Disclosure of Invention
The invention provides a searchable encryption privacy protection method and system based on the Internet of vehicles, aiming at the problem that privacy data in the Internet of vehicles system cannot be effectively guaranteed. Meanwhile, in order to facilitate public information exchange, the server generates a corresponding RSA key pair according to the vehicle-mounted ID, end-to-end information interaction is facilitated, and privacy of a user is protected.
A searchable encryption privacy protection model based on the Internet of vehicles comprises the following steps.
Step 1: an encryption model based on the privacy data of the Internet of vehicles users is established, a user model verification mechanism is provided, and illegal users are prevented from using the system without verification.
If the user verification fails for multiple times, recording the access information of the user, and forbidding the user to continue accessing; if the user authentication is passed, the user is allowed access.
Step 2: and formulating a safety evaluation standard according to the current network or system state of the user.
Marking the safety level of the user as 1 to 10 points, and if the point is lower than 6 points, feeding an unsafe state back to the user; if the score is less than 3, the user is prompted to receive and send necessary basic data, the private data cannot be accessed, and the privacy safety of the user is guaranteed.
And step 3: in the key management of the Internet of vehicles, the vehicle-mounted equipment stores the PIN code and the private key of a user, and the chip is used for blocking storage, so that the key is prevented from being leaked from a hardware end, and the safety of the user is guaranteed.
For sensitive or private data in the Internet of vehicles, the vehicle-mounted equipment and the server can carry out safety check on the sensitive or private data, and the sensitive or private data are isolated and executed in a fixed area in the vehicle-mounted equipment, and are blocked by hardware, so that the risk of leakage is prevented.
And 4, step 4: and a searchable encryption strategy is adopted for the user data in the Internet of vehicles system, namely all data of the user are encrypted and transmitted by using the password stored in the hardware system and are stored in the server in a ciphertext mode, and the server does not store any key information.
The server adopts an encryption search strategy for the user data, namely all data participate in the search in an encryption state and are transmitted back to the user in a ciphertext state.
And 5: all information sent to the user equipment by the server is encrypted according to the RSA public key corresponding to the ID of the vehicle-mounted equipment and is pushed to the user equipment.
After receiving the data of the server, the vehicle-mounted equipment of the user decrypts the encrypted data by using the private key stored in the hardware equipment, so that the confidential transmission of the data is realized.
Step 6: the server adopts a safety monitoring mechanism, and when abnormal behaviors are detected, the server processes the corresponding abnormity.
When the server detects that the user guesses the attack by adopting the keywords, the server limits the behavior of the user and prevents the risk of unauthorized access.
Meanwhile, the abnormal behaviors of the user are early warned in time, and the private data of the Internet of vehicles is prevented from being revealed.
A searchable encryption privacy protection method based on the Internet of vehicles comprises the following processes:
and in the user verification stage, comparing the current information state according to the record of the user stored in the system, if the user behavior is in an abnormal state, reducing the current user safety score, and triggering a corresponding rule according to a safety evaluation standard.
And if the user behavior is normal and meets the safety evaluation standard, allowing the user to pass the relevant operation on the server.
The user safety evaluation standard in the internet of vehicles is 1-10 points, when the user starts the internet of vehicle-mounted equipment, the server can comprehensively measure the safety score according to the feedback information condition, and only when the score is more than 6 points, all data can be requested in the server.
When the score is larger than 8 minutes, the personal privacy information of the user can be modified.
When the user score is lower than 6 minutes, information is fed back to the user equipment to prompt risks, meanwhile, the operation of the user is limited, and only basic services are provided for the user.
When the user score is lower than 3 minutes, the user operation is further limited, an access prohibition strategy is adopted for sensitive data of the user, only public data is provided for the user, and user information leakage is prevented.
The key of the vehicle-mounted equipment is protected in an isolation mode, the key is stored in a fixed area of the vehicle-mounted equipment, only local access is allowed in a hardware blocking mode, and network access is forbidden.
When the encrypted data are transmitted to the vehicle-mounted equipment, the data can call the secret key in the fixed area to carry out decryption operation, then the decrypted data are transmitted to the equipment to be used, the whole process is 'black box' operation, and therefore the secret key protection function is achieved.
Aiming at the processing of the privacy encrypted data, the vehicle-mounted equipment can decrypt and identify the data according to the fixed coding file header of the data, and when the data is identified as the privacy data in the decryption process, the data is immediately transferred to an isolation region for operation, so that secondary protection is performed on the basis of a 'black box'.
The data request process in the Internet of vehicles is a server database search process, when the data in the Internet of vehicles is requested, the data is in an encrypted state, and the server does not store a secret key.
Therefore, conventional search cannot be used, and an encrypted search strategy must be adopted, namely, data is searched in a ciphertext mode, and corresponding search ciphertext information is acquired according to an agreed rule or constraint relation, so that the aim of user privacy data interaction is fulfilled.
The public information pushed in the server is also encrypted, the corresponding RSA public key is selected according to the ID of the user, the public information is encrypted and transmitted, and meanwhile, two encryption strategies are applied, so that encryption identification or encryption guess can be removed, and the aim of ciphertext confusion is achieved.
After the vehicle-mounted equipment receives the public information, the RSA private key stored in the fixed area is called to be decrypted according to the appointed file header or rule, and the data reading work is completed.
In the security monitoring of the server, the behavior of the user is analyzed, and the behavior of the user is restrained according to the scores in the security evaluation standard.
Processing abnormal data or abnormal operation in time; aiming at keyword guessing attack, as all information is in a ciphertext form, meaningless operation of a user is monitored in time, the authority of the user is adjusted, and user information is prevented from being leaked.
A searchable encryption privacy protection system based on the Internet of vehicles comprises the following main contents:
and the system initialization module initializes a secret key, a PIN code, a private key of RSA, public parameters of the server, an RSA public key of the server and the like in the fixed area of the vehicle-mounted equipment.
And the data encryption module is used for completing the encryption process of the data in the vehicle-mounted equipment, realizing local encryption by using 128 bits of the DES and uploading the data to the server side in a ciphertext mode.
Meanwhile, a fixed encryption file header is agreed with the server to distinguish different data types, and the file header is encrypted by adopting an RSA public key published by the server.
When the server pushes information to the vehicle-mounted equipment, the RSA public key corresponding to the vehicle-mounted equipment is acquired through the ID of the vehicle-mounted equipment to carry out public encryption and is sent to the specified vehicle-mounted equipment.
And the server decrypts the file header according to the RSA private key of the server side, determines the data type, stores the encrypted information into the designated server, and makes a correlation relationship, so that subsequent search is facilitated.
After the data of the server is received by the vehicle-mounted equipment, the file header is decrypted through the RSA secret key stored in the fixed area, and whether the data is the private data or not is determined.
If the data is common data, directly decrypting the data; if the private data is the private data, the security isolation area needs to be transferred for decryption protection.
The vehicle-mounted equipment sends a data request, the server side obtains a corresponding search encryption key ciphertext according to the data request of the user, relevant information corresponding to the user is found through ciphertext search and is returned to the vehicle-mounted equipment for processing, and meanwhile, the server side records the search condition of the user and prevents keyword attack.
And the server evaluates the safety index of the user according to the system condition of the user, and performs corresponding processing according to the corresponding safety level to prevent user information from being leaked.
The server side of the car networking safety monitoring module can monitor the request information of the user according to the user flow, prevent keyword attack, limit the access authority of the user according to the safety evaluation information, implement the behavior of the monitoring user and guarantee the safety of the car networking system.
The beneficial effects are as follows.
The invention provides a searchable encryption privacy protection method and system based on the Internet of vehicles. Since the data in the internet of vehicles contains more private information of users, especially characteristic values of vehicles, and the information is directly transmitted in the network in a plaintext manner, the information is easily monitored or stolen. Meanwhile, when information is transmitted in an encrypted form, it is secure in a communication channel, and when a server of a third party is in an unsecured state, a key stored in the server is also leaked, which eventually causes user information leakage. Therefore, the invention provides a searchable encryption privacy protection solution based on a vehicle network, data between a server and vehicle networking equipment is encrypted and transmitted, the server stores encrypted data and cannot check data information, and the privacy safety of a user is guaranteed; when the user side acquires data, encrypted searching is adopted. In the whole process, the data are in an encrypted state, so that the system safety of the whole Internet of vehicles is realized.
Detailed Description
The invention is further explained below with reference to the drawings and the embodiments.
As shown in fig. 1, a searchable encryption privacy protection method and model based on internet of vehicles includes the following steps:
step 1: an encryption model based on the privacy data of the Internet of vehicles users is established, a user model verification mechanism is provided, and illegal users are prevented from using the system without verification.
If the user verification fails for multiple times, recording the access information of the user, and forbidding the user to continue accessing; if the user authentication is passed, the user is allowed access.
Step 2: and formulating a safety evaluation standard according to the current network or system state of the user. And evaluating according to the system security model and the level of line security, and feeding back information to the user in time when the system detects that the user is in an unsafe link state.
Meanwhile, the car networking system also analyzes and processes the unsafe factors, and the safety of the privacy data of the car networking users is guaranteed to the greatest extent.
Marking the safety level of the user as 1 to 10 points, and if the point is lower than 6 points, feeding an unsafe state back to the user; if the score is less than 3, the user is prompted to receive and send necessary basic data, the private data cannot be accessed, and the privacy safety of the user is guaranteed.
And step 3: in the key management of the Internet of vehicles, the vehicle-mounted equipment stores the PIN code and the private key of a user, and the chip is used for blocking storage, so that the key is prevented from being leaked from a hardware end, and the safety of the user is guaranteed.
For sensitive or private data in the Internet of vehicles, the vehicle-mounted equipment and the server can carry out safety check on the sensitive or private data, and the sensitive or private data are isolated and executed in a fixed area in the vehicle-mounted equipment, and are blocked by hardware, so that the risk of leakage is prevented.
The data of the user is encrypted, transmitted and stored, and useful information cannot be acquired even if the data of the user is illegally stolen. On the other hand, in order to prevent data theft of a legal user disguised by an attacker, a user verification mechanism is introduced into the model to verify the safety of the user, and only the user passing the verification can obtain accurate data search permission.
And 4, step 4: and a searchable encryption strategy is adopted for the user data in the Internet of vehicles system, namely all data of the user are encrypted and transmitted by using the password stored in the hardware system and are stored in the server in a ciphertext mode, and the server does not store any key information.
The server adopts an encryption search strategy for the user data, namely all data participate in the search in an encryption state and are transmitted back to the user in a ciphertext state.
And 5: all information sent to the user equipment by the server is encrypted according to the RSA public key corresponding to the ID of the vehicle-mounted equipment and is pushed to the user equipment.
After receiving the data of the server, the vehicle-mounted equipment of the user decrypts the encrypted data by using the private key stored in the hardware equipment, so that the confidential transmission of the data is realized.
Step 6: the server adopts a safety monitoring mechanism, and when abnormal behaviors are detected, the server processes the corresponding abnormality.
Meanwhile, user behavior data are compared, an abnormal search database is established, abnormal data characteristics are extracted, keyword attack or keyword guess attack is timely processed, and privacy safety of users is guaranteed. Meanwhile, the abnormal states of the server process and the system are monitored in real time, and abnormal behaviors are processed in time.
When the server detects that the user guesses the attack by adopting the keywords, the server limits the behavior of the user and prevents the risk of unauthorized access.
Meanwhile, the abnormal behaviors of the user are early warned in time, and the private data of the Internet of vehicles is prevented from being revealed.
Analysis of transmission line safety. Since the user data is transmitted in the public link in the internet, in order to prevent unnecessary data theft or tampering, security analysis can be performed on the routing node of the transmission line, and security classification processing can be performed on each routing forwarding link. In the data transmission process, the optimal safe route is selected within the range of reasonable bandwidth delay, and the safety of system data transmission is ensured.
As shown in fig. 2, a searchable encryption privacy protection model system based on the internet of vehicles is mainly described as follows.
The system initialization module is used for ensuring that a legal user can acquire or modify the information of the user and establishing a corresponding safety protection mechanism based on the safety requirements of the user in the Internet of vehicles and the data storage and processing of the user are performed in a cloud system.
And initializing a secret key, a PIN code, a private key of RSA, public parameters of a server, an RSA public key of the server and the like of the fixed area of the vehicle-mounted equipment.
And the data encryption module is used for completing the encryption process of the data in the vehicle-mounted equipment, realizing local encryption by using 128 bits of the DES and uploading the data to the server side in a ciphertext mode.
Meanwhile, a fixed encryption file header is agreed with the server to distinguish different data types, and the file header is encrypted by adopting an RSA public key published by the server.
When the server pushes information to the vehicle-mounted equipment, the RSA public key corresponding to the vehicle-mounted equipment is acquired through the ID of the vehicle-mounted equipment to carry out public encryption and is sent to the specified vehicle-mounted equipment.
And the server decrypts the file header according to the RSA private key of the server side, determines the data type, stores the encrypted information into the designated server, and makes a correlation relationship, so that subsequent search is facilitated.
After the data of the server is received by the vehicle-mounted equipment, the file header is decrypted through the RSA secret key stored in the fixed area, and whether the data is the private data or not is determined.
If the data is common data, directly decrypting the data; if the private data is the private data, the security isolation area needs to be transferred for decryption protection.
The vehicle-mounted equipment sends a data request, the server side obtains a corresponding search encryption key ciphertext according to the data request of the user, relevant information corresponding to the user is found through ciphertext search and is returned to the vehicle-mounted equipment for processing, and meanwhile, the server side records the search condition of the user and prevents keyword attack.
And the server evaluates the safety index of the user according to the system condition of the user, and performs corresponding processing according to the corresponding safety level to prevent user information from being leaked.
The server side of the car networking safety monitoring module can monitor the request information of the user according to the user flow, prevent keyword attack, limit the access authority of the user according to the safety evaluation information, implement the behavior of the monitoring user and guarantee the safety of the car networking system.
In summary, the invention provides a searchable encryption privacy protection method and system based on the internet of vehicles, and the method accurately searches information of a user in an encrypted state in a cloud server under the condition that user data is ensured to be encrypted, so that privacy safety of the user is protected. Since the data in the internet of vehicles contains more private information of users, especially characteristic values of vehicles, and the information is directly transmitted in the network in a plaintext manner, the information is easily monitored or stolen. Meanwhile, when information is transmitted in an encrypted form, it is secure in a communication channel, and when a server of a third party is in an unsecured state, a key stored in the server is also leaked, which eventually causes user information leakage.
Therefore, the invention provides a searchable encryption privacy protection solution based on a vehicle network, data between a server and vehicle networking equipment is encrypted and transmitted, the server stores encrypted data and cannot check data information, and the privacy safety of a user is guaranteed; when the user side acquires data, encrypted searching is adopted. In the whole process, the data are in an encrypted state, so that the system safety of the whole Internet of vehicles is realized.
The embodiments described herein are merely illustrative of the present invention, and those skilled in the art can make modifications, additions or substitutions to the embodiments according to the actual situation without departing from the spirit of the invention or exceeding the scope of the claims.