CN115033908B - Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method - Google Patents
Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method Download PDFInfo
- Publication number
- CN115033908B CN115033908B CN202210962115.3A CN202210962115A CN115033908B CN 115033908 B CN115033908 B CN 115033908B CN 202210962115 A CN202210962115 A CN 202210962115A CN 115033908 B CN115033908 B CN 115033908B
- Authority
- CN
- China
- Prior art keywords
- data
- exploration
- secret
- center
- fine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6272—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an oil-gas exploration fine-grained dense-state data retrieval method based on cloud storage, which comprises the following steps: encrypting and uploading original oil and gas exploration fine-grained data; authorization of confidential data retrieval; searching secret data; the cloud server aggregates the secret data; and (4) blinding, decrypting and statistically analyzing the aggregated confidential data. The invention ensures that the confidentiality of oil-gas exploration fine-grained data is not influenced by various attackers, and also ensures the bidirectional privacy protection of the identity of a data owner and the identity of a data user during data sharing, in addition, after the data analysis center retrieves the aggregated secret data from the cloud server, the data analysis center needs to blindly perform decryption, uses a second secret parameter during blinding, uses a decryption private key during decryption, even if the decryption private key is leaked, the attackers cannot obtain the blinded aggregated secret data, and cannot decrypt the aggregated value of the original oil-gas exploration fine-grained data through the decryption private key, thereby preventing the leakage of the oil-gas exploration fine-grained data information.
Description
Technical Field
The invention belongs to the field of big data analysis and safety processing in an oil gas exploration and development system, and particularly relates to a cloud storage-based oil gas exploration fine-grained and dense-state data retrieval method.
Background
The petroleum and the natural gas are used as important energy resources and strategic materials of the country, and the safety of the petroleum and the natural gas is an important basic stone for the national strategic safety. The oil and gas exploration work as a front-end joint of the oil and gas industry comprises the work of resource searching, design and implementation of a development scheme and the like, and has important significance for maintaining the stability of resource exploration reserves and ensuring the continuous development of the oil and gas industry. The research and development mechanism can integrate and analyze the oil and gas exploration data to obtain a global exploration model, so that repeated research and development of the oil and gas exploration mechanisms on the same project are reduced.
Since the data at each site of the oil and gas exploration is usually confidential data, the data often includes the site of oil and gas exploration discovery, machine investment, and even the oil and gas transportation path. Therefore, confidentiality of these strategic data is generally guaranteed. Therefore, each exploration institution wishes to have access to fine-grained data only by itself and grants data usage rights only to the relevant data analysis centers for the purpose of making the data available invisible. It is also only then that as a data owner, one would like to contribute his own data to obtain a more optimal global model.
In addition, since the data storage service of each organization is usually outsourced to the cloud server, the data in this mode is out of the control of the data owner. Therefore, the user can adopt a mode of uploading the encrypted data to ensure that the data is not leaked, but the authorization process of the data is not facilitated.
Therefore, under the background of data storage outsourcing, on the basis of ensuring the confidentiality of the multi-source heterogeneous exploration data, a sharing scheme which can keep the access right of a data owner to own data and can realize the data sharing right is an important base stone for novel intelligent oil-gas exploration and development in the big data era.
Disclosure of Invention
The invention aims to overcome one or more defects in the prior art and provides a cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method.
The purpose of the invention is realized by the following technical scheme:
the oil and gas exploration fine-grained dense-state data retrieval method based on cloud storage is applied to an oil and gas exploration fine-grained dense-state data retrieval system, the oil and gas exploration fine-grained dense-state data retrieval system comprises a cloud server, an exploration and development field area data manager, a data analysis center and a trust center, the cloud server is respectively in communication connection with the exploration and development field area data manager, the data analysis center and the trust center, the trust center is respectively in communication connection with the exploration and development field area data manager and the data analysis center, the exploration and development field area data manager has a plurality of time periods and a plurality of types of original oil and gas exploration fine-grained data, and the retrieval method comprises the following steps:
s1, encrypting and uploading original oil and gas exploration fine-grained data: the method comprises the steps that a data manager of an exploration and development area obtains fault-tolerant parameters sent by a trusted center through a safety channel, encrypts original oil and gas exploration fine-grained data of the data manager by using the fault-tolerant parameters to generate corresponding secret data, and uploads the secret data to a cloud server;
s2, authorization of secret data retrieval: an exploration and development field data manager obtains a large prime number sent by a trust center through a security channel, de-blindes a first public parameter which is disclosed by the trust center according to the large prime number, generates a first secret parameter for authorization retrieval after de-blinding, then makes a plurality of different authorization access strategy values according to the first secret parameter, recovers the first polynomial after taking each authorization access strategy value as a root of the first polynomial, generates a security index according to the recovered first polynomial, and uploads the generated security index to a cloud server, wherein the authorization access strategy value comprises type information of secret data and time period information of the secret data, and the type information and/or the time period information of the secret data contained in the different authorization access strategy values are different;
s3, retrieval of secret state data: the data analysis center acquires a first secret parameter sent by the trusted center through a security channel, reconstructs an authorized access strategy value according to the first secret parameter, and sends the authorized access strategy value to the cloud server, wherein the reconstructed authorized access strategy value is one or more of authorized access strategy values made by an exploration and development field data manager;
s4, the cloud server aggregates the secret data: the cloud server retrieves the secret state data according to the security index and the authorized access strategy value sent by the data analysis center, aggregates the retrieved secret state data, and then returns the aggregated secret state data to the data analysis center;
s5, blinding, decrypting and statistically analyzing the aggregated secret data: the data analysis center obtains a second secret parameter which is distributed by the credible center and used for blinding the ciphertext and a decryption private key used for decrypting the ciphertext, blinds the aggregated secret data according to the second secret parameter, decrypts the blinded aggregated secret data according to the decryption private key to obtain an aggregated value of original oil-gas exploration fine-grained data, and then carries out statistical analysis according to the aggregated value of the original oil-gas exploration fine-grained data in a privacy protection state.
Preferably, the step S1 further comprises the following steps:
initializing a system: the trusted center sets a security password component related in the method, and a second polynomial, a first secret parameter, a second secret parameter and a third secret parameter based on a threshold secret sharing method, wherein the security password component comprises a homomorphic encryption public parameter, a decryption private key, a multiplication cyclic group, a generator of the multiplication cyclic group and a hash function.
Preferably, before the exploration and development field data manager acquires the fault-tolerant parameters sent by the trusted center through the secure channel, the exploration and development field data manager sends a registration request to the trusted center, and the trusted center records registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number;
before the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request.
Preferably, the system initialization specifically comprises the following sub-steps:
the trusted center selects the first prime numberAnd a second largest prime numberCalculating the modulusDecrypting the private keyHomomorphic encryption public parameter oneAnd homomorphic encryption public parameter twoWhereinTo a circulating groupA generator of (2);
the credible center selects a p-factorial cyclic group G and a generator G of the multiplicative cyclic group G;
the trust center sets a hash function H, wherein,A bit string of an arbitrary length is represented,represents a p-1 factorial cyclic group;
the credible center selects a third secret parameterAndsecond order polynomialIn whichIs a variable that is a function of,respectively from a finite fieldThe coefficients of the selected second polynomial;
the trusted center publishes a first set of parametersAnd the second parameter is setAnd (5) performing safe preservation.
Preferably, the exploration and development field data manager sends a registration request to a trust center, and the trust center records registration information of the exploration and development field data manager and generates the fault-tolerant parameter and the large prime number, which specifically includes the following sub-steps:
exploration and development field data manager selects private key thereofAnd calculates its own public keyThen the public key of itselfAnd its own identityIs sent toThe information center registers;
the trust center sends a large prime number through the secure channelAnd fault tolerance parametersTo the exploration and development field data manager, wherein;
The trusted center sends the information to the cloud server through the secure channelAnd the credible center records the registration information of the data manager of the exploration and development field areaWherein,The total number of data managers in the exploration and development field area initiating a registration request to the trusted center;
the data analysis center sends a registration request to a trusted center, and the trusted center sends a first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request, and the method specifically comprises the following substeps:
the data analysis center sends the information containing the identity of the data analysis center to the trusted centerA registration request of (2);
selecting a first secret parameter for authorized retrieval by a trusted centerFirst secret parameterLess than each large prime number
Then, according to the Chinese remainder theorem, calculating the first public parameter of blindnessIn which,Representing and exploring development field data manager identitySubscript i in (1) is different from subscript number;
the trusted center selects a first random numberFirst random numberSatisfy the equationAnd calculating a second secret parameter;
Preferably, S1 specifically includes the following sub-steps:
exploration and development field data manager acquires fault-tolerant parameters sent by trusted center through secure channel;
Exploration and development field data manager surveys fine-grained data of j original oil and gas in time period tEncrypting to generate the jth original oil and gas exploration fine-grained data in the time period tSecret state data ofWherein the secret data component is oneSecret data component two,A second random number selected for an exploration and development field data manager;
data managers of exploration and development field regions send secret dataAnd uploading to a cloud server.
Preferably, the S2 specifically includes the following sub-steps:
exploration and development field data manager obtains large prime number sent by trusted center through secure channelAnd de-blinding the blinded first public parameter to generate a first secret parameterWherein;
Exploration and development field data manager establishes multiple authorized access strategy valuesAnd combining the various authorized access policy values into a retrieval policy setWhereinJ-th original oil and gas exploration fine-grained data representing an exploration and development field data manager, t representing the time period of the original oil and gas exploration fine-grained data, and searching a strategy setComprisesAn authorized access policy value of,Is a concatenated symbol;
exploration and development field data manager constructionSecond order polynomialIn whichIs a variable that is a function of,from a finite fieldThe method is characterized in that the method comprises the following steps of random selection,is thatCoefficients of the second order first polynomial;
safety index construction by data manager of exploration and development field area,Is the one component of the security index-the one,is the component two of the security index,is a security index component three, where;
And uploading the security index to a cloud server by the data manager of the exploration and development field.
Preferably, the S3 specifically includes the following sub-steps:
the data analysis center obtains a first secret parameter sent by the trusted center through a secure channelAnd reconstructing the authorized access policy value
Preferably, the S4 specifically includes the following sub-steps:
the cloud server sends an authorized access policy value according to the data analysis centerConstruct vector one;
The cloud server carries out retrieval test on the secret state data and determines the secret state data meeting a test equation, wherein the test equation is;
Cloud server computing Lagrange interpolation coefficientIn whichDeveloping site data manager identities for explorationSubscript i in (1) is different from subscript number;
the cloud server aggregates all the dense-state data meeting the test equation to generate aggregated dense-state dataAnd returning the aggregated secret state data to the data analysis center, wherein I represents a subscript set of an exploration and development field data manager which successfully uploads the own secret state data to the cloud server, and,indicating the size of the set of subscripts.
Preferably, the S5 specifically includes the following sub-steps:
the data analysis center obtains a second secret parameter distributed by the credible centerAnd decrypting the private key;
The data analysis center multiplies the aggregated secret data by a second secret parameterObtaining the blinded aggregated dense-state data
And then decrypting the blinded aggregated dense-state data to obtain an aggregated value of j-th original oil-gas exploration fine-grained data in a time period tWhereinIs thatIn multiplication loop groupsThe inverse of (1);
and the data analysis center performs statistical analysis according to the aggregation value of the jth original oil and gas exploration fine-grained data in the time period t under the privacy protection state.
The beneficial effects of the invention are:
(1) Because the oil and gas exploration fine-grained data are closely related to the privacy of an exploration mechanism, an attacker may deduce some key information from the oil and gas exploration fine-grained data, the method implemented by the embodiment encrypts the owned original oil and gas exploration fine-grained data through a data owner (an exploration and development field data manager), and uses a public key of the data owner and fault-tolerant parameters distributed to the data owner by a trusted center during encryption, so that the data stored in a cloud server is secret data, the trusted center is used as a trusted third party, the data owner authorizes a secret data retrieval authority to a data analysis center registered in the trusted center, the data analysis center retrieves an aggregation value of the original oil and gas exploration fine-grained data, and the data analysis center can use the aggregation value of the oil and gas exploration fine-grained data for statistical analysis but does not know the identity of the data owner;
in conclusion, the method implemented in the embodiment guarantees that confidentiality of oil and gas exploration fine-grained data is not affected by various attackers, and bidirectional privacy protection of data owner identity and data user identity during data sharing is guaranteed.
(2) After the data analysis center retrieves the aggregated secret state data from the cloud server, the first-stage blinding is required, then the second-stage decryption is carried out, the second secret parameter distributed by the credible center is used during the blinding, the decryption private key distributed by the credible center is used for decryption, even if the decryption private key is leaked, an attacker cannot acquire the blinded aggregated secret state data, and the aggregated secret state data cannot be decrypted through the decryption private key, so that the leakage of fine-grained data information of oil and gas exploration cannot be caused.
(3) In an actual application scenario, the method implemented by the embodiment can enable a data analysis center and a data manager of an exploration and development field to retrieve the dense aggregate data in different time periods for monitoring and evaluating exploration conditions.
(4) The exploration and development field data manager can authorize the data analysis center to flexibly retrieve the aggregated secret state data in different time periods by constructing all possible authorized access strategy values, only provides the correct authorized access strategy value, can pass the data retrieval test of the cloud server, and in addition, any entity cannot pass the data retrieval test of the cloud server.
(5) And under the condition of transmission channel blockage or artificial damage, the method realized by the embodiment can also realize the fault-tolerant function in the retrieval and aggregation process of the secret data.
Drawings
FIG. 1 is an architecture diagram of a fine-grained dense data retrieval system for oil and gas exploration.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be apparent that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
The embodiment provides an oil and gas exploration fine-grained dense-state data retrieval method based on cloud storage, which is applied to an oil and gas exploration fine-grained dense-state data retrieval system. Fig. 1 shows an architecture diagram of a fine-grained and dense-state data retrieval system for oil and gas exploration. The oil and gas exploration fine-grained dense-state data retrieval system comprises a cloud server, an exploration and development field data manager, a data analysis center and a credible center, wherein the cloud server is respectively in communication connection with the exploration and development field data manager, the data analysis center and the credible center, the credible center is respectively in communication connection with the exploration and development field data manager and the data analysis center, the exploration and development field data manager serves as a data owner and has a plurality of time periods and a plurality of types of original oil and gas exploration fine-grained data, the original oil and gas exploration fine-grained data are derived from each exploration and development field where the exploration and development field data manager is located, and the exploration and development fields comprise an exploration and development field 1, an exploration and development field 2, an exploration and development field 3 and the like.
The cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method specifically comprises the following steps:
s1, encryption and uploading of original oil and gas exploration fine-grained data: and the data manager of the exploration and development area acquires fault-tolerant parameters sent by the trusted center through a safety channel, encrypts own original oil and gas exploration fine-grained data by using the fault-tolerant parameters to generate corresponding secret data, and uploads the secret data to the cloud server.
S2, authorization of secret state data retrieval: the method comprises the steps that a data manager of an exploration and development field acquires a large prime number sent by a trust center through a safety channel, de-blinding is carried out on a blinded first public parameter disclosed by the trust center according to the large prime number, a first secret parameter used for authorized retrieval is generated after de-blinding, then a plurality of authorized access strategy values are formulated according to the first secret parameter, each authorized access strategy value is used as a root of a first polynomial, the first polynomial is recovered, a safety index is generated according to the recovered first polynomial, and the generated safety index is uploaded to a cloud server, wherein the time period of oil gas exploration fine grain data contained in each authorized access strategy value is different from the type of the oil gas exploration fine grain data.
S3, retrieval of secret state data: the data analysis center obtains a first secret parameter sent by the credible center through the security channel, reconstructs an authorized access strategy value according to the first secret parameter, and sends the authorized access strategy value to the cloud server, wherein the reconstructed authorized access strategy value is one or more of authorized access strategy values set by an exploration and development field data manager.
S4, the cloud server aggregates the secret state data: and the cloud server performs a retrieval test on the secret state data according to the authorized access strategy value and the security index sent by the data analysis center, aggregates the secret state data passing the retrieval test, and returns the aggregated secret state data to the data analysis center.
S5, blinding, decrypting and statistically analyzing the aggregated confidential data: the data analysis center obtains a second secret parameter which is distributed by the credible center and used for blinding the ciphertext and a decryption private key used for decrypting the ciphertext, blinds the aggregated secret data according to the second secret parameter, decrypts the blinded aggregated secret data according to the decryption private key to obtain an aggregated value of original oil-gas exploration fine-grained data, and then carries out statistical analysis according to the aggregated value of the original oil-gas exploration fine-grained data in a privacy protection state.
Further, before S1, the following steps are also included:
initializing a system: the credible center sets a security password component related in the method, and a second polynomial, a first secret parameter, a second secret parameter and a third secret parameter which are generated based on a threshold secret sharing method and used for data manager registration of the exploration and development field area and data analysis center registration, wherein the security password component comprises a homomorphic encryption public parameter, a decryption private key, a multiplication cycle group, a generator of the multiplication cycle group and a hash function.
Furthermore, before the exploration and development field data manager acquires the fault-tolerant parameters sent by the trusted center through the safety channel, the exploration and development field data manager sends a registration request to the trusted center, and the trusted center records the registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number. Before the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request.
Further, the system initialization specifically includes the following sub-steps:
s001, the trust center selects the first big prime numberAnd a second largest prime numberCalculating the modulusDecrypting the private keyHomomorphic encryption public parameter oneAnd homomorphic encryption public parameter twoWhereinTo a circulating groupA generator of (2).
S002, the credible center selects a p-factorial cyclic group G and a generator G of the multiplicative cyclic group G.
S003, the credible center sets a hash function H, wherein,A bit string of an arbitrary length is represented,represents a p-1 factorial cyclic group.
S004, the credible center selects a third secret parameterAndsecond order polynomialWhereinIs a variable that is a function of,respectively from a finite fieldOf the selected coefficients of the second polynomial.
S005, the trusted center publishes the first parameter setAnd the second parameter is setAnd (5) performing safe preservation.
Further, an exploration and development field data manager sends a registration request to a trusted center, the trusted center records registration information of the exploration and development field data manager and generates fault-tolerant parameters and large prime numbers, and the method specifically comprises the following sub-steps:
SS01, the data manager of the exploration and development field selects the private key thereofAnd calculates its own public keyThen the public key of itselfAnd its own identityAnd sending the information to a trusted center for registration.
SS02, the credible center sends a large prime number through a secure channelAnd fault tolerance parametersTo the exploration and development field data managers, wherein。
SS03, the trusted center sends to the cloud server through the secure channelAnd the credible center records the registration information of the data manager of the exploration and development field areaWherein,A total number of survey development site data managers to initiate registration requests to a trusted center.
Further, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, the second secret parameter and the decryption private key to the data analysis center according to the registration request, and the method specifically comprises the following substeps:
SSS01, data analysis center sends information containing self identity to trusted centerTo the registration request of (3).
SSS02, trusted center selects first secret parameter for authorization retrievalFirst secret parameterLess than each one large
Prime numberThen, calculating the first public parameters of the blindness according to the Chinese remainder theoremIn which,Representing and exploring development field data manager identitySubscript i in (1) is a different subscript number.
SSS03 and trust center select first random numberFirst random numberSatisfy the equationAnd calculating a second secret parameter。
Further, S1 specifically includes the following sub-steps:
s11, acquiring fault-tolerant parameters sent by a trusted center through a safety channel by a data manager of an exploration and development field area。
S12, exploration and development field data managerExploring the jth original oil gas exploration fine grain data in the own time period tEncrypting to generate the jth original oil and gas exploration fine-grained data in the time period tSecret state data ofWherein the secret data component is oneSecret data component two,Data manager for exploration and development fieldAnd selecting a second random number.
S13, exploration and development field data managerSecret state dataAnd uploading to a cloud server.
Further, S2 specifically includes the following sub-steps:
s21, exploration and development field data managerObtaining the large prime number sent by the credible center through the secure channelDe-blinding the first blinded parameter to generate a first secret parameterWherein。
S22, exploration and development field data managerFormulating multiple authorized access policy valuesAnd combining the various authorized access policy values into a retrieval policy setWhereinJ-th original oil and gas exploration fine-grained data representing an exploration and development field data manager, t representing the time period of the original oil and gas exploration fine-grained data, and searching a strategy setComprisesAn authorized access policy value of,Is a concatenated symbol.
S23, exploration and development field data managerConstruction ofFirst order polynomialWhereinIs a variable that is a function of,from a finite fieldThe method comprises the following steps of (1) selecting,is thatCoefficients of the second order first polynomial.
S24, exploration and development field data managerBuilding a secure index,Is the one component of the security index-the one,is the component two of the security index,is a security index component three, where。
S25, exploration and development field data managerAnd uploading the security index to a cloud server.
Further, S3 specifically includes the following sub-steps:
s31, the data analysis center obtains a first secret parameter sent by the trusted center through a secure channelAnd reconstructing the authorized access
Preferably, S4 specifically comprises the following sub-steps:
s41, the cloud server sends an authorized access strategy value according to the data analysis centerConstruct vector one。
S43, the cloud server carries out retrieval test on the secret state data and determines the secret state data meeting a test equation, wherein the test equation is。
S44, computing Lagrange interpolation coefficient by the cloud serverWhereinData manager identity for field development for exploration and explorationSubscript i in (1) differs from subscript number.
S45, the cloud server aggregates all the dense-state data meeting the test equation to generate aggregated dense-state dataAnd returning the aggregated secret data to the data analysis center, wherein I represents a subscript set of an exploration and development field data manager successfully uploading the own secret data to the cloud server, and,indicating the size of the set of indices.
Further, S5 specifically includes the following sub-steps:
s51, the data analysis center obtains a second secret parameter distributed by the credible centerAnd decrypting the private key。
S52, multiplying the aggregation secret state data by a second secret parameter by the data analysis centerObtaining the blinded aggregated dense-state dataThen, decrypting the blinded aggregated dense-state data to obtain an aggregated value of jth original oil and gas exploration fine-grained data in a time period tWhereinIs thatIn multiplication loop groupsThe inverse of (1).
And S53, the data analysis center carries out statistical analysis according to the aggregation value of the jth original oil and gas exploration fine-grained data in the time period t under the privacy protection state. Statistical analysis includes evaluating the average state value of fine-grained data for this type of hydrocarbon exploration, and the like.
Data manager for exploration and development fieldDue to the existence ofIn whichAndaccording to the Chinese remainder theorem, the following can be obtained:
thus, each exploration and development site data managerThe same value can be calculated. The exploration and development field data managers can calculate the same authorized access strategy value according to the j-th type oil and gas exploration fine-grained data retrieval requirement of the time period tSo that the data analysis center can submit the same authorized access strategy valueAnd retrieving the aggregated dense-state data in the cloud server.
Upon receiving an authorized access policy value from a data analysis centerThe cloud server constructs a vector I according to a safety index for oil and gas exploration confidential data retrievalConstructing a vector twoThe correctness of the test equation is derived as follows:
the data analysis center then utilizes the second secret parameterComputing blinded aggregated dense-state dataThe derivation is as follows:
Finally, the data analysis center uses the decryption private keyEquation of decryptionThe derivation is as follows:
the foregoing is merely a preferred embodiment of the invention, and it is to be understood that the invention is not limited to the form disclosed herein, but is not intended to be foreclosed in other embodiments and is capable of use in various other combinations, modifications, and environments and is capable of changes within the scope of the inventive concept as expressed herein, commensurate with the above teachings, or the skill or knowledge of the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (6)
1. The cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method is applied to an oil and gas exploration fine-grained dense-state data retrieval system, the oil and gas exploration fine-grained dense-state data retrieval system comprises a cloud server, an exploration and development field area data manager, a data analysis center and a trust center, the cloud server is respectively in communication connection with the exploration and development field area data manager, the data analysis center and the trust center, the trust center is respectively in communication connection with the exploration and development field area data manager and the data analysis center, the exploration and development field area data manager has a plurality of time periods and a plurality of types of original oil and gas exploration fine-grained data, and the retrieval method is characterized by comprising the following steps of:
s1, encryption and uploading of original oil and gas exploration fine-grained data: the method comprises the steps that a data manager in an exploration and development field acquires fault-tolerant parameters sent by a trusted center through a safety channel, encrypts own original oil and gas exploration fine-grained data by using the fault-tolerant parameters to generate corresponding secret data, and uploads the secret data to a cloud server;
s2, authorization of secret data retrieval: an exploration and development field data manager obtains a large prime number sent by a trust center through a security channel, de-blindes a first public parameter which is disclosed by the trust center according to the large prime number, generates a first secret parameter for authorization retrieval after de-blinding, then makes a plurality of different authorization access strategy values according to the first secret parameter, recovers the first polynomial after taking each authorization access strategy value as a root of the first polynomial, generates a security index according to the recovered first polynomial, and uploads the generated security index to a cloud server, wherein the authorization access strategy value comprises type information of secret data and time period information of the secret data, and the type information and/or the time period information of the secret data contained in the different authorization access strategy values are different;
s3, retrieval of secret state data: the data analysis center acquires a first secret parameter sent by the trusted center through a security channel, reconstructs an authorized access strategy value according to the first secret parameter, and sends the authorized access strategy value to the cloud server, wherein the reconstructed authorized access strategy value is one or more of authorized access strategy values made by an exploration and development field data manager;
s4, the cloud server aggregates the secret data: the cloud server retrieves the secret state data according to the security index and the authorized access strategy value sent by the data analysis center, aggregates the retrieved secret state data, and then returns the aggregated secret state data to the data analysis center;
s5, blinding, decrypting and statistically analyzing the aggregated confidential data: the data analysis center obtains a second secret parameter which is distributed by the credible center and used for blinding the ciphertext and a decryption private key used for decrypting the ciphertext, blinds the aggregated confidential data according to the second secret parameter, decrypts the blinded aggregated confidential data according to the decryption private key to obtain an aggregated value of original oil-gas exploration fine-grained data, and then carries out statistical analysis according to the aggregated value of the original oil-gas exploration fine-grained data in a privacy protection state;
the method for detecting the S1 further comprises the following steps:
initializing a system: the method comprises the steps that a trusted center sets a security password component related in the method, a second polynomial, a first secret parameter, a second secret parameter and a third secret parameter based on a threshold secret sharing method, wherein the security password component comprises a homomorphic encryption public parameter, a decryption private key, a multiplication cyclic group, a generator of the multiplication cyclic group and a hash function;
before the exploration and development field data manager acquires the fault-tolerant parameters sent by the trusted center through the safety channel, the exploration and development field data manager sends a registration request to the trusted center, and the trusted center records the registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number;
before the data analysis center acquires a first secret parameter sent by the trusted center through a secure channel, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request;
the system initialization specifically comprises the following substeps:
the trusted center selects the first prime numberAnd the second largest prime numberCalculating the modulusDecrypting private keyHomomorphic encryption public parameter oneAnd homomorphic encryption public parameter twoWhereinTo a circulating groupA generator of (2);
the credible center selects a p-factorial cyclic group G and a generator G of the multiplicative cyclic group G;
the trust center sets a hash function H, wherein,A bit string of an arbitrary length is represented,represents a p-1 factorial cyclic group;
the credible center selects a third secret parameterAndsecond order polynomialWhereinIs a variable that is a function of,respectively from a finite fieldThe coefficients of the selected second polynomial;
the trusted center publishes a first set of parametersAnd the second parameter is setCarrying out safe preservation;
the exploration and development field data manager sends a registration request to a trusted center, the trusted center records registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number, and the method specifically comprises the following sub-steps:
exploration and development field data manager selects own private keyAnd calculates its own public keyThen sends its own public keyAnd its own identitySending the information to a trusted center for registration;
the trust center sends a large prime number through the secure channelAnd fault tolerance parametersTo the exploration and development field data managers, wherein;
In trustSending the heart signal to the cloud server through the secure channelAnd the credible center records the registration information of the data manager of the exploration and development field areaIn which,The total number of data managers in the exploration and development field area initiating a registration request to the trusted center;
the data analysis center sends a registration request to a trusted center, and the trusted center sends a first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request, and the method specifically comprises the following substeps:
the data analysis center sends the information containing the identity of the data analysis center to the trusted centerA registration request of (2);
selecting a first secret parameter for authorized retrieval by a trusted centerFirst secret parameterLess than each large prime number
Then, according to the Chinese remainder theorem, calculating the first public parameter of blindnessIn which
,Representing and exploring development field data manager identitySubscript i in (1) is different from subscript number;
the trusted center selects a first random numberFirst random numberSatisfy the equationAnd calculating a second secret parameter;
2. The method for retrieving fine-grained dense-state data for oil and gas exploration based on cloud storage according to claim 1, wherein the step S1 specifically comprises the following substeps:
the data manager of the exploration and development field obtains the credible centerFault tolerant parameters for secure channel transmissions;
Exploration and development field data manager surveys fine-grained data of j-th original oil and gas in time period tEncrypting to generate the jth original oil and gas exploration fine-grained data in the time period tSecret state data ofWherein the secret data component is oneSecret data component two,A second random number selected for an exploration and development field data manager;
3. The cloud storage-based retrieval method for fine-grained dense-state data of oil and gas exploration, according to claim 2, wherein the S2 specifically comprises the following substeps:
exploration and development field data manager obtains large prime number sent by trusted center through secure channelAnd de-blinding the blinded first public parameter to generate a first secret parameterWherein;
Exploration and development field data manager establishes multiple authorized access strategy valuesAnd combining the various authorized access policy values into a retrieval policy setWhereinJ-th original oil and gas exploration fine-grained data representing an exploration and development field data manager, t representing the time period of the original oil and gas exploration fine-grained data, and searching a strategy setComprisesAn authorized access policy value of,Is a concatenated symbol;
exploration and development field data manager constructionFirst order polynomialWhereinIs a variable that is a function of,from a finite fieldThe method is characterized in that the method comprises the following steps of random selection,is thatCoefficients of the second order first polynomial;
safety index construction by data manager of exploration and development field area,Is the one component of the security index-the one,is the component two of the security index,is a security index component three, where;
And uploading the security index to a cloud server by the data manager of the exploration and development field.
4. The cloud storage-based retrieval method for fine-grained and dense-state data of oil and gas exploration, according to claim 3, wherein the S3 specifically comprises the following substeps:
the data analysis center obtains a first secret parameter sent by the trusted center through a secure channelAnd reconstructing the authorized access policy value
5. The method for retrieving fine-grained dense-state data for oil and gas exploration based on cloud storage according to claim 4, wherein S4 specifically comprises the following sub-steps:
the cloud server sends an authorized access policy value according to the data analysis centerConstruct vector one;
The cloud server carries out retrieval test on the secret state data and determines the secret state data meeting a test equation, wherein the test equation is;
Cloud server computing Lagrange interpolation coefficientWhereinData manager identity for field development for exploration and explorationSubscript i in (1) is different from subscript number;
the cloud server aggregates all the dense-state data meeting the test equation to generate aggregated dense-state dataAnd returning the aggregated secret data to the data analysis center, wherein I represents a subscript set of an exploration and development field data manager successfully uploading the own secret data to the cloud server, and,indicating the size of the set of indices.
6. The method for retrieving fine-grained dense-state data for oil and gas exploration based on cloud storage according to claim 5, wherein S5 specifically comprises the following sub-steps:
the data analysis center obtains a second secret parameter distributed by the credible centerAnd decrypting the private key;
The data analysis center multiplies the aggregated secret data by a second secret parameterObtaining the blinded condensed state data
And then decrypting the blinded aggregated dense-state data to obtain an aggregated value of j-th original oil-gas exploration fine-grained data in a time period tWhereinIs thatIn multiplication loop groupsThe inverse of (1);
and the data analysis center carries out statistical analysis according to the aggregation value of the jth original oil and gas exploration fine-grained data in the time period t under the privacy protection state.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210962115.3A CN115033908B (en) | 2022-08-11 | 2022-08-11 | Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210962115.3A CN115033908B (en) | 2022-08-11 | 2022-08-11 | Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115033908A CN115033908A (en) | 2022-09-09 |
CN115033908B true CN115033908B (en) | 2022-10-21 |
Family
ID=83130320
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210962115.3A Active CN115033908B (en) | 2022-08-11 | 2022-08-11 | Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115033908B (en) |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019005946A2 (en) * | 2017-06-27 | 2019-01-03 | Leighton Bonnie Berger | Secure genome crowdsourcing for large-scale association studies |
WO2019158209A1 (en) * | 2018-02-16 | 2019-08-22 | Ecole polytechnique fédérale de Lausanne (EPFL) | Methods and systems for secure data exchange |
CN108768951B (en) * | 2018-05-03 | 2021-06-08 | 上海海事大学 | Data encryption and retrieval method for protecting file privacy in cloud environment |
CN108769020B (en) * | 2018-05-29 | 2021-07-13 | 东北大学 | Privacy-protecting identity attribute certification system and method |
WO2020082078A1 (en) * | 2018-10-19 | 2020-04-23 | Digital Asset (Switzerland) GmbH | Privacy preserving validation and commit architecture |
CN111294366B (en) * | 2020-05-13 | 2020-07-28 | 西南石油大学 | Statistical analysis method for aggregation of encrypted data for resisting secret key leakage in smart power grid |
CN111931249B (en) * | 2020-09-22 | 2021-01-08 | 西南石油大学 | Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism |
CN111930688B (en) * | 2020-09-23 | 2021-01-08 | 西南石油大学 | Method and device for searching secret data of multi-keyword query in cloud server |
US20220215948A1 (en) * | 2021-01-07 | 2022-07-07 | Abiomed, Inc. | Network-based medical apparatus control and data management systems |
CN113204741A (en) * | 2021-04-12 | 2021-08-03 | 中国电力科学研究院有限公司 | Method and system suitable for intelligent power consumption data aggregation |
CN113194078B (en) * | 2021-04-22 | 2023-04-07 | 西安电子科技大学 | Sequencing multi-keyword search encryption method with privacy protection supported by cloud |
CN113382016A (en) * | 2021-06-28 | 2021-09-10 | 暨南大学 | Fault-tolerant safe lightweight data aggregation method under intelligent power grid environment |
CN114143094A (en) * | 2021-12-02 | 2022-03-04 | 兰州理工大学 | Multi-authorization attribute-based verifiable encryption method based on block chain |
CN114491578B (en) * | 2021-12-24 | 2023-07-21 | 电子科技大学 | Secure data aggregation method for privacy calculation |
-
2022
- 2022-08-11 CN CN202210962115.3A patent/CN115033908B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN115033908A (en) | 2022-09-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110224986B (en) | Efficient searchable access control method based on hidden policy CP-ABE | |
CN108418681B (en) | Attribute-based ciphertext retrieval system and method supporting proxy re-encryption | |
Kaaniche et al. | A secure client side deduplication scheme in cloud storage environments | |
CN109145612B (en) | Block chain-based cloud data sharing method for preventing data tampering and user collusion | |
WO2018113563A1 (en) | Database query method and system having access control function | |
CN104168108B (en) | It is a kind of to reveal the traceable attribute base mixed encryption method of key | |
WO2016197770A1 (en) | Access control system and access control method thereof for cloud storage service platform | |
Alowolodu et al. | Elliptic curve cryptography for securing cloud computing applications | |
US10277563B2 (en) | Computer-implemented system and method for protecting sensitive data via data re-encryption | |
CN107734021A (en) | block chain data uploading method, system, computer system and storage medium | |
JP2021516901A (en) | Lost pseudo-random function in key management system | |
CN106341236A (en) | Access control method facing cloud storage service platform and system thereof | |
Kumar et al. | Data outsourcing: A threat to confidentiality, integrity, and availability | |
Xu et al. | Enabling comparable search over encrypted data for IoT with privacy-preserving | |
CN113645206A (en) | Cloud storage data access control method and system for different user requirements | |
Sandhia et al. | Secure sharing of data in cloud using MA-CPABE with elliptic curve cryptography | |
Tyagi et al. | Analysis and Implementation of AES and RSA for cloud | |
CN115033908B (en) | Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method | |
Salem et al. | An efficient privacy preserving public auditing mechanism for secure cloud storage | |
Skarkala et al. | Privacy preserving tree augmented naïve Bayesian multi-party implementation on horizontally partitioned databases | |
US7231047B2 (en) | Private retrieval of digital objects | |
Devassy | Research Project Questions | |
Arulsakthi et al. | An Efficient Two-Factor Access Control For Web-Based Cloud Computing Services Using Jar File | |
Mujawar et al. | An Attribute-Based Encryption Method Using Outsourced Decryption and Hierarchical Access Structure | |
Hu et al. | Efficient verification of data encryption on cloud servers |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |