CN117454400A - Geographic information data storage and sharing method based on blockchain - Google Patents
Geographic information data storage and sharing method based on blockchain Download PDFInfo
- Publication number
- CN117454400A CN117454400A CN202311451755.9A CN202311451755A CN117454400A CN 117454400 A CN117454400 A CN 117454400A CN 202311451755 A CN202311451755 A CN 202311451755A CN 117454400 A CN117454400 A CN 117454400A
- Authority
- CN
- China
- Prior art keywords
- data
- geographic information
- blockchain
- information data
- index value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000013500 data storage Methods 0.000 title claims abstract description 10
- 238000012795 verification Methods 0.000 claims description 12
- 238000011217 control strategy Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 claims 1
- 238000012797 qualification Methods 0.000 claims 1
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013479 data entry Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000000630 rising effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Abstract
The invention relates to the field of geographic information data privacy protection, and provides a block chain-based geographic information data storage and sharing method. The invention provides fine-grained access control for the geographic information data by introducing a blockchain technology, an SM4 encryption algorithm and a ciphertext-based attribute encryption algorithm, and realizes privacy security of the geographic information data. The invention combines the Schnorr signature algorithm, the blockchain and the IPFS technology, transfers the geographic information data to the position under the chain, stores the hash value of the data on the blockchain in a transaction sending mode, uses the respective secret key to sign the transaction by each participant in the transaction, and finally combines the signatures and the public keys of all the participants into one signature and one public key to be stored on the blockchain so as to expand the storage capacity of the blockchain, thereby effectively reducing the storage cost of the data on the chain while ensuring the safe sharing of the data.
Description
Technical Field
The invention relates to the field of data privacy protection, in particular to a geographic information data storage and sharing method based on a blockchain.
Background
The geographic information data relationship national economy construction and the national defense construction have important application in various industries of society. However, the security features of accurate positioning, high precision and wide secret are adopted for the geographic information data, so that the security problem is very outstanding. For example, in the satellite positioning field, high-precision secret-related geographic information data is required, but the use of actual data is severely limited due to factors such as national security.
The blockchain has the characteristics of decentralization, non-tampering and traceability, can well solve the problems of tracing and storing geographic information data, and provides guarantee for the safety of the data. But the transparent nature of the data disclosure on the blockchain does not hide sensitive information that may be involved in the geographic information data. Meanwhile, as a distributed database commonly maintained by nodes on the chain, storing geographic information data which has huge data volume and contains various space-time characteristics in a uplink way inevitably leads to the shortage of storage space on the chain. Therefore, how to design a method capable of meeting the requirement of secure sharing of geographic information data and saving the storage overhead on a blockchain has become an urgent need in the field of privacy protection of geographic information data.
Disclosure of Invention
Therefore, the invention provides a geographic information data storage and sharing method based on a blockchain, which protects the privacy security of geographic information data by using the blockchain and an encryption algorithm, reduces the storage cost of the geographic information data and reduces the storage overhead of the blockchain while considering the data security and the application cost.
According to the design scheme provided by the invention, the geographic information data storage and sharing method based on the block chain is provided, and the specific technical scheme is as follows:
obtaining geographic information data, wherein the geographic information data comprises: vector data, elevation data, raster data;
setting a trust anchor user, wherein a data visitor firstly accesses a server of a data owner, fills in a registration form to become a user of the data visitor, and generates an attribute certificate for the user according to the registration form by the server, wherein the registration form comprises identity identification information such as the ID of the user, contact information, subordinate enterprises, subordinate departments and the like;
generating a symmetric key required by a public key algorithm and a public and private key required by an asymmetric encryption algorithm by utilizing a trusted authority;
symmetrically encrypting the geographic information data by using an SM4 encryption algorithm, uploading the symmetrically encrypted ciphertext to an IPFS, and obtaining a unique index value based on ciphertext content;
multiple departments of the data owner verify the index value, after the index value passes the verification, the index value is signed by using respective private keys, and the signatures and the public keys of all the participants are aggregated into one signature and one public key and then uploaded to the blockchain for storage;
formulating an access control strategy, encrypting the index value and the symmetric key by using an attribute encryption algorithm, and uploading an attribute encryption ciphertext and a public key required for decryption to a blockchain for storage;
transaction information is searched from the blockchain, wherein the transaction information comprises encryption results of index values, signatures of all participants of the transaction on the index values, parameters required for decrypting and verifying the signatures and the like.
The user verifies the correctness of the signature by using the public key stored in the blockchain, and if the verification is passed, the index value is proved to be truly and credible, otherwise, the index value is proved to be possibly tampered, and the data owner is required to upload the correct index value again.
The user uses the private key containing the self attribute to decrypt the attribute to encrypt the ciphertext, if the private key of the user meets the access control strategy formulated by the data owner, the user can decrypt to obtain the index value and the symmetric key, otherwise, the user is refused to access.
And the user downloads the symmetric encryption result of the geographic information data from the IPFS through the index value, and obtains the plaintext of the geographic information data after decrypting the symmetric key.
The invention has the beneficial effects that:
the invention adopts a decentralization mode to realize the storage and sharing of the geographic information data, and provides access control functions and multiple security guarantees for the geographic information data based on an SM4 encryption algorithm and an attribute encryption algorithm. The transaction structure is redesigned according to the characteristics of the geographic information data, so that the target transaction record can be more quickly found. The under-chain expansion scheme is provided based on IPFS (Internet protocol File System) and Schnorr signature technology, so that the storage pressure of a block chain is relieved, and the on-chain storage of a large amount of geographic information data is realized.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a general flow chart of the proposed method of the present invention.
Fig. 2 is a schematic diagram of a system model of the method according to the present invention.
Fig. 3 is a schematic diagram of an attribute encryption access control strategy according to the method of the present invention.
FIG. 4 is a block diagram of the method according to the present invention.
Fig. 5 shows the signature algorithm overhead of the proposed method.
Fig. 6 shows the overhead of the attribute encryption algorithm according to the method of the present invention.
Detailed Description
The invention is further illustrated by the following figures and examples. Wherein the drawings are for illustrative purposes only and are shown only as schematic drawings or one of them can be implemented, rather than fixing one, and are not to be construed as limiting the patent; for the purpose of better illustrating embodiments of the invention, certain elements of the drawings may be omitted, enlarged or reduced and do not represent the size of the actual product; it will be appreciated by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
Referring to fig. 1, an embodiment of the present invention provides a method for storing and sharing geographic information data based on blockchain, which includes the following steps:
s101, acquiring geographic information data, acquiring and inputting the data by a data owner mapping department through means of GPS positioning, aerial photography, remote sensing images and the like, sorting and summarizing the original data by a data processing department, giving the data to an auditing department for auditing, and enabling a system administrator maintaining a blockchain to be responsible for backing up the data locally after the auditing is passed, wherein the processing of each stage of the data is confirmed by a department responsible person with a private key signature, wherein the geographic information data comprises the following components: vector data, raster data, elevation data.
S102, initializing a system, wherein a user registers an account from a trusted authority and according to security parameters 1 λ Generating public parameters PK and master key MK by a trusted authority according to elliptic curve E p (a, b) and a base point G, generating a private key sk for signing sh Using a private key sk sh And base point G calculate public key PK sh 。
FIG. 2 shows the overall system flow, in which a user applies for a registration account to an enterprise server where the data owner is located, the server generating a UID containing its identity information and a set of attributes S for the user U The trusted authority generates the key generation (MK, S) according to a key generation algorithm U ) Calculate the private key SK and SK of the user sh Together sent to the user over a secure channel.
S103, the data owner uses SM4 encryption algorithm to encrypt the geographic information data set M (M 1 ,m 2 ,m 3 ,…,m n ) Encrypting to obtain ciphertext C, wherein K is a symmetric key, and uploading C to the IPFS. The encryption process is expressed as:
SEnc(M(m 1 ,m 2 ,m 3 ,...,m n ),K)→C;
s104, distributing the unique identification CID of the file generated by the IPFS to each related department for confirmation. Each department responsible person signs the CID by using the Schnorr signature algorithm, respectively, and the data owner system administrator aggregates the signatures of each participant into a "signature sum":
(R 1 +R 2 +…+R n ,σ 1 +σ 2 +…+σ n )→S;
by the data owner according to the user' S set of attributes S u An access control strategy T is formulated, an access control process is expressed by a tree structure, branch nodes of the tree represent AND, OR and threshold operations, and leaf nodes represent attributes. A typical attribute-encrypted access policy tree is shown in fig. 3. The right branch represents the property requirements for the enterprise, which must be the partner enterprise to decrypt. The left branch represents the access requirements for different departments of the enterprise, and only the enterprise system administrator and the responsible person of the specific department can acquire the data. Finally, the data owner encrypts the CID and the symmetric key K by adopting an attribute encryption algorithm to generate a ciphertext CT, packages the CT and public parameters required by decryption and signature verification, and broadcasts the ciphertext CT in a block chain in a transaction mode, wherein the block structure is shown in figure 4:
AEnc(CID,K,T,PK,S)→CT
AddTranscation(CT,S,PK,PK sh )→Trans_addre
s105, the process of acquiring target data by a user comprises two stages of on-chain data acquisition and data verification and downloading, and the method comprises the following steps:
(1) On-chain data acquisition
When searching data, it needs to traverse from the created block, and find out the corresponding transaction from the block according to the data type requested by the user until the last block is traversed. After finding the transaction containing the data requested by the user, the transaction content is returned to the user after being coded and converted. The specific procedure is shown in algorithm 1.
(2) Data decryption and verification
The geographic information data is stored in the form of an encrypted file index on a chain, and the user needs to decrypt the file at the client. Firstly, judging whether an access control strategy formulated by a data owner is met by using a private key of a user, then verifying a signature of a corresponding file index, returning the file index, a verification result and a symmetric key to a requester after the verification is correct, otherwise, refusing the access application of the requester and reminding the data owner to verify whether the uploaded file index is consistent with the file index in the IPFS. The specific process is shown in algorithm 2.
(3) Under-chain data acquisition
The user downloads the required geographical information data from the IPFS using the CID. At this time, the data requester obtains the ciphertext C of the geographic information data, and decrypts the ciphertext by continuously using the symmetric key K to obtain the plaintext M (M 1 ,m 2 ,m 3 ,…,m n ):
SDec(C,K)→M(m 1 ,m 2 ,m 3 ,...,m n )。
In order to verify the performance of the system, the time required for signature verification of the geographic information data and the storage space occupied by the signature are analyzed, and the analysis result is shown in fig. 5. The result shows that the signature verification time of the scheme does not change obviously with the increase of the number of the participants, when the number of the participants exceeds 18, the signature verification speed of the scheme exceeds the asymmetric encryption scheme, and the signature verification time is generally stabilized within 0.1 seconds. By comparing the sizes of the signatures, the signatures generated by the scheme occupy less storage space when more than two participants sign data. The overhead of system access control is analyzed, and the analysis result is shown in fig. 6. The results show that as the number of attributes in the access policy increases, the response time of all three types of data shows a gradual rising trend, but the overall control is within 4 s. With the increase of the number of attributes in the access control policy, the storage space occupied by data is gradually increased. While the amount of data in an overall height data is minimal, its inclusion of the largest number of subfiles results in the largest amount of storage space it occupies in the final uplink data, raster data with the largest amount of data in the overall height data is instead minimal because of the smallest number of subfiles. As can be derived from experimental results, the scheme herein is more suitable for cases where the data file is relatively large but the data entries are small.
It is to be understood that the above examples of the present invention are provided by way of illustration only and not by way of limitation of the embodiments of the present invention. Other variations or modifications of the above teachings will be apparent to those of ordinary skill in the art. It is not necessary here nor is it exhaustive of all embodiments. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the invention are desired to be protected by the following claims.
Claims (5)
1. The geographic information data storage and sharing method based on the block chain is characterized by comprising the following steps of:
obtaining geographic information data, wherein the geographic information data comprises: vector data, elevation data, raster data;
the data owner symmetrically encrypts the geographic information data by using an SM4 encryption algorithm, stores the symmetrically encrypted ciphertext to the IPFS and generates a unique index value based on the content of the symmetrically encrypted ciphertext.
The data owner signs the index value by using a Schnorr signature algorithm and aggregates the signatures, so that the storage space occupied by the signatures is reduced.
The data owner formulates an access control strategy aiming at the identity attribute of the user, and encrypts the signature, the index value and parameters required by decryption and signature verification by utilizing an attribute encryption algorithm;
the data owner builds a blockchain, which is a private chain, the information of which includes: block height, block chain time stamp, parent block hash value, merkle tree root node hash value, aggregate signature of transaction; and uploading the encryption result to a blockchain to realize safe sharing of the geographic information data in a decentralizing environment.
2. The blockchain-based geographic information data storage and sharing method according to claim 1, wherein the data owner is a geographic information industry having a mapping department, a data processing department and a security auditing department, and the process of acquiring the geographic information data is as follows: the mapping department is responsible for collecting and inputting data through means such as GPS positioning, aerial photography, remote sensing images and the like, the data processing department is responsible for sorting and summarizing the original data, the data is submitted to the auditing department for auditing, after the auditing passes, a system administrator maintaining the blockchain is responsible for locally backing up the data, and the processing of each stage of the data is confirmed by a private key signature of a department responsible person.
3. The blockchain-based geographic information data storage and sharing method of claim 1 or 2, further comprising, after obtaining the index value of the geographic information data in the IPFS:
distributing the index value to each department for checking and confirming again, and after confirming that the index value is signed by each department responsible person by using the private key and is sent to a system administrator, and the system administrator aggregates all the signatures into one signature and aggregates the public key required for verifying the signature into one public key;
and the system administrator formulates an access control strategy according to the user attribute, encrypts the index value and the symmetric key, and packages and uploads the attribute encryption ciphertext and the corresponding aggregate signature to the blockchain.
4. The blockchain-based geographic information data storage and sharing method of claim 3, further comprising, after the end of the data upload blockchain phase:
searching transaction information from a chain, traversing from an created block of the blockchain, finding out corresponding transaction from the blocks according to the data type requested by a user until the last block is traversed, and after the transaction containing the data requested by the user is found out, returning the transaction content to the user after code conversion;
after the user obtains the transaction content, verifying the aggregated signature in the transaction, if the verification result is correct, continuing to judge whether the user has access qualification, otherwise, indicating that the index value stored on the chain may be tampered, and reminding the data owner to verify whether the uploaded index value is consistent with the index value corresponding to the IPFS;
and the user decrypts the attribute encryption ciphertext by using the private key, and if the user private key meets the access control strategy, the attribute encryption ciphertext can be decrypted to obtain the index value and the symmetric key.
5. The method for storing and sharing blockchain-based geographic information data of claim 4, further comprising, after obtaining the data index value from the chain:
and obtaining the symmetric encryption ciphertext from the IPFS according to the index value, and obtaining the original geographic information data after decrypting the symmetric encryption ciphertext by using the symmetric key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311451755.9A CN117454400A (en) | 2023-11-02 | 2023-11-02 | Geographic information data storage and sharing method based on blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311451755.9A CN117454400A (en) | 2023-11-02 | 2023-11-02 | Geographic information data storage and sharing method based on blockchain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117454400A true CN117454400A (en) | 2024-01-26 |
Family
ID=89592602
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311451755.9A Pending CN117454400A (en) | 2023-11-02 | 2023-11-02 | Geographic information data storage and sharing method based on blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117454400A (en) |
-
2023
- 2023-11-02 CN CN202311451755.9A patent/CN117454400A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11677569B1 (en) | Systems and methods for notary agent for public key infrastructure names | |
| US9800416B2 (en) | Distributed validation of digitally signed electronic documents | |
| US9059856B2 (en) | Providing security services on the cloud | |
| US7320076B2 (en) | Method and apparatus for a transaction-based secure storage file system | |
| CN112291245B (en) | Identity authorization method, identity authorization device, storage medium and equipment | |
| US20100005318A1 (en) | Process for securing data in a storage unit | |
| US10880100B2 (en) | Apparatus and method for certificate enrollment | |
| CN112311538B (en) | Identity verification method, device, storage medium and equipment | |
| US20220209945A1 (en) | Method and device for storing encrypted data | |
| CN114679340B (en) | File sharing method, system, device and readable storage medium | |
| CN107094075A (en) | A kind of data block dynamic operation method based on convergent encryption | |
| CN111159352B (en) | Encryption and decryption method supporting multi-keyword weighted retrieval and result ordering and capable of being verified | |
| CN114528331A (en) | Data query method, device, medium and equipment based on block chain | |
| CN116015846A (en) | Identity authentication method, identity authentication device, computer equipment and storage medium | |
| CN117454400A (en) | Geographic information data storage and sharing method based on blockchain | |
| KR102282788B1 (en) | Blockchain system for supporting change of plain text data included in transaction | |
| CN112084533A (en) | Block chain-based multi-level position information sharing method | |
| Ramane et al. | A metadata verification scheme for data auditing in cloud environment | |
| Venkatesh et al. | Secure authorised deduplication by using hybrid cloud approach | |
| CN117035740B (en) | Construction method of bridge structure detection monitoring and maintenance data traceability system | |
| CN115150184B (en) | Method and system for applying metadata in fabric block chain certificate | |
| CN112702389B (en) | Data rights management method, device, equipment and storage medium | |
| US20240015014A1 (en) | Dynamic and verifiable searchable encryption method and system based on updatable encryption and blockchain | |
| CN106612325A (en) | Method for data authenticity verification under authority management in cloud storage | |
| Ren et al. | Research on Privacy Protection of Internet of Things Search Data Based on Fine-Grained Authorization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |