CN106549767A - A kind of data authentication with secret protection and tracing system - Google Patents
A kind of data authentication with secret protection and tracing system Download PDFInfo
- Publication number
- CN106549767A CN106549767A CN201610972257.2A CN201610972257A CN106549767A CN 106549767 A CN106549767 A CN 106549767A CN 201610972257 A CN201610972257 A CN 201610972257A CN 106549767 A CN106549767 A CN 106549767A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- control center
- trusted
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
本发明涉及一种具有隐私保护的数据认证及追踪系统,包括:数据收集点,用于收集验证用户用电的细节数据,根据统计到的数据进行分析,并将分析结果发送给控制中心,若发现问题数据,将其数据及签名信息一并发送给控制中心;控制中心,用于接收数据收集点发送的分析结果,若收到数据点所发送的问题数据的签名,可先通过可信第三方提供的关联密钥检验问题数据是否为同一签名者所发送,之后通过可信第三方申请追查问题数据的发送者身份;可信第三方,用于负责生成群相关密钥并管理用户;智能电表,用于在获得第三方认证并拥有相应的群密钥之后,给控制中心及对应用户发送相应的用电数据。与现有技术相比,本发明具有安全性高等优点。
The present invention relates to a data authentication and tracking system with privacy protection, including: a data collection point, used to collect detailed data for verifying user electricity consumption, analyze according to the statistical data, and send the analysis result to the control center, if If the problem data is found, send its data and signature information to the control center; the control center is used to receive the analysis results sent by the data collection point. If the signature of the problem data sent by the data point is received, it can first pass the trusted The associated key provided by the three parties verifies whether the problem data is sent by the same signer, and then traces the identity of the sender of the problem data through a trusted third party application; the trusted third party is responsible for generating group-related keys and managing users; intelligent The electricity meter is used to send corresponding electricity consumption data to the control center and corresponding users after obtaining third-party authentication and possessing the corresponding group key. Compared with the prior art, the present invention has the advantages of high safety and the like.
Description
技术领域technical field
本发明涉及一种数据认证及追踪系统,尤其是涉及一种用于智能电网的具有隐私保护的数据认证及追踪系统。The invention relates to a data authentication and tracking system, in particular to a data authentication and tracking system with privacy protection for smart grids.
背景技术Background technique
智能电网,又称为知识型电网或者现代电网,是将现代先进的传感与测量技术、信息通信技术、控制技术和原有的输配电基础设施高度集成而形成的新型电网。与传统的电网相比,智能电网具有双向通信、分布式电能、动态价格以及负载控制等新特点。为了使智能电网能够提供的各种智能化服务,需要智能电表将用户的实时用电信息发给供电控制中心(如每15分钟发送一次用电信息)。但是,这种高频地向控制中心报告用户消费数据的过程,可能会引起严重的隐私泄露问题,这就对智能电网中用户数据传输的完整性,保密性,抗攻击性以及隐私保护等问题提出了新的挑战。Smart grid, also known as knowledge-based grid or modern grid, is a new type of grid formed by highly integrating modern advanced sensing and measurement technology, information communication technology, control technology and original power transmission and distribution infrastructure. Compared with the traditional grid, the smart grid has new features such as two-way communication, distributed power, dynamic price and load control. In order to enable the smart grid to provide various intelligent services, the smart meter is required to send the user's real-time power consumption information to the power supply control center (such as sending power consumption information every 15 minutes). However, this process of reporting user consumption data to the control center at high frequency may cause serious privacy leakage problems, which will affect the integrity, confidentiality, anti-attack and privacy protection of user data transmission in the smart grid. presented new challenges.
近年来,针对如何保护用户的隐私,相关学者做了大量的研究。在智能电表实时发送数据过程中,用户的隐私性保护技术可大致分为物理技术、数据聚合技术和身份匿名技术。In recent years, relevant scholars have done a lot of research on how to protect user privacy. In the process of real-time data transmission by smart meters, user privacy protection technologies can be roughly divided into physical technology, data aggregation technology and identity anonymity technology.
物理技术主要利用储能设备来隐藏用户的真实消费信息,从而达到隐藏隐私的目的。其根本原理是通过储能设备的充放电改变智能电表所读到的用户用电信息。通过利用可充电电池来保护用户的用电隐私,例如:将电池的冲/放电与家用电器的使用/不使用以1/0来表示,通过充电电池的充放电来维持与智能电表测出功率的平衡,若某段时间家用电器的平均功率小于上段时间电表测出的功率,则充电电池放电使其与家用电器的功率和与上段时间电表测出的功率相等,反之亦然。制定充电电池状态政策并用实验证明其信息泄露的速率比较低,有效的保护了用户的隐私。但该技术中的充电电池相对于其他技术原件较为昂贵,并且其寿命和充放电的次数是有限的。Physical technology mainly uses energy storage devices to hide the real consumption information of users, so as to achieve the purpose of hiding privacy. The fundamental principle is to change the user's electricity consumption information read by the smart meter through the charging and discharging of the energy storage device. By using rechargeable batteries to protect the privacy of users' electricity consumption, for example: the charging/discharging of batteries and the use/non-use of household appliances are represented by 1/0, and the power measured by smart meters is maintained through the charging and discharging of rechargeable batteries If the average power of household appliances in a certain period of time is less than the power measured by the ammeter in the previous period, the rechargeable battery is discharged to make it equal to the power of the household appliances and the power measured by the ammeter in the previous period, and vice versa. Formulate a battery status policy and use experiments to prove that the rate of information leakage is relatively low, which effectively protects the privacy of users. However, the rechargeable battery in this technology is relatively expensive compared to other technical components, and its life and the number of times of charging and discharging are limited.
Bohli首次提出电力公司用于监控电网运行和预测电力需求所需的用电数据是一个区域的实时的总电量,进而提出了在智能电网中通过数据聚合技术来保护用户隐私。随后,研究者们利用数据聚合技术对保护用户隐私进行了相关研究。其中,有通过构造一个同态聚合树的方法,来保护用户的隐私。大多数学者利用Paillier同态加密构造了其隐私保护方案,整体思路为:个用户组成一个聚合单位,使控制中心只得到所有用户用电量的总和,而不知道每个用户的个人数据。以上方法虽然保护了用户个人隐私,但采集数据为聚合状态,不能用于实时检测和追查个别问题电表。For the first time, Bohli proposed that the power consumption data needed by power companies to monitor grid operation and predict power demand is the real-time total power of an area, and then proposed to protect user privacy through data aggregation technology in smart grids. Subsequently, researchers used data aggregation technology to conduct related research on protecting user privacy. Among them, there is a method of constructing a homomorphic aggregation tree to protect the privacy of users. Most scholars use Paillier homomorphic encryption to construct their privacy protection scheme. The overall idea is: each user forms an aggregation unit, so that the control center only gets the sum of the electricity consumption of all users, but does not know the personal data of each user. Although the above method protects the user's personal privacy, the collected data is aggregated and cannot be used for real-time detection and tracking of individual problematic meters.
因此,对于电表实时发送数据过程中保护用户的隐私,身份匿名技术近年来也成为了研究热点。身份匿名技术中群签名技术是一种极其重要的特殊形式的数字签名方式,它是由Chaum和Van Heyst在1991年提出的。群签名方案通常包括一个群管理员和若干个群成员,群中的任一成员都能够代表群进行匿名地签名。有的学者提出采用基于双线性对的群签名技术保护用户隐私,虽提出的群签名方案比较高效,但对于签名追查方面,由于每次签名者的签名不同,导致查询时,可能会出现同一签名者被多次查询,浪费通信开销。因此,关联性群签名算法被提出,该算法中的的关联者能够利用对群签名关联密钥判断两个不同的群签名是否为群中同一个成员产生,且不泄露群成员的信息,即仍能够保证群成员的匿名性。但却没有具体说明问题数据是如何被发现的。Therefore, identity anonymity technology has also become a research hotspot in recent years for the protection of user privacy in the process of real-time data transmission by electric meters. Group signature technology is an extremely important special form of digital signature in identity anonymity technology, which was proposed by Chaum and Van Heyst in 1991. A group signature scheme usually includes a group administrator and several group members, any member of the group can sign anonymously on behalf of the group. Some scholars propose to use group signature technology based on bilinear pairings to protect user privacy. Although the proposed group signature scheme is more efficient, in terms of signature tracing, since the signatures of each signer are different, the same signature may appear when querying. The signer is queried multiple times, wasting communication overhead. Therefore, an associated group signature algorithm is proposed. The associated person in this algorithm can use the associated key of the group signature to judge whether two different group signatures are generated by the same member of the group without disclosing the information of the group members, that is The anonymity of group members can still be guaranteed. But it did not specify how the problematic data was discovered.
发明内容Contents of the invention
本发明的目的就是为了克服上述现有技术存在的缺陷而提供一种具有隐私保护的数据认证及追踪系统。The purpose of the present invention is to provide a data authentication and tracking system with privacy protection in order to overcome the defects in the above-mentioned prior art.
本发明的目的可以通过以下技术方案来实现:The purpose of the present invention can be achieved through the following technical solutions:
一种具有隐私保护的数据认证及追踪系统,包括:A data authentication and tracking system with privacy protection, including:
数据收集点,用于收集验证用户用电的细节数据,根据统计到的数据进行分析,并将分析结果发送给控制中心,若发现问题数据,将其数据及签名信息一并发送给控制中心;The data collection point is used to collect and verify the detailed data of the user's electricity consumption, analyze the statistical data, and send the analysis results to the control center. If any problem data is found, send the data and signature information to the control center;
控制中心,用于接收数据收集点发送的数据,若收到数据点所发送的问题数据的签名,可先通过可信第三方提供的关联密钥检验问题数据是否为同一签名者所发送,之后通过可信第三方申请追查问题数据的发送者身份;The control center is used to receive the data sent by the data collection point. If the signature of the problem data sent by the data point is received, it can first check whether the problem data is sent by the same signer through the associated key provided by the trusted third party, and then Apply to trace the identity of the sender of the problematic data through a trusted third party;
可信第三方,为一个同时被用户和控制中心信任的一个机构,用于负责生成群相关密钥并管理用户,认证用户的智能电表并为其生成相应的群密钥,并协助控制中心查询问题数据的发送者身份;A trusted third party is an organization trusted by both the user and the control center. It is responsible for generating group-related keys and managing users, authenticating the user's smart meter and generating a corresponding group key for it, and assisting the control center in querying The identity of the sender of the data in question;
智能电表,用于在获得第三方认证并拥有相应的群密钥之后,每隔设定时间给控制中心及对应用户发送相应的用电数据。The smart meter is used to send corresponding power consumption data to the control center and corresponding users at set intervals after obtaining third-party authentication and having the corresponding group key.
所述的控制中心向用户提供用电的服务,通过分析结果,合理地进行能源调度。The control center provides power consumption services to users, and reasonably conducts energy scheduling through analysis results.
所述的可信第三方输入安全参数建立用户群,并生成群主密钥、关联密钥和查询密钥,其中群主密钥用于认证用户合法性,关联密钥用于检验问题数据是否为同一签名者所发送,查询密钥用于验证查询请求的合法性。The trusted third party inputs security parameters to establish a user group, and generates a group master key, an associated key and a query key, wherein the group master key is used to authenticate the legitimacy of the user, and the associated key is used to check whether the problem data Sent by the same signer, the query key is used to verify the legitimacy of the query request.
所述的用户加密自己的ID及相应电表编号发送给控制中心申请注册,控制中心记录用户ID与相应电表编码,并用私钥对用户ID签名并发送给用户,用户使用该签名向可信第三方证明它的合法性,并申请入群。The user encrypts his ID and the corresponding meter number and sends it to the control center to apply for registration. The control center records the user ID and the corresponding meter code, and signs the user ID with the private key and sends it to the user. Prove its legitimacy and apply for membership.
所述的可信第三方验证用户入群申请后,通过用户ID计算相应的群签名密钥。After the trusted third party verifies the user's application for joining the group, it calculates the corresponding group signature key through the user ID.
所述的智能电表加密数据并用群主密钥对数据签名后发送给数据收集点。The smart meter encrypts the data and sends it to the data collection point after signing the data with the group master key.
所述的数据收集点验证所接收的签名,并验证发送者的身份,身份验证成立即接收该数据。The data collection point verifies the received signature and verifies the identity of the sender, who immediately receives the data.
所述的问题数据的判断过程如下:The judgment process of the problem data is as follows:
基于距离的离群定义,数据收集点定义数据M=(m1,…,mn)和核函数kM(x),其中,对于M的所有值都满足设置定义分布方程其中T为原数据样本,随着所收集到的数据不断更新,k(x)的取值原则为:Based on distance outlier definition, data collection points define data M=(m 1 ,...,m n ) and kernel function k M (x), where all values of M satisfy Set Define Distribution Equation Among them, T is the original data sample. As the collected data is continuously updated, the value principle of k(x) is:
其中,B为核函数域宽;通过上述的定义解释,数据收集点计算检测数据与样本数据的空间距离r为设定查询范围,若N(M,r)小于所定义的域D,则该数据判断为问题数据。Among them, B is the domain width of the kernel function; explained by the above definition, the data collection point calculates the spatial distance between the detection data and the sample data r is the set query range, if N(M,r) is less than the defined domain D, then the data is judged as problem data.
与现有技术相比,本发明具有以下优点:Compared with the prior art, the present invention has the following advantages:
1、本发明将群签名与追踪数据技术相结合,与以往的隐私追踪方案不同,在本方案中详细地说明问题数据的检测过程,细说了如何判断一个数据是否为问题数据。1. The present invention combines group signature and tracking data technology, which is different from previous privacy tracking solutions. In this solution, the detection process of problem data is explained in detail, and how to judge whether a piece of data is problem data is explained in detail.
2、具有隐私保护的功能,对传输数据进行了有效的保护,恶意攻击者接收到用户所传输的数据也恢复不出用户真实ID。2. It has the function of privacy protection, and effectively protects the transmitted data. Malicious attackers cannot recover the real ID of the user after receiving the data transmitted by the user.
3、扩展性高,如果有新的用户加入,只需要通过分别向控制中心及可信第三方合法申请,获得签名密钥即可。3. High scalability. If a new user joins, it only needs to obtain a signature key by legally applying to the control center and a trusted third party respectively.
4、减小了通信与计算开销,与传统的群加密方案相比,本方案增加群签名关联性功能,可验证多个签名是否为同一签名者所为,减少了问题数据的追查量(通信开销),有效快速查询问题用户身份。同时,传统的群加密方案相比,也减少了计算开销。4. Reduced communication and computing overhead. Compared with traditional group encryption schemes, this scheme increases the group signature correlation function, which can verify whether multiple signatures are made by the same signer, and reduces the amount of problem data tracing (communication overhead), effectively and quickly query the identity of the problematic user. At the same time, compared with the traditional group encryption scheme, it also reduces the computational overhead.
5、安全性高,由于群签名技术中的零知识验证,有效地保证了合法用户的身份验证,而恶意攻击者无法伪造签名。5. High security. Due to the zero-knowledge verification in the group signature technology, the identity verification of legitimate users is effectively guaranteed, and malicious attackers cannot forge signatures.
附图说明Description of drawings
图1为本发明用户数据传输过程图。FIG. 1 is a diagram of the user data transmission process in the present invention.
具体实施方式detailed description
下面结合附图和具体实施例对本发明进行详细说明。本实施例以本发明技术方案为前提进行实施,给出了详细的实施方式和具体的操作过程,但本发明的保护范围不限于下述的实施例。The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments. This embodiment is carried out on the premise of the technical solution of the present invention, and detailed implementation and specific operation process are given, but the protection scope of the present invention is not limited to the following embodiments.
一种具有隐私保护的数据认证及追踪系统,该系统主要包括5个实体:数据收集点(Collector)、控制中心(Control Center)、可信第三方(TTP)、智能电表(SM)、用户(User)。其中数据收集点收集验证用户用电的细节数据,根据统计到的数据进行分析,并将分析结果发送给控制中心。若出现问题数据,则将该数据及签名信息发送给控制中心;控制中心向用户提供用电的服务,通过分析结果,合理地进行能源调度。A data authentication and tracking system with privacy protection, the system mainly includes five entities: data collection point (Collector), control center (Control Center), trusted third party (TTP), smart meter (SM), user ( User). Among them, the data collection point collects and verifies the detailed data of the user's electricity consumption, analyzes the statistical data, and sends the analysis results to the control center. If problematic data occurs, the data and signature information will be sent to the control center; the control center will provide users with power consumption services, and conduct energy scheduling reasonably through analysis results.
若收到数据收集点发送的问题数据,可先通过可信第三方提供的关联密钥检验问题数据是否为同一签名者所发送,减少与可信第三方的通信量,之后向可信第三方申请追查问题数据的发送者身份;可信第三方是一个同时被用户和控制中心信任的一个机构,它负责生成群相关密钥并管理用户,认证用户的智能电表并为其生成相应的群密钥。同时,还可协助控制中心查询问题数据的发送者身份;智能电表在获得第三方认证并拥有相应的群密钥之后,每隔15分钟要给控制中心及对应用户发送相应的用电数据。If you receive the problem data sent by the data collection point, you can first check whether the problem data is sent by the same signer through the associated key provided by the trusted third party, so as to reduce the amount of communication with the trusted third party, and then report to the trusted third party Apply to trace the identity of the sender of the problem data; a trusted third party is an organization trusted by both the user and the control center, which is responsible for generating group-related keys and managing users, authenticating the user's smart meter and generating a corresponding group secret for it key. At the same time, it can also assist the control center to query the identity of the sender of the problem data; after the smart meter has obtained third-party authentication and has the corresponding group key, it will send corresponding electricity consumption data to the control center and corresponding users every 15 minutes.
图1所示为用户数据传输过程图,以其中一个用户A数据传输为例,结合模型方案示意图对该方法进行详细描述:Figure 1 is a diagram of the user data transmission process. Taking the data transmission of one user A as an example, the method is described in detail in combination with the schematic diagram of the model scheme:
第一步:系统初始化Step 1: System initialization
a.可信第三方TTP输入安全参数(1λ)建立群Ω1。设身份信息ID和消息M可以分别表示成k位和n位的二进制串。G是一个可交换的乘法群,N=p1p2p3,双线性对e:G×G→GT,是群G的一个子群,阶为p1,随机选择生成元g,向量对应承诺用户ID=(x1,…,xk)←{0,1}k;向量对应承诺消息M=(m1,…,mn)←{0,1}n。H为哈希函数。随机选择数w,h,l←G,α←ZN,L←ZP,计算f=wL。生成群主密钥MK1=gα,关联密钥LK1=L,查询密钥TK1=l。公布公共参数:gpk1=(N,g,u,u1,…,uk,v,v1,…,vn,f,w,h,A=e(g,g)α,H)。其中,关联密钥LK1发送给控制中心。a. Trusted third-party TTP inputs security parameters (1 λ ) to establish group Ω 1 . Assume that the identity information ID and message M can be expressed as k-bit and n-bit binary strings respectively. G is a commutative multiplicative group, N=p 1 p 2 p 3 , bilinear pairing e:G×G→G T , is a subgroup of the group G, the order is p 1 , and the generator g is randomly selected, vector Corresponding commitment user ID=(x 1 ,…,x k )←{0,1} k ; vector The corresponding commitment message M=(m 1 ,...,m n )←{0,1} n . H is a hash function. Randomly select numbers w, h, l←G, α←Z N , L←Z P , and calculate f=w L . Generate the group master key MK 1 =g α , the associated key LK 1 =L, and the query key TK 1 =l. Publish public parameters: gpk 1 =(N,g,u,u 1 ,...,u k ,v,v 1 ,...,v n ,f,w,h,A=e(g,g) α ,H) . Among them, the associated key LK 1 is sent to the control center.
a.用户A加密自己的IDA及相应电表编号SMA发送给控制中心申请注册(加密形式:PKA为用户A的公钥)。控制中心记录用户IDA与相应电表编码SMA,并用私钥对用户IDA签名(签名形式:SKCC为控制中心私钥)并发送给用户。用户使用该签名向可信第三方证明它的合法性,并申请入群。a. User A encrypts his ID A and the corresponding meter number SM A and sends it to the control center to apply for registration (encrypted form: PK A is the public key of user A). The control center records the user ID A and the corresponding electric meter code SMA, and signs the user ID A with the private key ( signature form: SK CC is the private key of the control center) and sent to the user. The user uses the signature to prove its legitimacy to a trusted third party and apply to join the group.
b.可信第三方验证用户入群申请后,通过用户IDA计算相应的群签名密钥。选择随机数r1←ZN,bi←ZP,计算从群选择两个素数R和R',计算申请用户的签名群密钥KID={K1,K2},计算生成基于非交互式零知识的证明的相关参数同时,可信第三方计算E=H(C)TK,并记录<IDui,r1,C,E>,将(KID,C,Bi)发送给相应用户A电表。b. After the trusted third party verifies the user's application for joining the group, it calculates the corresponding group signature key through user ID A. Choose random number r 1 ←Z N , b i ←Z P , calculate From the group Select two prime numbers R and R', calculate the signature group key K ID of the applicant user = {K 1 , K 2 }, Computes relevant parameters for generating non-interactive zero-knowledge based proofs At the same time, the trusted third party calculates E=H(C) TK , records <ID ui ,r 1 ,C,E>, and sends (K ID ,C,B i ) to the electric meter of corresponding user A.
第二步:电力数据统计The second step: power data statistics
a.智能电表加密数据并用群密钥KID对数据MA签名:智能电表选择随机数s,r2←ZN,计算:H1=H(C),H2=H(MA),S=(S1,S2,S3)=(K1C's,K2 -1,g-s)。其中,满足非交互零知识证明中配对乘积等式:e(S1,g)e(S2,C)e(S3,C')=A。选择随机数t1,t2,t3←ZN,t为时间戳,计算:T4=Cht,选择随机数θ←Zp,计算Q=w-θ,c=Bif-θ。得到签名σA=(T1,T2,T3,T4,π,Q,c,H1),最后智能电表将(MA,σA,H2)发送给数据收集点。a. The smart meter encrypts the data and signs the data M A with the group key K ID : the smart meter selects a random number s,r 2 ←Z N , and calculates: H 1 =H(C),H 2 =H(M A ), S = (S 1 , S 2 , S 3 ) = (K 1 C' s , K 2 −1 , g −s ). Wherein, the paired product equation in the non-interactive zero-knowledge proof is satisfied: e(S 1 ,g)e(S 2 ,C)e(S 3 ,C')=A. Select random numbers t 1 , t 2 , t 3← Z N , t is the timestamp, and calculate: T 4 =Ch t , Choose random number θ←Z p , calculate Q=w -θ , c=B i f -θ . Get the signature σ A = (T 1 , T 2 , T 3 , T 4 , π, Q, c, H 1 ), and finally the smart meter sends (M A , σ A , H 2 ) to the data collection point.
b.数据收集点验证签名、收集数据:数据收集点验证所接收的签名,即检查T4=Cht,计算验证H3=H(MA)是否与接收的H2相等。若通过上述验证则证明数据未被篡改。然后验证发送者的身份,计算并代入等式e(T1,g)e(T2,T4)e(T3,T5)=A·e(h,π),验证是否成立。若成立,则发送者为其群成员,数据收集点接受该数据。b. Data collection point verifies the signature and collects data: the data collection point verifies the received signature, that is, checks T 4 =Ch t , calculates and verifies whether H 3 =H(M A ) is equal to the received H 2 . If the above verification is passed, it proves that the data has not been tampered with. Then verify the identity of the sender, computing And substitute into the equation e(T 1 ,g)e(T 2 ,T 4 )e(T 3 ,T 5 )=A·e(h,π) to verify whether it is true. If established, the sender is a member of the group, and the data collection point accepts the data.
第三步:数据收集点分析数据Step 3: Analyze the data at the data collection point
基于距离的离群定义,数据收集点定义数据MA=(m1,…,mn)和核函数kM(x),其中,对于MA的所有值都满足设置定义分布方程其中T为原数据样本,随着所收集到的数据不断更新。k(x)的取值原则为:Based on distance outlier definition, the data collection point defines data M A = (m 1 ,...,m n ) and kernel function k M (x), where, for all values of M A , satisfies Set Define Distribution Equation Among them, T is the original data sample, which is updated continuously with the collected data. The value principle of k(x) is:
其中,B为核函数域宽。通过上述的定义解释,数据收集点计算检测数据与样本数据的空间距离r为特定查询范围。若N(MA,r)小于所定义的域D,则该数据判断为异常数据。数据收集点把该数据与其相关签名信息发送给控制中心。Among them, B is the domain width of the kernel function. Through the above definition and explanation, the data collection point calculates the spatial distance between the detection data and the sample data r is a specific query range. If N(M A ,r) is smaller than the defined field D, the data is judged as abnormal data. The data collection point sends the data and its associated signature information to the control center.
第四步:控制中心追踪数据发送者Step 4: The control center tracks the sender of the data
a.为了能减少向用户实名查询者的询问次数,有效快速查询不正常电表的发送者身份,控制中心利用关联密钥LK验证多个数据签名是否为同一电表所签。控制中心将计算每个签名的关联值VL=e(c,h)e(Q,hLK)-1。a. In order to reduce the number of inquiries to the user's real-name inquirer, effectively and quickly inquire about the identity of the sender of the abnormal meter, the control center uses the associated key LK to verify whether multiple data signatures are signed by the same meter. The control center will calculate the associated value VL=e(c,h)e(Q,h LK ) −1 for each signature.
若用户A为不良数据发送者,并发出多个不真实数据(MA1,……,MAn),则其关联值对于用户A发送的签名所计算的关联值VLA都为同一值。控制中心只要发送给可信第三方一个用户A签名查询请求即可,避免了重复询问用户A的身份。If user A is a bad data sender and sends multiple false data (M A1 ,...,M An ), its associated value The associated values VL A calculated for the signature sent by user A are all the same value. The control center only needs to send a user A signature query request to the trusted third party, avoiding repeated inquiry of user A's identity.
b.可信第三方接收控制中心的查询请求与相应数据的签名σA,用查询密钥TK,计算根据之前的记录表,查找对应的用户A的IDA后,将查询结果发送给控制中心。控制中心接收查询结果,并采取相应措施。b. The trusted third party receives the query request from the control center and the signature σ A of the corresponding data, and uses the query key TK to calculate According to the previous record table, after searching for the ID A of the corresponding user A, the query result is sent to the control center. The control center receives the query results and takes corresponding measures.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the protection scope of the present invention is not limited thereto. Any person familiar with the technical field can easily think of various equivalents within the technical scope disclosed in the present invention. Modifications or replacements shall all fall within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.
Claims (8)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610972257.2A CN106549767A (en) | 2016-11-04 | 2016-11-04 | A kind of data authentication with secret protection and tracing system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610972257.2A CN106549767A (en) | 2016-11-04 | 2016-11-04 | A kind of data authentication with secret protection and tracing system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106549767A true CN106549767A (en) | 2017-03-29 |
Family
ID=58395437
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610972257.2A Pending CN106549767A (en) | 2016-11-04 | 2016-11-04 | A kind of data authentication with secret protection and tracing system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106549767A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108964894A (en) * | 2018-06-28 | 2018-12-07 | 上海电力学院 | A kind of based on state estimation and have the power grid stealing electricity detection method of secret protection |
CN109510830A (en) * | 2018-11-22 | 2019-03-22 | 南方电网科学研究院有限责任公司 | Authentication method, device, medium and equipment for intelligent electric meter |
CN109600233A (en) * | 2019-01-15 | 2019-04-09 | 西安电子科技大学 | Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method |
CN110430050A (en) * | 2019-07-31 | 2019-11-08 | 湖南匡安网络技术有限公司 | A kind of smart grid collecting method based on secret protection |
CN112904067A (en) * | 2021-01-29 | 2021-06-04 | 桂林电子科技大学 | Real-time electricity stealing detection method based on user data privacy |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050184882A1 (en) * | 2004-02-19 | 2005-08-25 | Bruce Angelis | Utility endpoint communication scheme, such as for sequencing the order of meter reading communications for electric, gas, and water utility meters |
CN102882688A (en) * | 2012-10-24 | 2013-01-16 | 北京邮电大学 | Lightweight authentication and key agreement protocol applicable to electric information acquisition |
CN103763094A (en) * | 2014-01-03 | 2014-04-30 | 沈阳中科博微自动化技术有限公司 | Intelligent electric meter system safety monitoring information processing method |
CN104219056A (en) * | 2014-09-16 | 2014-12-17 | 西安电子科技大学 | A real-time power collection method with privacy protection in smart grid |
CN103490880B (en) * | 2013-10-07 | 2016-04-13 | 西安电子科技大学 | There is in intelligent grid electricity statistics and the charging method of secret protection |
-
2016
- 2016-11-04 CN CN201610972257.2A patent/CN106549767A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050184882A1 (en) * | 2004-02-19 | 2005-08-25 | Bruce Angelis | Utility endpoint communication scheme, such as for sequencing the order of meter reading communications for electric, gas, and water utility meters |
CN102882688A (en) * | 2012-10-24 | 2013-01-16 | 北京邮电大学 | Lightweight authentication and key agreement protocol applicable to electric information acquisition |
CN103490880B (en) * | 2013-10-07 | 2016-04-13 | 西安电子科技大学 | There is in intelligent grid electricity statistics and the charging method of secret protection |
CN103763094A (en) * | 2014-01-03 | 2014-04-30 | 沈阳中科博微自动化技术有限公司 | Intelligent electric meter system safety monitoring information processing method |
CN104219056A (en) * | 2014-09-16 | 2014-12-17 | 西安电子科技大学 | A real-time power collection method with privacy protection in smart grid |
Non-Patent Citations (2)
Title |
---|
S.SUBRAMANIAM等: "Online outlier detection in sensor data using non-parametric models", 《PROCEEDINGS OF THE 32ND INTERNATIONAL CONFERENCE ON VERY LARGE DATA BASES》 * |
龚凡: "基于群签名的智能电网用电量统计及电费的缴纳方案", 《中国优秀硕士学位论文全文数据库 工程科技Ⅱ辑》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108964894A (en) * | 2018-06-28 | 2018-12-07 | 上海电力学院 | A kind of based on state estimation and have the power grid stealing electricity detection method of secret protection |
CN108964894B (en) * | 2018-06-28 | 2021-04-30 | 上海电力学院 | Power grid electricity stealing detection method based on state estimation and with privacy protection |
CN109510830A (en) * | 2018-11-22 | 2019-03-22 | 南方电网科学研究院有限责任公司 | Authentication method, device, medium and equipment for intelligent electric meter |
CN109510830B (en) * | 2018-11-22 | 2021-01-29 | 南方电网科学研究院有限责任公司 | Authentication method, device, medium and equipment for intelligent electric meter |
CN109600233A (en) * | 2019-01-15 | 2019-04-09 | 西安电子科技大学 | Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method |
CN109600233B (en) * | 2019-01-15 | 2021-06-08 | 西安电子科技大学 | Group Signature Identification Issuance Method Based on SM2 Digital Signature Algorithm |
CN110430050A (en) * | 2019-07-31 | 2019-11-08 | 湖南匡安网络技术有限公司 | A kind of smart grid collecting method based on secret protection |
CN112904067A (en) * | 2021-01-29 | 2021-06-04 | 桂林电子科技大学 | Real-time electricity stealing detection method based on user data privacy |
CN112904067B (en) * | 2021-01-29 | 2024-06-11 | 桂林电子科技大学 | Real-time electricity stealing detection method based on user data privacy |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111294366B (en) | A Statistical Analysis Method for Encrypted Data Aggregation Against Key Disclosure in Smart Grid | |
Zhang et al. | An efficient blockchain-based hierarchical data sharing for healthcare internet of things | |
Alrawais et al. | An attribute-based encryption scheme to secure fog communications | |
CN110536259B (en) | A lightweight privacy-preserving data multi-level aggregation method based on fog computing | |
Wang | An identity-based data aggregation protocol for the smart grid | |
Zhang et al. | A blockchain-assisted massive IoT data collection intelligent framework | |
CN111385306B (en) | Anonymous authentication method and system based on anti-tampering device in smart power grid | |
CN110430050B (en) | Smart power grid data acquisition method based on privacy protection | |
CN105844172B (en) | A kind of more community's multidimensional user's electricity paradigmatic systems and method of secret protection | |
CN106549767A (en) | A kind of data authentication with secret protection and tracing system | |
CN105812128B (en) | A kind of anti-malicious data of intelligent grid excavates the data aggregation method of attack | |
Chu et al. | Privacy-preserving smart metering with regional statistics and personal enquiry services | |
CN104636672B (en) | A kind of secure data reporting system based on Hash tree and anonymity technology | |
Cheng et al. | Efficient anonymous authentication and privacy-preserving reliability evaluation for mobile crowdsensing in vehicular networks | |
Bao et al. | Bbnp: a blockchain-based novel paradigm for fair and secure smart grid communications | |
Chen et al. | Efficient attribute-based signature with collusion resistance for Internet of Vehicles | |
Shen et al. | Traceable and privacy-preserving authentication scheme for energy trading in V2G networks | |
Zhang et al. | A privacy protection scheme for bidding users of peer-to-peer electricity call auction trading in microgrids | |
Lin et al. | Privacy-enhancing decentralized anonymous credential in smart grids | |
CN113079140A (en) | Cooperative spectrum sensing position privacy protection method based on block chain | |
Zhang et al. | Antiquantum privacy protection scheme in advanced metering infrastructure of smart grid based on consortium blockchain and RLWE | |
Wang et al. | A secure and efficient pairing-free certificateless aggregate signcryption scheme for V2G networks | |
Da et al. | Cloud-assisted road condition monitoring with privacy protection in vanets | |
Parameswarath et al. | Decentralized identifier-based privacy-preserving authenticated key exchange protocol for electric vehicle charging in smart grid | |
Luo et al. | A revocable anonymous cross-domain communication scheme for smart grid based on ring signcryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170329 |