CN115913546A - Private data sharing method and system based on block chain - Google Patents
Private data sharing method and system based on block chain Download PDFInfo
- Publication number
- CN115913546A CN115913546A CN202211580454.1A CN202211580454A CN115913546A CN 115913546 A CN115913546 A CN 115913546A CN 202211580454 A CN202211580454 A CN 202211580454A CN 115913546 A CN115913546 A CN 115913546A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- shared data
- data
- roadside unit
- symmetric key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000011217 control strategy Methods 0.000 claims description 27
- 238000013507 mapping Methods 0.000 claims description 20
- 238000012550 audit Methods 0.000 claims description 19
- 238000012795 verification Methods 0.000 claims description 7
- 230000008569 process Effects 0.000 abstract description 9
- 238000004891 communication Methods 0.000 abstract description 7
- 230000007246 mechanism Effects 0.000 abstract description 7
- 239000011159 matrix material Substances 0.000 description 8
- 239000013598 vector Substances 0.000 description 8
- 230000006870 function Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 101000912561 Bos taurus Fibrinogen gamma-B chain Proteins 0.000 description 2
- 206010039203 Road traffic accident Diseases 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a private data sharing method and a system based on a block chain, wherein the method comprises the steps of defining a large attribute set through a trusted authority, constructing a public parameter according to the large attribute set, then collecting attributes of a vehicle, initializing the trusted authority and the vehicle, realizing one-to-many data sharing and protecting the privacy of a user; the method comprises the steps that a block chain is started among preset fog nodes through a trusted authority, new states of all transactions and intelligent contracts are verified through the fog nodes, and the new states are uploaded to the block chain according to a consensus mechanism, so that the identity and data privacy of a user are protected in a data sharing process; the roadside unit divides the shared data of the acquired vehicles, the request for acquiring the shared data of the verified vehicles and the shared data of the shared vehicles into three types for storage, and each party only stores complete backup of data related to the roadside unit and cooperates with the roadside unit, so that the safety is improved, and the storage and communication expenses of nodes in data sharing are effectively reduced.
Description
Technical Field
The present invention relates to the field of block chain technologies, and in particular, to a method and a system for sharing private data based on a block chain.
Background
Social networking over vehicles (SIoV) can improve traffic safety and alleviate traffic congestion by sharing vehicle awareness data, even providing comprehensive social services. However, conventional data sharing does not provide distributed and decentralized security, making it possible for third parties to initiate dishonest behavior. Furthermore, the lack of access control for data sharing in SIoV is prone to unauthorized data sharing, user privacy is compromised, and the source of the leaked data is difficult to track.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art. Therefore, the invention provides a private data sharing method and system based on a block chain, which can provide distributed and decentralized safety, trace the source of shared data and avoid dishonest behaviors possibly initiated by a third party.
In a first aspect, an embodiment of the present invention provides a private data sharing method based on a block chain, where the private data sharing method based on the block chain includes:
defining a large attribute set through a trusted authority, and constructing a public parameter according to the large attribute set;
collecting attributes of vehicles according to the large attribute set with constructed public parameters, and issuing attribute base keys of the vehicles;
starting a block chain between preset fog nodes through the trusted authority; the fog node comprises a file server, a data server and an audit server;
acquiring shared data of the vehicle, and generating an access control strategy, a symmetric key and a ciphertext corresponding to the shared data of the vehicle; the symmetric key is encrypted by the attribute base key;
uploading an access control strategy, a symmetric key and a ciphertext corresponding to the shared data of the vehicle to a roadside unit; the roadside unit is used for storing an access control strategy and a symmetric key corresponding to the shared data of the vehicle to the data server and storing a ciphertext corresponding to the shared data of the vehicle to the file server;
when an acquisition request of shared data of the vehicle is received, verifying whether an object of the acquisition request is the shared data of the vehicle through the roadside unit;
if the object of the acquisition request is the shared data of the vehicle, decrypting a ciphertext corresponding to the shared data of the vehicle according to an access control strategy and a symmetric key corresponding to the shared data of the vehicle, which are provided by the roadside unit, so as to obtain and reply the shared data of the vehicle; and the record of replying the shared data of the vehicle is saved to the audit server through the roadside unit.
The method provided by the embodiment of the invention has at least the following beneficial effects:
the trusted authority defines a large attribute set, public parameters are constructed according to the large attribute set, then attributes of the vehicle are collected, initialization of the trusted authority and the vehicle is carried out, one-to-many data sharing is achieved, privacy of users is protected, and flexibility of the system is improved; the block chain is started among the preset fog nodes through the trusted authority, the new states of all transactions and intelligent contracts can be verified through the fog nodes, and the new states can be uploaded to the block chain according to a consensus mechanism, so that the identity and data privacy of a user can be protected in the data sharing process, and an environment with high safety and high integration level is provided for shared data; the shared data of the vehicles are acquired, the acquisition request of the shared data of the vehicles is verified, and the shared data of the shared vehicles are stored in three types by the roadside unit, and all parties only store complete backups of data related to the roadside unit and cooperate with one another, so that the safety is improved, and the storage and communication expenses of nodes in data sharing are effectively reduced.
According to some embodiments of the invention, the defining, by the trusted authority, a large set of attributes and constructing common parameters from the large set of attributes comprises:
defining the large attribute set through the trusted authority, and operating a group generator algorithm to obtain a group and bilinear mapping; the group and bilinear map are used to describe the large set of attributes;
selecting multiple groups of elements according to the large attribute set to form the public parameter; the common parameters are used for CP-ABE to encrypt the large attribute set.
According to some embodiments of the invention, said collecting attributes of vehicles according to said large set of attributes for which common parameters have been constructed and issuing attribute base keys for said vehicles comprises:
collecting attributes of the vehicle from the large set of attributes for which common parameters have been constructed; the attributes of the vehicle comprise the real identity of the owner, the occupation of the owner, the interest and hobbies of the owner and the frequent location of the owner; the owner real identity is the unique identification of the vehicle;
adding the owner real identity of the vehicle into an identity mapping table; the identity mapping table is used for obtaining all attributes of the vehicle according to the owner real identity of the vehicle;
and calculating and issuing an attribute base key of the vehicle through all attributes of the trusted authority and the vehicle.
According to some embodiments of the present invention, the obtaining the shared data of the vehicle and generating the access control policy, the symmetric key and the ciphertext corresponding to the shared data of the vehicle includes:
customizing an access control policy for shared data of the vehicle through an LSSS linear secret sharing scheme;
and calculating a symmetric key and a ciphertext of the shared data of the vehicle according to the access control policy of the shared data of the vehicle.
According to some embodiments of the invention, the uploading the access control policy, the symmetric key and the ciphertext corresponding to the shared data of the vehicle to a roadside unit includes:
signing the index of the shared data of the vehicle to obtain a verifiable signature of the shared data of the vehicle;
uploading a verifiable signature, an access control strategy, a symmetric key and a ciphertext corresponding to the shared data of the vehicle to the roadside unit; and the roadside unit verifies the legality of the verifiable signature, the access control strategy, the symmetric key and the ciphertext uploading corresponding to the shared data of the vehicle through the verifiable signature of the shared data of the vehicle.
According to some embodiments of the invention, when receiving an acquisition request of shared data of the vehicle, the verifying, by the roadside unit, whether an object of the acquisition request is the shared data of the vehicle comprises:
comparing, by the roadside unit, an index of an acquisition request of shared data of the vehicle with an index of shared data of the vehicle;
and if the index of the acquisition request of the shared data of the vehicle is matched with the index of the shared data of the vehicle, the object of the acquisition request is the shared data of the vehicle.
According to some embodiments of the present invention, the decrypting the ciphertext corresponding to the shared data of the vehicle according to the access control policy and the symmetric key corresponding to the shared data of the vehicle provided by the roadside unit to obtain and reply the shared data of the vehicle includes:
finding a storage address in a file system in the file server according to the index of the acquisition request of the shared data of the vehicle;
obtaining a ciphertext address and a symmetric key of the shared data of the vehicle according to the storage address;
decrypting a symmetric key of the shared data of the vehicle by the attribute base key of the vehicle;
and decrypting the ciphertext corresponding to the ciphertext address of the shared data of the vehicle according to the decrypted symmetric key of the shared data of the vehicle to obtain and reply the shared data of the vehicle.
According to some embodiments of the present invention, after decrypting the ciphertext corresponding to the shared data of the vehicle according to the access control policy and the symmetric key corresponding to the shared data of the vehicle provided by the roadside unit to obtain and reply the shared data of the vehicle, the method further comprises:
and when complaints that the shared data of the vehicle is false content are received, identity tracing is carried out on the vehicle.
According to some embodiments of the invention, said identity tracing of said vehicle comprises:
and identity tracing is carried out through the verifiable signature of the shared data of the vehicle and the real identity of the vehicle in the identity mapping table.
In a second aspect, an embodiment of the present invention provides a block chain based privacy data sharing system, where the block chain based privacy data sharing system includes:
the large attribute set module is used for defining a large attribute set through a trusted authority and constructing a public parameter according to the large attribute set;
the vehicle attribute collection module is used for collecting the attributes of the vehicle according to the large attribute set with the constructed public parameters and issuing an attribute base key of the vehicle;
the block chain starting module is used for starting a block chain between preset fog nodes through the trusted mechanism; the fog node comprises a file server, a data server and an audit server;
the vehicle shared data acquisition module is used for acquiring the shared data of the vehicle and generating an access control strategy, a symmetric key and a ciphertext corresponding to the shared data of the vehicle; the symmetric key is encrypted by the attribute base key;
the uploading roadside unit module is used for uploading the access control strategy, the symmetric key and the ciphertext corresponding to the shared data of the vehicle to a roadside unit; the roadside unit is used for storing an access control strategy and a symmetric key corresponding to the shared data of the vehicle to the data server and storing a ciphertext corresponding to the shared data of the vehicle to the file server;
the request object verification module is used for verifying whether an object of an acquisition request is shared data of the vehicle or not through the roadside unit when the acquisition request of the shared data of the vehicle is received;
the data sharing module is used for decrypting a ciphertext corresponding to the shared data of the vehicle according to an access control strategy and a symmetric key corresponding to the shared data of the vehicle, which are provided by the roadside unit, to obtain and reply the shared data of the vehicle if the object of the acquisition request is the shared data of the vehicle; and the record of replying the shared data of the vehicle is saved to the audit server through the roadside unit.
It should be noted that the beneficial effects between the second aspect of the present invention and the prior art are the same as the beneficial effects of the block chain based private data sharing method of the first aspect, and will not be described in detail here.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a flowchart of a private data sharing method based on a block chain according to an embodiment of the present invention;
FIG. 2 is a flow diagram provided by an embodiment of the invention for defining a large property set by a trusted authority and constructing common parameters from the large property set;
FIG. 3 is a flowchart of collecting attributes of vehicles and issuing attribute-based keys of the vehicles according to a large attribute set of constructed public parameters, according to an embodiment of the present invention;
fig. 4 is a flowchart for acquiring shared data of a vehicle and generating an access control policy, a symmetric key, and a ciphertext corresponding to the shared data of the vehicle according to an embodiment of the present invention;
fig. 5 is a flowchart for uploading an access control policy, a symmetric key, and a ciphertext corresponding to shared data of a vehicle to a roadside unit according to an embodiment of the present invention;
fig. 6 is a flowchart of verifying whether the object of the acquisition request is shared data of the vehicle by the roadside unit according to an embodiment of the present invention;
fig. 7 is a flowchart of decrypting a ciphertext corresponding to the shared data of the vehicle according to the access control policy and the symmetric key corresponding to the shared data of the vehicle provided by the roadside unit to obtain and reply the shared data of the vehicle according to an embodiment of the present invention;
FIG. 8 is a flowchart of identity tracing for a vehicle when a complaint is received that the shared data of the vehicle is false content, according to an embodiment of the present invention;
fig. 9 is a block diagram of a block chain based private data sharing system according to an embodiment of the present invention;
fig. 10 is a system model diagram of a private data sharing method based on a block chain according to an embodiment of the present invention;
fig. 11 is a schematic diagram of a private data sharing method based on a block chain according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
In the description of the present invention, if there are first, second, etc. described, it is only for the purpose of distinguishing technical features, and it is not understood that relative importance is indicated or implied or the number of indicated technical features is implicitly indicated or the precedence of the indicated technical features is implicitly indicated.
In the description of the present invention, it should be understood that the orientation or positional relationship referred to, for example, the upper, lower, etc., is indicated based on the orientation or positional relationship shown in the drawings, and is only for convenience of description and simplification of description, but does not indicate or imply that the device or element referred to must have a specific orientation, be constructed in a specific orientation, and be operated, and thus should not be construed as limiting the present invention.
In the description of the present invention, it should be noted that unless otherwise explicitly defined, terms such as arrangement, installation, connection and the like should be broadly understood, and those skilled in the art can reasonably determine the specific meanings of the above terms in the present invention in combination with the specific contents of the technical solutions.
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it is obvious that the embodiments described below are some, not all embodiments of the present invention.
Referring to fig. 1, in some embodiments of the present invention, a block chain-based private data sharing method is provided, including:
and S100, defining a large attribute set through a trusted authority, and constructing a public parameter according to the large attribute set.
And S200, collecting the attributes of the vehicle according to the large attribute set of the constructed public parameters, and issuing an attribute base key of the vehicle.
Step S300, starting a block chain between preset fog nodes through a trusted authority; the fog node comprises a file server, a data server and an audit server.
S400, obtaining shared data of the vehicle, and generating an access control strategy, a symmetric key and a ciphertext corresponding to the shared data of the vehicle; the symmetric key is encrypted by the attribute base key.
S500, uploading an access control strategy, a symmetric key and a ciphertext corresponding to the shared data of the vehicle to a roadside unit; the roadside unit is used for storing the access control strategy and the symmetric key corresponding to the shared data of the vehicle to the data server and storing the ciphertext corresponding to the shared data of the vehicle to the file server.
Step S600, when an acquisition request of the shared data of the vehicle is received, whether the object of the acquisition request is the shared data of the vehicle is verified through the roadside unit.
Step S700, if the object of the request is the shared data of the vehicle, decrypting the ciphertext corresponding to the shared data of the vehicle according to the access control strategy and the symmetric key corresponding to the shared data of the vehicle provided by the roadside unit to obtain and reply the shared data of the vehicle; and the record of the shared data of the reply vehicle is saved to the audit server through the roadside unit.
Step S100 and step S200 define a large attribute set through a trusted authority, construct public parameters according to the large attribute set, collect attributes of vehicles, and initialize the trusted authority and the vehicles, so that one-to-many data sharing is realized, the privacy of users is protected, and the flexibility of the system is increased; step S300, a block chain is started between preset fog nodes through a trusted authority, new states of all transactions and intelligent contracts can be verified through the fog nodes, and the new states can be uploaded to the block chain according to a consensus mechanism, so that the identity and data privacy of a user can be protected in a data sharing process, and an environment with high safety and high integration level is provided for shared data; step S400, step S500, step S600 and step S700 store the shared data of the acquired vehicles, the request for acquiring the shared data of the verified vehicles and the shared data of the shared vehicles into three types through the roadside unit, and all the parties only store the complete backup of the data related to the parties and cooperate with each other, so that the safety is improved, and the storage and communication expenses of the nodes in the data sharing are effectively reduced.
It should be noted that, for the convenience of understanding of the embodiments, the meaning of the parameters in the following embodiments is shown in table 1:
TABLE 1
Referring to FIG. 2, in some embodiments of the invention, defining a large set of attributes by a trusted authority and constructing common parameters from the large set of attributes includes:
step S101, defining a large attribute set through a trusted authority, and operating a group generator algorithm to obtain a group and bilinear mapping; clusters and bilinear maps are used to describe large sets of attributes.
Step S102, selecting multiple groups of elements to form a public parameter according to a large attribute set; the common parameters are used for CP-ABE encryption of large attribute sets.
Define large attribute set U = Z by TA p And running a group generator algorithm to obtain a group and bilinear mapping G (l lambda) description U = (P, G) 1 ,G 2 E) in which G 1 And G 2 Is a cyclic group with two prime numbers of order P, and satisfies bilinear mapping e: G 1 ×G 1 →G 2 . Then TA randomly selects parameters G, u, h, f, b ∈ G 1 And α, a ∈ Z p Wherein u and h belong toHASH is generated in the property layer, f is used for ensuring the randomness r and s of the secret, b is used for binding the property layer and the secret sharing layer, and a master private key Msk = { alpha, a }, H: {0,1} * →Z p Is a hash function with a fixed output range, and finally obtains the public parameters:
p={U,H,g,u,h,f,b,g a ,e(g,g)α}。
it should be noted that, the trusted third party authority TA generates the public parameter according to the large attribute set CP-ABE structure, the large attribute set structure is composed of two independent layers, namely an attribute layer and a secret sharing layer, and the public parameter is composed of six groups of elements (g, u, h, f, b, e (g, g) α ) And (4) forming to realize safe large attribute set CP-ABE encryption. In the "property layer", the parameter u, h provides Boneh-Boyen]Hash function of the form (u) A h) In the secret sharing layer, the parameter f holds the share of secret randomness r in the key generation process, and the secret randomness s is guaranteed in the shared encryption stage. The parameter b is used to bind the two layers together. Parameters g and e (g, g) α For generating the master key function and allowing correct decryption. The trusted third party authority TA will then authenticate the patch link points and authorize them to participate in the consensus process, where the patch chain is started between the pre-set server nodes according to the RAFT (leader election consensus algorithm) consensus mechanism, assuming that the TA has selected in advance a part of the trusted fog servers to participate in the consensus process.
The security of shared data is further enhanced through the attribute layer and the secret sharing layer which are constructed by the large attribute set, and the attribute layer and the secret sharing layer are bound together, so that the problem that the data is tampered without being perceived is solved, and the trust degree is improved.
Referring to FIG. 3, in some embodiments of the invention, collecting attributes of a vehicle according to a large set of attributes for which common parameters have been constructed and issuing an attribute base key for the vehicle includes:
step S201, collecting attributes of vehicles according to a large attribute set of constructed public parameters; the attributes of the vehicle comprise the real identity of the owner, the occupation of the owner, the interest and hobbies of the owner and the frequent location of the owner; the real identity of the owner is the unique identification of the vehicle.
Step S202, adding the owner real identity of the vehicle into an identity mapping table; the identity mapping table is used for obtaining all attributes of the vehicle according to the real identity of the owner of the vehicle.
And step S203, calculating and issuing the attribute base key of the vehicle through all the attributes of the trusted authority and the vehicle.
It should be noted that the true identity VID of the owner of the vehicle is collected i And the unique identification is used as the unique identification of the identity of the vehicle owner, and the information such as occupation, hobbies and interests, frequent location and the like of the vehicle owner is sent to the TA. TA then generates random numbers
Based on the true identity VID of the vehicle i Generating an identity embedding->
And added to the identity mapping table>
TA obtains an attribute set A = { A) according to the attributes of the user 1 ,A 2 ,...,A n Then TA chooses n +1 random indices r, r 1 ,r 2 ,...,r n ∈Z p And then calculate >>
N 1 =g r For each xi e n]The method comprises the following steps:
N ξ,2 =g rξ ,N ξ,3 =(u Aξ h) rξ b -r ;
calculating to obtain a decryption key:
finally, TA maps the common parameters p and sK id Loaded into the vehicle OBU.
Through further collecting the attribute of vehicle, can prevent that vehicle attribute from making fake, can provide quick and accurate contrast sign for follow-up tracing to the source through the only sign of car owner identity, reduce the luck psychology that vehicle sharing data made fake, improve the authenticity that vehicle sharing data made fake.
Referring to fig. 4, in some embodiments of the present invention, acquiring shared data of a vehicle and generating an access control policy, a symmetric key, and a ciphertext corresponding to the shared data of the vehicle includes:
step S401, customizing an access control policy of shared data of the vehicle through an LSSS linear secret sharing scheme.
And S402, calculating a symmetric key and a ciphertext of the shared data of the vehicle according to the access control policy of the shared data of the vehicle.
Customizing access policies, computing using LSSS linear secret sharing scheme
Where M is the secret policy matrix, ρ: [ l: [ [ L ]]→Z p Is a secret sharing matrix and then randomly selects a secret sharing vector ≥>
Where s is a shared random secret share, y j Is a random number. Then the vehicle V i Input a common parameter calculation->
To obtain
Wherein M is i Is row i of the secret policy matrix. Then randomly selecting l indexes t 1 ,t 2 ,t 3 ,...,t l ∈Z p And calculates C = sd · e (g, g) sα ,C 0 =g s For each xi e [ l]Is provided with
C ξ,1 =f λξ b tξ ,C ξ,2 =(u ρ(ζ) h) -tξ ,C ξ,3 =g tξ ;
And finally, obtaining a ciphertext:
the access control policy for customizing the shared data of the vehicle through the LSSS linear secret sharing scheme can protect the identity and data privacy of the user and guarantee the security of the shared data of the vehicle.
Referring to fig. 5, in some embodiments of the present invention, uploading an access control policy, a symmetric key, and a ciphertext corresponding to shared data of a vehicle to a roadside unit includes:
step S501, signing the index of the shared data of the vehicle to obtain a verifiable signature of the shared data of the vehicle;
wherein, for the vehicle V i To generate a verifiable signature:
Sig i (Γ)=e(g ci ,gη)
where η = H (Γ | | | timestamp), the final vehicle will { Sig | ] i (Γ),CT sd Ct, Γ, timestamp } is uploaded to nearby RSU nodes.
Step S502, uploading verifiable signatures, access control strategies, symmetric keys and ciphertexts corresponding to the shared data of the vehicles to a roadside unit; the roadside unit verifies the validity of the verifiable signature, the access control strategy, the symmetric key and the ciphertext uploading corresponding to the shared data of the vehicle through the verifiable signature of the shared data of the vehicle;
wherein the RSU passes Sig i (gamma) verifying the legality of the uploading vehicle, firstly calculating eta ' = H (gamma ' | timeframe '), then sending the result to a fog node for verification, and the fog node calculates
Then calculate
And comparing the information with the information stored in the block chain, if the information exists, indicating that the vehicle is legal, and returning a message of successful authentication to the RSU. The RSU then transmits the ciphertextAnd uploading the message to a file system, wherein the file system is mounted on a block chain, and the ciphertext uploaded by the vehicle can be stored, so that the message is prevented from being tampered. The file system stores the data ciphertext ct and generates a corresponding storage address indexaddr from ct and the data index Γ. RSU indexes data, symmetric key CT encrypted by attribute base sd Upload to data chain and record transaction TX provide :
RSU i →blockchain:{Γ,CT sd ,TX provide }。
Fine-grained access control is realized through verifiable signatures, uploading of malicious nodes is prevented, and the source and the effectiveness of data are ensured through the non-faking property of the signatures.
Referring to fig. 6, in some embodiments of the present invention, when receiving an acquisition request of shared data of a vehicle, verifying, by a roadside unit, whether an object of the acquisition request is the shared data of the vehicle includes:
step S601, comparing, by the roadside unit, the index of the acquisition request of the shared data of the vehicle with the index of the shared data of the vehicle.
Step S602, if the index of the request for obtaining the shared data of the vehicle matches the index of the shared data of the vehicle, the object of the request for obtaining is the shared data of the vehicle.
The comparing, by the roadside unit, the index of the request for obtaining the shared data of the vehicle with the index of the shared data of the vehicle includes:
sending a request to a nearby RSU:
Req={Request||Sig y (Γ)||timestamp}
wherein, the Request includes the time, purpose and content of the Request data, ID of the index, and Sig y (Γ) content, is a vehicle V y A generated verifiable signature;
after the vehicle passes the authentication, the RSU finds the storage address from the file system according to the index of the vehicle request, and then the encrypted symmetric private key CT is used sd And sending the ciphertext address { CT, indexaddr } to the vehicle:
RSU x →V y :{CT sd ,indexaddr};
the RSU is also responsible for recording request transactions Tr i And save the shared record in the blockchain. The shared record is used for realizing the tracing, user self-certification and non-repudiation of the data shared record, and comprises a data uploader V i Signature, data requestor V y And the timestamp and request Req:
RSU x →blockchain:Tri={Sigi(Γ)||Sigy(Γ)||timestamp||Req}。
referring to fig. 7, in some embodiments of the present invention, decrypting a ciphertext corresponding to the shared data of the vehicle according to an access control policy and a symmetric key corresponding to the shared data of the vehicle provided by the roadside unit to obtain and reply the shared data of the vehicle includes:
step S701 finds a storage address in the file system in the file server according to the index of the acquisition request of the shared data of the vehicle.
And S701, obtaining a ciphertext address and a symmetric key of the shared data of the vehicle according to the storage address.
And step S703, decrypting the symmetric key of the shared data of the vehicle through the attribute base key of the vehicle.
And step S704, decrypting the ciphertext corresponding to the ciphertext address of the shared data of the vehicle according to the decrypted symmetric key of the shared data of the vehicle to obtain and reply the shared data of the vehicle.
It is to be noted that the specific steps are as follows: first, the CT is decrypted by the attribute private key sd A symmetric key sd is obtained. V y First a set of row vectors in M is calculated, which are generated by the attributes in A, i.e.
If the attribute set A is not the authorization set of the access policy, then it cannot satisfy the access structure of (M, ρ) and the process ends. Otherwise, construct a { ω } block j ∈Z p } j∈l Is shaped as a constant vector of j∈I ω j M j = (1, 0.., 0), wherein M i Is the ith row of matrix M. If S is an authorized visitAsk a set, then Σ j∈I ω j λ j = s, there may be other different ways to select ω j To satisfy this, the following calculation is followed:
where ξ is the set of attributes
The index of the attribute vector in (j-dependent);
and calculating correctness:
wherein,
finally, the symmetric key sd can be calculated:
after the vehicle obtains the symmetric key sd, the vehicle V finds the address of the ciphertext ct from the file system through the address indexaddr, and downloads the ciphertext ct. Then the vehicle V y Decrypting the ciphertext ct through the symmetric key sd to finally obtain data of the plaintext:
D=Dec sd (ct)。
referring to fig. 8, in some embodiments of the present invention, after decrypting the ciphertext corresponding to the shared data of the vehicle according to the access control policy and the symmetric key corresponding to the shared data of the vehicle provided by the roadside unit to obtain and reply to the shared data of the vehicle, the method further includes:
and step S800, when the received complaint that the shared data of the vehicle is false content is received, identity tracing is carried out on the vehicle.
It should be noted that tracing back through the immutability of the block chain ensures the authenticity of tracing and prevents malicious users from repudiating.
By tracing the identity of the vehicle, the identity and the data privacy of the user are protected in the data sharing process, and the true identity of the malicious user providing the false message can be traced.
In some embodiments of the invention, identity tracing of a vehicle comprises:
and identity tracing is carried out through the verifiable signature of the shared data of the vehicle and the real identity of the vehicle in the identity mapping table.
It should be noted that the algorithm for identity tracing is shown in table 2:
TABLE 2
Referring to fig. 10 and 11, to facilitate understanding by those skilled in the art, a specific embodiment of the present invention provides a private data sharing method based on a block chain, including:
first, preparing a system model.
The system model mainly relates to: trusted authority, fog server, RSU, vehicle, file system.
(1) Trusted Authority (Trusted Authority)
The TA is a fully trusted third party authority that considers the TA to have nearly unlimited computing power and not to collude with other entities. The system is responsible for initialization of the whole system, generation and distribution of keys, initialization of a alliance chain, deployment of intelligent contracts, identity registration of vehicles, and the TA is also responsible for tracing the identity of the vehicles.
(2) Vehicle with a steering wheel
The vehicle is provided with an OBU (On board Unit) device, the content in the OBU is supposed to be completely safe and cannot be obtained by external attack, the identity of the vehicle in the system is divided into a data provider and a data requester, the roles of the data provider and the data requester are respectively data providing and shared data receiving, and the vehicle can freely switch the identity of the vehicle. The uploader encrypts and uploads some road information, road condition information, route information, information collected by some vehicle sensors and the like, and only users with specific access rights can decrypt the information.
(3)RSU(Road Side Unit)
The RSU is considered as an edge node with computing and communication capabilities, collects real-time requests of a data provider and a data requester, performs identity validity verification on a user, and is also responsible for uploading data indexes, data ciphertexts and keys to a fog node in a block chain.
(4) Fog Server (Fog Server)
The fog server is composed of a computer cluster which is weaker in performance than the cloud server and is more dispersed than the cloud server. The fog server stores the identity authentication information of the vehicles, and a federation block chain is formed between the identity authentication information and the identity authentication information. The TA divides the fog nodes into three types according to computing power and storage capacity, wherein the three types are respectively a File Server (FS), a Data Server (DS) and an Audit Server (AS), and the three types of nodes jointly form a lightweight classified ledger block chain system. And one fog server corresponds to a plurality of RSUs and is responsible for maintaining block chain nodes, wherein each fog server maintains a shared account book (only a hash value is stored), in addition, an FS is responsible for maintaining a complete ciphertext data copy, a DS is responsible for maintaining a key and data index copy, and an AS is responsible for maintaining a data sharing record copy.
Only the TA can trace back, update, revoke the identity of the malicious user, and update and revoke the intelligent contract, and an authorized authority can access the information in the blockchain at any time. After the initialization, the TA is assumed to be in a sleep state except for the time of tracing and updating the identity, so that the calculation power of the whole system is not influenced, and the decentralized characteristic of the block chain is not violated. At the same time, the fog server may verify the new status of all transactions and smart contracts and may upload them into the blockchain according to a consensus mechanism.
And secondly, initializing the system.
System initialization is performed, including trusted authority initialization, vehicle initialization, and blockchain initialization.
(1) The trusted authority is initialized.
Defining a large attribute set U = Z by TA p And running a group generator algorithm to obtain a group and bilinear mapping G (l lambda) description U = (P, G) 1 ,G 2 E) in which G 1 And G 2 Is a cyclic group with two prime numbers of order P, and satisfies bilinear mapping e: G 1 ×G 1 →G 2 . Then TA randomly selects parameters G, u, h, f, b epsilon G 1 And α, a ∈ Z p Wherein u, H generates HASH in the attribute layer, f is used to ensure secret randomness r and s, b is used to bind the attribute layer and the secret sharing layer, and the master private key Msk = { alpha, a }, H: {0,1} * →Z p Is a hash function with a fixed output range, and finally obtains the public parameters:
p={U,H,g,u,h,f,b,g a ,e(g,g)α}。
(2) And (5) initializing the vehicle.
Collecting the real identity VID of the vehicle owner i And the unique identification is used as the unique identification of the identity of the vehicle owner, and the information of occupation, hobbies and interests, frequent location and the like of the vehicle owner is sent to the TA. TA then generates random numbers
Based on the true identity VID of the vehicle i Generating an identity embedding->
And added to the identity mapping table->
TA obtains attribute set A = { A) according to user attributes 1 ,A 2 ,...,A n Then TA chooses n +1 random indices r, r 1 ,r 2 ,...,r n ∈Z p Then calculate
N 1 =g r For each xi e n]The method comprises the following steps:
N ξ,2 =g rξ ,N ξ,3 =(u Aξ h) rξ b -r ;
calculating to obtain a decryption key:
finally, TA combines the common parameters p and sK id Loaded into the vehicle OBU.
(3) And initializing a block chain.
The TA starts the blockchain between the preset fog nodes according to the consensus mechanism and deploys intelligent contracts, which will get their unique addresses and can be invoked using transactions with appropriate authority. TA Generation H (e (g, g) ci ) And is stored in the blockchain for later vehicle authentication.
And thirdly, sharing data.
The data sharing comprises the following steps: generating a data index, uploading data, acquiring data, decrypting data and tracing identity.
(1) A data index is generated.
Data provider V i Data is collected and stored in a vehicle while driving, where the data mainly includes two categories: one type is data detected by the vehicle and the other type is data observed by the user. The vehicle is based on the raw data
Generating an index of the shared data segment for retrieval by a data requester, generating the index:
Γ={Tar,MD}
where Tar is an object that the data provider wants to share data, MD is a description of the shared data segment, including the size, type, data description, storage address, upload time, and other contents of the shared data segment:
MD={size||des||addr||timestamp||other}。
(2) And uploading the data.
The vehicle selects the data which the vehicle wants to share for uploading, firstly V i Generating a symmetric key sd, using sd to the original data
And (3) encrypting to generate a ciphertext:
ct=Enc sd (D);
the access policy is then customized according to the object that one wants to share, decides who can decrypt the data, and encrypts the symmetric key sd using the attribute base. The method comprises the following specific steps:
customizing access policies, computing using LSSS linear secret sharing scheme
Where M is the secret policy matrix, ρ: [ l: [ [ L ]]→Z p Is a secret sharing matrix and then randomly selects a secret sharing vector ≥>
Where s is a shared random secret share, y j Is a random number. Then the vehicle V i Input a common parameter calculation->
To obtain
Wherein M is i Is row i of the secret policy matrix. Then randomly selecting l indexes t 1 ,t 2 ,t 3 ,...,t l ∈Z p And calculates C = sd · e (g, g) sα ,C 0 =g s For each xi e [ l]Comprises the following steps:
C ξ,1 =fλξb tξ ,C ξ,2 =(uρ(ζ)h) -tξ ,C ξ,3 =g tξ ;
and finally, obtaining a ciphertext:
then to the vehicle V i To generate a verifiable signature:
Sig i (Γ)=e(g ci ,gη)
where η = H (Γ | | | timestamp), the final vehicle will { Sig | ] i (Γ),CT sd Ct, Γ, timestamp } is uploaded to a nearby RSU node;
RSU Via Sig i (gamma) verifying the legality of the uploading vehicle, firstly calculating eta ' = H (gamma ' | timeframe '), then sending the result to a fog node for verification, and the fog node calculates
Then counts->
And comparing the information with the information stored in the block chain, if the information exists, indicating that the vehicle is legal, and returning a message of successful authentication to the RSU. And then the RSU uploads the ciphertext to a file system, wherein the file system is mounted on a block chain and can store the ciphertext uploaded by the vehicle, so that the message is prevented from being tampered. The file system stores the data ciphertext ct and generates a corresponding storage address indexaddr from ct and the data index Γ. RSU indexes data, and symmetric key CT is encrypted through attribute base sd Upload to data chain and record transaction TX provide :
RSU i →blockchain:{Γ,CT sd ,TX provide }。
(3) Data is acquired.
Data requestor V y And retrieving indexes of the block chains, searching data which the user wants to obtain, confirming an object shared by the data through the Tar, and checking whether the user is matched. A request is then sent to nearby RSUs:
Req={Request||Sig y (Γ)||timestamp}
wherein, the Request comprises the time, purpose and content of the Request data, and the indexSig such as ID of index y (Γ) content, is a vehicle V y The generated verifiable signature.
After the vehicle authentication is passed, the RSU finds the storage address from the file system according to the index of the vehicle request, and then the encrypted symmetric private key CT is used sd And sending the ciphertext address { CT, indexaddr } to the vehicle:
RSU x →V y :{CT sd ,indexaddr};
the RSU is also responsible for logging request transactions Tr i And save the shared record in the blockchain. The shared record is used for realizing the tracing, user self-certification and non-repudiation of the data shared record, and comprises a data uploader V i Signature, data requestor V of y And the timestamp and request Req:
RSU x →blockchain:Tri={Sigi(Γ)||Sigy(Γ)||timestamp||Req}。
(4) The data is decrypted.
Receipt of message { CT sd Indexaddr } the vehicle first decrypts the CT with its attribute private key sd A symmetric key sd is obtained. V y First a set of row vectors in M is calculated, which are generated by the attributes in A, i.e.
If the attribute set A is not the authorization set of the access policy, then it cannot satisfy the access structure of (M, ρ) and the step ends. Otherwise, construct a { ω } j ∈Z p } j∈l Is shaped as a constant vector of j∈I ω j M j = (1, 0,. 0, 0), wherein M is i Is the ith row of matrix M. If S is the set of authorized accesses, then ∑ j∈I ω j λ j = s, there may be other different ways to select ω j To satisfy this, and then the following calculation is performed:
where ξ is the set of attributes
Is determined by the index of the attribute vector in (depending on j).
Correctness:
wherein,
finally, the symmetric key sd can be calculated:
after the vehicle acquires the symmetric key sd, the vehicle V finds the address of the ciphertext ct from the file system through the address indexaddr, and downloads the ciphertext ct. Then the vehicle V y Decrypting the ciphertext ct through the symmetric key sd to finally obtain data of the plaintext:
D=Dec sd (ct)。
(5) And (4) identity tracing.
When a data requester finds a false message, he or she may complain to the TA, for example, if the data requester receives data saying that a traffic accident has occurred in a certain place, and finds that no traffic accident has occurred at the place, he or she may initiate an identity tracing request, including a request for tracking vehicles indexed by data. The TA then discloses its identity in conjunction with the blockchain. The TA first finds the signature Sig of the data uploader from the records stored in the blockchain i (Γ), due to the immutability of the block chain, the authenticity of the trace is ensured, preventing repudiation by malicious users. Then VID the real identity according to the identity mapping relation stored in TA i Tracing is performed by the data requester V first y Initiating an identity tracking request Trace to the TA, after receiving the request, the TA initiating a shared record for querying a data index gamma to the block chain, if the index does not storeIf yes, the index is returned to be not existed, otherwise the block chain returns the data sharing record Tr to the TA i . TA is then verified from Tr i To extract the signature Sig of the data provider i (Γ) in computational contrast to locally stored identity mappings:
if there is no c i If the equation is satisfied, then return to the vehicle that the true identity does not exist, if there is c i If the equation is satisfied, the corresponding true identity VID is output i And completing the tracking.
It should be noted that, in this embodiment, a fragmented classified ledger is used for storage, instead of storing all shared data in a shared ledger, that is, each party only stores a complete backup of data related to itself, and the shared ledger only stores a Hash value. For example, a fog server providing data sharing services may not be interested in the content of the shared record, and therefore does not need to keep that content in the shared ledger. Conversely, since the audit server retains the data sharing record in its fragmented ledger book, it is sufficient to retain the proof of the data (i.e., the Hash value) in the shared ledger book. Thus, in this embodiment, all participants of the blockchain network agree on a shared ledger, but each party only saves a backup of data related to itself.
Each participant maintains only relevant information that is different from the other participants. In particular, the difference between the shared classification ledger and the segment classification ledger will be in the data sharing details. In this embodiment, there are three participants, which are a file system, an audit server, and a data server. The file system is responsible for storing ciphertext information uploaded by a user, the data server is responsible for storing data indexes and encrypted symmetric keys, and the audit server is responsible for storing data sharing records for subsequent identity tracking. The user may not wish to have the shared record stored on the data server because this activity may expose personal privacy, reveal user interests, etc. Therefore, in the embodiment, the audit server is provided, the TA designates some block chain nodes as audit nodes in advance, the nodes only maintain the data sharing record, and when an arbitration event occurs, the TA can inquire the data sharing record from the audit nodes to track the malicious user. However, in the event of an arbitration event, the TA will reveal this data as needed, and the blockchain satisfies its integrity.
Through the specific embodiment, one-to-many anonymous data sharing and fine-grained access control are realized. The identity and data privacy of the user are protected in the data sharing process, and meanwhile the true identity of a malicious user providing false messages can be tracked. The block chain of the lightweight classified account book records data indexes, data ciphertexts and shared records, the block chain links are divided into several types according to functions, all parties only store complete backups of data related to the parties and cooperate with one another, safety is improved, and storage and communication expenses of nodes in data sharing are effectively reduced.
Referring to fig. 9, in an embodiment of the present invention, there is further provided a private data sharing system based on a blockchain, including a large attribute set module 1001, a vehicle attribute collection module 1002, a blockchain starting module 1003, a vehicle shared data acquisition module 1004, an upload roadside unit module 1005, a request object verification module 1006, and a data sharing module 1007, where:
and a large attribute set module 1001 configured to define a large attribute set by the trusted authority, and construct a common parameter according to the large attribute set.
And the vehicle attribute collection module 1002 is used for collecting the attributes of the vehicle according to the large attribute set of the constructed public parameters and issuing the attribute base key of the vehicle.
A block chain starting module 1003, configured to start a block chain between preset fog nodes through a trusted authority; the fog node comprises a file server, a data server and an audit server.
The vehicle shared data acquisition module 1004 is configured to acquire shared data of a vehicle and generate an access control policy, a symmetric key, and a ciphertext corresponding to the shared data of the vehicle; the symmetric key is encrypted by the attribute base key.
An upload roadside unit module 1005 for uploading the access control policy, the symmetric key and the ciphertext corresponding to the shared data of the vehicle to a roadside unit; the roadside unit is used for storing the access control strategy and the symmetric key corresponding to the shared data of the vehicle to the data server and storing the ciphertext corresponding to the shared data of the vehicle to the file server.
The request object verification module 1006 is configured to, when receiving an acquisition request of shared data of a vehicle, verify, by the roadside unit, whether an object of the acquisition request is the shared data of the vehicle.
The data sharing module 1007 is configured to, if the requested object is shared data of a vehicle, decrypt a ciphertext corresponding to the shared data of the vehicle according to an access control policy and a symmetric key corresponding to the shared data of the vehicle provided by the roadside unit to obtain and reply the shared data of the vehicle; and the record of the shared data of the reply vehicle is saved to the audit server through the roadside unit.
It should be noted that, since the block chain based privacy data sharing system in this embodiment is based on the same inventive concept as the block chain based privacy data sharing method described above, the corresponding contents in the method embodiment are also applicable to this apparatus embodiment, and are not described in detail here.
One of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of data such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired data and which can accessed by the computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any data delivery media as known to one of ordinary skill in the art.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an illustrative embodiment," "an example," "a specific example," or "some examples" or the like mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.
Claims (10)
1. A privacy data sharing method based on a block chain is characterized by comprising the following steps:
defining a large attribute set through a trusted authority, and constructing a public parameter according to the large attribute set;
collecting attributes of vehicles according to the large attribute set of constructed public parameters and issuing attribute base keys of the vehicles;
starting a block chain between preset fog nodes through the trusted authority; the fog node comprises a file server, a data server and an audit server;
acquiring shared data of the vehicle, and generating an access control strategy, a symmetric key and a ciphertext corresponding to the shared data of the vehicle; the symmetric key is encrypted by the attribute base key;
uploading an access control strategy, a symmetric key and a ciphertext corresponding to the shared data of the vehicle to a roadside unit; the roadside unit is used for storing an access control strategy and a symmetric key corresponding to the shared data of the vehicle to the data server and storing a ciphertext corresponding to the shared data of the vehicle to the file server;
when an acquisition request of shared data of the vehicle is received, verifying whether an object of the acquisition request is the shared data of the vehicle through the roadside unit;
if the object of the acquisition request is the shared data of the vehicle, decrypting a ciphertext corresponding to the shared data of the vehicle according to an access control strategy and a symmetric key corresponding to the shared data of the vehicle, which are provided by the roadside unit, so as to obtain and reply the shared data of the vehicle; and the record of replying the shared data of the vehicle is saved to the audit server through the roadside unit.
2. The method according to claim 1, wherein the defining, by a trusted authority, a large attribute set and constructing public parameters according to the large attribute set comprises:
defining the large attribute set through the trusted authority, and operating a group generator algorithm to obtain a group and bilinear mapping; the cluster and bilinear map are used to describe the large set of attributes;
selecting multiple groups of elements according to the large attribute set to form the public parameter; the common parameters are used for CP-ABE to encrypt the large attribute set.
3. The method according to claim 1, wherein the collecting attributes of vehicles according to the large attribute set of constructed public parameters and issuing attribute-based keys of the vehicles comprises:
collecting attributes of the vehicle from the large set of attributes for which common parameters have been constructed; the attributes of the vehicle comprise the real identity of the owner, the occupation of the owner, the interest and hobbies of the owner and the frequent location of the owner; the owner real identity is the unique identification of the vehicle;
adding the owner real identity of the vehicle into an identity mapping table; the identity mapping table is used for obtaining all attributes of the vehicle according to the owner real identity of the vehicle;
and calculating and issuing an attribute base key of the vehicle through all attributes of the trusted authority and the vehicle.
4. The method for sharing private data based on a block chain according to claim 1, wherein the obtaining shared data of the vehicle and generating an access control policy, a symmetric key and a ciphertext corresponding to the shared data of the vehicle comprises:
customizing an access control policy for shared data of the vehicle through an LSSS linear secret sharing scheme;
and calculating a symmetric key and a ciphertext of the shared data of the vehicle according to the access control policy of the shared data of the vehicle.
5. The method according to claim 1, wherein uploading the access control policy, the symmetric key, and the ciphertext corresponding to the shared data of the vehicle to a roadside unit comprises:
signing the index of the shared data of the vehicle to obtain a verifiable signature of the shared data of the vehicle;
uploading verifiable signatures, access control strategies, symmetric keys and ciphertexts corresponding to the shared data of the vehicle to the roadside unit; and the roadside unit verifies the validity of the verifiable signature, the access control strategy, the symmetric key and the ciphertext uploading corresponding to the shared data of the vehicle through the verifiable signature of the shared data of the vehicle.
6. The method according to claim 1, wherein when receiving a request for obtaining shared data of the vehicle, the verifying, by the roadside unit, whether an object of the request for obtaining is the shared data of the vehicle includes:
comparing, by the roadside unit, an index of an acquisition request of shared data of the vehicle with an index of shared data of the vehicle;
and if the index of the acquisition request of the shared data of the vehicle is matched with the index of the shared data of the vehicle, the object of the acquisition request is the shared data of the vehicle.
7. The private data sharing method based on the blockchain according to claim 1, wherein the decrypting a ciphertext corresponding to the shared data of the vehicle according to an access control policy and a symmetric key corresponding to the shared data of the vehicle provided by the roadside unit to obtain and reply the shared data of the vehicle includes:
finding a storage address in a file system in the file server according to the index of the acquisition request of the shared data of the vehicle;
obtaining a ciphertext address and a symmetric key of the shared data of the vehicle according to the storage address;
decrypting a symmetric key of the shared data of the vehicle by the attribute base key of the vehicle;
and decrypting the ciphertext corresponding to the ciphertext address of the shared data of the vehicle according to the decrypted symmetric key of the shared data of the vehicle to obtain and reply the shared data of the vehicle.
8. The method according to claim 1, wherein after decrypting the ciphertext corresponding to the shared data of the vehicle according to the access control policy and the symmetric key corresponding to the shared data of the vehicle provided by the roadside unit to obtain and reply to the shared data of the vehicle, the method further comprises:
and when complaints that the shared data of the vehicle is false content are received, identity tracing is carried out on the vehicle.
9. The method according to claim 8, wherein the identity tracing of the vehicle comprises:
and carrying out identity tracing by the verifiable signature of the shared data of the vehicle and the real identity of the vehicle in the identity mapping table.
10. A block chain based privacy data sharing system, the block chain based privacy data sharing system comprising:
the large attribute set module is used for defining a large attribute set through a trusted authority and constructing a public parameter according to the large attribute set;
the vehicle attribute collection module is used for collecting the attributes of the vehicle according to the large attribute set with the constructed public parameters and issuing an attribute base key of the vehicle;
the block chain starting module is used for starting a block chain between preset fog nodes through the trusted authority; the fog node comprises a file server, a data server and an audit server;
the vehicle shared data acquisition module is used for acquiring the shared data of the vehicle and generating an access control strategy, a symmetric key and a ciphertext corresponding to the shared data of the vehicle; the symmetric key is encrypted by the attribute base key;
the uploading roadside unit module is used for uploading the access control strategy, the symmetric key and the ciphertext corresponding to the shared data of the vehicle to a roadside unit; the roadside unit is used for storing an access control strategy and a symmetric key corresponding to the shared data of the vehicle to the data server and storing a ciphertext corresponding to the shared data of the vehicle to the file server;
the request object verification module is used for verifying whether an object of an acquisition request is shared data of the vehicle or not through the roadside unit when the acquisition request of the shared data of the vehicle is received;
the data sharing module is used for decrypting a ciphertext corresponding to the shared data of the vehicle according to an access control strategy and a symmetric key corresponding to the shared data of the vehicle, which are provided by the roadside unit, to obtain and reply the shared data of the vehicle if the object of the acquisition request is the shared data of the vehicle; and the record of replying the shared data of the vehicle is saved to the audit server through the roadside unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211580454.1A CN115913546A (en) | 2022-12-09 | 2022-12-09 | Private data sharing method and system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211580454.1A CN115913546A (en) | 2022-12-09 | 2022-12-09 | Private data sharing method and system based on block chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115913546A true CN115913546A (en) | 2023-04-04 |
Family
ID=86494671
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211580454.1A Pending CN115913546A (en) | 2022-12-09 | 2022-12-09 | Private data sharing method and system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115913546A (en) |
-
2022
- 2022-12-09 CN CN202211580454.1A patent/CN115913546A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110493347B (en) | Block chain-based data access control method and system in large-scale cloud storage | |
| US10644891B2 (en) | Secure communication of IoT devices for vehicles | |
| Al Amiri et al. | Privacy-preserving smart parking system using blockchain and private information retrieval | |
| US10708070B2 (en) | System and method for utilizing connected devices to enable secure and anonymous electronic interaction in a decentralized manner | |
| CN109451467B (en) | Vehicle-mounted self-organizing network data secure sharing and storage system based on block chain technology | |
| JP2020532215A (en) | Secure communication of IoT devices for vehicles | |
| KR20190012969A (en) | Data access management system based on blockchain and method thereof | |
| CN109858259B (en) | HyperLedger Fabric-based community health service alliance data protection and sharing method | |
| CN112530531B (en) | Electronic medical record storage and sharing method based on double-block chain | |
| Thompson | The preservation of digital signatures on the blockchain | |
| Terzi et al. | Securing emission data of smart vehicles with blockchain and self-sovereign identities | |
| US20190372765A1 (en) | System and Method for Providing an Authorised Third Party with Overt Ledger Secured Key Escrow Access to a Secret | |
| CN110830244A (en) | Anti-quantum computing vehicle networking method and system based on identity secret sharing and alliance chain | |
| CN112532650A (en) | Block chain-based multi-backup safe deletion method and system | |
| US20240064009A1 (en) | Distributed anonymized compliant encryption management system | |
| EP3847780A1 (en) | Issuing device and method for issuing and requesting device and method for requesting a digital certificate | |
| TWI749476B (en) | Methods for vehicle accident management and non-transitory computer-readable storage medium | |
| Alshehri et al. | A blockchain-encryption-based approach to protect fog federations from rogue nodes | |
| CN116453644A (en) | Medicine traceability supervision method and system based on blockchain | |
| Ahmed et al. | Toward fine‐grained access control and privacy protection for video sharing in media convergence environment | |
| Khan et al. | A privacy-preserving and transparent identity management scheme for vehicular social networking | |
| CN113810410A (en) | Unmisuse key decentralized attribute-based encryption method, system and storage medium | |
| Das et al. | Design of a trust-based authentication scheme for blockchain-enabled iov system | |
| CN115913546A (en) | Private data sharing method and system based on block chain | |
| CN116015619A (en) | Blockchain data sharing protocol with privacy protection and data availability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |