CN116015828A - Block chain-based industrial Internet of things secure data sharing method - Google Patents

Block chain-based industrial Internet of things secure data sharing method Download PDF

Info

Publication number
CN116015828A
CN116015828A CN202211637908.4A CN202211637908A CN116015828A CN 116015828 A CN116015828 A CN 116015828A CN 202211637908 A CN202211637908 A CN 202211637908A CN 116015828 A CN116015828 A CN 116015828A
Authority
CN
China
Prior art keywords
data
sub
industrial internet
keys
things
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211637908.4A
Other languages
Chinese (zh)
Inventor
俞研
余丰旭
邓芳伟
张晗
苏铓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Science and Technology
Original Assignee
Nanjing University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Science and Technology filed Critical Nanjing University of Science and Technology
Priority to CN202211637908.4A priority Critical patent/CN116015828A/en
Publication of CN116015828A publication Critical patent/CN116015828A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a block chain-based industrial Internet of things secure data sharing method, which comprises the following steps: firstly, a data owner calculates an original data hash value, encrypts original data, uploads the original data to an industrial Internet of things cloud platform, returns a data address, divides a symmetric key into a plurality of sub-keys, encrypts the sub-keys, uploads the encrypted sub-keys and metadata to a blockchain system, creates an access control intelligent contract, and is deployed on the blockchain; then the data requesting party calls the intelligent contract for requesting the data and initiates a data request to the blockchain system; then the blockchain system executes the access control intelligent contract, and returns metadata and subkeys after the judgment is passed; and finally, the data requester obtains a plurality of sub-keys, recovers a decryption key, requests encrypted data from the industrial Internet of things cloud platform, and decrypts the encrypted data to obtain the original data. The method and the system avoid single-point faults and access authorization abuse and improve the safety of multiparty data sharing in the application scene of the industrial Internet of things.

Description

Block chain-based industrial Internet of things secure data sharing method
Technical Field
The invention relates to the technical field of information security, in particular to a block chain-based industrial Internet of things secure data sharing method.
Background
Along with the proposal and implementation of a series of national strategies, the industrial Internet of things becomes an important push for innovation driving, transformation and upgrading of the global industrial system. Today, with the progressive advancement of industry upgrades in the industry, the production of products has long shifted from enterprise-independent manufacturing to collaborative manufacturing of industry supply chains, and thus data sharing between organizations is essential in the process of product manufacturing. The industrial Internet of things tightly connects a plurality of manufacturers, suppliers, sellers, logistics service providers and the like on a supply chain together, and shares various data in an industrial system, so that the interconnection and intercommunication of information and the reasonable allocation of resources are realized, and finally the collaborative production efficiency and the intelligent level of the supply chain are improved.
However, data in industrial internet of things often contains important production information, enterprise confidentiality and user privacy, and related parties are reluctant to participate in data sharing due to lack of trust and concerns about data security. The blockchain has the characteristics of decentralization, transparency, non-tampering, traceability and the like, can create a trusted execution environment in a weakly trusted environment, and is beneficial to realizing the safe data sharing among a plurality of peer bodies of the industrial Internet of things.
The traditional industrial Internet of things data sharing method has the following problems: (1) centralized access authorization mechanism: the traditional method uses a centralized access control mode, single-point faults are easy to occur, access authorization is centralized in one node, and authority abuse and trust problems are easy to be caused; (2) data is vulnerable to malicious tampering: due to the self-availability of enterprises, when production anomalies occur and production data need to be traced, related enterprises can maliciously tamper the data for avoiding responsibility.
Disclosure of Invention
The invention aims to provide a multiparty data sharing method in an industrial Internet of things application scene with high security, which can avoid single-point faults and abuse of access authorization rights.
The technical scheme for realizing the purpose of the invention is as follows: a block chain-based industrial Internet of things secure data sharing method comprises the following steps:
step 1, a data owner calculates an original data hash value, encrypts the original data by using an AES symmetric encryption algorithm, and uploads the encrypted data to an industrial Internet of things cloud platform to obtain a data address returned by the cloud platform;
step 2, the data owner uses the Shamir secret sharing technology to divide the symmetric key into a plurality of sub-keys, encrypts the sub-keys, and uploads the encrypted sub-keys and metadata to the blockchain system;
step 3, the data owner creates an access control intelligent contract by using a dynamic accumulator technology and deploys the access control intelligent contract on a blockchain;
step 4, the data requester calls a request data intelligent contract to initiate a data request to the blockchain system;
step 5, the block chain system executes the access control intelligent contract, and returns metadata and the subkey after the judgment is passed;
step 6, the data requesting party obtains a plurality of sub-keys after access control, and recovers the decryption key;
and 7, requesting the data request to the industrial Internet of things cloud platform for encrypting the data, and decrypting the encrypted data to obtain the original data.
Further, the data owner in step 1 calculates the hash value of the original data, which is specifically as follows:
the hash value calculating method is SHA-256 algorithm, is used for detecting whether the data is tampered, specifically, after the data requesting party obtains the original data, the hash value is calculated again and compared with the initial hash value, if the hash value is the same, the data is not tampered, and if the hash value is different, the data is tampered.
Further, the industrial internet of things cloud platform in the step l is a semi-trusted third party cloud platform.
Further, the Shamir secret sharing technology in step 2 is specifically as follows:
t-1 times multipleIf the values of t different points are obtained, all coefficients of the t-1 th order polynomial can be calculated; let { (x) 1 ,y 1 ),(x 2 ,y 2 ),...,(x t ,y t ) The point set on the two-dimensional plane consists of t nodes, where x i Since the polynomial f (x) of t-1 degree which is determined by one and only one of the two-dimensional planes passes through all points in the point set, the secret to be shared is set to f (0), and n different points x are taken from the polynomial i Calculating f (x) i ) Will { x } i ,f(x i ) Setting the constant term parameter f (0) as a sub-secret, then any t of the n participants can cooperate to calculate the constant term parameter f (0), i.e., the secret to be shared;
the construction method of the interpolation polynomial used for Shamir secret sharing is as follows:
step 2.1, selecting a large prime number P, and constructing a t-1 degree polynomial on a finite field GF (P):
f(x)=c 0 +c 1 x+c 2 x 2 +…+c t-1 x t-1 mod P
the decryption key is set to key AES =c 0 All other coefficients { c 1 ,c 2 ,...,c t-1 T-1 numbers which are randomly selected from the finite field GF (p) and are not communicated with each other;
step 2.2, splitting the decryption key: for n industrial Internet of things data sharing participants, n mutually different integers { x } are selected 1 ,x 2 ,...,x n Substituted into f (x) to obtain a set { (x) 1 ,f(x 1 )),(x 2 ,f(x 2 ),...,(x n ,f(x n ) And then (x) i ,f(x i ) The decryption keys are divided sub-keys, the sub-keys are encrypted by using the public keys of n participants respectively, and then the sub-keys are stored in a blockchain; the polynomial f (x) is held separately by the data owner;
step 2.3, restoring the decryption key: let the subkey held by n industrial internet of things data sharing participants be (x i ,f(x i ) With t participants collaboratively reconstructing decryptionKey key AES Wherein t is less than or equal to n, constructing a t-1 Lagrange polynomial, solving the polynomial through t values of the t-1 Lagrange polynomial, and constructing a t-1 Lagrange interpolation polynomial; t-1 th degree polynomial P (x) =c 0 +c 1 x+c 2 x 2 +…+c t-1 x t-1 By t non-interconnected interpolation points (x i ,f(x i ) I=1, 2, once again, the total number of the components is equal to t, then P (x) satisfies P (x) i )=f(x i ) I=1, 2,..t; for t interpolation points x which are not communicated with each other i Constructing an interpolation basis function h i (x) I is more than or equal to 1 and less than or equal to t; according to constructional requirements, for materials other than x i All points x except 1 ,x 2 ,...,x i-1 ,x i+1 ,...x t All are h i (x) Therefore, the constructed polynomial meeting the zero requirements is h i (x)=c i (x-x 1 )(x-x 2 )…(x-x i-1 )(x-x i+1 )...(x-x t );
From h i (x i ) =1, obtained:
h i (x i )=c i (x i -x 1 )(x i -x 2 )...(x i -x i-1 )(x i -x i+1 )…(x i -x t )=1
Figure SMS_1
thus, an interpolated basis function is obtained:
Figure SMS_2
from the above obtained t-1 th order Lagrangian interpolation polynomial
Figure SMS_3
Satisfy L t-1 (x i )=f(x i ) I=1, 2,.. it follows that: if the value of the polynomial f (x) at t different points is known, i.e. t data sharingThe participants possess the subkeys, so that the t subkeys can serve as t interpolation points, and t participants cooperate to calculate a polynomial f (x) according to the derived Lagrangian interpolation formula, so as to recover a symmetric key AES =c 0 =f(0)。
Further, in step 2:
encrypting the sub-keys means that all the sub-keys are asymmetrically encrypted, the number of the sub-keys is the same as the number of participants in the data sharing of the industrial Internet of things, and each sub-key uses a public key of one participant to asymmetrically encrypt;
the metadata comprises an original data hash value and an address of the data stored in an industrial Internet of things cloud platform;
the blockchain system, in particular to a alliance chain, has an admission mechanism and is suitable for multi-party data sharing of the industrial Internet of things.
Further, the dynamic accumulator technique in step 3 is specifically as follows:
the data owner adds the public key of the authorized user into the accumulator set, sends accumulator evidence to the authorized users, and then discloses a dynamic accumulator value; the data requesting party proves itself to be present in the accumulator grant set by virtue of the accumulator evidence and the value of the dynamic accumulator; when the data owner needs to delete or add the authorized user, the value of the dynamic accumulator is only updated, and then the updated accumulator evidence is distributed to the authorized user.
Further, when the data requester in step 4 invokes the request for the intelligent contract, the public key of the incoming data requester and the signature of the request are required as parameters.
Further, the blockchain system in step 5 executes the access control smart contract to determine metadata and subkeys returned after passing, specifically as follows:
each block chain node is provided with a sub-key of a decryption key, the number of the sub-keys meeting the requirement can restore the original encryption key through a Shamir secret sharing technology, all the block chain nodes need to execute intelligent contracts, and the execution result is false, the data request is refused; and if the execution result is true, returning the sub-key held by the organization and the storage address of the data in the industrial Internet of things cloud platform.
Further, the decryption key in step 6 is a symmetric key used by the data owner to encrypt the original data in step 1; the data requester must acquire a sufficient number of sub-keys to recover the decryption key, this number being set by the data owner.
Further, when the data request in step 7 initiates a data request to the industrial internet of things cloud platform, the data address and the public key of the requester need to be transmitted as parameters; the decryption algorithm is an AES symmetric decryption algorithm.
Compared with the prior art, the invention has the remarkable advantages that: (1) The data requesting party must acquire enough sub-keys to recover the decryption key, and the number is set by the data owning party, so that the access control is decentralised, and single-point faults and abuse of access authorization rights are avoided; (2) After a certain number of nodes are attacked, the normal operation of the data sharing system can be ensured, and the fault tolerance performance of the system is improved; (3) The security of multiparty data sharing in the application scene of the industrial Internet of things is improved.
Drawings
Fig. 1 is a schematic diagram of an industrial internet of things secure data sharing method applied to a supply chain scenario.
Fig. 2 is a flow chart of a block chain-based industrial internet of things secure data sharing method according to the present invention.
Detailed Description
The invention will now be described in further detail with reference to the drawings and examples.
The existing scheme of industrial internet of things data sharing generally uses attribute encryption and proxy re-encryption technology to realize an access control mechanism, which has the defect that the revocation or update of access control authority is difficult to realize, so that the controllability of data is poor. Some schemes use blockchain intelligence contracts for access control, but the access control result is determined by a single node, and there is still a single point of failure problem. The method adopts the dynamic accumulator to realize the access control, and has the characteristics of high efficiency, easy updating and easy revocation. Meanwhile, the method uses the Shamir secret sharing technology to transform the access control from centralized execution into a decentralization form, so that single-point faults are avoided.
With reference to fig. 1 and 2, the invention discloses a blockchain-based industrial internet of things secure data sharing method, which comprises the following steps:
step 1, a data owner calculates an original data hash value, encrypts the original data by using an AES symmetric encryption algorithm, and uploads the encrypted data to an industrial Internet of things cloud platform to obtain a data address returned by the cloud platform;
further, the data owner calculates the hash value of the original data, which is specifically as follows:
the hash value calculating method is an SHA-256 algorithm, and aims to detect whether data is tampered or not, specifically, after a data requester acquires original data, the hash value is recalculated and compared with the initial hash value, if the hash value is the same, the data is not tampered, and if the hash value is different, the data is tampered.
Further, the industrial internet of things cloud platform is a semi-trusted third party cloud platform.
Step 2, the data owner uses the Shamir secret sharing technology to divide the symmetric key into a plurality of sub-keys, encrypts the sub-keys, and uploads the encrypted sub-keys and metadata to the blockchain system;
further, the Shamir secret sharing technology specifically comprises the following steps:
a polynomial of degree t-1, if the values of t different points are obtained, all coefficients of the polynomial of degree t-1 can be calculated; let { (x) 1 ,y 1 ),(x 2 ,y 2 ),...,(x t ,y t ) The point set on the two-dimensional plane consists of t nodes, where x i (1.ltoreq.i.ltoreq.t) are different from each other, since there is one and only one definite t-1 th order polynomial f (x) on the two-dimensional plane passes through all points in the point set, the secret to be shared is set to f (0), n different points x are taken from the polynomial i Calculating f (x) i ),Will { x } i ,f(x i ) Setting the constant term parameter f (0) as a sub-secret, then any t of the n participants can cooperate to calculate the constant term parameter f (0), i.e., the secret to be shared;
the construction method of the interpolation polynomial used for the Shamir secret sharing is as follows:
step 2.1, selecting a large prime number P, and constructing a t-1 degree polynomial on a finite field GF (P):
f(x)=c 0 +c 1 x+c 2 x 2 +…+c t-1 x t-1 mod P
the decryption key is set to key AES =c 0 All other coefficients { c 1 ,c 2 ,...,c t-1 T-1 numbers which are randomly selected from the finite field GF (p) and are not communicated with each other;
step 2.2, splitting the decryption key: for n industrial Internet of things data sharing participants, n mutually different integers { x } are selected 1 ,x 2 ,...,x n Substituted into f (x) to obtain a set { (x) 1 ,f(x 1 )),(x 2 ,f(x 2 ),...,(x n ,f(x n ) And then (x) i ,f(x i ) I.e., the subkeys from which the decryption key is partitioned. The sub-keys are encrypted by using the public keys of n participants respectively and then stored in a blockchain; the polynomial f (x) is held separately by the data owner;
step 2.3, restoring the decryption key: let the subkey held by n industrial internet of things data sharing participants be (x i ,f(x i ) Where t participants cooperate to reconstruct the decryption key AES Wherein t is less than or equal to n, constructing a t-1 Lagrange polynomial, solving the polynomial through t values of the t-1 Lagrange polynomial, and constructing the t-1 Lagrange interpolation polynomial; t-1 th degree polynomial P (x) =c 0 +c 1 x+c 2 x 2 +…+c t-1 x t-1 By t non-interconnected interpolation points (x i ,f(x i ) I=1, 2, once again, the total number of the components is equal to t, then P (x) satisfies P (x) i )=f(x i ) I=1, 2,..t; for t interpolation points x which are not communicated with each other i Constructing an interpolation basis function h i (x) (1.ltoreq.i.ltoreq.t); according to constructional requirements, for materials other than x i All points x except 1 ,x 2 ,...,x i-1 ,x i+1 ,...x t All are h i (x) Therefore, the constructed polynomial meeting the zero requirements is h i (x)=c i (x-x 1 )(x-x 2 )...(x-x i-1 )(x-x i+1 )...(x-x t ) The method comprises the steps of carrying out a first treatment on the surface of the From h i (x i ) =1 available h i (x i )=c i (x i -x 1 )(x i -x 2 )...(x i -x i-1 )(x i -x i+1 )...(x i -x t ) =1, yield:
Figure SMS_4
thus, finally, an interpolated basis function can be obtained:
Figure SMS_5
from the above, the t-1 th order Lagrangian interpolation polynomial is
Figure SMS_6
Satisfy L t-1 (x i )=f(x i ) I=1, 2,..t, it can thus be concluded that: if the value of the polynomial f (x) at t different points is known, i.e. the t data-sharing participants possess sub-keys, then these t sub-keys can serve as t interpolation points, and the t participants cooperate to solve for the polynomial f (x) according to the derived Lagrangian interpolation formula, thereby recovering the symmetric key AES =c 0 =f(0)。
Further, the sub-key is encrypted as follows:
and carrying out asymmetric encryption on all the sub-keys, wherein the number of the sub-keys is the same as the number of the participants for data sharing of the industrial Internet of things, and each sub-key uses a public key of one participant to carry out asymmetric encryption.
Further, the metadata comprises an original data hash value and an address of the data stored in the industrial Internet of things cloud platform.
Furthermore, the blockchain system, in particular to a alliance chain, is provided with an admission mechanism and is suitable for multi-party data sharing of the industrial Internet of things.
Step 3, the data owner creates an access control intelligent contract by using a dynamic accumulator technology and deploys the access control intelligent contract on a blockchain;
further, the dynamic accumulator technique is specifically as follows:
the data owner adds the public key of the authorized user into the accumulator set, sends accumulator evidence to the authorized users, and then discloses a dynamic accumulator value; the data requesting party proves itself to be present in the accumulator grant set by virtue of the accumulator evidence and the value of the dynamic accumulator; when the data owner needs to delete or add the authorized user, the value of the dynamic accumulator is only updated, and then the updated accumulator evidence is distributed to the authorized user.
Step 4, the data requester calls a request data intelligent contract to initiate a data request to the blockchain system;
further, when the data requester calls the request intelligent contract, the public key of the data requester and the signature of the request are required to be used as parameters.
Step 5, the block chain system executes the access control intelligent contract, and returns metadata and the subkey after the judgment is passed;
further, the blockchain system executes the access control intelligent contract, and returns metadata and subkeys after the judgment is passed, specifically as follows:
each block chain node is provided with a sub-key of a decryption key, the number of the sub-keys meeting the requirement can restore the original encryption key through a Shamir secret sharing technology, all the block chain nodes need to execute intelligent contracts, and the execution result is false, the data request is refused; and if the execution result is true, returning the sub-key held by the organization and the storage address of the data in the industrial Internet of things cloud platform.
Step 6, the data requesting party obtains a plurality of sub-keys after access control, and recovers the decryption key;
further, the decryption key is a symmetric key used by the data owner to encrypt the original data in the step 1; the data requester must acquire a sufficient number of sub-keys to recover the decryption key, this number being set by the data owner.
And 7, requesting the data request to the industrial Internet of things cloud platform for encrypting the data, and decrypting the encrypted data to obtain the original data.
Further, when the data request initiates a data request to the industrial internet of things cloud platform, an incoming data address and a requester public key are required to be used as parameters.
Further, the decryption algorithm is an AES symmetric decryption algorithm.
Example 1
With reference to fig. 1 and 2, the main steps of this embodiment are as follows:
step 1, a data owner calculates an original data hash value, then encrypts the original data by using an AES symmetric encryption algorithm, and uploads the encrypted data to an industrial Internet of things cloud platform to obtain a data address returned by the cloud platform, wherein the data address returned by the cloud platform is specifically as follows:
the data owner firstly calculates the hash value h of the original data through the SHA-256 algorithm data And encrypting the original data into encryptedData by using an AES symmetric encryption algorithm, wherein a symmetric key is a key, then calling a data uploading API interface of an industrial Internet of things cloud platform, uploading the encrypted data, and then obtaining a data address url returned by the cloud platform. The specific algorithm is shown in table 1:
TABLE 1
Figure SMS_7
Step 2, the data owner uses the Shamir secret sharing technology to divide the symmetric key into a plurality of sub-keys, encrypts the sub-keys, and uploads the encrypted sub-keys and metadata to the blockchain system, wherein the method comprises the following steps:
the data owner first maintains a set of grants c= { C locally 1 ,c 2 ,...,c n (c) 1 ,c 2 ,...,c n And is the public key of n authorized users. Data owners locally compute a compute accumulator
Figure SMS_8
Then generates accumulator evidence { w for n authorized users 1 ,w 2 ,...,w n }. The specific algorithm is shown in Table 2:
TABLE 2
Figure SMS_9
The data owner uses the AES algorithm to symmetrically encrypt the original data, wherein the symmetric key is a key. The number of the participants in the alliance chain system is n, a threshold t is required to be set by the Shamir secret sharing technology, the original secret key can be recovered by any t divided sub-secret keys, and any information cannot be recovered by less than t sub-secret keys. For the key to be encrypted, k-1 random numbers { a } are taken over the finite group GF (p) 1 ,a 2 ,...,a k-1 Let a }, let 0 =key, construct the following polynomial:
f(x)=a 0 +a 1 x+a 2 x 2 +a 3 x 3 +…+a k-1 x k-1
take n different numbers b 1 ,b 2 ,...,b n Respectively into polynomials to obtain n subkeys { f (b) 1 ),f(b 2 ),...,f(b n ) }. Because the blockchain is a decentralised and transparent database, the subkeys cannot be directly uploaded to the blockchain in the plaintext, so that the public keys of n nodes are required to be respectively encrypted, and the encrypted subkey set S= { S is obtained 1 ,s 2 ,...,s n (s is therein i =Encrypt(pk i ,b i ,f(b i )). The specific algorithm flow is shown in table 3:
TABLE 3 Table 3
Figure SMS_10
Step 3, the data owner creates an access control intelligent contract by using a dynamic accumulator technology and deploys the access control intelligent contract on a blockchain, wherein the access control intelligent contract is specifically as follows:
the data owner creates an intelligent contract that implements the access control function. Firstly, an address url of data in an industrial Internet of things cloud platform is provided by a data owner d Hash value hash of original data d The dynamic accumulator value Acc and the encrypted set of subkeys are stored in the contract. The data owner then creates a data request function that requires accumulator membership evidence of the incoming data requester to determine whether the requester is in the authorization set. Let the current value of the dynamic accumulator be Acc, the accumulator evidence of the requester be w, the public key of the requester be pk, if acc=w pk mod N, then the verification passes. The specific algorithm flow is shown in Table 4:
TABLE 4 Table 4
Figure SMS_11
When the data owner wants to revoke a's access rights to the data, it needs to be removed from the authorization set. The data owner updates the value of the dynamic accumulator, then updates its accumulator evidence for other parties still present in the authorized set, and then distributes to the relevant parties after encryption with the corresponding public key. Finally, the data owner calls the function in the intelligent contract to update the value of the dynamic accumulator, and the process is wrote into the blockchain in a tamper-proof way after the consensus of all nodes. The specific algorithm flow is shown in Table 5:
TABLE 5
Figure SMS_12
Step 4, the data requesting party calls the intelligent contract for requesting the data, and initiates the data request to the blockchain system, specifically:
after the intelligent contract for requesting the data is called, the data requesting party can obtain a plurality of sub-keys of the decryption key, the number of the sub-keys is k, and if k is greater than or equal to a threshold t set during key segmentation, the data requesting party can recover the complete decryption key according to the Shamir secret sharing principle. Then, the data request initiates a request for acquiring data to the industrial Internet of things cloud platform, and the data address is transmitted to acquire encrypted data. Then, the data requester uses the decrypted symmetric key to perform a decryption operation to obtain the original data. And finally, the data requester calculates the hash value of the data and compares the hash value with the hash value of the data returned by the intelligent contract, and if the hash value is the same, the data requester is informed of successfully acquiring the complete data. The specific algorithm flow is shown in Table 6:
TABLE 6
Figure SMS_13
In summary, the first and the data requesters must acquire a sufficient number of subkeys to recover the decryption key, and the number is set by the data owners, so that the access control is decentralised, and single-point failure and access authorization abuse are avoided; the second, after a certain number of nodes are attacked, the normal operation of the data sharing system can be ensured, and the fault tolerance performance of the system is improved; thirdly, the safety of multiparty data sharing in the application scene of the industrial Internet of things is improved.

Claims (10)

1. The industrial Internet of things secure data sharing method based on the blockchain is characterized by comprising the following steps of:
step 1, a data owner calculates an original data hash value, encrypts the original data by using an AES symmetric encryption algorithm, and uploads the encrypted data to an industrial Internet of things cloud platform to obtain a data address returned by the cloud platform;
step 2, the data owner uses the Shamir secret sharing technology to divide the symmetric key into a plurality of sub-keys, encrypts the sub-keys, and uploads the encrypted sub-keys and metadata to the blockchain system;
step 3, the data owner creates an access control intelligent contract by using a dynamic accumulator technology and deploys the access control intelligent contract on a blockchain;
step 4, the data requester calls a request data intelligent contract to initiate a data request to the blockchain system;
step 5, the block chain system executes the access control intelligent contract, and returns metadata and the subkey after the judgment is passed;
step 6, the data requesting party obtains a plurality of sub-keys after access control, and recovers the decryption key;
and 7, requesting the data request to the industrial Internet of things cloud platform for encrypting the data, and decrypting the encrypted data to obtain the original data.
2. The blockchain-based industrial internet of things secure data sharing method of claim 1, wherein the data owner in step 1 calculates the original data hash value as follows:
the hash value calculating method is SHA-256 algorithm, is used for detecting whether the data is tampered, specifically, after the data requesting party obtains the original data, the hash value is calculated again and compared with the initial hash value, if the hash value is the same, the data is not tampered, and if the hash value is different, the data is tampered.
3. The blockchain-based industrial internet of things secure data sharing method of claim 1, wherein the industrial internet of things cloud platform in step 1 is a semi-trusted third party cloud platform.
4. The blockchain-based industrial internet of things secure data sharing method of claim 1, wherein the Shamir secret sharing technique in step 2 is specifically as follows:
a polynomial of degree t-1, if values of t different points are obtained, all coefficients of the polynomial of degree t-1 can be calculated; let { (x) 1 ,y 1 ),(x 2 ,y 2 ),...,(x t ,y t ) The point set on the two-dimensional plane consists of t nodes, where x i Since the polynomial f (x) of t-1 degree which is determined by one and only one of the two-dimensional planes passes through all points in the point set, the secret to be shared is set to f (0), and n different points x are taken from the polynomial i Calculating f (x) i ) Will { x } i ,f(x i ) Setting the constant term parameter f (0) as a sub-secret, then any t of the n participants can cooperate to calculate the constant term parameter f (0), i.e., the secret to be shared;
the construction method of the interpolation polynomial used for Shamir secret sharing is as follows:
step 2.1, selecting a large prime number P, and constructing a t-1 degree polynomial on a finite field GF (P):
f(x)=c 0 +c 1 x+c 2 x 2 +…+c t-1 x t-1 mod P
the decryption key is set to key AES =c 0 All other coefficients { c 1 ,c 2 ,...,c t-1 T-1 numbers which are randomly selected from the finite field GF (p) and are not communicated with each other;
step 2.2, splitting the decryption key: for n industrial Internet of things data sharing participants, n mutually different integers { x } are selected 1 ,x 2 ,...,x n Substituted into f (x) to obtain a set { (x) 1 ,f(x 1 )),(x 2 ,f(x 2 ),...,(x n ,f(x n ) And then (x) i ,f(x i ) The decryption keys are divided sub-keys, the sub-keys are encrypted by using the public keys of n participants respectively, and then the sub-keys are stored in a blockchain; the polynomial f (x) is held separately by the data owner;
step 2.3, restoring the decryption key: let the subkey held by n industrial internet of things data sharing participants be (x i ,f(x i ) Where t participants cooperate to reconstruct the decryption key AES Wherein t is less than or equal to n, constructing a t-1 Lagrange polynomial, solving the polynomial through t values of the t-1 Lagrange polynomial, and constructing a t-1 Lagrange interpolation polynomial; t-1 timesPolynomial P (x) =c 0 +c 1 x+c 2 x 2 +…+c t-1 x t-1 By t non-interconnected interpolation points (x i ,f(x i ) I=1, 2, once again, the total number of the components is equal to t, then P (x) satisfies P (x) i )=f(x i ) I=1, 2,..t; for t interpolation points x which are not communicated with each other i Constructing an interpolation basis function h i (x) I is more than or equal to 1 and less than or equal to t; according to constructional requirements, for materials other than x i All points x except 1 ,x 2 ,...,x i-1 ,x i+1 ,...x t All are h i (x) Therefore, the constructed polynomial meeting the zero requirements is h i (x)=c i (x-x 1 )(x-x 2 )...(x-x i-1 )(x-x i+1 )…(x-x t );
From h i (x i ) =1, obtained:
h i (x i )=c i (x i -x 1 )(x i -x 2 )...(x i -x i-1 )(x i -x i+1 )…(x i -x t )=1
Figure FDA0004004917590000021
thus, an interpolated basis function is obtained:
Figure FDA0004004917590000022
from the above obtained t-1 th order Lagrangian interpolation polynomial
Figure FDA0004004917590000023
Satisfy L t-1 (x i )=f(x i ) I=1, 2,..t, thus concluding: if the value of the polynomial f (x) at t different points is known, i.e. the t data-sharing participants possess sub-keys, then these t sub-keys can serve as t interpolation points from which to deriveThe t participants cooperate to solve for a polynomial f (x) to recover the symmetric key AES =c 0 =f(0)。
5. The blockchain-based industrial internet of things secure data sharing method of claim 1, wherein in step 2:
encrypting the sub-keys means that all the sub-keys are asymmetrically encrypted, the number of the sub-keys is the same as the number of participants in the data sharing of the industrial Internet of things, and each sub-key uses a public key of one participant to asymmetrically encrypt;
the metadata comprises an original data hash value and an address of the data stored in an industrial Internet of things cloud platform;
the blockchain system, in particular to a alliance chain, has an admission mechanism and is suitable for multi-party data sharing of the industrial Internet of things.
6. The blockchain-based industrial internet of things secure data sharing method of claim 1, wherein the dynamic accumulator technique in step 3 is as follows:
the data owner adds the public key of the authorized user into the accumulator set, sends accumulator evidence to the authorized users, and then discloses a dynamic accumulator value; the data requesting party proves itself to be present in the accumulator grant set by virtue of the accumulator evidence and the value of the dynamic accumulator; when the data owner needs to delete or add the authorized user, the value of the dynamic accumulator is only updated, and then the updated accumulator evidence is distributed to the authorized user.
7. The blockchain-based industrial internet of things secure data sharing method of claim 1, wherein when the data requester in step 4 invokes the request for the intelligent contract, an incoming data requester public key and a signature of the current request are required as parameters.
8. The blockchain-based industrial internet of things secure data sharing method of claim 1, wherein the blockchain system in step 5 executes an access control smart contract to return metadata and subkeys after passing the discrimination, specifically as follows:
each block chain node is provided with a sub-key of a decryption key, the number of the sub-keys meeting the requirement can restore the original encryption key through a Shamir secret sharing technology, all the block chain nodes need to execute intelligent contracts, and the execution result is false, the data request is refused; and if the execution result is true, returning the sub-key held by the organization and the storage address of the data in the industrial Internet of things cloud platform.
9. The blockchain-based industrial internet of things secure data sharing method of claim 1, wherein the decryption key in step 6 is a symmetric key used by the data owner to encrypt the original data in step 1; the data requester must acquire a sufficient number of sub-keys to recover the decryption key, this number being set by the data owner.
10. The blockchain-based industrial internet of things secure data sharing method of claim 1, wherein in the step 7, when a data request initiates a data request to an industrial internet of things cloud platform, an incoming data address and a requester public key are required as parameters; the decryption algorithm is an AES symmetric decryption algorithm.
CN202211637908.4A 2022-12-18 2022-12-18 Block chain-based industrial Internet of things secure data sharing method Pending CN116015828A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211637908.4A CN116015828A (en) 2022-12-18 2022-12-18 Block chain-based industrial Internet of things secure data sharing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211637908.4A CN116015828A (en) 2022-12-18 2022-12-18 Block chain-based industrial Internet of things secure data sharing method

Publications (1)

Publication Number Publication Date
CN116015828A true CN116015828A (en) 2023-04-25

Family

ID=86027571

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211637908.4A Pending CN116015828A (en) 2022-12-18 2022-12-18 Block chain-based industrial Internet of things secure data sharing method

Country Status (1)

Country Link
CN (1) CN116015828A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116248279A (en) * 2023-05-05 2023-06-09 北京航空航天大学云南创新研究院 Data calculation containerized trusted execution method based on blockchain
CN117040929A (en) * 2023-10-08 2023-11-10 腾讯科技(深圳)有限公司 Access processing method, device, equipment, medium and program product
CN117097476A (en) * 2023-10-19 2023-11-21 浪潮云洲工业互联网有限公司 Data processing method, equipment and medium based on industrial Internet

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116248279A (en) * 2023-05-05 2023-06-09 北京航空航天大学云南创新研究院 Data calculation containerized trusted execution method based on blockchain
CN117040929A (en) * 2023-10-08 2023-11-10 腾讯科技(深圳)有限公司 Access processing method, device, equipment, medium and program product
CN117040929B (en) * 2023-10-08 2024-01-26 腾讯科技(深圳)有限公司 Access processing method, device, equipment, medium and program product
CN117097476A (en) * 2023-10-19 2023-11-21 浪潮云洲工业互联网有限公司 Data processing method, equipment and medium based on industrial Internet
CN117097476B (en) * 2023-10-19 2024-01-26 浪潮云洲工业互联网有限公司 Data processing method, equipment and medium based on industrial Internet

Similar Documents

Publication Publication Date Title
Hur et al. Secure data deduplication with dynamic ownership management in cloud storage
Belguith et al. Proud: Verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted iot applications
Kumar et al. Secure storage and access of data in cloud computing
CN108768951B (en) Data encryption and retrieval method for protecting file privacy in cloud environment
CN116015828A (en) Block chain-based industrial Internet of things secure data sharing method
CN108111540B (en) Hierarchical access control system and method supporting data sharing in cloud storage
CN111541678A (en) Block chain-based proxy re-encryption method, system and storage medium
JP6363032B2 (en) Key change direction control system and key change direction control method
CN114039790A (en) Block chain-based fine-grained cloud storage security access control method
Hoang et al. Privacy-preserving blockchain-based data sharing platform for decentralized storage systems
CN112487443A (en) Energy data fine-grained access control method based on block chain
WO2014078951A1 (en) End-to-end encryption method for digital data sharing through a third party
Tiwari et al. SecCloudSharing: Secure data sharing in public cloud using ciphertext‐policy attribute‐based proxy re‐encryption with revocation
GB2603495A (en) Generating shared keys
Youn et al. Authorized client-side deduplication using CP-ABE in cloud storage
CN109495248B (en) Monitorable privacy communication method based on secret sharing scheme
Chang et al. A privacy-preserving cloud-based data management system with efficient revocation scheme
Jeckmans et al. Poster: privacy-preserving profile similarity computation in online social networks
Meng et al. A novel attribute-based signcryption scheme in cloud computing environments
CN116112185A (en) Private data sharing method based on blockchain and zero knowledge proof
CN116383874A (en) Traceable privacy information retrieval method based on blockchain
CN116248289A (en) Industrial Internet identification analysis access control method based on ciphertext attribute encryption
Chen et al. Generic attribute revocation systems for attribute-based encryption in cloud storage
Kim et al. Broadcast proxy reencryption based on certificateless public key cryptography for secure data sharing
Swetha et al. Security on mobile cloud computing using cipher text policy and attribute based encryption scheme

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination