CN104408381A - Protection method of data integrity in cloud storage - Google Patents
Protection method of data integrity in cloud storage Download PDFInfo
- Publication number
- CN104408381A CN104408381A CN201410705930.7A CN201410705930A CN104408381A CN 104408381 A CN104408381 A CN 104408381A CN 201410705930 A CN201410705930 A CN 201410705930A CN 104408381 A CN104408381 A CN 104408381A
- Authority
- CN
- China
- Prior art keywords
- summary info
- data
- data block
- file
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a protection method of data integrity in cloud storage. The achieving method thereof comprises the following steps: firstly segmenting a data file into n data blocks before storing the data file into a cloud storage server, and using a MAC function which uses a user key k as a parameter to calculate a summary of each data block, so as to obtain the summary information of each data block; then processing each summary information with a hash function in order to obtain a storage location of each summary information in the cloud storage, and adding an identification bit S for each summary information, wherein the identification bit S indicates that whether the summary information takes up a certain storage location, and each data block has one description information, the description information is encrypted by any encryption algorithm using the user key k as a parameter; finally, storing the data file into a designated location of the cloud server, and storing the summary information consisting of the appended identification information S, the encrypted description information and the summary information at the storage location which is obtained by the hash processing.
Description
Technical field
The invention belongs to Computer Applied Technology field, relate to the guard method of the data integrity in the storage of a kind of cloud.
Background technology
Along with IT application process deeply and digital device market flourish, data volume increases exponentially, and the store and management of mass data facilitates using and developing of cloud storage.Private information is stored in Cloud Server by user, protects the integrality guarantee user of these data relieved use safely cloud stores service.During current protection cloud stores, the scheme of data integrity adopts provable data to hold (provable datapossession, PDP) and digital proof and recovery (proof of retrievability, POR) two schemes mostly.Whether PDP utilizes cloud to store modes such as calculating data parts hashed value to lose to verify high in the clouds or delete data, sending report when finding that there is corrupted data to user, and gives user and process; POR, when checking out data imperfect, can also provide data recovery function.
Summary of the invention
The present invention proposes the guard method of data integrity in the storage of a kind of cloud, is all left in Cloud Server by the summary info needed, decrease the storage overhead of user this locality when data file and checking.
Technical scheme of the present invention is as follows:
(1) MAC of data file is generated
Data file is divided into n data block, and use carries out digest calculations with the MAC function that user key k is parameter to each data block, obtains the summary info M of each data block;
(2) summary info M is utilized to calculate the memory location of M
Hash function is utilized to calculate the deposit position (a, p) of summary info M in cloud storage server to summary info M; A represents the document location storing summary, and p represents deviation post within this document; Be that each summary info adds flag S simultaneously, flag S shows whether this summary info occupies certain memory location, or whether memory location stores certain summary info, and each data block has a descriptor E, descriptor comprises filename belonging to data block and this data block position etc. in this document, and any cryptographic algorithm that to use with user key k be parameter is encrypted descriptor; Multiple blank Summary file can be set up in advance, also can along with storing increasing Dynamic Establishing and increasing blank Summary file of data.Sign position S all in each newly-established blank Summary file is free state.
(3) during difference, data file and M are stored in preposition
Data file is stored in preposition, and the descriptor E after additional identification information S, encryption and summary info M is stored in position (a, p) place; Simultaneously in order to do not found the corresponding relation between data block and the memory address of its summary info by opponent, asynchronously writing data block and its summary info, postponing or the information or upset the order of the information of writing a precis of writing a precis in batches;
(4) data verification
At Qualify Phase, user is read block Block from cloud storage server, and process operation same when data block is carried out and stored, recalculate the summary info M obtaining this data block and the deposit position being stored in the authorization information in cloud storage server, from Cloud Server, read the summary info M of this data block
c, and and recalculate the summary info M obtained and compare, if identical, then integrity verification passes through, otherwise, can confirm that data are tampered.Data block and its summary info are not read simultaneously.
The address storing summary info is obtained by hash conversion by himself, likely address conflict can be produced by the characteristic of hash function is known, when storing summary info generation address conflict, need to use clash handle function to carry out address conflict process, in order to avoid override useful information;
Each data file is divided into an isometric n data block, obtains the individual isometric summary info M of n
1, M
2..., M
n, to the deposit position (a obtaining n summary info after each summary info hash process
1, p
1), (a
2, p
2) ..., (a
n, p
n), the summary info of such n data block is not what store together, but separately store according to corresponding treatment mechanism.If known (a, p), can the memory location of this summary info of quick position.If the size of last block of data file less than one piece, can add special character and gather into one piece.
When Qualify Phase, the summary info of reading is likely that conflict occurred, and when flag is fictitious time, illustrates that data integrity is destroyed; When flag is true, when descriptor is not inconsistent, above-mentioned identical clash handle function need be adopted to carry out clash handle, to finding correct memory location to read correct authorization information, and then carry out the comparison of summary info.
The summary info of data file and data block does not store together, but separately stores, and hides the corresponding relation between their memory address, increases the difficulty that opponent analyzes.Asynchronously write data block and its summary info, prevent opponent from eavesdropping its corresponding relation.Meanwhile, after each data file piecemeal, the summary info of each data block obtained is not leave in a file yet, but is dispersed in multiple file.
The present invention can adopt user self to carry out integrity verification to the data be stored in Cloud Server, such security is also higher, also authorization information can be sent to believable third party to carry out the integrity verification of data simultaneously, reduce the computing cost of user this locality with this.
Embodiment
Set up multiple blank Summary file in advance, sign position S all in each newly-established blank Summary file is free state.
When a file is write in user Xiang Yun storage:
(1) data file is divided into an isometric n data block, every block 1MB, if last block of data file is less than 1MB, adds special character and gathers into one piece.Use obtains the individual isometric summary info M of n with the MAC function that user's secret key K is parameter
1, M
2..., M
n, to the deposit position (a obtaining n summary info after each summary info hash process
1, p
1), (a
2, p
2) ..., (a
n, p
n).A1 ..., an is Summary file, p1 ... pn is the skew in Summary file.
(2) for each summary info adds flag S, flag S shows whether this summary info occupies certain memory location, and each data block has a descriptor E, descriptor comprises filename belonging to data block and this data block position etc. in this document, and any cryptographic algorithm that to use with user key k be parameter is encrypted descriptor;
(3) data file is stored in preposition, and by multiple summary infos of the descriptor E after additional identification information S, encryption, as Mi is stored in position (ai, pi) place; Asynchronously write data block and its summary info, to postpone or batch writes a precis information or upset the order of the information of writing a precis;
When verifying its integrality to certain data block:
User is read block Block from cloud storage server, and process operation same when data block is carried out and stored, recalculate the summary info M obtaining this data block and the deposit position being stored in the authorization information in cloud storage server, from Cloud Server, read the summary info M of this data block
c, and and recalculate the summary info M obtained and compare, if identical, then integrity verification passes through, otherwise, can confirm that data are tampered.Equally, data block and its summary info are not read simultaneously.
Claims (5)
1. a data completeness protection method in cloud storage, is characterized in that:
(1) MAC of data file is generated
Data file is divided into n data block, the MAC function being parameter with user key k carries out digest calculations to each data block, obtains the summary info M of each data block;
(2) summary info M is utilized to calculate the memory location of M
Hash function is utilized to calculate the deposit position (a, p) of summary info M in cloud storage server to summary info M; A represents the document location storing summary, and p represents deviation post within this document; Be that each summary info adds flag S simultaneously, flag S shows whether this summary info occupies certain memory location, or whether memory location stores certain summary info, and each data block has a descriptor E, descriptor comprises filename belonging to data block and this data block position etc. in this document, and any cryptographic algorithm that to use with user key k be parameter is encrypted descriptor; Set up multiple blank Summary file or increasing Dynamic Establishing and increasing blank Summary file along with storage data in advance; Sign position S all in each newly-established blank Summary file is free state;
(3) during difference, data file and M are stored in preposition
Data file is stored in preposition, and the descriptor E after additional identification information S, encryption and summary info M is stored in position (a, p) place; Simultaneously in order to do not found the corresponding relation between data block and the memory address of its summary info by opponent, asynchronously writing data block and its summary info, postponing or the information or upset the order of the information of writing a precis of writing a precis in batches;
(4) data verification
At Qualify Phase, user is read block Block from cloud storage server, and process operation same when data block is carried out and stored, recalculate the summary info M obtaining this data block and the deposit position being stored in the authorization information in cloud storage server, from Cloud Server, read the summary info M of this data block
c, and and recalculate the summary info M obtained and compare, if identical, then integrity verification passes through, otherwise, confirm that data are tampered; Data block and its summary info are not read simultaneously.
2. guard method as claimed in claim 1; it is characterized in that: the address storing summary info is obtained by hash conversion by himself; likely address conflict can be produced by the characteristic of hash function is known; when storing summary info generation address conflict; need to use clash handle function to carry out address conflict process, in order to avoid override useful information.
3. guard method as claimed in claim 1 or 2, is characterized in that: each data file is divided into an isometric n data block, obtains the individual isometric summary info M of n
1, M
2..., M
n, to the deposit position (a obtaining n summary info after each summary info hash process
1, p
1), (a
2, p
2) ..., (a
n, p
n), the summary info of n data block is not what store together, but separately store according to corresponding treatment mechanism; If known (a, p), the memory location of this summary info of quick position; If the size of last block of data file less than one piece, adds special character and gathers into one piece.
4. cloud as claimed in claim 1 or 2 store in the protection scheme of data integrity, it is characterized in that: when Qualify Phase according to claim 1, the summary info read is likely that conflict occurred, and when flag is fictitious time, illustrates that data integrity is destroyed; When flag is true, when descriptor is not inconsistent, need adopts and carry out clash handle with identical clash handle function according to claim 2, to finding correct memory location to read correct authorization information, and then carrying out the comparison of summary info.
5. cloud as claimed in claim 3 store in the protection scheme of data integrity, it is characterized in that: when Qualify Phase according to claim 1, the summary info read is likely that conflict occurred, and when flag is fictitious time, illustrates that data integrity is destroyed; When flag is true, when descriptor is not inconsistent, need adopts and carry out clash handle with identical clash handle function according to claim 2, to finding correct memory location to read correct authorization information, and then carrying out the comparison of summary info.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410705930.7A CN104408381B (en) | 2014-11-27 | 2014-11-27 | Protection method of data integrity in cloud storage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410705930.7A CN104408381B (en) | 2014-11-27 | 2014-11-27 | Protection method of data integrity in cloud storage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104408381A true CN104408381A (en) | 2015-03-11 |
| CN104408381B CN104408381B (en) | 2017-04-12 |
Family
ID=52646012
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410705930.7A Expired - Fee Related CN104408381B (en) | 2014-11-27 | 2014-11-27 | Protection method of data integrity in cloud storage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104408381B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105516204A (en) * | 2016-01-27 | 2016-04-20 | 北京理工大学 | Method for high-security network data storage |
| CN105959279A (en) * | 2016-04-29 | 2016-09-21 | 大连理工大学 | Computer information transmission system and method based on encryption processing |
| CN107256359A (en) * | 2017-05-22 | 2017-10-17 | 丁爱民 | A kind of anti-data-leakage coding, coding/decoding method, apparatus and system |
| CN107480546A (en) * | 2017-08-18 | 2017-12-15 | 四川长虹电器股份有限公司 | The method that data are stored safely using public cloud |
| CN107623692A (en) * | 2017-09-29 | 2018-01-23 | 郑州云海信息技术有限公司 | A kind of method and device of data check |
| CN109362236A (en) * | 2018-08-31 | 2019-02-19 | 深圳大学 | Secure storage method of data, device, equipment and storage medium based on double clouds |
| CN109768860A (en) * | 2019-01-11 | 2019-05-17 | 广东虹勤通讯技术有限公司 | A kind of encryption method, decryption method and terminal |
| CN110175472A (en) * | 2019-05-29 | 2019-08-27 | 华南师范大学 | Information concealing method and robot system based on big data insertion and address of cache |
| CN110188553A (en) * | 2019-05-29 | 2019-08-30 | 华南师范大学 | Information concealing method and robot system based on big data and dynamic environment |
| CN112231778A (en) * | 2019-07-15 | 2021-01-15 | 丁爱民 | Data leakage-proof security method and device based on RAID system |
| CN112383504A (en) * | 2020-09-28 | 2021-02-19 | 国网山东省电力公司冠县供电公司 | Electric power thing networking block chain data management system |
| CN112398655A (en) * | 2019-08-19 | 2021-02-23 | 中移(苏州)软件技术有限公司 | File transmission method, server and computer storage medium |
| CN112560095A (en) * | 2020-12-18 | 2021-03-26 | 湖南科技学院 | Secret key updating method for cloud storage and implementation method for cloud data auditing system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102014133A (en) * | 2010-11-26 | 2011-04-13 | 清华大学 | Method for implementing safe storage system in cloud storage environment |
| CN102055795A (en) * | 2010-11-04 | 2011-05-11 | 天津曙光计算机产业有限公司 | Distributed file system metadata management method |
| CN103139149A (en) * | 2011-11-25 | 2013-06-05 | 国民技术股份有限公司 | Method and system for accessing data in cloud storage |
| CN103414690A (en) * | 2013-07-15 | 2013-11-27 | 北京航空航天大学 | Publicly-verifiable cloud data possession checking method |
| CN103607393A (en) * | 2013-11-21 | 2014-02-26 | 浪潮电子信息产业股份有限公司 | Data safety protection method based on data partitioning |
| CN103699851A (en) * | 2013-11-22 | 2014-04-02 | 杭州师范大学 | Remote data completeness verification method facing cloud storage |
-
2014
- 2014-11-27 CN CN201410705930.7A patent/CN104408381B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102055795A (en) * | 2010-11-04 | 2011-05-11 | 天津曙光计算机产业有限公司 | Distributed file system metadata management method |
| CN102014133A (en) * | 2010-11-26 | 2011-04-13 | 清华大学 | Method for implementing safe storage system in cloud storage environment |
| CN103139149A (en) * | 2011-11-25 | 2013-06-05 | 国民技术股份有限公司 | Method and system for accessing data in cloud storage |
| CN103414690A (en) * | 2013-07-15 | 2013-11-27 | 北京航空航天大学 | Publicly-verifiable cloud data possession checking method |
| CN103607393A (en) * | 2013-11-21 | 2014-02-26 | 浪潮电子信息产业股份有限公司 | Data safety protection method based on data partitioning |
| CN103699851A (en) * | 2013-11-22 | 2014-04-02 | 杭州师范大学 | Remote data completeness verification method facing cloud storage |
Non-Patent Citations (2)
| Title |
|---|
| 于洋洋: "《云存储数据完整性验证方法研究与实现》", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 * |
| 景蕊: "《分布式文件系统下数据校验策略的研究与改进》", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105516204B (en) * | 2016-01-27 | 2018-09-28 | 北京理工大学 | A kind of high security network date storage method |
| CN105516204A (en) * | 2016-01-27 | 2016-04-20 | 北京理工大学 | Method for high-security network data storage |
| CN105959279A (en) * | 2016-04-29 | 2016-09-21 | 大连理工大学 | Computer information transmission system and method based on encryption processing |
| CN107256359A (en) * | 2017-05-22 | 2017-10-17 | 丁爱民 | A kind of anti-data-leakage coding, coding/decoding method, apparatus and system |
| CN107480546A (en) * | 2017-08-18 | 2017-12-15 | 四川长虹电器股份有限公司 | The method that data are stored safely using public cloud |
| CN107623692A (en) * | 2017-09-29 | 2018-01-23 | 郑州云海信息技术有限公司 | A kind of method and device of data check |
| CN109362236A (en) * | 2018-08-31 | 2019-02-19 | 深圳大学 | Secure storage method of data, device, equipment and storage medium based on double clouds |
| CN109768860B (en) * | 2019-01-11 | 2021-10-01 | 广东虹勤通讯技术有限公司 | Encryption method, decryption method and terminal |
| CN109768860A (en) * | 2019-01-11 | 2019-05-17 | 广东虹勤通讯技术有限公司 | A kind of encryption method, decryption method and terminal |
| CN110175472A (en) * | 2019-05-29 | 2019-08-27 | 华南师范大学 | Information concealing method and robot system based on big data insertion and address of cache |
| CN110188553A (en) * | 2019-05-29 | 2019-08-30 | 华南师范大学 | Information concealing method and robot system based on big data and dynamic environment |
| CN110188553B (en) * | 2019-05-29 | 2022-07-12 | 华南师范大学 | Information hiding method based on big data and dynamic environment and robot system |
| CN112231778A (en) * | 2019-07-15 | 2021-01-15 | 丁爱民 | Data leakage-proof security method and device based on RAID system |
| CN112398655A (en) * | 2019-08-19 | 2021-02-23 | 中移(苏州)软件技术有限公司 | File transmission method, server and computer storage medium |
| CN112398655B (en) * | 2019-08-19 | 2022-06-03 | 中移(苏州)软件技术有限公司 | File transmission method, server and computer storage medium |
| CN112383504A (en) * | 2020-09-28 | 2021-02-19 | 国网山东省电力公司冠县供电公司 | Electric power thing networking block chain data management system |
| CN112560095A (en) * | 2020-12-18 | 2021-03-26 | 湖南科技学院 | Secret key updating method for cloud storage and implementation method for cloud data auditing system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104408381B (en) | 2017-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104408381A (en) | Protection method of data integrity in cloud storage | |
| CN110457945B (en) | List query method, query party device, service party device and storage medium | |
| US9256499B2 (en) | Method and apparatus of securely processing data for file backup, de-duplication, and restoration | |
| CN106790156B (en) | Intelligent device binding method and device | |
| US9304941B2 (en) | Self-encrypting flash drive | |
| US9602280B2 (en) | System and method for content encryption in a key/value store | |
| US8428265B2 (en) | Method and apparatus of securely processing data for file backup, de-duplication, and restoration | |
| US9064133B2 (en) | Method and apparatus of securely processing data for file backup, de-duplication, and restoration | |
| CN103544410B (en) | It is a kind of that embedded microprocessor is non-clones function key authentication system and method | |
| CN104954328A (en) | On-line registration and authentication method and apparatus | |
| US11017110B1 (en) | Enhanced securing of data at rest | |
| CN110620669A (en) | Data security method and system based on quantum random number | |
| CN109190401A (en) | A kind of date storage method, device and the associated component of Qemu virtual credible root | |
| CN106611135A (en) | Storage data integrity verification and recovery method | |
| CN112866227A (en) | File authorization protection method and system | |
| US9054864B2 (en) | Method and apparatus of securely processing data for file backup, de-duplication, and restoration | |
| CN104463020A (en) | Method for protecting data integrity of memory | |
| US20220237311A1 (en) | Enhanced Securing and Secured Processing of Data at Rest | |
| CN101127013A (en) | Enciphered mobile storage apparatus and its data access method | |
| CN110659522B (en) | Storage medium security authentication method and device, computer equipment and storage medium | |
| CN104135470A (en) | A method and system for verifying storage integrity of target data | |
| US9634836B1 (en) | Key shadowing | |
| CN116232639B (en) | Data transmission method, device, computer equipment and storage medium | |
| CN107480546A (en) | The method that data are stored safely using public cloud | |
| WO2023019288A1 (en) | Encryption scheme |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170412 Termination date: 20191127 |