CN104618111A - Random dynamic-based cloud application data integrity detection method - Google Patents

Abstract

The invention discloses a random dynamic-based cloud application data integrity detection method. The method comprises the following steps: operating data according to a preset algorithm before the data is transmitted to a cloud end so as to generate a check code and saving locally; transmitting the data to the cloud end to segment and store the data by the cloud end; requesting to the cloud end to receive the data, transmitting a random number to the cloud end to operate by using recombinant data and the random number by using the preset algorithm to generate the check code after recombining the segmented data by the cloud end; receiving the check code returned by the cloud end to compare with the saved check code for verification. According to the technical scheme, a function and an equivalent function thereof are verified through a dynamic random message, and a message authentication value of response of the cloud end is judged by using the equivalent function to detect the integrity on the premise that the data check value is synchronously stored.

Description

A kind of cloud application data integrality detection method based on stochastic and dynamic

Technical field

The present invention relates to information security and cloud applied technical field, refer to a kind of cloud application data integrality detection method based on stochastic and dynamic especially.

Background technology

Cloud application is as the research application of a fast development, not being only numerous enterprises and personal user provides high-quality performance to calculate, and is just representing the advantage of low cost, rapid deployment and adjustment scale flexibly.Cloud application in enterprise's application typically refer to that run on the Internet, telescopic, manageable, be that client provides storage and the storage resources of computing demand and the set of calculating with service form.But along with enterprise informatization evolution, the countless enterprise networks of throughout world various places are producing increasing business data, these data how to realize safety in a network and the transmission of low cost becomes the challenge increasingly increased.Attend by the constantly popular of cloud computing and promote, how preserving safely and reliably the magnanimity DBMS resulting from high in the clouds and transmit also has become numerous enterprises and organization's research emphasis.

Cloud storage is that from cloud computing conception deriving out and one of new technology obtaining fast development various memory device is gathered Collaboration by the Internet by it, for enterprises and individuals provides online data storage service; Current cloud stores service has grown into one of network service with the fastest developing speed.Under cloud stores service pattern, cloud stores not only data-interface and is easy to use, and extensibility is also very strong, and the framework composition that the unnecessary consideration cloud of user stores also need not spend ask special maintenance personnel and buy associated storage device; Therefore cloud stores service is more and more welcome in vast organization.

But cloud stores service, bringing great advantage to the user simultaneously, has also conveniently suffered very large query at secure user data.An investigation result display, for the consideration of secure data area, the user up to 70% is unwilling to utilize cloud storage to deposit sensitive data.In fact, once there is all kinds of safety problem in the famous cloud service commercial city of many families such as The Linkup, Google Docs, and result in serious consequence.Until today, potential safety hazard has become cloud storage and has extensively promoted the biggest obstacle faced.

Summary of the invention

For the problem of Information Security difference in cloud application of the prior art, propose a kind of cloud application data integrality detection method based on stochastic and dynamic.

In order to achieve the above object, the embodiment of the present invention proposes a kind of cloud application data integrality detection method based on stochastic and dynamic, comprising:

Step 1, before data are sent to high in the clouds, computing is carried out to generate check code and to be kept at this locality according to preset algorithm to data;

Step 2, described data are sent to high in the clouds store after data cutting to make high in the clouds;

Step 3, when receiving data described in request receiving to described high in the clouds, a random number being sent to high in the clouds, to make high in the clouds by after the data recombination of cutting, utilizing the data of restructuring and described random code to utilize described preset algorithm to carry out computing to generate identifying code;

Step 4, receive identifying code that described high in the clouds returns to carry out contrasting to verify with the check code of described preservation.

Wherein, described step 1 is specially:

According to security parameter k, d of generating, generate PKI pk and the private key sk as check code, and the described private key sk as check code is kept at this locality; Pk=(N, g), sk=(p, q); Wherein N=pq, wherein p=2p'+1, q=2q'+1 are two Big prime, and p', q' are also prime number, and all mould N quadratic residues form a multiplication loop group QR generated by g _n;

According to pk, sk, m _mgenerate mark D _mand it is open; Wherein m is data, and tentation data m is being stored in server.M is divided into n block, m=m by isometric ₁m ₂m _n, l represents the length of the data of each block; f _k: (.) represents a pseudo-random function,

Wherein, described step 2 is specially:

Described data are sent to high in the clouds to store after data cutting to make high in the clouds; Wherein high in the clouds is to each data block m _i, generate data block m _imark its D _m={ D ₁, D ₂..., D _n; I ∈ 1,2 ..., n}.

Wherein, described step 3 is specially:

Generate random key r ∈ [1,2 ^k-1] and one random element s ∈ Z _n-0}, and calculate g _s=g ^smodN, sends checking request chal=<r, g _s> to high in the clouds, to make high in the clouds according to the checking request chal=<r received, g _s>, generates a column data index a ₁, a ₂..., a _n; And by recursive calculation f _r(i), i ∈ 1,2 ..., n}, generates identifying code R, wherein $R={\left(g_s\right)}^{\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}{a}_i{m}_i}\mathrm{mod}N.$

Wherein, described step 4 is specially:

Receive the identifying code R that high in the clouds returns, and calculate a column data index { a according to identifying code R _i} _{i=1,2 ...., n}, and calculate final identifying code R' with this; Wherein R'=P ^smodN; Wherein

Judge whether following formula is set up, and is if it is verified:

$P=\underset{i=1}{\overset{n}{\mathrm{\&Pi;}}}\left(D_i^{a_i}\mathrm{mod}N\right)\mathrm{mod}N=g^{\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}{a}_i{m}_i\mathrm{mod}N}$

$R^{\&prime;}=P^s\mathrm{mod}N=g^{s\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}{a}_i{m}_i\mathrm{mod}N}={g_s}^{\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}{a}_i{m}_i\mathrm{mod}N}=R.$

The beneficial effect of technique scheme of the present invention is as follows:

Technique scheme is by dynamic random message authentication function and equivalent function thereof, and under the prerequisite of stores synchronized data verification value, the message authentication value of high in the clouds response is to detect integrality to utilize equivalent function to judge.Analysis result shows, correctly can detect integrality under the difficulty hypothesis that the program is decomposed at large number, and only needs the amount of calculation of user side constant when running, stores occupancy and Internet traffic, and existing scheme of comparing has obvious odds for effectiveness.

Accompanying drawing explanation

Fig. 1 is the structural schematic block diagram of the embodiment of the present invention;

Fig. 2 is the safety detecting system interfacial structure schematic block diagram of the embodiment of the present invention.

Embodiment

For making the technical problem to be solved in the present invention, technical scheme and advantage clearly, be described in detail below in conjunction with accompanying drawing and instantiation.

(1) in client, user, to the first computing of uploading data, generates corresponding unique value, is stored in this locality;

(2) in client, user uploads data to high in the clouds;

(3) beyond the clouds, data are stored, and memory location is by the Random assignment of cloud management server;

(4) in client, user needs downloading data, for ensureing the fail safe of stored data, carries out integrity detection to high in the clouds data;

(5) in client, generate a random number and pass to high in the clouds;

(6) beyond the clouds, the random number received and user data are carried out integral algorithm computing by cloud management server, obtain a numerical value, and this numerical value is returned to client;

(7) in client, the result of the unique value that the numerical value received and this locality store by user and random number computing compares, if unanimously, then prove that user data is complete, otherwise user data is tampered.

Algorithm in described step (1) adopts evidence method of calibration.The number passing to high in the clouds in described step (5) belongs to stochastic generation.Numerical value in described step (6) can the dynamic change along with the change of random number.

Below by a concrete example, the present invention is further described:

Suppose that document m is stored in server.M is divided into n block, m=m by isometric ₁m ₂m _n, l represents the length of the data of each block.F _k: (.) represents a pseudo-random function, namely

$f:{\left\{\mathrm{0,1}\right\}}^k\&times;{\left\{\mathrm{0,1}\right\}}^{{\log }_2\left(n\right)}\&RightArrow;{\left\{\mathrm{0,1}\right\}}^d$

K, d are security parameter.

Data integrity check scheme is divided into 5 steps: establishment stage, mark generation phase, inquiry stage, evidence generation phase and evidence verification stage.

Establishment stage: Setup (1 ^k) → (pk, sk), given security parameter k, generate PKI pk and private key sk, private key by user secret preserve.

Mark generation phase: TagGen (pk, sk, m) → D _m.Given pk, sk, m _m, generate a mark D _m, and open.

Inquiry stage: Challenge (pk, D _m) → chal, verifier sends request chal to storage server, thus the authenticity of identifying file m.

Evidence generation phase GenProof (pk, D _m, m, chal) and → R, server calculates the response R about request chal, and R is sent to verifier.

Qualify Phase CheckProof (pk, D _m, chal, R) → { 0,1}, the validity of verifier's checking R if effectively, export 1, otherwise export 0.

Concrete scheme designs

Establishment stage: Setup (1 ^k) → (pk, sk).Make N=pq, wherein p=2p'+1, q=2q'+1 are two Big prime, and p', q' are also prime number.All mould N quadratic residues form a multiplication loop group QR generated by g _n.Make pk=(N, g), sk=(p, q).

Mark generation phase: TagGen (pk, sk, m) → D _m, to arbitrary data block m _i, i ∈ 1,2 ..., n}, user's calculated data block m _imark.

$D_i=\left(g^{m_i}\right)\mathrm{mod}N$

Make D _m={ D ₁, D ₂..., D _n, calculate all data block marks, user's uploading data m is to storage server.

Inquiry stage: Challenge (pk, D _m) → chal, in order to the integrality of verification msg m, verifier generates a random key r ∈ [1,2 ^k-1] and one random element s ∈ Z _n-{ 0}, verifier calculates g _s=g ^smodN, sends chal=<r, g _s> is to storage server.

Evidence generation phase Gen Proof (pk, D _m, m, chal) and → R.When server receives chal=<r, g _s>, generates a column data index a ₁, a ₂..., a _nby recursive calculation f _r(i), i ∈ 1,2 ..., n}, server calculates

finally R is sent to verifier.

Qualify Phase Check Proof (pk, D _m, chal, R) and → { 0,1}.When verifier receives R, calculate { a _i} _{i=1,2 ...., n}, finally calculate R' as follows.

$P=\underset{I=1}{\overset{n}{\mathrm{\&Pi;}}}\left(D_i^{a_i}\mathrm{mod}N\right)\mathrm{mod}N$

R'=P ^smodN, if R=R', exports 1, otherwise exports 0.

Correctness can be provided by following formula

$P=\underset{i=1}{\overset{n}{\mathrm{\&Pi;}}}\left(D_i^{a_i}\mathrm{mod}N\right)\mathrm{mod}N=g^{\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}{a}_i{m}_i\mathrm{mod}N}$

$R^{\&prime;}=P^s\mathrm{mod}N=g^{s\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}{a}_i{m}_i\mathrm{mod}N}={g_s}^{\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}{a}_i{m}_i\mathrm{mod}N}=R.$

The above is the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the prerequisite not departing from principle of the present invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.

Claims (7)

1., based on a cloud application data integrality detection method for stochastic and dynamic, it is characterized in that, comprising:

Step 1, before data are sent to high in the clouds, computing is carried out to generate check code and to be kept at this locality according to preset algorithm to data;

Step 2, described data are sent to high in the clouds store after data cutting to make high in the clouds;

Step 3, when receiving data described in request receiving to described high in the clouds, a random number being sent to high in the clouds, to make high in the clouds by after the data recombination of cutting, utilizing the data of restructuring and described random code to utilize described preset algorithm to carry out computing to generate identifying code;

Step 4, receive identifying code that described high in the clouds returns to carry out contrasting to verify with the check code of described preservation.

2. the cloud application data integrality detection method based on stochastic and dynamic according to claim 1, it is characterized in that, described preset algorithm is evidence method of calibration.

3. the cloud application data integrality detection method based on stochastic and dynamic according to claim 1, it is characterized in that, described identifying code changes with the change of described random number.

4. the cloud application data integrality detection method based on stochastic and dynamic according to claim 1 or 2 or 3, it is characterized in that, described step 1 is specially:

According to security parameter k, d of generating, generate PKI pk and the private key sk as check code, and the described private key sk as check code is kept at this locality; Pk=(N, g), sk=(p, q); Wherein N=pq, wherein p=2p'+1, q=2q'+1 are two Big prime, and p', q' are also prime number, and all mould N quadratic residues form a multiplication loop group QR generated by g _n;

According to pk, sk, m _mgenerate mark D _mand it is open; Wherein m is data, and tentation data m is being stored in server; M is divided into n block, m=m by isometric ₁m ₂m _n, l represents the length of the data of each block; f _k: (.) represents a pseudo-random function,

5. the cloud application data integrality detection method based on stochastic and dynamic according to claim 4, it is characterized in that, described step 2 is specially:

Described data are sent to high in the clouds to store after data cutting to make high in the clouds; Wherein high in the clouds is to each data block m _i, generate data block m _imark its D _m={ D ₁, D ₂..., D _n; I ∈ 1,2 ..., n}.

6. the cloud application data integrality detection method based on stochastic and dynamic according to claim 5, it is characterized in that, described step 3 is specially:

Generate random key r ∈ [1,2 ^k-1] and one random element s ∈ Z _n-0}, and calculate g _s=g ^smodN, sends checking request chal=<r, g _s> to high in the clouds, to make high in the clouds according to the checking request chal=<r received, g _s>, generates a column data index a ₁, a ₂..., a _n; And by recursive calculation f _r(i), i ∈ 1,2 ..., n}, generates identifying code R, wherein $R={\left(g_s\right)}^{\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}{a}_i{m}_i}\mathrm{mod}N.$

7. the cloud application data integrality detection method based on stochastic and dynamic according to claim 6, it is characterized in that, described step 4 is specially:

Receive the identifying code R that high in the clouds returns, and calculate a column data index { a according to identifying code R _i} _{i=1,2 ...., n}, and calculate final identifying code R' with this; Wherein R'=P ^smodN; Wherein

Judge whether following formula is set up, and is if it is verified:

$P=\underset{i=1}{\overset{n}{\mathrm{\&Pi;}}}\left(D_i^{a_i}\mathrm{mod}N\right)\mathrm{mod}N=g^{\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}{a}_i{m}_i\mathrm{mod}N}$

$R^{\&prime;}=P^s\mathrm{mod}N=g^{s\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}{a}_i{m}_i\mathrm{mod}N}={g_s}^{\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}{a}_i{m}_i\mathrm{mod}N}=R.$