CN114640520A - User privacy protection method and system based on space-time information in zero-contact network - Google Patents

User privacy protection method and system based on space-time information in zero-contact network Download PDF

Info

Publication number
CN114640520A
CN114640520A CN202210268921.0A CN202210268921A CN114640520A CN 114640520 A CN114640520 A CN 114640520A CN 202210268921 A CN202210268921 A CN 202210268921A CN 114640520 A CN114640520 A CN 114640520A
Authority
CN
China
Prior art keywords
information
space
user
time information
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210268921.0A
Other languages
Chinese (zh)
Other versions
CN114640520B (en
Inventor
陈舒怡
罗晓萌
孟维晓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin Institute of Technology
Original Assignee
Harbin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Institute of Technology filed Critical Harbin Institute of Technology
Priority to CN202210268921.0A priority Critical patent/CN114640520B/en
Priority claimed from CN202210268921.0A external-priority patent/CN114640520B/en
Publication of CN114640520A publication Critical patent/CN114640520A/en
Application granted granted Critical
Publication of CN114640520B publication Critical patent/CN114640520B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/001Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent

Abstract

The invention discloses a user privacy protection method and a system based on space-time information in a zero-contact network, wherein the method comprises the following steps: dividing any piece of information of a sending user into private information A and non-private information B; acquiring self space-time information of a sending user, encrypting the A, and recombining and sending the encrypted A and the information B to a base station to which the A belongs; the base station decrypts the encrypted A by using the same space-time information after receiving the encrypted A, and then sends the decrypted A, the encrypted A and the information B to a core network; the core network recombines and transmits the decryption A and the information B to a base station which the receiving user belongs to, transmits the decryption A and the information B to the receiving user through the base station which the receiving user belongs to, and recombines and transmits the encrypted A and the encrypted information B to a machine learning sandbox; and when the authorized third-party base station needs to receive the privacy information of the user, calling the encrypted A in the sandbox, and acquiring the empty information corresponding to the information A to finish decryption. The method solves the problem of leakage of user privacy when the collected data is intelligently analyzed.

Description

User privacy protection method and system based on space-time information in zero-contact network
Technical Field
The invention relates to the technical field of zero-contact networks and service management, in particular to a user privacy protection method and system based on space-time information in a zero-contact network.
Background
The zero touch network and service management (zero touch network and service management) framework aims to realize automatic execution of all operations and tasks under the condition of no manual intervention, the concept of zero touch network and service management is proposed in 2017 by ETSI (electronic equipment institute) and is used as a prospective network framework of a next generation network management system, and the aim of enabling the network to realize 100% automation through technologies such as artificial intelligence, machine learning and big data analysis is realized, namely all the operations, the operations and the tasks are automatically executed.
In order to achieve such high degree of automation, the network needs to collect and intelligently analyze massive data from different users, i.e. the highly automated network operation and management needs a large amount of user data driving. In a zero-touch network, user data is collected, analyzed, processed, and stored in a machine learning sandbox of a core network. Ideally, the machine learning sandbox should ignore user privacy and process and analyze only the remaining non-private information. Therefore, how to ensure the security of the personal privacy of the user while analyzing and processing a large amount of user data is an important issue to be solved in the zero-touch network.
Disclosure of Invention
The present invention is directed to solving, at least in part, one of the technical problems in the related art.
Therefore, an object of the present invention is to provide a method for protecting user privacy based on space-time information in a zero-contact network, which ensures that information related to privacy is protected in a machine learning sandbox, and non-private information can smoothly drive the network to operate automatically, that is, the problem of user privacy disclosure when intelligently analyzing collected data is solved.
Another objective of the present invention is to provide a system for protecting user privacy based on space-time information in a zero-contact network.
In order to achieve the above object, an embodiment of the present invention provides a method for protecting user privacy based on space-time information in a zero-contact network, including the following steps: step S1, dividing any piece of information of a sending user into information A and information B, wherein the information A is the privacy information of the sending user, and the information B is the service information irrelevant to the privacy of the sending user; step S2, acquiring self space-time information of the sending user to encrypt the information A, and recombining the encrypted information A and the encrypted information B to send to a first affiliated base station; step S3, after receiving the encrypted information A and the encrypted information B, the first affiliated base station decrypts the encrypted information A by using the same space-time information, and then sends the decrypted information A, the encrypted information A and the encrypted information B to a core network; step S4, the core network receiving the information recombines the decrypted information A and the information B and transmits the information A and the information B to a second affiliated base station of a receiving user, then transmits the information A and the information B to the receiving user through the second affiliated base station, and recombines and transmits the encrypted information A and the encrypted information B to a machine learning sandbox for analysis and processing; step S5, when a legally authorized third-party base station needs the privacy information of the sending user, requesting the first affiliated base station for the space-time information corresponding to the information a, retrieving the encrypted information a stored in the sandbox, and decrypting the encrypted information a through the space-time information corresponding to the information a to obtain the privacy information of the sending user.
According to the method for protecting the user privacy based on the space-time information in the zero-contact network, disclosed by the embodiment of the invention, the user privacy can be protected in an intelligent analysis processing stage in a machine learning sandbox of a core network, and the user privacy can also be protected in a transmission process from a user terminal to a base station; meanwhile, the encrypted user privacy can be recovered to use by a legal third party authorized user when needed by a method of caching a certain amount of space-time information in the base station; a dynamic encryption algorithm suitable for the space-time information is constructed by utilizing the constantly changing space-time information of a user and taking an Advanced Encryption Standard (AES) in symmetric encryption as a basis, so that the key space is expanded, and the dynamic update of the encryption algorithm is realized.
In addition, the method for protecting user privacy based on space-time information in a zero-contact network according to the above embodiment of the present invention may further have the following additional technical features:
further, in an embodiment of the present invention, the sending user and the receiving user are both legal users.
Further, in an embodiment of the present invention, in step S2, a Global Navigation Satellite System (GNSS) is used to obtain self space-time information of the sending user, and the self space-time information is sent to the legally authorized third-party base station, so as to decrypt the encrypted information a.
Further, in an embodiment of the present invention, the key specific generation process in step S2 is as follows: when the space-time information of the user is acquired through a global satellite navigation system, longitude, latitude and time parameters are respectively extracted; constructing a chaos sequence based on space-time information by using the Logistic chaos sequence and longitude, latitude and time parameters in the space-time information; and superposing the self space-time information and the chaotic sequence to be used as the input of an MD5 hash function, and mapping through the MD5 hash function to obtain a 128-bit random sequence as a key required by an encryption stage and a decryption stage.
Further, in an embodiment of the present invention, an improved dynamic AES encryption algorithm is adopted in the encryption stage, which includes four iterative processes of byte substitution, row shifting, column mixing and round key addition, wherein the round key addition additionally xors the space-time information once in each xor calculation, so that the step of round key addition varies dynamically with the space-time information.
In order to achieve the above object, an embodiment of another aspect of the present invention provides a system for protecting user privacy based on space-time information in a zero-contact network, including: the system comprises a dividing module, a sending module and a processing module, wherein the dividing module is used for dividing any piece of information of a sending user into information A and information B, the information A is privacy information of the sending user, and the information B is service information irrelevant to the privacy of the sending user; the encryption module is used for acquiring self space-time information of the sending user, encrypting the information A and recombining the encrypted information A and the encrypted information B to send to a first affiliated base station; the decryption module is used for decrypting the encrypted information A by using the same space-time information after the encrypted information A and the encrypted information B are received by the first affiliated base station, and then sending the decrypted information A, the encrypted information A and the encrypted information B to a core network; the transparent transmission and storage module is used for recombining the decrypted information A and the decrypted information B by the core network receiving the information and transmitting the recombined information A and the information B to a second affiliated base station of a receiving user, transmitting the recombined information A and the information B to the receiving user through the second affiliated base station, and recombining and transmitting the encrypted information A and the encrypted information B to a machine learning sandbox for analysis and processing; and the third party decryption module is used for requesting the space-time information corresponding to the information A from the first affiliated base station when the legally authorized third party base station needs the privacy information of the sending user, calling the encrypted information A stored in the sandbox, and decrypting the encrypted information A through the space-time information corresponding to the information A to obtain the privacy information of the sending user.
The user privacy protection system based on the space-time information in the zero-contact network not only can protect the user privacy in the intelligent analysis and processing stage in the machine learning sandbox of the core network, but also can protect the user privacy in the transmission process from the user terminal to the base station; meanwhile, the encrypted user privacy can be recovered to use by a legal third party authorized user when needed by a method of caching a certain amount of space-time information in the base station; a dynamic encryption algorithm suitable for the space-time information is constructed by utilizing the constantly changing space-time information of a user and taking an Advanced Encryption Standard (AES) in symmetric encryption as a basis, so that the key space is expanded, and the dynamic update of the encryption algorithm is realized.
In addition, the system for protecting user privacy based on space-time information in a zero-contact network according to the above embodiment of the present invention may further have the following additional technical features:
further, in an embodiment of the present invention, the sending user and the receiving user are both legal users.
Further, in an embodiment of the present invention, the encryption module obtains self space-time information of the sending user by using a global navigation satellite system, and sends the self space-time information to the legally authorized third-party base station, so as to decrypt the encrypted information a.
Further, in an embodiment of the present invention, a specific generation process of the key in the encryption module is as follows: when the space-time information of the user is acquired through a global satellite navigation system, longitude, latitude and time parameters are respectively extracted; constructing a chaos sequence based on space-time information by using the Logistic chaos sequence and longitude, latitude and time parameters in the space-time information; and superposing the self space-time information and the chaotic sequence as the input of an MD5 hash function, and mapping by the MD5 hash function to obtain a 128-bit random sequence as a key required by an encryption stage and a decryption stage.
Further, in an embodiment of the present invention, an improved dynamic AES encryption algorithm is adopted in the encryption stage, which includes four iterative processes of byte substitution, row shifting, column mixing and round key addition, wherein the round key addition additionally xors the space-time information once in each xor calculation, so that the step of round key addition varies dynamically with the space-time information.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a flowchart of a method for protecting user privacy based on space-time information in a zero-contact network according to an embodiment of the present invention;
fig. 2 is a specific flowchart of a method for protecting user privacy based on space-time information in a zero-contact network according to an embodiment of the present invention;
fig. 3 is a flowchart of an encryption process in a method for protecting user privacy based on space-time information in a zero-contact network according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating a successful deciphering process of a legitimate serving base station according to one embodiment of the present invention;
FIG. 5 is a diagram illustrating a failed decryption process by an attacker according to one embodiment of the present invention;
fig. 6 is a flowchart illustrating a comparison between AES based on space-time information and conventional AES encryption time according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of a user privacy sequence prior to encryption, in accordance with one embodiment of the present invention;
FIG. 8 is a diagram illustrating an encrypted user privacy sequence, according to one embodiment of the present invention;
fig. 9 is a schematic structural diagram of a user privacy protection system based on space-time information in a zero-contact network according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative and intended to explain the present invention and should not be construed as limiting the present invention.
First, a user privacy protection method based on space-time information in a zero-contact network according to an embodiment of the present invention will be described with reference to the accompanying drawings.
Fig. 1 is a flowchart of a method for protecting user privacy based on space-time information in a zero-contact network according to an embodiment of the present invention.
As shown in fig. 1, the method for protecting user privacy based on space-time information in a zero-contact network includes the following steps:
it should be noted that, in the embodiment of the present invention, both the sending user and the receiving user are legal users.
In step S1, any piece of information of the sending user is divided into information a and information B, where the information a is privacy information of the sending user, and the information B is service information unrelated to the privacy of the sending user.
Specifically, any piece of information of a sending user is regarded as a combination of two parts, namely an information a part and an information B part, wherein the information a part is privacy information of the sending user, and the information B part is service information irrelevant to the privacy of the user. All privacy information of the user, such as the ID, name, address and the like of the user, is contained in the information a, so that the information a is a part which needs to be encrypted and protected subsequently; service information irrelevant to the privacy of the user, such as current hot topics and hot movies, is contained in the information B, and the information is sent to a machine learning sandbox for intelligent analysis and processing, so that seamless automation of the network is realized.
In step S2, the self space-time information of the sending user is obtained to encrypt the information a, and the encrypted information a and the encrypted information B are recombined and sent to the first affiliated base station.
Further, in an embodiment of the present invention, in step S2, the self space-time information of the sending user is obtained by using the global navigation satellite system, and the self space-time information is sent to the legally authorized third-party base station, so as to decrypt the encrypted information a.
For example, as shown in fig. 2, Alice obtains his space-time information through the global navigation satellite system and sends his space-time information to the base station BS 1. The user Alice encrypts the information A through the acquired space-time information, then recombines the encrypted information A and the unencrypted information B, and sends the recombined information to the base station BS1 to which the Alice belongs.
It can be understood that the service based on the user space-time information is widely applied to daily life, such as common software for takeaway, taxi taking and the like, so that the embodiment of the invention does not need additional software and hardware equipment to acquire the space-time information, and the terminal of the user and the service base station to which the terminal belongs can acquire the space-time information of the user through a global satellite navigation system.
In step S3, after receiving the encrypted information a and the encrypted information B, the first affiliated base station decrypts the encrypted information a by using the same space-time information, and then sends the decrypted information a, the encrypted information a, and the encrypted information B to the core network.
That is, as shown in fig. 2, when the base station BS1 to which the user Alice belongs receives the encrypted information a and the unencrypted information B, the encrypted information a is decrypted by the same space-time information, and then the decrypted original information a, the encrypted information a and the information B are sent to the core network. Meanwhile, the base station BS1 also buffers a certain amount of space-time information for later use in authorizing a third party to decrypt the encrypted information a.
In step S4, the core network that receives the information reassembles the decrypted information a and information B and transmits them to the second affiliated base station of the receiving user, and then transmits them to the receiving user through the second affiliated base station, and at the same time reassembles the encrypted information a and information B and transmits them to the machine learning sandbox for analysis and processing.
Specifically, as shown in fig. 2, after receiving three different types of information, the core network needs to complete two different operations, where the first operation is to ensure normal communication between the user and the user, that is, to implement transparent transmission between the user Alice and the user Bob; the second operation is to send the information into a machine learning sandbox for analysis and processing to achieve user driven network automation.
In the first operation, in order to implement transparent transmission between users, the core network reassembles the information a and the information B, transmits the information a and the information B to the base station BS2 belonging to the user Bob, and transmits the information a and the information B to the user Bob through the BS 2. It should be noted that, in this process, the core network does not change or store the information a and the information B, but only completes a simple transmission function.
In the second operation, the core network reassembles the encrypted information a and the encrypted information B and sends the information a and the information B to the machine learning sandbox for processing, and since the sandbox cannot decrypt the encrypted information a, it can only collect, analyze, learn and process the data in the information B, but cannot acquire the user privacy in the information a, and thus the user privacy is protected in this way at the data processing stage of the sandbox. It should be noted that at this stage, although the sandbox is unable to process the encrypted information a, this portion of the information is still stored in the sandbox for subsequent access by a legally authorized third party.
In step S5, when the legally authorized third-party base station needs to send the private information of the user, it requests the first affiliated base station for the space-time information corresponding to the information a, retrieves the encrypted information a stored in the sandbox, and decrypts the encrypted information a through the space-time information corresponding to the information a, so as to obtain the private information of the sending user.
That is, as shown in fig. 2, when the legally authorized third-party base station BS3 needs the privacy information of the user Alice, it only needs to request the base station BS1 for the space-time information corresponding to the information a (i.e., a certain amount of space-time information cached in the base station BS 1), retrieve the encrypted information a stored in the sandbox, and decrypt the encrypted information a through the space-time information, so as to obtain the privacy information of the user Alice.
For example, as shown in fig. 3, after the user terminal obtains the space-time information at the current time through the GPS, an encryption key is generated according to a key generation algorithm, and the privacy information of the user is encrypted through the key. After the encrypted privacy ciphertext is transmitted to a legal service base station, the base station generates a decryption key by using the same space-time information, and successfully decrypts the scrambled ciphertext into the original privacy information so as to complete normal communication with other users in the following process. The whole process can not change the content of the user privacy, and the protection of the user privacy is successfully realized.
As shown in fig. 4, since the attacker cannot know the current space-time information of the user at this time, it is assumed here that the attacker decrypts the ciphertext using the own space-time information. Even if the attacker is only 15cm away from the user, namely only a slight change occurs in longitude of the decrypted space-time information (only the last bit of longitude decimal point information is changed), the latitude parameter and the time parameter are not changed, and the privacy obtained by the attacker through decryption is still a string of messy codes. That is to say, the user privacy protection method provided by the embodiment of the present invention successfully realizes protection of user privacy.
Further, as shown in fig. 5, the encryption process mentioned above in the embodiment of the present invention is divided into two stages, namely, a key generation stage and an encryption stage, and the specific process is as follows:
and a key generation stage:
the ideal key generated in the key generation phase needs to satisfy two requirements: (1) only legal receiving and sending can obtain the secret key; (2) the key should be a pseudo-random sequence that is similar to white gaussian noise in its statistical parameters, i.e., the key is highly random.
Because the space-time information of the user can only be acquired by the user and the base station to which the user belongs in the embodiment of the invention, the requirement of the first point can be met, and for the requirement of the second point, the embodiment of the invention adopts the Logistic chaotic sequence and the randomness of the MD5 hash function to meet the requirements, specifically as follows:
step one, when a sending user sends information, acquiring self space-time information through a global satellite navigation system, and respectively extracting longitude, latitude and time parameters in the self space-time information.
And step two, constructing a random sequence, namely the chaotic sequence based on the space-time information by using the Logistic chaotic sequence and longitude, latitude and time parameters in the space-time information of the random sequence.
xn+1=f(xn)=μ×xn×(1-xn)(1)
Wherein, the initial value x of iteration0The latitude in the space-time information is shown, the iteration parameter mu is the longitude in the space-time information, and the iteration number n is the integral part of the time in the space-time information. Since the iteration result of each time is used as the next iteration input, in order to avoid the reduction of the calculation efficiency caused by the fact that the iteration result of a certain time is too large, the method of taking the decimal part of the iteration result is adopted to overlapGenerations are always limited to a certain range, i.e.
Figure BDA0003553698580000071
And step three, overlapping the self space-time information and the chaotic sequence as the input of an MD5 hash function, and mapping through the MD5 hash function to obtain a 128-bit random sequence as a key required by an encryption stage and a decryption stage.
And (3) an encryption stage:
because the AES algorithm has the characteristics of high encryption and decryption speed and high efficiency, the AES-128 in the AES algorithm is used as the basis for the encryption algorithm in the related technology, namely, the privacy information of a user is encrypted by a 128-bit key, but the traditional AES encryption algorithm is a symmetric encryption standard disclosed by the algorithm, and the security of a ciphertext of the traditional AES encryption algorithm completely depends on the key.
Therefore, the embodiment of the invention provides an encryption algorithm dynamically updated by space-time information, which ensures that the security of a ciphertext does not completely depend on a secret key any more, and comprises iteration of four steps, namely byte substitution, row shift, column mixing and round key addition, wherein the byte substitution, the row shift and the column mixing are the same as standard AES-128, but the round key addition is to carry out bitwise XOR on a round key and a current state matrix, so that the generation of the round key is only related to an initial key.
It should be noted that, since decryption is the inverse process of encryption, and a ciphertext can be successfully decrypted as long as a decrypting party uses the same space-time information as an encrypting party, a person skilled in the art can deduce a specific decryption process according to the above encryption flow, which is not specifically described herein.
The method for protecting user privacy based on space-time information in a zero-contact network according to the embodiments of the present invention is further described in the following with three specific embodiments.
The first embodiment is as follows: how to protect user privacy while using user information to help the network provide relevant services.
Suppose that user Alice wants to inform user Bob that her neighbors are infected with the new coronavirus variant, the ormekrong strain. Alice's private information (message a) is first encrypted with her current space-time information. After receiving the encrypted message A, the service base station of Alice decrypts the encrypted message A by using the same space-time information, and then sends the message A, the encrypted message A and the message B to the core network together. At this time, the core network performs two operations: in order to inform Bob, the core network recombines the message A and the message B, transmits the message A and the message B to a service base station of Bob, and deletes the message A; in order to make the network carry out intelligent analysis and realize seamless automation, the core network recombines the encrypted message A and the encrypted message B and transmits the recombined messages to the machine learning sandbox. At this point the network's artificial intelligence driven algorithm receives information about the Ormckh strain, and does not know that it was sent by Alice to Bob. If the machine learning sandbox receives a large amount of relevant information of the Ormck Ronggen strain in a short time, the artificial intelligence algorithm can conclude that the Ormck Ronggen strain is the current hot topic. The network may then choose to cache the relevant data to the base station for later use, or push the relevant content directly to the user. Therefore, the embodiment of the invention can protect the privacy of the user while using the user information to help the network to provide the related service.
Example two: how to use the user's information to improve the performance of the network itself while protecting the privacy of the user.
Assuming that a machine learning sandbox collects information of a large number of active users in a certain area in a short time, due to the encryption method of the embodiment of the present invention, the sandbox does not know specific privacy information of the active users, but can still predict that a base station in the area will be in a busy state in a future period. Therefore, the network can adjust the duration of the sleep mode of the base station, increase the transmission power and enlarge the allocable resources of the base station in the area, thereby improving the network performance. Therefore, the zero-contact network can fully utilize the information of the user to realize dynamic resource allocation and autonomous network management, and the privacy of the user is protected in the whole process.
EXAMPLE III
Besides the purpose of obtaining the privacy of the user, an attacker of the network may also illegally tamper with the privacy of the user when some financial information is involved. Under such an attack, the user may receive tampered data without any awareness. However, after the encryption method of the embodiment of the present invention is used, the privacy is transmitted in the network as encrypted ciphertext. An attacker cannot know the specific content of the privacy and cannot modify the encrypted privacy. Therefore, the method provided by the embodiment of the invention can not only prevent the privacy of the user from being collected and analyzed, but also prevent the privacy from being illegally tampered, and can resist 'cheating interference' of cheating interaction in the network.
The performance aspect of the encryption stage in the user privacy protection method based on the space-time information in the zero-contact network provided by the embodiment of the present invention is verified through two embodiments.
Example four
The key generation algorithm in the embodiment of the invention is based on MD5 hash function mapping, but the addition of the Logistic chaotic sequence enables the algorithm to overcome the defect that space-time information is mapped by directly using the MD5 hash function in a zero-contact network application scene. If space-time information is directly used for hash function mapping, the space-time information represents the geographic position and time of a user, and the value range has certain limitation. For example, the area of human activity is only around 3% of the spherical area of the ground, so the latitude and longitude values in the space-time information are relatively fixed. Therefore, an attacker can enumerate common space-time information, perform hash function mapping in advance, and enumerate a key table with high occurrence probability. Assuming a resolution accuracy of 20 meters for the GPS receiver, the input space mapped by the MD5 hash function based on space-time information is approximately seed. In order to avoid the attack of enumerating common inputs in advance, the embodiment of the invention adopts a method of adding salt, and adds a chaos sequence with any indefinite length and space-time information as input, such as a round key part in fig. 3. The length of the chaotic sequence is determined by the integral part of the time information in the space-time information, and when a GPS receiver is adopted, the length of the chaotic sequence ranges from 0 to 245959 due to the fact that the time information format of the GPS receiver is in the form of time division, minute, second and second. By the method, the input space of the hash function, namely the input space of the key, is greatly expanded, and the possibility that an attacker attacks through enumerating common input in advance is effectively reduced.
Table 1: randomness performance based on NIST test
Inspection item MD5 passing rate Improved MD5 throughput rate
Frequency check 91.5% 91.7%
Intra block frequency check 99.7% 99.2%
Run length check 99.8% 99.8%
Intra-block longest run check 98.7% 99.4%
Binary matrix rank test 0.0% 0.0%
Discrete Fourier transform inspection 98.0% 98.8%
Non-overlapping module matching verification 74.8% 77.0%
Overlay module match check 0.0% 0.0%
General statistical test by Maurer 100.0% 100.0%
Linear complexity inspection 97.8% 97.7%
Sequence testing 99.1% 98.6%
Approximate entropy checking 98.9% 99.1%
Sum check 98.9% 99.1%
Random walk test 60.7% 58.4%
Random walk state frequency check 50.5% 51.5%
As shown in table 1 (which is a result of detecting randomness of a generated key according to randomness detection standard NIST SP 800-22 given by National Institute of Standards and Technology, NIST), the key generation method with chaos sequence and the conventional MD5 hash function method in the embodiment of the present invention have performances in randomness. Randomness is an important index for judging the performance of the key, and according to the requirement of NIST on the sequence length, the embodiment of the invention repeats the key generation algorithm for 10 rounds, and each round runs 10000 times to detect the average passing rate. Table 1 illustrates that this method has similar performance in terms of randomness to the MD5 hash function, and as above, effectively overcomes the inherent deficiency of space-time information as a key.
EXAMPLE five
As shown in fig. 6, in the encryption method based on space-time information according to the embodiment of the present invention, a conventional AES encryption algorithm is changed into a dynamically updated encryption algorithm through space-time information. Due to the fact that an extra operation of XOR space-time information is added, dynamic updating of the algorithm can be achieved, and the safety of the improved algorithm is higher than that of the traditional AES algorithm. The only problem that may exist after adding the space-time information is that the computational complexity and encryption time of the whole algorithm are increased accordingly, so fig. 6 compares the improved encryption algorithm with the conventional encryption algorithm in terms of encryption time. After 10000 times of encryption are performed on the same 128-bit information, compared with the traditional AES algorithm, the time of the dynamic update encryption algorithm in the embodiment of the invention is only 0.127 second more, namely the time is increased by 3.38%. It will be appreciated by those skilled in the art that such additional time consumption is fully acceptable in view of the increased security provided by dynamic algorithms.
Further, since the privacy of the user is often highly relevant, the ability of the proposed encryption algorithm to reduce privacy relevance needs to be analyzed. For example, if an attacker knows that the user's privacy is a location-related information and the first four letters are "Beij", the attacker can easily infer that the location has a high probability of being "Beijing", rather than "Beijhai" or elsewhere. The purpose of encryption is therefore to transform highly relevant personally sensitive information into scrambled ciphertext information, i.e. to protect privacy by reducing the relevance of the information. To better illustrate the ability of cryptographic algorithms to reduce privacy dependence, embodiments of the present invention use a set of linearly distributed sequences to represent the privacy of a user, as shown in FIG. 7, where 10 different sequences are used to represent 10 highly correlated privacy, with the correlation of these sequences being as high as 0.77. The encrypted sequence is shown in fig. 8, and the correlation of the sequence is reduced to 0.019 by encryption. Comparing fig. 7 and fig. 8, it can be clearly seen that the encryption method effectively reduces the relevance of privacy, i.e. the encryption increases the uncertainty of the privacy information.
Therefore, the method for protecting the user privacy based on the space-time information in the zero-contact network provided by the embodiment of the invention has the following beneficial effects:
(1) the method for encrypting the information partially ensures that the machine learning sandbox in the core network can only use the service information irrelevant to the user privacy for subsequent processing, and ensures that the zero-contact network can collect, analyze and process enough information to realize the network automation driven by the user under the condition of protecting the user privacy;
in addition, the space-time information is only known by the user and the service base station to which the user belongs, so that the encryption method can not only protect the privacy of the user in the intelligent analysis and processing process of the machine learning sandbox, but also protect the privacy of the user in the transmission process from the user to the service base station.
(3) Although the machine learning sandbox can only analyze and process non-private information irrelevant to the user, the encrypted private information and the non-private information are sent to the core network and collected and stored in the sandbox, compared with the method for directly deleting the user private information in the related technology, the method ensures that the encrypted user private information can be recovered by a legal authorized third party when needed in the future, when the authorized third party needs the user private information, only corresponding space-time information needs to be requested to a service base station of the user, and the encrypted private information stored in the sandbox is decrypted through the space-time information.
Next, a user privacy protection system based on space-time information in a zero-contact network according to an embodiment of the present invention is described with reference to the accompanying drawings.
Fig. 9 is a schematic structural diagram of a system for protecting user privacy based on space-time information in a zero-contact network according to an embodiment of the present invention.
As shown in fig. 9, the system 10 includes: the device comprises a dividing module 100, an encryption module 200, a decryption module 300, a transparent transmission and storage module 400 and a third party decryption module 500.
The dividing module 100 is configured to divide any piece of information of a sending user into information a and information B, where the information a is privacy information of the sending user, and the information B is service information unrelated to privacy of the sending user. The encryption module 200 is configured to obtain self space-time information of a sending user, to encrypt the information a, and to reassemble the encrypted information a and the encrypted information B to send to the first affiliated base station. The decryption module 300 is configured to decrypt the encrypted information a by using the same space-time information after the first affiliated base station receives the encrypted information a and the encrypted information B, and then send the decrypted information a, the encrypted information a, and the decrypted information B to the core network. The transparent transmission and storage module 400 is used for the core network receiving the information to recombine and transmit the decrypted information a and information B to the second affiliated base station of the receiving user, and then the second affiliated base station transmits the information a and information B to the receiving user, and at the same time, the encrypted information a and information B are recombined and transmitted to the machine learning sandbox for analysis and processing. And the third party decryption module is used for requesting the space-time information corresponding to the information A from the first affiliated base station when the legally authorized third party base station needs to send the privacy information of the user, calling the encrypted information A stored in the sandbox, and decrypting the encrypted information A through the space-time information corresponding to the information A to obtain the privacy information of the sending user.
Further, in one embodiment of the present invention, both the sending user and the receiving user are legitimate users.
Further, in an embodiment of the present invention, the encryption module obtains the self space-time information of the sending user by using a global navigation satellite system, and sends the self space-time information to a legally authorized third-party base station to decrypt the encrypted information a.
Further, in an embodiment of the present invention, a specific generation process of the key in the encryption module is as follows: when the space-time information of the user is acquired through a global satellite navigation system, longitude, latitude and time parameters are respectively extracted; constructing a chaos sequence based on space-time information by using the Logistic chaos sequence and longitude, latitude and time parameters in the space-time information; and superposing the self space-time information and the chaotic sequence as the input of an MD5 hash function, and mapping by the MD5 hash function to obtain a 128-bit random sequence as a key required by an encryption stage and a decryption stage.
Further, in one embodiment of the present invention, a modified dynamic AES encryption algorithm is adopted in the encryption stage, which includes four iterative processes of byte substitution, row shifting, column mixing and round key addition, wherein the round key addition is performed with the space-time information being xored once in each xor calculation, so that the step of round key addition is dynamically changed along with the space-time information.
It should be noted that the foregoing explanation of the embodiment of the method for protecting user privacy based on space-time information in a zero-contact network is also applicable to the system of this embodiment, and is not described herein again.
The user privacy protection system based on the space-time information in the zero-contact network provided by the embodiment of the invention has the following beneficial effects:
(1) the method for encrypting the information partially ensures that the machine learning sandbox in the core network can only use the service information irrelevant to the user privacy for subsequent processing, and ensures that the zero-contact network can collect, analyze and process enough information to realize the network automation driven by the user under the condition of protecting the user privacy;
in addition, the space-time information is only known by the user and the service base station to which the user belongs, so that the encryption method can not only protect the user privacy in the intelligent analysis and processing process of the machine learning sandbox, but also protect the user privacy in the transmission process from the user to the service base station.
(3) Although the machine learning sandbox can only analyze and process non-private information irrelevant to the user, the encrypted private information and the non-private information are sent to a core network and are collected and stored in the sandbox.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

Claims (10)

1. A user privacy protection method based on space-time information in a zero-contact network is characterized by comprising the following steps:
step S1, dividing any piece of information of a sending user into information A and information B, wherein the information A is privacy information of the sending user, and the information B is service information irrelevant to the privacy of the sending user;
step S2, acquiring self space-time information of the sending user to encrypt the information A, and recombining the encrypted information A and the encrypted information B to send to a first affiliated base station;
step S3, after receiving the encrypted information A and the encrypted information B, the first affiliated base station decrypts the encrypted information A by using the same space-time information, and then sends the decrypted information A, the encrypted information A and the encrypted information B to a core network;
step S4, the core network receiving the information recombines the decrypted information A and the decrypted information B and transmits the information A and the decrypted information B to a second affiliated base station of a receiving user, then transmits the information A and the decrypted information B to the receiving user through the second affiliated base station, and recombines and transmits the encrypted information A and the encrypted information B to a machine learning sandbox for analysis and processing;
step S5, when the legally authorized third-party base station needs the privacy information of the sending user, the first affiliated base station is requested for the space-time information corresponding to the information A, the encrypted information A stored in the sandbox is called, the encrypted information A is decrypted through the space-time information corresponding to the information A, and the privacy information of the sending user is obtained.
2. A method for protecting user privacy based on space-time information in a zero-contact network according to claim 1, wherein the sending user and the receiving user are both legitimate users.
3. A method for protecting user privacy based on space-time information in a zero-contact network according to claim 1, wherein in step S2, a global navigation satellite system is used to obtain the self space-time information of the sending user, and the self space-time information is sent to the legally authorized third-party base station, so as to decrypt the encrypted information a.
4. A method for protecting user privacy based on space-time information in a zero-contact network according to claim 1, wherein the key generation process in step S2 specifically comprises:
when the space-time information of the user is acquired through a global satellite navigation system, longitude, latitude and time parameters are respectively extracted;
constructing a chaos sequence based on space-time information by using the Logistic chaos sequence and longitude, latitude and time parameters in the space-time information;
and superposing the self space-time information and the chaotic sequence as the input of an MD5 hash function, and mapping by the MD5 hash function to obtain a 128-bit random sequence as a key required by an encryption stage and a decryption stage.
5. A method for protecting user privacy based on space-time information in a zero-contact network according to claim 4, wherein an improved dynamic AES encryption algorithm is adopted in the encryption stage, and the method comprises four iterative processes of byte substitution, row shifting, column mixing and round key addition, wherein the round key addition additionally xors the space-time information once in each xor calculation, so that the round key addition step is dynamically changed along with the space-time information.
6. A system for protecting user privacy based on space-time information in a zero-contact network, comprising:
the system comprises a dividing module, a sending module and a processing module, wherein the dividing module is used for dividing any piece of information of a sending user into information A and information B, the information A is privacy information of the sending user, and the information B is service information irrelevant to the privacy of the sending user;
the encryption module is used for acquiring the self space-time information of the sending user, encrypting the information A, and recombining the encrypted information A and the encrypted information B to send to a first affiliated base station;
the decryption module is used for decrypting the encrypted information A by using the same space-time information after the encrypted information A and the encrypted information B are received by the first affiliated base station, and then sending the decrypted information A, the encrypted information A and the encrypted information B to a core network;
the transparent transmission and storage module is used for recombining the decrypted information A and the decrypted information B by the core network receiving the information and transmitting the recombined information A and the information B to a second affiliated base station of a receiving user, transmitting the recombined information A and the information B to the receiving user through the second affiliated base station, and recombining and transmitting the encrypted information A and the encrypted information B to a machine learning sandbox for analysis and processing;
and the third party decryption module is used for requesting the space-time information corresponding to the information A from the first affiliated base station when the legally authorized third party base station needs the privacy information of the sending user, calling the encrypted information A stored in the sandbox, and decrypting the encrypted information A through the space-time information corresponding to the information A to obtain the privacy information of the sending user.
7. A system for protecting user privacy based on space-time information in a zero-contact network according to claim 6, wherein both the sending user and the receiving user are legitimate users.
8. A user privacy protection system based on space-time information in a zero-contact network as claimed in claim 6, characterized in that the encryption module uses global navigation satellite system to obtain the space-time information of the sending user, and sends the space-time information to the legally authorized third-party base station to decrypt the encrypted information A.
9. A user privacy protection system based on space-time information in a zero-contact network according to claim 6, wherein the specific generation process of the secret key in the encryption module is as follows:
when the space-time information of the user is acquired through a global satellite navigation system, longitude, latitude and time parameters are respectively extracted;
constructing a chaos sequence based on space-time information by using the Logistic chaos sequence and longitude, latitude and time parameters in the space-time information;
and superposing the self space-time information and the chaotic sequence as the input of an MD5 hash function, and mapping by the MD5 hash function to obtain a 128-bit random sequence as a key required by an encryption stage and a decryption stage.
10. A system for protecting user privacy based on space-time information in a zero-contact network according to claim 9, wherein the encryption stage employs a modified dynamic AES encryption algorithm that includes four iterative processes of byte substitution, row shifting, column mixing, and round key addition, wherein the round key addition additionally xors the space-time information once in each xor calculation, so that the round key addition step is dynamically changed with the space-time information.
CN202210268921.0A 2022-03-18 User privacy protection method and system based on space-time information in zero-contact network Active CN114640520B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210268921.0A CN114640520B (en) 2022-03-18 User privacy protection method and system based on space-time information in zero-contact network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210268921.0A CN114640520B (en) 2022-03-18 User privacy protection method and system based on space-time information in zero-contact network

Publications (2)

Publication Number Publication Date
CN114640520A true CN114640520A (en) 2022-06-17
CN114640520B CN114640520B (en) 2024-05-17

Family

ID=

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103401834A (en) * 2013-06-27 2013-11-20 中国人民解放军国防科学技术大学 File security method in limited area based on position information
US20190386969A1 (en) * 2015-01-26 2019-12-19 Listat Ltd. Decentralized Cybersecure Privacy Network For Cloud Communication, Computing And Global e-Commerce
CN112347470A (en) * 2020-11-27 2021-02-09 国家电网有限公司大数据中心 Power grid data protection method and system based on block chain and data security sandbox
CN112887508A (en) * 2021-03-04 2021-06-01 大连海事大学 Privacy image encryption method based on multi-dynamic coupling coefficient segmented coupling mapping grid
CN113556328A (en) * 2021-06-30 2021-10-26 杭州电子科技大学 Encryption traffic classification method based on deep learning

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103401834A (en) * 2013-06-27 2013-11-20 中国人民解放军国防科学技术大学 File security method in limited area based on position information
US20190386969A1 (en) * 2015-01-26 2019-12-19 Listat Ltd. Decentralized Cybersecure Privacy Network For Cloud Communication, Computing And Global e-Commerce
CN112347470A (en) * 2020-11-27 2021-02-09 国家电网有限公司大数据中心 Power grid data protection method and system based on block chain and data security sandbox
CN112887508A (en) * 2021-03-04 2021-06-01 大连海事大学 Privacy image encryption method based on multi-dynamic coupling coefficient segmented coupling mapping grid
CN113556328A (en) * 2021-06-30 2021-10-26 杭州电子科技大学 Encryption traffic classification method based on deep learning

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
罗晓萌等: ""基于北斗空时信息的安全通信方法"", 《导航定位与授时》, vol. 9, no. 2, pages 48 - 55 *

Similar Documents

Publication Publication Date Title
Sheela et al. Image encryption based on modified Henon map using hybrid chaotic shift transform
Qin et al. Attribute-based encryption with efficient verifiable outsourced decryption
Pu et al. R²PEDS: a recoverable and revocable privacy-preserving edge data sharing scheme
Huang et al. Secure encrypted-data aggregation for wireless sensor networks
Schlegel et al. Privacy-preserving location sharing services for social networks
Wang et al. ABE with improved auxiliary input for big data security
Lin et al. A secure and efficient location-based service scheme for smart transportation
US11588627B2 (en) Systems and methods for utilizing quantum entropy in single packet authorization for secure network connections
Zhang et al. Efficient and privacy-preserving min and $ k $ th min computations in mobile sensing systems
Guo et al. Enabling privacy-preserving geographic range query in fog-enhanced IoT services
CN112165443A (en) Multi-key information encryption and decryption method and device and storage medium
Msolli et al. New security approach in real-time wireless multimedia sensor networks
Tong et al. Privacy-preserving Boolean range query with temporal access control in mobile computing
Li et al. A lightweight and verifiable access control scheme with constant size ciphertext in edge-computing-assisted IoT
Lin Teng et al. Im-MobiShare: An improved privacy preserving scheme based on asymmetric encryption and bloom filter for users location sharing in social network
US11379384B2 (en) Oblivious filtering of data streams
Chen et al. On the privacy protection in publish/subscribe systems
Yu et al. pSafety: privacy-preserving safety monitoring in online ride hailing services
CN116614266A (en) Data transmission method, device, equipment and storage medium
CN111294793A (en) Data privacy protection method for identity authentication in wireless sensor network
CN114640520B (en) User privacy protection method and system based on space-time information in zero-contact network
Hassan et al. An authorized equality test on identity‐based cryptosystem for mobile social networking applications
CN114640520A (en) User privacy protection method and system based on space-time information in zero-contact network
Dong et al. Research on quantum authentication methods for the secure access control among three elements of cloud computing
Olteanu et al. A lightweight block cipher based on a multiple recursive generator for wireless sensor networks and RFID

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant