CN107395355A - A kind of cloud storage data integrity verification method based on implicit trusted third party - Google Patents

A kind of cloud storage data integrity verification method based on implicit trusted third party Download PDF

Info

Publication number
CN107395355A
CN107395355A CN201710436973.3A CN201710436973A CN107395355A CN 107395355 A CN107395355 A CN 107395355A CN 201710436973 A CN201710436973 A CN 201710436973A CN 107395355 A CN107395355 A CN 107395355A
Authority
CN
China
Prior art keywords
div
data integrity
trusted
implicit
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710436973.3A
Other languages
Chinese (zh)
Other versions
CN107395355B (en
Inventor
凌捷
吴颖豪
罗玉
谢锐
柳毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN201710436973.3A priority Critical patent/CN107395355B/en
Publication of CN107395355A publication Critical patent/CN107395355A/en
Application granted granted Critical
Publication of CN107395355B publication Critical patent/CN107395355B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority

Abstract

Current data integrity verification method both domestic and external is broadly divided into two classes according to function:Support private checking and support open checking.The former computing cost is low than the latter, but because data verification person's itself is insincere, is not particularly suited for the data verification scene of reality;In actual applications, because the data volume for being stored in cloud service is huge, the verification efficiency of the latter becomes more and more lower with the increase of data volume, causes practicality not high.The present invention proposes a kind of cloud storage data integrity verification method based on implicit trusted third party.Method is verified framework and shown by implicit trusted third party distorts the open checking of daily record realization, reduces the online demand of user to greatest extent.Complete to verify using ECC AESs, efficiency can be improved than existing other method, the realizability of open checking is improved while guaranteed efficiency.

Description

A kind of cloud storage data integrity verification method based on implicit trusted third party
Technical field
The present invention relates to cloud storage technical field, more particularly to a kind of verification method of cloud storage data integrity.
Background technology
Along with the extensive use of cloud storage technology, threat caused by the data safety of Cloud Server is stored in increasingly Cause the concern of people.When data storage be related to enterprise's sensitive data (the Hospital medical business that is included in such as electronic health record or Financial situation) or during individual privacy information (the patients' privacy illness included in such as electronic health record), how to ensure the complete of data Property is particularly important.
Current data integrity verification method both domestic and external is broadly divided into two classes according to function:Support private checking and support Open checking.The former computing cost is low than the latter, but because data verification person's itself is insincere, is not particularly suited for The data verification scene of reality.The latter introduces trusted third party (trusted third party, abbreviation TTP) checking data, will AES is combined with Bilinear map technology so that TTP completes to verify and return result in the case where that can not obtain data User.But because it is related to efficient e computings in Bilinear map computing, therefore the computing cost of the latter is far longer than the former.In reality In the application of border, the data volume due to being stored in cloud service is huge, and the verification efficiency of the latter becomes with the increase of data volume Must be more and more lower, cause practicality not high.
The content of the invention
In view of the deficienciess of the prior art, the present invention proposes that a kind of cloud storage data based on implicit trusted third party are complete Integrity verification method, computing cost is reduced while open authentication function is realized.
A kind of cloud storage data integrity verification method based on implicit trusted third party, its technical method is divided into following several Individual part:
(1) introduce PKI mechanism, respectively data integrity validation module (data integrity verify, DIV) and User generates a pair of RSA keys:(dpk, dsk) and (upk, usk);
(2) user's selection key is data encryption using ECC AESs, calculates label, utilizes DIV dpk to encrypt private Key;
(3) DIV initiates to challenge to CSP when verifying, server calculates data evidence and returned as requested after accepting challenges Experimental evidence;
(4) DIV experimental evidences generate corresponding checking journal entry according to result, are sent to CSP and write daily record by CSP.
Brief description of the drawings
Fig. 1 is tripartite's interaction of implicit trusted third party's checking framework;
Fig. 2 is checking business process map;
Fig. 3 is the aobvious checking log chain for distorting daily record.
Embodiment
Implicit trusted third party's checking framework, tripartite's interaction of implicit trusted third party's checking framework are as shown in Figure 1.
Verification method based on ECC:
It is assumed that λ is security parameter, h and f are pseudo-random function (PRF), and per is pseudo-random permutation (PRP), and H is Hash letter Number.We input security parameter λ and l to pseudo-random function and pseudo-random permutation function.h:{ 0,1 }*→ { 0,1 }m
(1) initialization process
PKI mechanism is introduced, respectively DIV and User generate a pair of RSA keys:(dpk, dsk) and (upk, usk), by text Part m points are isometric n blocks, { m1, m2...mn}。
KeyGen(1λ) → (pk, sk):
1. user chooses one and is defined on domain FqOn elliptic curve E (Fq), take a littleAs on the curve Basic point;
2. and then for given security parameter λ (herein referring to key length), d is chosen as private key sk, P (x, y)=d G (x, y) is used as public key pk.
3. user utilizes DIV upk encryption keys d.
(2) label is produced
TagGen (pk, sk, m) → Tm
1. user selectsAs coefficient, i is the unique index of each blocks of files here;
2. calculate kG (x, y) and T using public keyi=kP (x, y)+mi+h(i);
3. output label TiAnd G0(x, y)=kG (x, y), and send it to Cloud Server.
(3) generation challenge
During checking, DIV initiates challenge Q=(c, k to server1, k2), k1, k2The number randomly selected, respectively as with Machine permutation function per and pseudo-random function f key, for allowing server to calculate sample block coefficient ijWith coefficient correlation αj, c is The quantity of challenge data block.
(4) generation proves
GenProof (pk, F, Q) → Tm
After DIV challenges to server, server can calculate corresponding proof, note F=(m according to challenge1, m2… mn) and T=(T1, T2…Tn)。
1. for 1≤j≤c, server calculates the corresponding coefficient for the block being sampled
2. calculateLabel proves
And
3. outputAnd send it to proofs of the DIV as challenge-response.
(5) checking proves
VeriProof (pk, sk, Q, ρ) → { success, " failure " }
1. user calculatesDraw and sampled Block sequence number and coefficient of correspondence;
2. calculate
3. checkingWhether set up, if then exporting " success ", otherwise export " failure ".
Verify daily record
Verify that daily record generates audit log according to data integrity inspection result by DIV and examined by DIV according to the data property held The fruit that comes to an end generates, the structured record (Fig. 3) being stored on magnetic disk media.Journal entry (log entry, abbreviation LE) is basis One journal entry of the property held inspection result generation, a log chain will be formed corresponding to all journal entries of same file group Table.User is by having access to the daily record chained list of file, you can checks the property the held audit history of this document.LE is made up of 5 fields, Wherein, result is the result of this property held inspection, as a result represents that file is intact for 1, is as a result damaged for 0 expression file; Time is the time of daily record generation, for ensureing the freshness and non-reproduction of journal entry;Eid be journal entry in cloud only One mark;Prev_eid is once journal entry identifies corresponding to audit before identical file, for forming daily record chained list;Sig is DIV Utilize RSA signatures of its private key dsk to result, time, eid and prev_eid together.
Item quotes (entry reference, abbreviation ER) and corresponds uniquely to a file, is made up of 5 fields, its In, UID is the identity of user, and GID is the mark of this document, and the two is unique in cloud;Eid is a journal entry mark Know;Time is the timestamp that ER is created or modified;Sig is RSA signatures of the DIV using its private key dsk to preceding 4 fields;ER Journal entry LE caused by always being audited with the newest once property held of this document has identical eid. after file is created, DIV generates the file that a corresponding ER did not audit, i.e., without corresponding journal entry, its ER.eid is 1, and ER.sig is sky.
DIV realization
It is proposed that realize implicit DIV with anti-tamper (tamper-resistant) reliable hardware with following properties: Other entities can not change its internal processes and state, it is impossible to obtain its key information;Attacked when detecting for the physics of oneself When hitting, DIV should be able to perform self to secret information and destroy.Existing security coprocessor product such as IBM 4764 [17], can be with Meet DIV above-mentioned functional requirement.Due to DIV deployment beyond the clouds, SSP should ensure that DIV normal work, not by from the external world Attack.Therefore, whether daily record chained list is imperfect caused by DIV self is destroyed or user data is damaged, and all judges Associated responsibilities are not fulfiled for DIV.
DIV and CSP interaction protocol
Assuming that successful deployment, each side can smoothly obtain the public key of other party to PKI, interaction protocol given here only relates to And data integrity validation flow is as shown in Figure 2.CSP periodically sends checking request to DIV, and each cycle is represented with epoch. After DIV receives checking request, generation challenge is initiated to challenge to CSP.CSP calculates evidence P according to the challenge that receives, and by its together with The ER of this document group sends jointly to DIV.If this document is to receive audit for the first time, it is NULL, LE.prev_ to put ER.eid Eid is NULL.After DIV receives evidence and ER, ER freshness and the true and false (by time and sig domains) are verified, is verified, then New journal entry LE is generated, by the result write-in wherein, and updates ER time and sig domains.LE is returned to together with ER CSP, by its write verification daily record.
The specific embodiment of the present invention is described above.It is to be appreciated that the invention is not limited in above-mentioned Particular implementation, those skilled in the art can make various deformations or amendments within the scope of the claims, this not shadow Ring the substantive content of the present invention.

Claims (5)

  1. A kind of 1. cloud storage data integrity verification method based on implicit trusted third party, it is characterised in that:Including following step Suddenly:D) PKI mechanism, respectively data integrity validation module (data integrity verify, DIV) and User lifes are introduced RSA keys in a pair:(dpk, dsk) and (upk, usk);
    2) user's selection key is data encryption using ECC AESs, calculates label, utilizes DIV dpk encryption key;
    3) DIV initiates to challenge to CSP when verifying, server calculates data evidence after accepting challenges and returns to checking card as requested According to;
    4) DIV experimental evidences generate corresponding checking journal entry according to result, are sent to CSP and write daily record by CSP.
  2. 2. a kind of cloud storage data integrity verification method based on implicit trusted third party according to claim 1, its It is characterised by:It is that data integrity validation module (data integrity verify, DIV) and User are generated using PKI mechanism A pair of RSA keys:(dpk, dsk) and (upk, usk), key decryption corresponding data need to be utilized during subsequent authentication.
  3. 3. a kind of cloud storage data integrity verification method based on implicit trusted third party according to claim 1, its It is characterised by:It is data encryption using ECC AESs, calculates label, and send into CSP, is encrypted using DIV dpk private Key is simultaneously sent to DIV.
  4. 4. a kind of cloud storage data integrity verification method based on implicit trusted third party according to claim 1, its It is characterised by:DIV initiates to challenge to CSP during checking, challenge set Q=(c, k1, k2), server is as requested after accepting challenges Calculate data evidence and return to experimental evidence, k1, k2It is the number randomly selected, c is the quantity of challenge data block.
  5. 5. a kind of cloud storage data integrity verification method based on implicit trusted third party according to claim 1, its It is characterised by:DIV and using itself key dsk decryption acquisition user's key and using the key experimental evidence generated according to result Corresponding checking journal entry, is sent to CSP and writes daily record by CSP.
CN201710436973.3A 2017-06-12 2017-06-12 Cloud storage data integrity verification method based on implicit trusted third party Active CN107395355B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710436973.3A CN107395355B (en) 2017-06-12 2017-06-12 Cloud storage data integrity verification method based on implicit trusted third party

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710436973.3A CN107395355B (en) 2017-06-12 2017-06-12 Cloud storage data integrity verification method based on implicit trusted third party

Publications (2)

Publication Number Publication Date
CN107395355A true CN107395355A (en) 2017-11-24
CN107395355B CN107395355B (en) 2020-12-11

Family

ID=60331735

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710436973.3A Active CN107395355B (en) 2017-06-12 2017-06-12 Cloud storage data integrity verification method based on implicit trusted third party

Country Status (1)

Country Link
CN (1) CN107395355B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108171078A (en) * 2017-12-27 2018-06-15 中国信息安全测评中心 A kind of data security method and device towards third-party cloud platform evaluation system
US10877672B2 (en) 2018-07-31 2020-12-29 International Business Machines Corporation Auditing stored data slices in a dispersed storage network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103414690A (en) * 2013-07-15 2013-11-27 北京航空航天大学 Publicly-verifiable cloud data possession checking method
CN103699851A (en) * 2013-11-22 2014-04-02 杭州师范大学 Remote data completeness verification method facing cloud storage
CN103986732A (en) * 2014-06-04 2014-08-13 青岛大学 Cloud storage data auditing method for preventing secret key from being revealed
CN106301789A (en) * 2016-08-16 2017-01-04 电子科技大学 Apply the dynamic verification method of the cloud storage data that linear homomorphism based on lattice signs

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103414690A (en) * 2013-07-15 2013-11-27 北京航空航天大学 Publicly-verifiable cloud data possession checking method
CN103699851A (en) * 2013-11-22 2014-04-02 杭州师范大学 Remote data completeness verification method facing cloud storage
CN103986732A (en) * 2014-06-04 2014-08-13 青岛大学 Cloud storage data auditing method for preventing secret key from being revealed
CN106301789A (en) * 2016-08-16 2017-01-04 电子科技大学 Apply the dynamic verification method of the cloud storage data that linear homomorphism based on lattice signs

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108171078A (en) * 2017-12-27 2018-06-15 中国信息安全测评中心 A kind of data security method and device towards third-party cloud platform evaluation system
CN108171078B (en) * 2017-12-27 2021-08-31 中国信息安全测评中心 Data preservation method and device of cloud platform evaluation system facing third party
US10877672B2 (en) 2018-07-31 2020-12-29 International Business Machines Corporation Auditing stored data slices in a dispersed storage network
US10956055B2 (en) 2018-07-31 2021-03-23 International Business Machines Corporation Auditing stored data slices in a dispersed storage network

Also Published As

Publication number Publication date
CN107395355B (en) 2020-12-11

Similar Documents

Publication Publication Date Title
Qadir et al. A review paper on cryptography
US10839070B1 (en) Securely executing smart contract operations in a trusted execution environment
US11186111B1 (en) Digitally encoded seal for document verification
CN109194466A (en) A kind of cloud data integrity detection method and system based on block chain
JP2007522739A (en) One-way authentication
CN107659401A (en) The secure data duplicate removal encryption method that a kind of similitude perceives
WO2023160090A1 (en) Proof generation method and apparatus, electronic device, and storage medium
CN110336663A (en) A kind of PUFs based on block chain technology certificate scheme group to group
CN110837634B (en) Electronic signature method based on hardware encryption machine
Sathya et al. A comprehensive study of blockchain services: future of cryptography
Habib et al. A Blockchain-based Technique to Prevent Grade Tampering: A University Perspective
US20060200667A1 (en) Method and system for consistent recognition of ongoing digital relationships
CN107395355A (en) A kind of cloud storage data integrity verification method based on implicit trusted third party
Sharma et al. Nonce: Life cycle, issues and challenges in cryptography
CN113285934B (en) Method and device for detecting IP (Internet protocol) of server cryptographic machine client based on digital signature
KR20010068113A (en) Method for protecting forgery and alteration of smart card using angular multiplexing hologram and system thereof
CN115147975A (en) Encryption network voting method based on block chain
Verma et al. Applications of Data Security and Blockchain in Smart City Identity Management
Muhaya Security analysis and improvement of a mutual authentication scheme under trusted computing
Penubadi et al. Sustainable electronic document security: a comprehensive framework integrating encryption, digital signature and watermarking algorithms
CN112307519B (en) Hierarchical verifiable query system based on selective leakage
Rührmair Disorder-based security hardware: an overview
Pierson et al. Authentication without secrets
Naveen Kumar et al. Chip-based key distribution technique
Narayanankutty et al. Novel authentication system for personal and domestic network systems using image feature comparison and digital signatures

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant