CN114900294A

CN114900294A - Credibility measurement and remote certification method and system for sensing layer of Internet of things

Info

Publication number: CN114900294A
Application number: CN202210486938.3A
Authority: CN
Inventors: 刘思尧; 张立中; 吴双; 李斌; 郭安乐; 吴宗后; 赵中英; 王敏; 康乐
Original assignee: Information and Telecommunication Branch of State Grid Ningxia Electric Power Co Ltd
Current assignee: Information and Telecommunication Branch of State Grid Ningxia Electric Power Co Ltd
Priority date: 2022-05-06
Filing date: 2022-05-06
Publication date: 2022-08-12

Abstract

A credibility measurement and remote certification method and a system thereof for a perception layer of the Internet of things are characterized in that the method comprises the following steps: step 1, establishing a credibility measurement model based on static parameters and dynamic parameters of sensing nodes in the sensing layer, and acquiring weights of different credibility measurement models based on measurement time and information entropy respectively under networking modes of different internet of things sensing layers so as to solve a comprehensive credibility value; step 2, carrying out credible logic grouping on the sensing nodes by adopting the comprehensive credible value and the energy credible value of the sensing nodes; and 3, generating a group signature of the sensing node through the dynamically updated key, and realizing the credibility certification of the sensing node from a remote node based on unforgeability analysis and anonymous analysis.

Description

Credibility measurement and remote certification method and system for sensing layer of Internet of things

Technical Field

The invention relates to the field of trusted computing, in particular to a method and a system for trusted measurement and remote certification of a sensing layer of the Internet of things.

Background

The internet of things (IoT) is a complex network of everything interconnected constructed by various physical objects (so-called "things"), is a "bridge" for communicating the real world with the information world, realizes information modeling of the physical world by technologies such as radio frequency identification, sensors and global positioning, and completes mutual circulation of data by relying on various communication facilities. The characteristics of the Internet of things enable the Internet of things to be applied to almost all human activity scenes, people can implement more detailed management on industrial and agricultural production and social life through the Internet of things, and therefore, the research on the theory and application of the Internet of things is of great importance to the development of future industrial manufacturing industry, information industry and modern agriculture in China.

In order to improve the security of the internet of things and reduce the consumption of resources such as monitoring and prevention spent on a sensing layer of the internet of things, a credible measurement model suitable for sensing nodes of the internet of things is further researched. However, the current research on this direction is still in the early stage and has many problems. The credible operation of the sensing layer nodes is a foundation stone for guaranteeing the safe data transmission between the nodes, and the research on the measurement model suitable for the sensing layer of the Internet of things is very important, however, most of the existing related researches are concerned about solving the trust problem in the Internet of things under the specific application scene. Under the current internet of things environment, the research on the credibility measurement model of the sensing node is mainly based on the previous behaviors, the historical states and the behavior data of the sensing node.

However, most existing internet of things trust model researches are focused on solving trust problems in specific application scenarios, most trust models are separated from the real environment of the internet of things, limited computing and storage capacities and large differences of internet of things equipment are not fully considered, and therefore a measurement model cannot be directly applied to the internet of things. Moreover, the existing credibility measurement model aiming at the nodes of the sensing layer is almost designed aiming at the previous behavior data of the nodes, however, the measurement process does not comprehensively consider subjective judgment and objective evaluation, and static and dynamic credibility measurement is not combined. On the other hand, the existing credible measurement model cannot meet the sensing network of the internet of things with isomerism, large scale and dynamic performance. Finally, the existing credible measurement model has high computational complexity and cannot be applied to the sensing layer of the internet of things with limited computing capability and resources.

Trusted computing is a process that introduces certain characteristics of closed proprietary systems into open systems, introduces mechanisms and components in hardware and software that can check and enforce system integrity, and allow it to authenticate to remote systems. The trustworthiness of the system may be achieved through attestation, by which trust relationships between each other may be established in untrusted environments. Thus, trusted remote attestation is one of the most important issues for trusted computing. The remote attestation refers to the trusted attestation of unknown entities under the condition that the entities are not in contact with each other, is a process that a trusted computing platform initiates an attestation request to the outside to prove the identity and the running state of the trusted computing platform to be trusted, and is one of core functions of the trusted computing platform. Under the scene of the internet of things, compared with identity authentication, the process not only can authenticate the identity and the platform of the entity of the internet of things, but also can ensure the safety of the internet of things by detecting the safety state when the platform runs.

Currently, remote attestation of trusted computing platforms mainly includes attestation of platform identity, attestation of platform configuration environments, and attestation of platform runtime environments. The reliability of the identity of the other party can be confirmed through anonymous certification for the certification of the platform identity, the platform configuration environment is certified to be credible, and only by certifying the credibility of the platform configuration register, the credible platform module carries out digital signature on the PCR value, so that the integrity of the platform environment can be measured. The method is used for proving that the runtime environment of the platform is credible, and can respectively prove (1) platform hardware (2), platform software (3), platform firmware (4) and an operating system (5) upper application platform. In the field of trusted computing, remote attestation mainly includes a trusted computing platform, a trusted third party, and a remote verifying party, where a platform providing a trusted security mechanism and trusted services in a remote attestation computer system is a trusted computing platform, and the platform mainly builds a trust chain through a trusted trust root to ensure the security of the system. In the remote attestation process, the integrity of the entity is measured and reported, and then the information to be attested is signed by using the trusted root of the entity. The remote verifying party is a proving requesting party which can initiate a proving request to the trusted computing platform, and after receiving a report of the trusted computing platform, the remote verifying party can verify the integrity log and the signature of the platform, and the trusted third party is mainly responsible for issuing, verifying and revoking certificates to prevent the trusted computing platform and the remote verifying party from cheating by forging identities.

The internet of things terminal generally senses, processes and transmits sensing information, and the information often contains sensitive data, so that the internet of things terminal is very easy to be attacked maliciously. In order to verify whether a terminal is in a safe state, the integrity of bottom layer equipment of the terminal needs to be ensured, and the remote verification equipment can carry out credible verification on a data source head node through remote certification.

However, the core tasks of the internet of things are to collect data, transmit the data and process the data, the sensing layer of the internet of things has heterogeneity and complexity, and the source of the sensing data can be trusted and directly influence the safety of the whole internet of things. Meanwhile, as the application of the internet of things is more and more extensive, especially, the technology of the sensor of the internet of things is increasingly complex, the generated sensing data is increased explosively, however, the existing credibility measurement model for the sensing node of the internet of things and a remote proving mechanism applicable to the sensing layer of the internet of things do not essentially solve the problems, such as how to perform multi-dimensional and fine-grained static measurement and dynamic measurement on the sensing node, how to effectively protect the privacy information of the proving node, and the like. Therefore, a credibility measurement model suitable for the sensing node of the internet of things and a remote certification scheme suitable for a data source of the sensing layer of the internet of things need to be researched.

In view of the foregoing, a method and system for trust measurement and remote attestation of the internet of things perception layer are needed.

Disclosure of Invention

In order to overcome the defects in the prior art, the invention aims to provide a credibility measurement and remote certification method and system for a sensing layer of the internet of things. According to different networking modes of a sensing layer of the Internet of things, the method realizes calculation of the static credibility metric value, the dynamic credibility metric value and the energy credibility value in different modes, and accordingly grouping of node credibility logic and remote credibility certification acquisition are realized.

The invention adopts the following technical scheme.

The invention relates to a credibility measurement and remote certification method of an internet of things perception layer, which comprises the following steps: step 1, establishing a credibility measurement model based on static parameters and dynamic parameters of sensing nodes in a sensing layer, and acquiring weights of different credibility measurement models respectively based on measurement time and information entropy under networking modes of different internet of things sensing layers so as to solve a comprehensive credibility value; step 2, carrying out credible logic grouping on the sensing nodes by adopting the comprehensive credibility value and the energy credibility value of the sensing nodes; and 3, generating a group signature of the sensing node through the dynamically updated key, and realizing the credible certification of the sensing node from the remote node based on unforgeability analysis and anonymous analysis.

Preferably, the networking mode of the internet of things perception layer comprises a centralized networking mode and a distributed networking mode.

Preferably, the credibility measurement model comprises a static credibility measurement model and a dynamic credibility measurement model.

Preferably, in the centralized networking mode, the static credibility measurement model of the sensing node includes a physical attribute credibility evaluation model, a hardware attribute credibility evaluation model, a software attribute credibility evaluation model, a network attribute credibility evaluation model and a static attribute credibility measurement model.

Preferably, in the distributed networking mode, the dynamic credibility measurement model of the sensing node is a weighted sum of bidirectional static measurement values between the sensing node and other nodes in the sensing layer of the internet of things.

Preferably, under the distributed networking, the one-way static metric value between the sensing node and any other node in the sensing layer of the internet of things is the access right pr of any other node to the sensing node for the current process of the sensing node _i Any one other node is used for weighting the intersection of the two allowed access permissions pu of the current process of the sensing node in the sensing node; wherein i is the number of all processes between the sensing node and any other node; the weighted sum of the intersection of the two includes all processes between the sensing node and any other node.

Preferably, the weight of the weighted sum of the two intersections is the derivative of the number of all processes of the sensing node for the current other nodes.

Preferably, in the centralized networking mode, the dynamic credibility measurement model of the sensing node includes a data packet forwarding rate credibility measurement model, a data packet repetition rate credibility measurement model, a data packet delay credibility measurement model, a data forwarding flow credibility measurement model, a node channel state credibility measurement model, and a dynamic attribute comprehensive credibility measurement model.

Preferably, in the distributed networking mode, the dynamic credibility measurement model of the sensing node includes a direct credibility measurement model and a recommended credibility measurement model.

The second aspect of the invention relates to a credibility measurement and remote certification system of an internet of things sensing layer, wherein the system is realized by adopting the credibility measurement and remote certification method of the internet of things sensing layer in the first aspect of the invention.

The method and the system have the advantages that compared with the prior art, the method and the system for credibility measurement and remote certification of the sensing layer of the Internet of things can provide a credibility measurement model suitable for multi-direction and fine-grained sensing nodes for the sensing layer of the Internet of things, and in order to solve the problem that the current model cannot meet the current situation of the Internet of things at present and lacks objectivity and dynamics, corresponding credibility measurement models are respectively constructed in a centralized mode and a distributed mode of the sensing layer, and then credible logic grouping is carried out according to the measurement results of the sensing nodes so as to construct credible groups with different trust levels, so that the safe operation of the sensing layer nodes is ensured. Secondly, on the basis of the credible logic grouping of the sensing layer, aiming at a centralized networking mode, the credible certification of the sensing data source is realized through a remote certification mechanism based on group signatures, the mechanism can effectively ensure the credibility of the data source, meanwhile, the privacy of the data source cannot be leaked, the traceability can be realized when the remote node does not trust the other side, the operation efficiency of the mechanism is high through experimental simulation, the calculation performance consumption is low, and the state of the sensing data source can be effectively verified. Aiming at a distributed networking mode, a credible proof of a data source is realized through a threshold ring signature technology, the scheme has anonymity and non-forgeability, experimental simulation shows that the mechanism meets better anti-attack performance and network dynamic adaptability, and secure transmission of sensing data can be guaranteed.

Drawings

Fig. 1 is a schematic diagram illustrating steps of a method for credibility measurement and remote attestation of a sensing layer of the internet of things in the present application;

FIG. 2 shows the trusted node rate of the present application when malicious nodes account for 5%;

FIG. 3 shows the trusted node rate of the present application when malicious nodes account for 15%;

FIG. 4 is a diagram of the trusted data rate of the present application when malicious nodes account for 5%;

FIG. 5 is a diagram of the trusted data rate of the present application when malicious nodes account for 15%;

FIG. 6 is the energy surplus ratio of the present application;

FIG. 7 is a diagram illustrating a trusted interaction success rate in a low node interaction frequency aware network according to the present application;

fig. 8 shows a trusted interaction success rate in a node interaction frequency high-awareness network in the present application.

Detailed Description

The present application is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present application is not limited thereby.

As shown in fig. 1, a method for measuring the credibility and remotely proving the perception layer of the internet of things includes the following steps: step 1, establishing a credibility measurement model based on static parameters and dynamic parameters of sensing nodes in a sensing layer, and acquiring weights of different credibility measurement models respectively based on measurement time and information entropy under networking modes of different internet of things sensing layers so as to solve a comprehensive credibility value; step 2, carrying out credible logic grouping on the sensing nodes by adopting the comprehensive credible value and the energy credible value of the sensing nodes; and 3, generating a group signature of the sensing node through the dynamically updated key, and realizing the credible certification of the sensing node from the remote node based on unforgeability analysis and anonymous analysis.

The invention provides a comprehensive credibility measurement model for performing static and dynamic credibility measurement on sensing nodes under the sensing layer of the internet of things. The model is based on the premise of aiming at the static measurement of the nodes, takes the dynamic measurement as the core, combines the direct trust value and the recommended trust value, and finally completes the comprehensive measurement of the sensing nodes, so that the credibility state of the nodes can be objectively reflected, malicious nodes can be effectively found, and the overall safety of the sensing layer of the Internet of things is guaranteed.

Due to the heterogeneity of the internet of things sensing layer, the commonality and the characteristics of the credibility metrics of different types of sensing nodes need to be considered, and the credibility metrics of the sensing nodes generally comprise static attribute metrics and dynamic attribute metrics.

In a centralized mode, sensing nodes, cluster head nodes and sink nodes are usually arranged in a sensing layer of the internet of things, and if a certain sensing node is to enter a trusted node group, a superior node, namely a cluster head or a sink node, must first ensure that the static attribute of the node is trusted; meanwhile, before data interaction is carried out between different sensing nodes, it is necessary to ensure that static attributes of the two sensing nodes are credible, namely, the dynamic security condition of the nodes is reflected through the static credibility measurement and then the dynamic credibility measurement (because the static attributes of the nodes are preset by manufacturers when leaving factories and generally cannot be changed, but the static attributes are safe and cannot represent that the nodes are always safe, and the dynamic security condition and the static attributes must be judged by integrating the measurement values of the dynamic attributes and the static attributes), if the comprehensive measurement value of the sensing nodes is larger than a preset threshold value of a superior node, the sensing nodes are allowed to be added into the group, otherwise, the sensing nodes are not allowed. Finally, through layer-by-layer measurement, the credibility and credible logic networking of each node is ensured from bottom to top. In a distributed mode, because the computing power of the nodes is similar to the size of the resources, each node can transmit data and can perform credible judgment on the sensing nodes adjacent to the node. In this mode, due to the complexity of the dynamic behavior of the nodes, the indexes of each node in sensing data transmission rate, transmission delay, transmission data packet loss and the like are greatly different, and whether a node is credible or not is judged only through the dynamic attributes, so that the real trust condition of the node cannot be comprehensively and objectively reflected. Therefore, the credibility measurement result of the sensing node in the networking mode is judged by combining the subjective direct trust value and the objective recommended trust value. In order to accurately and objectively measure the credibility of the nodes of the sensing layer, firstly different types of nodes in the sensing layer need to be abstracted, then the nodes are formally described, and then the process of how the credibility of the sensing nodes is measured in two networking modes is discussed in detail.

It can be understood that the sensing layer of the internet of things is generally composed of three types of nodes including sensing nodes, cluster head nodes and sink nodes, the sensing nodes generally refer to common nodes without computing and network bearing capacity, and most attacks on the nodes are physical attacks; the cluster head node and the aggregation node generally refer to nodes with computing and network bearing capabilities. The abstract description model of the heterogeneous nodes in the internet of things mainly takes the sensing nodes as the main part, so that formal abstraction can be realized for the sensing nodes.

First, the physical attribute description of a node can be realized by PD ═ nm, sd, md, wt, nf, sn, af, pk, and the vector can be used as the unique physical identification information of the node, and generally consists of physical quality nm, appearance description sd, texture description md, normal operating temperature wt, equipment manufacturer mf, production serial number sn, affiliated organization af, and identification key pk.

The intrinsic information attribute vector mainly describes software and hardware information of the sensing node, and generally consists of hardware information hw, operating system information, application program ho, and network address na, which can be described by IA ═ hw, ho, na. The task state attribute vector mainly describes a sensing node data bearing task, a node transmission state and a link state, and generally comprises data rd requested to be sent, data sd actually sent, available bandwidth tb of a node network, a node channel ch, data required response time rt and data actual response time st, and can be described by NS (rd, sd, tb, ch, rt, st). The running state attribute vector mainly describes the dynamic change process of the running state of the sensing node, so the vector should include: the node real-time credibility metric value T, the historical credibility change information ht ═ (tr [1], tr [2],. and tr [ n-1]), the credibility state effective time window delta T, ht represent the historical credibility metric value set except the current credibility metric value in the credibility state effective time window, and the node energy state en can be described by SD ═ (T, th, delta T, en).

In summary, the perceptual node formalization description may be represented by a quadruple of ND ═ (PD, IA, NS, SD). The sensing nodes, the cluster head nodes and the sink nodes have different functions, so that corresponding formal descriptions are slightly different, for example, for a node task state description vector, the sensing nodes only pay attention to how to send data to the outside, for the cluster head nodes and the sink nodes, the sensing nodes only pay attention to how to forward the data, and as the upper nodes of the sensing nodes, the sensing nodes pay attention to the sensing node aggregation condition when needed so as to monitor the sensing nodes. Therefore, the following description is respectively performed on the node task state description vector and the node set description vector of the cluster head node and the aggregation node, and the description of other attributes is the same as that of the sensing node.

The task state attribute vector can be described by NS ═ (D, T, rd, sd, tb, ch, rt): where D { D1, D2...... dn } represents data sent by the data sink node or the cluster head node when requesting each common node, and T { T1, T2.... tn } represents a time at which data of each sensing node is sent to the data sink node or the cluster head node, with no difference between other and common node definitions.

The node set attribute vector may be described as (M, T), because the cluster head node needs to perform the confidence metric on the sensing node, it is necessary to maintain a list of trusted sensing nodes in the cluster head node, and similarly, it is also necessary to maintain a list of trusted cluster head nodes in the aggregation node, where M ═ (M1, M2...... mn) represents the sensing node, the cluster head node (i stores the basic hardware information of the node and the digest values of the operating system and the key processes), and T ═ (T1, T2...... tn) represents the confidence metric of each node.

For the centralized networking mode, the upper node (i.e. cluster head node) of the sensing node (a1, a 2.., an) is defined as (a pi 1, a pi 2.., a pi m), and in the sensing node group, the sensing node must authenticate the static attribute (i.e. the computing environment of the node) of the sensing node to the upper node to be safe and credible. Assuming that the static attributes of the sensor node need to include its own physical attributes, hardware attributes, software attributes, and network attributes, the static attributes of the sensor node can be formally described as a four-tuple C (P ═ P) _d Hw, Sh, Ne), in which the physical property is formalized as P _d Hardware ═ p0, p1, p2,. pn, hardwareProperty formalization into H _w (h0, h1, h 2.., hn), where h is ₀ Characteristic values representing the self information collection module and the information calculation module, hi represents characteristic values of other hardware (such as a main board, a network card and the like), software attributes are formalized as Sh (s0, s1, s2,.., sn), s0 represents characteristic values of a self operating system boot program and the like, si represents characteristic values of other common software (such as a daemon), network attributes are formalized as Ne (ad, pa, c1, c2,..., cn), ad is a characteristic value of an IP address, pa is a characteristic value of a MAC address, c1, c2,. cn is a characteristic value of a network communication related program run by the node itself.

The upper node sets the four-tuple C as (P) according to the self security policy _d Hw, Sh, Ne) measures the confidence state of the static attribute of the perception node ai according to the static attribute confidence measure function mce (C), which, as explained above for the static attribute of the perception node, deals with the quadruple C ═ (P ═ P) _d Hw, Sh, Ne) are measured one by one.

If the pi' is the physical attribute submitted by registering the sensing node to the cluster head node when the sensing network is in the initial state, the cluster head node records and stores the information. Therefore, the calculation process of the credible evaluation function Mce [1] (Pd) of the physical attribute represents that the physical inherent information attribute of the sensing node cannot be changed, because the attribute is used as the unique physical identification characteristic of the sensing node, and if the attribute changes, the node is likely to be attacked, so the Mce [1] (Pd) is represented as follows:

in addition, if h0 'and hi' represent all hardware values transmitted when the sensing node performs initial registration and authenticates to the cluster head node, then the cluster head node records and stores the information in advance.

Mce [2] (Hw) represents that the key hardware parts of the sensing node, such as the hardware of the information collection and calculation module, cannot be replaced, while the non-key parts { h1, h 2.. hn } such as the power supply and the like of the sensing node can be replaced, and whether the hardware can be replaced is determined by the corresponding safety mechanism of the superior node. Mce [2] (Hw) can therefore be expressed as follows:

third, the software attribute of the sensing node is described as Sh (s0, s1, s 2.., sn), s0 represents the own os bootstrap program, s1 represents the os kernel, s2 to sk represent the more important information collection and related applications, and s2 to sk represent the relevant applications _k+1 To sn represents some non-critical applications of itself, so Mce [3]](Sh) can be represented as follows:

in this function, si' is all the software attribute information that the sensing node transmits to the cluster head node at initialization, and the superior node stores the information to realize further credibility measurement. The above formula indicates that key programs such as a boot program and an operating system cannot be tampered, and if the key programs are changed, the node is not trusted, but some other common applications may be deployed continuously, so that the function has a certain slack, and the specific slack is confirmed by an upper node.

In addition, the network attribute credibility assessment function may measure according to the network attribute Ne of the node (ad, pa, c1, c 2.. said., ck), which specifies that ad 'and pa' are the network address information and the physical address information of the common node recorded by the cluster head node, and the function f (ci) represents the credibility measure of the relevant network process to the sensing node, then Mce [4] (Ne) is described as:

in the function, sigma Log L (ci) represents the number of times of interaction failure of the interaction process in the sensing node by the upper node in the history Log, and the measurement function of the interaction process calculates the trust value according to the success rate of the communication history task.

For each confidence measure function description of Mce [1] (Pd), Mce [2] (Hw), Mce [3] (Sh) and Mce [4] (Ne) above, the confidence level of each one-dimensional static attribute component can be obtained through the confidence measure respectively. Therefore, the confidence metric function mce (c) of the static attribute of the final sensing node can be calculated as follows:

Mce(C)＝α1Mce[1](Pd)+α2Mce[2](Hw)+α3Mce[3](Sh)+α4Mce[4](Ne)

in the above formula, α 1+ α 2+ α 3+ α 4 is 1, α 1, α 2, α 3, and α 4 denote weights, and the weights need to be adjusted according to different sensing layer networks, and generally, 1/4 is taken for α 1, α 2, α 3, and α 4.

As described above, for the centralized networking mode of the sensing layer, it is specified that a sensing node group (a1, α 2.., an) exists in the distributed networking mode (such as the car networking mode and the industrial distributed internet of things), any node ai in the group can measure the static attribute of the sensing node interacting with the node, and conversely, any node ai interacting with the node ai can also implement the credibility measurement on the node, and only after the two parties complete the credibility measurement on the other party through different credibility strategies, the two parties can establish the bidirectional credibility connection, and then perform subsequent communication. Blt (ai, aj) may be defined as a bi-directional confidence measure function by which any two sensing nodes ai and aj can add a confidence measure to the static attributes of each other. Therefore, in the networking mode, the credibility state of one sensing node can be judged after the credibility measurement of the static attributes of the sensing nodes to the node is comprehensively calculated, and the node can perform data interaction with the sensing node only when the sensing node is in the credibility state, otherwise, the interaction is rejected according to the respective related strategies of the nodes.

According to the formalized description of the sensing nodes above, the static attribute of any one sensing node can be defined by the quadruple C ═ (P) _d Hw, Sh, Ne). In this mode, sensing peer-to-peer interaction between nodes ai and aj, so that the nodes should measure the communication process established between them and related to the interaction, the confidence measure of ai on the static attribute of aj is expressed as:

assuming that the communication process of ai interacting with aj is { c1, c 2.,. cl } in turn, it is now specified that { c1, c 2.,. cx } is the process in ai, then { cx +1, cx +2.,. cl } is the process in aj, and if the process { cx +1, cx +2.,. cl } in aj can successfully complete communication and the set of permissions that should be satisfied by the relevant operation is { prx +1, prx +2.. prl }, assuming that the access permission of other processes that ai can allow is pu, then the confidence metric function fm (ai, aj) of ai to aj represents the following:

correspondingly, if the set of permissions that cx needs to complete communication and related operations must satisfy is { pr1, pr2.. prx }, and the access permission of aj to other processes is pm, then the confidence metric function fm (aj, ai) of aj to ai is expressed as follows:

suppose a set of sensing nodes { aj, aj + 1.., ak } for a at time t _i The result set of two-way confidence metrics of (c) is { blt (ai, aj) [1]],blt(ai,aj+1)[2],...,blt(ai,ak)[k]Thus obtaining { a } _j ,a _j+1 ,...,a _k To sensing node a _i The result of the static confidence measure of (1) is finally expressed as:

since all nodes in the node group in the networking mode are not identical, the credibility of some nodes is higher, and the credibility of some nodes is lower, the measurement weight of the nodes with high credibility to other nodes needs to be increased, and the measurement weight can be obtained by d (a) in the above formula (3-9) _j ) To adjust different node pairs a _i The specific weight of the static metric, the weight function may be defined as:

with the wider application of the internet of things technology, the internet of things sensing layer is more and more susceptible to security threats such as data interception, tampering and data forgery, and although a common traditional security mechanism can resist part of security threats, the common traditional security mechanism cannot effectively cope with more complex attack forms such as collusion attack. Generally speaking, if a sensing node in a group of sensing layers is attacked by a malicious attack, which results in that a network device is damaged and data received and transmitted is tampered, the dynamic attribute of the sensing node initiating the malicious attack is caused to be abnormal, so in addition to performing static measurement on the sensing node, trust evaluation on the dynamic attribute of the sensing node is also important for the safe operation of the sensing layer.

In a centralized networking sensing node group, if a cluster head node or a sink node cannot accurately measure the credibility value of a lower node of the cluster head node or the sink node, no method is available for effectively managing the sensing node group. Therefore, the section introduces various dynamic attribute measurement functions of representative node data packet forwarding rate, repetition rate, transmission delay, forwarding flow and channel state in addition to the node static credibility measurement function of the upper section, and a process of dynamic change of a perception node credibility value can be effectively reflected by carrying out multi-dimensional dynamic credibility measurement on the perception node.

Since the malicious attacks initiated by the sensing node mainly include data stealing, data tampering, data injection and the like, in order to monitor whether the node is attacked or not,the data packet forwarding rate becomes an important index for discovering whether the sensing node is abnormal or not. Suppose that at some time t, the upper node α _π To the sensing node alpha _i Request sd data packet, but alpha _i But only rd (rd ≦ sd) data packets are transmitted, and thus pass through T _dt (α _π ,α _i T) can calculate alpha _π For alpha _i The credible value of the dynamic attribute is as follows:

when the sensing node is attacked, data can be repeatedly forwarded, so that whether the node is normal or not can be effectively judged through the dynamic attribute. If the data packet repetition rate R is small, the node is relatively credible, but if the value of R is continuously increased and is more than or equal to the threshold value of the attribute, the node is probably attacked. So pass through T _dr (α _π ,α _i T) can calculate alpha _π For alpha _i The credible value of the dynamic attribute is as follows:

where δ > 1 and β depends on the upper node α _π 。

When the sensing node forwards data to an upper node, the transmission delay d is rt-st, time delay may exist due to signal interference or nonreactive factors, but the existence of normal delay of the sensing node itself must be considered, so that the dynamic property may fluctuate in a tolerable interval, but once the normal interval is exceeded, the sensing node is considered to be attacked with a high probability. If the transmission delay d is smaller than the threshold value, the upper node can trust the sensing node; conversely, the probability that the node is not trusted is increased, and the trust value of the attribute is also decreased. Thus passing through T _d (α _π ,α _i T) can calculate alpha _π For alpha _i The trusted value of the data packet forwarding delay attribute is:

where α is 0.1, and the critical value γ depends on the specific context of the internet of things sensing layer.

Since the data traffic forwarded by the node in different states may be slightly different, for example, the data traffic suddenly increases, which indicates that the node may be attacked, when the sensing node transmits data to the upper node, the cluster head node α is configured to perform cluster head cluster operation on the node _π Can sense the node alpha according to the data flow _i And performing dynamic measurement. Thus passing through T _df (α _π ,α _i T) can calculate alpha _π For alpha _i The credible value of the dynamic attribute of the data forwarding flow is as follows:

in the formula

T _s Is alpha _i If the data traffic transmitted by the sensing node is 0, it indicates that interaction with the cluster head node has not been performed at this time, and the reliability of the node is T _s Then, when the data traffic of the node transmission is gradually increased, α _i The reliability of the node is continuously increased, however, a threshold value exists, when the threshold value is approached, the reliability of the node is not continuously increased but is reduced, and the threshold value needs to be set according to specific consideration of different internet of things sensing layers.

Sensing node alpha _i Is closely related to the running state of the task itself, and alpha is known from the above _i Is expressed as NS ═ (rd, sd, tb, cb, rt), and the cluster head node α is set _π According to alpha _i The mathematical expectations of actual transmission data and transmission time in the class setting data forwarding process are

Then T _ct (α _π ,α _i T) is calculated as follows:

ε ₁ +ε ₂ when ch represents a node channel state and represents a reliability of a node communication channel per unit time, epsilon may be used unless otherwise specified ₁ ＝ε ₂ 1/2, it means that the actual transmitted data has the same importance as the data delay. Alpha (alpha) ("alpha") _π The threshold specifying this attribute is hs, if T _ct (α _π ,α _i T) < hs, let T _ct (α _π ,α _i T) is 0, otherwise, T _ct (α _π ,α _i And t) is subject to the actual credible value. T is _ct (α _π ,α _i T) reflects the requirements of different task states on the data transmission quantity and the data delay, for example, the requirements of the medical wearable device on the data transmission quantity and the data delay can be extremely high,

the value corresponding to hs would be highly desirable.

In summary, in the networking mode, the above dynamic attribute metric functions respectively represent that the upper node α is at the time t _π For sensing node alpha _i Now assume that between the Δ t periods of (t- Δ t, t), α is _i The data is forwarded n times in total, then within the time window, alpha _π For alpha _i Is sequentially the sum of each dynamic attribute confidence measure of { T } ₁ ,T ₂ .......T _n }, the dynamic attribute integrated confidence metric for the sensing node may be expressed as:

in the above formula, the first and second carbon atoms are,

the method is an attenuation formula, and shows that the dynamic reliability of the sensing node is attenuated along with time, so that the credible measurement value of the dynamic attribute can obtain reasonable weight along with the change of time, upsilon is an attenuation speed factor, and the size of the parameter depends on the specific sensing environment of the Internet of things.

In a distributed networking mode, because a perception network is dynamic, large-scale, complicated and intricate, distances among nodes can also change frequently, communication is not completely reliable, and the safety of the nodes cannot be guaranteed only through the credibility measurement on the static attributes of the nodes described in the above, the nodes must be dynamically measured on the basis of the static measurement of the nodes, and direct trust has subjectivity and cannot accurately describe the credibility state of the nodes. The dynamic credibility measurement of the sensing node is divided into two parts: a direct trustworthiness metric and a recommended trustworthiness metric.

Direct trust is the subjective expectation of a perception node for the future behavior of a target node in a specific environment and at a specific time according to the interaction experience between the nodes. Generally, the trust relationship between nodes can be represented by the current interaction result and the historical experience between the nodes, and the direct trust value between the nodes can be calculated by the corresponding trust calculation method.

Firstly, a definition of interaction experience between nodes in a sensing layer is given, namely when data forwarding is carried out on the sensing layer, the recorded condition that a certain node completes a data forwarding task is given, and the interaction result is divided into success and failure. If a trust value of a certain node is required to be calculated, each node needs to store a data interaction history table, the table is used for storing the interaction condition between the node and other nodes, and the recorded data respectively comprise: unique identification id of the node, interaction success times x, interaction failure times y and trust value T ^d And a trust update period T. In addition, in order to solve the problem of frequent trust value calculation caused by continuous interaction between nodes and eliminate the uncertainty of influence on the trust value of the nodes due to short time period, the T can be set to adjust when the trust calculation process is carried out between the nodes. In general, Bayesian estimation can truly reflect the probability of node future behavior occurrence of node historical behavior experience, so Bayesian estimation can be used to calculate the probability of successful interaction between nodes, and then the direct trust value of the nodes can be represented by the mathematical expectation of the successful times of interaction between the nodes.

Suppose that at time (t) ₀ ,t _c ) Within range, node α _i And alpha _j Z interactions are performed, x successful interactions and y failed interactions are performed respectively, if the probability of one successful interaction between nodes is recorded as theta, the probability of x successful interactions between nodes meets two-term distribution, and can be expressed as P (D | theta) ═ theta ^x (1-θ) ^y . According to Bayes theory, α _i And alpha _j The probability density function f (θ) for successful interaction obeys a β distribution with parameters (x +1, y +1), then α _j For alpha _i Direct trust between can be described as:

and given

Therefore, it is not only easy to use

So E (θ) can be calculated from f (θ):

in summary, α _i And alpha _j The direct trust value in between can be expressed as:

in order to reduce errors caused by abnormal behaviors due to weak communication signals or signal interference and other factors to trust judgment and improve the accuracy of node trust description, the same service quality judgment indexes of the nodes are designed

To determine the overall performance of the node between measurement periods, it can be used to penalize the non-trusted node and also reward the trusted node, the formula is expressed as follows:

in case the node generates an untrusted service, a-p,

is a penalty factor for the node service; otherwise, the node generates a trusted service, then a-r,

is a reward factor for the node service. Wherein the content of the first and second substances,

each representing the number of untrusted, trusted activities that the node produces within one measurement period.

The direct trust value is determined based on historical behavior interaction records among nodes, the trust value can be attenuated along with the prolonging of time, and the behavior closest to the current moment can reflect the accuracy better, so the timeliness of the value also needs to be considered. When the interaction between the nodes is completed, if the node alpha _j The resulting behavior is not trusted, then the recalculation is performed

And

on the contrary, if the node α is _j The resulting behavior is trusted, then the recalculation is performed

And

finally, a direct trust value is derived.

Wherein, in

In, x ^h Denotes alpha _i For alpha _j Historical trust record of trusted behavior in

In, y ^h Denotes alpha _i For alpha _j Historical trust record of untrusted behavior, α/[ α + (t) _c -t ₀ )]The time attenuation factor is alpha, the rate adjustment factor is alpha, the attenuation rate in the early stage of the direct trust degree can be smaller than that of an exponential function through the trust attenuation function, and the judgment of the recent interactive behavior on the direct trust value can be better stored.

Because the internet of things sensing layer has the characteristics of large scale, high dynamics and openness, trust generally has subjectivity, and is extremely easy to be attacked by security threat and illegal attack, so that an honest recommender becomes a malicious recommender, so that it is not easy to obtain accurate and objective recommendation trust of the recommender, and information provided by the recommender is generally possible as follows: correct recommendation of honest and reliable nodes, incorrect recommendation of dishonest and reliable nodes and malicious recommendation of attacked nodes. Therefore, a recommendation trust function with reliable recommendation capability must solve multiple recommendation trust problems through a trust merging rule, and the function can correctly distinguish which node recommendations are malicious and which node recommendations are fair and objective.

Herein, a certain sensing node alpha _i And if the recommended trust value given by a certain node is greatly different from the average trust expectation value, the weight of the node in the final result is adjusted to be smaller because the node has abnormal conditions of malicious and scandalous. In the first step, the mean of all recommended trusts needs to be obtained. Suppose that a sensing node is paired _i The total recommended confidence value sequence is m _r1 ,m _r2 ,...,m _rk Then the mathematical expectation of the recommendation confidence is calculated as follows:

the weight average of each recommended trust can be calculated by an Euclidean space distance similarity discrimination method, and the specific calculation method is as follows:

therefore, according to the recommendation trust sequence and the weight of each recommendation trust, the sensing node alpha is detected _i The recommended trust calculation of (c) may be calculated as follows:

to make sense the node alpha _i The final measurement result is objective and accurate, and the credibility of the static attribute and the credibility of the dynamic attribute must be considered comprehensively, because the credibility of the static attribute of the node cannot represent that the dynamic attribute is credible, however, if the static attribute of the node is not credible, the dynamic measurement is not needed any more, because the static credibility of the node is the premise that the node is in a safe state. Therefore, in this mode, for a range of (t- Δ t, t), the _i The confidence measure result of (c) can be calculated as follows:

in the above formula, the first and second carbon atoms are,

the node reliability evaluation method is characterized in that the reliability evaluation method is represented in a delta t time window, if the node is comprehensively measured earlier, the proportion of the reliability value of the static attribute of the node is larger, and obviously, the proportion of the reliability of the static attribute of a sensing node is the largest at the initial moment, but the dynamic attribute reliability accounts for larger and larger proportion after the time goes.

Learning the node alpha from the respective metric function _i Direct trust value of

And recommending trust values

In order to perform objective and comprehensive credibility measurement on the node, the two are required to be calculated comprehensively, so that the weights of the two credibility values in the comprehensive credibility value need to be calculated, however, the currently common method for determining the weights mainly comprises the following steps: the average weight method, the expert experience method and the judgment method according to the simulation experiment result are too subjective and cannot accurately reflect the actual measurement result, and once the coefficients are determined, the coefficients are difficult to dynamically adjust, which is contrary to the concepts of the dynamic property, the self-adaptability and the like of the sensing layer of the internet of things.

For this purpose, information entropy is used, which can represent the degree of disorder of the information, can resolve uncertainty, and has the characteristics of monotonicity, nonnegativity and cumulation. As can be seen from the definition of the information entropy, the information entropy of a discrete random variable X can be represented as:

then the entropy of the information of the direct trust value according to its definition

Information entropy with recommended trust value

Can be calculated by the following formula:

then, the self-adaptive weight omega of the direct trust value and the recommended trust value is calculated _d And omega _r

In summary, the node α _i Is a comprehensive confidence value of

Because the internet of things and the social community have a certain degree of common points, the internet of things belonging to various organizations can be regarded as a set with a certain structure and function, the set can be imagined as a certain social community, as long as sensing nodes in the social community must obey the same rules and enjoy the same resources, and as the communication between people in the society, various nodes in the sensing layer also carry out data interaction frequently, which affects the development of the social community where the sensing nodes are located. The section combines the comprehensive credibility measurement of the nodes under the centralized mode and the distributed mode and the energy credibility measurement of the nodes to construct a credible group of the sensing nodes through a credible logic grouping mechanism.

In the sensing layer, data transmission among various nodes is generally established on a logic structure which takes a cluster as a base and a cluster head node as a core, the sensing node generally directly sends acquired data to the cluster head node, then the cluster head node performs certain integration on the received data, and then the integrated data is forwarded to a sink node in a one-hop or multi-hop mode. Generally, the sensing nodes need to supply power to the sensing nodes by means of a mobile power supply, and the life cycle of each sensing node is closely related to the life cycle of the whole sensing network. If the energy of a certain sensing node in a node group is excessively and intensively consumed, the node can be caused to fail prematurely, so that the whole sensing layer is influenced, the residual energy of the sensing node needs to be known in time, and the energy trust value of the node is obtained, and the energy state of the node is very important for the safe operation of the sensing layer. However, since the energy levels of the sensing nodes are different, data transmission is generally performed by using safer nodes in the data transmission process, so that energy of the high-reliability nodes is excessively consumed, and a situation that traffic load of the internet of things is unbalanced or the network is cracked may be caused. Therefore, the energy state of the sensing node is used as a key dimension of the credibility measure, and the sensing node alpha is evaluated _i Energy consumed in the process of receiving and transmitting information can confirm the energy state of the node, and the node alpha is sensed when the time t is up to _i The energy consumed for transmitting and receiving data is calculated by the following formula:

E _rece (n,d)＝E _ecost ·n

wherein n represents the number of packet transmitting/receiving bits of the node until t, and d is node alpha _i And node alpha _j Physical distance between, d ₀ Threshold value representing transmission distance, E _ecost Representing a unit bit energy consumption value for data interaction between nodes, E _mp Energy lost to meet a given signal-to-noise ratio, E _ecost And E _mp Is artificially preset. Therefore, the node α can be known from the formula _i Total energy consumption E during data forwarding _consume Comprises the following steps:

finally, if the initial energy of the node is E _Init ，E _consume Representing the energy consumed by transmitting data, E ₀ Indicating that normal operation consumes energy, node α _i Residual energy E _residue Can be calculated as:

E _residue ＝E _Init -E _consume -E ₀

if the remaining energy E of the node _residue Not less than energy threshold E _threshold The nodes are shown to be capable of cooperating; otherwise, no matter how high the comprehensive reliability of the node is, the data transmission cannot be carried out. Thereby defining a node alpha _i Energy confidence level T of _E Comprises the following steps:

in centralized networking mode, sensing node alpha is sensed according to the foregoing _i The operation state can be described as (T, ht, Δ T, T) _E ) Where T is the cluster head node according to the integrated confidence measure function T (alpha) _π ,α _i T) calculated alpha _i The integrated metric value of (1) is represented by delta T, the effective time window of the credible state is represented by ht, the historical credible metric value set excluding the current credible metric value is represented by T in one delta T time window _E Is alpha calculated by the cluster head node according to the formula (3-34) _i Energy confidence value of (c).

Assume that the set of sensing nodes belonging to a given organization is { α } ₁ ,α ₂ ,...,α _n }, the cluster head nodes are combined into { alpha [ + ] _π1 ,α _π2 ,...,α _πm And fourthly, the cluster head nodes should perform credible logic grouping on the sensing node set. HeadFirst, α _π Calculating the credibility of all sensing nodes within the communication radius range, wherein the value can pass through the sensing node alpha _i Operating state SD ═ T, ht, Δ T, T _E ) And (4) performing calculation. Suppose that at time t, α _i Has a combined metric value of T (alpha) _π ,α _i T) and an energy metric of T _E (α _π ,α _i T), since the trusted metric herein is a layer-by-layer progressive metric process, the dynamic metric for a node in section 3.2.3 is sometime without continuity, so α _i If credible, cluster head node needs to analyze alpha _i At [ t ] _i ,t _i+1 ]The credibility value in the time period needs to be referenced to the energy state of the node, and finally whether the sensing node is brought into a credible logic group or not can be determined, and the node credibility discrimination F _tc The calculation is as follows:

wherein cluster head node alpha _π Presetting a threshold value th, if F _tc (α _π ,α _i ) Greater than or equal to th, then alpha _i Can be added with alpha _π And the first credible logic group is formed, otherwise, the addition is not allowed, and finally the credible group construction of the sensing layer of the Internet of things is realized.

In this mode, let G _i Is any one sensing node group, cluster head node alpha _πi The sensing node within the communication radius is { alpha ₁ ,α ₂ ,...,α _k At [ t ] for these nodes _i ,t _i+1 ]The operating state metric over the time period is in turn (F) _tc (α _πi ,α ₁ ),F _tc (α _πi ,α ₂ ),...,F _tc (α _πi ,α _k ) By α), then _πi The trust mathematical expectation of a cluster of nodes that is central may be computed as

Then { alpha _π1 ,α _π2 ,...,α _πm Mathematical expectations of the respective clusters are

Since energy is crucial to the stable operation of the sensing layer, { alpha ] is set _π1 ,α _π2 ,...,α _πm The energy remainders are respectively (E) _π1 ,E _π2 ,...,E _πm ) Finally, population G can be calculated _i The trust expectation of (c) is as follows:

for this mode, since the nodes are equal to each other, there is no relationship between management and management, and therefore the nodes need to "negotiate" with other nodes within their communication radius, and gradually construct a trusted logical group with similar features between the nodes, and this process can be described as follows:

suppose n sensing nodes { alpha } ₁ ,α ₂ ,...,α _n }, like in centralized networking mode, sensing node α _j The operating state feature vector of (d) may be described as SD ═ T (T, ht, Δ T, T) _E ) If α is _j The nodes within the communication radius range are { alpha ₁ ,α ₂ ,...,α _k }，α _j Calculating each sensing node except the sensing node by a credible discrimination function, alpha _j Firstly, the nodes with close credibility are taken as credible logic grouping candidate nodes, and in the mode, alpha is _j If a request is made _i Adding the logic grouping of the two nodes, the two nodes need to carry out bidirectional trust difference calculation, so alpha _j For alpha _i Is calculated as follows:

in a similar manner, α _i For alpha _j Is calculated as:

if F is known from the equations (3-37) and (3-38) _tc (α _j ,α _i ) And F _tc (α _i ,α _j ) The trusted logic grouping function is obtained as follows:

θ＝|F _tc (α _j ,α _i )-F _tc (α _i ,α _j )| (3-39)

sensing node alpha _j Presetting a trust difference threshold th, if theta is less than th, then alpha _i Can add alpha _j And (4) grouping the trusted logic, otherwise, not allowing the joining.

In this mode, let G _j Is any one sensing node group, and the sensing node group is { alpha ₁ ,α ₂ ,...,α _n In view of node α in this mode _i And alpha _j Are equal to each other, let { alpha ₁ ,α ₂ ,...,α _n At [ t ] _i ,t _i+1 ]The energy remaining in the time period is (E) ₁ ,E ₂ ,...,E _n ) And an operating state metric (F) _tc (α _j ,α ₁ ),F _tc (α _j ,α ₂ ),...,F _tc (α _j ,α _k ) Finally, a node population G may be computed _j The trust expectation of (c) is as follows:

available k sensing node groups G ₁ ,G ₂ ,...,G _k The set of community trust expectations of is

As the main task of the sensing nodes is to collect and transmit data, the communication bandwidth occupied by different sensing node groups needs to be considered for calculating the trust expectation value of the sensing node group in one area, and the group { G is set ₁ ,G ₂ ,...,G _k Occupied communication bandwidth is { B } ₁ ,B ₂ ,...,B _k And then, the trust expectation value of the area sensing node groupThe following can be calculated:

the trust expectation of a known sink node is

If a certain sensing node group satisfies

The node group is a trusted group, otherwise, the node group is an untrusted group. And stipulate

Is the degree of trust discrimination of the node group according to d _i Partitioning a trusted logical grouping of aware nodes into m trust levels (δ) ₁ ,δ ₂ ,......,δ _m )，0≤δ _i 1 ≦, (i ═ 1,2...., m), and the trust level vector is Ω ═ δ { (δ) ₁ ,δ ₂ ,......,δ _m }，δ ₁ ＜δ ₂ ＜.....＜δ _m Is ordered. There are m kinds of priorities (corresponding to data transmission of sensing nodes) for defining data transmission in a region

Value of) since Ω ═ δ ₁ ,δ ₂ ,......,δ _m The data transmission priority vectors of the sensing nodes are ordered, so that the sensing node a can be obtained _i Data transmission priority level:

wherein delta ₁ ,δ ₂ ,......,δ _m The specific value of the sensor node is determined according to the logic grouping of the sensor nodes, and for a centralized networking mode, the management node is used for sensing the sensor node a _i Upon completion of the confidence metrics, data transmission priority may be determined, and the likeThe level, and for the distributed networking mode, the data transmission priority is usually determined by the aggregation node.

In a centralized mode, firstly, the credibility of the static attribute of a sensing node is measured, then the credibility of the dynamic attribute of the node is measured, and finally whether the node is credible or not is comprehensively judged together with a static measurement result; in the distributed mode, firstly, the direct trust value of the node is obtained, then, the recommended trust value of the node is obtained, and finally, the direct trust and the recommended trust are integrated to comprehensively judge whether the node is in a trusted state. Secondly, on the basis of completing comprehensive credibility measurement on the sensing nodes in the two networking modes, the credible groups of the sensing nodes are constructed under the corresponding networking strategies of each mode according to the credibility distinguishing function of the sensing nodes and the credible logic grouping mechanism, so that the safe operation of the whole sensing layer network is guaranteed.

For the credible logic grouping of the perception nodes, it is set that k perception node groups { G ] exist in one area ₁ ,G ₂ ,...,G _k And the safe operation of the sensing layer can be ensured through the credible measurement and the credible logic grouping. Therefore, in order to further solve the problems, the credibility of the data sources of the sensing node groups is researched, and then the credibility-based remote certification mechanism is used for realizing the credibility verification of the data sources of the sensing nodes under different sensing node logical groups in a centralized networking mode and a distributed networking mode.

For some special scenes of the internet of things, if the specific credibility value of the sensing node can be dynamically tracked in real time, the credibility of the node at any moment can be known through the previous chapter aiming at the comprehensive credibility measurement model of the sensing node. In a centralized sensing node group, if a node in a group wants to transmit data to the outside of the group, the node itself needs to be proved to be trusted firstly, the trusted value of the node and related data can be processed and then sent to a remote node, the remote node can judge whether a data source node is trusted through received information, if the remote node is questioned about the information or considers that the data source node is in an untrusted state, the remote node can trace back to a superior node (a management node) of the data source node, evaluate the trusted condition of the data source node again, and judge whether to continue to interact with the node according to a final result after query.

Under a centralized networking mode of a sensing layer, a superior node in a sensing node group can perform real-time credibility measurement on a data source node, and the data source node firstly describes the measurement value, the timestamp and some other related attributes of the superior node into a remote attestation vector in a formalized manner.

When a certain member node in the node group needs to be verified by a remote node, the data source node only needs to prove that the node belongs to the credible group, so that the privacy of the node cannot be exposed, group signature of a remote proving vector is completed through the source node and the superior node thereof, and safety requirements such as correctness, unforgeability, anonymity, traceability, forward security, invalidity and the like need to be realized.

When a source node transmits data to a remote node, whether the data source node is trusted is determined according to a security policy of the remote node, if the received group signature can be verified without trust, the relevant information of the relevant source node can be checked by opening the signature, trusted inquiry can be carried out on a superior node of the data source node, and if the result is not trusted, data interaction with the source node can be refused.

The processes of signature, verification and signature opening of the group signature scheme are described below, and a superior node in a certain sensing node group can be used as a group administrator, generally regarded as a trusted third party, and proves that the node is a common sensing node. The GM first performs a signature information initialization procedure, and the GM typically initializes the private key, the public key and the corresponding functions required by the system for the group.

The specific process is as follows:

1) GM first sets a safety factor m and randomly selects a secret large prime number Q, then specifies (G) ₁ T and (G) ₂ □) is a Q-th order cyclic group, G ₁ G, and then specifying a bilinear mapping e G ₁ ×G ₁ →G ₂ . Then, a collision-free hash function H is given, 0,1 ^* →G ₁ Random selection of GM

Let g _s If α is the private key of the group, the public key of the group is g _x ＝αG∈G ₁ ；

2) GM is to be ₁ ,G ₂ ,e,Q,G,H,g _x ) Publication to the outside as publication parameter, g _s Then it is used as a privacy parameter.

When a certain sensing node wants to join the group, the node needs to perform an identity interaction authentication protocol with the GM, and the authentication process is as follows:

participant CIN per group signature _i Random selection of s _i ∈Z _q ^* As its private key, then S _i ＝s _i G as its public key. If the GM and the common node can interact through a secure communication means, the valid node of the perception group is the common node after the common node successfully completes the identity authentication:

1)CIN _i to be a legal member in the group, the public key S of the node is first required _i Transmitting to the GM and requesting registration;

2) when the GM completes the authentication of the common node, the GM selects the common node arbitrarily

And obtain

Followed by

To CIN _i If the above steps are successfully finished, the node can be regarded as a legal node of the group, and the GM records the node

Information set L to legal group members ₁ In (1).

1)CIN _i Arbitrarily select

Then obtain

Wherein

Is an initial key, then arbitrarily selected at the t-th time period

Finally, obtain

Thus, CIN _i The key in the time range is

Discarding when the calculation is finished

And

2) optional selection of GM

Then obtain

Wherein

Is an initial key, then arbitrarily selected at the t-th time period

Finally, obtain

It can be seen that the key of the GM in the time period range is

Discarding when the calculation is finished

And with

CIN _i A message to be commonly signed with a GM is CIN _i The confidence measure T and other related attributes OR of the node, where the string connection symbol is | |, m is T □ OR, CIN _i With GM, the message m belongs to {0,1} ^* The process of completing the group signature is as follows:

1)CIN _i first of all, a signature is obtained

Then transmit

To GM.

2) GM obtaining

Then by S _i To judge CIN _i If the node is not authenticated, the GM will not cooperate with it, and if the node is authenticated, the GM will calculate the CIN according to the rekeying process _i Signature key in t time period range

Then obtain

And to

The results of (3) are examined. If the formulas are equal, then the GM may be obtainedGo out

And

and record

To group member signature information set L ₂ In (c), the group signature of the message m is also denoted as Δ ═ σ _i,t ,T _i,t ). If the equations are not equal, step 1) is performed again.

When the remote verifier V receives the group signature Δ ═ (σ) _i,t ,T _i,t ) Then, first, μ ═ h (m) is calculated, and then e (G, σ) is judged _i,t )＝e(g _x +T _i,t μ), if the left and right ends of the formula are equal, Δ (σ) is regarded as being equal _i,t ,T _i,t ) And if the data is not equal, V should immediately stop receiving the signature and the data of the source node.

When the remote verifier V challenges a certain group signature, the group members that generated the signature can be traced by cooperation with the GM. GM may be turned on first Δ ═ (σ) _i,t ,T _i,t ) Then through the set L of legal group members recorded by GM ₁ Signature information set L with group members ₂ To verify the true signature node.

If one wants to test Δ ═ σ (σ) _i,t ,T _i,t ) Is determined by CIN _i Group manager GM performs for legal signatures of m in t time period

If true, ε can be said _i,t It is indeed necessary to pass through the group administrator GM and the group member CIN _i Collectively generated group signatures.

In order to ensure the security of the group signature scheme, the following detailed analysis needs to be performed respectively:

if Δ ═ o (σ) _i,t ,T _i,t ) Is by a group member node CIN _i At the t-thThe signature for message m within the time period. When the remote verifier V receives Δ ═ σ _i,t ,T _i,t ) The calculation is as follows:

therefore, the formula shows that Δ ═ σ _i,t ,T _i,t ) And (4) correct.

If one wants to test Δ ═ σ (σ) _i,t ,T _i,t ) Whether it is CIN _i Signature of the message m within the t-th time period. The group administrator GM may be calculated as follows:

knowing epsilon _i,t Must pass through the group administrator GM and the group member CIN _i Are produced together.

If (σ) _i,l ,T _i,t ) Is composed of CIN _i For the signature of message m, then the specific calculation process is:

from this, it can be seen that (σ) _i,l ,T _i,t ) Is by group member CIN _i Multiple signatures done together with group manager GM, pass (σ) _i,l ,T _i,t ) The specific calculation process of (A) yields that ₁ CIN as a group member _i Signature, Θ, done together with the group administrator GM ₂ CIN as a group member _i BLS signature on message m, Θ ₃ For group administrator GM and group member CIN _i BLS signatures for message m, respectively, because ₁ 、Θ ₂ And theta ₃ All satisfy the unforgeability, so Δ ═ σ _i,t ,T _i,t ) The forgery-proof property is also satisfied.

The anonymity of the signature means that for a given group signature only the group administrator GM can open the signature and catch up with itTracing to a true signature node, i.e. assuming there is a different CIN _i And CIN _h (i ≠ h) signs the same message m, then it is indistinguishable (σ ≠ h) _i,t ,T _i,t ) And (sigma) _h,t ,T _h,t ). If the attacker knows the GM and the CIN by illegal means _i 、CIN _h However, first of all, assuming that the GM is in a trusted state, an attacker can open up the key other than Δ (σ) through cooperation with the group administrator GM _i,t ,T _i,t ) Any one signature of (1). Suppose an attacker is interested in the m, CIN of a message _i And CIN _h Respectively obtain (sigma) _i,t ,T _i,t ) And (sigma) _h,t ,T _h,t ) It is known that the attacker can be distinguished (σ) _i,t ,T _i,t ) And (sigma) _h,t ,T _h,t ) Because G can be solved by an attacker ₁ The above CDH challenge is a prerequisite. The detailed analysis process is as follows:

if the attacker knows the CIN of the group members _i The group signature for message m is (σ) _i,t ,T _i,t ) And group administrator GM and group member CIN _i So that it is possible to obtain:

ω＝αH(m),μ _i ＝s _i H(m),ν _i ＝σ _i,t -ω-μ _i due to the fact that

Thus satisfying

Order to

And due to

From top to bottomAs can be seen from the process, v is easily obtained _i abG, which illustrates that although an attacker can solve an example of the CDH difficulty problem, it is true for the case of the attack at G ₁ In the above, the problem cannot be calculated, and indirectly shows that an attacker cannot smoothly realize the attack, so that the anonymity is met.

As can be seen from the above implementation of the group signature, Δ ═ σ _i,t ,T _i,t ) Is composed of GM and CIN _i Generated cooperatively. CIN _i If it is desired to provide a legal group signature, it is necessary to pass through cooperation with a GM and CIN is also recorded in the group administrator GM _i Specific identity and public key of

When the remote verifier V receives the signature and challenges it, the GM can open Δ ═ σ _i,t ,T _i,t ) And then, the real signature node can be traced according to the group member information list recorded in the GM.

If there are two signatures, it is satisfied that only GM can recognize whether they are by the same CIN or not _i When signed, it is said to have no correlation. Suppose CIN _i When the time periods t and t + delta t are different, aiming at the different messages m _t And m _t+Δt To obtain (sigma) _i,t ,T _i,t ) And (sigma) _i,t+Δt ,T _i,t+Δt ). If the attacker can distinguish (sigma) _i,t ,T _i,t ) And (sigma) _i,t+Δt ,T _i,t+Δt ) And the attacker knows (σ) _i,t ,T _i,t ) Is CIN _i For message m at time period t _t The attacker also obtains GM and CIN _i Needs to ensure that the GM is in a secure state, so that ω ═ α H (m) is known _t ),μ _i ＝s _i H(m _t ),ν _i ＝σ _i,t -ω-μ _i ,

Can prove that

Is a group G ₁ The CDH difficulty problem above. Because in group G ₁ The above difficult problem cannot be solved, so if one wants to judge (σ) _i,t ,T _i,t ) And (sigma) _i,t+Δt ,T _i,t+Δt ) There is no relevance but it is impossible to do without opening them.

As can be seen from the above, since this group signature scheme is not forgeable, it is not feasible to forge a legitimate signature node to perform signature on the premise that other nodes except the signature node do not have the group member key, and thus the scheme is not forgeable. As can be seen from the above, the group signature scheme is not forgeable when the GM wants to sign the node CIN _i GM needs to authenticate CIN when collaboratively generating a valid group signature _i The validity of (2). Therefore, even if some nodes within the group want to jointly collude the forged legitimate signatures, it is impossible to construct a legitimate group signature that can be normally traced back by a GM if the GM does not cooperate with them.

Suppose CIN _i Can be selected according to any requirements

To decide the key

The change of the time period does not influence the selection of the random number, and the signature key can be updated without limitation. If an attacker now knows CIN _i The key in the t time period range is

If one wants to further obtain the key before the t time period, the attacker must obtain CIN _i In the time interval k-0, 1,2,3,4, t-1 before t

But instead of the other end of the tube

After obtaining the key for t time period at any timeI.e., destruction, so if the attacker wants to pass within the t-1 time period

To obtain

Then the process can be generalized to solving for group G ₁ The discrete logarithm of (a) problem, whereby it follows that an attacker cannot derive a key from a time t period

The key before the t time period is guessed so as to forge the signature. The scheme has forward security.

In summary, for the centralized networking mode of the sensing layer, the group signature scheme based on the node trusted logical grouping provided in this section implements trusted certification of a data source, and by analyzing and certifying the security of the scheme, it can be known that the scheme can effectively protect the concealment of group membership, has forward security, unforgeability, traceability, and resistance to collusion attack and evil attack, and meanwhile, the scheme has a short group signature length, can effectively reduce the communication and computation overhead of the internet of things terminal, and has a stronger practicability.

In the networking mode, the sensing node divides the sensing layer into a plurality of logic groups through a credible measurement model of a third chapter and a credible logic grouping, so that the incredible nodes can be effectively eliminated in the process, and because different logic groups have different credibility respectively, when the sensing node remotely proves outwards, the remote node can only learn which logic group the sensing node belongs to, but cannot track the real node. In view of the fact that in the networking mode, data of sensing nodes in a region are finally transmitted to a network layer through aggregation nodes, for safety and reliability, a plurality of aggregation nodes must exist in the region, the aggregation nodes can divide all the sensing nodes in the range governed by the aggregation nodes into a plurality of logic groups, and the sensing nodes in different logic groups adopt a threshold ring signature strategy to sign the credibility information of the sensing nodes, so that external credibility verification is achieved.

Firstly, a convergence node of a region boundary carries out credibility measurement on sensing nodes in the scope of the convergence node through a model provided in the third chapter of the text, the measurement process is based on the static credibility measurement of the sensing nodes, the dynamic credibility measurement of the sensing nodes in a given time window is taken as a core, the comprehensive measurement value of the sensing nodes is obtained by combining subjective direct trust and objective recommended trust, then certain sensing nodes with similar characteristics become a trusted group through a credible logic grouping mechanism, when the nodes are proved to the outside, only the nodes need to be proved to belong to a certain credible group, and therefore the identity and the position privacy of the nodes cannot be exposed. Secondly, in this networking mode, the sensing node is usually managed by the aggregation node. Therefore, sensing nodes in different logic groups can adopt a threshold ring signature strategy to sign credibility information of the sensing nodes, remote nodes analyze and judge whether a data source is credible according to a signature verification result, and if the data source is questioned, the remote nodes can refuse to further interact with the data source, so that unconditional anonymity and unforgeability are realized.

First, large prime cyclic groups G and G of order P are selected _T ，e:G×G→G _T Is a bilinear map. Provision for

And

all are secure hash functions, and the number of generated bits by which any node unique identification ID can be mapped to m to be signed is n _u And n _m The bit vector of (a). The signature process herein comprises the following steps:

Z _p for integer field, arbitrarily choose α ∈ Z _p G is a generator of G, and then let G ₁ ＝g ^α Optionally selecting g ₂ ,u′,m′∈G ₁ ，n _u Bit vector

n _m Bit vector

And arbitrarily select u _i ,m _i E G, so that the parameter is

The system master key is

Knowing the identity ID of each sensing node, let u be H _u (ID) is n of a node identification ID _u Bit-vector, u [ i ]]Representing that this bit vector is at the ith bit,

is u [ i ]]List of i 1, randomly select r _u ∈Z _p Then the node identifies the private key corresponding to the ID as

After the system parameters are established, the signature node signs the message m (the message m is the credibility of the sensing node). For the convenience of description, assume that there are n sensing nodes { ID ] in a certain sensing layer logical grouping ₁ ,ID ₂ ,ID ₃ …,ID _n Since each node has a unique identification ID, then the list of identifications of the t nodes that can be assumed to be really signed is ID ₁ ,ID ₂ ,ID ₃ …,ID _t And then the ID list of the rest nodes is { ID } _t+1 ,ID _t+2 ,…,ID _n Where t < n. The true signature node should complete the signature according to the following procedure:

all signature node IDs _i Arbitrarily select

And set it to the secret parameter of the node, then all signed node IDs _i (i 1,2.. t) respectively in the structural coefficient Z _p Next, a polynomial f of degree t-1 is selected _i (x)：

f _i (x)＝a _i,0 +a _i,1 x+......+a _i,t-1 x ^t-1

Let s _i ＝a _i,0 Each ID _i To obtain

Then sharing the signature nodes except the signature node to obtain s _i,j ＝f _i (j) Then share them to all nodes except self (all other members in the signature subset), self record s _i,i ＝f _i (i)。

Then node ID _j Obtaining the ID _i Broadcast s _i,j Then pass through

And if the results are equal, the verification is successful.

All node IDs _i All need to derive their own secret is

Knowing the set of signature nodes { ID ₁ ,ID ₂ ,ID _i …,ID _t In the } the true signature node ID _i Is (d) _i,1 ,d _i,2 ) Then obtaining M ═ H _m (L, m, t). Let

A bit vector M [ l ] of M]List of sequence numbers l as 1, resulting in:

the above formula (4-6) of the above-mentioned processes,

is the lagrange coefficient.

5) In { ID } ₁ ,ID ₂ ,ID _i …,ID _t Every node in the set, arbitrarily choose r ₁ ,r ₂ ,…r _n ∈Z _p Let us order

Thus, it is possible to obtain

Finally, message m and node list { ID } are generated ₁ ,ID ₂ ,ID ₃ …,ID _n The threshold ring signature of } is as follows ═ V, R ₁ ,…,R _n ,R _m ,f)。

The remote node shall pair σ ═ V, R according to the following procedure ₁ ,…,R _n ,R _m And f) carrying out the test. Verify σ ═ V, R ₁ ,…,R _n ,R _m F) whether the generation is in the node list { ID ₁ ,ID ₂ ,ID ₃ …,ID _n The method is jointly completed by not less than the number t of signature nodes.

The remote node first verifies if f is erroneous and then checks R _m Whether or not to cooperate with g ^f(0) Are equal. If equal, the following check continues, otherwise, indicating that the verification was unsuccessful. Second, remote node determination

If yes, the result indicates that σ ═ V, R ₁ ,…,R _n ,R _m And f) is correct and legal, the signature can be accepted, the subsequent interactive behavior is continued, and otherwise, the signature is rejected. In order to ensure the security of the threshold ring signature, it needs to be verified to satisfy correctness, anonymity and non-forgeability respectively.

Assumption set { ID ₁ ,ID ₂ ,ID ₃ …,ID _n All sensing nodes in the system can faithfully execute a signature protocol, so that a signer can correctly generate a signature for the message m, and correspondingly, a verifier can also verify the message m successfully.

Because of the fact that

Therefore, it is not only easy to use

Then, the signature σ is calculated as follows:

from the above proof process, it can be seen that as long as the signer correctly generates a signature according to the signature protocol, the signer can obtain a legitimate signature, and thus obtain a proof.

The signature scheme herein has unconditional anonymity, i.e. ID for the set of nodes ₁ ,ID ₂ ,ID ₃ …,ID _n With the resulting threshold ring signature, the probability that an attacker can successfully guess the set of true signatures is less than 1/d, and therefore unconditional anonymity is obtained.

Because of the fact that

Is by a set of nodes ID ₁ ,ID ₂ ,ID _i …,ID _t Is chosen arbitrarily, so the private secret x of the signing node _i Is irregular. Moreover, R in the signature σ _t+1 ,…,R _n ,R _m And is also irregular and does not reveal the relevant characteristics of the true signature node. For R _i (i-1, 2, …, t),

can know that R _i (i ═ 1, …, t) is irregular. And because:

representing a master key, r _ID1 +r ₁ ,…r _IDt +r _t …r _t+1 ,…r _n The choice of f (0) is all irregular and therefore does not represent any features related to the true signature node.

Therefore, assuming infinite computing power for the attacker, the ID is intercepted ₁ ,ID ₂ ,ID ₃ …,ID _n The probability that an attacker can successfully guess the actual signature subset is not greater than 1/d, namely the attacker cannot trace the ID ₁ ,ID ₂ ,ID ₃ …,ID _n The signature subset of. Therefore, this scheme satisfies unconditional anonymity.

On the premise of the CDH difficulty problem, the signature process is not forgeable, a correct signature can be generated only by cooperation of all given nodes, and any node or part of subset nodes of a group cannot generate the correct signature.

If an attacker a can forge signatures of legitimate signature subsets with a non-negligible probability, an algorithm B of probabilistic polynomial computational complexity can be constructed, provided that B can solve the CDH difficulty problem within a probability of e' during the time t by invoking a.

Presetting a certain CDH instance (g, g) of B ^a ,g ^b ) To solve the CDH problem by A, g is obtained ^ab The challenger who makes B pretend to be A can be divided into the following steps:

1) and (5) initializing the system. B specifies l _u ＝2(q _e +q _s )、l _m ＝2q _s Q of the formula _e How many times a private key query was made, q _s Representing how many signature key queries a has performed. Arbitrarily select k _u And k is _m And make 0 ≦ k _u ≤n _u And 0 is not more than k _m ≤n _m Then assume l _u (n _u +1) < p and l _m (n _m +1) < p. B random selection

And the number of digits is n _u X ═ X (X) _i )，x _i ∈Z _lu (ii) a Random selection

The sum number is n _m Is (Z) _k )，

Finally, B randomly selects y ', w' epsilon to Z _p The number of digits is n _u Is (Y) _i ) The number of digits is n _m W ═ W _i )，y _i ,w _i ∈Z _p 。

Aiming at the node unique identification ID in the sensing node list L and the bit vector u of the signature message is H _u (ID) and M ═ H _m (L, m, t). Now, the following is specified:

b calls all the parameters in the above signature scheme are: g ₁ ＝g ^a ，g ₂ ＝g ^b ，

1≤i≤n _u ，

1≤i≤n _m

It can be seen that the above parameters are not distinguished from the public parameters derived by the attacker. Thus, it is possible to provide

But also can be pushed out

B then transmits these parameters to a.

2) And (3) inquiring: if A makes the following query, B will react as follows:

private key inquiry: identified as ID at A pair of nodes _u Even if B does not know its master key from, assume F (ID) when challenged with the private key of (B) _u ) If not 0modp holds, B can also calculate its private key as

B random selection of r _u ∈Z _p Then, it is found:

let

Can know d _IDu Identifying ID for node _u Is valid.

For a, the private key constructed by B is identical to the private key generated by the real challenger. If f (u) is 0mod p, the process cannot continue and B cannot succeed.

Signature query: query for L ═ { ID in a ₁ ,ID ₂ …,ID _n When the threshold value is t (t < n) and the signature is aimed at M, B firstly obtains M-H _m (L, m, t), and secondly generating a (t, n) threshold ring signature by:

(a) b optionally selecting s, a ₀ ,a ₁ ,…a _t-1 ∈Z _p Then, a polynomial f (x) of degree t-1 is set ₀ +a ₁ x,…a _t-1 x ^t-1 ,s＝a ₀ 。

(b) If L ═ ID ₁ ,ID ₂ …,ID _n There are not less than t IDs _i I ∈ (1,2, …, n), such that F (ID) _i ) Not equal to 0mod p holds. May be set to γ is F (ID) _i ) In the set of all i where No. 0mod p holds, γ can be (1,2, … t). B calculates its private key according to the private key inquiry process, and then obtains all node IDs for threshold ring signature _i Private secret x ═ 1,2, … t _i And f (i), constructing a corresponding threshold ring signature by using the signature generation process in the scheme.

If F (ID) is set in the node list L _i ) Not equal to 0mod p, the number of nodes for which (i ∈ 1,2, …, n) is smaller than t, B can also construct a threshold ring signature. If K (M) ≠ 0mod p, then B arbitrarily chooses r ₁ ,…r _n ,r _m ∈Z _p To obtain:

in the above formula, the first and second carbon atoms are,

from this, σ is known to be valid. If k (m) is 0mod p, the above process stops and B fails.

3) Counterfeiting: a can forge against

Threshold ring signatures σ of threshold values t and m. If B succeeds in this process, B should verify the following formula:

b will be unsuccessful as long as one of the two formulas is not satisfied. If both equations are satisfied, B can be obtained:

the result of the above equation is the answer to the CDH difficult question.

Therefore, if the probability of success of an attacker forging a legal threshold ring signature is not negligible, a corresponding algorithm can solve the difficult problem, but the method contradicts the assumption of the discrete logarithm problem, so that the threshold ring signature scheme in this chapter is known to have non-forgeability.

In summary, for the sensing layer distributed networking mode, the (t, n) threshold ring signature scheme based on the node trusted logic grouping designed in this section under the standard model realizes the trusted certification of the data source, and by analyzing and certifying the security of the scheme, the scheme can effectively protect the privacy information of the certified node, has unconditional anonymity and meets the requirement of unforgeability, and meanwhile, the signature length of the scheme is short, so that the scheme provided herein is safe and efficient, and is suitable for sensing nodes with limited computing resources.

According to the method and the device, the sensing nodes are subjected to credibility measurement in a centralized networking mode and a distributed networking mode respectively, and then credible logic groups are constructed according to different networking strategies, so that the safe operation of a sensing layer can be realized. On the basis, as for how to solve the problem of source credibility of the sensing layer node during data transmission, remote certification mechanisms in a centralized networking mode and a distributed networking mode are respectively researched. In a centralized networking mode, a remote certification process is completed through a group signature scheme, the privacy of the nodes is not exposed in the certification process, the verification node can inquire whether the node is a credible node or not to a management node at a data source according to the received signature, and the node can be traced when disputes occur to data, so that the aim of dynamically tracing the node is fulfilled. Under a distributed networking mode, a remote certification process is completed through a threshold ring signature scheme, and the scheme has unconditional anonymity and unforgeability, has good anti-attack capability and can effectively guarantee the credibility of node data transmission.

The simulation experiment under the internet of things perception network is carried out according to the scheme provided by the text, and corresponding brief analysis is carried out. The method comprises the steps of taking a Window10 operating system as an operating platform, installing an environment of a Ubuntu virtual machine, and building a simulation perception network by using NS2 network simulation software to evaluate the effectiveness of a credibility measurement model and the effectiveness and dynamic adaptability of a remote certification scheme. In the simulation experiment, three types of nodes, namely a sink node, a cluster head node and a sensing node, coexist. Firstly, randomly deploying all kinds of nodes in a region range of 200m × 200m, setting the running time of a simulation sensing network to be 1000s, and managing cluster head nodes by default sink nodes and managing sensing nodes by the cluster head nodes. The detailed experimental parameters of the simulation in this section are shown in table 1 below:

table 1 simulation test parameter set-up

Because the malicious attacks faced by the current perception layer are more complex, any perception node and any group are very easy to be attacked, the credibility measurement model which takes the dynamic credibility measurement of the node as the core can efficiently perceive the malicious attacks and the attacked nodes on the basis of the static credibility measurement of the node, and the node can be protected in the first time when facing the attacks, so that the safety state of the node can be ensured. But all attack types suffered by the sensing node cannot be simulated, so that the correctness of the proposed model and the effectiveness of the remote attestation scheme are evaluated only by simulating the most typical attack types. The simulated sensing nodes are divided into two types, namely normal nodes and malicious nodes, wherein the malicious nodes mainly carry out three types of malicious behaviors, namely (1) counterfeiting attack (2) flooding attack (3) selective attack, in a simulated simulation experiment.

In the simulation perception network, when a malicious perception node attack is faced, the scheme is compared with a defense mechanism suitable for the perception node and proposed in the prior art in detail. Assuming that all nodes can be considered to be trusted at the initial moment, because of the existence of some malicious nodes, the number of the malicious nodes increases with the increasing number of interactions between the nodes, so that the operating states of the malicious nodes in the sensing area accounting for 5% and 15% are simulated respectively, and then the trusted node rate in the area is obtained by comparing fig. 2 with fig. 3 as follows:

as can be seen from the simulation experiment comparison result graph, in the sensing node area, with the change of the operation time of the sensing network and the improvement of the occupation ratio of the malicious nodes, the method can very efficiently distinguish whether a node is an untrusted node with malicious behaviors, and then the untrusted node is removed from the sensing area where the untrusted node is located, so that the credibility of the node in the sensing area is ensured, and the safe operation of the sensing network and the safe transmission of data in the sensing network are realized.

And (3) carrying out simulation on remote certification among nodes in the perception layer, and adopting various attack means of the malicious nodes to check the correctness, the effectiveness and the network dynamic adaptability of the scheme researched by the text. Fig. 4 and 5 show the comparison result of the trusted data receiving rate of the node when the malicious node accounts for 5% and 15% of all the nodes, respectively, wherein scheme 1 represents the scheme of using the traditional sensing node authentication scheme, and scheme 2 represents the scheme of interacting without remote attestation.

In the perception network area, under the condition that malicious nodes account for 5% and 15% respectively, the adoption of the remote attestation scheme provided by the invention can effectively ensure the trusted data rate of data received by the remote nodes, and the reason that the remote attestation scheme provided by the invention is superior to the scheme 1 and the scheme 2 is that the security and the trust of the nodes can be ensured before the data source head node transmits data.

Fig. 6 shows the energy remaining rate of the present application. The remote attestation scheme proposed herein is slightly more energy consuming than scheme 1 and scheme 2, because the scheme herein is more computationally complex than scheme 1 and scheme 2, and therefore the energy consumption rate per unit time must be greater than scheme 1 and scheme 2, but does not significantly affect the lifetime of the sensing node, however, it is clear from the above that the security of the scheme is far better than that of scheme 1 and scheme 2. The comparison result of the safety and the energy consumption is comprehensively balanced, so that the remote proof scheme obtains better safety through less energy consumption, and is more suitable for an actual Internet of things perception layer.

Since the sensing network may change at any time due to a plurality of unstable reasons, the capability of a certain sensing network that can still operate truthfully without being affected by external factors is called dynamic adaptability. If a trust model is not influenced by external complex and dynamic factors and can still accurately and continuously measure the credibility of the sensing node, the measurement model can be considered to be effective and have strong dynamic adaptability. In different internet of things perception networks, due to different deployment environments, the interaction conditions among nodes are different greatly, for example, the nodes are not interacted frequently due to the limitation of computing resources of some perception networks; for another example, in an environment such as a car networking environment, frequent interaction between nodes may be required, so that the network dynamic adaptability of the scheme is checked by comparing the scheme with the scheme 1 and the scheme 2 under different perception networks.

(1) SRF represents communication frequency between nodes, the busy state of the sensing network can be represented by the value size, the value change interval is [0,1], and the larger the value is, the more frequent the communication between the nodes is. This value is typically set to a constant depending on the different perceptual networks deployed.

(2) TDF represents the dynamic change frequency of the whole sensing network, because a sensing node may join or exit at any time, and the dynamic change of the sensing network can be represented by the value, and the value change interval is [0,1 ]. This value is typically set to a constant depending on the different perceptron networks deployed.

The simulation experiment represents the dynamic adaptability of the remote certification model according to the size of the node credible interaction success rate TSSP. If TSSP is bigger, the model has stronger dynamic adaptability. Given that ST (Δ T) is a record of successful communication between nodes and GT (Δ T) is the number of all communications between nodes including communication failures, TSSP can be expressed as:

Δ T is the communication time window.

The remote attestation scheme herein contrasts with other schemes' dynamic adaptation capabilities in different perceptual network environments, respectively, as shown in fig. 7 and 8. SRF is 0.9 and TDF is 0.8, which indicates that the sensing network changes frequently and the communication between nodes is frequent in the scene.

In conclusion, compared with the scheme 1 and the scheme 2, the scheme is more suitable for the sensing layer of the internet of things, and the scheme has better network dynamic adaptability because the remote proving scheme takes the characteristics of sensing nodes in different networking modes into full consideration on the basis of the real-time comprehensive credibility measurement of the nodes and can accurately and objectively describe whether the nodes are safe or not.

The invention has the beneficial effects that compared with the prior art, the credibility measurement and remote certification method and system for the sensing layer of the Internet of things can provide a credibility measurement model suitable for sensing nodes in multiple directions and fine granularity aiming at the sensing layer of the Internet of things, and in order to solve the problem that the current model cannot meet the current situation of the current Internet of things and lacks objectivity and dynamics, corresponding credibility measurement models are respectively constructed in a centralized mode and a distributed mode of the sensing layer, and then credible logic grouping is carried out according to the measurement results of the sensing nodes so as to construct credible groups with different trust levels, so that the safe operation of the sensing layer nodes is ensured. Secondly, on the basis of the credible logic grouping of the sensing layer, aiming at a centralized networking mode, the credible certification of the sensing data source is realized through a remote certification mechanism based on group signatures, the mechanism can effectively ensure the credibility of the data source, meanwhile, the privacy of the data source cannot be leaked, the traceability can be realized when the remote node does not trust the other side, the operation efficiency of the mechanism is high through experimental simulation, the calculation performance consumption is low, and the state of the sensing data source can be effectively verified. Aiming at a distributed networking mode, a credible proof of a data source is realized through a threshold ring signature technology, the scheme has anonymity and non-forgeability, experimental simulation shows that the mechanism meets better anti-attack performance and network dynamic adaptability, and secure transmission of sensing data can be guaranteed.

The present applicant has described and illustrated embodiments of the present invention in detail with reference to the accompanying drawings, but it should be understood by those skilled in the art that the above embodiments are merely preferred embodiments of the present invention, and the detailed description is only for the purpose of helping the reader to better understand the spirit of the present invention, and not for limiting the scope of the present invention, and on the contrary, any improvement or modification made based on the spirit of the present invention should fall within the scope of the present invention.

Claims

1. A credibility measurement and remote certification method for a perception layer of the Internet of things is characterized by comprising the following steps:

step 1, establishing a credibility measurement model based on static parameters and dynamic parameters of sensing nodes in the sensing layer, and acquiring weights of different credibility measurement models based on measurement time and information entropy respectively under networking modes of different internet of things sensing layers so as to solve a comprehensive credibility value;

step 2, carrying out credible logic grouping on the sensing nodes by adopting the comprehensive credible value and the energy credible value of the sensing nodes;

and 3, generating a group signature of the sensing node through the dynamically updated key, and realizing the credibility certification of the sensing node from a remote node based on unforgeability analysis and anonymous analysis.

2. The method for the credibility measurement and the remote certification of the perception layer of the internet of things according to claim 1, wherein the method comprises the following steps:

the networking mode of the sensing layer of the Internet of things comprises a centralized networking mode and a distributed networking mode.

3. The method for the credibility measurement and the remote attestation of the perception layer of the internet of things according to claim 2, wherein the method comprises the following steps:

the credibility measurement model comprises a static credibility measurement model and a dynamic credibility measurement model.

4. The method for the credibility measurement and the remote certification of the perception layer of the internet of things according to claim 3, wherein the method comprises the following steps:

in the centralized networking mode, the static credibility measurement model of the sensing node comprises a physical attribute credibility evaluation model, a hardware attribute credibility evaluation model, a software attribute credibility evaluation model, a network attribute credibility evaluation model and a static attribute credibility measurement model.

5. The method for credibility measurement and remote attestation of the perception layer of the internet of things as claimed in claim 4, wherein:

in the distributed networking mode, the sensing node dynamic credibility measurement model is a weighted sum of bidirectional static measurement values between the sensing node and other nodes in the sensing layer of the internet of things.

6. The method for credibility measurement and remote attestation of the perception layer of the internet of things as claimed in claim 5, wherein:

under the distributed networking, the one-way static metric value between the sensing node and any one of the other nodes in the sensing layer of the internet of things is the access right pr of any one of the other nodes to the sensing node for the current process of the sensing node _i The weighted sum of the intersection of the two allowed access permissions pu of the current process of the sensing node in the sensing node by the any other node;

wherein i is the serial number of all processes between the sensing node and any one of the other nodes;

the weighted sum of the intersection of the two includes all processes between the sensing node and any one of the other nodes.

7. The method for the credibility measurement and the remote certification of the perception layer of the internet of things according to claim 6, wherein:

the weight of the weighted sum of the two intersections is the derivative of the number of all processes of the sensing node for the other nodes at present.

8. The method for the trust measurement and remote attestation of the awareness layer of the internet of things as claimed in claim 7, wherein:

in the centralized networking mode, the dynamic credibility measurement model of the sensing node comprises a data grouping forwarding rate credibility measurement model, a data grouping repetition rate credibility measurement model, a data grouping time delay credibility measurement model, a data forwarding flow credibility measurement model, a node channel state credibility measurement model and a dynamic attribute comprehensive credibility measurement model.

9. The method for trustworthiness measurement and remote attestation of the awareness layer of the internet of things as claimed in claim 8, wherein:

in the distributed networking mode, the dynamic credibility measurement model of the sensing node comprises a direct credibility measurement model and a recommended credibility measurement model.

10. A credibility measurement and remote certification system of a perception layer of the Internet of things is characterized in that:

the system is realized by adopting the credibility measurement and remote certification method of the perception layer of the internet of things as claimed in any one of claims 1-9.