dispersed mobile devices can communicate and cooperate with other mobile devices in an ad-hoc manner via fog nodes located at the edge of the internet
Drawings
FIG. 1 is a system block diagram of an embodiment;
FIG. 2 is a schematic diagram of an example data report deduplication process;
FIG. 3 is a schematic diagram illustrating comparison of communication overhead under different schemes according to the embodiment, wherein FIG. 3(a) and FIG. 3(b) areThe communication overhead of the mobile group perception data with different sizes is shown schematically in FIG. 3(c) and FIG. 3(d)Communication overhead diagrams of mobile group awareness data of different sizes;
FIG. 4 is a schematic diagram illustrating comparison of computation costs at different stages of different schemes according to an embodiment, wherein FIG. 4(a) and FIG. 4(b) are schematic diagrams illustrating computation costs at different stages at different repetition rates;
fig. 5 is an average delay graph of a mobile group perception task in an embodiment, wherein fig. 5(a) and fig. 5(b) are average delay graphs of different numbers of mobile terminal devices at different repetition rates.
Detailed Description
The technical solution of the present invention is described in detail below, but the scope of the present invention is not limited to the embodiments.
As shown in fig. 1, the Mobile group awareness data report deduplication method based on Fog calculation and privacy protection of the present invention is a Mobile group awareness system based on Fog calculation, and the Mobile group awareness system includes a user (Customer), a cloud Service provider (Service cloud), a Fog node (Fog node), and a Mobile Terminal Device (Mobile Terminal Device), which are abbreviated as user, cloud Service provider (Service cloud), and Mobile Terminal Device (Fog node), respectivelyWherein the content of the first and second substances,user' sCan be individual users or user organizations, the users in the systemCreating a task specifying location loc and submitting the task to a cloud facilitatorCloud service providerFor the userProviding a community aware service.
First, the cloud facilitatorSelecting corresponding fog nodes according to position information required by task TAnd distribute the tasks. Then, via the fog nodetransport/Forwarding tasks, cloud facilitatorsAnd collecting, evaluating and processing data uploaded by the mobile terminal equipment. Meanwhile, cloud service providerFor contributing mobile terminal equipmentA corresponding reward is provided. Fog nodeDeployed at the network boundary. As a cloud service providerAnd mobile terminal deviceThe medium between them is connected by wire or wireless. Fog nodeDistributing tasks to mobile terminal devices according to task requirementsFinishing the duplication elimination work of the group perception data report and uploading the duplicated data to the cloud service providerMobile terminal deviceThe system is responsible for completing the task of fog node distribution and data acquisition, processing and communication. In addition, mobile terminal deviceBy going to cloud facilitatorThe data is contributed to report to obtain a corresponding reward.
Notation and formula convention:
is provided withA multiplication loop group of prime order p, formed by elementsGenerating;is another multiplication cycle group of prime order p, so that there is pairingHas the following characteristics:
Non-degenerate: e (g, g) ≠ 1;
The mobile group perception data report deduplication method based on fog calculation and privacy protection comprises the following specific steps:
1. initializing a system: inputting common parametersWhereinA multiplication loop group of prime order p, formed by elementsGenerating;is another multiplicative cyclic group of prime order q, so there is pairingH1Is a hash functionH2Is a hash functionH3Is a hash functionCloud service providerSelecting random numbersAs a keyAnd generates a corresponding public keyFor each registered mobile terminal deviceFor which a private key for ECC-160 encryption/decryption is calculatedAnd public keyFurther, cloud service providerCalculate its signature keyWhereinFor mobile terminal equipmentThe identity of (2); for each fog nodeCalculating private keys for ECDSA (elliptic Curve digital signature Algorithm) signature and verification operations, respectivelyAnd public key
2. And (3) task allocation: when the user isWhen it is desired to initiate a location-based task for location loc, a random number is selectedAnd calculates a temporary public keyFinally, it sends the following messages to the cloud facilitator through the secure channel
Where loc is the location of the task, TeThe validity period of the task T, T is the task,is a temporary public key;
after receiving the task request, the cloud service providerSelectingAs a unique identifier for task T and selects a set of fog nodes based on locThen, the user can use the device to perform the operation,tasking over secure channelsForward to each selected
Node when fogReceiving cloud service providerTask of sendingThen, a series of mobile terminal devices are selected according to the requirements of the task TThen theFor each oneSelecting a random numberAnd calculateThen theComputingCalculating KiAndwherein the content of the first and second substances,for the purpose of the ECC-160 encryption operation,signing an algorithm for ECDSA;
3. Data acquisition:
mobile terminal deviceReceiving a task request messageAfter that, the air conditioner is started to work,the following operations will be performed:
Tethe validity period of the task, T the task,in order to be the temporary public key,is a temporary public key;
after the verification is passed, the verification is carried out,computingGet task T andwherein the content of the first and second substances,decrypt operations for ECC-160;
then, the system is started and stopped,begin collecting data from T and generating a quorum-sensing data report Pi. To protect Pi,Random selectionThen calculate
Wherein Enc is AES-128 encryption operation;Liandare all temporary variables;andis a report component;
wherein the content of the first and second substances,is a signature componentThe method comprises the following steps of dividing,the intermediate part is calculated for the signature,being a signature part, epsiloniIn order to be a signature,hiding a portion for a signature identity;
4. data report deduplication, as shown in fig. 2:
node when fogFrom different mobile terminal devicesUpon receiving a mobile community-aware report (assuming n reports), data deduplication and signature aggregation operations will be performed:
·will calculateThen, the user can use the device to perform the operation,according toTo detect duplicate data Q;
In order to record the contribution of duplicate reports,the aggregation of the corresponding signatures is as follows:
finally, the process is carried out in a batch,randomly selecting a copy from the duplicate record set QAnd sends the following messages to
Wherein the content of the first and second substances,e is a bilinear operation, and e is a bilinear operation,is a random specific element in Q and j is the remaining (n-Q) non-repeating elements in a set of reports.
5. Report confirmation:
cloud service providerUpon receipt of the aggregated report, report signature validation is performed by checking whether the following equation holds:
for other signaturesCloud service providerDetermining whether the following equation holds for report signature validation:
6. report decryption:
then checkingWhether or not this is true. Discarding the quorum-sensing data report P if the equality is not truei', if the equation holds true, the retained population perception data report Pi'。
7. Reward and revocation:
to distribute rewards and revoke internal attackers during mobile community-aware data report deduplication operations, we improve our scheme at each stage by the following additional operations:
during task assignment, cloud facilitatorSelecting a random numberAnd calculateThen, the user can use the device to perform the operation,tasking over secure channelsForward to each selected fog nodeFinally, the process is carried out in a batch,calculating KiAnd to the mobile terminal deviceSending
During the course of the data collection, it is,computingAndfinally, the process is carried out in a batch,the following information is sent:
In the course of the verification of the report,computingAndwhere Dec is the AES-128 decryption operation; therefore, the temperature of the molten metal is controlled,after passing report verification, pass checkWhether or not it holds to recover each contributor, and in addition, it can recover the failed verification of internal attackers.
Example (b):
in the implementation process, the performance of the security policy is quantified through two aspects of calculation overhead and communication overhead. Wherein, Tmul、Texp、Tpar、TmulRespectively represent toTime of dot product operation, forTime for performing exponentiation operationTime for performing exponentiation operationTime to perform dot product operation. In addition, TaesAnd TeccRespectively represent toTime to perform AES-128 encryption/decryption operations andthe time to perform ECC-160 encryption/decryption operations. Here, the time used for the Hash operation is ignoredAnd (3) removing the solvent.
In addition, for the evaluation of the communication overhead, a parameter S is usedaes、Secc、Respectively representing the cipher text length encrypted by AES-128, the cipher text length encrypted by ECC-160, and H2Length of (H)3The length of (A) and (B),The length of (A) and (B),Length of (d).
In this example, the specific performance analysis is as follows:
and (3) task allocation: fog nodeEncryptionThe elapsed time is Tecc. After that time, the user can use the device,for each selected mobile terminal deviceSendingThe corresponding communication overhead is aboutThus, for n selected mobile terminal devices, the corresponding computation and communication costs are nTecc+TexpAnd
data acquisition: mobile terminal deviceFirst of all, calculateTo obtainThe elapsed time is Tecc. After the data collection is completed, it should perform data encryption and signature operations, which takes a time of (7T)exp+Taes+Tmul). Finally, the process is carried out in a batch,sending a report to a fog nodeThe corresponding communication overhead is aboutThus, the total computational overhead is about (7T)exp+Tecc+Taes+Tmul) And the communication overhead is about
Data report deduplication: suppose sending to a fog nodeThe number of reports of (2) is n, and the number of copied reports is Q. When in useAfter receiving the data report, it should be calculatedThis requires a time consumption of nTexp. Then, a signature aggregation operation is performed on the replicated dataTakes 3(Q-1) Tmul+Tpar. Finally, the fog nodeForwarding the messages to a cloud facilitatorThe corresponding communication overhead is aboutThe total computation and communication overhead is nTexp+3(Q-1)Tmul+TparAnd
data report confirmation: after receiving the report information, the cloud service provider executes signature confirmation operation, and the data report deduplication cost is (n-Q) (2T)par+Texp+Tmul) The aggregate signature overhead is (2T)par+Texp+Tmul) Is forwarded toHas a mail size of aboutThe total computational overhead is (n-Q +1) (2T)par+Texp+Tmul) The total communication overhead is
Data report decryption: to obtain the report content, the userThe received message should be decrypted with a corresponding computational overhead of about ((n-Q +1) (T)exp+Taes)。
Reward and revocation: to distribute the reward and to revoke an internal attacker,will be provided withIs sent toThe corresponding communication overhead is about nSaes. Then, the user can use the device to perform the operation,should check its validity, the overhead is about n (2T)exp+Taes)。
In the implementation process, the PBC library is adopted, the type A parameters are adopted, and the safety is equivalent to that of 1024-bit discrete logarithm. Therefore, the temperature of the molten metal is controlled,size 512 bits, size q 160 bits, size T1280 bits, and crowdsourcing data PiRespectively, are 1028 bits/2048 bits. The experimental code was run on a PC configured as follows: 2.90 GHz Intel (R) core (TM) i9-8950HK CPU, 8GB memory, Ubuntu 18.04.
Based on the comparison between the scheme of Ni (task assignment and data deduplication scheme for providing security for mobile crowd sensing published by Ni et al) and the scheme of w/o (existing no-data deduplication scheme), FIGS. 3(a) and 3(b) show mobile crowd sensing data (P) of different sizesi1024 and Pi2048) corresponding communication overhead. As shown in fig. 3(a), for these three schemes,the size of the communication overhead between them increases linearly with the number of mobile terminal devices in the report. In addition, comparing fig. 3(a) and fig. 3(b), the size of the mobile community awareness data report also affects the communication overhead. FIGS. 3(c) and 3(d) showWith different sizes of mobile community aware data. Obviously, when more data reports or larger-scale mobile group perception data are submitted to the fog nodes, the communication overhead of the scheme of the invention is far lower than that of the other two schemes.
Fig. 4(a) and 4(b) show simulation results (e.g., repetition rate (Q/n is 20%, Q/n is 40%) and length of moving population perception data (P) under different parameter settingsi=1024,Pi2048)), wherein T-A, D-C, R-D, R-V, R-DC respectively corresponds to five stages of task distribution, data collection, data report deduplication, report verification and report decryption. In the implementation process, the calculation overhead is mainly composed of pairsAndoperation (e.g. T)exp,TmulAnd Tpar) And (4) causing.
Comparing fig. 4(a) and fig. 4(b) shows that: the invention consumes less computational cost and the advantages of the scheme of the invention are more obvious with the increase of the repetition rate. This is because the total computational overhead of the present invention decreases as Q/n increases, whereas the reduction in computational overhead in the Ni et al scheme only occurs in the R-DC stage. Since the foggy node should first verify each signature in each report, the repetition rate only affects the overhead of the R-DC stage. Obviously, the present invention greatly reduces the computational overhead of the fog node (R-D stage). In addition, in the scheme of the invention, the corresponding calculation overhead of R-V is reduced along with the increase of Q/n.
As shown in fig. 5(a), for the three schemes, the larger the number of mobile terminal devices in the mobile community awareness data report, the more the average task delay increases almost linearly. Compared with the other two schemes, the invention has better time delay efficiency and increased speed. In addition, comparing fig. 5(a) and 5(b), the average task delay decreases as the replication rate increases. The invention has higher efficiency and greatly reduces the calculation overhead of the user side.
Claims (7)
1. A mobile group perception data report deduplication method based on fog calculation and privacy protection is characterized in that: including the userCloud service providerFog nodeAnd mobile terminal equipmentThe userCreating and submitting tasks to cloud facilitatorsThe cloud service providerFor the userProviding a mobile community awareness service; the fog nodeCompleting task distribution, data report deduplication and data uploading; the mobile terminal deviceThe data acquisition, processing and communication are completed;
the method specifically comprises the following steps:
(1) initializing a system;
(2) distributing tasks;
(3) collecting data;
(4) data report deduplication;
(5) data report acknowledgement;
(6) decrypting the data report;
(7) reward and revocation;
wherein, the detailed process of the system initialization in step (1) is as follows:
(1.1) inputting common parametersWhereinA multiplication loop group of prime order p, formed by elementsGenerating;is a multiplicative cyclic group of prime order q, so there is a pairingH1Is a hash functionH2Is a hash functionH3Is a hash function
(1.3) for each registered mobile terminal device For which a private key for ECC-160 encryption/decryption is calculatedAnd public keyAnd cloud service providerCalculate its signature keyWhereinFor mobile terminal equipmentThe identity of (2);
2. The fog-computing-based and privacy-preserving mobile community-aware data report deduplication method of claim 1, wherein: the task allocation in the step (2) comprises the following specific steps:
(2.1) when the user isWhen it is desired to initiate a task based on location loc for location loc,selecting a random numberAnd calculates a temporary public keyThen, the user can use the device to perform the operation,through secure channel to cloud facilitatorSending a task request, namely:
where loc is the location of the task, TeThe validity period of the task, T the task,is a temporary public key;
(2.2) cloud facilitatorAfter the task request is received, the task request is sent to the server,selectingAs a unique identifier for task T and selects a set of fog nodes based on location locThen, the cloud service providerTasking over secure channelsIs pushed to each selected
(2.3) acting as a fog nodeReceiving cloud service providerTask of sendingAfter that time, the user can use the device,selecting a series of mobile terminal equipment according to the requirement of task TThen theFor each oneSelecting a random number And calculates a temporary public keyThen, the process of the present invention is carried out,calculating KiAndwherein the content of the first and second substances,for the purpose of the ECC-160 encryption operation,signing an algorithm for ECDSA;
3. The fog-computing-based and privacy-preserving mobile community-aware data report deduplication method of claim 1, wherein: the data acquisition in the step (3) comprises the following specific steps:
(3.1) Mobile terminal deviceReceive fog nodeTask request message ofAfter that, the air conditioner is started to work,authenticationValidity of the signature;
Tethe validity period of the task, T the task,in order to be the temporary public key,is a temporary public key;
(3.2) after passing the verification, the mobile terminal equipmentComputingThereby obtaining task T and temporary public keyWherein the content of the first and second substances,decrypt operations for ECC-160;
(3.3) then, the mobile terminal deviceCollecting data according to task T and generating mobile group perception data report Pi;
wherein Enc is AES-128 encryption operation;Liandare all temporary variables;andis a report component;
wherein the content of the first and second substances,in order to be a part of the signature,the intermediate part is calculated for the signature,in order to be a part of the signature,in order to be a signature,hiding a portion for a signature identity;
4. the fog-computing-based and privacy-preserving mobile community-aware data report deduplication method of claim 1, wherein: the data report deduplication in the step (4) specifically comprises the following steps:
(4.1) mist nodeFrom different mobile terminal devicesReceiving a Mobile group awareness report PiThen, therein is provided with PiThere are n reports in the set of n,performing data report deduplication and signature aggregation operations: first, for each Computing Then, the user can use the device to perform the operation,according toTo detect duplicate data reports Q;
(4.2) to record the contribution of duplicate reports, fog nodesThe corresponding signatures are subjected to the following aggregation operations:
(4.3) mist nodeRandomly selecting one of the duplicate reportsAnd to cloud service providerThe following information is sent:
5. the fog-computing-based and privacy-preserving mobile community-aware data report deduplication method of claim 1, wherein: the data report confirmation in the step (5) comprises the following specific steps:
(5.1) as a cloud facilitatorReceived fog nodeAfter the transmitted aggregation report, report signature confirmation is performed by judging whether the following equation stands:
(5.2) for other signatures 1 ≦ j ≦ n,cloud service providerReport signature validation is performed by determining whether the following equation holds:
wherein Q is a set of duplicate reports;
6. the fog-computing-based and privacy-preserving mobile community-aware data report deduplication method of claim 1, wherein: the data report decryption in the step (6) specifically comprises the following steps:
(6.1) when the user receives the crowd sensing data report, calculating the following formula:
7. The fog-computing-based and privacy-preserving mobile community-aware data report deduplication method of claim 1, wherein: the specific steps of rewarding and canceling in the step (7) are as follows:
(7.1) in the task allocation process, cloud service providerSelecting a random numberAnd calculateThen, the user can use the device to perform the operation,tasking over secure channelsForward to each selected fog nodeFinally, the process is carried out in a batch,calculating KiAnd to the mobile terminal deviceSending
(7.2) during the data collection process,computingAndfinally, the process is carried out in a batch,the following information is sent:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911211573.8A CN111211903B (en) | 2019-12-02 | 2019-12-02 | Mobile group perception data report duplication removing method based on fog calculation and privacy protection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911211573.8A CN111211903B (en) | 2019-12-02 | 2019-12-02 | Mobile group perception data report duplication removing method based on fog calculation and privacy protection |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111211903A true CN111211903A (en) | 2020-05-29 |
CN111211903B CN111211903B (en) | 2021-06-11 |
Family
ID=70787981
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911211573.8A Active CN111211903B (en) | 2019-12-02 | 2019-12-02 | Mobile group perception data report duplication removing method based on fog calculation and privacy protection |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111211903B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112929167A (en) * | 2021-02-03 | 2021-06-08 | 华南理工大学 | Data aggregation method for protecting privacy in crowd sensing based on fog-assisted mobile |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070087756A1 (en) * | 2005-10-04 | 2007-04-19 | Hoffberg Steven M | Multifactorial optimization system and method |
CN108377264A (en) * | 2018-02-05 | 2018-08-07 | 江苏大学 | Vehicular ad hoc network quorum-sensing system data report De-weight method |
CN108400970A (en) * | 2018-01-20 | 2018-08-14 | 西安电子科技大学 | Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment |
CN109783456A (en) * | 2019-01-17 | 2019-05-21 | 暨南大学 | Go weight structure building method, De-weight method, file retrieval methods, machining system |
CN109862114A (en) * | 2019-03-12 | 2019-06-07 | 南京邮电大学 | A kind of safety vehicle intelligent perception method calculated based on mist |
CN109995505A (en) * | 2019-03-07 | 2019-07-09 | 西安电子科技大学 | A kind of mist calculates data safety machining system and method, cloud storage platform under environment |
CN111587407A (en) * | 2017-11-10 | 2020-08-25 | 辉达公司 | System and method for safe and reliable autonomous vehicle |
-
2019
- 2019-12-02 CN CN201911211573.8A patent/CN111211903B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070087756A1 (en) * | 2005-10-04 | 2007-04-19 | Hoffberg Steven M | Multifactorial optimization system and method |
CN111587407A (en) * | 2017-11-10 | 2020-08-25 | 辉达公司 | System and method for safe and reliable autonomous vehicle |
CN108400970A (en) * | 2018-01-20 | 2018-08-14 | 西安电子科技大学 | Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment |
CN108377264A (en) * | 2018-02-05 | 2018-08-07 | 江苏大学 | Vehicular ad hoc network quorum-sensing system data report De-weight method |
CN109783456A (en) * | 2019-01-17 | 2019-05-21 | 暨南大学 | Go weight structure building method, De-weight method, file retrieval methods, machining system |
CN109995505A (en) * | 2019-03-07 | 2019-07-09 | 西安电子科技大学 | A kind of mist calculates data safety machining system and method, cloud storage platform under environment |
CN109862114A (en) * | 2019-03-12 | 2019-06-07 | 南京邮电大学 | A kind of safety vehicle intelligent perception method calculated based on mist |
Non-Patent Citations (5)
Title |
---|
GANGSUN,SIYUSUN: ""Security and privacy preservation in fog-based crowd sensing on the internet of vehicles"", 《JOURNAL OF NETWORK AND COMPUTER APPLICATIONS》 * |
JIANBING NI;: ""Secure and Deduplicated Spatial Crowdsourcing: A Fog-Based Approach"", 《2016 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM)》 * |
JIANNAN W , XIAOJIE W: ""A Privacy-Preserving Fog Computing Framework for Vehicular Crowdsensing Networks"", 《IEEE ACCESS》 * |
SHUNRONG JIANG; JIANQING LIU: ""Secure and Privacy-Preserving Report De-duplication in the Fog-Based Vehicular Crowdsensing System"", 《2018 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM)》 * |
李雅轩: ""基于网络虚拟化的雾计算设计与实现"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112929167A (en) * | 2021-02-03 | 2021-06-08 | 华南理工大学 | Data aggregation method for protecting privacy in crowd sensing based on fog-assisted mobile |
Also Published As
Publication number | Publication date |
---|---|
CN111211903B (en) | 2021-06-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Islam et al. | A robust and efficient password-based conditional privacy preserving authentication and group-key agreement protocol for VANETs | |
US11930123B2 (en) | Cryptographic methods and systems for managing digital certificates | |
Ma et al. | An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks | |
CN108964919B (en) | Lightweight anonymous authentication method with privacy protection based on Internet of vehicles | |
Cui et al. | HCPA-GKA: A hash function-based conditional privacy-preserving authentication and group-key agreement scheme for VANETs | |
Wang et al. | 2FLIP: A two-factor lightweight privacy-preserving authentication scheme for VANET | |
Rathore et al. | Real-time secure communication for Smart City in high-speed Big Data environment | |
Kong et al. | Achieving privacy-preserving and verifiable data sharing in vehicular fog with blockchain | |
Eddine et al. | EASBF: An efficient authentication scheme over blockchain for fog computing-enabled internet of vehicles | |
Cheng et al. | PPVF: privacy-preserving protocol for vehicle feedback in cloud-assisted VANET | |
Yoon et al. | A user friendly authentication scheme with anonymity for wireless communications | |
Kang et al. | Highly efficient randomized authentication in VANETs | |
Verma et al. | An efficient and provable certificate-based proxy signature scheme for IIoT environment | |
Patonico et al. | Identity-based and anonymous key agreement protocol for fog computing resistant in the Canetti–Krawczyk security model | |
Wang et al. | Data integrity checking with reliable data transfer for secure cloud storage | |
CN105812354B (en) | Location privacy protection method based on attack resistance in car networking under a kind of LBS background | |
CN111797427A (en) | Block chain user identity supervision method and system considering privacy protection | |
Agrawal et al. | A trustworthy agent-based encrypted access control method for mobile cloud computing environment | |
Jiang et al. | Anonymous and efficient authentication scheme for privacy-preserving distributed learning | |
Jiang et al. | No one can track you: Randomized authentication in vehicular ad-hoc networks | |
Nath et al. | A privacy-preserving mutual authentication scheme for group communication in VANET | |
Ahamed et al. | EMBA: An efficient anonymous mutual and batch authentication schemes for vanets | |
Hu et al. | Efficient privacy-preserving schemes for dot-product computation in mobile computing | |
Nikooghadam et al. | A provably secure ECC-based roaming authentication scheme for global mobility networks | |
Ko et al. | Modifying the ECC-based grouping-proof RFID system to increase inpatient medication safety |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20230718 Address after: 221000 No. 6, Keji Road, Xuzhou Economic and Technological Development Zone, Xuzhou City, Jiangsu Province Patentee after: XCMG Hanyun Technology Co.,Ltd. Address before: Nanhu campus of China University of mining and technology Patentee before: CHINA University OF MINING AND TECHNOLOGY |
|
TR01 | Transfer of patent right |