CN111211903B - Mobile group perception data report duplication removing method based on fog calculation and privacy protection - Google Patents

Mobile group perception data report duplication removing method based on fog calculation and privacy protection Download PDF

Info

Publication number
CN111211903B
CN111211903B CN201911211573.8A CN201911211573A CN111211903B CN 111211903 B CN111211903 B CN 111211903B CN 201911211573 A CN201911211573 A CN 201911211573A CN 111211903 B CN111211903 B CN 111211903B
Authority
CN
China
Prior art keywords
report
task
signature
data
mobile terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911211573.8A
Other languages
Chinese (zh)
Other versions
CN111211903A (en
Inventor
姜顺荣
张小闫
周勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
XCMG Hanyun Technologies Co Ltd
Original Assignee
China University of Mining and Technology CUMT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China University of Mining and Technology CUMT filed Critical China University of Mining and Technology CUMT
Priority to CN201911211573.8A priority Critical patent/CN111211903B/en
Publication of CN111211903A publication Critical patent/CN111211903A/en
Application granted granted Critical
Publication of CN111211903B publication Critical patent/CN111211903B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a mobile group perception data report duplication removing method based on fog calculation and privacy protection, which comprises the steps of firstly adopting encryption primitives to realize safe task allocation and ensuring the confidentiality of crowdsourcing reports; then, an MLE algorithm is improved to achieve mobile group perception data report deduplication capable of protecting privacy, meanwhile identities of contributors in the fog nodes are hidden, and repeated data counterfeiting attacks are effectively resisted. In addition, the invention also adopts an aggregation signature algorithm to realize efficient signature aggregation and verification, and fairly records the contribution of each participant under the condition of not checking the specific content of the mobile group perception data report; and finally, constructing an efficient retrieval method, and rewarding real contributors while detecting greedy participants. In practical application, the communication overhead is greatly reduced, but the communication efficiency is higher, and the privacy is greatly improved.

Description

Mobile group perception data report duplication removing method based on fog calculation and privacy protection
Technical Field
The invention relates to a safe and efficient mobile group perception data report duplication elimination technology, in particular to a mobile group perception data report duplication elimination method based on fog calculation and privacy protection.
Background
With the popularization of a large number of mobile terminal devices such as smart phones, vehicle-mounted electronic devices, wireless communication devices and wearable electronic devices, each mobile terminal can become an information acquisition node, intelligent terminals all over the world form a huge intelligent antenna, relevant data of users can be rapidly acquired, and the data collection and information sharing mode based on swarm intelligence is called mobile swarm awareness.
Mobile group awareness allows a large number of individuals to collectively perceive data and extract relevant information that the user needs using their mobile devices (e.g., smartphones, smart glasses, drones, cameras, and computers). It supports more and more sensing applications, from restaurant recommendations, effective recommendations for parking space discovery, etc., to environmental monitoring, such as air quality measurements, noise level measurements, and dam water discharge warnings. By means of group intelligence and user mobility, the quality of sensing data is improved, the scale of sensing application is expanded, and the cost of high-quality data collection is reduced. The success of mobile crowd sensing depends greatly on the participating mobile users, and the wider the participation range is, the more sensing data is collected, and the more accurate the information is collected. However, this may generate more duplicate data, thereby causing unnecessarily heavy communication overhead. Therefore, it is important to eliminate duplicate data to improve communication efficiency (i.e., deduplication). Unfortunately, sensed data is often protected and deduplication is challenging.
In addition, security and privacy issues for public devices are a serious challenge: the mobile sensor collects real-time data from the surrounding environment, which may contain some sensitive information. An attacker can extract a variety of personal information (such as location information, personal preferences, health status, political aspects, etc.) from the quorum-sensing system data reports. Therefore, the protection of personal privacy in the mobile group awareness system is an urgent problem to be solved.
In addition, data encryption is widely used to achieve data confidentiality in order to protect the privacy of mobile users, but it poses a significant obstacle to the detection of duplicate data by middleware. At present, domestic and foreign researchers have already carried out a lot of research on the aspects of data report deduplication and encryption of a group sensing system, and the deduplication of the data report is usually realized by adopting Message Lock Encryption (MLE), and the original data cannot be leaked while the contribution of mobile terminal equipment is recorded by adopting a signature aggregation scheme. In the data report deduplication stage, the fog node judges whether the two reports are the same or not by comparing the ciphertext tags, and only one data copy is reserved for the same data, so that the system communication overhead is reduced.
In MLE, however, the same plaintext always maps to the same ciphertext, and the plaintext is encrypted by a randomly selected key. Unfortunately, MLE is vulnerable to offline brute force attacks, in which an adversary can obtain crowd-sourced data by guessing the possible plaintext in an encrypted crowd-sourced data report, which is particularly the case in some special applications, such as air quality measurements. Therefore, we should improve MLE to ensure the security of data reporting. In addition, during the deduplication process of the mobile community-aware data report, the fog node can distinguish whether the two reports are the same by comparing the tag parts of the ciphertext, and only one copy is reserved for reducing the overhead. But if the equality of the mobile community-aware data reports can be detected in public places, an attacker (external attacker or lazy participant) can easily forge a duplicate data report, not only destroying their plan in the aggregate signature authentication phase, but even being rewarded without performing the task. To counteract this copy-forgery attack, we should implement privacy-preserving mobile community-aware data report deduplication. Furthermore, after ensuring security and privacy in the data report deduplication process (without exposing the specific identity of the mobile terminal user to the fog node), only one copy of the duplicate data reports is returned to the mobile community awareness server. A lazy participant may steal a honest participant or a greedy participant to ask for a rewarded mobile group awareness data report multiple times to claim itself as a contributor to a duplicate data report.
In summary, it is also a challenge to determine the true contributors to repeated mobile community awareness data reporting. In summary, it is important not only to achieve secure and privacy-preserving data report deduplication, but also to fairly record the contributions of each mobile terminal user without revealing crowd-sensing data.
Disclosure of Invention
The purpose of the invention is as follows: the invention aims to solve the defects in the prior art and provides a mobile group perception data report deduplication method based on fog calculation and privacy protection.
The technical scheme is as follows: the invention discloses a mobile group perception data report duplication eliminating method based on fog calculation and privacy protection, which comprises the steps that a user uses the method
Figure GDA0002443465540000021
Cloud service provider
Figure GDA0002443465540000022
Fog node
Figure GDA0002443465540000023
And mobile terminal equipment
Figure GDA0002443465540000024
The user
Figure GDA0002443465540000025
Creating and submitting tasks to cloud facilitators
Figure GDA0002443465540000026
The cloud service provider
Figure GDA0002443465540000027
For the user
Figure GDA0002443465540000028
Providing a mobile community awareness service; the fog node
Figure GDA0002443465540000029
Completing task distribution, data report deduplication and data uploading; the mobile terminal device
Figure GDA00024434655400000210
The data acquisition, processing and communication are completed;
the method specifically comprises the following steps:
(1) initializing a system;
(2) distributing tasks;
(3) collecting data;
(4) data report deduplication;
(5) data report acknowledgement;
(6) decrypting the data report;
(7) reward and revocation;
wherein, the detailed process of the system initialization in step (1) is as follows:
(1.1) inputting common parameters
Figure GDA0002443465540000031
Wherein
Figure GDA0002443465540000032
A multiplication loop group of prime order p, formed by elements
Figure GDA0002443465540000033
Generating;
Figure GDA0002443465540000034
is a multiplicative cyclic group of prime order q, so there is a pairing
Figure GDA0002443465540000035
H1Is a hash function
Figure GDA0002443465540000036
H2Is a hash function
Figure GDA0002443465540000037
H3Is a hash function
Figure GDA0002443465540000038
(1.2) cloud facilitator
Figure GDA0002443465540000039
Selecting random numbers
Figure GDA00024434655400000310
As a key
Figure GDA00024434655400000311
And generates a corresponding public key
Figure GDA00024434655400000312
(1.3) for each registered mobile terminal device
Figure GDA00024434655400000313
For which a private key for ECC-160 encryption/decryption is calculated
Figure GDA00024434655400000314
And public key
Figure GDA00024434655400000315
And cloud service provider
Figure GDA00024434655400000316
Calculate its signature key
Figure GDA00024434655400000317
Wherein
Figure GDA00024434655400000318
For mobile terminal equipment
Figure GDA00024434655400000319
The identity of (2);
(1.4) for each fog node
Figure GDA00024434655400000320
Calculating private keys for ECDSA (elliptic Curve digital signature Algorithm) signature and verification operations, respectively
Figure GDA00024434655400000321
And public key
Figure GDA00024434655400000322
Further, the step (2) of task allocation specifically comprises the following steps:
(2.1) when the user is
Figure GDA00024434655400000323
When it is desired to initiate a task based on location loc for location loc,
Figure GDA00024434655400000324
selecting a random number
Figure GDA00024434655400000325
And calculates a temporary public key
Figure GDA00024434655400000326
Then, the user can use the device to perform the operation,
Figure GDA00024434655400000327
through secure channel to cloud facilitator
Figure GDA00024434655400000328
Sending a task request, namely:
Figure GDA00024434655400000329
where loc is the location of the task, TeThe validity period of the task, T the task,
Figure GDA0002443465540000041
is a temporary public key;
(2.2) cloud facilitator
Figure GDA0002443465540000042
After the task request is received, the task request is sent to the server,
Figure GDA0002443465540000043
selecting
Figure GDA0002443465540000044
As a unique identifier for task T and selects a set of fog nodes based on location loc
Figure GDA0002443465540000045
Then, the cloud service provider
Figure GDA0002443465540000046
Tasking over secure channels
Figure GDA00024434655400000442
Is pushed to each selected
Figure GDA0002443465540000047
(2.3) acting as a fog node
Figure GDA0002443465540000048
Receiving cloud service provider
Figure GDA0002443465540000049
Task of sending
Figure GDA00024434655400000410
After that time, the user can use the device,
Figure GDA00024434655400000411
selecting a series of mobile terminal equipment according to the requirement of task T
Figure GDA00024434655400000412
Then the
Figure GDA00024434655400000413
For each one
Figure GDA00024434655400000414
Selecting a random number
Figure GDA00024434655400000415
Figure GDA00024434655400000416
And calculates a temporary public key
Figure GDA00024434655400000417
Then, the process of the present invention is carried out,
Figure GDA00024434655400000418
calculating KiAnd
Figure GDA00024434655400000419
wherein the content of the first and second substances,
Figure GDA00024434655400000420
for the purpose of the ECC-160 encryption operation,
Figure GDA00024434655400000421
signing an algorithm for ECDSA;
Figure GDA00024434655400000422
Figure GDA00024434655400000423
(2.4) mist node
Figure GDA00024434655400000424
Sending
Figure GDA00024434655400000425
To mobile terminal equipment
Figure GDA00024434655400000426
Is a fog node
Figure GDA00024434655400000427
Signature for task T.
In the step ofTemporary public key
Figure GDA00024434655400000428
And
Figure GDA00024434655400000429
to further achieve privacy protection, i.e. to generate one session key at a time, enabling the mobile terminal device
Figure GDA00024434655400000430
It is not known which initiator initiated the task.
Further, the data acquisition in the step (3) specifically comprises the following steps:
(3.1) Mobile terminal device
Figure GDA00024434655400000431
Receive fog node
Figure GDA00024434655400000432
Task request message of
Figure GDA00024434655400000433
After that, the air conditioner is started to work,
Figure GDA00024434655400000434
authentication
Figure GDA00024434655400000435
Validity of the signature;
Figure GDA00024434655400000436
Figure GDA00024434655400000437
Tethe validity period of the task, T the task,
Figure GDA00024434655400000438
in order to be the temporary public key,
Figure GDA00024434655400000439
is a temporary public key;
(3.2) after passing the verification, the mobile terminal equipment
Figure GDA00024434655400000440
Computing
Figure GDA00024434655400000441
Thereby obtaining task T and temporary public key
Figure GDA0002443465540000051
Wherein the content of the first and second substances,
Figure GDA0002443465540000052
decrypt operations for ECC-160;
(3.3) then, the mobile terminal device
Figure GDA0002443465540000053
Collecting data according to task T and generating mobile group perception data report Pi
(3.4) as protection Pi
Figure GDA0002443465540000054
Selecting random numbers
Figure GDA0002443465540000055
Then, calculating:
Figure GDA0002443465540000056
wherein Enc is AES-128 encryption operation;
Figure GDA0002443465540000057
Liand
Figure GDA0002443465540000058
are all temporary variables, i.e.:
Figure GDA0002443465540000059
in order to calculate the material for the purposes of de-weighting,
Figure GDA00024434655400000510
in order to calculate the hash value from the report,
Figure GDA00024434655400000511
is based on
Figure GDA00024434655400000512
Calculated hash value, LiIn order to report the encryption key(s),
Figure GDA00024434655400000513
in order to report the encrypted ciphertext,
Figure GDA00024434655400000514
computing material for the deduplication hiding portion and
Figure GDA00024434655400000515
andvicalculating to obtain;
(3.5) to ensure the integrity and authenticity of the report,
Figure GDA00024434655400000516
random selection
Figure GDA00024434655400000517
And calculating:
Figure GDA00024434655400000518
wherein the content of the first and second substances,
Figure GDA00024434655400000519
in order to be a part of the signature,
Figure GDA00024434655400000520
the intermediate part is calculated for the signature,
Figure GDA00024434655400000521
being a signature part, epsiloniIn order to be a signature,
Figure GDA00024434655400000522
hiding a portion for a signature identity;
(3.6) finally, the mobile terminal device
Figure GDA00024434655400000523
To fog node
Figure GDA00024434655400000524
The following information is sent:
Figure GDA00024434655400000525
in the step (3.1), the step (c),
Figure GDA00024434655400000526
authentication
Figure GDA00024434655400000527
Verification of the signature using ECDSA, i.e. calculation, for validity of the signature
Figure GDA0002443465540000061
If the verification is true, if the signature passes the verification immediately, the method is
Figure GDA0002443465540000062
A legitimate message to send. Wherein
Figure GDA0002443465540000063
Is the signature algorithm/verification algorithm of the ECDSA signature algorithm.
The steps are realized by abandoning the transmission of t in the prior art in an ECC encryption modeiIndirectly reveal the corresponding relation between the replied report and the identity of the reporter, and adopt the generation of temporary ti. At the same time
Figure GDA0002443465540000064
And LiIs generated such that subsequent users
Figure GDA0002443465540000065
Not only can decrypt, but also can solve the problems in the prior art
Figure GDA0002443465540000066
Is aware of
Figure GDA0002443465540000067
The identity of (according to the ECC public key). Meanwhile, the signature in step (3.5) can hide the identity of the reporter, that is, the hash value corresponding to the identity of the reporter, which is a fixed value in the comparison scheme, and the identity of the reporter can be tracked according to the hash value calculated according to the identity of the reporter (which implies that the identity of the reporter and the corresponding report message are already known by the fogger node).
Further, the data report deduplication in the step (4) specifically comprises the following steps:
(4.1) mist node
Figure GDA0002443465540000068
From different mobile terminal devices
Figure GDA0002443465540000069
Receiving a Mobile group awareness report PiThen, therein is provided with PiThere are n reports in the set of n,
Figure GDA00024434655400000610
performing data report deduplication and signature aggregation operations: first, for each
Figure GDA00024434655400000611
Computing
Figure GDA00024434655400000612
Then, the user can use the device to perform the operation,
Figure GDA00024434655400000613
according to
Figure GDA00024434655400000614
To detect duplicate data reports Q;
that is, since the step (3.4) describes
Figure GDA00024434655400000626
And is
Figure GDA00024434655400000615
Then pass through
Figure GDA00024434655400000616
Can be calculated to obtain
Figure GDA00024434655400000617
Thereby t can be recoveredi
(4.2) to record the contribution of duplicate reports, fog nodes
Figure GDA00024434655400000618
The corresponding signatures are subjected to the following aggregation operations:
Figure GDA00024434655400000619
(4.3) mist node
Figure GDA00024434655400000620
Randomly selecting one of the duplicate reports
Figure GDA00024434655400000621
And to cloud service provider
Figure GDA00024434655400000622
The following information is sent:
Figure GDA00024434655400000623
wherein the content of the first and second substances,
Figure GDA00024434655400000624
e is a bilinear operation, and e is a bilinear operation,
Figure GDA00024434655400000625
is a random specific element in Q and j is the remaining (n-Q) non-repeating elements in a set of reports.
Further, the data report confirmation in step (5) specifically includes the following steps:
(5.1) as a cloud facilitator
Figure GDA0002443465540000071
Received fog node
Figure GDA0002443465540000072
After the transmitted aggregation report, report signature confirmation is performed by judging whether the following equation stands:
Figure GDA0002443465540000073
the valid verification of the signature is described as follows:
Figure GDA0002443465540000074
(5.2) for other signatures 1 ≦ j ≦ n,
Figure GDA0002443465540000075
cloud service provider
Figure GDA0002443465540000076
Report signature validation is performed by determining whether the following equation holds:
Figure GDA0002443465540000077
wherein Q is a set of duplicate reports;
the valid verification of the signature is illustrated below:
Figure GDA0002443465540000078
(5.3) after the signature verification is passed,
Figure GDA0002443465540000079
forwarding valid reports to
Figure GDA00024434655400000710
As follows:
Figure GDA00024434655400000711
further, the data report decryption in step (6) specifically comprises the following steps:
(6.1) when the user receives the crowd sensing data report, calculating the following formula:
Figure GDA0002443465540000081
(6.2) then, the step of,
Figure GDA0002443465540000082
checking equation
Figure GDA0002443465540000083
If true, discard quorum-sensing data report P if the equality is not truei', if the equation holds true, the retained population perception data report Pi'。
In order to solve the problem of how to distribute rewards and solve the problem of greedy contributors (reporting multiple rewards for obtaining multiple rewards and reporting multiple rewards for once) while distributing rewards under privacy and deduplication conditions, the specific steps of rewarding and revoking in the step (7) are as follows:
(7.1) inIn the task allocation process, cloud service providers
Figure GDA0002443465540000084
Selecting a random number
Figure GDA0002443465540000085
And calculate
Figure GDA0002443465540000086
Then, the user can use the device to perform the operation,
Figure GDA0002443465540000087
tasking over secure channels
Figure GDA0002443465540000088
Forward to each selected fog node
Figure GDA0002443465540000089
Finally, the process is carried out in a batch,
Figure GDA00024434655400000810
calculating KiAnd to the mobile terminal device
Figure GDA00024434655400000811
Sending
Figure GDA00024434655400000812
Figure GDA00024434655400000813
Wherein the content of the first and second substances,
Figure GDA00024434655400000814
by
Figure GDA00024434655400000815
Computing
Figure GDA00024434655400000816
Obtaining;
(7.2) during the data collection process,
Figure GDA00024434655400000817
computing
Figure GDA00024434655400000818
And
Figure GDA00024434655400000819
finally, the process is carried out in a batch,
Figure GDA00024434655400000820
the following information is sent:
Figure GDA00024434655400000821
(7.3) in the report deduplication process,
Figure GDA00024434655400000822
will be selected
Figure GDA00024434655400000823
And
Figure GDA00024434655400000824
is returned to
Figure GDA00024434655400000825
(7.4) in the report validation process,
Figure GDA00024434655400000826
computing
Figure GDA00024434655400000827
And
Figure GDA00024434655400000828
where Dec is the AES-128 decryption operation;
Figure GDA00024434655400000829
after passing report verification, pass check
Figure GDA00024434655400000830
Whether it holds to recover each contributor; and can recover the failed authentication of the internal attacker.
Has the advantages that: compared with the prior art, the invention has the following advantages:
(1) in order to reduce communication burden, an improved MLE algorithm is adopted, privacy protection in the data report deduplication process is achieved, and data forgery attacks are resisted. In particular, the label part of the ciphertext is hidden in the communication process, and the fog node does not check specific report contents while checking the uniqueness of the perception report, namely: allowing the fog node to check whether the crowd-sensing data reports are the same without knowing the detailed crowd-sensing data.
(2) In order to realize the record of contribution to the mobile terminal equipment in the report deduplication process, an improved identity-based multi-signature scheme is adopted to support signature aggregation, and anonymous signature aggregation operation is supported. Therefore, the efficient and safe aggregation confirmation function can be realized, and the mobile terminal equipment contributing to the group perception report can be recorded.
(3) To record the true contributors when detecting lazy or greedy participants, the present invention constructs an efficient method through cryptographic primitives to ensure that each contributor can only receive a corresponding reward once.
In summary, the present invention utilizes fog computing for mobile population awareness, supporting precise task allocation and secure deduplication, which is a new architecture providing data computation, storage, processing and networking services (including location awareness, geographical distribution and low latency) that approximate terminal devices. With the aid of fog computing, many dispersed mobile devices can communicate and cooperate with other mobile devices in an ad-hoc manner via fog nodes located at the edge of the internet
Drawings
FIG. 1 is a system block diagram of an embodiment;
FIG. 2 is a schematic diagram of an example data report deduplication process;
FIG. 3 is a schematic diagram illustrating comparison of communication overhead under different schemes according to the embodiment, wherein FIG. 3(a) and FIG. 3(b) are
Figure GDA0002443465540000091
The communication overhead of the mobile group perception data with different sizes is shown schematically in FIG. 3(c) and FIG. 3(d)
Figure GDA0002443465540000092
Communication overhead diagrams of mobile group awareness data of different sizes;
FIG. 4 is a schematic diagram illustrating comparison of computation costs at different stages of different schemes according to an embodiment, wherein FIG. 4(a) and FIG. 4(b) are schematic diagrams illustrating computation costs at different stages at different repetition rates;
fig. 5 is an average delay graph of a mobile group perception task in an embodiment, wherein fig. 5(a) and fig. 5(b) are average delay graphs of different numbers of mobile terminal devices at different repetition rates.
Detailed Description
The technical solution of the present invention is described in detail below, but the scope of the present invention is not limited to the embodiments.
As shown in fig. 1, the Mobile group awareness data report deduplication method based on Fog calculation and privacy protection of the present invention is a Mobile group awareness system based on Fog calculation, and the Mobile group awareness system includes a user (Customer), a cloud Service provider (Service cloud), a Fog node (Fog node), and a Mobile Terminal Device (Mobile Terminal Device), which are abbreviated as user, cloud Service provider (Service cloud), and Mobile Terminal Device (Fog node), respectively
Figure GDA0002443465540000101
Wherein the user
Figure GDA0002443465540000102
Can be individual users or user organizations, the users in the system
Figure GDA0002443465540000103
Creating a task specifying location loc and submitting the task to a cloud facilitator
Figure GDA0002443465540000104
Cloud service provider
Figure GDA0002443465540000105
For the user
Figure GDA0002443465540000106
Providing a community aware service.
First, the cloud facilitator
Figure GDA0002443465540000107
Selecting corresponding fog nodes according to position information required by task T
Figure GDA0002443465540000108
And distribute the tasks. Then, via the fog node
Figure GDA0002443465540000109
transport/Forwarding tasks, cloud facilitators
Figure GDA00024434655400001010
And collecting, evaluating and processing data uploaded by the mobile terminal equipment. Meanwhile, cloud service provider
Figure GDA00024434655400001011
For contributing mobile terminal equipment
Figure GDA00024434655400001012
A corresponding reward is provided. Fog node
Figure GDA00024434655400001013
Deployed at the network boundary. As a cloud service provider
Figure GDA00024434655400001014
And mobile terminal device
Figure GDA00024434655400001015
The medium between them is connected by wire or wireless. Fog node
Figure GDA00024434655400001016
Distributing tasks to mobile terminal devices according to task requirements
Figure GDA00024434655400001017
Finishing the duplication elimination work of the group perception data report and uploading the duplicated data to the cloud service provider
Figure GDA00024434655400001018
Mobile terminal device
Figure GDA00024434655400001019
The system is responsible for completing the task of fog node distribution and data acquisition, processing and communication. In addition, mobile terminal device
Figure GDA00024434655400001020
By going to cloud facilitator
Figure GDA00024434655400001021
The data is contributed to report to obtain a corresponding reward.
Notation and formula convention:
is provided with
Figure GDA00024434655400001022
A multiplication loop group of prime order p, formed by elements
Figure GDA00024434655400001023
Generating;
Figure GDA00024434655400001024
is another multiplication cycle group of prime order p, so that there is pairing
Figure GDA00024434655400001025
Has the following characteristics:
bilinear: for arbitrary
Figure GDA00024434655400001026
With e (P)a,Qb)=e(P,Q)ab
Non-degenerate: e (g, g) ≠ 1;
calculability: for arbitrary
Figure GDA00024434655400001027
e (P, Q) is sufficiently calculable.
The mobile group perception data report deduplication method based on fog calculation and privacy protection comprises the following specific steps:
1. initializing a system: inputting common parameters
Figure GDA00024434655400001028
Wherein
Figure GDA00024434655400001029
A multiplication loop group of prime order p, formed by elements
Figure GDA00024434655400001030
Generating;
Figure GDA00024434655400001031
is another multiplicative cyclic group of prime order q, so there is pairing
Figure GDA0002443465540000111
H1Is a hash function
Figure GDA0002443465540000112
H2Is a hash function
Figure GDA0002443465540000113
H3Is a hash function
Figure GDA0002443465540000114
Cloud serviceBusiness support
Figure GDA0002443465540000115
Selecting random numbers
Figure GDA0002443465540000116
As a key
Figure GDA0002443465540000117
And generates a corresponding public key
Figure GDA0002443465540000118
For each registered mobile terminal device
Figure GDA0002443465540000119
For which a private key for ECC-160 encryption/decryption is calculated
Figure GDA00024434655400001110
And public key
Figure GDA00024434655400001111
Further, cloud service provider
Figure GDA00024434655400001112
Calculate its signature key
Figure GDA00024434655400001113
Wherein
Figure GDA00024434655400001114
For mobile terminal equipment
Figure GDA00024434655400001115
The identity of (2); for each fog node
Figure GDA00024434655400001116
Calculating private keys for ECDSA (elliptic Curve digital signature Algorithm) signature and verification operations, respectively
Figure GDA00024434655400001117
And public key
Figure GDA00024434655400001118
2. And (3) task allocation: when the user is
Figure GDA00024434655400001119
When it is desired to initiate a location-based task for location loc, a random number is selected
Figure GDA00024434655400001120
And calculates a temporary public key
Figure GDA00024434655400001121
Finally, it sends the following messages to the cloud facilitator through the secure channel
Figure GDA00024434655400001122
Figure GDA00024434655400001123
Where loc is the location of the task, TeThe validity period of the task T, T is the task,
Figure GDA00024434655400001124
is a temporary public key;
after receiving the task request, the cloud service provider
Figure GDA00024434655400001125
Selecting
Figure GDA00024434655400001126
As a unique identifier for task T and selects a set of fog nodes based on loc
Figure GDA00024434655400001127
Then, the user can use the device to perform the operation,
Figure GDA00024434655400001128
tasking over secure channels
Figure GDA00024434655400001129
Forward to each selected
Figure GDA00024434655400001130
Node when fog
Figure GDA00024434655400001131
Receiving cloud service provider
Figure GDA00024434655400001132
Task of sending
Figure GDA00024434655400001133
Then, a series of mobile terminal devices are selected according to the requirements of the task T
Figure GDA00024434655400001134
Then the
Figure GDA00024434655400001135
For each one
Figure GDA00024434655400001136
Selecting a random number
Figure GDA00024434655400001137
And calculate
Figure GDA00024434655400001138
Then calculate
Figure GDA00024434655400001139
Calculating KiAnd
Figure GDA00024434655400001140
wherein the content of the first and second substances,
Figure GDA00024434655400001141
for ECC-160 encryptionIn the operation of the method, the operation,
Figure GDA00024434655400001142
signing an algorithm for ECDSA;
Figure GDA00024434655400001143
Figure GDA00024434655400001144
finally, the fog node
Figure GDA0002443465540000121
Sending
Figure GDA0002443465540000122
To mobile terminal equipment
Figure GDA0002443465540000123
Wherein
Figure GDA0002443465540000124
Is a fog node
Figure GDA0002443465540000125
Signature for task T.
3. Data acquisition:
mobile terminal device
Figure GDA0002443465540000126
Receiving a task request message
Figure GDA0002443465540000127
After that, the air conditioner is started to work,
Figure GDA0002443465540000128
the following operations will be performed:
Figure GDA0002443465540000129
Figure GDA00024434655400001210
Tethe validity period of the task, T the task,
Figure GDA00024434655400001211
in order to be the temporary public key,
Figure GDA00024434655400001212
is a temporary public key;
·
Figure GDA00024434655400001213
authentication
Figure GDA00024434655400001214
Validity of the signature;
after the verification is passed, the verification is carried out,
Figure GDA00024434655400001215
computing
Figure GDA00024434655400001216
Get task T and
Figure GDA00024434655400001217
wherein the content of the first and second substances,
Figure GDA00024434655400001218
decrypt operations for ECC-160;
then, the system is started and stopped,
Figure GDA00024434655400001219
begin collecting data from T and generating a quorum-sensing data report Pi. To protect Pi
Figure GDA00024434655400001220
Random selection
Figure GDA00024434655400001221
Then theComputing
Figure GDA00024434655400001222
Wherein Enc is AES-128 encryption operation;
Figure GDA00024434655400001223
Liand
Figure GDA00024434655400001224
are all temporary variables;
Figure GDA00024434655400001225
and
Figure GDA00024434655400001226
is a report component;
to ensure the integrity and authenticity of the report,
Figure GDA00024434655400001227
random selection of wi
Figure GDA00024434655400001228
And calculating:
Figure GDA0002443465540000131
wherein the content of the first and second substances,
Figure GDA0002443465540000132
in order to be a part of the signature,
Figure GDA0002443465540000133
the intermediate part is calculated for the signature,
Figure GDA0002443465540000134
being a signature part, epsiloniIn order to be a signature,
Figure GDA0002443465540000135
hiding a portion for a signature identity;
finally, the mobile terminal
Figure GDA0002443465540000136
To fog node
Figure GDA0002443465540000137
The following information is sent:
Figure GDA0002443465540000138
4. data report deduplication, as shown in fig. 2:
node when fog
Figure GDA0002443465540000139
From different mobile terminal devices
Figure GDA00024434655400001310
Upon receiving a mobile community-aware report (assuming n reports), data deduplication and signature aggregation operations will be performed:
·
Figure GDA00024434655400001311
will calculate
Figure GDA00024434655400001312
Then, the user can use the device to perform the operation,
Figure GDA00024434655400001313
according to
Figure GDA00024434655400001314
To detect duplicate data Q;
wherein the content of the first and second substances,
Figure GDA00024434655400001315
and is
Figure GDA00024434655400001316
Then
Figure GDA00024434655400001317
In order to record the contribution of duplicate reports,
Figure GDA00024434655400001318
the aggregation of the corresponding signatures is as follows:
Figure GDA00024434655400001319
finally, the process is carried out in a batch,
Figure GDA00024434655400001320
randomly selecting a copy from the duplicate record set Q
Figure GDA00024434655400001321
And sends the following messages to
Figure GDA00024434655400001322
Figure GDA00024434655400001323
Wherein the content of the first and second substances,
Figure GDA00024434655400001324
e is a bilinear operation, and e is a bilinear operation,
Figure GDA00024434655400001325
is a random specific element in Q and j is the remaining (n-Q) non-repeating elements in a set of reports.
5. Report confirmation:
cloud service provider
Figure GDA00024434655400001326
After receiving the aggregation report, check if the following equation is satisfiedFor report signature validation:
Figure GDA0002443465540000141
for other signatures
Figure GDA0002443465540000142
Cloud service provider
Figure GDA0002443465540000143
Determining whether the following equation holds for report signature validation:
Figure GDA0002443465540000144
after signature verification, cloud service provider
Figure GDA0002443465540000145
Forwarding valid reports to a user
Figure GDA0002443465540000146
As follows:
Figure GDA0002443465540000147
6. report decryption:
when the user is
Figure GDA0002443465540000148
When a group perception report is obtained, the following formula is calculated:
Figure GDA0002443465540000149
then checking
Figure GDA00024434655400001410
Whether or not this is true. If it is notIf the equality is not satisfied, discarding the quorum-sensing data report Pi', if the equation holds true, the retained population perception data report Pi'。
7. Reward and revocation:
to distribute rewards and revoke internal attackers during mobile community-aware data report deduplication operations, we improve our scheme at each stage by the following additional operations:
during task assignment, cloud facilitator
Figure GDA00024434655400001411
Selecting a random number
Figure GDA00024434655400001412
And calculate
Figure GDA00024434655400001413
Then, the user can use the device to perform the operation,
Figure GDA00024434655400001414
tasking over secure channels
Figure GDA00024434655400001415
Forward to each selected fog node
Figure GDA00024434655400001416
Finally, the process is carried out in a batch,
Figure GDA00024434655400001417
calculating KiAnd to the mobile terminal device
Figure GDA00024434655400001418
Sending
Figure GDA00024434655400001419
Figure GDA00024434655400001420
During the course of the data collection, it is,
Figure GDA00024434655400001421
computing
Figure GDA00024434655400001422
And
Figure GDA00024434655400001423
finally, the process is carried out in a batch,
Figure GDA00024434655400001424
the following information is sent:
Figure GDA0002443465540000151
in the process of report deduplication,
Figure GDA0002443465540000152
will be selected
Figure GDA0002443465540000153
And
Figure GDA0002443465540000154
is returned to
Figure GDA0002443465540000155
In the course of the verification of the report,
Figure GDA0002443465540000156
computing
Figure GDA0002443465540000157
And
Figure GDA0002443465540000158
where Dec is the AES-128 decryption operation; therefore, the temperature of the molten metal is controlled,
Figure GDA0002443465540000159
after passing report verification, pass check
Figure GDA00024434655400001510
Whether or not it holds to recover each contributor, and in addition, it can recover the failed verification of internal attackers.
Example (b):
in the implementation process, the performance of the security policy is quantified through two aspects of calculation overhead and communication overhead. Wherein, Tmul、Texp、Tpar、TmulRespectively represent to
Figure GDA00024434655400001511
Time of dot product operation, for
Figure GDA00024434655400001512
Time for performing exponentiation operation
Figure GDA00024434655400001513
Time for performing exponentiation operation
Figure GDA00024434655400001514
Time to perform dot product operation. In addition, TaesAnd TeccRespectively represent to
Figure GDA00024434655400001515
Time to perform AES-128 encryption/decryption operations and
Figure GDA00024434655400001516
the time to perform ECC-160 encryption/decryption operations. Here, the time taken for the Hash operation is ignored.
In addition, for the evaluation of the communication overhead, a parameter S is usedaes、Secc
Figure GDA00024434655400001517
Respectively representing the cipher text length encrypted by AES-128, the cipher text length encrypted by ECC-160, and H2Is longDegree, H3The length of (A) and (B),
Figure GDA00024434655400001518
The length of (A) and (B),
Figure GDA00024434655400001519
Length of (d).
In this example, the specific performance analysis is as follows:
and (3) task allocation: fog node
Figure GDA00024434655400001520
Encryption
Figure GDA00024434655400001521
The elapsed time is Tecc. After that time, the user can use the device,
Figure GDA00024434655400001522
for each selected mobile terminal device
Figure GDA00024434655400001523
Sending
Figure GDA00024434655400001524
The corresponding communication overhead is about
Figure GDA00024434655400001525
Thus, for n selected mobile terminal devices, the corresponding computation and communication costs are nTecc+TexpAnd
Figure GDA00024434655400001526
data acquisition: mobile terminal device
Figure GDA00024434655400001527
First of all, calculate
Figure GDA00024434655400001528
To obtain
Figure GDA00024434655400001529
The elapsed time is Tecc. After the data collection is completed, it should perform data encryption and signature operations, which takes a time of (7T)exp+Taes+Tmul). Finally, the process is carried out in a batch,
Figure GDA0002443465540000161
sending a report to a fog node
Figure GDA0002443465540000162
The corresponding communication overhead is about
Figure GDA0002443465540000163
Thus, the total computational overhead is about (7T)exp+Tecc+Taes+Tmul) And the communication overhead is about
Figure GDA0002443465540000164
Data report deduplication: suppose sending to a fog node
Figure GDA0002443465540000165
The number of reports of (2) is n, and the number of copied reports is Q. When in use
Figure GDA0002443465540000166
After receiving the data report, it should be calculated
Figure GDA0002443465540000167
This requires a time consumption of nTexp. Then, a signature aggregation operation is performed on the copied data, taking a time of 3(Q-1) Tmul+Tpar. Finally, the fog node
Figure GDA0002443465540000168
Forwarding the messages to a cloud facilitator
Figure GDA0002443465540000169
The corresponding communication overhead is about
Figure GDA00024434655400001610
The total computation and communication overhead is nTexp+3(Q-1)Tmul+TparAnd
Figure GDA00024434655400001611
data report confirmation: after receiving the report information, the cloud service provider executes signature confirmation operation, and the data report deduplication cost is (n-Q) (2T)par+Texp+Tmul) The aggregate signature overhead is (2T)par+Texp+Tmul) Is forwarded to
Figure GDA00024434655400001612
Has a mail size of about
Figure GDA00024434655400001613
The total computational overhead is (n-Q +1) (2T)par+Texp+Tmul) The total communication overhead is
Figure GDA00024434655400001614
Data report decryption: to obtain the report content, the user
Figure GDA00024434655400001615
The received message should be decrypted with a corresponding computational overhead of about ((n-Q +1) (T)exp+Taes)。
Reward and revocation: to distribute the reward and to revoke an internal attacker,
Figure GDA00024434655400001616
will be provided with
Figure GDA00024434655400001617
Is sent to
Figure GDA00024434655400001618
The corresponding communication overhead is about nSaes. Then, the user can use the device to perform the operation,
Figure GDA00024434655400001619
should check its validity, the overhead is about n (2T)exp+Taes)。
In the implementation process, the PBC library is adopted, the type A parameters are adopted, and the safety is equivalent to that of 1024-bit discrete logarithm. Therefore, the temperature of the molten metal is controlled,
Figure GDA00024434655400001620
size 512 bits, size q 160 bits, size T1280 bits, and crowdsourcing data PiRespectively, are 1028 bits/2048 bits. The experimental code was run on a PC configured as follows: 2.90 GHz Intel (R) core (TM) i9-8950HK CPU, 8GB memory, Ubuntu 18.04.
Based on the comparison between the scheme of Ni (task assignment and data deduplication scheme for providing security for mobile crowd sensing published by Ni et al) and the scheme of w/o (existing no-data deduplication scheme), FIGS. 3(a) and 3(b) show mobile crowd sensing data (P) of different sizesi1024 and Pi2048) corresponding communication overhead. As shown in fig. 3(a), for these three schemes,
Figure GDA0002443465540000171
the size of the communication overhead between them increases linearly with the number of mobile terminal devices in the report. In addition, comparing fig. 3(a) and fig. 3(b), the size of the mobile community awareness data report also affects the communication overhead. FIGS. 3(c) and 3(d) show
Figure GDA0002443465540000172
With different sizes of mobile community aware data. Obviously, when more data reports or larger-scale mobile group perception data are submitted to the fog nodes, the communication overhead of the scheme of the invention is far lower than that of the other two schemes.
Fig. 4(a) and 4(b) show simulation results (e.g., repetition rate (Q/n is 20%, Q/n is 40%) and length of moving population perception data (P) under different parameter settingsi=1024,Pi2048)), wherein T-A, D-C, R-D, R-V, R-DC respectively corresponds to five stages of task distribution, data collection, data report deduplication, report verification and report decryption. In the implementation process, the calculation overhead is mainly composed of pairs
Figure GDA0002443465540000173
And
Figure GDA0002443465540000174
operation (e.g. T)exp,TmulAnd Tpar) And (4) causing.
Comparing fig. 4(a) and fig. 4(b) shows that: the invention consumes less computational cost and the advantages of the scheme of the invention are more obvious with the increase of the repetition rate. This is because the total computational overhead of the present invention decreases as Q/n increases, whereas the reduction in computational overhead in the Ni et al scheme only occurs in the R-DC stage. Since the foggy node should first verify each signature in each report, the repetition rate only affects the overhead of the R-DC stage. Obviously, the present invention greatly reduces the computational overhead of the fog node (R-D stage). In addition, in the scheme of the invention, the corresponding calculation overhead of R-V is reduced along with the increase of Q/n.
As shown in fig. 5(a), for the three schemes, the larger the number of mobile terminal devices in the mobile community awareness data report, the more the average task delay increases almost linearly. Compared with the other two schemes, the invention has better time delay efficiency and increased speed. In addition, comparing fig. 5(a) and 5(b), the average task delay decreases as the replication rate increases. The invention has higher efficiency and greatly reduces the calculation overhead of the user side.

Claims (1)

1. A mobile group perception data report deduplication method based on fog calculation and privacy protection is characterized in that: including user CiCloud service provider SC and fog node FiAnd a mobile terminal device Vi(ii) a The user CiCreating a task and submitting the task to a cloud service provider SC; the cloud service provider SC is a user CiProviding a mobile groupA somatosensory service; the fog node FiCompleting task distribution, data report deduplication and data uploading; the mobile terminal equipment ViThe data acquisition, processing and communication are completed;
the method specifically comprises the following steps:
(1) initializing a system;
(2) distributing tasks;
(3) collecting data;
(4) data report deduplication;
(5) data report acknowledgement;
(6) decrypting the data report;
(7) reward and revocation;
wherein, the detailed process of the system initialization in step (1) is as follows:
(1.1) inputting a common parameter (G)1,GT,e,g,q,H1(·),H2(·),H3(. o)) in which G1A multiplication loop group of prime order p, formed by element G ∈ G1Generating; gTIs a multiplicative cyclic group of prime order q, so that there is a pairing e G1×G1→GT;H1Is a hash function H1:{0,1}*→G1,H2Is a hash function H2:
Figure FDA0002968943410000011
H3Is a hash function H3:G1→{0,1}*
(1.2) cloud facilitator SCs selects random numbers
Figure FDA0002968943410000012
As a key SKSCsAnd generates a corresponding public key PKSCs=gs
(1.3) for each registered Mobile terminal device ViFor which the SC computes a private key for ECC-160 encryption/decryption
Figure FDA0002968943410000013
And public key
Figure FDA0002968943410000014
And the cloud service provider SC calculates the signature key thereof
Figure FDA0002968943410000015
Wherein
Figure FDA0002968943410000016
For a mobile terminal device ViThe identity of (2);
(1.4) for each fog node FiThe SC calculates the private keys of the ECDSA signature and verification operation respectively
Figure FDA0002968943410000021
And public key
Figure FDA0002968943410000022
The task allocation in the step (2) comprises the following specific steps:
(2.1) when user CiWhen it is desired to initiate a task based on location loc for location loc, CiSelecting a random number
Figure FDA0002968943410000023
And calculates a temporary public key
Figure FDA0002968943410000024
Then, CiSending a task request to the cloud service provider SC through a secure channel, namely:
Figure FDA0002968943410000025
where loc is the location of the task, TeThe validity period of the task, T the task,
Figure FDA0002968943410000026
is a temporary public key;
(2.2) after the cloud service provider SC receives the task request, the SC selects
Figure FDA0002968943410000027
As a unique identifier for task T and selects a set of fog nodes F based on location loci(ii) a Then, the cloud service provider SC sends the task through a secure channel
Figure FDA0002968943410000028
Push to each selected Fi
(2.3) when the fog node FiReceiving tasks sent by cloud service provider SC
Figure FDA0002968943410000029
Then, FiSelecting a series of mobile terminal equipment V according to the requirements of the task TiThen FiFor each ViSelecting a random number
Figure FDA00029689434100000210
Figure FDA00029689434100000211
And calculates a temporary public key
Figure FDA00029689434100000212
Then, FiCalculating KiAnd
Figure FDA00029689434100000213
wherein, ENC is ECC-160 encryption operation, SIG is ECDSA signature algorithm;
Figure FDA00029689434100000214
Figure FDA00029689434100000215
(2.4) fog node FiSending
Figure FDA00029689434100000216
To the mobile terminal equipment ViWherein
Figure FDA00029689434100000217
Is a fog node FiA signature for task T;
the data acquisition in the step (3) comprises the following specific steps:
(3.1) Mobile terminal device ViReceive fog node FiTask request message of
Figure FDA00029689434100000218
Rear, ViAuthentication
Figure FDA00029689434100000219
Validity of the signature;
Figure FDA0002968943410000031
Tethe validity period of the task, T the task,
Figure FDA0002968943410000032
in order to be the temporary public key,
Figure FDA0002968943410000033
is a temporary public key;
Figure FDA0002968943410000034
Figure FDA0002968943410000035
(3.2) after passing the verification, the mobile terminal equipment ViComputing
Figure FDA0002968943410000036
Thereby obtaining task T and temporary public key
Figure FDA0002968943410000037
Wherein DEC is ECC-160 decryption operation;
(3.3) then, the mobile terminal device ViCollecting data according to task T and generating mobile group perception data report Pi
(3.4) as protection Pi,ViSelecting random numbers
Figure FDA0002968943410000038
Then, calculating:
Figure FDA0002968943410000039
wherein Enc is AES-128 encryption operation; j. the design is a squarei、Xi、Yi、LiAnd ZiAre all temporary variables; j. the design is a squareiAnd ZiIs a report component;
(3.5) to ensure the integrity and Authenticity of the report, ViRandom selection of wi,
Figure FDA00029689434100000310
And calculating:
Figure FDA00029689434100000311
wherein A isiAs a signature part, BiComputing the intermediate part for the signature, DiAs a signature part, EiFor signature, HiHiding a portion for a signature identity;
(3.6) the mostThen, the mobile terminal device ViTo fog node FiThe following information is sent:
Vi→Fi:N,Ji,Pi,Zi,Hi,Ei
the data report deduplication in the step (4) specifically comprises the following steps:
(4.1) fog node FiFrom different mobile terminal devices ViReceiving a Mobile group awareness report PiThen, therein is provided with PiIn n reports, FiPerforming data report deduplication and signature aggregation operations: first, for each Ji,FiComputing
Figure FDA0002968943410000041
Then, FiAccording to YiTo detect duplicate data reports Q;
(4.2) to record the contribution of duplicate reports, fog node FiThe corresponding signatures are subjected to the following aggregation operations:
Figure FDA0002968943410000042
(4.3) fog node FiRandomly selecting one of the duplicate reports
Figure FDA0002968943410000043
And sends the following information to the cloud service provider SC:
Figure FDA0002968943410000044
wherein the content of the first and second substances,
Figure FDA0002968943410000045
e is a bilinear operation, and e is a bilinear operation,
Figure FDA0002968943410000046
is a random in QA particular element, j being the element in the remaining (n-Q) non-repeating reports that make up a set;
the data report confirmation in the step (5) comprises the following specific steps:
(5.1) when cloud service provider SC receives mist node FiAfter the transmitted aggregation report, report signature confirmation is performed by judging whether the following equation stands:
Figure FDA0002968943410000047
(5.2) for other signatures 1 ≦ j ≦ n,
Figure FDA0002968943410000048
the cloud service provider SC performs report signature validation by determining whether the following equation stands:
Figure FDA0002968943410000051
wherein Q is a set of duplicate reports;
(5.3) after signature verification, SC forwards the valid report to CiAs follows:
Figure FDA0002968943410000052
the data report decryption in the step (6) specifically comprises the following steps:
(6.1) when the user receives the crowd sensing data report, calculating the following formula:
Figure FDA0002968943410000053
(6.2) then, CiCheck equation Yi′=YiIf true, discard quorum-sensing data report P if the equality is not truei', if the equation holds true, the retained population perception data report Pi';
The specific steps of rewarding and canceling in the step (7) are as follows:
(7.1) in the task allocation process, the cloud service provider SC selects a random number
Figure FDA0002968943410000054
And calculate
Figure FDA0002968943410000055
The SC then sends the task over a secure channel
Figure FDA0002968943410000056
To each selected fog node Fi(ii) a Finally, FiCalculating KiAnd to the mobile terminal device ViSending
Figure FDA0002968943410000057
Figure FDA0002968943410000058
(7.2) in the data Collection Process, ViComputing
Figure FDA0002968943410000059
And Mi=Enc(mi,ai) (ii) a Finally, ViThe following information is sent:
Vi→Fi:N,Ji,Mi,Pi,Zi,Hi,Ei.
(7.3) in the report deduplication Process, FiTo be selected ViAnd MiIs returned to the SCi
(7.4) in the report validation Process, SCiComputing
Figure FDA00029689434100000510
And Vi=Dec(mi,Mi) Where Dec is the AES-128 decryption operation;
SCiafter passing report verification, pass check
Figure FDA0002968943410000061
Whether it holds to recover each contributor; and can recover the failed authentication of the internal attacker.
CN201911211573.8A 2019-12-02 2019-12-02 Mobile group perception data report duplication removing method based on fog calculation and privacy protection Active CN111211903B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911211573.8A CN111211903B (en) 2019-12-02 2019-12-02 Mobile group perception data report duplication removing method based on fog calculation and privacy protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911211573.8A CN111211903B (en) 2019-12-02 2019-12-02 Mobile group perception data report duplication removing method based on fog calculation and privacy protection

Publications (2)

Publication Number Publication Date
CN111211903A CN111211903A (en) 2020-05-29
CN111211903B true CN111211903B (en) 2021-06-11

Family

ID=70787981

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911211573.8A Active CN111211903B (en) 2019-12-02 2019-12-02 Mobile group perception data report duplication removing method based on fog calculation and privacy protection

Country Status (1)

Country Link
CN (1) CN111211903B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112929167B (en) * 2021-02-03 2022-02-15 华南理工大学 Data aggregation method for protecting privacy in crowd sensing based on fog-assisted mobile

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108377264A (en) * 2018-02-05 2018-08-07 江苏大学 Vehicular ad hoc network quorum-sensing system data report De-weight method
CN108400970A (en) * 2018-01-20 2018-08-14 西安电子科技大学 Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment
CN109783456A (en) * 2019-01-17 2019-05-21 暨南大学 Go weight structure building method, De-weight method, file retrieval methods, machining system
CN109995505A (en) * 2019-03-07 2019-07-09 西安电子科技大学 A kind of mist calculates data safety machining system and method, cloud storage platform under environment
CN111587407A (en) * 2017-11-10 2020-08-25 辉达公司 System and method for safe and reliable autonomous vehicle

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8874477B2 (en) * 2005-10-04 2014-10-28 Steven Mark Hoffberg Multifactorial optimization system and method
CN109862114B (en) * 2019-03-12 2021-08-10 南京邮电大学 Safe vehicle crowd-sourcing sensing method based on fog calculation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111587407A (en) * 2017-11-10 2020-08-25 辉达公司 System and method for safe and reliable autonomous vehicle
CN108400970A (en) * 2018-01-20 2018-08-14 西安电子科技大学 Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment
CN108377264A (en) * 2018-02-05 2018-08-07 江苏大学 Vehicular ad hoc network quorum-sensing system data report De-weight method
CN109783456A (en) * 2019-01-17 2019-05-21 暨南大学 Go weight structure building method, De-weight method, file retrieval methods, machining system
CN109995505A (en) * 2019-03-07 2019-07-09 西安电子科技大学 A kind of mist calculates data safety machining system and method, cloud storage platform under environment

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"A Privacy-Preserving Fog Computing Framework for Vehicular Crowdsensing Networks";Jiannan W , Xiaojie W;《IEEE Access》;20180731;全文 *
"Secure and Deduplicated Spatial Crowdsourcing: A Fog-Based Approach";Jianbing Ni;;《2016 IEEE Global Communications Conference (GLOBECOM)》;20170206;全文 *
"Secure and Privacy-Preserving Report De-duplication in the Fog-Based Vehicular Crowdsensing System";Shunrong Jiang; Jianqing Liu;《2018 IEEE Global Communications Conference (GLOBECOM)》;20190221;论文第2页第3节至第4页第4节 *
"Security and privacy preservation in fog-based crowd sensing on the internet of vehicles";GangSun,SiyuSun;《Journal of Network and Computer Applications》;20190515;全文 *

Also Published As

Publication number Publication date
CN111211903A (en) 2020-05-29

Similar Documents

Publication Publication Date Title
US11930123B2 (en) Cryptographic methods and systems for managing digital certificates
Islam et al. A robust and efficient password-based conditional privacy preserving authentication and group-key agreement protocol for VANETs
Ma et al. An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks
CN108964919B (en) Lightweight anonymous authentication method with privacy protection based on Internet of vehicles
Cui et al. HCPA-GKA: A hash function-based conditional privacy-preserving authentication and group-key agreement scheme for VANETs
Azees et al. EAAP: Efficient anonymous authentication with conditional privacy-preserving scheme for vehicular ad hoc networks
Wang et al. 2FLIP: A two-factor lightweight privacy-preserving authentication scheme for VANET
Kong et al. Achieving privacy-preserving and verifiable data sharing in vehicular fog with blockchain
Cheng et al. PPVF: privacy-preserving protocol for vehicle feedback in cloud-assisted VANET
Yoon et al. A user friendly authentication scheme with anonymity for wireless communications
Tan et al. Secure certificateless authentication and road message dissemination protocol in VANETs
Kang et al. Highly efficient randomized authentication in VANETs
Verma et al. An efficient and provable certificate-based proxy signature scheme for IIoT environment
CN105812354B (en) Location privacy protection method based on attack resistance in car networking under a kind of LBS background
Jiang et al. Anonymous and efficient authentication scheme for privacy-preserving distributed learning
Wang et al. STAMP: Ad hoc spatial-temporal provenance assurance for mobile users
Jiang et al. No one can track you: Randomized authentication in vehicular ad-hoc networks
Wang et al. A practical authentication framework for VANETs
Ahamed et al. EMBA: An efficient anonymous mutual and batch authentication schemes for vanets
Zhang et al. A Novel Privacy‐Preserving Authentication Protocol Using Bilinear Pairings for the VANET Environment
Hu et al. Efficient privacy-preserving schemes for dot-product computation in mobile computing
Alamer et al. A privacy-preserving scheme to support the detection of multiple similar request-real-time services in IoT application systems
Ko et al. Modifying the ECC-based grouping-proof RFID system to increase inpatient medication safety
Song et al. Secure authentication in motion: A novel online payment framework for drive-thru Internet
CN111211903B (en) Mobile group perception data report duplication removing method based on fog calculation and privacy protection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230718

Address after: 221000 No. 6, Keji Road, Xuzhou Economic and Technological Development Zone, Xuzhou City, Jiangsu Province

Patentee after: XCMG Hanyun Technology Co.,Ltd.

Address before: Nanhu campus of China University of mining and technology

Patentee before: CHINA University OF MINING AND TECHNOLOGY

TR01 Transfer of patent right