CN111491294B - Switching-based privacy protection delay tolerant network routing method - Google Patents
Switching-based privacy protection delay tolerant network routing method Download PDFInfo
- Publication number
- CN111491294B CN111491294B CN202010265619.0A CN202010265619A CN111491294B CN 111491294 B CN111491294 B CN 111491294B CN 202010265619 A CN202010265619 A CN 202010265619A CN 111491294 B CN111491294 B CN 111491294B
- Authority
- CN
- China
- Prior art keywords
- node
- information
- exchange
- transfer
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/009—Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W40/00—Communication routing or communication path finding
- H04W40/02—Communication route or path selection, e.g. power-based or shortest path routing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a privacy protection delay tolerant network routing method based on exchange, which can be used for obtaining meeting information and calculating a real utility value to forward messages while protecting privacy information by nodes. The invention discloses a privacy protection delay tolerant network routing method, which comprises the following steps: (10) system setting: the trusted authority issues system parameters, the mobile node registers, and the trusted authority carries out information digital signature and node communication signature; (20) node encounter record information generation: the transmission node meets the non-transmission node to generate node meeting record and abstract; signing the abstract information; (30) non-transfer node encounter record information exchange: non-transmission nodes meet to exchange meeting record information; (40) exchange encounter record information distribution: merging, deleting and adding exchange encounter records of the encounter nodes; (50) calculating a routing efficiency value: the transmission node calculates a real utility value; (60) message routing and forwarding: and message forwarding is carried out between the nodes.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a privacy protection delay tolerant network routing method based on exchange.
Background
The end-to-end communication of the traditional Internet wired network and manet (mobile Ad Hoc network) mobile network is assumed under the premise of network connectivity, and the end-to-end communication cannot be communicated under the network environment that long time delay and intermittent connection exist in a link. In order to effectively transfer data in the presence of intermittent connections in the network, researchers have proposed a new network architecture, namely, delay Tolerant network dtns (delay Tolerant networks). The DTNs are widely applied to the fields of mobile social networks, vehicle-mounted networks, disaster relief, environmental monitoring, military strategies and the like.
For efficient DTNs data transfer, related scholars have proposed some routing and distribution protocols. One common routing protocol in the DTNs is a routing protocol based on utility values, and in the protocol, when nodes meet, a routing utility value is calculated through meeting information, and then message forwarding is performed according to the size of the utility value. But if the real identification communication is adopted in the routing, privacy information such as the number of times of meeting, time, position, track and the like can be disclosed. In order to protect privacy information such as node identification and routing utility value, Kate A of the university of To. Lu, Canada, etc. proposes a first DTNs anonymous communication solution which proposes a DTNs security framework and ensures effective and secure communication through an identification-based encryption method (see the documents: Kate A, Zaaverucha G, Hengartner U.Anonym and security in delay networks [ C ]. Proc of IEEE Securicomm, Nice, France, 2007: 504-. Lu R X of the university of Lu-Lu and the like provide a privacy protection data forwarding protocol SPRING based on a social network aiming at an on-vehicle network. SPRING accomplishes highly reliable transmission by forwarding auxiliary packets of roadside units RSU deployed at the roadside, and also accomplishes condition privacy protection, preventing most attacks in vehicular networks (see the documents: Lu R X, Lin X D, Shen X M. SPRING: A social-based privacy-preserving packet for forwarding protocol [ C ]. Proc of IEEE INFOCOM2010, San Diego, USA, 2010: 1-9). While privacy protection can be achieved by anonymous real identifiers, the collection of encounter information based on real identifiers among nodes is prevented. In order to collect the meeting information between the nodes, the routing utility value of the node is calculated for message forwarding, and Chen K and the like propose a FaceChange strategy. The nodes in the FaceChange are communicated anonymously during connection, so that the nodes are prevented from identifying the real identification of the nodes to be attacked; when the network is disconnected, the meeting information is forwarded to the opposite node through other intermediate nodes. Although FaceChange can prevent nodes from being identified and attacked when meeting, meeting information obtained by intermediate nodes after the nodes leave is based on real node identification, so that privacy information such as meeting time, meeting position and the like is disclosed (see the literature: Chen K, Shen H Y. FaceChange: meeting neighbor node availability in mobile arbitrary network with fine-grained control. IEEE/ACM Transactions on network, 2017, 25 (2): 1176 1189). Miao J W et al propose a Privacy protection and prediction-based probabilistic routing protocol 4PR that compares aggregated information for the entire node community rather than individual node information to forward messages, thereby protecting the utility value Privacy of each node (see documents: Miao J W, Hasan O, Mokhtar S B, et al.4PR: Privacy prediction routing in mobile delay networks.computer Networks, 2016 (111): 17-28). Magasia N et al propose an enhanced privacy preserving opportunistic routing protocol ePRIVO. ePRIVO builds a time-varying neighbor graph model of the vehicle-mounted DTNs where an edge represents a neighbor relationship between a pair of vehicle nodes. And calculating the similarity by the vehicle nodes in ePRIVO and protecting the privacy information of the metric value through homomorphic encryption. Privacy is protected by protecting sensitive information of each node, and the routing utility value sizes are compared through An encryption strategy (see the literature: ePRIVO: An enhanced privacy-preserving routing protocol for contextual delay-based networks, IEEE Transactions on contextual Technology, 2018, 67 (11): 11154-.
In summary, the problems of the prior art are as follows: the privacy protection routing method aiming at the DTNs based on the utility value cannot obtain node encounter information and calculate the real utility value while protecting the node privacy information.
Disclosure of Invention
The invention aims to provide a privacy protection delay tolerant network routing method based on exchange, so that nodes can obtain meeting information and calculate a real utility value to forward messages while protecting privacy information.
The technical solution for realizing the purpose of the invention is as follows:
a privacy protection delay tolerant network routing method based on exchange comprises the following steps:
(10) system setting: the trusted authority issues system parameters, the mobile node registers, and the trusted authority carries out information digital signature and node communication signature;
(20) node encounter record information generation: the transmission node and the non-transmission node meet each other to generate a node meeting record containing information such as a record serial number, a pseudo-random identifier, meeting time and the like; generating an encounter record abstract through a hash function; respectively signing the summary information through a private key of the user;
(30) non-transfer node encounter record information exchange: non-transmission nodes meet, and meeting record information exchange is carried out according to the real utility value of each node and the transmission node and the utility value after the meeting record is exchanged;
(40) exchange encounter record information distribution: setting an information confirmation set by the encountering node, merging the information confirmation set, deleting the confirmed exchange encountering records, and adding the exchange encountering records which are existed in the node of the opposite side and are not existed in the node of the opposite side;
(50) calculating a routing efficiency value: when the non-transmission node exchanges the encounter record information and is sent to the transmission node, the transmission node decrypts the encounter record information through the shared secret key of the non-transmission node to obtain the exchanged non-transmission node identifier, and the exchanged non-transmission node identifier and the real utility value of the exchanged non-transmission node identifier are calculated;
(60) message routing and forwarding: and the non-transmission node sends the message, presents the real identification certificate and sends the message between the transmission node and the non-transmission node, and when the transmission nodes meet, the message is forwarded to the node with a large utility value. Compared with the prior art, the invention has the following remarkable advantages:
in the method, the encounter record information is exchanged when the non-transmission nodes meet, and the exchanged encounter record information is sent to the transmission node when the non-transmission nodes meet the transmission node, so that the transmission node calculates the real utility value of the non-transmission nodes and protects the real identification privacy information of the non-transmission nodes.
The utility value calculation of the mobile node can be directly carried out without depending on any credible third party in the protocol, and the protocol is suitable for DTNs with long time delay and frequent link interruption.
The invention is described in further detail below with reference to the figures and the detailed description.
Drawings
FIG. 1 is a main flow diagram of the switching-based privacy preserving delay tolerant network routing method of the present invention.
Fig. 2 is a flow chart of the system setup steps of fig. 1.
Fig. 3 is a system network model diagram.
FIG. 4 is an exemplary graph of encounter records.
Fig. 5 is a flowchart of the non-transit node encounter record information exchange step of fig. 1.
FIG. 6 is a schematic diagram of an encounter record exchange process.
FIG. 7 is a diagram of exchanged encounter records.
Fig. 8 is a flowchart of the exchange encounter record information distribution step in fig. 1.
Fig. 9 is a flowchart of the message route forwarding step in fig. 1.
Detailed Description
As shown in fig. 1, the switching-based privacy protection delay tolerant network routing method of the present invention includes the following steps:
(10) system setting: the trusted authority issues system parameters, the mobile node registers, and the trusted authority carries out information digital signature and node communication signature;
as shown in fig. 2, the (10) system setting step includes:
(11) releasing system parameters: the trusted authority adopts a symmetric encryption algorithm comprising a bilinear mapping technology and AES and a hash function issuing system parameter;
(12) mobile node registration: when the mobile node registers to the system, the trusted authority signs the real identifier of the mobile node through the master key to serve as the identity certificate of the mobile node, and meanwhile, a pseudo-random identifier set of the non-transfer node is generated; each pseudo-random identifier is generated by a random number, a symmetric encryption algorithm and a master key;
(13) information digital signature: based on the identification and the node public key, the trusted authority generates a node private key through a master key and a hash function so as to digitally sign information;
(14) and (3) node communication signature: when the non-transfer node and the transfer node communicate, a new pseudo-random identifier is adopted periodically to carry out node communication and information signature.
The network model of the DTNs system shown in FIG. 3 comprises a trusted authority TA (Trust Authorit)y), fixed network, mobile node 3 portion. The TA has rich system resources and is trusted, and is responsible for issuing public and private key certificates for each mobile node as a certificate authority to generate a node pseudo-random identifier. The fixed network comprises a wired Internet and a wireless access point AP and is responsible for connecting the TA and the mobile node. Mobile node N1~N8The representative carries the mobile device with high-speed short-distance wireless communication functions such as WIFI and Bluetooth.
The mobile node obtains the key and the node identification from the TA through the fixed network. The nodes being divided into message passing nodes NTAnd a non-passing node N. The non-transfer node generates a message and sends the message to the transfer node, and the transfer node transfers the message to the non-transfer destination node. The passing node is assumed to use a real identifier, the identifier of the passing node is public, the non-passing node adopts a pseudo-random identifier, the information such as the real identifier, the position and the like of the non-passing node is secret, and privacy protection is needed.
TA first generates bilinear parameters (q, P, G) from the security parameter k using bilinear mapping technique1,G2,ê),G1,G2Group of order q, P is the anagen, e: g1×G1→G2A non-degenerate, efficiently computable bilinear map; then selecting a random number s ∈ Z* qAs master key, PpubsP is a public key; finally, selecting AES (advanced encryption Standard) equal symmetric encryption algorithm Enc () and Hash function H1:{0,1}*→G1*,H2:G2→{0,1}nPublishing system parameters (q, G)1,G2,P,Ppub,ê,n,H1,H2And Enc ()), n is the length of the message to be encrypted.
When passing through the nodeWhen registering to the system, TA signs the ID through the main key s to generate certificate as the ID, and at the same time, through the main key s and the hash function H1Generating a public key corresponding to the identifierAnd a private key for digitally signing informationWhen the node N is not transmittingjWhen registering to the system, TA signs its true identification through the master key s, generates a certificate as its identification, and simultaneously generates NjPseudo-random identification set ofEach pseudo-random identification Pidj=Encs(NjR) is represented by a random number r and a node real identifier NjA symmetric encryption algorithm Enc () and a master key s. TA passes both the master key s and the hash function H1Generating a pseudo-random identity PidjCorresponding public key H1(Pidj) And a private key SK for digitally signing informationj=sH1(Pidj). When the mobile node communicates with the TA, a new pseudo-random identifier is periodically adopted to carry out node communication and information signature, so that the real identifier of the mobile node is hidden.
(20) Node encounter record information generation: the transmission node and the non-transmission node meet each other to generate a node meeting record containing information such as a record serial number, a pseudo-random identifier, meeting time and the like; generating an encounter record abstract through a hash function; respectively signing the summary information through a private key of the user;
suppose a passing nodeAnd a non-transfer node NjMeet, NjGenerating and connecting nodes by pseudo-random identification and private keySession key ofKey through sessionijEncrypting information to ensure information confidentiality, e.g. generatingThe encounter record information ER shown in FIG. 4ijWherein: seq is a record sequence number generated by each transfer node, and each sequence number in the system is a unique positive integer which cannot be repeated; pidjPseudo-random identification of nodes generated by an identification anonymization technique;… is a nodeAnd NjThe time of each encounter (other information such as encounter position may be included as necessary);SigPidjare respectively nodesAnd NjThe digital signature of (1). The digest information is signed by a private key of the device to ensure the integrity of the information.
(30) Non-transfer node encounter record information exchange: non-transmission nodes meet, and meeting record information exchange is carried out according to the real utility value of each node and the transmission node and the utility value after the meeting record is exchanged;
if the non-transfer node directly informs the transfer node of the real identification, the transfer node can obtain the meeting time, the meeting position and other privacy information between the transfer node and the non-transfer node according to the meeting record information. In order to protect the real identification, the approximate meeting information of the same transfer node is exchanged when meeting between the non-transfer nodes.
As shown in fig. 5, the (30) non-transfer node encounter record information exchanging step includes:
(31) the non-transfer node calculates: n is a radical ofjSeparate compute and transfer nodeTrue utility value ofAnd NkExchanging utility values after encounter recordsNkSeparate compute and transfer nodeTrue utility value ofAnd NjExchanging utility values after encounter records
(32) Non-transfer node information exchange: if it is notAndif the error ranges are smaller than the error range specified according to the requirement, the encounter record information is exchanged, and the exchanged encounter record information containing the real identification of the exchange node is generated.
Transfer nodeAnd a non-transfer node NjAt t1The time points of the two-dimensional images meet each other,and a non-transfer node NkAt t2Meet at a moment. The working principle is shown in fig. 6.
NjSeparate compute and transfer nodeTrue utility value ofAnd NkAfter exchanging the encounter recordsUtility value ofNkSeparate compute and transfer nodeTrue utility value ofAnd NjExchanging utility values after encounter recordsIf it is notAnd if the error range is specified according to needs, executing the step 2) to exchange the meeting record information, otherwise, not exchanging.
Node NkIdentify the true NkIs sent to Nj,NjBy andkey shared between themijEncryption node identification NkAnd other encounter record information except the record serial number to ensure information confidentiality, then signing to ensure information integrity certification, and finally generating two exchange encounter record information ER 'shown in figure 7'ijOne reserved for itself and one sent to Nk。NjSending self information to NkAnd generates encounter record information ER'ikThe procedure is the same as above.
(40) Exchange encounter record information distribution: setting an information confirmation set by the encountering node, merging the information confirmation set, deleting the confirmed exchange encountering records, and adding the exchange encountering records which are existed in the node of the opposite side and are not existed in the node of the opposite side;
in order to reduce the repeated distribution of the encounter record information, each node is provided with an information confirmation set for storing the exchange encounter record information sequence number received by the transfer node.
As shown in fig. 8, the (40) exchanging encounter record information distributing step includes:
(41) information confirmation set setting: each node is provided with an information confirmation set used for storing the exchange encounter record information sequence number received by the transfer node;
(42) and (3) information confirmation set merging: when two nodes meet, carrying out parallel operation on the self information confirmation set and the confirmation set of the node of the other side to obtain a new confirmation set;
(43) exchange encounter record deletion: according to the new information confirmation set, the node deletes the confirmed exchange meeting record in the record set;
(44) exchange encounter record addition: and adding the exchange encounter record information which is owned by the opposite node and not owned by the opposite node into the exchange encounter record set of the opposite node.
And when the two nodes meet, carrying out parallel operation on the self information confirmation set and the confirmation set of the node of the opposite side to obtain a new confirmation set. And according to the new information confirmation set, the node deletes the confirmed exchange meeting record in the record set. And adding the exchange encounter record information which is owned by the opposite node and not owned by the opposite node into the exchange encounter record set of the opposite node. Through the distribution of the exchanged encounter record information among the nodes, the encounter record information can quickly reach the transfer node, and therefore the routing efficiency value is calculated.
(50) Calculating a routing efficiency value: when the non-transmission node exchanges the encounter record information and is sent to the transmission node, the transmission node decrypts the encounter record information through the shared secret key of the non-transmission node to obtain the exchanged non-transmission node identifier, and the exchanged non-transmission node identifier and the real utility value of the exchanged non-transmission node identifier are calculated;
when N is presentkAnd NjThe exchanged record information is sent to the transfer nodeWhen the temperature of the water is higher than the set temperature,through with NjShared secret Key ofijCarry out decryptionObtaining the meeting node identification Nk(the true identity is Nj). Since the session key is only providedAnd NjIn common, and therefore based on the signed encounter record and the session key,consider the identifier NkIs true, then the AND node N is calculatedkThe utility value of (c). In the same way, NjAnd NkExchanged information ER'ikIs sent toWhen the temperature of the water is higher than the set temperature,through with NkShared secret Key ofikCarry out decryptionObtaining the meeting node identification Nj(the true identity is Nk). Based on the signed encounter record and the session key,consider the identifier NjIs true, then the AND node N is calculatedjThe utility value of (c).
Decrypting the encounter record information to obtain the non-transfer node NjAfter identification, the node is transferredThe routing efficiency value is calculated according to the following equation.
Uij=Uij(old)+(1-Uij(old))×Uinit,0<Uinit≤1,0≤Uij≤1
In the formula of UijIs a nodeAnd NjEfficiency value, U, after encounter updateij(old)To update the pre-efficiency value, UinitTo initialize the constants.
(60) Message routing and forwarding: and the non-transmission node sends the message, presents the real identification certificate and sends the message between the transmission node and the non-transmission node, and when the transmission nodes meet, the message is forwarded to the node with a large utility value.
As shown in fig. 9, the (60) message routing and forwarding step includes:
(61) message sending of non-transfer nodes: when the transfer node and the non-transfer node meet, the non-transfer node sends the message to the transfer node;
(62) presenting a true identification certificate of a non-transfer node: the non-transfer node checks the message set of the transfer node, and if finding that the target node is the message of the non-transfer node, the non-transfer node presents a real identification certificate signed by the TA master key;
(63) message sending of a transfer node: the transfer node determines the TA master key signature as a message destination node according to the true identifier of the TA master key signature, and sends the message to the non-transfer node;
(64) forwarding the large utility value node message: when two transfer nodes meet, the utility values are compared, and the message is forwarded to the node with the large utility value.
Preferably, in the step of forwarding (64) the node message with high utility value, the utility value is compared by using the problem of the fukung yao.
When a transitive node and a non-transitive node meet, the non-transitive node sends a message to the transitive node. And the non-transfer node checks the message set of the transfer node, and if finding that the destination node is the message of the non-transfer node, the non-transfer node presents the real identification certificate signed by the TA master key. And the transfer node determines that the transfer node is the destination node of the message according to the true identifier signed by the TA master key and sends the message to the non-transfer node.
In order to ensure the anonymity of the destination node of the message, a non-transfer node can select a friend node with close relationship to exchange a real identification certificate signed by a TA master key, firstly receives the message of the other party and then exchanges the message back.
When two transfer nodes meet, the utility values are compared, and the message is forwarded to the node with the large utility value. In order to ensure the privacy of the utility value, the utility value is compared by the problem of the radix tabani yao.
When two nodes meet, in order to realize the comparison of the sizes of the efficiency relations between the nodes without revealing the real efficiency of each other, the efficiency information protection problem is abstracted into the problem of the million of the Chinese Yao. The yao million Fuji problem is a Secure Multi-party computing SMC (Secure Multi-party computing) problem that enables multiple participants with private data to collaborate on computing using their private data without revealing their private data.
Claims (5)
1. A privacy protection delay tolerant network routing method based on exchange is characterized by comprising the following steps:
(10) system setting: the trusted authority issues system parameters, the mobile node registers, and the trusted authority carries out information digital signature and node communication signature;
(20) node encounter record information generation: the method comprises the steps that a transfer node and a non-transfer node meet each other, and node meeting records containing record serial numbers, pseudo-random identifications and meeting moment information are generated; generating an encounter record abstract through a hash function; respectively signing the summary information through a private key of the user;
(30) non-transfer node encounter record information exchange: non-transmission nodes meet, and meeting record information exchange is carried out according to the real utility value of each node and the transmission node and the utility value after the meeting record is exchanged;
(40) exchange encounter record information distribution: the encountering node sets an information confirmation set, merges the information confirmation set, deletes the confirmed exchange encountering records, and adds the exchange encountering records which the node of the opposite side has but does not have;
(50) calculating a routing efficiency value: when the non-transmission node exchanges the meeting record information and is sent to the transmission node, the transmission node decrypts through the shared secret key of the non-transmission node to obtain the exchanged non-transmission node identification, and the real utility value of the transmission node and the non-transmission node is calculated;
(60) message routing and forwarding: the non-transmission node sends a message between the transmission node and the non-transmission node, the real identification certificate is shown, and the transmission node sends the message; when the transmission nodes meet, the message is forwarded to the node with a large utility value;
the (30) non-transitive node encounter record information exchanging step includes:
(31) the non-transfer node calculates: n is a radical ofjSeparate compute and transfer nodeTrue utility value ofAnd NkExchanging utility values after encounter recordsNkSeparate compute and transfer nodeTrue utility value ofAnd NjExchanging utility values after encounter records
(32) Non-transfer node information exchange: if it is notAndif the error ranges are smaller than the error range specified according to the requirement, the meeting record information exchange is carried out,generating exchange meeting record information containing exchange node real identification;
2. The privacy-preserving delay-tolerant network routing method of claim 1, wherein the (10) system-setting step comprises:
(11) releasing system parameters: the trusted authority issues system parameters by adopting a bilinear mapping technology, an AES symmetric encryption algorithm and a hash function;
(12) mobile node registration: when the mobile node registers to the system, the trusted authority signs the real identifier of the mobile node through the master key, and the signed real identifier is used as the identity certificate of the mobile node, and meanwhile, a pseudo-random identifier set of the non-transfer node is generated; each pseudo-random identifier is generated by a random number, a symmetric encryption algorithm and a master key;
(13) information digital signature: based on the identification and the node public key, the trusted authority generates a node private key through a master key and a hash function so as to digitally sign information;
(14) and (3) node communication signature: when the non-transfer node and the transfer node communicate, a new pseudo-random identifier is adopted periodically to carry out node communication and information signature.
3. The privacy-preserving delay-tolerant network routing method of claim 1, wherein the (40) exchanging encounter record information distribution step comprises:
(41) information confirmation set setting: each node is provided with an information confirmation set used for storing the exchange encounter record information sequence number received by the transfer node;
(42) and (3) information confirmation set merging: when two nodes meet, carrying out parallel operation on the self information confirmation set and the confirmation set of the node of the other side to obtain a new confirmation set;
(43) exchange encounter record deletion: according to the new information confirmation set, the node deletes the confirmed exchange meeting record in the record set;
(44) exchange encounter record addition: and adding the exchange encounter record information which is owned by the opposite node and not owned by the opposite node into the exchange encounter record set of the opposite node.
4. The privacy-preserving delay-tolerant network routing method of claim 3, wherein the message routing forwarding step (60) comprises:
(61) when the transmission node and the non-transmission node meet, the non-transmission node sends the message to the transmission node;
(62) presenting a true identification certificate of a non-transfer node: the non-transfer node checks the message set of the transfer node, and if finding that the destination node is the message of the non-transfer node, the non-transfer node presents a real identification certificate signed by the master key of the trusted authority;
(63) message sending of a transfer node: the transfer node determines the non-transfer node as a message destination node according to the real identifier signed by the main key of the trusted authority, and sends the message to the non-transfer node;
(64) forwarding the large utility value node message: when two transfer nodes meet, the utility values are compared, and the message is forwarded to the node with the large utility value.
5. The privacy-preserving delay-tolerant network routing method of claim 4, wherein:
and in the step of forwarding the node message with the large utility value (64), utility value comparison is carried out through the problem of the Fuji of Yao.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010265619.0A CN111491294B (en) | 2020-04-07 | 2020-04-07 | Switching-based privacy protection delay tolerant network routing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010265619.0A CN111491294B (en) | 2020-04-07 | 2020-04-07 | Switching-based privacy protection delay tolerant network routing method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111491294A CN111491294A (en) | 2020-08-04 |
CN111491294B true CN111491294B (en) | 2021-11-09 |
Family
ID=71813557
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010265619.0A Active CN111491294B (en) | 2020-04-07 | 2020-04-07 | Switching-based privacy protection delay tolerant network routing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111491294B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116150445B (en) * | 2023-04-04 | 2023-07-21 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | Batch information query method, electronic equipment and storage medium |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103297343A (en) * | 2013-05-17 | 2013-09-11 | 华中科技大学 | Routing method based on delay tolerant network |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102868602B (en) * | 2012-10-12 | 2014-11-19 | 南京邮电大学 | Improved routing method based on social correlation degree in delay tolerant network |
CN104579957B (en) * | 2014-12-04 | 2018-07-20 | 北京理工大学 | The Delay Tolerant Network method for routing forwarded based on cohesion and time-constrain |
WO2016179583A1 (en) * | 2015-05-07 | 2016-11-10 | University Of Florida Research Foundation, Inc. | Ad-hoc social network (ahsn) system, ahsn-enabled device, and methods of use |
CN107770771B (en) * | 2017-09-22 | 2021-02-02 | 哈尔滨工业大学深圳研究生院 | Routing method for adding privacy protection in opportunity network |
CN109743728B (en) * | 2019-01-21 | 2021-12-10 | 常熟理工学院 | Privacy-protecting mobile social network routing method |
-
2020
- 2020-04-07 CN CN202010265619.0A patent/CN111491294B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103297343A (en) * | 2013-05-17 | 2013-09-11 | 华中科技大学 | Routing method based on delay tolerant network |
Also Published As
Publication number | Publication date |
---|---|
CN111491294A (en) | 2020-08-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zheng et al. | A traceable blockchain-based access authentication system with privacy preservation in VANETs | |
Wang et al. | LIAP: A local identity-based anonymous message authentication protocol in VANETs | |
Maria et al. | BBAAS: blockchain‐based anonymous authentication scheme for providing secure communication in VANETs | |
Kong et al. | Achieving privacy-preserving and verifiable data sharing in vehicular fog with blockchain | |
Lu et al. | A dynamic privacy-preserving key management scheme for location-based services in VANETs | |
Liu et al. | Bua: A blockchain-based unlinkable authentication in vanets | |
Tan et al. | A secure and authenticated key management protocol (SA-KMP) for vehicular networks | |
CN111211892B (en) | Anti-quantum computing internet-of-vehicle system based on secret sharing and identity cryptography and authentication method thereof | |
Kong et al. | A privacy-preserving and verifiable querying scheme in vehicular fog data dissemination | |
Kang et al. | Highly efficient randomized authentication in VANETs | |
Zhong et al. | Broadcast encryption scheme for V2I communication in VANETs | |
Xie et al. | Provably secure and anonymous V2I and V2V authentication protocol for VANETs | |
Park et al. | Pseudonymous authentication for secure V2I services in cloud-based vehicular networks | |
CN105262591A (en) | Data-based network communication implementation method | |
Guo et al. | Accountable attribute-based data-sharing scheme based on blockchain for vehicular ad hoc network | |
Liang et al. | Analysis and improvement of an efficient certificateless aggregate signature with conditional privacy preservation in VANETs | |
Zhang et al. | Cerberus: Privacy-preserving computation in edge computing | |
Kanchan et al. | An efficient and privacy-preserving federated learning scheme for flying ad hoc networks | |
Dai et al. | Pairing-free certificateless aggregate signcryption scheme for vehicular sensor networks | |
CN111491294B (en) | Switching-based privacy protection delay tolerant network routing method | |
Gu et al. | Multi-fogs-based traceable privacy-preserving scheme for vehicular identity in Internet of Vehicles | |
CN109743728B (en) | Privacy-protecting mobile social network routing method | |
Wang et al. | An anonymous data access scheme for VANET using pseudonym-based cryptography | |
Hao et al. | Secure data downloading with privacy preservation in vehicular ad hoc networks | |
Sun et al. | Ridra: A rigorous decentralized randomized authentication in VANETs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |