CN104618111A - Random dynamic-based cloud application data integrity detection method - Google Patents
Random dynamic-based cloud application data integrity detection method Download PDFInfo
- Publication number
- CN104618111A CN104618111A CN201510020839.6A CN201510020839A CN104618111A CN 104618111 A CN104618111 A CN 104618111A CN 201510020839 A CN201510020839 A CN 201510020839A CN 104618111 A CN104618111 A CN 104618111A
- Authority
- CN
- China
- Prior art keywords
- data
- clouds
- detection method
- mod
- cloud application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a random dynamic-based cloud application data integrity detection method. The method comprises the following steps: operating data according to a preset algorithm before the data is transmitted to a cloud end so as to generate a check code and saving locally; transmitting the data to the cloud end to segment and store the data by the cloud end; requesting to the cloud end to receive the data, transmitting a random number to the cloud end to operate by using recombinant data and the random number by using the preset algorithm to generate the check code after recombining the segmented data by the cloud end; receiving the check code returned by the cloud end to compare with the saved check code for verification. According to the technical scheme, a function and an equivalent function thereof are verified through a dynamic random message, and a message authentication value of response of the cloud end is judged by using the equivalent function to detect the integrity on the premise that the data check value is synchronously stored.
Description
Technical field
The present invention relates to information security and cloud applied technical field, refer to a kind of cloud application data integrality detection method based on stochastic and dynamic especially.
Background technology
Cloud application is as the research application of a fast development, not being only numerous enterprises and personal user provides high-quality performance to calculate, and is just representing the advantage of low cost, rapid deployment and adjustment scale flexibly.Cloud application in enterprise's application typically refer to that run on the Internet, telescopic, manageable, be that client provides storage and the storage resources of computing demand and the set of calculating with service form.But along with enterprise informatization evolution, the countless enterprise networks of throughout world various places are producing increasing business data, these data how to realize safety in a network and the transmission of low cost becomes the challenge increasingly increased.Attend by the constantly popular of cloud computing and promote, how preserving safely and reliably the magnanimity DBMS resulting from high in the clouds and transmit also has become numerous enterprises and organization's research emphasis.
Cloud storage is that from cloud computing conception deriving out and one of new technology obtaining fast development various memory device is gathered Collaboration by the Internet by it, for enterprises and individuals provides online data storage service; Current cloud stores service has grown into one of network service with the fastest developing speed.Under cloud stores service pattern, cloud stores not only data-interface and is easy to use, and extensibility is also very strong, and the framework composition that the unnecessary consideration cloud of user stores also need not spend ask special maintenance personnel and buy associated storage device; Therefore cloud stores service is more and more welcome in vast organization.
But cloud stores service, bringing great advantage to the user simultaneously, has also conveniently suffered very large query at secure user data.An investigation result display, for the consideration of secure data area, the user up to 70% is unwilling to utilize cloud storage to deposit sensitive data.In fact, once there is all kinds of safety problem in the famous cloud service commercial city of many families such as The Linkup, Google Docs, and result in serious consequence.Until today, potential safety hazard has become cloud storage and has extensively promoted the biggest obstacle faced.
Summary of the invention
For the problem of Information Security difference in cloud application of the prior art, propose a kind of cloud application data integrality detection method based on stochastic and dynamic.
In order to achieve the above object, the embodiment of the present invention proposes a kind of cloud application data integrality detection method based on stochastic and dynamic, comprising:
Step 1, before data are sent to high in the clouds, computing is carried out to generate check code and to be kept at this locality according to preset algorithm to data;
Step 2, described data are sent to high in the clouds store after data cutting to make high in the clouds;
Step 3, when receiving data described in request receiving to described high in the clouds, a random number being sent to high in the clouds, to make high in the clouds by after the data recombination of cutting, utilizing the data of restructuring and described random code to utilize described preset algorithm to carry out computing to generate identifying code;
Step 4, receive identifying code that described high in the clouds returns to carry out contrasting to verify with the check code of described preservation.
Wherein, described step 1 is specially:
According to security parameter k, d of generating, generate PKI pk and the private key sk as check code, and the described private key sk as check code is kept at this locality; Pk=(N, g), sk=(p, q); Wherein N=pq, wherein p=2p'+1, q=2q'+1 are two Big prime, and p', q' are also prime number, and all mould N quadratic residues form a multiplication loop group QR generated by g
n;
According to pk, sk, m
mgenerate mark D
mand it is open; Wherein m is data, and tentation data m is being stored in server.M is divided into n block, m=m by isometric
1m
2m
n,
l represents the length of the data of each block; f
k: (.) represents a pseudo-random function,
Wherein, described step 2 is specially:
Described data are sent to high in the clouds to store after data cutting to make high in the clouds; Wherein high in the clouds is to each data block m
i, generate data block m
imark
its D
m={ D
1, D
2..., D
n; I ∈ 1,2 ..., n}.
Wherein, described step 3 is specially:
Generate random key r ∈ [1,2
k-1] and one random element s ∈ Z
n-0}, and calculate g
s=g
smodN, sends checking request chal=<r, g
s> to high in the clouds, to make high in the clouds according to the checking request chal=<r received, g
s>, generates a column data index a
1, a
2..., a
n; And by recursive calculation f
r(i), i ∈ 1,2 ..., n}, generates identifying code R, wherein
Wherein, described step 4 is specially:
Receive the identifying code R that high in the clouds returns, and calculate a column data index { a according to identifying code R
i}
i=1,2 ...., n, and calculate final identifying code R' with this; Wherein R'=P
smodN; Wherein
Judge whether following formula is set up, and is if it is verified:
The beneficial effect of technique scheme of the present invention is as follows:
Technique scheme is by dynamic random message authentication function and equivalent function thereof, and under the prerequisite of stores synchronized data verification value, the message authentication value of high in the clouds response is to detect integrality to utilize equivalent function to judge.Analysis result shows, correctly can detect integrality under the difficulty hypothesis that the program is decomposed at large number, and only needs the amount of calculation of user side constant when running, stores occupancy and Internet traffic, and existing scheme of comparing has obvious odds for effectiveness.
Accompanying drawing explanation
Fig. 1 is the structural schematic block diagram of the embodiment of the present invention;
Fig. 2 is the safety detecting system interfacial structure schematic block diagram of the embodiment of the present invention.
Embodiment
For making the technical problem to be solved in the present invention, technical scheme and advantage clearly, be described in detail below in conjunction with accompanying drawing and instantiation.
(1) in client, user, to the first computing of uploading data, generates corresponding unique value, is stored in this locality;
(2) in client, user uploads data to high in the clouds;
(3) beyond the clouds, data are stored, and memory location is by the Random assignment of cloud management server;
(4) in client, user needs downloading data, for ensureing the fail safe of stored data, carries out integrity detection to high in the clouds data;
(5) in client, generate a random number and pass to high in the clouds;
(6) beyond the clouds, the random number received and user data are carried out integral algorithm computing by cloud management server, obtain a numerical value, and this numerical value is returned to client;
(7) in client, the result of the unique value that the numerical value received and this locality store by user and random number computing compares, if unanimously, then prove that user data is complete, otherwise user data is tampered.
Algorithm in described step (1) adopts evidence method of calibration.The number passing to high in the clouds in described step (5) belongs to stochastic generation.Numerical value in described step (6) can the dynamic change along with the change of random number.
Below by a concrete example, the present invention is further described:
Suppose that document m is stored in server.M is divided into n block, m=m by isometric
1m
2m
n,
l represents the length of the data of each block.F
k: (.) represents a pseudo-random function, namely
K, d are security parameter.
Data integrity check scheme is divided into 5 steps: establishment stage, mark generation phase, inquiry stage, evidence generation phase and evidence verification stage.
Establishment stage: Setup (1
k) → (pk, sk), given security parameter k, generate PKI pk and private key sk, private key by user secret preserve.
Mark generation phase: TagGen (pk, sk, m) → D
m.Given pk, sk, m
m, generate a mark D
m, and open.
Inquiry stage: Challenge (pk, D
m) → chal, verifier sends request chal to storage server, thus the authenticity of identifying file m.
Evidence generation phase GenProof (pk, D
m, m, chal) and → R, server calculates the response R about request chal, and R is sent to verifier.
Qualify Phase CheckProof (pk, D
m, chal, R) → { 0,1}, the validity of verifier's checking R if effectively, export 1, otherwise export 0.
Concrete scheme designs
Establishment stage: Setup (1
k) → (pk, sk).Make N=pq, wherein p=2p'+1, q=2q'+1 are two Big prime, and p', q' are also prime number.All mould N quadratic residues form a multiplication loop group QR generated by g
n.Make pk=(N, g), sk=(p, q).
Mark generation phase: TagGen (pk, sk, m) → D
m, to arbitrary data block m
i, i ∈ 1,2 ..., n}, user's calculated data block m
imark.
Make D
m={ D
1, D
2..., D
n, calculate all data block marks, user's uploading data m is to storage server.
Inquiry stage: Challenge (pk, D
m) → chal, in order to the integrality of verification msg m, verifier generates a random key r ∈ [1,2
k-1] and one random element s ∈ Z
n-{ 0}, verifier calculates g
s=g
smodN, sends chal=<r, g
s> is to storage server.
Evidence generation phase Gen Proof (pk, D
m, m, chal) and → R.When server receives chal=<r, g
s>, generates a column data index a
1, a
2..., a
nby recursive calculation f
r(i), i ∈ 1,2 ..., n}, server calculates
finally R is sent to verifier.
Qualify Phase Check Proof (pk, D
m, chal, R) and → { 0,1}.When verifier receives R, calculate { a
i}
i=1,2 ...., n, finally calculate R' as follows.
R'=P
smodN, if R=R', exports 1, otherwise exports 0.
Correctness can be provided by following formula
The above is the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the prerequisite not departing from principle of the present invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (7)
1., based on a cloud application data integrality detection method for stochastic and dynamic, it is characterized in that, comprising:
Step 1, before data are sent to high in the clouds, computing is carried out to generate check code and to be kept at this locality according to preset algorithm to data;
Step 2, described data are sent to high in the clouds store after data cutting to make high in the clouds;
Step 3, when receiving data described in request receiving to described high in the clouds, a random number being sent to high in the clouds, to make high in the clouds by after the data recombination of cutting, utilizing the data of restructuring and described random code to utilize described preset algorithm to carry out computing to generate identifying code;
Step 4, receive identifying code that described high in the clouds returns to carry out contrasting to verify with the check code of described preservation.
2. the cloud application data integrality detection method based on stochastic and dynamic according to claim 1, it is characterized in that, described preset algorithm is evidence method of calibration.
3. the cloud application data integrality detection method based on stochastic and dynamic according to claim 1, it is characterized in that, described identifying code changes with the change of described random number.
4. the cloud application data integrality detection method based on stochastic and dynamic according to claim 1 or 2 or 3, it is characterized in that, described step 1 is specially:
According to security parameter k, d of generating, generate PKI pk and the private key sk as check code, and the described private key sk as check code is kept at this locality; Pk=(N, g), sk=(p, q); Wherein N=pq, wherein p=2p'+1, q=2q'+1 are two Big prime, and p', q' are also prime number, and all mould N quadratic residues form a multiplication loop group QR generated by g
n;
According to pk, sk, m
mgenerate mark D
mand it is open; Wherein m is data, and tentation data m is being stored in server; M is divided into n block, m=m by isometric
1m
2m
n,
l represents the length of the data of each block; f
k: (.) represents a pseudo-random function,
5. the cloud application data integrality detection method based on stochastic and dynamic according to claim 4, it is characterized in that, described step 2 is specially:
Described data are sent to high in the clouds to store after data cutting to make high in the clouds; Wherein high in the clouds is to each data block m
i, generate data block m
imark
its D
m={ D
1, D
2..., D
n; I ∈ 1,2 ..., n}.
6. the cloud application data integrality detection method based on stochastic and dynamic according to claim 5, it is characterized in that, described step 3 is specially:
Generate random key r ∈ [1,2
k-1] and one random element s ∈ Z
n-0}, and calculate g
s=g
smodN, sends checking request chal=<r, g
s> to high in the clouds, to make high in the clouds according to the checking request chal=<r received, g
s>, generates a column data index a
1, a
2..., a
n; And by recursive calculation f
r(i), i ∈ 1,2 ..., n}, generates identifying code R, wherein
7. the cloud application data integrality detection method based on stochastic and dynamic according to claim 6, it is characterized in that, described step 4 is specially:
Receive the identifying code R that high in the clouds returns, and calculate a column data index { a according to identifying code R
i}
i=1,2 ...., n, and calculate final identifying code R' with this; Wherein R'=P
smodN; Wherein
Judge whether following formula is set up, and is if it is verified:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510020839.6A CN104618111A (en) | 2015-01-16 | 2015-01-16 | Random dynamic-based cloud application data integrity detection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510020839.6A CN104618111A (en) | 2015-01-16 | 2015-01-16 | Random dynamic-based cloud application data integrity detection method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104618111A true CN104618111A (en) | 2015-05-13 |
Family
ID=53152405
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510020839.6A Pending CN104618111A (en) | 2015-01-16 | 2015-01-16 | Random dynamic-based cloud application data integrity detection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104618111A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107612897A (en) * | 2017-09-07 | 2018-01-19 | 唐冬香 | A kind of data transmission method |
CN109361509A (en) * | 2018-10-25 | 2019-02-19 | 杭州隐知科技有限公司 | A kind of random digit generation method, device and storage medium |
CN112182662A (en) * | 2020-09-09 | 2021-01-05 | 北京科技大学 | Agile development cloud platform-oriented data integrity verification method and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090171878A1 (en) * | 2007-12-29 | 2009-07-02 | Nec (China) Co., Ltd. | Provable data integrity verifying method, apparatuses and system |
CN102647433A (en) * | 2012-05-21 | 2012-08-22 | 北京航空航天大学 | Efficient cloud storage data possession verification method |
CN103067363A (en) * | 2012-12-20 | 2013-04-24 | 华中科技大学 | Index conversion method for public data integrity checking |
CN104009847A (en) * | 2014-05-14 | 2014-08-27 | 国家电网公司 | Big data storage integrity verification method based on lattices |
CN104052819A (en) * | 2014-06-27 | 2014-09-17 | 西安电子科技大学 | Method for verifying integrity of cloud data stored in multiple geographic positions |
-
2015
- 2015-01-16 CN CN201510020839.6A patent/CN104618111A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090171878A1 (en) * | 2007-12-29 | 2009-07-02 | Nec (China) Co., Ltd. | Provable data integrity verifying method, apparatuses and system |
CN102647433A (en) * | 2012-05-21 | 2012-08-22 | 北京航空航天大学 | Efficient cloud storage data possession verification method |
CN103067363A (en) * | 2012-12-20 | 2013-04-24 | 华中科技大学 | Index conversion method for public data integrity checking |
CN104009847A (en) * | 2014-05-14 | 2014-08-27 | 国家电网公司 | Big data storage integrity verification method based on lattices |
CN104052819A (en) * | 2014-06-27 | 2014-09-17 | 西安电子科技大学 | Method for verifying integrity of cloud data stored in multiple geographic positions |
Non-Patent Citations (1)
Title |
---|
XIANGTAO YAN等: "A Wew Remote Data Integrity Checking Scheme for Cloud storage With Privacy Preserving", 《IEEE》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107612897A (en) * | 2017-09-07 | 2018-01-19 | 唐冬香 | A kind of data transmission method |
CN109361509A (en) * | 2018-10-25 | 2019-02-19 | 杭州隐知科技有限公司 | A kind of random digit generation method, device and storage medium |
CN112182662A (en) * | 2020-09-09 | 2021-01-05 | 北京科技大学 | Agile development cloud platform-oriented data integrity verification method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Stokkink et al. | Deployment of a blockchain-based self-sovereign identity | |
CN102647433B (en) | Efficient cloud storage data possession verification method | |
CN103425941B (en) | The verification method of cloud storage data integrity, equipment and server | |
CN103514410A (en) | Dependable preservation and evidence collection system and method for electronic contract | |
EP3395031B1 (en) | Method for providing a proof of retrievability | |
CN104811300A (en) | Secret key updating method for cloud storage and implementation method of cloud data auditing system | |
CN105007161B (en) | A kind of fuzzy keyword public key search encryption method of trapdoor None- identified | |
CN102355459B (en) | TPM (Trusted Platform Module)-based trusted Web page realization method | |
CN104539582A (en) | Continuous variable quantum key distribution (CVQKD) security defense method | |
PT2648170E (en) | A method for detecting a speed violation of a vehicle | |
CN110310176B (en) | Data encryption method and device based on block chain network | |
CN111753334B (en) | Method and device for verifying consistency of data across alliance chains and electronic equipment | |
CN105515778B (en) | Cloud storage data integrity services signatures method | |
CN103220146B (en) | Zero Knowledge digital signature method based on multivariate public key cryptosystem | |
CN103986732A (en) | Cloud storage data auditing method for preventing secret key from being revealed | |
CN104184724A (en) | Location privacy based ring signature method in Internet of vehicles | |
CN103326856B (en) | Cloud based on two-way digital signature stores data responsibility confirmation structure and method | |
CN104601586A (en) | Publicly verifiable outsourcing statistical method | |
CN104618111A (en) | Random dynamic-based cloud application data integrity detection method | |
CN103067374A (en) | Data safety audit method based on identification | |
Lahiri et al. | A trustworthy blockchain based framework for impregnable IoV in edge computing | |
CN103973703A (en) | Request method for safety of data exchange between application program and server | |
CN106209365A (en) | The method that Backup Data is heavily signed is utilized when user cancels under cloud environment | |
CN106375344A (en) | Intelligent grid load integrity attack detection method for cloud storage | |
CN114329621A (en) | Block chain cross-chain interactive data integrity verification method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150513 |