[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN113472594A - Revocation-supported shared data auditing system and method in vehicle self-organizing network - Google Patents

Revocation-supported shared data auditing system and method in vehicle self-organizing network Download PDF

Info

Publication number
CN113472594A
CN113472594A CN202110904287.0A CN202110904287A CN113472594A CN 113472594 A CN113472594 A CN 113472594A CN 202110904287 A CN202110904287 A CN 202110904287A CN 113472594 A CN113472594 A CN 113472594A
Authority
CN
China
Prior art keywords
vehicle user
service provider
cloud service
vehicle
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110904287.0A
Other languages
Chinese (zh)
Inventor
崔明明
韩德志
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Maritime University
Original Assignee
Shanghai Maritime University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Maritime University filed Critical Shanghai Maritime University
Priority to CN202110904287.0A priority Critical patent/CN113472594A/en
Publication of CN113472594A publication Critical patent/CN113472594A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Medical Informatics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a shared data auditing system and method supporting revocation in a vehicle self-organizing network, wherein the system comprises: vehicle user, roadside unit, key generation center, third party auditor and cloud service provider, the method comprising: initializing a system by a key generation center; the key generation center and the vehicle user generate a private key; uploading, by the vehicle user, the data, the set of verifiers, and the tag together into a cloud service provider; a third party auditor generates a challenge, and a cloud service provider generates a certificate; the third party auditor verifies the correctness of the proof; the roadside unit generates a new revocation number, and the un-revoked vehicle users and the key generation center generate new private keys; and the unrevoked vehicle users upload new data, and the third-party auditor audits the data stored by the cloud service provider. The invention provides a shared data auditing method supporting vehicle revocation based on an identity and certificateless signature method, and improves the efficiency of shared data auditing and vehicle user revocation.

Description

Revocation-supported shared data auditing system and method in vehicle self-organizing network
Technical Field
The invention relates to the technical field of information security of a vehicle self-organizing network, in particular to a shared data auditing system and method supporting revocation.
Background
In the Vehicle networking (VANETs), information exchange and sharing can be performed by a Network formed between vehicles and between a Vehicle and a Roadside Unit (RSU). According to the road condition of the real-time perception of the vehicle, the vehicle driver broadcasts information through the traffic management platform, the driver is helped to go out efficiently, unnecessary traffic accidents are avoided, the road traffic safety is improved, and meanwhile the intelligent degree of traffic management is also improved. In Vehicular Social Networks (VSNs), vehicle data owners generate both personal-oriented and public-oriented data.
With the massive amount of data in social communications, the local storage space of vehicle users has been unable to meet this storage requirement. Cloud storage is a storage model that stores data in a logical storage resource pool, the physical storage of the data spanning multiple servers owned and managed by Cloud Service Providers (CSPs). Cloud service providers are responsible for maintaining the availability and accessibility of data, and users purchase or lease storage capacity from the provider to store data for individuals or organizations. However, when data owners outsource their data to the cloud, they can lose physical control of the outsourced data without storing the data locally. In addition, the cloud service provider may delete the user's infrequent data in order to save storage resources to earn more interest. Therefore, the user is most concerned about whether the data stored on the cloud is secure, where integrity is one of the security requirements.
In the traditional method, if a user needs to detect the integrity of outsourced data, the whole data needs to be downloaded from a cloud server to the local. This obviously creates a significant communication and computational burden, which is not practical. In order to solve the real problem, a cloud storage data auditing scheme is generated. The scheme can complete data integrity detection without downloading the whole data. In the data uploading stage, a user not only uploads data, but also uploads a corresponding data block authenticator; in the integrity auditing stage, an auditor randomly selects some data blocks to inquire, verifies the data blocks according to the aggregated data blocks sent by the cloud and the corresponding authenticators, and judges whether outsourced data is complete or not according to the verification result.
Furthermore, the problem of user revocation is crucial in sharing data in a group. Revocation of group members includes revocation of group members actively leaving and revocation of malicious group members. Once the user is revoked, he is not allowed access to the shared data and all his public and private keys are invalid. The revoked group members can no longer use the previous public and private keys for message signing, and at the same time, uploaded data before revocation is not affected. To implement the revocation of group members, a new public key and a new private key can be generated, but the verification of the previously generated messages is ensured; when the signature is verified in a mode of generating and broadcasting the revocation list, the verifier performs checking according to the revocation list.
In the existing shared data integrity auditing technology, a data integrity auditing protocol [ J ] based on identity agent offline signature is provided in a document ' Huangxurong, Guokong ', computer engineering and design, 2020,41(06) ' 1553-. However, the methods all adopt time-consuming bilinear peer-to-peer operation, and the verification efficiency of data integrity is not greatly improved.
In the existing vehicle revocation technology, documents of a von Ricazan, a Yao source, a Chuanchovy, a vehicle revocable group signature mechanism [ J ] for vehicle networking and information technology, 2017(09), 30-34 "and a document of a conditional privacy protection authentication scheme capable of being quickly revoked in the vehicle networking are researched, wherein the document of the vehicle networking attribute-based encryption method [ J ] is researched and developed, wherein the document of the vehicle networking attribute-based encryption method is used for rapidly revoking the dynamic and static attributes [ D ] Anhui university, 2019" and the document of the vehicle networking attribute-based encryption method is used for revoking the dynamic and static attributes [ J ] is researched and developed by a computer, 2017,54(11) is 2456 and 2466 "and the document of a privacy protection revocation mechanism of a vehicle self-organizing network based on a general one-way accumulator [ J ] is researched by the computer application, 2016 (08) is 2401 and a method for revoking the vehicle in the vehicle self-organizing network is proposed. These methods all use a similar Certificate Authority (CA) to manage the user's certificates, but the CA is not necessarily fully trusted and distribution, storage and revocation of certificates is a significant burden.
Wang et al, in its published paper, "Public Auditing for Shared Data with Efficient Public User Revocation in the Cloud" (IEEE Transactions on Services Computing), propose an Efficient User revocable Public Auditing scheme by means of proxy re-signing technology, convert the Data block signature of the revoked User into the signature of the current User, thereby well satisfying the Cloud storage Data Auditing requirement of User dynamic revocable, but the collusion of the Cloud server and the revoked User of the scheme may cause the disclosure of the private key of the User. Zhang et al, in its published paper "associating instant User Revocation in Identity-Based Cloud Storage authentication for Shared Big Data" (IEEE Transactions on dependent and Secure Computing), propose a private key updating technique to support User Revocation, when a User is revoked from a group, all non-revoked users update their private keys, while the Identity information of the group does not need to be changed, and all Data block verifiers generated before User Revocation do not need to be recalculated. In the prior art, a method for combining revocation and audit in a vehicle self-organizing network is not provided, and the method for supporting user revocation and audit in a simple network has the problems of security threat and high calculation cost.
Disclosure of Invention
The invention aims to combine the aspects of vehicle revocation and auditing into a vehicle ad hoc network and overcome the problems of security and computational overhead in the existing auditing scheme supporting revocation. The invention provides a shared data auditing method supporting revocation in a vehicle self-organizing network, which reduces a lot of time-consuming operations, ensures the security of shared data and improves the efficiency of a system.
In order to achieve the above object, the present invention provides a revocation-supported shared data auditing system in a vehicle ad hoc network, including:
and the vehicle user stores the data generated by the sensor on the cloud and can carry out remote data integrity verification. There are multiple vehicle users in a group, each of which may share data with other users through cloud storage. Vehicle users can join or leave the group without legitimate vehicle users revealing any private information to others. The revoked vehicle user cannot access the shared data and upload any data to the cloud service provider;
the roadside unit has strong computing power, can immediately process real-time data sent by a vehicle user and upload the real-time data to a cloud service provider. When a vehicle user leaves the group, the roadside unit is responsible for revoking the user;
the key generation center is a trusted entity, has enough calculation and storage capacity, is used for initializing the whole system and generating a part of private keys for each vehicle user according to the identity information of the vehicle user;
the third party auditor is honest and credible, audits the cloud service provider on behalf of the vehicle user, and determines whether the data of the vehicle user is completely stored according to the certification sent by the cloud service provider;
the cloud service provider, which is the center of the system, has huge storage space and computing resources. All data is stored on the cloud service provider, and vehicle users can enjoy the data sharing service through the cloud storage.
The invention also provides a revocation-supported shared data auditing method in the vehicle self-organizing network, which comprises the following steps:
s1, initializing a system to generate a master private key, a master public key and system public parameters by a key generation center;
and S2, the key generation center generates a partial private key for the vehicle user according to the identity information of the vehicle user, and the partial private key is used for obtaining the full private key of the vehicle user. The vehicle user generates a secret value as another part of the private key, and can verify the correctness of the part of the private key generated by the key generation center;
s3, the vehicle user generates a label for the file to be uploaded and a verifier for each data block of the file for later verifying the integrity of the file. The vehicle user uploads the file, the set of verifiers and the tag to a cloud service provider together, and the cloud service provider can check the correctness of the uploaded data according to the tag, the verifiers and other public values;
and S4, the third party auditor receives the audit entrusts of the vehicle users to generate a challenge. The cloud service provider generates a certificate according to the received challenge and the related information of the stored data block;
s5, verifying the correctness of the certificate generated by the cloud service provider by a third party auditor, and further judging whether the cloud service provider correctly stores the uploaded data blocks;
s6, the roadside unit generates a new vehicle user revocation number, and the vehicle users and the key generation center which are not revoked respectively generate a new private key and a new partial private key for later uploading a new file;
and S7, uploading a new file, a set of verifiers and a label by an unrevoked vehicle user, and then auditing data stored by the cloud service provider by a third party auditor.
The step S1 is that the key generation center initializes the system to generate the master private key, the master public key and the system public parameter, and includes the following steps:
s11, the key generation center selects a cyclic addition group G with prime order q;
s12, the key generation center randomly selects a main private key
Figure BDA0003201055540000041
Calculating the master public key Ppub
Ppub=s·P (1)
Wherein P is a generator of the group G,
Figure BDA0003201055540000042
is the set of all natural numbers from 1 to q-1 in the q-order cyclic group;
s13, selecting two different encryption hash functions h by the key generation center1And h2
Figure BDA0003201055540000043
Figure BDA0003201055540000044
Wherein, {0, 1}*A 0, 1 character string representing an arbitrary length;
s14, the key generation center safely stores the master private key S, and publishes the system public parameter prms:
prms=(q,P,G,Ppub,h1,h2)。 (4)
the step S2 is that the key generation center generates a partial private key for the vehicle user according to the vehicle user identity information, and the vehicle user generates a secret value as another partial private key, including the following steps:
s21, vehicle user randomly selects
Figure BDA0003201055540000051
As a secret value, the public key X is calculated and then the identity is assigned
Figure BDA0003201055540000052
Sending to a key generation center;
X=x·P; (5)
s22, receiving IDUThen, the key generation center calculates part of the private key y and sends the secret to the vehicle user;
y=s·h1(IDU); (6)
s23, verifying the validity of the partial private key by the vehicle user;
y·P=Ppub·h1(IDU) (7)
if the formula (7) is established, the vehicle user accepts part of the private key y; otherwise, the vehicle user refuses to accept it.
The full private key of the vehicle user is (x, y) and is used for calculating the verifier of the data block. Without revocation by the vehicle user, only the vehicle user U knows the full private key and the full private key is unchanged. Each time a vehicle user revokes, the full private key is updated by the vehicle user who has not revoked.
The step S3 is that the vehicle user generates a tag and a verifier for a file to be uploaded, and uploads the file, a set of verifiers, and the tag to the cloud service provider together, including the following steps:
s31, the vehicle user divides the shared file F to be uploaded into n blocks, where F ═ m1,…,mi,…mnAnd (c) the step of (c) in which,
Figure BDA0003201055540000053
s32 vehicle user calculation block miOf the verifier sigmaiThen, calculating a set sigma of the verifier;
σi=x·h2(IDF,i,Num)+y·mi (8)
σ={σi}i∈[1,n] (9)
wherein, IDFIs a unique identifier for file F, i is block miNum represents the number of vehicle user withdrawals, and initial Num is 0;
s33, the vehicle user calculates the label tag of the file F and uploads the (F, sigma, tag) to the cloud service provider;
tag=IDU||IDF||Num||Sigsk(IDU||IDF||Num) (10)
wherein a public and private key pair (pk, sk) of Sig is selected for generating and verifying the label of the file. The identity-based digital signature Sig is used to ensure the integrity of the vehicle user identity, file identifier, vehicle user revocation number;
s34, after receiving the (F, sigma, tag), the cloud service provider firstly checks whether the Num in the tag is the latest vehicle user revocation number, if so, the cloud service provider continuously checks the Sig through the pksk(IDU||IDF| Num) is a valid signature, and then whether tag is valid is judged; otherwise, the user uploading the file F is a revoked or illegal vehicle user, and the cloud service provider refuses the request of the vehicle user for uploading the file F;
s35, when the tag is effective, the cloud service provider analyzes the tag to obtain the IDU、IDFAnd Num. Finally, the cloud service provider verifies whether the vehicle user uploads the related information of the file F correctly;
σi·P=X·h2(IDF,i,Num)+Ppub·h1(IDU)·mi (11)
if equation (11) holds, the cloud service provider stores (F, σ, tag) and notifies the vehicle user, so that the vehicle user deletes F and σ stored locally; otherwise, it is stated that the verifier σ is generated by a revoked or illegal vehicle user, and the cloud service provider rejects the request of the vehicle user to upload the file F.
Step S4, the third party auditor generating a challenge, and the cloud service provider generating a certificate according to the received challenge and the information about the stored data block, includes the following steps:
s41, randomly selecting c (c is more than or equal to 1 and less than or equal to n) elements from the data blocks uploaded by the third party auditor, generating a challenge chal and sending the challenge chal to the cloud service provider;
chal={j,wj}j∈I (12)
wherein,
Figure BDA0003201055540000061
|I|=c,
Figure BDA0003201055540000062
s42, after receiving the chal, the cloud service provider respectively calculates T and M according to the stored data block and the corresponding verifier thereof, and sends the certificate Pr (T, M) and the file label tag to a third party auditor;
T=∑j∈Iwj·σj (13)
M=∑j∈Iwj·mj (14)
where j is block mjThe index of (a) is determined,
Figure BDA0003201055540000063
σj=x·h2(IDF,j,Num)+y·mj
the step S5 of verifying the correctness of the proof generated by the cloud service provider by the third party auditor includes the following steps:
s51, the third party auditor checks Sig through pksk(IDU||IDF| Num) is a valid signature, and then whether tag is valid is judged. If the tag is valid, the third party auditor analyzes to obtain the IDU,IDFAnd Num; otherwise, the third party auditor notifies the vehicle user that the file F is damaged;
s52, under the condition that the tag is valid, the third party auditor verifies whether the cloud service provider correctly stores the uploaded data block according to the proof Pr and the related information of the data block;
T·P=∑j∈Iwj·X·h2(IDF,j,Num)+M·Ppub·h1(IDU) (15)
if the formula (15) is established, the cloud service provider is correct to store the file F, and the third-party auditor sends 'success' to the vehicle user; otherwise, the third party auditor sends a "failure" to the vehicle user.
The step S6 is that the roadside unit generates a new vehicle user revocation number, and the unreleased vehicle users and the key generation center respectively generate a new private key and a new partial private key, including the following steps:
s61, when the vehicle user is cancelled, the roadside unit generates a new vehicle user cancellation number Num ═ Num +1, sends the new Num to the cloud service provider, and then cancels the vehicle user;
s62, generating new secret value randomly by non-revoked vehicle user
Figure BDA0003201055540000071
Calculating a new public key X ', and calculating a partial private key y' by a key generation center;
X′=x′·P (16)
y′=s·h1(IDU′) (17)
wherein,
Figure BDA0003201055540000072
the identity of the vehicle user is not revoked.
Only in the same group, the vehicle users can share data and related public values. Revoked vehicle users do not have an updated Num and they may collude to guess the new Num, but they are almost unlikely to guess the new x' and so they cannot generate a valid data block verifier. When a revoked vehicle user attempts to upload new data onto the cloud service provider, he will not be authenticated by the cloud service provider in the authenticator generation process. Therefore, the revoked vehicle user cannot upload new data to the cloud service provider for storage.
In step S7, the vehicle user who is not revoked uploads a new file, a set of verifiers, and a tag, and then the third party auditor audits data stored by the cloud service provider, including the following steps:
s71, un-revoked vehicle user wants to upload new shared file
Figure BDA0003201055540000073
First calculating the verifier sigma of a blocki', then computes the set of verifiers σ ' and the label tag ' of the file F ', and finally uploads (F ', σ ', tag ') to the cloud service offeringQuotient;
σi′=x′·h2(IDF′,i,Num+1)+y′·mi′ (18)
σ′={σi′}i∈[1,n] (19)
tag′=IDU′||IDF′||Num+1||Sigsk(IDU′||IDF′||Num+1) (20)
wherein, IDF′Is a unique identifier for file F';
s72, randomly selecting r (r is more than or equal to 1 and less than or equal to n) elements from the data blocks uploaded by the third party auditor, generating a challenge chal 'and sending the challenge chal' to the cloud service provider, and sending the file label tag 'and the generated certificate Pr' (T ', M') to the third party auditor by the cloud service provider;
chal′={k,wk}k∈R (21)
T′=∑k∈Rwk·σk′ (22)
M′=∑k∈Rwk·mk′ (23)
where k is the block mk' of the index table,
Figure BDA0003201055540000081
|R|=r,
Figure BDA0003201055540000082
σk′=x′·h2(IDF′,k,Num+1)+y′·mk′;
s73, the third party auditor checks Sig through pksk(IDU′||IDF′| Num +1) is a valid signature, and then whether tag' is valid is judged. If tag' is valid, the third party auditor resolves to obtain IDU′,IDF′And Num + 1; otherwise, the third party auditor notifies the non-revoked vehicle user file F' that it is corrupt.Under the condition that tag 'is effective, a third party auditor verifies whether the cloud service provider correctly stores the uploaded data blocks according to the certificate Pr' and the related information of the data blocks;
T′·P=∑k∈Rwk·X′·h2(IDF′,k,Num+1)+M′·Ppub·h1(IDU′) (24)
if the formula is established, the cloud service provider correctly stores the file F ', and the third party auditor sends ' success ' to the vehicle user which is not revoked; otherwise, the third party auditor sends a "failure" to the non-revoked vehicle user.
Compared with the prior art, the invention has the advantages that:
the invention provides a method for combining revocation and audit in a vehicle self-organizing network, and vehicle users who are not revoked can still audit uploaded data after the vehicle users are revoked.
The key generation center does not provide a complete private key for the vehicle user, and the vehicle user's full private key cannot be obtained even if an adversary invades the key generation center, so that the revoked vehicle user can not upload data to a cloud service provider.
The invention combines the method based on identity and certificateless signature, solves the problems of complex certificate management and key escrow, uses less time-consuming operation and greatly reduces the calculation overhead.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings used in the description will be briefly introduced, and it is obvious that the drawings in the following description are an embodiment of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts according to the drawings:
FIG. 1 is a system model diagram of a system and method for auditing shared data supporting revocation in a vehicle ad hoc network in accordance with the present invention;
FIG. 2 is a flow chart of a system and method for auditing shared data in a vehicle ad hoc network with revocation support.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, the present invention provides a revocation-supported shared data auditing system in a vehicle ad hoc network, comprising: the system comprises a vehicle user 1, a roadside unit 2, a key generation center 3, a third party auditor 4 and a cloud service provider 5;
the vehicle user 1 stores the data generated by the sensor on the cloud, and can perform remote data integrity verification. There are a plurality of vehicle users 1 in a group, and each vehicle user 1 can share data with other users through cloud storage. The vehicle user 1 can join or leave the group without the legitimate vehicle user 1 revealing any private information to others. The revoked vehicle user cannot access the shared data and upload any data to the cloud service provider;
the roadside unit 2 has strong computing power, and can immediately process real-time data sent by the vehicle user 1 and upload the data to the cloud service provider 5. When the vehicle user 1 leaves the group, the roadside unit 2 is responsible for revoking the user;
the key generation center 3 is a trusted entity, has enough calculation and storage capacity, is used for initializing the whole system, and generates a part of private keys for each vehicle user 1 according to the identity information of the vehicle user;
the third party auditor 4 is honest and credible, audits the cloud service provider 5 on behalf of the vehicle user 1, and determines whether the data of the vehicle user 1 is completely stored according to the certification sent by the cloud service provider 5;
the cloud service provider 5 is a center of the system, and has huge storage space and computing resources. All data is stored on the cloud service provider 5, and the vehicle user 1 can enjoy the data sharing service through the cloud storage.
As shown in fig. 2, the present invention further provides a revocation-supported shared data auditing method in a vehicle ad hoc network, which is implemented based on the revocation-supported shared data auditing system in the vehicle ad hoc network of the present invention, and includes the following steps:
s1, initializing a system to generate a master private key, a master public key and system public parameters by a key generation center;
and S2, the key generation center generates a partial private key for the vehicle user according to the identity information of the vehicle user, and the partial private key is used for obtaining the full private key of the vehicle user. The vehicle user generates a secret value as another part of the private key, and can verify the correctness of the part of the private key generated by the key generation center;
s3, the vehicle user generates a label for the file to be uploaded and a verifier for each data block of the file for later verifying the integrity of the file. The vehicle user uploads the file, the set of verifiers and the tag to a cloud service provider together, and the cloud service provider can check the correctness of the uploaded data according to the tag, the verifiers and other public values;
and S4, the third party auditor receives the audit entrusts of the vehicle users to generate a challenge. The cloud service provider generates a certificate according to the received challenge and the related information of the stored data block;
s5, verifying the correctness of the certificate generated by the cloud service provider by a third party auditor, and further judging whether the cloud service provider correctly stores the uploaded data blocks;
s6, the roadside unit generates a new vehicle user revocation number, and the vehicle users and the key generation center which are not revoked respectively generate a new private key and a new partial private key for later uploading a new file;
and S7, uploading a new file, a set of verifiers and a label by an unrevoked vehicle user, and then auditing data stored by the cloud service provider by a third party auditor.
The step S1 is that the key generation center initializes the system to generate the master private key, the master public key and the system public parameter, and includes the following steps:
s11, the key generation center selects a cyclic addition group G with prime order q;
s12, the key generation center randomly selects a main private key
Figure BDA0003201055540000101
Calculating the master public key Ppub
Ppub=s·P (1)
Wherein P is a generator of the group G,
Figure BDA0003201055540000102
is the set of all natural numbers from 1 to q-1 in the q-order cyclic group;
s13, selecting two different encryption hash functions h by the key generation center1And h2
Figure BDA0003201055540000103
Figure BDA0003201055540000104
Wherein, {0, 1}*A 0, 1 character string representing an arbitrary length;
s14, the key generation center safely stores the master private key S, and publishes the system public parameter prms:
prms=(q,P,G,Ppub,h1,h2)。 (4)
the step S2 is that the key generation center generates a partial private key for the vehicle user according to the vehicle user identity information, and the vehicle user generates a secret value as another partial private key, including the following steps:
s21, vehicle user randomly selects
Figure BDA0003201055540000105
As a secret value, the public key X is calculated and then the identity is assigned
Figure BDA0003201055540000106
Sending to a key generation center;
X=x·P; (5)
s22, receiving IDUThen, the key generation center calculates part of the private key y and sends the secret to the vehicle user;
y=s·h1(IDU); (6)
s23, verifying the validity of the partial private key by the vehicle user;
y·P=Ppub·h1(IDU) (7)
if the formula (7) is established, the vehicle user accepts part of the private key y; otherwise, the vehicle user refuses to accept it.
The full private key of the vehicle user is (x, y) and is used for calculating the verifier of the data block. Without revocation by the vehicle user, only the vehicle user U knows the full private key and the full private key is unchanged. Each time a vehicle user revokes, the full private key is updated by the vehicle user who has not revoked.
The step S3 is that the vehicle user generates a tag and a verifier for a file to be uploaded, and uploads the file, a set of verifiers, and the tag to the cloud service provider together, including the following steps:
s31, the vehicle user divides the shared file F to be uploaded into n blocks, where F ═ m1,…,mi,…mnAnd (c) the step of (c) in which,
Figure BDA0003201055540000111
s32 vehicle user calculation block miOf the verifier sigmaiThen, calculating a set sigma of the verifier;
σi=x·h2(IDF,i,Num)+y·mi (8)
σ={σi}i∈[1,n] (9)
wherein, IDFIs a unique identifier for file F, i is block miNum represents the number of vehicle user withdrawals, and initial Num is 0;
s33, the vehicle user calculates the label tag of the file F and uploads the (F, sigma, tag) to the cloud service provider;
tag=IDU||IDF||Num||Sigsk(IDU||IDF||Num) (10)
wherein a public and private key pair (pk, sk) of Sig is selected for generating and verifying the label of the file. The identity-based digital signature Sig is used to ensure the integrity of the vehicle user identity, file identifier, vehicle user revocation number;
s34, after receiving the (F, sigma, tag), the cloud service provider firstly checks whether the Num in the tag is the latest vehicle user revocation number, if so, the cloud service provider continuously checks the Sig through the pksk(IDU||IDF| Num) is a valid signature, and then whether tag is valid is judged; otherwise, the user uploading the file F is a revoked or illegal vehicle user, and the cloud service provider refuses the request of the vehicle user for uploading the file F;
s35, when the tag is effective, the cloud service provider analyzes the tag to obtain the IDU、IDFAnd Num. Finally, the cloud service provider verifies whether the vehicle user uploads the related information of the file F correctly;
σi·P=X·h2(IDF,i,Num)+Ppub·h1(IDU)·mi (11)
if equation (11) holds, the cloud service provider stores (F, σ, tag) and notifies the vehicle user, so that the vehicle user deletes F and σ stored locally; otherwise, it is stated that the verifier σ is generated by a revoked or illegal vehicle user, and the cloud service provider rejects the request of the vehicle user to upload the file F.
Step S4, the third party auditor generating a challenge, and the cloud service provider generating a certificate according to the received challenge and the information about the stored data block, includes the following steps:
s41, randomly selecting c (c is more than or equal to 1 and less than or equal to n) elements from the data blocks uploaded by the third party auditor, generating a challenge chal and sending the challenge chal to the cloud service provider;
chal={j,wj}j∈I (12)
wherein,
Figure BDA0003201055540000121
|I|=c,
Figure BDA0003201055540000122
s42, after receiving the chal, the cloud service provider respectively calculates T and M according to the stored data block and the corresponding verifier thereof, and sends the certificate Pr (T, M) and the file label tag to a third party auditor;
T=∑j∈Iwj·σj (13)
M=∑j∈Iwj·mj (14)
where j is block mjThe index of (a) is determined,
Figure BDA0003201055540000123
σj=x·h2(IDF,j,Num)+y·mj
the step S5 of verifying the correctness of the proof generated by the cloud service provider by the third party auditor includes the following steps:
s51, the third party auditor checks Sig through pksk(IDU||IDF| Num) is a valid signature, and then whether tag is valid is judged. If the tag is valid, the third party auditor analyzes to obtain the IDU,IDFAnd Num; otherwise, the third party auditor notifies the vehicle user that the file F is damaged;
s52, under the condition that the tag is valid, the third party auditor verifies whether the cloud service provider correctly stores the uploaded data block according to the proof Pr and the related information of the data block;
T·P=∑j∈Iwj·X·h2(IDF,j,Num)+M·Ppub·h1(IDU) (15)
if the formula (15) is established, the cloud service provider correctly stores the file F, and the third party auditor sends 'success' to the vehicle user; otherwise, the third party auditor sends a "failure" to the vehicle user.
The step S6 is that the roadside unit generates a new vehicle user revocation number, and the unreleased vehicle users and the key generation center respectively generate a new private key and a new partial private key, including the following steps:
s61, when the vehicle user is cancelled, the roadside unit generates a new vehicle user cancellation number Num ═ Num +1, sends the new Num to the cloud service provider, and then cancels the vehicle user;
s62, generating new secret value randomly by non-revoked vehicle user
Figure BDA0003201055540000131
Calculating a new public key X ', and calculating a partial private key y' by a key generation center;
X′=x′·P (16)
y′=s·h1(IDU′) (17)
wherein,
Figure BDA0003201055540000132
the identity of the vehicle user is not revoked.
Only in the same group, the vehicle users can share data and related public values. Revoked vehicle users do not have an updated Num and they may collude to guess the new Num, but they are almost unlikely to guess the new x' and so they cannot generate a valid data block verifier. When a revoked vehicle user attempts to upload new data onto the cloud service provider, he will not be authenticated by the cloud service provider in the authenticator generation process. Therefore, the revoked vehicle user cannot upload new data to the cloud service provider for storage.
In step S7, the vehicle user who is not revoked uploads a new file, a set of verifiers, and a tag, and then the third party auditor audits data stored by the cloud service provider, including the following steps:
s71, un-revoked vehicle user wants to upload new shared file
Figure BDA0003201055540000133
First calculating the verifier sigma of a blocki' then calculate the set σ ' of verifiers and the label tag ' of the file F ', and finally upload (F ', σ ', tag ') to the cloud service provider;
σi′=x′·h2(IDF′,i,Num+1)+y′·mi′ (18)
σ′={σi′}i∈[1,n] (19)
tag′=IDU′||IDF′||Num+1||Sigsk(IDU′||IDF′||Num+1) (20)
wherein, IDE′Is a unique identifier for file F';
s72, randomly selecting r (r is more than or equal to 1 and less than or equal to n) elements from the data blocks uploaded by the third party auditor, generating a challenge chal 'and sending the challenge chal' to the cloud service provider, and sending the file label tag 'and the generated certificate Pr' (T ', M') to the third party auditor by the cloud service provider;
chal′={k,wk}k∈R (21)
T′=∑k∈Rwk·σk′ (22)
M′=∑k∈Rwk·mk′ (23)
where k is the block mk' of the index table,
Figure BDA0003201055540000134
|R|=r,
Figure BDA0003201055540000135
σk′=x′·h2(IDF′,k,Num+1)+y′·mk′;
s73, the third party auditor checks Sig through pksk(IDU′||IDF′| Num +1) is a valid signature, and then whether tag' is valid is judged. If tag' is valid, the third party auditor resolves to obtain IDU′,IDE′And Num + 1; otherwise, the third party auditor notifies the non-revoked vehicle user file F' that it is corrupt. Under the condition that tag 'is effective, a third party auditor verifies whether the cloud service provider correctly stores the uploaded data blocks according to the certificate Pr' and the related information of the data blocks;
T′·P=∑k∈Rwk·X′·h2(IDF′,k,Num+1)+M′·Ppub·h1(IDU′) (24)
if the formula is established, the cloud service provider correctly stores the file F ', and the third party auditor sends ' success ' to the vehicle user which is not revoked; otherwise, the third party auditor sends a "failure" to the non-revoked vehicle user.
To test the performance of a revocation-enabled shared data auditing method in a vehicle ad hoc network of the present invention, definitions are defined
Figure BDA0003201055540000144
And tpRespectively representing the time consumption of one multiplication operation in G, the time consumption of one exponentiation operation in G,
Figure BDA0003201055540000141
Time consumption of one multiplication operation in G, time consumption of one hash function operation in G,
Figure BDA0003201055540000142
One-time hash function operation in (1)Computational time consumption and bilinear pairings. The hash function operation and the bilinear pairing operation in the step G are time-consuming. The method proposed by the present invention is compared with several revocation-supported auditing methods, taking into account the computational overhead of the user and the third party auditors, as shown in table 1 below:
TABLE 1 comparison of computational overhead
Figure BDA0003201055540000143
As can be seen from Table 1, the present invention has less computational overhead during the verifier generation and verification phases. In the user revocation phase, the scheme proposed by Wang et al requires the user and the cloud service provider to generate a new private key together, which presents the risk of collusion attack.
While the present invention has been described in detail with reference to the preferred embodiments, it should be understood that the above description should not be taken as limiting the invention. Various modifications and alterations to this invention will become apparent to those skilled in the art upon reading the foregoing description. Accordingly, the scope of the invention should be determined from the following claims.

Claims (7)

1. A revocation-supporting shared data auditing method in a vehicle self-organizing network uses a revocation-supporting shared data auditing system, wherein the system comprises vehicle users, roadside units, a key generation center, a third party auditor and a cloud service provider, wherein the vehicle users store data generated by sensors on the cloud and can carry out remote data integrity verification; the roadside unit has strong computing capacity, can immediately process real-time data sent by a vehicle user and upload the data to a cloud service provider, and is responsible for revoking the vehicle user when the vehicle user leaves a group; the key generation center is a trusted entity, has enough calculation and storage capacity, is used for initializing the whole system, and generates a part of private keys for each vehicle user according to the identity information of the vehicle user; the third party auditor is honest and credible, audits the cloud service provider on behalf of the vehicle user, and determines whether the data of the vehicle user is completely stored according to the certification sent by the cloud service provider; the cloud service provider is a center of the system, has huge storage space and computing resources, all data are stored on the cloud service provider, and vehicle users can enjoy data sharing service through cloud storage, and the method for auditing the shared data supporting revocation in the vehicle ad hoc network is characterized by comprising the following steps:
s1, initializing a system to generate a master private key, a master public key and system public parameters by a key generation center;
s2, the key generation center generates a part of private key for the vehicle user according to the identity information of the vehicle user, the part of private key is used for obtaining the full private key of the vehicle user, the vehicle user generates a secret value as the other part of private key, and the vehicle user can verify the correctness of the part of private key generated by the key generation center;
s3, the vehicle user generates a label for the file to be uploaded, and generates a verifier for each data block of the file for later verifying the integrity of the file, the vehicle user uploads the file, a set of the verifiers and the label to a cloud service provider together, and the cloud service provider can check the correctness of the uploaded data according to the label, the verifier and other public values;
s4, the third party auditor receives the audit entrusts of the vehicle users to generate a challenge, and the cloud service provider generates a certificate according to the received challenge and the related information of the stored data block;
s5, verifying the correctness of the certificate generated by the cloud service provider by a third party auditor, and further judging whether the cloud service provider correctly stores the uploaded data blocks;
s6, the roadside unit generates a new vehicle user revocation number, and the vehicle users and the key generation center which are not revoked respectively generate a new private key and a new partial private key for later uploading a new file;
s7, the unrevoked vehicle user uploads a new file, set of verifiers, and tags, and then a third party auditor proceeds to audit the data stored by the cloud service provider,
the step S1 includes the following steps:
s11, the key generation center selects a cyclic addition group G with prime order q;
s12, the key generation center randomly selects a main private key
Figure FDA0003201055530000021
Calculating the master public key Ppub:Ppub=s·P
Wherein P is a generator of the group G,
Figure FDA0003201055530000022
is the set of all natural numbers from 1 to q-1 in the q-order cyclic group;
s13, selecting two different encryption hash functions h by the key generation center1And h2
h1
Figure FDA0003201055530000023
h2
Figure FDA0003201055530000024
Wherein, {0, 1}*A 0, 1 character string representing an arbitrary length;
s14, the key generation center safely stores the master private key S and publishes the system public parameter prms;
prms=(q,P,G,Ppub,h1,h2)。
2. the method for auditing of shared data in a vehicle ad hoc network supporting revocation of claim 1, wherein said step S2 comprises the steps of:
s21, vehicle user randomly selects
Figure FDA0003201055530000025
As a secret value, the public key X is calculated and then the identity is assigned
Figure FDA0003201055530000026
Sending to a key generation center;
X=x·P;
s22, receiving IDUThen, the key generation center calculates part of the private key y and sends the secret to the vehicle user;
y=s·h1(IDU);
s23, verifying the validity of the partial private key by the vehicle user;
y·P=Ppub·h1(IDU)
if the above formula is established, the vehicle user accepts part of the private key y; otherwise, the vehicle user refuses to accept it.
3. The method for auditing of shared data in a vehicle ad hoc network supporting revocation of claim 1, wherein said step S3 comprises the steps of:
s31, the vehicle user divides the shared file F to be uploaded into n blocks, where F ═ m1,…,mi,…mnAnd (c) the step of (c) in which,
Figure FDA0003201055530000027
s32 vehicle user calculation block miOf the verifier sigmaiThen, calculating a set sigma of the verifier;
σi=x·h2(IDF,i,Num)+y·mi
σ={σi}i∈[1,n]
wherein, IDFIs a unique identifier for file F, i is block miNum represents the number of vehicle user withdrawals, and initial Num is 0;
s33, the vehicle user calculates the label tag of the file F and uploads the (F, sigma, tag) to the cloud service provider;
tag=IDU||IDF||Num||Sigsk(IDU||IDF||Num)
wherein, a public and private key pair (pk, sk) of Sig is selected for generating and verifying the label of the file, and the digital signature Sig based on the identity is used for ensuring the integrity of the identity of the vehicle user, the identifier of the file and the revocation number of the vehicle user;
s34, after receiving the (F, sigma, tag), the cloud service provider firstly checks whether the Num in the tag is the latest vehicle user revocation number, if so, the cloud service provider continuously checks the Sig through the pksk(IDU||IDF| Num) is a valid signature, and then whether tag is valid is judged; otherwise, the user uploading the file F is a revoked or illegal vehicle user, and the cloud service provider refuses the request of the vehicle user for uploading the file F;
s35, when the tag is effective, the cloud service provider analyzes the tag to obtain the IDU、IDFAnd Num, finally, the cloud service provider verifies whether the vehicle user correctly uploads the related information of the file F;
σi·P=X·h2(IDF,i,Num)+Ppub·h1(IDU)·mi
if the above equation is true, the cloud service provider stores (F, σ, tag) and notifies the vehicle user, so that the vehicle user deletes the locally stored F and σ; otherwise, it is stated that the verifier σ is generated by a revoked or illegal vehicle user, and the cloud service provider rejects the request of the vehicle user to upload the file F.
4. The method for auditing of shared data in a vehicle ad hoc network supporting revocation of claim 1, wherein said step S4 comprises the steps of:
s41, randomly selecting c (c is more than or equal to 1 and less than or equal to n) elements from the data blocks uploaded by the third party auditor, generating a challenge chal and sending the challenge chal to the cloud service provider;
chal={j,wj}j∈I
wherein,
Figure FDA0003201055530000031
|I|=c,
Figure FDA0003201055530000032
s42, after receiving the chal, the cloud service provider respectively calculates T and M according to the stored data block and the corresponding verifier thereof, and sends the certificate Pr (T, M) and the file label tag to a third party auditor;
T=∑j∈Iwj·σj
M=∑j∈Iwj·mj
where j is block mjThe index of (a) is determined,
Figure FDA0003201055530000041
σj=x·h2(IDF,j,Num)+y·mj
5. the method for auditing of shared data in a vehicle ad hoc network supporting revocation of claim 1, wherein said step S5 comprises the steps of:
s51, the third party auditor checks Sig through pksk(IDU||IDF| Num) is a valid signature, and further judging whether the tag is valid, if so, the third party auditor analyzes to obtain the IDU,IDFAnd Num, otherwise, the third party auditor notifies the vehicle user that the file F is damaged;
s52, under the condition that the tag is valid, the third party auditor verifies whether the cloud service provider correctly stores the uploaded data block according to the proof Pr and the related information of the data block;
T·P=∑j∈Iwj·X·h2(IDF,j,Num)+M·Ppub·h1(IDU)
if the formula is established, the cloud service provider correctly stores the file F, and the third party auditor sends success to the vehicle user; otherwise, the third party auditor sends a "failure" to the vehicle user.
6. The method for auditing of shared data in a vehicle ad hoc network supporting revocation of claim 1, wherein said step S6 comprises the steps of:
s61, when the vehicle user is cancelled, the roadside unit generates a new vehicle user cancellation number Num ═ Num +1, sends the new Num to the cloud service provider, and then cancels the vehicle user;
s62, generating new secret value randomly by non-revoked vehicle user
Figure FDA0003201055530000042
Calculating a new public key X ', and calculating a partial private key y' by a key generation center;
X′=x′·P
y′=s·h1(IDU′)
wherein,
Figure FDA0003201055530000043
the identity of the vehicle user is not revoked.
7. The method for auditing of shared data in a vehicle ad hoc network supporting revocation of claim 1, wherein said step S7 comprises the steps of:
s71, the unrevoked vehicle user wants to upload a new shared file F' ═ mi′}i∈[1,n]
Figure FDA0003201055530000044
First calculating the verifier sigma of a blocki' then calculate the set σ ' of verifiers and the label tag ' of the file F ', and finally upload (F ', σ ', tag ') to the cloud service provider;
σi′=x′·h2(IDF′,i,Num+1)+y′·mi
σ′={σi′}i∈[1,n]
tag′=IDU′||IDF′||Num+1||Sigsk(IDU′||IDF′||Num+1)
wherein, IDF′Is a unique identifier for file F';
s72, randomly selecting r (r is more than or equal to 1 and less than or equal to n) elements from the data blocks uploaded by the third party auditor, generating a challenge chal 'and sending the challenge chal' to the cloud service provider, and sending the file label tag 'and the generated certificate Pr' (T ', M') to the third party auditor by the cloud service provider;
chal′={k,wk}k∈R
T′=∑k∈Rwk·σk
M′=∑k∈Rwk·mk
where k is the block mk' of the index table,
Figure FDA0003201055530000051
|R|=r,
Figure FDA0003201055530000052
σk′=x′·h2(IDF′,k,Num+1)+y′·mk′;
s73, the third party auditor checks Sig through pksk(IDU′||IDF′If | Num +1) is a valid signature, further judging whether tag 'is valid, if tag' is valid, analyzing by a third party auditor to obtain IDU′,IDF′And Num +1, otherwise, the third party auditor informs the unrevoked vehicle user that the file F ' is damaged, and in the case that tag ' is valid, the third party auditor notifies the unrevoked vehicle user that the file F ' is damagedThe three-party auditor verifies whether the cloud service provider correctly stores the uploaded data blocks according to the certificate Pr' and the related information of the data blocks;
T′·P=∑k∈Rwk·X′·h2(IDF′,k,Num+1)+M′·Ppub·h1(IDU′)
if the formula is established, the cloud service provider correctly stores the file F ', and the third party auditor sends ' success ' to the vehicle user which is not revoked; otherwise, the third party auditor sends a "failure" to the non-revoked vehicle user.
CN202110904287.0A 2021-08-06 2021-08-06 Revocation-supported shared data auditing system and method in vehicle self-organizing network Withdrawn CN113472594A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110904287.0A CN113472594A (en) 2021-08-06 2021-08-06 Revocation-supported shared data auditing system and method in vehicle self-organizing network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110904287.0A CN113472594A (en) 2021-08-06 2021-08-06 Revocation-supported shared data auditing system and method in vehicle self-organizing network

Publications (1)

Publication Number Publication Date
CN113472594A true CN113472594A (en) 2021-10-01

Family

ID=77867856

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110904287.0A Withdrawn CN113472594A (en) 2021-08-06 2021-08-06 Revocation-supported shared data auditing system and method in vehicle self-organizing network

Country Status (1)

Country Link
CN (1) CN113472594A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103501352A (en) * 2013-10-22 2014-01-08 北京航空航天大学 Cloud storage data security auditing method allowing group-user identity revocation
CN103609059A (en) * 2010-09-20 2014-02-26 安全第一公司 Systems and methods for secure data sharing
WO2014036453A1 (en) * 2012-08-30 2014-03-06 Texas Instruments Incorporated One-way key fob and vehicle pairing verification, retention, and revocation
CN104753683A (en) * 2015-04-08 2015-07-01 西安电子科技大学 Group signature method with efficient revocation in vehicle networking
CN108989285A (en) * 2018-06-08 2018-12-11 浙江捷尚人工智能研究发展有限公司 Personal privacy protection method, electronic equipment, storage medium
CN109743327A (en) * 2019-01-16 2019-05-10 福建师范大学 The integrality of shared data discloses indentification protocol in cloud storage based on no certificate
CN109861829A (en) * 2019-03-15 2019-06-07 上海海事大学 The just auditing system of cloud data and its auditing method for supporting dynamic to update
CN110048836A (en) * 2019-04-02 2019-07-23 南京航空航天大学 A kind of cloud shared data integrality auditing method of traceable user identity

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103609059A (en) * 2010-09-20 2014-02-26 安全第一公司 Systems and methods for secure data sharing
WO2014036453A1 (en) * 2012-08-30 2014-03-06 Texas Instruments Incorporated One-way key fob and vehicle pairing verification, retention, and revocation
CN103501352A (en) * 2013-10-22 2014-01-08 北京航空航天大学 Cloud storage data security auditing method allowing group-user identity revocation
CN104753683A (en) * 2015-04-08 2015-07-01 西安电子科技大学 Group signature method with efficient revocation in vehicle networking
CN108989285A (en) * 2018-06-08 2018-12-11 浙江捷尚人工智能研究发展有限公司 Personal privacy protection method, electronic equipment, storage medium
CN109743327A (en) * 2019-01-16 2019-05-10 福建师范大学 The integrality of shared data discloses indentification protocol in cloud storage based on no certificate
CN109861829A (en) * 2019-03-15 2019-06-07 上海海事大学 The just auditing system of cloud data and its auditing method for supporting dynamic to update
CN110048836A (en) * 2019-04-02 2019-07-23 南京航空航天大学 A kind of cloud shared data integrality auditing method of traceable user identity

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
田俊峰,井宣: "多方参与高效撤销组成员的共享数据审计方案", 《电子与信息学报》 *
韩静,李艳平, 禹勇, 丁勇: "用户可动态撤销及数据可实时更新的云审计方案", 《软件学报》 *

Similar Documents

Publication Publication Date Title
CN112039872B (en) Cross-domain anonymous authentication method and system based on block chain
Yang et al. Delegating authentication to edge: A decentralized authentication architecture for vehicular networks
CN113194469B (en) 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain
CN111147460B (en) Block chain-based cooperative fine-grained access control method
CN114499898B (en) Block chain cross-chain secure access method and device
CN105516119A (en) Cross-domain identity authentication method based on proxy re-signature
Abraham et al. Privacy-preserving eID derivation to self-sovereign identity systems with offline revocation
CN114422106B (en) Security authentication method and system for Internet of things system under multi-server environment
Zheng et al. [Retracted] An Anonymous Authentication Scheme in VANETs of Smart City Based on Certificateless Group Signature
Ansper et al. Efficient long-term validation of digital signatures
CN110708337A (en) Big data security framework system based on identity authentication
CN116318739B (en) Electronic data exchange method and system
CN115604030B (en) Data sharing method, device, electronic equipment and storage medium
Quercia et al. Tata: Towards anonymous trusted authentication
CN117528516A (en) Cross-chain identity management method and system
CN114944953B (en) Certificate-free anonymous authentication method for road condition monitoring in Internet of vehicles environment
Deng et al. Designated‐Verifier Anonymous Credential for Identity Management in Decentralized Systems
CN113472594A (en) Revocation-supported shared data auditing system and method in vehicle self-organizing network
CN111585756B (en) Certificate-free cloud auditing method suitable for multi-copy-multi-cloud situation
Jamal et al. Blockchain enabled secure and efficient reputation management for vehicular energy network
CN114339743A (en) Internet of things client privacy protection authentication method based on edge calculation
CN114050930B (en) Data communication authentication method and system based on industrial Internet cloud computing
CN117155692B (en) Smart grid data aggregation method and system based on security mask
An et al. [Retracted] Anonymous Traceability Protocol Based on Group Signature for Blockchain
Yang et al. Cryptanalysis and improvement of three certificateless aggregate signature schemes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20211001