CN114553547A - Data authentication method and system for block chain sensor capable of being managed - Google Patents

Data authentication method and system for block chain sensor capable of being managed Download PDF

Info

Publication number
CN114553547A
CN114553547A CN202210172464.5A CN202210172464A CN114553547A CN 114553547 A CN114553547 A CN 114553547A CN 202210172464 A CN202210172464 A CN 202210172464A CN 114553547 A CN114553547 A CN 114553547A
Authority
CN
China
Prior art keywords
data
sensor
group
node
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210172464.5A
Other languages
Chinese (zh)
Other versions
CN114553547B (en
Inventor
斯雪明
朱自强
谭焕明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Fulian Technology Co ltd
Original Assignee
Fujian Fulian Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Fulian Technology Co ltd filed Critical Fujian Fulian Technology Co ltd
Priority to CN202210172464.5A priority Critical patent/CN114553547B/en
Publication of CN114553547A publication Critical patent/CN114553547A/en
Application granted granted Critical
Publication of CN114553547B publication Critical patent/CN114553547B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data authentication method and a system of a monitorable block chain sensor.A sensor acquires first data, encrypts the first data, signs according to a private key of a sensor group, generates second data and sends the second data to a block chain node; verifying the group signature by the block link points according to the node group private key, judging whether the group signature comes from a sensor registered under the node, if so, entering the next step, otherwise, not receiving the data; performing data verification on data content of the second data, if the data verification is passed, performing decryption and data chaining on the second data, otherwise, determining a source sensor of the second data according to the node group private key and the group signature and performing supervision; the identity of the block chain sensor is verified by using the group signature algorithm, and the security of data transmission of the sensor is guaranteed by combining a public key encryption system, so that the sensor with problems can be effectively supervised, the accuracy of uplink data is improved, and the authenticity, validity and reliability of a data source are guaranteed.

Description

Data authentication method and system for monitorable block chain sensor
Technical Field
The invention relates to the technical field of Internet of things, in particular to a data authentication method and system for a monitorable block chain sensor.
Background
The Internet of things is a core element of new capital construction and is also a necessary path for digital transformation. The sensor is a detection device which can sense the measured information and output the sensed information in a certain form so as to meet the requirements of information transmission, processing, metering, storage and the like. The sensors are the bottommost layer and the frontmost edge of the technology of the Internet of things, and have very important significance for the development of the industry of the Internet of things.
The blockchain integrates the technologies of distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like, has the characteristics of decentralization, distrust, data non-falsification, traceability and the like, and can provide trust, ownership record, transparency and communication support for the Internet of things, so that a new thought is provided for solving the development problem of the Internet of things industry and expanding the development space of the Internet of things industry. For the security of the whole network, reliable and reliable authentication and data transmission of the sensor devices are important when the sensor devices are accessed into the network.
The potential safety hazard of the sensor comes from three aspects: very limited resources, unreliable communication, and unattended management. Due to the lack of a unified management and security authentication mechanism, the blockchain sensor is easily subjected to multiple attacks such as information tampering, information stealing, replaying and the like, and at present, an effective method for verifying the identity and the transmitted data of the blockchain sensor does not exist, and the data in the sensor is taken as the most basic data, so that the importance is self-evident. Therefore, the authenticable property of the sensor and the safety and reliability of the data are also problems to be solved.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the data authentication method and system for the monitorable block chain sensor can guarantee the reality, effectiveness and reliability of data transmission of the sensor in the block chain.
In order to solve the technical problems, the invention adopts the technical scheme that:
a data authentication method of a monitorable block chain sensor comprises the following steps:
s1, acquiring first data by a sensor, encrypting the first data, signing according to a private key of a sensor group, generating second data and sending the second data to a block chain node;
s2, the block link points verify the group signature according to the node group private key, and judge whether the group signature comes from a registered sensor under the node, if so, the step S3 is executed, otherwise, the data is not received;
and S3, performing data verification on the data content of the second data, if the data verification is passed, performing decryption and data chaining on the second data, and otherwise, determining a source sensor of the second data according to the node group private key and the group signature and performing supervision.
In order to solve the technical problem, the invention adopts another technical scheme as follows:
a data authentication system for a monitorable block chain sensor comprising a sensor and block chain nodes, the sensor comprising a first processor, a first memory and a first computer program stored in and executable on the first memory, the block chain nodes comprising a second processor, a second memory and a second computer program stored in and executable on the second memory, characterised in that the first processor, when executing the first computer program, carries out the steps carried out by the sensor in a method of data authentication for a monitorable block chain sensor of the above kind, and the second processor, when executing the second computer program, carries out the steps carried out by the block chain nodes in a method of data authentication for a monitorable block chain sensor of the above kind.
The invention has the beneficial effects that: according to the data authentication method and system for the monitorable block chain sensor, the identity of the block chain sensor is verified by using the group signature algorithm, the security of data transmission of the sensor is guaranteed by combining a public key encryption system, and the traceability of the group signature improves the management and supervision of the sensor, so that the sensor with problems can be effectively supervised, the accuracy of uplink data is improved, the efficiency of a block chain network is maintained, and the authenticity, the effectiveness and the reliability of a data source are guaranteed.
Drawings
FIG. 1 is a flowchart illustrating a data authentication method for a monitorable block chain sensor according to an embodiment of the present invention;
FIG. 2 is a block diagram of a data authentication system for a monitorable block chain sensor according to one embodiment of the present invention;
FIG. 3 is a communication connection diagram illustrating a data authentication method for a monitorable block chain sensor according to an embodiment of the present invention;
FIG. 4 is a partial data communication diagram illustrating a data authentication method for a monitorable block chain sensor according to an embodiment of the present invention;
description of reference numerals:
1. a data authentication system for a monitorable block chain sensor; 2. a sensor; 3. a first processor; 4. a first memory; 5. a block chain node; 6. a second processor; 7. a second memory.
Detailed Description
In order to explain technical contents, achieved objects, and effects of the present invention in detail, the following description is made with reference to the accompanying drawings in combination with the embodiments.
IPFS: the IPFS is a point-to-point distributed file system, any node has no privilege, the IPFS network adopts a multipoint backup mechanism, single-point failure does not exist, data loss caused by failure of a certain node can be avoided, and therefore the nodes do not need to trust each other. When the file is stored in the IPFS, the node can calculate the unique corresponding hash value according to the content of the file, and the data cannot be deleted and permanently stored.
Group signature: in group signature, the group members can anonymously represent the group to carry out signature, and the verifier can only verify whether the signer is signed by the group members, and cannot determine the true identity of the signer. If necessary, the swarm manager can turn on the swarm signature to track the true identity of the swarm signature.
Referring to fig. 1, fig. 3 and fig. 4, a data authentication method for a monitorable block chain sensor includes the steps of:
s1, acquiring first data by a sensor, encrypting the first data, signing according to a private key of a sensor group, generating second data and sending the second data to a block chain node;
s2, the block link points verify the group signature according to the node group private key, and judge whether the group signature comes from a registered sensor under the node, if so, the step S3 is executed, otherwise, the data is not received;
and S3, performing data verification on the data content of the second data, if the data verification is passed, performing decryption and data chaining on the second data, and otherwise, determining a source sensor of the second data according to the node group private key and the group signature and performing supervision.
From the above description, the beneficial effects of the present invention are: according to the data authentication method and system for the monitorable block chain sensor, the identity of the block chain sensor is verified by using the group signature algorithm, the security of data transmission of the sensor is guaranteed by combining a public key encryption system, and the traceability of the group signature improves the management and supervision of the sensor, so that the sensor with problems can be effectively supervised, the accuracy of uplink data is improved, the efficiency of a block chain network is maintained, and the authenticity, the effectiveness and the reliability of a data source are guaranteed.
Further, the step S1 is preceded by the step of:
s01, registering the blockchain system by the blockchain node i and generating a node group public and private key pair { Gpki,Gski};
S02, applying for authentication from the sensor j to the block link point i;
s03, generating unique identity for sensor j by block chain link point i
Figure BDA0003518871020000041
And according to the node group public key GpkiAnd the unique identification
Figure BDA0003518871020000042
Generating a sensor group private key for sensor j
Figure BDA0003518871020000043
And private-keying the sensor group
Figure BDA0003518871020000044
Sending the information to a sensor j;
the determining, in step S3, the source sensor of the second data according to the node group private key and the group signature specifically includes:
according to the private key Gsk of the node groupiOpening the group signature and obtaining the unique identification in the group signature
Figure BDA0003518871020000045
According to the unique identity
Figure BDA0003518871020000046
A source sensor of the second data is determined.
As can be seen from the above description, the formation of the sensor group private key includes the node group public key and the unique identity of the sensor, so that the block chain node can verify the group signature generated by the sensor according to the node group private key, and can determine the identity of the sensor.
Further, the step S03 further includes the steps of:
s031, identify the unique identity of the sensor j by a block link point i
Figure BDA0003518871020000047
Adding the information into a registration list;
the determining and monitoring the source sensor of the second data according to the node group private key and the group signature in step S3 specifically includes:
opening the group signature according to the node group private key and acquiring the unique identity thereof
Figure BDA0003518871020000048
According to the unique identity
Figure BDA0003518871020000049
Determining a source sensor of the second data and identifying the unique identity
Figure BDA00035188710200000410
And deleting the data from the registration list, and not receiving the data sent by the sensor j.
As can be seen from the above description, when a sensor is registered, the blockchain node stores its unique identity into the registration list, and when there is a problem in the sensor data, deletes the information of the corresponding sensor from the registration list, and does not receive the data of the sensor any more.
Further, the group public and private key pair { Gpk } in the step S01i,GskiThe generation of the method is specifically as follows:
setting the system parameter Gpara ═ from the block link point i (G)1,G2,GT,g1,g2E, p) and construct two hash function mappings H0:{0,1}*→G1And H1:{0,1}*→ZP
Wherein G is1、G2And GTIs a cyclic group of order p, g1And g2Are each G1And G2G is the generator of1*G2→GTIs a bilinear map, p is a prime number;
randomly selecting gamma to ZP、v1,v2∈G1、k1,k2∈ZP、g2∈G2And g1,h,u∈G1Is provided with
Figure BDA0003518871020000051
And satisfy
Figure BDA0003518871020000052
Generating a group public key:
Gpki=(p,G1,G2,GT,e,g1,g2,h,u,v1,v2,ω,H0,H1);
and a group private key:
Gski=(k1,k2,γ)。
as can be seen from the above description, a group public and private key pair is generated in the above manner.
Further, the registering from the blockchain node i to the blockchain system in step S01 specifically includes:
applying for registration from the blockchain node i to the blockchain system to obtain a node public and private key pair { Mpk } of the blockchain nodei,Mski};
The step S03 includes private-keying the sensor group
Figure BDA0003518871020000053
The signals sent to sensor j are specifically:
private keying a sensor group
Figure BDA0003518871020000054
And node public key Mpk of blockchain nodeiSending the information to a sensor j;
the step S1 of encrypting the first data and signing according to the sensor group private key, generating second data and sending to the block link point specifically includes the steps of:
s11, passing the data including the first data m acquired in real time through the public key Mpk of the blockchain node i by the sensoriEncrypting to obtain a ciphertext CT;
s12, the sensor uses the private key of the sensor group
Figure BDA0003518871020000055
And performing group signature on the data comprising the ciphertext CT to obtain second data and sending the second data to a block chain node.
As can be seen from the above description, in the second data, the acquired first data m is encrypted and transmitted through the public key of the block chain node, so that the block chain node is ensured to acquire the first data m, and the security of the data is improved.
Further, the private key of the sensor group
Figure BDA0003518871020000056
And node public key Mpk of blockchain nodeiThe signals sent to sensor j are specifically:
private keying of sensor groups
Figure BDA0003518871020000057
The unique identification
Figure BDA0003518871020000058
And node public key Mpk of blockchain nodeiSending the information to a sensor j;
the step S11 specifically includes:
passing said node public key Mpk by the sensoriFor including the unique identity
Figure BDA0003518871020000061
Encrypting the data of the first data m acquired in real time to obtain a ciphertext CT;
the step S12 specifically includes:
by the sensor from the sensor group private key
Figure BDA0003518871020000062
Performing group signature on the data comprising the ciphertext CT and the unique identity to obtain second data and sending the second data to a block chain node;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
s31, block link points are selected according to the private key Msk of the nodeiDecrypting the ciphertext CT to obtain the first data m and the unique identity of the sensor j
Figure BDA0003518871020000063
S32, decrypting the unique identification
Figure BDA0003518871020000064
And a unique identity contained in the second data at the time of transmission
Figure BDA0003518871020000065
And carrying out consistency check.
According to the description, the second data and the ciphertext CT both contain the unique identity of the sensor, and the block link points ensure the accuracy of the data source through the proofreading of the two unique identity, so that the data is not tampered.
Further, the step S02 is specifically:
generation of sensor public and private key pair { pk ] by sensor jj,skjSubmitting the sensor public and private key pair { pk ] to a block link point ij,skjFourthly, applying for authentication;
the step S12 specifically includes:
the sensor j signs the ciphertext CT according to the sensor public key to obtain
Figure BDA0003518871020000066
And including the ciphertext CT and the ciphertext CT according to the sensor group private key pair
Figure BDA0003518871020000067
Performing group signature on the data to obtain second data and sending the second data to a block chain node;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
s33, according to the sensor private key skjTo the above
Figure BDA0003518871020000068
And (6) checking.
According to the description, the sensor also uses the sensor public key to sign the ciphertext CT, and the block chain checks the ciphertext CT according to the sensor private key, so that the accuracy of a data source is ensured.
Further, the step S12 is specifically:
calculating a hash value H (CT) of the ciphertext CT by a sensor j, performing group signature on data comprising the ciphertext CT and the H (CT) according to the sensor group private key to obtain second data, and sending the second data to a block chain node;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
s34, performing a hash operation on the ciphertext CT to obtain h (CT) ', and performing a consistency check on the h (CT)' and the h (CT) included in the second data.
As can be seen from the above description, the second data includes the hash value of the ciphertext CT, and the block link point may ensure that the ciphertext CT is not tampered by calculating the hash value of the ciphertext CT and comparing the hash value with the hash value included in the second data.
Referring to fig. 2, a data authentication system of a monitorable block chain sensor includes a sensor and a block chain node, the sensor includes a first processor, a first memory, and a first computer program stored in the first memory and executable on the first processor, the block chain node includes a second processor, a second memory, and a second computer program stored in the second memory and executable on the second processor, the first processor, when executing the first computer program, implements the steps performed by the sensor in the above data authentication method of the monitorable block chain sensor, and the second processor, when executing the second computer program, implements the steps performed by the block chain node in the above data authentication method of the monitorable block chain sensor.
The data authentication method and system for the monitorable block chain sensor are suitable for verifying the identity of the sensor and transmitted data under the block chain environment, and the real, effective and reliable scene of data transmission of the sensor in the block chain is guaranteed.
Referring to fig. 1, fig. 3 and fig. 4, a first embodiment of the present invention is:
a data authentication method of a monitorable blockchain sensor, which is mainly executed by a blockchain node i ( i 1, 2.. multidot.n) and a blockchain sensor j ( j 1, 2.. multidot.n), where i and j are both natural numbers, comprising the steps of:
s01, registering the blockchain system by the blockchain node i and generating a node group public and private key pair { Gpki,Gski};
The step S01 of registering the blockchain node i with the blockchain system specifically includes:
applying for registration from the blockchain node i to the blockchain system to obtain a node public and private key pair { Mpk } of the blockchain nodei,Mski};
The group public and private key pair { Gpk } in the step S01i,GskiThe generation of the method is specifically as follows:
setting the system parameter Gpara ═ from the block link point i (G)1,G2,GT,g1,g2E, p) and construct two hash function mappings H0:{0,1}*→G1And H1:{0,1}*→ZP
Wherein G is1、G2And GTIs a cyclic group of order p, g1And g2Are each G1And G2G is the generator of1*G2→GTIs a bilinear map, p is a prime number;
randomly selecting gamma to ZP、v1,v2∈G1、k1,k2∈ZP、g2∈G2And g1,h,u∈G1Is provided with
Figure BDA0003518871020000081
And satisfy
Figure BDA0003518871020000082
Generating a group public key:
Gpki=(p,G1,G2,GT,e,g1,g2,h,u,v1,v2,ω,H0,H1);
and a group private key:
Gski=(k1,k2,γ)。
in this embodiment, system initialization is required, and after the block link point i is successfully registered, an encryption/decryption public/private key pair { Mpk }is obtainedi,MskiThen regenerated into a group public and private key pair Gpki,Gski}, group public key GpkiPublic, group private key GpkiStored securely by the node itself. The group public and private keys are generated as described above.
S02, applying for authentication from the sensor j to the block link point i;
the step S02 specifically includes:
generation of sensor public and private key pair { pk ] by sensor jj,skjSubmitting the sensor public and private key pair { pk ] to a block link point ij,skjAnd applying for authentication.
In this embodiment, the sensor j needs to be activated and used after being registered and authenticated by the blockchain node i, and therefore, the sensor j generates the public and private key pair { pkj,skjAfter that, it needs to submit a public and private key pair { pk ] to the block link point ij,skjAnd apply for authentication.
S03, generating unique identity for sensor j by block chain link point i
Figure BDA0003518871020000083
And according to the node group public key GpkiAnd the unique identification
Figure BDA0003518871020000084
Generating a sensor group private key for sensor j
Figure BDA0003518871020000085
And private-keying the sensor group
Figure BDA0003518871020000086
Sending the information to a sensor j;
said step SPrivate keying the sensor group as described in 03
Figure BDA0003518871020000087
The signals sent to sensor j are specifically:
private keying a sensor group
Figure BDA0003518871020000088
The unique identity
Figure BDA0003518871020000089
And node public key Mpk of blockchain nodeiSending the information to a sensor j;
the step S03 further includes the steps of:
s031, identify the unique identity of the sensor j by a block link point i
Figure BDA00035188710200000810
And adding the information into a registration list.
In this embodiment, the block link points are first determined according to the public key pk of the sensorjAnd a random number rand for generating a unique identity of the sensor
Figure BDA0003518871020000091
Figure BDA0003518871020000092
Then according to the unique identity of the sensor
Figure BDA0003518871020000093
Public key pkjAnd self-generated group public key GpkiTo generate a group private key for the sensor
Figure BDA0003518871020000094
Figure BDA0003518871020000095
For group signing messages.
In this embodiment, block link point i has its own public key MpkiGroup private key of sensor
Figure BDA0003518871020000096
And unique identification of the sensor
Figure BDA0003518871020000097
Sending the unique identification to the sensor j
Figure BDA0003518871020000098
Group private key for sensors
Figure BDA0003518871020000099
And public and private key pair { pk ] of sensorj,skjIt is saved to the registration list RL to complete the registration of sensor j.
S1, acquiring first data by a sensor, encrypting the first data, signing according to a private key of a sensor group, generating second data and sending the second data to a block chain node;
the step S1 of encrypting the first data and signing according to the sensor group private key, generating second data and sending the second data to the block link point specifically includes the steps of:
s11, passing the data including the first data m acquired in real time through the public key Mpk of the blockchain node i by the sensoriEncrypting to obtain a ciphertext CT;
the step S11 specifically includes:
passing said node public key Mpk by the sensoriFor including the unique identity
Figure BDA00035188710200000910
And encrypting the data of the first data m acquired in real time to obtain a ciphertext CT.
In this embodiment, the sensor j is registeredAnd after the operation is finished, the system is deployed in a preset area to start working. The sensor j collects the first data m in real time and passes through the public key Mpk of the blockchain node i together with the timestamp timeiEncrypting to obtain an encrypted ciphertext:
Figure BDA00035188710200000911
s12, the sensor uses the private key of the sensor group
Figure BDA00035188710200000912
And performing group signature on the data comprising the ciphertext CT to obtain second data and sending the second data to a block chain node.
The step S12 specifically includes:
calculating the Hash value H (CT) of the ciphertext CT by the sensor j, and signing the ciphertext CT according to the public key of the sensor to obtain
Figure BDA0003518871020000101
And includes the ciphertext CT, the H (CT) and the ciphertext according to the sensor group private key pair
Figure BDA0003518871020000102
And performing group signature on the data to obtain second data and sending the second data to the block chain node.
In this embodiment, the sensor j identifies the ciphertext CT and the unique identity
Figure BDA0003518871020000103
Ciphertext hashes H (CT) and
Figure BDA0003518871020000104
by its own group private key
Figure BDA0003518871020000105
Performing group signature to obtain second data sigma:
Figure BDA0003518871020000106
the second data sigma is then sent to the blockchain node i.
S2, the block link points verify the group signature according to the node group private key, and judge whether the group signature comes from a registered sensor under the node, if so, the step S3 is executed, otherwise, the data is not received;
in this embodiment, after receiving the information uploaded by the sensor j, the block link point i first uses its own group private key GskiTo verify if σ is from a sensor in the range of the node (registered with the node).
S3, performing data verification on the data content of the second data, if the data verification is passed, performing decryption and data chaining on the second data, otherwise, determining a source sensor of the second data according to a node group private key and the group signature and performing supervision;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
s31, block link points are selected according to the private key Msk of the nodeiDecrypting the ciphertext CT to obtain the first data m and the unique identity of the sensor j
Figure BDA0003518871020000107
S32, decrypting the unique identification
Figure BDA0003518871020000108
And a unique identity contained in the second data at the time of transmission
Figure BDA0003518871020000109
Carrying out consistency check;
in this embodiment, the block link point i decrypts the ciphertext CT, and verifies the unique id obtained by decryption
Figure BDA00035188710200001010
And contained in the second data at the time of transmissionUnique identity
Figure BDA00035188710200001011
If equal, equal returns 0, otherwise returns 1.
S33, according to the sensor private key skjTo the above
Figure BDA00035188710200001012
Checking;
in this embodiment, the block link point i further needs to verify the signature information
Figure BDA00035188710200001013
If correct, 0 is returned, otherwise 1 is returned.
S34, performing a hash operation on the ciphertext CT to obtain h (CT) ', and performing a consistency check on the h (CT)' and the h (CT) included in the second data.
In this embodiment, the block link point i performs hash operation on the ciphertext CT to obtain h (CT)', verifies whether the hash ciphertext is equal to the hash ciphertext h (CT) in the second data, returns 0 if the hash ciphertext is equal to the hash ciphertext, and returns 1 if the hash ciphertext is not equal to the hash ciphertext.
The determining, in step S3, the source sensor of the second data according to the node group private key and the group signature specifically includes:
according to the private key Gsk of the node groupiOpening the group signature and obtaining the unique identification in the group signature
Figure BDA0003518871020000111
According to the unique identity
Figure BDA0003518871020000117
Determining a source sensor of the second data;
the determining and monitoring the source sensor of the second data according to the node group private key and the group signature in step S3 specifically includes:
opening the group signature according to the node group private key and acquiring the unique identity thereof
Figure BDA0003518871020000112
According to the unique identity
Figure BDA0003518871020000113
Determining a source sensor of the second data and identifying the unique identity
Figure BDA0003518871020000114
And deleting the data from the registration list, and not receiving the data sent by the sensor j.
In this embodiment, if the above verifications are correct, the block link point i puts the decrypted first data m into an IPFS (inter platform File System), and obtains a corresponding address hash
Figure BDA0003518871020000115
Block chain node i hashes the address
Figure BDA0003518871020000116
And ciphertext Hash H (CT) packaging uplink, and the block chain node only needs to store the ciphertext Hash and the address Hash of IPFS, so that the face storage burden is reduced. If the verification is wrong, the block chain link point utilizes the group private key to open the group signature to obtain a corresponding unique identity and find out corresponding identity information in the registration list, the signature corresponds to the identity information of the sensor, the sensor j is added into the revocation list, the data of the sensor j cannot be uplink, the accuracy of uplink information is improved, the supervision performance of the block chain is improved, data replay, false data and the like can be prevented from being generated after the sensor is maliciously attacked, the error information uplink is avoided, and the block chain burden is reduced.
Referring to fig. 2, the second embodiment of the present invention is:
a data authentication system 1 for a monitorable blockchain sensor comprises a sensor 2 and a blockchain node 5, the sensor comprising a first processor 3, a first memory 4 and a first computer program stored in the first memory 4 and operable on the first processor 3, the blockchain node 5 comprising a second processor 6, a second memory 7 and a second computer program stored in the second memory 7 and operable on the second processor 6, the first processor 3 when executing the first computer program implementing the steps performed by the sensor 2 of the above embodiments, the second processor 6 when executing the second computer program implementing the steps performed by the blockchain node 5 of the above embodiments.
The invention discloses a data authentication method and a system of a monitorable block chain sensor, which mainly have the following principle: the identity of the sensor is distributed and verified by using the characteristic of the group signature algorithm, and the security of sensor data transmission is guaranteed by combining a public key encryption system.
In summary, the data authentication method and system for the monitorable block chain sensor provided by the invention verify the identity of the block chain sensor by using the group signature algorithm, ensure the security of the data transmission of the sensor by combining the public key encryption system, improve the management and supervision of the sensor by the traceability of the group signature, revoke the authority of the faulty sensor, improve the accuracy of uplink data, maintain the network efficiency of the block chain, and ensure the authenticity, validity and reliability of the data source. Meanwhile, the hash value of the ciphertext and the unique identity marks contained in different layers in transmission are verified, so that the data security is further ensured.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to the related technical fields, are included in the scope of the present invention.

Claims (9)

1. A data authentication method of a monitorable block chain sensor is characterized by comprising the following steps:
s1, acquiring first data by a sensor, encrypting the first data, signing according to a sensor group private key, generating second data and sending the second data to a block chain node;
s2, the block link points verify the group signature according to the node group private key, and judge whether the group signature comes from a registered sensor under the node, if so, the step S3 is executed, otherwise, the data is not received;
and S3, performing data verification on the data content of the second data, if the data verification is passed, performing decryption and data chaining on the second data, and otherwise, determining a source sensor of the second data according to the node group private key and the group signature and performing supervision.
2. The method for authenticating data of a monitorable block chain sensor according to claim 1 and wherein said step S1 is preceded by the steps of:
s01, registering the blockchain system by the blockchain node i and generating a node group public and private key pair { Gpki,Gski};
S02, applying for authentication from the sensor j to the block link point i;
s03, generating unique identity for sensor j by block chain link point i
Figure FDA0003518871010000014
And according to the node group public key GpkiAnd the unique identification
Figure FDA0003518871010000015
Generating a sensor group private key for sensor j
Figure FDA0003518871010000016
And private-keying the sensor group
Figure FDA0003518871010000017
Sending the information to a sensor j;
the determining, in step S3, the source sensor of the second data according to the node group private key and the group signature specifically includes:
according to the private key Gsk of the node groupiOpening the group signature and obtaining the unique identification in the group signature
Figure FDA0003518871010000018
According to the unique identity
Figure FDA0003518871010000011
A source sensor of the second data is determined.
3. The method for authenticating data of a monitorable block chain sensor according to claim 2 and wherein said step S03 further comprises the steps of:
s031, identify the unique identity of the sensor j by a block link point i
Figure FDA0003518871010000012
Adding the information into a registration list;
the determining and monitoring the source sensor of the second data according to the node group private key and the group signature in step S3 specifically includes:
opening the group signature according to the node group private key and acquiring the unique identity thereof
Figure FDA0003518871010000013
According to the unique identity
Figure FDA0003518871010000019
Determining a source sensor of the second data and identifying the unique identity
Figure FDA0003518871010000027
And deleting the data from the registration list, and not receiving the data sent by the sensor j.
4. The method of claim 2, wherein the group public and private key pair { Gpk } in the step S01 is a public and private key pairi,GskiThe generation of the method is specifically as follows:
setting the system parameter Gpara ═ from the block link point i (G)1,G2,GT,g1,g2E, p) and construct two hash function mappings H0:{0,1}*→G1And H1:{0,1}*→ZP
Wherein G is1、G2And GTIs a cyclic group of order p, g1And g2Are each G1And G2G is the generator of1*G2→GTIs a bilinear map, p is a prime number;
randomly selecting gamma to ZP、v1,v2∈G1、k1,k2∈ZP、g2∈G2And g1,h,u∈G1Is provided with
Figure FDA0003518871010000021
And satisfy
Figure FDA0003518871010000022
Generating a group public key:
Gpki=(p,G1,G2,GT,e,g1,g2,h,u,v1,v2,ω,H0,H1);
and a group private key:
Gski=(k1,k2,γ)。
5. the method according to claim 2, wherein the registration of the blockchain node i with the blockchain system in step S01 is specifically:
applying for registration from the blockchain node i to the blockchain system to obtain a node public and private key pair { Mpk } of the blockchain nodei,Mski};
The step S03 includes private-keying the sensor group
Figure FDA0003518871010000023
The signals sent to sensor j are specifically:
private keying a sensor group
Figure FDA0003518871010000024
And node public key Mpk of blockchain nodeiSending the information to a sensor j;
the step S1 of encrypting the first data and signing according to the sensor group private key, generating second data and sending the second data to the block link point specifically includes the steps of:
s11, passing the data including the first data m acquired in real time through the public key Mpk of the blockchain node i by the sensoriEncrypting to obtain a ciphertext CT;
s12, the sensor uses the private key of the sensor group
Figure FDA0003518871010000025
And performing group signature on the data comprising the ciphertext CT to obtain second data and sending the second data to a block chain node.
6. The method as claimed in claim 5, wherein the sensor group is private-keyed
Figure FDA0003518871010000026
And node public key Mpk of blockchain nodeiThe signals sent to sensor j are specifically:
private keying a sensor group
Figure FDA0003518871010000031
The unique identity
Figure FDA0003518871010000032
And node public key Mpk of blockchain nodeiSending the information to a sensor j;
the step S11 specifically includes:
passing the node public key Mpk by the sensoriFor including the unique identity
Figure FDA0003518871010000033
Encrypting the data of the first data m acquired in real time to obtain a ciphertext CT;
the step S12 specifically includes:
by the sensor from the sensor group private key
Figure FDA0003518871010000034
Performing group signature on the data comprising the ciphertext CT and the unique identity to obtain second data and sending the second data to a block chain node;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
s31, block link points are selected according to the private key Msk of the nodeiDecrypting the ciphertext CT to obtain the first data m and the unique identity of the sensor j
Figure FDA0003518871010000035
S32, decrypting the unique identification
Figure FDA0003518871010000036
And a unique identity contained in the second data at the time of transmission
Figure FDA0003518871010000037
And carrying out consistency check.
7. The method for data authentication of a monitorable block chain sensor according to claim 5 and wherein said step S02 is specifically:
generation of sensor public and private key pair { pk ] by sensor jj,skjSubmitting the sensor public and private key pair { pk ] to a block link point ij,skjH, andplease authenticate;
the step S12 specifically includes:
the sensor j signs the ciphertext CT according to the sensor public key to obtain
Figure FDA0003518871010000038
And including the ciphertext CT and the ciphertext CT according to the sensor group private key pair
Figure FDA0003518871010000039
Performing group signature on the data to obtain second data and sending the second data to a block chain node;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
s33, according to the sensor private key skjTo the above
Figure FDA00035188710100000310
And (6) checking.
8. The method according to claim 5, wherein the step S12 is specifically as follows:
calculating a hash value H (CT) of the ciphertext CT by a sensor j, performing group signature on data comprising the ciphertext CT and the H (CT) according to the sensor group private key to obtain second data, and sending the second data to a block chain node;
the data verification of the data content of the second data in step S3 specifically includes the steps of:
s34, performing a hash operation on the ciphertext CT to obtain h (CT) ', and performing a consistency check on h (CT)' and the h (CT) included in the second data.
9. A data authentication system of a monitorable block chain sensor comprises a sensor and a block chain link point, the sensor comprising a first processor, a first memory and a first computer program stored in the first memory and executable on the first processor, the blockchain node comprises a second processor, a second memory and a second computer program stored in the second memory and executable on the second processor, wherein the first processor, when executing the first computer program, performs the steps performed by the sensor in a method for data authentication of a monitorable block chain sensor according to claims 1 to 8, the second processor, when executing the second computer program, performs the steps performed by the blockchain node in a method of data authentication of a monitorable blockchain sensor according to claims 1 to 8.
CN202210172464.5A 2022-02-24 2022-02-24 Data authentication method and system for manageable blockchain sensor Active CN114553547B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210172464.5A CN114553547B (en) 2022-02-24 2022-02-24 Data authentication method and system for manageable blockchain sensor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210172464.5A CN114553547B (en) 2022-02-24 2022-02-24 Data authentication method and system for manageable blockchain sensor

Publications (2)

Publication Number Publication Date
CN114553547A true CN114553547A (en) 2022-05-27
CN114553547B CN114553547B (en) 2024-06-07

Family

ID=81678376

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210172464.5A Active CN114553547B (en) 2022-02-24 2022-02-24 Data authentication method and system for manageable blockchain sensor

Country Status (1)

Country Link
CN (1) CN114553547B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117579256A (en) * 2023-10-12 2024-02-20 智慧工地科技(广东)有限公司 Internet of things data management method and device

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768992A (en) * 2018-05-17 2018-11-06 深圳前海微众银行股份有限公司 Information anonymous transmission method, equipment and readable storage medium storing program for executing based on block chain
CN109636599A (en) * 2018-11-07 2019-04-16 广西师范大学 License block chain secret protection and monitoring and managing method based on group ranking
CN111010280A (en) * 2019-12-09 2020-04-14 中山大学 Group signature-based construction method for monitorable block chain
CN112055025A (en) * 2020-09-10 2020-12-08 广西师范大学 Privacy data protection method based on block chain
CN112435024A (en) * 2020-11-17 2021-03-02 浙江大学 Alliance chain cross-chain privacy protection method based on group signature and CA multi-party authentication
CN112543106A (en) * 2020-12-07 2021-03-23 昆明理工大学 Vehicle privacy anonymous protection method based on block chain and group signature
CN113190860A (en) * 2021-05-07 2021-07-30 福建福链科技有限公司 Block chain sensor data authentication method and system based on ring signature
CN113259116A (en) * 2021-05-13 2021-08-13 福建福链科技有限公司 Sensor data uplink method and system based on aggregated signature
CN113554436A (en) * 2020-04-24 2021-10-26 中国科学院信息工程研究所 User identity anonymization method, tracking method and system for block chain system
CN113886883A (en) * 2021-10-18 2022-01-04 支付宝(杭州)信息技术有限公司 Internet of things data management method and device

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768992A (en) * 2018-05-17 2018-11-06 深圳前海微众银行股份有限公司 Information anonymous transmission method, equipment and readable storage medium storing program for executing based on block chain
CN109636599A (en) * 2018-11-07 2019-04-16 广西师范大学 License block chain secret protection and monitoring and managing method based on group ranking
CN111010280A (en) * 2019-12-09 2020-04-14 中山大学 Group signature-based construction method for monitorable block chain
CN113554436A (en) * 2020-04-24 2021-10-26 中国科学院信息工程研究所 User identity anonymization method, tracking method and system for block chain system
CN112055025A (en) * 2020-09-10 2020-12-08 广西师范大学 Privacy data protection method based on block chain
CN112435024A (en) * 2020-11-17 2021-03-02 浙江大学 Alliance chain cross-chain privacy protection method based on group signature and CA multi-party authentication
CN112543106A (en) * 2020-12-07 2021-03-23 昆明理工大学 Vehicle privacy anonymous protection method based on block chain and group signature
CN113190860A (en) * 2021-05-07 2021-07-30 福建福链科技有限公司 Block chain sensor data authentication method and system based on ring signature
CN113259116A (en) * 2021-05-13 2021-08-13 福建福链科技有限公司 Sensor data uplink method and system based on aggregated signature
CN113886883A (en) * 2021-10-18 2022-01-04 支付宝(杭州)信息技术有限公司 Internet of things data management method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117579256A (en) * 2023-10-12 2024-02-20 智慧工地科技(广东)有限公司 Internet of things data management method and device
CN117579256B (en) * 2023-10-12 2024-04-23 智慧工地科技(广东)有限公司 Internet of things data management method and device

Also Published As

Publication number Publication date
CN114553547B (en) 2024-06-07

Similar Documents

Publication Publication Date Title
CN109194466B (en) Block chain-based cloud data integrity detection method and system
US20200382326A1 (en) Digital certificate verification method and apparatus, computer device, and storage medium
CN106789090B (en) Public key infrastructure system based on block chain and semi-random combined certificate signature method
US7822200B2 (en) Method and system for asymmetric key security
CN102271042B (en) Certificate authorization method, system, universal serial bus (USB) Key equipment and server
CN107742212B (en) Asset verification method, device and system based on block chain
JP5423088B2 (en) Integrated circuit, encryption communication device, encryption communication system, information processing method, and encryption communication method
CN102624740B (en) A kind of data interactive method and client, server
CN103414690B (en) One can openly be verified the high in the clouds data property held method of calibration
KR20190052631A (en) Remote re-enrollment of physical unclonable functions
CN109309565A (en) A kind of method and device of safety certification
US20050283826A1 (en) Systems and methods for performing secure communications between an authorized computing platform and a hardware component
US9531540B2 (en) Secure token-based signature schemes using look-up tables
TW200939063A (en) Record system and method based on one-way hash function
KR101004829B1 (en) An apparatus and method for direct anonymous attestation from bilinear maps
CN106790045A (en) One kind is based on cloud environment distributed virtual machine broker architecture and data integrity support method
Yu et al. Decim: Detecting endpoint compromise in messaging
CN113708935A (en) Internet of things equipment unified authentication method and system based on block chain and PUF
CN113536329A (en) Electronic device for cryptographic communication and cryptographic communication system
TW201539239A (en) Server, user device, and method of interaction between user device and server
US7739500B2 (en) Method and system for consistent recognition of ongoing digital relationships
CN108540447A (en) A kind of certification authentication method and system based on block chain
TWI773161B (en) Digital signature private key verification method
CN114553547B (en) Data authentication method and system for manageable blockchain sensor
CN107026729B (en) Method and device for transmitting software

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant