[go: up one dir, main page]

CN113553574B - A trusted data management method for the Internet of Things based on blockchain technology - Google Patents

A trusted data management method for the Internet of Things based on blockchain technology Download PDF

Info

Publication number
CN113553574B
CN113553574B CN202110856422.9A CN202110856422A CN113553574B CN 113553574 B CN113553574 B CN 113553574B CN 202110856422 A CN202110856422 A CN 202110856422A CN 113553574 B CN113553574 B CN 113553574B
Authority
CN
China
Prior art keywords
gateway
key
internet
terminal equipment
things
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110856422.9A
Other languages
Chinese (zh)
Other versions
CN113553574A (en
Inventor
邓水光
程冠杰
尹建伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CN202110856422.9A priority Critical patent/CN113553574B/en
Publication of CN113553574A publication Critical patent/CN113553574A/en
Application granted granted Critical
Publication of CN113553574B publication Critical patent/CN113553574B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a block chain technology-based internet of things trusted data management method, which divides the trusted management problem faced by internet of things data into four parts, namely trusted device authentication, trusted data transmission, trusted data storage and trusted data sharing. The invention builds a distributed and tamper-proof communication network for the gateway and the edge server based on the blockchain technology, designs a mutual authentication mechanism for the Internet of things equipment and the gateway by using the Diffie-Hellman key exchange technology aiming at equipment authentication, and designs a session key negotiation mechanism for guaranteeing safe and reliable data transmission.

Description

Internet of things trusted data management method based on blockchain technology
Technical Field
The invention belongs to the technical field of Internet of things and network security, and particularly relates to an Internet of things trusted data management method based on a blockchain technology.
Background
With the progress of wireless communication technology and intelligent device manufacturing technology, internet of things technology is vigorously developed, and great convenience is brought to life of people through a novel interaction mode of everything interconnection. The Internet of things creates a lot of novel application scenes by using an intelligent terminal to collect real-time data to assist in applying a high-performance decision mode, wherein the novel application scenes comprise intelligent medical treatment, intelligent home, intelligent transportation and the like, but the Internet of things needs a plurality of heterogeneous devices to perform distributed cooperation, so that a plurality of trust problems exist in a data management layer, namely, firstly, inaccurate and biased data can be provided for upper-layer applications by dishonest data sources, so that the service quality of the Internet of things is impaired, furthermore, malicious users can insert false Internet of things devices to disturb the application, the normal operation of an Internet of things system is influenced, the problems are caused by lack of equipment authentication identity mechanisms, the Internet of things data are easily subjected to security attacks in the transmission process, privacy leakage, malicious tampering and the like, and the like.
The China patent with the publication number of CN113032814A provides a data management method and system of the Internet of things, the Internet of things gateway encrypts Internet of things data sent by Internet of things equipment according to a data private key to obtain target encrypted data, the Internet of things equipment is used for trust equipment for associated authentication of a data authentication server, the Internet of things gateway obtains target data fingerprints of the target encrypted data, the Internet of things gateway sends the target data fingerprints and authority information of the target encrypted data to the data authentication server for storage, and the data storage server performs integrity verification on the received target encrypted data according to the target data fingerprints, and if the target encrypted data is successfully verified, the target encrypted data is stored in a target area.
The China patent with publication number CN113066552A discloses a monitoring data management system based on a blockchain technology, which comprises a device acquisition client, a data interaction management client, a consumption client and a blockchain node, wherein the device acquisition client, the data interaction management client and the consumption client realize data interaction through a blockchain link point. The patent technology adopts Raft consensus mechanism, combines the blockchain technology to aspects of hardware equipment data acquisition, data sharing and the like, and realizes alliance chain design and multi-role access control based on the Internet of things equipment and a data interaction platform.
In summary, analysis shows that a plurality of research technologies can solve part of data management problems, most of the research technologies are concentrated on data storage and trusted data sharing of the internet of things, but only one ring of trusted data management is solved, and a set of trusted solutions are not provided at the same time for authentication, data transmission, data storage and access control of the artificial equipment. With the prosperous development of the blockchain technology, the characteristics of decentralization, tamper resistance, traceability, safety and transparency of the blockchain technology are widely applied to the distributed cooperation field, and the fusion of the blockchain technology and the cryptography technology provides an excellent solution for the trusted data management of the Internet of things. In addition, by using the intelligent contract technology of the blockchain, the solution of the trusted data management can be automatically encoded, the requirement of a third party organization is eliminated, the safety is improved, and the operation cost is reduced.
Disclosure of Invention
In view of the above, the invention provides a method for managing the trusted data of the internet of things based on the blockchain technology, which is divided into four parts, namely equipment identity authentication, data security transmission, trusted data storage and trusted data sharing, and a distributed and tamper-proof communication network is constructed for a gateway and an edge server, so that authorized access of legal users is ensured, malicious reading of data by illegal users is resisted, and trusted sharing of the data of the internet of things is ensured.
A block chain technology-based internet of things trusted data management method comprises the following steps:
(1) The method comprises the steps of finishing identity security authentication between terminal equipment and a gateway of the Internet of things by using an asymmetric encryption algorithm and a signature algorithm, and finishing session key negotiation between the terminal equipment and the gateway by using a Diffie-Hellman key exchange technology;
(2) The terminal equipment encrypts and transmits the original internet of things data to the gateway by using a session key obtained by negotiation with the gateway, and then the gateway sends the encrypted data to the edge server, and the edge server uses a Kademlia algorithm to realize distributed safe storage of the internet of things data in an edge server network;
(3) And an access control mechanism of the user to the data of the Internet of things is realized by using the attribute-based encryption scheme.
Further, the specific implementation process of the step (1) is as follows:
1.1, generating a random number n a by the terminal equipment of the Internet of things, signing n a and a current time stamp TS 1 by using a signature private key SK Sd of the terminal equipment of the Internet of things, encrypting a signature result by using an encryption public key PK Eg of a gateway needing authentication to form a message M 1, and sending the message M 1 to the gateway;
1.2 the gateway uses the own encryption private key SK Eg to decrypt M 1 to obtain a signature result, then uses the public signature key PK Sd of the terminal equipment to verify the signature and obtain n a, and the verification is successful, which means that the terminal equipment is legal equipment;
1.3 the terminal equipment uses the own encryption private key SK Ed to decrypt M 2 to obtain a signature result, then uses the public key PK Sg of the gateway to verify the signature and obtain n a and n b, if the verification is successful, the identity of the gateway is legal, meanwhile, the terminal equipment verifies whether the obtained n a is consistent, if so, the terminal equipment uses the private key SK Sd to sign n b and the current timestamp TS 3, and uses the public key PK Eg of the gateway to encrypt the signature result to form a message M 3, and sends the message M 3 to the gateway;
1.4 the gateway decrypts M 3 by using an encryption private key SK Eg of the gateway to obtain a signature result, then verifies the signature by using a signature public key PK Sd of the terminal equipment and acquires n b, further verifies whether the acquired n b is consistent, and if so, indicates that the sender is a correct interaction object, so as to finish the mutual authentication between the terminal equipment of the Internet of things and the gateway;
1.5 the terminal equipment generates a random number M D as a private key, then calculates a public key PK 1=mD, G and G represents a group, then encrypts PK 1 and a current timestamp TS 4 by using an encryption public key PK Eg of the gateway to form a message M 4, and sends the message M 4 to the gateway;
1.6 the gateway generates a random number M G as a private key, then calculates a public key PK 2=mG xG, encrypts PK 2 and a current timestamp TS 5 by using an encrypted public key PK Ed of the terminal equipment to form a message M 5, and sends the message M 5 to the terminal equipment;
1.7 the gateway uses the own encryption private key SK Eg to decrypt M 4 to obtain PK 1, then calculates a secure session key SKey=m G*PK1=mG*mD.g between the gateway and the terminal equipment, the terminal equipment uses the own encryption private key SK Ed to decrypt M 5 to obtain PK 2, then calculates a secure session key SKey=m D*PK2=mD*mG.g between the gateway and the terminal equipment of the Internet of things, and finally completes session key negotiation between the gateway and the terminal equipment of the Internet of things.
Further, the specific implementation process of the step (2) is as follows:
2.1, the terminal equipment of the Internet of things encrypts the original Internet of things data by using a secure session key SKey between the terminal equipment of the Internet of things and the gateway and transmits the encrypted data to the gateway, and the gateway forwards the encrypted data to an edge server S 1 closest to the gateway;
2.2 the edge server S 1 takes 160 bit hash for calculating the encrypted data as Key, takes the encrypted data as Value, finds out k edge servers with ID numbers closest to the Key according to k values set by the system, and further transmits the Key-Value to the k edge servers for storage, so that the distributed storage of the data of the Internet of things in the edge server network is completed.
Further, the specific implementation process of the step (3) is as follows:
3.1 the data owner stores the access policy P to the gateway, the gateway executes Setup (1 λ) -to (PK, MSK), namely calculates the system public key PK and the system master key MSK according to the security parameter lambda, then embeds PK into the transaction and sends the PK to the blockchain network, and simultaneously stores the MSK locally;
3.2 the user sends a data request to the edge server, the edge server firstly verifies the identity of the user, then uses the intelligent contract to interact with the gateway, if the identity of the user is legal, the gateway will generate a corresponding attribute set S for the user, the public key PK user of the user will be stored as an authorized user identifier in the intelligent contract, and the gateway will generate a private key for the user;
3.3 gateway executes KeyGen (PK, MSK, S) -SK, namely, inputs system public key PK, system master key MSK and attribute set S of user, calculates and outputs user access private key SK;
3.4, the edge server receives the encryption result and transmits the encryption result to the user, and the user decrypts the encryption result by using the private key SK user to obtain the user access private key SK;
3.5 gateway executes Encrypt (PK, P, SKey) to CT, namely, inputs the public key PK of the system, the access strategy P and the session key SKey between the terminal equipment of the Internet of things and the gateway, generates ciphertext CT, completes encryption of the session key SKey, and then the gateway sends the ciphertext CT to the edge server for storage through the blockchain network;
3.6, the user uses Kademlia algorithm to download the encrypted data and the ciphertext CT from the edge server, and runs Decrypt (PK, SK, CT) to SKey, namely, the public key PK of the system, the private key SK accessed by the user and the ciphertext CT are input, and the session key Skey is obtained through decryption;
And 3.7, the user executes Decrypt (SKey, encrypted data) to the original data, and decrypts the encrypted data by using the session key SKey to obtain the original Internet of things data.
Further, the specific process of the user in step 3.6 for downloading the encrypted data and the ciphertext CT from the edge server by using the Kademlia algorithm is as follows:
3.6.1 the user initiates a search request to the edge server according to the Key of the request data, the edge server searches whether the edge server stores a data pair (Key, value) or not, if yes, the user is directly returned with the encrypted data, otherwise k node IDs closest to the Key Value are found, and a FIND_VALUE request is sent to the k nodes (namely the edge server in the network);
The node receiving the FIND VALUE request at 3.6.2 first checks if the data pair (Key, VALUE) is stored locally, if so, returns encrypted data to the sender edge server, otherwise, FINDs k node IDs nearest to the Key VALUE by the node, and sends the FIND VALUE request to the k nodes, and continues to spread the search until the encrypted data is acquired or an edge server closer to the Key VALUE than the currently known node ID cannot be acquired (this indicates that the data searched by the user does not exist).
The identity authentication scheme between the terminal equipment and the gateway effectively suppresses the security risk of access of malicious equipment to the network, guarantees the legitimacy of a data source of the Internet of things, protects the confidentiality of data in the transmission process and avoids eavesdropping and tampering attacks by designing a session key negotiation mechanism between the terminal equipment and the gateway, and in addition, the invention constructs a reliable distributed data storage scheme in an edge network based on a Kademlia algorithm, greatly reduces the security privacy risk of centralized storage, solves the bandwidth bottleneck and greatly improves the expandability of data storage. Finally, because the invention designs a set of active access control mechanism based on attribute-based encryption, only users with attribute sets matched with access strategies formulated by data owners can obtain access authorization, thereby guaranteeing the availability of data of authorized users, effectively preventing malicious users from adopting illegal means to acquire original data, improving the safety of accessing the data by consumer layer users, protecting the original value of the data of the Internet of things and realizing user-oriented authority management.
Drawings
Fig. 1 is a schematic diagram of an authentication flow between an internet of things terminal device and a gateway according to the present invention.
Fig. 2 is a schematic diagram of a session key negotiation flow according to the present invention.
FIG. 3 is a diagram illustrating a trusted data management process according to the present invention.
Detailed Description
In order to more particularly describe the present invention, the following detailed description of the technical scheme of the present invention is provided with reference to the accompanying drawings and the specific embodiments.
The invention realizes a trusted data management scheme of the Internet of things based on the blockchain technology by using a Diffie-Hellman key exchange technology, an asymmetric encryption, a signature algorithm, a Kademlia algorithm and an attribute-based encryption technology, gateway equipment and an edge server serve as blockchain link points to maintain a blockchain network, and logic interaction is carried out by calling intelligent conservation, and the whole flow is shown in figure 3.
As shown in fig. 1, the terminal of the internet of things and the gateway perform mutual authentication, and the identity validity of the device joining the network is verified, which comprises the following specific steps:
Step 1, the terminal equipment of the internet of things randomly generates a random number n a, signs n a and a real-time timestamp TS 1 by using a signature private key SK Sd, encrypts a signature result by using an encryption public key PK Eg of a gateway needing authentication after signing, forms a message M 1 and sends the message M 1 to a corresponding gateway.
And 2, the gateway decrypts M 1 by using a self-encryption private key SK Eg, then uses a signature public key PK Sd of the Internet of things equipment to verify the signature and obtain n a, and the verification is successful, namely the Internet of things equipment is legal equipment, then the gateway randomly generates a random number n b, then uses the signature private key SK Sg to sign n a、nb and a real-time timestamp TS 2, and the signed result is encrypted by using an encryption public key PK Ed of the Internet of things equipment needing authentication to form a message M 2 and then fed back to the Internet of things equipment.
And 3, decrypting the M 2 by using a self-encryption private key SK Ed to obtain a signature result, verifying the signature by using a signature public key PK Sg of the gateway, if the verification is successful, indicating that the identity of the gateway is legal, simultaneously verifying whether the obtained n a is correct or not by the equipment, if the obtained n a is correct, signing the n b and the real-time timestamp TS 3 by using the signature private key SK Sd, encrypting the signature result by using an encryption public key PK Eg of the gateway to form a message M 3, and then sending the message M 3 to the gateway.
And 4, the gateway decrypts the M 3 by using an encryption private key SK Eg, then verifies the signature by using a signature public key PK Sd of the Internet of things equipment and acquires n b, verifies whether n b is consistent, and if so, indicates that the sender is a correct interaction object, so that the mutual authentication between the Internet of things equipment and the gateway is completed.
As shown in fig. 2, the internet of things device performs session key negotiation with the gateway to protect security of data transmission in the communication process, and specifically includes the following steps:
Step 1, the internet of things equipment randomly generates a number M D serving as a private key, calculates a public key PK 1=mD xG, encrypts PK 1 and a real-time timestamp TS 4 by using an encryption public key PK Eg of a gateway to form a message M 4, and sends the message M 4 to the gateway.
Step 2, the gateway receives M 4, randomly generates a number M G as a private key, calculates a public key PK 2=mG G, encrypts PK 2 and a real-time timestamp TS 5 by using an encryption public key PK Ed of the Internet of things device to form a message M 5, and feeds back to the Internet of things device.
And 3, the internet of things equipment calculates a secure session key skey=m D*PK2=mD*mG ×g of the gateway.
And 4, the gateway calculates a secure session key of the internet of things equipment, namely SKey=m G*PK1=mD*mG ×G, so as to finish session key negotiation between the internet of things equipment.
After mutual identity authentication and session key negotiation with the gateway are completed, the internet of things device uploads an access policy P of internet of things data to the gateway by a data owner, and then the gateway executes Encrypt (PK, P, SKey) →CT, namely, a system public key PK, the data access policy P and a session key SKey are input, a ciphertext CT is output, and encryption of the session key SKey is completed. Meanwhile, the Internet of things equipment encrypts the original data by using the SKey and sends the encrypted data to a gateway, and the gateway sends (CT, encrypted data and time stamp) to an edge server for storage through a blockchain network.
The invention provides a distributed safe storage scheme by using a Kademlia algorithm, which comprises the specific processes that an edge server calculates 160-bit hash values of encrypted data as Key, the encrypted data is regarded as Value, k edge servers with ID numbers (each edge server has 160-bit ID numbers) closest to the Key are found according to k values set by a system, the Key-Value, CT and time stamp are transmitted to the k edge servers through a blockchain network to be stored, and thus the distributed storage of the data of the Internet of things in the edge server network is completed.
The distributed redundant storage scheme provided by the invention has the advantages that firstly, as the encrypted data stores a plurality of copies, even one edge server is attacked, the data search is not influenced, the service availability is ensured, the robustness of the system is improved, and in addition, the Kademlia algorithm provides an efficient data query method, the target edge server can be positioned within log 2 N time, so that a user can quickly obtain the service.
In order to prevent illegal access of the data of the Internet of things, the invention designs an access control mechanism aiming at the data users of the Internet of things by using an attribute-based encryption technology, and the specific steps are as follows:
and step 1, when the user needs to use the data of the Internet of things, sending a data request to an edge server closest to the user, and providing public key information and identity information of the data request.
And 2, transmitting the user information to the gateway through the block chain by the edge server.
The gateway firstly judges whether the identity of the user is legal or not, if so, a corresponding attribute base S is generated for the gateway, a public key PK user of the user is stored in the intelligent contract as an authorized user identifier, then the gateway operates KeyGen (PK, MSK, S) -SK, inputs a system public key PK, a system master key MSK and an attribute set S of the user, outputs a user access private key SK, encrypts SK by using the public key PK user of the user and embeds an encryption result into a blockchain transaction, and a transaction ID and an intelligent contract address are sent to an edge server through the blockchain.
Step 4, firstly, a user downloads a system public key PK and an encrypted self private key SK from an edge server network, decrypts the SK by using the self private key SK user, and then finds an encrypted data block and CT from the edge server network by using a Kademlia query algorithm, wherein the specific process is as follows:
And 4-1, the data user initiates a search request to the edge server according to the Key of the request data, the edge server searches whether the data pair (Key, value) is stored or not, if yes, the data user directly returns the encrypted data to the user, otherwise, k nodes closest to the Key Value are found, and a FIND_VALUE request is sent to the k node IDs.
Step 4-2, the node receiving the FIND_VALUE request firstly checks whether the node stores (Key, VALUE) data pairs or not, if yes, the node returns encrypted data to the sender edge server, otherwise, k nodes closest to the Key VALUE are found again, and the FIND_VALUE request is sent to the k node IDs.
Step 4-3, repeating the steps until the VALUE is acquired or the edge server which is closer to the Key VALUE than the currently known server ID cannot be acquired, wherein the data searched by the user does not exist.
Step 5, the user operates Decrypt (PK, SK, CT) to SKey, inputs the system public key PK, the user private key SK and the encrypted session key CT, outputs the session key Skey, and can successfully decrypt the SKey if the attribute set S of the user meets the access strategy P set by the data owner, otherwise, the decryption fails.
And 6, the user runs Decrypt (SKey, encrypted data) to the original data, and decrypts the encrypted data by using the session key SKey to obtain the original data.
The access control mechanism guarantees authorized access of legal users, prevents malicious reading of data by illegal users, and realizes trusted sharing of data of the Internet of things.
The embodiments described above are described in order to facilitate the understanding and application of the present invention to those skilled in the art, and it will be apparent to those skilled in the art that various modifications may be made to the embodiments described above and that the general principles described herein may be applied to other embodiments without the need for inventive faculty. Therefore, the present invention is not limited to the above-described embodiments, and those skilled in the art, based on the present disclosure, should make improvements and modifications within the scope of the present invention.

Claims (1)

1. A block chain technology-based internet of things trusted data management method comprises the following steps:
(1) The identity security authentication between the terminal equipment of the Internet of things and the gateway is completed by using an asymmetric encryption algorithm and a signature algorithm, and the session key negotiation between the terminal equipment and the gateway is completed by using a Diffie-Hellman key exchange technology, wherein the specific implementation process is as follows:
1.1, generating a random number n a by the terminal equipment of the Internet of things, signing n a and a current time stamp TS 1 by using a signature private key SK Sd of the terminal equipment of the Internet of things, encrypting a signature result by using an encryption public key PK Eg of a gateway needing authentication to form a message M 1, and sending the message M 1 to the gateway;
1.2 the gateway uses the own encryption private key SK Eg to decrypt M 1 to obtain a signature result, then uses the public signature key PK Sd of the terminal equipment to verify the signature and obtain n a, and the verification is successful, which means that the terminal equipment is legal equipment;
1.3 the terminal equipment uses the own encryption private key SK Ed to decrypt M 2 to obtain a signature result, then uses the public key PK Sg of the gateway to verify the signature and obtain n a and n b, if the verification is successful, the identity of the gateway is legal, meanwhile, the terminal equipment verifies whether the obtained n a is consistent, if so, the terminal equipment uses the private key SK Sd to sign n b and the current timestamp TS 3, and uses the public key PK Eg of the gateway to encrypt the signature result to form a message M 3, and sends the message M 3 to the gateway;
1.4 the gateway decrypts M 3 by using an encryption private key SK Eg of the gateway to obtain a signature result, then verifies the signature by using a signature public key PK Sd of the terminal equipment and acquires n b, further verifies whether the acquired n b is consistent, and if so, indicates that the sender is a correct interaction object, so as to finish the mutual authentication between the terminal equipment of the Internet of things and the gateway;
1.5 the terminal equipment generates a random number M D as a private key, then calculates a public key PK 1=mD, G and G represents a group, then encrypts PK 1 and a current timestamp TS 4 by using an encryption public key PK Eg of the gateway to form a message M 4, and sends the message M 4 to the gateway;
1.6 the gateway generates a random number M G as a private key, then calculates a public key PK 2=mG xG, encrypts PK 2 and a current timestamp TS 5 by using an encrypted public key PK Ed of the terminal equipment to form a message M 5, and sends the message M 5 to the terminal equipment;
1.7 the gateway uses the own encryption private key SK Eg to decrypt M 4, and calculates the security session key SKey=m G*PK1=mG*mD ×G between the gateway and the terminal equipment after obtaining PK 1; the terminal equipment decrypts M 5 by using an encryption private key SK Ed of the terminal equipment, obtains PK 2, and then calculates a secure session key SKey=m D*PK2=mD*mG G between the terminal equipment and the gateway, so as to finish session key negotiation between the terminal equipment and the gateway of the Internet of things;
(2) The terminal equipment encrypts and transmits the original internet of things data to the gateway by using a session key obtained by negotiating the terminal equipment and the gateway, and then the gateway sends the encrypted data to the edge server, and the edge server uses a Kademlia algorithm to realize the distributed safe storage of the internet of things data in an edge server network, and the specific implementation process is as follows:
2.1, the terminal equipment of the Internet of things encrypts the original Internet of things data by using a secure session key SKey between the terminal equipment of the Internet of things and the gateway and transmits the encrypted data to the gateway, and the gateway forwards the encrypted data to an edge server S 1 closest to the gateway;
2.2 the edge server S 1 takes 160 bit hash for calculating the encrypted data as Key, takes the encrypted data as Value, finds out k edge servers with ID numbers closest to the Key according to k values set by the system, and further transmits the Key-Value to the k edge servers for storage, so that the distributed storage of the data of the Internet of things in the edge server network is completed;
(3) The attribute-based encryption scheme is used for realizing an access control mechanism of a user to the data of the Internet of things, and the specific realization process is as follows:
3.1 the data owner stores the access policy P to the gateway, the gateway executes Setup (1 λ) -to (PK, MSK), namely calculates the system public key PK and the system master key MSK according to the security parameter lambda, then embeds PK into the transaction and sends the PK to the blockchain network, and simultaneously stores the MSK locally;
3.2 the user sends a data request to the edge server, the edge server firstly verifies the identity of the user, then uses the intelligent contract to interact with the gateway, if the identity of the user is legal, the gateway will generate a corresponding attribute set S for the user, the public key PK user of the user will be stored as an authorized user identifier in the intelligent contract, and the gateway will generate a private key for the user;
3.3 gateway executes KeyGen (PK, MSK, S) -SK, namely, inputs system public key PK, system master key MSK and attribute set S of user, calculates and outputs user access private key SK;
3.4, the edge server receives the encryption result and transmits the encryption result to the user, and the user decrypts the encryption result by using the private key SK user to obtain the user access private key SK;
3.5 gateway executes Encrypt (PK, P, SKey) to CT, namely, inputs the public key PK of the system, the access strategy P and the session key SKey between the terminal equipment of the Internet of things and the gateway, generates ciphertext CT, completes encryption of the session key SKey, and then the gateway sends the ciphertext CT to the edge server for storage through the blockchain network;
3.6, the user uses Kademlia algorithm to download the encrypted data and ciphertext CT from the edge server, namely, according to the Key of the request data, the edge server searches whether the edge server stores the data pairs (Key, value) or not, if yes, the edge server directly returns the encrypted data to the user, otherwise, k node IDs closest to the Key Value are found and the field_value request is sent to the k nodes;
then Decrypt (PK, SK, CT) to SKey are operated, namely, a system public key PK, a user access private key SK and a ciphertext CT are input, and the session key Skey is obtained through decryption;
And 3.7, the user executes Decrypt (SKey, encrypted data) to the original data, and decrypts the encrypted data by using the session key SKey to obtain the original Internet of things data.
CN202110856422.9A 2021-07-28 2021-07-28 A trusted data management method for the Internet of Things based on blockchain technology Active CN113553574B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110856422.9A CN113553574B (en) 2021-07-28 2021-07-28 A trusted data management method for the Internet of Things based on blockchain technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110856422.9A CN113553574B (en) 2021-07-28 2021-07-28 A trusted data management method for the Internet of Things based on blockchain technology

Publications (2)

Publication Number Publication Date
CN113553574A CN113553574A (en) 2021-10-26
CN113553574B true CN113553574B (en) 2025-01-24

Family

ID=78104743

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110856422.9A Active CN113553574B (en) 2021-07-28 2021-07-28 A trusted data management method for the Internet of Things based on blockchain technology

Country Status (1)

Country Link
CN (1) CN113553574B (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116074023A (en) * 2021-10-29 2023-05-05 华为技术有限公司 Authentication method and communication device
CN116094739A (en) * 2021-11-08 2023-05-09 华为云计算技术有限公司 Encryption method, encryption device and related equipment
CN114189359B (en) * 2021-11-18 2023-12-01 临沂大学 Internet of things equipment capable of avoiding data tampering, data safety transmission method and system
CN114615006A (en) * 2021-12-01 2022-06-10 江苏省电力试验研究院有限公司 Edge layer data security protection method and system for power distribution Internet of things and storage medium
CN114117499B (en) * 2021-12-06 2024-05-03 中电万维信息技术有限责任公司 Trusted data exchange method based on authority management
CN114499988B (en) * 2021-12-30 2022-11-08 电子科技大学 Block chain-based Internet of things key distribution and equipment authentication method
CN114398602B (en) * 2022-01-11 2024-05-10 国家计算机网络与信息安全管理中心 Internet of things terminal identity authentication method based on edge calculation
CN114499895B (en) * 2022-04-06 2022-07-29 国网浙江省电力有限公司电力科学研究院 A data trusted processing method and system integrating trusted computing and blockchain
CN114928491A (en) * 2022-05-20 2022-08-19 国网江苏省电力有限公司信息通信分公司 Internet of things security authentication method, device and system based on identification cryptographic algorithm
CN115085943B (en) * 2022-08-18 2023-01-20 南方电网数字电网研究院有限公司 Edge computing method and platform for safe encryption of electric power Internet of things in north and south directions
CN115277026A (en) * 2022-09-26 2022-11-01 国网浙江余姚市供电有限公司 Block chain-based Internet of things gateway control method, device and medium
CN117792613A (en) * 2022-10-13 2024-03-29 道和邦(广州)电子信息科技有限公司 CSPKI (compact public key infrastructure) based pre-key cross-domain secure communication algorithm based on round number super calculation
CN115412374B (en) * 2022-11-01 2023-01-31 国网浙江省电力有限公司金华供电公司 A secure data sharing method based on reputation consensus mechanism
CN117494111B (en) * 2023-09-11 2025-02-21 德浦勒仪表(广州)有限公司 Edge computing system and method for data processing and transmission of industrial flow meters
CN117579256B (en) * 2023-10-12 2024-04-23 智慧工地科技(广东)有限公司 Internet of things data management method and device
CN117240625B (en) * 2023-11-14 2024-01-12 武汉海昌信息技术有限公司 Tamper-resistant data processing method and device and electronic equipment
CN117544376A (en) * 2023-11-21 2024-02-09 广州东兆信息科技有限公司 A trusted authentication method and system for mobile terminal devices based on the Internet of Things
CN117527258B (en) * 2023-11-30 2025-02-28 北京万联世纪科技有限公司 A communication method for standardizing communication machine interface

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103929745A (en) * 2014-04-16 2014-07-16 东北大学 A wireless MESH network access authentication system and method based on privacy protection
CN111835752A (en) * 2020-07-09 2020-10-27 国网山西省电力公司信息通信分公司 Lightweight authentication method and gateway based on device identity
CN111986755A (en) * 2020-08-24 2020-11-24 中国人民解放军战略支援部队信息工程大学 Data sharing system based on block chain and attribute-based encryption

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105978883B (en) * 2016-05-17 2019-05-24 上海交通大学 Safe collecting method under extensive car networking
CN111147228B (en) * 2019-12-28 2022-04-01 西安电子科技大学 Ethernet IoT entity based lightweight authentication method, system and intelligent terminal
AU2020103294A4 (en) * 2020-11-06 2021-01-14 Mushtaq Ahmed Trusted and secure configuration and validation of data for public IoT devices using block chain technology
CN112836229B (en) * 2021-02-10 2023-01-31 北京深安信息科技有限公司 A Trusted Data Access Control Scheme Combining Attribute-Based Encryption and Blockchain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103929745A (en) * 2014-04-16 2014-07-16 东北大学 A wireless MESH network access authentication system and method based on privacy protection
CN111835752A (en) * 2020-07-09 2020-10-27 国网山西省电力公司信息通信分公司 Lightweight authentication method and gateway based on device identity
CN111986755A (en) * 2020-08-24 2020-11-24 中国人民解放军战略支援部队信息工程大学 Data sharing system based on block chain and attribute-based encryption

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于区块链与边缘计算的物联网数据管理";程冠杰等;《物联网学报》;20200630;第4卷(第2期);第1-9页 *

Also Published As

Publication number Publication date
CN113553574A (en) 2021-10-26

Similar Documents

Publication Publication Date Title
CN113553574B (en) A trusted data management method for the Internet of Things based on blockchain technology
CN108600227B (en) Medical data sharing method and device based on block chain
CN110419193B (en) KSI-based authentication and communication method and system for secure smart home environment
CN111092717B (en) Secure and reliable communication method based on group authentication in smart home environment
EP1376976B1 (en) Methods for authenticating potential members invited to join a group
US12132839B2 (en) Decentralised authentication
US20080046740A1 (en) Authentication of a peer in a peer-to-peer network
CN106878016A (en) Data is activation, method of reseptance and device
CN103959735A (en) Systems and methods for providing secure multicast intra-cluster communication
CN112532580B (en) Data transmission method and system based on block chain and proxy re-encryption
CN113392430B (en) Digital resource management method and system based on smart contract authentication
CN118713853A (en) Identity-driven trust management system for data center collaboration
CN117376026A (en) Internet of Things device identity authentication method and system
Duan et al. Design of anonymous authentication scheme for vehicle fog services using blockchain
CN112566114B (en) WLAN (Wireless local area network) mesh network secure communication method based on block chain
CN111245611B (en) Anti-quantum computation identity authentication method and system based on secret sharing and wearable equipment
Romdhani Existing security scheme for IoT
CN113364803B (en) Block chain-based security authentication method for power distribution Internet of things
CN113918971B (en) Block chain-based message transmission method, device, equipment and readable storage medium
CN106790185B (en) CP-ABE-based method and device for safely accessing authority dynamic update centralized information
WO2023116027A1 (en) Cross-domain identity verification method in secure multi-party computation, and server
CN115987519B (en) Block chain intelligent collaborative authentication method for multi-user common management
CN118713833B (en) Quantum security enhancement method for open identity connection protocol
CN118041695B (en) Information interaction method, device, electronic device, storage medium and program product
Li et al. Security-Enhanced Data Sharing Model for Cloud-Edge Collaborative Network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant