CN112543187A - Industrial Internet of things safety data sharing method based on edge block chain - Google Patents
Industrial Internet of things safety data sharing method based on edge block chain Download PDFInfo
- Publication number
- CN112543187A CN112543187A CN202011346549.8A CN202011346549A CN112543187A CN 112543187 A CN112543187 A CN 112543187A CN 202011346549 A CN202011346549 A CN 202011346549A CN 112543187 A CN112543187 A CN 112543187A
- Authority
- CN
- China
- Prior art keywords
- internet
- key
- things
- shared data
- symmetric
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention discloses a security data sharing method for an industrial Internet of things based on a marginal zone block chain, and relates to the field of data security. Aiming at the problems of poor safety and low sharing efficiency of the existing shared data, the scheme is adopted: the key generation center generates global parameters and partial private keys for the Internet of things equipment, and the partial private keys generate real private keys based on secret values; the Internet of things equipment respectively executes a symmetric encryption algorithm, a Hash algorithm and an LSH algorithm on the shared data to obtain a ciphertext, an abstract and an LSH value, establishes an index, generates a signature and sends the signature to the edge equipment; the edge device verifies the validity of the signature; the key of the symmetric encryption algorithm is fragmented by the Internet of things equipment and shared to the edge equipment; when other Internet of things equipment requests to access shared data, the intelligent contract verifies the authority of the other Internet of things equipment, a consensus algorithm is executed, ciphertext and t fragments are obtained through matching, the Internet of things equipment which sends the request verifies the validity of the t fragments, and the ciphertext is decrypted. The invention can realize the quick response of data sharing.
Description
Technical Field
The invention relates to the technical field of block chains and information security, in particular to a security data sharing method of an industrial Internet of things based on a marginal block chain.
Background
With the rapid development of the Internet of things, communication technologies and industry 4.0, various Internet of things devices are connected to the Internet through some communication technologies (such as wifi, zigbee and the like), so that various value-added and friendly services are provided for users. The industrial field is widely applied to the fields of intelligent cities, intelligent transportation, intelligent medical treatment, intelligent power grids and the like. According to Gartner's forecast, the internet of things market size will grow three times by 2024. In 2014, the investment scale of the internet of things is 9000 hundred million dollars. It is expected that by 2024, there will be $ 4.3 trillion, and the number of IoT devices connected to the network will exceed $ 300 billion. A large number of internet of things devices may generate a large amount of data, however, IoT devices are resource constrained (e.g., limited storage and computing resources) and they cannot handle such large data streams. Therefore, in the conventional internet of things platform, various data generated by the internet of things device are processed through the cloud. The cloud may handle a large number of computing tasks. However, when a large number of internet of things devices in the industrial internet of things send requests to the cloud, network congestion may be caused, and quick response is not possible. Moreover, the cloud is located at the remote end, and may take a long time to process the data request of the IoT device, and may not provide a better service.
In order to provide better service and maximum revenue, the cooperation among the internet of things devices is gradually increased. Therefore, they need to share information and collaborate to accomplish the same task. However, data generated by the internet of things devices may contain sensitive information. Given the privacy of the user, many IoT devices in IIoT are reluctant to share their data. Furthermore, existing internet of things data sharing schemes are mostly based on centralized servers, which greatly increases the risk of data leakage and communication overhead, especially in a distributed environment. In addition, an unauthorized user may perform malicious operations (such as data tampering or counterfeiting) on the shared data without permission of the data provider, resulting in data leakage. In general, a large amount of data is stored in a cloud server, and the cloud is "semi-trusted", the privacy of a user may be leaked by the cloud server for commercial benefit, and the reliability and confidentiality of the data are difficult to guarantee. Meanwhile, with the development of the internet of things network, the generated data is greatly increased, the investment and maintenance cost of the centralized server is very high, the efficiency is very low, and the exponential growth of the data is difficult to deal with.
Therefore, a safe data sharing method is urgently needed to ensure the safety and reliability of shared data, improve the data sharing efficiency and ensure that a data provider can control the data.
Disclosure of Invention
Aiming at the requirements and the defects of the prior art development, the invention provides a security data sharing method of the industrial Internet of things based on a marginal zone block chain.
The invention discloses a security data sharing method of an industrial Internet of things based on a marginal area block chain, which adopts the following technical scheme for solving the technical problems:
an industrial Internet of things security data sharing method based on an edge block chain is based on a key generation center, edge equipment, Internet of things equipment, a block chain constructed by a plurality of edge equipment, a cloud and an intelligent contract, and the process of realizing data sharing comprises the following steps:
step S1, the key generation center is a credible third party, initializes the key generation center, and can generate global parameters and key pairs, wherein the key pairs comprise a main public key and a main private key;
step S2, the key generation center generates a public key and a part of private keys for the Internet of things equipment, the generated public key is published, the generated part of private keys is sent to the Internet of things equipment by the key generation center, the Internet of things equipment randomly selects a secret value, and the part of private keys generate real private keys based on the secret value;
s3, encrypting the shared data by the Internet of things equipment by using a symmetric key generated by a symmetric encryption algorithm to obtain a ciphertext; the Internet of things equipment hashes the shared data by adopting a hashing algorithm to obtain a shared data abstract; the Internet of things equipment performs local sensitive hashing on the shared data by adopting an LSH algorithm to obtain an LSH value; establishing an index based on the shared data digest and the lsh value, generating a signature based on a public key and a real private key, and then sending the ciphertext, the index and the signature to the edge device by the Internet of things device;
step S4, the edge device verifies the validity of the signature, after the verification is passed, the edge device records the shared data abstract, the index and the signature on a block chain, and sends the ciphertext to the cloud; the Internet of things equipment divides a symmetric key generated by a symmetric encryption algorithm into n fragments, and shares the n fragments to n edge devices;
step S5, when another Internet of things device requests to access shared data, the access authority of the Internet of things device is verified by the intelligent contract, when the Internet of things device has the authority, the intelligent contract executes a search algorithm, the matched shared data abstract is recorded on a block chain in a transaction mode, after the transaction is monitored by the cloud, a ciphertext of the matched shared data abstract is returned to the Internet of things device sending the request, t pieces of fragments on the t matched edge devices are transmitted to the Internet of things device sending the request, the Internet of things device sending the request verifies the validity of all the fragments, if the verification is valid, a symmetric key of the matched shared data is restored, the ciphertext is decrypted by using the restored symmetric key, and the shared data requesting to access are obtained.
Optionally, in step S1,
the generated global parameters and the main public key are firstly sent to the edge device by the key generation center, and then are recorded on the block chain and disclosed after the edge device is subjected to consensus operation;
the generated master private key is kept secret.
Optionally, in step S5, when another internet of things device requests to access the shared data, the smart contract invokes the access control list to verify the access right of the internet of things device, and filters out the internet of things devices without access right.
Optionally, step S1 is executed, the key generation center is initialized, and a global parameter and a key pair are generated, where the key pair includes a master public key and a master private key, and the specific process is as follows:
s1.1, inputting a security parameter lambda in a key generation center, and selecting three q-order cyclic groups G1、G2And GTWherein P is G1Q is G2A generator of (2);
s1.2, selecting a symmetrical bilinear mapping function e in a key generation center: g1×G2→GT;
S1.3, selecting three anti-collision Hash functions H in a key generation center1、H2And H3Wherein, in the step (A),
s1.5, calculating g ═ e (P, P);
s1.6, calculate the master public key mpk, expressed as mpk ═ S · P,
calculating a master private key msk, wherein the expression is as follows: msk ═ s;
s1.7, obtaining a global parameter params which is equal to { G ═ G1,G2,e,P,Q,mpk,H1,H2,H3}。
Further optionally, step S2 is executed, and the specific process of obtaining the true private key is:
s2.1, the secret key generation center generates partial private keys PPi for the Internet of things equipmentskPartial private Key PPiskThe expression of (a) is:
wherein s is selected fromIn a randomly selected secret value, P is G1The generation element of (a) is generated,a number representing the ith internet of things device,hash of the ith internet of things device;
step S2.2, the key generation center generates a public key for the Internet of things equipmentPublic keyThe expression of (a) is:
wherein the content of the first and second substances,which is a key generation center slaveOf a randomly selected one of the secret values, mpk denotes the master public key,for hash of the ith Internet of things device, P is G1A generator of (2);
step S2.3, partial private Key PPi based on step S2.1skAnd in step S2.2 the key generation centreMedium random selectionA secret value svalCalculating to obtain the true private keyTrue private keyThe expression of (a) is:
further optionally, step S3 is executed, and the specific step of establishing the index is:
s3.1.1, the Internet of things equipment hashes the shared data by adopting a hashing algorithm to obtain a shared data abstractShared data summarizationThe following formula is satisfied:
wherein m isiRepresenting shared data, H2(mi) Representing shared data miThe hash value of (1);
s3.1.2, the Internet of things equipment carries out local sensitive hashing on the shared data by adopting an LSH algorithm to obtain LSH value, and the shared data is summarized based on the shared dataAnd lsh value establishes an index, which is of the form:
further optionally, step S3 is executed, and after the index is established, the specific process of generating the signature is as follows:
step S3.2.1, the internet of things equipmentIn randomly selecting a secret value gammaiCalculatingWherein g ═ e (P, P), e denotes a symmetric bilinear mapping function;
s3.2.2, encrypting the shared data by the Internet of things equipment by using the symmetric key generated by the symmetric encryption algorithm to obtain a ciphertext ciSaid ciphertext ciExpression (c):
ci=Enck(mi),
wherein m isiRepresenting shared data;
step S3.2.3, calculating h by the Internet of things equipmenti,hiThe expression of (a) is:
wherein, ciA ciphertext is represented in a form that is,denotes a public key, RiCalculated by the equipment of the Internet of things, H3Representing an anti-collision hash function;
step S3.2.4, calculating S by Internet of things equipmenti,SiThe expression of (a) is:
wherein, γiIs fromOf a randomly selected one of the secret values,a summary of the shared data is represented,represents the true private key;
step S3.2.5, calculating h based on step S3.2.3iAnd S calculated in step S3.2.4iConstructing the signature σi=(hi,Si)。
Further optionally, executing step S4, the edge device verifying the validity of the signature includes the following steps:
step S4.1.1, calculating R 'by edge equipment'i,R′iThe expression of (a) is:
wherein e denotes a symmetric bilinear mapping function, SiIs calculated by the equipment of the Internet of things,which represents the public key(s),represents a shared data digest, hiThe method is obtained by calculating the Internet of things equipment;
step S4.1.2, the edge device calculates h'i,h′iThe expression of (a) is:
wherein H3Representing an anti-collision hash function, ciRepresents ciphertext, R'iIs calculated by the edge device and is obtained,representing a public key;
Verify if the following equation holds:
if the above equation is true, the edge device will share the data index and the shared data summaryRecording to block chain, and recording the ciphertext ciUploading onto the cloud.
Further optionally, step S4 is executed, where the internet of things device divides the symmetric key generated by the symmetric encryption algorithm into n pieces, and the specific operation is:
numbering based on edge devicesThe Internet of things equipment divides the symmetric key by using a sharer key sharing algorithm to obtain n sharded Frags, wherein the sharded FragsiThe ith slice, slice Frag, representing a symmetric keyiThe following expression is satisfied:
wherein the content of the first and second substances,j power of number of the ith edge device, t number of the symmetric key, FjFor positive integers randomly selected in a finite field, FjJ in (1) represents a positive integer selected at the jth time, and S represents a symmetric key.
Further optionally, when step S5 is executed, the internet of things device that sends the request decrypts the ciphertext by using the recovered symmetric key to obtain the shared data that is requested to be accessed, and the specific operations are as follows:
step S5.1, the Internet of things equipment sending the request calculates psi, and the expression of psi is as follows:
wherein the content of the first and second substances,j power of number of the ith edge device, t number of the symmetric key, FjFor positive integers randomly selected in a finite field, FjWherein j represents a positive integer selected at the j time, and P is G1Q is G2E represents a symmetric bilinear mapping function;
wherein P is G1Q is G2E represents a symmetric bilinear mapping function, and S represents a symmetric key;
s5.3, the t edge devices return the t fragments Frag to the requesting Internet of things device, and the requesting Internet of things device passes psi andverifying the validity of the fragment, wherein the verification adopts the following expression:
wherein t represents the number of fragments of the symmetric key, e represents the symmetric bilinear mapping function, and FjFor positive integers randomly selected in a finite field, FjWherein j represents a positive integer selected at the j time, and P is G1Q is G2The generation element of (a) is generated,j power of the number representing the ith edge device, S symmetric key, FragiAn ith slice representing a symmetric key;
step S5.4, if the verification equation in the step S5.3 is established, the Internet of things equipment which sends the request recovers the symmetric key, and the recovery symmetric key adopts the following expression:
wherein F (0) is a symmetric key, FragiIs the ith slice of the symmetric key, FiFor positive integers randomly selected in a finite field, FiI in (a) represents a positive integer selected at the ith time,indicates the number of the ith edge device,denotes the number of the jth edge device, t denotes the number of slices of the symmetric key,
and finally, the obtained F (0) is the symmetric key, and the Internet of things equipment sending the request decrypts the ciphertext by adopting the symmetric key to obtain the shared data requested to be accessed.
Compared with the prior art, the industrial Internet of things safety data sharing method based on the edge block chain has the following beneficial effects:
(1) according to the method, the edge device is used for constructing the block chain, the quick response of data sharing can be realized, the shared data is encrypted by adopting a symmetric encryption algorithm, the confidentiality and the unforgeability of the shared data are ensured, the encryption efficiency is improved, the access control is carried out based on the access control list, and the access of the Internet of things device to the shared data is limited;
(2) according to the invention, the symmetric key is divided by adopting a sharer key sharing algorithm and shared to a plurality of edge devices, so that the key security of a data provider is ensured, and the efficient large-scale data search of the Internet of things device is realized by adopting an LSH algorithm.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
In order to make the technical scheme, the technical problems to be solved and the technical effects of the present invention more clearly apparent, the following technical scheme of the present invention is clearly and completely described with reference to the specific embodiments.
The first embodiment is as follows:
with reference to fig. 1, the embodiment provides an industrial internet of things security data sharing method based on an edge block chain, where the process of implementing data sharing based on six parts, namely a block chain, a cloud, and an intelligent contract, constructed by a key generation center, edge devices, internet of things devices, and a plurality of edge devices includes:
step S1, the key generation center is a trusted third party, initializes the key generation center, and may generate a global parameter and a key pair, where the key pair includes a master public key and a master private key, and the specific operation of this step is:
s1.1, inputting a security parameter lambda in a key generation center, and selecting three q-order cyclic groups G1、G2And GTWherein P is G1Q is G1A generator of (2);
s1.2, selecting a symmetrical bilinear mapping function e in a key generation center: g1×G2→GT;
S1.3, selecting three anti-collision Hash functions H in a key generation center1、H2And H3Wherein, in the step (A),
s1.5, calculating g ═ e (P, P);
s1.6, calculate the master public key mpk, expressed as mpk ═ S · P,
calculating a master private key msk, wherein the expression is as follows: msk ═ s;
s1.7, obtaining a global parameter params which is equal to { G ═ G1,G2,e,P,Q,mpk,H1,H2,H3}。
In the step, the generated global parameters and the main public key are firstly sent to the edge device by the key generation center, and then are recorded on the block chain and disclosed after the edge device is subjected to consensus operation; the generated master private key is kept secret.
Step S2, the key generation center generates a public key and a part of private key for the Internet of things equipment, the generated public key is published, the generated part of private key is sent to the Internet of things equipment by the key generation center, the Internet of things equipment randomly selects a secret value, the part of private key generates a real private key based on the secret value, and the specific operation is as follows:
s2.1, the secret key generation center generates partial private keys PPi for the Internet of things equipmentskPartial private Key PPiskThe expression of (a) is:
wherein s is selected fromIn a randomly selected secret value, P is G1The generation element of (a) is generated,a number representing the ith internet of things device,hash of the ith internet of things device;
step S2.2, the key generation center generates a public key for the Internet of things equipmentPublic keyThe expression of (a) is:
wherein the content of the first and second substances,which is a key generation center slaveOf a randomly selected one of the secret values, mpk denotes the master public key,for hash of the ith Internet of things device, P is G1A generator of (2);
step S2.3, partial private Key PPi based on step S2.1skAnd in step S2.2 the key generation centreOf a randomly selected secret value svalCalculating to obtain the true private keyTrue private keyThe expression of (a) is:
s2.1, the secret key generation center generates partial private keys PPi for the Internet of things equipmentskPartial private Key PPiskThe expression of (a) is:
wherein s is selected fromIn a randomly selected secret value, P is G1The generation element of (a) is generated,a number representing the ith internet of things device,hash of the ith internet of things device;
step S2.2, the key generation center generates a public key for the Internet of things equipmentPublic keyThe expression of (a) is:
wherein the content of the first and second substances,which is a key generation center slaveOf a randomly selected one of the secret values, mpk denotes the master public key,for hash of the ith Internet of things device, P is G1A generator of (2);
step S2.3, partial private Key PPi based on step S2.1skAnd in step S2.2 the key generation centreOf a randomly selected secret value svalCalculating to obtain the true private keyTrue private keyThe expression of (a) is:
s3, encrypting the shared data by the Internet of things equipment by using a symmetric key generated by a symmetric encryption algorithm to obtain a ciphertext; the Internet of things equipment hashes the shared data by adopting a hashing algorithm to obtain a shared data abstract; the Internet of things equipment performs local sensitive hashing on the shared data by adopting an LSH algorithm to obtain an LSH value; an index is built based on the shared data digest and the lsh value, a signature is generated based on the public key and the true private key, and then the internet of things device sends the ciphertext, the index and the signature to the edge device.
In this step, the specific steps of establishing an index based on the shared data digest and the lsh value are as follows:
s3.1.1, the Internet of things equipment hashes the shared data by adopting a hashing algorithm to obtain a shared data abstractShared data summarizationThe following formula is satisfied:
wherein m isiRepresenting shared data, H2(mi) Representing shared data miThe hash value of (1);
s3.1.2, the Internet of things equipment carries out local sensitive hashing on the shared data by adopting an LSH algorithm to obtain LSH value, and the shared data is summarized based on the shared dataAnd lsh value establishes an index, which is of the form:
the specific process of generating a signature based on the shared data digest and the lsh value is as follows:
step S3.2.1, the internet of things equipmentIn randomly selecting a secret value gammaiCalculatingWherein g ═ e (P, P), e denotes a symmetric bilinear mapping function;
s3.2.2, encrypting the shared data by the Internet of things equipment by using the symmetric key generated by the symmetric encryption algorithm to obtain a ciphertext ciSaid ciphertext ciExpression (c):
ci=Enck(mi),
wherein m isiRepresenting shared data;
step S3.2.3, calculating h by the Internet of things equipmenti,hiThe expression of (a) is:
wherein, ciA ciphertext is represented in a form that is,denotes a public key, RiCalculated by the equipment of the Internet of things, H3Representing an anti-collision hash function;
step S3.2.4, calculating S by Internet of things equipmenti,SiThe expression of (a) is:
wherein, γiIs fromOf a randomly selected one of the secret values,a summary of the shared data is represented,represents the true private key;
step S3.2.5, calculating h based on step S3.2.3iAnd S calculated in step S3.2.4iConstructing the signature σi=(hi,Si)。
Step S4, the edge device verifies the validity of the signature, after the verification is passed, the edge device records the shared data abstract and the index to a block chain, and sends the ciphertext to the cloud; the Internet of things equipment divides the symmetric key generated by the symmetric encryption algorithm into n fragments, and shares the n fragments with n edge devices.
In this step, the edge device verifies the validity of the signature, including the following steps:
step S4.1.1, calculating R 'by edge equipment'i,R′iThe expression of (a) is:
wherein e denotes a symmetric bilinear mapping function, SiIs calculated by the equipment of the Internet of things,which represents the public key(s),represents a shared data digest, hiThe method is obtained by calculating the Internet of things equipment;
step S4.1.2, the edge device calculates h'i,h′iThe expression of (a) is:
wherein H3Representing an anti-collision hash function, ciRepresents ciphertext, R'iIs calculated by the edge device and is obtained,representing a public key;
Verify if the following equation holds:
if the above equation is true, the edge device will share the data index and the shared data summaryRecording to block chain, and recording the ciphertext ciUploading onto the cloud.
In this step, the internet of things device divides the symmetric key generated by the symmetric encryption algorithm into n fragments, and the specific operation is as follows:
numbering based on edge devicesThe Internet of things equipment divides the symmetric key by using a sharer key sharing algorithm to obtain n sharded Frags, wherein the sharded FragsiThe ith slice, slice Frag, representing a symmetric keyiThe following expression is satisfied:
wherein the content of the first and second substances,j power of number of the ith edge device, t number of the symmetric key, FjFor positive integers randomly selected in a finite field, FjJ in (1) represents a positive integer selected at the jth time, and S represents a symmetric key.
Step S5, when another Internet of things device requests to access shared data, the intelligent contract verifies the access authority of the Internet of things device, when the Internet of things device has the authority, the intelligent contract executes a search algorithm, the matched shared data abstract is recorded on a block chain in a transaction mode, after the transaction is monitored by the cloud, the matched shared data abstract is returned to the Internet of things device sending the request, t pieces of fragments on the t matched edge devices are transmitted to the Internet of things device sending the request, the Internet of things device sending the request verifies the validity of all the fragments, if the verification is valid, the symmetric key of the matched shared data is restored, and the ciphertext is decrypted by using the restored symmetric key to obtain the shared data requesting to access.
In this step, the internet of things device sending the request decrypts the ciphertext by using the recovered symmetric key to obtain the shared data requested to be accessed, and the specific operations are as follows:
step S5.1, the Internet of things equipment sending the request calculates psi, and the expression of psi is as follows:
wherein the content of the first and second substances,j power of number of the ith edge device, t number of the symmetric key, FjFor positive integers randomly selected in a finite field, FjWherein j represents a positive integer selected at the j time, and P is G1Q is G2E represents a symmetric bilinear mapping function;
wherein P is G1Q is G2E represents a symmetric bilinear mapping function, and S represents a symmetric key;
s5.3, the t edge devices return the t fragments Frag to the requesting Internet of things device, and the requesting Internet of things device passes psi andverifying the validity of the fragment, wherein the verification adopts the following expression:
wherein t represents the number of fragments of the symmetric key, e represents the symmetric bilinear mapping function, and FjFor positive integers randomly selected in a finite field, FjWherein j represents a positive integer selected at the j time, and P is G1Q is G2The generation element of (a) is generated,j power of the number representing the ith edge device, S symmetric key, FragiAn ith slice representing a symmetric key;
step S5.4, if the verification equation in the step S5.3 is established, the Internet of things equipment which sends the request recovers the symmetric key, and the recovery symmetric key adopts the following expression:
wherein F (0) is a symmetric key, FragiIs the ith slice of the symmetric key, FiFor positive integers randomly selected in a finite field, FiI in (a) represents a positive integer selected at the ith time,indicates the number of the ith edge device,denotes the number of the jth edge device, t denotes the number of slices of the symmetric key,
and finally, the obtained F (0) is the symmetric key, and the Internet of things equipment sending the request decrypts the ciphertext by adopting the symmetric key to obtain the shared data requested to be accessed.
It is to be added that, when another internet of things device requests to access the shared data in step S5, the access control list is called by the smart contract to verify the access right of the internet of things device, and the internet of things devices without access right are filtered out.
In summary, the secure data sharing method of the industrial internet of things based on the edge block chain can realize the quick response of data sharing, ensure the confidentiality and the unforgeability of shared data and improve the encryption efficiency.
The principles and embodiments of the present invention have been described in detail using specific examples, which are provided only to aid in understanding the core technical content of the present invention. Based on the above embodiments of the present invention, those skilled in the art should make any improvements and modifications to the present invention without departing from the principle of the present invention, and therefore, the present invention should fall into the protection scope of the present invention.
Claims (10)
1. The method for sharing the security data of the industrial Internet of things based on the edge block chain is characterized in that based on six parts of the block chain, cloud and intelligent contract which are constructed by a key generation center, edge equipment, Internet of things equipment and a plurality of edge equipment, the process for realizing data sharing comprises the following steps:
step S1, the key generation center is a credible third party, initializes the key generation center, and can generate global parameters and key pairs, wherein the key pairs comprise a main public key and a main private key;
step S2, the key generation center generates a public key and a part of private keys for the Internet of things equipment, the generated public key is published, the generated part of private keys is sent to the Internet of things equipment by the key generation center, the Internet of things equipment randomly selects a secret value, and the part of private keys generate real private keys based on the secret value;
s3, encrypting the shared data by the Internet of things equipment by using a symmetric key generated by a symmetric encryption algorithm to obtain a ciphertext; the Internet of things equipment hashes the shared data by adopting a hashing algorithm to obtain a shared data abstract; the Internet of things equipment performs local sensitive hashing on the shared data by adopting an LSH algorithm to obtain an LSH value; establishing an index based on the shared data digest and the lsh value, generating a signature based on a public key and a real private key, and then sending the ciphertext, the index and the signature to the edge device by the Internet of things device;
step S4, the edge device verifies the validity of the signature, after the verification is passed, the edge device records the shared data abstract, the index and the signature on a block chain, and sends the ciphertext to the cloud; the Internet of things equipment divides a symmetric key generated by a symmetric encryption algorithm into n fragments, and shares the n fragments to n edge devices;
step S5, when another Internet of things device requests to access shared data, the access authority of the Internet of things device is verified by the intelligent contract, when the Internet of things device has the authority, the intelligent contract executes a search algorithm, the matched shared data abstract is recorded on a block chain in a transaction mode, after the transaction is monitored by the cloud, a ciphertext of the matched shared data abstract is returned to the Internet of things device sending the request, t pieces of fragments on the t matched edge devices are transmitted to the Internet of things device sending the request, the Internet of things device sending the request verifies the validity of all the fragments, if the verification is valid, a symmetric key of the matched shared data is restored, the ciphertext is decrypted by using the restored symmetric key, and the shared data requesting to access are obtained.
2. The security data sharing method for industrial internet of things based on edge block chain of claim 1, wherein in step S1,
the generated global parameters and the main public key are firstly sent to the edge device by the key generation center, and then are recorded on the block chain and disclosed after the edge device is subjected to consensus operation;
the generated master private key is kept secret.
3. The industrial internet of things security data sharing method based on the edge block chain as claimed in claim 1, wherein in step S5, when another internet of things device requests to access the shared data, the smart contract invokes the access control list to verify the access authority of the internet of things device, and filters out the internet of things devices without access authority.
4. The industrial internet of things security data sharing method based on edge block chain as claimed in claim 1, wherein step S1 is executed to initialize the key generation center, generate a global parameter and a key pair, the key pair includes a master public key and a master private key, and the specific process is as follows:
s1.1, inputting a security parameter lambda in a key generation center, and selecting three q-order cyclic groups G1、G2And GTWherein P is G1Q is G2A generator of (2);
s1.2, selecting a symmetrical bilinear mapping function e in a key generation center: g1×G2→GT;
S1.3, selecting three anti-collision Hash functions H in a key generation center1、H2And H3Wherein, in the step (A),
s1.5, calculating g ═ e (P, P);
s1.6, calculate the master public key mpk, expressed as mpk ═ S · P,
calculating a master private key msk, wherein the expression is as follows: msk ═ s;
s1.7, obtaining a global parameter params which is equal to { G ═ G1,G2,e,P,Q,mpk,H1,H2,H3}。
5. The industrial internet of things security data sharing method based on edge block chain as claimed in claim 4, wherein the step S2 is executed, and the specific process of obtaining the real private key is as follows:
s2.1, the secret key generation center generates partial private keys PPi for the Internet of things equipmentskPartial private Key PPiskThe expression of (a) is:
wherein s is selected fromIn a randomly selected secret value, P is G1The generation element of (a) is generated,a number representing the ith internet of things device,hash of the ith internet of things device;
step S2.2, the key generation center generates a public key for the Internet of things equipmentPublic keyThe expression of (a) is:
wherein the content of the first and second substances,which is a key generation center slaveOf a randomly selected one of the secret values, mpk denotes the master public key,for hash of the ith Internet of things device, P is G1A generator of (2);
step S2.3, partial private Key PPi based on step S2.1skAnd in step S2.2 the key generation centreOf a randomly selected secret value svalCalculating to obtain the true private keyTrue private keyThe expression of (a) is:
6. the industrial Internet of things security data sharing method based on the edge block chain as claimed in claim 5, wherein the step S3 is executed, and the specific step of establishing the index is:
s3.1.1, the Internet of things equipment hashes the shared data by adopting a hashing algorithm to obtain a shared data abstractShared data summarizationThe following formula is satisfied:
wherein m isiRepresenting shared data, H2(mi) Representing shared data miThe hash value of (1);
s3.1.2, the Internet of things equipment carries out local sensitive hashing on the shared data by adopting an LSH algorithm to obtain LSH value, and the shared data is summarized based on the shared dataAnd lsh value establishes an index, which is of the form:
7. the industrial internet of things security data sharing method based on edge block chain as claimed in claim 6, wherein the step S3 is executed, and after the index is established, the specific process of generating the signature is as follows:
step S3.2.1, the internet of things equipmentIn randomly selecting a secret value gammaiCalculatingWherein g ═ e (P, P), e denotes a symmetric bilinear mapping function;
s3.2.2, encrypting the shared data by the Internet of things equipment by using the symmetric key generated by the symmetric encryption algorithm to obtain a ciphertext ciSaid ciphertext ciExpression (c):
ci=Enck(mi),
wherein m isiRepresenting shared data;
step S3.2.3, calculating h by the Internet of things equipmenti,hiThe expression of (a) is:
wherein, ciA ciphertext is represented in a form that is,denotes a public key, RiCalculated by the equipment of the Internet of things, H3Representing an anti-collision hash function;
step S3.2.4, calculating S by Internet of things equipmenti,SiThe expression of (a) is:
wherein, γiIs fromOf a randomly selected one of the secret values,a summary of the shared data is represented,represents the true private key;
step S3.2.5, step S3.2.3Calculated hiAnd S calculated in step S3.2.4iConstructing the signature σi=(hi,Si)。
8. The industrial internet of things security data sharing method based on the edge block chain as claimed in claim 7, wherein the step S4 is executed, and the edge device verifies the validity of the signature, including the following steps:
step S4.1.1, calculating R 'by edge equipment'i,R′iThe expression of (a) is:
wherein e denotes a symmetric bilinear mapping function, SiIs calculated by the equipment of the Internet of things,which represents the public key(s),represents a shared data digest, hiThe method is obtained by calculating the Internet of things equipment;
step S4.1.2, the edge device calculates h'i,h′iThe expression of (a) is:
wherein H3Representing an anti-collision hash function, ciRepresents ciphertext, R'iIs calculated by the edge device and is obtained,representing a public key;
Verify if the following equation holds:
9. The industrial internet of things security data sharing method based on the edge block chain as claimed in claim 8, wherein step S4 is executed, the internet of things device divides the symmetric key generated by the symmetric encryption algorithm into n pieces, and the specific operation is as follows:
numbering based on edge devicesThe Internet of things equipment divides the symmetric key by using a sharer key sharing algorithm to obtain n sharded Frags, wherein the sharded FragsiThe ith slice, slice Frag, representing a symmetric keyiThe following expression is satisfied:
10. The industrial internet of things security data sharing method based on the edge block chain as claimed in claim 9, wherein when step S5 is executed, the internet of things device sending the request decrypts the ciphertext by using the recovered symmetric key to obtain the shared data requested to be accessed, and the specific operation is:
step S5.1, the Internet of things equipment sending the request calculates psi, and the expression of psi is as follows:
wherein the content of the first and second substances,j power of number of the ith edge device, t number of the symmetric key, FjFor positive integers randomly selected in a finite field, FjWherein j represents a positive integer selected at the j time, and P is G1Q is G2E represents a symmetric bilinear mapping function;
wherein P is G1Q is G2E represents a symmetric bilinear mapping function, and S represents a symmetric key;
s5.3, the t edge devices return the t fragments Frag to the requesting Internet of things device, and the requesting Internet of things device passes psi andverifying the validity of the fragment, wherein the verification adopts the following expression:
wherein t represents the number of fragments of the symmetric key, e represents the symmetric bilinear mapping function, and FjFor positive integers randomly selected in a finite field, FjWherein j represents a positive integer selected at the j time, and P is G1Q is G2The generation element of (a) is generated,j power of the number representing the ith edge device, S symmetric key, FragiAn ith slice representing a symmetric key;
step S5.4, if the verification equation in the step S5.3 is established, the Internet of things equipment which sends the request recovers the symmetric key, and the recovery symmetric key adopts the following expression:
wherein F (0) is a symmetric key, FragiIs the ith slice of the symmetric key, FiFor positive integers randomly selected in a finite field, FiI in (a) represents a positive integer selected at the ith time,indicates the number of the ith edge device,denotes the number of the jth edge device, t denotes the number of slices of the symmetric key,
and finally, the obtained F (0) is the symmetric key, and the Internet of things equipment sending the request decrypts the ciphertext by adopting the symmetric key to obtain the shared data requested to be accessed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011346549.8A CN112543187B (en) | 2020-11-26 | 2020-11-26 | Industrial Internet of things safety data sharing method based on edge block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011346549.8A CN112543187B (en) | 2020-11-26 | 2020-11-26 | Industrial Internet of things safety data sharing method based on edge block chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112543187A true CN112543187A (en) | 2021-03-23 |
CN112543187B CN112543187B (en) | 2022-04-12 |
Family
ID=75016784
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011346549.8A Active CN112543187B (en) | 2020-11-26 | 2020-11-26 | Industrial Internet of things safety data sharing method based on edge block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112543187B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112751673A (en) * | 2021-04-02 | 2021-05-04 | 之江实验室 | Supervision-capable data privacy sharing method based on end side cloud cooperation |
CN113139884A (en) * | 2021-03-26 | 2021-07-20 | 青岛亿联信息科技股份有限公司 | Intelligent building management system method, system, storage medium and electronic equipment |
CN113312005A (en) * | 2021-06-22 | 2021-08-27 | 青岛理工大学 | Block chain-based Internet of things data capacity expansion storage method and system and computing equipment |
CN113469692A (en) * | 2021-07-26 | 2021-10-01 | 永旗(北京)科技有限公司 | Internet of things data transaction method based on block chain |
CN113643134A (en) * | 2021-08-24 | 2021-11-12 | 杭州云象网络技术有限公司 | Internet of things block chain transaction method and system based on multi-key homomorphic encryption |
CN114650127A (en) * | 2022-03-11 | 2022-06-21 | 江苏中交车旺科技有限公司 | Payment method and system based on shared key |
CN115022045A (en) * | 2022-06-02 | 2022-09-06 | 联通(广东)产业互联网有限公司 | Data processing method and system based on edge cloud |
WO2022267314A1 (en) * | 2021-06-22 | 2022-12-29 | 深圳前海微众银行股份有限公司 | Data processing method and apparatus based on smart contract |
CN116806038A (en) * | 2023-08-18 | 2023-09-26 | 上海临滴科技有限公司 | Decentralizing computer data sharing method and device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109040077A (en) * | 2018-08-09 | 2018-12-18 | 清华大学 | The method and system of data sharing and secret protection |
CN109522735A (en) * | 2018-11-29 | 2019-03-26 | 上海中信信息发展股份有限公司 | A kind of data permission verification method and device based on intelligent contract |
US20190207762A1 (en) * | 2017-05-26 | 2019-07-04 | Cloudminds (Shenzhen) Robotics Systems Co., Ltd. | Communication method, apparatus and system, electronic device, and computer readable storage medium |
CN110166567A (en) * | 2019-06-04 | 2019-08-23 | 长春理工大学 | A kind of Internet of Things resource share method and system based on block chain |
WO2019174187A1 (en) * | 2018-03-12 | 2019-09-19 | 深圳壹账通智能科技有限公司 | Blockchain-based method for message communication between multiple terminals, terminal and storage medium |
-
2020
- 2020-11-26 CN CN202011346549.8A patent/CN112543187B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190207762A1 (en) * | 2017-05-26 | 2019-07-04 | Cloudminds (Shenzhen) Robotics Systems Co., Ltd. | Communication method, apparatus and system, electronic device, and computer readable storage medium |
WO2019174187A1 (en) * | 2018-03-12 | 2019-09-19 | 深圳壹账通智能科技有限公司 | Blockchain-based method for message communication between multiple terminals, terminal and storage medium |
CN109040077A (en) * | 2018-08-09 | 2018-12-18 | 清华大学 | The method and system of data sharing and secret protection |
CN109522735A (en) * | 2018-11-29 | 2019-03-26 | 上海中信信息发展股份有限公司 | A kind of data permission verification method and device based on intelligent contract |
CN110166567A (en) * | 2019-06-04 | 2019-08-23 | 长春理工大学 | A kind of Internet of Things resource share method and system based on block chain |
Non-Patent Citations (2)
Title |
---|
LIU SUHUI,YU JIGUO: "BC-SABE:Blockchain-Aided Searchable Attribute-Based Encryption for Cloud-IoT", 《IEEE INTERNET OR THINGS JOURNAL》 * |
YAN BIWEI,YU JIGUO: "A Novel Distributed Social Internet of Things Service Recommendation Scheme Based on LSH Forest", 《PERSONAL AND UBIQUITOUS COMPUTING》 * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113139884B (en) * | 2021-03-26 | 2021-12-03 | 青岛亿联信息科技股份有限公司 | Intelligent building management system method, system, storage medium and electronic equipment |
CN113139884A (en) * | 2021-03-26 | 2021-07-20 | 青岛亿联信息科技股份有限公司 | Intelligent building management system method, system, storage medium and electronic equipment |
CN112751673B (en) * | 2021-04-02 | 2021-06-25 | 之江实验室 | Supervision-capable data privacy sharing method based on end side cloud cooperation |
CN112751673A (en) * | 2021-04-02 | 2021-05-04 | 之江实验室 | Supervision-capable data privacy sharing method based on end side cloud cooperation |
CN113312005A (en) * | 2021-06-22 | 2021-08-27 | 青岛理工大学 | Block chain-based Internet of things data capacity expansion storage method and system and computing equipment |
WO2022267314A1 (en) * | 2021-06-22 | 2022-12-29 | 深圳前海微众银行股份有限公司 | Data processing method and apparatus based on smart contract |
CN113469692A (en) * | 2021-07-26 | 2021-10-01 | 永旗(北京)科技有限公司 | Internet of things data transaction method based on block chain |
CN113643134A (en) * | 2021-08-24 | 2021-11-12 | 杭州云象网络技术有限公司 | Internet of things block chain transaction method and system based on multi-key homomorphic encryption |
CN113643134B (en) * | 2021-08-24 | 2023-08-25 | 杭州云象网络技术有限公司 | Internet of things blockchain transaction method and system based on multi-key homomorphic encryption |
CN114650127A (en) * | 2022-03-11 | 2022-06-21 | 江苏中交车旺科技有限公司 | Payment method and system based on shared key |
CN115022045A (en) * | 2022-06-02 | 2022-09-06 | 联通(广东)产业互联网有限公司 | Data processing method and system based on edge cloud |
CN115022045B (en) * | 2022-06-02 | 2023-09-19 | 联通(广东)产业互联网有限公司 | Data processing method and system based on edge cloud |
CN116806038A (en) * | 2023-08-18 | 2023-09-26 | 上海临滴科技有限公司 | Decentralizing computer data sharing method and device |
Also Published As
Publication number | Publication date |
---|---|
CN112543187B (en) | 2022-04-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112543187B (en) | Industrial Internet of things safety data sharing method based on edge block chain | |
Bhardwaj et al. | Security algorithms for cloud computing | |
Wang et al. | Privacy-preserving public auditing for data storage security in cloud computing | |
Yang et al. | Provable data possession of resource-constrained mobile devices in cloud computing | |
US9350543B2 (en) | Method and system for homomorphicly randomizing an input | |
Huang et al. | Securing the cloud storage audit service: defending against frame and collude attacks of third party auditor | |
CN104092686A (en) | Privacy protection and data safety access method based on SVW classifier | |
Kumar et al. | Data outsourcing: A threat to confidentiality, integrity, and availability | |
Ahmad et al. | Hybrid cryptographic approach to enhance the mode of key management system in cloud environment | |
Tian et al. | DIVRS: Data integrity verification based on ring signature in cloud storage | |
Yoosuf | Lightweight fog‐centric auditing scheme to verify integrity of IoT healthcare data in the cloud environment | |
Arumugam et al. | Secure data sharing for mobile cloud computing using RSA | |
JP5799635B2 (en) | ENCRYPTED DATA SEARCH SYSTEM, DEVICE, METHOD, AND PROGRAM | |
Amanullah et al. | An Effective double verification-based method for certifying information safety in cloud computing | |
Salem et al. | An efficient privacy preserving public auditing mechanism for secure cloud storage | |
Ramprasath et al. | Protected Data Sharing using Attribute Based Encryption for Remote Data Checking in Cloud Environment | |
Ganorkar et al. | An information security scheme for cloud based environment using 3DES encryption algorithm | |
Joseph et al. | Design a hybrid optimization and homomorphic encryption for securing data in a cloud environment | |
Neela et al. | A Hybrid Cryptography Technique with Blockchain for Data Integrity and Confidentiality in Cloud Computing | |
Tu et al. | Enabling secure and efficient data sharing and integrity auditing for cloud-assisted industrial control system | |
Lu et al. | Research on Data Security and Encryption Technology in Network Transmission | |
Ramesh | KL Neela | |
Dharmadhikari et al. | Augmented security scheme for shared dynamic data with efficient lightweight elliptic curve cryptography | |
Jiang et al. | Enabling public and privacy-preserving auditability for cloud storage | |
Kodada et al. | FSACE: finite state automata-based client-side encryption for secure data deduplication in cloud computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |