CN109150537A - A kind of File Ownership method of proof based on dynamic Bloom Filter - Google Patents
A kind of File Ownership method of proof based on dynamic Bloom Filter Download PDFInfo
- Publication number
- CN109150537A CN109150537A CN201810660485.5A CN201810660485A CN109150537A CN 109150537 A CN109150537 A CN 109150537A CN 201810660485 A CN201810660485 A CN 201810660485A CN 109150537 A CN109150537 A CN 109150537A
- Authority
- CN
- China
- Prior art keywords
- file
- user
- bloom filter
- server
- data block
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a kind of File Ownership method of proof based on dynamic Bloom Filter, include the following steps: that S1, user calculate the abstract h of file F to be uploadedfAnd it is uploaded to server;S2, server check for repetition, repeat if it exists, then initiate verifying challenge to user, and go to the S3 challenge stage;Otherwise, it is desirable that the upper transmitting file of user, and go to S4 and upload the stage;The present invention is based on the File Ownership methods of proof that dynamic Bloom Filter is proposed, so that attacker only can not obtain complete file by document, simultaneously under the premise of guaranteeing Bloom Filter verifying high efficiency, it solves False Rate growing concern, substantially increases the practicability of scheme;The present invention carries out dynamic management using size of the dynamic Bloom Filter to Bloom Filter, and when file increases in cloud storage system, dynamic Bloom Filter can become larger therewith, therefore can efficiently control false positive False Rate in tolerance interval.
Description
Technical field
The present invention relates to File Ownerships to prove technical field, and in particular to a kind of text based on dynamic Bloom Filter
Part proof of ownership method.
Background technique
With the continuous development of cloud computing technology, more and more users selection by data be contracted out to cloud carry out storage and
Management, in face of the unprecedented huge data volume of scale, how economic, efficiently and safely progress data storage, is cloud service provider
A problem (CSP, Cloud Service Provider) in the urgent need to address.One of which be used to reduce cloud storage and open
The technology of pin is data deduplication (deduplication) technology, and also referred to as data de-duplication technology, technology only retains portion
Data copy eliminates the redundant data in cloud storage between file internal and file, greatly reduces memory space and Netowrk tape
Wide consumption.
Typical storage system usually takes the abstract of file to possess voucher as the file of user, cause attacker only with
It is obtained with complete file by means of the abstract of file, obtains complete text by document or partial file content in order to prevent
Part, researchers propose proof of ownership (PoW, Proof of Ownership), and user must be the case where possessing file
It is lower to pass through verifying, to obtain file permission.
Bloom Filter is a kind of efficient probability data structure, for judging whether some element belongs to specifically
Set is usually made of 1 binary vector and k mutually independent hash functions.If there is m ratio in a Bloom Filter
Special binary vector, initializing all bits is 0;There is n element in set, each element passes through k hash function
{H1, H2..., HkBe mapped in the range of { 1,2 ..., m };When being inserted into element x, by the position of k-th of hash function mapping
Hi(x) it is set to 1, as shown in Figure 1, n=2, k=3, the place that arrow is directed toward is the bit of hash function mapping, is set
It is 1;When inquiring some data object s, { H is calculated1(s), H2(s) ..., Hk(s) }, check whether mapping position is all 1, if
It is not all 1, then judges that the set does not include s centainly;If being all 1, s probably belongs to the set, but also has certain probability to occur
Erroneous judgement.Assuming that k Function Mapping position of some element for being not belonging to set is all 1 just, then it can judge the element by accident and belong to collection
It closes, this phenomenon is referred to as false positive (false positives), and it is higher to work as the more False Rates of element in set.
Dynamic Bloom Filter (DBF, Dynamic Bloom Filter) is by several standards Bloom Filter
(SBF, Standard Bloom Filter) composition;SBF quantity in initial stage DBF is 1, and state is active, that is, is judged by accident
Rate is less than upper limit value, and with new element is constantly inserted into, final state will become full, i.e. False Rate reaches upper limit value, at this time
Increase a new SBF, it is ensured that state is always active, therefore DBF can control False Rate.In addition to insertion operation,
The operation such as inquiry, deletion, merging can also be performed in DBF;DBF needs to initialize following parameter: the maximum False Rate of DBF,
The upper limit value of SBF quantity s, the maximum False Rate of SBF, the capacity c of the size m, single SBF of single SBF, the Hash of single SBF
Function numbers k.
In existing cloud storage proof of ownership duplicate removal scheme, based on the duplicate removal scheme efficiency of Bloom Filter compared with
Height, still, retractility, scalability, in terms of still have much room for improvement, such as existing scheme use Bloom Filter
It is fixed size, False Rate is continuously increased as the file of cloud storage increases, and cannot be deleted element.
Summary of the invention
The purpose of the present invention is to overcome the shortcomings of the existing technology and deficiency, provides a kind of based on dynamic Bloom Filter
File Ownership method of proof, this method makes attacker only not obtain complete file by document, simultaneously
Under the premise of guaranteeing Bloom Filter verifying high efficiency, solves False Rate growing concern, substantially increase the reality of scheme
The property used.
The purpose of the invention is achieved by the following technical solution:
A kind of File Ownership method of proof based on dynamic Bloom Filter, includes the following steps:
S1, user calculate the abstract h of file F to be uploadedfAnd it is uploaded to server;
S2, server check for repetition, repeat if it exists, then initiate verifying challenge to user, and go to S3 and choose
The war stage;Otherwise, it is desirable that the upper transmitting file of user, and go to S4 and upload the stage;
S3 challenges the stage:
S3.1, data block is divided parameter p to server and randomly selected J data block index is sent to user;
S3.2, user divide parameter p according to data block and divide documents into n data block { Bi(1≤i≤n), calculating pair
Label { the token for the J data block answeredjAnd return it into server;
Token value is initialized PRF as seed and generates corresponding data block and indexed by S3.3, server, Bloom
Filter is by calculating k hash function { H1, H2..., HkMapping value verify the index value whether in set;If
The bit mapped in Bloom Filter is all 1, then it represents that user obtains file permission by verifying;Otherwise, user challenges
Failure;
S4 uploads the stage:
The size of file to be uploaded is sent server by S4.1, user, and server is according to file size returned data block
Divide parameter p;
S4.2, user's calculation document abstract hf, parameter p is divided according to data block and divides documents into n data block { Bi}(1
≤ i≤n), the label for calculating data block obtains { tokeni, end user is by { tokeni}、{BiAnd hfIt uploads onto the server;
S4.3, server create a dynamic Bloom Filter, and token value is initialized PRF by server
And corresponding data block index is generated, it is inserted into Bloom Filter, the bit of mapping is all set to 1;Detect Bloom
Whether the state of Filter is active or full, if full, then a new SBF is created in DBF, so that False Rate
In controlled range.
The present invention have compared with prior art it is below the utility model has the advantages that
The present invention is based on dynamic Bloom Filter propose File Ownership method of proof so that attacker can not only with
Complete file is obtained by means of document, while under the premise of guaranteeing Bloom Filter verifying high efficiency, solving mistake
Sentence rate growing concern, substantially increases the practicability of scheme;The present invention is using dynamic Bloom Filter to Bloom Filter
Size carry out dynamic management, when in cloud storage system file increase when, dynamic Bloom Filter can become larger therewith, therefore
False positive False Rate can be efficiently controlled in tolerance interval.
Detailed description of the invention
Fig. 1 is that standard Bloom Filter maps schematic diagram;
Fig. 2 is dynamic Bloom Filter structural schematic diagram of the present invention;
Fig. 3 is flow chart of the invention.
Symbol description table
Specific embodiment
Present invention will now be described in further detail with reference to the embodiments and the accompanying drawings, but embodiments of the present invention are unlimited
In this.
As shown in figures 2-3, a kind of File Ownership method of proof based on dynamic Bloom Filter, including following steps
It is rapid:
S1, user calculate the abstract h of file F to be uploadedfAnd it is uploaded to server;
S2, server check for repetition, repeat if it exists, then initiate verifying challenge to user, and go to S3 and choose
The war stage;Otherwise, it is desirable that the upper transmitting file of user, and go to S4 and upload the stage;
S3 challenges the stage:
S3.1, data block is divided parameter p to server and randomly selected J data block index is sent to user;
S3.2, user divide parameter p according to data block and divide documents into n data block { Bi(1≤i≤n), calculating pair
Label { the token for the J data block answeredjAnd return it into server;
Token value is initialized PRF as seed and generates corresponding data block and indexed by S3.3, server, Bloom
Filter is by calculating k hash function { H1, H2..., HkMapping value verify the index value whether in set;If
The bit mapped in Bloom Filter is all 1, then it represents that user obtains file permission by verifying;Otherwise, user challenges
Failure;
S4 uploads the stage:
The size of file to be uploaded is sent server by S4.1, user, and server is according to file size returned data block
Divide parameter p;
S4.2, user's calculation document abstract hf, parameter p is divided according to data block and divides documents into n data block { Bi}(1
≤ i≤n), the label for calculating data block obtains { tokeni, end user is by { tokeni}、{BiAnd hfIt uploads onto the server;
S4.3, server create a dynamic Bloom Filter, and token value is initialized PRF by server
And corresponding data block index is generated, it is inserted into Bloom Filter, the bit of mapping is all set to 1;Detect Bloom
Whether the state of Filter is active or full, if full, then a new SBF is created in DBF, so that False Rate
In controlled range.
User must could obtain file permission by the verifying of proof of ownership, and this method can be used for cloud storage across client
Duplicate removal is held, can be avoided the security risk that user only relies on document that can obtain complete file;The present disclosure applies equally to
The duplicate removal of ciphertext data, ciphertext data deduplication scheme is similar therewith, for example, can on the basis of this method using convergent encryption come pair
Data are encrypted, and guarantee that different user is identical to the encrypted result of same part data, across user ciphertext data can be realized and go
Weight.
The present invention is based on dynamic Bloom Filter propose File Ownership method of proof so that attacker can not only with
Complete file is obtained by means of document, while under the premise of guaranteeing Bloom Filter verifying high efficiency, solving mistake
Sentence rate growing concern, substantially increases the practicability of scheme;When server carries out repeated detection, discovery cloud storage system has been deposited
In user's file to be uploaded, server user will be initiated challenge, due to challenge data block be it is random, illegal user exists
There is no the probability of correct challenge-response in the case where complete file negligible, however illegal user still may be in Bloom
Filter occurs to pass through verifying when false positive erroneous judgement, and since existing scheme uses standard Bloom Filter, size is fixed, false sun
Property False Rate constantly increases with the increase of file in cloud storage system, therefore scheme practicability is very restricted, needle
For this, the present invention carries out dynamic management using size of the dynamic Bloom Filter to Bloom Filter, when cloud storage system
When file increases in system, dynamic Bloom Filter can become larger therewith, therefore can efficiently control false positive False Rate can
Receive range.
Above-mentioned is the preferable embodiment of the present invention, but embodiments of the present invention are not limited by the foregoing content,
His any changes, modifications, substitutions, combinations, simplifications made without departing from the spirit and principles of the present invention, should be
The substitute mode of effect, is included within the scope of the present invention.
Claims (1)
1. a kind of File Ownership method of proof based on dynamic Bloom Filter, which is characterized in that include the following steps:
S1, user calculate the abstract h of file F to be uploadedfAnd it is uploaded to server;
S2, server check for repetition, repeat if it exists, then initiate verifying challenge to user, and go to S3 challenge rank
Section;Otherwise, it is desirable that the upper transmitting file of user, and go to S4 and upload the stage;
S3 challenges the stage:
S3.1, data block is divided parameter p to server and randomly selected J data block index is sent to user;
S3.2, user divide parameter p according to data block and divide documents into n data block { Bi(1≤i≤n), calculate corresponding J
Label { the token of a data blockjAnd return it into server;
Token value is initialized PRF as seed and generates corresponding data block and indexed by S3.3, server, Bloom Filter
By calculating k hash function { H1, H2..., HkMapping value verify the index value whether in set;If Bloom
The bit mapped in Filter is all 1, then it represents that user obtains file permission by verifying;Otherwise, user challenges failure;
S4 uploads the stage:
The size of file to be uploaded is sent server by S4.1, user, and server is divided according to file size returned data block
Parameter p;
S4.2, user's calculation document abstract hf, parameter p is divided according to data block and divides documents into n data block { Bi}(1≤i
≤ n), the label for calculating data block obtains { tokeni, end user is by { tokeni}、{BiAnd hfIt uploads onto the server;
S4.3, server create a dynamic Bloom Filter, and token value is initialized PRF as seed and produced by server
Raw corresponding data block index, is inserted into Bloom Filter, the bit of mapping is all set to 1;Detect Bloom Filter
State whether be active or full, if full, then in DBF create a new SBF so that False Rate is controllable
Range.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810660485.5A CN109150537B (en) | 2018-06-25 | 2018-06-25 | File ownership proving method based on dynamic Bloom Filter |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810660485.5A CN109150537B (en) | 2018-06-25 | 2018-06-25 | File ownership proving method based on dynamic Bloom Filter |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109150537A true CN109150537A (en) | 2019-01-04 |
CN109150537B CN109150537B (en) | 2021-08-17 |
Family
ID=64802284
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810660485.5A Active CN109150537B (en) | 2018-06-25 | 2018-06-25 | File ownership proving method based on dynamic Bloom Filter |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109150537B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114760061A (en) * | 2020-12-29 | 2022-07-15 | 深信服科技股份有限公司 | Data uploading method, device, equipment and storage medium |
US11741258B2 (en) | 2021-04-16 | 2023-08-29 | International Business Machines Corporation | Dynamic data dissemination under declarative data subject constraints |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102810107A (en) * | 2011-06-01 | 2012-12-05 | 英业达股份有限公司 | Processing method for repeating data |
CN103838850A (en) * | 2014-03-11 | 2014-06-04 | 湖州师范学院 | Hashing data representing and querying method based on dynamic counting type Bloom filter |
CN105320654A (en) * | 2014-05-28 | 2016-02-10 | 中国科学院深圳先进技术研究院 | Dynamic bloom filter and element operating method based on same |
CN105897921A (en) * | 2016-05-27 | 2016-08-24 | 重庆大学 | Data block routing method combining fingerprint sampling and reducing data fragments |
CN105938480A (en) * | 2016-04-07 | 2016-09-14 | 重庆大学 | RFID redundant data cleansing method and system based on DTBF |
CN106612320A (en) * | 2016-06-14 | 2017-05-03 | 四川用联信息技术有限公司 | Encrypted data dereplication method for cloud storage |
-
2018
- 2018-06-25 CN CN201810660485.5A patent/CN109150537B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102810107A (en) * | 2011-06-01 | 2012-12-05 | 英业达股份有限公司 | Processing method for repeating data |
CN103838850A (en) * | 2014-03-11 | 2014-06-04 | 湖州师范学院 | Hashing data representing and querying method based on dynamic counting type Bloom filter |
CN105320654A (en) * | 2014-05-28 | 2016-02-10 | 中国科学院深圳先进技术研究院 | Dynamic bloom filter and element operating method based on same |
CN105938480A (en) * | 2016-04-07 | 2016-09-14 | 重庆大学 | RFID redundant data cleansing method and system based on DTBF |
CN105897921A (en) * | 2016-05-27 | 2016-08-24 | 重庆大学 | Data block routing method combining fingerprint sampling and reducing data fragments |
CN106612320A (en) * | 2016-06-14 | 2017-05-03 | 四川用联信息技术有限公司 | Encrypted data dereplication method for cloud storage |
Non-Patent Citations (3)
Title |
---|
D.GUO,J.WU: "The Dynamic Bloom Filter", 《IEEE》 * |
严华云,关佶红: "Bloom Filter研究进展", 《电信科学》 * |
赵艳红,李洪奇: "基于Bloom Filter的去重方法研究", 《计算技术与自动化》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114760061A (en) * | 2020-12-29 | 2022-07-15 | 深信服科技股份有限公司 | Data uploading method, device, equipment and storage medium |
CN114760061B (en) * | 2020-12-29 | 2023-09-05 | 深信服科技股份有限公司 | Method, device, equipment and storage medium for uploading data |
US11741258B2 (en) | 2021-04-16 | 2023-08-29 | International Business Machines Corporation | Dynamic data dissemination under declarative data subject constraints |
Also Published As
Publication number | Publication date |
---|---|
CN109150537B (en) | 2021-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Wang et al. | A three-layer privacy preserving cloud storage scheme based on computational intelligence in fog computing | |
CN106127075B (en) | Encryption method can search for based on secret protection under a kind of cloud storage environment | |
CN105868305B (en) | A kind of cloud storage data deduplication method for supporting fuzzy matching | |
CN106101257B (en) | A kind of cloud storage data managing method and device based on Bloom filter | |
Storer et al. | Secure data deduplication | |
CN103944988A (en) | Repeating data deleting system and method applicable to cloud storage | |
CN102045356B (en) | Cloud-storage-oriented trusted storage verification method and system | |
CN104468615A (en) | Data sharing based file access and permission change control method | |
CN108156140A (en) | A kind of multiple key that numerical attribute is supported to compare can search for encryption method | |
CN104780161A (en) | Searchable encryption method supporting multiple users in cloud storage | |
CN113221155B (en) | Multi-level and multi-level encrypted cloud storage system | |
Zhang et al. | F-TPE: Flexible thumbnail-preserving encryption based on multi-pixel sum-preserving encryption | |
CN108123934A (en) | A kind of data integrity verifying method towards mobile terminal | |
CN106603561A (en) | Block level encryption method in cloud storage and multi-granularity deduplication method | |
CN109150537A (en) | A kind of File Ownership method of proof based on dynamic Bloom Filter | |
CN110968452A (en) | Data integrity verification method capable of safely removing duplicate in cloud storage of smart power grid | |
CN114244498A (en) | Dynamic searchable public key encryption method with forward security | |
Chen et al. | Image Deduplication Based on Hashing and Clustering in Cloud Storage. | |
CN111368317A (en) | Computer data encryption system and method | |
CN112417509B (en) | Data security de-duplication method based on self-encoder | |
CN114401116B (en) | Trusted data transmission method based on HK-Means and security detection | |
CN111859425B (en) | Wildcard searchable encryption method based on attributes | |
Baliga et al. | A Web Based Covert File System. | |
Sun et al. | Research of data security model in cloud computing platform for SMEs | |
CN108600159A (en) | A kind of industrial control system Information Security Defending System |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |