CN110022309B - Safe and efficient data sharing method in mobile cloud computing system - Google Patents

Safe and efficient data sharing method in mobile cloud computing system Download PDF

Info

Publication number
CN110022309B
CN110022309B CN201910186772.1A CN201910186772A CN110022309B CN 110022309 B CN110022309 B CN 110022309B CN 201910186772 A CN201910186772 A CN 201910186772A CN 110022309 B CN110022309 B CN 110022309B
Authority
CN
China
Prior art keywords
cloud
user
shared information
server
operation server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910186772.1A
Other languages
Chinese (zh)
Other versions
CN110022309A (en
Inventor
鲁秀青
潘振宽
程相国
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Center Information Technology Ltd By Share Ltd
Original Assignee
Qingdao University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao University filed Critical Qingdao University
Priority to CN201910186772.1A priority Critical patent/CN110022309B/en
Publication of CN110022309A publication Critical patent/CN110022309A/en
Application granted granted Critical
Publication of CN110022309B publication Critical patent/CN110022309B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The invention provides a safe and efficient data sharing method in a mobile cloud computing system, which comprises the following steps that firstly, the system is initialized, and a trust center generates public parameters, a master key and other entity keys; encrypting the shared information, wherein the data owner and the cloud operation server jointly encrypt the shared information; thirdly, generating a user key, and generating the key for the user by the trust center; fourthly, verifying the integrity of the shared information, and calculating the integrity of the shared information by the cloud operation server; and fifthly, decrypting the shared information, and if the shared information is complete, downloading the ciphertext from the cloud storage server and decrypting. The method can improve the operation efficiency and the communication efficiency of the mobile cloud computing data sharing system, and meanwhile, the safety and the privacy in the data sharing process are guaranteed.

Description

Safe and efficient data sharing method in mobile cloud computing system
Technical Field
The invention belongs to the technical field of cloud storage security, and relates to a safe and efficient data sharing method in a mobile cloud computing system.
Background
The popularization of wireless technology and the Internet of things enables data sharing in a mobile cloud computing system to be rapidly developed, mobile devices such as sensors and mobile phones can be used as nodes for collecting and lightweight processing of shared information, and storage and intensive operation of the shared information are achieved through a cloud server. For example, in a mobile cloud electronic medical computing system, a patient can upload personal electronic medical information to a cloud for sharing through a wireless mobile sensing device and an intelligent terminal, so that medical experts and the like can diagnose diseases or researchers can carry out deeper mining, and therefore distribution and prevention of the diseases are researched. The information is uploaded to the cloud for sharing, so that the local storage space is saved, the data operation efficiency is improved, and the investment of individuals and enterprises on software purchase and hardware maintenance is greatly reduced. However, the data is stored in the cloud, so that the user loses direct control over the data, and the privacy and data security of the user cannot be completely guaranteed. Therefore, it is important to design and implement a data sharing method of a secure cloud computing system.
In the existing data sharing method, a large amount of encryption and decryption operations need to be performed at the data owner side. However, in the mobile cloud computing system, resources such as storage and computing power of the mobile device are very limited, and intensive encryption and decryption operations are a heavy burden for the mobile device. Therefore, the problem that the lightweight operation of the mobile terminal can be realized while the security of sharing big data is ensured is urgently needed to be solved. The invention realizes a method for safely and efficiently sharing big data in a mobile cloud computing system, which not only can ensure the fine-grained access control based on attributes and the integrity of shared data, but also ensures the lightweight operation of a mobile terminal, and improves the operation efficiency and the communication efficiency of the whole system.
Disclosure of Invention
In order to realize lightweight operation of a mobile terminal, improve the operation efficiency and communication efficiency of a mobile cloud computing data sharing system and guarantee the safety and privacy in the data sharing process, the invention provides a safe and efficient data sharing system and method suitable for the mobile cloud computing system.
The invention provides a safe and efficient data sharing method in a mobile cloud computing system, which comprises the following steps:
firstly, initializing a system, and generating public parameters, a master key and other entity keys by a trust center;
encrypting the shared information, wherein the data owner and the cloud operation server jointly encrypt the shared information;
thirdly, generating a user key, and generating the key for the user by the trust center;
fourthly, verifying the integrity of the shared information, and calculating the integrity of the shared information by the cloud operation server;
and fifthly, decrypting the shared information, and if the cloud operation server verifies that the shared information is complete, downloading the ciphertext from the cloud storage server and decrypting the ciphertext by the user.
The first step is to output the public parameter, the master key and the private keys of the data owner, the cloud storage server and the cloud computing server by using the security parameter and the attribute space as input through the trust center.
The second step is further specifically that in order to reduce communication and calculation burden of the mobile terminal, the data owner only performs lightweight operation, including encrypting plaintext of shared data and defining an access control structure, and operations such as ciphertext blocking and calculating a block tag by using algebraic signatures are realized by the cloud operation server.
The third step is further specifically that each user accessing the shared information can send a key generation request to the trust center, and the trust center generates a corresponding user identifier, a public key and a decryption key for the user according to the attribute of the user and the master key.
The fourth stepping step is specifically that the user sends an integrity verification request to the cloud operation server, the cloud operation server verifies whether the identity of the user is legal or not after receiving the verification request, if the identity is illegal, the reverse sign T is returned, otherwise, the cloud operation server randomly selects c data blocks and corresponding random numbers and sends an integrity challenge to the cloud storage server. And after receiving the challenge, the cloud storage server calculates the data certificate and the tag certificate and sends the certificate to the cloud operation server. And finally, the cloud operation server verifies the integrity of the shared information according to the certificate and the locally stored information, and returns a verification result to the user, wherein the step is completed by the interaction of the cloud operation server and the cloud storage server.
Advantageous technical effects
The invention realizes the lightweight operation of the mobile terminal, can improve the operation efficiency and the communication efficiency of the mobile cloud computing data sharing system, and simultaneously ensures the safety and the privacy in the data sharing process.
Drawings
FIG. 1 is a diagram of a system model of the present invention;
FIG. 2 is a flow chart of the data sharing system of the present invention.
Detailed Description
The invention provides a safe and efficient data sharing method in a mobile cloud computing system, which comprises the following steps:
firstly, initializing a system, and outputting public parameters, a master key and private keys of a data owner, a cloud storage server and a cloud operation server by taking security parameters and an attribute space as input through a trust center;
secondly, encryption of shared information is realized by a data owner and a cloud operation server together, in order to reduce communication and calculation burden of a mobile terminal, the data owner only carries out light-weight operation, including encryption on plaintext of shared data and definition of an access control structure, and operations of dividing ciphertext into blocks, calculating block tags by utilizing algebraic signatures and the like are realized by the cloud operation server;
thirdly, generating a user key, wherein each user accessing the shared information can send a key generation request to a trust center, and the trust center can generate a corresponding user identifier, a public key and a decryption key for the user according to the attribute of the user and the master key;
and fourthly, verifying the integrity of the shared information, wherein the step is completed by the interaction of the cloud operation server and the cloud storage server, the user sends an integrity verification request to the cloud operation server, the cloud operation server verifies whether the identity of the user is legal or not after receiving the verification request, if the identity is illegal, the returned value is inverted T, and otherwise, the cloud operation server randomly selects c data blocks and corresponding random numbers and sends an integrity challenge to the cloud storage server. And after receiving the challenge, the cloud storage server calculates the data certificate and the tag certificate and sends the certificate to the cloud operation server. Finally, the cloud operation server verifies the integrity of the shared information according to the certificate and the locally stored information, and returns a verification result to the user;
and fifthly, decrypting the shared information, and if the cloud operation server verifies that the shared information is complete, downloading the ciphertext from the cloud storage server and decrypting the ciphertext by the user.
The trust center is used by a trusted third party and is responsible for generating a master key and public parameters for the system through the security parameters and simultaneously responsible for generating, updating and revoking keys of other entities.
The data owner is responsible for generating and collecting shared information, particularly has intelligent terminals such as sensor equipment, a wireless network, a mobile phone and a pad, and is responsible for defining an access structure and performing lightweight operation on the shared information.
And only the user registered in the trust center can entrust the cloud operation server to carry out integrity verification on the shared information, and the shared information is downloaded from the cloud storage server and is decrypted for use.
The cloud storage server is responsible for providing a safe and reliable large-capacity storage environment for storing the shared data and the integrity verification tag.
The cloud operation server is mainly responsible for carrying out complex operations in the system, and the complex operations comprise grouping ciphertexts obtained after data owner encryption and calculating blocks by utilizing algebraic signatures.
The first step is further specifically to take the security parameter para and the attribute space U as input, and output the public parameter PK, the master key MK, and the private key k of the data owner, the cloud storage server and the cloud computing server1、k2And k3
The trust center completes the following steps:
step 1-a, selecting a cyclic group G with the same prime order q1And G2And G is G1A generator of (2); selecting random number alpha, beta belongs to Zq,f1,f2,...,fU∈G1And calculating σ ═ gβAnd θ ═ e (g, g)α(ii) a Selecting a secure cryptographic hash function h:
Figure BDA0001992837180000041
and bilinear map e: g1×G1→G2Defining a keyed xor homomorphic function d:
Figure BDA0001992837180000042
and algebraic signature sigγWherein γ is a primitive in the Galois field; random selection
Figure BDA0001992837180000048
Respectively as the data owner, the cloud computing server and the cloud storage server
Figure BDA0001992837180000044
In step 1-b, the trust center sets the public parameter PK to (e, g, theta, sigma, f)1,f2,...,fUH, d), with MK ═ α, β as the master key, and k as the master key1Secure transfer to data owner, k2K is transmitted to a cloud computing server, k3And transmitting the data to a cloud storage server.
The second step comprises the following specific steps:
in step 2-a, in order to enable a user with access right to access shared data, a data owner encrypts shared information through PK and an access structure a, and the owner first defines an access control structure a as (M, ρ), where M is a matrix of l rows and n columns, ρ: [1, l]→[1,U]To map rows of the matrix M to functions of attributes, s ∈ Z is then randomly selectedqAnd column vector
Figure BDA0001992837180000045
And calculate
Figure BDA0001992837180000046
If the shared information is F, the length is r1Data owner calculation ciphertext C ═ F · θs,C′=gsFinally, C and C' are transmitted to the cloud storage server, and info is equal to (C, A, lambda)i) Transmitting to a cloud computing server;
step 2-b, the cloud computing server randomly selects ri∈Zq,i∈[1,l]And calculate
Figure BDA0001992837180000047
Figure BDA0001992837180000058
Step 2-C, in order to verify the integrity of the shared information, the cloud operation server needs to divide the ciphertext C of the shared information into blocks and calculate a block tag through algebraic signature, firstly, the cloud operation server divides the ciphertext C into N data blocks mi∈ZqAnd randomly selecting Ri,i∈[1,N]Calculate bi=h(i),
Figure BDA0001992837180000051
And
Figure BDA0001992837180000052
wherein i is a block number, and then the cloud operation server sends tiSending to the data owner, the data owner calculates
Figure BDA0001992837180000059
And v'iReturning to the cloud operation server, and finally calculating a block tag T by the cloud operation serveri=sigγ(vi||bi);
Step 2-d, the cloud computing server sends pf1=(mi,Ti,i∈[1,N]) And pf2=(Ci,Di,i∈[1,l]) Sending to a cloud storage server。
The third step is further specifically that each user accessing the shared information can send a key generation request to the trust centerKeyGen(S). The trust center generates a corresponding key SK for the user according to the attribute S of the user and the master key MK. The specific implementation process is as follows:
the user set is U, and when the user U with the attribute of S belongs to U, the user U belongs to U and sends a key generation request to the trust centerKeyGen(S) the trust center is randomly selected
Figure BDA0001992837180000053
As the user's identity, and calculates Upk ═ gUidAs the public key of the corresponding user, and simultaneously, the trust center randomly selects t e to ZqCalculate the secret key of user u
Figure BDA00019928371800000510
And will (Uid, SK, g)tUt · t) is sent to the user in secret.
And fourthly, the user requests the cloud operation server to carry out integrity verification on the shared information before downloading the shared information. The integrity verification steps are as follows:
step 4-a, the user sends an integrity verification request to the cloud computing serverInteVer(Upk,S,gt,Ut);
Step 4-b, the cloud computing server passes the formula e (Upk, g)t)=e(g,g)UtVerifying whether the identity of the user is legitimate. If the identity is legal, the cloud operation server randomly selects c data blocks and corresponding random numbers
Figure BDA0001992837180000054
And sends an integrity challenge ch ═ i, l to the cloud storage serveri),i∈[1,c];
Step 4-c, after the cloud storage server receives the challenge ch, calculating data certification
Figure BDA0001992837180000055
And label certification
Figure BDA0001992837180000056
And converting proof to (mu)iEta) to a cloud operation server;
step 4-d, after receiving proof, cloud computing server computing
Figure BDA0001992837180000057
Figure BDA0001992837180000061
And verifies the equation
Figure BDA0001992837180000062
Whether or not this is true. If the equation is true, the shared information F is complete, otherwise returns ^ T.
And fifthly, decrypting the shared information, and if the private information is complete, downloading the ciphertext from the cloud storage server and decrypting by the user, specifically:
step 5-a, defining
Figure BDA0001992837180000063
S is the attribute of the user. Let { omegai∈ZqIs constant for I ∈ I, if the effective fraction λ of siIf present, then the equation ∑i∈IωiλiIf s is true, the cloud operation server firstly verifies the equation sigmai∈IωiMiIf the equation is not true, returning to the unit of T, and if not, entering the next step to decrypt the ciphertext;
step 5-b, user calculation
Figure BDA0001992837180000068
And calculating F ═ C/CK' to obtain a plaintext corresponding to the shared information.
Embodiments of the present invention will be described in detail below with reference to examples and drawings, by which how to apply technical means to solve technical problems and achieve a technical effect can be fully understood and implemented.
As shown in fig. 1 and 2, the specific steps of the present invention are implemented as follows:
the first step, system initialization, is run by the trust center. The security parameter para and the attribute space U are used as input to output a public parameter PK, a master key MK, a data owner, a cloud storage server and a private key k of a cloud operation server1、k2And k3
(1) The trust center performs the following operations: selecting cyclic groups G having the same prime order q1And G2And G is G1A generator of (2); selecting random number alpha, beta belongs to Zq,f1,f2,...,fU∈G1And calculating σ ═ gβAnd θ ═ e (g, g)α(ii) a Selecting a secure cryptographic hash function h:
Figure BDA0001992837180000064
and bilinear map e: g1×G1→G2Defining a keyed xor homomorphic function d:
Figure BDA0001992837180000065
and algebraic signature sigγWherein γ is a primitive in the Galois field; random selection
Figure BDA0001992837180000066
Respectively as the data owner, the cloud computing server and the cloud storage server
Figure BDA0001992837180000067
(2) The trust center sets the public parameter PK to (e, g, theta, sigma, f)1,f2,...,fUH, d), with MK ═ α, β as the master key, and k as the master key1Secure transfer to data owner, k2K is transmitted to a cloud computing server, k3And transmitting the data to a cloud storage server.
And secondly, encryption of shared information, wherein in order to reduce communication burden and calculation burden of a mobile terminal, a data owner only performs light-weight operation. The operations of partitioning the ciphertext into blocks, calculating block tags according to algebraic signatures and the like are realized by the cloud operation server.
(1) In order to enable a user with access rights to access shared data, a data owner encrypts shared information through PK and an access structure a, the owner first defines an access control structure a ═ M, ρ, where M is a matrix of l rows and n columns, ρ: [1, l]→[1,U]To map rows of the matrix M to functions of attributes, s ∈ Z is then randomly selectedqAnd column vector
Figure BDA0001992837180000071
And calculate
Figure BDA0001992837180000072
If the shared information is F, the length is r1Data owner calculation ciphertext C ═ F · θs,C′=gsFinally, C and C' are transmitted to the cloud storage server, and info is equal to (C, A, lambda)i) And transmitting the data to a cloud computing server.
(2) Random selection r of cloud operation serveri∈Zq,i∈[1,l]And calculate
Figure BDA0001992837180000073
(3) In order to verify the integrity of the shared information, the cloud computing server needs to divide the ciphertext C of the shared information into blocks and calculate a block tag through algebraic signatures, and firstly, the cloud computing server divides the ciphertext C into N data blocks mi∈ZqAnd randomly selecting Ri,i∈[1,N]Calculate bi=h(i),
Figure BDA0001992837180000074
And
Figure BDA0001992837180000075
wherein i is a block number, and then the cloud operation server sends tiSending to the data owner, the data owner calculates
Figure BDA0001992837180000078
And v'iReturning to the cloud operation server, and finally calculating a block tag T by the cloud operation serveri=sigγ(vi||bi)。
(4) The cloud operation server sends pf1=(mi,Ti,i∈[1,N]) And pf2=(Ci,Di,i∈[1,l]) And sending the data to a cloud storage server.
Thirdly, each user accessing the shared information can send a key generation request to the trust centerKeyGen(S). The trust center generates a corresponding key SK for the user according to the attribute S of the user and the master key MK. The specific implementation process is as follows:
the user set is U, and when the user U with the attribute of S belongs to U, the user U belongs to U and sends a key generation request to the trust centerKeyGen(S) the trust center is randomly selected
Figure BDA0001992837180000076
As the user's identity, and calculates Upk ═ gUidAs the public key of the corresponding user, and simultaneously, the trust center randomly selects t e to ZqCalculate the secret key of user u
Figure BDA0001992837180000077
And will (Uid, SK, g)tUt · t) is sent to the user in secret.
And fourthly, the user requests the cloud operation server to carry out integrity verification on the shared information before downloading the shared information. The integrity verification steps are as follows:
(1) user sends integrity verification request to cloud operation serverInteVer(Upk,S,gt,Ut);
(2) The cloud operation server passes the formula e (Upk, g)t)=e(g,g)UtVerifying whether the identity of the user is legitimate. If the identity is legal, the cloud operation server randomly selects c data blocks and corresponding random numbers
Figure BDA0001992837180000081
And sends the data to a cloud storage serverSend integrity challenge ch ═ i, li),i∈[1,c];
(3) After the cloud storage server receives the challenge ch, the data certification is calculated
Figure BDA0001992837180000082
And label certification
Figure BDA0001992837180000083
And converting proof to (mu)iEta) to a cloud operation server;
(4) after receiving proof of, cloud computing server calculates
Figure BDA0001992837180000084
And verifies the equation
Figure BDA0001992837180000085
Whether or not this is true. If the equation is true, it indicates that the shared information F is complete, otherwise it returns.
And fifthly, decrypting the shared information, and if the private information is complete, downloading the ciphertext from the cloud storage server and decrypting by the user, specifically:
(1) definition of
Figure BDA0001992837180000086
S is the attribute of the user. Let { omegai∈ZqIs constant for I ∈ I, if the effective fraction λ of siIf present, then the equation ∑i∈IωiλiIf s is true, the cloud operation server firstly verifies the equation sigmai∈IωiMiIf the equation is not true, returning to the unit of T, and if not, entering the next step to decrypt the ciphertext;
(2) user computing
Figure BDA0001992837180000087
And calculating F ═ C/CK' to obtain a plaintext corresponding to the shared information.
All of the above mentioned intellectual property rights are not intended to be restrictive to other forms of implementing the new and/or new products. Those skilled in the art will take advantage of this important information, and the foregoing will be modified to achieve similar performance. However, all modifications or alterations are based on the new products of the invention and belong to the reserved rights.
The foregoing is directed to preferred embodiments of the present invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof, and the scope thereof is determined by the claims that follow. However, any simple modification, equivalent change and modification of the above embodiments according to the technical essence of the present invention are within the protection scope of the technical solution of the present invention.

Claims (1)

1. A safe and efficient data sharing method in a mobile cloud computing system is characterized by comprising the following steps:
firstly, initializing a system, generating a public parameter, a master key and other entity keys by a trust center, specifically, taking a security parameter para and an attribute space U as input, and outputting the public parameter PK, the master key MK, a private key k of a data owner, a cloud storage server and a private key k of a cloud operation server1、k2And k3
The trust center completes the following steps:
step 1-a, selecting a cyclic group G with the same prime order q1And G2And G is G1A generator of (2); selecting random number alpha, beta belongs to Zq,f1,f2,...,fU∈G1And calculating σ ═ gβAnd θ ═ e (g, g)α(ii) a Selecting secure cryptographic hash functions
Figure FDA0003072430710000011
And bilinear mapping e G1×G1→G2Defining a keyed XOR homomorphic function
Figure FDA0003072430710000012
And algebraic signature sigγWherein γ is a primitive in the Galois field; random selection
Figure FDA0003072430710000013
Respectively as the data owner, the cloud computing server and the cloud storage server
Figure FDA0003072430710000014
In step 1-b, the trust center sets the public parameter PK to (e, g, theta, sigma, f)1,f2,...,fUH, d), with MK ═ α, β as the master key, and k as the master key1Secure transfer to data owner, k2K is transmitted to a cloud computing server, k3Transmitting to a cloud storage server;
the second step, the encryption of the shared information, the data owner and the cloud operation server carry out the encryption processing to the shared information together, concretely,
step 2-a, in order to make the user with access authority access to shared data, the data owner encrypts the shared information by PK and access structure A, the owner first defines access control structure A as (M, rho), where M is matrix of l rows and n columns, rho: [1, l]→[1,U]To map rows of the matrix M to functions of attributes, s ∈ Z is then randomly selectedqAnd column vector
Figure FDA0003072430710000015
And calculate
Figure FDA0003072430710000016
If the shared information is F, the length is r1Data owner calculation ciphertext C ═ F · θs,C'=gsFinally, C and C' are transmitted to the cloud storage server, and info is equal to (C, A, lambda)i) Transmitting to a cloud computing server;
step 2-b, the cloud computing server randomly selects ri∈Zq,i∈[1,l]And calculate
Figure FDA0003072430710000017
Di=gri
Step 2-C, in order to verify the integrity of the shared information, the cloud operation server needs to divide the ciphertext C of the shared information into blocks and calculate a block tag through algebraic signature, firstly, the cloud operation server divides the ciphertext C into N data blocks mi∈ZqAnd randomly selecting Ri,i∈[1,N]Calculate bi=h(i),
Figure FDA0003072430710000018
And
Figure FDA0003072430710000021
wherein i is a block number, and then the cloud operation server sends tiSending to data owner, and calculating v 'by the data owner'i=dk1(ti) And v'iReturning to the cloud operation server, and finally calculating a block tag T by the cloud operation serveri=sigγ(vi‖bi);
Step 2-d, the cloud computing server sends pf1=(mi,Ti,i∈[1,N]) And pf2=(Ci,Di,i∈[1,l]) Sending the data to a cloud storage server;
and the third step, the generation of the user key, the trust center generates the key for the user, as follows,
the user set is U, and when the user U with the attribute of S belongs to U, the user U belongs to U and sends a key generation request to the trust centerKeyGen(S) the trust center is randomly selected
Figure FDA0003072430710000022
As the user's identity, and calculates Upk ═ gUidAs the public key of the corresponding user, and simultaneously, the trust center randomly selects t e to ZqCalculate the secret key of user u
Figure FDA0003072430710000023
And will (Uid, SK, g)tUt · t) is sent to the user in secret;
fourthly, verifying the integrity of the shared information, and calculating the integrity of the shared information by the cloud operation server, specifically
(1) User sends integrity verification request to cloud operation serverInteVer(Upk,S,gt,Ut);
(2) The cloud operation server passes the formula e (Upk, g)t)=e(g,g)UtVerifying whether the identity of the user is legal or not, and if the identity is legal, randomly selecting c data blocks and corresponding random numbers by the cloud operation server
Figure FDA0003072430710000024
And sends an integrity challenge ch ═ i, l to the cloud storage serveri),i∈[1,c];
(3) After the cloud storage server receives the challenge ch, the data certification is calculated
Figure FDA0003072430710000025
And label certification
Figure FDA0003072430710000026
And converting proof to (mu)iEta) to a cloud operation server;
(4) after receiving proof of, cloud computing server calculates
Figure FDA0003072430710000027
And verifies the equation
Figure FDA0003072430710000028
If the equation is true, the shared information F is complete, otherwise, returning to the position of T;
and fifthly, decrypting the shared information, and if the cloud operation server verifies that the shared information is complete, downloading the ciphertext from the cloud storage server and decrypting by the user, specifically:
step 5-a, defining
Figure FDA0003072430710000029
S is usedThe attribute of the house, let { omegai∈ZqIs constant for I ∈ I, if the effective fraction λ of siIf present, then the equation ∑i∈IωiλiIf s is true, the cloud operation server firstly verifies the equation sigmai∈IωiMiIf the equation is not true, returning to the unit of T, and if not, entering the next step to decrypt the ciphertext;
step 5-b, user calculation
Figure FDA0003072430710000031
And calculating F ═ C/CK' to obtain a plaintext corresponding to the shared information.
CN201910186772.1A 2019-03-12 2019-03-12 Safe and efficient data sharing method in mobile cloud computing system Active CN110022309B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910186772.1A CN110022309B (en) 2019-03-12 2019-03-12 Safe and efficient data sharing method in mobile cloud computing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910186772.1A CN110022309B (en) 2019-03-12 2019-03-12 Safe and efficient data sharing method in mobile cloud computing system

Publications (2)

Publication Number Publication Date
CN110022309A CN110022309A (en) 2019-07-16
CN110022309B true CN110022309B (en) 2022-03-15

Family

ID=67189536

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910186772.1A Active CN110022309B (en) 2019-03-12 2019-03-12 Safe and efficient data sharing method in mobile cloud computing system

Country Status (1)

Country Link
CN (1) CN110022309B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220321330A1 (en) * 2019-08-13 2022-10-06 Nokia Technologies Oy Data security for network slice management
CN111107094B (en) * 2019-12-25 2022-05-20 青岛大学 Lightweight ground-oriented medical Internet of things big data sharing system
CN111586036B (en) * 2020-05-06 2022-11-29 北京城建智控科技股份有限公司 Decentralized multi-cloud self-auditing method and system
CN112187798B (en) * 2020-09-28 2022-05-27 安徽大学 Bidirectional access control method and system applied to cloud-side data sharing
CN113312327A (en) * 2021-05-24 2021-08-27 何细妹 Cloud storage file sharing system suitable for mobile terminal
EP4332811A1 (en) * 2022-09-05 2024-03-06 Bull Sas Method, computer program and system for collecting confidential data from several data providers, for joint analysis of said data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104993937A (en) * 2015-07-07 2015-10-21 电子科技大学 Method for testing integrity of cloud storage data
CN105515778A (en) * 2015-12-25 2016-04-20 河南城建学院 Cloud storage data integrity service signature method
CN105787390A (en) * 2016-03-02 2016-07-20 深圳大学 Data integrity verification method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8468345B2 (en) * 2009-11-16 2013-06-18 Microsoft Corporation Containerless data for trustworthy computing and data services

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104993937A (en) * 2015-07-07 2015-10-21 电子科技大学 Method for testing integrity of cloud storage data
CN105515778A (en) * 2015-12-25 2016-04-20 河南城建学院 Cloud storage data integrity service signature method
CN105787390A (en) * 2016-03-02 2016-07-20 深圳大学 Data integrity verification method and system

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
Hui Tian等;第10卷;《IEEE TRANSACTIONS ON SERVICES COMPUTING》;20170930(第5期);701-714 *
Identity-Preserving Public Auditing for Shared;Kai He等;《2015 IEEE 23rd International Symposium on Quality of Service》;20150731;160-164 *
一种面向移动云存储的可验证访问控制方案;王谦等;《计算机工程》;20160713;第42卷(第5期);36-40 *
云存储中数据完整性验证技术研究;卢珂;《中国优秀硕士学位论文全文数据库(信息科技辑)》;20190215(第2期);7-43 *
改进的保护身份的云共享数据完整性公开审计方案;姜红等;《信息网络安全》;20181204(第10期);85-91 *
王谦等.一种面向移动云存储的可验证访问控制方案.《计算机工程》.2016,第42卷(第5期),35-41. *

Also Published As

Publication number Publication date
CN110022309A (en) 2019-07-16

Similar Documents

Publication Publication Date Title
CN110022309B (en) Safe and efficient data sharing method in mobile cloud computing system
CN108881314B (en) Privacy protection method and system based on CP-ABE ciphertext under fog computing environment
Cai et al. Towards secure and flexible EHR sharing in mobile health cloud under static assumptions
CN103618728B (en) A kind of encryption attribute method at more mechanism centers
Cui et al. SVkNN: Efficient secure and verifiable k-nearest neighbor query on the cloud platform
CN106487506B (en) Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption
CN111385306B (en) Anonymous authentication method and system based on anti-tampering device in smart power grid
Shen et al. Multi-security-level cloud storage system based on improved proxy re-encryption
CN104717297A (en) Safety cloud storage method and system
CN110266687B (en) Method for designing Internet of things security agent data sharing module by adopting block chain technology
CN110912897B (en) Book resource access control method based on ciphertext attribute authentication and threshold function
CN102624522A (en) Key encryption method based on file attribution
CN111431897B (en) Multi-attribute mechanism attribute-based encryption method with tracking function for cloud-assisted Internet of things
CN111275202A (en) Machine learning prediction method and system for data privacy protection
CN112383550B (en) Dynamic authority access control method based on privacy protection
CN110390203B (en) Strategy hidden attribute-based encryption method capable of verifying decryption authority
CN114036539A (en) Safety auditable Internet of things data sharing system and method based on block chain
CN112260829B (en) Multi-authorization-based CP-ABE method for supporting mobile equipment under hybrid cloud
CN113179270B (en) Mobile crowd sensing traceable and privacy protection-based data sharing method
CN106209774B (en) The cloud service outsourcing access right control method obscured based on undistinguishable
CN106850584B (en) A kind of anonymous authentication method of curstomer-oriented/server network
Sandhia et al. Secure sharing of data in cloud using MA-CPABE with elliptic curve cryptography
CN105656881A (en) Verifiable outsourcing storage and retrieval system and method for electronic medical record
CN114697042A (en) Block chain-based Internet of things security data sharing proxy re-encryption method
Zhang et al. FDO-ABE: a fully decentralized lightweight access control architecture for mobile edge computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 266071 Shandong city of Qingdao province Ningxia City Road No. 308

Applicant after: Qingdao University

Address before: 266071 Ningxia Road, Shandong, China, No. 308, No.

Applicant before: Qingdao University

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220920

Address after: 250014 No. 19, ASTRI Road, Lixia District, Shandong, Ji'nan

Patentee after: Shandong center information technology Limited by Share Ltd.

Address before: 266071 Shandong city of Qingdao province Ningxia City Road No. 308

Patentee before: QINGDAO University

TR01 Transfer of patent right