CN114553547A - Data authentication method and system for block chain sensor capable of being managed - Google Patents
Data authentication method and system for block chain sensor capable of being managed Download PDFInfo
- Publication number
- CN114553547A CN114553547A CN202210172464.5A CN202210172464A CN114553547A CN 114553547 A CN114553547 A CN 114553547A CN 202210172464 A CN202210172464 A CN 202210172464A CN 114553547 A CN114553547 A CN 114553547A
- Authority
- CN
- China
- Prior art keywords
- data
- sensor
- group
- node
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000013524 data verification Methods 0.000 claims abstract description 17
- 238000004590 computer program Methods 0.000 claims description 16
- 235000006629 Prosopis spicigera Nutrition 0.000 claims description 3
- 240000000037 Prosopis spicigera Species 0.000 claims description 3
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 230000006870 function Effects 0.000 claims description 3
- 238000013507 mapping Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 abstract description 11
- 238000007726 management method Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000001915 proofreading effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data authentication method and a system of a monitorable block chain sensor.A sensor acquires first data, encrypts the first data, signs according to a private key of a sensor group, generates second data and sends the second data to a block chain node; verifying the group signature by the block link points according to the node group private key, judging whether the group signature comes from a sensor registered under the node, if so, entering the next step, otherwise, not receiving the data; performing data verification on data content of the second data, if the data verification is passed, performing decryption and data chaining on the second data, otherwise, determining a source sensor of the second data according to the node group private key and the group signature and performing supervision; the identity of the block chain sensor is verified by using the group signature algorithm, and the security of data transmission of the sensor is guaranteed by combining a public key encryption system, so that the sensor with problems can be effectively supervised, the accuracy of uplink data is improved, and the authenticity, validity and reliability of a data source are guaranteed.
Description
Technical Field
The invention relates to the technical field of Internet of things, in particular to a data authentication method and system for a monitorable block chain sensor.
Background
The Internet of things is a core element of new capital construction and is also a necessary path for digital transformation. The sensor is a detection device which can sense the measured information and output the sensed information in a certain form so as to meet the requirements of information transmission, processing, metering, storage and the like. The sensors are the bottommost layer and the frontmost edge of the technology of the Internet of things, and have very important significance for the development of the industry of the Internet of things.
The blockchain integrates the technologies of distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like, has the characteristics of decentralization, distrust, data non-falsification, traceability and the like, and can provide trust, ownership record, transparency and communication support for the Internet of things, so that a new thought is provided for solving the development problem of the Internet of things industry and expanding the development space of the Internet of things industry. For the security of the whole network, reliable and reliable authentication and data transmission of the sensor devices are important when the sensor devices are accessed into the network.
The potential safety hazard of the sensor comes from three aspects: very limited resources, unreliable communication, and unattended management. Due to the lack of a unified management and security authentication mechanism, the blockchain sensor is easily subjected to multiple attacks such as information tampering, information stealing, replaying and the like, and at present, an effective method for verifying the identity and the transmitted data of the blockchain sensor does not exist, and the data in the sensor is taken as the most basic data, so that the importance is self-evident. Therefore, the authenticable property of the sensor and the safety and reliability of the data are also problems to be solved.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the data authentication method and system for the monitorable block chain sensor can guarantee the reality, effectiveness and reliability of data transmission of the sensor in the block chain.
In order to solve the technical problems, the invention adopts the technical scheme that:
a data authentication method of a monitorable block chain sensor comprises the following steps:
s1, acquiring first data by a sensor, encrypting the first data, signing according to a private key of a sensor group, generating second data and sending the second data to a block chain node;
s2, the block link points verify the group signature according to the node group private key, and judge whether the group signature comes from a registered sensor under the node, if so, the step S3 is executed, otherwise, the data is not received;
and S3, performing data verification on the data content of the second data, if the data verification is passed, performing decryption and data chaining on the second data, and otherwise, determining a source sensor of the second data according to the node group private key and the group signature and performing supervision.
In order to solve the technical problem, the invention adopts another technical scheme as follows:
a data authentication system for a monitorable block chain sensor comprising a sensor and block chain nodes, the sensor comprising a first processor, a first memory and a first computer program stored in and executable on the first memory, the block chain nodes comprising a second processor, a second memory and a second computer program stored in and executable on the second memory, characterised in that the first processor, when executing the first computer program, carries out the steps carried out by the sensor in a method of data authentication for a monitorable block chain sensor of the above kind, and the second processor, when executing the second computer program, carries out the steps carried out by the block chain nodes in a method of data authentication for a monitorable block chain sensor of the above kind.
The invention has the beneficial effects that: according to the data authentication method and system for the monitorable block chain sensor, the identity of the block chain sensor is verified by using the group signature algorithm, the security of data transmission of the sensor is guaranteed by combining a public key encryption system, and the traceability of the group signature improves the management and supervision of the sensor, so that the sensor with problems can be effectively supervised, the accuracy of uplink data is improved, the efficiency of a block chain network is maintained, and the authenticity, the effectiveness and the reliability of a data source are guaranteed.
Drawings
FIG. 1 is a flowchart illustrating a data authentication method for a monitorable block chain sensor according to an embodiment of the present invention;
FIG. 2 is a block diagram of a data authentication system for a monitorable block chain sensor according to one embodiment of the present invention;
FIG. 3 is a communication connection diagram illustrating a data authentication method for a monitorable block chain sensor according to an embodiment of the present invention;
FIG. 4 is a partial data communication diagram illustrating a data authentication method for a monitorable block chain sensor according to an embodiment of the present invention;
description of reference numerals:
1. a data authentication system for a monitorable block chain sensor; 2. a sensor; 3. a first processor; 4. a first memory; 5. a block chain node; 6. a second processor; 7. a second memory.
Detailed Description
In order to explain technical contents, achieved objects, and effects of the present invention in detail, the following description is made with reference to the accompanying drawings in combination with the embodiments.
IPFS: the IPFS is a point-to-point distributed file system, any node has no privilege, the IPFS network adopts a multipoint backup mechanism, single-point failure does not exist, data loss caused by failure of a certain node can be avoided, and therefore the nodes do not need to trust each other. When the file is stored in the IPFS, the node can calculate the unique corresponding hash value according to the content of the file, and the data cannot be deleted and permanently stored.
Group signature: in group signature, the group members can anonymously represent the group to carry out signature, and the verifier can only verify whether the signer is signed by the group members, and cannot determine the true identity of the signer. If necessary, the swarm manager can turn on the swarm signature to track the true identity of the swarm signature.
Referring to fig. 1, fig. 3 and fig. 4, a data authentication method for a monitorable block chain sensor includes the steps of:
s1, acquiring first data by a sensor, encrypting the first data, signing according to a private key of a sensor group, generating second data and sending the second data to a block chain node;
s2, the block link points verify the group signature according to the node group private key, and judge whether the group signature comes from a registered sensor under the node, if so, the step S3 is executed, otherwise, the data is not received;
and S3, performing data verification on the data content of the second data, if the data verification is passed, performing decryption and data chaining on the second data, and otherwise, determining a source sensor of the second data according to the node group private key and the group signature and performing supervision.
From the above description, the beneficial effects of the present invention are: according to the data authentication method and system for the monitorable block chain sensor, the identity of the block chain sensor is verified by using the group signature algorithm, the security of data transmission of the sensor is guaranteed by combining a public key encryption system, and the traceability of the group signature improves the management and supervision of the sensor, so that the sensor with problems can be effectively supervised, the accuracy of uplink data is improved, the efficiency of a block chain network is maintained, and the authenticity, the effectiveness and the reliability of a data source are guaranteed.
Further, the step S1 is preceded by the step of:
s01, registering the blockchain system by the blockchain node i and generating a node group public and private key pair { Gpki,Gski};
S02, applying for authentication from the sensor j to the block link point i;
s03, generating unique identity for sensor j by block chain link point iAnd according to the node group public key GpkiAnd the unique identificationGenerating a sensor group private key for sensor jAnd private-keying the sensor groupSending the information to a sensor j;
the determining, in step S3, the source sensor of the second data according to the node group private key and the group signature specifically includes:
according to the private key Gsk of the node groupiOpening the group signature and obtaining the unique identification in the group signatureAccording to the unique identityA source sensor of the second data is determined.
As can be seen from the above description, the formation of the sensor group private key includes the node group public key and the unique identity of the sensor, so that the block chain node can verify the group signature generated by the sensor according to the node group private key, and can determine the identity of the sensor.
Further, the step S03 further includes the steps of:
s031, identify the unique identity of the sensor j by a block link point iAdding the information into a registration list;
the determining and monitoring the source sensor of the second data according to the node group private key and the group signature in step S3 specifically includes:
opening the group signature according to the node group private key and acquiring the unique identity thereofAccording to the unique identityDetermining a source sensor of the second data and identifying the unique identityAnd deleting the data from the registration list, and not receiving the data sent by the sensor j.
As can be seen from the above description, when a sensor is registered, the blockchain node stores its unique identity into the registration list, and when there is a problem in the sensor data, deletes the information of the corresponding sensor from the registration list, and does not receive the data of the sensor any more.
Further, the group public and private key pair { Gpk } in the step S01i,GskiThe generation of the method is specifically as follows:
setting the system parameter Gpara ═ from the block link point i (G)1,G2,GT,g1,g2E, p) and construct two hash function mappings H0:{0,1}*→G1And H1:{0,1}*→ZP;
Wherein G is1、G2And GTIs a cyclic group of order p, g1And g2Are each G1And G2G is the generator of1*G2→GTIs a bilinear map, p is a prime number;
Generating a group public key:
Gpki=(p,G1,G2,GT,e,g1,g2,h,u,v1,v2,ω,H0,H1);
and a group private key:
Gski=(k1,k2,γ)。
as can be seen from the above description, a group public and private key pair is generated in the above manner.
Further, the registering from the blockchain node i to the blockchain system in step S01 specifically includes:
applying for registration from the blockchain node i to the blockchain system to obtain a node public and private key pair { Mpk } of the blockchain nodei,Mski};
private keying a sensor groupAnd node public key Mpk of blockchain nodeiSending the information to a sensor j;
the step S1 of encrypting the first data and signing according to the sensor group private key, generating second data and sending to the block link point specifically includes the steps of:
s11, passing the data including the first data m acquired in real time through the public key Mpk of the blockchain node i by the sensoriEncrypting to obtain a ciphertext CT;
s12, the sensor uses the private key of the sensor groupAnd performing group signature on the data comprising the ciphertext CT to obtain second data and sending the second data to a block chain node.
As can be seen from the above description, in the second data, the acquired first data m is encrypted and transmitted through the public key of the block chain node, so that the block chain node is ensured to acquire the first data m, and the security of the data is improved.
Further, the private key of the sensor groupAnd node public key Mpk of blockchain nodeiThe signals sent to sensor j are specifically:
private keying of sensor groupsThe unique identificationAnd node public key Mpk of blockchain nodeiSending the information to a sensor j;
the step S11 specifically includes:
passing said node public key Mpk by the sensoriFor including the unique identityEncrypting the data of the first data m acquired in real time to obtain a ciphertext CT;
the step S12 specifically includes:
by the sensor from the sensor group private keyPerforming group signature on the data comprising the ciphertext CT and the unique identity to obtain second data and sending the second data to a block chain node;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
s31, block link points are selected according to the private key Msk of the nodeiDecrypting the ciphertext CT to obtain the first data m and the unique identity of the sensor j
S32, decrypting the unique identificationAnd a unique identity contained in the second data at the time of transmissionAnd carrying out consistency check.
According to the description, the second data and the ciphertext CT both contain the unique identity of the sensor, and the block link points ensure the accuracy of the data source through the proofreading of the two unique identity, so that the data is not tampered.
Further, the step S02 is specifically:
generation of sensor public and private key pair { pk ] by sensor jj,skjSubmitting the sensor public and private key pair { pk ] to a block link point ij,skjFourthly, applying for authentication;
the step S12 specifically includes:
the sensor j signs the ciphertext CT according to the sensor public key to obtainAnd including the ciphertext CT and the ciphertext CT according to the sensor group private key pairPerforming group signature on the data to obtain second data and sending the second data to a block chain node;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
According to the description, the sensor also uses the sensor public key to sign the ciphertext CT, and the block chain checks the ciphertext CT according to the sensor private key, so that the accuracy of a data source is ensured.
Further, the step S12 is specifically:
calculating a hash value H (CT) of the ciphertext CT by a sensor j, performing group signature on data comprising the ciphertext CT and the H (CT) according to the sensor group private key to obtain second data, and sending the second data to a block chain node;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
s34, performing a hash operation on the ciphertext CT to obtain h (CT) ', and performing a consistency check on the h (CT)' and the h (CT) included in the second data.
As can be seen from the above description, the second data includes the hash value of the ciphertext CT, and the block link point may ensure that the ciphertext CT is not tampered by calculating the hash value of the ciphertext CT and comparing the hash value with the hash value included in the second data.
Referring to fig. 2, a data authentication system of a monitorable block chain sensor includes a sensor and a block chain node, the sensor includes a first processor, a first memory, and a first computer program stored in the first memory and executable on the first processor, the block chain node includes a second processor, a second memory, and a second computer program stored in the second memory and executable on the second processor, the first processor, when executing the first computer program, implements the steps performed by the sensor in the above data authentication method of the monitorable block chain sensor, and the second processor, when executing the second computer program, implements the steps performed by the block chain node in the above data authentication method of the monitorable block chain sensor.
The data authentication method and system for the monitorable block chain sensor are suitable for verifying the identity of the sensor and transmitted data under the block chain environment, and the real, effective and reliable scene of data transmission of the sensor in the block chain is guaranteed.
Referring to fig. 1, fig. 3 and fig. 4, a first embodiment of the present invention is:
a data authentication method of a monitorable blockchain sensor, which is mainly executed by a blockchain node i ( i 1, 2.. multidot.n) and a blockchain sensor j ( j 1, 2.. multidot.n), where i and j are both natural numbers, comprising the steps of:
s01, registering the blockchain system by the blockchain node i and generating a node group public and private key pair { Gpki,Gski};
The step S01 of registering the blockchain node i with the blockchain system specifically includes:
applying for registration from the blockchain node i to the blockchain system to obtain a node public and private key pair { Mpk } of the blockchain nodei,Mski};
The group public and private key pair { Gpk } in the step S01i,GskiThe generation of the method is specifically as follows:
setting the system parameter Gpara ═ from the block link point i (G)1,G2,GT,g1,g2E, p) and construct two hash function mappings H0:{0,1}*→G1And H1:{0,1}*→ZP;
Wherein G is1、G2And GTIs a cyclic group of order p, g1And g2Are each G1And G2G is the generator of1*G2→GTIs a bilinear map, p is a prime number;
Generating a group public key:
Gpki=(p,G1,G2,GT,e,g1,g2,h,u,v1,v2,ω,H0,H1);
and a group private key:
Gski=(k1,k2,γ)。
in this embodiment, system initialization is required, and after the block link point i is successfully registered, an encryption/decryption public/private key pair { Mpk }is obtainedi,MskiThen regenerated into a group public and private key pair Gpki,Gski}, group public key GpkiPublic, group private key GpkiStored securely by the node itself. The group public and private keys are generated as described above.
S02, applying for authentication from the sensor j to the block link point i;
the step S02 specifically includes:
generation of sensor public and private key pair { pk ] by sensor jj,skjSubmitting the sensor public and private key pair { pk ] to a block link point ij,skjAnd applying for authentication.
In this embodiment, the sensor j needs to be activated and used after being registered and authenticated by the blockchain node i, and therefore, the sensor j generates the public and private key pair { pkj,skjAfter that, it needs to submit a public and private key pair { pk ] to the block link point ij,skjAnd apply for authentication.
S03, generating unique identity for sensor j by block chain link point iAnd according to the node group public key GpkiAnd the unique identificationGenerating a sensor group private key for sensor jAnd private-keying the sensor groupSending the information to a sensor j;
said step SPrivate keying the sensor group as described in 03The signals sent to sensor j are specifically:
private keying a sensor groupThe unique identityAnd node public key Mpk of blockchain nodeiSending the information to a sensor j;
the step S03 further includes the steps of:
s031, identify the unique identity of the sensor j by a block link point iAnd adding the information into a registration list.
In this embodiment, the block link points are first determined according to the public key pk of the sensorjAnd a random number rand for generating a unique identity of the sensor
Then according to the unique identity of the sensorPublic key pkjAnd self-generated group public key GpkiTo generate a group private key for the sensor
For group signing messages.
In this embodiment, block link point i has its own public key MpkiGroup private key of sensorAnd unique identification of the sensorSending the unique identification to the sensor jGroup private key for sensorsAnd public and private key pair { pk ] of sensorj,skjIt is saved to the registration list RL to complete the registration of sensor j.
S1, acquiring first data by a sensor, encrypting the first data, signing according to a private key of a sensor group, generating second data and sending the second data to a block chain node;
the step S1 of encrypting the first data and signing according to the sensor group private key, generating second data and sending the second data to the block link point specifically includes the steps of:
s11, passing the data including the first data m acquired in real time through the public key Mpk of the blockchain node i by the sensoriEncrypting to obtain a ciphertext CT;
the step S11 specifically includes:
passing said node public key Mpk by the sensoriFor including the unique identityAnd encrypting the data of the first data m acquired in real time to obtain a ciphertext CT.
In this embodiment, the sensor j is registeredAnd after the operation is finished, the system is deployed in a preset area to start working. The sensor j collects the first data m in real time and passes through the public key Mpk of the blockchain node i together with the timestamp timeiEncrypting to obtain an encrypted ciphertext:
s12, the sensor uses the private key of the sensor groupAnd performing group signature on the data comprising the ciphertext CT to obtain second data and sending the second data to a block chain node.
The step S12 specifically includes:
calculating the Hash value H (CT) of the ciphertext CT by the sensor j, and signing the ciphertext CT according to the public key of the sensor to obtainAnd includes the ciphertext CT, the H (CT) and the ciphertext according to the sensor group private key pairAnd performing group signature on the data to obtain second data and sending the second data to the block chain node.
In this embodiment, the sensor j identifies the ciphertext CT and the unique identityCiphertext hashes H (CT) andby its own group private keyPerforming group signature to obtain second data sigma:
the second data sigma is then sent to the blockchain node i.
S2, the block link points verify the group signature according to the node group private key, and judge whether the group signature comes from a registered sensor under the node, if so, the step S3 is executed, otherwise, the data is not received;
in this embodiment, after receiving the information uploaded by the sensor j, the block link point i first uses its own group private key GskiTo verify if σ is from a sensor in the range of the node (registered with the node).
S3, performing data verification on the data content of the second data, if the data verification is passed, performing decryption and data chaining on the second data, otherwise, determining a source sensor of the second data according to a node group private key and the group signature and performing supervision;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
s31, block link points are selected according to the private key Msk of the nodeiDecrypting the ciphertext CT to obtain the first data m and the unique identity of the sensor j
S32, decrypting the unique identificationAnd a unique identity contained in the second data at the time of transmissionCarrying out consistency check;
in this embodiment, the block link point i decrypts the ciphertext CT, and verifies the unique id obtained by decryptionAnd contained in the second data at the time of transmissionUnique identityIf equal, equal returns 0, otherwise returns 1.
in this embodiment, the block link point i further needs to verify the signature informationIf correct, 0 is returned, otherwise 1 is returned.
S34, performing a hash operation on the ciphertext CT to obtain h (CT) ', and performing a consistency check on the h (CT)' and the h (CT) included in the second data.
In this embodiment, the block link point i performs hash operation on the ciphertext CT to obtain h (CT)', verifies whether the hash ciphertext is equal to the hash ciphertext h (CT) in the second data, returns 0 if the hash ciphertext is equal to the hash ciphertext, and returns 1 if the hash ciphertext is not equal to the hash ciphertext.
The determining, in step S3, the source sensor of the second data according to the node group private key and the group signature specifically includes:
according to the private key Gsk of the node groupiOpening the group signature and obtaining the unique identification in the group signatureAccording to the unique identityDetermining a source sensor of the second data;
the determining and monitoring the source sensor of the second data according to the node group private key and the group signature in step S3 specifically includes:
opening the group signature according to the node group private key and acquiring the unique identity thereofAccording to the unique identityDetermining a source sensor of the second data and identifying the unique identityAnd deleting the data from the registration list, and not receiving the data sent by the sensor j.
In this embodiment, if the above verifications are correct, the block link point i puts the decrypted first data m into an IPFS (inter platform File System), and obtains a corresponding address hashBlock chain node i hashes the addressAnd ciphertext Hash H (CT) packaging uplink, and the block chain node only needs to store the ciphertext Hash and the address Hash of IPFS, so that the face storage burden is reduced. If the verification is wrong, the block chain link point utilizes the group private key to open the group signature to obtain a corresponding unique identity and find out corresponding identity information in the registration list, the signature corresponds to the identity information of the sensor, the sensor j is added into the revocation list, the data of the sensor j cannot be uplink, the accuracy of uplink information is improved, the supervision performance of the block chain is improved, data replay, false data and the like can be prevented from being generated after the sensor is maliciously attacked, the error information uplink is avoided, and the block chain burden is reduced.
Referring to fig. 2, the second embodiment of the present invention is:
a data authentication system 1 for a monitorable blockchain sensor comprises a sensor 2 and a blockchain node 5, the sensor comprising a first processor 3, a first memory 4 and a first computer program stored in the first memory 4 and operable on the first processor 3, the blockchain node 5 comprising a second processor 6, a second memory 7 and a second computer program stored in the second memory 7 and operable on the second processor 6, the first processor 3 when executing the first computer program implementing the steps performed by the sensor 2 of the above embodiments, the second processor 6 when executing the second computer program implementing the steps performed by the blockchain node 5 of the above embodiments.
The invention discloses a data authentication method and a system of a monitorable block chain sensor, which mainly have the following principle: the identity of the sensor is distributed and verified by using the characteristic of the group signature algorithm, and the security of sensor data transmission is guaranteed by combining a public key encryption system.
In summary, the data authentication method and system for the monitorable block chain sensor provided by the invention verify the identity of the block chain sensor by using the group signature algorithm, ensure the security of the data transmission of the sensor by combining the public key encryption system, improve the management and supervision of the sensor by the traceability of the group signature, revoke the authority of the faulty sensor, improve the accuracy of uplink data, maintain the network efficiency of the block chain, and ensure the authenticity, validity and reliability of the data source. Meanwhile, the hash value of the ciphertext and the unique identity marks contained in different layers in transmission are verified, so that the data security is further ensured.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to the related technical fields, are included in the scope of the present invention.
Claims (9)
1. A data authentication method of a monitorable block chain sensor is characterized by comprising the following steps:
s1, acquiring first data by a sensor, encrypting the first data, signing according to a sensor group private key, generating second data and sending the second data to a block chain node;
s2, the block link points verify the group signature according to the node group private key, and judge whether the group signature comes from a registered sensor under the node, if so, the step S3 is executed, otherwise, the data is not received;
and S3, performing data verification on the data content of the second data, if the data verification is passed, performing decryption and data chaining on the second data, and otherwise, determining a source sensor of the second data according to the node group private key and the group signature and performing supervision.
2. The method for authenticating data of a monitorable block chain sensor according to claim 1 and wherein said step S1 is preceded by the steps of:
s01, registering the blockchain system by the blockchain node i and generating a node group public and private key pair { Gpki,Gski};
S02, applying for authentication from the sensor j to the block link point i;
s03, generating unique identity for sensor j by block chain link point iAnd according to the node group public key GpkiAnd the unique identificationGenerating a sensor group private key for sensor jAnd private-keying the sensor groupSending the information to a sensor j;
the determining, in step S3, the source sensor of the second data according to the node group private key and the group signature specifically includes:
3. The method for authenticating data of a monitorable block chain sensor according to claim 2 and wherein said step S03 further comprises the steps of:
s031, identify the unique identity of the sensor j by a block link point iAdding the information into a registration list;
the determining and monitoring the source sensor of the second data according to the node group private key and the group signature in step S3 specifically includes:
opening the group signature according to the node group private key and acquiring the unique identity thereofAccording to the unique identityDetermining a source sensor of the second data and identifying the unique identityAnd deleting the data from the registration list, and not receiving the data sent by the sensor j.
4. The method of claim 2, wherein the group public and private key pair { Gpk } in the step S01 is a public and private key pairi,GskiThe generation of the method is specifically as follows:
setting the system parameter Gpara ═ from the block link point i (G)1,G2,GT,g1,g2E, p) and construct two hash function mappings H0:{0,1}*→G1And H1:{0,1}*→ZP;
Wherein G is1、G2And GTIs a cyclic group of order p, g1And g2Are each G1And G2G is the generator of1*G2→GTIs a bilinear map, p is a prime number;
Generating a group public key:
Gpki=(p,G1,G2,GT,e,g1,g2,h,u,v1,v2,ω,H0,H1);
and a group private key:
Gski=(k1,k2,γ)。
5. the method according to claim 2, wherein the registration of the blockchain node i with the blockchain system in step S01 is specifically:
applying for registration from the blockchain node i to the blockchain system to obtain a node public and private key pair { Mpk } of the blockchain nodei,Mski};
private keying a sensor groupAnd node public key Mpk of blockchain nodeiSending the information to a sensor j;
the step S1 of encrypting the first data and signing according to the sensor group private key, generating second data and sending the second data to the block link point specifically includes the steps of:
s11, passing the data including the first data m acquired in real time through the public key Mpk of the blockchain node i by the sensoriEncrypting to obtain a ciphertext CT;
6. The method as claimed in claim 5, wherein the sensor group is private-keyedAnd node public key Mpk of blockchain nodeiThe signals sent to sensor j are specifically:
private keying a sensor groupThe unique identityAnd node public key Mpk of blockchain nodeiSending the information to a sensor j;
the step S11 specifically includes:
passing the node public key Mpk by the sensoriFor including the unique identityEncrypting the data of the first data m acquired in real time to obtain a ciphertext CT;
the step S12 specifically includes:
by the sensor from the sensor group private keyPerforming group signature on the data comprising the ciphertext CT and the unique identity to obtain second data and sending the second data to a block chain node;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
s31, block link points are selected according to the private key Msk of the nodeiDecrypting the ciphertext CT to obtain the first data m and the unique identity of the sensor j
7. The method for data authentication of a monitorable block chain sensor according to claim 5 and wherein said step S02 is specifically:
generation of sensor public and private key pair { pk ] by sensor jj,skjSubmitting the sensor public and private key pair { pk ] to a block link point ij,skjH, andplease authenticate;
the step S12 specifically includes:
the sensor j signs the ciphertext CT according to the sensor public key to obtainAnd including the ciphertext CT and the ciphertext CT according to the sensor group private key pairPerforming group signature on the data to obtain second data and sending the second data to a block chain node;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
8. The method according to claim 5, wherein the step S12 is specifically as follows:
calculating a hash value H (CT) of the ciphertext CT by a sensor j, performing group signature on data comprising the ciphertext CT and the H (CT) according to the sensor group private key to obtain second data, and sending the second data to a block chain node;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
s34, performing a hash operation on the ciphertext CT to obtain h (CT) ', and performing a consistency check on h (CT)' and the h (CT) included in the second data.
9. A data authentication system of a monitorable block chain sensor comprises a sensor and a block chain link point, the sensor comprising a first processor, a first memory and a first computer program stored in the first memory and executable on the first processor, the blockchain node comprises a second processor, a second memory and a second computer program stored in the second memory and executable on the second processor, wherein the first processor, when executing the first computer program, performs the steps performed by the sensor in a method for data authentication of a monitorable block chain sensor according to claims 1 to 8, the second processor, when executing the second computer program, performs the steps performed by the blockchain node in a method of data authentication of a monitorable blockchain sensor according to claims 1 to 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210172464.5A CN114553547B (en) | 2022-02-24 | 2022-02-24 | Data authentication method and system for manageable blockchain sensor |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210172464.5A CN114553547B (en) | 2022-02-24 | 2022-02-24 | Data authentication method and system for manageable blockchain sensor |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114553547A true CN114553547A (en) | 2022-05-27 |
CN114553547B CN114553547B (en) | 2024-06-07 |
Family
ID=81678376
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210172464.5A Active CN114553547B (en) | 2022-02-24 | 2022-02-24 | Data authentication method and system for manageable blockchain sensor |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114553547B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117579256A (en) * | 2023-10-12 | 2024-02-20 | 智慧工地科技(广东)有限公司 | Internet of things data management method and device |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108768992A (en) * | 2018-05-17 | 2018-11-06 | 深圳前海微众银行股份有限公司 | Information anonymous transmission method, equipment and readable storage medium storing program for executing based on block chain |
CN109636599A (en) * | 2018-11-07 | 2019-04-16 | 广西师范大学 | License block chain secret protection and monitoring and managing method based on group ranking |
CN111010280A (en) * | 2019-12-09 | 2020-04-14 | 中山大学 | Group signature-based construction method for monitorable block chain |
CN112055025A (en) * | 2020-09-10 | 2020-12-08 | 广西师范大学 | Privacy data protection method based on block chain |
CN112435024A (en) * | 2020-11-17 | 2021-03-02 | 浙江大学 | Alliance chain cross-chain privacy protection method based on group signature and CA multi-party authentication |
CN112543106A (en) * | 2020-12-07 | 2021-03-23 | 昆明理工大学 | Vehicle privacy anonymous protection method based on block chain and group signature |
CN113190860A (en) * | 2021-05-07 | 2021-07-30 | 福建福链科技有限公司 | Block chain sensor data authentication method and system based on ring signature |
CN113259116A (en) * | 2021-05-13 | 2021-08-13 | 福建福链科技有限公司 | Sensor data uplink method and system based on aggregated signature |
CN113554436A (en) * | 2020-04-24 | 2021-10-26 | 中国科学院信息工程研究所 | User identity anonymization method, tracking method and system for block chain system |
CN113886883A (en) * | 2021-10-18 | 2022-01-04 | 支付宝(杭州)信息技术有限公司 | Internet of things data management method and device |
-
2022
- 2022-02-24 CN CN202210172464.5A patent/CN114553547B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108768992A (en) * | 2018-05-17 | 2018-11-06 | 深圳前海微众银行股份有限公司 | Information anonymous transmission method, equipment and readable storage medium storing program for executing based on block chain |
CN109636599A (en) * | 2018-11-07 | 2019-04-16 | 广西师范大学 | License block chain secret protection and monitoring and managing method based on group ranking |
CN111010280A (en) * | 2019-12-09 | 2020-04-14 | 中山大学 | Group signature-based construction method for monitorable block chain |
CN113554436A (en) * | 2020-04-24 | 2021-10-26 | 中国科学院信息工程研究所 | User identity anonymization method, tracking method and system for block chain system |
CN112055025A (en) * | 2020-09-10 | 2020-12-08 | 广西师范大学 | Privacy data protection method based on block chain |
CN112435024A (en) * | 2020-11-17 | 2021-03-02 | 浙江大学 | Alliance chain cross-chain privacy protection method based on group signature and CA multi-party authentication |
CN112543106A (en) * | 2020-12-07 | 2021-03-23 | 昆明理工大学 | Vehicle privacy anonymous protection method based on block chain and group signature |
CN113190860A (en) * | 2021-05-07 | 2021-07-30 | 福建福链科技有限公司 | Block chain sensor data authentication method and system based on ring signature |
CN113259116A (en) * | 2021-05-13 | 2021-08-13 | 福建福链科技有限公司 | Sensor data uplink method and system based on aggregated signature |
CN113886883A (en) * | 2021-10-18 | 2022-01-04 | 支付宝(杭州)信息技术有限公司 | Internet of things data management method and device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117579256A (en) * | 2023-10-12 | 2024-02-20 | 智慧工地科技(广东)有限公司 | Internet of things data management method and device |
CN117579256B (en) * | 2023-10-12 | 2024-04-23 | 智慧工地科技(广东)有限公司 | Internet of things data management method and device |
Also Published As
Publication number | Publication date |
---|---|
CN114553547B (en) | 2024-06-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109194466B (en) | Block chain-based cloud data integrity detection method and system | |
US20200382326A1 (en) | Digital certificate verification method and apparatus, computer device, and storage medium | |
CN106789090B (en) | Public key infrastructure system based on block chain and semi-random combined certificate signature method | |
US7822200B2 (en) | Method and system for asymmetric key security | |
CN102271042B (en) | Certificate authorization method, system, universal serial bus (USB) Key equipment and server | |
CN107742212B (en) | Asset verification method, device and system based on block chain | |
JP5423088B2 (en) | Integrated circuit, encryption communication device, encryption communication system, information processing method, and encryption communication method | |
CN102624740B (en) | A kind of data interactive method and client, server | |
CN103414690B (en) | One can openly be verified the high in the clouds data property held method of calibration | |
KR20190052631A (en) | Remote re-enrollment of physical unclonable functions | |
CN109309565A (en) | A kind of method and device of safety certification | |
US20050283826A1 (en) | Systems and methods for performing secure communications between an authorized computing platform and a hardware component | |
US9531540B2 (en) | Secure token-based signature schemes using look-up tables | |
TW200939063A (en) | Record system and method based on one-way hash function | |
KR101004829B1 (en) | An apparatus and method for direct anonymous attestation from bilinear maps | |
CN106790045A (en) | One kind is based on cloud environment distributed virtual machine broker architecture and data integrity support method | |
Yu et al. | Decim: Detecting endpoint compromise in messaging | |
CN113708935A (en) | Internet of things equipment unified authentication method and system based on block chain and PUF | |
CN113536329A (en) | Electronic device for cryptographic communication and cryptographic communication system | |
TW201539239A (en) | Server, user device, and method of interaction between user device and server | |
US7739500B2 (en) | Method and system for consistent recognition of ongoing digital relationships | |
CN108540447A (en) | A kind of certification authentication method and system based on block chain | |
TWI773161B (en) | Digital signature private key verification method | |
CN114553547B (en) | Data authentication method and system for manageable blockchain sensor | |
CN107026729B (en) | Method and device for transmitting software |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |