CN117035740B

CN117035740B - Construction method of bridge structure detection monitoring and maintenance data traceability system

Info

Publication number: CN117035740B
Application number: CN202311054756.XA
Authority: CN
Inventors: 王晓琳; 时慧恩; 李剑辉; 农博文; 韦永山; 朱茂华; 卢迪; 周羁; 林甲胜; 谢斯宇; 廖乃雄; 赵靖钊; 蓝元沛; 蒙东龙; 梁德宝; 叶森泉
Original assignee: Guangxi Academy of Sciences
Current assignee: Guangxi Academy of Sciences
Priority date: 2023-08-21
Filing date: 2023-08-21
Publication date: 2024-04-19
Anticipated expiration: 2043-08-21
Also published as: CN117035740A

Abstract

The invention discloses a construction method of a bridge structure detection monitoring and maintenance data traceability system. Comprising the following steps: and carrying out node authentication and key distribution by utilizing a trusted third party, and ensuring the validity and the integrity of the data through an intelligent contract. The data uploading node is responsible for storing bridge related data in the blockchain, and the data inquiring node can track and inquire related information through the tracing system. The system adopts a alliance chain technical architecture, has the characteristic of being unable to forge, and protects the privacy and confidentiality of users. By optimizing the data structure and the query mechanism of the block chain, the execution efficiency and the query efficiency of the system are improved. The invention provides reliable and safe data traceability service for detecting, monitoring and maintaining the bridge structure.

Description

Construction method of bridge structure detection monitoring and maintenance data traceability system

Technical Field

The invention relates to the technical field of bridge data tracing, in particular to a block chain-based bridge structure detection monitoring and maintenance data tracing system and a construction method thereof.

Background

In recent years, bridge structure health detection technology has been widely applied to practical engineering projects. Different from the traditional structural damage detection method, the bridge structural health detection can realize uninterrupted detection of bridge damage conditions by arranging sensors at key positions of the bridge. The bridge structure detection and maintenance are a process with strong relevance, firstly, the structural detection group members collect the related data of the bridge, and then the bridge maintenance work is carried out by the special maintenance group members; in the process, in order to make the data of the detection and maintenance process real and reliable and prevent the two parties from hooking and falsifying the data, the trust problem in the engineering needs to be solved by establishing a data tracing system. Under the condition that the data volume and the number of the participants are increased, the existing structural health detection system based on the centralized architecture design may have the problems of data loss risk, network bottleneck, low information sharing efficiency and the like, so that a system with high bridge structure detection and maintenance data security is needed to be provided. Compared with a central architecture, the blockchain technology is a decentralized distributed architecture design idea, and the blockchain has the characteristics of data tamper resistance, traceability, point-to-point transmission, consensus mechanism and the like, and is not widely applied in the field of bridge structure health detection at present.

In the prior art [ Liu Haoran ] the civil structure health monitoring system based on the blockchain technology is researched [ D ]. Tianjin university, 2023.DOI:10.27356/d.cnki.gtjdu.2020.004367], an intelligent contract for SHM is developed, monitoring authority verification, abnormal data identification and early warning information generation can be realized, a double-layer node blockchain network architecture for SHM is designed, and an implementation scheme of a blockchain-SHM system is provided. Then, a damage simulation test is performed based on a single-layer latticed shell structure, performance evaluation and verification are performed on the blockchain-SHM system provided by the research, and the result shows that the system provided can realize data tamper resistance, traceability, monitoring authority verification and abnormal data identification generation early warning information and has good stability.

The disadvantages of the prior art are as follows:

1) The bridge structure health detection system lacks a set of unified supervision system, and the intelligent contract function of the system is not perfect enough.

2) The amount of data stored in the blockchain system is large, and the response time of the user to query the data is long.

3) The delay of request acknowledgements is high.

4) The system data is not highly reliable.

Disclosure of Invention

The invention provides a construction method of a bridge structure detection monitoring and maintenance data traceability system aiming at the defects of the prior art.

In order to achieve the above object, the present invention adopts the following technical scheme:

bridge structure detects monitoring and maintenance data traceability system based on blockchain includes:

A trusted third party: the trusted third party is responsible for authenticating the identity of the access node, distributing keys, and partitioning the organization to which it belongs. The security of the trusted third party is assumed to be the highest level, and the audit and revocation results are truly trusted. The act of managing and distributing keys is also considered secure.

And (3) a data uploading node: the data uploading node comprises bridge structure health detection group personnel and maintenance group personnel. The data uploading node can access the tracing system only after passing the authentication of the trusted third party. The data uploading node decides the personnel for decrypting the message according to the authority granted by the system. Through intelligent contracts, the traceability system can ensure the validity of the data storage process and the content. The data querying node may access relevant information already stored on the blockchain. The data uploading node is subjected to strict audit and authentication before being accessed into the system, and the uploading malicious or invalid data can be penalized or the access authority can be revoked.

Data query node: the data query node is a manager of the head office or a customer who needs to provide bridge inspection and maintenance services. The data query node obtains system access authorization after being authenticated by a trusted third party. The query node can track and query basic introduction, related information and supervision authentication of the product through the traceability system. The data querying node can decrypt the target information through the private key only when the predefined condition is met. When the data query node accesses the system, the data query node needs to be subjected to verification and authentication, and even if the data query node is considered to be a safe node, the access capability of the data query node is limited.

Blockchain: the traceability system adopts a technical architecture based on a alliance chain, and each distributed uploading node can store data into a blockchain. Each product has a unique identification tag and has an encrypted digital search identifier, with the feature of being non-verifiable. The smart contract is responsible for performing encryption and decryption operations, verifying whether the node has search rights, and verifying the correctness of the search results.

Cloud server: the cloud server interacts with the blockchain system, is responsible for storing data files, and performs secure index searches without knowing any data files or search query information.

The invention also discloses a construction method of the bridge structure detection monitoring and maintenance data traceability system, which comprises the following steps:

s1: and defining data formats of the block chain and the cloud, optimizing a storage data structure of the block chain, and improving the efficiency of tracing searching.

S2: and carrying out data initialization setting, registration access node authentication and key distribution by a trusted third party.

S3: the data uploading node completes registration, authentication, key generation, data encryption and data storage.

S4: the data query node performs registration authentication, key generation, on-chain and cloud search, data verification and data decryption, and achieves the functions of data integrity verification and efficient query.

Further, the specific steps of S1 are as follows:

S11: preprocessing a data structure; the structure of the data in the blockchain is defined and each transaction tuple is preprocessed. The transaction tuple consists of the initial key value, the key value pair of the relationship binding, and the timestamp information. The initial key value is formed by splicing specific data and a random number, and the time stamp is the time of data uploading.

S12: cloud data preprocessing; before data are transmitted to a cloud server, a lightweight JSON format is used for storage, and a binding relation between a safe index and a data ciphertext is established. The data is encrypted using a symmetric encryption algorithm and the index key is encrypted using a searchable encryption algorithm.

S13: optimizing a data structure; the TB ⁺ -tree index structure is provided, so that efficient traceability query is realized;

the TB ⁺ -tree is divided into 3 layers, namely an internal node layer, an identification layer and a leaf node layer from top to bottom;

The internal node layers provide indexed navigation functionality. It stores the range of keys and corresponding child node addresses. And determining the position of the leaf node to be accessed through the internal node layer, thereby accelerating the searching speed.

The identification layer consists of head identification information and a timestamp identification, and a key value, a timestamp and a child node address are stored in a node of the identification layer;

The leaf node layer is made up of leaf nodes with pointers to the next leaf node.

Further, the specific steps of S2 are as follows:

s21: initializing; executing the Init () method initializes smart contracts and data.

S22: dynamically managing keys; the initialization algorithm inputs the security parameter lambda and the attribute set S, and generates a security key for the subsequent access node, so that the system has a dynamic access authentication function.

S23: key distribution; a system public key PK and a system master key MK are generated, the master key acting only as attribute-based access control, generating a private key SK for each participant. Public key PK is distributed to each data uploading node for the nodes to encrypt the uploaded data, and the formula is as follows:

In the formula, setup (1 ^λ, S) represents an initialization function of the traceability system, the parameters are a security parameter lambda and an attribute set S, and the parameters are output as a public key PK and a master key MK.

KeyGen (MK, S) represents a key generation function, and parameters are a master key MK and an attribute set S, and output as a private key SK of a participant.

Further, the specific steps of S3 are as follows:

s31: detecting and maintaining data uploading nodes for registration and authentication;

The data registration node initiates a registration request to a trusted third party and provides the real attribute information. The trusted third party checks the authenticity of the node properties and decides whether to allow access. Once the node is authenticated and access rights are obtained, the trusted third party assigns corresponding rights to the node and divides it into corresponding organizations. The node will obtain the PK, MK and security parameters granted by the trusted third party.

S32: generating a secret key; the data uploading node is authorized to access the system and execute a key generation algorithm, generating a symmetric key K _aes and a searchable encryption key K _sse.

S33: encrypting data; after the data uploading node generates the symmetric key K _aes and the searchable encryption key K _sse, the plaintext data set and the corresponding key index are encrypted respectively.

S34: the encrypted data is uploaded to different positions for storage;

The search key _i in the data tuple Y _i＝<First,key_i, timestamp > and its corresponding data ciphertext value _i and timestamp information timestamp are uploaded to the blockchain for storage using a function Puststate (key, value).

A request to upload a file is initiated to the cloud server using the function cloudfunc.insert (I _i,C_i), and the security index I _i and its corresponding set of ciphertext C _i are sent to the cloud server.

Further, the specific definition and process of the key generation algorithm in S32 are as follows:

The symmetric searchable encryption key generation function SSEKEYGEN () and the symmetric key generation function AESKEYGEN () for encrypting the data file are both invoked by the data upload node. Invoking SSEKEYGEN (), inputting a security parameter lambda, and outputting a symmetrical searchable encryption key K _sse for encrypting a keyword plaintext; call AESKEYGEN () and input security parameter lambda and output symmetric key K _aes for encrypting the data file.

Further, the specific definition and process of S33 are as follows:

The process involves encrypting three different types of data, each of which is called a corresponding encryption algorithm in the data uploading process by the data uploading node:

Calling a symmetric encryption method: aesEnc (), a symmetric key K _aes, a plaintext file set D _i and a symmetric key K _aes after attribute encryption are input, and a corresponding ciphertext set C _i is output;

Invoking a symmetrical searchable encryption method sseEnc (), inputting a keyword index plaintext M _ki and a searchable encryption key K _sse, and then outputting a corresponding security index I _i;

Call cpabeEnc (), input public key PK, security index I, ciphertext hash value h (C), access control structure Γ, output attribute-based encryption value _i. This process is to encrypt I and h (C). Only users whose attributes match the access policy are able to decrypt the content. Where h (C) is to verify the integrity of the data returned from the cloud.

Further, the specific steps of S4 are as follows:

S41: inquiring node registration authentication;

The data query node initiates a registration request to a trusted third party and provides the real attribute information. The trusted third party reviews the authenticity of the node attributes and determines whether the node is eligible for access. Once the node passes the authentication, a user attribute private key and a security parameter are obtained; the registration process uses a function check (S);

S42: a search phase on the chain;

after the data query node obtains the corresponding authorization, data searching can be performed in the blockchain. The system returns a security index value based on attribute encryption and a hash value corresponding to the ciphertext; the query process returns a value _i using the function Search (key _i);

s43: a decryption stage on the chain;

after the value _i is obtained by the data query node, the data query node uses the user attribute private key K _cpabe to decrypt the value, and obtains the security index and the corresponding hash value of the encrypted data. If the user attribute matches the access policy, performing a decryption operation; otherwise, the query process terminates. The decryption process returns the decrypted secure index I _i and hash value using a function cpabeDec (PK, value _i,K_cpabe)

S44: searching on the cloud;

After the on-chain decryption stage, the data querying node can obtain the secure index from the blockchain. The intelligent contract automatically executes the search service request, sends the search request to the cloud server, and provides a security index to be searched. After receiving the request, the cloud server executes the search query and retrieves the corresponding ciphertext according to the security index. And finally, the cloud server returns the corresponding data ciphertext. The search procedure returns ciphertext set C _i using the function cloudfunc.search (I _i).

S45: a cloud search result verification stage;

When the data query node receives the ciphertext returned by the cloud server, the integrity of the returned data ciphertext needs to be checked. After the blockchain acquires the corresponding ciphertext from the database, a verification contract is automatically called, and a verification algorithm is executed to verify the integrity of the data.

S46: a data ciphertext decryption stage;

When the result returned in the verification stage is TRUE, the system determines that the data ciphertext has not been maliciously modified. The node needs to obtain a symmetric key before decrypting the data file. The smart contract invokes the ciphertext values of the user's private key and the symmetric key and decrypts to obtain symmetric key K _aes. After the symmetric key is successfully obtained, the intelligent contract automatically decrypts the ciphertext and returns corresponding plaintext data D _i.

S47: a query result processing stage;

After decryption processing, the system is already able to read the plaintext data set. The intelligent contract calls an algorithm for splitting the compound key to split the character string in the 'Pre' field into required contents. The split character string is a unique identifier on the previous node chain, is used as a new search target value, and is used for initiating inquiry to obtain a complete traceable inquiry result. And finally, generating a complete tracing chain according to the sequence of the timestamp dictionary, and returning the final tracing result to the data query node.

S48: downloading data;

After the blockchain is introduced as the bottom layer, seed files, uploading and inquiring node information of the files can be inquired on the blockchain. After inquiring the data to be downloaded, the user can download the data. After the download is completed, the smart contract executes an incentive mechanism, distributes the incentive, and records the data transaction information onto the blockchain.

Compared with the prior art, the invention has the advantages that:

1. The system improves the searching efficiency and overcomes the problem of the query efficiency commonly existing in the traditional traceability system by designing a high-efficiency data traceability algorithm and a query mechanism. This enables the system to handle a large number of data query requests, meeting the needs of various scenarios.

2. The cloud data security guarantees that the cloud server cannot acquire or crack any information of the key, the keyword ciphertext, the trapdoor information or the original data file by adopting a series of security protection measures. In addition, the user can verify the integrity of the ciphertext file downloaded from the cloud by reading the hash value stored on the chain, so that the safety of data is enhanced.

3. Fine-grained access control capability the system has fine-grained access control capability that prevents unauthorized data access. Only nodes meeting the attribute policy can infer or decrypt ciphertext information, so that the privacy and confidentiality of data are effectively protected.

4. Based on the data structure of the TB ⁺ -tree, the system adopts the data structure constructed based on the TB ⁺ -tree, and the performance and throughput of the block chain system can be improved. The TB ⁺ -tree has low possibility of maliciously tampering with data, can effectively prevent the data from being tampered and damaged, and enhances the integrity and reliability of the data.

Drawings

FIG. 1 is a diagram of a bridge structure detection monitoring and maintenance data traceability system model according to an embodiment of the invention;

FIG. 2 is a logical block diagram of a TB+ -tree according to an embodiment of the present invention;

FIG. 3 is a diagram of a memory data structure in accordance with an embodiment of the present invention;

FIG. 4 is a flow chart of data upload according to an embodiment of the present invention;

FIG. 5 is a diagram of a data query and download process according to an embodiment of the present invention.

Detailed Description

The invention will be described in further detail below with reference to the accompanying drawings and by way of examples in order to make the objects, technical solutions and advantages of the invention more apparent.

As shown in fig. 1. Bridge structure detection monitoring and maintenance data traceability system overall design model based on block chain:

(1) A trusted third party: the trusted third party acts to authenticate the identity, distribute keys, and partition the organization to which it belongs for the access node. In the system, the security of the trusted third party is at the highest level in the security hypothesis, the trusted third party is true and trusted to the audit and revocation results of the access node, and the behavior of managing and distributing the secret key is safe.

(2) And (3) a data uploading node: the data uploading nodes in the system are bridge structure health detection group personnel and maintenance group personnel. These nodes first need to be authenticated by a trusted third party and then have access to the traceability system. In the system, the data uploading node can decide to decrypt the message personnel according to certain authority granted by the system. In addition, when detecting and maintaining data stored on the blockchain, the system can ensure the validity of the data storage process and content through intelligent contracts, the data query nodes can access related information, and the supervision authorities can monitor various data with the up-chain certification. The security of the data uploading node in the system is lower, the data uploading node is required to be subjected to strict audit and authentication of a trusted third party when being accessed to the system, if the uploaded data is found to be malicious data or invalid data by a system supervisor, the data uploading node can be fed back to the trusted third party, the system can punish malicious behaviors, and the authority of the system for accessing the traceable system can be revoked in serious situations.

(3) Data query node: the data query node can be a manager of a general package department and a customer who needs to provide bridge detection and maintenance services. After the query node is authenticated by the trusted third party, the query node can be authorized to access the system. The query node can track and query basic introduction of products, related information of the products, supervision authentication and the like through the security traceability system. The system provides that the querying node can decrypt the target information by the private key only when certain predefined conditions are met. The security of the data query node in the system is slightly higher than that of the data uploading node, the query node only has the capability of querying and using the data, but the risk of data leakage exists, the data query node is similar to the uploading node, the data query node can be strictly checked and authenticated when being accessed into the system, and the access capability of the data query node can be limited even if the node which is considered to be safe obtains the authority of the access system.

(4) Blockchain: the system adopts a technical architecture based on a alliance chain, and each distributed uploading node in the system can store data into a blockchain. Each product in a blockchain system has a unique identification tag that is a virtual identification of the data stored in the system. The tag of the data has a unique encrypted digital search identifier corresponding thereto and has a feature that cannot be authenticated. In the system, intelligent contracts capable of executing corresponding functions are designed, and the intelligent contracts comprise: encryption and decryption, verifying whether the node has search rights, and verifying the correctness of the search result.

(5) Cloud server: the cloud server interacts primarily with the blockchain system, its function is to store data files, and is responsible for searching the security index without knowing any data files or search query information.

The construction of the traceability system comprises the following four stages: the first stage is to define the data format of the block chain and the cloud, optimize the storage data structure of the block chain and improve the efficiency of tracing searching. And in the second stage, a trusted third party performs data initialization setting, registers access node authentication and distributes keys. In the third stage, the data uploading node completes registration, authentication, key generation, data encryption and data storage. And finally, the data query node performs registration authentication, key generation, on-chain and cloud search, data verification and data decryption, and realizes the functions of data integrity verification and efficient query.

Step1. data structure definition.

1. Data structure preprocessing in a blockchain.

Each transaction tuple stored in the blockchain is first defined, specifically as follows:

Y_i＝<First,key_i,timestamp>

the transaction tuple consists of an initial key value (a random number) and a set of relational bound key-value pairs key _i and timestamp information timestamp, wherein the definition of its constituent elements is:

key _i is a unique identifier of the data uploading transaction in the blockchain, and is formed by splicing a specific data value _i and a random number rand _i corresponding to the unique identifier. First is an initial constant value (const), and timestamp is the time when the current detection/maintenance data is submitted to the blockchain for the First time, and the data uploading time is obtained by acquiring the system time, wherein the method for acquiring the timestamp is as follows: the random _i random number is the physical identifier ID _i of the data obtained by random mapping of the random. The timestamp is an important parameter for ensuring that the uploaded data has uniqueness, and when the detection/maintenance data is successfully submitted to the traceability system, the system reads the value _i.value_i of the transaction and the solving process of the related parameters as shown in the following formula:

value _i is obtained by the hash value of the security index and the ciphertext through the attribute-based encryption method cpabeEnc (). The security index set element I _i is a security index generated by the searchable encryption algorithm encryption method sseEnc (), and h _i is obtained by performing hash operation on the ciphertext value C _i corresponding to the security index.

2. Cloud data preprocessing.

Before data are transmitted to the cloud server, the data storage format is a lightweight JSON format, and the network transmission efficiency can be remarkably improved by using the JSON format. The proposed traceability system focuses on the following two parameters: "ID" and "Pre", wherein the value corresponding to the "ID" field is the encrypted physical identifier of the data uploading node; "Pre" contains information about all nodes that the product passed before the current node. If "Pre" is null, it indicates that the current node is the starting node. Before uploading the encrypted data file to the cloud server, establishing a secure binding relationship between the index and the data ciphertext: i _i-C_i, a corresponding ciphertext file set can be found by the security index. Then, when the data needs to be uploaded to a cloud server, the data uploading node encrypts the data plaintext by using a symmetric encryption algorithm to obtain a data ciphertext; the symmetric searchable encryption algorithm is used to encrypt the index key plaintext to obtain the key ciphertext.

3. Data structure optimization in a blockchain. In order to realize efficient traceability query, a TB ⁺ -tree index structure is provided, and data searching efficiency is improved.

The TB ⁺ -tree is divided into 3 layers in total, namely an internal node layer, an identification layer and a Leaf layer from top to bottom, wherein the identification layer consists of head identification information and a timestamp identification, the Leaf layer consists of Leaf nodes, and the access from the block 1 to the block 2 is finished through the pointer from the block 1 to the block 2 because the Leaf nodes have pointers pointing to the next Leaf nodes. FIG. 2 shows the logical structure of the TB ⁺ -tree.

The stored data structure is shown in fig. 3, in which a Key value, a timestamp and a child node address are stored in a node of the identification layer, wherein First represents that the Key value is a random constant value, that is, a minimum value which cannot be obtained by the Key is TIM ESTAMP, the timestamp information is used as timestamp, and Key represents a conventional Key value.

Step2. System initialization. This stage is an essential step before the system starts to run, which encapsulates the searchable encryption algorithm and the attribute-based encryption algorithm. And in the initialization stage, the system function of data tracing is realized by calling different methods. The method comprises the following specific steps:

1. Initializing. Executing the Init () method initializes smart contracts and data. The step can be performed once to complete the initialization of the system, and the processes of installation initialization, instantiation and the like of the contract can be completed.

2. And (5) dynamically managing the key. The initialization algorithm inputs the security parameter lambda and the attribute set S, and generates a security key for the subsequent access node, so that the system has a dynamic access authentication function.

3. And (5) key distribution. A system public key PK and a system master key MK are generated, the master key acting only as attribute-based access control, generating a private key SK for each participant. Public key PKs are distributed to each data uploading node for the nodes to encrypt the uploaded data.

Step3, uploading data. This stage describes the whole process of data upload, and the flow chart is shown in fig. 4.

The specific implementation steps are as follows:

1. And (5) detecting and maintaining data uploading nodes and registering and authenticating. The data registration node initiates a registration request to a trusted third party to provide the real attribute information. The trusted third party checks the authenticity of the registered node's attributes and then determines whether the node is eligible for access. When a node passes the authentication of a trusted third party and can access the data tracing system, the trusted third party gives corresponding authority to the node and divides the node into corresponding organizations. The node will obtain the PK, MK and security parameters granted by the trusted third party.

PK,MK,λ←Register()

2. And (5) generating a key. The data uploading node is authorized to access the system and execute the key generation algorithm. The specific definition and process are as follows:

Two key generation algorithms involved in the process are both called by the data uploading node. Invoking a method SSEKEYGEN (), inputting a security parameter lambda, and outputting a symmetrical searchable encryption key K _sse for encrypting a keyword plaintext; method AESKEYGEN () is called and the security parameter lambda is entered and the symmetric key K _aes used to encrypt the data file is output.

3. And (5) encrypting the data. After the data uploading node generates the symmetric key K _aes and the searchable encryption key K _sse, the plaintext data set and the corresponding key index are encrypted respectively. The specific definition and process are as follows:

The process involves encrypting three different types of data, each of which is called a corresponding encryption algorithm in the data uploading process by the data uploading node: calling a symmetric encryption method: aesEnc (), a symmetric key K _aes, a plaintext file set D _i and a symmetric key K _aes with encrypted attributes are input, and a corresponding ciphertext set C _i is output, so as to ensure the security of data in a cloud server; invoking a symmetrical searchable encryption method sseEnc (), inputting a keyword index plaintext M _ki and a searchable encryption key K _sse, and then outputting a corresponding security index I _i; call cpabeEnc (), input public key PK, security index I, ciphertext hash value h (C), access control structure Γ, output attribute-based encryption value _i. This process is to encrypt I and h (C). Only users whose attributes match the access policy are able to decrypt the content. Where h (C) is to verify the integrity of the data returned from the cloud.

4. And uploading data. The encrypted data will be uploaded to a different location for storage. The definition is as follows:

Puststate(key,value)

The search key _i in the data tuple Y _i＝<First,key_i, the timestamp > and the corresponding data ciphertext value _i and timestamp information timestamp are uploaded to the blockchain for storage.

CloudFunc.Insert(I_i,C_i)

The above process is that a request security index I _i for uploading a file and a corresponding ciphertext C _i set thereof are sent to a cloud server.

Step4, data query and download. The main task at this stage is to query data and download, the flow chart is shown in fig. 5. The method comprises the following specific steps:

1. the inquiring node registers for authentication. The data query node initiates a registration request to a trusted third party and provides real attribute information. The trusted third party reviews the authenticity of the node's attributes and determines whether the node is eligible for access. When the node successfully authenticates by a trusted third party, it obtains access to the trackable system and obtains the user attribute private key K _cpabe and the security parameter λ.

K_cpabe,λ←check(S)

2. On-chain search phase: once authorized to join the system, the data querying node may search for data in the blockchain. At this time, the value _i returned by the system is a hash value corresponding to the ciphertext and a security index value encrypted based on the attribute.

value_i＝Search(key_i)

3. On-chain decryption stage: this step is automatically performed by the system, as judged by the smart contract. After the data query node obtains the corresponding value, if the user attribute is matched with the access strategy, the data query node uses the attribute private key to decrypt the data query node to obtain the security index of the encrypted data and the corresponding hash value. Otherwise, the query process will be terminated.

I_i,h_i(C_i)＝cpabeDec(PK,value_i,K_cpabe)

4. Searching on the cloud: after the on-chain decryption stage, the data query node may obtain the security index from the blockchain, and the intelligent contract automatically executes the query service request. The intelligent contract applies for a search service request to the cloud and provides a security index to be searched. And after receiving the query request and the security index, the cloud server executes the search query and retrieves the corresponding ciphertext according to the security index. And finally, the cloud server returns the corresponding data ciphertext.

C_i＝CloudFunc.Search(I_i)

5. And (3) a cloud search result verification stage: because the cloud server is semi-trusted, the returned results may not be the results expected by the querying node. When the data query node receives the ciphertext returned by the cloud server, the integrity of the returned data ciphertext needs to be checked. After the blockchain system acquires the corresponding ciphertext from the database, the verification contract is automatically called, and the algorithm 1 is automatically executed as follows:

6. data ciphertext decryption stage: when the result returned in the verification stage is 1, the system may determine that the data ciphertext has not been maliciously modified. The node needs to obtain a symmetric key before decrypting the data document. The smart contract invokes the ciphertext values of the user's private key and the symmetric key and decrypts it to obtain the symmetric key.

K_aes＝cpabeDec(PK,apabeEnc(K_aes),K_cpabe)

After the symmetric key is successfully obtained, the intelligent contract automatically decrypts the ciphertext and returns corresponding plaintext data.

D_i＝aesDec(K_aes,C_i)

7. Query result processing stage: after decryption processing, the system is already able to read the plaintext data set. The smart contract then invokes split composite key algorithm 2 to split the string in the "pre" field to obtain what it needs. The character strings decomposed by the algorithm are unique identifiers on the previous node chain, and the character strings are used as new searching target values to concurrently execute the fourth step, and complete traceable query results are obtained. And generating a complete tracing chain according to the sequence of the timestamp dictionary, and returning the final tracing result to the data query node.

Algorithm 2 is as follows:

8. Data download

After the blockchain is introduced as the bottom layer, seed files, uploading and inquiring nodes and other information of the files can be all inquired on the blockchain, and in a blockchain-based file tracing system, a distributed database shared by users replaces the function of a Tracker. After the data to be downloaded is queried, the data can be downloaded, and after the downloading is completed, the intelligent contract executes an incentive mechanism to distribute and incentives, and data transaction information is recorded on the blockchain.

Those of ordinary skill in the art will appreciate that the embodiments described herein are intended to aid the reader in understanding the practice of the invention and that the scope of the invention is not limited to such specific statements and embodiments. Those of ordinary skill in the art can make various other specific modifications and combinations from the teachings of the present disclosure without departing from the spirit thereof, and such modifications and combinations remain within the scope of the present disclosure.

Claims

1. A construction method of a bridge structure detection monitoring and maintenance data traceability system is characterized by comprising the following steps: the bridge structure detection monitoring and maintenance data traceability system comprises:

A trusted third party: the trusted third party is responsible for authenticating the identity of the access node, distributing keys, and dividing the organization to which the access node belongs; the security of the trusted third party is assumed to be the highest level, and the audit and revocation results are true and trusted; its act of managing and distributing keys is also considered secure;

and (3) a data uploading node: the data uploading node comprises bridge structure health detection monitoring group personnel and maintenance group personnel; the data uploading node can access the tracing system only after passing the authentication of the trusted third party; the data uploading node decides personnel for decrypting the message according to the authority granted by the system; the traceability system can ensure the legality of the data storage process and the content through intelligent contracts; the data querying node may access relevant information already stored on the blockchain; the data uploading node is subjected to strict audit and authentication before being accessed to the system, and the uploading malicious or invalid data can be penalized or the access authority can be revoked;

Data query node: the data query node is a manager of a general package department or a customer who needs to provide bridge detection monitoring and maintenance service; the data query node obtains system access authorization after being authenticated by a trusted third party; the query node can track and query basic introduction, related information and supervision authentication of the product through the traceability system; the data query node can decrypt the target information through the private key when the data query node meets the predefined condition; when the data query node is accessed to the system, the data query node is required to be subjected to verification and authentication, and even if the data query node is considered as a safe node, the access capability of the data query node is limited;

Blockchain: the traceability system adopts a technical architecture based on a alliance chain, and each distributed uploading node can store data into a blockchain; each product has a unique identification tag and an encrypted digital search identifier, and has the characteristic of no verifiability; the intelligent contract is responsible for executing encryption and decryption operations, verifying whether the node has search rights or not, and verifying the correctness of the search result;

Cloud server: the cloud server interacts with the blockchain system, is responsible for storing data files, and performs secure index search without knowing any data files or search query information;

the construction method comprises the following steps:

S1: defining data formats of the block chain and the cloud, optimizing a storage data structure of the block chain, and improving the efficiency of tracing searching;

The specific steps of S1 are as follows:

S11: preprocessing a data structure; defining the structure of data in a block chain, and preprocessing each transaction tuple; the transaction tuple consists of an initial key value, a key value pair bound by a relation and timestamp information; the initial key value is formed by splicing specific data and a random number, and the time stamp is the time of uploading the data;

S12: cloud data preprocessing; before data are transmitted to a cloud server, a lightweight JSON format is used for storage, and a binding relation between a safe index and a data ciphertext is established; encrypting the data using a symmetric encryption algorithm and encrypting the index key using a searchable encryption algorithm;

The internal node layer provides an indexed navigation function; it stores the range of the key words and the corresponding child node addresses; the position of the leaf node to be accessed is determined through the internal node layer, so that the searching speed is increased;

the leaf node layer consists of leaf nodes, and each leaf node is provided with a pointer pointing to the next leaf node;

S2: carrying out data initialization setting, registration access node authentication and key distribution by a trusted third party;

the specific steps of S2 are as follows:

s21: initializing; executing an Init () method to initialize smart contracts and data;

S22: dynamically managing keys; the initialization algorithm inputs a security parameter lambda and an attribute set S, and generates a security key for a subsequent access node, so that the system has a dynamic access authentication function;

S23: key distribution; generating a system public key PK and a system master key MK, wherein the master key is only used as access control based on attributes, and generating a private key SK of each participant; public key PK is distributed to each data uploading node for the nodes to encrypt the uploaded data, and the formula is as follows:

in the formula, setup (1 ^λ, S) represents an initialization function of a traceability system, parameters are a security parameter lambda and an attribute set S, and output is a public key PK and a master key MK;

KeyGen (MK, S) represents a key generation function, parameters are a master key MK and an attribute set S, and the parameters are output as a private key SK of a participant;

S3: the data uploading node completes registration, authentication, key generation, data encryption and data storage;

The specific steps of S3 are as follows:

The data registration node initiates a registration request to a trusted third party and provides real attribute information; the trusted third party checks the authenticity of the node attribute and decides whether to allow access; once the node passes the authentication and obtains the access rights, the trusted third party allocates the corresponding rights to the node and divides the rights to the corresponding organizations; the node obtains the PK, MK and security parameters granted by a trusted third party;

S32: generating a secret key; the data uploading node is authorized to access the system and execute a key generation algorithm to generate a symmetric key K _aes and a searchable encryption key K _sse;

S33: encrypting data; after the data uploading node generates a symmetric key K _aes and a searchable encryption key K _sse, encrypting the plaintext data set and the corresponding keyword index thereof respectively;

s34: the encrypted data is uploaded to different positions for storage;

Using a function Puststate (key, value), uploading a search key _i in the data tuple Y _i＝<First,key_i, timestamp > and the corresponding data ciphertext value _i and timestamp information timestamp to a blockchain for storage;

Using a function cloudfunc.insert (I _i,C_i) to initiate a request for uploading a file to the cloud server, and sending the security index I _i and the corresponding ciphertext C _i set to the cloud server;

2. The method for constructing a system for detecting, monitoring and tracing maintenance data of bridge structures according to claim 1, wherein the key generation algorithm in S32 is specifically defined and defined as follows:

Symmetric searchable encryption key generation function SSEKEYGEN () and symmetric key generation function AESKEYGEN () for encrypting a data file are both invoked by a data upload node; invoking SSEKEYGEN (), inputting a security parameter lambda, and outputting a symmetrical searchable encryption key K _sse for encrypting a keyword plaintext; call AESKEYGEN () and input security parameter lambda and output symmetric key K _aes for encrypting the data file.

3. The method for constructing a system for detecting, monitoring and tracing maintenance data of a bridge structure according to claim 1, wherein the specific definition and process of S33 are as follows:

Calling cpabeEnc (), inputting a public key PK, a security index I, a ciphertext hash value h (C), accessing a control structure Γ, and outputting an attribute-based encryption value _i; this process is to encrypt I and h (C); only users whose attributes match the access policy are able to decrypt the content; where h (C) is to verify the integrity of the data returned from the cloud.

4. The method for constructing a system for detecting, monitoring and tracing maintenance data of a bridge structure according to claim 1, wherein the specific steps of S4 are as follows:

S41: inquiring node registration authentication;

The data query node initiates a registration request to a trusted third party and provides real attribute information; a trusted third party reviews the authenticity of the node attribute and determines whether the node is eligible for access; once the node passes the authentication, a user attribute private key and a security parameter are obtained; the registration process uses a function check (S);

S42: a search phase on the chain;

After the data query node obtains the corresponding authorization, data searching can be performed in the block chain; the system returns a security index value based on attribute encryption and a hash value corresponding to the ciphertext; the query process returns a value _i using the function Search (key _i);

s43: a decryption stage on the chain;

After the value _i is acquired by the data query node, decrypting the value by using the user attribute private key K _cpabe to acquire a security index and a corresponding hash value of the encrypted data; if the user attribute matches the access policy, performing a decryption operation; otherwise, the query process is terminated; the decryption process returns the decrypted secure index I _i and hash value using a function cpabeDec (PK, value _i,K_cpabe)

S44: searching on the cloud;

After the decryption stage on the chain, the data query node can acquire a security index from the blockchain; the intelligent contract automatically executes a search service request, sends the search request to the cloud server, and provides a security index to be searched; after receiving the request, the cloud server executes search query and retrieves the corresponding ciphertext according to the security index; finally, the cloud server returns the corresponding data ciphertext; the search process returns ciphertext set C _i using the function cloudfunc.search (I _i);

s45: a cloud search result verification stage;

When the data query node receives the ciphertext returned by the cloud server, the integrity of the returned data ciphertext needs to be checked; after the block chain acquires the corresponding ciphertext from the database, automatically calling a verification contract, and executing a verification algorithm to verify the integrity of the data;

S46: a data ciphertext decryption stage;

When the result returned in the verification stage is TRUE, the system determines that the data ciphertext is not maliciously modified; before decrypting the data file, the node needs to acquire a symmetric key; the intelligent contract calls the ciphertext values of the private key and the symmetric key of the user, and decrypts the ciphertext values to obtain a symmetric key K _aes; after the symmetric key is successfully obtained, the intelligent contract automatically decrypts the ciphertext and returns corresponding plaintext data D _i;

s47: a query result processing stage;

After decryption processing, the system can read the plaintext data set; the intelligent contract calls an algorithm for splitting the compound key, and splits the character string in the Pre field into required contents; the split character string is a unique identifier on the previous node chain, is used as a new searching target value, and initiates inquiry to obtain a complete traceability inquiry result; finally, generating a complete tracing chain according to the sequence of the timestamp dictionary, and returning a final tracing result to the data query node;

S48: downloading data;

After the blockchain is introduced as a bottom layer, seed files, uploading and inquiring node information of the files can be inquired on the blockchain; after inquiring the data to be downloaded, the user can download the data; after the download is completed, the smart contract executes an incentive mechanism, distributes the incentive, and records the data transaction information onto the blockchain.