CN-122027299-A - Multi-receiver bilateral access control privacy protection cross-domain data sharing method

Abstract

The invention discloses a multi-receiver bilateral access control privacy protection cross-domain data sharing method which comprises the steps of executing system parameter initialization by a total trusted center and generating a master key, generating respective key pairs for the trusted center, a key distribution center and vehicles based on the master key and public parameters, generating a common original encryption ciphertext for a target receiver vehicle set by a sender vehicle through a private key and a receiver public key, decrypting the ciphertext by the receiver vehicle through the private key and the sender public key, and safely converting the original ciphertext into a re-encryption ciphertext through a road side unit under a cross-domain sharing scene through the re-encryption key for decryption by a target domain receiver. According to the invention, fine-granularity bilateral access control and privacy protection in a cross-domain environment are realized, on the premise of ensuring data security, the computing and communication overhead of one-to-many encryption is obviously reduced, complex certificate management is avoided, and the efficiency and practicality of vehicle networking data sharing are improved.

Inventors

• ZHANG LEI
• YU TONGYI
• QIN HONG
• ZHANG XIAN
• LIN CHAOMING
• XIN YUHAN

Assignees

• 广东技术师范大学

Dates

Publication Date

20260512

Application Date

20260225

Claims (8)

1. 1. The multi-receiver bilateral access control privacy protection cross-domain data sharing method is characterized by comprising the following steps of: the total trusted center performs system parameter initialization, generates public parameters and stores a master key; Generating respective key pairs for a trusted center, a key distribution center and a vehicle based on the public parameters and the master key; the method comprises the steps that a sender vehicle generates an encrypted ciphertext shared by all receiver vehicles in a target receiver vehicle set by using a private key and a public key of a receiver according to the target receiver vehicle set to serve as an original ciphertext; When cross-domain data sharing is carried out, the original ciphertext is converted into the re-encrypted ciphertext by the road side unit based on the proxy re-encryption key, and the re-encryption operation is carried out on the re-encrypted ciphertext by a receiver vehicle of the target domain, so that the plaintext is recovered, and the multi-receiver bilateral access control and privacy protection under the cross-domain environment are realized.
2. 2. The multi-receiver bilateral access control privacy-preserving cross-domain data sharing method of claim 1, The process of initializing the system parameters by the total trusted center comprises the following steps: The method comprises the steps of selecting two large prime numbers by a total trusted center, constructing an elliptic curve group and a target group on which bilinear mapping depends based on the selected large prime numbers, selecting a generating element on the elliptic curve group, selecting a random number as a main key, calculating to obtain a system main public key based on the generating element and the main key, selecting a plurality of anti-collision cryptographic hash functions, and jointly disclosing the large prime numbers, the generating element, the elliptic curve group, the target group, the plurality of anti-collision cryptographic hash functions and the system main public key as public parameters and keeping the main key secret.
3. 3. The multi-receiver bilateral access control privacy-preserving cross-domain data sharing method of claim 1, The process of generating respective key pairs for the trusted center, the key distribution center, and the vehicle includes: The method comprises the steps that a total trusted center generates a private key and a public key for each trusted center, the trusted center generates the private key and the public key for a managed secret key distribution center, the secret key distribution center generates a part of private key components and corresponding verification parameters for registered vehicles and sends the part of private key components and the corresponding verification parameters to corresponding vehicles, the vehicles verify correctness by using the public keys of the corresponding secret key distribution center after receiving the part of private key components and the corresponding verification parameters, and if verification is passed, the vehicles select a secret value and generate complete secret key pairs based on the secret value and the part of private key components.
4. 4. The multi-receiver bilateral access control privacy-preserving cross-domain data sharing method of claim 3, The generating of the encrypted ciphertext common to all receiver vehicles in the target receiver vehicle set includes: The method comprises the steps that a sender vehicle randomly selects a first random number and a second random number, generates a first temporary public key based on the first random number, and generates a second temporary public key based on the second random number; for each recipient vehicle in the set of target recipient vehicles, the sender vehicle calculates its corresponding based on the intermediate parameters And (3) with ; The sender vehicle is based on all receiver vehicles Constructing a first polynomial And extracting a coefficient set of the first polynomial based on all the receiver vehicles Constructing a second polynomial Extracting a coefficient set of a second polynomial; The sender vehicle generates a session key based on the first polynomial and the second polynomial And is based on Generating And ; The sender vehicle passes through Encrypting the plaintext message to generate a core ciphertext component And (3) with ; The sender vehicle obtains an original ciphertext based on the core ciphertext component, the first temporary public key, the second temporary public key, and a coefficient set of a first polynomial and a second polynomial.
5. 5. The multi-receiver bilateral access control privacy-preserving cross-domain data sharing method of claim 4, Converting the original ciphertext into a re-encrypted ciphertext, wherein the re-encrypted ciphertext is executed by a road side unit, and the process comprises the following steps of: The road side unit receives the original ciphertext and the proxy re-encryption key, verifies the integrity of the original ciphertext, performs conversion calculation on a core ciphertext assembly in the original ciphertext based on the proxy re-encryption key after verification is passed, and then obtains a converted ciphertext assembly, and the unconverted part in the original ciphertext is recombined with the converted ciphertext assembly to obtain the re-encryption ciphertext.
6. 6. The multi-receiver bilateral access control privacy-preserving cross-domain data sharing method of claim 4, wherein performing a decryption operation on the original ciphertext comprises: the receiver vehicle calculates the corresponding coefficient set of the first polynomial and the second polynomial based on the first temporary public key, the second temporary public key and the coefficient set of the first polynomial and the second polynomial contained in the original ciphertext by combining the private key and the sender public key And (3) with According to Lagrange interpolation Recovering secret components from coefficient sets of a first polynomial According to Recovering secret components from coefficient sets of a second polynomial Based on secret components And secret component Reconstruction Is prepared by And carrying out decryption operation on the core ciphertext component in the original ciphertext, recovering the plaintext and verifying the correctness.
7. 7. The multi-receiver bilateral access control privacy-preserving cross-domain data sharing method of claim 5, The process of performing a re-decryption operation on the re-encrypted ciphertext includes: the receiver vehicle of the target domain is based on the components in the re-encrypted text Calculating intermediate parameters with the private key of the trusted center to which the intermediate parameters belong ; Based on the intermediate parameter The source domain identifier and the target domain identifier calculate a link value through a hash function ; Using linked values Components in said re-encrypted text 、 And (3) with Calculating to obtain intermediate decryption parameters ; Based on the intermediate decryption parameters And the rest components in the re-encryption text recover the plaintext and verify the correctness of decryption.
8. 8. The multi-receiver double-sided access control privacy protection cross-domain data sharing method according to claim 5, wherein the generation process of the proxy re-encryption key comprises: Agent randomly selects two re-encrypted random numbers And (3) with ; Receiver-based public key component And re-encrypting the random number Calculating key generation parameters; Based on the key generation parameter, the source domain identifier and the target domain identifier, calculating by a hash function to obtain a link value; based on the link value, the re-encrypted random number Session key for source domain sender vehicle With system public parameters, a first component for generating the proxy re-encryption key RK is calculated ; Based on the re-encrypted random number Public key assembly with receiver A second component for generating the proxy re-encryption key RK ; Based on the re-encrypted random number A third component for generating the proxy re-encryption key with the generator in the system public parameter 。

Description

Multi-receiver bilateral access control privacy protection cross-domain data sharing method Technical Field The invention belongs to the technical field of internet of vehicles privacy protection, and particularly relates to a multi-receiver bilateral access control privacy protection cross-domain data sharing method. Background With the rapid development of intelligent traffic system and internet of vehicles (IoV) technology, real-time data sharing between vehicles and infrastructure has become an important technical foundation for supporting traffic management and intelligent driving. Through efficient data interaction, the Internet of vehicles can effectively relieve traffic jams, reduce the occurrence rate of traffic accidents, and improve the utilization efficiency of road resources and the overall driving experience. Therefore, building a safe, reliable and efficient vehicle data sharing mechanism has become one of the research hotspots in the field of internet of vehicles. However, the internet of vehicles environment has high dynamic and open characteristics, the number of vehicle nodes is huge, the moving speed is high, the network topology structure is frequently changed, and meanwhile, strict requirements are put on the real-time performance and the reliability of data transmission. In this context, the vehicle data sharing process faces a number of security and performance challenges. On one hand, vehicles communicate in an open wireless channel and are easy to suffer from various security attacks such as eavesdropping, tampering, disguising and the like, and on the other hand, the traditional encryption and access control mechanism is difficult to consider security and efficiency in a large-scale and multi-receiver scene, and the computing and communication overhead is easy to increase obviously. The existing point-to-point encryption scheme generally needs a sender to perform encryption operation for each receiver, when the number of receiving vehicles increases, the calculation complexity and the communication burden increase linearly, and it is difficult to meet the requirements of the internet of vehicles on low time delay and high throughput. In addition, a security mechanism based on Public Key Infrastructure (PKI) relies on complex certificate generation, distribution and verification processes, so that extra management overhead and communication delay are introduced in a high-dynamic scene such as the Internet of vehicles, and the overall efficiency of the system is reduced. Meanwhile, the existing scheme still has the defects in cross-domain data sharing and fine-granularity access control, and flexible data authorization and management are difficult to realize while the security is ensured. In view of the above-mentioned problems, there is a need to design a novel data sharing security mechanism suitable for the internet of vehicles environment, which reduces the computing and communication overhead and supports flexible access control in multi-receiver and cross-domain scenarios on the premise of guaranteeing data confidentiality, integrity and identity authentication security. Disclosure of Invention In order to solve the technical problems, the invention provides a multi-receiver bilateral access control privacy protection cross-domain data sharing method, which aims to solve the problems existing in the prior art. In order to achieve the above object, the present invention provides a multi-receiver bilateral access control privacy protection cross-domain data sharing method, comprising: the total trusted center performs system parameter initialization, generates public parameters and stores a master key; Generating respective key pairs for a trusted center, a key distribution center and a vehicle based on the public parameters and the master key; the method comprises the steps that a sender vehicle generates an encrypted ciphertext shared by all receiver vehicles in a target receiver vehicle set by using a private key and a public key of a receiver according to the target receiver vehicle set to serve as an original ciphertext; When cross-domain data sharing is carried out, the original ciphertext is converted into the re-encrypted ciphertext by the road side unit based on the proxy re-encryption key, and the re-encryption operation is carried out on the re-encrypted ciphertext by a receiver vehicle of the target domain, so that the plaintext is recovered, and the multi-receiver bilateral access control and privacy protection under the cross-domain environment are realized. Optionally, the process of initializing the system parameters by the total trusted center includes: The method comprises the steps of selecting two large prime numbers by a total trusted center, constructing an elliptic curve group and a target group on which bilinear mapping depends based on the selected large prime numbers, selecting a generating element on the elliptic curve group, selecting a random number