CN115484095A - Block chain-based fine-grained access control method in cloud edge collaborative environment - Google Patents

Block chain-based fine-grained access control method in cloud edge collaborative environment Download PDF

Info

Publication number
CN115484095A
CN115484095A CN202211116020.6A CN202211116020A CN115484095A CN 115484095 A CN115484095 A CN 115484095A CN 202211116020 A CN202211116020 A CN 202211116020A CN 115484095 A CN115484095 A CN 115484095A
Authority
CN
China
Prior art keywords
access control
edge
cloud
block chain
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211116020.6A
Other languages
Chinese (zh)
Other versions
CN115484095B (en
Inventor
张世文
杨益彬
何家毅
李梦玲
梁伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan University of Science and Technology
Original Assignee
Hunan University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan University of Science and Technology filed Critical Hunan University of Science and Technology
Priority to CN202211116020.6A priority Critical patent/CN115484095B/en
Publication of CN115484095A publication Critical patent/CN115484095A/en
Application granted granted Critical
Publication of CN115484095B publication Critical patent/CN115484095B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a block chain-based fine-grained access control method in a cloud-edge collaborative environment, which comprises the following steps: a system initialization stage; an encryption stage; a transaction generation phase; a trapdoor generation stage; a searching stage; and (5) a decryption stage. In the invention, under a cloud edge collaborative environment, an authority center generates an initial partial key and a symmetric key, then different partial keys are respectively sent to an edge server and a data user, and the symmetric key is sent to an edge node. The user uses part of the secret keys to generate a search trapdoor and sends the search trapdoor to a corresponding edge server, a threshold secret sharing technology is utilized to recover a secret value in a consensus network, and a final private key is generated under the condition that access control is met, so that multiple authority generation of the private key is realized, and the security of the private key is effectively protected. In addition, under the cloud edge collaborative environment, the edge server is used for carrying out operations of encrypting data, decrypting data and searching and matching, and the computing overhead of a user is obviously reduced.

Description

Block chain-based fine-grained access control method in cloud edge collaborative environment
Technical Field
The invention relates to the field of data encryption, in particular to a block chain-based fine-grained access control method in a cloud edge collaborative environment.
Background
Cloud computing is the development and implementation of several most important technologies in the field of social networking today. Including distributed computing, parallel computing, virtualization, etc. The cloud computing has the characteristics of strong computing capability, good expandability, low price and the like. With the gradual maturation and rapid development of cloud computing technology, a user with limited resources can store data in a cloud end, can enjoy efficient and rapid file storage and query services only with low cost, and greatly reduces local management overhead while enjoying high-quality data services, but the problems of safety and privacy become an important challenge, and how to guarantee high-quality data services and data security become a key problem to be solved urgently in cloud computing.
Edge computing refers to a new service model in which data or tasks can be computed and executed at the edge of the network near the source of the data. Due to the contradiction between the inherent characteristics of cloud computing and everything interconnection, the centralized computing processing mode of cloud computing is not enough for application program operation and mass data processing of the background perceived by the internet of things, and the problems of cloud center load, transmission bandwidth, data privacy protection and the like cannot be effectively solved by a cloud computing model. Therefore, edge computing is carried out at the same time, and the problem of big data processing of a cloud center and a network edge can be effectively solved by combining the edge computing with the existing cloud computing centralized processing model. One advantage of edge computing is that it breaks through the limitations of terminal hardware, allowing portable devices such as mobile terminals to participate in service computing in large quantities, achieving mobile data access, intelligent load balancing, and low management costs.
Searchable encryption is a cryptographic primitive that supports users searching on ciphertext according to keywords. The method mainly aims to solve the problem that a user conducts data query on encrypted cloud data, in a searchable encryption mechanism, firstly, a data owner conducts encryption storage on plaintext data to a cloud server according to an encryption algorithm of the data owner, when the data user wants to acquire the data on the cloud server, a certificate required for retrieval is sent to a cloud service, the cloud server conducts retrieval matching in the cloud server according to the sent certificate, if the matching is successful, a query result is returned to the data user in a ciphertext mode, and the data user receives the returned result and then conducts decryption locally.
The block chain is a specific data structure formed by combining data blocks in a chain mode according to time sequence, and is a tamper-proof and forgery-proof common ledger with a cryptology mode guarantee. The technology of different fields and subjects such as p2p network, cryptography, consensus algorithm and incentive mechanism are combined together. The method has the advantages that the local account book is generated through the cryptographic algorithm, the anonymity of the account is guaranteed, the consensus among different nodes is realized through the distributed consistency algorithm, the tampering of the historical data by malicious users is prevented, the quoting dependence among the blocks is generated through the Hash algorithm, and the history traceability is realized.
Threshold secret sharing is a simple and practical key sharing scheme. The scheme provides a (t, n) threshold secret sharing scheme, the secret value s is divided into n parts, and when any t or more than t of the secret value s are known, the secret value s can be recovered.
Under the cloud edge collaborative environment, most of the existing searchable encryption schemes give users encryption and decryption operations with high overhead, but the computing power of the users in real life is limited, so that the searching efficiency is low. Meanwhile, in most of the existing schemes, a single authorization mechanism is often adopted to generate the private key, the private key is easy to leak, and the efficiency is low, so that compared with a single authorization model, the most important challenge is that a plurality of entities authorize and cooperate to generate the private key, and the traceability and the security of the private key are ensured.
Disclosure of Invention
In order to solve the technical problems, the invention provides a block chain-based fine-grained access control method in a cloud-edge collaborative environment, which is simple in algorithm, safe and efficient.
The technical scheme for solving the technical problems is as follows: a block chain-based fine-grained access control method in a cloud edge collaborative environment comprises the following steps:
step one, an initialization stage;
step two, an encryption stage: and the data owner establishes an access control strategy and uploads the access control strategy and corresponding data to the corresponding edge server. And then the edge server uploads the data encryption to the cloud server, and simultaneously sends the keyword ciphertext and the access control strategy to other edge nodes.
Step three, a transaction generation phase: the edge server sends a request for entrusting transaction, and each node in the consensus network responds to become an entrusting computing node. The edge node then generates a transaction and broadcasts the transaction to other nodes in the blockchain network.
Step four, a trapdoor generation stage: the user generates a search trapdoor according to the keyword which the user wants to search.
Step five, a searching stage: after receiving the trapdoor sent by the user, the edge server firstly checks whether the trapdoor meets the access control matrix, if the attribute set is verified not to meet the access control matrix, the process is stopped, otherwise, the process is continued. And if the access control matrix is met, checking whether the corresponding data is contained, if so, acquiring the corresponding data from the cloud server, and otherwise, returning to 0.
Step six, a decryption stage: and when the submitted trapdoor meets the access control strategy, the secret value is cooperatively calculated by multiple parties of each node in the block chain. And the final private key decryption is obtained, and then the data is returned to the corresponding data user.
In the aforementioned fine-grained access control method based on the block chain in the cloud-edge collaborative environment, in the first step, the specific steps in the system initialization stage are as follows:
the AC selects the attribute set Atts as input. AC selects a bilinear pair e G 0 ×G 0 →G 1 Wherein G is 0 、G 1 Is a group of order q, g 0 、g 1 Is its generator. Selecting a secure hash function H:
Figure BDA0003845591790000021
randomly selecting a, alpha, K, K,
Figure BDA0003845591790000022
Where K is a symmetric key, generating a system public key
Figure BDA0003845591790000023
Partial private key SK 1 =(K 1 ,K 2 ) Wherein
Figure BDA0003845591790000024
Figure BDA0003845591790000031
SK (phase Shift keying) transmitter 1 To the DU. Generating partial private Key SK 2 =(K x ,K 3 ) Wherein
Figure BDA0003845591790000032
Where x ∈ Atts, sends SK 2 To the EU. Generating the global parameter GP = (a, H, g) 0 ,g 1 ,G 0 ,G 1 )。
In the above fine-grained access control method based on the block chain in the cloud-edge collaborative environment, in the second step, the specific steps in the encryption stage are as follows:
the DO formulates an access control policy (M, rho), uploads (M, rho) and data F to the corresponding edge server, wherein rho represents a row-specific attribute, and M is an M x n matrix. EU random selection
Figure BDA0003845591790000033
Randomly selecting w-1 elements a i Generating a polynomial f (x) = s + a of degree w-1 1 x+…+a w-1 x w-1 . Then calculate sub i =f(x i ). S is divided into n parts, and the threshold value is w. Then randomly selecting a vector
Figure BDA0003845591790000034
And
Figure BDA0003845591790000035
calculating out
Figure BDA0003845591790000036
Figure BDA0003845591790000037
Then calculate
Figure BDA0003845591790000038
Simultaneously randomly selecting beta,
Figure BDA0003845591790000039
Computing keyword ciphertext
Figure BDA00038455917900000310
Figure BDA00038455917900000311
Wherein
Figure BDA00038455917900000312
And sending the key word ciphertext and the access control strategy to other edge nodes. And uploading the encrypted data generation ciphertext CT = F PK to the cloud server.
In the above fine-grained access control method based on a block chain in a cloud-edge collaborative environment, in the third step, the specific steps in the transaction generation phase are as follows:
EU sends out request for entrusting calculation, and each node of the consensus network responds to become an entrusting calculation node, and then gamma generated is used i Generating a transaction TS = { CNaddr, E (gamma) after encryption by using public keys of all nodes in a block chain j ),τ j Where CNaddr represents the list of addresses of the delegated compute node in the network, τ j Is a variable of definition
Figure BDA00038455917900000313
EU broadcasts the transaction to other nodes in the block chain network, and the entrusting node acquires gamma from the transaction i Then, the product is stored.
In the above fine-grained access control method based on the block chain in the cloud-edge collaborative environment, in the fourth step, the specific steps in the trapdoor generation stage are as follows:
DU is first randomly selected according to the keyword w' desired to be searched
Figure BDA00038455917900000314
Generating
Figure BDA00038455917900000315
Wherein
Figure BDA00038455917900000316
Figure BDA00038455917900000317
Random selection of R c ∈G 0 Further randomization produces T 2 =SK 1 ·R c Submission of T w =(T 1 ,T 2 )。
In the above fine-grained access control method based on the block chain in the cloud-edge collaborative environment, in the fifth step, the specific steps in the search stage are as follows:
EU receives DU to search trapdoor T w And then, firstly checking whether the access control matrix M is satisfied, if the attribute set Atts is not satisfied with the access matrix M, stopping the process, otherwise, continuing the process. According to the satisfied access control matrix M, then obtaining a symmetric key K, and continuing to perform on the received trapdoor T w Calculating T 1 ×C 1 =C 2 And if so, acquiring corresponding data CT from the cloud server, otherwise, returning to 0.
The correctness is as follows:
Figure BDA0003845591790000041
Figure BDA0003845591790000042
Figure BDA0003845591790000043
Figure BDA0003845591790000044
if w = w', the equation holds.
In the foregoing fine-grained access control method based on a block chain in a cloud-edge collaborative environment, in the sixth step, the specific steps in the decryption stage are:
when the committed trapdoor satisfies the access control matrix M, the block chain has gamma j Node application calculation when threshold w nodes apply, multi-party collaboratively calculates s.
Figure BDA0003845591790000045
Figure BDA0003845591790000046
Wherein
Figure BDA0003845591790000047
And then returns s to the corresponding EU. And after the final private key is obtained, decrypting and returning the data F to the corresponding data user.
The decryption process is as follows:
Figure BDA0003845591790000048
Figure BDA0003845591790000049
Figure BDA00038455917900000410
Figure BDA00038455917900000411
Figure BDA00038455917900000412
Figure BDA00038455917900000413
and finally, returning the data F desired by the user to the corresponding data user.
The invention has the beneficial effects that:
1. the invention provides a block chain-based fine-grained access control scheme in a cloud edge collaborative environment. The scheme comprises a data owner, an edge server, a block chain, an authority center, a cloud server and a data user. Further detailed definitions of the correlation algorithms are given according to the system model. In the model, after an authority center generates all initial test parameters and distributes corresponding keys to corresponding entities, a data owner can cooperate with a corresponding credible edge server, then the edge server encrypts data and related keywords, then uploads ciphertext to a cloud server, and the ciphertext keywords are distributed to other edge servers so as to be convenient for data users to inquire. If a legal data user wants to search related data according to corresponding keywords, a trapdoor can be generated according to the keywords and part of keys which want to be searched, the trapdoor is sent to a corresponding edge server, and then the edge server completes searching through the trapdoor and obtains a final key. And finally, matching corresponding data and meeting access control, returning a corresponding ciphertext from the cloud server, and finally decrypting and returning the ciphertext to the data user.
2. In the invention, under the cloud edge collaborative environment, the safe multi-party calculation of the block chain consensus network is realized by utilizing the threshold secret sharing technology, the generation of multiple authorization mechanisms of the private key is realized, and the safety and the privacy of the private key are effectively protected.
3. According to the invention, under the cloud-side collaborative environment, the edge server is used for encryption, decryption and search operation, so that the computing overhead of a user is effectively reduced.
Drawings
In order to more clearly illustrate the present invention, a system model diagram will be attached below.
FIG. 1 is a flow chart of the present invention.
FIG. 2 is a diagram of a system model according to the present invention.
Detailed Description
The invention is further described below with reference to the figures and examples.
As shown in fig. 2, fig. 2 is a system model, a cloud server is defined as a "honest and curious" semi-trusted entity, and an edge server is defined as a trusted entity.
As shown in fig. 1, a block chain-based fine-grained access control method in a cloud-edge collaborative environment mainly includes five stages: the method comprises the following steps of initialization, encryption, transaction generation, trapdoor generation and search; and (5) a decryption stage. The detailed steps are as follows:
the method comprises the following steps: an initialization stage:
the specific steps of the system initialization stage are as follows:
the AC selects the attribute set Atts as input. AC selects a bilinear pair e: G 0 ×G 0 →G 1 Wherein G is 0 、G 1 Is a group of order q, g 0 、g 1 Is its generator. Selecting a secure hash function H:
Figure BDA0003845591790000051
randomly selecting a, alpha, K, K,
Figure BDA0003845591790000061
Where K is a symmetric key, generating a system public key
Figure BDA0003845591790000062
Partial private key SK 1 =(K 1 ,K 2 ) In which
Figure BDA0003845591790000063
Figure BDA0003845591790000064
SK transmitter 1 To the DU. Generating a partial private key SK 2 =(K x ,K 3 ) In which
Figure BDA0003845591790000065
Where x ∈ Atts, send SK 2 To the EU. Generating the global parameter GP = (a, H, g) 0 ,g 1 ,G 0 ,G 1 )。
Step two: and (3) an encryption stage:
the encryption stage comprises the following specific steps:
the DO formulates an access control policy (M, rho), uploads (M, rho) and data F to the corresponding edge server, wherein rho represents a row-specific attribute, and M is an M x n matrix. EU random selection
Figure BDA0003845591790000066
Randomly selecting w-1 elements a i Generating a polynomial f (x) = s + a of degree w-1 1 x+…+a w-1 x w-1 . Then calculate sub i =f(x i ). And dividing s into n parts, wherein the threshold value is w. Then randomly selecting a vector
Figure BDA0003845591790000067
And
Figure BDA0003845591790000068
computing
Figure BDA0003845591790000069
Figure BDA00038455917900000610
Then calculate
Figure BDA00038455917900000611
Simultaneously randomly selecting beta,
Figure BDA00038455917900000612
Computing keyword ciphertext
Figure BDA00038455917900000613
Figure BDA00038455917900000614
Wherein
Figure BDA00038455917900000615
And sending the key word ciphertext and the access control strategy to other edge nodes. And uploading the encrypted data generation ciphertext CT = F PK to the cloud server.
Step three: a transaction generation phase:
the transaction generation phase comprises the following specific steps:
EU sends out request for requesting computation, each node of the consensus network responds as a request computation node, and then gamma generated is used i Generating a transaction TS = { CNaddr, E (gamma) after encryption by using public keys of all nodes in a block chain j ),τ j Where CNaddr represents the list of addresses of the delegated compute node in the network, τ j Is a variable of definition
Figure BDA00038455917900000616
EU broadcasts the transaction to other nodes in the block chain network, and the entrusting node acquires gamma from the transaction i Then, the product is stored.
Step four: a trapdoor generation stage:
the specific steps of the generation stage of the trap are as follows:
DU is first randomly selected according to the keyword w' desired to be searched
Figure BDA00038455917900000617
Generating
Figure BDA00038455917900000618
Wherein
Figure BDA00038455917900000619
Figure BDA00038455917900000620
Random selection of R c ∈G 0 Further randomization generates T 2 =SK 1 ·R c Submission of T w =(T 1 ,T 2 )。
Step five: a searching stage:
the specific steps in the search stage are as follows:
EU receives DU to search trap door T w And then, firstly, checking whether the access control matrix M is satisfied, if the attribute set Atts is verified not to satisfy the access matrix M, stopping the process, and if not, continuing the process. According to the satisfied access control matrix M, then obtaining a symmetric key K, and continuing to perform access control on the received trapdoor T w Calculating T 1 ×C 1 =C 2 And if so, acquiring corresponding data CT from the cloud server, otherwise, returning to 0.
The correctness is as follows:
Figure BDA0003845591790000071
Figure BDA0003845591790000072
Figure BDA0003845591790000073
Figure BDA0003845591790000074
if w = w', the equation holds.
Step six: and a decryption stage:
the specific steps of the decryption stage are as follows:
when the committed trapdoor satisfies the access control matrix M, the block chain has gamma j Node application calculation when threshold w nodes apply, multi-party collaboratively calculates s.
Figure BDA0003845591790000075
Figure BDA0003845591790000076
Wherein
Figure BDA0003845591790000077
And then returns s to the corresponding EU. And after the final private key is obtained, decrypting and returning the data F to the corresponding data user.
The decryption process is as follows:
Figure BDA0003845591790000078
Figure BDA0003845591790000079
Figure BDA00038455917900000710
Figure BDA00038455917900000711
Figure BDA00038455917900000712
Figure BDA0003845591790000081
and finally, returning the data F wanted by the user to the corresponding data user.

Claims (7)

1. A block chain-based fine-grained access control method in a cloud edge collaborative environment is characterized by comprising the following steps:
step one, an initialization stage;
step two, an encryption stage: the data owner formulates an access control strategy, uploads the access control strategy and corresponding data to a corresponding edge server, then the edge server encrypts and uploads the data to a cloud server, and simultaneously sends a keyword ciphertext and the access control strategy to other edge nodes;
step three, a transaction generation phase: the edge server sends a request for entrusting the transaction, each node in the consensus network responds to become an entrusting computing node, and then the edge node generates a transaction and broadcasts the transaction to other nodes in the block chain network;
step four, a trapdoor generation stage: a user generates a search trapdoor according to a keyword which is required to be searched;
step five, a searching stage: after receiving the trapdoor sent by the user, the edge server firstly checks whether the trapdoor meets the access control matrix, if the attribute set does not meet the access control matrix, the process is stopped, otherwise, the execution is continued; if the access control matrix is met, checking whether corresponding data are contained, if so, acquiring the corresponding data from the cloud server, and otherwise, returning to 0;
step six, a decryption stage: and when the submitted trapdoor meets the access control strategy, the nodes in the block chain cooperate with each other in multiple ways to calculate a secret value, obtain the final private key decryption, and then return the data to the corresponding data user.
2. The method for fine-grained access control based on a block chain in a cloud-edge collaborative environment according to claim 1, wherein in the first step, the specific steps of a system initialization stage are as follows:
AC selects attribute set Atts as input, AC selects a bilinear pair e: G 0 ×G 0 →G 1 Wherein G is 0 、G 1 Is a group of order q, g 0 、g 1 Is the generator, selects the secure hash function H:
Figure FDA0003845591780000011
randomly selecting a, alpha, K, K,
Figure FDA0003845591780000012
Wherein K is a pairCalled a secret key, to generate a system public key
Figure FDA0003845591780000013
Partial private key SK 1 =(K 1 ,K 2 ) Wherein
Figure FDA0003845591780000014
Figure FDA0003845591780000015
SK transmitter 1 For DU, a partial private key SK is generated 2 =(K x ,K 3 ) Wherein
Figure FDA0003845591780000016
Where x ∈ Atts, send SK 2 For EU, global parameter GP = (a, H, g) is generated 0 ,g 1 ,G 0 ,G 1 )。
3. The method for fine-grained access control based on the block chain in the cloud-edge collaborative environment according to claim 2, wherein in the second step, the specific steps in the encryption stage are as follows:
DO establishes an access control strategy (M, rho), uploads (M, rho) and uploads data F to a corresponding edge server, wherein rho represents a row specification attribute, M is an M multiplied by n matrix, and EU randomly selects
Figure FDA0003845591780000017
Randomly selecting w-1 elements a i Generating a polynomial f (x) = s + a of degree w-1 1 x+…+a w-1 x w-1 Then calculate sub i =f(x i ) Dividing s into n parts with threshold value of w, and randomly selecting a vector
Figure FDA0003845591780000018
And
Figure FDA0003845591780000019
computing
Figure FDA00038455917800000110
Figure FDA00038455917800000111
Then calculate
Figure FDA00038455917800000112
Simultaneously randomly selecting beta,
Figure FDA00038455917800000113
Computing keyword ciphertext
Figure FDA00038455917800000114
Figure FDA0003845591780000021
Wherein
Figure FDA0003845591780000022
And sending the key word ciphertext and the access control strategy to other edge nodes, and uploading the encrypted data generation ciphertext CT = F PK to the cloud server.
4. The fine-grained access control method based on a block chain in a cloud-edge collaborative environment according to claim 3, wherein in the third step, the specific steps in the transaction generation phase are:
EU sends out request for requesting computation, each node of the consensus network responds as a request computation node, and then gamma generated is used i Generating a transaction TS = { CNaddr, E (gamma) after encryption by using public keys of all nodes in a block chain j ),τ j Where CNaddr represents the list of addresses of the delegated compute node in the network, τ j Is a variable of definition
Figure FDA0003845591780000023
EU broadcasts the transaction to other nodes in the blockchain networkPoint, delegate node gets γ from transaction i Then, the product is stored.
5. The fine-grained access control method based on the block chain in the cloud-edge collaborative environment according to claim 4, wherein in the fourth step, the specific steps in the trapdoor generation stage are as follows:
DU is first randomly selected according to the keyword w' desired to be searched
Figure FDA0003845591780000024
Generating
Figure FDA0003845591780000025
Wherein
Figure FDA0003845591780000026
H (w'), selecting R randomly c ∈G 0 Further randomization generates T 2 =SK 1 ·R c Submission of T w =(T 1 ,T 2 )。
6. The fine-grained access control method based on the block chain in the cloud-edge collaborative environment according to claim 5, wherein in the fifth step, the specific steps in the search phase are:
EU receives DU to search trap door T w Then, firstly checking whether the access control matrix M is met, if the attribute set Atts is verified not to meet the access matrix M, stopping the process, otherwise, continuing the program, acquiring a symmetric key K according to the met access control matrix M, and continuing to perform the operation of the received trapdoor T w Calculating T 1 ×C 1 =C 2 If the data CT is not true, acquiring corresponding data CT from the cloud server, otherwise returning to 0,
the correctness is as follows:
Figure FDA0003845591780000027
if w = w', the equation holds.
7. The fine-grained access control method based on the block chain in the cloud edge collaborative environment according to claim 6, wherein in the sixth step, the specific steps in the ciphertext decryption stage are as follows:
when the submitted trapdoor meets the access control matrix M, the block chain has gamma j nodes to apply for calculation, when w nodes apply for calculation, the multi-party calculates s cooperatively,
Figure FDA0003845591780000031
Figure FDA0003845591780000032
wherein
Figure FDA0003845591780000033
Then returning s to corresponding EU to obtain final private key, decrypting and returning data F to corresponding data user,
the decryption process is as follows:
Figure FDA0003845591780000034
Figure FDA0003845591780000035
Figure FDA0003845591780000036
Figure FDA0003845591780000037
Figure FDA0003845591780000038
Figure FDA0003845591780000039
and finally, returning the data F wanted by the user to the corresponding data user.
CN202211116020.6A 2022-09-14 2022-09-14 Fine granularity access control method based on blockchain in cloud-edge cooperative environment Active CN115484095B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211116020.6A CN115484095B (en) 2022-09-14 2022-09-14 Fine granularity access control method based on blockchain in cloud-edge cooperative environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211116020.6A CN115484095B (en) 2022-09-14 2022-09-14 Fine granularity access control method based on blockchain in cloud-edge cooperative environment

Publications (2)

Publication Number Publication Date
CN115484095A true CN115484095A (en) 2022-12-16
CN115484095B CN115484095B (en) 2024-05-07

Family

ID=84392491

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211116020.6A Active CN115484095B (en) 2022-09-14 2022-09-14 Fine granularity access control method based on blockchain in cloud-edge cooperative environment

Country Status (1)

Country Link
CN (1) CN115484095B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111556495A (en) * 2020-03-19 2020-08-18 西安电子科技大学 Multi-user searchable encryption method and encryption system in Internet of vehicles environment
CN112543099A (en) * 2020-11-25 2021-03-23 南京邮电大学 Certificateless searchable encryption method based on edge calculation
US20210096911A1 (en) * 2020-08-17 2021-04-01 Essence Information Technology Co., Ltd Fine granularity real-time supervision system based on edge computing
WO2022007889A1 (en) * 2020-07-08 2022-01-13 浙江工商大学 Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption
CN114398650A (en) * 2021-12-16 2022-04-26 西安电子科技大学 Searchable encryption system and method supporting multi-keyword subset retrieval
CN114640458A (en) * 2022-03-28 2022-06-17 湖南科技大学 Fine-grained multi-user secure searchable encryption method in cloud-edge collaborative environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111556495A (en) * 2020-03-19 2020-08-18 西安电子科技大学 Multi-user searchable encryption method and encryption system in Internet of vehicles environment
WO2022007889A1 (en) * 2020-07-08 2022-01-13 浙江工商大学 Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption
US20210096911A1 (en) * 2020-08-17 2021-04-01 Essence Information Technology Co., Ltd Fine granularity real-time supervision system based on edge computing
CN112543099A (en) * 2020-11-25 2021-03-23 南京邮电大学 Certificateless searchable encryption method based on edge calculation
CN114398650A (en) * 2021-12-16 2022-04-26 西安电子科技大学 Searchable encryption system and method supporting multi-keyword subset retrieval
CN114640458A (en) * 2022-03-28 2022-06-17 湖南科技大学 Fine-grained multi-user secure searchable encryption method in cloud-edge collaborative environment

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
BURAK KALECI: "Plane Segmentation of Point Cloud Data Using Split and Merge Based Method", 《2019 3RD INTERNATIONAL SYMPOSIUM ON MULTIDISCIPLINARY STUDIES AND INNOVATIVE TECHNOLOGIES (ISMSIT)》, 16 December 2019 (2019-12-16) *
张强: "基于多边缘服务器的个性化搜索隐私保护方法", 《通信学报》, 25 February 2019 (2019-02-25) *
李晓蓉;宋子夜;任婧怡;徐磊;许春根;: "云计算中基于属性的可搜索加密电子病历系统", 计算机科学, no. 2, 15 November 2017 (2017-11-15) *
王汝言;刘宇哲;张普宁;亢旭源;李学芳;: "面向物联网的边云协同实体搜索方法", 计算机工程, no. 08, 15 August 2020 (2020-08-15) *

Also Published As

Publication number Publication date
CN115484095B (en) 2024-05-07

Similar Documents

Publication Publication Date Title
US11973889B2 (en) Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption
CN110474893B (en) Heterogeneous cross-trust domain secret data secure sharing method and system
Zhang et al. Data security and privacy-preserving in edge computing paradigm: Survey and open issues
Li et al. Full verifiability for outsourced decryption in attribute based encryption
Zhang et al. Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing
Li et al. Searchable ciphertext‐policy attribute‐based encryption with revocation in cloud storage
Wang et al. Verifiable and multi-keyword searchable attribute-based encryption scheme for cloud storage
Li et al. Attribute-based keyword search and data access control in cloud
Chenam et al. A designated cloud server-based multi-user certificateless public key authenticated encryption with conjunctive keyword search against IKGA
Wang et al. Secure channel free id-based searchable encryption for peer-to-peer group
CN110933033A (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
Qiu et al. Identity-based private matching over outsourced encrypted datasets
Baseri et al. Privacy preserving fine-grained location-based access control for mobile cloud
Liu et al. EMK-ABSE: Efficient multikeyword attribute-based searchable encryption scheme through cloud-edge coordination
Zhang et al. Time and attribute based dual access control and data integrity verifiable scheme in cloud computing applications
Wang et al. Ks-abeswet: A keyword searchable attribute-based encryption scheme with equality test in the internet of things
CN114697042A (en) Block chain-based Internet of things security data sharing proxy re-encryption method
CN115834067A (en) Ciphertext data sharing method in edge cloud collaborative scene
Cui et al. Towards Multi-User, Secure, and Verifiable $ k $ NN Query in Cloud Database
Ren et al. Decentralized multi-authority attribute-based searchable encryption scheme
Yan et al. Secure and efficient big data deduplication in fog computing
CN116545741A (en) Agent re-encryption reverse firewall method based on blockchain
Wu et al. Efficient access control with traceability and user revocation in IoT
Hu et al. Public-key encryption with keyword search via obfuscation
Tian et al. Hierarchical authority based weighted attribute encryption scheme

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant