CN114339743A - Internet of things client privacy protection authentication method based on edge calculation - Google Patents
Internet of things client privacy protection authentication method based on edge calculation Download PDFInfo
- Publication number
- CN114339743A CN114339743A CN202210122740.7A CN202210122740A CN114339743A CN 114339743 A CN114339743 A CN 114339743A CN 202210122740 A CN202210122740 A CN 202210122740A CN 114339743 A CN114339743 A CN 114339743A
- Authority
- CN
- China
- Prior art keywords
- client
- key
- attribute
- base station
- central base
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000004364 calculation method Methods 0.000 title claims description 7
- 238000012795 verification Methods 0.000 claims description 13
- 238000013507 mapping Methods 0.000 claims description 9
- 125000004122 cyclic group Chemical group 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 8
- 239000000126 substance Substances 0.000 claims description 7
- 241000287196 Asthenes Species 0.000 claims description 2
- 230000007246 mechanism Effects 0.000 description 12
- 238000007726 management method Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000012946 outsourcing Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 101100437498 Escherichia coli (strain K12) uidA gene Proteins 0.000 description 1
- 230000004931 aggregating effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to an Internet of things client privacy protection authentication method based on edge computing, which comprises the following steps: s1: the central base station establishes the public parameters of the system and completes the registration of all the clients and n edge servers, simultaneously constructs a binary tree according to the upper limit of the number of the clients, each edge server generates a group of public and private key pairs, wherein the public keys are safely shared to any entity in the system, and the central base station generates the public key of the system according to the public keys of the edge servers; s2: issuing an attribute key for a client; s3: the cloud server calculates a cloud server token according to the attribute key, and the client generates a signature message according to the cloud server token; s4: judging whether the signature message is legal or not by any other client according to the predicate strategy, if so, outputting 1, and otherwise, outputting 0; s5: and the revocation of the client is realized by utilizing a binary tree structure.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an internet of things client privacy protection authentication method based on edge computing.
Background
In the message transmission process, the Internet of things equipment ensures the integrity of the transmitted message by introducing various signature mechanisms. However, in conventional digital signature mechanisms, verification is performed for a particular public key, which exposes the associated identity information to any verifying entity in its entirety. In other words, such a signature mechanism does not provide any privacy or anonymity requirements. To balance message integrity verification and identity privacy protection, various schemes have been proposed to address both security issues. In particular, the pseudonymization technology is widely used in terms of realizing privacy protection for anonymous communication. Pseudonymization mechanisms based on symmetric cryptography are computationally efficient but are generally not suitable for sensitive end-to-end communication, since an internet of things terminal must contact a base station to decrypt or verify information received from another terminal. Pseudonym mechanisms based on public key certificates incur a significant storage and communication overhead because the public key certificate must be sent with the message to facilitate message authentication by the recipient. While identity-based pseudonym mechanisms remove the need for public key certificates, they require a trusted center to issue pseudonyms. The scheme based on the group signature can indeed meet the requirement that the terminal of the internet of things generates the signature on the premise of not revealing identity information, but the terminal of the internet of things is responsible for aggregating all nodes to one group on the assumption that a trusted group manager exists.
The pseudonym mechanism based on the symmetric password, the asymmetric password and the identity password is static in nature and cannot meet the requirements of the internet of things system with dynamic change or frequent update, and the development of the attribute encryption technology provides a new direction for solving the problem. In the attribute signature system, a signer constructs a legal signature according to a promised predicate policy, and after a verifier successfully verifies the signature, the signed message can be obtained without being tampered, the signer really has an attribute set meeting the predicate policy, and specific identity information of more signers can not be obtained.
However, in the conventional attribute signature mechanism, a single authorization center can forge the signature of any client by generating a client key, or when the authorization center is attacked, the whole system is threatened. Although multiple-grant attribute signature schemes have been constructed, they do not alter the fact that a central authority decides on the system master key, and therefore do not fundamentally address the key escrow issue. Meanwhile, along with the movement and position change of the client, the problem of revocation of the client is a great challenge, and the unique and trusted authorization center may issue a private key for an illegal client for reputation benefit or cannot update the private key for the revoked client in time, which all affect the security of the system; finally, a large number of power operations and bilinear operations with high computational complexity in the signature generation process cannot be borne by mobile equipment with limited computing power and storage resources.
Disclosure of Invention
The invention aims to provide an Internet of things client privacy protection authentication method based on edge computing, so as to solve the problem of key escrow and relieve the management burden of mobile equipment.
The internet of things client privacy protection authentication method based on edge calculation meets the following requirements: firstly, a plurality of edge servers are set as edge servers to manage and verify the attributes of users, and issue private key components associated with the attributes, each edge server can manage the attributes of the whole system, so that the application of a user key cannot be influenced by the downtime of one edge server; secondly, by applying a gate trap secret sharing technology, each edge server interactively shares a main key of the edge server, the central base station reconstructs to obtain a complete system main key, but any edge server and any central base station cannot forge a signature through an attribute key, and the central base station cannot issue a private key for a malicious user at will and even cannot forge a signature of a legal client; thirdly, the client is managed by applying the existing binary tree structure, and the revocation of the user is quickly realized; and meanwhile, outsourcing computing power of the cloud server is applied, and power operation and bilinear mapping operation with high computing complexity are outsourced to cloud computing processing.
The invention provides an Internet of things client privacy protection authentication method based on edge computing, which comprises the following steps:
s1: the central base station establishes the public parameters of the system and completes the registration of all the clients and n edge servers, simultaneously constructs a binary tree according to the upper limit of the number of the clients, each edge server generates a group of public and private key pairs, wherein the public keys are safely shared to any entity in the system, and the central base station generates the public key of the system according to the public keys of the edge servers;
s2: issuing an attribute key for a client;
s3: the cloud server calculates according to the attribute key to obtain a cloud server token, and the client generates a signature message according to the cloud server token;
s4: judging whether the signature message is legal or not by any other entity according to the predicate strategy, if so, outputting 1, and otherwise, outputting 0;
s5: and the revocation of the client is realized by utilizing a binary tree structure.
Further, step S1 includes:
s11: the central base station takes a security parameter lambda as input, firstly selects a hash function which can resist collusion attackWherein n isMRepresenting a binary upper bound on the size of the signature message, followed by the selection of two multiplicative cyclic groups G and G of order prime pTAnd defining a bilinear map e on the group G → GT(ii) a Let G be the generator of G and randomly selectThereby defining a functionAnd selectingD different elements phi ═ phi1,φ2,…,φdAs a system default attribute set; then setting the parameter l to 2d +1, and the central base station continues to select And is calculated to obtainThe central base station additionally distributes a digital signature algorithm omegaSignAnd a set of corresponding public and private key pairs (pk)BS;skBS) Wherein pkBSDisclosure to any entity of the system, skBSMastered only by the central base station, through skBSRealizing the registration of a client and an edge server; the central base station constructs a binary tree according to the upper limit of the number of the clients and uses the binary treeThis binary number is marked, N denotes the maximum number of client nodes, RL denotes the client's revocation list and is initialized to the empty set, st the state of the binary tree of the current time node and is initialized to the state of the empty setFor each node θ ∈ N of the binary tree, a random number r is selected and storedθ∈ZpAt the nodeAt least one of (1) and (b);
the registration process of the client comprises the following steps: when any client is added into the system, the central base station firstly carries out the validity verification of the client, the validity verification of the client comprises the verification of whether the client has carried out registration application before to resist replay attack and denial of service attack, and when the client is verified to be legal, the central base station randomly selectsOne element is used as a global identity uid of the client to be issued to the client, and a corresponding digital certificate Cert.uid is constructed according to a signature algorithm and a signature private key; for each legitimate client registered to the system, the central base station is in a binary treeSelecting an unallocated node from all leaf nodes of the client end uid to send to the current client end uid, and marking the uid on the leaf node;
the registration process of each edge server includes: central base station random selection ZpOne element as global identity aid of edge serveriIssuing to an edge server, and constructing a corresponding digital certificate CertiAnd simultaneously, the binary tree of the current state is safely shared to each edge server, and the binary tree comprises leaf nodes marked with the clients and random number factors of each node, so that the edge server can generate effective attribute key components to be adjusted for each client.
Further, step S1 further includes:
s12: each edge server ESi(i ═ 1,2, …, n) a random number α is selectedi∈ZpAs a subkey, the system master key is now represented asThen each ESi(i-1, 2, …, n) each generates a polynomial f of degree k-1i(x) Satisfies alphai=fi(0) (ii) a According to the selectionEach ES ofi(i-1, 2, …, n) is another ESj(i ═ 1,2, …, i-1, i +1, …, n) is calculated to give the corresponding sub-shares sij=fi(aidj) And through ESjSecret delivery of certificates to the ESi(ii) a Simultaneous ESiCalculate s for oneselfii=fi(aidi) When receiving the data from other n-1 ESsj(j ═ 1,2, …, i-1, i +1, …, n) of the subgroup sji(j-1, 2, …, i-1, i +1, …, n) and then ESiCalculating to obtain a master keyAnd according to the master key skiCalculate to obtain the corresponding public key asAfter initialization of the edge server, each ESiObtaining a group of public and private key pairs (pk)i,ski) Wherein pkiTo any entity including the central base station.
Further, step S1 further includes:
s13: the central base station arbitrarily selects n ESsiK public keys are subjected to reconstruction calculation to obtain the public key of the system:wherein the content of the first and second substances,
the published parameters of the final system are:
where G is the generator of the multiplication cycle group G, n is the number of edge servers, e (G, G)αIs the public key of the system, λ is the security parameter, GTFor multiplicative cyclic groups, Φ is the default set of attributes for the system, F1(t),F2(M) is a mapping function defined during the initialization of the central base station,for the vector parameters defined during initialization, H0Is a hash function.
Further, step S2 includes:
step S21: random selection of client with identity uidGlobal private key beta as its own global private key, i.e. clientuidAnd calculating from the generator G of the multiplication cycle group G in the public parameters of the systemAs the global public key pk of the clientuidThen sends the global public key pk of the clientuidAnd a zero knowledge proofApplying attribute keys to the edge server together;
step S22: the edge server issues corresponding attribute key components to be adjusted for the users according to the binary tree state and the node factors shared by the central base station, the central base station constructs key updating parameters according to the revocation list of the current time period, and only the users which are not revoked operate the attribute key components to be adjusted according to the key updating parameters to obtain the attribute key components of the associated time parameters.
Step S23: the client collects the ES from n different edge serversiThe k attribute key components, and reconstruct the complete attribute key.
Further, the step S22 includes:
step S221: using the ith edge server ESiAccording to the private key sk of the edge serveriAnd a set of random parametersRespectively for rolesConstructing data to be adjusted of the ith key component of the attribute key of the client by using the attribute set omega and the default attribute set phi;
step S222: and according to the current time node revocation list and the state of the binary tree, judging whether the user is revoked at the current time node, and according to the judgment result, the central base station constructs a time parameter according to a revocation algorithm to adjust the data to be adjusted of the ith key component of the attribute key of the client so as to update and obtain the final attribute key component.
Further, in the step S222, only the user whose node is not revoked at the current time can correctly update the attribute key component;
aiming at the role attribute set omega, the self part SK of the generated complete attribute keyωComprises the following steps:
for the default attribute set Φ, ithEdge server ES ofiSelecting random numbersDefault part SK of generated complete attribute keyφ(Dt,φ,0,Dφ,1,Dφ,2,Kφ,i) Comprises the following steps:
further, step S3 further includes:
1) when it is a messageSelecting predicate strategy gamma ═ (m, S), wherein S is an attribute set with the size of S ═ S ≦ d, and m ∈ {1, …, S }, and grouping attribute keys by a client side as follows ({ SKω}ω∈Ω,{SKφ}φ∈φ) The data is transmitted to a cloud server, and the cloud server firstly selects a subset phi of the front d-m elements of the set phi according to the dictionary sequenced-mSimultaneously selecting arbitrary subsetsSatisfy | SmI | ═ m; a vector can be defined according to the following polynomial
Since d-m + s + 1. ltoreq.2 d +1 ═ l, the coefficient yd-m+s+2,…,ylIs determined to be 0;
for each attribute ω ∈ SmThe cloud server according to the attribute key SKω={Dω,0,Dω,1,Kω,iThe parameter is obtained by calculating | i ═ 1,2, …, l-1}
For each attribute φ ∈ φd-mThe client end is according to the attribute key SKφ={Dφ,0,Dφ,1,Kφ,iThe parameter is obtained by calculating | i ═ 1,2, …, l-1}
According toAndthe cloud server calculates three elements D contained in the cloud server token0、D1And D2:
Wherein the content of the first and second substances, andis composed of a set SmAnd phid-mCo-determined Lagrange coefficients, for a certain ω ∈ Sm, For a certain phi e phid-m,
2) Client first calculatesAnd selecting u, v, w epsilon to ZpThen calculating to obtain the signature sigma ═ (sigma)0,σ1,σ2,σ3,σ*):
Further, step S4 further includes:
other arbitrary entities firstly resolve the predicate strategy gamma into (m, S), and calculate Then, according to the parameter m, a subset of Φ is defined which contains the d-m elementsUsing a polynomial PS(Z) definition rule definition vectorIf equation If true, the acceptance signature ∑ (σ) is set0,σ1,σ2,σ3,σ*) A 1 is legally signed and output, otherwise the output is 0.
Further, step S5 further includes:
and (x; T) is added to all nodes x associated with the identity uid by taking the identity uid, the time period T, the revocation list rl and the state st as input, and the updated revocation list rl is output.
According to the privacy protection and authentication method for the client side of the Internet of things based on the edge calculation, the attribute set of the system is managed by a plurality of edge servers together, so that the real distributed management requirement of the client side of the Internet of things is realized, a single trusted center or a center base station is not required to be on line at any time, and the key application and management of the client side are ensured; each edge server can realize authenticity verification and attribute key issuing of a client attribute set, and the downtime of a specific edge server cannot influence the key application of the client; by applying a gate trap secret sharing mechanism, the central base station obtains the master key of the whole system by reconstructing the master key of each edge server, so that the problem of single-point failure of the central base station in a centralized system is fundamentally solved, and the central base station and any edge server cannot forge client-side signatures in a mode of independently generating private keys; in the initialization process, a binary tree structure is introduced into the central base station, all leaf nodes are used for managing a registered user set, and when a user is revoked, the private key of the user is quickly updated according to a KUNODE algorithm without influencing other users who are not revoked; and finally, a cloud server outsourcing computing technology is introduced into a generation algorithm of the attribute signature, power operation and bilinear mapping operation with high computational complexity are outsourced to the cloud server for computation processing, and the client of the Internet of things can complete the signature structure only by executing simple operation, so that the efficiency of the client in processing the power operation and the bilinear mapping operation with high complexity is greatly improved.
Drawings
Fig. 1 is a flowchart of an internet of things client privacy protection authentication method based on edge computing according to an embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
The entity related to the embodiment of the invention comprises:
central Base Station (BS): as a global trusted certificate center of the system, the method carries out initialization creation of the system and receives registration of a legal client and an edge server;
edge Server (ES): the method comprises the following steps that a plurality of edge servers manage the same system attribute set and issue attribute key components for each Internet of things client;
the client side of the Internet of things: the client having the legal attribute key can construct a signature meeting the corresponding predicate policy, and any client entity can complete signature verification under the condition that no additional information is needed for signature verification.
As shown in fig. 1, an embodiment of the present invention provides an internet of things client privacy protection authentication method based on edge computing, including the following steps:
s1: the central base station establishes the public parameters of the system and completes the registration of all the clients and n edge servers, simultaneously constructs a binary tree according to the upper limit of the number of the clients, each edge server generates a group of public and private key pairs, the public keys of the edge servers are safely shared to any entity in the system, and the central base station generates the public parameters of the system according to the public keys of the edge servers;
s2: issuing an attribute key for a client;
s3: the cloud server calculates a cloud server token according to the attribute key, and the client generates a signature message according to the cloud server token;
s4: judging whether the signature message is legal or not by any other client entity according to the predicate strategy, if so, outputting 1, and otherwise, outputting 0;
s5: and the revocation of the client is realized by utilizing a binary tree structure.
Step S1 is a system initialization, which includes three steps: BSetup1, BSetup, and BSetup 2. The BSetup1 is mainly responsible for establishing system parameters and registering all clients and edge servers; the edge servers interact in an ESetup stage to share the sub-keys; and finally, the central base station reconstructs the complete system public parameters in the stage of BSetup 2. The method comprises the following specific steps:
S11:BSetup1
the central base station runs an initialization operation with the security parameter λ as input. Firstly, a hash function which can resist collusion attack is selectedWherein n isMRepresenting a binary upper bound on the size of the signature message, the base station then selects two multiplicative cyclic groups G and G of order prime pTAnd defining a bilinear map e on the group G → GTLet G be the generator of the multiplication cycle group G and randomly selectThereby defining a functionAndwherein F1(t) and F2(M) mapping the time parameter and the signature message onto the corresponding cyclic group G, respectively; meanwhile, in order to simplify the description of a trapdoor predicate strategy, an integer group with the order of prime number is selectedD different elements phi ═ phi1,φ2,…,φdD is used as a default attribute set phi of the system, wherein d determines the maximum value of a trapdoor (trapdoor) predicate strategy in the final signature structure, and the specific parameters of d cannot influence the structure of the attribute signature; then the central base station continuously selects a group of random numbers to construct vector parametersI.e. each element of the vector is taken from the group of integersAnd calculating therefrom the vector parameters In addition, the central base station additionally allocates a traditional digital signature algorithm omegaSignAnd a set of corresponding public and private key pairs (pk)BS;skBS) For signing and verifying of subsequent certificates. Wherein the public key pkBSIs any master entity disclosed to the system and the private key skBSRegistration for subsequent clients and edge servers is only handled by the central base station. Simultaneously, the center base considers the withdrawal requirementThe station constructs a binary tree according to the upper limit of the number of clients and uses the binary treeThis binary number is marked, N denotes the maximum number of client nodes, RL denotes the client node whose client revocation list is revoked for real-time updates, and the initialization is set to the empty setst represents the state of the binary tree of the node at the current time and is initially set toFor each node theta of the binary tree, a random number is selected and storedAt the node theta.
When any client is added into the system, the central base station firstly verifies the validity of the client, and mainly verifies whether the client has previously performed registration application to resist replay attack and denial of service attack. When the client is verified to be legitimate, the central base station will randomly selectOne element is issued to the client as its global identity uid, along with a digital certificate cert. More importantly, to implement client revocation management, all registered clients are assignedAnd marking the uid at the leaf node.
Each edge server also needs to register with the central base station during the system initialization phase. Likewise, the central base station randomly selectsOne element as global identity aid of edge serveriIssued to it and constructing a corresponding digital certificate certiThe method is used for guaranteeing the safety of interactive communication among the following edge servers. And simultaneously, safely sharing the binary tree of the current state to each edge server, wherein the binary tree comprises leaf nodes marked with the positions of the clients and random number factors of each node, so that the edge server can generate effective attribute key components to be adjusted for each client subsequently.
S12:ESetup
This process is run cooperatively by all edge servers. All n edge server interaction invoke the (k, n) threshold secret sharing mechanism as follows:
assume ESiDenotes the ith edge server, each ESi(i ═ 1,2, …, n) a random number α is selectedi∈ZpAs its subkey, the system master key may now be obscured as shownThen each ESi(i-1, 2, …, n) each generates a polynomial f of degree k-1i(x) Satisfies alphai=fi(0). According to a selected polynomial, each ESi(i-1, 2, …, n) is another ESj(i ═ 1,2, …, i-1, i +1, …, n) is calculated to give the corresponding sub-shares sij=fi(aidj) And through ESjTo which it is passed in secret, wherein aidjIs the global identity of the jth edge server. Simultaneous ESiCalculate s for oneselfij=fi(aidi). When receiving the data from other n-1 ESsj(j ═ 1,2, …, i-1, i +1, …, n) of the subgroup sji(j=1,2,…,i-1,i+1,…,n),ESiCalculating to obtain the own private key (namely the private key of the ith edge server)Then ESiCalculates to obtain its public key asAfter initialization of the edge server, each ESiObtaining a group of public and private key pairs (pk)i,ski) Here pkiTo any entity including the central base station.
S13:BSetup2
In order to calculate the public key of the system, the central base station arbitrarily selects n ESsiK public keys are subjected to reconstruction calculation to obtain:
as an important parameter for signature verification is no longer determined by a single entity, we can show it in a cryptic way
Wherein the content of the first and second substances,e is a defined bilinear map, G is a generator of a public multiplication cyclic group G; skiThe private key of the ith edge server; pkiIs the public key of the ith edge server, k is a parameter of the threshold secret sharing mechanism (k, n), and P (i) represents the set of identities (aid) by the edge server1,aid2,…aidk) The determined lagrangian coefficients are chosen according to the dictionary order for the sake of simplicity of description, but in practice, the id sets of any k edge servers from n are all implemented.
After the final initialization is completed, the published parameters of the whole system are as follows:
where G is the generator of the multiplication cycle group G, n is the number of edge servers, e (G, G)αIs the public key of the system, λ is the security parameter, GTFor multiplicative cyclic groups, Φ is the default set of attributes for the system, F1(t),F2(M) is a mapping function defined during the initialization of the central base station,for the vector parameters defined during initialization, H0Is a hash function.
Step S2 issues an attribute key to the client, including:
step S21: random selection of client with identity uidAs its own global private key, i.e. the global private key sk of the clientuid=βuidHere, theAdding groups for prime numbersAll non-zero elements in (1), and calculatingAs its own global public key, i.e. the global public key of the client, and then sends the global public key pkuidAnd a zero knowledge proof And sending the attribute key application to the edge server together. Zero knowledge proof means that sk cannot be obtained at the edge server (i.e., verifier)uid=βuidIn case of (2), according to the evidenceIt follows that the client (i.e., prover) does have skuid=βuid。
Step S221: ith edge server ESiAnd issuing the attribute key component to be adjusted for the client. Firstly, the edge server verifies the validity of the client, namely the accuracy of the zero-knowledge proof, then issues a role attribute set omega according to the specific identity role of the client, such as the professional attribute, the gender attribute and the like of the client, and carries out customized description according to different system environments. And defining a path node parameter Path (uid) according to the binary tree state shared by the central base station, wherein the path node parameter Path (uid) represents all the node sets from the leaf node marked with the uid to the root node in the binary tree, so that all the nodes covering the client uid in the binary tree are associated to the attribute key component to be adjusted. Then according to the private key sk of the edge serveriAnd a set of random parametersDefining an implicit polynomial And constructing data to be adjusted of the attribute key component of the client according to the role attribute set omega and the default attribute set phi respectively. In particular, we describe in detail according to the role attribute set as an example. For a specific attribute omega, ES in the role attribute set omegaiSelecting a random numberThe data to be adjusted of the respective key component consists of three elements, which can be represented as
Step S222: the central base station firstly obtains a node set KUNOde (BT, RL, t, st) according to the current time parameter and a revocation list, wherein the KUNOde represents the abbreviation of a binary tree revocation algorithm (namely the revocation algorithm), the BT binary tree and the RL revocation list are used as input, t is the current time parameter, st is the state of the binary tree, and the output result is that the current time node t can be covered as the minimum binary tree node set of the clients which are not revoked. The node factor r stored at node θ is then retrievedθ(ii) a Selecting a random number And calculating to obtain:
whereinAnd updates all the keys to the parameter UKt=(θ,UKt,θ) I theta epsilon KUNOde (BT, RL, t, st) is disclosed in the system, which includes all updated key parameters UK belonging to nodes theta epsilon KUNOde (BT, RL, t, st) of the binary treet,θA set of compositions.
Step S223: assuming that I is a node set Path (uid) and J is a node set KUNOde (BT, RL, t, st) obtained according to a revocation algorithm, if a node is legal at a certain time by a clientNon-revoked clients, then there is a unique intersection between sets I and J. This unique intersection is the only node in the binary tree node, which can then be based on this node factor rθConstructed to-be-adjusted attribute key componentAnd updating the Key parameter UKt,θ=(UKθ,0,UKθ,1) And finally obtaining the accurate attribute key component of the current time period containing the time parameter. At this time, the client first selects a random numberThe attribute key belonging to ω is adjusted to include four elements The detailed parameters are calculated as follows:
Step S23, for the role attribute ω, when adjusted data of the attribute key components from k different edge servers are collected, i.e. from each edge server ESiResulting attribute key componentsComplete SK (Key) belonging to omega attribute key and obtained by client reconstructionω=(Dω,0,Dω,1,Dω,2,Dω,iI ═ 1,2, …, l-1) is still made up of four elements, including in particular the following:
wherein P (j) is from the set IkDetermined Lagrange coefficient Which are two random parameters determined by specific attributes.
likewise, for the default attribute set Φ, each of which is represented as Φ ∈ Φ, the ith ES is processed through the above-described steps S22-S23iSelecting random numbersDefault part SK of generated complete attribute keyφ(Dt,φ,0,Dφ,1,Dφ,2,Kφ,i) Comprises the following steps:
the private key of the final client comprises a global private key beta of the clientuidAnd an attribute key of the client. The client's attribute key includes (SK)ω={Dt,ω,0,Dω,1,Dω,2,Kω,i1,2, …, l-1 for each attribute ω ∈ Ω }, SKφ={Dt,φ,0,Dφ,1,Dφ,2,Kφ,iI ═ 1,2, …, l-1 for each attribute Φ ∈ Φ }).
Step S3 is to sign the client message, and the generation of the signature includes cloud server token generation and signature generation, which are as follows:
1) cloud server token generation
When it is a messageThe predicate policy chosen is Γ ═ (m, S), where S is a set of attributes of size S ═ S ≦ d, and m ∈ {1, …, S }, and the client groups the attribute keys as follows ({ SK, …, S }, with the client grouping the attribute keys as follows ({ SK ≦ S ≦ d }ω}ω∈Ω,{SKφ}φ∈Φ) The data is transmitted to a cloud server, and the cloud server firstly selects a subset phi of the front d-m elements of the set phi according to the dictionary sequenced-mSimultaneously selecting arbitrary subsetsSatisfy | SmAnd m. According to the following polynomial PS(Z) may define a vector
Since d-m + s +1 is less than or equal to l, the coefficient yd-m+s+2,…,ylIt is certainly determined to be 0.
For each attribute ω ∈ SmThe cloud server according to the attribute key SKω={Dω,0,Dω,1,Kω,i1,2, …, l-1, calculating to obtain a binary groupAs important parameters for signature generation:
for each attribute φ ∈ φd-mLikewise, the cloud server user can select the SK according to the attribute keyφ={Dφ,0,Dφ,1,Kφ,iI ═ 1,2, …, l-1} calculated as:
according toAndthree elements (D) contained in the cloud server token0,D1,D2) It can be calculated that:
Andis composed of a set SmAnd phid-mCo-determined Lagrange coefficient, for a certainFor a certain phi e phid-m,
2) Signature generation: the client first computes as a signerAnd selectThe final signature contains five elements ∑ (σ)0,σ1,σ2,σ3,σ*) Can be calculated as follows:
step S4 is a client message authentication, further comprising:
an arbitrary entity (such as an edge server or a central base station) serving as a verifier firstly resolves the predicate strategy gamma into (m, S), and calculatesThen, according to the parameter m, a subset of Φ is defined which contains the d-m elementsUsing the same polynomial PS(Z) definition rule definition vectorIf the following equation holds true, the signature ∑ will be accepted (σ)0,σ1,σ2,σ3,σ*) Legal signature and output 1, otherwise, output 0:
step S5 is a client revocation, further comprising:
and (x; T) is added to all nodes x associated with the identity uid by taking the identity uid, the current time point T, the revocation list RL and the state st as input, and the updated revocation list RL is output. In step S222, according to the kunon algorithm, only the clients that are not revoked within the legal period can successfully update the attribute key component.
According to the method for protecting and authenticating the privacy of the Internet of things client based on the edge computing, the attribute set of a system is managed by a plurality of edge servers together, so that the real distributed management requirement of the Internet of things client is realized, a single trusted center or a center base station is not required to be on line at any time, and the key application and management of the client are ensured; each edge server can realize authenticity verification and attribute key issuing of a client attribute set, and the downtime of a specific edge server cannot influence the key application of the client; by applying a threshold secret sharing mechanism, the central base station obtains the master key of the whole system by reconstructing the master key of each edge server, so that the problem of single-point failure of the central base station in a centralized system is fundamentally solved, and the central base station and any edge server cannot forge client-side signatures in a mode of independently generating private keys; in the initialization process, a binary tree structure is introduced into the central base station, all leaf nodes are used for managing a registered user set, and when a user is revoked, the private key of the user is quickly updated according to a KUNODE algorithm without influencing other users who are not revoked; and finally, a cloud server outsourcing computing technology is introduced into a generation algorithm of the attribute signature, power operation and bilinear mapping operation with high computational complexity are outsourced to the cloud server for computation processing, and the client of the Internet of things can complete the signature structure only by executing simple operation, so that the efficiency of the client in processing the power operation and the bilinear mapping operation with high complexity is greatly improved.
The above embodiments are merely preferred embodiments of the present invention, which are not intended to limit the scope of the present invention, and various changes may be made in the above embodiments of the present invention. All simple and equivalent changes and modifications made according to the claims and the content of the specification of the present application fall within the scope of the claims of the present patent application. The invention has not been described in detail in order to avoid obscuring the invention.
Claims (10)
1. An Internet of things client privacy protection authentication method based on edge computing is characterized by comprising the following steps:
s1: the central base station establishes the public parameters of the system and completes the registration of all the clients and n edge servers, simultaneously constructs a binary tree according to the upper limit of the number of the clients, each edge server generates a group of public and private key pairs, wherein the public keys are safely shared to any entity in the system, and the central base station generates the public key of the system according to the public keys of the edge servers;
s2: issuing an attribute key for a client;
s3: the cloud server calculates according to the attribute key to obtain a cloud server token, and the client generates a signature message according to the cloud server token;
s4: judging whether the signature message is legal or not by any other entity according to the predicate strategy, if so, outputting 1, and otherwise, outputting 0;
s5: and the revocation of the client is realized by utilizing a binary tree structure.
2. The internet of things client privacy protection authentication method based on edge computing as claimed in claim 1, wherein the step S1 includes:
s11: the central base station takes a security parameter lambda as input, firstly selects a hash function H which can resist collusion attack0:Wherein n isMRepresenting a binary upper bound on the size of the signature message, followed by the selection of two multiplicative cyclic groups G and G of order prime pTAnd defines a bilinear map on the group e:G×G→GT(ii) a Let G be the generator of G and randomly selectThereby defining a functionAnd selectingD different elements phi ═ phi1,φ2,…,φdAs a system default attribute set; then setting the parameter l to 2d +1, and the central base station continues to select And is calculated to obtainThe central base station additionally distributes a digital signature algorithm omegaSignAnd a set of corresponding public and private key pairs (pk)BS;skBS) Wherein pkBSDisclosure to any entity of the system, skBSMastered only by the central base station, through skBSRealizing the registration of a client and an edge server; the central base station constructs a binary tree according to the upper limit of the number of the clients and uses the binary treeThe binary number is marked, N denotes the maximum number of client nodes, RL denotes the clientRevocation list and initialization set to empty set, st State of binary Tree of node at current time and initialization set toFor each node θ ∈ N of the binary tree, a random number r is selected and storedθ∈ZpAt the node;
the registration process of the client comprises the following steps: when any client is added into the system, the central base station firstly carries out the validity verification of the client, the validity verification of the client comprises the verification of whether the client has carried out registration application before to resist replay attack and denial of service attack, and when the client is verified to be legal, the central base station randomly selectsOne element is used as a global identity uid of the client to be issued to the client, and a corresponding digital certificate Cert.uid is constructed according to a signature algorithm and a signature private key; for each legitimate client registered to the system, the central base station is in a binary treeSelecting an unallocated node from all leaf nodes of the client end uid to send to the current client end uid, and marking the uid on the leaf node;
the registration process of each edge server includes: central base station random selection ZpOne element as global identity aid of edge serveriIssuing to an edge server, and constructing a corresponding digital certificate CertiAnd simultaneously, the binary tree of the current state is safely shared to each edge server, and the binary tree comprises leaf nodes marked with the clients and random number factors of each node, so that the edge server can generate effective attribute key components to be adjusted for each client.
3. The internet of things client privacy protection authentication method based on edge computing according to claim 2, wherein the step S1 further comprises:
s12: each edge server ESi(i ═ 1,2, …, n) a random number α is selectedi∈ZpAs a subkey, the system master key is now represented asThen each ESi(i-1, 2, …, n) each generates a polynomial f of degree k-1i(x) Satisfies alphai=fi(0) (ii) a According to a selected polynomial, each ESi(i-1, 2, …, n) is another ESj(i ═ 1,2, …, i-1, i +1, …, n) is calculated to give the corresponding sub-shares sij=fi(aidj) And through ESjSecret delivery of certificates to the ESi(ii) a Simultaneous ESiCalculate s for oneselfii=fi(aidi) When receiving the data from other n-1 ESsj(j ═ 1,2, …, i-1, i +1, …, n) of the subgroup sji(j-1, 2, …, i-1, i +1, …, n) and then ESiCalculating to obtain a master keyAnd according to the master key skiCalculate to obtain the corresponding public key asAfter initialization of the edge server, each ESiObtaining a group of public and private key pairs (pk)i,ski) Wherein pkiTo any entity including the central base station.
4. The internet of things client privacy protection authentication method based on edge computing according to claim 3, wherein the step S1 further comprises:
s13: the central base station arbitrarily selects n ESsiK public keys are subjected to reconstruction calculation to obtain the public key of the system:wherein the content of the first and second substances,
the published parameters of the final system are:
where G is the generator of the multiplication cycle group G, n is the number of edge servers, e (G, G)αIs the public key of the system, λ is the security parameter, GTFor multiplicative cyclic groups, Φ is the default set of attributes for the system, F1(t),F2(M) is a mapping function defined during the initialization of the central base station,for the vector parameters defined during initialization, H0Is a hash function.
5. The Internet of things client privacy protection authentication method based on edge computing as claimed in claim 4, wherein the step S2 includes:
step S21: random selection of client with identity uidGlobal private key beta as its own global private key, i.e. clientuidAnd calculating from the generator G of the multiplication cycle group G in the public parameters of the systemAs the global public key pk of the clientuidThen sends the global public key pk of the clientuidAnd a zero knowledge proofApplying attribute keys to the edge server together;
step S22: the edge server issues corresponding attribute key components to be adjusted for the users according to the binary tree state and the node factors shared by the central base station, the central base station constructs key updating parameters according to the revocation list of the current time period, and only the users which are not revoked operate the attribute key components to be adjusted according to the key updating parameters to obtain the attribute key components of the associated time parameters.
Step S23: the client collects the ES from n different edge serversiThe k attribute key components, and reconstruct the complete attribute key.
6. The internet of things client privacy protection authentication method based on edge computing according to claim 5, wherein the step S22 includes:
step S221: using the ith edge server ESiAccording to the private key sk of the edge serveriAnd a set of random parametersRespectively constructing data to be adjusted of the ith key component of the attribute key of the client aiming at the role attribute set omega and the default attribute set phi;
step S222: and according to the current time node revocation list and the state of the binary tree, judging whether the user is revoked at the current time node, according to the judgment result, the central base station constructs a time parameter according to a revocation algorithm to adjust the data to be adjusted of the ith key component of the attribute key of the client, and the client updates to obtain the final attribute key component.
7. The internet of things client privacy protection authentication method based on edge computing according to claim 6, wherein in the step S222, only the users whose nodes are not revoked at the current time can correctly update the attribute key component;
for each of the set of role attributes ΩAn attribute omega, the generated complete attribute key SKωComprises the following steps:
edge server ES for each attribute φ, ith in the default attribute set φiSelecting random numbersDefault part SK of generated complete attribute keyφ=(Dt,φ,0,Dφ,1,Dφ,2,Kφ,i) Comprises the following steps:
8. the internet of things client privacy protection authentication method based on edge computing according to claim 7, wherein the step S3 further comprises:
1) when it is a messageSelecting predicate strategy gamma ═ (m, S), wherein S is an attribute set with the size of S ═ S ≦ d, and m ∈ {1, …, S }, and grouping attribute keys by a client side as follows ({ SKω}ω∈Ω,{SKφ}φ∈Φ) The data is transmitted to a cloud server, and the cloud server firstly selects a subset phi of the front d-m elements of the set phi according to the dictionary sequenced-mSimultaneously selecting arbitrary subsetsSatisfy | SmI | ═ m; a vector can be defined according to the following polynomial
Since d-m + s + 1. ltoreq.2 d +1 ═ l, the coefficient yd-m+s+2,…,ylIs determined to be 0;
for each attribute ω ∈ SmThe cloud server according to the attribute key SKω={Dω,0,Dω,1,Kω,iThe parameter is obtained by calculating | i ═ 1,2, …, l-1}
For each attribute φ ∈ φd-mThe client end is according to the attribute key SKφ={Dφ,0,Dφ,1,Kφ,iThe parameter is obtained by calculating | i ═ 1,2, …, l-1}
According toAndthe cloud server calculates three elements D contained in the cloud server token0、D1And D2:
Wherein the content of the first and second substances, andis composed of a set SmAnd phid-mCo-determined Lagrange coefficients, for a certain ω ∈ Sm, For a certain phi e phid-m,
2) Client first calculatesAnd selecting u, v, w epsilon to ZpThen calculating to obtain the signature sigma ═ (sigma)0,σ1,σ2,σ3,σ*):
9. The internet of things client privacy protection authentication method based on edge computing according to claim 8, wherein the step S4 further comprises:
other arbitrary entities firstly resolve the predicate strategy gamma into (m, S), and calculate Then, according to the parameter m, a subset of Φ is defined which contains the d-m elementsUsing a polynomial PS(Z) definition rule definition vectorIf equation If true, the acceptance signature ∑ (σ) is set0,σ1,σ2,σ3,σ*) A 1 is legally signed and output, otherwise the output is 0.
10. The internet of things client privacy protection authentication method based on edge computing according to claim 9, wherein the step S5 further comprises:
and (x; T) is added to all nodes x associated with the identity uid by taking the identity uid, the time period T, the revocation list rl and the state st as input, and the updated revocation list rl is output.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210122740.7A CN114339743A (en) | 2022-02-09 | 2022-02-09 | Internet of things client privacy protection authentication method based on edge calculation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210122740.7A CN114339743A (en) | 2022-02-09 | 2022-02-09 | Internet of things client privacy protection authentication method based on edge calculation |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114339743A true CN114339743A (en) | 2022-04-12 |
Family
ID=81030889
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210122740.7A Pending CN114339743A (en) | 2022-02-09 | 2022-02-09 | Internet of things client privacy protection authentication method based on edge calculation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114339743A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115766033A (en) * | 2022-11-18 | 2023-03-07 | 电子科技大学 | Threshold single sign-on method for privacy protection |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110602063A (en) * | 2019-08-27 | 2019-12-20 | 西安电子科技大学 | Multi-authorization-center access control method and system and cloud storage system |
CN111935714A (en) * | 2020-07-13 | 2020-11-13 | 兰州理工大学 | Identity authentication method in mobile edge computing network |
CN114024686A (en) * | 2021-11-03 | 2022-02-08 | 北京邮电大学 | Intelligent community Internet of things information sharing model based on block chain |
-
2022
- 2022-02-09 CN CN202210122740.7A patent/CN114339743A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110602063A (en) * | 2019-08-27 | 2019-12-20 | 西安电子科技大学 | Multi-authorization-center access control method and system and cloud storage system |
CN111935714A (en) * | 2020-07-13 | 2020-11-13 | 兰州理工大学 | Identity authentication method in mobile edge computing network |
CN114024686A (en) * | 2021-11-03 | 2022-02-08 | 北京邮电大学 | Intelligent community Internet of things information sharing model based on block chain |
Non-Patent Citations (1)
Title |
---|
HUI CUI等: "An Attribute-Based Framework for Secure Communications in Vehicular Ad Hoc Networks", IEEE/ACM TRANSACTIONS ON NETWORKING, vol. 27, no. 2, pages 721, XP011720039, DOI: 10.1109/TNET.2019.2894625 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115766033A (en) * | 2022-11-18 | 2023-03-07 | 电子科技大学 | Threshold single sign-on method for privacy protection |
CN115766033B (en) * | 2022-11-18 | 2024-04-16 | 电子科技大学 | Threshold single sign-on method for privacy protection |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Wang et al. | Identity-based data outsourcing with comprehensive auditing in clouds | |
US10903991B1 (en) | Systems and methods for generating signatures | |
CN110391911B (en) | System and method for anonymously voting block chain | |
Yu et al. | Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage | |
Hasan et al. | A decentralized privacy preserving reputation protocol for the malicious adversarial model | |
Gjøsteen et al. | Practical and tightly-secure digital signatures and authenticated key exchange | |
US9021572B2 (en) | Anonymous access to a service by means of aggregated certificates | |
CN107342990B (en) | Distributed authorized attribute-based network ring signature method | |
JPH08328472A (en) | Authentication exchange method, restoration-type electronic signature method, addition-type electronic signature method,key exchange method, restoration-type public electronic signature method, addition-type public electronic signature method and blind electronic signature method | |
Yan et al. | Efficient identity-based public integrity auditing of shared data in cloud storage with user privacy preserving | |
CN113360943A (en) | Block chain private data protection method and device | |
US8516247B2 (en) | Group signature with local revocation verification with capacity for lifting anonymity | |
US20230006836A1 (en) | Multi-party and multi-use quantum resistant signatures and key establishment | |
CN115834056A (en) | Certificateless ordered aggregation signature method, certificateless ordered aggregation signature system and related devices | |
Xin et al. | Identity-based quantum designated verifier signature | |
Wang et al. | Dynamic threshold ECDSA signature and application to asset custody in blockchain | |
Huszti et al. | A simple authentication scheme for clouds | |
CN114339743A (en) | Internet of things client privacy protection authentication method based on edge calculation | |
JP3513324B2 (en) | Digital signature processing method | |
Takaragi et al. | Secure revocation features in ekyc-privacy protection in central bank digital currency | |
CN116318736A (en) | Two-level threshold signature method and device for hierarchical management | |
Tian et al. | A systematic method to design strong designated verifier signature without random oracles | |
Feng et al. | A new public remote integrity checking scheme with user and data privacy | |
Lin et al. | F2p-abs: A fast and secure attribute-based signature for mobile platforms | |
Rawat et al. | PAS-TA-U: PASsword-based threshold authentication with password update |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |