CN111491294B - Switching-based privacy protection delay tolerant network routing method - Google Patents

Switching-based privacy protection delay tolerant network routing method Download PDF

Info

Publication number
CN111491294B
CN111491294B CN202010265619.0A CN202010265619A CN111491294B CN 111491294 B CN111491294 B CN 111491294B CN 202010265619 A CN202010265619 A CN 202010265619A CN 111491294 B CN111491294 B CN 111491294B
Authority
CN
China
Prior art keywords
node
information
exchange
transfer
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010265619.0A
Other languages
Chinese (zh)
Other versions
CN111491294A (en
Inventor
蒋庆丰
钱振江
邓琨
李盛庆
毕安琪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changshu Institute of Technology
Original Assignee
Changshu Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changshu Institute of Technology filed Critical Changshu Institute of Technology
Priority to CN202010265619.0A priority Critical patent/CN111491294B/en
Publication of CN111491294A publication Critical patent/CN111491294A/en
Application granted granted Critical
Publication of CN111491294B publication Critical patent/CN111491294B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/02Communication route or path selection, e.g. power-based or shortest path routing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a privacy protection delay tolerant network routing method based on exchange, which can be used for obtaining meeting information and calculating a real utility value to forward messages while protecting privacy information by nodes. The invention discloses a privacy protection delay tolerant network routing method, which comprises the following steps: (10) system setting: the trusted authority issues system parameters, the mobile node registers, and the trusted authority carries out information digital signature and node communication signature; (20) node encounter record information generation: the transmission node meets the non-transmission node to generate node meeting record and abstract; signing the abstract information; (30) non-transfer node encounter record information exchange: non-transmission nodes meet to exchange meeting record information; (40) exchange encounter record information distribution: merging, deleting and adding exchange encounter records of the encounter nodes; (50) calculating a routing efficiency value: the transmission node calculates a real utility value; (60) message routing and forwarding: and message forwarding is carried out between the nodes.

Description

Switching-based privacy protection delay tolerant network routing method
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a privacy protection delay tolerant network routing method based on exchange.
Background
The end-to-end communication of the traditional Internet wired network and manet (mobile Ad Hoc network) mobile network is assumed under the premise of network connectivity, and the end-to-end communication cannot be communicated under the network environment that long time delay and intermittent connection exist in a link. In order to effectively transfer data in the presence of intermittent connections in the network, researchers have proposed a new network architecture, namely, delay Tolerant network dtns (delay Tolerant networks). The DTNs are widely applied to the fields of mobile social networks, vehicle-mounted networks, disaster relief, environmental monitoring, military strategies and the like.
For efficient DTNs data transfer, related scholars have proposed some routing and distribution protocols. One common routing protocol in the DTNs is a routing protocol based on utility values, and in the protocol, when nodes meet, a routing utility value is calculated through meeting information, and then message forwarding is performed according to the size of the utility value. But if the real identification communication is adopted in the routing, privacy information such as the number of times of meeting, time, position, track and the like can be disclosed. In order to protect privacy information such as node identification and routing utility value, Kate A of the university of To. Lu, Canada, etc. proposes a first DTNs anonymous communication solution which proposes a DTNs security framework and ensures effective and secure communication through an identification-based encryption method (see the documents: Kate A, Zaaverucha G, Hengartner U.Anonym and security in delay networks [ C ]. Proc of IEEE Securicomm, Nice, France, 2007: 504-. Lu R X of the university of Lu-Lu and the like provide a privacy protection data forwarding protocol SPRING based on a social network aiming at an on-vehicle network. SPRING accomplishes highly reliable transmission by forwarding auxiliary packets of roadside units RSU deployed at the roadside, and also accomplishes condition privacy protection, preventing most attacks in vehicular networks (see the documents: Lu R X, Lin X D, Shen X M. SPRING: A social-based privacy-preserving packet for forwarding protocol [ C ]. Proc of IEEE INFOCOM2010, San Diego, USA, 2010: 1-9). While privacy protection can be achieved by anonymous real identifiers, the collection of encounter information based on real identifiers among nodes is prevented. In order to collect the meeting information between the nodes, the routing utility value of the node is calculated for message forwarding, and Chen K and the like propose a FaceChange strategy. The nodes in the FaceChange are communicated anonymously during connection, so that the nodes are prevented from identifying the real identification of the nodes to be attacked; when the network is disconnected, the meeting information is forwarded to the opposite node through other intermediate nodes. Although FaceChange can prevent nodes from being identified and attacked when meeting, meeting information obtained by intermediate nodes after the nodes leave is based on real node identification, so that privacy information such as meeting time, meeting position and the like is disclosed (see the literature: Chen K, Shen H Y. FaceChange: meeting neighbor node availability in mobile arbitrary network with fine-grained control. IEEE/ACM Transactions on network, 2017, 25 (2): 1176 1189). Miao J W et al propose a Privacy protection and prediction-based probabilistic routing protocol 4PR that compares aggregated information for the entire node community rather than individual node information to forward messages, thereby protecting the utility value Privacy of each node (see documents: Miao J W, Hasan O, Mokhtar S B, et al.4PR: Privacy prediction routing in mobile delay networks.computer Networks, 2016 (111): 17-28). Magasia N et al propose an enhanced privacy preserving opportunistic routing protocol ePRIVO. ePRIVO builds a time-varying neighbor graph model of the vehicle-mounted DTNs where an edge represents a neighbor relationship between a pair of vehicle nodes. And calculating the similarity by the vehicle nodes in ePRIVO and protecting the privacy information of the metric value through homomorphic encryption. Privacy is protected by protecting sensitive information of each node, and the routing utility value sizes are compared through An encryption strategy (see the literature: ePRIVO: An enhanced privacy-preserving routing protocol for contextual delay-based networks, IEEE Transactions on contextual Technology, 2018, 67 (11): 11154-.
In summary, the problems of the prior art are as follows: the privacy protection routing method aiming at the DTNs based on the utility value cannot obtain node encounter information and calculate the real utility value while protecting the node privacy information.
Disclosure of Invention
The invention aims to provide a privacy protection delay tolerant network routing method based on exchange, so that nodes can obtain meeting information and calculate a real utility value to forward messages while protecting privacy information.
The technical solution for realizing the purpose of the invention is as follows:
a privacy protection delay tolerant network routing method based on exchange comprises the following steps:
(10) system setting: the trusted authority issues system parameters, the mobile node registers, and the trusted authority carries out information digital signature and node communication signature;
(20) node encounter record information generation: the transmission node and the non-transmission node meet each other to generate a node meeting record containing information such as a record serial number, a pseudo-random identifier, meeting time and the like; generating an encounter record abstract through a hash function; respectively signing the summary information through a private key of the user;
(30) non-transfer node encounter record information exchange: non-transmission nodes meet, and meeting record information exchange is carried out according to the real utility value of each node and the transmission node and the utility value after the meeting record is exchanged;
(40) exchange encounter record information distribution: setting an information confirmation set by the encountering node, merging the information confirmation set, deleting the confirmed exchange encountering records, and adding the exchange encountering records which are existed in the node of the opposite side and are not existed in the node of the opposite side;
(50) calculating a routing efficiency value: when the non-transmission node exchanges the encounter record information and is sent to the transmission node, the transmission node decrypts the encounter record information through the shared secret key of the non-transmission node to obtain the exchanged non-transmission node identifier, and the exchanged non-transmission node identifier and the real utility value of the exchanged non-transmission node identifier are calculated;
(60) message routing and forwarding: and the non-transmission node sends the message, presents the real identification certificate and sends the message between the transmission node and the non-transmission node, and when the transmission nodes meet, the message is forwarded to the node with a large utility value. Compared with the prior art, the invention has the following remarkable advantages:
in the method, the encounter record information is exchanged when the non-transmission nodes meet, and the exchanged encounter record information is sent to the transmission node when the non-transmission nodes meet the transmission node, so that the transmission node calculates the real utility value of the non-transmission nodes and protects the real identification privacy information of the non-transmission nodes.
The utility value calculation of the mobile node can be directly carried out without depending on any credible third party in the protocol, and the protocol is suitable for DTNs with long time delay and frequent link interruption.
The invention is described in further detail below with reference to the figures and the detailed description.
Drawings
FIG. 1 is a main flow diagram of the switching-based privacy preserving delay tolerant network routing method of the present invention.
Fig. 2 is a flow chart of the system setup steps of fig. 1.
Fig. 3 is a system network model diagram.
FIG. 4 is an exemplary graph of encounter records.
Fig. 5 is a flowchart of the non-transit node encounter record information exchange step of fig. 1.
FIG. 6 is a schematic diagram of an encounter record exchange process.
FIG. 7 is a diagram of exchanged encounter records.
Fig. 8 is a flowchart of the exchange encounter record information distribution step in fig. 1.
Fig. 9 is a flowchart of the message route forwarding step in fig. 1.
Detailed Description
As shown in fig. 1, the switching-based privacy protection delay tolerant network routing method of the present invention includes the following steps:
(10) system setting: the trusted authority issues system parameters, the mobile node registers, and the trusted authority carries out information digital signature and node communication signature;
as shown in fig. 2, the (10) system setting step includes:
(11) releasing system parameters: the trusted authority adopts a symmetric encryption algorithm comprising a bilinear mapping technology and AES and a hash function issuing system parameter;
(12) mobile node registration: when the mobile node registers to the system, the trusted authority signs the real identifier of the mobile node through the master key to serve as the identity certificate of the mobile node, and meanwhile, a pseudo-random identifier set of the non-transfer node is generated; each pseudo-random identifier is generated by a random number, a symmetric encryption algorithm and a master key;
(13) information digital signature: based on the identification and the node public key, the trusted authority generates a node private key through a master key and a hash function so as to digitally sign information;
(14) and (3) node communication signature: when the non-transfer node and the transfer node communicate, a new pseudo-random identifier is adopted periodically to carry out node communication and information signature.
The network model of the DTNs system shown in FIG. 3 comprises a trusted authority TA (Trust Authorit)y), fixed network, mobile node 3 portion. The TA has rich system resources and is trusted, and is responsible for issuing public and private key certificates for each mobile node as a certificate authority to generate a node pseudo-random identifier. The fixed network comprises a wired Internet and a wireless access point AP and is responsible for connecting the TA and the mobile node. Mobile node N1~N8The representative carries the mobile device with high-speed short-distance wireless communication functions such as WIFI and Bluetooth.
The mobile node obtains the key and the node identification from the TA through the fixed network. The nodes being divided into message passing nodes NTAnd a non-passing node N. The non-transfer node generates a message and sends the message to the transfer node, and the transfer node transfers the message to the non-transfer destination node. The passing node is assumed to use a real identifier, the identifier of the passing node is public, the non-passing node adopts a pseudo-random identifier, the information such as the real identifier, the position and the like of the non-passing node is secret, and privacy protection is needed.
TA first generates bilinear parameters (q, P, G) from the security parameter k using bilinear mapping technique1,G2,ê),G1,G2Group of order q, P is the anagen, e: g1×G1→G2A non-degenerate, efficiently computable bilinear map; then selecting a random number s ∈ Z* qAs master key, PpubsP is a public key; finally, selecting AES (advanced encryption Standard) equal symmetric encryption algorithm Enc () and Hash function H1:{0,1}*→G1*,H2:G2→{0,1}nPublishing system parameters (q, G)1,G2,P,Ppub,ê,n,H1,H2And Enc ()), n is the length of the message to be encrypted.
When passing through the node
Figure BDA0002439954210000041
When registering to the system, TA signs the ID through the main key s to generate certificate as the ID, and at the same time, through the main key s and the hash function H1Generating a public key corresponding to the identifier
Figure BDA0002439954210000042
And a private key for digitally signing information
Figure BDA0002439954210000043
When the node N is not transmittingjWhen registering to the system, TA signs its true identification through the master key s, generates a certificate as its identification, and simultaneously generates NjPseudo-random identification set of
Figure BDA0002439954210000044
Each pseudo-random identification Pidj=Encs(NjR) is represented by a random number r and a node real identifier NjA symmetric encryption algorithm Enc () and a master key s. TA passes both the master key s and the hash function H1Generating a pseudo-random identity PidjCorresponding public key H1(Pidj) And a private key SK for digitally signing informationj=sH1(Pidj). When the mobile node communicates with the TA, a new pseudo-random identifier is periodically adopted to carry out node communication and information signature, so that the real identifier of the mobile node is hidden.
(20) Node encounter record information generation: the transmission node and the non-transmission node meet each other to generate a node meeting record containing information such as a record serial number, a pseudo-random identifier, meeting time and the like; generating an encounter record abstract through a hash function; respectively signing the summary information through a private key of the user;
suppose a passing node
Figure BDA0002439954210000051
And a non-transfer node NjMeet, NjGenerating and connecting nodes by pseudo-random identification and private key
Figure BDA0002439954210000052
Session key of
Figure BDA0002439954210000053
Key through sessionijEncrypting information to ensure information confidentiality, e.g. generatingThe encounter record information ER shown in FIG. 4ijWherein: seq is a record sequence number generated by each transfer node, and each sequence number in the system is a unique positive integer which cannot be repeated; pidjPseudo-random identification of nodes generated by an identification anonymization technique;
Figure BDA00024399542100000523
… is a node
Figure BDA0002439954210000054
And NjThe time of each encounter (other information such as encounter position may be included as necessary);
Figure BDA0002439954210000055
SigPidjare respectively nodes
Figure BDA0002439954210000056
And NjThe digital signature of (1). The digest information is signed by a private key of the device to ensure the integrity of the information.
(30) Non-transfer node encounter record information exchange: non-transmission nodes meet, and meeting record information exchange is carried out according to the real utility value of each node and the transmission node and the utility value after the meeting record is exchanged;
if the non-transfer node directly informs the transfer node of the real identification, the transfer node can obtain the meeting time, the meeting position and other privacy information between the transfer node and the non-transfer node according to the meeting record information. In order to protect the real identification, the approximate meeting information of the same transfer node is exchanged when meeting between the non-transfer nodes.
As shown in fig. 5, the (30) non-transfer node encounter record information exchanging step includes:
(31) the non-transfer node calculates: n is a radical ofjSeparate compute and transfer node
Figure BDA0002439954210000057
True utility value of
Figure BDA0002439954210000058
And NkExchanging utility values after encounter records
Figure BDA0002439954210000059
NkSeparate compute and transfer node
Figure BDA00024399542100000510
True utility value of
Figure BDA00024399542100000511
And NjExchanging utility values after encounter records
Figure BDA00024399542100000512
(32) Non-transfer node information exchange: if it is not
Figure BDA00024399542100000513
And
Figure BDA00024399542100000514
if the error ranges are smaller than the error range specified according to the requirement, the encounter record information is exchanged, and the exchanged encounter record information containing the real identification of the exchange node is generated.
Transfer node
Figure BDA00024399542100000515
And a non-transfer node NjAt t1The time points of the two-dimensional images meet each other,
Figure BDA00024399542100000516
and a non-transfer node NkAt t2Meet at a moment. The working principle is shown in fig. 6.
NjSeparate compute and transfer node
Figure BDA00024399542100000517
True utility value of
Figure BDA00024399542100000518
And NkAfter exchanging the encounter recordsUtility value of
Figure BDA00024399542100000519
NkSeparate compute and transfer node
Figure BDA00024399542100000520
True utility value of
Figure BDA00024399542100000521
And NjExchanging utility values after encounter records
Figure BDA00024399542100000522
If it is not
Figure BDA0002439954210000061
And if the error range is specified according to needs, executing the step 2) to exchange the meeting record information, otherwise, not exchanging.
Node NkIdentify the true NkIs sent to Nj,NjBy and
Figure BDA0002439954210000062
key shared between themijEncryption node identification NkAnd other encounter record information except the record serial number to ensure information confidentiality, then signing to ensure information integrity certification, and finally generating two exchange encounter record information ER 'shown in figure 7'ijOne reserved for itself and one sent to Nk。NjSending self information to NkAnd generates encounter record information ER'ikThe procedure is the same as above.
(40) Exchange encounter record information distribution: setting an information confirmation set by the encountering node, merging the information confirmation set, deleting the confirmed exchange encountering records, and adding the exchange encountering records which are existed in the node of the opposite side and are not existed in the node of the opposite side;
in order to reduce the repeated distribution of the encounter record information, each node is provided with an information confirmation set for storing the exchange encounter record information sequence number received by the transfer node.
As shown in fig. 8, the (40) exchanging encounter record information distributing step includes:
(41) information confirmation set setting: each node is provided with an information confirmation set used for storing the exchange encounter record information sequence number received by the transfer node;
(42) and (3) information confirmation set merging: when two nodes meet, carrying out parallel operation on the self information confirmation set and the confirmation set of the node of the other side to obtain a new confirmation set;
(43) exchange encounter record deletion: according to the new information confirmation set, the node deletes the confirmed exchange meeting record in the record set;
(44) exchange encounter record addition: and adding the exchange encounter record information which is owned by the opposite node and not owned by the opposite node into the exchange encounter record set of the opposite node.
And when the two nodes meet, carrying out parallel operation on the self information confirmation set and the confirmation set of the node of the opposite side to obtain a new confirmation set. And according to the new information confirmation set, the node deletes the confirmed exchange meeting record in the record set. And adding the exchange encounter record information which is owned by the opposite node and not owned by the opposite node into the exchange encounter record set of the opposite node. Through the distribution of the exchanged encounter record information among the nodes, the encounter record information can quickly reach the transfer node, and therefore the routing efficiency value is calculated.
(50) Calculating a routing efficiency value: when the non-transmission node exchanges the encounter record information and is sent to the transmission node, the transmission node decrypts the encounter record information through the shared secret key of the non-transmission node to obtain the exchanged non-transmission node identifier, and the exchanged non-transmission node identifier and the real utility value of the exchanged non-transmission node identifier are calculated;
when N is presentkAnd NjThe exchanged record information is sent to the transfer node
Figure BDA0002439954210000065
When the temperature of the water is higher than the set temperature,
Figure BDA0002439954210000066
through with NjShared secret Key ofijCarry out decryption
Figure BDA0002439954210000067
Obtaining the meeting node identification Nk(the true identity is Nj). Since the session key is only provided
Figure BDA0002439954210000068
And NjIn common, and therefore based on the signed encounter record and the session key,
Figure BDA0002439954210000071
consider the identifier NkIs true, then the AND node N is calculatedkThe utility value of (c). In the same way, NjAnd NkExchanged information ER'ikIs sent to
Figure BDA0002439954210000072
When the temperature of the water is higher than the set temperature,
Figure BDA0002439954210000073
through with NkShared secret Key ofikCarry out decryption
Figure BDA0002439954210000074
Obtaining the meeting node identification Nj(the true identity is Nk). Based on the signed encounter record and the session key,
Figure BDA0002439954210000075
consider the identifier NjIs true, then the AND node N is calculatedjThe utility value of (c).
Decrypting the encounter record information to obtain the non-transfer node NjAfter identification, the node is transferred
Figure BDA0002439954210000076
The routing efficiency value is calculated according to the following equation.
Uij=Uij(old)+(1-Uij(old))×Uinit,0<Uinit≤1,0≤Uij≤1
In the formula of UijIs a node
Figure BDA0002439954210000077
And NjEfficiency value, U, after encounter updateij(old)To update the pre-efficiency value, UinitTo initialize the constants.
(60) Message routing and forwarding: and the non-transmission node sends the message, presents the real identification certificate and sends the message between the transmission node and the non-transmission node, and when the transmission nodes meet, the message is forwarded to the node with a large utility value.
As shown in fig. 9, the (60) message routing and forwarding step includes:
(61) message sending of non-transfer nodes: when the transfer node and the non-transfer node meet, the non-transfer node sends the message to the transfer node;
(62) presenting a true identification certificate of a non-transfer node: the non-transfer node checks the message set of the transfer node, and if finding that the target node is the message of the non-transfer node, the non-transfer node presents a real identification certificate signed by the TA master key;
(63) message sending of a transfer node: the transfer node determines the TA master key signature as a message destination node according to the true identifier of the TA master key signature, and sends the message to the non-transfer node;
(64) forwarding the large utility value node message: when two transfer nodes meet, the utility values are compared, and the message is forwarded to the node with the large utility value.
Preferably, in the step of forwarding (64) the node message with high utility value, the utility value is compared by using the problem of the fukung yao.
When a transitive node and a non-transitive node meet, the non-transitive node sends a message to the transitive node. And the non-transfer node checks the message set of the transfer node, and if finding that the destination node is the message of the non-transfer node, the non-transfer node presents the real identification certificate signed by the TA master key. And the transfer node determines that the transfer node is the destination node of the message according to the true identifier signed by the TA master key and sends the message to the non-transfer node.
In order to ensure the anonymity of the destination node of the message, a non-transfer node can select a friend node with close relationship to exchange a real identification certificate signed by a TA master key, firstly receives the message of the other party and then exchanges the message back.
When two transfer nodes meet, the utility values are compared, and the message is forwarded to the node with the large utility value. In order to ensure the privacy of the utility value, the utility value is compared by the problem of the radix tabani yao.
When two nodes meet, in order to realize the comparison of the sizes of the efficiency relations between the nodes without revealing the real efficiency of each other, the efficiency information protection problem is abstracted into the problem of the million of the Chinese Yao. The yao million Fuji problem is a Secure Multi-party computing SMC (Secure Multi-party computing) problem that enables multiple participants with private data to collaborate on computing using their private data without revealing their private data.

Claims (5)

1. A privacy protection delay tolerant network routing method based on exchange is characterized by comprising the following steps:
(10) system setting: the trusted authority issues system parameters, the mobile node registers, and the trusted authority carries out information digital signature and node communication signature;
(20) node encounter record information generation: the method comprises the steps that a transfer node and a non-transfer node meet each other, and node meeting records containing record serial numbers, pseudo-random identifications and meeting moment information are generated; generating an encounter record abstract through a hash function; respectively signing the summary information through a private key of the user;
(30) non-transfer node encounter record information exchange: non-transmission nodes meet, and meeting record information exchange is carried out according to the real utility value of each node and the transmission node and the utility value after the meeting record is exchanged;
(40) exchange encounter record information distribution: the encountering node sets an information confirmation set, merges the information confirmation set, deletes the confirmed exchange encountering records, and adds the exchange encountering records which the node of the opposite side has but does not have;
(50) calculating a routing efficiency value: when the non-transmission node exchanges the meeting record information and is sent to the transmission node, the transmission node decrypts through the shared secret key of the non-transmission node to obtain the exchanged non-transmission node identification, and the real utility value of the transmission node and the non-transmission node is calculated;
(60) message routing and forwarding: the non-transmission node sends a message between the transmission node and the non-transmission node, the real identification certificate is shown, and the transmission node sends the message; when the transmission nodes meet, the message is forwarded to the node with a large utility value;
the (30) non-transitive node encounter record information exchanging step includes:
(31) the non-transfer node calculates: n is a radical ofjSeparate compute and transfer node
Figure FDA0003271750530000011
True utility value of
Figure FDA0003271750530000012
And NkExchanging utility values after encounter records
Figure FDA0003271750530000013
NkSeparate compute and transfer node
Figure FDA0003271750530000014
True utility value of
Figure FDA0003271750530000015
And NjExchanging utility values after encounter records
Figure FDA0003271750530000016
(32) Non-transfer node information exchange: if it is not
Figure FDA0003271750530000017
And
Figure FDA0003271750530000018
if the error ranges are smaller than the error range specified according to the requirement, the meeting record information exchange is carried out,generating exchange meeting record information containing exchange node real identification;
said N isj、NkAre respectively and transfer nodes
Figure FDA0003271750530000019
A first non-transitive node and a second non-transitive node that meet.
2. The privacy-preserving delay-tolerant network routing method of claim 1, wherein the (10) system-setting step comprises:
(11) releasing system parameters: the trusted authority issues system parameters by adopting a bilinear mapping technology, an AES symmetric encryption algorithm and a hash function;
(12) mobile node registration: when the mobile node registers to the system, the trusted authority signs the real identifier of the mobile node through the master key, and the signed real identifier is used as the identity certificate of the mobile node, and meanwhile, a pseudo-random identifier set of the non-transfer node is generated; each pseudo-random identifier is generated by a random number, a symmetric encryption algorithm and a master key;
(13) information digital signature: based on the identification and the node public key, the trusted authority generates a node private key through a master key and a hash function so as to digitally sign information;
(14) and (3) node communication signature: when the non-transfer node and the transfer node communicate, a new pseudo-random identifier is adopted periodically to carry out node communication and information signature.
3. The privacy-preserving delay-tolerant network routing method of claim 1, wherein the (40) exchanging encounter record information distribution step comprises:
(41) information confirmation set setting: each node is provided with an information confirmation set used for storing the exchange encounter record information sequence number received by the transfer node;
(42) and (3) information confirmation set merging: when two nodes meet, carrying out parallel operation on the self information confirmation set and the confirmation set of the node of the other side to obtain a new confirmation set;
(43) exchange encounter record deletion: according to the new information confirmation set, the node deletes the confirmed exchange meeting record in the record set;
(44) exchange encounter record addition: and adding the exchange encounter record information which is owned by the opposite node and not owned by the opposite node into the exchange encounter record set of the opposite node.
4. The privacy-preserving delay-tolerant network routing method of claim 3, wherein the message routing forwarding step (60) comprises:
(61) when the transmission node and the non-transmission node meet, the non-transmission node sends the message to the transmission node;
(62) presenting a true identification certificate of a non-transfer node: the non-transfer node checks the message set of the transfer node, and if finding that the destination node is the message of the non-transfer node, the non-transfer node presents a real identification certificate signed by the master key of the trusted authority;
(63) message sending of a transfer node: the transfer node determines the non-transfer node as a message destination node according to the real identifier signed by the main key of the trusted authority, and sends the message to the non-transfer node;
(64) forwarding the large utility value node message: when two transfer nodes meet, the utility values are compared, and the message is forwarded to the node with the large utility value.
5. The privacy-preserving delay-tolerant network routing method of claim 4, wherein:
and in the step of forwarding the node message with the large utility value (64), utility value comparison is carried out through the problem of the Fuji of Yao.
CN202010265619.0A 2020-04-07 2020-04-07 Switching-based privacy protection delay tolerant network routing method Active CN111491294B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010265619.0A CN111491294B (en) 2020-04-07 2020-04-07 Switching-based privacy protection delay tolerant network routing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010265619.0A CN111491294B (en) 2020-04-07 2020-04-07 Switching-based privacy protection delay tolerant network routing method

Publications (2)

Publication Number Publication Date
CN111491294A CN111491294A (en) 2020-08-04
CN111491294B true CN111491294B (en) 2021-11-09

Family

ID=71813557

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010265619.0A Active CN111491294B (en) 2020-04-07 2020-04-07 Switching-based privacy protection delay tolerant network routing method

Country Status (1)

Country Link
CN (1) CN111491294B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116150445B (en) * 2023-04-04 2023-07-21 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Batch information query method, electronic equipment and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103297343A (en) * 2013-05-17 2013-09-11 华中科技大学 Routing method based on delay tolerant network

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102868602B (en) * 2012-10-12 2014-11-19 南京邮电大学 Improved routing method based on social correlation degree in delay tolerant network
CN104579957B (en) * 2014-12-04 2018-07-20 北京理工大学 The Delay Tolerant Network method for routing forwarded based on cohesion and time-constrain
WO2016179583A1 (en) * 2015-05-07 2016-11-10 University Of Florida Research Foundation, Inc. Ad-hoc social network (ahsn) system, ahsn-enabled device, and methods of use
CN107770771B (en) * 2017-09-22 2021-02-02 哈尔滨工业大学深圳研究生院 Routing method for adding privacy protection in opportunity network
CN109743728B (en) * 2019-01-21 2021-12-10 常熟理工学院 Privacy-protecting mobile social network routing method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103297343A (en) * 2013-05-17 2013-09-11 华中科技大学 Routing method based on delay tolerant network

Also Published As

Publication number Publication date
CN111491294A (en) 2020-08-04

Similar Documents

Publication Publication Date Title
Zheng et al. A traceable blockchain-based access authentication system with privacy preservation in VANETs
Wang et al. LIAP: A local identity-based anonymous message authentication protocol in VANETs
Maria et al. BBAAS: blockchain‐based anonymous authentication scheme for providing secure communication in VANETs
Kong et al. Achieving privacy-preserving and verifiable data sharing in vehicular fog with blockchain
Lu et al. A dynamic privacy-preserving key management scheme for location-based services in VANETs
Liu et al. Bua: A blockchain-based unlinkable authentication in vanets
Tan et al. A secure and authenticated key management protocol (SA-KMP) for vehicular networks
CN111211892B (en) Anti-quantum computing internet-of-vehicle system based on secret sharing and identity cryptography and authentication method thereof
Kong et al. A privacy-preserving and verifiable querying scheme in vehicular fog data dissemination
Kang et al. Highly efficient randomized authentication in VANETs
Zhong et al. Broadcast encryption scheme for V2I communication in VANETs
Xie et al. Provably secure and anonymous V2I and V2V authentication protocol for VANETs
Park et al. Pseudonymous authentication for secure V2I services in cloud-based vehicular networks
CN105262591A (en) Data-based network communication implementation method
Guo et al. Accountable attribute-based data-sharing scheme based on blockchain for vehicular ad hoc network
Liang et al. Analysis and improvement of an efficient certificateless aggregate signature with conditional privacy preservation in VANETs
Zhang et al. Cerberus: Privacy-preserving computation in edge computing
Kanchan et al. An efficient and privacy-preserving federated learning scheme for flying ad hoc networks
Dai et al. Pairing-free certificateless aggregate signcryption scheme for vehicular sensor networks
CN111491294B (en) Switching-based privacy protection delay tolerant network routing method
Gu et al. Multi-fogs-based traceable privacy-preserving scheme for vehicular identity in Internet of Vehicles
CN109743728B (en) Privacy-protecting mobile social network routing method
Wang et al. An anonymous data access scheme for VANET using pseudonym-based cryptography
Hao et al. Secure data downloading with privacy preservation in vehicular ad hoc networks
Sun et al. Ridra: A rigorous decentralized randomized authentication in VANETs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant