CN104994069A - Cloud-storage data integrity proving method based on data repeatability verification - Google Patents

Cloud-storage data integrity proving method based on data repeatability verification Download PDF

Info

Publication number
CN104994069A
CN104994069A CN201510272790.3A CN201510272790A CN104994069A CN 104994069 A CN104994069 A CN 104994069A CN 201510272790 A CN201510272790 A CN 201510272790A CN 104994069 A CN104994069 A CN 104994069A
Authority
CN
China
Prior art keywords
data
mark
data block
cloud
integrity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510272790.3A
Other languages
Chinese (zh)
Other versions
CN104994069B (en
Inventor
任勇军
季赛
韩进
王伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Dashang Software Technology Co.,Ltd.
Original Assignee
Nanjing University of Information Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Information Science and Technology filed Critical Nanjing University of Information Science and Technology
Priority to CN201510272790.3A priority Critical patent/CN104994069B/en
Publication of CN104994069A publication Critical patent/CN104994069A/en
Application granted granted Critical
Publication of CN104994069B publication Critical patent/CN104994069B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a cloud-storage data integrity proving method based on data repeatability verification. The proving method comprises steps that when a user outsources data to a cloud server, the cloud server will firstly checks whether the data is repeated; if it is, the server will mark the repetitive rate of a data block and tells the user not to upload the data since there has been the data; and the user will mark the repeated data, so the user will focus on the integrity verification of unrepeated data when examining the integrity of data. Based on data repeatability verification, integrity verification is mainly carried out for the unrepeated data, so efficiency of a data integrity check is greatly increased.

Description

Based on the cloud integrity of data stored method of proof of data redundancy checking
Technical field
The invention belongs to cloud technical field of memory, particularly based on the cloud integrity of data stored method of proof of data redundancy checking.
Background technology
Under cloud storage environment, when its data to be contracted out to the physical control just lost after on Cloud Server these data by user.For ensureing the integrality of outsourcing data, on 2007 ACM Computers and Communication security conference (CCS ' 07), the people such as Ateniese propose the concept of data existence proof PDP under cloud environment.After this, the multiple cloud integrity of data stored method of proof verified is suggested.But according to statistics, in Cloud Server, the data of about 75% are repetitions, for improving the efficiency stored, researcher proposes data de-duplication technology (data deduplication).Consider from validity and fail safe two aspect, need this respect combine with technique, the efficiency that can improve cloud storage can provide again the checking of data integrity simultaneously.In 2012, Zheng etc. proposed Proof of Storage with Deduplication (POSD) scheme, and first time considers from validity and fail safe two aspect the fail safe that cloud stores data.The people such as Shin improves its fail safe subsequently.The people such as Yuan in 2013 propose Public and Constant cost storage integrity Auditing scheme with secure Deduplication PCAD) scheme.But these schemes are all the data integrity validation schemes with removing repeating data function, just simply having property of data proof and data integrity audit are superimposed, do not make full use of the advantage of Data duplicationization operation, and employ the low Bilinear map computing of operation efficiency in a large number.
Summary of the invention
In order to solve the technical problem that above-mentioned background technology proposes, the present invention aims to provide the cloud integrity of data stored method of proof based on data redundancy checking, utilize data redundancy to verify, emphasis carries out integrity verification to unduplicated data, substantially increases the efficiency of data integrity audit.
In order to realize above-mentioned technical purpose, technical scheme of the present invention is:
Based on the cloud integrity of data stored method of proof of data redundancy checking, comprise the following steps:
(1) data owner A uses correcting and eleting codes to encode to data file F ', obtains the data file F after encoding, carries out piecemeal, i.e. F={m to data file F 1, m 2...., m n, and to each data block m ibe encrypted and mark, obtain corresponding ciphertext C iwith mark T i, by the set { C of ciphertext iand mark set { T ibe uploaded to Cloud Server, and wherein, i is the numbering of data block, i=1,2 ..., n;
(2) data owner B carries out piecemeal to data file F ', i.e. F '=m ' 1, m ' 2...., m ' n, and to each data block m ' ibe encrypted and mark, obtain corresponding ciphertext C ' iwith mark T ' i, by mark set T ' ibe uploaded to Cloud Server, Cloud Server is incited somebody to action T ' iwith { the T to have stored icompare, if mark equal, then illustrate that data block repeats, Cloud Server notification data owner B only uploads unduplicated data block ciphertext, and whether data owner B repeats record to data block;
(3) data owner B Stochastic choice from unduplicated data block needs the data block numbering of carrying out integrity verification, the set that data block is numbered is sent to Cloud Server, the ciphertext that Cloud Server retrieve data block number is corresponding also sends it back data owner B, data owner B calculates the mark of the ciphertext beamed back by Cloud Server, and the mark calculated and the local mark stored are compared, if mark equal, then illustrate that data block is complete, otherwise illustrate that data block is imperfect.
Further, described in step (1), correcting and eleting codes is Reed-Solomon.
Further, in step (1), data block to be encrypted and the concrete steps that mark: calculate each data block m ikey k i=h (m i), then use encryption method to calculate ciphertext C i, and calculate mark T i=H (C i), wherein, h () and H () is hash computing.
Further, above-mentioned encryption method is message-locked encryption, i.e. C i=E ki(m i), wherein, E ki() is symmetric encipherment algorithm.
Further, above-mentioned symmetric encipherment algorithm is AES.
Adopt the beneficial effect that technique scheme is brought:
(1) verifying whether a secondary data repeats, is exactly the work having carried out a data integrity audit in fact.According to statistics, about cloud has the data of 75% to be repetition in storing, therefore the present invention first verifies the work providing data integrity to audit by data redundancy, then emphasis to unduplicated 25% data carry out cloud integrity of data stored method of proof to verify its integrality, substantially increase data integrity audit efficiency;
(2) the present invention only uses hash function and symmetric encipherment algorithm, on the work station of Intel Core 2 2.5GHz, with the speed operation more than 100MB/ second, the mark with verification msg block can be produced, operation efficiency is very high, is with a wide range of applications.
Accompanying drawing explanation
Fig. 1 is basic flow sheet of the present invention.
Embodiment
Below with reference to accompanying drawing, technical scheme of the present invention is described in detail.
Basic flow sheet of the present invention as shown in Figure 1, based on the cloud integrity of data stored method of proof of data redundancy checking, comprises the following steps:
(1) data owner A uses correcting and eleting codes to encode to data file F ', obtains the data file F after encoding, carries out piecemeal, i.e. F={m to data file F 1, m 2...., m n, and to each data block m ibe encrypted and mark, obtain corresponding ciphertext C iwith mark T i, by the set { C of ciphertext iand mark set { T ibe uploaded to Cloud Server, and wherein, i is the numbering of data block, i=1,2 ..., n;
(2) data owner B carries out piecemeal to data file F ', i.e. F '=m ' 1, m ' 2...., m ' n, and to each data block m ' ibe encrypted and mark, obtain corresponding ciphertext C ' iwith mark T ' i, by mark set T ' ibe uploaded to Cloud Server, Cloud Server is incited somebody to action T ' iwith { the T to have stored icompare, if mark equal, then illustrate that data block repeats, Cloud Server notification data owner B only uploads unduplicated data block ciphertext, and whether data owner B repeats record to data block;
(3) data owner B Stochastic choice from unduplicated data block needs the data block numbering of carrying out integrity verification, the set that data block is numbered is sent to Cloud Server, the ciphertext that Cloud Server retrieve data block number is corresponding also sends it back data owner B, data owner B calculates the mark of the ciphertext beamed back by Cloud Server, and the mark calculated and the local mark stored are compared, if mark equal, then illustrate that data block is complete, otherwise illustrate that data block is imperfect.
Above-mentioned steps (1)-step (3) adopts identical encryption method and labeling method.
In the present embodiment, described in step (1), correcting and eleting codes is Reed-Solomon.
In the present embodiment, in step (1), data block to be encrypted and the concrete steps that mark: calculate each data block m ikey k i=h (m i), then use encryption method to calculate ciphertext C i, and calculate mark T i=H (C i), wherein, h () and H () is hash computing.
In the present embodiment, above-mentioned encryption method is message-locked encryption, i.e. C i=E ki(m i), wherein, E ki() is symmetric encipherment algorithm.
In the present embodiment, above-mentioned symmetric encipherment algorithm is AES(Advanced Encryption Standard).
Above embodiment is only and technological thought of the present invention is described, can not limit protection scope of the present invention with this, and every technological thought proposed according to the present invention, any change that technical scheme basis is done, all falls within scope.

Claims (5)

1., based on the cloud integrity of data stored method of proof of data redundancy checking, it is characterized in that, comprise the following steps:
(1) data owner A uses correcting and eleting codes to encode to data file F ', obtains the data file F after encoding, carries out piecemeal, i.e. F={m to data file F 1, m 2...., m n, and to each data block m ibe encrypted and mark, obtain corresponding ciphertext C iwith mark T i, by the set { C of ciphertext iand mark set { T ibe uploaded to Cloud Server, and wherein, i is the numbering of data block, i=1,2 ..., n;
(2) data owner B carries out piecemeal to data file F ', i.e. F '=m ' 1, m ' 2...., m ' n, and to each data block m ' ibe encrypted and mark, obtain corresponding ciphertext C ' iwith mark T ' i, by mark set T ' ibe uploaded to Cloud Server, Cloud Server is incited somebody to action T ' iwith { the T to have stored icompare, if mark equal, then illustrate that data block repeats, Cloud Server notification data owner B only uploads unduplicated data block ciphertext, and whether data owner B repeats record to data block;
(3) data owner B Stochastic choice from unduplicated data block needs the data block numbering of carrying out integrity verification, the set that data block is numbered is sent to Cloud Server, the ciphertext that Cloud Server retrieve data block number is corresponding also sends it back data owner B, data owner B calculates the mark of the ciphertext beamed back by Cloud Server, and the mark calculated and the local mark stored are compared, if mark equal, then illustrate that data block is complete, otherwise illustrate that data block is imperfect.
2., according to claim 1 based on the cloud integrity of data stored method of proof of data redundancy checking, it is characterized in that: described in step (1), correcting and eleting codes is Reed-Solomon.
3., according to claim 1 based on the cloud integrity of data stored method of proof of data redundancy checking, it is characterized in that: the concrete steps in step (1), data block being encrypted and marking: calculate each data block m ikey k i=h (m i), then use encryption method to calculate ciphertext C i, and calculate mark T i=H (C i), wherein, h () and H () is hash computing.
4., according to claim 3 based on the cloud integrity of data stored method of proof of data redundancy checking, it is characterized in that: described encryption method is message-locked encryption, i.e. C i=E ki(m i), wherein, E ki() is symmetric encipherment algorithm.
5., according to claim 4 based on the cloud integrity of data stored method of proof of data redundancy checking, it is characterized in that: described symmetric encipherment algorithm is AES.
CN201510272790.3A 2015-05-25 2015-05-25 Cloud storage data integrity method of proof based on data redundancy verifying Expired - Fee Related CN104994069B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510272790.3A CN104994069B (en) 2015-05-25 2015-05-25 Cloud storage data integrity method of proof based on data redundancy verifying

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510272790.3A CN104994069B (en) 2015-05-25 2015-05-25 Cloud storage data integrity method of proof based on data redundancy verifying

Publications (2)

Publication Number Publication Date
CN104994069A true CN104994069A (en) 2015-10-21
CN104994069B CN104994069B (en) 2019-01-01

Family

ID=54305821

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510272790.3A Expired - Fee Related CN104994069B (en) 2015-05-25 2015-05-25 Cloud storage data integrity method of proof based on data redundancy verifying

Country Status (1)

Country Link
CN (1) CN104994069B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105721256A (en) * 2016-04-25 2016-06-29 北京威努特技术有限公司 Auditing data duplication eliminating method of distributed deploying and auditing platform
CN106357701A (en) * 2016-11-25 2017-01-25 西安电子科技大学 Integrity verification method for data in cloud storage
CN106612320A (en) * 2016-06-14 2017-05-03 四川用联信息技术有限公司 Encrypted data dereplication method for cloud storage
WO2018029464A1 (en) 2016-08-08 2018-02-15 Record Sure Limited A method of generating a secure record of a conversation
CN109412754A (en) * 2018-10-22 2019-03-01 北京理工大学 A kind of data storage, distribution and access method encoding cloud
CN109845183A (en) * 2016-08-03 2019-06-04 Abb瑞士股份有限公司 For from client device to the method for cloud storage system storing data block
CN110210254A (en) * 2019-06-13 2019-09-06 东华大学 The optimization verification method of repeated data in a kind of more data integrity validations
CN113364600A (en) * 2021-08-11 2021-09-07 西南石油大学 Certificateless public auditing method for integrity of cloud storage data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013177065A2 (en) * 2012-05-20 2013-11-28 Storsimple, Inc. System and methods for implementing a server-based hierarchical mass storage system
CN103944988A (en) * 2014-04-22 2014-07-23 南京邮电大学 Repeating data deleting system and method applicable to cloud storage
CN104010042A (en) * 2014-06-10 2014-08-27 浪潮电子信息产业股份有限公司 Backup mechanism for repeating data deleting of cloud service
CN104580487A (en) * 2015-01-20 2015-04-29 成都信升斯科技有限公司 Mass data storage system and processing method
CN104601579A (en) * 2015-01-20 2015-05-06 成都市酷岳科技有限公司 Computer system for ensuring information security and method thereof
CN104601563A (en) * 2015-01-06 2015-05-06 南京信息工程大学 MLE-based (message-locked encryption-based) publicly accessible cloud storage data procession checking method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013177065A2 (en) * 2012-05-20 2013-11-28 Storsimple, Inc. System and methods for implementing a server-based hierarchical mass storage system
CN103944988A (en) * 2014-04-22 2014-07-23 南京邮电大学 Repeating data deleting system and method applicable to cloud storage
CN104010042A (en) * 2014-06-10 2014-08-27 浪潮电子信息产业股份有限公司 Backup mechanism for repeating data deleting of cloud service
CN104601563A (en) * 2015-01-06 2015-05-06 南京信息工程大学 MLE-based (message-locked encryption-based) publicly accessible cloud storage data procession checking method
CN104580487A (en) * 2015-01-20 2015-04-29 成都信升斯科技有限公司 Mass data storage system and processing method
CN104601579A (en) * 2015-01-20 2015-05-06 成都市酷岳科技有限公司 Computer system for ensuring information security and method thereof

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105721256B (en) * 2016-04-25 2019-05-03 北京威努特技术有限公司 A kind of Audit data De-weight method of distributed deployment audit platform
CN105721256A (en) * 2016-04-25 2016-06-29 北京威努特技术有限公司 Auditing data duplication eliminating method of distributed deploying and auditing platform
CN106612320B (en) * 2016-06-14 2019-10-18 深圳市中盛瑞达科技有限公司 A kind of De-weight method of encryption data in cloud storage
CN106612320A (en) * 2016-06-14 2017-05-03 四川用联信息技术有限公司 Encrypted data dereplication method for cloud storage
CN109845183A (en) * 2016-08-03 2019-06-04 Abb瑞士股份有限公司 For from client device to the method for cloud storage system storing data block
CN109845183B (en) * 2016-08-03 2021-08-10 Abb瑞士股份有限公司 Method for storing data blocks from a client device to a cloud storage system
WO2018029464A1 (en) 2016-08-08 2018-02-15 Record Sure Limited A method of generating a secure record of a conversation
CN106357701B (en) * 2016-11-25 2019-03-26 西安电子科技大学 The integrity verification method of data in cloud storage
CN106357701A (en) * 2016-11-25 2017-01-25 西安电子科技大学 Integrity verification method for data in cloud storage
CN109412754A (en) * 2018-10-22 2019-03-01 北京理工大学 A kind of data storage, distribution and access method encoding cloud
CN110210254A (en) * 2019-06-13 2019-09-06 东华大学 The optimization verification method of repeated data in a kind of more data integrity validations
CN110210254B (en) * 2019-06-13 2023-06-02 东华大学 Optimization verification method for repeated data in multiple data integrity verification
CN113364600A (en) * 2021-08-11 2021-09-07 西南石油大学 Certificateless public auditing method for integrity of cloud storage data
CN113364600B (en) * 2021-08-11 2021-12-07 西南石油大学 Certificateless public auditing method for integrity of cloud storage data

Also Published As

Publication number Publication date
CN104994069B (en) 2019-01-01

Similar Documents

Publication Publication Date Title
CN104994069A (en) Cloud-storage data integrity proving method based on data repeatability verification
Wang et al. Toward secure and dependable storage services in cloud computing
CN111066285B (en) SM2 signature based public key recovery method
CA2792571C (en) Hashing prefix-free values in a signature scheme
CA2792575C (en) Multiple hashing in a cryptographic scheme
CA2792572C (en) Hashing prefix-free values in a certificate scheme
CN107800688A (en) A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption
CN105939191A (en) Client secure deduplication method of ciphertext data in cloud storage
Wu et al. A tag encoding scheme against pollution attack to linear network coding
CN106357701A (en) Integrity verification method for data in cloud storage
CN106899406B (en) A kind of method of proof of cloud data storage integrality
US9621533B2 (en) Bit string collation system, bit string collation method, and program
CN104601563B (en) The method of the sharable content object cloud storage data property held based on MLE
CN104809407A (en) Method and system for encrypting, decrypting and verifying cloud storage front end data
CN107911354B (en) Composite parallel data encryption method
CN104579558A (en) Method for detecting integrity in data transmission process
CN110968452A (en) Data integrity verification method capable of safely removing duplicate in cloud storage of smart power grid
CN105491069A (en) Integrity verification method based on active attack resistance in cloud storage
VS et al. A secure regenerating code‐based cloud storage with efficient integrity verification
CN104363089A (en) Method for realizing fuzzy vault on the basis of geographical location information
CN106304054B (en) A kind of method and device of protection data integrity in LTE system
Shrivastava et al. A Big Data Deduplication Using HECC Based Encryption with Modified Hash Value in Cloud
CN111064580A (en) Implicit certificate key expansion method and device
Bossa Information Transmission, Processing and Reliable Data Storage
CN105610795A (en) Method for adding customized credible root certificate

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200417

Address after: 210019 floor 4, building 06, No. 18, Jiangdong Street, Jialing, Jianye District, Nanjing, Jiangsu Province

Patentee after: Nanjing Dashang Software Technology Co.,Ltd.

Address before: 210044 Nanjing City, Pukou Province, Nanjing Road, No. 219, No. six, No.

Patentee before: Nanjing University of Information Science and Technology

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190101