CN116980119A - Data watermark tracing method in Internet of things access control based on 4W1L model - Google Patents
Data watermark tracing method in Internet of things access control based on 4W1L model Download PDFInfo
- Publication number
- CN116980119A CN116980119A CN202310817891.9A CN202310817891A CN116980119A CN 116980119 A CN116980119 A CN 116980119A CN 202310817891 A CN202310817891 A CN 202310817891A CN 116980119 A CN116980119 A CN 116980119A
- Authority
- CN
- China
- Prior art keywords
- model
- watermark
- resource
- internet
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000006870 function Effects 0.000 description 10
- 238000002372 labelling Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/608—Watermarking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/146—Tracing the source of attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Abstract
The application discloses a data watermark tracing method in Internet of things access control based on a 4W1L model, and relates to the field of computer network space security. The method comprises the following steps of: s1: establishing a 4W1L model M, and simultaneously storing the relation between the devices in a graph database; s2: encrypting different devices based on a model M and an AES encryption algorithm to generate 4 watermarks, splicing the 4 watermarks to obtain a watermark WM, embedding the watermark WM into an original file to obtain a WMF, and encrypting the WMF; s3: when the WMF is tampered, the WMF is disassembled to obtain the watermark WM and the original file F, the watermark WM is reversely parsed into four ciphertexts, and the four ciphertexts are searched in a graph database, so that the leakage point can be positioned. The scheme has the advantages of fewer required computing resources, faster query speed, more definite data relationship, better expansibility and flexibility, and capability of improving data security and reducing the risk of data leakage.
Description
Technical Field
The application belongs to the field of computer network space security.
Background
The internet of things stores massive private data, the data are transmitted among terminals, networks, cloud ends and the like of the internet of things, the exposure range of the private data is enlarged, and meanwhile the risk of data leakage is increased. For example, a hacker attacks the intelligent sound box to steal the private information of the user, and the private security of the user is threatened. The intelligent medical internet of things equipment can record and share privacy information of a patient to a plurality of medical organizations, and the possibility of medical privacy disclosure of the user is further expanded while the intelligent medical internet of things equipment provides services for the patient. Therefore, we need to trace the data, precisely locate the data leakage point, and prevent the threat from further spreading.
The data in the access control of the Internet of things has the characteristics of privacy, mass property, value and the like, but the current tracing method for risk equipment based on the data is less. For example, li Yazi et al research a data tracing and labeling mode and a description model, and introduce a 7W model. Dai Chaofan et al studied the data tracing technique in the data warehouse system, wang Liwei et al studied the data tracing model in the scientific workflow service framework of the object proxy database, and proposed a data tracing scheme of a bi-directional pointer mechanism. There are also tracing method using graph theory and special query language, scheme of storing position by bit vector, labeling method of labeling data, reverse query method, etc.
However, most working schemes are coarse in granularity, cannot trace according to equipment security levels, schemes suitable for access control are few, the data tracing method is usually stored in a traditional relational database, data is not intuitively reflected, retrieval efficiency is low, and the method is not suitable for large-scale Internet of things systems
Disclosure of Invention
Aiming at the problems of high cost, coarse granularity, difficult rapid and accurate positioning of data leakage points and the like of the existing research method, the application provides a scheme for tracing the data watermark in the access control of the Internet of things based on a 4W1L model. The scheme has the advantages of less calculation resources, faster query speed, more definite data relationship, better expansibility and flexibility, and capability of improving data security and reducing the risk of data leakage.
The application provides the following technical scheme:
the data watermark tracing method in the access control of the Internet of things based on the 4W1L model is characterized by comprising the following steps of: s1: establishing a 4W1L model M, and simultaneously storing the relation between the devices in a graph database;
s2: encrypting different devices based on a model M and an AES encryption algorithm to generate 4 watermarks, splicing the 4 watermarks to obtain a watermark WM, embedding the watermark WM into an original file to obtain a WMF, and encrypting the WMF;
s3: when the WMF is tampered, the WMF is disassembled to obtain the watermark WM and the original file F, the watermark WM is reversely parsed into four ciphertexts, and the four ciphertexts are searched in a graph database, so that the leakage point can be positioned.
Preferably, the 4W1L model M described in step S1 contains five different fields, where, when, who, what, level, respectively.
Preferably, the Where field in the 4W1L model M represents the publisher of the resource, for locating the leak, the attribute specifying the identifier of the resource publisher; the When field in the 4W1L model M represents the timestamp of the resource and is used for extracting the release time of the resource, and the attribute designates the release time of the resource; the Who field in the 4W1L model M represents the receiver of the resource and is used for locating the user side leakage point, and the attribute designates the identifier of the receiver of the resource; the What field in the 4W1L model M represents the abstract of the resource and is used for later data arrangement, and the attribute designates the description or abstract information of the resource; the Level field in the 4W1L model M indicates the security Level of the resource, and is used for security marking the resource, where the attribute designates the security Level of the resource.
Preferably, the storing the relationships between the devices in the graph database according to the model M in step S1 takes the devices as nodes, and the relationships between the devices are stored in the graph database in the form of edges, where the description of the graph is g= < E, R >, E represents a set of devices, exists in the form of nodes, R represents a set of relationships between the devices, and exists in the form of edges.
Preferably, the set of devices E is divided into two classes, source device SE and destination device AE, respectively, generally described as e= < SE, AE >, where SE is the resource publisher, i.e. represents Where in the M model; AE is the resource recipient, i.e. represents the wha in the M model; the relationship R is generally described as r= < SE, AE >, indicating that the two ends of the edge R are the corresponding source device SE and destination device AE.
Preferably, the encrypting the device in step S2 is to assign the Key of the AES algorithm to the security Level represented by Level, and encrypt the remaining four W fields of the model M, so as to obtain four ciphertexts c_where, c_who, c_wha corresponding to the fields in the model M.
Preferably, the splicing of the 4 watermarks described in step S2 is based on the following formula: wm=lastkey (c_where, c_wren, c_who, c_wha, level)
The LastKey is a confusion function defined by us, and C_WHERE, C_WHEN, C_WHO and C_WHO are ciphertext obtained by encrypting fields by using an AES encryption function.
Preferably, the encryption of WMF described in step S2 is based on the following formula: hash=h (D), where D is a file that needs to be hashed, H is a Hash function algorithm, and Hash is a Hash value corresponding to the watermark file.
Preferably, the inverse parsing of the watermark WM into four ciphertexts described in step S3 is based on the following formula: c=beforekey (WM, level), p=d (K, C)
The BeforeKey is a function defined by us for reversely resolving the watermark WM into ciphertext; WM is watermark; level is the security Level; c is the resolved ciphertext; d is an AES decryption function; k is a secret key; p is in plain text, i.e., the Where, when, what, who fields of model M.
Compared with the prior art, the application has the following advantages:
(1) The method provides a 4W1L model for tracing the data watermark, the granularity of the model is small, and a graph database is used for tracing and storing, so that the consumption of computing resources can be reduced, and the model can be effectively deployed in Internet of things equipment.
(2) The method marks the equipment resources by 4W1L, has good tracing effect on the circulation process of the data, and binds the resource publisher and the resource receiver together from Where and Who to achieve the aim of tracing the source.
Drawings
Fig. 1 is a flowchart of a data watermark tracing method in access control of the internet of things;
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, are intended to fall within the scope of the present application.
It is noted that unless otherwise indicated, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs. In addition, the technical solutions of the embodiments of the present application may be combined with each other, but it is necessary to be based on the fact that those skilled in the art can implement the technical solutions, and when the technical solutions are contradictory or cannot be implemented, the combination of the technical solutions should be considered as not existing, and not falling within the scope of protection claimed by the present application.
Examples
As shown in fig. 1, a data watermark tracing method in internet of things access control based on a 4W1L model relates to the field of computer network space security. The method comprises the following steps of: s1: establishing a 4W1L model M, and simultaneously storing the relation between the devices in a graph database;
s2: encrypting different devices based on a model M and an AES encryption algorithm to generate 4 watermarks, splicing the 4 watermarks to obtain a watermark WM, embedding the watermark WM into an original file to obtain a WMF, and encrypting the WMF;
s3: when the WMF is tampered, the WMF is disassembled to obtain the watermark WM and the original file F, the watermark WM is reversely parsed into four ciphertexts, and the four ciphertexts are searched in a graph database, so that the leakage point can be positioned.
In this embodiment, the 4W1L model M in step S1 includes five different fields, where, level, respectively. It should be noted that, the M model can provide an independent mark for the device, and connect the publisher and the receiver of the device through the Where and the wha attributes, so as to locate the resource leakage point more accurately and more quickly, and the Level field is used for watermark encrypting the resources with different security levels, so as to reduce the resource consumption to the maximum extent and improve the security of the data.
The Where field in the 4W1L model M represents the publisher of the resource, and is used for locating the leakage point, and the attribute designates the identifier of the resource publisher; the When field in the 4W1L model M represents the timestamp of the resource and is used for extracting the release time of the resource, and the attribute designates the release time of the resource; the Who field in the 4W1L model M represents the receiver of the resource and is used for locating the user side leakage point, and the attribute designates the identifier of the receiver of the resource; the What field in the 4W1L model M represents the abstract of the resource and is used for later data arrangement, and the attribute designates the description or abstract information of the resource; the Level field in the 4W1L model M indicates the security Level of the resource, and is used for security marking the resource, where the attribute designates the security Level of the resource.
The storing of the relationships between the devices in the graph database according to the model M in the step S1 is to store the devices in the graph database in the form of edges by taking the devices as nodes, where the graph is described as g= < E, R >, E represents a set of devices, exists in the form of nodes, and R represents a set of relationships between the devices, exists in the form of edges. Here, the model after the device modeling is stored in the graph G.
The set of devices E is divided into two types, namely a source device SE and a destination device AE, and is generally described as e= < SE, AE >, wherein SE is a resource publisher, namely represents Where in the M model; AE is the resource recipient, i.e. represents the wha in the M model; the relationship R is generally described as r=
< SE, AE > means that both ends of the edge R are the corresponding source device SE and destination device AE.
In the step S2, the encryption of the device is to assign the Key of the AES algorithm to the security Level represented by Level, and encrypt the remaining four W fields of the model M, so as to obtain four ciphertexts c_where, c_who, and c_wha corresponding to the fields in the model M.
Splicing the 4 watermarks as described in step S2 is based on the following formula: wm=lastkey (c_where, c_wren, c_who, c_wha, level)
The LastKey is a confusion function defined by us, and C_WHERE, C_WHEN, C_WHO and C_WHO are ciphertext obtained by encrypting fields by using an AES encryption function.
The encryption of WMF described in step S2 is based on the following formula: hash=h (D), where D is a file that needs to be hashed, H is a Hash function algorithm, and Hash is a Hash value corresponding to the watermark file. When the user operates the watermark file, firstly, hash value Hash is obtained through Hash algorithm by Hash detection of the watermark file, and if the front Hash value and the rear Hash value are inconsistent, the watermark file can be judged to be tampered.
The reverse parsing of the watermark WM into four ciphertexts described in step S3 is based on the following formula: c=beforekey (WM, level), p=d (K, C)
The BeforeKey is a function defined by us for reversely resolving the watermark WM into ciphertext; WM is watermark; level is the security Level; c is the resolved ciphertext; d is an AES decryption function; k is a secret key; p is in plain text, i.e., the Where, when, what, who fields of model M. Then, searching is carried out in the graph database, so that the leakage point can be accurately positioned.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (9)
1. The data watermark tracing method in the access control of the Internet of things based on the 4W1L model is characterized by comprising the following steps of:
s1: establishing a 4W1L model M, and simultaneously storing the relation between the devices in a graph database;
s2: encrypting different devices based on a model M and an AES encryption algorithm to generate 4 watermarks, splicing the 4 watermarks to obtain a watermark WM, embedding the watermark WM into an original file to obtain a WMF, and encrypting the WMF;
s3: when the WMF is tampered, the WMF is disassembled to obtain the watermark WM and the original file F, the watermark WM is reversely parsed into four ciphertexts, and the four ciphertexts are searched in a graph database, so that the leakage point can be positioned.
2. The method for tracing the data watermark in the access control of the Internet of things based on the 4W1L model according to claim 1 is characterized by comprising the following steps: the 4W1L model M in step S1 contains five different fields, where, when, who, what, level, respectively.
3. The method for tracing the data watermark in the access control of the Internet of things based on the 4W1L model according to claim 2 is characterized by comprising the following steps: the Where field in the 4W1L model M represents the publisher of the resource, and is used for locating the leakage point, and the attribute designates the identifier of the resource publisher; the When field in the 4W1L model M represents the timestamp of the resource and is used for extracting the release time of the resource, and the attribute designates the release time of the resource; the Who field in the 4W1L model M represents the receiver of the resource and is used for locating the user side leakage point, and the attribute designates the identifier of the receiver of the resource; the What field in the 4W1L model M represents the abstract of the resource and is used for later data arrangement, and the attribute designates the description or abstract information of the resource; the Level field in the 4W1L model M indicates the security Level of the resource, and is used for security marking the resource, where the attribute designates the security Level of the resource.
4. The method for tracing the data watermark in the access control of the Internet of things based on the 4W1L model according to claim 1 is characterized by comprising the following steps: the storing the relationships between the devices in the graph database according to the model M in the step S1 is to store the devices in the graph database in the form of edges by taking the devices as nodes, where the graph is described as g= < E, R >, E represents a set of devices, exists in the form of nodes, R represents a set of relationships between the devices, and exists in the form of edges.
5. The method for tracing the data watermark in the access control of the Internet of things based on the 4W1L model according to claim 4 is characterized by comprising the following steps: the set of devices E is divided into two types, namely a source device SE and a destination device AE, and is generally described as e= < SE, AE >, wherein SE is a resource publisher, namely represents Where in the M model; AE is the resource recipient, i.e. represents the wha in the M model; the relationship R is generally described as r= < SE, AE >, indicating that the two ends of the edge R are the corresponding source device SE and destination device AE.
6. The method for tracing the data watermark in the access control of the Internet of things based on the 4W1L model according to claim 1 is characterized by comprising the following steps: the encrypting the device in step S2 is to assign the Key of the AES algorithm to the security Level represented by Level, and encrypt the remaining four W fields of the model M, so as to obtain four ciphertexts c_where, c_who, c_wha corresponding to the fields in the model M.
7. The method for tracing the data watermark in the access control of the Internet of things based on the 4W1L model according to claim 1 is characterized by comprising the following steps: the splicing of the 4 watermarks described in the step S2 is performed based on the following formula: wm=lastkey (c_where, c_white, c_who, c_wha, level), WHERE LastKey is a confusion function we define and c_white, c_wha is ciphertext we have encrypted fields with AES encryption function.
8. The method for tracing the data watermark in the access control of the Internet of things based on the 4W1L model according to claim 1 is characterized by comprising the following steps: the encryption of WMF described in step S2 is based on the following formula: hash=h (D), where D is a file that needs to be hashed, H is a Hash function algorithm, and Hash is a Hash value corresponding to the watermark file.
9. The method for tracing the data watermark in the access control of the Internet of things based on the 4W1L model according to claim 1 is characterized by comprising the following steps: the reverse parsing of the watermark WM into four ciphertexts described in step S3 is based on the following formula: c=beforekey (WM, level), p=d (K, C), where BeforeKey is a function we define to parse the watermark WM back into ciphertext; WM is watermark; level is the security Level; c is the resolved ciphertext; d is an AES decryption function; k is a secret key; p is plaintext, i.e., the Where, when, what, who fields of model M.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310817891.9A CN116980119A (en) | 2023-07-04 | 2023-07-04 | Data watermark tracing method in Internet of things access control based on 4W1L model |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310817891.9A CN116980119A (en) | 2023-07-04 | 2023-07-04 | Data watermark tracing method in Internet of things access control based on 4W1L model |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116980119A true CN116980119A (en) | 2023-10-31 |
Family
ID=88474166
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310817891.9A Pending CN116980119A (en) | 2023-07-04 | 2023-07-04 | Data watermark tracing method in Internet of things access control based on 4W1L model |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116980119A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6850252B1 (en) * | 1999-10-05 | 2005-02-01 | Steven M. Hoffberg | Intelligent electronic appliance system and method |
| CN113849783A (en) * | 2021-09-30 | 2021-12-28 | 北京创安恒宇科技有限公司 | Structured data label watermark tracing method based on state encryption |
-
2023
- 2023-07-04 CN CN202310817891.9A patent/CN116980119A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6850252B1 (en) * | 1999-10-05 | 2005-02-01 | Steven M. Hoffberg | Intelligent electronic appliance system and method |
| CN113849783A (en) * | 2021-09-30 | 2021-12-28 | 北京创安恒宇科技有限公司 | Structured data label watermark tracing method based on state encryption |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chen et al. | An efficient privacy-preserving ranked keyword search method | |
| Yiu et al. | Enabling search services on outsourced private spatial data | |
| Boldyreva et al. | Efficient fuzzy search on encrypted data | |
| JP6180177B2 (en) | Encrypted data inquiry method and system capable of protecting privacy | |
| Zhang et al. | Cryptographic public verification of data integrity for cloud storage systems | |
| Yuan et al. | Enckv: An encrypted key-value store with rich queries | |
| CN105610793B (en) | A kind of outsourcing data encryption storage and cryptogram search system and its application process | |
| CN112800472B (en) | Industrial internet identification data protection system based on micro-service architecture | |
| US20090138698A1 (en) | Method of searching encrypted data using inner product operation and terminal and server therefor | |
| CN109361644B (en) | Fuzzy attribute based encryption method supporting rapid search and decryption | |
| EP3511845B1 (en) | Encrypted message search method, message transmission/reception system, server, terminal and programme | |
| US10417442B2 (en) | Server device, data search system, search method, and recording medium for extracting concealed data | |
| Varri et al. | A scoping review of searchable encryption schemes in cloud computing: taxonomy, methods, and recent developments | |
| CN107094075A (en) | A kind of data block dynamic operation method based on convergent encryption | |
| Kissel et al. | Verifiable phrase search over encrypted data secure against a semi-honest-but-curious adversary | |
| Wang et al. | Order-revealing encryption: File-injection attack and forward security | |
| CN114417073B (en) | Neighbor node query method and device of encryption graph and electronic equipment | |
| Kamara | Restructuring the NSA metadata program | |
| Ou et al. | An efficient and privacy-preserving multiuser cloud-based lbs query scheme | |
| Liu et al. | Authorized keyword search on mobile devices in secure data outsourcing | |
| Zhang et al. | Backward private dynamic searchable encryption with update pattern | |
| CN116980119A (en) | Data watermark tracing method in Internet of things access control based on 4W1L model | |
| JP6732887B2 (en) | Method and system for database queries | |
| Shahien et al. | Multi-server searchable data crypt: searchable data encryption scheme for secure distributed cloud storage | |
| CN111030930B (en) | Decentralized network data fragment transmission method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |