CN115834067A - Ciphertext data sharing method in edge cloud collaborative scene - Google Patents
Ciphertext data sharing method in edge cloud collaborative scene Download PDFInfo
- Publication number
- CN115834067A CN115834067A CN202111087396.4A CN202111087396A CN115834067A CN 115834067 A CN115834067 A CN 115834067A CN 202111087396 A CN202111087396 A CN 202111087396A CN 115834067 A CN115834067 A CN 115834067A
- Authority
- CN
- China
- Prior art keywords
- attribute
- terminal device
- data
- resource
- edge server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 89
- 238000012795 verification Methods 0.000 claims description 49
- 238000013507 mapping Methods 0.000 claims description 11
- 238000004364 calculation method Methods 0.000 claims description 10
- 238000012790 confirmation Methods 0.000 claims description 6
- 238000010200 validation analysis Methods 0.000 claims description 4
- 238000010276 construction Methods 0.000 claims description 2
- 230000009467 reduction Effects 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 7
- 238000011160 research Methods 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 30
- 230000008569 process Effects 0.000 description 26
- 238000007726 management method Methods 0.000 description 14
- 238000012545 processing Methods 0.000 description 6
- 238000013500 data storage Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000013523 data management Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 101001019450 Haloferax volcanii (strain ATCC 29605 / DSM 3757 / JCM 8879 / NBRC 14742 / NCIMB 2012 / VKM B-1768 / DS2) Isocitrate dehydrogenase [NADP] Proteins 0.000 description 1
- 101150064138 MAP1 gene Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 101150077939 mapA gene Proteins 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention provides a ciphertext data sharing method in a side cloud collaborative scene, which comprises the following steps: initializing protocol parameters in a mobile edge network domain, generating a master key and a public key of an authentication center, self-verifying a system entity key and obtaining a legal public/private key pair, distributing attribute authority to terminal members by a cloud server, encrypting data and calculating encryption key factors by a resource provider, then uploading resource related information to an edge server of the domain, applying for accessing resources by a resource accessor to the edge server of the domain, searching resources by the edge server of the domain, and performing cross-domain search if the domain does not have required resources. The invention can carry out fast searching and positioning of the whole network and can carry out data feedback in time; by combining the block chain technology, the hash value of the shared data, the public key information of the sharer and the like are written into the block chain, data integrity check and data source tracing can be performed, so that ciphertext data can be shared more flexibly, efficiently and practically, and the method has important field research significance and commercial application value.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a ciphertext data sharing method in a side cloud collaborative scene.
Background
With the progress and development of scientific technology, the 5G and Internet of things technology develops rapidly, but each terminal generates massive data along with the lapse of time, so that exponential explosive growth of the data is caused, and the problem in the aspect of data processing is increasingly remarkable. Cloud computing, as a large-batch data management technology, has the characteristics of large capacity, high computing power and high performance, and can provide high-quality data processing services for people. However, all data needs to be uploaded to the cloud for centralized processing, which causes great pressure on network bandwidth, and it is difficult to meet the requirement of applications with high real-time requirements, so edge computing comes along. Cloud computing is good at global, non-real-time and long-period big data processing and analysis, edge computing is more suitable for local, real-time and short-period data processing and analysis, and edge cloud cooperation can greatly expand the application range of the edge computing and greatly improve the quality of service provided, so that the respective application values of the edge computing and the cloud computing are enlarged. However, the edge cloud collaboration scene has the characteristics of numerous devices, frequent data interaction and the like, and the privacy security and the data security of the terminal device face a serious challenge.
The data sharing is a bridge and a link for cooperative computing, data exchange and mutual operation among terminal devices in a side cloud cooperative application scene, the data shared among the terminal devices relates to secret information and private data, and the shared data needs to be encrypted in order to ensure safe sharing of the secret-related data. However, the existing data sharing model is single in data sharing form, cannot adapt to sharing of multi-level data, is complicated in authentication process, heavier in terminal calculation and communication load, slower in data retrieval speed and the like, and cannot adapt to a side cloud cooperation scene. Therefore, a ciphertext data sharing technology in a side cloud cooperative application scene is provided, a model sets a specific attribute key factor according to the confidentiality requirement of shared data to carry out combined encryption key, and only data demanders meeting specific rules can decrypt the shared data so as to achieve more flexible and fine-grained security data sharing; meanwhile, the data sharer and the data demander give the edge server as many tasks as possible to process in the data sharing process. The data sharer uploads the ciphertext data and the related access authority to the edge server, extra data calculation and data management are not needed, the data demander only needs to submit the required data description and the related access authority to the edge server, and local search, cross-domain search and the like of the data are executed by the edge server. In addition, the hash value of the shared data, the public key information of the sharer, the access record of the data demander and the like are written into the block chain by the edge server, so that the data integrity check and the data source tracing can be conveniently carried out.
At present, research aiming at a ciphertext data sharing model in a side cloud cooperation scene does not appear, a series of challenging problems need to be solved, and work in the aspects of cross-domain access control and the like is unprecedented.
Disclosure of Invention
Aiming at the technical problems that privacy of terminal equipment is easy to leak, a data sharing form is single and data searching and positioning are difficult in the data sharing process of the existing data sharing model, the invention provides a ciphertext data sharing method in a cloud collaborative scene, which adopts an identity authentication technology with hidden attributes to realize authentication of terminal identities and guarantee that terminal attributes and identity information are not leaked, reduces calculation and communication expenses of the terminal equipment, adopts identity authentication and attribute authority parameter matching to avoid collusion attack of terminals without authorities, adopts a threshold function to set keys to realize fine-grained resource sharing, and in addition, an edge server can perform fast searching and positioning of the whole network through a local block chain and a alliance database according to data description of a data demander and can perform data feedback in time.
In order to achieve the purpose, the technical scheme of the invention is realized as follows: a ciphertext data sharing method in a side cloud collaborative scene comprises the following steps:
the method comprises the following steps: system entity key self-validation
A) The CA runs an initialization algorithm and broadcasts system parameters;
b) After receiving the system parameters broadcast by the CA, the system entity randomly selects a positive integer as a private key, calculates a confirmation intermediate variable and a public key required for confirming the identity of the system entity, and then sends the confirmation intermediate variable and the public key to the CA;
c) After receiving the message of the system entity, the CA verifies the corresponding relation between the public key and the identity of the system entity, and if the verification is passed, the CA publishes the effective public key of the system entity;
the system entity comprises a cloud server, an edge server and terminal equipment;
step two: attribute rights distribution
E) Initializing a side cloud network system, and broadcasting an available authentication attribute set to the inside of the system by a cloud server CS;
f) After receiving the authentication attribute set broadcast by the cloud server CS, each terminal device randomly selects a positive integer, calculates an attribute intermediate variable and an intermediate signature required by verifying the attribute of the terminal device, and then sends the attribute intermediate variable and the intermediate signature to the cloud server CS;
g) After receiving the messages sent by each terminal member, the cloud server CS calculates an attribute intermediate variable required by attribute verification and determines the attribute of the terminal device, then the cloud server CS calculates a hash value and verifies an intermediate signature of the terminal device, and if the verification is passed, the cloud server CS calculates attribute parameters and the attribute signature and sends an attribute parameter set and the attribute signature to each terminal device;
h) After receiving the message of the cloud server CS, each terminal device verifies the attribute signature of the cloud server CS, and if the verification is passed, each terminal device calculates the attribute authority;
i) Each edge server obtains all edge attribute authorities according to the steps F) -H);
j) The cloud server CS divides the management domain according to the IP of each terminal device and each edge server, and sends the registration information of the terminal device to which the edge server belongs to the corresponding edge server;
step three: data encryption and secure storage
K) If the data provider wants to share the data, the data provider randomly selects positive integer encrypted data to obtain ciphertext information; the data provider selects a positive integer structure polynomial corresponding to the attribute authority and calculates a function value, a hash value of the ciphertext and an intermediate signature, the data provider sends information of the ciphertext, the hash value of the ciphertext, the intermediate signature and the function value to the edge server together, and the function value is used as an encryption key factor;
l) after receiving the message of the data provider, the edge server verifies the hash value of the intermediate signature and the ciphertext of the data provider, if the verification is passed, the edge server stores the ciphertext into a local database under the link and writes the message sent by the data provider to the edge server into a block chain; then the edge server writes the search keywords, the attribute sequence of the access authority, the encryption key factors and the edge management domain information of the ciphertext data into an AID (alliance index database);
step four: data search and secure sharing
M) the resource demander calculates an intermediate signature and sends the resource request information to the local domain edge server;
n) after receiving the resource request message of the resource demander, the edge server of the local domain checks the attribute sequence of the resource demander and determines the attribute authority of the resource demander;
o) the edge server of the local domain searches a target resource and an attribute sequence for accessing the resource in the block chain of the local domain, if the keyword in the block chain meets the search requirement and the attribute sequence meets the requirement, the resource demander has the authority for accessing the resource, the edge server of the local domain sends the link of the resource and the encryption key factor to the resource demander, and writes an access record into the block chain in a transaction form;
p) when an inter-domain resource sharing request is needed, the local domain edge server searches resources and an attribute sequence for accessing the resources in the AID (alliance index database), if the keywords and the attribute sequence meet the requirements, the resource demander has the authority for accessing the resources, the local domain edge server requests the domain edge server where the resources are located, obtains the link of the external domain database of the resources and the encryption key factor, sends the link and the encryption key factor to the resource demander, and writes an access record into a block chain in a transaction form;
q) the resource demander downloads the ciphertext data through the link and calculates the point pair, then calculates the key through the point pair reduction polynomial, and decrypts the resource by using the key to obtain the plaintext data.
Further, the implementation method of the first step is as follows:
1) The certification authority CA runs the initialization algorithm Setup (1) λ ) Then, the system parameter { g } is broadcasted 1 ,G 1 ,e,H 1 PK }; where λ is the security parameter, PK is the public key of the certificate authority CA, g 1 Is an addition group G 1 Is generated from 1 :{0,1} * →G 1 Representing a hash function, e representing a computable bilinear mapping function;
2) The system entity u receives the system parameters g broadcast by the certification center CA 1 ,G 1 ,e,H 1 PK }, a positive integer is randomly selectedCalculation of the validation intermediate variable η 1 =H 2 (id)rg 1 、η 2 =rPK、η 3 =H 2 (id)PK、η 4 =H 1 (u||id||η 1 ||η 2 ||η 3 Pk) and public key pk = rg 1 Then the message { u, id, η } 1 ,η 2 ,η 3 ,η 4 Pk is sent to the authentication center CA; wherein id is the identity of the system entity u,represents a set of positive integers of order q, q being an addition group G 1 Pk is the public key of the system entity u;
3) The authentication center CA receives the message { u, id, eta 1 ,η 2 ,η 3 ,η 4 Pk, verifying the corresponding relation between the public key pk and the identity id of the system entity u, namely calculating an intermediate variable η' 2 =MSK -1 ,η 2 =pk=rg 1 ,η' 3 =MSK -1 η 3 =H 2 (id)g 1 ,η' 4 =H 1 (u||id||η 1 ||η 2 ||η 3 | pk) and verifies equation η' 4 =η 4 And e (η) 2 ,η' 3 )=e(η 3 ,η' 2 ) If the system entity u is established, the certification center CA publishes the effective public key pk of the system entity u; wherein MSK represents the private key of the certificate authority CA;
4) The system entity u obtains the public key agreed upon and generates its own public/private key pair (pk, r).
Further, the equation e (η) 2 ,η' 3 )=e(η 3 ,η' 2 ) The verification method comprises the following steps:
Further, the method for the terminal device to distribute the attribute authority in the second step includes:
(1) Cloud server CS broadcasts available authentication attribute set SA = { Att to system interior 1 ,Att 2 ,...,Att T }; terminal device u i,j Receiving the authentication attribute set SA broadcasted by the cloud server CS, and the terminal device u i,j Randomly selecting a positive integerCalculating an attribute intermediate variable L i,j =l i,j g 1 、And intermediate signaturesThen the message is sentSending the data to a cloud server CS; wherein u is i,j Denotes the jth terminal device, attr, in the ith edge server management domain i,j,t Indicating terminal device u i,j I is more than or equal to 1 and less than or equal to N, j is more than or equal to 1 and less than or equal to N, T is more than or equal to 1 and less than or equal to T, N is the total number of edge servers, N is the number of terminal equipment of each edge server, T represents the total number of attributes in the authentication attribute set,indicating terminal device u i,j Private key of g 1 Is an addition group G 1 Is a connection symbol;
(2) Cloud server CS receives terminal device u i,j Transmitted messageThen, respectively calculating verification intermediate variablesAnd comparing the setsAnd number set of cloud server CS computingDetermining the intersection and the corresponding relation of the two sets to determine the terminal device u i,j Has an attribute set of { Att 1 ,Att 2 ,...,Att t }; then cloud server CS calculates hash value H 2 (Att 1 ||Att 2 ||...||Att t )g 1 And passes the verification equationAuthentication terminal device u i,j If the equation holds, the terminal device u is determined i,j Possession property set attr i,j,1 ,attr i,j,2 ,...,attr i,j,t From the set pa = { r }, the cloud server CS 1 ,r 2 ,...,r T Selecting corresponding attribute parameter r 1 ,r 2 ,...,r t And calculating attribute parametersAnd attribute signaturesThen the cloud server CS sends the informationSent to the terminal device u i,j (ii) a Wherein T is more than or equal to 1 and less than or equal to T is terminal equipment u i,j T represents the total number of attributes in the authentication attribute set, att T In order to authenticate an attribute in the set of attributes,as attribute Att t The corresponding random attribute parameter is set to be,indicating terminal device u i,t The public key of (a); h 3 (. Is a Hash powderColumn function, sk CS A private key representing the cloud server CS;
(3) Terminal device u i,j Receiving the information sent by the cloud server CSThen, by verifying the equationVerifying attribute signature identity of cloud server CS, and if the equation is established, the terminal device u i,j Separately computing attribute rightsTerminal device u i,j Property set attr of ui,j ={attr i,j,1 ,attr i,j,2 ,...,attr i,j,t The corresponding attribute authority set isWherein,for terminal equipment u i,j E (-) is a computable bilinear mapping function;
(4) Edge server ES i With authentication attribute set SA = { Att = { (Att) 1 ,Att 2 ,...,Att T Obtaining all edge attribute authority according to the steps (1) - (3)
(5) Cloud server CS according to terminal device u i,j IP address and edge server ES of i The IP address of the edge server ES is divided into management domains i The terminal device u i,j Registration information ofSend to edge server ES i (ii) a Wherein,for terminal equipment u i,j The public key of (a); (S) 1 ,S 2 ,...,S t ) Is a set of attributesA corresponding sequence of attributes.
Further, the method for implementing data encryption and secure storage in the third step is as follows:
step 1, if the terminal device u is used as a data provider i,j Want to share dataTerminal device u i,j Randomly selecting positive integersEncrypting dataObtaining ciphertext informationTerminal device u i,j Constructing a polynomialRespectively combining hash values of attribute authoritySubstituting polynomial p (x) to calculate t function values { f } 1 ,f 2 ,...,f t As an encryption key factor, and then the terminal device u i,j Based on the ciphertext informationComputing hash values for ciphertextAnd intermediate signaturesAnd will transmit the messageES to edge server i (ii) a Wherein,indicating terminal device u i,j Of public key H 2 (. And H) 3 (. Cndot.) represents a hash function,representing a set of positive integers of order q,representation attribute attr i,j,t The corresponding attribute rights are set to the attributes,indicating terminal device u i,j The private key of (1); keywords m Is used for searching dataSearch keyword of (S) 1 ,S 2 ,...,S t ) Is to access the ciphertext informationA required sequence of permissions; x is an independent variable, a 1 ,...,a t-2 ,a t-1 Is a terminal device u i,j According to the dataSelecting different parameter values according to the attribute authority;
step 2, edge server ES i Receiving terminal device u i,j Transmitted messageThen, by verifying the equationWhether the verification terminal u is established or not i,j If the equation is established, verifying whether the hash value of the ciphertext is correct, and if the ciphertext information is correctThe hash value of (A) is correct, the edge server ES i Cipher text informationStore to the down-link local database and send the messageWriting the block serving as the primary transaction information into a local block chain; meanwhile, the edge server ES i Searching keywords of ciphertext data m Property sequence of access rights (S) 1 ,S 2 ,...,S t ) Encryption key factor (f) 1 ,f 2 ,...,f t ) And the edge server is written into a alliance index database AID.
further, the implementation method of data search and secure sharing in the fourth step is as follows:
s1, terminal equipment u as resource demander i,k Computing intermediate signaturesAnd sends resource request messageES sent to local domain edge server i (ii) a Wherein,indicating terminal equipment u i,k The private key of (a) is used,indicating terminal device u i,k The public key of (a) is stored,for terminal equipment u i,k Property rights of m Representing a required resourceThe search key of (1) is selected,for terminal equipment u i,k Intermediate signature of { S } 1 ,S 2 ,...,S t Is the sequence of attributes of the access rights,g 1 is an addition group G 1 Generator of (2), H 3 (·) represents a hash function, i is more than or equal to 1 and less than or equal to N, N is the total number of edge servers, k is more than or equal to 1 and less than or equal to N, and N is the total number of terminals;
s2, local domain edge server ES i Receiving terminal device u i,k Issued resource request messageThen, the attribute sequence (S) in the resource request message is sequenced 1 ,S 2 ,...,S t ) Terminal device u sent to cloud server CS i,k The registered attribute sequences are compared and verified, if the two sequences are consistent, the local domain edge server ES i From edge attribute rights collectionsSelect corresponding edge attribute authorityVerification equationDetermining whether terminal device u is established i,k Property rights possessed;
s3, searching resources in the domain: local domain edge server ES i According to terminal equipment u i,k Search keywords of transmitted resources m Searching data of related resources in local area block chainAnd access the sequence of attributes of the resource S 1 ,S 2 ,...,S τ H, if the search key word in the block chain satisfies the terminal device u i,k Key requirement of search and access to attribute sequence of the resourceThen the terminal device u i,k With access to dataAuthority of, local domain edge server ES i The link to access the resource and the encryption key factor (f) 1 ,f 2 ,...,f t ) Through terminal unit u i,k Is encrypted and sent to the terminal device u i,k And recording the accessWriting the block chain in a transaction form; where τ represents the number of attributes required to decrypt a resource, T m Representing access to resourcesA timestamp of (d);
s4, when inter-domain resource sharing request is needed, the local domain edge server ES i According to terminal unit u i,k Search keywords of transmitted resources m Searching data of related resources in alliance index database AIDAnd access the sequence of attributes of the resource S 1 ,S 2 ,...,S τ Fifthly, if the keywords of the AID of the alliance index database satisfy the terminal device u i,k Key requirement of search and access to attribute sequence of the resourceThen the indication is terminal device u i,k With access to dataThe right of (1); local domain edge server ES i The domain edge server ES where the data of the requested resource is located j To obtain the external domain database link address of the resource and the encryption key factor (f) of the resource 1 ,f 2 ,...,f t ) And will request access to the resource link and encryption key factor (f) 1 ,f 2 ,...,f t ) Through terminal unit u i,k Sends the public key encryption to the terminal device u i,k And recording the accessWriting the block chain in a transaction form;
s5, terminal device u i,k Decryption chaining and encryption key factor (f) 1 ,f 2 ,...,f t ) Thereafter, the ciphertext message is downloaded via the received linkAccording to the encryption key factor (f) 1 ,f 2 ,...,f t ) And attribute authority set possessed by the sameSeparately calculating variablesPoint pair { (x) 1 ,f 1 ),(x 2 ,f 2 ),...,(x t ,f t ) Polynomial of Lagrange's interpolation theorem constructionTerminal device u i,k ComputingObtaining a decryption key of the shared resource, and further decrypting the resource to obtain plaintext dataWherein the functionx θ And x ε Is the abscissa of the point on the polynomial.
Compared with the prior art, the invention has the beneficial effects that: 1) Sharing fine-grained data, setting a specific attribute key factor according to the confidentiality requirement of the shared data to carry out combined encryption key, and only a data demander meeting a specific rule can decrypt the shared data so as to achieve more flexible and fine-grained security data sharing; 2) The data sharing method comprises the steps that light load is achieved, as many tasks as possible are processed by a data sharer and a data demander in the data sharing process and are processed by an edge server, ciphertext data and related access permissions are uploaded to the edge server by the data sharer, extra data calculation and data management are not needed, the data demander only needs to submit required data description and the related access permissions to the edge server, and local search, cross-domain search and the like of data are executed by the edge server; 3) The edge server can carry out the fast search and positioning of the whole network through a local block chain and a alliance index database according to the data description of a data demander, and can carry out data feedback in time; 4) The integrity and traceability of the shared data, the hash value of the shared data, the public key information of a sharer, the access record of a data demander and the like are written into the block chain by the edge server, so that the data integrity check and the data traceability can be conveniently carried out. The method enables ciphertext data sharing in the edge cloud collaborative scene to be more flexible, efficient and practical, and has important field research significance and commercial application value.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of the present invention.
Fig. 2 is a schematic diagram of ciphertext data sharing in embodiment 1 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
Aiming at the problems of confidentiality, integrity and leakage resistance of data resources when ciphertext data are shared among mobile terminals in a network and between the terminals and a server in a cloud collaborative complex environment; meanwhile, in the data sharing process, the problems of complex data searching process, inaccurate positioning and the like exist, and on this background, the invention provides a ciphertext data sharing method in a side cloud collaborative scene, as shown in fig. 1, so that safe sharing of ciphertext data in an edge collaborative environment is realized. Firstly, entities (including a cloud server, an edge server and terminal equipment) in the edge cloud cooperative system verify own keys to a Certificate Authority (CA) so as to obtain a legal public/private key pair; secondly, the cloud server CS broadcasts an attribute set, the terminal equipment calculates parameters and signatures required by identity verification according to the attributes, the cloud server CS verifies the identity and the attributes of the terminal equipment, and if the verification is passed, the terminal equipment is distributed with attribute authority; then, the terminal equipment selects random number encryption data according to the confidentiality of the data, utilizes the attribute authority to construct a polynomial to calculate an encryption key factor, and uploads the related information of the ciphertext data to the edge server; and the terminal equipment applies for accessing the resources according to the attribute authority of the terminal equipment, and the edge server searches the target resources according to the application information and returns the link and the encryption key factor.
1. The theoretical basic knowledge and related definition related to the invention
1.1 bilinear mapping problem
Definition 1. Bilinear mapping: let G 1 And G 2 An addition group and a multiplication group respectively, having the same large prime order q, wherein(Is a safety parameter), G 1 Is g 1 ,e:G 1 ×G 1 →G 2 Is an addition group G 1 To multiplicative group G 2 Of a computable bilinear mapping function, H 1 :{0,1} * →G 1 ,Is a hash function that is collision resistant. The bilinear map e has the following properties:
property 1. Bilinear: for any given parameter a, the parameters are,and generating the element mu, ν epsilon G 1 There is the equation e (a μ, b ν) = e (μ, ν) ab This is true.
Properties 2. Non-degradability: there is a generator ω, ρ ∈ G 1 So that e (ω, ρ) ≠ 1.
Property 3. Calculability: for any given μ, v ∈ G 1 The presence of an efficient algorithm within the polynomial time can calculate e (μ, ν).
Inference 1. For all generative elements ρ 1 ,ρ 2 ,ω∈G 1 With e (ρ) 1 +ρ 2 ,ω)=e(ρ 1 ,ω)e(ρ 2 ,ω)。
1.2 computational complexity problem
Definition 1 Discrete Logarithm Problem (DLP): any two points Y, Q epsilon G on the elliptic curve 1 Wherein, Y = aQ,a < Q, given a and Q, Y is known to be easily calculated; however, given Y and Q, a cannot be calculated in significant multiples of time; wherein,representing an integer set of order q.
Definition 2.Diffie-Hellman inverse problem operation (ICDH): give g 1 ,ag 1 And abg 1 In the case of the parameter a,calculating (ab/a) g 1 。
Definition 3 (bilinear mapping inverse problem): for addition group G 1 Any point ag, bg, cg belonging to G 1 And any of the integers a, b,given that g and ag, bg, cg do not have an efficient algorithm to solveOr
Example 1
Under a complex data sharing environment, the terminal equipment needs to perform identity authentication before attribute authority distribution, but privacy information of the terminal equipment is easy to leak due to the fact that the terminal equipment is located under the edge cloud collaborative network environment during identity authentication. For safety, the terminal equipment needs to protect personal identity privacy while authenticating identity. During data sharing, confidentiality, integrity and leakage resistance of shared information are guaranteed, and terminal equipment meeting attribute authority is required to restore the polynomial to obtain a decryption key. In view of the application background, the invention provides a ciphertext data sharing method in a mobile edge cloud collaborative scene, as shown in fig. 1, the steps are as follows: (1) initializing a side cloud cooperation system, and self-verifying own keys by a cloud server CS, an edge server and terminal equipment to obtain a legal public/private key pair; (2) distributing attribute authority by terminal equipment in the edge cloud cooperative system: before data sharing is carried out, terminal equipment firstly carries out identity authentication of hidden attributes, the identity of the terminal equipment is authenticated, meanwhile, the privacy information of the terminal equipment is guaranteed not to be leaked, and attribute authority is distributed for legal terminal equipment after the authentication is successful; (3) data encryption and secure storage: the terminal equipment randomly selects encryption key encryption data, then calculates an encryption key factor by using the attribute authority and uploads information such as a ciphertext, the encryption key factor, a keyword and the like to a local edge server; (4) data search and secure sharing: the terminal equipment applies for target resources from the local server according to the attribute authority of the terminal equipment, the local edge server verifies the identity and the authority of the local edge server, after the verification is passed, the local edge server searches the local domain block chain resources, and if the resources are in other domains, the local edge server searches the alliance index database to obtain resource information and returns the resource information to the terminal equipment. The ciphertext data of the whole system is shared schematically, as shown in fig. 2. The method comprises the following specific steps:
the method comprises the following steps: the system entity key is self-certified.
The secure data sharing model can be used in an environment where anonymous transactions are performed between a data provider and a data demander, a public key cryptosystem is adopted to bind a user identity and a user public key, but an authoritative certification center CA is needed to associate a registered real identity with the public key of the registered real identity, and the association process is as follows:
1) The certification authority CA runs the initialization algorithm Setup (1) λ ) Then, the system parameter { g } is broadcasted 1 ,G 1 ,e,H 1 PK }; where PK is the public key of the certificate authority CA, g 1 Is an addition group G 1 Is generated from 1 (. To) denotes a hash function, e denotes a computable bilinear mapA function of rays.
2) The system entity u receives the system parameter g broadcasted by the certification center CA 1 ,G 1 ,e,H 1 PK }, a positive integer is randomly selectedCalculation of the validation intermediate variable η 1 =H 2 (id)rg 1 、η 2 =rPK、η 3 =H 2 (id)PK、η 4 =H 1 (u||id||η 1 ||η 2 ||η 3 Pk) and public key pk = rg 1 Then the message { u, id, η } 1 ,η 2 ,η 3 ,η 4 Pk is sent to the authentication center CA; wherein id is the identity of the system entity u,representing a set of positive integers of order q, q being an addition group G 1 The system entity u comprises a cloud server, an edge server and a terminal, and pk is a public key of the system entity u.
3) The authentication center CA receives the message { u, id, eta 1 ,η 2 ,η 3 ,η 4 Pk, verifying the corresponding relation between the public key pk and the identity id of the system entity u, namely calculating an intermediate variable η' 2 =MSK -1 η 2 =pk=rg 1 ,η' 3 =MSK -1 η 3 =H 2 (id)g 1 ,η' 4 =H 1 (u||id||η 1 ||η 2 ||η 3 | pk) and verify equation η' 4 =η 4 And e (eta) 2 ,η' 3 )=e(η 3 ,η' 2 ) Whether the public key pk of the system entity u is equal to the effective public key pk is published by the CA if the public key pk is equal to the effective public key pk of the system entity u; wherein MSK represents the private key of the certificate authority CA.
Equation e (η) 2 ,η' 3 )=e(η 3 ,η' 2 ) The verification method comprises the following steps:
4) Through the above process, the system entity u obtains the public key information recognized and generates its own public/private key pair (pk, r).
The invention adopts the key self-confirmation algorithm, can effectively avoid the problem of private key leakage in the key distribution process of the traditional authentication center, and improves the security of shared resources.
Assume that the public/private key pair generated by the cloud server CS of the system entity through the above process is (pk) cs ,sk cs ) Edge server ES of ith administrative domain i The public/private key pair ofJ mobile terminal device u of i management domain i,j The public/private key pair of
Step two: and distributing the attribute authority.
Assuming that the system has N edge servers, each edge server has at most N terminals, the cloud server CS defines an authentication attribute set SA = { Att } of the system for network resource access 1 ,Att 2 ,...,Att T Is given as S and its corresponding attribute sequence 1 ,S 2 ,...,S T And selecting different random attribute parameters for each corresponding attribute to form a set pa = { r = 1 ,r 2 ,...,r T -means for, among other things,and k is more than or equal to 1 and less than or equal to T, and the cloud server CS broadcasts the available authentication attribute set SA to the inside of the system. Suppose terminal device u i,j Is represented asBecause of Att 1 =attr i,j,1 ,Att 2 =attr i,j,2 By analogy, but T is less than or equal to T, i is less than or equal to 1 and less than or equal to N, j is less than or equal to 1 and less than or equal to N, T is less than or equal to 1 and less than or equal to T, att T Tth system representing cloud server definitionAnd T represents the total number of system attributes. Arbitrary terminal u i,j The process of attribute registration and attribute authority distribution is as follows:
(1) Terminal device u i,j Receiving the authentication attribute set SA broadcasted by the cloud server CS, and the terminal device u i,j Randomly selecting a positive integerCalculating an attribute intermediate variable L i,j =l i,j g 1 、 And intermediate signaturesThen the message is sentSending the data to a cloud server CS; wherein u is i,j Denotes the jth terminal device, attr, in the ith edge server management domain i,j,t Indicating terminal device u i,j The t-th attribute of (2),indicating terminal device u i,j Private key of (1), H 2 (. Represents a hash function, g 1 Is an addition group G 1 Is a connection symbol.
(2) Cloud server CS receives terminal device u i,j Transmitted messageThen, respectively calculating verification intermediate variablesAnd by comparing sets of numbersSum setDetermining the intersection and the corresponding relation of the two sets to determine the terminal device u i,j Having an attribute of attr i,t =Att t And terminal device u i,j Is given by the sequence { S } corresponding to the attribute set of (2) 1 ,S 2 ,...,S t Suppose terminal u i,j Transmitted number setNumber set corresponding to cloud server CS calculationIt is determined that it has the set of attributes { Att 1 ,Att 2 ,...,Att t And then the cloud server CS calculates the hash value H 2 (Att 1 ||Att 2 ||...||Att t )g 1 And passes the verification equationAuthentication terminal u i,j If the equation holds, the terminal device u can be determined i,j Attribute set of possession { Att 1 ,Att 2 ,...,Att t And the cloud server CS selects a corresponding attribute parameter r from the set pa 1 ,r 2 ,...,r t And calculating attribute parametersAnd attribute signaturesThen the cloud server CS sends the informationSent to the terminal device u i,j (ii) a If the equality is not established, the terminal member re-registers. Wherein T is more than or equal to 1 and less than or equal to T is terminal equipment u i,j T denotes authenticationTotal number of attributes in certificate Attribute set, att T To authenticate an attribute in an attribute set, r t As attribute Att t The corresponding random attribute parameter is set to be,indicating terminal device u i,t The public key of (2); h 1 (. And H) 3 (. Is a hash function, sk CS Representing the private key of the cloud server CS. The set of attributes owned by the end member isThe attribute set owned by the cloud server is { Att 1 ,Att 2 ,...,Att t }。
(3) Terminal device u i,j Receiving information sent by cloud server CSThen, the equation is verifiedVerifying attribute signature identity of cloud server CS, and if a verification equation is established, then terminal equipment u i,j Separately computing attribute rightsTerminal device u i,j Property set ofThe corresponding attribute authority set isIf the equality is not true, u i,j Registering again; wherein,for terminal equipment u i,j E (-) is a computable bilinear mapping function, H 2 (. Is) a hash function.
(4) Due to the edge server ES i Is considered to have the authentication attribute set SA = { Att) of the system 1 ,Att 2 ,...,Att T All the attributes of the edge attribute are obtained according to the process
(5) Cloud server CS according to terminal device u i,j IP address of and edge server ES i The IP address of the edge server ES is divided into management domains i The terminal device u i,j Registration information ofSend to edge server ES i (ii) a Wherein,for terminal equipment u i,j Of the public key of (c).
The edge server receives the registration information of the terminal member sent by the cloud serverThen, the subsequent terminal member entersThe terminal member u will be connected before the step of data storage and data sharing i,j The provided request information and the terminal member u sent by the cloud server i,j The registration information is verified, and data storage and sharing can be carried out if verification is successful. If the verification is unsuccessful, the terminal member u i,j Data storage and sharing cannot be performed. By adopting the method, the terminal participating in data sharing can be ensured to be legal, and the security of shared data is ensured. The registration process of the terminal member mainly adopts an anonymous attribute authentication method, and the method adopts a group of attributes to replace the identity of the terminal member so as to well protect the privacy information of the terminal member. The method is mainly used for registration and attribute authority distribution of terminal members, but the edge server is used as a management domain and can directly obtain the privacy parameter r of the cloud server i (1 ≦ i ≦ T), so the attribute authority for all attributes can be directly computed according to step (4).
Step three: data encryption and secure storage:
after distribution of attribute rights, any edge server ES i (i is more than or equal to 1 and less than or equal to N) can acquire the managed terminal equipment u from the cloud server CS i,j (j is not less than 1 and not more than n) attribute-related information and registration information thereofWith edge server ES i The data encryption and storage process in the management domain is as follows:
(1) If it is a terminal device u of a data provider i,j Want to share dataTerminal device u i,j Randomly selecting positive integersEncrypting dataObtaining ciphertext informationTerminal device u i,j According to the dataSelecting different values according to the requirements of attribute authority and numberSuppose t different attribute values are required to access dataTerminal device u i,j Constructing a polynomialRespectively convert attribute valuesSubstituting polynomial p (x) to calculate t function values { f 1 ,f 2 ,...,f t As an encryption key factor, and then the terminal device u i,j Based on the ciphertext informationComputing ciphertext informationHash value ofSynthesizing for searching dataSearch keywords m Accessing ciphertext informationSerial number (S) of required authority information 1 ,S 2 ,...,S t ) I.e. messagesAnd intermediate signaturesES to edge server i (ii) a Wherein,indicating terminal device u i,j Of public key H 2 (. And H) 3 (. Cndot.) represents a hash function,denotes attr i,j,t The corresponding attribute rights are set to the attributes,indicating terminal device u i,j The private key of (1).
(2) Edge server ES i Receiving terminal device u i,j Transmitted messageThen, by verifying the equationWhether the verification terminal u is established or not i,j If the equation is established, verifying whether the hash value of the ciphertext is correct, and if the ciphertext information is correctThe hash value of (A) is correct, the edge server ES i Cipher text informationStore to the down-link local database and send the messageAnd writing the block serving as the one-time transaction information into the local block chain. Meanwhile, the edge server ES i Turning off search of ciphertext dataKeywords m Property sequence of access rights (S) 1 ,S 2 ,...,S t ) Encryption key factor (f) 1 ,f 2 ,...,f t ) And the edge server is written into an AID (alliance index database), if the equality is not established, the data storage fails, and u i,j Storing the resources again; wherein,indicating terminal device u i,j The public key of (2);
the shared data may involve a plurality of different security levels, or data sharing between a specific data sharing group, such as internal shared data and external shared data of an enterprise, plaintext shared data and ciphertext shared data. For the same encryption key by adopting Lagrange interpolation polynomial, if the set number in the same authority set is t, the same authority set can haveThe combined resource access authority ensures that the data sharing is safer and more flexible. The attribute sequence of the attribute authority is considered to be convenient for judging whether the attribute authority meets the set rule or not, and meanwhile, the attribute authority is prevented from being leaked due to the fact that the attribute authority is directly used.
Step four: the method for searching and safely sharing the data comprises the following steps:
with edge server ES i Resource demander u for managing terminal data in domain i,k For example, assume terminal device u i,k Has a set of attribute rights ofThen its corresponding attribute sequence is S 1 ,S 2 ,...,S t The resource sharing obtaining process of the resource demander is as follows:
(1) Terminal device u as resource demander i,k Computing intermediate signaturesAnd sends resource request messageEdge server ES sent to local domain i (ii) a Wherein,indicating terminal device u i,k The private key of (a) is stored in the memory,indicating terminal device u i,k Public keys, keywords m Representing a required resourceThe keyword(s).
(2) Edge server ES of local domain i Receiving terminal device u i,k Issued resource request messageThen, the authority sequence (S) in the resource request message is processed 1 ,S 2 ,...,S t ) Terminal device u sent to cloud server CS i,k The registered attribute sequences are compared and verified, and if the two sequences are consistent, the edge server ES of the local domain i From its property rights setSelect corresponding attribute authorityBy verifying the equationWhether the determination is true or not, to determine the terminal device u i,k Property rights possessed; if the equality is not true, the edge server ES i Denial of service; if it is notNo error occurred, setAndare the same.
(3) Searching resources in the domain: edge server ES of local domain i According to terminal equipment u i,k Keywords of transmitted resources m Searching data of related resources in local area block chainAnd access the sequence of attributes S of the resource 1 ,S 2 ,...,S τ And if the keywords in the block chain satisfy the terminal device u i,k Key requirements of the search and access to the sequence of attributes of the resourceThen the terminal device u is indicated i,k With access to dataAuthority of (1), edge server ES of local domain i Link and encryption key factor (f) that will access the resource 1 ,f 2 ,...,f t ) Through terminal unit u i,k Is encrypted and sent to the terminal device u i,k And recording the accessThe block chain is written in the form of a transaction. Wherein T is m Representing access to resourcesThe time stamp of (c).
(4) When inter-domain resource sharing request is needed, the edge server ES of the local domain i According to terminal equipment u i,k Keywords of transmitted resources m Searching data of related resources in alliance index database AIDAnd access the sequence of attributes of the resource S 1 ,S 2 ,...,S τ Fifthly, if the keywords of the AID of the alliance index database satisfy the terminal device u i,k Key requirement of search and access to attribute sequence of the resourceThen the terminal device u is indicated i,k With access to dataAuthority of (1), edge server ES of local domain i The domain edge server ES where the data of the requested resource is located j To obtain the external domain database Link address of the corresponding resource and the encryption key factor (f) of the resource 1 ,f 2 ,...,f t ) And will request access to the resource's Link and encryption key factor (f) 1 ,f 2 ,...,f t ) Through terminal unit u i,k Sends the public key encryption to the terminal device u i,k And recording the accessThe block chain is written in the form of a transaction. Wherein T is m Representing access to resourcesThe timestamp of (2).
(5) Terminal device u i,k Decrypted Link and encryption key factor (f) 1 ,f 2 ,...,f t ) Then, the ciphertext information is downloaded through the received LinkBased on the ciphertext informationEncryption key factor (f) 1 ,f 2 ,...,f t ) And attribute authority they possessSeparately calculating variablesPoint pair { (x) 1 ,f 1 ),(x 2 ,f 2 ),...,(x t ,f t ) The Lagrange's theorem of interpolation, construct a polynomialWhereinTerminal device u i,k ComputingObtaining a decryption key of the shared resource, and further decrypting the resource to obtain plaintext dataI.e. shared data.
The invention can search and position the data rapidly and the load is light, the edge server can search and position rapidly through the local block chain and the alliance database according to the data description of the data demander, and can feed back the data in time; in the searching and positioning processes, the edge server executes the operation, so that the calculation and communication load caused by frequent interaction between the terminal and the server in the traditional scheme is avoided.
Embodiment 2 is a method for sharing ciphertext data in a side cloud collaborative scene, as shown in fig. 1, and a specific embodiment is provided for explaining the content and implementation method of the present invention. In this embodiment, for convenience of illustration, it is assumed that the system has 5 edge servers, each edge server has at most 10 terminal devices, and the cloud server CS defines an authentication attribute set SA = { Att ] for network resource access 1 ,Att 2 ,Att 3 Is as follows and its corresponding attribute sequence set is S 1 ,S 2 ,S 3 And selecting different random attribute parameters for each corresponding attribute to form a set pa = { r = 1 ,r 2 ,r 3 Therein ofSuppose terminal device u i,j (1. Ltoreq. I.ltoreq.5, 1. Ltoreq. J.ltoreq.10) is attr ui,j ={attr i,j,1 ,attr i,j,2 ,attr i,j,3 },The details introduced in this example are not intended to limit the scope of the claims but rather to aid in the understanding of the specific implementation of the invention. Those skilled in the art will understand that: various modifications, changes or substitutions to the preferred embodiment steps are possible without departing from the spirit and scope of the invention and its appended claims. Therefore, the present invention should not be limited to the disclosure of the preferred embodiments and the accompanying drawings. The method comprises the following steps:
the method comprises the following steps: the system entity key is self-certified.
The secure data sharing model can be used in an environment where anonymous transactions are performed between a resource provider and a resource demander, a public key cryptosystem is adopted to bind a user identity and a user public key, but an authoritative certification center CA is needed to associate a registered real identity with the public key of the registered real identity, and the association process is as follows:
1) Certificate authority CA operation algorithm Setup (1) λ ) Then, the system parameters { g } are broadcast 1 ,G 1 ,e,H 1 PK }; where PK is the public key of the certificate Authority CA, g 1 Is an addition group G 1 Q is an addition group G 1 U represents system entities (including cloud servers, edge servers, and terminals), H 1 (. Cndot.) denotes a hash function, and e denotes a computable bilinear mapping function.
2) The system entity u receives the system parameter g broadcasted by the certification center CA 1 ,G 1 ,e,H 1 PK }, a positive integer is randomly selectedCalculating eta 1 =H 2 (id)rg 1 ,η 2 =rPK,η 3 =H 2 (id)PK,pk=rg 1 And η 4 =H 1 (u||id||η 1 ||η 2 ||η 3 | pk), then the message { u, id, η) 1 ,η 2 ,η 3 ,η 4 Pk is sent to CA; wherein id is the identity of the system entity u,represents a set of positive integers of order q, q being an addition group G 1 Pk is the public key of system entity u.
3) The authentication center CA receives the message { u, id, eta 1 ,η 2 ,η 3 ,η 4 Pk, verifying the correspondence between the public key pk and the ID, i.e. calculating η' 2 =MSK -1 η 2 =pk=rg 1 ,η' 3 =MSK- 1 η 3 =H 2 (id)g 1 ,η' 4 =H 1 (u||id||η 1 ||η 2 ||η 3 | pk) and verifies equation η' 4 =η 4 ,e(η 2 ,η' 3 )=e(η 3 ,η' 2 ) Whether the public key pk is equal to the public key pk of the system entity u is published by the CA if the public key pk is equal to the public key of the system entity u; wherein MSK denotes the private key of the certificate authority CA.
4) Through the above process, the system entity u obtains the well-recognized public key information and generates its own public/private key pair (pk, r).
Assume that the public/private key pair generated by the cloud server CS of the system entity through the above process is (pk) cs ,sk cs ) Edge server ES of ith administrative domain i The public/private key pair ofJ mobile terminal device u of i management domain i,j The public/private key pair of
Step two: and distributing the attribute authority.
Assuming that the system has 5 edge servers, each having at most 10 terminals, the cloud server CS defines an authentication attribute set SA = { Att ] for network resource access 1 ,Att 2 ,Att 3 Is given as S and its corresponding attribute sequence 1 ,S 2 ,S 3 And selecting different random attribute parameters for each corresponding attribute to form a set pa = { r = 1 ,r 2 ,r 3 And (c) the step of (c) in which,the cloud server CS broadcasts the available authentication attribute set SA to the inside of the system. Suppose terminal device u i,j (1. Ltoreq. I.ltoreq.5, 1. Ltoreq. J.ltoreq.10) is represented asArbitrary terminal device u i,j The process of attribute registration and attribute authority acquisition is as follows:
(1) Terminal device u i,j Receiving the authentication attribute set SA broadcasted by the cloud server CS, and the terminal device u i,j Random selectionPositive integer of choiceCalculating L i,j =l i,j g 1 ,Andthen the message is sentAnd sent to the terminal device CS. Wherein u is i,j Denotes the jth terminal device in the ith edge server management domain, attr i,j,t Indicating terminal equipment u i,j The t-th attribute of (2),indicating terminal device u i,j Private key of (1), H 2 (. To) represents a hash function, | | is a join symbol.
(2) Cloud server CS receives terminal device u i,j Transmitted messageThen, respectively calculateAnd by comparisonAnddetermining the intersection and the corresponding relation of the two sets to determine the terminal device u i,j Having an attribute of attr i,t =Att t (t is more than or equal to 1 and less than or equal to 3) and terminal equipment u i,j Attribute sequence S corresponding to attribute set 1 ,S 2 ,S 3 Suppose terminal u i,j Transmitted number setNumber set corresponding to cloud server CS calculationIt is determined that it has the set of attributes { Att 1 ,Att 2 ,Att 3 And then the cloud server CS calculates the hash value H 2 (Att 1 ||Att 2 ||Att 3 )g 1 And passes the verification equationWhether the verification terminal u is established or not i,j If the equation holds, the terminal device u can be determined i,j Attribute set of possession { Att 1 ,Att 2 ,Att 3 And the cloud server CS selects a corresponding attribute parameter r from the set pa 1 ,r 2 ,r 3 And calculating attribute intermediate variablesAnd attribute signaturesThen the cloud server CS sends the informationSent to the terminal device u i,j . Wherein, g 1 Is an addition group G 1 T is less than or equal to T as a terminal device u i,j The number of the attributes of (a) is,indicating terminal equipment u i,t The public key of (2); h 2 (. Cndot.) and H 3 (. All) are hash functions, | | is a connection symbol, sk CS Representing the private key of the cloud server CS.
(3) Terminal device u i,j Receiving the message sent by the cloud server CSThen, by verifying the equationWhether the signature identity of the cloud server CS is verified, if the equality is established, the attribute authority is calculated respectivelyTerminal device u i,j Property set ofCorresponding property right set asWherein,for terminal equipment u i,j Is a computable bilinear mapping function.
(4) Due to the edge server ES i (1 ≦ i ≦ 5) is considered to have the authentication attribute set SA = { Att ] for the system 1 ,Att 2 ,Att 3 All the attributes of the edge service are obtained according to the above process
(5) The cloud server CS is based on the terminal device u i,j IP address of and edge server ES i Dividing the management domain by IP (i is more than or equal to 1 and less than or equal to 5), and dividing the edge server ES i Belonging terminal u i,j Registration information ofSend to edge server ES i . Wherein,for terminal equipment u i,j The public key of (2).
Step three: data encryption and secure storage:
after distribution of attribute rights, any edge server ES i (i is more than or equal to 1 and less than or equal to 5) the terminal equipment u managed by the cloud server can be obtained from the CS end of the cloud server i,j (j is not less than 1 and not more than 10) attribute-related information and public key information thereofWith edge server ES i The data encryption and storage process in the management domain is as follows:
(1) If data provider u i,j Want to share dataTerminal device u i,j Randomly selecting positive integersEncrypting dataObtaining a ciphertextTerminal device u i,j According to access dataThe requirements of attribute authority and number of the user, and different values are selectedSuppose that 3 different attribute values are required to access data. Terminal device u i,j Constructing a polynomialRespectively convert attribute valuesSubstituting into the polynomial p (x), 3 function values f are calculated 1 ,f 2 ,f 3 Then terminal device u i,j The ciphertext is encryptedHash value ofFor searching dataPlaintext keywords m Access to the ciphertextPermission sequence (S) of required permission information 1 ,S 2 ,S 3 ) I.e. informationAnd its signatureES to edge server i . Wherein,indicating terminal equipment u i,j Of public key H 2 (. And H) 3 (. Cndot.) denotes a hash function of a hash,representation attribute attr i,j,t The corresponding attribute rights are set to the attributes,indicating terminal device u i,j The private key of (1).
(2) Edge server ES i Receiving terminal device u i,j Transmitted messageThen, by the equationAuthentication terminal device u i,j If the equality is true, verifying whether the hash value of the ciphertext is correct, if the ciphertext is correctThe hash value of (1) is error-free, the edge server ES i Cipher textStore to the down-link local database and send the messageAnd writing the block serving as the one-time transaction information into the local block chain. And index information keywords of the ciphertext data m Sequence of access rights (S) 1 ,S 2 ,S 3 ) Encryption key factor (f) 1 ,f 2 ,f 3 ) Writing the edge management domain into an AID (alliance index database); wherein,indicating terminal device u i,j Is disclosedA key.
step four: the method for searching and safely sharing the data comprises the following steps:
with edge server ES i Terminal data demander u in administrative domain i,k For example, assume data consumer u i,k Has attribute authority ofThen its corresponding attribute sequence is S 1 ,S 2 ,S 3 The acquisition process of the resource sharing of the data demander is as follows:
(1) Resource demander u i,k ComputingAnd message of resource request informationES sent to local domain edge server i . Wherein,indicating terminal device u i,k The private key of (a) is used,indicating terminal device u i,k Public keys, keywords m Representing a required resourceThe keyword information of (1).
(2) Local domain edge server ES i Receiving terminal device u i,k Issued data request cancellationInformation processing deviceThen, the authority sequence (S) in the information is processed 1 ,S 2 ,S 3 ) Terminal device u sent to itself by cloud server CS i,k Comparing and verifying the registered attribute sequences, if the two sequences are consistent, the local domain edge server ES i From its property rights setSelect corresponding attribute authority(Note: collection)And withIs the same ifNo error occurred), and then passes the verification equationWhether the determination is true or not, to determine the terminal device u i,k Property rights possessed.
(3) And (3) intra-domain resource retrieval: local domain edge server ES i According to terminal equipment u i,k Transmitted resource keywords m Searching for related resources in local area blockchainsAnd access the sequence of attributes of the resource S 1 ,S 2 ,S 3 H, if the key word in the block chain satisfies the terminal u i,k Key requirement of search and access to attribute sequence of the resourceThen the terminal device u is indicated i,k Having access to resourcesAuthority of, local domain edge server ES i Link and encryption key factor (f) that will access the resource 1 ,f 2 ,f 3 ) Through terminal unit u i,k Is encrypted and sent to the terminal device u i,k And recording the accessThe block chain is written in the form of a transaction.
(4) When inter-domain resource sharing request is needed, the local domain edge server ES i According to terminal equipment u i,k Sent resource keywords m Searching for related resources in a federation index database AIDAnd access the sequence of attributes of the resource S 1 ,S 2 ,S 3 Fifthly, if the keywords of the AID of the alliance index database satisfy the terminal device u i,k Key requirement of search and access to attribute sequence of the resourceThen the terminal device u is indicated i,k Having access to resourcesAuthority of, local domain edge server ES i The domain edge server ES where the resource will be requested j To obtainThe external domain database Link address of the corresponding resource and the encryption key factor (f) of the resource 1 ,f 2 ,f 3 ) And will request access to the resource Link and encryption key factor (f) 1 ,f 2 ,f 3 ) Through terminal unit u i,k Is encrypted and sent to the terminal device u i,k And recording the accessThe block chain is written in the form of a transaction.
(5) Terminal device u i,k Decrypted Link and encryption key factor (f) 1 ,f 2 ,f 3 ) Then, the ciphertext data is downloaded through the received LinkAccording to the ciphertextEncryption key factor (f) 1 ,f 2 ,f 3 ) And attribute authority they possessRespectively calculatePoint pair { (x) 1 ,f 1 ),(x 2 ,f 2 ),(x t ,f 3 ) The Lagrange's theorem of interpolation, construct a polynomialWhereinTerminal device u i,k ComputingObtaining a decryption key of the shared resource, and further decrypting the resource to obtain plaintext data
The method comprises the following steps: initializing protocol parameters in a mobile edge network domain, generating a master key and a public key of an authentication center, self-verifying a system entity (comprising a cloud server, an edge server and a terminal device) key and obtaining a legal public/private key pair, distributing attribute authority to the terminal device by the cloud server, encrypting data and calculating an encryption key factor by a resource provider, then uploading resource related information to the edge server of the domain, applying for accessing resources by a resource accessor from the edge server of the domain, searching the resources by the edge server of the domain, and performing cross-domain search if the domain does not have required resources. The invention combines a threshold function (Larsian interpolation polynomial) to distribute keys, sets an encryption key factor with specific attribute according to the confidentiality requirement of shared data to combine encryption keys, only data demanders who accord with specific rules can decrypt the shared data, sets key encryption resources according to different attribute authorities, and only terminals with the attribute authorities can restore the polynomial to obtain decryption keys so as to achieve more flexible and fine-grained security data sharing.
The invention is based on the hidden attribute authentication theory, and is provided on the premise of taking decision-making bilinear Diffie-Hellman (DBDH) problem as a safety hypothesis, the personal privacy protection is realized in the identity authentication process of resource information sharing by adopting the hidden attribute identity authentication technology, and in the process of distributing the attribute authority of the terminal equipment, each terminal equipment also obtains the corresponding attribute authority in addition to the identity authentication of the terminal equipment. The invention supports fine-grained data sharing, the terminal equipment sets a specific attribute key factor according to the confidentiality requirement of the shared data to carry out combined encryption key, and only the data demander meeting specific rules can decrypt the shared data, so as to achieve more flexible and fine-grained security data sharing; in addition, the method supports rapid search and positioning of data, the edge server can perform rapid search and positioning of the whole network through a local block chain and a alliance database according to data description of a data demander, and can perform data feedback in time, so that ciphertext resources under the edge cloud collaborative environment can be shared more flexibly, efficiently and practically, and the method has important field research significance and commercial application value.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (8)
1. A ciphertext data sharing method in a side cloud collaborative scene is characterized by comprising the following steps:
the method comprises the following steps: system entity key self-validation
A) The CA runs an initialization algorithm and broadcasts system parameters;
b) After receiving the system parameters broadcast by the CA, the system entity randomly selects a positive integer as a private key, calculates a confirmation intermediate variable and a public key required for confirming the identity of the system entity, and then sends the confirmation intermediate variable and the public key to the CA;
c) After receiving the message of the system entity, the CA verifies the corresponding relation between the public key and the identity of the system entity, and if the verification is passed, the CA publishes the effective public key of the system entity;
the system entity comprises a cloud server, an edge server and terminal equipment;
step two: attribute rights distribution
E) Initializing a side cloud network system, and broadcasting an available authentication attribute set to the inside of the system by a cloud server CS;
f) After receiving the authentication attribute set broadcast by the cloud server CS, each terminal device randomly selects a positive integer, calculates an attribute intermediate variable and an intermediate signature required by verifying the attribute of the terminal device, and then sends the attribute intermediate variable and the intermediate signature to the cloud server CS;
g) After receiving the messages sent by each terminal member, the cloud server CS calculates an attribute intermediate variable required by attribute verification and determines the attribute of the terminal device, then the cloud server CS calculates a hash value and verifies an intermediate signature of the terminal device, and if the verification is passed, the cloud server CS calculates attribute parameters and the attribute signature and sends an attribute parameter set and the attribute signature to each terminal device;
h) After receiving the message of the cloud server CS, each terminal device verifies the attribute signature of the cloud server CS, and if the verification is passed, each terminal device calculates the attribute authority;
i) Each edge server obtains all edge attribute authorities according to the steps F) -H);
j) The cloud server CS divides the management domain according to the IP of each terminal device and each edge server, and sends the registration information of the terminal device to which the edge server belongs to the corresponding edge server;
step three: data encryption and secure storage
K) If the data provider wants to share the data, the data provider randomly selects positive integer encrypted data to obtain ciphertext information; the data provider selects a positive integer structure polynomial corresponding to the attribute authority and calculates a function value, a hash value of the ciphertext and an intermediate signature, the data provider sends information of the ciphertext, the hash value of the ciphertext, the intermediate signature and the function value to the edge server together, and the function value is used as an encryption key factor;
l) after receiving the message of the data provider, the edge server verifies the hash value of the intermediate signature and the ciphertext of the data provider, if the verification is passed, the edge server stores the ciphertext into a local database under the link and writes the message sent by the data provider to the edge server into a block chain; then the edge server writes the search keywords, the attribute sequence of the access authority, the encryption key factors and the edge management domain information of the ciphertext data into the AID (identity identifier) of the alliance index database;
step four: data search and secure sharing
M) the resource demander calculates an intermediate signature and sends the resource request information to the local domain edge server;
n) after receiving the resource request message of the resource demander, the edge server of the local domain checks the attribute sequence of the resource demander and determines the attribute authority of the resource demander;
o) the edge server of the local domain searches a target resource and an attribute sequence for accessing the resource in the block chain of the local domain, if the keyword in the block chain meets the search requirement and the attribute sequence meets the requirement, the resource demander has the authority for accessing the resource, the edge server of the local domain sends the link of the resource and the encryption key factor to the resource demander, and writes an access record into the block chain in a transaction form;
p) when an inter-domain resource sharing request is needed, the local domain edge server searches resources and an attribute sequence for accessing the resources in the AID (alliance index database), if the keywords and the attribute sequence meet the requirements, the resource demander has the authority for accessing the resources, the local domain edge server requests the domain edge server where the resources are located, obtains the link of the external domain database of the resources and the encryption key factor, sends the link and the encryption key factor to the resource demander, and writes an access record into a block chain in a transaction form;
q) the resource demander downloads the ciphertext data through the link and calculates the point pair, then calculates the key through the point pair reduction polynomial, and decrypts the resource by using the key to obtain the plaintext data.
2. The method for sharing ciphertext data in the edge cloud collaborative scene according to claim 1, wherein the implementation method of the first step is as follows:
1) The certification authority CA runs the initialization algorithm Setup (1) λ ) Then, the system parameter { g } is broadcasted 1 ,G 1 ,e,H 1 PK }; wherein, lambda is a security parameter, PK is a public key of a certification center CA, g 1 Is an addition group G 1 Is generated from 1 :{0,1} * →G 1 Representing a hash function, e representing a computable bilinear mapping function;
2) The system entity u receives the system parameter g broadcasted by the certification center CA 1 ,G 1 ,e,H 1 PK }, then, randomly choose oneA positive integerCalculation of the confirmation intermediate variable eta 1 =H 2 (id)rg 1 、η 2 =rPK、η 3 =H 2 (id)PK、η 4 =H 1 (u||id||η 1 ||η 2 ||η 3 Pk) and public key pk = rg 1 Then the message { u, id, η } 1 ,η 2 ,η 3 ,η 4 Pk is sent to the certification authority CA; wherein id is the identity of the system entity u,representing a set of positive integers of order q, q being an addition group G 1 Pk is the public key of the system entity u;
3) The authentication center CA receives the message { u, id, eta 1 ,η 2 ,η 3 ,η 4 And pk, verifying the corresponding relation between the public key pk and the identity id of the system entity u, namely calculating an intermediate variable eta' 2 =MSK -1 ,η 2 =pk=rg 1 ,η′ 3 =MSK -1 η 3 =H 2 (id)g 1 ,η' 4 =H 1 (u||id||η 1 ||η 2 ||η 3 | pk) and verifies equation η' 4 =η 4 And e (eta) 2 ,η′ 3 )=e(η 3 ,η' 2 ) If the system entity u is established, the certification center CA publishes the effective public key pk of the system entity u; wherein MSK represents the private key of the certificate authority CA;
4) The system entity u obtains the public key that is recognized and generates its own public/private key pair (pk, r).
4. The method for sharing the ciphertext data in the edge cloud collaborative scene according to claim 1 or 2, wherein the method for the terminal device to distribute the attribute authority in the second step is as follows:
(1) Cloud server CS broadcasts available authentication attribute set SA = { Att to system interior 1 ,Att 2 ,...,Att T }; terminal device u i,j Receiving the authentication attribute set SA broadcasted by the cloud server CS, and the terminal device u i,j Randomly selecting a positive integerCalculating an attribute intermediate variable L i,j =l i,j g 1 、And intermediate signaturesThen the message is sentSending the data to a cloud server CS; wherein u is i,j Denotes the jth terminal device, attr, in the ith edge server management domain i,j,t Indicating terminal device u i,j I is more than or equal to 1 and less than or equal to N, j is more than or equal to 1 and less than or equal to N, T is more than or equal to 1 and less than or equal to T, N is the total number of edge servers, N is the number of terminal devices of each edge server, T represents the total number of attributes in the authentication attribute set,display terminal devicePreparing u i,j Private key of g 1 Is an addition group G 1 Is a connection symbol;
(2) Cloud server CS receives terminal device u i,j Transmitted messageThen, respectively calculating verification intermediate variablesAnd comparing the setsAnd number set of cloud server CS computingDetermining the intersection and the corresponding relation of the two sets to determine the terminal device u i,j Has an attribute set of { Att 1 ,Att 2 ,...,Att t }; then cloud server CS calculates hash value H 2 (Att 1 ||Att 2 ||...||Att t )g 1 And passes the verification equationAuthentication terminal device u i,j If the equality holds, determining the terminal device u i,j Owning Property set { attr i,j,1 ,attr i,j,2 ,...,attr i,j,t From the set pa = { r }, the cloud server CS 1 ,r 2 ,...,r T Select the corresponding attribute parameter r 1 ,r 2 ,...,r t And calculates attribute parametersAnd attribute signaturesThe cloud server CS then sends the informationSent to the terminal device u i,j (ii) a Wherein T is more than or equal to 1 and less than or equal to T is terminal equipment u i,j T represents the total number of attributes in the authentication attribute set, att T In order to authenticate an attribute in the set of attributes,as attribute Att t A corresponding random attribute parameter is set to be,indicating terminal device u i,t The public key of (2); h 3 (. Is a hash function, sk CS A private key representing the cloud server CS;
(3) Terminal device u i,j Receiving the information sent by the cloud server CSThen, by verifying the equationVerifying attribute signature identity of cloud server CS, and if the equation is established, the terminal device u i,j Separately computing attribute rights Terminal device u i,j Property set ofThe corresponding attribute authority set isWherein,for terminal equipment u i,j E (-) is a computable bilinear mapping function;
(4) Edge server ES i With authentication attribute set SA = { Att = { (Att) 1 ,Att 2 ,...,Att T Obtaining all edge attribute authority according to the steps (1) - (3)
(5) Cloud server CS according to terminal device u i,j IP address and edge server ES of i The IP address of the edge server ES is divided into management domains i The terminal device u i,j Registration information ofSend to edge server ES i (ii) a Wherein,for terminal equipment u i,j The public key of (2); (S) 1 ,S 2 ,...,S t ) Is a set of attributesA corresponding sequence of attributes.
5. The method for sharing ciphertext data in a cloud-side collaborative scene according to claim 4, wherein the method for encrypting and securely storing data in the third step is as follows:
step 1, if the terminal device u is used as a data provider i,j Want to share dataTerminal device u i,j Randomly selecting positive integersEncrypting dataObtaining ciphertext informationTerminal device u i,j Constructing a polynomialRespectively hash value of attribute authoritySubstituting polynomial p (x) to calculate t function values { f 1 ,f 2 ,...,f t As an encryption key factor, and then the terminal device u i,j Based on the ciphertext informationComputing hash values for ciphertextAnd intermediate signaturesAnd will transmit the messageES to edge server i (ii) a Wherein,indicating terminal device u i,j Of public key H 2 (. And H) 3 (. Cndot.) denotes a hash function of a hash,representing a set of positive integers of order q,representation attribute attr i,j,t The corresponding attribute rights are set to the attributes,indicating terminal device u i,j The private key of (1); keywords m Is used for searching dataSearch key of (S) 1 ,S 2 ,...,S t ) Is to access the ciphertext informationA required sequence of permissions; x is an independent variable, a 1 ,...,a t-2 ,a t-1 Is a terminal device u i,j According to the dataSelecting different parameter values according to the attribute authority;
step 2, edge server ES i Receiving terminal device u i,j Transmitted messageThen, by verifying the equationWhether the verification terminal u is established or not i,j If the equation is established, verifying whether the hash value of the ciphertext is correct, and if the ciphertext information is correctThe hash value of (A) is correct, the edge server ES i Cipher text informationStore to the down-link local database and send the messageWriting the block serving as the primary transaction information into a local block chain; meanwhile, the edge server ES i Searching keywords of ciphertext data m Property sequence of access rights (S) 1 ,S 2 ,...,S t ) Encryption key factor (f) 1 ,f 2 ,...,f t ) And the edge server is written into a alliance index database AID.
6. The method for sharing ciphertext data in edge cloud collaborative scene according to claim 5, wherein the equation in the step (2) isThe verification method comprises the following steps:
7. the method for sharing ciphertext data in the edge cloud collaborative scene according to claim 1 or 5, wherein the method for implementing data search and secure sharing in the fourth step is as follows:
s1, terminal equipment u as resource demander i,k Computing intermediate signaturesAnd sends resource request messageES sent to local domain edge server i (ii) a Wherein,indicating terminal device u i,k The private key of (a) is used,indicating terminal device u i,k The public key of (a) is stored,for terminal equipment u i,k Property rights of m Representing a required resourceThe search key of (1) is selected,for terminal equipment u i,k Intermediate signature of { S } 1 ,S 2 ,...,S t Is the sequence of attributes of the access rights, g 1 Is an addition group G 1 Is generated from 3 (. H) represents a hash function, i is more than or equal to 1 and less than or equal to N, N is the total number of edge servers, k is more than or equal to 1 and less than or equal to kn, n is the total number of the terminals;
s2, local domain edge server ES i Receiving terminal device u i,k Issued resource request messageThen, the attribute sequence (S) in the resource request message is sequenced 1 ,S 2 ,...,S t ) Terminal device u sent to cloud server CS i,k Comparing and verifying the registered attribute sequences, if the two sequences are consistent, the local domain edge server ES i From edge attribute rights collectionsSelect corresponding edge attribute authorityVerification equationDetermining whether terminal device u is established i,k Property rights possessed;
s3, searching resources in the domain: local domain edge server ES i According to terminal equipment u i,k Search keywords of transmitted resources m Searching data of related resources in local area block chainAnd access the sequence of attributes of the resource S 1 ,S 2 ,...,S τ H, if the search key word in the block chain satisfies the terminal device u i,k Key requirements of the search and access to the sequence of attributes of the resourceThen the terminal device u i,k With access to dataAuthority of, local domain edge server ES i The link to access the resource and the encryption key factor (f) 1 ,f 2 ,...,f t ) Through terminal unit u i,k Is encrypted and sent to the terminal device u i,k And recording the accessWriting the block chain in a transaction form; where τ represents the number of attributes required to decrypt a resource, T m Representing access to resourcesA timestamp of (d);
s4, when the inter-domain resource sharing request is needed, the local domain edge server ES i According to terminal equipment u i,k Search keywords of transmitted resources m Searching data of related resources in alliance index database AIDAnd access the sequence of attributes of the resource S 1 ,S 2 ,...,S τ Fifthly, if the keywords of the AID of the alliance index database satisfy the terminal device u i,k Key requirement of search and access to attribute sequence of the resourceThen the terminal device u is indicated i,k With access to dataThe right of (1); local domain edge server ES i The domain edge server ES where the data of the requested resource is located j To obtain the external domain database link address of the resource and the encryption key factor (f) of the resource 1 ,f 2 ,...,f t ) And will request access to the resource link and encryption key factor (f) 1 ,f 2 ,...,f t ) Through terminal unit u i,k Sends the public key encryption to the terminal device u i,k And recording the accessWriting the block chain in a transaction form;
s5, terminal device u i,k Decryption chaining and encryption key factor (f) 1 ,f 2 ,...,f t ) Thereafter, the ciphertext message is downloaded via the received linkAccording to an encryption key factor (f) 1 ,f 2 ,...,f t ) And attribute authority set possessed by the sameSeparately calculating variablesPoint pair { (x) 1 ,f 1 ),(x 2 ,f 2 ),...,(x t ,f t ) Polynomial of Lagrange's interpolation theorem constructionTerminal device u i,k Calculating outObtaining a decryption key of the shared resource, and further decrypting the resource to obtain plaintext dataWherein the functionx θ And x ε Is the abscissa of the point on the polynomial.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111087396.4A CN115834067A (en) | 2021-09-16 | 2021-09-16 | Ciphertext data sharing method in edge cloud collaborative scene |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111087396.4A CN115834067A (en) | 2021-09-16 | 2021-09-16 | Ciphertext data sharing method in edge cloud collaborative scene |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115834067A true CN115834067A (en) | 2023-03-21 |
Family
ID=85515057
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111087396.4A Pending CN115834067A (en) | 2021-09-16 | 2021-09-16 | Ciphertext data sharing method in edge cloud collaborative scene |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115834067A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117725618A (en) * | 2024-02-06 | 2024-03-19 | 贵州省邮电规划设计院有限公司 | Government affair service analysis management system based on big data |
CN117974170A (en) * | 2024-03-29 | 2024-05-03 | 江西安图游科技有限公司 | Scenic spot data management method and system based on electronic ticket verification |
CN118260794A (en) * | 2024-02-27 | 2024-06-28 | 中日友好医院(中日友好临床医学研究所) | Privacy-protecting medical data sharing method, system and device |
-
2021
- 2021-09-16 CN CN202111087396.4A patent/CN115834067A/en active Pending
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117725618A (en) * | 2024-02-06 | 2024-03-19 | 贵州省邮电规划设计院有限公司 | Government affair service analysis management system based on big data |
CN117725618B (en) * | 2024-02-06 | 2024-05-07 | 贵州省邮电规划设计院有限公司 | Government affair service analysis management system based on big data |
CN118260794A (en) * | 2024-02-27 | 2024-06-28 | 中日友好医院(中日友好临床医学研究所) | Privacy-protecting medical data sharing method, system and device |
CN117974170A (en) * | 2024-03-29 | 2024-05-03 | 江西安图游科技有限公司 | Scenic spot data management method and system based on electronic ticket verification |
CN117974170B (en) * | 2024-03-29 | 2024-06-11 | 江西安图游科技有限公司 | Scenic spot data management method and system based on electronic ticket verification |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Guo et al. | Blockchain meets edge computing: A distributed and trusted authentication system | |
CN112804064B (en) | Attribute encryption access control system and method based on block chain | |
JP2019507510A (en) | Common secret determination for secure exchange of information and hierarchical and deterministic encryption keys | |
Sarfraz et al. | Privacy aware IOTA ledger: Decentralized mixing and unlinkable IOTA transactions | |
CN112383550B (en) | Dynamic authority access control method based on privacy protection | |
CN106487506B (en) | Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption | |
CN110912897B (en) | Book resource access control method based on ciphertext attribute authentication and threshold function | |
CN110933033B (en) | Cross-domain access control method for multiple Internet of things domains in smart city environment | |
CN112165472B (en) | Internet of things data security sharing method based on privacy protection | |
CN115834067A (en) | Ciphertext data sharing method in edge cloud collaborative scene | |
CN111447058B (en) | Book resource access control method based on Chinese remainder theorem | |
CN115242388B (en) | Group key negotiation method based on dynamic attribute authority | |
CN116318663A (en) | Multi-strategy safe ciphertext data sharing method based on privacy protection | |
Pei et al. | Smart contract based multi-party computation with privacy preserving and settlement addressed | |
CN115604030B (en) | Data sharing method, device, electronic equipment and storage medium | |
CN107360252A (en) | A kind of Data Access Security method that isomery cloud domain authorizes | |
Saxena et al. | A Lightweight and Efficient Scheme for e-Health Care System using Blockchain Technology | |
CN116232568A (en) | SM 9-based attribute-based encryption block chain access control method | |
CN115941221A (en) | Access control method based on block chain in mobile edge cloud cooperation | |
Song et al. | A group key exchange and secure data sharing based on privacy protection for federated learning in edge‐cloud collaborative computing environment | |
Shen et al. | A Collusion‐Resistant Blockchain‐Enabled Data Sharing Scheme with Decryption Outsourcing under Time Restriction | |
Song et al. | A secure and effective anonymous integrity checking protocol for data storage in multicloud | |
Chaudhari et al. | Towards lightweight provable data possession for cloud storage using indistinguishability obfuscation | |
SATHEESH et al. | A NOVEL HARDWARE PARAMETERS BASED CLOUD DATA ENCRYPTION AND DECRYPTION AGAINST UNAUTHORIZED USERS. | |
Saidi et al. | A secure multi‐authority attribute based encryption approach for robust smart grids |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |