CN111491294A - Switching-based privacy protection delay tolerant network routing method - Google Patents
Switching-based privacy protection delay tolerant network routing method Download PDFInfo
- Publication number
- CN111491294A CN111491294A CN202010265619.0A CN202010265619A CN111491294A CN 111491294 A CN111491294 A CN 111491294A CN 202010265619 A CN202010265619 A CN 202010265619A CN 111491294 A CN111491294 A CN 111491294A
- Authority
- CN
- China
- Prior art keywords
- node
- information
- exchange
- message
- encounter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/009—Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W40/00—Communication routing or communication path finding
- H04W40/02—Communication route or path selection, e.g. power-based or shortest path routing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a privacy protection delay tolerant network routing method based on exchange, which can be used for obtaining meeting information and calculating a real utility value to forward messages while protecting privacy information by nodes. The invention discloses a privacy protection delay tolerant network routing method, which comprises the following steps: (10) system setting: the trusted authority issues system parameters, the mobile node registers, and the trusted authority carries out information digital signature and node communication signature; (20) node encounter record information generation: the transmission node meets the non-transmission node to generate node meeting record and abstract; signing the abstract information; (30) non-transfer node encounter record information exchange: non-transmission nodes meet to exchange meeting record information; (40) exchange encounter record information distribution: merging, deleting and adding exchange encounter records of the encounter nodes; (50) calculating a routing efficiency value: the transmission node calculates a real utility value; (60) message routing and forwarding: and message forwarding is carried out between the nodes.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a privacy protection delay tolerant network routing method based on exchange.
Background
The end-to-end communication of the traditional Internet wired network and manet (mobile Ad Hoc network) mobile network is assumed under the premise of network connectivity, and the end-to-end communication cannot be communicated under the network environment that long time delay and intermittent connection exist in a link. In order to effectively transfer data in the presence of intermittent connections in the network, researchers have proposed a new network architecture, namely, delay Tolerant network dtns (delay Tolerant networks). The DTNs are widely applied to the fields of mobile social networks, vehicle-mounted networks, disaster relief, environmental monitoring, military strategies and the like.
The method includes that for effective DTNs data transfer, relevant students already propose some routing and distribution protocols, a common routing protocol in DTNs is a routing protocol based on a utility value, when meeting between nodes in the protocol, a routing utility value is calculated through meeting information, then message forwarding is carried out according to a utility value, but Privacy information such as meeting times, time, location, trajectory and the like is leaked in routing if real identity communication is adopted, Privacy information such as identity, routing utility value and the like is protected, Kate A of the university of sliding iron Canada and the like propose a first DTNs anonymous communication solution which proposes a DTNs security framework and guarantees effective security communication through an identity-based encryption method (see documents of Kate A, Zaveragenetcom G, where the Privacy network U, anonymity and security information in Privacy relay networks [ C ]. C of Privacy of EEm, Nippliernet, 504: 513. C ] and Privacy information protection, Privacy, protection, Privacy, protection, Privacy, and Privacy, etc. are carried out by a communication, and Privacy protection, a communication network, a communication protection, a communication network, a communication protection, a Privacy protection, a communication network, a Privacy protection, a communication network, a Privacy protection, a communication network, a Privacy protection, a communication network, a Privacy protection, a communication network, a Privacy protection, a communication network, a Privacy protection, a communication network.
In summary, the problems of the prior art are as follows: the privacy protection routing method aiming at the DTNs based on the utility value cannot obtain node encounter information and calculate the real utility value while protecting the node privacy information.
Disclosure of Invention
The invention aims to provide a privacy protection delay tolerant network routing method based on exchange, so that nodes can obtain meeting information and calculate a real utility value to forward messages while protecting privacy information.
The technical solution for realizing the purpose of the invention is as follows:
a privacy protection delay tolerant network routing method based on exchange comprises the following steps:
(10) system setting: the trusted authority issues system parameters, the mobile node registers, and the trusted authority carries out information digital signature and node communication signature;
(20) node encounter record information generation: the transmission node and the non-transmission node meet each other to generate a node meeting record containing information such as a record serial number, a pseudo-random identifier, meeting time and the like; generating an encounter record abstract through a hash function; respectively signing the summary information through a private key of the user;
(30) non-transfer node encounter record information exchange: non-transmission nodes meet, and meeting record information exchange is carried out according to the real utility value of each node and the transmission node and the utility value after the meeting record is exchanged;
(40) exchange encounter record information distribution: setting an information confirmation set by the encountering node, merging the information confirmation set, deleting the confirmed exchange encountering records, and adding the exchange encountering records which are existed in the node of the opposite side and are not existed in the node of the opposite side;
(50) calculating a routing efficiency value: when the non-transmission node exchanges the encounter record information and is sent to the transmission node, the transmission node decrypts the encounter record information through the shared secret key of the non-transmission node to obtain the exchanged non-transmission node identifier, and the exchanged non-transmission node identifier and the real utility value of the exchanged non-transmission node identifier are calculated;
(60) message routing and forwarding: and the non-transmission node sends the message, presents the real identification certificate and sends the message between the transmission node and the non-transmission node, and when the transmission nodes meet, the message is forwarded to the node with a large utility value. Compared with the prior art, the invention has the following remarkable advantages:
in the method, the encounter record information is exchanged when the non-transmission nodes meet, and the exchanged encounter record information is sent to the transmission node when the non-transmission nodes meet the transmission node, so that the transmission node calculates the real utility value of the non-transmission nodes and protects the real identification privacy information of the non-transmission nodes.
The utility value calculation of the mobile node can be directly carried out without depending on any credible third party in the protocol, and the protocol is suitable for DTNs with long time delay and frequent link interruption.
The invention is described in further detail below with reference to the figures and the detailed description.
Drawings
FIG. 1 is a main flow diagram of the switching-based privacy preserving delay tolerant network routing method of the present invention.
Fig. 2 is a flow chart of the system setup steps of fig. 1.
Fig. 3 is a system network model diagram.
FIG. 4 is an exemplary graph of encounter records.
Fig. 5 is a flowchart of the non-transit node encounter record information exchange step of fig. 1.
FIG. 6 is a schematic diagram of an encounter record exchange process.
FIG. 7 is a diagram of exchanged encounter records.
Fig. 8 is a flowchart of the exchange encounter record information distribution step in fig. 1.
Fig. 9 is a flowchart of the message route forwarding step in fig. 1.
Detailed Description
As shown in fig. 1, the switching-based privacy protection delay tolerant network routing method of the present invention includes the following steps:
(10) system setting: the trusted authority issues system parameters, the mobile node registers, and the trusted authority carries out information digital signature and node communication signature;
as shown in fig. 2, the (10) system setting step includes:
(11) releasing system parameters: the trusted authority adopts a symmetric encryption algorithm comprising a bilinear mapping technology and AES and a hash function issuing system parameter;
(12) mobile node registration: when the mobile node registers to the system, the trusted authority signs the real identifier of the mobile node through the master key to serve as the identity certificate of the mobile node, and meanwhile, a pseudo-random identifier set of the non-transfer node is generated; each pseudo-random identifier is generated by a random number, a symmetric encryption algorithm and a master key;
(13) information digital signature: based on the identification and the node public key, the trusted authority generates a node private key through a master key and a hash function so as to digitally sign information;
(14) and (3) node communication signature: when the non-transfer node and the transfer node communicate, a new pseudo-random identifier is adopted periodically to carry out node communication and information signature.
The network model of the DTNs system shown in fig. 3 includes a trusted authority ta (trust authority), a fixed network, and a mobile node 3. The TA has rich system resources and is trusted, and is responsible for issuing public and private key certificates for each mobile node as a certificate authority to generate a node pseudo-random identifier. The fixed network comprises a wired Internet and a wireless access point AP and is responsible for connecting the TA and the mobile node. Mobile node N1~N8The representative carries the mobile device with high-speed short-distance wireless communication functions such as WIFI and Bluetooth.
The mobile node obtains the key and the node identification from the TA through the fixed network. The nodes being divided into message passing nodes NTAnd a non-passing node N. The non-transfer node generates a message and sends the message to the transfer node, and the transfer node transfers the message to the non-transfer destination node. The passing node is assumed to use a real identifier, the identifier of the passing node is public, the non-passing node adopts a pseudo-random identifier, the information such as the real identifier, the position and the like of the non-passing node is secret, and privacy protection is needed.
TA first generates bilinear parameters from the security parameter k by using a bilinear mapping technique (q,P,G1,G2,ê),G1,G2Group of order q, P is the anagen, e: g1×G1→G2For non-degenerate, efficiently computable bilinear mapping, and then selecting a random number s ∈ Z* qAs master key, PpubsP is a public key; finally, selecting AES (advanced encryption Standard) equal symmetric encryption algorithm Enc () and Hash function H1:{0,1}*→G1*,H2:G2→{0,1}nPublishing system parameters (q, G)1,G2,P,Ppub,ê,n,H1,H2And Enc ()), n is the length of the message to be encrypted.
When passing through the nodeWhen registering to the system, TA signs the ID through the main key s to generate certificate as the ID, and at the same time, through the main key s and the hash function H1Generating a public key corresponding to the identifierAnd a private key for digitally signing informationWhen the node N is not transmittingjWhen registering to the system, TA signs its true identification through the master key s, generates a certificate as its identification, and simultaneously generates NjPseudo-random identification set ofEach pseudo-random identification Pidj=Encs(NjR) is represented by a random number r and a node real identifier NjA symmetric encryption algorithm Enc () and a master key s. TA passes both the master key s and the hash function H1Generating a pseudo-random identity PidjCorresponding public key H1(Pidj) And a private key SK for digitally signing informationj=sH1(Pidj). Periodic acquisition while the mobile node is in communication with the TAAnd carrying out node communication and information signature by using the new pseudo-random identifier so as to hide the true identifier of the node.
(20) Node encounter record information generation: the transmission node and the non-transmission node meet each other to generate a node meeting record containing information such as a record serial number, a pseudo-random identifier, meeting time and the like; generating an encounter record abstract through a hash function; respectively signing the summary information through a private key of the user;
suppose a passing nodeAnd a non-transfer node NjMeet, NjGenerating and connecting nodes by pseudo-random identification and private keySession key ofKey through sessionijEncrypting the information to ensure information confidentiality, and generating the encounter record information ER as shown in FIG. 4ijWherein: seq is a record sequence number generated by each transfer node, and each sequence number in the system is a unique positive integer which cannot be repeated; pidjPseudo-random identification of nodes generated by an identification anonymization technique;… is a nodeAnd NjThe time of each encounter (other information such as encounter position may be included as necessary);SigPidjare respectively nodesAnd NjThe digital signature of (1). Signature is carried out on the summary information through a private key of the user to ensure the integrity of the information。
(30) Non-transfer node encounter record information exchange: non-transmission nodes meet, and meeting record information exchange is carried out according to the real utility value of each node and the transmission node and the utility value after the meeting record is exchanged;
if the non-transfer node directly informs the transfer node of the real identification, the transfer node can obtain the meeting time, the meeting position and other privacy information between the transfer node and the non-transfer node according to the meeting record information. In order to protect the real identification, the approximate meeting information of the same transfer node is exchanged when meeting between the non-transfer nodes.
As shown in fig. 5, the (30) non-transfer node encounter record information exchanging step includes:
(31) the non-transfer node calculates: n is a radical ofjSeparate compute and transfer nodeTrue utility value ofAnd NkExchanging utility values after encounter recordsNkSeparate compute and transfer nodeTrue utility value ofAnd NjExchanging utility values after encounter records
(32) Non-transfer node information exchange: if it is notAndif the error ranges are smaller than the error range specified according to the requirement, the encounter record information is exchanged, and the exchanged encounter record information containing the real identification of the exchange node is generated.
Transfer nodeAnd a non-transfer node NjAt t1The time points of the two-dimensional images meet each other,and a non-transfer node NkAt t2Meet at a moment. The working principle is shown in fig. 6.
NjSeparate compute and transfer nodeTrue utility value ofAnd NkExchanging utility values after encounter recordsNkSeparate compute and transfer nodeTrue utility value ofAnd NjExchanging utility values after encounter recordsIf it is notAnd if the error range is specified according to needs, executing the step 2) to exchange the meeting record information, otherwise, not exchanging.
Node NkIdentify the true NkIs sent to Nj,NjBy andkey shared between themijEncryption node identification NkAnd other encounter record information except the record serial number to ensure information confidentiality, then signing to ensure information integrity certification, and finally generating two exchange encounter record information ER 'shown in figure 7'ijOne reserved for itself and one sent to Nk。NjSending self information to NkAnd generates encounter record information ER'ikThe procedure is the same as above.
(40) Exchange encounter record information distribution: setting an information confirmation set by the encountering node, merging the information confirmation set, deleting the confirmed exchange encountering records, and adding the exchange encountering records which are existed in the node of the opposite side and are not existed in the node of the opposite side;
in order to reduce the repeated distribution of the encounter record information, each node is provided with an information confirmation set for storing the exchange encounter record information sequence number received by the transfer node.
As shown in fig. 8, the (40) exchanging encounter record information distributing step includes:
(41) information confirmation set setting: each node is provided with an information confirmation set used for storing the exchange encounter record information sequence number received by the transfer node;
(42) and (3) information confirmation set merging: when two nodes meet, carrying out parallel operation on the self information confirmation set and the confirmation set of the node of the other side to obtain a new confirmation set;
(43) exchange encounter record deletion: according to the new information confirmation set, the node deletes the confirmed exchange meeting record in the record set;
(44) exchange encounter record addition: and adding the exchange encounter record information which is owned by the opposite node and not owned by the opposite node into the exchange encounter record set of the opposite node.
And when the two nodes meet, carrying out parallel operation on the self information confirmation set and the confirmation set of the node of the opposite side to obtain a new confirmation set. And according to the new information confirmation set, the node deletes the confirmed exchange meeting record in the record set. And adding the exchange encounter record information which is owned by the opposite node and not owned by the opposite node into the exchange encounter record set of the opposite node. Through the distribution of the exchanged encounter record information among the nodes, the encounter record information can quickly reach the transfer node, and therefore the routing efficiency value is calculated.
(50) Calculating a routing efficiency value: when the non-transmission node exchanges the encounter record information and is sent to the transmission node, the transmission node decrypts the encounter record information through the shared secret key of the non-transmission node to obtain the exchanged non-transmission node identifier, and the exchanged non-transmission node identifier and the real utility value of the exchanged non-transmission node identifier are calculated;
when N is presentkAnd NjThe exchanged record information is sent to the transfer nodeWhen the temperature of the water is higher than the set temperature,through with NjShared secret Key ofijCarry out decryptionObtaining the meeting node identification Nk(the true identity is Nj). Since the session key is only providedAnd NjIn common, and therefore based on the signed encounter record and the session key,consider the identifier NkIs true, then the AND node N is calculatedkThe utility value of (c). In the same way, NjAnd NkExchanged information ER'ikIs sent toWhen the temperature of the water is higher than the set temperature,through with NkShared secret Key ofikCarry out decryptionObtaining the meeting node identification Nj(the true identity is Nk). Based on the signed encounter record and the session key,consider the identifier NjIs true, then the AND node N is calculatedjThe utility value of (c).
Decrypting the encounter record information to obtain the non-transfer node NjAfter identification, the node is transferredThe routing efficiency value is calculated according to the following equation.
Uij=Uij(old)+(1-Uij(old))×Uinit,0<Uinit≤1,0≤Uij≤1
In the formula of UijIs a nodeAnd NjEfficiency value, U, after encounter updateij(old)To update the pre-efficiency value, UinitTo initialize the constants.
(60) Message routing and forwarding: and the non-transmission node sends the message, presents the real identification certificate and sends the message between the transmission node and the non-transmission node, and when the transmission nodes meet, the message is forwarded to the node with a large utility value.
As shown in fig. 9, the (60) message routing and forwarding step includes:
(61) message sending of non-transfer nodes: when the transfer node and the non-transfer node meet, the non-transfer node sends the message to the transfer node;
(62) presenting a true identification certificate of a non-transfer node: the non-transfer node checks the message set of the transfer node, and if finding that the target node is the message of the non-transfer node, the non-transfer node presents a real identification certificate signed by the TA master key;
(63) message sending of a transfer node: the transfer node determines the TA master key signature as a message destination node according to the true identifier of the TA master key signature, and sends the message to the non-transfer node;
(64) forwarding the large utility value node message: when two transfer nodes meet, the utility values are compared, and the message is forwarded to the node with the large utility value.
Preferably, in the step of forwarding (64) the node message with high utility value, the utility value is compared by using the problem of the fukung yao.
When a transitive node and a non-transitive node meet, the non-transitive node sends a message to the transitive node. And the non-transfer node checks the message set of the transfer node, and if finding that the destination node is the message of the non-transfer node, the non-transfer node presents the real identification certificate signed by the TA master key. And the transfer node determines that the transfer node is the destination node of the message according to the true identifier signed by the TA master key and sends the message to the non-transfer node.
In order to ensure the anonymity of the destination node of the message, a non-transfer node can select a friend node with close relationship to exchange a real identification certificate signed by a TA master key, firstly receives the message of the other party and then exchanges the message back.
When two transfer nodes meet, the utility values are compared, and the message is forwarded to the node with the large utility value. In order to ensure the privacy of the utility value, the utility value is compared by the problem of the radix tabani yao.
When two nodes meet, in order to realize the comparison of the sizes of the efficiency relations between the nodes without revealing the real efficiency of each other, the efficiency information protection problem is abstracted into the problem of the million of the Chinese Yao. The yao million Fuji problem is a Secure Multi-party computing SMC (Secure Multi-party computing) problem that enables multiple participants with private data to collaborate on computing using their private data without revealing their private data.
Claims (6)
1. A privacy protection delay tolerant network routing method based on exchange is characterized by comprising the following steps:
(10) system setting: the trusted authority issues system parameters, the mobile node registers, and the trusted authority carries out information digital signature and node communication signature;
(20) node encounter record information generation: the transmission node and the non-transmission node meet each other to generate a node meeting record containing information such as a record serial number, a pseudo-random identifier, meeting time and the like; generating an encounter record abstract through a hash function; respectively signing the summary information through a private key of the user;
(30) non-transfer node encounter record information exchange: non-transmission nodes meet, and meeting record information exchange is carried out according to the real utility value of each node and the transmission node and the utility value after the meeting record is exchanged;
(40) exchange encounter record information distribution: setting an information confirmation set by the encountering node, merging the information confirmation set, deleting the confirmed exchange encountering records, and adding the exchange encountering records which are existed in the node of the opposite side and are not existed in the node of the opposite side;
(50) calculating a routing efficiency value: when the non-transmission node exchanges the encounter record information and is sent to the transmission node, the transmission node decrypts the encounter record information through the shared secret key of the non-transmission node to obtain the exchanged non-transmission node identifier, and the exchanged non-transmission node identifier and the real utility value of the exchanged non-transmission node identifier are calculated;
(60) message routing and forwarding: and the non-transmission node sends the message, presents the real identification certificate and sends the message between the transmission node and the non-transmission node, and when the transmission nodes meet, the message is forwarded to the node with a large utility value.
2. The privacy-preserving delay-tolerant network routing method of claim 1, wherein the (10) system-setting step comprises:
(11) releasing system parameters: the trusted authority adopts a symmetric encryption algorithm comprising a bilinear mapping technology and AES and a hash function issuing system parameter;
(12) mobile node registration: when the mobile node registers to the system, the trusted authority signs the real identifier of the mobile node through the master key to serve as the identity certificate of the mobile node, and meanwhile, a pseudo-random identifier set of the non-transfer node is generated; each pseudo-random identifier is generated by a random number, a symmetric encryption algorithm and a master key;
(13) information digital signature: based on the identification and the node public key, the trusted authority generates a node private key through a master key and a hash function so as to digitally sign information;
(14) and (3) node communication signature: when the non-transfer node and the transfer node communicate, a new pseudo-random identifier is adopted periodically to carry out node communication and information signature.
3. The privacy-preserving delay-tolerant network routing method of claim 2, wherein the (30) non-transitive node encounter record information exchange step comprises:
(31) the non-transfer node calculates: n is a radical ofjSeparate compute and transfer nodeTrue utility value ofAnd NkExchanging utility values after encounter recordsNkSeparate compute and transfer nodeTrue utility value ofAnd NjExchanging utility values after encounter records
(32) Non-transfer node information exchange: if it is notAndif the error ranges are smaller than the error range specified according to the requirement, the encounter record information is exchanged, and the exchanged encounter record information containing the real identification of the exchange node is generated.
4. The privacy-preserving delay-tolerant network routing method of claim 3, wherein the exchange encounter record information distribution step (40) comprises:
(41) information confirmation set setting: each node is provided with an information confirmation set used for storing the exchange encounter record information sequence number received by the transfer node;
(42) and (3) information confirmation set merging: when two nodes meet, carrying out parallel operation on the self information confirmation set and the confirmation set of the node of the other side to obtain a new confirmation set;
(43) exchange encounter record deletion: according to the new information confirmation set, the node deletes the confirmed exchange meeting record in the record set;
(44) exchange encounter record addition: and adding the exchange encounter record information which is owned by the opposite node and not owned by the opposite node into the exchange encounter record set of the opposite node.
5. The privacy-preserving delay-tolerant network routing method of claim 4, wherein the message routing forwarding step (60) comprises:
(61) when the transmission node and the non-transmission node meet, the non-transmission node sends the message to the transmission node;
(62) presenting a true identification certificate of a non-transfer node: the non-transfer node checks the message set of the transfer node, and if finding that the target node is the message of the non-transfer node, the non-transfer node presents a real identification certificate signed by the TA master key;
(63) message sending of a transfer node: the transfer node determines the TA master key signature as a message destination node according to the true identifier of the TA master key signature, and sends the message to the non-transfer node;
(64) forwarding the large utility value node message: when two transfer nodes meet, the utility values are compared, and the message is forwarded to the node with the large utility value.
6. The privacy-preserving delay-tolerant network routing method of claim 5, wherein:
and in the step of forwarding the node message with the large utility value (64), utility value comparison is carried out through the problem of the Fuji of Yao.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010265619.0A CN111491294B (en) | 2020-04-07 | 2020-04-07 | Switching-based privacy protection delay tolerant network routing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010265619.0A CN111491294B (en) | 2020-04-07 | 2020-04-07 | Switching-based privacy protection delay tolerant network routing method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111491294A true CN111491294A (en) | 2020-08-04 |
CN111491294B CN111491294B (en) | 2021-11-09 |
Family
ID=71813557
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010265619.0A Active CN111491294B (en) | 2020-04-07 | 2020-04-07 | Switching-based privacy protection delay tolerant network routing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111491294B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116150445A (en) * | 2023-04-04 | 2023-05-23 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | Batch information query method, electronic equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102868602A (en) * | 2012-10-12 | 2013-01-09 | 南京邮电大学 | Improved routing method based on social correlation degree in delay tolerant network |
CN103297343A (en) * | 2013-05-17 | 2013-09-11 | 华中科技大学 | Routing method based on delay tolerant network |
CN104579957A (en) * | 2014-12-04 | 2015-04-29 | 北京理工大学 | Routing method of delay tolerant network based on degree of intimacy and time constraint forwarding |
CN107770771A (en) * | 2017-09-22 | 2018-03-06 | 哈尔滨工业大学深圳研究生院 | The method for routing of secret protection is added in opportunistic network |
US20180152824A1 (en) * | 2015-05-07 | 2018-05-31 | University Of Florida Research Foundation, Inc. | Ad-hoc social network (ahsn) system, ahsn-enabled device, and methods of use |
CN109743728A (en) * | 2019-01-21 | 2019-05-10 | 常熟理工学院 | A kind of mobile agency meeting network route method of secret protection |
-
2020
- 2020-04-07 CN CN202010265619.0A patent/CN111491294B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102868602A (en) * | 2012-10-12 | 2013-01-09 | 南京邮电大学 | Improved routing method based on social correlation degree in delay tolerant network |
CN103297343A (en) * | 2013-05-17 | 2013-09-11 | 华中科技大学 | Routing method based on delay tolerant network |
CN104579957A (en) * | 2014-12-04 | 2015-04-29 | 北京理工大学 | Routing method of delay tolerant network based on degree of intimacy and time constraint forwarding |
US20180152824A1 (en) * | 2015-05-07 | 2018-05-31 | University Of Florida Research Foundation, Inc. | Ad-hoc social network (ahsn) system, ahsn-enabled device, and methods of use |
CN107770771A (en) * | 2017-09-22 | 2018-03-06 | 哈尔滨工业大学深圳研究生院 | The method for routing of secret protection is added in opportunistic network |
CN109743728A (en) * | 2019-01-21 | 2019-05-10 | 常熟理工学院 | A kind of mobile agency meeting network route method of secret protection |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116150445A (en) * | 2023-04-04 | 2023-05-23 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | Batch information query method, electronic equipment and storage medium |
CN116150445B (en) * | 2023-04-04 | 2023-07-21 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | Batch information query method, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN111491294B (en) | 2021-11-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Deng et al. | Threshold and identity-based key management and authentication for wireless ad hoc networks | |
Kong et al. | Achieving privacy-preserving and verifiable data sharing in vehicular fog with blockchain | |
Kate et al. | Anonymity and security in delay tolerant networks | |
US8050409B2 (en) | Threshold and identity-based key management and authentication for wireless ad hoc networks | |
Tan et al. | A secure and authenticated key management protocol (SA-KMP) for vehicular networks | |
Wan et al. | USOR: An unobservable secure on-demand routing protocol for mobile ad hoc networks | |
Liu et al. | Bua: A blockchain-based unlinkable authentication in vanets | |
CN103765810A (en) | Secure group messaging | |
Zhong et al. | Broadcast encryption scheme for V2I communication in VANETs | |
Rabieh et al. | Efficient privacy-preserving chatting scheme with degree of interest verification for vehicular social networks | |
Lin et al. | Flexible group key management and secure data transmission in mobile device communications using elliptic curve Diffie-Hellman cryptographic system | |
Zhang et al. | Cerberus: Privacy-preserving computation in edge computing | |
Kumar et al. | Blockchain-enabled secure communication for unmanned aerial vehicle (UAV) networks | |
Bakiras et al. | Secure and anonymous communications over delay tolerant networks | |
Wei et al. | A practical one-time file encryption protocol for iot devices | |
Wang et al. | An anonymous data access scheme for VANET using pseudonym-based cryptography | |
CN109743728B (en) | Privacy-protecting mobile social network routing method | |
CN111491294A (en) | Switching-based privacy protection delay tolerant network routing method | |
Sun et al. | Ridra: A rigorous decentralized randomized authentication in VANETs | |
Di et al. | A novel identity-based mutual authentication scheme for vehicle ad hoc networks | |
Shi et al. | Delegated key-policy attribute-based set intersection over outsourced encrypted data sets for CloudIoT | |
Li et al. | An efficient privacy-preserving bidirectional friends matching scheme in mobile social networks | |
Wang et al. | An improved lightweight identity authentication protocol for VANET | |
Boualam et al. | Privacy Preservation Authentication Model for a Secure Infrastructure over Vehicular Communications. | |
Kanchan et al. | EASPSC: Efficient authentication of SignRecryption protocol using shareable clouds in VANET groups |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |