KR101726975B1 - System for securing information of moving object and method for securing information of moving object using the system - Google Patents

System for securing information of moving object and method for securing information of moving object using the system Download PDF

Info

Publication number
KR101726975B1
KR101726975B1 KR1020160037604A KR20160037604A KR101726975B1 KR 101726975 B1 KR101726975 B1 KR 101726975B1 KR 1020160037604 A KR1020160037604 A KR 1020160037604A KR 20160037604 A KR20160037604 A KR 20160037604A KR 101726975 B1 KR101726975 B1 KR 101726975B1
Authority
KR
South Korea
Prior art keywords
encryption
statement
moving object
receiving
information
Prior art date
Application number
KR1020160037604A
Other languages
Korean (ko)
Inventor
송유진
Original Assignee
동국대학교 경주캠퍼스 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 동국대학교 경주캠퍼스 산학협력단 filed Critical 동국대학교 경주캠퍼스 산학협력단
Priority to KR1020160037604A priority Critical patent/KR101726975B1/en
Application granted granted Critical
Publication of KR101726975B1 publication Critical patent/KR101726975B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

According to the present invention, disclosed are a moving object information security system, in an intelligent distributed computing environment, capable of reinforcing security by storing information for a moving object using a re-encryption technique, and a moving object information security method using the same. The moving object information security method includes an edge device, a moving object control device, an intermediate connection device, a server, and a user terminal. The edge device generates or stores moving object information and the moving object control device encrypts moving object information m received from the edge device to generate an encrypted sentence C. The intermediate connection device receives the encrypted sentence C from the moving object control device through a wireless communication method to generate a re-encrypted sentence C through re-encryption of the encrypted sentence C. The server receives the re-encrypted sentence C from the intermediate connection device and stores the re-encrypted sentence C. The user terminal decrypts the re-encrypted sentence C received from the server to extract the moving object information m. Thereby, even if the moving object information m is intruded and stolen during transfer or in a storage state by an external intruder, the moving object information m exists in an encrypted state so as to be restrained from being exposed to the outside.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a moving object information security system and a moving object information security method using the same,

The present invention relates to a mobile information security system and a mobile information security method using the mobile information security system. More particularly, the present invention relates to a mobile information security system that encrypts and stores information about a moving mobile device such as a car, decrypts and provides information A security system, and a mobile information security method using the same.

Internet of Things (IoT) refers to the technology of connecting sensors and communication functions to various objects and connecting them to the Internet. Here, things can include various embedded systems such as home appliances, mobile equipment, and wearable computers. In addition, objects connected to the Internet need to be connected to the Internet with a unique IP (Internet Protocol) that can distinguish themselves, and the sensor can be embedded to acquire data from the external environment.

Network traffic is exploding when the Internet is activated. Such an increase in traffic can directly lead to degradation of the network performance. Also, as the number of cases of using a cloud service for analyzing big data for an increased traffic is increased, the movement path of data may become long, which may cause an overload of the entire network. Accordingly, it has become necessary to provide a service that can process a certain amount of data at a rate close to the network edge. In order to solve this problem, there has been developed a distributed intelligent computing Fog computing.

As such, fog computing is a paradigm that extends cloud computing services to the edge of the network edge. The concept of providing data, computing, storage, and application services to users is similar to cloud computing, but it can be differentiated from cloud computing in terms of proximity to users, high-density geographic distribution, and mobility support . In a fog computing environment, a service can be provided where the terminal is directly used, such as a network edge or even a set-top box, an access point, or the like. Thus, by providing the service close to the user, it is possible to provide a customized service that reduces the service delay and improves the quality according to the user's needs and environment.

Fog computing can be divided into object area, fog area, and cloud area. First, the object area can be composed of various objects that can sense the surrounding environment. Next, the fog area is composed of fog devices having a higher computing power than a general object. Typical examples thereof include a PC, a router, and a home appliance. The objects in the object area and the fog devices in the fog area can be connected and exchanged with each other using the near field wireless communication. The fog devices may be connected to the cloud area using wired / wireless communication, and there may also be an organic connection between the fog devices.

On the other hand, fog computing can be applied to autonomous vehicles that can be automatically driven by artificial intelligence without human manipulation. Such an autonomous vehicle can generate identification information for identifying the automobile, owner information of the automobile as well as various surrounding information acquired from the camera or the sensor. Such information can be provided and stored in the cloud area via the fog area have.

However, the various information generated in the autonomous vehicle may contain sensitive information that should not be exposed to the outside. Accordingly, the sensitive information may be transmitted by the attack of the hacker during or after being transmitted to the cloud area. Therefore, it is required to develop a technique for safely storing such information.

SUMMARY OF THE INVENTION Accordingly, the present invention has been made keeping in mind the above problems occurring in the prior art, and it is an object of the present invention to provide a mobile information security system capable of enhancing security by storing information on a moving object in a smart distributed computing environment using a re- .

Another object of the present invention is to provide a mobile information security method using the mobile information security system.

A method for securing a mobile agent information according to an exemplary embodiment of the present invention includes an edge device, a mobile device controller, an intermediate connection device, a server, and a user terminal.

The edge device is disposed in a movable body capable of moving, and generates or stores information about the moving body (hereinafter referred to as 'moving body information m'). The moving object control device is disposed in the moving object, receives the moving object information m from the edge device, and encrypts the provided moving object information m to generate an encryption statement C. The intermediate connection device is spaced apart from the moving object and receives the encryption statement C from the mobile device control device in a wireless communication method when the mobile device control device is within a certain range, And generates a re-encryption statement C '. The server receives and stores the re-encryption statement C 'from the intermediate connection device via a wired or wireless network. The user terminal receives the re-encryption statement C 'from the server through the presence or the wireless network, and decrypts the re-encryption statement C' to extract the mobile information m.

The encryption statement C may be an encrypted statement that can be decrypted by the terminal having the attribute information included in the first access structure AS1 and the intermediate connection device has the first attribute information S1 included in the first access structure AS1 Can be. Also, the re-encryption statement C 'may be an encrypted statement that can be decrypted by the terminal having the attribute information included in the second access structure AS2, and the user terminal transmits the second attribute information S2. ≪ / RTI >

The mobile object control device can generate the encryption statement C by encrypting the moving object information m using the public parameter pp and the first access structure AS1.

The intermediate connection device can re-encrypt the encryption statement C using the master key mk, the disclosure parameter pp, the first attribute information S1, and the second access structure AS2 to generate the re-encryption statement C ' .

The server may generate the public parameter pp and the master key mk by receiving the security parameter k using a setup function.

The intermediate connection device receives the public parameter pp and the master key mk from the server and receives the public parameter pp, the master key mk, and the first attribute information S1 using the secret key generating function, Generates a secret key usk1, receives the first secret key usk1 and the second access structure AS2, outputs a re-encryption key rk by using a re-encryption key generation function, Key rk and the encryption statement C and outputs the re-encryption statement C '.

The user terminal can extract the moving object information m by decoding the re-encryption statement C 'using the master key mk, the public parameter pp, and the second property information S2.

The user terminal receives the public parameter pp and the master key mk from the server and receives the public parameter pp, the master key mk, and the second property information S2 using the secret key generating function, And generates the key usk2 and extracts the mobile information m by receiving the second secret key usk2 and the re-encryption statement C 'using the decryption function.

The server receives the first attribute information S1 from the intermediate connection device and receives the public parameter pp, the master key mk, and the first attribute information S1 using the secret key generating function, and receives the first secret key usk1 And provides the generated first secret key usk1 to the intermediate connection device, receives the second attribute information S2 from the user terminal, and uses the secret key generation function to generate the public parameter pp, The master key mk and the second attribute information S2 to generate a second secret key usk2 and provide the generated second secret key usk2 to the user terminal via the intermediate connection device.

The intermediate connection apparatus receives the first secret key usk1 and the second access structure AS2 using the re-encryption key generation function to generate a re-encryption key rk, and uses the re-encryption function to generate the re-encryption key rk And generate the re-encryption statement C 'by receiving the encryption statement C.

The user terminal can extract the mobile information m by receiving the second secret key usk2 and the re-encryption statement C 'using the decryption function.

The moving body may be an autonomous vehicle, and the intermediate connecting device may be included in a traffic light or a street light.

The moving body may be an unmanned aerial vehicle, and the intermediate connecting device may be included in the unmanned aerial vehicle control device.

According to another aspect of the present invention, there is provided a method for security of moving object information, comprising the steps of: receiving information on the moving object from an edge device disposed on the moving object, Quot;), encrypting the moving body information m to generate an encryption statement C (hereinafter referred to as " execution step by the mobile device control device "); When the moving object control apparatus exists in an arbitrary range, the intermediate communication apparatus disposed apart from the moving object receives the encryption statement C from the mobile object control apparatus in a wireless communication method, re-encrypts the encryption statement C, A step of generating a door C '(hereinafter referred to as an' execution step by an intermediate connection device '); The server receiving and storing the re-encryption statement C 'from the intermediate connection apparatus via a wired or wireless network (hereinafter referred to as' server-performed step'); And a step of receiving the re-encryption statement C 'from the server through a wireless network, with or without a user terminal, and extracting the mobile information m by decoding the re-encryption statement C' Quot;).

The encryption statement C may be an encrypted statement that can be decrypted by the terminal having the attribute information included in the first access structure AS1 and the intermediate connection device has the first attribute information S1 included in the first access structure AS1 Can be. The re-encryption statement C 'may be an encrypted statement that can be decrypted by the terminal having the attribute information included in the second access structure AS2, and the user terminal may transmit the second attribute information S2 included in the second access structure AS2 You can have it.

In the step of performing by the mobile object control apparatus, the encryption key C can be generated by encrypting the moving object information m using the public parameter pp and the first access structure AS1.

Encrypting the encrypted statement C using the master key mk, the disclosure parameter pp, the first attribute information S1, and the second access structure AS2, Lt; / RTI >

In the step of performing by the server, the secret parameter pp and the master key mk can be generated by receiving the security parameter k using the setup function.

The step of performing by the intermediate connection device includes receiving the disclosure parameter pp and the master key mk from the server; Generating a first secret key usk1 by receiving the public parameter pp, the master key mk, and the first attribute information S1 using a secret key generation function; Generating a re-encryption key rk by receiving the first secret key usk1 and the second access structure AS2 using a re-encryption key generation function; And generating the re-encryption statement C 'by receiving the re-encryption key rk and the encryption statement C using the re-encryption function and the re-encryption function.

In the performing by the user terminal, the re-encryption statement C 'can be decrypted using the master key mk, the public parameter pp, and the second property information S2 to extract the moving object information m.

Wherein the performing by the user terminal comprises: receiving the disclosure parameter pp and the master key mk from the server; Generating a second secret key usk2 by receiving the public parameter pp, the master key mk, and the second attribute information S2 using a secret key generation function; And extracting the moving object information m by receiving the second secret key usk2 and the re-encryption statement C 'using a decryption function.

The step of performing by the server includes receiving the first attribute information S1 from the intermediate connection apparatus; Generating a first secret key usk1 by receiving the public parameter pp, the master key mk, and the first attribute information S1 using a secret key generation function; Providing the generated first secret key usk1 to the intermediate connection device; Receiving the second attribute information S2 from the user terminal; Generating a second secret key usk2 by receiving the public parameter pp, the master key mk, and the second property information S2 using the secret key generation function; And providing the generated second secret key usk2 to the user terminal.

The step of performing by the intermediate connection device includes the steps of generating a re-encryption key rk by receiving the first secret key usk1 and the second access structure AS2 using a re-encryption key generation function; And generating the re-encryption statement C 'by receiving the re-encryption key rk and the encryption statement C using the re-encryption function and the re-encryption function.

In the step of performing by the user terminal, it is possible to extract the mobile information m by receiving the second secret key usk2 and the re-encryption statement C 'using the decryption function.

The moving body may be an autonomous vehicle, and the intermediate connecting device may be included in a traffic light or a street light.

The moving body may be an unmanned aerial vehicle, and the intermediate connecting device may be included in the unmanned aerial vehicle control device.

As described above, according to the moving object information security system and the moving object information security method using the same according to the present invention, the moving object control device encrypts the moving object information m to generate an encryption statement C, and the intermediate connection device re- The encryption key C 'is generated and stored in the server, and the user terminal decrypts the re-encryption statement C' to extract the mobile information m, so that the mobile information m can be transmitted and stored in an encrypted state. Therefore, since the mobile information m exists in an encrypted state even if it is detached by an external intruder during transmission or in a stored state, exposure to the outside can be suppressed.

Also, as the encryption statement C encrypted in the mobile body control apparatus is re-encrypted from the intermediate connection apparatus to another access structure to generate the re-encryption statement C ', the terminal having the attribute information included in the other access structure The mobile information m can be extracted through decoding of the re-encryption statement C '.

1 is a conceptual diagram illustrating an example in which a mobile information security system according to a first embodiment of the present invention is applied to an autonomous mobile vehicle.
2 is a conceptual diagram illustrating an example in which the mobile information security system of FIG. 1 is applied to an unmanned aerial vehicle.
3 is a block diagram showing an example of the hierarchical relationship in the mobile information security system of FIG.
4 is a diagram for explaining a process of generating a public parameter pp and a master key mk in the server of the mobile information security system of FIG.
5 is a diagram for explaining a process in which the public parameter pp and the master key mk generated in FIG. 4 are transmitted to the intermediate connection device, the mobile object control device, and the user terminal.
FIG. 6 is a diagram for explaining a process of generating an encryption statement C in a mobile device control apparatus of the mobile information security system of FIG. 1. FIG.
FIG. 7 is a diagram for explaining a process of transmitting the encryption statement C generated in FIG. 6 to the intermediate connection device.
8 is a diagram for explaining a process of generating a re-encryption statement C 'in the intermediate connection apparatus of the mobile information security system of FIG.
FIG. 9 is a diagram for explaining a process in which a re-encryption statement C 'generated in FIG. 8 is stored in a server and then transmitted to a user terminal.
FIG. 10 is a diagram for explaining a process of extracting moving object information m from a user terminal in the moving object information security system of FIG. 1. Referring to FIG.
FIG. 11 is a diagram for explaining a process in which moving object information m, first attribute information S1, and second attribute information are transmitted in the moving object information security system according to the second embodiment of the present invention.
FIG. 12 is a diagram for explaining a process in which the public parameter pp, the master key mk, the first secret key S1, and the second secret key S2 are transmitted in the mobile information security system of FIG.
13 is a diagram for explaining a process of extracting moving object information m in the moving object information security system of FIG.

The present invention is capable of various modifications and various forms, and specific embodiments are illustrated in the drawings and described in detail in the text.

It should be understood, however, that the invention is not intended to be limited to the particular forms disclosed, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. The terms first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprising" or "having ", and the like, are intended to specify the presence of stated features, integers, steps, operations, elements, parts, or combinations thereof, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, parts, or combinations thereof.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Reference will now be made in detail to the preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings.

≪ Example 1 >

FIG. 1 is a conceptual diagram showing an example in which a moving object information security system according to a first embodiment of the present invention is applied to an autonomous driving vehicle, FIG. 2 is a conceptual diagram illustrating an example in which the moving object information security system of FIG. And FIG. 3 is a block diagram showing an example of the hierarchical relationship in the mobile information security system of FIG.

1 to 3, the moving object information security system according to the present embodiment encrypts information on a movable mobile object 100, for example, an autonomous vehicle as shown in FIG. 1, an unmanned flight device as shown in FIG. 2, And store it. At this time, the mobile information security system may be applied to an autonomous vehicle as shown in FIG. 1 or to an unmanned aerial vehicle such as a drone as shown in FIG.

The mobile information security system may include at least one edge device 10, a mobile object control device 20, an intermediate connection device 30, a server 40, and a user terminal 50. At this time, the edge device 10 and the mobile object control device 20 are disposed in the mobile body 100.

The edge device 10 may generate or store information about the mobile object 100 (hereinafter, referred to as 'mobile object information m'). For example, the edge device 10 may be various types of sensors capable of measuring the position, speed, surrounding weather, vehicle condition, etc. of the mobile object 100, , Owner information, and the like. Accordingly, the moving object information m may include position information of the moving object 100, surrounding weather information, speed information, vehicle state information, identification information, registration information, owner information, and the like.

The mobile object control device 20 may be disposed in the mobile object 100 to exchange signals with the edge device 10 by wire or wireless communication and may control the edge device 10. [ For example, the mobile object control apparatus 20 may include a gateway capable of receiving various information from the edge device 10 and delivering it to the outside.

The intermediate connection device 30 is spaced apart from the mobile device 100 and transmits and receives signals to and from the mobile device 20 via wireless communication when the mobile device 20 is within an arbitrary range have. The intermediate connection device 30 may be connected to the mobile object control device 20 to control the mobile object control device 20. Here, the intermediate connection device 30 may include a router that can be connected to another external device through a wired or wireless network.

1, the intermediate connection device 30 may be included in at least one of a traffic light and a streetlight. 2, the intermediate connection device 30 may be included in an unmanned flight control device installed in a building, a streetlight, a traffic light, or the like.

The server 40 may exchange signals with the intermediate connection device 30 via a wired or wireless network, for example, the Internet, and may control the intermediate connection device 30. For example, the server 40 may be a cloud server capable of providing a cloud computing service to the mobile object control device 20. [

The user terminal 50 can exchange signals with the server 40 via a wired or wireless network, for example, the Internet. For example, the user terminal 50 may be a smart device such as a smart phone, a tablet PC, or the like, or a computer system such as a desktop, a notebook, or the like. The user terminal 50 can directly connect to the server 40 via the Internet and send and receive signals. However, the user terminal 50 can communicate with the intermediate connection device 30 or another intermediate connection device (not shown) And may be connected to the server 40.

Hereinafter, a process of securing the mobile information m by the mobile information security system described above will be described.

Referring again to FIG. 3, the edge device 10 may generate the moving object information m or store the moving object information m in the internal memory. Then, the edge device 10 may provide the moving object information m to the mobile object control device 20. [

4 is a diagram for explaining a process of generating a public parameter pp and a master key mk in the server of the mobile information security system of FIG.

Referring to FIG. 4, the server 40 may generate the public parameter pp and the master key mk by receiving a security parameter k using a setup function Setup. Specifically, the following process can be performed.

Figure 112016030039095-pat00001

5 is a diagram for explaining a process in which the public parameter pp and the master key mk generated in FIG. 4 are transmitted to the intermediate connection device, the mobile object control device, and the user terminal.

5, the server 40 can provide the public parameter pp and the master key mk generated by the setup function Setup to the intermediate connection device 30 and the user terminal 50 have. For example, when the intermediate connection device 30 and the user terminal 50 are connected to the server 40 when at least one of the public parameter pp and the master key mk is needed, the public parameter pp and the master Lt; RTI ID = 0.0 > mk. ≪ / RTI >

Also, the intermediate connection device 30 may provide the open parameter pp and the master key mk provided from the server 40 to the mobile object control device 20. [ For example, the mobile object control device 20 may connect at least one of the public parameter pp and the master key mk to the intermediate connection device 30 when necessary, so that at least one of the public parameter pp and the master key mk Can be provided.

FIG. 6 is a diagram for explaining a process of generating an encryption statement C in a mobile device control apparatus of the mobile information security system of FIG. 1. FIG.

Referring to FIG. 6, the mobile object control apparatus 20 may encrypt the moving object information m to generate an encryption statement C. At this time, the encryption statement C may be an encryption statement that can be decrypted by the terminal having the attribute information included in the first access structure AS1. Here, the first access structure AS1 may be previously stored in the mobile device 20, or may be stored in the mobile device 20 by a user or an administrator.

For example, the mobile object control apparatus 20 can generate the encryption statement C by encrypting the public parameter pp, the first access structure AS1, and the moving object information m using the encryption function Enc . Specifically, the following process can be performed.

Figure 112016030039095-pat00002

FIG. 7 is a diagram for explaining a process of transmitting the encryption statement C generated in FIG. 6 to the intermediate connection device.

Referring to FIG. 7, the mobile object control apparatus 20 may provide the encryption statement C generated in FIG. 6 to the intermediate connection apparatus 30. FIG.

8 is a diagram for explaining a process of generating a re-encryption statement C 'in the intermediate connection apparatus of the mobile information security system of FIG.

Referring to FIG. 8, the intermediate connection device 30 may have first attribute information S1 included in the first access structure AS1. Therefore, the intermediate connection device 30 can not only decrypt the encrypted statement C using the first attribute information S1 but also change the first access structure AS1 to another second access structure AS2, C '. That is, the intermediate connection device 30 can re-encrypt the encryption statement C to generate the re-encryption statement C '. At this time, the re-encryption statement C 'may be an encryption statement that can be decrypted by the terminal having the attribute information included in the second access structure AS2. Here, the second access structure AS2 may be pre-stored in the imaginary intermediate connection device 30, or may be input and stored by a user or an administrator.

Specifically, the intermediate connection device 30 uses the master key mk and the disclosure parameter pp provided from the server 40, the encryption attribute C using the first attribute information S1 and the second access structure AS2 Re-encryption to generate the re-encryption statement C '.

First, the intermediate connection device 30 can generate the first secret key usk1 by receiving the public parameter pp, the master key mk, and the first attribute information S1 using a secret key generation function (KeyGen) . Specifically, the following process can be performed.

Figure 112016030039095-pat00003

Then, the intermediate connection device 30 can receive the first secret key usk1 and the second access structure AS2 using the re-encryption key generation function RKGen to generate the re-encryption key rk. At this time, the public parameter pp may be further input to the re-encryption key generation function RKGen. Specifically, the following process can be performed.

Figure 112016030039095-pat00004

Then, the intermediate connection device 30 may receive the re-encryption key rk and the encryption statement C using the re-encryption function ReEnc to generate the re-encryption statement C '. At this time, the public parameter pp may be further input to the re-encryption function ReEnc. Specifically, the following process can be performed.

Figure 112016030039095-pat00005

FIG. 9 is a diagram for explaining a process in which a re-encryption statement C 'generated in FIG. 8 is stored in a server and then transmitted to a user terminal.

Referring to FIG. 9, the intermediate connection device 30 may provide the server 40 with the re-encryption statement C 'generated in FIG.

Thereafter, the server 40 may provide the re-encryption statement C 'to the user terminal 50. For example, when the user terminal 50 requests transmission of the re-encryption statement C ', the server 40 may provide the re-encryption statement C' to the user terminal 50.

FIG. 10 is a diagram for explaining a process of extracting moving object information m from a user terminal in the moving object information security system of FIG. 1. Referring to FIG.

Referring to FIG. 10, the user terminal 50 may have second attribute information S2 included in the second access structure AS2. Accordingly, the user terminal 50 can extract the moving object information m by decoding the re-encryption statement C 'using the second property information S2.

For example, the user terminal 50 decrypts the re-encryption statement C 'using the master key mk provided from the server 40, the public parameter pp and the second property information S2, Information m can be extracted.

First, the user terminal 50 may generate the second secret key usk2 by receiving the public parameter pp, the master key mk, and the second property information S2 using the secret key generating function (KeyGen) . Specifically, the following process can be performed.

Figure 112016030039095-pat00006

Then, the user terminal 50 may extract the mobile information m by receiving the second secret key usk2 and the re-encryption statement C 'using the decryption function Dec. At this time, the disclosure parameter pp may be further input to the decryption function Dec. Specifically, the following process can be performed.

Figure 112016030039095-pat00007

As described above, according to the present embodiment, the moving object control device 20 encrypts the moving object information m to generate the encryption statement C, and the intermediate connection device 30 re-encrypts the encryption statement C, And generates and transmits a door C 'to the server 40. The user terminal 50 extracts the moving object information m by decrypting the re-encryption door C' Lt; / RTI > Therefore, since the mobile information m exists in an encrypted state even if it is detached by an external intruder during transmission or in a stored state, exposure to the outside can be suppressed.

Also, the encryption statement C encrypted by the first access structure AS1 in the mobile body control device 20 is re-encrypted in the intermediate connection device 30 to the second access structure AS2 different from the first access structure AS1, The user terminal 50 having the second property information S2 included in the second access structure AS2 extracts the moving object information m through the decoding of the re-encryption statement C 'by generating the re-encryption statement C' can do.

For example, when the mobile object control device 20 generates the encryption statement C that is decryptable in the intermediate connection device 30 but not decryptable in the terminal owned by the police officer, And re-generate the re-encryption statement C 'so that it can be decrypted to the terminal owned by the police officer by changing the access structure.

≪ Example 2 >

11 is a view for explaining a process in which moving object information m, first attribute information S1 and second attribute information are transmitted in the moving object information security system according to the second embodiment of the present invention, 13 is a diagram for explaining a process of transmitting the public parameter pp, the master key mk, the first secret key S1 and the second secret key S2 in the information security system, And FIG.

The moving object information security system according to the present embodiment is substantially the same as the moving object information security system according to the first embodiment explained with reference to FIGS. 1 to 10 except for the process of encrypting and storing and decoding the moving object information m, The same reference numerals are given to the same components in the first embodiment, and a detailed description thereof will be omitted.

11, the edge device 10 may generate the moving object information m or store the moving object information m in the internal memory. Then, the edge device 10 may provide the moving object information m to the mobile object control device 20. [

The intermediate connection device 30 has the first attribute information S1 included in the first access structure AS2 and can provide the first attribute information S1 to the server 40. [

The user terminal 50 has the second attribute information S2 included in the second access structure AS2 and can provide the second attribute information S2 to the server 40. [

Referring to FIG. 12, the server 40 may generate the public parameter pp and the master key mk by receiving the security parameter k using the setup function Setup.

The server 40 may provide at least one of the public parameter pp and the master key mk generated by the setup function Setup to the intermediate connection device 30 and the user terminal 50. [ Also, the intermediate connection device 30 may provide at least one of the open parameter pp and the master key mk provided from the server 40 to the mobile object control device 20.

Meanwhile, the server 40 receives the public parameter pp, the master key mk, and the first property information S1 provided from the intermediate connection device 30 using the secret key generating function (KeyGen) The first secret key usk1 can be generated. The server 40 receives the public parameter pp and the master key mk and the second property information S2 provided by the user terminal 50 using the secret key generating function KeyGen, It is possible to generate the second secret key usk2.

The server 40 provides the first secret key usk1 generated by the secret key generation function KeyGen to the intermediate connection device 30 and transmits the secret key generated by the secret key generation function KeyGen to the intermediate connection device 30, 2 secret key usk 2 to the user terminal 50.

Referring to FIG. 13, the mobile object control apparatus 20 encrypts the public parameter pp, the first access structure AS1, and the moving object information m using the encryption function Enc to generate the encryption statement C can do. Then, the mobile object control device 20 may provide the encryption door C to the intermediate connection device 30. [

Then, the intermediate connection device 30 may receive the first secret key usk1 and the second access structure AS2 using the re-encryption key generation function RKGen to generate the re-encryption key rk. At this time, the public parameter pp may be further input to the re-encryption key generation function RKGen.

Then, the intermediate connection device 30 can generate the re-encryption statement C 'by receiving the re-encryption key rk and the encryption statement C using the re-encryption function ReEnc. At this time, the public parameter pp may be further input to the re-encryption function ReEnc.

Then, the intermediate connection device 30 may provide the re-encryption statement C 'to the server 40 and store the re-encryption statement C'.

Then, the server 40 may provide the re-encryption statement C 'to the user terminal 50. For example, when the user terminal 50 requests transmission of the re-encryption statement C ', the server 40 may provide the re-encryption statement C' to the user terminal 50.

Then, the user terminal 50 may extract the mobile information m by receiving the second secret key usk2 and the re-encryption statement C 'using the decryption function Dec.

As described above, according to the present embodiment, the server 40 generates the first secret key usk1 and the second secret key usk1 and provides them to the intermediate connection device 30 and the user terminal 50, respectively, The computation load of the intermediate connection device 30 and the user terminal 50 can be reduced.

While the present invention has been described in connection with what is presently considered to be practical and exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

100: Moving body 10: Edge device
20: Moving object control device 30: Intermediate connection device
40: server 50: user terminal

Claims (26)

An edge device which is disposed in a movable body and generates or stores information about the moving body (hereinafter, referred to as 'moving body information m');
A moving object control device disposed in the moving object, receiving the moving object information m from the edge device, and encrypting the provided moving object information m to generate an encrypted statement C;
Wherein the mobile communication control device receives the encryption statement C from the mobile device control device in a wireless communication method when the mobile device is in an arbitrary range, An intermediate connection device for generating C ';
A server for receiving and storing the re-encryption statement C 'from the intermediate connection device via a wired or wireless network; And
And receives the re-encryption statement C 'from the server via a wireless network or a wireless network, and extracts the mobile information m by decoding the provided re-encryption statement C'. 2. The method according to claim 1,
Is an encryption statement that can be decrypted by the terminal having the attribute information included in the first access structure AS1,
The intermediate connection device
And first attribute information S1 included in the first access structure AS1,
The re-encryption statement C '
Is an encryption statement that can be decrypted by the terminal having the attribute information included in the second access structure AS2,
The user terminal
And second attribute information S2 included in the second access structure AS2. The mobile body control apparatus according to claim 2,
And encrypts the moving object information m using the public parameter pp and the first access structure AS1 to generate the encryption statement C. [ 4. The apparatus of claim 3,
Encrypts the encrypted statement C using the master key mk, the public parameter pp, the first attribute information S1, and the second access structure AS2 to generate the re-encrypted statement C ' system. 5. The system of claim 4, wherein the server
Using the setup function, generates the public parameter pp and the master key mk by receiving the security parameter k. 6. The apparatus according to claim 5,
Receiving the public parameter pp and the master key mk from the server,
Generates a first secret key usk1 by receiving the public parameter pp, the master key mk, and the first attribute information S1 using a secret key generating function,
Receives the first secret key usk1 and the second access structure AS2 and outputs a re-encryption key rk using the re-encryption key generation function,
And the re-encryption key rk and the encryption statement C are received using the re-encryption function, and the re-encryption statement C 'is outputted. 6. The method of claim 5, wherein the user terminal
Decrypts the re-encrypted statement C 'using the master key mk, the public parameter pp, and the second property information S2 to extract the moving object information m. 8. The method of claim 7, wherein the user terminal
Receiving the public parameter pp and the master key mk from the server,
Generates the second secret key usk2 by receiving the public parameter pp, the master key mk, and the second attribute information S2 using the secret key generating function,
And extracts the moving object information m by receiving the second secret key usk2 and the re-encryption statement C 'using a decryption function. 8. The method of claim 7, wherein the server
Receives the first attribute information S1 from the intermediate connection device and generates the first secret key usk1 by receiving the public parameter pp, the master key mk, and the first attribute information S1 using the secret key generation function , Providing the generated first secret key usk1 to the intermediate connection device,
Receives the second attribute information S2 from the user terminal, generates the second secret key usk2 by receiving the public parameter pp, the master key mk, and the second attribute information S2 using the secret key generating function And provides the generated second secret key usk2 to the user terminal via the intermediate connection device. 10. The apparatus of claim 9,
Generates a re-encryption key rk by receiving the first secret key usk1 and the second access structure AS2 using the re-encryption key generation function,
And the re-encryption key rk and the encryption key C are received using the re-encryption function to generate the re-encryption statement C '. 10. The method of claim 9, wherein the user terminal
And extracts the moving object information m by receiving the second secret key usk2 and the re-encryption statement C 'using a decryption function. The vehicle according to claim 1, wherein the moving object is an autonomous vehicle,
Wherein the intermediate connection device is included in a traffic light or a street light. 2. The navigation system according to claim 1, wherein the moving body is an unmanned aerial vehicle,
Wherein the intermediate connection device is included in the unmanned aerial vehicle control system. A mobile object control device disposed in a mobile object capable of movement receives information (hereinafter, referred to as 'mobile object information m') of the mobile object from an edge device disposed in the mobile object, encrypts the mobile object information m A step of generating an encryption statement C (hereinafter referred to as an 'execution step by the mobile device control device');
When the moving object control apparatus exists in an arbitrary range, the intermediate communication apparatus disposed apart from the moving object receives the encryption statement C from the mobile object control apparatus in a wireless communication method, re-encrypts the encryption statement C, A step of generating a door C '(hereinafter referred to as an' execution step by an intermediate connection device ');
The server receiving and storing the re-encryption statement C 'from the intermediate connection apparatus via a wired or wireless network (hereinafter referred to as' server-performed step'); And
Receiving the re-encryption statement C 'from the server with or without a user terminal, extracting the mobile information m by decrypting the re-encryption statement C' (hereinafter referred to as'Quot;).≪ / RTI > 15. The method according to claim 14,
Is an encryption statement that can be decrypted by the terminal having the attribute information included in the first access structure AS1,
The intermediate connection device
And first attribute information S1 included in the first access structure AS1,
The re-encryption statement C '
Is an encryption statement that can be decrypted by the terminal having the attribute information included in the second access structure AS2,
The user terminal
And second attribute information S2 included in the second access structure AS2. 16. The method according to claim 15, wherein in the step of performing by the moving object control apparatus,
And encrypting the moving object information m using the public parameter pp and the first access structure AS1 to generate the encryption statement C. 17. The method according to claim 16, wherein in the step of performing by the intermediate connection device,
Encrypts the encrypted statement C using the master key mk, the public parameter pp, the first attribute information S1, and the second access structure AS2 to generate the re-encrypted statement C ' Way. The method as claimed in claim 17, wherein, in the step of performing by the server,
And generates the public parameter pp and the master key mk by receiving the security parameter k using a setup function. 19. The method according to claim 18, wherein the step of performing by the intermediate connection device
Receiving the public parameter pp and the master key mk from the server;
Generating a first secret key usk1 by receiving the public parameter pp, the master key mk, and the first attribute information S1 using a secret key generation function;
Generating a re-encryption key rk by receiving the first secret key usk1 and the second access structure AS2 using a re-encryption key generation function; And
And generating the re-encryption statement C 'by receiving the re-encryption key rk and the encryption statement C using the re-encryption function. 19. The method of claim 18, wherein, in the step of performing by the user terminal,
Decrypts the re-encrypted statement C 'using the master key mk, the public parameter pp, and the second property information S2 to extract the moving object information m. 21. The method of claim 20, wherein the performing by the user terminal comprises:
Receiving the public parameter pp and the master key mk from the server;
Generating a second secret key usk2 by receiving the public parameter pp, the master key mk, and the second attribute information S2 using a secret key generation function; And
And extracting the mobile information m by receiving the second secret key usk2 and the re-encryption statement C 'using a decryption function. 21. The method according to claim 20, wherein the step of performing by the server
Receiving the first attribute information S1 from the intermediate connection device;
Generating a first secret key usk1 by receiving the public parameter pp, the master key mk, and the first attribute information S1 using a secret key generation function;
Providing the generated first secret key usk1 to the intermediate connection device;
Receiving the second attribute information S2 from the user terminal;
Generating a second secret key usk2 by receiving the public parameter pp, the master key mk, and the second property information S2 using the secret key generation function; And
And providing the generated second secret key usk2 to the user terminal. 23. The method according to claim 22, wherein the step of performing by the intermediate connection device
Generating a re-encryption key rk by receiving the first secret key usk1 and the second access structure AS2 using a re-encryption key generation function; And
And generating the re-encryption statement C 'by receiving the re-encryption key rk and the encryption statement C using the re-encryption function. 23. The method of claim 22, wherein, in the step of performing by the user terminal,
And extracts the moving object information m by receiving the second secret key usk2 and the re-encryption statement C 'using a decryption function. 15. The method of claim 14, wherein the moving object is an autonomous vehicle,
Wherein the intermediate connection device is included in a traffic light or a streetlight. 15. The method of claim 14, wherein the moving object is an unmanned aerial vehicle,
Wherein the intermediate connection device is included in the unmanned aerial vehicle control device.
KR1020160037604A 2016-03-29 2016-03-29 System for securing information of moving object and method for securing information of moving object using the system KR101726975B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020160037604A KR101726975B1 (en) 2016-03-29 2016-03-29 System for securing information of moving object and method for securing information of moving object using the system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160037604A KR101726975B1 (en) 2016-03-29 2016-03-29 System for securing information of moving object and method for securing information of moving object using the system

Publications (1)

Publication Number Publication Date
KR101726975B1 true KR101726975B1 (en) 2017-04-13

Family

ID=58579748

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160037604A KR101726975B1 (en) 2016-03-29 2016-03-29 System for securing information of moving object and method for securing information of moving object using the system

Country Status (1)

Country Link
KR (1) KR101726975B1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020020166A (en) * 2000-09-07 2002-03-14 박명산 End-to-end data encryption/decryption method and device for mobile data communication
KR20110029773A (en) * 2009-09-16 2011-03-23 동국대학교 경주캠퍼스 산학협력단 Hybrid pre based approach control apparatus for vehicle edr data and method thereof
KR20140112815A (en) * 2013-03-14 2014-09-24 한양대학교 에리카산학협력단 Method and system for secure data transfer using conditional proxy re-encryption

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020020166A (en) * 2000-09-07 2002-03-14 박명산 End-to-end data encryption/decryption method and device for mobile data communication
KR20110029773A (en) * 2009-09-16 2011-03-23 동국대학교 경주캠퍼스 산학협력단 Hybrid pre based approach control apparatus for vehicle edr data and method thereof
KR20140112815A (en) * 2013-03-14 2014-09-24 한양대학교 에리카산학협력단 Method and system for secure data transfer using conditional proxy re-encryption

Similar Documents

Publication Publication Date Title
KR101941049B1 (en) Method and system for encrypted communications
KR101883816B1 (en) Technologies for supporting multiple digital rights management protocols on a client device
KR20130111165A (en) Bluetooth low energy privacy
US9325507B2 (en) System and method for managing mobile device using device-to-device communication
US11482005B2 (en) Techniques for secure video frame management
US11989328B2 (en) Embedded device for control of data exposure
JP2009075688A (en) Program and method for managing information related with location of mobile device and cryptographic key for file
KR101790870B1 (en) System and method for storing information of moving object
KR102162018B1 (en) Apparatus and method for open and private iot gateway using intel sgx
KR101845610B1 (en) Security system of moving object information and security method of moving object information using the system
KR101714306B1 (en) Security system and method for information of moving object
KR101861923B1 (en) Security system of moving object information and security method of moving object information using the system
KR101726975B1 (en) System for securing information of moving object and method for securing information of moving object using the system
KR101702807B1 (en) System and method for storing information of moving object in distributed fashion
KR101834632B1 (en) Security system of moving object information and security method of moving object information using the system
KR101701625B1 (en) Method and system for reproducing contents by secure acquiring decryption key for encrypted contents
KR101812311B1 (en) User terminal and data sharing method of user terminal based on attributed re-encryption
KR101932813B1 (en) Security system of moving object information and security method of moving object information using the system
KR20150078654A (en) Apparatus and method for encrypting image taken by vehicle, and server for shearing encrypted image
KR101768367B1 (en) Management system of moving object information and management method of moving object information using the system
KR20190007336A (en) Method and apparatus for generating end-to-end security channel, and method and apparatus for transmitting/receiving secure information using security channel
KR20180067214A (en) Terminal, system and method for distribution of share key using one time password
CN114337984A (en) Data processing method, device and equipment
Choi et al. A distributed cloud based video storage system with privacy protection
KR101672800B1 (en) Method and System for Providing Network Service

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant