CN102710757B - Distributed cloud storage data integrity protection method - Google Patents

Abstract

The invention relates to a distributed cloud storage data integrity protection method. The method comprises: (1) data division and coding {F--M}; (2) generation of homomorphic verifiable tags (HVTs) {(sk,F)--HVTs}; (3) remote data storage {(M(j),HVT--Sj)}; (4) a user launching a challenge {chal}; (5) a server making a response {R}; (6) verification{(R,sk)--('success', 'failure')}; and (7) data recovery {(M*,P)--F}. According to the method provided by the invention, the communication cost is reduced by adopting random data block sampling; data error location and error recovery can be realized by using linear coding; and the method has no limits to the number of times for data possession verification, is high in the verification confidence, safe and reliable. Accordingly, the method provided by the invention has good practical value and wide application prospect in the technical field of cloud security.

Description

The guard method of a kind of distributed cloud integrity of data stored

(1) technical field

The present invention relates to the guard method of a kind of distributed cloud integrity of data stored, it is also a kind of for verifying the user data integrality that is stored in Cloud Server and the method that can carry out correcting data error, belongs to cloud computing security fields.

(2) background technology

Internet network application technology is fast-developing universal, and the development of Web2.0 causes the network user and the rapid growth of network data amount in addition, and user has higher requirement to the disposal ability of data, and the feature of cloud computing has been catered to these demands.Cloud computing provides great convenience for user stores, and user needn't be concerned about complicated hardware management again.

Although cloud computing has these attracting advantages, it has also brought new security challenge and threat to data protection: first, because user physically has their data no longer, traditional encryption for data protection can not directly be used.Therefore need can the correct storage of verification msg method, consider users a large amount of in cloud and a large amount of data, the data storage security in cloud computing, correctness how effectively to verify outsourcing data is a huge challenge.Secondly, although the facility under cloud computing is more powerful and reliable than personal computing devices, but they still face inside and outside data integrity and threaten, the hackers that covet in a large number high in the clouds data are ceaselessly excavating the leak in the Web of service provider application, with expectation, make a breach, obtain valuable data.Finally, that have high priority data access right is not user oneself, but cloud computing service business.Due to interests problem, just may there is dishonest conduct to user's data in cloud service supplier.

Therefore,, in the practical application of cloud computing, design can guarantee that the scheme of the correct stalwartness safety of storing of data is particularly important.Cloud is stored to this mass data storage, and we will consider the efficient and low expense of the property the held checking of data on the one hand, once will consider the counter-measure that data memory error can be taked on the other hand.Based on this, consider, we have invented this method, and the major technique relating to is Goppa error correction coding, the signature technology based on elliptic curve, Paillier additivity homomorphic cryptography algorithm.

First, the class rational fraction code that the scholar Goppa of Goppa Ma Shi early 1970s Russia System Construction goes out.It is the important linear error correction code of a class, its topmost advantage be its some subclass can reach Shannon channel coding theorem to performance, and have Fast Decoding Algorithim.Particularly its non-equivalence code class number is very large, so in 1978, McElice constructed a class public-key cryptosystem with Goppa code, has started since then with error correcting code structure cryptographic system and various authentication code.Therefore no matter in practice still in theory, no matter be also at accuracy control system or in password, Goppa code is all significant.It is defined as follows: establish 0<n≤q ^m, L={a ₀, a ₁... a _n-1an ordered set, a _i∈ GF (q ^m) and unequal mutually, establish again the n-dimensional space GF on GF (q) ⁿ(q), code word C=[c _n-1c _n-2... c ₀] ∈ GF ⁿ(q), with C for GF (q ^m) on z rational expression be now, the generator polynomial g of Goppa code (z) meets: { C; R _c(z)=0modg (z) }.

Secondly, Paillier cryptographic algorithm meets the character of additive homomorphism, for data m ∈ Z _n, by the result that PKI n and generator g are encrypted, be: ε (m)=g ^mr ⁿmodn ², wherein r is random number, the character of its homomorphism is:

$\mathrm{\&epsiv;}\left(m_1\right)\&CenterDot;\mathrm{\&epsiv;}\left(m_2\right)=\left(g^{m_1}{r}^n\right)\left(g^{m_2}{r}^n\right)=g^{m_1+m_2}{\left(r_1{r}_2\right)}^n=\mathrm{\&epsiv;}(m_1+m_2\mathrm{mod}n).$

Finally, elliptic curve cipher (Elliptic curve cryptography, is abbreviated as ECC) is for using public-key cryptosystem the most widely in cryptography.The main advantage of ECC is that it uses less key (such as RSA cryptographic algorithms) than other method in some cases, and suitable or more high-grade safety is provided.Its fail safe is based upon the discrete logarithm problem on elliptic curve, the Abel group E forming at elliptic curve _p(a, b) upper considers equation Q=kP, P wherein, Q ∈ E _p(a, b), k<p, easily asks Q by k and P, but it is difficult by P, Q, asking k.

(3) summary of the invention

(1) goal of the invention

The object of the invention is to propose for the guard method of a kind of distributed cloud integrity of data stored, it has overcome the deficiencies in the prior art.Can be used for solving in cloud storage environment user to the protection of remote data and control; it has realized the checking that user is stored in the integrality of data in Cloud Server and holds type it; this invention has checking number of times unrestricted; during checking, adopt and randomly draw data block, location of mistake and the wrong function of recovering during data memory error.

(2) technical scheme

In order to achieve the above object, the present invention combines Goppa error correction coding, elliptic curve cryptography and Paillier homomorphic cryptography technology, and its technical scheme is as follows.

The present invention includes two entities, user (User) and cloud service provider (CSP).Below with reference to accompanying drawing, the technical scheme of the described property held checking is set forth, Fig. 1 is FB(flow block) of the present invention; Fig. 2 is the pretreated distributed store schematic diagrames of data; Fig. 3 is challenge-response mechanism interaction figure.

As Fig. 1, the present invention comprises 7 steps altogether, and according to the execution phase, it can be divided into initialization, challenge-response and interactive operation three phases.

The present invention is the guard method of a kind of distributed cloud integrity of data stored, and the method concrete steps are as follows:

Stage 1: initialization: comprise (1) ~ (3) step, owner's executing data of data block F is cut apart and { F → M} the operation of encoding, the generation { (sk of homomorphism label (HVTs), F) → HVTs} operation, then coded data M and homomorphism label H VTs are outsourced to cloud server and carry out store and management, user needs the safety of strict guarantee private key.

Step 1: Data Segmentation and coding first F → M}:User exists with the form of file initial data F() carry out preliminary treatment and generate storage data M.F is divided into the big or small data block { F such as m ₁, F ₂..., F _m, each data block is further divided into l part then we are to its processing of encode, adopt Goppa code scheme to the initial data F processing of encoding in scheme, generation coded data M, and the outsourcing coded data M of end user (User) carries out store and management to high in the clouds CSP;

Step 2: generation { (sk, the F) → HVTs}: for each data block of homomorphism label (Homomorphic Verifiable Tags (HVTs)) based on homomorphic cryptography algorithm, we calculate homomorphism label according to the security parameter of setting for it, and the homomorphism label that we generate has the character of additive homomorphism;

Step 3: the remote storage { (M of data ^(j), HVT) → S _j}: user is by homomorphism label with data block M ^(j)deposit together j server in, similarly, other database is stored in other n server.User oneself stores private key and some random numbers.

Stage 2: challenge-response: comprise (4) ~ (6) step, user generates challenge, the random data block of specifying it to detect, according to user, challenge, Cloud Server generates evidence (GenProof) by execution, and { (chal, HVTs, M) → R} responds.End user verifies { (R, sk) → (" success ", " failure ") } operation by execution, makes last Data Detection result judgement.

Step 4: user initiates challenge { chal}: when user wants authentication server S _jwhether correctly hold data time, user Xiang Qi challenges: user generate one challenge chal, send to server S _j;

Step 5: server responds: generate evidence (GenProof) { (chal, HVTs, M) → R}: when server is received challenge chal, store data block M ^(j)server need to produce an evidence R=(T, ρ).Afterwards, server returns to user by R;

Step 6: checking { (R, sk) → (" success ", " failure ") }: when user receives the R that server returns, utilize the private key sk of oneself to carry out computing, thereby the data mode to its server stores judges, result is " success " or " failure ".

Stage 3: interactive operation: comprise (7) step, if the Output rusults of checking { (R, sk) → (" success ", " failure ") } operation is " failure ", user requires CSP to carry out data restore operation, and this may need bipartite mutual.Under general case, user can download data M, then carries out and repairs { (M ^*, P) → F} can recover former data.

Step 7: data reparation { (M ^*, P) → F}: if corrupted data detected, we just can determine the server S of this data block of storage _jthe storage errors that occur, the error correcting code adopting in the time of at this moment can utilizing preliminary treatment is carried out data recovery, to corrupt data M ^*carry out decoding with P and can recover former data F.

(3) advantage and effect

The guard method of a kind of distributed cloud integrity of data stored of the present invention, the method relates to the coding of data, the recovery aspect of data verification and data, its advantage and effect are: 1) amount storage in this locality of user is little, and user only needs memory encoding generator matrix and private key just can verify the property held of data; 2) interaction data amount is little, and the traffic of the response that the challenge that user sends and server are made is fixed, irrelevant with storage size of data; 3) property the held checking challenge number of times that user can initiate is unrestricted; 4) adopt the method for random sampling calculation check piece, when reducing server computing cost, still can guarantee the high confidence level checking; 5) adopt linear error correction coding techniques preliminary treatment storage data to realize error in data location and error correcting.

(4) accompanying drawing explanation

Fig. 1 is FB(flow block) of the present invention;

The preliminary treatment of Fig. 2 data and distributed store figure;

Fig. 3 challenge-response mechanism flow chart;

In figure, symbol description is as follows:

In Fig. 1, numeral 1,2,3,4,5,6,7 represents the sequence number of each step, and F represents original, the file after M representative coding;

In Fig. 2, M ^(j)data after presentation code, expression is by M ^(j)each blocks of data after piecemeal, S _irepresent i server, chal represents the challenge that user generates, R ^(j)represent server S _jresponse;

(5) embodiment

Below with reference to accompanying drawing, described completeness protection method is elaborated, Fig. 1 is FB(flow block) of the present invention; Fig. 2 is the pretreated distributed store schematic diagrames of data of the present invention; Fig. 3 is challenge-response mechanism interaction figure of the present invention.

Main symbol and algorithmic translation:

(1) the former data of F representative of consumer, M, for the data after encoding, comprises n * l data block. be the i piece of j data vector, it will be stored in server S _jg ^*=(I _{(n-r) * (n-r)}| P ^t) represent the generator matrix of Goppa code, wherein P is redundancy check piece generator matrix; M ^*represented the data block of memory error in server.

(2) E () and D () are for being respectively cryptographic algorithm and the decipherment algorithm of paillier cryptographic algorithm, k ₁for its PKI, k ₂for its private key, N is modulus, and paillier cryptographic algorithm meets the character of additive homomorphism.

(3) G is elliptic curve E _pthe generator of (a, b), large prime number p <N wherein, P=yG, P is illustrated in the open parameter in challenge, and y is the security parameter that user produces;

(4) π () is a pseudo-random permutation (pseudorandom permutation, PRP) function, meets $\mathrm{\&pi;}:{\left\{\mathrm{0,1}\right\}}^{k_3}\&times;{\left\{\mathrm{0,1}\right\}}^{{\log }_2\left(n\right)}\&RightArrow;{\left\{\mathrm{0,1}\right\}}^{{\log }_2\left(n\right)};$ K wherein ₃for its key, for determine the position of the data block of randomly drawing at every turn.

(5) for secret random number, p is the large prime number of setting in (3), can be produced by the pseudo-random generator with key, be user's security parameter;

The present invention can be divided into initialization, challenge-response, interactive operation three phases.See Fig. 1, the guard method of a kind of distributed cloud integrity of data stored of the present invention, the method concrete steps are as follows:

1. initial phase

In this stage, the cutting apart of data, coding and distributed storage are as shown in Figure 2.

Step 1: deblocking and coding:

(1) the data file F that user will store high in the clouds into is divided into l * m piece, and each piece all can be expressed as the element GF (p) in galois field, and wherein p is large prime number.With matrix table, be:

(2) adopt Goppa code to encode to former data, become l * n piece after coding, its minimum distance is d _min>=r+1, its error detecing capability is r, error correcting capability is (d _min-1)/2.After coding, data are:

G wherein ^*generator matrix for Goppa code.

Step 2: the generation of homomorphism label H VT:

(1) relevant parameter is set.User selects an elliptic curve E _p(a, b), getting its generator is G; The PKI that Paillier cryptographic algorithm is set is k ₁=(n, g), private key is k ₂=(λ, μ); Select pseudo-random permutation function π (); Generate random integers and user need to maintain secrecy for it.

(2) user is each data block after encoding generate homomorphism label $T_i^{\left(j\right)}=E_{k_1}(x_i^{\left(j\right)}+f_i^{\left(j\right)})\mathrm{mod}{N}^2,$ Wherein, represent to adopt the PKI k of Paillier cryptographic algorithm ₁=(n, g) is encrypted.So the homomorphism label of each column data is in encoder matrix $(T_1^{\left(j\right)},T_2^{\left(j\right)},\&CenterDot;\&CenterDot;\&CenterDot;,T_l^{\left(j\right)}).$

Step 3: the remote storage of data:

As shown in Figure 2, user is by homomorphism label with data block M ^(j)deposit together j server S in _j, user oneself stores private key and random number

2. challenge-response stage

In this stage, the interactive operation flow process of user and server as shown in Figure 3.

Step 4: user initiates challenge:

When user wants authentication server S _jwhether correctly hold data time, user Xiang Qi challenges: user generates challenge chal=(c, a k ₃), send to server S _j.Wherein, 1≤c≤l, k ₃for the key of pseudo-random permutation function π (), P=yG.

Step 5: server responds:

(1) server S _jaccording to challenge chal, for each 1≤r≤c, calculate as follows:

$i_r={\mathrm{\&pi;}}_{k_3}\left(r\right)$

Then according to resulting i _r, calculate as follows:

$T^{\left(j\right)}=T_{f_{i_1}}^{\left(j\right)}......T_{f_{\mathrm{ic}}}^{\left(j\right)}\mathrm{mod}{N}^2$

${\mathrm{\&rho;}}^{\left(j\right)}=({f_{i_1}}^{\left(j\right)}+{f_{i_2}}^{\left(j\right)}+\&CenterDot;\&CenterDot;\&CenterDot;+{f_{i_c}}^{\left(j\right)})P\mathrm{mod}N$

(2) server S _jby the evidence (T calculating ^(j), ρ ^(j)) return to user.

Step 6: the evidence that user authentication servers is returned:

(1) user receives server S _jevidence (the T returning ^(j), ρ ^(j)) after, carry out operation as follows: use private key k ₂=(n, g) according to Paillier cryptographic algorithm to T ^(j)be decrypted and obtain for each 1≤r≤c, calculate then according to i _rselect carry out c time ${\mathrm{\&tau;}}^{\left(j\right)}={\mathrm{\&tau;}}^{\left(j\right)}-x_{i_r}^{\left(j\right)}\mathrm{mod}N,$ Obtain ${\mathrm{\&tau;}}^{\left(j\right)}={\mathrm{\&tau;}}^{\left(j\right)}-x_{i_r}^{\left(j\right)}\mathrm{mod}N.$

(2) checking n τ ^(j)g=ρ ^(j)if equation is set up and is proved to be successful, and server S is described _jcorrect holding has user's data; Otherwise, this server S is described _jthere is mistake in data storage.

3. interactive operation stage

Step 7: data are recovered

When user detects data memory error, user can require to download all data from server, and by Goppa code generator matrix G ^*corresponding check matrix P carries out error correction to the data of downloading, and recovers data, then the data after recovering is placed in again to the correspondence position of each server.

Claims (1)

1. a distributed cloud integrity of data stored guard method, is characterized in that:

Symbol and algorithmic translation are as follows:

(1) the former data of F representative of consumer, M, for the data after encoding, comprises n * l data block; be the i piece of j data vector, it will be stored in server S _j.G ^*=(I _{(n-r) * (n-r)}| P ^t) represent the generator matrix of Goppa code, wherein P is redundancy check piece generator matrix; M ^*represented the data block of memory error in server;

(2) E () and D () are for being respectively cryptographic algorithm and the decipherment algorithm of paillier cryptographic algorithm, k ₁for its PKI, k ₂for its private key, N is modulus, and paillier cryptographic algorithm meets the character of additive homomorphism;

(3) G is elliptic curve E _pthe generator of (a, b), large prime number p < N wherein, P=yG, P is illustrated in the open parameter in challenge, and y is the security parameter that user produces;

(4) π () is a pseudo-random permutation function, meets k wherein ₃for its key, for determine the position of the data block of randomly drawing at every turn;

(5) for secret random number, p is the large prime number of setting in (3), by the pseudo-random generator with key, being produced, is user's security parameter;

The method concrete steps are as follows:

1. initial phase

Step 1: deblocking and coding:

(1) the data file F that user will store high in the clouds into is divided into l * m piece, and each piece is all expressed as the element GF (p) in galois field, and wherein p is large prime number; With matrix table, be:

(2) adopt Goppa code to encode to former data, become l * n piece after coding, its minimum distance is d _min>=r+1, its error detecing capability is r, error correcting capability is (d _min-1)/2; After coding, data are:

G wherein ^*generator matrix for Goppa code;

Step 2: the generation of homomorphism label H VT:

(1) relevant parameter is set; User selects an elliptic curve E _p(a, b), getting its generator is G; The PKI that Paillier cryptographic algorithm is set is k ₁=(n, g), private key is k ₂=(λ, μ); Select pseudo-random permutation function π (); Generate random integers and user need to maintain secrecy for it;

(2) user is each data block after encoding generate homomorphism label wherein, represent to adopt the PKI k of Paillier cryptographic algorithm ₁=(n, g) is encrypted; So the homomorphism label of each column data is in encoder matrix

Step 3: the remote storage of data:

As shown in Figure 2, user is by homomorphism label with data block M ^(j)deposit together j server S in _j, user oneself stores private key and random number

2. challenge-response stage

Step 4: user initiates challenge:

When user wants authentication server S _jwhether correctly hold data time, user Xiang Qi challenges: user generates challenge chal=(c, a k ₃), send to server S _j; Wherein, 1≤c≤l, k ₃for the key of pseudo-random permutation function π (), P=yG;

Step 5: server responds:

(1) server S _jaccording to challenge chal, for each 1≤r≤c, calculate as follows:

$i_r={\mathrm{\&pi;}}_{k_3}\left(r\right)$

Then according to resulting i _r, calculate as follows:

$T^{\left(j\right)}\&equiv;T_{f_{i_1}}^{\left(j\right)}......T_{f_{\mathrm{ic}}}^{\left(j\right)}\mathrm{mod}{N}^2$

${\mathrm{\&rho;}}^{\left(j\right)}=(f_{i_1}^{\left(j\right)}+f_{i_2}^{\left(j\right)}+...+f_{i_c}^{\left(j\right)})P\mathrm{mod}N$

(2) server S _jby the evidence (T calculating ^(j), ρ ^(j)) return to user;

Step 6: the evidence that user authentication servers is returned:

(1) user receives server S _jevidence (the T returning ^(j), ρ ^(j)) after, carry out operation as follows: use private key k ₂=(n, g) according to Paillier cryptographic algorithm to T ^(j)be decrypted and obtain for each 1≤r≤c, calculate then according to i _rselect carry out c time ${\mathrm{\&tau;}}^{\left(j\right)}={\mathrm{\&tau;}}^{\left(j\right)}-x_{i_r}^{\left(j\right)}\mathrm{mod}N,$ Obtain ${\mathrm{\&tau;}}^{\left(j\right)}={\mathrm{\&tau;}}^{\left(j\right)}-x_{i_r}^{\left(j\right)}\mathrm{mod}N;$

(2) checking n τ ^(j)g=ρ ^(j)if equation is set up and is proved to be successful, and server S is described _jcorrect holding has user's data; Otherwise, this server S is described _jthere is mistake in data storage;

3. interactive operation stage

Step 7: data are recovered

When user detects data memory error, user requires to download all data from server, and by Goppa code generator matrix G ^*corresponding check matrix P carries out error correction to the data of downloading, and recovers data, then the data after recovering is placed in again to the correspondence position of each server.