CN-122027234-A - Internet of things data sharing method and system based on threshold signature

Abstract

The invention discloses an Internet of things data sharing method and system based on a threshold signature. The method comprises four types of participants, namely trusted authority TA, edge server ES, internet of things equipment and data aggregation nodes. The TA is responsible for registering and managing the Internet of things equipment, the edge server ES and the data aggregation node, the ES is cooperated to sign the broadcast message of the data aggregation node, the data aggregation node is used as an aggregator to generate an aggregation signature by using the signature of the ES, and the Internet of things equipment realizes the authentication of the data aggregation node through signature verification. The data aggregation node remarkably reduces the communication and calculation cost between the data aggregation node and the Internet of things equipment through aggregating the signature of the ES. The registration and management of the TA can be performed in an offline state, thereby further improving the efficiency and security of the system. The threshold cryptography mechanism is introduced, a plurality of ESs are required to sign the same message cooperatively, and even if part of the ESs are broken, the system can still ensure the authenticity of the message.

Inventors

• LIU XINZHONG
• FENG QI
• PENG CONG
• LUO MIN
• HE DEBIAO

Assignees

• 武汉大学

Dates

Publication Date

20260512

Application Date

20260120

Claims (10)

1. 1. A data sharing method of the Internet of things based on threshold signature is characterized in that: the method involves a trusted authority TA, an edge server ES, a data aggregation node (such as a gateway) and an internet of things device (IoT device); the method comprises the following steps: In the system initialization stage, TA generates system parameters and distributes secret shares of a signature private key to each ES based on a threshold secret sharing scheme; a registration stage, in which each entity registers with a TA, wherein the TA pre-generates and distributes signature materials containing a pseudonym set for each ES; A signature phase comprising: The gateway selects ES sets meeting the threshold number and sends broadcast messages to be signed to them ; Each selected ES interacts with the gateway using its secret share and pre-distributed signature material to collectively generate information about the message The interaction comprises that the ES sends a signature intermediate quantity to the gateway, the gateway aggregates the intermediate quantity and feeds back the intermediate quantity to the ES, each ES regenerates a part of signature share and sends the part of signature share to the gateway, and finally the gateway aggregates the part of signature shares to form the aggregate signature; In the verification stage, the internet of things equipment or other gateway nodes verify the message by utilizing the aggregate signature and the public parameters Legitimacy and authenticity of (a).
2. 2. The internet of things data sharing method based on threshold signature as set forth in claim 1, wherein the system initialization phase specifically includes: TA generating elliptic Curve System parameters, the order is Elliptic curve group of (a) Generating a meta ; TA random selection of primary private key And calculates a master public key ; TA random selection signature private key And is constructed by Polynomial of degree Calculating secret shares of each ES And calculates a signature verification public key TA publishes system parameters including elliptic curve groups Of the order of Generating element Main public key Signature verification public key A plurality of hash functions.
3. 3. The method for sharing Internet of things data based on threshold signature as set forth in claim 1, wherein the signature material pre-distributed for the ES further comprises a plurality of random number pairs randomly generated by the TA and corresponding public keys thereof, and the pseudonym set is obtained by the TA by calculating pseudonyms Generation of wherein As the true identity of the ES, , In order to provide the public key in question, Is a hash function.
4. 4. The internet of things data sharing method based on threshold signature as set forth in claim 3, wherein the signature stage, the generating an aggregate signature process specifically includes: each ES selects a pseudonym from the pseudonym set And use a group of random number pairs% , ) And its public key [ ] , ) Calculating an intermediate quantity And sent to the gateway, Is a message to be broadcast which, To verify the public key for the signature, Is a hash function; the gateway calculates a first aggregate value And broadcasts R to each participating ES, The number of ES, alpha is the number of ES selected randomly; calculating challenge value for each ES And uses its secret share Random number pair , ) Lagrangian coefficient Generating a partial signature share And sending to a gateway; After the gateway verifies the validity of each part of signature share, the final aggregate signature is calculated 。
5. 5. The method for sharing Internet of things data based on threshold signature as set forth in claim 4, wherein the challenge value is ; The step of the gateway verifying the validity of the partial signature shares comprises: gateway verification equation Whether or not to establish; Wherein, the Is that Is used to store the share of the public key of (c), 。
6. 6. The method according to claim 4 or 5, wherein after the gateway calculates the final aggregate signature z, the method further comprises a broadcast preparation step: The gateway generates a temporary public and private key pair of the gateway and calculates a pseudonym of the gateway; The gateway calculates an authentication code Which is provided with As the current time stamp is to be used, A temporary public key therefor; the gateway signs the aggregate signature and related data Broadcasting is performed.
7. 7. The method according to claim 1, characterized in that said verification phase comprises in particular: Verifier checks time stamp Freshness of (3); verifier computes signature And verifies it with the received Whether it is consistent or not, As a function of the hash-up, In order to aggregate the signature(s), As a pseudonym for the gateway, For signature verification public key, R is an aggregate value, Is a time stamp; verifier calculation ; Verifier verifies equation Whether or not to establish; If all the verifications pass, then the message is accepted : The verifier checks the equation Whether or not to establish In (2) the legality of (2), wherein Is the current time stamp of the time stamp, Is the effective time range.
8. 8. A system for implementing the internet of things data sharing method based on a threshold signature as in any one of claims 1-7, characterized by a trusted authority TA, a plurality of edge servers ES, at least one gateway and a number of internet of things devices; The trusted authority TA is configured to execute a system initialization phase and a registration phase, and includes: the initialization module is used for generating system parameters and distributing secret shares of a signature private key for each ES based on a threshold secret sharing scheme; The registration and distribution module is used for finishing registration for each entity, and pre-generating and distributing signature materials containing a pseudonym set for each ES; the gateway and the edge server ES are configured to cooperatively execute a collaborative signature phase, where: The gateway comprises a selection and triggering module for selecting ES sets meeting a threshold number and sending broadcast messages to be signed to them Interaction with an aggregation module, wherein the interaction is used for interacting with a selected ES set, and comprises the steps of receiving a signature intermediate quantity from the ES, aggregating the signature intermediate quantity into a first aggregation value, feeding back the first aggregation value to the ES, and then receiving a part of signature shares from the ES and aggregating the part of signature shares to form an aggregation signature; the ES comprises a collaborative signature module for interacting with the gateway with its secret share and pre-distributed signature material to collectively generate an aggregate signature for message m when selected by the gateway; The internet of things device for performing a verification phase, comprising: And the verification module is used for verifying the validity and the authenticity of the message m by utilizing the aggregate signature and the public parameters.
9. 9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any one of claims 1 to 7 when the program is executed.
10. 10. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 7.

Description

Internet of things data sharing method and system based on threshold signature Technical Field The invention belongs to the technical field of information security, and relates to an Internet of things data sharing method and system based on a threshold signature. Background With the rapid development of information technology and internet of things technology, the perception, computing and communication capabilities of internet of things (IoT) devices have significantly improved. By means of an advanced Internet of things communication protocol, a sensor fusion technology and intelligent equipment, the Internet of things can realize real-time data exchange and cooperation among the equipment. In the environment of the internet of things, the device may acquire data from the surrounding environment through an edge server (EDGE SERVER, abbreviated as ES) or a data aggregation node (e.g., gateway). The intelligent management and control device is widely applied to the fields of intelligent home, intelligent cities, industrial automation, intelligent transportation and the like, and achieves intelligent management and control through cooperative work. However, internet of things systems face numerous security challenges, especially in the communication between devices and data aggregation nodes. Because the internet of things devices generally adopt a wireless communication manner, the internet of things devices are vulnerable to network attacks (such as replay attacks, man-in-the-middle attacks, data tampering attacks and the like). In particular, during communication between a device and a data aggregation node (e.g., gateway), data is susceptible to interference or tampering by an attacker. For example, malicious nodes may falsify sensor data or tamper with environmental information, resulting in distortion or inconsistency of information during data sharing. Once entering the internet of things system, the false data not only can interfere the decision and the scheduling of the system, but also can cause the system to fail in function and even cause safety accidents, thereby seriously threatening the stability of the internet of things and the safety of users. In addition, with the increase of the number of devices of the internet of things and the diversification of application scenes, data privacy protection becomes particularly important. Many internet of things applications need to share large amounts of sensitive data, such as environmental monitoring data, user behavior data, device status, and the like. Without proper privacy protection measures, a malicious attacker may steal or tamper with sensitive information during transmission, causing serious privacy disclosure and security risks. Particularly in some high risk areas, such as smart medical, smart transportation and industrial control systems, security and privacy protection issues of data are more prominent. At present, cryptographic solutions for data sharing of the internet of things have been widely studied, but there are still limitations that 1) the security problem of an authentication mechanism is that in order to achieve direct authentication between a device and a data aggregation node, many schemes delegate an authentication function to the data aggregation node (such as a gateway). However, data aggregation nodes are typically deployed in an open or non-monitored environment, and may be the target of an attack. Once a data aggregation node is maliciously controlled or tampered with, it may propagate false data or reveal sensitive information, thereby threatening the security of the entire internet of things network. 2) Replay attacks and data tampering in many existing internet of things data sharing schemes, security typically relies on signing or encrypting the data. However, these schemes may have problems in that replay attacks or data tampering cannot be effectively prevented. An attacker may bypass the authentication mechanism by capturing and resending legitimate data messages, resulting in data consistency problems or erroneous decisions. 3) Computational performance bottlenecks many existing schemes achieve strong security while having a large computational overhead, especially when complex encryption algorithms (e.g., bilinear pairing, RSA, etc.) are involved, computational performance may become a bottleneck. For resource-constrained internet of things devices (such as sensors, smart home devices, etc.), the computing requirements of these schemes may be too high to meet the real-time requirements, and even affect the scalability of the system. Disclosure of Invention In order to overcome the defects of the prior art, the invention designs the Internet of things data sharing method and system based on the threshold signature, which meet the safety requirement in the Internet of things data sharing scene. The method obviously improves the efficiency and the expandability of the system while ensuring the safety of data tra