CN112751661A - Industrial field device privacy data protection method based on homomorphic encryption - Google Patents

Industrial field device privacy data protection method based on homomorphic encryption Download PDF

Info

Publication number
CN112751661A
CN112751661A CN202110048592.4A CN202110048592A CN112751661A CN 112751661 A CN112751661 A CN 112751661A CN 202110048592 A CN202110048592 A CN 202110048592A CN 112751661 A CN112751661 A CN 112751661A
Authority
CN
China
Prior art keywords
ciphertext
industrial
edge gateway
private data
industrial field
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110048592.4A
Other languages
Chinese (zh)
Other versions
CN112751661B (en
Inventor
魏旻
黎文贵
梁二雄
荣春萌
王平
洪承镐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN202110048592.4A priority Critical patent/CN112751661B/en
Publication of CN112751661A publication Critical patent/CN112751661A/en
Application granted granted Critical
Publication of CN112751661B publication Critical patent/CN112751661B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Selective Calling Equipment (AREA)

Abstract

The invention relates to an industrial field device privacy data protection method based on homomorphic encryption, and belongs to the field of industrial edge computing. In the method, the process of transmitting the private data of the industrial field equipment after field formation and collection is divided into three conditions: 1) the private data of the industrial field equipment is sensitive to the edge gateway and is not sensitive to the industrial cloud platform; before the private data is sent, the field device needs to perform homomorphic encryption algorithm processing on the private data; 2) the private data of the industrial field equipment is insensitive to the edge gateway and sensitive to the industrial cloud platform; 3) private data of the industrial field device is sensitive to both the edge gateway and the industrial cloud platform; that is, before the private data is sent, the industrial field device needs to transmit the private data after the homomorphic encryption algorithm processing is performed on the private data. According to the method and the system, even if an attacker invades the industrial cloud platform and acquires data, the attacker does not know which field device is the private data, and the safety of the field private data is guaranteed.

Description

Industrial field device privacy data protection method based on homomorphic encryption
Technical Field
The invention belongs to the technical field of industrial edge computing, and relates to an industrial field device privacy data protection method based on homomorphic encryption.
Background
The data generated by the industrial internet is increasing in speed, heavy pressure is brought to the traditional mode of storing, analyzing and processing data by using a central server in a centralized way, and the real-time performance, the intelligence and the safety of the service are also influenced. Especially, the solution of the data security problem of the industrial field device is one of the foundations for guaranteeing the benign development of the industrial internet. Edge computing is introduced into the industrial network, data processing and storage are performed in the network edge, and the problems of node request delay, too heavy cloud server storage and computing burden, too large network transmission bandwidth pressure and the like can be solved. The industrial cloud platform supports ubiquitous connection, elastic supply and efficient configuration of manufacturing resources by constructing a service system based on mass data acquisition, collection and analysis. The data of the industrial field device can be uploaded to the industrial cloud platform through private data in the whole industrial internet transmission process. An attacker can obtain the private data of the field device by invading the industrial cloud platform, so that the data of the industrial field device is greatly safe.
Disclosure of Invention
In view of this, an object of the present invention is to provide a method for protecting private data of an industrial field device based on homomorphic encryption, which performs protection operation on industrial edge computing, so that an attacker cannot acquire the private data of the field device even though the attacker invades an industrial cloud platform and acquires the data, thereby ensuring the security of the private data on the field.
In order to achieve the purpose, the invention provides the following technical scheme:
a method for protecting privacy data of industrial field equipment based on homomorphic encryption comprises a three-layer framework: the system comprises an industrial field device layer, an edge gateway layer and an industrial cloud platform;
in an industrial network environment, an industrial field device has private data (such as device ID, device manufacturer, device model, device protocol, device sending frequency, time, etc.) and data that the device needs to collect (such as temperature, humidity, current, voltage, etc.), where there may be n kinds of private data of the field device, that is, any combination of various private data. The field device uploads collected data to be processed to the industrial cloud platform for processing, and the data contains some private data of the field device, as shown in table 1. In the process that the field device sends data to the industrial cloud platform through the industrial edge gateway, part of private data can be acquired by the edge gateway.
TABLE 1 data relating to industrial field devices
Figure BDA0002898378350000021
The privacy data of the field device includes, but is not limited to, the privacy data in the table, and may be any combination of various privacy data, for example, in table 1, there are n kinds of privacy data such as device ID, device manufacturer M, model D _ Type of the device, Protocol adopted by the device, etc., field device IDiPrivate data F ofiPossibly any combination of the above private data, e.g. (ID)i‖Mi‖Di_Type‖Protocoli‖STi‖SFi‖PKi)、(IDi‖Mi‖Di_Type)、(IDi‖STi‖SFi‖PKi)、(IDi‖Mi‖SFi‖PKi)、(IDiII …), etc., in total
Figure BDA0002898378350000022
In one possibility, m is the field device IDiThe kind of private data involved.
The method comprises the following three conditions according to whether the edge gateway layer and the industrial cloud platform are sensitive to the private data of the industrial field device:
1) the private data of the industrial field device is sensitive to the edge gateway and is not sensitive to the industrial cloud platform; the device may share its privacy with the industrial cloud platform, but the device does not want the edge gateway to keep track of its privacy. Therefore, the field device needs to protect the private data;
the industrial field device encrypts private data by adopting a homomorphic encryption algorithm and directly uploads the encrypted private data to the edge gateway, and the edge gateway uploads a ciphertext to the industrial cloud platform; the industrial cloud platform sends the ciphertext result to the edge gateway after carrying out homomorphic calculation, and if the ciphertext result needs to be returned to the field equipment, the edge gateway returns the ciphertext result to the field equipment;
2) the private data of the industrial field device is insensitive to the edge gateway and sensitive to the industrial cloud platform; the device and the edge gateway may share their privacy, but the device does not want their privacy known by the cloud platform, nor does the cloud platform want their privacy revealed.
The method comprises the following steps that private data of the industrial field device are sent to an edge gateway, the edge gateway firstly classifies the private data of the device, and the private data of the device are divided into two types: common private data and private data needing cooperative calculation and storage; then the edge gateway uploads the processed data to an industrial cloud platform for homomorphic encryption algorithm processing, and the industrial cloud platform returns a ciphertext result to the edge gateway; the edge gateway returns the ciphertext result to the relevant industrial field equipment;
3) private data of the industrial field device is sensitive to both the edge gateway and the industrial cloud platform; the industrial field device needs to transmit the privacy data after homomorphic encryption algorithm processing.
Further, in case 1), the industrial field device performs homomorphic encryption on the plaintext of the private data, and sends the encrypted plaintext to the edge gateway; the edge gateway uploads the ciphertext to an industrial cloud platform, the industrial cloud platform performs homomorphic operation, and a result is returned; the whole process is as follows:
(1) the industrial field devices 1-n firstly propose a key application to an authority center, and the authority center calls a security parameter function Keygen to generate a security parameter lambda after receiving the key application request proposed by the field devices;
(2) the authority center firstly uses lambda as an input parameter and sequentially calls a function to generate a private key p, a large prime number q and a large prime number r; randomly selecting tau to integer riAnd q isiAnd calculating to obtain tau +1 public keys xi,xi=pqi+2ri(ii) a Wherein 0<i<τ,
Figure BDA0002898378350000031
ri∈Z∩(-2p,2p) To xiReordering so that x0Maximum and odd number, rp(x0) Is an even number, rp(x0) Denotes r divided by x0The remainder of (1); the authority center calls a public key function to generate a public key set pk ═ x by using p, q and r as input parameters0,x1,…,xτThe element number of the public key set is tau +1, and the public key set pk is respectively sent to the industrial field equipment 1-n;
(3) calling the public key pk and the plaintext F by the industrial field devices 1 to n1、..、FnFor input, the encryption function Encrypt (pk, F) is used1,…,Fn) Selecting a random subset
Figure BDA0002898378350000032
Generate ciphertext CF'1,CF′2,…,CF′nWherein
Figure BDA0002898378350000033
Ciphertext constituent form is E (CF'1‖CF′2‖…‖CF′n) II, wherein II represents a link character, and the industrial field devices 1-n upload the ciphertext to the edge gateway;
(4) the edge gateway receives ciphertext E (CF'1‖CF′2‖…‖CF′n) The ciphertext is directly sent to an industrial cloud platform, the industrial cloud platform carries out addition homomorphic calculation on the ciphertext in a C circuit by adopting a function Evaaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1+CF′2+…+CFn', satisfies Decrypt (p, M') ═ M, where M ═ F1+F2+…+Fn(ii) a In the algorithm of multiplication homomorphic calculation, the industrial cloud platform receives a ciphertext E (CF'1‖CF′2‖…‖CF′n) The ciphertext is subjected to multiplication homomorphic calculation in a C circuit by using a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1×CF′2×…×CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1×F2×…×FnAnd returning the result to the edge gateway, and the edge gateway returns the calculated result to the industrial field device.
Further, in case 2), for the ordinary private data of the industrial field device, the industrial field device performs homomorphic encryption on the plaintext of the private data, and sends the encrypted plaintext to the edge gateway; the edge gateway carries out homomorphic encryption operation and returns a result; the whole process is as follows:
(1) the industrial field devices 1-n firstly propose a key application to an authority center, and the authority center calls a security parameter function Keygen to generate a security parameter lambda after receiving the key application request proposed by the field devices;
(2) the authority center firstly uses lambda as an input parameter and sequentially calls a function to generate a private key p, a large prime number q and a large prime number r; randomly selecting tau to integer riAnd q isiAnd calculating to obtain tau +1 public keys xi,xi=pqi+2ri(ii) a Wherein 0<i<τ,
Figure BDA0002898378350000034
ri∈Z∩(-2p,2p) To xiReordering so that x0Maximum and odd number, rp(x0) Is an even number, rp(x0) Denotes r divided by x0The remainder of (1); the authority center calls a public key function to generate a public key set pk ═ x by using p, q and r as input parameters0,x1,…,xτThe element number of the public key set is tau +1, and the public key set pk is respectively sent to the industrial field equipment 1-n;
(3) calling the public key pk and the plaintext F by the industrial field devices 1 to n1、..、FnFor input, the encryption function Encrypt (pk, F) is used1,…,Fn) Selecting a random subset
Figure BDA0002898378350000041
Generate ciphertext CF'1,CF′2,…,CF′nWherein
Figure BDA0002898378350000042
Ciphertext constituent form is E (CF'1‖CF′2‖…‖CF′n) II, wherein II represents a link character, and the industrial field devices 1-n upload the ciphertext to the edge gateway;
(4) the edge gateway receives ciphertext E (CF'1‖CF′2‖…‖CF′n) The ciphertext is subjected to addition homomorphic calculation in a C circuit by adopting a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1+CF′2+…+CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1+F2+…+Fn(ii) a In the algorithm of multiplication homomorphism operation, the edge gateway receives the ciphertext E (CF'1‖CF′2‖…‖CF′n) The ciphertext is subjected to multiplication homomorphic calculation in a C circuit by using a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1×CF′2×…×CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1×F2×…×FnAnd returns the results to the industrial equipment.
Further, in case 2), the industrial field device needs to perform cooperative calculation with the edge device, and the industrial field device and the edge device may share private data. The method comprises the steps that industrial field equipment directly sends a plaintext of private data to an edge gateway, and the edge gateway conducts homomorphic encryption operation on the plaintext and sends the plaintext to a cloud platform; the industrial cloud platform carries out homomorphic operation and returns a result; the specific process is as follows:
(1) the industrial field devices 1 to n respectively send plaintext of private data to the edge gateway, the edge gateway firstly proposes a key application to an authority center, and the authority center calls a security parameter function Keygen to generate a security parameter lambda after receiving the key application request proposed by the edge gateway;
(2) the authority center firstly uses lambda as an input parameter and sequentially calls a function to generate a private key p, a large prime number q and a large prime number r; randomly selecting tau to integer riAnd q isiAnd calculating to obtain tau +1 public keys xi,xi=pqi+2ri(ii) a Wherein 0<i<τ,
Figure BDA0002898378350000043
ri∈Z∩(-2p,2p) To xiReordering so that x0Maximum and odd number, rp(x0) Is an even number, rp(x0) Denotes r divided by x0The remainder of (1); the authority center calls a public key function to generate a public key set pk ═ x by using p, q and r as input parameters0,x1,…,xτThe element number of the public key set is tau +1, and the public key set pk is sent to the edge gateway respectively;
(3) calling public key pk and plaintext F by edge gateway1、..、FnFor input, the encryption function Encrypt (pk, F) is used1,…,Fn) Selecting a random subset
Figure BDA0002898378350000044
Generate ciphertext CF'1,CF′2,…,CF′nWherein
Figure BDA0002898378350000045
Figure BDA0002898378350000046
Ciphertext composition form E (CF'1‖CF′2‖…‖CF′n) Wherein |' represents the link character, and the edge gateway uploads the ciphertext to the industrial cloud platform;
(4) receipt of ciphertext E (CF ') by the Industrial cloud platform'1‖CF′2‖…‖CF′n) The ciphertext is subjected to addition homomorphic calculation in a C circuit by adopting a function Evaaluate (pk, C, E), and finally, the ciphertext M ═ CF 'is generated'1+CF′2+…+CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1+F2+…+Fn(ii) a In the algorithm of multiplication operation, the industrial cloud platform receives a ciphertext E (CF'1‖CF′2‖…‖CF′n) The ciphertext is subjected to multiplication homomorphic calculation in a C circuit by using a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1×CF′2×…×CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1×F2×…×Fn(ii) a And returning a result by the industrial cloud platform.
Further, in case 3), before the industrial field device uploads the data, the private data needs to be processed first, and the specific process is as follows:
(1) the field device 1-industrial field device n firstly provides a key application to an authority center, and the authority center calls a security parameter function Keygen to generate a security parameter lambda after receiving the key application request provided by the field device;
(2) the authority center firstly uses lambda as an input parameter and sequentially calls a function to generate a private key p, a large prime number q and a large prime number r; randomly selecting tau to integer riAnd q isiAnd calculating to obtain tau +1 public keys xi,xi=pqi+2ri(ii) a Wherein 0<i<τ,
Figure BDA0002898378350000051
ri∈Z∩(-2p,2p) To xiReordering so that x0Maximum and odd number, rp(x0) Is an even number, rp(x0) Denotes r divided by x0The remainder of (1); the authority center calls a public key function to generate a public key set pk ═ x by using p, q and r as input parameters0,x1,…,xτThe element number of the public key set is tau +1, and the public key set pk is respectively sent to the industrial field equipment 1-n;
(3) industrial siteThe equipment 1 to the industrial field equipment n call the public key pk and the plaintext F1、..、FnFor input, the encryption function Encrypt (pk, F) is used1,…,Fn) Selecting a random subset
Figure BDA0002898378350000052
Generate ciphertext CF'1,CF′2,…,CF′nWherein
Figure BDA0002898378350000053
Ciphertext composition form E (CF'1‖CF′2‖…‖CF′n) II, wherein II represents a link character, and the industrial field devices 1-n upload the ciphertext to the edge gateway;
(4) the edge gateway receives ciphertext E (CF'1‖CF′2‖…‖CF′n) The ciphertext is subjected to addition homomorphic calculation in a C circuit by adopting a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1+CF′2+…+CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1+F2+…+Fn(ii) a In the algorithm of multiplication, the edge gateway receives the ciphertext E (CF'1‖CF′2‖…‖CF′n) The ciphertext is subjected to multiplication homomorphic calculation in a C circuit by using a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1×CF′2×…×CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1×F2×…×Fn
(5) And the edge gateway further encrypts the ciphertext M 'by adopting the same synchronous encryption algorithm and uploads the ciphertext M' to the industrial cloud platform.
Further, the private data of the industrial field device includes: equipment ID, equipment manufacturer, equipment model, equipment adoption protocol, equipment sending frequency and time and the like; the industrial field device needs to collect data including: temperature, humidity, current, voltage, etc.
The invention has the beneficial effects that: the invention introduces edge calculation in the industrial internet, integrates an open platform with core capabilities of network, calculation, storage and application at the edge side of the network close to the data source of the industrial field equipment, provides edge intelligent service nearby, and meets the requirements of the industry on quick connection, real time and safe service in digitization. The edge gateway through its localization process can reduce the delay of data processing and the network bandwidth cost of passing the on-site privacy data to the cloud platform. According to the invention, the privacy and the safety of the industrial field device private data are protected by adopting a fully homomorphic encryption algorithm, and the industrial field device private data are protected under 3 conditions according to different sensitivity degrees of the industrial field device private data to the edge gateway and the industrial cloud, so that the real-time intelligent processing and execution of the industrial enterprise of the local business are better supported.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention may be realized and attained by the means of the instrumentalities and combinations particularly pointed out hereinafter.
Drawings
For the purposes of promoting a better understanding of the objects, aspects and advantages of the invention, reference will now be made to the following detailed description taken in conjunction with the accompanying drawings in which:
FIG. 1 is an architecture for industrial edge computing;
FIG. 2 is a flow chart of plain text of private data of two industrial field devices being sensitive to an edge gateway and insensitive to a cloud platform;
FIG. 3 is a flow diagram of plaintext edge gateway sensitivity of private data for two industrial field devices;
FIG. 4 is a flow diagram of a process for requiring collaborative privacy data;
fig. 5 is a flow diagram of industrial field device privacy data sensitive to both edge gateways and cloud platforms.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention in a schematic way, and the features in the following embodiments and examples may be combined with each other without conflict.
Referring to fig. 1 to 5, the invention introduces edge computing in the industrial internet, and merges an open platform with core capabilities of network, computing, storage and application at the edge side of the network close to the data source of the industrial field device, so as to provide edge intelligent service nearby, and meet the requirements of the industry on quick connection, real time and safe service in digitization. The edge gateway through its localization process can reduce the delay of data processing and the network bandwidth cost of passing the on-site privacy data to the cloud platform. The invention adopts a fully homomorphic encryption algorithm to protect the privacy and the safety of the private data of the industrial field equipment, and the protection of the private data of the industrial field equipment is carried out under 3 conditions according to the different sensitivity degrees of the private data of the industrial field equipment to the edge gateway and the industrial cloud.
The edge gateway better supports real-time intelligent processing and execution of an industrial enterprise of local business by analyzing real-time and short-period data; and the privacy data of the field equipment can be preliminarily screened, and the privacy data needing cooperative computing and storage is transmitted to the industrial cloud platform. The architecture of the industrial edge computing comprises three layers, industrial field equipment, an edge gateway and an industrial cloud platform. The architecture of the industrial edge computing is shown in fig. 1.
Various data acquisition modes (such as acquisition of analog quantity, acquisition of digital quantity and acquisition of switching quantity) are generally adopted in industrial fields. The data acquisition device can collect most interface signals of the industrial field device, analyze and process the signals and upload the signals to the industrial edge gateway through a wired or wireless data transmission mode.
In an industrial network environment, an industrial siteThe device has private data (such as device ID, device manufacturer, device model, device protocol, device transmission frequency, time, etc.) and data (such as temperature, humidity, current, voltage, etc.) that the device needs to collect. The field device uploads collected data to be processed to the industrial cloud platform for processing, and the data contains some private data of the field device, as shown in table 1. In the process that the field device sends data to the industrial cloud platform through the industrial edge gateway, part of private data can be acquired by the edge gateway. The private data is not necessarily the private data in all tables included, but may be any combination of the private data in the tables. In this embodiment, it is assumed that the private data plaintext of the two industrial field devices is: f1=(ID1‖M1‖D1_Type‖Protocol1‖ST1‖SF1‖PK1)、F2=(ID2‖M2‖D2_Type‖Protocol2‖ST2‖SF2‖PK2)。
Three situations arise during the formation and collection of private data for industrial field devices from the field prior to transmission as follows:
1) the private data of the device is sensitive to edge gateways, but not to the industrial cloud platform. The device may share its privacy with the industrial cloud platform, but the device does not want the edge gateway to keep track of its privacy. Therefore, before the private data is sent, the field device needs to perform protection processing on the private data.
In case 1), the device ID is used as privacy data, that the field device does not want to share its own ID with the edge gateway or the cloud platform, and the ID information received by the edge gateway does not know which field device ID specifically comes, so as to ensure the security of the device. If the edge gateway knows the sending time of the field device, an attacker can know the data sent by the field device when the attacker invades the edge gateway, and the field yield in the day causes a great safety problem, so the sending time of the device is also used as the privacy data of the field device. The key adopted by the device is the key generated by the field device in the encryption process, and if the edge gateway masters the keys, the ciphertext can be decrypted, and an attacker can obtain the plaintext of the field device, so that data leakage can be caused.
This is the case where the private data of the industrial field device is sensitive to edge gateways, but not to the industrial cloud platform. The device may share its privacy with the industrial cloud platform, but the device does not want the edge gateway to keep track of its privacy. Therefore, before the private data is sent, the field device needs to perform protection processing on the ordinary private data. The privacy data protection process comprises the following steps: the industrial field device directly uploads the data encrypted by the privacy data through a homomorphic encryption algorithm to the edge gateway, and the edge gateway uploads a ciphertext to the industrial cloud platform; and the industrial cloud platform performs homomorphic calculation and then issues the ciphertext result to the edge gateway. As shown in fig. 2, the specific process of the algorithm is as follows:
(1) industrial field device 1 (F)1) And field device 2 (F)2) Firstly, a key application is provided to an authority center, and the authority center calls a security parameter function Keygen to generate a security parameter lambda after receiving a key application request provided by a field device;
(2) the authority center uses lambda as an input parameter and sequentially calls a function to generate a private key p, a large prime number q and a large prime number r. Randomly selecting tau to integer riAnd q isiAnd calculating to obtain tau +1 public keys xi,xi=pqi+2ri. Wherein 0<i<τ,
Figure BDA0002898378350000081
ri∈Z∩(-2p,2p) To xiReordering so that x0Maximum and odd number, rp(x0) Is an even number, rp(x0) Denotes r divided by x0The remainder of (1). The authority center calls a public key function to generate a public key set pk ═ x by using p, q and r as input parameters0,x1,…,xτThe element number of the public key set is tau +1, and the public key set pk is respectively sent to the industrial field equipment 1 and the field equipment 2;
(3) industrial field device 1 and industrial field device 2 call public key pk and plaintext F1、F2For input, the encryption function Encrypt (pk, F) is used1,F2) Selecting a random subset
Figure BDA0002898378350000082
Generate ciphertext CF'1,CF′2Wherein
Figure BDA0002898378350000083
Figure BDA0002898378350000084
Ciphertext composition form E (CF'1‖CF′2) Where |' represents the link character, industrial field device 1 and industrial field device 2 upload the ciphertext to the edge gateway;
(4) the edge gateway receives ciphertext E (CF'1‖CF′2) The ciphertext is directly sent to an industrial cloud platform, the industrial cloud platform carries out addition homomorphic calculation on the ciphertext in a C circuit by adopting a function Evaaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1+CF′2Satisfy Decrypt (p, M') ═ M, where M ═ F1+F2(ii) a In the algorithm of multiplication homomorphic calculation, the industrial cloud platform receives a ciphertext E (CF'1‖CF′2) The ciphertext is subjected to multiplication homomorphic calculation in a C circuit by using a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1×CF′2Satisfy Decrypt (p, M') ═ M, where M ═ F1×F2And returning the result to the edge gateway, and the edge gateway returns the calculated result to the industrial field device.
2) The privacy data of the equipment is insensitive to the edge gateway and sensitive to the industrial cloud platform. The device and the edge gateway may share their privacy, but the device does not want their privacy known by the cloud platform, nor does the cloud platform want their privacy revealed.
In case 2), the industrial field device is not sensitive to the edge gateway, and the industrial field device can share private data to the edge gateway. The edge gateway receives the privacy data of the industrial field equipment, firstly, the privacy data of the equipment is classified into two types: general private data and private data that need collaborative computation, storage, as shown in table 2.
The specific classification rule is determined by the safety manager according to the plant information safety plan. In Table 2 above, F is industrial field device privacy data, GF is general privacy data, GF11Depending on the security administrator, it may be the device IDiEquipment manufacturer MiTime of transmission ST of the deviceiAnd the like. The CF is private data needing cooperative computing and storage, and the CF11Is determined by the security administrator, possibly the device IDiEquipment manufacturer MiThe equipment adopts ProtocoliAnd the like.
Table 2 edge gateway classification of private data
Figure BDA0002898378350000091
A. Generic privacy data processing
For ordinary private data of an industrial field device, the field device needs to process the private data before sending the private data. In this case, the device does not want to reveal private data on the edge gateway. And encrypting the private data of the industrial field equipment by adopting a homomorphic encryption algorithm, uploading the encrypted private data to the edge gateway, directly calculating and processing the private data by the edge gateway, and returning a result. As shown in fig. 3, the specific process of the algorithm is as follows:
(1) the industrial field device 1 and the industrial field device 2 firstly propose a key application to an authority center, and the authority center calls a security parameter function Keygen to generate a security parameter lambda after receiving a key application request proposed by the field device;
(2) the authority center uses lambda as an input parameter and sequentially calls a function to generate a private key p, a large prime number q and a large prime number r. Randomly selecting tau to integer riAnd q isiAnd calculating to obtain tau +1 public keys xi,xi=pqi+2ri. Wherein 0<i<τ,
Figure BDA0002898378350000092
ri∈Z∩(-2p,2p) To xiReordering so that x0Maximum and odd number, rp(x0) Is an even number, rp(x0) Denotes r divided by x0The remainder of (1). The authority center calls a public key function to generate a public key set pk ═ x by using p, q and r as input parameters0,x1,…,xτThe element number of the public key set is tau +1, and the public key set pk is respectively sent to the industrial field equipment 1 and the industrial field equipment 2;
(3) industrial field device 1 and field device 2 call public key pk and plaintext F1、F2For input, the encryption function Encrypt (pk, F) is used1,F2) Selecting a random subset
Figure BDA0002898378350000093
Generate ciphertext CF'1,CF′2Wherein
Figure BDA0002898378350000094
Figure BDA0002898378350000095
Ciphertext composition form E (CF'1‖CF′2) Where |' represents the link character, industrial field device 1 and field device 2 upload the ciphertext to the edge gateway;
(4) the edge gateway receives ciphertext E (CF'1‖CF′2) The ciphertext is subjected to addition homomorphic calculation in a C circuit by adopting a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1+CF′2Satisfy Decrypt (p, M') ═ M, where M ═ F1+F2(ii) a In the algorithm of multiplication homomorphism operation, the edge gateway receives the ciphertext E (CF'1‖CF′2) And performing multiplication homomorphic calculation on the ciphertext by using a function Evaluate (pk, C, E) in a C circuit, and finally generating the ciphertext M ═ CF'1×CF′2Satisfy Decrypt (p, M') ═ M, where M ═ F1×F2And returns the result.
B. Collaborative private data processing
For complex privacy data needing cooperative computing and storage, the resource requirement on equipment is high, and the local computing and processing capacity of the edge gateway is relatively weak, so that the edge gateway needs to upload a primary processing result to an industrial cloud platform for privacy protection processing. And the private data of the industrial field equipment is sent to the edge gateway, the private data is uploaded to the cloud platform for further processing after being processed by the edge gateway, and the cloud platform returns a result. The edge gateway decrypts the calculation result and returns the calculation result to the relevant equipment. As shown in fig. 4, the specific process of the algorithm is as follows:
(1) suppose the private data plaintext of two industrial field devices, respectively F1=(ID1‖M1‖D1_Type‖Protocol1‖ST1‖SF1‖PK1)、F2=(ID2‖M2‖D2_Type‖Protocol2‖ST2‖SF2‖PK2). The two industrial field devices directly send the plain texts of the private data to the edge gateway, and the edge gateway conducts homomorphic encryption operation on the plain texts and sends the plain texts to the cloud platform. The industrial cloud platform carries out homomorphic operation and returns a result;
(2) the edge gateway firstly proposes a key application to an authority center, and the authority center calls a security parameter function Keygen to generate a security parameter lambda after receiving the key application request proposed by the edge gateway;
(3) the authority center uses lambda as an input parameter and sequentially calls a function to generate a private key p, a large prime number q and a large prime number r. Randomly selecting tau to integer riAnd q isiAnd calculating to obtain tau +1 public keys xi,xi=pqi+2ri. Wherein 0<i<τ,
Figure BDA0002898378350000101
ri∈Z∩(-2p,2p) To xiReordering so that x0Maximum and odd number, rp(x0) Is an even number, rp(x0) Denotes r divided by x0The remainder of (1). The authority center calls a public key function to generate a public key set pk ═ x by using p, q and r as input parameters0,x1,…,xτThe element number of the public key set is tau +1, and the public key set pk is sent to the edge gateway respectively;
(4) the edge gateway calls the public key pk and two plaintexts F1=(ID1‖M1‖D1_Type‖Protocol1‖ST1‖SF1‖PK1)、F2=(ID2‖M2‖D2_Type‖Protocol2‖ST2‖SF2‖PK2) As input, the encryption function Encrypt (pk, F) is used1,F2) Selecting a random subset
Figure BDA0002898378350000102
Generate ciphertext CF'1,CF′2Wherein
Figure BDA0002898378350000103
Figure BDA0002898378350000104
Ciphertext composition form E (CF'1‖CF′2) Wherein |' represents the link character, and the edge gateway uploads the ciphertext to the industrial cloud platform;
(5) receipt of ciphertext E (CF ') by the Industrial cloud platform'1‖CF′2) The ciphertext is added and multiplied in the C circuit by a function Evaluate (pk, C, E), and finally, the ciphertext M ' CF ' is generated '11+CF′21Satisfy Decrypt (p, M') ═ M, where M ═ F1+F2. In the algorithm of multiplication operation, the industrial cloud platform receives a ciphertext E (CF'1‖CF′2) The ciphertext is subjected to multiplication homomorphic calculation in a C circuit by using a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1×CF′2Satisfy Decrypt (p, M') ═ M, where M ═ F1×F2. And returning a result by the cloud platform.
3) The private data of the device is sensitive to both the edge gateway and the industrial cloud platform. The device does not want to reveal private data on edge gateways and industrial cloud platforms. Therefore, before the private data is sent, the field device needs to perform protection processing on the private data.
In case 3), the private data of the industrial field device is sensitive to both the edge gateway and the industrial cloud platform, and the device does not want to reveal the private data on the edge gateway and the industrial cloud platform. The field device needs to protect the private data before it is transmitted. As shown in fig. 5, the algorithm is embodied as follows:
(1) the field device 1 and the field device 2 firstly propose a key application to an authority center, and the authority center calls a security parameter function Keygen to generate a security parameter lambda after receiving the key application request proposed by the field device;
(2) the authority center uses lambda as an input parameter and sequentially calls a function to generate a private key p, a large prime number q and a large prime number r. Randomly selecting tau to integer riAnd q isiAnd calculating to obtain tau +1 public keys xi,xi=pqi+2ri. Wherein 0<i<τ,
Figure BDA0002898378350000111
ri∈Z∩(-2p,2p) To xiReordering so that x0Maximum and odd number, rp(x0) Is an even number, rp(x0) Denotes r divided by x0The remainder of (1). The authority center calls a public key function to generate a public key set pk ═ x by using p, q and r as input parameters0,x1,…,xτThe element number of the public key set is tau +1, and the public key set pk is respectively sent to the industrial field equipment 1 and the field equipment 2;
(3) industrial field device 1 and industrial field device 2 call public key pk and plaintext F1、F2For input, the encryption function Encrypt (pk, F) is used1,F2) Selecting a random subset
Figure BDA0002898378350000112
Generate ciphertext CF'1,CF′2Wherein
Figure BDA0002898378350000113
Figure BDA0002898378350000114
Ciphertext composition form E (CF'1‖CF′2) Where |' represents the link character, industrial field device 1 and industrial field device 2 upload the ciphertext to the edge gateway;
(4) the edge gateway receives ciphertext E (CF'1‖CF′2) The ciphertext is subjected to addition homomorphic calculation in a C circuit by adopting a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1+CF′2Satisfy Decrypt (p, M') ═ M, where M ═ F1+F2. In the algorithm of multiplication, the edge gateway receives the ciphertext E (CF'1‖CF′2) The ciphertext is subjected to multiplication homomorphic calculation in a C circuit by using a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1×CF′2Satisfy Decrypt (p, M') ═ M, where M ═ F1×F2
And the edge gateway further encrypts the ciphertext M' and uploads the ciphertext to the industrial cloud platform. The specific process is as follows:
(1) the edge gateway firstly proposes a key application to an authority center, and the authority center calls a security parameter function Keygen to generate a security parameter lambda after receiving the key application request proposed by the edge node;
(2) the authority center uses lambda as an input parameter and sequentially calls a function to generate a private key p, a large prime number q and a large prime number r. Randomly selecting tau to integer riAnd q isiAnd calculating to obtain tau +1 public keys xi,xi=pqi+2ri. Wherein 0<i<τ,
Figure BDA0002898378350000115
Figure BDA0002898378350000116
ri∈Z∩(-2p,2p). For xiReordering so that x0Maximum and odd number, rp(x0) Is an even number, rp(x0) Denotes r divided by x0The remainder of (1). The authority center calls a public key function to generate a public key set pk ═ x by using p, q and r as input parameters0,x1,…,xτThe element number of the public key set is tau +1, and the public key set pk is sent to the edge gateway respectively;
(3) the edge gateway calls pk and E as input, and selects a random subset by adopting an encryption function Encrypt (pk, E)
Figure BDA0002898378350000117
Generate ciphertext CF1,CF″2Wherein
Figure BDA0002898378350000118
Figure BDA0002898378350000119
Ciphertext constituent form E' (CF ″)1‖CF″2). Then, the edge gateway uploads the ciphertext to an industrial cloud platform;
(4) the industrial cloud platform receives a ciphertext E ', firstly performs addition homomorphic addition operation on the ciphertext, performs addition in a C circuit by adopting a function Evaluate (pk, C, E'), and finally generates the ciphertext M ═ CF ″1+CF″2And satisfies Decrypt (p, M ″) -M'. In the algorithm of multiplication operation, the industrial cloud platform adopts a function Evaalrate (pk, C, E') to multiply the ciphertext in the C circuit, and finally generates the ciphertext M ″ ═ CF ″1×CF″2The function Decrypt (p, M ") ═ M' is used. The industrial cloud platform returns the operation result to the edge gateway;
(5) the edge gateway receives a result returned by the industrial cloud platform and directly performs homomorphic decryption, and a function Decrypt (p, M ') is adopted as M', and then the edge gateway returns the result to the industrial field device;
(6) the industrial field device 1 and the industrial field 2 receive the result returned by the edge gateway and directly Decrypt the result, and adopt a function Decrypt (p, M') ═ M.
Finally, the above embodiments are only intended to illustrate the technical solutions of the present invention and not to limit the present invention, and although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions, and all of them should be covered by the claims of the present invention.

Claims (7)

1. A method for protecting private data of an industrial field device based on homomorphic encryption is characterized in that the method introduces industrial edge computing with a three-layer architecture, and the three-layer architecture comprises the following steps: industrial field devices, edge gateways, and industrial cloud platforms;
the method comprises the following three conditions according to whether the edge gateway layer and the industrial cloud platform are sensitive to the private data of the industrial field device:
1) the private data of the industrial field equipment is sensitive to the edge gateway and is not sensitive to the industrial cloud platform; before the private data is sent, the field device needs to protect the private data;
the industrial field device directly uploads the data encrypted by the privacy data through a homomorphic encryption algorithm to the edge gateway, and the edge gateway uploads a ciphertext to the industrial cloud platform; the industrial cloud platform performs homomorphic calculation and then issues a ciphertext result to the edge gateway;
2) the private data of the industrial field equipment is insensitive to the edge gateway and sensitive to the industrial cloud platform;
the private data of the industrial field device is sent to the edge gateway, the edge gateway firstly needs classification processing, and the private data of the device is divided into two types: common private data and private data needing cooperative calculation and storage; then the edge gateway uploads the processed data to an industrial cloud platform for homomorphic encryption algorithm processing, and the industrial cloud platform returns a ciphertext result to the edge gateway; the edge gateway returns the ciphertext result to the relevant industrial field equipment;
3) private data of the industrial field device is sensitive to both the edge gateway and the industrial cloud platform; that is, before the private data is sent, the industrial field device needs to transmit the private data after the homomorphic encryption algorithm processing is performed on the private data.
2. The method for protecting the private data of the industrial field device according to claim 1, wherein in case 1), the industrial field device encrypts the plaintext of the private data in a homomorphic manner and sends the encrypted plaintext to the edge gateway; the edge gateway uploads the ciphertext to an industrial cloud platform, the industrial cloud platform performs homomorphic operation, and a result is returned; the whole process is as follows:
(1) the industrial field devices 1-n firstly propose a key application to an authority center, and the authority center calls a security parameter function Keygen to generate a security parameter lambda after receiving the key application request proposed by the field devices;
(2) the authority center firstly uses lambda as an input parameter and sequentially calls a function to generate a private key p, a large prime number q and a large prime number r; randomly selecting tau to integer riAnd q isiAnd calculating to obtain tau +1 public keys xi,xi=pqi+2ri(ii) a Wherein i is more than 0 and less than tau,
Figure FDA0002898378340000011
ri∈Z∩(-2p,2p) To xiReordering so that x0Maximum and odd number, rp(x0) Is an even number, rp(x0) Denotes r divided by x0The remainder of (1); the authority center calls a public key function to generate a public key set pk ═ x by using p, q and r as input parameters0,x1,...,xτThe element number of the public key set is tau +1, and the public key set pk is respectively sent to the industrial field equipment 1-n;
(3) calling the public key pk and the plaintext F by the industrial field devices 1 to n1、..、FnFor input, the encryption function Encrypt (pk, F) is used1,...,Fn) Selecting a random subset
Figure FDA0002898378340000012
Generate ciphertext CF'1,CF′2,...,CF′nWherein
Figure FDA0002898378340000013
Ciphertext constituent form is E (CF'1||CF′2||...||CFn) Wherein | | represents a link character, the industrial field device uploads the ciphertext to the edge gateway;
(4) the edge gateway receives ciphertext E (CF'1||CF′2||...||CF′n) And then directly sending the ciphertext to an industrial cloud platform, wherein the industrial cloud platform carries out addition homomorphic calculation on the ciphertext in a C circuit by adopting a function Evaaluate (pk, C, E), and finally generates the ciphertext M ═ CF'1+CF′2+…+CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1+F2+…+Fn(ii) a In the algorithm of multiplication homomorphic calculation, the industrial cloud platform receives a ciphertext E (CF'1||CF′2||...||CF′n) The ciphertext is subjected to multiplication homomorphic calculation in a C circuit by using a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1×CF′2×...×CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1×F2×...×FnAnd returning the result to the edge gateway, and the edge gateway returns the calculated result to the industrial field device.
3. The method for protecting the private data of the industrial field device according to claim 1, wherein in case 2), for the ordinary private data of the industrial field device, the industrial field device performs homomorphic encryption on the plain text of the private data and sends the encrypted plain text to the edge gateway; the edge gateway carries out homomorphic encryption operation and returns a result; the whole process is as follows:
(1) the industrial field devices 1-n firstly propose a key application to an authority center, and the authority center calls a security parameter function Keygen to generate a security parameter lambda after receiving the key application request proposed by the field devices;
(2) the authority center firstly uses lambda as an input parameter and sequentially calls a function to generate a private key p, a large prime number q and a large prime number r; randomSelecting tau to integer riAnd q isiAnd calculating to obtain tau +1 public keys xi,xi=pqi+2ri(ii) a Wherein i is more than 0 and less than tau,
Figure FDA0002898378340000021
ri∈Z∩(-2p,2p) To xiReordering so that x0Maximum and odd number, rp(x0) Is an even number, rp(x0) Denotes r divided by x0The remainder of (1); the authority center calls a public key function to generate a public key set pk ═ x by using p, q and r as input parameters0,x1,...,xτThe element number of the public key set is tau +1, and the public key set pk is respectively sent to the industrial field equipment 1-n;
(3) calling the public key pk and the plaintext F by the industrial field devices 1 to n1、..、FnFor input, the encryption function Encrypt (pk, F) is used1,...,Fn) Selecting a random subset
Figure FDA0002898378340000022
Generate ciphertext CF'1,CF′2,...,CF′nWherein
Figure FDA0002898378340000023
Ciphertext constituent form is E (CF'1||CF′2||...||CF′n) Wherein | | represents a link character, and the industrial field devices 1 to n upload the ciphertext to the edge gateway;
(4) the edge gateway receives ciphertext E (CF'1||CF′2||...||CF′n) The ciphertext is subjected to addition homomorphic calculation in a C circuit by adopting a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1+CF′2+…+CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1+F2+…+Fn(ii) a In the algorithm of multiplication homomorphism operation, the edge gateway receives the ciphertext E (CF'1||CF′2||...||CF′n) Then, the ciphertext is subjected to multiplication homomorphic calculation in a C circuit by using a function Evaluate (pk, C, E), and finally, the ciphertext M ═ CF 'is generated'1×CF′2×...×CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1×F2×...×FnAnd returns the results to the industrial equipment.
4. The method for protecting the private data of the industrial field device according to claim 1, wherein in case 2), for the private data needing cooperative computing and storage, the industrial field device directly sends a plaintext of the private data to the edge gateway, and the edge gateway performs a homomorphic encryption operation on the plaintext and sends the plaintext to the cloud platform; the industrial cloud platform carries out homomorphic operation and returns a result; the specific process is as follows:
(1) the industrial field devices 1-n directly send the plain text of the private data to the edge gateway, the edge gateway firstly proposes a key application to an authority center, and the authority center calls a security parameter function Keygen to generate a security parameter lambda after receiving the key application request proposed by the edge gateway;
(2) the authority center firstly uses lambda as an input parameter and sequentially calls a function to generate a private key p, a large prime number q and a large prime number r; randomly selecting tau to integer riAnd q isiAnd calculating to obtain tau +1 public keys xi,xi=pqi+2ri(ii) a Wherein i is more than 0 and less than tau,
Figure FDA0002898378340000031
ri∈Z∩(-2p,2p) To xiReordering so that x0Maximum and odd number, rp(x0) Is an even number, rp(x0) Denotes r divided by x0The remainder of (1); the authority center calls a public key function to generate a public key set pk ═ x by using p, q and r as input parameters0,x1,...,xτThe element number of the public key set is tau +1, and the public key set pk is sent to the edge gateway respectively;
(3) calling public key pk and plaintext F by edge gateway1、…FnFor input, the encryption function Encrypt (pk, F) is used1,...,Fn) Selecting a random subset
Figure FDA0002898378340000032
Generate ciphertext CF'1,CF′2,...,CF′nWherein
Figure FDA0002898378340000033
Figure FDA0002898378340000034
Ciphertext composition form E (CF'1||CF′2||...||CF′n) The edge gateway uploads the ciphertext to the industrial cloud platform;
(4) receipt of ciphertext E (CF ') by the Industrial cloud platform'1||CF′2||...||CF′n) The ciphertext is subjected to addition homomorphic calculation in a C circuit by adopting a function Evaaluate (pk, C, E), and finally, the ciphertext M ═ CF 'is generated'1+CF′2+…+CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1+F2+…+Fn(ii) a In the algorithm of multiplication operation, the industrial cloud platform receives a ciphertext E (CF'1||CF′2||...||CF′n) The ciphertext is subjected to multiplication homomorphic calculation in a C circuit by using a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1×CF′2×...×CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1×F2×...×Fn(ii) a And returning a result by the industrial cloud platform.
5. The method for protecting the private data of the industrial field device according to claim 1, wherein in case 3), before the industrial field device uploads the data, the private data needs to be processed, and the specific process is as follows:
(1) the industrial field devices 1-n firstly propose a key application to an authority center, and the authority center calls a security parameter function Keygen to generate a security parameter lambda after receiving the key application request proposed by the field devices;
(2) the authority center firstly uses lambda as an input parameter and sequentially calls a function to generate a private key p, a large prime number q and a large prime number r; randomly selecting tau to integer riAnd q isiAnd calculating to obtain tau +1 public keys xi,xi=pqi+2ri(ii) a Wherein i is more than 0 and less than tau,
Figure FDA0002898378340000035
ri∈Z∩(-2p,2p) To xiReordering so that x0Maximum and odd number, rp(x0) Is an even number, rp(x0) Denotes r divided by x0The remainder of (1); the authority center calls a public key function to generate a public key set pk ═ x by using p, q and r as input parameters0,x1,...,xτThe element number of the public key set is tau +1, and the public key set pk is respectively sent to the industrial field equipment 1-n;
(3) calling the public key pk and the plaintext F by the industrial field devices 1 to n1、..、FnFor input, the encryption function Encrypt (pk, F) is used1,...,Fn) Selecting a random subset
Figure FDA0002898378340000042
Generate ciphertext CF'1,CF′2,...,CF′nWherein
Figure FDA0002898378340000041
Ciphertext composition form E (CF'1||CF′2||...||CF′n) Wherein | | represents a link character, and the industrial field devices 1 to n upload the ciphertext to the edge gateway;
(4) the edge gateway receives ciphertext E (CF'1||CF′2||...||CF′n) And performing the C circuit on the ciphertext by adopting a function evaluation (pk, C, E)And finally generating a ciphertext M ═ CF'1+CF′2+…+CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1+F2+…+Fn(ii) a In the algorithm of multiplication, the edge gateway receives the ciphertext E (CF'1||CF′2||...||CF′n) The ciphertext is subjected to multiplication homomorphic calculation in a C circuit by using a function Evaluate (pk, C, E), and finally the ciphertext M ═ CF 'is generated'1×CF′2×...×CF′nSatisfy Decrypt (p, M') ═ M, where M ═ F1×F2×...×Fn
(5) And the edge gateway further encrypts the ciphertext M 'by adopting the same synchronous encryption algorithm and uploads the ciphertext M' to the industrial cloud platform.
6. The method for protecting the private data of the industrial field device according to any one of claims 1 to 5, wherein the private data of the industrial field device comprises: device ID, device manufacturer, device model, device protocol, device transmit frequency, time, or any combination of the foregoing private data.
7. The method for protecting the private data of the industrial field device according to any one of claims 1 to 5, wherein the step of acquiring the data by the industrial field device comprises the following steps: temperature, humidity, current and voltage.
CN202110048592.4A 2021-01-14 2021-01-14 Industrial field device privacy data protection method based on homomorphic encryption Active CN112751661B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110048592.4A CN112751661B (en) 2021-01-14 2021-01-14 Industrial field device privacy data protection method based on homomorphic encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110048592.4A CN112751661B (en) 2021-01-14 2021-01-14 Industrial field device privacy data protection method based on homomorphic encryption

Publications (2)

Publication Number Publication Date
CN112751661A true CN112751661A (en) 2021-05-04
CN112751661B CN112751661B (en) 2022-05-06

Family

ID=75651823

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110048592.4A Active CN112751661B (en) 2021-01-14 2021-01-14 Industrial field device privacy data protection method based on homomorphic encryption

Country Status (1)

Country Link
CN (1) CN112751661B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115549993A (en) * 2022-09-19 2022-12-30 山东大学 Multi-task cost evaluation method and system based on graph path secret calculation

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105577357A (en) * 2015-12-21 2016-05-11 东南大学 Intelligent household data privacy protection method based on full homomorphic encryption
US20160366180A1 (en) * 2015-06-09 2016-12-15 Intel Corporation System, apparatus and method for privacy preserving distributed attestation for devices
CN107919956A (en) * 2018-01-04 2018-04-17 重庆邮电大学 End-to-end method for protecting under a kind of internet of things oriented cloud environment
CN108282333A (en) * 2018-03-02 2018-07-13 重庆邮电大学 Data safety sharing method under multiple edge node collaboration mode under industrial cloud environment
US20190044703A1 (en) * 2017-12-28 2019-02-07 Ned M. Smith Device identity and algorithm management blockchains
CN109327304A (en) * 2018-12-18 2019-02-12 武汉大学 The lightweight homomorphic cryptography method of secret protection is realized in a kind of cloud computing
CN109862087A (en) * 2019-01-23 2019-06-07 深圳市康拓普信息技术有限公司 Industrial Internet of things system and its data processing method based on edge calculations
CN112073379A (en) * 2020-08-12 2020-12-11 国网江苏省电力有限公司南京供电分公司 Lightweight Internet of things security key negotiation method based on edge calculation
CN112203282A (en) * 2020-08-28 2021-01-08 中国科学院信息工程研究所 5G Internet of things intrusion detection method and system based on federal transfer learning

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160366180A1 (en) * 2015-06-09 2016-12-15 Intel Corporation System, apparatus and method for privacy preserving distributed attestation for devices
CN105577357A (en) * 2015-12-21 2016-05-11 东南大学 Intelligent household data privacy protection method based on full homomorphic encryption
US20190044703A1 (en) * 2017-12-28 2019-02-07 Ned M. Smith Device identity and algorithm management blockchains
CN107919956A (en) * 2018-01-04 2018-04-17 重庆邮电大学 End-to-end method for protecting under a kind of internet of things oriented cloud environment
CN108282333A (en) * 2018-03-02 2018-07-13 重庆邮电大学 Data safety sharing method under multiple edge node collaboration mode under industrial cloud environment
CN109327304A (en) * 2018-12-18 2019-02-12 武汉大学 The lightweight homomorphic cryptography method of secret protection is realized in a kind of cloud computing
CN109862087A (en) * 2019-01-23 2019-06-07 深圳市康拓普信息技术有限公司 Industrial Internet of things system and its data processing method based on edge calculations
CN112073379A (en) * 2020-08-12 2020-12-11 国网江苏省电力有限公司南京供电分公司 Lightweight Internet of things security key negotiation method based on edge calculation
CN112203282A (en) * 2020-08-28 2021-01-08 中国科学院信息工程研究所 5G Internet of things intrusion detection method and system based on federal transfer learning

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
YAN HUO1,*, CHUN MENG, RUINIAN LI, TAO JING: "An Overview of Privacy Preserving Schemes for Industrial Internet of Things", 《IEEE》 *
张佳乐,赵彦超,陈兵,胡峰,朱琨: "边缘计算数据安全与隐私保护研究综述", 《通信学报》 *
曹建福等: "智能工厂中的工业物联网技术", 《自动化博览》 *
王瑞锦等: "基于同态加密和区块链技术的车联网隐私保护方案", 《网络与信息安全学报》 *
蒋林智等: "(全)同态加密在基于密文计算模型中的应用", 《密码学报》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115549993A (en) * 2022-09-19 2022-12-30 山东大学 Multi-task cost evaluation method and system based on graph path secret calculation
CN115549993B (en) * 2022-09-19 2024-04-26 山东大学 Multitasking cost evaluation method and system based on graph path dense state calculation

Also Published As

Publication number Publication date
CN112751661B (en) 2022-05-06

Similar Documents

Publication Publication Date Title
Samaila et al. Challenges of securing Internet of Things devices: A survey
De Cristofaro et al. Participatory privacy: Enabling privacy in participatory sensing
Bokefode et al. Developing a secure cloud storage system for storing IoT data by applying role based encryption
CN109995513B (en) Low-delay quantum key mobile service method
JP4981072B2 (en) Method and system for decryptable and searchable encryption
Isaksson et al. Secure federated learning in 5G mobile networks
Kong et al. Achieve secure handover session key management via mobile relay in LTE-advanced networks
Yu et al. PGRide: Privacy-preserving group ridesharing matching in online ride hailing services
CN102202299A (en) Realization method of end-to-end voice encryption system based on 3G/B3G
Bali et al. Lightweight authentication for MQTT to improve the security of IoT communication
CN109995739A (en) A kind of information transferring method, client, server and storage medium
CN107196918B (en) Data matching method and device
CN112751661B (en) Industrial field device privacy data protection method based on homomorphic encryption
CN111224958A (en) Data transmission method and system
Quadar et al. Cybersecurity issues of IoT in ambient intelligence (AmI) environment
Saksonov et al. Organization of information security in Industrial Internet of Things systems
Davoli et al. Internet of things on power line communications: An experimental performance analysis
Alagheband et al. Advanced encryption schemes in multi-tier heterogeneous internet of things: taxonomy, capabilities, and objectives
Rottondi et al. A protocol for metering data pseudonymization in smart grids
KR102219018B1 (en) Blockchain based data transmission method in internet of things
Ma et al. Edge computing assisted an efficient privacy protection layered data aggregation scheme for IIoT
Döring et al. Post-Quantum Cryptography key exchange to extend a high-security QKD platform into the mobile 5G/6G networks
CN101217532B (en) An anti-network attack data transmission method and system
CN110572827B (en) Safety access gateway and identity authentication method
CN109788249B (en) Video monitoring control method based on industrial internet operating system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant