CN104994069B - Cloud storage data integrity method of proof based on data redundancy verifying - Google Patents
Cloud storage data integrity method of proof based on data redundancy verifying Download PDFInfo
- Publication number
- CN104994069B CN104994069B CN201510272790.3A CN201510272790A CN104994069B CN 104994069 B CN104994069 B CN 104994069B CN 201510272790 A CN201510272790 A CN 201510272790A CN 104994069 B CN104994069 B CN 104994069B
- Authority
- CN
- China
- Prior art keywords
- data
- data block
- label
- cloud server
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Abstract
The invention discloses the cloud storage data integrity methods of proof verified based on data redundancy, its process is: when bag data is to Cloud Server outside user, whether Cloud Server repeats to check to data first, if the Data duplication, server is just marked the repetitive rate of data block, and notify user's data have existed not need to upload, the repeated data is marked user, when user carries out the integrality audit of data, emphasis carries out integrity verification work to unduplicated data.The present invention is verified using data redundancy, and emphasis carries out integrity verification to unduplicated data, substantially increases the efficiency of data integrity audit.
Description
Technical field
The invention belongs to cloud storage technical fields, in particular to the cloud storage data based on data redundancy verifying are complete
Property method of proof.
Background technique
Under cloud storage environment, the object to these data is just lost after its data is contracted out on Cloud Server by user
Reason control.For the integrality for guaranteeing outer bag data, on 2007 ACM Computers and Communication security conference (CCS ' 07),
Ateniese et al. proposes the concept of data existence proof PDP under cloud environment.Hereafter, a variety of cloud storage data that can verify that
Integrity certification method is suggested.But according to statistics, about 75% data are duplicate in Cloud Server, to improve storage
Efficiency, researcher proposes data de-duplication technology (data deduplication).From two side of validity and safety
Face comprehensively considers, and needs to combine this respect technology, can improve the efficiency of cloud storage simultaneously but also to provide data complete
The verifying of property.In 2012, Zheng etc. proposed the side Proof of Storage with Deduplication (POSD)
Case comprehensively considers the safety of cloud storage data in terms of validity and safety two for the first time.Subsequent Shin et al. pacifies it
Full property is improved.Yuan in 2013 et al. proposes Public and Constant cost storage
Integrity Auditing scheme with secure Deduplication PCAD) scheme.But these schemes are all
It is the data integrity validation scheme with removal repeated data function, only simply possessing property of data is proved and data are complete
Property audit be superimposed, the advantage for not making full use of Data duplicationization to operate and has largely used operation efficiency low
Bilinear map operation.
Summary of the invention
In order to solve the technical issues of above-mentioned background technique proposes, the present invention is intended to provide based on data redundancy verifying
Cloud storage data integrity method of proof, is verified using data redundancy, and emphasis carries out integrity verification to unduplicated data,
Substantially increase the efficiency of data integrity audit.
In order to achieve the above technical purposes, the technical solution of the present invention is as follows:
Cloud storage data integrity method of proof based on data redundancy verifying, comprising the following steps:
(1) data owner A encodes data file F ' using correcting and eleting codes, the data file F after being encoded, right
Data file F carries out piecemeal, i.e. F={ m1,m2,….,mn, and to each data block miIt is encrypted and is marked, obtained corresponding
Ciphertext CiWith label Ti, by the set { C of ciphertextiAnd label set { TiIt is uploaded to Cloud Server, wherein i is data block
Number, i=1,2 ..., n;
(2) data owner B carries out piecemeal, i.e. F '={ m ' to data file F '1,m’2,….,m’n, and to each data
Block m 'iIt is encrypted and is marked, obtain corresponding ciphertext C 'iWith label T 'i, by the set { T ' of labeliIt is uploaded to cloud service
Device, Cloud Server is by { T 'iAnd stored { TiBe compared, if label is equal, illustrate that data block repeats, Cloud Server
Notification data owner B only uploads unduplicated data block ciphertext, and whether data owner B repeats to record to data block;
(3) data owner B randomly chooses the data block coding for needing to carry out integrity verification from unduplicated data block
Number, the set that data block is numbered is sent to Cloud Server, Cloud Server retrieval data block is numbered corresponding ciphertext and sent back
Data owner B, data owner B calculate the label of the ciphertext sent back to by Cloud Server, and by calculated label and locally
The label of storage is compared, if label is equal, illustrates that data block is completely, otherwise to illustrate that data block is imperfect.
Further, correcting and eleting codes described in step (1) are Reed-Solomon.
Further, the specific steps for being encrypted and being marked to data block in step (1): each data block m is calculatedi's
Key ki=h(mi), then ciphertext C is calculated using encryption methodi, and calculate label Ti=H(Ci), wherein h () and H ()
It is hash operation.
Further, above-mentioned encryption method is message-locked encryption, i.e. Ci=Eki(mi), wherein Eki
() is symmetric encipherment algorithm.
Further, above-mentioned symmetric encipherment algorithm is AES.
By adopting the above technical scheme bring the utility model has the advantages that
(1) it verifies whether a data repeat, is in fact exactly the work for having carried out the audit of a data integrity.According to system
Meter, about have in cloud storage 75% data be it is duplicate, therefore the present invention first pass through data redundancy verifying it is complete to provide data
The work of whole property audit, then emphasis carries out cloud storage data integrity method of proof and verifies to unduplicated 25% data
Its integrality substantially increases the efficiency of data integrity audit;
(2) hash function and symmetric encipherment algorithm is only used only in the present invention, in the work of 2 2.5GHz of Intel Core
It on standing, can be run with the speed more than 100MB/ seconds, to generate the label with verify data block, operation efficiency is very high, tool
Have wide practical use.
Detailed description of the invention
Fig. 1 is basic flow chart of the invention.
Specific embodiment
Below with reference to attached drawing, technical solution of the present invention is described in detail.
Basic flow chart of the invention as shown in Figure 1, the cloud storage data integrity based on data redundancy verifying prove
Method, comprising the following steps:
(1) data owner A encodes data file F ' using correcting and eleting codes, the data file F after being encoded, right
Data file F carries out piecemeal, i.e. F={ m1,m2,….,mn, and to each data block miIt is encrypted and is marked, obtained corresponding
Ciphertext CiWith label Ti, by the set { C of ciphertextiAnd label set { TiIt is uploaded to Cloud Server, wherein i is data block
Number, i=1,2 ..., n;
(2) data owner B carries out piecemeal, i.e. F '={ m ' to data file F '1,m’2,….,m’n, and to each data
Block m 'iIt is encrypted and is marked, obtain corresponding ciphertext C 'iWith label T 'i, by the set { T ' of labeliIt is uploaded to cloud service
Device, Cloud Server is by { T 'iAnd stored { TiBe compared, if label is equal, illustrate that data block repeats, Cloud Server
Notification data owner B only uploads unduplicated data block ciphertext, and whether data owner B repeats to record to data block;
(3) data owner B randomly chooses the data block coding for needing to carry out integrity verification from unduplicated data block
Number, the set that data block is numbered is sent to Cloud Server, Cloud Server retrieval data block is numbered corresponding ciphertext and sent back
Data owner B, data owner B calculate the label of the ciphertext sent back to by Cloud Server, and by calculated label and locally
The label of storage is compared, if label is equal, illustrates that data block is completely, otherwise to illustrate that data block is imperfect.
Above-mentioned steps (1)-step (3) uses identical encryption method and labeling method.
In the present embodiment, correcting and eleting codes described in step (1) are Reed-Solomon.
In the present embodiment, the specific steps for being encrypted and being marked to data block in step (1): each data block is calculated
miKey ki=h(mi), then ciphertext C is calculated using encryption methodi, and calculate label Ti=H(Ci), wherein h () and H
() is hash operation.
In the present embodiment, above-mentioned encryption method is message-locked encryption, i.e. Ci=Eki(mi),
In, Eki() is symmetric encipherment algorithm.
In the present embodiment, above-mentioned symmetric encipherment algorithm is AES(Advanced Encryption Standard).
The above examples only illustrate the technical idea of the present invention, and this does not limit the scope of protection of the present invention, all
According to the technical idea provided by the invention, any changes made on the basis of the technical scheme each falls within the scope of the present invention
Within.
Claims (4)
1. the cloud storage data integrity method of proof based on data redundancy verifying, which comprises the following steps:
(1) data owner A encodes data file F ' using correcting and eleting codes, the data file F after being encoded, to data
File F carries out piecemeal, i.e. F={ m1,m2,….,mn, and to each data block miIt is encrypted and is marked, obtained corresponding close
Literary CiWith label Ti, by the set { C of ciphertextiAnd label set { TiIt is uploaded to Cloud Server, wherein i is the volume of data block
Number, i=1,2 ..., n;The specific steps for being encrypted and being marked to data block in step (1): the close of each data block mi is calculated
Key ki=h (mi), then calculates ciphertext Ci using encryption method, and calculates label Ti=H (Ci), wherein h () and H ()
It is hash operation;
(2) data owner B carries out piecemeal, i.e. F '={ m ' to data file F '1,m’2,….,m’n, and to each data block
m’iIt is encrypted and is marked, obtain corresponding ciphertext C 'iWith label T 'i, by the set { T ' of labeliIt is uploaded to Cloud Server,
Cloud Server is by { T 'iAnd stored { TiBe compared, if label is equal, illustrate that data block repeats, Cloud Server notice
Data owner B only uploads unduplicated data block ciphertext, and whether data owner B repeats to record to data block;
(3) data owner B randomly chooses the data block number for needing to carry out integrity verification from unduplicated data block, will
The set of data block number is sent to Cloud Server, and Cloud Server retrieval data block, which numbers corresponding ciphertext and sends back data, gathers around
The person of having B, data owner B calculate the label of ciphertext sent back to by Cloud Server, and by calculated label be locally stored
Label is compared, if label is equal, illustrates that data block is completely, otherwise to illustrate that data block is imperfect.
2. the cloud storage data integrity method of proof according to claim 1 based on data redundancy verifying, feature exist
In: correcting and eleting codes described in step (1) are Reed-Solomon.
3. the cloud storage data integrity method of proof according to claim 1 based on data redundancy verifying, feature exist
In: the encryption method is message-lockedencryption, i.e. Ci=Eki(mi), wherein Eki () is symmetric cryptography
Algorithm.
4. the cloud storage data integrity method of proof according to claim 3 based on data redundancy verifying, feature exist
In: the symmetric encipherment algorithm is AES.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510272790.3A CN104994069B (en) | 2015-05-25 | 2015-05-25 | Cloud storage data integrity method of proof based on data redundancy verifying |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510272790.3A CN104994069B (en) | 2015-05-25 | 2015-05-25 | Cloud storage data integrity method of proof based on data redundancy verifying |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104994069A CN104994069A (en) | 2015-10-21 |
CN104994069B true CN104994069B (en) | 2019-01-01 |
Family
ID=54305821
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510272790.3A Active CN104994069B (en) | 2015-05-25 | 2015-05-25 | Cloud storage data integrity method of proof based on data redundancy verifying |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104994069B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105721256B (en) * | 2016-04-25 | 2019-05-03 | 北京威努特技术有限公司 | A kind of Audit data De-weight method of distributed deployment audit platform |
CN106612320B (en) * | 2016-06-14 | 2019-10-18 | 深圳市中盛瑞达科技有限公司 | A kind of De-weight method of encryption data in cloud storage |
WO2018024658A1 (en) * | 2016-08-03 | 2018-02-08 | Abb Schweiz Ag | Method for storing data blocks from client devices to a cloud storage system |
US11463421B2 (en) | 2016-08-08 | 2022-10-04 | Record Sure Limited | Method of generating a secure record of a conversation |
CN106357701B (en) * | 2016-11-25 | 2019-03-26 | 西安电子科技大学 | The integrity verification method of data in cloud storage |
CN109412754B (en) * | 2018-10-22 | 2020-09-18 | 北京理工大学 | Data storage, distribution and access method of coding cloud |
CN110210254B (en) * | 2019-06-13 | 2023-06-02 | 东华大学 | Optimization verification method for repeated data in multiple data integrity verification |
CN113364600B (en) * | 2021-08-11 | 2021-12-07 | 西南石油大学 | Certificateless public auditing method for integrity of cloud storage data |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013177065A2 (en) * | 2012-05-20 | 2013-11-28 | Storsimple, Inc. | System and methods for implementing a server-based hierarchical mass storage system |
CN103944988A (en) * | 2014-04-22 | 2014-07-23 | 南京邮电大学 | Repeating data deleting system and method applicable to cloud storage |
CN104010042A (en) * | 2014-06-10 | 2014-08-27 | 浪潮电子信息产业股份有限公司 | Backup mechanism for repeating data deleting of cloud service |
CN104580487A (en) * | 2015-01-20 | 2015-04-29 | 成都信升斯科技有限公司 | Mass data storage system and processing method |
CN104601563A (en) * | 2015-01-06 | 2015-05-06 | 南京信息工程大学 | MLE-based (message-locked encryption-based) publicly accessible cloud storage data procession checking method |
CN104601579A (en) * | 2015-01-20 | 2015-05-06 | 成都市酷岳科技有限公司 | Computer system for ensuring information security and method thereof |
-
2015
- 2015-05-25 CN CN201510272790.3A patent/CN104994069B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013177065A2 (en) * | 2012-05-20 | 2013-11-28 | Storsimple, Inc. | System and methods for implementing a server-based hierarchical mass storage system |
CN103944988A (en) * | 2014-04-22 | 2014-07-23 | 南京邮电大学 | Repeating data deleting system and method applicable to cloud storage |
CN104010042A (en) * | 2014-06-10 | 2014-08-27 | 浪潮电子信息产业股份有限公司 | Backup mechanism for repeating data deleting of cloud service |
CN104601563A (en) * | 2015-01-06 | 2015-05-06 | 南京信息工程大学 | MLE-based (message-locked encryption-based) publicly accessible cloud storage data procession checking method |
CN104580487A (en) * | 2015-01-20 | 2015-04-29 | 成都信升斯科技有限公司 | Mass data storage system and processing method |
CN104601579A (en) * | 2015-01-20 | 2015-05-06 | 成都市酷岳科技有限公司 | Computer system for ensuring information security and method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN104994069A (en) | 2015-10-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104994069B (en) | Cloud storage data integrity method of proof based on data redundancy verifying | |
CN103699851B (en) | A kind of teledata integrity verification method of facing cloud storage | |
CA2792571C (en) | Hashing prefix-free values in a signature scheme | |
CN103795523B (en) | Electric bidding document multilamellar encrypting and deciphering system and method for e-bidding | |
CN110943976B (en) | Password-based user signature private key management method | |
CN105939191A (en) | Client secure deduplication method of ciphertext data in cloud storage | |
CN107800688A (en) | A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption | |
CN103259660B (en) | Based on the image authentication method of phase recovery and ECDSA | |
CN102710757A (en) | Distributed cloud storage data integrity protection method | |
US9906363B2 (en) | Encrypted data verification system, method and recording medium | |
CN110830235B (en) | Intelligent vehicle networking trusted data encryption method and system based on block chain | |
CN106650503A (en) | Cloud side data integrity verification and restoration method based on IDA | |
JP2013513312A5 (en) | ||
CN104809407A (en) | Method and system for encrypting, decrypting and verifying cloud storage front end data | |
CN102916971A (en) | Electronic data curing system and method | |
CN106506453B (en) | Power big data transmission method and system based on quick matching and integrity detection | |
CN104601563B (en) | The method of the sharable content object cloud storage data property held based on MLE | |
CN103475477A (en) | Safe authorized access method | |
EP3395031A1 (en) | Method for storing data on a storage entity | |
CN110289955A (en) | A kind of key management method for serving certificate agency based on threshold cryptography model | |
CN104967693A (en) | Document similarity calculation method facing cloud storage based on fully homomorphic password technology | |
CN104219047A (en) | A signature verification method and apparatus | |
CN106487786A (en) | A kind of cloud data integrity verification method based on biological characteristic and system | |
GB2498063B (en) | System for checking acceptance of string by automaton | |
CN104780051A (en) | Side channel attack method for SM2 public key cryptography encryption algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20200417 Address after: 210019 floor 4, building 06, No. 18, Jiangdong Street, Jialing, Jianye District, Nanjing, Jiangsu Province Patentee after: Nanjing Dashang Software Technology Co., Ltd Address before: 210044 Nanjing City, Pukou Province, Nanjing Road, No. 219, No. six, No. Patentee before: NANJING UNIVERSITY OF INFORMATION SCIENCE & TECHNOLOGY |