CN104994069B - Cloud storage data integrity method of proof based on data redundancy verifying - Google Patents

Cloud storage data integrity method of proof based on data redundancy verifying Download PDF

Info

Publication number
CN104994069B
CN104994069B CN201510272790.3A CN201510272790A CN104994069B CN 104994069 B CN104994069 B CN 104994069B CN 201510272790 A CN201510272790 A CN 201510272790A CN 104994069 B CN104994069 B CN 104994069B
Authority
CN
China
Prior art keywords
data
data block
label
cloud server
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510272790.3A
Other languages
Chinese (zh)
Other versions
CN104994069A (en
Inventor
任勇军
季赛
韩进
王伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Dashang Software Technology Co., Ltd
Original Assignee
Nanjing University of Information Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Information Science and Technology filed Critical Nanjing University of Information Science and Technology
Priority to CN201510272790.3A priority Critical patent/CN104994069B/en
Publication of CN104994069A publication Critical patent/CN104994069A/en
Application granted granted Critical
Publication of CN104994069B publication Critical patent/CN104994069B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Abstract

The invention discloses the cloud storage data integrity methods of proof verified based on data redundancy, its process is: when bag data is to Cloud Server outside user, whether Cloud Server repeats to check to data first, if the Data duplication, server is just marked the repetitive rate of data block, and notify user's data have existed not need to upload, the repeated data is marked user, when user carries out the integrality audit of data, emphasis carries out integrity verification work to unduplicated data.The present invention is verified using data redundancy, and emphasis carries out integrity verification to unduplicated data, substantially increases the efficiency of data integrity audit.

Description

Cloud storage data integrity method of proof based on data redundancy verifying
Technical field
The invention belongs to cloud storage technical fields, in particular to the cloud storage data based on data redundancy verifying are complete Property method of proof.
Background technique
Under cloud storage environment, the object to these data is just lost after its data is contracted out on Cloud Server by user Reason control.For the integrality for guaranteeing outer bag data, on 2007 ACM Computers and Communication security conference (CCS ' 07), Ateniese et al. proposes the concept of data existence proof PDP under cloud environment.Hereafter, a variety of cloud storage data that can verify that Integrity certification method is suggested.But according to statistics, about 75% data are duplicate in Cloud Server, to improve storage Efficiency, researcher proposes data de-duplication technology (data deduplication).From two side of validity and safety Face comprehensively considers, and needs to combine this respect technology, can improve the efficiency of cloud storage simultaneously but also to provide data complete The verifying of property.In 2012, Zheng etc. proposed the side Proof of Storage with Deduplication (POSD) Case comprehensively considers the safety of cloud storage data in terms of validity and safety two for the first time.Subsequent Shin et al. pacifies it Full property is improved.Yuan in 2013 et al. proposes Public and Constant cost storage Integrity Auditing scheme with secure Deduplication PCAD) scheme.But these schemes are all It is the data integrity validation scheme with removal repeated data function, only simply possessing property of data is proved and data are complete Property audit be superimposed, the advantage for not making full use of Data duplicationization to operate and has largely used operation efficiency low Bilinear map operation.
Summary of the invention
In order to solve the technical issues of above-mentioned background technique proposes, the present invention is intended to provide based on data redundancy verifying Cloud storage data integrity method of proof, is verified using data redundancy, and emphasis carries out integrity verification to unduplicated data, Substantially increase the efficiency of data integrity audit.
In order to achieve the above technical purposes, the technical solution of the present invention is as follows:
Cloud storage data integrity method of proof based on data redundancy verifying, comprising the following steps:
(1) data owner A encodes data file F ' using correcting and eleting codes, the data file F after being encoded, right Data file F carries out piecemeal, i.e. F={ m1,m2,….,mn, and to each data block miIt is encrypted and is marked, obtained corresponding Ciphertext CiWith label Ti, by the set { C of ciphertextiAnd label set { TiIt is uploaded to Cloud Server, wherein i is data block Number, i=1,2 ..., n;
(2) data owner B carries out piecemeal, i.e. F '={ m ' to data file F '1,m’2,….,m’n, and to each data Block m 'iIt is encrypted and is marked, obtain corresponding ciphertext C 'iWith label T 'i, by the set { T ' of labeliIt is uploaded to cloud service Device, Cloud Server is by { T 'iAnd stored { TiBe compared, if label is equal, illustrate that data block repeats, Cloud Server Notification data owner B only uploads unduplicated data block ciphertext, and whether data owner B repeats to record to data block;
(3) data owner B randomly chooses the data block coding for needing to carry out integrity verification from unduplicated data block Number, the set that data block is numbered is sent to Cloud Server, Cloud Server retrieval data block is numbered corresponding ciphertext and sent back Data owner B, data owner B calculate the label of the ciphertext sent back to by Cloud Server, and by calculated label and locally The label of storage is compared, if label is equal, illustrates that data block is completely, otherwise to illustrate that data block is imperfect.
Further, correcting and eleting codes described in step (1) are Reed-Solomon.
Further, the specific steps for being encrypted and being marked to data block in step (1): each data block m is calculatedi's Key ki=h(mi), then ciphertext C is calculated using encryption methodi, and calculate label Ti=H(Ci), wherein h () and H () It is hash operation.
Further, above-mentioned encryption method is message-locked encryption, i.e. Ci=Eki(mi), wherein Eki () is symmetric encipherment algorithm.
Further, above-mentioned symmetric encipherment algorithm is AES.
By adopting the above technical scheme bring the utility model has the advantages that
(1) it verifies whether a data repeat, is in fact exactly the work for having carried out the audit of a data integrity.According to system Meter, about have in cloud storage 75% data be it is duplicate, therefore the present invention first pass through data redundancy verifying it is complete to provide data The work of whole property audit, then emphasis carries out cloud storage data integrity method of proof and verifies to unduplicated 25% data Its integrality substantially increases the efficiency of data integrity audit;
(2) hash function and symmetric encipherment algorithm is only used only in the present invention, in the work of 2 2.5GHz of Intel Core It on standing, can be run with the speed more than 100MB/ seconds, to generate the label with verify data block, operation efficiency is very high, tool Have wide practical use.
Detailed description of the invention
Fig. 1 is basic flow chart of the invention.
Specific embodiment
Below with reference to attached drawing, technical solution of the present invention is described in detail.
Basic flow chart of the invention as shown in Figure 1, the cloud storage data integrity based on data redundancy verifying prove Method, comprising the following steps:
(1) data owner A encodes data file F ' using correcting and eleting codes, the data file F after being encoded, right Data file F carries out piecemeal, i.e. F={ m1,m2,….,mn, and to each data block miIt is encrypted and is marked, obtained corresponding Ciphertext CiWith label Ti, by the set { C of ciphertextiAnd label set { TiIt is uploaded to Cloud Server, wherein i is data block Number, i=1,2 ..., n;
(2) data owner B carries out piecemeal, i.e. F '={ m ' to data file F '1,m’2,….,m’n, and to each data Block m 'iIt is encrypted and is marked, obtain corresponding ciphertext C 'iWith label T 'i, by the set { T ' of labeliIt is uploaded to cloud service Device, Cloud Server is by { T 'iAnd stored { TiBe compared, if label is equal, illustrate that data block repeats, Cloud Server Notification data owner B only uploads unduplicated data block ciphertext, and whether data owner B repeats to record to data block;
(3) data owner B randomly chooses the data block coding for needing to carry out integrity verification from unduplicated data block Number, the set that data block is numbered is sent to Cloud Server, Cloud Server retrieval data block is numbered corresponding ciphertext and sent back Data owner B, data owner B calculate the label of the ciphertext sent back to by Cloud Server, and by calculated label and locally The label of storage is compared, if label is equal, illustrates that data block is completely, otherwise to illustrate that data block is imperfect.
Above-mentioned steps (1)-step (3) uses identical encryption method and labeling method.
In the present embodiment, correcting and eleting codes described in step (1) are Reed-Solomon.
In the present embodiment, the specific steps for being encrypted and being marked to data block in step (1): each data block is calculated miKey ki=h(mi), then ciphertext C is calculated using encryption methodi, and calculate label Ti=H(Ci), wherein h () and H () is hash operation.
In the present embodiment, above-mentioned encryption method is message-locked encryption, i.e. Ci=Eki(mi), In, Eki() is symmetric encipherment algorithm.
In the present embodiment, above-mentioned symmetric encipherment algorithm is AES(Advanced Encryption Standard).
The above examples only illustrate the technical idea of the present invention, and this does not limit the scope of protection of the present invention, all According to the technical idea provided by the invention, any changes made on the basis of the technical scheme each falls within the scope of the present invention Within.

Claims (4)

1. the cloud storage data integrity method of proof based on data redundancy verifying, which comprises the following steps:
(1) data owner A encodes data file F ' using correcting and eleting codes, the data file F after being encoded, to data File F carries out piecemeal, i.e. F={ m1,m2,….,mn, and to each data block miIt is encrypted and is marked, obtained corresponding close Literary CiWith label Ti, by the set { C of ciphertextiAnd label set { TiIt is uploaded to Cloud Server, wherein i is the volume of data block Number, i=1,2 ..., n;The specific steps for being encrypted and being marked to data block in step (1): the close of each data block mi is calculated Key ki=h (mi), then calculates ciphertext Ci using encryption method, and calculates label Ti=H (Ci), wherein h () and H () It is hash operation;
(2) data owner B carries out piecemeal, i.e. F '={ m ' to data file F '1,m’2,….,m’n, and to each data block m’iIt is encrypted and is marked, obtain corresponding ciphertext C 'iWith label T 'i, by the set { T ' of labeliIt is uploaded to Cloud Server, Cloud Server is by { T 'iAnd stored { TiBe compared, if label is equal, illustrate that data block repeats, Cloud Server notice Data owner B only uploads unduplicated data block ciphertext, and whether data owner B repeats to record to data block;
(3) data owner B randomly chooses the data block number for needing to carry out integrity verification from unduplicated data block, will The set of data block number is sent to Cloud Server, and Cloud Server retrieval data block, which numbers corresponding ciphertext and sends back data, gathers around The person of having B, data owner B calculate the label of ciphertext sent back to by Cloud Server, and by calculated label be locally stored Label is compared, if label is equal, illustrates that data block is completely, otherwise to illustrate that data block is imperfect.
2. the cloud storage data integrity method of proof according to claim 1 based on data redundancy verifying, feature exist In: correcting and eleting codes described in step (1) are Reed-Solomon.
3. the cloud storage data integrity method of proof according to claim 1 based on data redundancy verifying, feature exist In: the encryption method is message-lockedencryption, i.e. Ci=Eki(mi), wherein Eki () is symmetric cryptography Algorithm.
4. the cloud storage data integrity method of proof according to claim 3 based on data redundancy verifying, feature exist In: the symmetric encipherment algorithm is AES.
CN201510272790.3A 2015-05-25 2015-05-25 Cloud storage data integrity method of proof based on data redundancy verifying Active CN104994069B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510272790.3A CN104994069B (en) 2015-05-25 2015-05-25 Cloud storage data integrity method of proof based on data redundancy verifying

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510272790.3A CN104994069B (en) 2015-05-25 2015-05-25 Cloud storage data integrity method of proof based on data redundancy verifying

Publications (2)

Publication Number Publication Date
CN104994069A CN104994069A (en) 2015-10-21
CN104994069B true CN104994069B (en) 2019-01-01

Family

ID=54305821

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510272790.3A Active CN104994069B (en) 2015-05-25 2015-05-25 Cloud storage data integrity method of proof based on data redundancy verifying

Country Status (1)

Country Link
CN (1) CN104994069B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105721256B (en) * 2016-04-25 2019-05-03 北京威努特技术有限公司 A kind of Audit data De-weight method of distributed deployment audit platform
CN106612320B (en) * 2016-06-14 2019-10-18 深圳市中盛瑞达科技有限公司 A kind of De-weight method of encryption data in cloud storage
WO2018024658A1 (en) * 2016-08-03 2018-02-08 Abb Schweiz Ag Method for storing data blocks from client devices to a cloud storage system
US11463421B2 (en) 2016-08-08 2022-10-04 Record Sure Limited Method of generating a secure record of a conversation
CN106357701B (en) * 2016-11-25 2019-03-26 西安电子科技大学 The integrity verification method of data in cloud storage
CN109412754B (en) * 2018-10-22 2020-09-18 北京理工大学 Data storage, distribution and access method of coding cloud
CN110210254B (en) * 2019-06-13 2023-06-02 东华大学 Optimization verification method for repeated data in multiple data integrity verification
CN113364600B (en) * 2021-08-11 2021-12-07 西南石油大学 Certificateless public auditing method for integrity of cloud storage data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013177065A2 (en) * 2012-05-20 2013-11-28 Storsimple, Inc. System and methods for implementing a server-based hierarchical mass storage system
CN103944988A (en) * 2014-04-22 2014-07-23 南京邮电大学 Repeating data deleting system and method applicable to cloud storage
CN104010042A (en) * 2014-06-10 2014-08-27 浪潮电子信息产业股份有限公司 Backup mechanism for repeating data deleting of cloud service
CN104580487A (en) * 2015-01-20 2015-04-29 成都信升斯科技有限公司 Mass data storage system and processing method
CN104601563A (en) * 2015-01-06 2015-05-06 南京信息工程大学 MLE-based (message-locked encryption-based) publicly accessible cloud storage data procession checking method
CN104601579A (en) * 2015-01-20 2015-05-06 成都市酷岳科技有限公司 Computer system for ensuring information security and method thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013177065A2 (en) * 2012-05-20 2013-11-28 Storsimple, Inc. System and methods for implementing a server-based hierarchical mass storage system
CN103944988A (en) * 2014-04-22 2014-07-23 南京邮电大学 Repeating data deleting system and method applicable to cloud storage
CN104010042A (en) * 2014-06-10 2014-08-27 浪潮电子信息产业股份有限公司 Backup mechanism for repeating data deleting of cloud service
CN104601563A (en) * 2015-01-06 2015-05-06 南京信息工程大学 MLE-based (message-locked encryption-based) publicly accessible cloud storage data procession checking method
CN104580487A (en) * 2015-01-20 2015-04-29 成都信升斯科技有限公司 Mass data storage system and processing method
CN104601579A (en) * 2015-01-20 2015-05-06 成都市酷岳科技有限公司 Computer system for ensuring information security and method thereof

Also Published As

Publication number Publication date
CN104994069A (en) 2015-10-21

Similar Documents

Publication Publication Date Title
CN104994069B (en) Cloud storage data integrity method of proof based on data redundancy verifying
CN103699851B (en) A kind of teledata integrity verification method of facing cloud storage
CA2792571C (en) Hashing prefix-free values in a signature scheme
CN103795523B (en) Electric bidding document multilamellar encrypting and deciphering system and method for e-bidding
CN110943976B (en) Password-based user signature private key management method
CN105939191A (en) Client secure deduplication method of ciphertext data in cloud storage
CN107800688A (en) A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption
CN103259660B (en) Based on the image authentication method of phase recovery and ECDSA
CN102710757A (en) Distributed cloud storage data integrity protection method
US9906363B2 (en) Encrypted data verification system, method and recording medium
CN110830235B (en) Intelligent vehicle networking trusted data encryption method and system based on block chain
CN106650503A (en) Cloud side data integrity verification and restoration method based on IDA
JP2013513312A5 (en)
CN104809407A (en) Method and system for encrypting, decrypting and verifying cloud storage front end data
CN102916971A (en) Electronic data curing system and method
CN106506453B (en) Power big data transmission method and system based on quick matching and integrity detection
CN104601563B (en) The method of the sharable content object cloud storage data property held based on MLE
CN103475477A (en) Safe authorized access method
EP3395031A1 (en) Method for storing data on a storage entity
CN110289955A (en) A kind of key management method for serving certificate agency based on threshold cryptography model
CN104967693A (en) Document similarity calculation method facing cloud storage based on fully homomorphic password technology
CN104219047A (en) A signature verification method and apparatus
CN106487786A (en) A kind of cloud data integrity verification method based on biological characteristic and system
GB2498063B (en) System for checking acceptance of string by automaton
CN104780051A (en) Side channel attack method for SM2 public key cryptography encryption algorithm

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200417

Address after: 210019 floor 4, building 06, No. 18, Jiangdong Street, Jialing, Jianye District, Nanjing, Jiangsu Province

Patentee after: Nanjing Dashang Software Technology Co., Ltd

Address before: 210044 Nanjing City, Pukou Province, Nanjing Road, No. 219, No. six, No.

Patentee before: NANJING UNIVERSITY OF INFORMATION SCIENCE & TECHNOLOGY