CN109150537A - A kind of File Ownership method of proof based on dynamic Bloom Filter - Google Patents

A kind of File Ownership method of proof based on dynamic Bloom Filter Download PDF

Info

Publication number
CN109150537A
CN109150537A CN201810660485.5A CN201810660485A CN109150537A CN 109150537 A CN109150537 A CN 109150537A CN 201810660485 A CN201810660485 A CN 201810660485A CN 109150537 A CN109150537 A CN 109150537A
Authority
CN
China
Prior art keywords
file
user
bloom filter
server
data block
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810660485.5A
Other languages
Chinese (zh)
Other versions
CN109150537B (en
Inventor
柳毅
王平雁
凌捷
欧毓毅
罗玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN201810660485.5A priority Critical patent/CN109150537B/en
Publication of CN109150537A publication Critical patent/CN109150537A/en
Application granted granted Critical
Publication of CN109150537B publication Critical patent/CN109150537B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a kind of File Ownership method of proof based on dynamic Bloom Filter, include the following steps: that S1, user calculate the abstract h of file F to be uploadedfAnd it is uploaded to server;S2, server check for repetition, repeat if it exists, then initiate verifying challenge to user, and go to the S3 challenge stage;Otherwise, it is desirable that the upper transmitting file of user, and go to S4 and upload the stage;The present invention is based on the File Ownership methods of proof that dynamic Bloom Filter is proposed, so that attacker only can not obtain complete file by document, simultaneously under the premise of guaranteeing Bloom Filter verifying high efficiency, it solves False Rate growing concern, substantially increases the practicability of scheme;The present invention carries out dynamic management using size of the dynamic Bloom Filter to Bloom Filter, and when file increases in cloud storage system, dynamic Bloom Filter can become larger therewith, therefore can efficiently control false positive False Rate in tolerance interval.

Description

A kind of File Ownership method of proof based on dynamic Bloom Filter
Technical field
The present invention relates to File Ownerships to prove technical field, and in particular to a kind of text based on dynamic Bloom Filter Part proof of ownership method.
Background technique
With the continuous development of cloud computing technology, more and more users selection by data be contracted out to cloud carry out storage and Management, in face of the unprecedented huge data volume of scale, how economic, efficiently and safely progress data storage, is cloud service provider A problem (CSP, Cloud Service Provider) in the urgent need to address.One of which be used to reduce cloud storage and open The technology of pin is data deduplication (deduplication) technology, and also referred to as data de-duplication technology, technology only retains portion Data copy eliminates the redundant data in cloud storage between file internal and file, greatly reduces memory space and Netowrk tape Wide consumption.
Typical storage system usually takes the abstract of file to possess voucher as the file of user, cause attacker only with It is obtained with complete file by means of the abstract of file, obtains complete text by document or partial file content in order to prevent Part, researchers propose proof of ownership (PoW, Proof of Ownership), and user must be the case where possessing file It is lower to pass through verifying, to obtain file permission.
Bloom Filter is a kind of efficient probability data structure, for judging whether some element belongs to specifically Set is usually made of 1 binary vector and k mutually independent hash functions.If there is m ratio in a Bloom Filter Special binary vector, initializing all bits is 0;There is n element in set, each element passes through k hash function {H1, H2..., HkBe mapped in the range of { 1,2 ..., m };When being inserted into element x, by the position of k-th of hash function mapping Hi(x) it is set to 1, as shown in Figure 1, n=2, k=3, the place that arrow is directed toward is the bit of hash function mapping, is set It is 1;When inquiring some data object s, { H is calculated1(s), H2(s) ..., Hk(s) }, check whether mapping position is all 1, if It is not all 1, then judges that the set does not include s centainly;If being all 1, s probably belongs to the set, but also has certain probability to occur Erroneous judgement.Assuming that k Function Mapping position of some element for being not belonging to set is all 1 just, then it can judge the element by accident and belong to collection It closes, this phenomenon is referred to as false positive (false positives), and it is higher to work as the more False Rates of element in set.
Dynamic Bloom Filter (DBF, Dynamic Bloom Filter) is by several standards Bloom Filter (SBF, Standard Bloom Filter) composition;SBF quantity in initial stage DBF is 1, and state is active, that is, is judged by accident Rate is less than upper limit value, and with new element is constantly inserted into, final state will become full, i.e. False Rate reaches upper limit value, at this time Increase a new SBF, it is ensured that state is always active, therefore DBF can control False Rate.In addition to insertion operation, The operation such as inquiry, deletion, merging can also be performed in DBF;DBF needs to initialize following parameter: the maximum False Rate of DBF, The upper limit value of SBF quantity s, the maximum False Rate of SBF, the capacity c of the size m, single SBF of single SBF, the Hash of single SBF Function numbers k.
In existing cloud storage proof of ownership duplicate removal scheme, based on the duplicate removal scheme efficiency of Bloom Filter compared with Height, still, retractility, scalability, in terms of still have much room for improvement, such as existing scheme use Bloom Filter It is fixed size, False Rate is continuously increased as the file of cloud storage increases, and cannot be deleted element.
Summary of the invention
The purpose of the present invention is to overcome the shortcomings of the existing technology and deficiency, provides a kind of based on dynamic Bloom Filter File Ownership method of proof, this method makes attacker only not obtain complete file by document, simultaneously Under the premise of guaranteeing Bloom Filter verifying high efficiency, solves False Rate growing concern, substantially increase the reality of scheme The property used.
The purpose of the invention is achieved by the following technical solution:
A kind of File Ownership method of proof based on dynamic Bloom Filter, includes the following steps:
S1, user calculate the abstract h of file F to be uploadedfAnd it is uploaded to server;
S2, server check for repetition, repeat if it exists, then initiate verifying challenge to user, and go to S3 and choose The war stage;Otherwise, it is desirable that the upper transmitting file of user, and go to S4 and upload the stage;
S3 challenges the stage:
S3.1, data block is divided parameter p to server and randomly selected J data block index is sent to user;
S3.2, user divide parameter p according to data block and divide documents into n data block { Bi(1≤i≤n), calculating pair Label { the token for the J data block answeredjAnd return it into server;
Token value is initialized PRF as seed and generates corresponding data block and indexed by S3.3, server, Bloom Filter is by calculating k hash function { H1, H2..., HkMapping value verify the index value whether in set;If The bit mapped in Bloom Filter is all 1, then it represents that user obtains file permission by verifying;Otherwise, user challenges Failure;
S4 uploads the stage:
The size of file to be uploaded is sent server by S4.1, user, and server is according to file size returned data block Divide parameter p;
S4.2, user's calculation document abstract hf, parameter p is divided according to data block and divides documents into n data block { Bi}(1 ≤ i≤n), the label for calculating data block obtains { tokeni, end user is by { tokeni}、{BiAnd hfIt uploads onto the server;
S4.3, server create a dynamic Bloom Filter, and token value is initialized PRF by server And corresponding data block index is generated, it is inserted into Bloom Filter, the bit of mapping is all set to 1;Detect Bloom Whether the state of Filter is active or full, if full, then a new SBF is created in DBF, so that False Rate In controlled range.
The present invention have compared with prior art it is below the utility model has the advantages that
The present invention is based on dynamic Bloom Filter propose File Ownership method of proof so that attacker can not only with Complete file is obtained by means of document, while under the premise of guaranteeing Bloom Filter verifying high efficiency, solving mistake Sentence rate growing concern, substantially increases the practicability of scheme;The present invention is using dynamic Bloom Filter to Bloom Filter Size carry out dynamic management, when in cloud storage system file increase when, dynamic Bloom Filter can become larger therewith, therefore False positive False Rate can be efficiently controlled in tolerance interval.
Detailed description of the invention
Fig. 1 is that standard Bloom Filter maps schematic diagram;
Fig. 2 is dynamic Bloom Filter structural schematic diagram of the present invention;
Fig. 3 is flow chart of the invention.
Symbol description table
Specific embodiment
Present invention will now be described in further detail with reference to the embodiments and the accompanying drawings, but embodiments of the present invention are unlimited In this.
As shown in figures 2-3, a kind of File Ownership method of proof based on dynamic Bloom Filter, including following steps It is rapid:
S1, user calculate the abstract h of file F to be uploadedfAnd it is uploaded to server;
S2, server check for repetition, repeat if it exists, then initiate verifying challenge to user, and go to S3 and choose The war stage;Otherwise, it is desirable that the upper transmitting file of user, and go to S4 and upload the stage;
S3 challenges the stage:
S3.1, data block is divided parameter p to server and randomly selected J data block index is sent to user;
S3.2, user divide parameter p according to data block and divide documents into n data block { Bi(1≤i≤n), calculating pair Label { the token for the J data block answeredjAnd return it into server;
Token value is initialized PRF as seed and generates corresponding data block and indexed by S3.3, server, Bloom Filter is by calculating k hash function { H1, H2..., HkMapping value verify the index value whether in set;If The bit mapped in Bloom Filter is all 1, then it represents that user obtains file permission by verifying;Otherwise, user challenges Failure;
S4 uploads the stage:
The size of file to be uploaded is sent server by S4.1, user, and server is according to file size returned data block Divide parameter p;
S4.2, user's calculation document abstract hf, parameter p is divided according to data block and divides documents into n data block { Bi}(1 ≤ i≤n), the label for calculating data block obtains { tokeni, end user is by { tokeni}、{BiAnd hfIt uploads onto the server;
S4.3, server create a dynamic Bloom Filter, and token value is initialized PRF by server And corresponding data block index is generated, it is inserted into Bloom Filter, the bit of mapping is all set to 1;Detect Bloom Whether the state of Filter is active or full, if full, then a new SBF is created in DBF, so that False Rate In controlled range.
User must could obtain file permission by the verifying of proof of ownership, and this method can be used for cloud storage across client Duplicate removal is held, can be avoided the security risk that user only relies on document that can obtain complete file;The present disclosure applies equally to The duplicate removal of ciphertext data, ciphertext data deduplication scheme is similar therewith, for example, can on the basis of this method using convergent encryption come pair Data are encrypted, and guarantee that different user is identical to the encrypted result of same part data, across user ciphertext data can be realized and go Weight.
The present invention is based on dynamic Bloom Filter propose File Ownership method of proof so that attacker can not only with Complete file is obtained by means of document, while under the premise of guaranteeing Bloom Filter verifying high efficiency, solving mistake Sentence rate growing concern, substantially increases the practicability of scheme;When server carries out repeated detection, discovery cloud storage system has been deposited In user's file to be uploaded, server user will be initiated challenge, due to challenge data block be it is random, illegal user exists There is no the probability of correct challenge-response in the case where complete file negligible, however illegal user still may be in Bloom Filter occurs to pass through verifying when false positive erroneous judgement, and since existing scheme uses standard Bloom Filter, size is fixed, false sun Property False Rate constantly increases with the increase of file in cloud storage system, therefore scheme practicability is very restricted, needle For this, the present invention carries out dynamic management using size of the dynamic Bloom Filter to Bloom Filter, when cloud storage system When file increases in system, dynamic Bloom Filter can become larger therewith, therefore can efficiently control false positive False Rate can Receive range.
Above-mentioned is the preferable embodiment of the present invention, but embodiments of the present invention are not limited by the foregoing content, His any changes, modifications, substitutions, combinations, simplifications made without departing from the spirit and principles of the present invention, should be The substitute mode of effect, is included within the scope of the present invention.

Claims (1)

1. a kind of File Ownership method of proof based on dynamic Bloom Filter, which is characterized in that include the following steps:
S1, user calculate the abstract h of file F to be uploadedfAnd it is uploaded to server;
S2, server check for repetition, repeat if it exists, then initiate verifying challenge to user, and go to S3 challenge rank Section;Otherwise, it is desirable that the upper transmitting file of user, and go to S4 and upload the stage;
S3 challenges the stage:
S3.1, data block is divided parameter p to server and randomly selected J data block index is sent to user;
S3.2, user divide parameter p according to data block and divide documents into n data block { Bi(1≤i≤n), calculate corresponding J Label { the token of a data blockjAnd return it into server;
Token value is initialized PRF as seed and generates corresponding data block and indexed by S3.3, server, Bloom Filter By calculating k hash function { H1, H2..., HkMapping value verify the index value whether in set;If Bloom The bit mapped in Filter is all 1, then it represents that user obtains file permission by verifying;Otherwise, user challenges failure;
S4 uploads the stage:
The size of file to be uploaded is sent server by S4.1, user, and server is divided according to file size returned data block Parameter p;
S4.2, user's calculation document abstract hf, parameter p is divided according to data block and divides documents into n data block { Bi}(1≤i ≤ n), the label for calculating data block obtains { tokeni, end user is by { tokeni}、{BiAnd hfIt uploads onto the server;
S4.3, server create a dynamic Bloom Filter, and token value is initialized PRF as seed and produced by server Raw corresponding data block index, is inserted into Bloom Filter, the bit of mapping is all set to 1;Detect Bloom Filter State whether be active or full, if full, then in DBF create a new SBF so that False Rate is controllable Range.
CN201810660485.5A 2018-06-25 2018-06-25 File ownership proving method based on dynamic Bloom Filter Active CN109150537B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810660485.5A CN109150537B (en) 2018-06-25 2018-06-25 File ownership proving method based on dynamic Bloom Filter

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810660485.5A CN109150537B (en) 2018-06-25 2018-06-25 File ownership proving method based on dynamic Bloom Filter

Publications (2)

Publication Number Publication Date
CN109150537A true CN109150537A (en) 2019-01-04
CN109150537B CN109150537B (en) 2021-08-17

Family

ID=64802284

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810660485.5A Active CN109150537B (en) 2018-06-25 2018-06-25 File ownership proving method based on dynamic Bloom Filter

Country Status (1)

Country Link
CN (1) CN109150537B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114760061A (en) * 2020-12-29 2022-07-15 深信服科技股份有限公司 Data uploading method, device, equipment and storage medium
US11741258B2 (en) 2021-04-16 2023-08-29 International Business Machines Corporation Dynamic data dissemination under declarative data subject constraints

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102810107A (en) * 2011-06-01 2012-12-05 英业达股份有限公司 Processing method for repeating data
CN103838850A (en) * 2014-03-11 2014-06-04 湖州师范学院 Hashing data representing and querying method based on dynamic counting type Bloom filter
CN105320654A (en) * 2014-05-28 2016-02-10 中国科学院深圳先进技术研究院 Dynamic bloom filter and element operating method based on same
CN105897921A (en) * 2016-05-27 2016-08-24 重庆大学 Data block routing method combining fingerprint sampling and reducing data fragments
CN105938480A (en) * 2016-04-07 2016-09-14 重庆大学 RFID redundant data cleansing method and system based on DTBF
CN106612320A (en) * 2016-06-14 2017-05-03 四川用联信息技术有限公司 Encrypted data dereplication method for cloud storage

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102810107A (en) * 2011-06-01 2012-12-05 英业达股份有限公司 Processing method for repeating data
CN103838850A (en) * 2014-03-11 2014-06-04 湖州师范学院 Hashing data representing and querying method based on dynamic counting type Bloom filter
CN105320654A (en) * 2014-05-28 2016-02-10 中国科学院深圳先进技术研究院 Dynamic bloom filter and element operating method based on same
CN105938480A (en) * 2016-04-07 2016-09-14 重庆大学 RFID redundant data cleansing method and system based on DTBF
CN105897921A (en) * 2016-05-27 2016-08-24 重庆大学 Data block routing method combining fingerprint sampling and reducing data fragments
CN106612320A (en) * 2016-06-14 2017-05-03 四川用联信息技术有限公司 Encrypted data dereplication method for cloud storage

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
D.GUO,J.WU: "The Dynamic Bloom Filter", 《IEEE》 *
严华云,关佶红: "Bloom Filter研究进展", 《电信科学》 *
赵艳红,李洪奇: "基于Bloom Filter的去重方法研究", 《计算技术与自动化》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114760061A (en) * 2020-12-29 2022-07-15 深信服科技股份有限公司 Data uploading method, device, equipment and storage medium
CN114760061B (en) * 2020-12-29 2023-09-05 深信服科技股份有限公司 Method, device, equipment and storage medium for uploading data
US11741258B2 (en) 2021-04-16 2023-08-29 International Business Machines Corporation Dynamic data dissemination under declarative data subject constraints

Also Published As

Publication number Publication date
CN109150537B (en) 2021-08-17

Similar Documents

Publication Publication Date Title
Wang et al. A three-layer privacy preserving cloud storage scheme based on computational intelligence in fog computing
CN106127075B (en) Encryption method can search for based on secret protection under a kind of cloud storage environment
CN105868305B (en) A kind of cloud storage data deduplication method for supporting fuzzy matching
CN106101257B (en) A kind of cloud storage data managing method and device based on Bloom filter
Storer et al. Secure data deduplication
CN103944988A (en) Repeating data deleting system and method applicable to cloud storage
CN102045356B (en) Cloud-storage-oriented trusted storage verification method and system
CN104468615A (en) Data sharing based file access and permission change control method
CN108156140A (en) A kind of multiple key that numerical attribute is supported to compare can search for encryption method
CN104780161A (en) Searchable encryption method supporting multiple users in cloud storage
CN113221155B (en) Multi-level and multi-level encrypted cloud storage system
Zhang et al. F-TPE: Flexible thumbnail-preserving encryption based on multi-pixel sum-preserving encryption
CN108123934A (en) A kind of data integrity verifying method towards mobile terminal
CN106603561A (en) Block level encryption method in cloud storage and multi-granularity deduplication method
CN109150537A (en) A kind of File Ownership method of proof based on dynamic Bloom Filter
CN110968452A (en) Data integrity verification method capable of safely removing duplicate in cloud storage of smart power grid
CN114244498A (en) Dynamic searchable public key encryption method with forward security
Chen et al. Image Deduplication Based on Hashing and Clustering in Cloud Storage.
CN111368317A (en) Computer data encryption system and method
CN112417509B (en) Data security de-duplication method based on self-encoder
CN114401116B (en) Trusted data transmission method based on HK-Means and security detection
CN111859425B (en) Wildcard searchable encryption method based on attributes
Baliga et al. A Web Based Covert File System.
Sun et al. Research of data security model in cloud computing platform for SMEs
CN108600159A (en) A kind of industrial control system Information Security Defending System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant