CN116545663A - Secure data transmission method and system for smart city big data service - Google Patents

Secure data transmission method and system for smart city big data service Download PDF

Info

Publication number
CN116545663A
CN116545663A CN202310413678.1A CN202310413678A CN116545663A CN 116545663 A CN116545663 A CN 116545663A CN 202310413678 A CN202310413678 A CN 202310413678A CN 116545663 A CN116545663 A CN 116545663A
Authority
CN
China
Prior art keywords
data
user
smart city
key
big data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310413678.1A
Other languages
Chinese (zh)
Inventor
杨国水
施先进
刘丹
芮罗锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Greentown Information Technology Co ltd
Original Assignee
Hangzhou Greentown Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Greentown Information Technology Co ltd filed Critical Hangzhou Greentown Information Technology Co ltd
Priority to CN202310413678.1A priority Critical patent/CN116545663A/en
Publication of CN116545663A publication Critical patent/CN116545663A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a secure data transmission method and a system for smart city big data service, wherein the method comprises the following steps: creating system parameters; encrypting data; creating a decryption key; decrypting the ciphertext; detecting the key integrity; key tracking. The data owner of the invention can share one piece of data by any data user meeting the requirement only by encrypting the piece of data once without encrypting each data user respectively. The access policy is partially hidden, and the privacy of the user attribute is protected. When the secret key is revealed or maliciously shared/sold, the smart city management center can analyze the owner of the secret key from the secret key, so that the responsibility can be conveniently tracked. For the existing facts of the key leakage, malicious users can be evicted, and meanwhile, the key is updated to readjust the access authority of the encrypted data, so that further loss is avoided.

Description

Secure data transmission method and system for smart city big data service
Technical Field
The invention relates to the technical field of smart cities, in particular to a secure data transmission method and system for smart city big data service.
Background
Smart cities are the product of the information age and are a necessary trend for the urban development of modern society. The main task is to digitally, network and intelligently manage people, things and things in the city, thereby providing high-quality, efficient and humanized service for the public and improving the city management level and the life quality of residents. The method fully utilizes the modern information technology to reform the traditional industry and organically combines the traditional industry with the traditional urban functions, thereby improving the comprehensive strength of the city. The core of the smart city is data, and the collection, circulation, mining and use of mass data are key to the operation of the smart city system. In a smart city service system, data is collected by various sensors or mobile crowd-sourced operators and then uploaded to a cloud platform for access by authorized users.
However, due to the openness of the network and the cloud platform, the data faces security threats such as data leakage, unauthorized access and the like in the transmission process, which brings great trouble to the operation and maintenance of the smart city system and also easily causes loss to data users. In this regard, people adopt encryption technology to ensure the security of data in the transmission process, but these traditional encryption technology lacks in terms of efficiency and flexibility and severely restrict the practicality of the system, and for the smart city big data service system with a large number of users, it is difficult to realize a highly efficient and reliable key management mechanism, so as to prevent the damage to the economic benefit of the smart city big data service platform caused by key leakage and malicious sale of keys. According to the current application situation of the smart city, we conclude that the following problems need to be solved:
(1) How does an efficient and flexible secure data transmission method be provided, so that data can be accessed by multiple users only once encrypted?
(2) How does an owner of a key to search for and locate for a compromised or maliciously sold key?
(3) How to expel malicious users and reduce the loss of key leakage and malicious sale of keys to the system?
Disclosure of Invention
In view of the above-mentioned drawbacks of the prior art, the present invention provides a secure data transmission method and system for smart city big data service, wherein the transmission method is a brand-new attribute-based encryption method, and one-to-many secure data sharing is realized, so as to solve the first problem, and then a key tracking algorithm is designed to track the identity of the owner of the leaked or maliciously sold key. Finally, a ciphertext updating algorithm is designed, and under the condition of key leakage, the key is disabled, so that the future normal operation of the smart city big data service system is not influenced.
In order to achieve the above purpose, the invention adopts the following technical scheme: a secure data transmission method for smart city big data service comprises the following steps:
step 1, creating system parameters;
step 2, data encryption;
step 3, creating a decryption key;
step 4, decrypting the ciphertext;
step 5, detecting the integrity of the key;
and 6, key tracking.
Further, the method further comprises updating the ciphertext, specifically:
the smart city management center firstly selects random number eta epsilon Z p And calculates an update keyThen transmitting the smart city big data platform through a secure channel;
the smart city big data platform inputs the update parameters X ', the revocation list R ' and the ciphertext CT, then calculates the update ciphertext associated with R ', defines the assumption that the cover { R ' } is a minimum coverage set associated with the revocation list R ', and for all j ' e-covers { R ' }, there are two cases:
case 1: if j ε cover { R } is present such that j=j', then T is set j =T j ′;
Case 2: if j ε cover { R } exists and j is one ancestor node of j ', then it is assumed that Path (j')=Path (j))∪{n dep(j)+1 ,...,n dep(j′) N is }, where n dep(j) =j and n dep(j′) =j', then let Y j =T j And calculateWhere k=dep (j),..dep (j'), and setting T j =Y j ′;
Finally, the algorithm outputs the updated ciphertext
Further, the step 1 creates system parameters, specifically:
step 1.1: inputting security parameters pi=80, defining attribute name complete set as U, defining T as a binary tree and binding with user id with an attribute set as W, and setting an empty revocation list R;
step 1.2: algebraic structure defining cryptographic protocols: definition of G and G T For a multiplicative cyclic group of two prime orders p, and defining G as one generator of group G, defining bilinear mapping: e, G is G.fwdarw.G T
Step 1.3: randomly selecting integer group Z p Random numbers a, alpha, and random numbers h, u in group G;
step 1.4: for each node of the binary tree T, randomly selectingAnd sequentially calculate
Step 1.5: invoking a probability symmetric encryption algorithm, defining k as a symmetric key, enc as an encryption algorithm, and the plaintext of the algorithm is {0,1} * Bit string, output as Z p In (2), and accordingly, dec is an encryption algorithm whose input is Z p Outputs one element of {0,1} * Bit string;
Step 1.6: final public system public parametersSecret preservation System Master Key->
Further, the step 2 of data encryption specifically includes:
step 2.1: randomly selecting a vectorWherein v is 2 ,...,v n ∈Z p The function of this vector is to share the secret value s e Z p Subsequently, for each row i ε [1, l]Calculating lambda i =M i V, wherein M i Represents the ith row of matrix M;
step 2.2: for each row i E [1, l]Randomly select t i ∈Z p And calculates ciphertext component c=m·e (g, g) αs C 0 =g S ,C′ 0 =g as
Step 2.3: defining a cover { R } as a minimum set of covers associated with revocation list R, for each j e cover { R }, computing the associated ciphertext component
Step 2.4: definition of the definitionIs the remainder of the access policy ψ after removal of the user attribute value, the data owner finally puts the ciphertext tuple +.> And sending the data to a smart city big data platform.
Further, the step 3 of creating a decryption key specifically includes:
step 3.1: calculate c=enc k (n d ) Wherein n is d A value of a leaf node of the binary tree for the user id, d being the depth of the binary tree;
step 3.2: selecting a random number r E Z p For set I S All attribute names T E I in the list S Calculate the decryption key component as K' =c,L=g r ,L′=g ar ,/>
step 3.3: definition Path (n) d )={n 0 ,...,n d From the root node to leaf node n of the binary tree d N of the path of (2) 0 Representing root node, selecting random numberAnd calculates the decryption key component associated with the user id +.>
Step 3.4: the algorithm ultimately outputs the user decryption keyAnd returns the decryption key to the data user.
Further, the decrypting of the ciphertext in the step 4 specifically includes:
case 1: if the user attribute set does not meet the access policy, i.eOr the user identity is already in the revocation list, i.e. id e R, the algorithm is aborted;
case 2: if the user identity is not in the revocation listAnd the user attribute set meets the access policy, namely S epsilon (M, rho), the algorithm runs the following four steps:
step 4.1: when (when)When there is a node j such that j e cover (R) ≡Path (id) is true, it is assumed that Path (id) = { n 0 ,...,n dep(j) ,...,n d N is }, where n dep(j) =j and n d For the value of leaf node with respect to user id, the user then calculates +.>And +.>
Step 4.2: defining the number of rows in matrix M for all attributes in the access policy (M, ρ) that the user satisfiesDefinition factor { c i I e I, so that Σ i∈I c i λ i =s is true, and then the decryption components E, F are calculated as follows
Step 4.3: the decryption component is calculated as follows
Step 4.4: finally, the data user calculates and recovers the data plaintext according to the following equation on the basis of the decryption component on the ciphertext
Further, the step 5 key integrity detection specifically includes:
firstly, selecting a random number K' E Z p K, L, L', K τ ,K id E G, then determining whether the following holds
e(g,L′)=e(g a ,L)≠1
e(K,g a g K′ )=e(g,g) α e(L K′ ·L′,h)≠1
Exist τ ε I S So that
If the decryption key SK satisfies the above equation, the key need not be traced, the algorithm output 1 indicates a detection offer, otherwise the algorithm inputs 0, and the next algorithm is performed on the key SK.
Further, the key tracking in step 6 specifically includes:
step 6.1: calculating n d =dec (K') to recover the value of the leaf node corresponding to the user id;
step 6.2: from binary leaf node value n d Finding out the corresponding user identity id, and directly outputting the T if the user identity id does not exist;
step 6.3: if it isIt is explained that the user id has not been added to the revocation list and thus the revocation list R' =rsu { id } is updated.
A system for realizing the secure data transmission method facing the smart city big data service comprises the following steps: the intelligent city management center, the intelligent city big data platform, the data owner and the data user have the following specific functions:
the intelligent city management center is used for managing data owners and data users in the intelligent city big data service system, creating public parameters required by system operation and generating keys for the data users;
the smart city big data platform is used for storing any encrypted data uploaded by a data owner;
the data owners, including but not limited to sensor terminals or actuators in the smart city system, automatically or manually collect related data, encrypt and upload to the smart city big data platform;
and the data user is a user terminal enjoying the smart city big data service, downloads, decrypts and finally acquires related data from the smart city big data platform.
The invention has the following technical effects:
1. the data owner only needs to encrypt one piece of data once, and can be shared by any data users meeting the requirements without encrypting each data user separately.
2. The access policy is partially hidden, and the privacy of the user attribute is protected.
3. When the secret key is revealed or maliciously shared/sold, the smart city management center can analyze the owner of the secret key from the secret key, so that the responsibility can be conveniently tracked.
4. For the existing facts of the key leakage, malicious users can be evicted, and meanwhile, the key is updated to readjust the access authority of the encrypted data, so that further loss is avoided.
Drawings
FIG. 1 is a flowchart of an algorithm embodying the present invention.
Fig. 2 is a specific structural topology of the present invention.
Detailed Description
The following description refers to the accompanying drawings, which illustrate preferred embodiments of the present invention and make the technical content more clear and easier to understand. The present invention may be embodied in many different forms of embodiments and the scope of the present invention is not limited to only the embodiments described herein.
Example 1
As shown in fig. 1, a secure data transmission method for smart city big data service is mainly divided into the following seven algorithms:
parameter setting algorithm
The algorithm is used for creating system parameters and system master keys and provides support for subsequent algorithms, and the algorithm is executed by a smart city management center and comprises the following 6 steps:
step 1.1: the longer the security parameter pi=80 is entered, the more secure the cryptographic protocol is. Defining the attribute name corpus as U, defining T as a binary tree, and binding with a user id with the attribute set as W. Furthermore, an empty revocation list R is set.
Step 1.2: on this basis, the algebraic structure of the cryptographic protocol is defined: definition of G and G T For a multiplicative cyclic group of two prime orders p, and define G as one generator of group G. Defining a bilinear map: e, G is G.fwdarw.G T
Step 1.3: randomly selecting integer group Z p Random numbers a, α in group G, and random numbers h, u in group G.
Step 1.4: for each node of the binary tree T, randomly selectingAnd sequentially calculate
Step 1.5: invoking a probability symmetric encryption algorithm, defining k as a symmetric key, enc as an encryption algorithm, and the plaintext of the algorithm is {0,1} * Bit string, output as Z p In (2), and accordingly, dec is an encryption algorithm whose input is Z p Outputs one element of {0,1} * Bit strings.
Step 1.6: final public system public parametersSecret preservation system master key
Encryption algorithm
When the data owner collects the data M, it inputs the system public parameters PP, revocation list R, and access policy ψ= (M, ρ, a), where M is a matrix of lxn, ρ is a function mapping each row in the matrix M to an attribute name in the attribute corpus U, a= { t ρ(i) } i∈[1,l] Is the attribute value associated with (M, p). The algorithm performs the following 4 steps:
step 2.1: randomly selecting a vectorWherein v is 2 ,...,v n ∈Z p The function of this vector is to share the secret value s e Z p . Subsequently, for each row i ε [1, l]Calculating lambda i =M i V, wherein M i Representing the ith row of matrix M.
Step 2.2: for each row i E [1, l]Randomly select t i ∈Z p And calculates ciphertext component c=m·e (g, g) αs C 0 =g s ,C′ 0 =g as
Step 2.3: defining a cover { R } as a minimum set of covers associated with revocation list R, for each j e cover { R }, computing the associated ciphertext component
Step 2.4: definition of the definitionIs the remainder of the access policy ψ after the user attribute values are removed. The data owner finally puts the ciphertext tuple +> And sending the data to a smart city big data platform. Note that the smart city big data platform can see +.>The attribute values are not visible and therefore the access policy is partially hidden.
Third, secret key generation algorithm
The algorithm is executed by the smart city management center for generating keys required for decryption for the data users. Input user identity id, system Master Key MSK, and book Property setWherein->For attribute name set, s= { S i } i∈S Is the set of corresponding attribute values. The algorithm is divided into the following 4 steps:
step 3.1: calculate c=enc k (n d ) Wherein n is d The value of a leaf node of the binary tree for the user id, d is the depth of the binary tree.
Step 3.2: selecting a random number r E Z p For set I S All attribute names T E I in the list S Calculate the decryption key component as K' =c,L=g r ,L′=g ar ,/>
step 3.3: definition Path (n) d )={n 0 ,...,n d From the root node to leaf node n of the binary tree d N of the path of (2) 0 Representing root node, selecting random numberAnd calculates the decryption key component associated with the user id +.>
Step 3.4: the algorithm ultimately outputs the user decryption keyAnd returns the decryption key to the data user.
Fourth decryption algorithm
The algorithm is executed by a data user, when the ciphertext CT is received, the data user inputs a decryption key SK of the data user, and specifically, the algorithm is divided into the following two cases:
case 1: if the user attribute set does not meet the access policy, i.eOr the user identity is already in the revocation list, i.e. id e R, the algorithm is aborted.
Case 2: if the user identity is not in the revocation listAnd the user attribute set meets the access policy, namely S epsilon (M, rho), the algorithm runs the following four steps:
step 4.1: when (when)When there is a node j such that j e cover (R) ≡Path (id) is true, it is assumed that Path (id) = { n 0 ,...,n dep(j) ,...,n d N is }, where n dep(j) =j and n d Is the value of the leaf node for the user id.The user then calculates +.>And +.>
Step 4.2: defining the number of rows in matrix M for all attributes in the access policy (M, ρ) that the user satisfiesDefinition factor { c i I e I, so that Σ i∈I c i λ i =s holds. The decryption components E, F are then calculated according to the following equation
Step 4.3: the decryption component is calculated as follows
Step 4.4: finally, the data user calculates and recovers the data plaintext according to the following equation on the basis of the decryption component on the ciphertext
Fifth, key integrity detection algorithm
The algorithm is executed by the smart city management center to determine whether a suspect decryption key SK needs to be traced, and the algorithm first selects a random number K' E Z p K, L, L', K τ Kid ε G, then determine if the following holds
e(g,L′)=e(g a ,L)≠1
e(K,g a g K′ )=e(g,g) α e(L K′ ·L′,h)≠1
Exist τ ε I S So that
If the decryption key SK satisfies the above equation, the key need not be traced, the algorithm output 1 indicates a detection offer, otherwise the algorithm inputs 0, and the next algorithm is performed on the key SK.
Sixth, key tracking algorithm
The algorithm is executed by the smart city management center, if the key SK outputs 0, the key is handed over to the algorithm for processing, and the algorithm is divided into the following 3 steps
Step 6.1: calculating n d Dec (K') to recover the value of the leaf node corresponding to the user id.
Step 6.2: from binary leaf node value n d Find out the corresponding user identity id, if not exist, directly output
Step 6.3: if it isIt is explained that the user id has not been added to the revocation list and thus the revocation list R' =rsu { id } is updated.
Seventh ciphertext updating algorithm
The algorithm is interactively executed by a smart city big data platform and a smart city management center, wherein the smart city management center firstly selects random numbers eta epsilon Z p And calculates an update keyWhich is then sent over the secure channel to the smart city big data platform. The smart city big data platform inputs the update parameter X',revocation list R 'and ciphertext CT, and then calculate updated ciphertext associated with R'. The definition assumes that the cover { R '} is a minimum set of covers associated with the revocation list R', for all j 'e-covers { R' }, there are two cases:
case 1: if j ε cover { R } is present such that j=j', then T is set j =T j′
Case 2: if j ε cover { R } exists and j is one ancestor node of j ', then it is assumed that Path (j')=Path (j)/(U) n { dep(j)+1 ,...,n dep(j) N is }, where n dep(j) =j and n dep(j′) =j'。
Subsequently, let Y be j =T j And calculateWhere k=dep (j),..dep (j'), and setting T j =Y j′
Finally, the algorithm outputs the updated ciphertext
The above-mentioned security data transmission method for big data service of smart city based on the system implementation shown in fig. 2 includes: the intelligent city management system comprises a intelligent city management center, an intelligent city big data platform, a data owner and a data user. Their specific functions are as follows:
the intelligent city management center: the entity is used for managing data owners and data users in the smart city big data service system, creating public parameters required by the system operation, and generating keys for the data users.
Smart city big data platform: the entity is used to store any encrypted data uploaded by the data owner.
Data owner: typically sensors in a smart city system, crowd-sourced task performers, etc., that automatically or manually collect relevant data, encrypt and upload to a smart city big data platform.
Data user: are users who enjoy the smart city big data service, and they download, decrypt, and finally acquire relevant data from the smart city big data platform.
The foregoing describes in detail preferred embodiments of the present invention. It should be understood that numerous modifications and variations can be made in accordance with the concepts of the invention without requiring creative effort by one of ordinary skill in the art. Therefore, all technical solutions which can be obtained by logic analysis, reasoning or limited experiments based on the prior art by the person skilled in the art according to the inventive concept shall be within the scope of protection defined by the claims.

Claims (9)

1. The safe data transmission method for the smart city big data service is characterized by comprising the following steps of:
step 1, creating system parameters;
step 2, data encryption;
step 3, creating a decryption key;
step 4, decrypting the ciphertext;
step 5, detecting the integrity of the key;
and 6, key tracking.
2. The method for transmitting secure data for smart city-oriented big data service according to claim 1, further comprising updating ciphertext, specifically:
the smart city management center firstly selects random number eta epsilon Z p And calculates an update keyThen transmitting the smart city big data platform through a secure channel;
the smart city big data platform inputs the update parameters X ', the revocation list R ' and the ciphertext CT, then calculates the update ciphertext associated with R ', defines the assumption that the cover { R ' } is a minimum coverage set associated with the revocation list R ', and for all j ' e-covers { R ' }, there are two cases:
case 1: if j ε cover { R } is present such that j=j', then T is set j =T j′
Case 2: if j ε cover { R } exists and j is one ancestor node of j ', then it is assumed that Path (j')=Path (j)/(U) n { dep(j)+1 ,...,n dep(j′) N is }, where n dep(j) =j and n dep(j′) =j', then let Y j =T j And calculateWhere k=dep (j),..dep (j'), and setting T j =Y j′
Finally, the algorithm outputs the updated ciphertext
3. The method for transmitting secure data for smart city-oriented big data service according to claim 1, wherein the creating system parameters in step 1 specifically includes:
step 1.1: inputting security parameters pi=80, defining attribute name complete set as U, defining T as a binary tree and binding with user id with an attribute set as W, and setting an empty revocation list R;
step 1.2: algebraic structure defining cryptographic protocols: definition of G and G T For a multiplicative cyclic group of two prime orders p, and defining G as one generator of group G, defining bilinear mapping: e: g is G.fwdarw.G T
Step 1.3: randomly selecting integer group Z p Random numbers a, alpha, and random numbers h, u in group G;
step 1.4: for each node of the binary tree T, randomly selectingAnd according toSub-calculation
Step 1.5: invoking a probability symmetric encryption algorithm, defining k as a symmetric key, enc as an encryption algorithm, and the plaintext of the algorithm is {0,1} * Bit string, output as Z p In (2), and accordingly, dec is an encryption algorithm whose input is Z p Outputs one element of {0,1} * A bit string;
step 1.6: final public system public parametersSecret preservation System Master Key->
4. The secure data transmission method for smart city-oriented big data service according to claim 1, wherein the step 2 data encryption specifically comprises:
step 2.1: randomly selecting a vectorWherein v is 2 ,...,v n ∈Z p The function of this vector is to share the secret value s e Z p Subsequently, for each row i ε [1, l]Calculating lambda i =M i V, wherein M i Represents the ith row of matrix M;
step 2.2: for each row i E [1, l]Randomly select t i ∈Z p And calculates ciphertext component c=m·e (g, g) αs C 0 =g s ,C′ 0 =g as
Step 2.3: definition cover{ R } is a minimum set of covers associated with revocation list R, for each j ε cover { R }, calculate the associated ciphertext component
Step 2.4: definition of the definitionIs the remainder of the access policy ψ after the user attribute values are removed, and the data owner finally takes the ciphertext tuple ct= (C, C) 0 ,C 0 ,{C i,1 ,C i,2 ,C i,3 } i∈[1,l] ,/> And sending the data to a smart city big data platform.
5. The secure data transmission method for smart city-oriented big data service according to claim 1, wherein the decryption key creation in step 3 is specifically:
step 3.1: calculate c=enc k (n d ) Wherein n is d A value of a leaf node of the binary tree for the user id, d being the depth of the binary tree;
step 3.2: selecting a random number r E Z p For set I S All attribute names T E I in the list S Calculate the decryption key component as K' =c,L=g r ,L′=g ar ,/>
step 3.3: definition Path (n) d )={n 0 ,...,n d From the root node to leaf node n of the binary tree d N of the path of (2) 0 Representing root node, selecting random numberAnd calculates the decryption key component associated with the user id +.>
Step 3.4: the algorithm ultimately outputs the user decryption keyAnd returns the decryption key to the data user.
6. The secure data transmission method for smart city-oriented big data service according to claim 1, wherein the step 4 ciphertext decryption specifically comprises:
case 1: if the user attribute set does not meet the access policy, i.eOr the user identity is already in the revocation list, i.e. id e R, the algorithm is aborted;
case 2: if the user identity is not in the revocation listAnd the user attribute set meets the access policy, namely S epsilon (M, rho), the algorithm runs the following four steps:
step 4.1: when (when)When there is a node j such that j ε cover (R) ≡Path (id) is true, assume thatPath(id)={n 0 ,...,n dep(j) ,…,n d N is }, where n dep(j) =j and n d For values of leaf nodes with respect to user id, the user then calculatesAnd +.>
Step 4.2: defining the number of rows in matrix M for all attributes in the access policy (M, ρ) that the user satisfiesDefinition factor { c i I e I, so that Σ i∈I c i λ i =s is true, and then the decryption components E, F are calculated as follows
Step 4.3: the decryption component is calculated as follows
Step 4.4: finally, the data user calculates and recovers the data plaintext according to the following equation on the basis of the decryption component on the ciphertext
7. The method for transmitting secure data for smart city-oriented big data service according to claim 1, wherein the step 5 key integrity detection specifically comprises:
firstly, selecting a random number K' E Z p K, L, L', K τ ,K id E G, then determining whether the following holds
e(g,L′)=e(g a ,L)≠1
e(K,g a g K′ )=e(g,g) α e(L K′ ·L′,h)≠1
Exist τ ε I S So that
If the decryption key SK satisfies the above equation, the key need not be traced, the algorithm output 1 indicates a detection offer, otherwise the algorithm inputs 0, and the next algorithm is performed on the key SK.
8. The method for secure data transmission for smart city-oriented big data service according to claim 1, wherein the step 6 key tracking specifically comprises:
step 6.1: calculating n d =dec (K') to recover the value of the leaf node corresponding to the user id;
step 6.2: from binary leaf node value n d Finding out the corresponding user identity id, and directly outputting the T if the user identity id does not exist;
step 6.3: if it isIt is explained that the user id has not been added to the revocation list and thus the revocation list R' =ru { id }.
9. A system for implementing the secure data transmission method for smart city-oriented big data service as claimed in any one of claims 1 to 8, comprising: the intelligent city management center, the intelligent city big data platform, the data owner and the data user have the following specific functions:
the intelligent city management center is used for managing data owners and data users in the intelligent city big data service system, creating public parameters required by system operation and generating keys for the data users;
the smart city big data platform is used for storing any encrypted data uploaded by a data owner;
the data owners, including but not limited to sensor terminals or actuators in the smart city system, automatically or manually collect related data, encrypt and upload to the smart city big data platform;
and the data user is a user terminal enjoying the smart city big data service, downloads, decrypts and finally acquires related data from the smart city big data platform.
CN202310413678.1A 2023-04-11 2023-04-11 Secure data transmission method and system for smart city big data service Pending CN116545663A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310413678.1A CN116545663A (en) 2023-04-11 2023-04-11 Secure data transmission method and system for smart city big data service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310413678.1A CN116545663A (en) 2023-04-11 2023-04-11 Secure data transmission method and system for smart city big data service

Publications (1)

Publication Number Publication Date
CN116545663A true CN116545663A (en) 2023-08-04

Family

ID=87455201

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310413678.1A Pending CN116545663A (en) 2023-04-11 2023-04-11 Secure data transmission method and system for smart city big data service

Country Status (1)

Country Link
CN (1) CN116545663A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110457930A (en) * 2019-08-16 2019-11-15 上海海事大学 The attribute base encryption method and system of the hiding traceable revocation malicious user of strategy
CN113179270A (en) * 2021-04-28 2021-07-27 湖南大学 Mobile crowd sensing traceable and privacy protection-based data sharing method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110457930A (en) * 2019-08-16 2019-11-15 上海海事大学 The attribute base encryption method and system of the hiding traceable revocation malicious user of strategy
CN113179270A (en) * 2021-04-28 2021-07-27 湖南大学 Mobile crowd sensing traceable and privacy protection-based data sharing method

Similar Documents

Publication Publication Date Title
CN108632032B (en) Safe multi-keyword sequencing retrieval system without key escrow
Jeyachandran et al. Securing Cloud information with the use of Bastion Algorithm to enhance Confidentiality and Protection
CN113434873A (en) Federal learning privacy protection method based on homomorphic encryption
CN108989026B (en) Method for revoking user attribute in publishing/subscribing environment
CN103329478B (en) The cipher processing method of cryptographic system and cryptographic system
Liu et al. Efficient verifiable public key encryption with keyword search based on KP-ABE
CN110611662B (en) Attribute-based encryption-based fog collaborative cloud data sharing method
Li et al. Attribute-based keyword search and data access control in cloud
Bi et al. Internet of things assisted public security management platform for urban transportation using hybridised cryptographic‐integrated steganography
CN111147508B (en) Searchable attribute-based encryption method for resisting keyword guessing attack
CN112115201B (en) Transaction processing method and device based on block chain and transaction tracking method and device
Zhang et al. A privacy protection scheme for IoT big data based on time and frequency limitation
CN114036240A (en) Multi-service provider private data sharing system and method based on block chain
CN111310214A (en) Attribute-based encryption method and system capable of preventing key abuse
Kuchta et al. Multi-authority distributed attribute-based encryption with application to searchable encryption on lattices
Hong et al. A fine-grained attribute based data retrieval with proxy re-encryption scheme for data outsourcing systems
KR101217491B1 (en) A method for searching keyword based on public key
CN113079177B (en) Remote sensing data sharing method based on time and decryption frequency limitation
Li et al. Anonymous, secure, traceable, and efficient decentralized digital forensics
Mi et al. Secure data de-duplication based on threshold blind signature and bloom filter in internet of things
CN108259606A (en) Cloud computing public cloud file stores and search method
CN114866236B (en) Data sharing method of Internet of things in cloud based on alliance chain
CN116432192A (en) Multi-mechanism, revocable and liability attribute encryption method and system based on OBDD
Chen et al. Exploring unobservable blockchain-based covert channel for censorship-resistant systems
Wang et al. Fine‐Grained Task Access Control System for Mobile Crowdsensing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination