CN114745689A - Multi-time-segment data fusion method and system for wireless sensor network - Google Patents

Abstract

The invention discloses a multi-time-segment data fusion method of a wireless sensor network, which comprises the following steps: the sensor network is clustered, each cluster comprises a cluster head node and a common node, data received by the common node in multiple time periods are obtained, the received data are encrypted and hidden by adopting an improved Paillier homomorphic encryption system, the data received in different time periods are signed by adopting an identity-based signature method to obtain signature data, the hidden data and the signature data are sent to the cluster head nodes, each cluster head node aggregates the hidden data and the signature data of the common node in the cluster respectively and sends the aggregated data and the signature data to a base station, and the base station recovers the aggregated data hidden in the multiple time periods of all sensors and verifies whether the recovered data are tampered or not according to the aggregated signature data. The method reduces the computational complexity and the redundancy of data.

Description

Multi-time-segment data fusion method and system for wireless sensor network

Technical Field

The invention relates to the technical field of sensor network data fusion, in particular to a method and a system for fusing multi-time-segment data of a wireless sensor network.

Background

The Wireless Sensor Networks (WSNs) are constructed by a large number of sensor nodes in a wireless and multi-hop manner, and along with the rapid development of the internet of things, the wireless sensor networks are more widely applied to the fields of agricultural monitoring, environmental monitoring, intelligent transportation, smart home, medical monitoring, logistics management, military and the like. Because the sensor nodes are limited by calculation, storage and communication, and are difficult to transmit a large amount of sensing data, the data transmission amount in the network can be greatly reduced by using the data fusion technology for data transmission, the energy consumption of the nodes is reduced, and the service life of the whole network is prolonged. In some fields (for example, military fields, public health fields, etc.) with high requirements for security, aggregation of collected data can be realized in a data fusion process, and the integrity of the collected data needs to be verified to protect the privacy of the data.

The existing data fusion method of the wireless sensor network with privacy protection is mainly based on technologies of hop-by-hop encryption, privacy homomorphism, safe multi-party calculation, data slicing, data disturbance and the like. The hop-by-hop encryption method needs a large calculation overhead in order to protect privacy by adopting a hop-by-hop encryption and decryption mode. The privacy protection method based on the privacy homomorphic realizes the hiding of the sensing data through end-to-end encryption, can effectively resist most attacks of the data in the transmission process, avoids encryption and decryption operations in the aggregation process, can provide high-efficiency network data aggregation, has obvious advantages compared with a privacy protection method based on the privacy homomorphic, and has become a trend in research. The traditional privacy protection scheme based on the secure multi-party calculation has a large calculation amount, so the scheme is not applied to the resource-limited wireless sensor network, but some improved secure multi-party calculation schemes are proposed in recent years, and the complexity and the energy consumption of the traditional secure multi-party calculation are reduced to a certain extent. The data slicing-based method needs to generate a large amount of redundant data in order to support privacy of data and integrity verification of data, but the redundant data brings additional communication overhead. The data disturbance-based method is a privacy protection method without encryption, and realizes data hiding by modifying the true value of data, so that the aim of enabling an attacker to not obtain the true data without encrypting the data is fulfilled.

In most of existing wireless sensor network data fusion schemes, after one round of data fusion, a base station can only obtain fusion data in a certain time period in a certain area, and in order to obtain the fusion data in a plurality of time periods in the certain area, multiple rounds of data fusion are needed, which greatly increases the consumption of network resources.

Disclosure of Invention

The embodiment of the invention provides a method and a system for fusing multi-time-segment data of a wireless sensor network, which comprises the following steps: clustering a sensor network, wherein each cluster comprises a cluster head node and a common node;

acquiring data respectively received by a common node in a plurality of time periods, encrypting and hiding the received data by adopting an improved Paillier homomorphic encryption system, signing the data received in different time periods by adopting an identity-based signing method to obtain signed data, and sending the hidden data and the signed data to a cluster head node;

each cluster head node respectively aggregates the hidden data and the signature data of the common nodes in the cluster and sends the aggregated data and the signature data to the base station, and the base station recovers the aggregated data hidden by all the sensors in multiple time periods and verifies whether the recovered data are tampered or not according to the aggregated signature data;

the method for encrypting the received data by adopting the improved Paillier homomorphic encryption system to obtain the private data specifically comprises the following steps:

using a formula

The received data is encrypted, wherein,

a super-increment sequence is represented, and,

data representing reception of sensor nodes, S_i,jRepresenting a private key of each network node based on identity, g representing a generator, q representing a large prime number, and mod representing a modulus operator;

the signing of the data received in different time periods by the identity-based signing method specifically comprises the following steps:

calculating P_i,j＝H₁(ID_i,j) Calculate P_β＝H₂(β)∈G₁In which P is_i,jRepresenting a unique identity ID assigned to each sensor network node_i,jHash function of (H)₁Corresponding value, P_βHash function H representing a common state parameter beta₂A corresponding value;

to time period t₁，t₁，…，t_wThe data received by the sensor node is signed to obtain signature data,

where w represents a time period.

Further, before clustering the sensor network, the sensor network parameter selection is performed, which includes:

selecting a network security parameter k ∈ Z_qSelecting a large prime number q>2^kGenerating two addition groups G with q as order₁And a multiplicative group G₂A bilinear pair map e: G₁×G₁→G₂Selecting two secure Hash functions H₁,H₂:{0,1}^*→G₁From group G₁Selecting a generator P, selecting a random number s belonged to Z_qAllocating a unique identity ID for each sensor network node for a system master key and Q & ltsP & gt as a system public key_i,j∈{0,1}^*，ID_i,jRepresenting the unique identity of the jth network node of the ith cluster, and calculating the identity-based private key S of each network node_i,j＝sP_i,jSelecting a common state parameter beta e {0,1}^*Calculate P_β＝H₂(β)∈G₁Calculating T ═ P_βP, selecting a generator

Selecting a super-increment sequence

Wherein, the first and the second end of the pipe are connected with each other,

is a large prime number, each

Length of (2)

And satisfy

Where N represents the total number of nodes in the sensor network and d represents the maximum value of the sensed data.

And further, after the network parameters of the sensor are selected and before the common nodes receive data, the parameters of the network sensor nodes are stored: ID_i,j，S_i,j，H₁，H₂，

β, g, q; storing private keys and parameters of all nodes of the base station: k, q, e, G₁，G₂，H₁，H₂，P，s，Q，T，g。

And in the next step, respectively aggregating the hidden data and the signature data of the common nodes in the cluster, wherein the formula is utilized

Carrying out hidden data aggregation of common nodes, wherein C_i,jEncrypted data representing a plurality of times of a common node j in a cluster i, m representing the number of common nodes in the cluster i, C_iRepresenting aggregated private data using a formula

And aggregating the signature data.

Further, the base station recovers the hidden aggregated data of all the sensors in multiple time periods, including:

sequentially taking out the private keys S of all the nodes_i,jAnd calculating:

wherein n represents the number of cluster head nodes;

the method comprises the following steps of aggregating the privacy data sent to the n cluster head nodes to obtain:

computing

Computing

According to the obtained D, the following steps are carried out to respectively recover the time periods t₁，t₂，…，t_wCorresponding raw aggregated data D₁，D₂，…，D_w；

Let Y_w＝D；

Performing for x-w to 2

Because of the fact that

Therefore, it is not only easy to use

Repeating the above three steps, the time period t can be recovered₁，t₂，…，t_wThe corresponding original aggregation number

And further, verifying whether the recovery data is tampered according to the aggregated signature data, comprising:

computing

Computing

Computing

Calculating e (Sig, P) and e (SumD, T) e (R, Q);

wherein e represents a bilinear pairwise mapping, and comparing whether e (Sig, P) is equal to e (SumD, T) e (R, Q), and if so, receiving the time period { T }₁，t₂，…，t_wCorresponding raw aggregated data D₁，D₂，…，D_wOtherwise, the data is tampered and will not be accepted.

The invention provides a multi-period data fusion system of a wireless sensor network, which is characterized in that,

the data acquisition module is arranged on each node in the wireless sensor network and used for acquiring data of each node in the wireless sensor network;

the data processing module is arranged on a common node, encrypts and hides the received data by adopting an improved Paillier homomorphic encryption system, signs the data received in different time periods by adopting an identity-based signing method to obtain signature data, and sends the hidden data and the signature data to the cluster head node;

the data fusion module is arranged on the cluster head node and used for respectively aggregating the hidden data and the signature data of the common nodes in the cluster and sending the hidden data and the signature data to the base station;

the data recovery module is arranged on the base station and used for recovering the aggregation data hidden in a plurality of time periods of all the sensors;

and the data verification module is arranged on the base station and used for performing integrity verification by comparing the signature of the original data with the aggregated signature, if the verification is passed, the collected sensing data is accepted, and otherwise, the sensing data is deleted.

The embodiment of the invention provides a method and a system for fusing multi-time-segment data of a wireless sensor network, which have the following beneficial effects compared with the prior art:

in most of the existing wireless sensor network data fusion schemes, after one round of data fusion, a base station can only obtain fusion data in a certain time period in a certain area, and in order to obtain the fusion data in a plurality of time periods in the certain area, multiple rounds of data fusion are needed, which greatly increases the consumption of network resources. The invention has the advantages that different fusion data of a plurality of time periods in a certain area can be respectively obtained through one round of data fusion, the invention can efficiently realize the fusion of the multi-time period data of the wireless sensor network, greatly improve the data fusion efficiency and reduce the consumption of data processing and transmission resources.

A lot of existing wireless sensor network data fusion methods based on hop-by-hop encryption, privacy homomorphism and safe multi-party calculation use a security mechanism with high calculation complexity and based on a discrete logarithm problem to perform encryption or signature. The invention has the advantages that the improved Paillier homomorphic encryption system is adopted, the original discrete logarithm problem is converted into the simple continuous multiplication operation, and the calculation complexity is greatly reduced.

In order to support data privacy and data integrity verification, a large amount of redundant data needs to be generated in the existing data slice-based wireless sensor network data fusion method, but the redundant data brings extra communication overhead. The method has the advantages that based on the clustering idea, each sensor node utilizes an improved Paillier homomorphic encryption system to encrypt and hide the sensing data acquired at different time periods, adopts an identity-based signature method to sign the sensing data acquired at different time periods, and then sends the hidden and signed sensing data to the cluster head node of the cluster where the sensor node is located. And after receiving the data sent by the cluster node, the cluster head node respectively aggregates all the received hidden data and signature data, and finally sends the aggregated data to the base station. After receiving all the aggregated data, the base station recovers the hidden aggregated data and verifies the recovered aggregated data, so the invention does not need multiple rounds of information interaction, does not generate any redundant data, and greatly reduces the communication overhead of the network.

Drawings

Fig. 1 is a general architecture of a method and a system for multi-time-zone data fusion in a wireless sensor network according to an embodiment of the present invention;

fig. 2 is a private data generation process of a multi-time-segment data fusion method and system for a wireless sensor network according to an embodiment of the present invention;

fig. 3 is a data aggregation process of a multi-time-segment data fusion method and system for a wireless sensor network according to an embodiment of the present invention;

fig. 4 is a data recovery process of a multi-time-period data fusion method and system for a wireless sensor network according to an embodiment of the present invention;

fig. 5 is a data verification process and a multi-time-period data fusion method for a wireless sensor network according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1 to 5, an embodiment of the present invention provides a multi-time-zone data fusion method for a wireless sensor network, where the method includes:

in a clustered wireless sensor network, each sensor node utilizes an improved Paillier homomorphic encryption system to encrypt and hide the sensing data acquired at different time periods, adopts a signature algorithm based on identity to sign the sensing data acquired at different time periods, and then sends the hidden and signed sensing data to a cluster head node of a cluster where the sensor node is located. After receiving the data sent by the cluster node, the cluster head node respectively aggregates all the received hidden data and signature data, and finally sends the aggregated data to the base station. After receiving all the aggregation data, the base station firstly restores the hidden aggregation data acquired in different time periods, then verifies the restored aggregation data, if the verification is passed, the collected sensing aggregation data in different time periods are received, otherwise, the collected sensing aggregation data in different time periods are deleted.

A multi-time-segment data fusion method of a wireless sensor network mainly comprises five modules of system initialization, private data generation, data aggregation, data recovery and verification.

1. System initialization

(1) Selecting a system security parameter k ∈ Z_qSelecting a large prime number q>2^kGenerating two addition groups G with q as order₁And a multiplicative group G₂A bilinear pair map e: G₁×G₁→G₂. Two secure Hash functions H are selected₁,H₂:{0,1}^*→G₁. Slave group G₁Selecting a generator P, selecting a random number s belonged to Z_qA unique identity ID is distributed to each sensor node for a master key and Q & ltsP & gt is a system public key_i,j∈{0,1}^*，ID_i,jRepresenting the unique identity of the jth node of the ith cluster, and calculating the identity-based private key S of each node_i,j＝sP_i,jSelecting a common state parameter beta e {0,1}^*Calculate P_β＝H₂(β)∈G₁Calculating T ═ P_βP, selecting a generator

Selecting a super-increment sequence

Wherein the content of the first and second substances,

is a large prime number, each

Length of (2)

And satisfy

Where N represents the total number of nodes in the network and d represents the maximum value of the sensed data.

(2) Storing (ID) in each node before the network is deployed_i,j，S_i,j，H₁，H₂，

β, G, q), base station stores (k, q, e, G)₁，G₂，H₁，H₂P, s, Q, T, g) and the private keys of all nodes, and then deploy the nodes to the target area. The whole network is divided into n clusters, each Cluster is provided with m common nodes, and each Cluster selects a node (Cluster Head, CH) called a Cluster Head.

2. Private data generation

Suppose that each common node j in the ith cluster is at time period t₁，t₁，…，t_wThe perceived data are respectively

The node j firstly carries out privacy protection on data by using an improved Paillier homomorphic encryption system, then carries out signature on the data, and finally sends the privacy data and the signature of the data to the cluster head node CH_iThe specific implementation procedure is as follows.

(1) By its own private key S_i,jAnd generating a primitive g computation blinding factor

(2) For each at timeSegment { t }₁，t₁，…，t_wThe perceived data

And encrypting to obtain private data:

(3) calculating P_i,j＝H₁(ID_i,j) Calculate P_β＝H₂(β)∈G₁。

(4) For time period { t₁，t₁，…，t_wThe perceptual data signature of } gets the signature:

(5) transmitting data (C)_i,j，Sig_i,j，R_i,j) For cluster head node CH_i。

3. Data aggregation

When cluster head node CH_iAfter receiving data sent by all nodes j in the cluster, the cluster private data aggregation method aggregates the private data of all m member nodes in the cluster to obtain aggregated private data, then aggregates the signature data of the m member nodes to obtain an aggregated signature, and finally sends the aggregated data to a base station.

Calculating aggregated private data:

calculating an aggregate signature:

transmitting data (C)_i，Sig_i，R_i) To the base station.

4. Data recovery

When the base station receives the aggregation data sent to the base station by all the n cluster head nodes, the base station firstly aggregates the n aggregation privacy data to obtain new aggregation privacy data C, and then respectively recovers time periods { t } from the aggregation privacy data C₁，t₂，…，t_wCorresponding raw aggregated data D₁，D₂，…，D_wThe specific implementation procedure is as follows.

(1) Sequentially taking out the private keys S of all the nodes_i,jAnd calculating:

(2) and aggregating the private data sent to the cluster head nodes by the n cluster head nodes to obtain:

(3) computing

(4) Computing

(5) According to the obtained D, the following steps are executed to respectively recoverTime period t₁，t₂，…，t_wCorresponding raw aggregated data D₁，D₂，…，D_w。

Let Y_w＝D；

② for x ═ w to 2 execution

③ because

Therefore, it is not only easy to use

Through the three steps, the time period t can be recovered₁，t₂，…，t_wCorresponding original aggregation number

5. Data validation

Recovery time period t of base station₁，t₂，…，t_wCorresponding raw aggregated data D₁，D₂，…，D_wAnd then, aggregating the signature data sent to the cluster head nodes by the n cluster head nodes to obtain aggregated signatures Sig and R, and then carrying out integrity verification on the recovered original aggregated data, wherein the specific integrity verification process is as follows.

(1) Computing

(2) Computing

(3) Computing

(4) Calculate e (Sig, P) and e (SumD, T). e (R, Q).

(5) Comparing whether e (Sig, P) is equal to e (SumD, T) e (R, Q), if so, accepting the time period { T }₁，t₂，…，t_wCorresponding raw aggregated data D₁，D₂，…，D_wOtherwise, the data is tampered and will not be accepted.

Although the embodiments of the present invention have been disclosed in the foregoing for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying drawings.

Claims (7)

1. A multi-time-segment data fusion method of a wireless sensor network is characterized by comprising the following steps:

clustering a sensor network, wherein each cluster comprises a cluster head node and a common node;

acquiring data respectively received by a common node in a plurality of time periods, encrypting and hiding the received data by adopting an improved Paillier homomorphic encryption system, signing the data received in different time periods by adopting an identity-based signing method to obtain signed data, and sending the hidden data and the signed data to a cluster head node;

each cluster head node respectively aggregates the hidden data and the signature data of the common nodes in the cluster and sends the aggregated data and the signature data to the base station, and the base station recovers the aggregated data hidden by all the sensors in multiple time periods and verifies whether the recovered data are tampered or not according to the aggregated signature data;

the method for encrypting the received data by adopting the improved Paillier homomorphic encryption system to obtain the private data specifically comprises the following steps:

using a formula

The received data is encrypted, wherein,

a super-increment sequence is represented, and,

data representing reception of sensor nodes, S_i，jRepresenting a private key of each network node based on identity, g representing a generator, q representing a large prime number, and mod representing a modulus operator;

the signing of the data received in different time periods by the identity-based signing method specifically comprises the following steps:

calculating P_i，j＝H₁(ID_i，j) Calculate P_β＝H₂(β)∈G₁In which P is_i，jRepresenting a unique identity ID assigned to each sensor network node_i，jHash function of (H)₁Corresponding value, P_βHash function H representing a common state parameter beta₂A corresponding value;

to time period t₁，t₁，...，t_wThe data received by the sensor node is signed to obtain signature data,

where w represents the subscript value of the time period.

2. The method for fusing multi-period data of a wireless sensor network according to claim 1, wherein sensor network parameter selection is performed before clustering the sensor network, and comprises:

selecting a network security parameter k ∈ Z_qSelecting a large prime number q > 2^kGenerating two addition groups G with q as order₁And a multiplicative group G₂A bilinear pair map e: g₁×G₁→G₂Selecting two secure Hash functions H₁，H₂：{0，1}^*→G₁From group G₁Selecting a generator P, selecting a random number s belonged to Z_qAllocating a unique identity ID for each sensor network node for a system master key and Q & ltsP & gt as a system public key_i，j∈{0，1}^*，ID_i，jRepresenting the unique identity of the jth network node of the ith cluster, and calculating the identity-based private key S of each network node_i，j＝sP_i，jSelecting a common state parameter beta e {0,1}^*Calculate P_β＝H₂(β)∈G₁Calculating T ═ P_βP, selecting a generator

Selecting a super-increment sequence

Wherein the content of the first and second substances,

is a large prime number, each

Length of (2)

And satisfy

Where N represents the total number of nodes in the sensor network and d represents the maximum value of the sensed data.

3. The method for multi-time-zone data fusion in wireless sensor network according to claim 2, characterized in that after the selection of the sensor network parameters and before the normal nodes receive data, the network sensor node parameters are stored: ID_i，j，S_i，j，H₁，H₂，

β, g, q; storing private keys and parameters of all nodes of the base station: k, q, e, G₁，G₂，H₁，H₂，P，s，Q，T，g。

4. The method as claimed in claim 2, wherein the aggregating the hidden data and the signature data of the common nodes in the cluster respectively comprises using a formula

Carrying out hidden data aggregation of common nodes, wherein C_i，jEncrypted data representing a plurality of times of a common node j in a cluster i, m representing the number of common nodes in the cluster i, C_iRepresenting aggregated private data using a formula

And aggregating the signature data.

5. The method for fusing multi-period data of a wireless sensor network according to claim 2, wherein the recovering, by the base station, the aggregated data hidden in the multi-period of all the sensors comprises:

sequentially taking out the private keys S of all the nodes_i，jAnd calculating:

wherein n represents the number of cluster head nodes;

and aggregating the private data sent to the cluster head nodes by the n cluster head nodes to obtain:

computing

Computing

According to the obtained D, the following steps are carried out to respectively recover the time periods t₁，t₂，...，t_wCorresponding raw aggregated data D₁，D₂，...，D_w；

Let Y_w＝D；

Performing for x-w to 2

Because of the fact that

Therefore, it is not only easy to use

Repeating the three steps to recover the time period t₁，t₂，...，t_wCorresponding original aggregation number

6. The method for fusing the multi-period data of the wireless sensor network according to claim 1, wherein the verifying whether the recovery data is tampered according to the aggregated signature data comprises:

computing

Calculating out

Calculating out

Calculating e (Sig, P) and e (SumD, T) e (R, Q);

wherein e represents a bilinear pairwise mapping;

comparing whether e (Sig, P) is equal to e (SumD, T) e (R, Q), if yes, receiving time interval { T }₁，t₂，...，t_wCorresponding raw aggregated data D₁，D₂，...，D_wOtherwise, the data is tampered and will not be accepted.

7. A multi-period data fusion system of a wireless sensor network is characterized in that,

the data acquisition module is arranged on each node in the wireless sensor network and used for acquiring data of each node in the wireless sensor network;

the data processing module is arranged on the common node, encrypts and hides the received data by adopting an improved Paillier homomorphic encryption system, signs the data received at different time periods by adopting an identity-based signing method to obtain signature data, and sends the hidden data and the signature data to the cluster head node;

the data fusion module is arranged on the cluster head node and used for respectively aggregating the hidden data and the signature data of the common nodes in the cluster and sending the data to the base station;

the data recovery module is arranged on the base station and used for recovering the hidden aggregated data of all the sensors in multiple time periods;

and the data verification module is arranged on the base station and used for performing integrity verification by comparing the signature of the original data with the aggregated signature, if the verification is passed, the collected sensing data is accepted, and otherwise, the sensing data is deleted.

Images