CN111211903A - Mobile group perception data report duplication removing method based on fog calculation and privacy protection - Google Patents

Abstract

The invention discloses a mobile group perception data report duplication removing method based on fog calculation and privacy protection, which comprises the steps of firstly adopting encryption primitives to realize safe task allocation and ensuring the confidentiality of crowdsourcing reports; then, an MLE algorithm is improved to achieve mobile group perception data report deduplication capable of protecting privacy, meanwhile identities of contributors in the fog nodes are hidden, and repeated data counterfeiting attacks are effectively resisted. In addition, the invention also adopts an aggregation signature algorithm to realize efficient signature aggregation and verification, and fairly records the contribution of each participant under the condition of not checking the specific content of the mobile group perception data report; and finally, constructing an efficient retrieval method, and rewarding real contributors while detecting greedy participants. In practical application, the communication overhead is greatly reduced, but the communication efficiency is higher, and the privacy is greatly improved.

Description

Mobile group perception data report duplication removing method based on fog calculation and privacy protection

Technical Field

The invention relates to a safe and efficient mobile group perception data report duplication elimination technology, in particular to a mobile group perception data report duplication elimination method based on fog calculation and privacy protection.

Background

With the popularization of a large number of mobile terminal devices such as smart phones, vehicle-mounted electronic devices, wireless communication devices and wearable electronic devices, each mobile terminal can become an information acquisition node, intelligent terminals all over the world form a huge intelligent antenna, relevant data of users can be rapidly acquired, and the data collection and information sharing mode based on swarm intelligence is called mobile swarm awareness.

Mobile group awareness allows a large number of individuals to collectively perceive data and extract relevant information that the user needs using their mobile devices (e.g., smartphones, smart glasses, drones, cameras, and computers). It supports more and more sensing applications, from restaurant recommendations, effective recommendations for parking space discovery, etc., to environmental monitoring, such as air quality measurements, noise level measurements, and dam water discharge warnings. By means of group intelligence and user mobility, the quality of sensing data is improved, the scale of sensing application is expanded, and the cost of high-quality data collection is reduced. The success of mobile crowd sensing depends greatly on the participating mobile users, and the wider the participation range is, the more sensing data is collected, and the more accurate the information is collected. However, this may generate more duplicate data, thereby causing unnecessarily heavy communication overhead. Therefore, it is important to eliminate duplicate data to improve communication efficiency (i.e., deduplication). Unfortunately, sensed data is often protected and deduplication is challenging.

In addition, security and privacy issues for public devices are a serious challenge: the mobile sensor collects real-time data from the surrounding environment, which may contain some sensitive information. An attacker can extract a variety of personal information (such as location information, personal preferences, health status, political aspects, etc.) from the quorum-sensing system data reports. Therefore, the protection of personal privacy in the mobile group awareness system is an urgent problem to be solved.

In addition, data encryption is widely used to achieve data confidentiality in order to protect the privacy of mobile users, but it poses a significant obstacle to the detection of duplicate data by middleware. At present, domestic and foreign researchers have already carried out a lot of research on the aspects of data report deduplication and encryption of a group sensing system, and the deduplication of the data report is usually realized by adopting Message Lock Encryption (MLE), and the original data cannot be leaked while the contribution of mobile terminal equipment is recorded by adopting a signature aggregation scheme. In the data report deduplication stage, the fog node judges whether the two reports are the same or not by comparing the ciphertext tags, and only one data copy is reserved for the same data, so that the system communication overhead is reduced.

In MLE, however, the same plaintext always maps to the same ciphertext, and the plaintext is encrypted by a randomly selected key. Unfortunately, MLE is vulnerable to offline brute force attacks, in which an adversary can obtain crowd-sourced data by guessing the possible plaintext in an encrypted crowd-sourced data report, which is particularly the case in some special applications, such as air quality measurements. Therefore, we should improve MLE to ensure the security of data reporting. In addition, during the deduplication process of the mobile community-aware data report, the fog node can distinguish whether the two reports are the same by comparing the tag parts of the ciphertext, and only one copy is reserved for reducing the overhead. But if the equality of the mobile community-aware data reports can be detected in public places, an attacker (external attacker or lazy participant) can easily forge a duplicate data report, not only destroying their plan in the aggregate signature authentication phase, but even being rewarded without performing the task. To counteract this copy-forgery attack, we should implement privacy-preserving mobile community-aware data report deduplication. Furthermore, after ensuring security and privacy in the data report deduplication process (without exposing the specific identity of the mobile terminal user to the fog node), only one copy of the duplicate data reports is returned to the mobile community awareness server. A lazy participant may steal a honest participant or a greedy participant to ask for a rewarded mobile group awareness data report multiple times to claim itself as a contributor to a duplicate data report.

In summary, it is also a challenge to determine the true contributors to repeated mobile community awareness data reporting. In summary, it is important not only to achieve secure and privacy-preserving data report deduplication, but also to fairly record the contributions of each mobile terminal user without revealing crowd-sensing data.

Disclosure of Invention

The purpose of the invention is as follows: the invention aims to solve the defects in the prior art and provides a mobile group perception data report deduplication method based on fog calculation and privacy protection.

The technical scheme is as follows: the invention discloses a mobile group perception data report duplication eliminating method based on fog calculation and privacy protection, which comprises the steps that a user uses the method

Cloud service provider

Fog node

And mobile terminal equipment

The user

Creating and submitting tasks to cloud facilitators

The cloud service provider

For the user

Providing a mobile community awareness service; the fog node

Completing task distribution, data report deduplication and data uploading; the mobile terminal device

The data acquisition, processing and communication are completed;

the method specifically comprises the following steps:

(1) initializing a system;

(2) distributing tasks;

(3) collecting data;

(4) data report deduplication;

(5) data report acknowledgement;

(6) decrypting the data report;

(7) reward and revocation;

wherein, the detailed process of the system initialization in step (1) is as follows:

(1.1) inputting common parameters

Wherein

A multiplication loop group of prime order p, formed by elements

Generating;

is a multiplicative cyclic group of prime order q, so there is a pairing

H₁Is a hash function

H₂Is a hash function

H₃Is a hash function

(1.2) cloud facilitator

Selecting random numbers

As a key

And generates a corresponding public key

(1.3) for each registered mobile terminal device

For which a private key for ECC-160 encryption/decryption is calculated

And public key

And cloud service provider

Calculate its signature key

Wherein

For mobile terminal equipment

The identity of (2);

(1.4) for each fog node

Calculating private keys for ECDSA (elliptic Curve digital signature Algorithm) signature and verification operations, respectively

And public key

Further, the step (2) of task allocation specifically comprises the following steps:

(2.1) when the user is

When it is desired to initiate a task based on location loc for location loc,

selecting a random number

And calculates a temporary public key

Then, the user can use the device to perform the operation,

through secure channel to cloud facilitator

Sending a task request, namely:

where loc is the location of the task, T_eThe validity period of the task, T the task,

is a temporary public key;

(2.2) cloud facilitator

After the task request is received, the task request is sent to the server,

selecting

As a unique identifier for task T and selects a set of fog nodes based on location loc

Then, the cloud service provider

Tasking over secure channels

Is pushed to each selected

(2.3) acting as a fog node

Receiving cloud service provider

Task of sending

After that time, the user can use the device,

selecting a series of mobile terminal equipment according to the requirement of task T

Then the

For each one

Selecting a random number

And calculates a temporary public key

Then, the process of the present invention is carried out,

calculating K_iAnd

wherein the content of the first and second substances,

for the purpose of the ECC-160 encryption operation,

signing an algorithm for ECDSA;

(2.4) mist node

Sending

To mobile terminal equipment

Is a fog node

Signature for task T.

In this step, the temporary public key is passed

And

to further achieve privacy protection, i.e. to generate one session key at a time, enabling the mobile terminal device

It is not known which initiator initiated the task.

Further, the data acquisition in the step (3) specifically comprises the following steps:

(3.1) Mobile terminal device

Receive fog node

Task request message of

After that, the air conditioner is started to work,

authentication

Validity of the signature;

T_ethe validity period of the task, T the task,

in order to be the temporary public key,

is a temporary public key;

(3.2) after passing the verification, the mobile terminal equipment

Computing

Thereby obtaining task T and temporary public key

Wherein the content of the first and second substances,

decrypt operations for ECC-160;

(3.3) then, the mobile terminal device

Collecting data according to task T and generating mobile group perception data report P_i；

(3.4) as protection P_i，

Selecting random numbers

Then, calculating:

wherein Enc is AES-128 encryption operation;

L_iand

are all temporary variables, i.e.:

in order to calculate the material for the purposes of de-weighting,

in order to calculate the hash value from the report,

is based on

Calculated hash value, L_iIn order to report the encryption key(s),

in order to report the encrypted ciphertext,

computing material for the deduplication hiding portion and

and_vicalculating to obtain;

(3.5) to ensure the integrity and authenticity of the report,

random selection

And calculating:

wherein the content of the first and second substances,

in order to be a part of the signature,

the intermediate part is calculated for the signature,

being a signature part, epsilon_iIn order to be a signature,

hiding a portion for a signature identity;

(3.6) finally, the mobile terminal device

To fog node

The following information is sent:

in the step (3.1), the step (c),

authentication

Verification of the signature using ECDSA, i.e. calculation, for validity of the signature

If the verification is true, if the signature passes the verification immediately, the method is

A legitimate message to send. Wherein

Is the signature algorithm/verification algorithm of the ECDSA signature algorithm.

The steps are realized by abandoning the transmission of t in the prior art in an ECC encryption mode_iIndirectly reveal the corresponding relation between the replied report and the identity of the reporter, and adopt the generation of temporary t_i. At the same time

And L_iIs generated such that subsequent users

Not only can decrypt, but also can solve the problems in the prior art

Is aware of

The identity of (according to the ECC public key). Meanwhile, the signature in step (3.5) can hide the identity of the reporter, that is, the hash value corresponding to the identity of the reporter, which is a fixed value in the comparison scheme, and the identity of the reporter can be tracked according to the hash value calculated according to the identity of the reporter (which implies that the identity of the reporter and the corresponding report message are already known by the fogger node).

Further, the data report deduplication in the step (4) specifically comprises the following steps:

(4.1) mist node

From different mobile terminal devices

Receiving a Mobile group awareness report P_iThen, therein is provided with P_iThere are n reports in the set of n,

performing data report deduplication and signature aggregation operations: first, for each

Computing

Then, the user can use the device to perform the operation,

according to

To detect duplicate data reports Q;

that is, since the step (3.4) describes

And is

Then pass through

Can be calculated to obtain

Thereby t can be recovered_i；

(4.2) to record the contribution of duplicate reports, fog nodes

The corresponding signatures are subjected to the following aggregation operations:

(4.3) mist node

Randomly selecting one of the duplicate reports

And to cloud service provider

The following information is sent:

wherein the content of the first and second substances,

e is a bilinear operation, and e is a bilinear operation,

is a random specific element in Q and j is the remaining (n-Q) non-repeating elements in a set of reports.

Further, the data report confirmation in step (5) specifically includes the following steps:

(5.1) as a cloud facilitator

Received fog node

After the transmitted aggregation report, report signature confirmation is performed by judging whether the following equation stands:

the valid verification of the signature is described as follows:

(5.2) for other signatures 1 ≦ j ≦ n,

cloud service provider

Report signature validation is performed by determining whether the following equation holds:

wherein Q is a set of duplicate reports;

the valid verification of the signature is illustrated below:

(5.3) after the signature verification is passed,

forwarding valid reports to

As follows:

further, the data report decryption in step (6) specifically comprises the following steps:

(6.1) when the user receives the crowd sensing data report, calculating the following formula:

(6.2) then, the step of,

checking equation

If true, discard quorum-sensing data report P if the equality is not true_i', if the equation holds true, the retained population perception data report P_i'。

In order to solve the problem of how to distribute rewards and solve the problem of greedy contributors (reporting multiple rewards for obtaining multiple rewards and reporting multiple rewards for once) while distributing rewards under privacy and deduplication conditions, the specific steps of rewarding and revoking in the step (7) are as follows:

(7.1) in the task allocation process, cloud service provider

Selecting a random number

And calculate

Then, the user can use the device to perform the operation,

tasking over secure channels

Forward to each selected fog node

Finally, the process is carried out in a batch,

calculating K_iAnd to the mobile terminal device

Sending

Wherein the content of the first and second substances,

by

Computing

Obtaining;

(7.2) during the data collection process,

computing

And

finally, the process is carried out in a batch,

the following information is sent:

(7.3) in the report deduplication process,

will be selected

And

is returned to

(7.4) in the report validation process,

computing

And

where Dec is the AES-128 decryption operation;

after passing report verification, pass check

Whether it holds to recover each contributor; and can recover the failed authentication of the internal attacker.

Has the advantages that: compared with the prior art, the invention has the following advantages:

(1) in order to reduce communication burden, an improved MLE algorithm is adopted, privacy protection in the data report deduplication process is achieved, and data forgery attacks are resisted. In particular, the label part of the ciphertext is hidden in the communication process, and the fog node does not check specific report contents while checking the uniqueness of the perception report, namely: allowing the fog node to check whether the crowd-sensing data reports are the same without knowing the detailed crowd-sensing data.

(2) In order to realize the record of contribution to the mobile terminal equipment in the report deduplication process, an improved identity-based multi-signature scheme is adopted to support signature aggregation, and anonymous signature aggregation operation is supported. Therefore, the efficient and safe aggregation confirmation function can be realized, and the mobile terminal equipment contributing to the group perception report can be recorded.

(3) To record the true contributors when detecting lazy or greedy participants, the present invention constructs an efficient method through cryptographic primitives to ensure that each contributor can only receive a corresponding reward once.

In summary, the present invention utilizes fog computing for mobile population awareness, supporting precise task allocation and secure deduplication, which is a new architecture providing data computation, storage, processing and networking services (including location awareness, geographical distribution and low latency) that approximate terminal devices. With the aid of fog computing, many dispersed mobile devices can communicate and cooperate with other mobile devices in an ad-hoc manner via fog nodes located at the edge of the internet

Drawings

FIG. 1 is a system block diagram of an embodiment;

FIG. 2 is a schematic diagram of an example data report deduplication process;

FIG. 3 is a schematic diagram illustrating comparison of communication overhead under different schemes according to the embodiment, wherein FIG. 3(a) and FIG. 3(b) are

The communication overhead of the mobile group perception data with different sizes is shown schematically in FIG. 3(c) and FIG. 3(d)

Communication overhead diagrams of mobile group awareness data of different sizes;

FIG. 4 is a schematic diagram illustrating comparison of computation costs at different stages of different schemes according to an embodiment, wherein FIG. 4(a) and FIG. 4(b) are schematic diagrams illustrating computation costs at different stages at different repetition rates;

fig. 5 is an average delay graph of a mobile group perception task in an embodiment, wherein fig. 5(a) and fig. 5(b) are average delay graphs of different numbers of mobile terminal devices at different repetition rates.

Detailed Description

The technical solution of the present invention is described in detail below, but the scope of the present invention is not limited to the embodiments.

As shown in fig. 1, the Mobile group awareness data report deduplication method based on Fog calculation and privacy protection of the present invention is a Mobile group awareness system based on Fog calculation, and the Mobile group awareness system includes a user (Customer), a cloud Service provider (Service cloud), a Fog node (Fog node), and a Mobile Terminal Device (Mobile Terminal Device), which are abbreviated as user, cloud Service provider (Service cloud), and Mobile Terminal Device (Fog node), respectively

Wherein the content of the first and second substances,user' s

Can be individual users or user organizations, the users in the system

Creating a task specifying location loc and submitting the task to a cloud facilitator

Cloud service provider

For the user

Providing a community aware service.

First, the cloud facilitator

Selecting corresponding fog nodes according to position information required by task T

And distribute the tasks. Then, via the fog node

transport/Forwarding tasks, cloud facilitators

And collecting, evaluating and processing data uploaded by the mobile terminal equipment. Meanwhile, cloud service provider

For contributing mobile terminal equipment

A corresponding reward is provided. Fog node

Deployed at the network boundary. As a cloud service provider

And mobile terminal device

The medium between them is connected by wire or wireless. Fog node

Distributing tasks to mobile terminal devices according to task requirements

Finishing the duplication elimination work of the group perception data report and uploading the duplicated data to the cloud service provider

Mobile terminal device

The system is responsible for completing the task of fog node distribution and data acquisition, processing and communication. In addition, mobile terminal device

By going to cloud facilitator

The data is contributed to report to obtain a corresponding reward.

Notation and formula convention:

is provided with

A multiplication loop group of prime order p, formed by elements

Generating;

is another multiplication cycle group of prime order p, so that there is pairing

Has the following characteristics:

bilinear: for arbitrary

With e (P)^a,Q^b)＝e(P,Q)^ab；

Non-degenerate: e (g, g) ≠ 1;

calculability: for arbitrary

e (P, Q) is sufficiently calculable.

The mobile group perception data report deduplication method based on fog calculation and privacy protection comprises the following specific steps:

1. initializing a system: inputting common parameters

Wherein

A multiplication loop group of prime order p, formed by elements

Generating;

is another multiplicative cyclic group of prime order q, so there is pairing

H₁Is a hash function

H₂Is a hash function

H₃Is a hash function

Cloud service provider

Selecting random numbers

As a key

And generates a corresponding public key

For each registered mobile terminal device

For which a private key for ECC-160 encryption/decryption is calculated

And public key

Further, cloud service provider

Calculate its signature key

Wherein

For mobile terminal equipment

The identity of (2); for each fog node

Calculating private keys for ECDSA (elliptic Curve digital signature Algorithm) signature and verification operations, respectively

And public key

2. And (3) task allocation: when the user is

When it is desired to initiate a location-based task for location loc, a random number is selected

And calculates a temporary public key

Finally, it sends the following messages to the cloud facilitator through the secure channel

Where loc is the location of the task, T_eThe validity period of the task T, T is the task,

is a temporary public key;

after receiving the task request, the cloud service provider

Selecting

As a unique identifier for task T and selects a set of fog nodes based on loc

Then, the user can use the device to perform the operation,

tasking over secure channels

Forward to each selected

Node when fog

Receiving cloud service provider

Task of sending

Then, a series of mobile terminal devices are selected according to the requirements of the task T

Then the

For each one

Selecting a random number

And calculate

Then theComputing

Calculating K_iAnd

wherein the content of the first and second substances,

for the purpose of the ECC-160 encryption operation,

signing an algorithm for ECDSA;

finally, the fog node

Sending

To mobile terminal equipment

Wherein

Is a fog node

Signature for task T.

3. Data acquisition:

mobile terminal device

Receiving a task request message

After that, the air conditioner is started to work,

the following operations will be performed:

T_ethe validity period of the task, T the task,

in order to be the temporary public key,

is a temporary public key;

·

authentication

Validity of the signature;

after the verification is passed, the verification is carried out,

computing

Get task T and

wherein the content of the first and second substances,

decrypt operations for ECC-160;

then, the system is started and stopped,

begin collecting data from T and generating a quorum-sensing data report P_i. To protect P_i，

Random selection

Then calculate

Wherein Enc is AES-128 encryption operation;

L_iand

are all temporary variables;

and

is a report component;

to ensure the integrity and authenticity of the report,

random selection of w_i，

And calculating:

wherein the content of the first and second substances,

is a signature componentThe method comprises the following steps of dividing,

the intermediate part is calculated for the signature,

being a signature part, epsilon_iIn order to be a signature,

hiding a portion for a signature identity;

finally, the mobile terminal

To fog node

The following information is sent:

4. data report deduplication, as shown in fig. 2:

node when fog

From different mobile terminal devices

Upon receiving a mobile community-aware report (assuming n reports), data deduplication and signature aggregation operations will be performed:

·

will calculate

Then, the user can use the device to perform the operation,

according to

To detect duplicate data Q;

wherein the content of the first and second substances,

and is

Then

In order to record the contribution of duplicate reports,

the aggregation of the corresponding signatures is as follows:

finally, the process is carried out in a batch,

randomly selecting a copy from the duplicate record set Q

And sends the following messages to

Wherein the content of the first and second substances,

e is a bilinear operation, and e is a bilinear operation,

is a random specific element in Q and j is the remaining (n-Q) non-repeating elements in a set of reports.

5. Report confirmation:

cloud service provider

Upon receipt of the aggregated report, report signature validation is performed by checking whether the following equation holds:

for other signatures

Cloud service provider

Determining whether the following equation holds for report signature validation:

after signature verification, cloud service provider

Forwarding valid reports to a user

As follows:

6. report decryption:

when the user is

When a group perception report is obtained, the following formula is calculated:

then checking

Whether or not this is true. Discarding the quorum-sensing data report P if the equality is not true_i', if the equation holds true, the retained population perception data report P_i'。

7. Reward and revocation:

to distribute rewards and revoke internal attackers during mobile community-aware data report deduplication operations, we improve our scheme at each stage by the following additional operations:

during task assignment, cloud facilitator

Selecting a random number

And calculate

Then, the user can use the device to perform the operation,

tasking over secure channels

Forward to each selected fog node

Finally, the process is carried out in a batch,

calculating K_iAnd to the mobile terminal device

Sending

During the course of the data collection, it is,

computing

And

finally, the process is carried out in a batch,

the following information is sent:

in the process of report deduplication,

will be selected

And

is returned to

In the course of the verification of the report,

computing

And

where Dec is the AES-128 decryption operation; therefore, the temperature of the molten metal is controlled,

after passing report verification, pass check

Whether or not it holds to recover each contributor, and in addition, it can recover the failed verification of internal attackers.

Example (b):

in the implementation process, the performance of the security policy is quantified through two aspects of calculation overhead and communication overhead. Wherein, T_mul、T_exp、T_par、T_mulRespectively represent to

Time of dot product operation, for

Time for performing exponentiation operation

Time for performing exponentiation operation

Time to perform dot product operation. In addition, T_aesAnd T_eccRespectively represent to

Time to perform AES-128 encryption/decryption operations and

the time to perform ECC-160 encryption/decryption operations. Here, the time used for the Hash operation is ignoredAnd (3) removing the solvent.

In addition, for the evaluation of the communication overhead, a parameter S is used_aes、S_ecc、

Respectively representing the cipher text length encrypted by AES-128, the cipher text length encrypted by ECC-160, and H₂Length of (H)₃The length of (A) and (B),

The length of (A) and (B),

Length of (d).

In this example, the specific performance analysis is as follows:

and (3) task allocation: fog node

Encryption

The elapsed time is T_ecc. After that time, the user can use the device,

for each selected mobile terminal device

Sending

The corresponding communication overhead is about

Thus, for n selected mobile terminal devices, the corresponding computation and communication costs are nT_ecc+T_expAnd

data acquisition: mobile terminal device

First of all, calculate

To obtain

The elapsed time is T_ecc. After the data collection is completed, it should perform data encryption and signature operations, which takes a time of (7T)_exp+T_aes+T_mul). Finally, the process is carried out in a batch,

sending a report to a fog node

The corresponding communication overhead is about

Thus, the total computational overhead is about (7T)_exp+T_ecc+T_aes+T_mul) And the communication overhead is about

Data report deduplication: suppose sending to a fog node

The number of reports of (2) is n, and the number of copied reports is Q. When in use

After receiving the data report, it should be calculated

This requires a time consumption of nT_exp. Then, a signature aggregation operation is performed on the replicated dataTakes 3(Q-1) T_mul+T_par. Finally, the fog node

Forwarding the messages to a cloud facilitator

The corresponding communication overhead is about

The total computation and communication overhead is nT_exp+3(Q-1)T_mul+T_parAnd

data report confirmation: after receiving the report information, the cloud service provider executes signature confirmation operation, and the data report deduplication cost is (n-Q) (2T)_par+T_exp+T_mul) The aggregate signature overhead is (2T)_par+T_exp+T_mul) Is forwarded to

Has a mail size of about

The total computational overhead is (n-Q +1) (2T)_par+T_exp+T_mul) The total communication overhead is

Data report decryption: to obtain the report content, the user

The received message should be decrypted with a corresponding computational overhead of about ((n-Q +1) (T)_exp+T_aes)。

Reward and revocation: to distribute the reward and to revoke an internal attacker,

will be provided with

Is sent to

The corresponding communication overhead is about nS_aes. Then, the user can use the device to perform the operation,

should check its validity, the overhead is about n (2T)_exp+T_aes)。

In the implementation process, the PBC library is adopted, the type A parameters are adopted, and the safety is equivalent to that of 1024-bit discrete logarithm. Therefore, the temperature of the molten metal is controlled,

size 512 bits, size q 160 bits, size T1280 bits, and crowdsourcing data P_iRespectively, are 1028 bits/2048 bits. The experimental code was run on a PC configured as follows: 2.90 GHz Intel (R) core (TM) i9-8950HK CPU, 8GB memory, Ubuntu 18.04.

Based on the comparison between the scheme of Ni (task assignment and data deduplication scheme for providing security for mobile crowd sensing published by Ni et al) and the scheme of w/o (existing no-data deduplication scheme), FIGS. 3(a) and 3(b) show mobile crowd sensing data (P) of different sizes_i1024 and P_i2048) corresponding communication overhead. As shown in fig. 3(a), for these three schemes,

the size of the communication overhead between them increases linearly with the number of mobile terminal devices in the report. In addition, comparing fig. 3(a) and fig. 3(b), the size of the mobile community awareness data report also affects the communication overhead. FIGS. 3(c) and 3(d) show

With different sizes of mobile community aware data. Obviously, when more data reports or larger-scale mobile group perception data are submitted to the fog nodes, the communication overhead of the scheme of the invention is far lower than that of the other two schemes.

Fig. 4(a) and 4(b) show simulation results (e.g., repetition rate (Q/n is 20%, Q/n is 40%) and length of moving population perception data (P) under different parameter settings_i＝1024，P_i2048)), wherein T-A, D-C, R-D, R-V, R-DC respectively corresponds to five stages of task distribution, data collection, data report deduplication, report verification and report decryption. In the implementation process, the calculation overhead is mainly composed of pairs

And

operation (e.g. T)_exp，T_mulAnd T_par) And (4) causing.

Comparing fig. 4(a) and fig. 4(b) shows that: the invention consumes less computational cost and the advantages of the scheme of the invention are more obvious with the increase of the repetition rate. This is because the total computational overhead of the present invention decreases as Q/n increases, whereas the reduction in computational overhead in the Ni et al scheme only occurs in the R-DC stage. Since the foggy node should first verify each signature in each report, the repetition rate only affects the overhead of the R-DC stage. Obviously, the present invention greatly reduces the computational overhead of the fog node (R-D stage). In addition, in the scheme of the invention, the corresponding calculation overhead of R-V is reduced along with the increase of Q/n.

As shown in fig. 5(a), for the three schemes, the larger the number of mobile terminal devices in the mobile community awareness data report, the more the average task delay increases almost linearly. Compared with the other two schemes, the invention has better time delay efficiency and increased speed. In addition, comparing fig. 5(a) and 5(b), the average task delay decreases as the replication rate increases. The invention has higher efficiency and greatly reduces the calculation overhead of the user side.

Claims (7)

1. A mobile group perception data report deduplication method based on fog calculation and privacy protection is characterized in that: including the user

Cloud service provider

Fog node

And mobile terminal equipment

The user

Creating and submitting tasks to cloud facilitators

The cloud service provider

For the user

Providing a mobile community awareness service; the fog node

Completing task distribution, data report deduplication and data uploading; the mobile terminal device

The data acquisition, processing and communication are completed;

the method specifically comprises the following steps:

(1) initializing a system;

(2) distributing tasks;

(3) collecting data;

(4) data report deduplication;

(5) data report acknowledgement;

(6) decrypting the data report;

(7) reward and revocation;

wherein, the detailed process of the system initialization in step (1) is as follows:

(1.1) inputting common parameters

Wherein

A multiplication loop group of prime order p, formed by elements

Generating;

is a multiplicative cyclic group of prime order q, so there is a pairing

H₁Is a hash function

H₂Is a hash function

H₃Is a hash function

(1.2) cloud facilitator

Selecting random numbers

As a key

And generates a corresponding public key

(1.3) for each registered mobile terminal device

For which a private key for ECC-160 encryption/decryption is calculated

And public key

And cloud service provider

Calculate its signature key

Wherein

For mobile terminal equipment

The identity of (2);

(1.4) for each fog node

Calculating private keys for ECDSA signature and verification operations, respectively

And public key

2. The fog-computing-based and privacy-preserving mobile community-aware data report deduplication method of claim 1, wherein: the task allocation in the step (2) comprises the following specific steps:

(2.1) when the user is

When it is desired to initiate a task based on location loc for location loc,

selecting a random number

And calculates a temporary public key

Then, the user can use the device to perform the operation,

through secure channel to cloud facilitator

Sending a task request, namely:

where loc is the location of the task, T_eThe validity period of the task, T the task,

is a temporary public key;

(2.2) cloud facilitator

After the task request is received, the task request is sent to the server,

selecting

As a unique identifier for task T and selects a set of fog nodes based on location loc

Then, the cloud service provider

Tasking over secure channels

Is pushed to each selected

(2.3) acting as a fog node

Receiving cloud service provider

Task of sending

After that time, the user can use the device,

selecting a series of mobile terminal equipment according to the requirement of task T

Then the

For each one

Selecting a random number

And calculates a temporary public key

Then, the process of the present invention is carried out,

calculating K_iAnd

wherein the content of the first and second substances,

for the purpose of the ECC-160 encryption operation,

signing an algorithm for ECDSA;

(2.4) mist node

Sending

To mobile terminal equipment

Wherein

Is a fog node

Signature for task T.

3. The fog-computing-based and privacy-preserving mobile community-aware data report deduplication method of claim 1, wherein: the data acquisition in the step (3) comprises the following specific steps:

(3.1) Mobile terminal device

Receive fog node

Task request message of

After that, the air conditioner is started to work,

authentication

Validity of the signature;

T_ethe validity period of the task, T the task,

in order to be the temporary public key,

is a temporary public key;

(3.2) after passing the verification, the mobile terminal equipment

Computing

Thereby obtaining task T and temporary public key

Wherein the content of the first and second substances,

decrypt operations for ECC-160;

(3.3) then, the mobile terminal device

Collecting data according to task T and generating mobile group perception data report P_i；

(3.4) as protection P_i，

Selecting random numbers

Then, calculating:

wherein Enc is AES-128 encryption operation;

L_iand

are all temporary variables;

and

is a report component;

(3.5) to ensure the integrity and authenticity of the report,

random selection

And calculating:

wherein the content of the first and second substances,

in order to be a part of the signature,

the intermediate part is calculated for the signature,

in order to be a part of the signature,

in order to be a signature,

hiding a portion for a signature identity;

(3.6) finally, the mobile terminal device

To fog node

The following information is sent:

4. the fog-computing-based and privacy-preserving mobile community-aware data report deduplication method of claim 1, wherein: the data report deduplication in the step (4) specifically comprises the following steps:

(4.1) mist node

From different mobile terminal devices

Receiving a Mobile group awareness report P_iThen, therein is provided with P_iThere are n reports in the set of n,

performing data report deduplication and signature aggregation operations: first, for each

Computing

Then, the user can use the device to perform the operation,

according to

To detect duplicate data reports Q;

(4.2) to record the contribution of duplicate reports, fog nodes

The corresponding signatures are subjected to the following aggregation operations:

(4.3) mist node

Randomly selecting one of the duplicate reports

And to cloud service provider

The following information is sent:

wherein the content of the first and second substances,

e is a bilinear operation, and e is a bilinear operation,

is a random specific element in Q, j is the remaining (n-Q) non-repeating elements in a set of reports;

5. the fog-computing-based and privacy-preserving mobile community-aware data report deduplication method of claim 1, wherein: the data report confirmation in the step (5) comprises the following specific steps:

(5.1) as a cloud facilitator

Received fog node

After the transmitted aggregation report, report signature confirmation is performed by judging whether the following equation stands:

(5.2) for other signatures 1 ≦ j ≦ n,

cloud service provider

Report signature validation is performed by determining whether the following equation holds:

wherein Q is a set of duplicate reports;

(5.3) after the signature verification is passed,

forwarding valid reports to

As follows:

6. the fog-computing-based and privacy-preserving mobile community-aware data report deduplication method of claim 1, wherein: the data report decryption in the step (6) specifically comprises the following steps:

(6.1) when the user receives the crowd sensing data report, calculating the following formula:

(6.2) then, the step of,

checking equation

If true, discard quorum-sensing data report P if the equality is not true_i', if the equation holds true, then the group-aware datagram is retainedNotice P_i'。

7. The fog-computing-based and privacy-preserving mobile community-aware data report deduplication method of claim 1, wherein: the specific steps of rewarding and canceling in the step (7) are as follows:

(7.1) in the task allocation process, cloud service provider

Selecting a random number

And calculate

Then, the user can use the device to perform the operation,

tasking over secure channels

Forward to each selected fog node

Finally, the process is carried out in a batch,

calculating K_iAnd to the mobile terminal device

Sending

(7.2) during the data collection process,

computing

And

finally, the process is carried out in a batch,

the following information is sent:

(7.3) in the report deduplication process,

will be selected

And

is returned to

(7.4) in the report validation process,

computing

And

where Dec is the AES-128 decryption operation;

after passing report verification, pass check

Whether it holds to recover each contributor; and can recover the failed authentication of the internal attacker.

Images