The New Method of Sensor Data Privacy Protection for IoT

,


Introduction
Various sensors have penetrated into all aspects of our lives, and many of them are continuously collecting our information [1]. In this context, privacy issues related to the Internet of ings, especially consumer Internet of ings, have become the focus of attention from all walks of life [2]. As a kind of microcomputer terminal, the Internet of ings device exists independently of the computer network but is closely connected with the Internet [3]. Today, IoT sensors have penetrated into various industries, from industrial automation to medical equipment and then to the financial industry [4]. In short, there will be sensors wherever humans live [5].
Privacy protection is an important issue in IoT systems but has different references in different scenarios. For example, in the smart grid, the leakage of household energy consumption data and other information may cause hidden dangers to the safety of household personnel and property [6][7][8]. In smart medical care, the leakage of health data generated by patients' wearable devices causes personal safety and ethical issues. us, following the above two cases, the privacy protection issue is considered related to the interests of the owner of the sensor data. is kind of privacy protection is called active privacy protection wherein the owners of sensor data have the opportunity to take necessary measures to protect their privacy [9,10]. However, in public video surveillance applications, the privacy problem caused by face recognition is another situation. In this scenario, the issue of privacy protection is not an issue related to the interests of the owner of the sensor data (that is, the operator of the monitoring system) [11]. Whether to protect the privacy of the monitored person depends on the law and the level of the operator. Similarly, electronic license plate applications exist [12]. is kind of privacy protection is called passive privacy protection wherein the object whose privacy is compromised is powerless to solve this problem. For these two privacy protection problems, the problems to be solved and the directions to be considered are different.
us, obvious differences are found in the solutions. For example, automatic coding method used in public video surveillance is rare in active privacy protection [13][14][15].
is article introduces how to solve the privacy protection about IoT sensor data based on blockchain [16]. e ring signature realizes the anonymization of gateway transactions, prevents data sources from being tracked, and solves the anonymization problem of blockchain-based IoT users [17]. rough asymmetric encryption, the sensor verifies the identity of the gateway and encrypts the sensor data [18]. e gateway can create a block and submit a blockchain transaction after verifying the integrity and source of the data. Finally, combined with data access control and data encryption sharing, decentralized applications perform fine-grained control over data access.

Method Architecture
e method architecture is shown in Figure 1. e system consists of sensors, gateways, blockchain, and various decentralized applications. First of all, the sensor and the gateway need to perform bilateral authentication, which can not only prevent the sensor from accessing the fake gateway, but the gateway also filters out offensive sensor data. After the identity verification is passed, Hash-based message authentication code is used to verify the source and integrity of the data collected by the sensor. e sensor uploads the data to the gateway. In order to protect the privacy of the sensor data, the gateway will first encrypt the data with a public key, use a ring signature to verify the anonymity of the transaction, and finally submit it to the blockchain. Based on smart contracts, an attribute-based control method is adopted.
e encrypted data on the blockchain are decrypted and used by decentralized applications by proxy re-encryption.

Sensor-Gateway Authentication.
To avoid the leakage of private data caused by the sensor's access to the wrong gateway, this study adopts the Elliptic Curve Diffie-Hellman (ECDH) protocol combined with an asymmetric encryption method to realise the sensor's authentication of the gateway's identity and negotiate a shared key in the process.
ECDH is a variant of the Diffie-Hellman (DH) protocol that uses elliptic curve cryptography. e difference between the two is that ECDH is based on the elliptic curve discrete logarithm problem, whereas the DH protocol is based on the discrete logarithm problem. Similar to the DH protocol, the two parties in ECDH communication use their elliptic curve key pairs to negotiate a shared key on an insecure channel.
is key can be used for the symmetric encryption of subsequent communications between the two parties. e negotiation process is shown in Figure 2. e sensor and the gateway share a set of elliptic curve domain parameters (p, a, b, G, n, h). e sensor generates a random number d a,g , (d g ∈ [2, n − 1]), then the sensor sends Q s to the gateway, and the gateway sends Q g to the sensor. Finally, both parties obtain the same shared key (i.e., K � K s � K g ).
e ECDH-based IoT device authentication to the gateway and the key negotiation process is shown in Figure 3.
(i) e sensor side generates a random number d s , encrypts Q s with the public key of the gateway, and sends it (ii) e gateway side generates a random number, d g , and sends back Q s � � � �Q g in plaintext (iii) If the sensor successfully parses out Q s , the gateway identity is correct e above process shows that, when the system is initialised, an ECC key pair needs to be allocated to the gateway, and the sensor needs to know the public key that it needs to access the gateway.

Sensor Data Encryption.
e gateway creates and submits a blockchain transaction after verifying the integrity and source of the sensor data. To protect the privacy of sensor data when constructing a transaction, this article first uses the ECC public key to encrypt sensor data. e principle of public key encryption is as follows: (i) e 32-bit input data m are converted into point M on the elliptic curve, where f represents the selected elliptic curve equation: (ii) A random number r ∈ [2, n − 1] is taken, where n represents the order of the selected elliptic curve equation. (iii) e first part C1 of the encrypted output is calculated, where G is the Genrator of the elliptic curve: (iv) e second part C2 of the encrypted output is calculated, where K represents the public key used for encryption: (v) e encrypted outputs C1 and C2 are obtained.
e process of decrypting with the ECC private key is as follows: (i) M is calculated according to the following formula, where k is the private key used for decryption: (ii) e original information m is extracted from M. For example, M is taken to obtain the x coordinate. e above process is only applicable to the encryption and decryption processing of the input message m with a length of 32 bytes. e message m of any length should be divided if the 32-byte fragments m 1 , ..., m n are viewed. e encryption process is performed on each fragment at a time, and the encryption result is obtained.

Shock and Vibration
When decrypting, C1 is used to process C2 1 , . . . , C2 n sequentially and obtain the result.

Anonymization of Transaction Sources.
To avoid tracking and identifying the source of the data (gateway), the Borromean ring signature method is used to anonymize gateway transactions. Ring signature is a special group signature method. e difference is that a ring signature does not require an additional group manager. With ring signature, the real signer can be hidden behind a set of public keys (address), thus realising the transaction anonymity of the true initiator.
Assuming that the message to be signed is m, the signer's private key is S s , and the selected ring members are P 1 , P 2 , . . . , P r , the calculation process of the ring signature is as follows: (i) e hash of the message m is calculated as the symmetric key k as follows: (ii) e signer chooses a random value v ∈ [0, 1].
(iii) e signer chooses a random value for other members (i.e., x i ∈ [0, 1], 1 ≤ i ≤ r, i ≠ s). (iv) y s is solved, which makes the following formula true: (v) Signer trapdoor permutation and inversion are used: (vi) e ring signature is the output: e equation calculated in step 4 can be shown in the figure below, where E k is the symmetric encryption function: v Ek Ek e verification process of the ring signature is as follows: e equation can be expressed as a ring as follows: (i) Calculate y i as follows: (ii) Calculate the encryption key k as follows: (iii) Verify the ring equation as follows: 2.4. Sensor Data Shared. e encrypted sensor data can be decrypted and used by the encryptor. ird-party use must be considered in many cases. However, directly sharing the private key of the encryptor is not safe. us, this article uses a proxy re-encryption method to realise the sharing of encrypted data. e proxy re-encryption process is shown in Figure 4. In this article, the blockchain node acts as a reencryption agent.
Users A and B hold key pairs (sK A , pK A ) and (sK B , pK B ), respectively. User A uses his public key pK A to encrypt the inscription data m to obtain the ciphertext C A on the chain. When user A needs to share his data with user B, user A generates a re-encryption key rK A⟶B for user B and provides it to the blockchain node to re-encrypt the specified ciphertext to C B . After receiving it, user B uses his private key. e key sK B can be decrypted. Given that two sets of private keys are required to generate the re-encryption key and to avoid using B's private key, user A needs to generate an additional temporary private key and provide it to user B after encrypting it with B's public key.
To access the data of the specified sensor, decentralized applications need to request sensor data access permission from the gateway to which the sensor belongs, that is, to send the following message to the specified gateway. e fields of the message are shown in Table 1.
If the gateway agrees for decentralized applications to access the specified sensor, the gateway submits an authorisation transaction to the PAP contract on the chain, granting the requester the access permission to the specified sensor. e transaction parameters are as follows: (i) Target contract: PAP (ii) Contract action: grant (iii) Action parameters: (iv) Sensor: authorised sensor ID (v) User: requester ID (vi) Rk: re-encryption key generated for the requester (vii) Sk: decryption key generated by the requester, which is encrypted with the requester's public key After the transaction is confirmed on the chain, the pap contract is triggered to modify the access strategy of the specified sensor. e process is shown in Figure 5.
After the above transaction is confirmed, the requesting party can encrypt and decrypt the specified sensor data to obtain plaintext data. Decentralized applications request the latest sensor data by sending the following message to the blockchain node. e fields of the message are shown in Table 2.
After the node receives the above request, it will first check whether the requester has the permission to access the requested sensor. If the permission is granted, it will return the latest data (encrypted form) of the sensor and the key authorised by the gateway to the requester. e fields of the message are shown in Table 3. e sequence diagram of the above process is shown in Figure 6.

Data Access Control.
ABAC can finely control access to resources and mainly includes four components, namely, policy enforcement point (PEP), policy decision point (PDP), policy administration point (PAP), and policy information point (PIP). e data access process is shown in Figure 7.
(i) PEP is responsible for receiving user requests, invoking PDP permission evaluation and determining whether to allow access to specified resources based on PDP evaluation results (ii) PDP evaluates the access request based on the rule base and returns the evaluation result (i.e., denying or allowing access) (iii) PAP is the management interface of rules provided for administrators, such as adding new access policies and updating designated access policies (iv) PIP provides out-of-core attribute information for PDP

Verification of Encrypted Data Utilisation Process.
e experimental configuration is as follows: (i) e sensor verifies the identity of the gateway and negotiates a shared key (ii) e sensor submits data to the IoT gateway (iii) e IoT gateway node verifies the integrity and source of the data and rejects the data if the verification fails (iv) e gateway encrypts sensor data, generates new transactions, and performs ring signatures (v) After the blockchain node verifies that the transaction is correct, the node will queue the transaction up in the buffer pool (vi) Blockchain nodes generate blocks to confirm transactions e access authorisation process in the experiment is as follows: (i) e gateway submits an authorisation transaction to the blockchain node and grants the data access rights of 80000# sensor to decentralized applications. (ii) Decentralized applications regularly submit query requests to blockchain nodes and obtain encrypted sensor data and the proxy re-encryption group. (iii) Decentralized applications perform re-encryption first, decrypts the data, and displays the decrypted plaintext. e experimental results are in line with expectations. e screenshot is shown in Figure 8.

e Impact of Encryption on Performance.
e program is implemented in Python language, and the experiment is mainly carried out in the following aspects: the impact of transaction signatures on performance and the impact of sensor data encryption on performance.
e system has set up 50 sensor nodes, 10 gateways, and 4 blockchain nodes. e system can set parameters in advance, set the block generation cycle of the blockchain node to 5 s, set the sensor report data cycle to 1 s, enable sensor data integration, configure whether to verify the sensor/ gateway, and configure transaction signatures and sensor encryption methods.

e Impact of Transaction Signatures on Performance.
We use different signature methods to discuss the impact on system performance. e parameters are as follows: at is, given that ECC signature requires a certain processing time, the simulation system has been overloaded Sensor Gateway  tx (co nt ra ct = pa p, ac tio n = gr an t)     Shock and Vibration when the block generation period is set to 5 s. When the ring signature method is used, this overload phenomenon is more obvious because the ring signature requires more processing time. Figures 13 and 14 show that the maximum transaction delay time has exceeded 20 s. e block generation period is set to 30s, and the experiment of the ring signature method is re-run. e results are shown in Figures 15 and 16 e transaction delays are kept within the block generation period, and the system is operating normally.   Figures 17 and 18. Figures 17 and 18 show that the encryption of sensor data has little effect on transaction delay. Figure 17 shows the corresponding transaction delay histogram statistics and transaction delay cumulative ratio statistics when sensor data encryption is not enabled. Figure 18 shows the statistics of the transaction smoking, eating, and releasing graphs and  the cumulative ratio of transaction delays after the sensor data encryption is turned on. In Figures 17 and 18, the blue histogram counts the number of transactions that fall in each delay interval, and the red line graph calculates the proportion of the number of delays corresponding to the current interval in the total number of transactions, which we call it the cumulative proportion of delay in this interval is displayed on the ordinate on the right. From the two figures, we can see that after the sensor data encryption is turned on, it will affect the total number of transactions. As can be seen from Figure 18, the number of transaction delays in each interval has been reduced. However, after the sensor data encryption is turned on, the transaction delay time will not be affected. From the red line chart, we can see that all transaction delays are still below 5000 ms, and the cumulative proportion accounts for almost 100%.

Conclusion
is article introduces sensor data privacy protection method for IoT based on blockchain technology. e ring signature realizes the anonymization of gateway transactions, prevents data sources from being tracked, and solves the anonymization problem of blockchain-based IoT users. rough asymmetric encryption, the sensor verifies the identity of the gateway and encrypts the sensor data. e gateway can create a block and submit a blockchain transaction after verifying the integrity and source of the data. Finally, combined with data access control and data encryption sharing, decentralized applications can finely control data access. rough experiments, the impact of transaction signatures on performance and the impact of sensor data encryption on performance are analyzed. e results show that transaction delays are all controlled within a reasonable range. e system performance achieved by this method is also relatively stable.
Data Availability e data that support the findings of the research are available from the corresponding author.

Conflicts of Interest
e authors declare that there are no conflicts of interest.