CN104994069A - Cloud-storage data integrity proving method based on data repeatability verification - Google Patents
Cloud-storage data integrity proving method based on data repeatability verification Download PDFInfo
- Publication number
- CN104994069A CN104994069A CN201510272790.3A CN201510272790A CN104994069A CN 104994069 A CN104994069 A CN 104994069A CN 201510272790 A CN201510272790 A CN 201510272790A CN 104994069 A CN104994069 A CN 104994069A
- Authority
- CN
- China
- Prior art keywords
- data
- mark
- data block
- cloud
- integrity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000012795 verification Methods 0.000 title claims abstract description 10
- 230000003252 repetitive effect Effects 0.000 abstract 1
- 238000012550 audit Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- AVPYQKSLYISFPO-UHFFFAOYSA-N 4-chlorobenzaldehyde Chemical compound ClC1=CC=C(C=O)C=C1 AVPYQKSLYISFPO-UHFFFAOYSA-N 0.000 description 1
- 102100036360 Cadherin-3 Human genes 0.000 description 1
- 101000714553 Homo sapiens Cadherin-3 Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000002372 labelling Methods 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cloud-storage data integrity proving method based on data repeatability verification. The proving method comprises steps that when a user outsources data to a cloud server, the cloud server will firstly checks whether the data is repeated; if it is, the server will mark the repetitive rate of a data block and tells the user not to upload the data since there has been the data; and the user will mark the repeated data, so the user will focus on the integrity verification of unrepeated data when examining the integrity of data. Based on data repeatability verification, integrity verification is mainly carried out for the unrepeated data, so efficiency of a data integrity check is greatly increased.
Description
Technical field
The invention belongs to cloud technical field of memory, particularly based on the cloud integrity of data stored method of proof of data redundancy checking.
Background technology
Under cloud storage environment, when its data to be contracted out to the physical control just lost after on Cloud Server these data by user.For ensureing the integrality of outsourcing data, on 2007 ACM Computers and Communication security conference (CCS ' 07), the people such as Ateniese propose the concept of data existence proof PDP under cloud environment.After this, the multiple cloud integrity of data stored method of proof verified is suggested.But according to statistics, in Cloud Server, the data of about 75% are repetitions, for improving the efficiency stored, researcher proposes data de-duplication technology (data deduplication).Consider from validity and fail safe two aspect, need this respect combine with technique, the efficiency that can improve cloud storage can provide again the checking of data integrity simultaneously.In 2012, Zheng etc. proposed Proof of Storage with Deduplication (POSD) scheme, and first time considers from validity and fail safe two aspect the fail safe that cloud stores data.The people such as Shin improves its fail safe subsequently.The people such as Yuan in 2013 propose Public and Constant cost storage integrity Auditing scheme with secure Deduplication PCAD) scheme.But these schemes are all the data integrity validation schemes with removing repeating data function, just simply having property of data proof and data integrity audit are superimposed, do not make full use of the advantage of Data duplicationization operation, and employ the low Bilinear map computing of operation efficiency in a large number.
Summary of the invention
In order to solve the technical problem that above-mentioned background technology proposes, the present invention aims to provide the cloud integrity of data stored method of proof based on data redundancy checking, utilize data redundancy to verify, emphasis carries out integrity verification to unduplicated data, substantially increases the efficiency of data integrity audit.
In order to realize above-mentioned technical purpose, technical scheme of the present invention is:
Based on the cloud integrity of data stored method of proof of data redundancy checking, comprise the following steps:
(1) data owner A uses correcting and eleting codes to encode to data file F ', obtains the data file F after encoding, carries out piecemeal, i.e. F={m to data file F
1, m
2...., m
n, and to each data block m
ibe encrypted and mark, obtain corresponding ciphertext C
iwith mark T
i, by the set { C of ciphertext
iand mark set { T
ibe uploaded to Cloud Server, and wherein, i is the numbering of data block, i=1,2 ..., n;
(2) data owner B carries out piecemeal to data file F ', i.e. F '=m '
1, m '
2...., m '
n, and to each data block m '
ibe encrypted and mark, obtain corresponding ciphertext C '
iwith mark T '
i, by mark set T '
ibe uploaded to Cloud Server, Cloud Server is incited somebody to action T '
iwith { the T to have stored
icompare, if mark equal, then illustrate that data block repeats, Cloud Server notification data owner B only uploads unduplicated data block ciphertext, and whether data owner B repeats record to data block;
(3) data owner B Stochastic choice from unduplicated data block needs the data block numbering of carrying out integrity verification, the set that data block is numbered is sent to Cloud Server, the ciphertext that Cloud Server retrieve data block number is corresponding also sends it back data owner B, data owner B calculates the mark of the ciphertext beamed back by Cloud Server, and the mark calculated and the local mark stored are compared, if mark equal, then illustrate that data block is complete, otherwise illustrate that data block is imperfect.
Further, described in step (1), correcting and eleting codes is Reed-Solomon.
Further, in step (1), data block to be encrypted and the concrete steps that mark: calculate each data block m
ikey k
i=h (m
i), then use encryption method to calculate ciphertext C
i, and calculate mark T
i=H (C
i), wherein, h () and H () is hash computing.
Further, above-mentioned encryption method is message-locked encryption, i.e. C
i=E
ki(m
i), wherein, E
ki() is symmetric encipherment algorithm.
Further, above-mentioned symmetric encipherment algorithm is AES.
Adopt the beneficial effect that technique scheme is brought:
(1) verifying whether a secondary data repeats, is exactly the work having carried out a data integrity audit in fact.According to statistics, about cloud has the data of 75% to be repetition in storing, therefore the present invention first verifies the work providing data integrity to audit by data redundancy, then emphasis to unduplicated 25% data carry out cloud integrity of data stored method of proof to verify its integrality, substantially increase data integrity audit efficiency;
(2) the present invention only uses hash function and symmetric encipherment algorithm, on the work station of Intel Core 2 2.5GHz, with the speed operation more than 100MB/ second, the mark with verification msg block can be produced, operation efficiency is very high, is with a wide range of applications.
Accompanying drawing explanation
Fig. 1 is basic flow sheet of the present invention.
Embodiment
Below with reference to accompanying drawing, technical scheme of the present invention is described in detail.
Basic flow sheet of the present invention as shown in Figure 1, based on the cloud integrity of data stored method of proof of data redundancy checking, comprises the following steps:
(1) data owner A uses correcting and eleting codes to encode to data file F ', obtains the data file F after encoding, carries out piecemeal, i.e. F={m to data file F
1, m
2...., m
n, and to each data block m
ibe encrypted and mark, obtain corresponding ciphertext C
iwith mark T
i, by the set { C of ciphertext
iand mark set { T
ibe uploaded to Cloud Server, and wherein, i is the numbering of data block, i=1,2 ..., n;
(2) data owner B carries out piecemeal to data file F ', i.e. F '=m '
1, m '
2...., m '
n, and to each data block m '
ibe encrypted and mark, obtain corresponding ciphertext C '
iwith mark T '
i, by mark set T '
ibe uploaded to Cloud Server, Cloud Server is incited somebody to action T '
iwith { the T to have stored
icompare, if mark equal, then illustrate that data block repeats, Cloud Server notification data owner B only uploads unduplicated data block ciphertext, and whether data owner B repeats record to data block;
(3) data owner B Stochastic choice from unduplicated data block needs the data block numbering of carrying out integrity verification, the set that data block is numbered is sent to Cloud Server, the ciphertext that Cloud Server retrieve data block number is corresponding also sends it back data owner B, data owner B calculates the mark of the ciphertext beamed back by Cloud Server, and the mark calculated and the local mark stored are compared, if mark equal, then illustrate that data block is complete, otherwise illustrate that data block is imperfect.
Above-mentioned steps (1)-step (3) adopts identical encryption method and labeling method.
In the present embodiment, described in step (1), correcting and eleting codes is Reed-Solomon.
In the present embodiment, in step (1), data block to be encrypted and the concrete steps that mark: calculate each data block m
ikey k
i=h (m
i), then use encryption method to calculate ciphertext C
i, and calculate mark T
i=H (C
i), wherein, h () and H () is hash computing.
In the present embodiment, above-mentioned encryption method is message-locked encryption, i.e. C
i=E
ki(m
i), wherein, E
ki() is symmetric encipherment algorithm.
In the present embodiment, above-mentioned symmetric encipherment algorithm is AES(Advanced Encryption Standard).
Above embodiment is only and technological thought of the present invention is described, can not limit protection scope of the present invention with this, and every technological thought proposed according to the present invention, any change that technical scheme basis is done, all falls within scope.
Claims (5)
1., based on the cloud integrity of data stored method of proof of data redundancy checking, it is characterized in that, comprise the following steps:
(1) data owner A uses correcting and eleting codes to encode to data file F ', obtains the data file F after encoding, carries out piecemeal, i.e. F={m to data file F
1, m
2...., m
n, and to each data block m
ibe encrypted and mark, obtain corresponding ciphertext C
iwith mark T
i, by the set { C of ciphertext
iand mark set { T
ibe uploaded to Cloud Server, and wherein, i is the numbering of data block, i=1,2 ..., n;
(2) data owner B carries out piecemeal to data file F ', i.e. F '=m '
1, m '
2...., m '
n, and to each data block m '
ibe encrypted and mark, obtain corresponding ciphertext C '
iwith mark T '
i, by mark set T '
ibe uploaded to Cloud Server, Cloud Server is incited somebody to action T '
iwith { the T to have stored
icompare, if mark equal, then illustrate that data block repeats, Cloud Server notification data owner B only uploads unduplicated data block ciphertext, and whether data owner B repeats record to data block;
(3) data owner B Stochastic choice from unduplicated data block needs the data block numbering of carrying out integrity verification, the set that data block is numbered is sent to Cloud Server, the ciphertext that Cloud Server retrieve data block number is corresponding also sends it back data owner B, data owner B calculates the mark of the ciphertext beamed back by Cloud Server, and the mark calculated and the local mark stored are compared, if mark equal, then illustrate that data block is complete, otherwise illustrate that data block is imperfect.
2., according to claim 1 based on the cloud integrity of data stored method of proof of data redundancy checking, it is characterized in that: described in step (1), correcting and eleting codes is Reed-Solomon.
3., according to claim 1 based on the cloud integrity of data stored method of proof of data redundancy checking, it is characterized in that: the concrete steps in step (1), data block being encrypted and marking: calculate each data block m
ikey k
i=h (m
i), then use encryption method to calculate ciphertext C
i, and calculate mark T
i=H (C
i), wherein, h () and H () is hash computing.
4., according to claim 3 based on the cloud integrity of data stored method of proof of data redundancy checking, it is characterized in that: described encryption method is message-locked encryption, i.e. C
i=E
ki(m
i), wherein, E
ki() is symmetric encipherment algorithm.
5., according to claim 4 based on the cloud integrity of data stored method of proof of data redundancy checking, it is characterized in that: described symmetric encipherment algorithm is AES.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510272790.3A CN104994069B (en) | 2015-05-25 | 2015-05-25 | Cloud storage data integrity method of proof based on data redundancy verifying |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510272790.3A CN104994069B (en) | 2015-05-25 | 2015-05-25 | Cloud storage data integrity method of proof based on data redundancy verifying |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104994069A true CN104994069A (en) | 2015-10-21 |
CN104994069B CN104994069B (en) | 2019-01-01 |
Family
ID=54305821
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510272790.3A Expired - Fee Related CN104994069B (en) | 2015-05-25 | 2015-05-25 | Cloud storage data integrity method of proof based on data redundancy verifying |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104994069B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105721256A (en) * | 2016-04-25 | 2016-06-29 | 北京威努特技术有限公司 | Auditing data duplication eliminating method of distributed deploying and auditing platform |
CN106357701A (en) * | 2016-11-25 | 2017-01-25 | 西安电子科技大学 | Integrity verification method for data in cloud storage |
CN106612320A (en) * | 2016-06-14 | 2017-05-03 | 四川用联信息技术有限公司 | Encrypted data dereplication method for cloud storage |
WO2018029464A1 (en) | 2016-08-08 | 2018-02-15 | Record Sure Limited | A method of generating a secure record of a conversation |
CN109412754A (en) * | 2018-10-22 | 2019-03-01 | 北京理工大学 | A kind of data storage, distribution and access method encoding cloud |
CN109845183A (en) * | 2016-08-03 | 2019-06-04 | Abb瑞士股份有限公司 | For from client device to the method for cloud storage system storing data block |
CN110210254A (en) * | 2019-06-13 | 2019-09-06 | 东华大学 | The optimization verification method of repeated data in a kind of more data integrity validations |
CN113364600A (en) * | 2021-08-11 | 2021-09-07 | 西南石油大学 | Certificateless public auditing method for integrity of cloud storage data |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013177065A2 (en) * | 2012-05-20 | 2013-11-28 | Storsimple, Inc. | System and methods for implementing a server-based hierarchical mass storage system |
CN103944988A (en) * | 2014-04-22 | 2014-07-23 | 南京邮电大学 | Repeating data deleting system and method applicable to cloud storage |
CN104010042A (en) * | 2014-06-10 | 2014-08-27 | 浪潮电子信息产业股份有限公司 | Backup mechanism for repeating data deleting of cloud service |
CN104580487A (en) * | 2015-01-20 | 2015-04-29 | 成都信升斯科技有限公司 | Mass data storage system and processing method |
CN104601579A (en) * | 2015-01-20 | 2015-05-06 | 成都市酷岳科技有限公司 | Computer system for ensuring information security and method thereof |
CN104601563A (en) * | 2015-01-06 | 2015-05-06 | 南京信息工程大学 | MLE-based (message-locked encryption-based) publicly accessible cloud storage data procession checking method |
-
2015
- 2015-05-25 CN CN201510272790.3A patent/CN104994069B/en not_active Expired - Fee Related
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013177065A2 (en) * | 2012-05-20 | 2013-11-28 | Storsimple, Inc. | System and methods for implementing a server-based hierarchical mass storage system |
CN103944988A (en) * | 2014-04-22 | 2014-07-23 | 南京邮电大学 | Repeating data deleting system and method applicable to cloud storage |
CN104010042A (en) * | 2014-06-10 | 2014-08-27 | 浪潮电子信息产业股份有限公司 | Backup mechanism for repeating data deleting of cloud service |
CN104601563A (en) * | 2015-01-06 | 2015-05-06 | 南京信息工程大学 | MLE-based (message-locked encryption-based) publicly accessible cloud storage data procession checking method |
CN104580487A (en) * | 2015-01-20 | 2015-04-29 | 成都信升斯科技有限公司 | Mass data storage system and processing method |
CN104601579A (en) * | 2015-01-20 | 2015-05-06 | 成都市酷岳科技有限公司 | Computer system for ensuring information security and method thereof |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105721256B (en) * | 2016-04-25 | 2019-05-03 | 北京威努特技术有限公司 | A kind of Audit data De-weight method of distributed deployment audit platform |
CN105721256A (en) * | 2016-04-25 | 2016-06-29 | 北京威努特技术有限公司 | Auditing data duplication eliminating method of distributed deploying and auditing platform |
CN106612320B (en) * | 2016-06-14 | 2019-10-18 | 深圳市中盛瑞达科技有限公司 | A kind of De-weight method of encryption data in cloud storage |
CN106612320A (en) * | 2016-06-14 | 2017-05-03 | 四川用联信息技术有限公司 | Encrypted data dereplication method for cloud storage |
CN109845183A (en) * | 2016-08-03 | 2019-06-04 | Abb瑞士股份有限公司 | For from client device to the method for cloud storage system storing data block |
CN109845183B (en) * | 2016-08-03 | 2021-08-10 | Abb瑞士股份有限公司 | Method for storing data blocks from a client device to a cloud storage system |
WO2018029464A1 (en) | 2016-08-08 | 2018-02-15 | Record Sure Limited | A method of generating a secure record of a conversation |
CN106357701B (en) * | 2016-11-25 | 2019-03-26 | 西安电子科技大学 | The integrity verification method of data in cloud storage |
CN106357701A (en) * | 2016-11-25 | 2017-01-25 | 西安电子科技大学 | Integrity verification method for data in cloud storage |
CN109412754A (en) * | 2018-10-22 | 2019-03-01 | 北京理工大学 | A kind of data storage, distribution and access method encoding cloud |
CN110210254A (en) * | 2019-06-13 | 2019-09-06 | 东华大学 | The optimization verification method of repeated data in a kind of more data integrity validations |
CN110210254B (en) * | 2019-06-13 | 2023-06-02 | 东华大学 | Optimization verification method for repeated data in multiple data integrity verification |
CN113364600A (en) * | 2021-08-11 | 2021-09-07 | 西南石油大学 | Certificateless public auditing method for integrity of cloud storage data |
CN113364600B (en) * | 2021-08-11 | 2021-12-07 | 西南石油大学 | Certificateless public auditing method for integrity of cloud storage data |
Also Published As
Publication number | Publication date |
---|---|
CN104994069B (en) | 2019-01-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104994069A (en) | Cloud-storage data integrity proving method based on data repeatability verification | |
Wang et al. | Toward secure and dependable storage services in cloud computing | |
CN111066285B (en) | SM2 signature based public key recovery method | |
CA2792571C (en) | Hashing prefix-free values in a signature scheme | |
CA2792575C (en) | Multiple hashing in a cryptographic scheme | |
CA2792572C (en) | Hashing prefix-free values in a certificate scheme | |
CN107800688A (en) | A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption | |
CN105939191A (en) | Client secure deduplication method of ciphertext data in cloud storage | |
Wu et al. | A tag encoding scheme against pollution attack to linear network coding | |
CN106357701A (en) | Integrity verification method for data in cloud storage | |
CN106899406B (en) | A kind of method of proof of cloud data storage integrality | |
US9621533B2 (en) | Bit string collation system, bit string collation method, and program | |
CN104601563B (en) | The method of the sharable content object cloud storage data property held based on MLE | |
CN104809407A (en) | Method and system for encrypting, decrypting and verifying cloud storage front end data | |
CN107911354B (en) | Composite parallel data encryption method | |
CN104579558A (en) | Method for detecting integrity in data transmission process | |
CN110968452A (en) | Data integrity verification method capable of safely removing duplicate in cloud storage of smart power grid | |
CN105491069A (en) | Integrity verification method based on active attack resistance in cloud storage | |
VS et al. | A secure regenerating code‐based cloud storage with efficient integrity verification | |
CN104363089A (en) | Method for realizing fuzzy vault on the basis of geographical location information | |
CN106304054B (en) | A kind of method and device of protection data integrity in LTE system | |
Shrivastava et al. | A Big Data Deduplication Using HECC Based Encryption with Modified Hash Value in Cloud | |
CN111064580A (en) | Implicit certificate key expansion method and device | |
Bossa | Information Transmission, Processing and Reliable Data Storage | |
CN105610795A (en) | Method for adding customized credible root certificate |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20200417 Address after: 210019 floor 4, building 06, No. 18, Jiangdong Street, Jialing, Jianye District, Nanjing, Jiangsu Province Patentee after: Nanjing Dashang Software Technology Co.,Ltd. Address before: 210044 Nanjing City, Pukou Province, Nanjing Road, No. 219, No. six, No. Patentee before: Nanjing University of Information Science and Technology |
|
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190101 |