WO2018205263A1

WO2018205263A1 - Sybil attack defense method and system

Info

Publication number: WO2018205263A1
Application number: PCT/CN2017/084174
Authority: WO
Inventors: 张鹏; 喻建平; 张霞飞
Original assignee: 深圳大学
Priority date: 2017-05-12
Filing date: 2017-05-12
Publication date: 2018-11-15

Abstract

Provided are a Sybil attack defense method. The method comprises: an initialization step: according to a known security parameter λ and a global attribute set U, using the secret key generation center to operate a pre-set setting algorithm so as to generate a master secret key MSK = {S} and publish a public parameter pp; a registration step: submitting a registration application to the secret key generation center by means of the user, the secret key generation center operating a pre-set secret key generation algorithm to generate a user private key SKS, and distributing the user private key SKS to the user by means of a secret channel; a signature step: the user signing a signature by means of operating a pre-set signature algorithm; and a verification step: the user verifying, after signing a signature, the signature by means of operating a pre-set verification algorithm. Also provided is a Sybil attack defense system. The technical solution provided in the present invention can effectively defend a Sybil attack, so that data security is improved.

Description

Witch attack defense method and system thereof

Technical field

The present invention relates to the field of data authentication technologies in network communications, and in particular, to a witch attack defense method and system thereof.

Background technique

In recent years, wearable smart devices have become increasingly popular, the development of cloud computing has matured, the scale of mobile Internet users has increased year by year, the value of big data has accelerated, medical services have evolved from informationization to mobile and networked, and mobile medical networks have gradually formed. Among them, the wearable device collects the health information of the residents, and analyzes and processes the collected data according to the cloud platform, and then provides the health monitoring and clinical diagnosis to the hospital and the doctor. The mobile medical network can improve the patient's medical experience, improve the diagnosis and treatment efficiency of doctors, reduce the social cost of medical services, and effectively improve the health status of residents and the social medical environment.

Mobile medical networks can provide users with social networking services such as forwarding health information, sharing fitness experiences, and communicating treatment experiences. However, mobile medical social networks are vulnerable to malicious attacks. When an attacker pretends to be the identity of multiple legitimate users, or illegally declares multiple forged user identities, the social network is attacked by a witch. Witch attacks can degrade network performance, interrupt programs, tamper with data, or maliciously deceive others, thus causing significant damage to the performance of mobile medical social networks.

In mobile health social networks, it is inevitable to open up some health data to the public. versus At the same time, users are reluctant to use their true identity to communicate with each other due to the risk of privacy breaches. In fact, any disclosure of identity information may infringe on user privacy and even result in loss of life and property. Identity privacy protection makes it more difficult to defend against witch attacks.

Summary of the invention

In view of this, the object of the present invention is to provide a witch attack defense method and a system thereof, aiming at solving the problem that the mobile medical social network is vulnerable to witch attacks in the prior art.

The present invention provides a witch attack defense method, which is applied to a mobile medical social network composed of a key generation center, a cloud service provider, and a user, wherein the method includes:

An initialization step: using the secret security generation parameter λ and the global attribute set U, using the key generation center to execute a preset setting algorithm to generate a master key MSK={S} and publishing a public parameter pp;

a registration step: submitting a registration application to the secret key generation center by the user, and executing a preset key generation algorithm by the key generation center to generate a user private key SK _S and privately Key SK _{S is} distributed to the user;

Signing step: the user signs by running a preset signature algorithm;

Verification step: The user verifies the signature by running a preset verification algorithm after signing.

Preferably, in the initializing step, the setting algorithm is a Setup (λ, U) algorithm, wherein the step of running the preset Setup (λ, U) algorithm specifically includes:

Entering the security parameter λ and the global attribute set U={1, 2, . . . , t}, and defining a default attribute set U ^* ={t+1, t+2, . . . , 2t} ;

Select random matrix

Pick a random matrix

Let AS=g mod 2g;

Define ζ such that ζ·(g-2)=1 mod 2g;

Calculate ζA=(ζa,1) and ζAS=ζas ₁ +s ₂ =ζg mod 2g;

The master key MSK={S} and the public parameter PP={A, ζ, U, U ^* } are output.

Preferably, in the step of registering, the key generation algorithm is a KeyGen (PP, MSK, S) algorithm, wherein the step of running the preset KeyGen (PP, MSK, S) algorithm specifically includes:

Random selection of t-1 polynomial

So that for each j there is f _j (0) = s _j ;

For each i∈S∪U ^* , order

The user private key SK _S =(AS _i , i∈S∪U ^* ) is output.

Preferably, in the signing step, the signature algorithm is

Algorithm in which the preset is run

The steps of the algorithm specifically include:

Define a set of attributes for a k element

Define a default attribute set

Where |U'|=tk;

For i∈S ^* ∪U', the distribution from the standard deviation is σ

Select the m-dimensional vector y _1i , y _2i , define Y = (y _1i , y _2i ) ^t , and calculate u _i = ζ AY = ζ · a · y _1i + y _2i mod 2g and

Wherein p=[2q/2 ^d ], 2g=p·2 ^d +2g mod 2 ^d ;

When i∈S'∪U', calculate z _1i =A((Δ ₁ f ₁ (i)c+y _1i ), when i∈S ^* \S', calculate z _1i =Ay _1i , when i∈ When S'∪U', z _2i = A((Δ ₂ f ₂ (i)c+y _2i ) is calculated, and when i∈S ^* \S', z _2i = Ay _{2i is} calculated;

The output probability is

Calculation

Output signature

Preferably, in the verifying step, the verification algorithm is

Algorithm in which the preset is run

The steps of the algorithm specifically include:

Enter the signature of the user μ

And define B such that A mod q=2B;

in case

Reject the signature;

in case

Reject the signature;

in case

Then accept the signature.

In another aspect, the present invention further provides a witch attack defense system, which is applied to a mobile medical social network composed of a key generation center, a cloud service provider, and a user, wherein the system includes:

An initialization module, configured to run a preset setting algorithm by using the key generation center according to the known security parameter λ and the global attribute set U to generate a master key MSK={S} and publish a public parameter pp;

a registration module, configured to submit a registration application to the secret key generation center by using the user, and the secret key generation algorithm runs a preset secret key generation algorithm to generate a user private key SK _S and User private key SK _{S is} distributed to the user;

a signature module, configured to: the user signs by running a preset signature algorithm;

The verification module is configured to verify the signature of the user by running a preset verification algorithm after signing.

Preferably, the setting algorithm is a Setup (λ, U) algorithm, wherein the step of running the preset Setup (λ, U) algorithm specifically includes:

Select random matrix

Pick a random matrix

Let AS=g mod 2g;

Define ζ such that ζ·(g-2)=1 mod 2g;

Calculate ζA=(ζa,1) and ζAS=ζas ₁ +s ₂ =ζg mod 2g;

Preferably, the key generation algorithm is a KeyGen (PP, MSK, S) algorithm, and the step of running the preset KeyGen (PP, MSK, S) algorithm specifically includes:

Random selection of t-1 polynomial

So that for each j there is f _j (0) = s _j ;

For each i∈S∪U ^* , order

The user private key SK _S =(AS _i , i∈S∪U ^* ) is output.

Preferably, the signature algorithm is

Algorithm in which the preset is run

The steps of the algorithm specifically include:

Define a set of attributes for a k element

Define a default attribute set

Where |U'|=tk;

For i∈S ^* ∪U', the distribution from the standard deviation is σ

Select the m-dimensional vector y _1i , y _2i , define Y=(y _1i , y _2i ) ^t , and calculate u _i =ζAY=ζ·a·y _1i +y _2i mod 2g and

Wherein p=[2q/2 ^d ], 2g=p·2 ^d +2g mod 2 ^d ;

The output probability is

Calculation

Output signature

Preferably, the verification algorithm is

Algorithm in which the preset is run

The steps of the algorithm specifically include:

Enter the signature of the user μ

And define B such that A mod g=2B;

in case

Reject the signature;

in case

Reject the signature;

in case

Then accept the signature.

The technical solution provided by the present invention is applicable to a mobile medical social network, and an anonymous authentication protocol is proposed, which uses multiple attributes of a user instead of a single identity to access a service, thereby preventing potential witch attacks and identity privacy leakage, and improving data. safety.

DRAWINGS

1 is a flowchart of a witch attack defense method according to an embodiment of the present invention;

2 is a schematic diagram showing the internal structure of a witch attack defense system 10 according to an embodiment of the present invention;

3 is a schematic diagram of a running time of a signature algorithm in a defense scheme according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of a running time of a verification algorithm in a defense scheme according to an embodiment of the present invention.

detailed description

The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

A specific embodiment of the present invention provides a witch attack defense method, which is applied to a mobile medical social network composed of a key generation center, a cloud service provider, and a user, wherein the method includes:

Signing step: the user signs by running a preset signature algorithm;

The invention provides a witch attack defense method suitable for a mobile medical social network, and proposes an anonymous authentication protocol, which uses multiple attributes of a user instead of a single identity to access a service, thereby preventing potential witch attacks and identity privacy. Leakage to improve data security.

A witch attack defense method provided by the present invention will be described in detail below.

Please refer to FIG. 1 , which is a flowchart of a witch attack defense method according to an embodiment of the present invention.

In this embodiment, the witch attack defense method is applied to a mobile phone composed of a Key Generation Center (KGC), a Cloud Service Provider (CSP), and a user (including a signer and a verifier). Medical social network, usually, KGC is used to set up the system and issue private keys to legitimate users. CSP provides users with medical health data storage services. It is also a potential witch attacker to tamper with or falsify users' health data. Users use certain terminals ( For example, smartphones, laptops, etc.) and applications to periodically access the social platform, the signer refers to the user who wants to share the health data stored in the CSP, and the verifier refers to the user who has a social relationship with the signer.

In step S1, an initialization step is to run a preset setting algorithm using the secret key generation center to generate a master key MSK={S} and publish a common parameter pp according to the known security parameter λ and the global attribute set U. In the present embodiment, the initialization step is used to establish a registration system.

In this embodiment, in the initializing step, the setting algorithm is a Setup (λ, U) algorithm, wherein the step of running the preset Setup (λ, U) algorithm specifically includes:

Select random matrix

Pick a random matrix

Let AS=g mod 2g;

Define ζ such that ζ·(g-2)=1 mod 2g;

Calculate ζA=(ζa,1) and ζAS=ζas ₁ +s ₂ =ζg mod 2g;

In step S2, the registration step is: submitting a registration application to the secret key generation center by the user, and executing a preset key generation algorithm by the key generation center to generate a user private key SK _S and passing the secret channel Distributing the user private key SK _S to the user.

In the present embodiment, if a legitimate user (such as a patient or doctor) having the attribute set S wants to access the social platform, this operation must be performed.

In this embodiment, in the registration step, the key generation algorithm is a KeyGen (PP, MSK, S) algorithm, wherein the step of executing the preset KeyGen (PP, MSK, S) algorithm is specific include:

Random selection of t-1 polynomial

So that for each j there is f _j (0) = s _j ;

For each i∈S∪U ^* , order

The user private key SK _S =(AS _i , i∈S∪U ^* ) is output.

In step S3, a signature step: the user signs by running a preset signature algorithm.

In the present embodiment, it is assumed that the doctor has the private key SK _{S of the} attribute set S, such as "Hospital A, Pediatrics, Chief Physician", in order to defend against witch attacks and protect identity privacy, the doctor runs

Algorithm to prove that he is a valid user. In this embodiment, let d be that we want to

In order to reduce the length of the signature, the present invention introduces the high order bits [x] _{d of} x, which is defined in a binary vector set of length n and weight k.

A hash function H with a uniform output, in order to prove that the signer has at least k attributes in the attribute set S ^* , the signer performs

algorithm.

In this embodiment, in the signing step, the signature algorithm is

Algorithm in which the preset is run

The steps of the algorithm specifically include:

Define a set of attributes for a k element

Define a default attribute set

Where |U'|=tk;

For i∈S ^* ∪U', the distribution from the standard deviation is σ

Wherein p=[2q/2 ^d ], 2g=p·2 ^d +2g mod 2 ^d ;

The output probability is

Calculation

Output signature

In the present embodiment,

The private key used in the algorithm is related to the doctor's attributes rather than his identity, so his identity privacy is protected from disclosure. At the same time, with the use and disclosure of the access structure, identity legitimacy is guaranteed.

In step S4, the verification step: the user verifies the signature by running a preset verification algorithm after signing.

In this embodiment, in the verifying step, the verification algorithm is

Algorithm in which the preset is run

The steps of the algorithm specifically include:

Enter the signature of the user μ

And define B such that A mod q=2B;

in case

Reject the signature;

in case

Reject the signature;

in case

Then accept the signature.

In the present embodiment, if the signature is verified, the attribute of the signer satisfies the policy defined in the access structure, so the verifier considers the signer to be legal. Otherwise the signer's properties may not satisfy the access structure, or a witch attacker may tamper with or falsify the information, so the verifier should reject it.

In this embodiment, the verification of the correctness of the signature is described as follows:

therefore,

The invention provides a witch attack defense method suitable for a mobile medical social network, and proposes an anonymous authentication protocol, which uses multiple attributes of a user instead of a single identity to access the service. Thereby preventing potential witch attacks and identity privacy leaks, and improving data security.

The embodiment of the present invention further provides a witch attack defense system 10, which is applied to a mobile medical social network composed of a key generation center, a cloud service provider, and a user, wherein the system includes:

The initialization module 11 is configured to use the key generation center to execute a preset setting algorithm to generate a master key and publish a public parameter pp according to a known security parameter and a global attribute set;

The registration module 12 is configured to submit a registration application to the secret key generation center by using the user, and the secret key generation algorithm runs a preset secret key generation algorithm to generate a user private key, and the user is accessed through a secret channel. a private key is distributed to the user;

The signing module 13 is configured to: the user signs by running a preset signature algorithm;

The verification module 14 is configured to verify, by the user, the signature by running a preset verification algorithm after signing.

The invention provides a witch attack defense system 10, which is suitable for a mobile medical social network, and proposes an anonymous authentication protocol, which uses multiple attributes of a user instead of a single identity to access services, thereby preventing potential witch attacks and identities. Privacy leaks improve data security.

Referring to FIG. 2, a schematic structural diagram of a witch attack defense system 10 according to an embodiment of the present invention is shown.

In the present embodiment, the witch attack defense system 10 mainly includes an initialization module 11, a registration module 12, a signature module 13, and a verification module 14.

An initialization module 11 for utilizing the secret key according to a known security parameter λ and a global attribute set U The generation center runs the preset setting algorithm to generate the master key MSK={S} and publishes the public parameter pp.

In this embodiment, the setting algorithm is a Setup (λ, U) algorithm, and the step of running the preset Setup (λ, U) algorithm specifically includes:

Select random matrix

Pick a random matrix

Let AS=g mod 2g;

Define ζ such that ζ·(g-2)=1 mod 2g;

Calculate ζA=(ζa,1) and ζAS=ζas ₁ +s ₂ =ζg mod 2g;

The registration module 12 is configured to submit a registration application to the secret key generation center by using the user, and execute a preset key generation algorithm by the key generation center to generate a user private key SK _S and pass the secret channel The user private key SK _{S is} distributed to the user.

In this embodiment, the key generation algorithm is a KeyGen (PP, MSK, S) algorithm, and the step of running the preset KeyGen (PP, MSK, S) algorithm specifically includes:

Random selection of t-1 polynomial

So that for each j there is f _j (0) = s _j ;

For each i∈S∪U ^* , order

The user private key SK _S =(AS _i , i∈S∪U ^* ) is output.

The signing module 13 is configured to sign the user by running a preset signature algorithm.

In this embodiment, the signature algorithm is

Algorithm in which the preset is run

The steps of the algorithm specifically include:

Define a set of attributes for a k element

Define a default attribute set

Where |U'|=tk;

For i∈S ^* ∪U', the distribution from the standard deviation is σ

Wherein p=[2q/2 ^d ], 2g=p·2 ^d +2g mod 2 ^d ;

The output probability is

Calculation

Output signature

In this embodiment, the verification algorithm is

Algorithm in which the preset is run

The steps of the algorithm specifically include:

Enter the signature of the user μ

And define B such that A mod g=2B;

in case

Reject the signature;

in case

Reject the signature;

in case

Then accept the signature.

The witch attack defense scheme proposed by the present invention can analyze the efficiency of the defense scheme through simulation. The detailed simulation environment is described as follows: the operating system is Ubuntu 12.04, with Intel(R) Core(TM) i5-3210M quad-core CPU processor, running The speed is 2.50GHz and the memory is 1.6GB. The program of the present invention performs matrix operations using the GMP 6.0.0 large digital library and the NTL 6.0.0 library, and is implemented on the GCC platform through the C++ programming language. For convenience, the present invention sets the security parameter λ to 128 bit bits and 160 bit bits. The number of attributes used in the experiment is l={3,5,8}. Each test has 100 iterations and averages.

Among them, Table 1 describes the parameter setting of the defense scheme of the present invention, and FIG. 3 and FIG. 4 respectively show the running time of the signature algorithm and the verification algorithm of the defense scheme of the present invention.

Table 1 Parameter settings of the defense scheme of the present invention

It should be noted that, in the above embodiment, each unit included is only performed according to functional logic. The divisions are not limited to the above-mentioned divisions, as long as the corresponding functions can be implemented; in addition, the specific names of the respective functional units are only for the purpose of facilitating mutual differentiation, and are not intended to limit the scope of protection of the present invention.

In addition, those skilled in the art can understand that all or part of the steps of implementing the above embodiments may be completed by a program to instruct related hardware, and the corresponding program may be stored in a computer readable storage medium. Storage medium, such as ROM/RAM, disk or CD.

The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. Within the scope.

Claims

A witch attack defense method is applied to a mobile medical social network composed of a key generation center, a cloud service provider, and a user, wherein the method includes:

An initialization step: using the secret security generation parameter λ and the global attribute set U, using the key generation center to execute a preset setting algorithm to generate a master key MSK={S} and publishing a public parameter pp;

a registration step: submitting a registration application to the secret key generation center by the user, and executing a preset key generation algorithm by the key generation center to generate a user private key SK S and privately Key SK S is distributed to the user;

Signing step: the user signs by running a preset signature algorithm;

Verification step: The user verifies the signature by running a preset verification algorithm after signing.
The witch attack defense method according to claim 1, wherein in the initializing step, the setting algorithm is a Setup (λ, U) algorithm, wherein the preset set (λ, U) is executed. The steps of the algorithm specifically include:

Entering the security parameter λ and the global attribute set U={1, 2, . . . , t}, and defining a default attribute set U * ={t+1, t+2, . . . , 2t} ;

Select random matrix

Pick a random matrix
Let AS=q mod 2q;

Define ζ such that ζ·(q-2)=1 mod 2q;

Calculate ζA=(ζa,1) and ζAS=ζas 1 +s 2 =ζq mod 2q;

The master key MSK={S} and the public parameter PP={A, ζ, U, U * } are output.
The witch attack defense method according to claim 2, wherein in the registering step, the key generation algorithm is a KeyGen (PP, MSK, S) algorithm, wherein the preset KeyGen is executed ( The steps of the PP, MSK, S) algorithm specifically include:

Random selection of t-1 polynomial
So that for each j there is f j (0) = s j ;

For each i∈S∪U * , order

The user private key SK S =(AS i , i∈S∪U * ) is output.
The witch attack defense method according to claim 3, wherein in the signing step, the signature algorithm is
Algorithm in which the preset is run
The steps of the algorithm specifically include:

Define a set of attributes for a k element

Define a default attribute set
Where |U'|=tk;

For i∈S * ∪U', the distribution from the standard deviation is σ
Select the m-dimensional vector y 1i , y 2i , define Y = (y 1i , y 2i ) t , and calculate u i = ζ AY = ζ · a · y 1i + y 2i mod 2q and
Where p=[2q/2 d ], 2q=p·2 d +2q mod 2 d ;

When i∈S'∪U', calculate z 1i =A((Δ 1 f 1 (i)c+y 1i ), when i∈S * \S', calculate z 1i =Ay 1i , when i∈ When S'∪U', z 2i = A((Δ 2 f 2 (i)c+y 2i ) is calculated, and when i∈S * \S', z 2i = Ay 2i is calculated;

The output probability is

Calculation

Output signature
The witch attack defense method according to claim 4, wherein in the verifying step, the verification algorithm is
Algorithm in which the preset is run
The steps of the algorithm specifically include:

Enter the signature of the user μ
And define B such that A mod q=2B;

in case
Reject the signature;

in case
Reject the signature;

in case
Then accept the signature.
A witch attack defense system is applied to a mobile medical social network composed of a key generation center, a cloud service provider, and a user, wherein the system includes:

An initialization module, configured to run a preset setting algorithm by using the key generation center according to the known security parameter λ and the global attribute set U to generate a master key MSK={S} and publish a public parameter pp;

a registration module, configured to submit a registration application to the secret key generation center by using the user, and the secret key generation algorithm runs a preset secret key generation algorithm to generate a user private key SK S and User private key SK S is distributed to the user;

a signature module, configured to: the user signs by running a preset signature algorithm;

The verification module is configured to verify the signature of the user by running a preset verification algorithm after signing.
The witch attack defense system according to claim 6, wherein said setting algorithm is The Setup (λ, U) algorithm, wherein the step of running the preset Setup (λ, U) algorithm specifically includes:

Entering the security parameter λ and the global attribute set U={1, 2, . . . , t}, and defining a default attribute set U * ={t+1, t+2, . . . , 2t} ;

Select random matrix

Pick a random matrix Let AS=q mod 2q;

Define ζ such that ζ·(q-2)=1 mod 2q;

Calculate ζA=(ζa,1) and ζAS=ζas 1 +s 2 =ζq mod 2q;

The master key MSK={S} and the public parameter PP={A, ζ, U, U * } are output.
The witch attack defense system according to claim 7, wherein the key generation algorithm is a KeyGen (PP, MSK, S) algorithm, wherein the preset KeyGen (PP, MSK, S) algorithm is executed. The steps specifically include:

Random selection of t-1 polynomial
So that for each j there is f j (0) = s j ;

For each i∈S∪U * , order

The user private key SK S =(AS i , i∈S∪U * ) is output.
The witch attack defense system of claim 8 wherein said signature algorithm is
Algorithm in which the preset is run
The steps of the algorithm specifically include:

Define a set of attributes for a k element

Define a default attribute set
Where |U'|=tk;

For i∈S * ∪U', the distribution from the standard deviation is σ
Select the m-dimensional vector y 1i , y 2i , define Y = (y 1i , y 2i ) t , and calculate u i = ζ AY = ζ · a · y 1i + y 2i mod 2q and
Where p=[2q/2 d ], 2q=p·2 d +2q mod 2 d ;

When i∈S'∪U', calculate z 1i =A((Δ 1 f 1 (i)c+y 1i ), when i∈S * \S', calculate z 1i =Ay 1i , when i∈ When S'∪U', z 2i = A((Δ 2 f 2 (i)c+y 2i ) is calculated, and when i∈S * \S', z 2i = Ay 2i is calculated;

The output probability is

Calculation

Output signature
The witch attack defense system according to claim 9, wherein said verification algorithm is
Algorithm in which the preset is run
The steps of the algorithm specifically include:

Enter the signature of the user μ
And define B such that A mod q=2B;

in case
Reject the signature;

in case
Reject the signature;

in case
Then accept the signature.