CN114640520B - User privacy protection method and system based on space-time information in zero-contact network - Google Patents

User privacy protection method and system based on space-time information in zero-contact network Download PDF

Info

Publication number
CN114640520B
CN114640520B CN202210268921.0A CN202210268921A CN114640520B CN 114640520 B CN114640520 B CN 114640520B CN 202210268921 A CN202210268921 A CN 202210268921A CN 114640520 B CN114640520 B CN 114640520B
Authority
CN
China
Prior art keywords
information
space
user
time information
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210268921.0A
Other languages
Chinese (zh)
Other versions
CN114640520A (en
Inventor
陈舒怡
罗晓萌
孟维晓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin Institute of Technology
Original Assignee
Harbin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Institute of Technology filed Critical Harbin Institute of Technology
Priority to CN202210268921.0A priority Critical patent/CN114640520B/en
Publication of CN114640520A publication Critical patent/CN114640520A/en
Application granted granted Critical
Publication of CN114640520B publication Critical patent/CN114640520B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/001Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a user privacy protection method and a system based on space-time information in a zero-contact network, wherein the method comprises the following steps: dividing any piece of information of a sending user into private information A and non-private information B; the self space-time information of the sending user is obtained to encrypt A, and the encrypted A and the information B are recombined and sent to the affiliated base station; after receiving the information, the base station decrypts the encrypted A by using the same space-time information, and then sends the decrypted A, the encrypted A and the information B to a core network; the core network transmits the decryption A and the information B to the affiliated base station of the receiving user in a recombination mode, and then transmits the decryption A and the information B to the receiving user through the affiliated base station, and meanwhile, the encrypted A and the encrypted information B are transmitted to a machine learning sandbox in a recombination mode; when the authorized third-party base station needs to receive the privacy information of the user, the encrypted A in the sandbox is called, and the space-time information corresponding to the information A is obtained to finish decryption. The method solves the problem of leakage of user privacy when the collected data are intelligently analyzed.

Description

User privacy protection method and system based on space-time information in zero-contact network
Technical Field
The invention relates to the technical field of zero contact network and service management, in particular to a user privacy protection method and system based on space-time information in a zero contact network.
Background
The zero-contact network and service management (zero touch network AND SERVICE MANAGEMENT) framework aims to realize automatic execution of all operations and tasks without manual intervention, and the concept of zero-contact network and service management is proposed by ETSI in 2017 as a prospective network framework of a next generation network management system, and aims to realize 100% automation of the network through technologies such as artificial intelligence, machine learning, big data analysis and the like, namely, all operations, operations and tasks are automatically executed.
To achieve this high degree of automation, the network needs to collect and intelligently analyze the massive data from the different users, i.e. high automation network operation and management requires a large amount of user data driven. In a zero-contact network, user data is collected, analyzed, processed and stored in a machine learning sandbox of the core network. Ideally, the machine learning sandbox should ignore user privacy and only process and analyze the rest of the non-private information. Therefore, how to analyze and process a large amount of user data and guarantee personal privacy security of users is an important problem to be solved in a zero-contact network.
Disclosure of Invention
The present invention aims to solve at least one of the technical problems in the related art to some extent.
Therefore, an object of the present invention is to provide a method for protecting user privacy based on space-time information in a zero-contact network, which ensures that information related to privacy is protected in a machine learning sandbox, and non-private information can smoothly drive a network to automatically operate, i.e. solve the problem of disclosure of user privacy when intelligently analyzing collected data.
Another object of the present invention is to provide a user privacy protection system based on space-time information in a zero-contact network.
In order to achieve the above objective, an embodiment of an aspect of the present invention provides a method for protecting user privacy based on space-time information in a zero-contact network, which includes the following steps: step S1, dividing any piece of information of a sending user into information A and information B, wherein the information A is privacy information of the sending user, and the information B is business information irrelevant to the privacy of the sending user; s2, acquiring self space-time information of the transmitting user, encrypting the information A, and recombining and transmitting the encrypted information A and the information B to a first affiliated base station; step S3, after the first affiliated base station receives the encrypted information A and the information B, decrypting the encrypted information A by using the same space-time information, and then sending the decrypted information A, the encrypted information A and the information B to a core network; s4, the core network which receives the information reorganizes and transmits the decrypted information A and the information B to a second affiliated base station of a receiving user, and then the decrypted information A and the information B are sent to the receiving user through the second affiliated base station, and meanwhile the encrypted information A and the encrypted information B are reorganized and sent to a machine learning sandbox for analysis and processing; and S5, when the legal authorized third-party base station needs the privacy information of the sending user, requesting the space-time information corresponding to the information A from the first affiliated base station, retrieving the encrypted information A stored in the sandbox, and decrypting the encrypted information A through the space-time information corresponding to the information A to obtain the privacy information of the sending user.
The user privacy protection method based on space-time information in the zero-contact network not only can protect user privacy in the intelligent analysis processing stage in the machine learning sandbox of the core network, but also can protect the user privacy in the transmission process from the user terminal to the base station; meanwhile, by a method of caching certain space-time information in the base station, the encrypted user privacy can be recovered for use by a legal third party authorized user when the encrypted user privacy is needed; the dynamic encryption algorithm applicable to the space-time information is constructed by utilizing the space-time information continuously changed by a user based on an advanced encryption standard (Advanced encryption Standard, AES) in symmetric encryption, so that the key space is enlarged, and the dynamic update of the encryption algorithm is realized.
In addition, the user privacy protection method based on space-time information in the zero-contact network according to the embodiment of the present invention may further have the following additional technical features:
Further, in an embodiment of the present invention, the transmitting user and the receiving user are both legitimate users.
Further, in an embodiment of the present invention, in the step S2, the global navigation satellite system (Global Navigation SATELLITE SYSTEM, GNSS) is used to obtain the self space-time information of the sending user, and the self space-time information is sent to the legally authorized third party base station, so as to decrypt the encrypted information a.
Further, in one embodiment of the present invention, the specific key generating process in the step S2 is: when acquiring space-time information of the user through the global satellite navigation system, longitude, latitude and time parameters are also respectively extracted; constructing a chaos sequence based on space-time information by using the Logistic chaos sequence and longitude, latitude and time parameters in the space-time information; and superposing the self space-time information and the chaotic sequence as input of an MD5 hash function, and mapping by the MD5 hash function to obtain a 128-bit random sequence serving as a key required by an encryption stage and a decryption stage.
Further, in one embodiment of the present invention, a modified dynamic AES encryption algorithm is employed in the encryption stage, which includes four iterative processes of byte substitution, row shifting, column mixing, and round key addition, wherein the round key addition exclusive-or one time space-time information is exclusive-or-calculated in each exclusive-or calculation, such that the step of round key addition dynamically varies with the space-time information.
To achieve the above objective, another embodiment of the present invention provides a user privacy protection system based on space-time information in a zero-contact network, including: the dividing module is used for dividing any piece of information of the sending user into information A and information B, wherein the information A is privacy information of the sending user, and the information B is business information irrelevant to the privacy of the sending user; the encryption module is used for acquiring the self space-time information of the sending user so as to encrypt the information A and recombining and sending the encrypted information A and the information B to a first affiliated base station; the decryption module is used for decrypting the encrypted information A by using the same space-time information after the first affiliated base station receives the encrypted information A and the information B, and then sending the decrypted information A, the encrypted information A and the information B to a core network; the transparent transmission and storage module is used for the core network which receives the information to reconstruct and transmit the decrypted information A and the information B to a second affiliated base station of a receiving user, then the decrypted information A and the information B are transmitted to the receiving user through the second affiliated base station, and meanwhile, the encrypted information A and the encrypted information B are reconstructed and transmitted to a machine learning sandbox for analysis and processing; and the third party decryption module is used for requesting the space-time information corresponding to the information A from the first affiliated base station when the legal authorized third party base station needs the private information of the sending user, retrieving the encrypted information A stored in the sandbox, and decrypting the encrypted information A through the space-time information corresponding to the information A to obtain the private information of the sending user.
The user privacy protection system based on space-time information in the zero-contact network not only can protect user privacy in the intelligent analysis processing stage in the machine learning sandbox of the core network, but also can protect the user privacy in the transmission process from the user terminal to the base station; meanwhile, by a method of caching certain space-time information in the base station, the encrypted user privacy can be recovered for use by a legal third party authorized user when the encrypted user privacy is needed; the dynamic encryption algorithm applicable to the space-time information is constructed by utilizing the space-time information continuously changed by a user based on an advanced encryption standard (Advanced encryption Standard, AES) in symmetric encryption, so that the key space is enlarged, and the dynamic update of the encryption algorithm is realized.
In addition, the user privacy protection system based on space-time information in the zero-contact network according to the embodiment of the invention may further have the following additional technical features:
Further, in an embodiment of the present invention, the transmitting user and the receiving user are both legitimate users.
Further, in an embodiment of the present invention, the encryption module obtains the self space-time information of the sending user by using a global navigation satellite system, and sends the self space-time information to the legally authorized third party base station to decrypt the encrypted information a.
Further, in an embodiment of the present invention, the specific key generation process in the encryption module is: when acquiring space-time information of the user through the global satellite navigation system, longitude, latitude and time parameters are also respectively extracted; constructing a chaos sequence based on space-time information by using the Logistic chaos sequence and longitude, latitude and time parameters in the space-time information; and superposing the self space-time information and the chaotic sequence as input of an MD5 hash function, and mapping by the MD5 hash function to obtain a 128-bit random sequence serving as a key required by an encryption stage and a decryption stage.
Further, in one embodiment of the present invention, a modified dynamic AES encryption algorithm is employed in the encryption stage, which includes four iterative processes of byte substitution, row shifting, column mixing, and round key addition, wherein the round key addition exclusive-or one time space-time information is exclusive-or-calculated in each exclusive-or calculation, such that the step of round key addition dynamically varies with the space-time information.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a flow chart of a method of user privacy protection based on space-time information in a zero-contact network in accordance with one embodiment of the present invention;
FIG. 2 is a flowchart of a method for protecting user privacy based on space-time information in a zero-contact network according to one embodiment of the present invention;
FIG. 3 is a flow chart of an encryption process in a method for protecting user privacy based on space-time information in a zero-contact network according to one embodiment of the invention;
FIG. 4 is a diagram illustrating a successful decryption process of a legitimate serving base station according to one embodiment of the invention;
FIG. 5 is a diagram illustrating a failed decryption process for an attacker according to one embodiment of the invention;
FIG. 6 is a flow chart comparing AES based on space-time information with conventional AES encryption time according to an embodiment of the invention;
FIG. 7 is a schematic diagram of a user privacy sequence prior to encryption in accordance with one embodiment of the present invention;
FIG. 8 is a schematic diagram of an encrypted user privacy sequence in accordance with one embodiment of the present invention;
fig. 9 is a schematic structural diagram of a user privacy protection system based on space-time information in a zero-contact network according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative and intended to explain the present invention and should not be construed as limiting the invention.
The following describes a method and a system for protecting user privacy based on space-time information in a zero-contact network according to an embodiment of the present invention with reference to the accompanying drawings.
Fig. 1 is a flow chart of a method for protecting user privacy based on space-time information in a zero-contact network according to one embodiment of the present invention.
As shown in fig. 1, the method for protecting user privacy based on space-time information in a zero-contact network includes the following steps:
it should be noted that, in the embodiment of the present invention, the sending user and the receiving user are legal users.
In step S1, any piece of information of the sending user is divided into information a and information B, where information a is privacy information of the sending user, and information B is service information unrelated to privacy of the sending user.
Specifically, any piece of information of a transmitting user is regarded as a combination of two parts, namely an information A part and an information B part, wherein the information A part is privacy information of the transmitting user, and the information B part is business information irrelevant to the privacy of the user. Wherein, all privacy information of the user, such as the ID, name, address and the like of the user, is contained in the information A, so the information A is a part which needs to be encrypted and protected subsequently; business information which is irrelevant to the privacy of the user, such as the current hot topics, hot movies and the like, is contained in the information B, and the information is sent to a machine learning sandbox for intelligent analysis and processing so as to realize seamless automation of the network.
In step S2, the own space-time information of the transmitting user is obtained to encrypt the information a, and the encrypted information a and the encrypted information B are recombined and transmitted to the first base station to which the transmitting user belongs.
Further, in one embodiment of the present invention, in step S2, the global navigation satellite system is used to obtain the own space-time information of the transmitting user, and at the same time, the own space-time information is sent to the legally authorized third party base station, so as to decrypt the encrypted information a.
For example, as shown in fig. 2, user Alice obtains its space-time information through the global navigation satellite system and sends its space-time information to the affiliated base station BS1. The user Alice encrypts the information a through the acquired space-time information, then reassembles the encrypted information a with the unencrypted information B, and sends the reassembled information to the affiliated base station BS1 of Alice.
It can be understood that the service based on the space-time information of the user is widely applied to common software such as take-away and taxi taking in daily life, so that the embodiment of the invention does not need additional software and hardware equipment to acquire the space-time information, and the terminal of the user and the affiliated service base station can acquire the space-time information of the user through a global satellite navigation system.
In step S3, after receiving the encrypted information a and the information B, the first affiliated base station decrypts the encrypted information a by using the same space-time information, and then sends the decrypted information a, the encrypted information a, and the information B to the core network.
That is, as shown in fig. 2, when the base station BS1 to which subscriber Alice belongs receives the encrypted information a and the unencrypted information B, the encrypted information a is decrypted by the same space-time information, and then the decrypted original information a, the encrypted information a, and the information B are sent together to the core network. Meanwhile, the base station BS1 also caches a certain amount of space-time information for later authorizing the third party to decrypt the encrypted information a.
In step S4, the core network receiving the information reassembles and transmits the decrypted information a and the information B to the second affiliated base station of the receiving user, and then transmits the decrypted information a and the encrypted information B to the receiving user through the second affiliated base station, and at the same time, the decrypted information a and the encrypted information B are reassembled and transmitted to the machine learning sandbox for analysis and processing.
Specifically, as shown in fig. 2, after receiving three types of different information, the core network needs to complete two different operations, where the first operation is to ensure normal communication between users, that is, to realize transparent transmission between user Alice and user Bob; the second operation is to send the information into a machine learning sandbox for analysis and processing to enable user-driven network automation.
In the first operation, in order to realize transparent transmission between users, the core network reassembles information a and information B, transmits the information a and information B to the base station BS2 to which the user Bob belongs, and transmits the information a and the information B to the user Bob through the BS 2. It should be noted that in this process, the core network does not change or store the information a and the information B, and only completes a simple transmission function.
In the second operation, the core network reassembles the encrypted information a and information B and sends it to the machine learning sandbox for processing, in which way the user privacy is protected during the data processing phase of the sandbox, since the sandbox cannot decrypt the encrypted information a, it can only collect, analyze, learn and process the data in message B, but cannot obtain the user privacy in message a. It should be noted that, at this stage, although the sandbox cannot process the encrypted information a, this part of the information is still stored in the sandbox for subsequent access by a legally authorized third party.
In step S5, when the legally authorized third party base station needs to send the privacy information of the user, the space-time information corresponding to the information a is requested to the first affiliated base station, the encrypted information a stored in the sandbox is fetched, and the encrypted information a is decrypted through the space-time information corresponding to the information a, so as to obtain the privacy information of the sending user.
That is, as shown in fig. 2, when the legally authorized third party BS3 needs the privacy information of the user Alice, only the space-time information corresponding to the information a (i.e. a certain amount of space-time information cached in the BS 1) is required to be requested to the BS1, and the encrypted information a stored in the sandbox is retrieved, and the privacy information of the user Alice can be obtained after the encrypted information a is decrypted by the space-time information.
For example, as shown in fig. 3, after the user terminal obtains the space-time information at the current moment through the GPS, an encryption key is generated according to the key generation algorithm, and the privacy information of the user is encrypted through the key. After the encrypted privacy ciphertext is transmitted to the legal service base station, the base station generates a decryption key by using the same space-time information, and successfully decrypts the encrypted privacy ciphertext into the original privacy information so as to subsequently complete normal communication with other users. The whole process does not change the content of the user privacy, and the protection of the user privacy is successfully realized.
As shown in fig. 4, since the attacker cannot know the current space-time information of the user at this time, it is assumed here that the attacker decrypts the ciphertext using the own space-time information. Even if an attacker is only 15cm away from a user, namely, the decrypted space-time information only has small change of longitude (only changes the last bit of information of a longitude decimal point), the latitude parameter and the time parameter are unchanged, and the privacy obtained by decryption of the attacker is still a string of messy codes. That is, the user privacy protection method provided by the embodiment of the invention successfully realizes the protection of the user privacy.
Further, as shown in fig. 5, the encryption process mentioned above in the embodiment of the present invention is divided into two phases, namely, a key generation phase and an encryption phase, and the specific process is:
Key generation phase:
The ideal key generated in the key generation phase needs to meet two requirements: (1) only legal transceiving double-sending can acquire the secret key; (2) The key should be a pseudo-random sequence that resembles gaussian white noise in statistical parameters, i.e. the key has a high degree of randomness.
Because the space-time information of the user can only be acquired by the user and the affiliated base station in the embodiment of the invention, the first point requirement can be met, and for the second point requirement, the randomness of the Logistic chaotic sequence and the MD5 hash function is adopted in the embodiment of the invention, and the method is specifically as follows:
When a user is sent to send information, acquiring space-time information of the user by a global satellite navigation system, and respectively extracting longitude, latitude and time parameters.
And secondly, constructing a random sequence, namely a chaotic sequence based on space-time information by utilizing longitude, latitude and time parameters in the Logistic chaotic sequence and the space-time information of the Logistic chaotic sequence.
xn+1=f(xn)=μ×xn×(1-xn)(1)
The iteration initial value x 0 is the latitude in the space-time information, the iteration parameter mu is the longitude in the space-time information, and the iteration number n is an integer part of the time in the space-time information. Since the iteration result of each iteration will be used as the next iteration input, in order to avoid the decrease of the calculation efficiency caused by the overlarge iteration result of a certain time, the iteration is always limited in a certain range by adopting a method of taking the decimal part of the iteration result, namely
And thirdly, superposing the space-time information and the chaotic sequence as input of an MD5 hash function, and mapping by the MD5 hash function to obtain a 128-bit random sequence serving as a key required by an encryption stage and a decryption stage.
Encryption stage:
Because the AES algorithm has the characteristics of high encryption and decryption speed and high efficiency, the encryption algorithm in the related technology adopts AES-128 in the AES algorithm as a basis, namely, the private information of the user is encrypted through a 128-bit key, but the traditional AES encryption algorithm is a symmetric encryption standard disclosed by the algorithm, and the security of ciphertext of the traditional AES encryption algorithm is completely dependent on the key.
The embodiment of the invention provides an encryption algorithm for dynamically updating space-time information, which is used for enabling the security of a ciphertext not to depend on a secret key completely, and comprises four steps of iteration, namely byte substitution, row shift, column mixing and round key addition, wherein the byte substitution, the row shift and the column mixing are the same as those of a standard AES-128, but the round key addition is used for carrying out bit exclusive OR on the round key and a current state matrix, so that the generation of the round key is only related to an initial key.
It should be noted that, since decryption is the inverse process of encryption, and only the decryption party uses the same space-time information as the encryption party, the ciphertext can be successfully decrypted, so that a person skilled in the art can deduce a specific decryption process according to the above encryption flow, which is not described herein in detail.
The user privacy protection method based on space-time information in the zero-contact network provided by the embodiment of the invention is further described by three specific embodiments.
Embodiment one: how to protect user privacy while using user information to help the network provide related services.
Suppose that user Alice wants to inform user Bob that her neighbors are infected with the new coronavirus variant obicker strain. Alice's private information (message a) is first encrypted with her current space-time information. After receiving the encrypted information A, the service base station of Alice decrypts the encrypted information A by using the same space-time information, and then sends the information A, the encrypted information A and the information B to the core network together. At this time, the core network performs two operations: in order to inform Bob, the core network reorganizes the message a and the message B, transmits the reorganized message a and the reorganized message B to a service base station of Bob, and deletes the message a; in order to make the network perform intelligent analysis and realize seamless automation, the core network reorganizes the encrypted message A and the encrypted message B and transmits the encrypted message A and the encrypted message B to the machine learning sandbox. The network's artificial intelligence driven algorithm receives information about the strain of the oblongkun but does not know that it was sent by Alice to Bob. If the machine learning sandbox receives a large amount of information about the strain of the obronate in a short time, the artificial intelligence algorithm can infer that the strain of the obronate is the current trending topic. The network may then choose to buffer the relevant data to the base station for later use, or push the relevant content directly to the user. Therefore, the embodiment of the invention can protect the privacy of the user while using the user information to help the network provide related services.
Embodiment two: how to use the information of the user to improve the performance of the network itself while protecting the privacy of the user.
Assuming that the machine learns that the sandbox collects a large amount of information of active users in a certain area in a short time, the sandbox does not know the specific privacy information of the active users at this time because the encryption method of the embodiment of the invention is adopted, but can still predict that the base station in the area will be in a busy state in a future period of time. Thus, the network can adjust the duration of the base station sleep mode, increase the transmit power, and expand the allocable resources of the base stations in that area, thereby improving network performance. Therefore, the zero-contact network can fully utilize the information of the user to realize dynamic resource allocation and autonomous network management, and protect the privacy of the user in the whole process.
Example III
In addition to the user's privacy, an attacker of the network may also illegally tamper with the user's privacy when some financial information is involved. Under such an attack, the user may receive tampered data without awareness. However, after using the encryption method of the embodiment of the present invention, the privacy is transmitted in the network as encrypted ciphertext. The attacker cannot know the specific content of the privacy and cannot modify the encrypted privacy. Therefore, the method provided by the embodiment of the invention not only can prevent the privacy of the user from being collected and analyzed, but also can prevent the privacy from being illegally tampered, namely can resist the 'deceptive interference' of deceptive interaction in the network.
The performance aspect of the encryption stage in the user privacy protection method based on space-time information in the zero-contact network provided by the embodiment of the invention is verified by the two embodiments.
Example IV
The key generation algorithm in the embodiment of the invention is based on MD5 hash function mapping, but the addition of the Logistic chaotic sequence enables the algorithm to overcome the defect that space-time information is mapped in a zero-contact network application scene by directly using the MD5 hash function. If the space-time information is directly used for hash function mapping, the space-time information represents the geographic position and time of the user, and the value range has a certain limitation. For example, the area of human activity is only about 3% of the earth's area, so latitude and longitude values in space-time information are relatively fixed. Therefore, an attacker can enumerate the common space-time information and perform hash function mapping in advance to enumerate a key table with high occurrence probability. Assuming that the resolution of the GPS receiver is 20 meters, the input space mapped according to the MD5 hash function of the space-time information is approximately seed. In order to avoid the attack of enumerating common inputs in advance, the embodiment of the invention adopts a method of adding salt, and the chaos sequence with any indefinite length is overlapped with space-time information to be used as input, such as a round key part in fig. 3. The length of the chaotic sequence is determined by an integer part of time information in the space-time information, and when a GPS receiver is adopted, the length of the chaotic sequence ranges from 0 to 245959 to an indefinite length sequence because the time information format of the GPS receiver is in a form of 'time minute second'. By the embodiment of the invention, the input space of the hash function, namely the input space of the key, is greatly expanded, and the possibility of common input attacks by an attacker through enumeration in advance is effectively reduced.
Table 1: random performance based on NIST test
Inspection item MD5 passage rate Improved MD5 passage rate
Frequency checking 91.5% 91.7%
Intra-block frequency verification 99.7% 99.2%
Run length verification 99.8% 99.8%
Intra block longest run verification 98.7% 99.4%
Binary matrix rank test 0.0% 0.0%
Discrete fourier transform inspection 98.0% 98.8%
Non-overlapping module match verification 74.8% 77.0%
Overlapping module match verification 0.0% 0.0%
General statistical test of Maurer 100.0% 100.0%
Linear complexity test 97.8% 97.7%
Sequence verification 99.1% 98.6%
Approximate entropy test 98.9% 99.1%
Accumulation and verification 98.9% 99.1%
Random walk test 60.7% 58.4%
Random walk state frequency check 50.5% 51.5%
As shown in Table 1 (which is the result of detecting the randomness of the generated key according to the randomness detection standard NIST SP 800-22 given by the national institute of standards and Technology (National Institute of STANDARDS AND Technology, NIST)), the key generation method added with the chaotic sequence in the embodiment of the present invention has the performance in randomness compared with the conventional MD5 hash function method. The randomness is an important index for judging the performance of the key, and according to the requirement of NIST on the sequence length, the embodiment of the invention repeats the key generation algorithm for 10 rounds, and each round of running 10000 times to detect the average passing rate. Table 1 illustrates that this method has similar performance in terms of randomness to the MD5 hash function and, as above, effectively overcomes the inherent deficiencies of space-time information as a key.
Example five
As shown in fig. 6, the encryption method based on space-time information provided by the embodiment of the invention changes the traditional AES encryption algorithm into a dynamically updated encryption algorithm through space-time information. Due to the addition of an additional exclusive or space-time information operation, the dynamic updating of the algorithm can be realized, so that the security of the improved algorithm is higher than that of the traditional AES algorithm. The only problem that may exist after the addition of space-time information is that the computational complexity and encryption time of the overall algorithm will increase accordingly, so fig. 6 compares the encryption time of the improved encryption algorithm with that of a conventional encryption algorithm. After 10000 times of encryption is carried out on the same 128-bit information, compared with the traditional AES algorithm, the dynamic updating encryption algorithm in the embodiment of the invention is only 0.127 seconds more in time, namely, 3.38% is increased. Those skilled in the art will appreciate that the additional time consumption is fully acceptable in view of the increased security afforded by dynamic algorithms.
Further, since the privacy of users is often highly relevant, it is desirable to analyze the ability of the proposed encryption algorithm to reduce privacy relevance. For example, if an attacker knows that the user's privacy is a location-related information and the first four letters are "Beij", then the attacker can easily infer that the location is highly probable to be "beijin" rather than "Beijhai" or elsewhere. The purpose of encryption is therefore to transform highly relevant personal sensitive information into scrambled ciphertext information, i.e. to preserve privacy by reducing the relevance of the information. To better illustrate the ability of encryption algorithms to reduce privacy dependencies, embodiments of the present invention use a set of linearly distributed sequences to represent user privacy, as shown in FIG. 7, where 10 different sequences are used to represent 10 highly dependent privacy, with the dependencies of these sequences being as high as 0.77. As shown in fig. 8, the correlation of the encrypted sequence was reduced to 0.019 after encryption. As can be clearly seen by comparing fig. 7 and 8, the encryption method effectively reduces the correlation of privacy, i.e., encryption increases the uncertainty of the private information.
Therefore, the user privacy protection method based on space-time information in the zero-contact network has the following beneficial effects:
(1) The machine learning sandbox in the core network can only use the business information irrelevant to the user privacy to carry out subsequent processing by adopting a partial encryption method on the information, and the zero-contact network can collect, analyze and process enough information to realize the network automation driven by the user under the condition of protecting the user privacy;
(2 because the space-time information has the characteristics of being only acquired by the user and the affiliated base station, unpredictable and dynamic change, namely, each user is unique and continuously changes along with time, the encryption method of the space-time information can ensure the dynamic update of an encryption algorithm.
(3) Although the machine learning sandbox can only analyze and process non-private information irrelevant to users, the encrypted private information and the non-private information are sent to the core network together and collected and stored in the sandbox, compared with the method for deleting the private information of the users directly in the related technology, the method ensures that the encrypted private information of the users can be restored by legal authorized third parties when the authorized third parties need the private information of the users in the future, and when the authorized third parties need the private information of the users, only the corresponding space-time information is required to be requested from a service base station of the users, and the encrypted private information stored in the sandbox is decrypted through the space-time information.
Next, a user privacy protection system based on space-time information in a zero-contact network according to an embodiment of the present invention will be described with reference to the accompanying drawings.
Fig. 9 is a schematic structural diagram of a user privacy protection system based on space-time information in a zero-contact network according to an embodiment of the present invention.
As shown in fig. 9, the system 10 includes: the system comprises a dividing module 100, an encrypting module 200, a decrypting module 300, a transparent transmission and storage module 400 and a third party decrypting module 500.
The dividing module 100 is configured to divide any piece of information of a sending user into information a and information B, where information a is privacy information of the sending user, and information B is service information unrelated to privacy of the sending user. The encryption module 200 is configured to obtain self space-time information of a transmitting user, encrypt the information a, and send the encrypted information a and the encrypted information B to the first base station. The decryption module 300 is configured to decrypt the encrypted information a by using the same space-time information after the first affiliated base station receives the encrypted information a and the encrypted information B, and then send the decrypted information a, the encrypted information a, and the encrypted information B to the core network. The transparent transmission and storage module 400 is used for the core network receiving the information to reconstruct and transmit the decrypted information A and information B to the second affiliated base station of the receiving user, then the decrypted information A and information B are transmitted to the receiving user through the second affiliated base station, and meanwhile, the encrypted information A and the encrypted information B are reconstructed and transmitted to the machine learning sandbox for analysis and processing. And the third party decryption module is used for requesting space-time information corresponding to the information A from the first affiliated base station when the legally authorized third party base station needs to send the privacy information of the user, retrieving the encrypted information A stored in the sandbox, and decrypting the encrypted information A through the space-time information corresponding to the information A to obtain the privacy information of the sending user.
Further, in one embodiment of the present invention, both the sending user and the receiving user are legitimate users.
Further, in one embodiment of the present invention, the encryption module obtains the own space-time information of the transmitting user by using the global navigation satellite system, and simultaneously transmits the own space-time information to the legally authorized third party base station, so as to decrypt the encrypted information a.
Further, in one embodiment of the present invention, the specific key generation process in the encryption module is: when acquiring space-time information of the user through the global satellite navigation system, longitude, latitude and time parameters are also respectively extracted; constructing a chaos sequence based on space-time information by utilizing longitude, latitude and time parameters in the Logistic chaos sequence and the space-time information of the Logistic chaos sequence; and superposing the space-time information and the chaotic sequence as input of an MD5 hash function, and mapping by the MD5 hash function to obtain a 128-bit random sequence serving as a key required by an encryption stage and a decryption stage.
Further, in one embodiment of the invention, a modified dynamic AES encryption algorithm is employed in the encryption stage, which includes four iterative processes of byte substitution, row shifting, column mixing, and round key addition, wherein the round key addition exclusive-or one time of space-time information is additionally exclusive-or in each exclusive-or calculation, such that the step of round key addition dynamically varies with the space-time information.
It should be noted that the foregoing explanation of the embodiment of the method for protecting user privacy based on space-time information in the zero-contact network is also applicable to the system of this embodiment, and will not be repeated here.
The user privacy protection system based on space-time information in the zero-contact network provided by the embodiment of the invention has the following beneficial effects:
(1) The machine learning sandbox in the core network can only use the business information irrelevant to the user privacy to carry out subsequent processing by adopting a partial encryption method on the information, and the zero-contact network can collect, analyze and process enough information to realize the network automation driven by the user under the condition of protecting the user privacy;
(2 because the space-time information is unique to each user and continuously changes with time, the encryption method of the space-time information can ensure the dynamic update of the encryption algorithm, and in addition, because the space-time information is only known by the user and the service base station to which the user belongs, the encryption method not only can protect the user privacy in the intelligent analysis and processing process of the machine learning sandbox, but also can protect the user privacy in the transmission process from the user to the service base station.
(3) Although the machine learning sandbox can only analyze and process non-private information irrelevant to users, the encrypted private information and the non-private information are sent to the core network together and collected and stored in the sandbox, compared with the method for deleting the private information of the users directly in the related technology, the method ensures that the encrypted private information of the users can be restored by legal authorized third parties when the authorized third parties need the private information of the users in the future, and when the authorized third parties need the private information of the users, only the corresponding space-time information is required to be requested from a service base station of the users, and the encrypted private information stored in the sandbox is decrypted through the space-time information.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present invention, the meaning of "plurality" means at least two, for example, two, three, etc., unless specifically defined otherwise.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.

Claims (6)

1. The user privacy protection method based on space-time information in the zero-contact network is characterized by comprising the following steps:
Step S1, dividing any piece of information of a sending user into information A and information B, wherein the information A is privacy information of the sending user, and the information B is business information irrelevant to the privacy of the sending user;
s2, acquiring self space-time information of the transmitting user, encrypting the information A, and recombining and transmitting the encrypted information A and the information B to a first affiliated base station;
step S3, after the first affiliated base station receives the encrypted information A and the information B, decrypting the encrypted information A by using the same space-time information, and then sending the decrypted information A, the encrypted information A and the information B to a core network;
S4, the core network receiving the information reorganizes and transmits the decrypted information A and the information B to a second affiliated base station of a receiving user, and then the decrypted information A and the information B are sent to the receiving user through the second affiliated base station, and meanwhile the encrypted information A and the encrypted information B are reorganized and sent to a machine learning sandbox for analysis and processing;
Step S5, when the legal authorized third party base station needs the privacy information of the sending user, the space-time information corresponding to the information A is requested to the first affiliated base station, the encrypted information A stored in a sandbox is fetched, and the encrypted information A is decrypted through the space-time information corresponding to the information A, so that the privacy information of the sending user is obtained;
the specific key generation process in the step S2 is as follows:
When acquiring space-time information of the user through the global navigation satellite system, longitude, latitude and time parameters are also respectively extracted;
Constructing a chaos sequence based on space-time information by using the Logistic chaos sequence and longitude, latitude and time parameters in the space-time information;
Superposing the self space-time information and the chaotic sequence as input of an MD5 hash function, and mapping by the MD5 hash function to obtain a 128-bit random sequence serving as a key required by an encryption stage and a decryption stage;
The encryption stage adopts an improved dynamic AES encryption algorithm, which comprises four iterative processes of byte substitution, row shift, column mixing and round key addition, wherein the round key addition additionally exclusive-or one time of space-time information in each exclusive-or calculation, so that the step of round key addition is dynamically changed along with the space-time information.
2. The method for protecting user privacy based on space-time information in a zero-contact network according to claim 1, wherein the transmitting user and the receiving user are legal users.
3. The method according to claim 1, wherein in step S2, the self space-time information of the transmitting user is obtained by using a global navigation satellite system, and the self space-time information is sent to the legally authorized third party base station to decrypt the encrypted information a.
4. A user privacy protection system based on space-time information in a zero-contact network, comprising:
the dividing module is used for dividing any piece of information of the sending user into information A and information B, wherein the information A is privacy information of the sending user, and the information B is business information irrelevant to the privacy of the sending user;
the encryption module is used for acquiring the self space-time information of the sending user so as to encrypt the information A and recombining and sending the encrypted information A and the information B to a first affiliated base station;
the decryption module is used for decrypting the encrypted information A by using the same space-time information after the first affiliated base station receives the encrypted information A and the information B, and then sending the decrypted information A, the encrypted information A and the information B to a core network;
the transparent transmission and storage module is used for the core network which receives the information to reconstruct and transmit the decrypted information A and the information B to a second affiliated base station of a receiving user, then the decrypted information A and the information B are transmitted to the receiving user through the second affiliated base station, and meanwhile, the encrypted information A and the encrypted information B are reconstructed and transmitted to a machine learning sandbox for analysis and processing;
The third party decryption module is used for requesting space-time information corresponding to the information A from the first affiliated base station when the privacy information of the sending user is required by a legally authorized third party base station, retrieving the encrypted information A stored in the sandbox, and decrypting the encrypted information A through the space-time information corresponding to the information A to obtain the privacy information of the sending user;
The specific key generation process in the encryption module is as follows:
When acquiring space-time information of the user through the global navigation satellite system, longitude, latitude and time parameters are also respectively extracted;
Constructing a chaos sequence based on space-time information by using the Logistic chaos sequence and longitude, latitude and time parameters in the space-time information;
Superposing the self space-time information and the chaotic sequence as input of an MD5 hash function, and mapping by the MD5 hash function to obtain a 128-bit random sequence serving as a key required by an encryption stage and a decryption stage;
The encryption stage adopts an improved dynamic AES encryption algorithm, which comprises four iterative processes of byte substitution, row shift, column mixing and round key addition, wherein the round key addition additionally exclusive-or one time of space-time information in each exclusive-or calculation, so that the step of round key addition is dynamically changed along with the space-time information.
5. The system of claim 4, wherein the sending user and the receiving user are legal users.
6. The system of claim 4, wherein the encryption module obtains the space-time information of the transmitting user by using a global navigation satellite system, and sends the space-time information to the legally authorized third party base station to decrypt the encrypted information a.
CN202210268921.0A 2022-03-18 2022-03-18 User privacy protection method and system based on space-time information in zero-contact network Active CN114640520B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210268921.0A CN114640520B (en) 2022-03-18 2022-03-18 User privacy protection method and system based on space-time information in zero-contact network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210268921.0A CN114640520B (en) 2022-03-18 2022-03-18 User privacy protection method and system based on space-time information in zero-contact network

Publications (2)

Publication Number Publication Date
CN114640520A CN114640520A (en) 2022-06-17
CN114640520B true CN114640520B (en) 2024-05-17

Family

ID=81948805

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210268921.0A Active CN114640520B (en) 2022-03-18 2022-03-18 User privacy protection method and system based on space-time information in zero-contact network

Country Status (1)

Country Link
CN (1) CN114640520B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103401834A (en) * 2013-06-27 2013-11-20 中国人民解放军国防科学技术大学 File security method in limited area based on position information
CN112347470A (en) * 2020-11-27 2021-02-09 国家电网有限公司大数据中心 Power grid data protection method and system based on block chain and data security sandbox
CN112887508A (en) * 2021-03-04 2021-06-01 大连海事大学 Privacy image encryption method based on multi-dynamic coupling coefficient segmented coupling mapping grid
CN113556328A (en) * 2021-06-30 2021-10-26 杭州电子科技大学 Encryption traffic classification method based on deep learning

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11277390B2 (en) * 2015-01-26 2022-03-15 Listat Ltd. Decentralized cybersecure privacy network for cloud communication, computing and global e-commerce

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103401834A (en) * 2013-06-27 2013-11-20 中国人民解放军国防科学技术大学 File security method in limited area based on position information
CN112347470A (en) * 2020-11-27 2021-02-09 国家电网有限公司大数据中心 Power grid data protection method and system based on block chain and data security sandbox
CN112887508A (en) * 2021-03-04 2021-06-01 大连海事大学 Privacy image encryption method based on multi-dynamic coupling coefficient segmented coupling mapping grid
CN113556328A (en) * 2021-06-30 2021-10-26 杭州电子科技大学 Encryption traffic classification method based on deep learning

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于北斗空时信息的安全通信方法";罗晓萌等;《导航定位与授时》;第9卷(第2期);第48-55页 *

Also Published As

Publication number Publication date
CN114640520A (en) 2022-06-17

Similar Documents

Publication Publication Date Title
Rana et al. Lightweight cryptography in IoT networks: A survey
Shen et al. A secure cloud-assisted urban data sharing framework for ubiquitous-cities
Qin et al. Attribute-based encryption with efficient verifiable outsourced decryption
Pu et al. R²PEDS: a recoverable and revocable privacy-preserving edge data sharing scheme
Huang et al. Secure encrypted-data aggregation for wireless sensor networks
Su et al. Reversible cellular automata image encryption for similarity search
CN110413652B (en) Big data privacy retrieval method based on edge calculation
Mousavi et al. Data cryptography in the Internet of Things using the artificial bee colony algorithm in a smart irrigation system
Khanna Data hiding in encrypted images using Arnold transform
Guo et al. Enabling privacy-preserving geographic range query in fog-enhanced IoT services
Msolli et al. New security approach in real-time wireless multimedia sensor networks
Qin et al. A privacy-preserving blockchain-based tracing model for virus-infected people in cloud
Tong et al. Privacy-preserving Boolean range query with temporal access control in mobile computing
Lin Teng et al. Im-MobiShare: An improved privacy preserving scheme based on asymmetric encryption and bloom filter for users location sharing in social network
Lu et al. A distributed secure data collection scheme via chaotic compressed sensing in wireless sensor networks
An et al. Visually semantic-preserving and people-oriented color image encryption based on cross-plane thumbnail preservation
CN114640520B (en) User privacy protection method and system based on space-time information in zero-contact network
Chen et al. On the privacy protection in publish/subscribe systems
Dai et al. Random secure comparator selection based privacy‐preserving MAX/MIN query processing in two‐tiered sensor networks
Qian et al. A multi-layer information dispersal based encryption algorithm and its application for access control
Yang et al. Two-dimensional diagonal layer hash chain based key pre-distribution scheme
Choi et al. Secure mutual proximity zone enclosure evaluation
Lian et al. Efficient privacy-preserving protocol for k-NN search over encrypted data in location-based service
Alghamdi et al. An image encryption algorithm based on trivium cipher and random substitution
Wang et al. Secret sharing scheme with dynamic size of shares for distributed storage system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant