Cloud platform privacy protection verifiable data aggregation method based on sensor network
阅读说明:本技术 基于传感器网络的云平台隐私保护可验证数据聚合方法 (Cloud platform privacy protection verifiable data aggregation method based on sensor network ) 是由 王宏毅 张述林 徐旭东 张珽 刘鸿霖 于 2021-11-12 设计创作,主要内容包括:本发明公开了一种基于传感器网络的云平台隐私保护可验证数据聚合方法,包括:S1.密钥生成中心生成公开参数和自己的公私钥对;S2.通信实体向密钥生成中心进行注册,密钥生成中心为每个通信实体生成对应的私钥和秘密参数;S3.传感器终端设备将敏感数据加密得到密文数据,并上传可验证的加密信息;S4.云平台服务器对可验证的加密信息进行验证,若验证通过,则接受可验证的加密信息;S5.云平台服务器计算所有可验证的加密信息的聚合密文生成可验证的聚合密文信息,并上传可验证的聚合密文信息;S6.工程管理数据分析中心对可验证的聚合密文信息进行解密恢复出原始聚合数据。本发明中任何单个移动终端数据的机密性都能受到保护。(The invention discloses a cloud platform privacy protection verifiable data aggregation method based on a sensor network, which comprises the following steps: s1, a key generation center generates public parameters and a private and public key pair of the key generation center; s2, the communication entities register with a key generation center, and the key generation center generates corresponding private keys and secret parameters for each communication entity; s3, the sensor terminal equipment encrypts the sensitive data to obtain ciphertext data and uploads verifiable encryption information; s4, the cloud platform server verifies the verifiable encryption information, and if the verification is passed, the verifiable encryption information is accepted; s5, the cloud platform server calculates the aggregation ciphertext of all verifiable encrypted information to generate verifiable aggregation ciphertext information, and uploads the verifiable aggregation ciphertext information; and S6, the project management data analysis center decrypts the verifiable aggregation ciphertext information to recover the original aggregation data. The confidentiality of any single mobile terminal data can be protected in the invention.)
1. A cloud platform privacy protection verifiable data aggregation method based on a sensor network is applied to a wireless sensor network, the wireless sensor network comprises sensor terminal equipment, a cloud platform server and an engineering management data analysis center, the sensor terminal equipment is in communication connection with the cloud platform server, and the cloud platform server is in communication connection with the engineering management data analysis center, and the cloud platform privacy protection verifiable data aggregation method is characterized by comprising the following steps:
s1, a key generation center generates public parameters and a private and public key pair of the key generation center;
s2, registering the communication entities with a key generation center, wherein after the registration is successful, the key generation center generates corresponding private keys and secret parameters for each communication entity and sends the private keys and the secret parameters to the corresponding communication entities, and each communication entity comprises a sensor terminal device, a cloud platform server and an engineering management data analysis center;
s3, encrypting the acquired sensitive data by the sensor terminal equipment to obtain ciphertext data, generating a first message authentication code corresponding to the ciphertext data, and uploading verifiable encryption information to the cloud platform server, wherein the verifiable encryption information comprises the ciphertext data and the first message authentication code;
s4, after receiving the verifiable encryption information, the cloud platform server verifies the verifiable encryption information, and if the verification is passed, the cloud platform server receives the verifiable encryption information;
s5, the cloud platform server calculates the aggregate ciphertext of all verifiable encrypted information received by the cloud platform server in a preset time period to obtain verifiable aggregate ciphertext information, generates a third message authentication code corresponding to the verifiable aggregate ciphertext information, and sends the verifiable aggregate ciphertext information to an engineering management data analysis center, wherein the verifiable aggregate ciphertext information comprises the aggregate ciphertext and the third message authentication code;
and S6, after receiving the verifiable aggregation ciphertext information, the engineering management data analysis center decrypts the verifiable aggregation ciphertext information, and brute force decryption is carried out on a decryption result to recover the original aggregation data.
2. The method for cloud platform privacy protection verifiable data aggregation based on sensor network according to claim 1, wherein the S1 comprises the following steps:
s11, randomly selecting two large prime numbers by a secret key generation centerIs provided withWhereinAndis two orders are bothThe group of multiplication cycles of (a) is,is a complex order bilinear pairwise mapping;
s12, randomly selecting multiplication cycle group by key generation centerGenerating element ofAndand computing multiplication cycle groupsAn element of ;
S13, a prime order bilinear pairwise mapping is set in the key generation centerWherein Based on elliptic curvesThe cyclic group is added in a step-adding way,is generated by,Is thatA group of order multiplication loops for each of the plurality of stages,is a large prime number;
s14, the key generation centerOrder finite fieldTo select a non-zero random numberAs the master private key of the key generation center, and calculating the master public key of the key generation center;
S15, setting three secure hash functions in the key generation center、AndwhereinThe key space for the hash-based message authentication code HMAC,is a secure hash functionThe length of the bits of the output is,is a secure hash functionThe bit length of the output;
s16, outputting system public parameters by the key generation centerAnd storing the master private key of the key generation centerAnd a decryption key。
3. The method for cloud platform privacy protection verifiable data aggregation based on sensor network according to claim 2, wherein the S2 comprises the following steps:
s21, the sensor terminal equipment sends the real identity information to a key generation center, and if the real identity information of the sensor terminal equipment is illegal, the key generation center refuses to register the sensor terminal equipment; if the real identity information of the sensor terminal equipment is legal, the key generation center calculates a corresponding private key for the real identity information of the sensor terminal equipment,Is true identity information of the sensor terminal equipment, whereinFor the total number of sensor terminals and for the slave set of sensor terminalsIn the method, a secret parameter is randomly selectedAnd will beSent to the sensor terminalEnd equipment;
s22, the cloud platform server sends the real identity information to the key generation center, and if the real identity information of the cloud platform server is illegal, the key generation center refuses to register the key generation center; if the real identity information of the cloud platform server is legal, the key generation center calculates a corresponding private key for the cloud platform serverAnd secret parametersAnd will beThe information is sent to the cloud platform server,the real identity information of the cloud platform server;
s23, the engineering management data analysis center sends the real identity information to the key generation center, and if the real identity information of the engineering management data analysis center is illegal, the key generation center refuses to register the key generation center; if the real identity information of the cloud platform server is legal, the key generation center calculates a corresponding private key for the engineering management data analysis centerSelectingAs a decryption key of an engineering management data analysis center, and willSending the data to an engineering management data analysis center,the real identity information of the engineering management data analysis center.
4. The method for cloud platform privacy protection verifiable data aggregation based on sensor network according to claim 3, wherein the S3 comprises the following steps:
s31, sensor terminal equipment slave setIn the random number selectionAnd calculating ciphertext dataThe method comprises the steps of representing sensitive data collected by sensor terminal equipment;
s32, the sensor terminal equipment calculates a first authentication session key negotiated with the cloud platform server;
S33, calculating ciphertext data by the sensor terminal equipmentBased on the first message authentication code of the hash function,WhereinIs the current timestamp;
s34, the sensor terminal equipment verifies the verifiable encryption informationAnd uploading to a cloud platform server.
5. The method for cloud platform privacy protection verifiable data aggregation based on sensor network according to claim 4, wherein the S4 comprises the following steps:
s41, the cloud platform server receives the verifiable encryption informationThen, the time stamp is checkedValidity of if time stampIf not, discarding the verifiable encryption informationIf the time stamp isIf yes, go to S42;
s42, the cloud platform server calculates a second authentication session key negotiated with the sensor terminal equipment;
S43, the cloud platform server calculates ciphertext dataBased on the second message authentication code of the hash function,And if and only ifThe cloud platform server receives the verifiable encryption information。
6. The method for cloud platform privacy protection verifiable data aggregation based on sensor network according to claim 5, wherein the S5 comprises the following steps:
s51, computing aggregation ciphertext by cloud platform server;
S52, the cloud platform server calculates a third authentication session key negotiated with the engineering management data analysis center;
S53, computing aggregation ciphertext by cloud platform serverThe third message authentication code based on the hash function,,Represents a time period;
s54, the cloud platform server willVerifiable aggregate ciphertext informationAnd sending the data to an engineering management data analysis center.
7. The method for cloud platform privacy protection verifiable data aggregation based on sensor network according to claim 6, wherein the S6 comprises the following steps:
s61, the project management data analysis center receives the verifiable aggregation ciphertext informationThen, checking the time periodValidity of (in terms of time period)If not, discarding the verifiable aggregated ciphertext informationIf the time periodIf yes, go to S62;
s62, the engineering management data analysis center calculates a fourth authentication session key negotiated with the cloud platform server;
S63, calculating an aggregation ciphertext by an engineering management data analysis centerThe fourth message authentication code based on the hash function ,And if and only ifAnd then the engineering management data analysis center receives the verifiable aggregated ciphertext information;
S64, the engineering management data analysis center uses the decryption keyFor the verifiable aggregate ciphertext informationDecrypting to obtain the aggregated ciphertextIndex value of (1),Representing aggregate ciphertextAnd then recovering the original aggregated data according to exhaustive brute force cracking。
Technical Field
The invention relates to the field of wireless sensor network environment and cloud platform data security and privacy protection, in particular to a cloud platform privacy protection verifiable data aggregation method based on a sensor network.
Background
The wireless sensor network mainly utilizes various types of sensor terminal equipment to collect and monitor various types of information in the network area environment in real time, and the information is sent to the aggregation node through the wireless network, so that the problem of information isolated island can be effectively solved. The wireless sensor network has very wide application prospect in many fields such as smart cities. Because the wireless sensor network has limited calculation and storage resources, how to reduce the waste of communication bandwidth and storage space, reduce the energy consumption of nodes, prolong the service life of the network, and ensure the communication service quality becomes a technical problem which needs to be solved urgently by the wireless sensor network. Data aggregation is an important technology for data processing of a wireless sensor network, and collected or received data are aggregated, so that repeated data are filtered when data from different sources are combined, and data redundancy is eliminated.
The cloud platform technology can be effectively integrated in a wireless sensor network environment to serve as a aggregation node, and storage and processing pressure brought by data sharp increase is relieved. Although cloud platform technology in a wireless sensor network environment presents obvious advantages for timely processing and storing of mass data, the data is vulnerable to various security threats, wherein confidentiality and integrity are the most concerned security threats.
Disclosure of Invention
The invention aims to overcome one or more defects in the prior art and provides a cloud platform privacy protection verifiable data aggregation method based on a sensor network.
The purpose of the invention is realized by the following technical scheme: a cloud platform privacy protection verifiable data aggregation method based on a sensor network is applied to a wireless sensor network, the wireless sensor network comprises sensor terminal equipment, a cloud platform server and an engineering management data analysis center, the sensor terminal equipment is in communication connection with the cloud platform server, the cloud platform server is in communication connection with the engineering management data analysis center, and the cloud platform privacy protection verifiable data aggregation method comprises the following steps:
s1, a key generation center generates public parameters and a private and public key pair of the key generation center;
s2, registering the communication entities with a key generation center, wherein after the registration is successful, the key generation center generates corresponding private keys and secret parameters for each communication entity and sends the private keys and the secret parameters to the corresponding communication entities, and each communication entity comprises a sensor terminal device, a cloud platform server and an engineering management data analysis center;
s3, encrypting the acquired sensitive data by the sensor terminal equipment to obtain ciphertext data, generating a first message authentication code corresponding to the ciphertext data, and uploading verifiable encryption information to the cloud platform server, wherein the verifiable encryption information comprises the ciphertext data and the first message authentication code;
s4, after receiving the verifiable encryption information, the cloud platform server verifies the verifiable encryption information, and if the verification is passed, the cloud platform server receives the verifiable encryption information;
s5, the cloud platform server calculates the aggregate ciphertext of all verifiable encrypted information received by the cloud platform server in a preset time period to obtain verifiable aggregate ciphertext information, generates a third message authentication code corresponding to the verifiable aggregate ciphertext information, and sends the verifiable aggregate ciphertext information to an engineering management data analysis center, wherein the verifiable aggregate ciphertext information comprises the aggregate ciphertext and the third message authentication code;
and S6, after receiving the verifiable aggregation ciphertext information, the engineering management data analysis center decrypts the verifiable aggregation ciphertext information, and brute force decryption is carried out on a decryption result to recover the original aggregation data.
Preferably, the S1 includes the following steps:
s11, randomly selecting two large prime numbers by a secret key generation centerIs provided withWhereinAndis two orders are bothThe group of multiplication cycles of (a) is,is a complex order bilinear pairwise mapping;
s12, randomly selecting multiplication cycle group by key generation centerGenerating element ofAndand computing multiplication cycle groupsAn element of ;
S13, a prime order bilinear pairwise mapping is set in the key generation centerWherein Based on elliptic curvesThe cyclic group is added in a step-adding way,is generated by,Is thatA group of order multiplication loops for each of the plurality of stages,is a large prime number;
s14, the key generation centerOrder finite fieldTo select a non-zero random numberMaster secret as key generation centerA key, and calculating a master public key of a key generation center;
S15, setting three secure hash functions in the key generation center、AndwhereinThe key space for the hash-based message authentication code HMAC,is a secure hash functionThe length of the bits of the output is,is a secure hash functionThe bit length of the output;
s16, outputting system public parameters by the key generation centerAnd storing the master private key of the key generation centerAnd a decryption key。
Preferably, the S2 includes the following steps:
s21, the sensor terminal equipment sends the real identity information to a key generation center, and if the real identity information of the sensor terminal equipment is illegal, the key generation center refuses to register the sensor terminal equipment; if the real identity information of the sensor terminal equipment is legal, the key generation center calculates a corresponding private key for the real identity information of the sensor terminal equipment,Is true identity information of the sensor terminal equipment, whereinFor the total number of sensor terminals and for the slave set of sensor terminalsIn the method, a secret parameter is randomly selectedAnd will beSending the data to the sensor terminal equipment;
s22, the cloud platform server sends the real identity information to the key generation center, and if the real identity information of the cloud platform server is illegal, the key generation center refuses to register the key generation center; if the real identity information of the cloud platform server is legal, the key generation center calculates a corresponding private key for the cloud platform serverAnd secret parametersAnd will beIs sent toA cloud platform server for providing a cloud platform service,the real identity information of the cloud platform server;
s23, the engineering management data analysis center sends the real identity information to the key generation center, and if the real identity information of the engineering management data analysis center is illegal, the key generation center refuses to register the key generation center; if the real identity information of the cloud platform server is legal, the key generation center calculates a corresponding private key for the engineering management data analysis centerSelectingAs a decryption key of an engineering management data analysis center, and willSending the data to an engineering management data analysis center,the real identity information of the engineering management data analysis center.
Preferably, the S3 includes the following steps:
s31, sensor terminal equipment slave setIn the random number selectionAnd calculating ciphertext dataThe method comprises the steps of representing sensitive data collected by sensor terminal equipment;
s32, the sensor terminal equipment calculates a first authentication session key negotiated with the cloud platform server;
S33, calculating ciphertext data by the sensor terminal equipmentBased on the first message authentication code of the hash function,WhereinIs the current timestamp;
s34, the sensor terminal equipment verifies the verifiable encryption informationAnd uploading to a cloud platform server.
Preferably, the S4 includes the following steps:
s41, the cloud platform server receives the verifiable encryption informationThen, the time stamp is checkedValidity of if time stampIf not, discarding the verifiable encryption informationIf the time stamp isIf yes, go to S42;
s42, the cloud platform server calculates a second authentication session key negotiated with the sensor terminal equipment;
S43, the cloud platform server calculates ciphertext dataBased on the second message authentication code of the hash function,And if and only ifThe cloud platform server receives the verifiable encryption information。
Preferably, the S5 includes the following steps:
s51, computing aggregation ciphertext by cloud platform server;
S52, the cloud platform server calculates a third authentication session key negotiated with the engineering management data analysis center;
S53, computing aggregation ciphertext by cloud platform serverThe third message authentication code based on the hash function,,Represents a time period;
s54, the cloud platform server gathers verifiable ciphertext informationAnd sending the data to an engineering management data analysis center.
Preferably, the S6 includes the following steps:
s61, the project management data analysis center receives the verifiable aggregation ciphertext informationThen, checking the time periodValidity of (in terms of time period)If not, discarding the verifiable aggregated ciphertext informationIf the time periodIf yes, go to S62;
s62, the engineering management data analysis center calculates a fourth authentication session key negotiated with the cloud platform server;
S63, calculating an aggregation ciphertext by an engineering management data analysis centerThe fourth message authentication code based on the hash function ,And if and only ifAnd then the engineering management data analysis center receives the verifiable aggregated ciphertext information;
S64, the engineering management data analysis center uses the decryption keyFor the verifiable aggregate ciphertext informationDecrypting to obtain the aggregated ciphertextIndex value of (1),Representing aggregate ciphertextAnd then recovering the original aggregated data according to exhaustive brute force cracking。
The invention has the beneficial effects that:
(1) in the method, the sensor terminal equipment encrypts sensitive data in engineering by adopting a homomorphic encryption technology, and sends verifiable ciphertext information to the cloud platform server, the cloud platform server aggregates the ciphertext data after receiving the data sent by all the sensor terminal equipment, aggregates a large amount of ciphertext data into a single aggregation value for transmission, and communication overhead of data transmission is greatly reduced;
(2) in the method, in the whole data transmission, aggregation and decryption process, only the statistical information of the data can be decrypted by the engineering management data analysis center, so that the confidentiality of any single mobile terminal data is protected;
(3) the method of the invention can ensure that in the whole life cycle of the terminal data, even if the decryption key for decrypting the aggregated data is accidentally leaked or destroyed, any external or internal adversary cannot acquire the original single plaintext information by decrypting the single mobile terminal data ciphertext.
Drawings
Fig. 1 is a flowchart of a verifiable data aggregation method for cloud platform privacy protection based on a sensor network according to the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
Referring to fig. 1, the embodiment provides a cloud platform privacy protection verifiable data aggregation method based on a sensor network:
as shown in fig. 1, the cloud platform privacy protection verifiable data aggregation method based on the sensor network is applied to a wireless sensor network, the wireless sensor network includes a sensor terminal device, a cloud platform server and an engineering management data analysis center, the sensor terminal device is in communication connection with the cloud platform server, and the cloud platform server is in communication connection with the engineering management data analysis center.
The cloud platform privacy protection verifiable data aggregation method comprises the following steps:
s1, a key generation center generates public parameters and a private and public key pair of the key generation center.
The S1 includes the steps of:
s11, randomly selecting two large prime numbers by a secret key generation centerIs provided withWhereinAndis two orders are bothThe group of multiplication cycles of (a) is,is a complex order bilinear pairwise mapping.
S12, randomly selecting multiplication cycle group by key generation centerGenerating element ofAndand computing multiplication cycle groupsAn element of 。
S13, a prime order bilinear pairwise mapping is set in the key generation centerWherein Based on elliptic curvesThe cyclic group is added in a step-adding way,is generated by,Is thatA group of order multiplication loops for each of the plurality of stages,is a large prime number.
S14, the key generation centerOrder finite fieldTo select a non-zero random numberAs the master private key of the key generation center, and calculating the master public key of the key generation center。
S15, setting three secure hash functions in the key generation center、AndwhereinThe key space for the hash-based message authentication code HMAC,is a secure hash functionThe length of the bits of the output is,is a secure hash functionThe bit length of the output.
S16, outputting system public parameters by the key generation centerAnd storing the master private key of the key generation centerAnd a decryption key。
And S2, registering the communication entities with a key generation center, wherein the key generation center generates a corresponding private key and secret parameters for each communication entity after the registration is successful, and sends the private key and the secret parameters to the corresponding communication entities, and each communication entity comprises a sensor terminal device, a cloud platform server and an engineering management data analysis center.
The S2 includes the steps of:
s21, the sensor terminal equipment sends the real identity information to a key generation center, and if the real identity information of the sensor terminal equipment is illegal, the key generation center refuses to register the sensor terminal equipment; if the real identity information of the sensor terminal equipment is legal, the key generation center calculates a corresponding private key for the real identity information of the sensor terminal equipment,Is true identity information of the sensor terminal equipment, whereinFor the total number of sensor terminals and for the slave set of sensor terminalsIn the method, a secret parameter is randomly selectedAnd will beAnd sending the data to the sensor terminal equipment.
S22, the cloud platform server sends the real identity information to the key generation center, and if the real identity information of the cloud platform server is illegal, the key generation center refuses to register the key generation center; if the real identity information of the cloud platform server is legal, the key generation center calculates a corresponding private key for the cloud platform serverAnd secret parametersAnd will beThe information is sent to the cloud platform server,the real identity information of the cloud platform server.
S23, the engineering management data analysis center sends the real identity information to the key generation center, and if the real identity information of the engineering management data analysis center is illegal, the key generation center refuses to register the key generation center; if the real identity information of the cloud platform server is legal, the key generation center calculates a corresponding private key for the engineering management data analysis centerSelectingAs a decryption key of an engineering management data analysis center, and willSending the data to an engineering management data analysis center,the real identity information of the engineering management data analysis center.
And S3, the sensor terminal equipment encrypts the acquired sensitive data to obtain ciphertext data, generates a first message authentication code corresponding to the ciphertext data, and uploads verifiable encryption information to the cloud platform server, wherein the verifiable encryption information comprises the ciphertext data and the first message authentication code.
The S3 includes the steps of:
s31, sensor terminal equipment slave setIn the random number selectionAnd calculating ciphertext dataAnd the data represents the sensitive data collected by the sensor terminal equipment.
S32, the sensor terminal equipment calculates a first authentication session key negotiated with the cloud platform server。
S33, calculating ciphertext data by the sensor terminal equipmentBased on the first message authentication code of the hash function,WhereinIs the current timestamp.
S34, the sensor terminal equipment verifies the verifiable encryption informationAnd uploading to a cloud platform server.
And S4, after receiving the verifiable encryption information, the cloud platform server verifies the verifiable encryption information, and if the verification is passed, the cloud platform server receives the verifiable encryption information.
The S4 includes the steps of:
s41, the cloud platform server receives the verifiable encryption informationThen, the time stamp is checkedValidity of if time stampIf not, discarding the verifiable encryption informationIf the time stamp isIf valid, S42 is executed.
S42, the cloud platform server calculates a second authentication session key negotiated with the sensor terminal equipment。
S43, the cloud platform server calculates ciphertext dataBased on the second message authentication code of the hash function,And if and only ifThe cloud platform server receives the verifiable encryption information。
And S5, the cloud platform server calculates the aggregate ciphertext of all verifiable encrypted information received by the cloud platform server in a preset time period to obtain verifiable aggregate ciphertext information, generates a third message authentication code corresponding to the verifiable aggregate ciphertext information, and sends the verifiable aggregate ciphertext information to the engineering management data analysis center, wherein the verifiable aggregate ciphertext information comprises the aggregate ciphertext and the third message authentication code.
The S5 includes the steps of:
s51, secret parameters used by cloud platform serverComputing aggregate ciphertext。
S52, private key corresponding to cloud platform serverCalculating a third authentication session key negotiated with the engineering management data analysis center。
S53, computing aggregation ciphertext by cloud platform serverThe third message authentication code based on the hash function,,Representing a time period.
S54, the cloud platform server gathers verifiable ciphertext informationAnd sending the data to an engineering management data analysis center.
And S6, after receiving the verifiable aggregation ciphertext information, the engineering management data analysis center decrypts the verifiable aggregation ciphertext information, and brute force decryption is carried out on a decryption result to recover the original aggregation data.
The S6 includes the steps of:
s61, the project management data analysis center receives the verifiable aggregation ciphertext informationThen, checking the time periodValidity of (in terms of time period)If not, discarding the verifiable aggregated ciphertext informationIf the time periodIf valid, S62 is executed.
S62, the engineering management data analysis center utilizes the corresponding private keyCalculating a fourth authentication session key negotiated with the cloud platform server。
S63, calculating an aggregation ciphertext by an engineering management data analysis centerThe fourth message authentication code based on the hash function ,And if and only ifAnd then the engineering management data analysis center receives the verifiable aggregated ciphertext information。
S64, the engineering management data analysis center uses the decryption keyFor the verifiable aggregate ciphertext informationDecrypting to obtain the aggregated ciphertextIndex value of (1),Representing aggregate ciphertextAnd then recovering the original aggregated data according to exhaustive brute force cracking。
The correctness is deduced as follows:
in the stage of uploading the ciphertext data to the cloud platform server, the sensor terminal equipment calculates a first authentication session key(ii) a In the stage of verifying and aggregating the ciphertext data by the cloud platform server, the cloud platform server calculates a second authentication session key. As a result of this, it is possible to,
therefore, each sensor terminal device and the cloud platform server negotiate the same authentication session key . Therefore, the sensor terminal equipment and the cloud platform server can calculate the same message authentication code Thereby ensuring the authentification and integrity of the transmitted ciphertext data.
Similarly, the cloud platform server and the engineering management data analysis center negotiate the same authentication session key. This is because,And, furthermore,
in this way, the cloud platform server and the engineering management data analysis center can calculate the same message authentication code. Thereby ensuring the authentification and integrity of the transmission of the aggregated ciphertext data.
Decryption correctness is derived as follows:
when the engineering management data analysis center receives verifiable aggregation ciphertext information reported by the cloud platform serverThereafter, the engineering management data analysis center uses the decryption keyCarry out decryption to obtain. Due to the fact thatAndthe engineering management data analysis center calculates as follows:
original aggregated data that can be recovered from exhaustive brute force crackingThereby, further data analysis of privacy protection can be performed.
The foregoing is illustrative of the preferred embodiments of this invention, and it is to be understood that the invention is not limited to the precise form disclosed herein and that various other combinations, modifications, and environments may be resorted to, falling within the scope of the concept as disclosed herein, either as described above or as apparent to those skilled in the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.