CN111291388A - Cloud platform privacy protection method based on cuckoo filter - Google Patents
Cloud platform privacy protection method based on cuckoo filter Download PDFInfo
- Publication number
- CN111291388A CN111291388A CN201911241847.8A CN201911241847A CN111291388A CN 111291388 A CN111291388 A CN 111291388A CN 201911241847 A CN201911241847 A CN 201911241847A CN 111291388 A CN111291388 A CN 111291388A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- storage
- layer
- cuckoo
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/004—Artificial life, i.e. computing arrangements simulating life
- G06N3/006—Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Biomedical Technology (AREA)
- Computing Systems (AREA)
- Molecular Biology (AREA)
- Evolutionary Computation (AREA)
- Mathematical Physics (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Databases & Information Systems (AREA)
- Biophysics (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention particularly relates to a cloud platform privacy protection method based on a cuckoo filter, which comprises a user side and a server side; the user side comprises a data storage module and a data access module; the data storage module comprises a virtual data generation module, a data encryption module and an encryption grouping module; the data access module comprises a data reading module, a data updating module, a data encryption module and a data re-encryption module; the server comprises a data access control module and a parallel module; the data access control module comprises a hash storage control module, a data layer reconstruction module and a member verification module. The hidden random access adopting the method can realize that an unauthorized user cannot know which target data element the user really needs to access.
Description
Technical Field
The invention relates to the field of computer information protection, in particular to a cloud platform privacy protection method based on a cuckoo filter.
Background
With the rapid development of computer and network information and the massive growth of data, more and more customers tend to outsource the data storage and maintenance work to professional data service providers, so that the data storage and maintenance work is relieved from the heavy pressure of basic storage management and maintenance, and the research and the development focusing on the core business of the customers are realized. Under the demand, research on cloud storage reveals the corners of the head and is rapidly developed. The cloud storage has the advantages of good convenience and expandability, obvious reduction of local storage and maintenance expenses, small economic cost and the like. However, the security of cloud storage is also called into question, and the security is becoming a crucial bottleneck for the development of cloud storage systems. The privacy protection is an extremely important aspect in cloud storage security, and in general, the purpose of privacy protection is realized by adopting a hidden user access mode. However, some methods have been used in the prior art to solve the security problem of how to hide the access mode of data, but some key problems exist, such as (1) because a cloud server needs to return all data each time a user accesses, the communication traffic between the user and the cloud server is huge; (2) in order to hide the access mode of the data, the cloud end needs to store the virtual data, which undoubtedly increases the space overhead and the average access time of the storage; (3) a plurality of users send access requests to the same data at the same time, and the cloud server can see two similar data access processes, so that the two users are identified to access the same data, and the privacy of the users is revealed.
Disclosure of Invention
1. The technical problem to be solved is as follows:
aiming at the technical problems, the invention provides a cloud platform privacy protection method based on a cuckoo filter, and provides a hidden random access cloud platform method.
2. The technical scheme is as follows:
a cloud platform privacy protection method based on a cuckoo filter is characterized by comprising the following steps: comprises a user side and a server side; the user side comprises a data storage module and a data access module; the data storage module comprises a virtual data generation module, a data encryption module and an encryption grouping module; the data access module comprises a data reading module, a data updating module, a data encryption module and a data re-encryption module; the server comprises a data access control module and a parallel module; the data access control module comprises a hash storage control module, a data layer reconstruction module and a member verification module.
The data storage module generates virtual data for protecting real data according to the real data and stores the virtual book and the real user data together; the data encryption module encrypts real data together with the virtual data by adopting a Paillier probability public key encryption method; the encryption grouping module groups the data encrypted by the user to realize the partition storage in the cloud server; the data access control module of the server side controls the storage of data elements by applying a back court type cuckoo hash algorithm in the hash storage control module; the data layer reconstruction module forcibly reorders and inserts the data elements by adopting a shuffling strategy, so that the position of the data elements is not unique, and the privacy is improved; the member verification module is applied to the partition bloom filter and ensures constant-level query of member verification.
The server side data layer reconstruction module partitions the storage area; the O-RAM structure is set to be a plurality of parallel O-RAM small structures; each O-RAM has the same small structure and the same number of stored data elements; each O-RAM small structure is a multi-layer hierarchical storage structure with gradually increased storage capacity; adding a small cache to the highest layer of each small O-RAM hierarchical data structure for storing a recently accessed data element set; the storage data structure of each layer adopts a hinding court type cuckoo filter structure.
Further, the user side adopts a member function method in the userClient class file to preprocess data stored by the user; the geneVirtualData method generates virtual data of the same size as the user's real data, and encrypts the set of real data and virtual data by the dataEncrypt method, and then packetizes the data with dataSplit in preparation for data to be placed into the cloud server.
Further, the server side represents the hash storage control module by a backsyardcuckoo class; in the backyardcutkoo class, three static member HashMap variables are respectively three data storage structures in a Cuckoo hash algorithm, the storage size of the class is initialized through a constructor of the class, and rabinbHash is used for outputting a hash result of data; the algorithm of post-garden cuckoo hashing is done by insert bucket and insert _ LowLevel, then classes provide a common way to look for delete inserts in the storage structure HashMap for instantiation calls.
Further, the member verification module employs a modified partition bloom filter; the partition bloom filter uses a binary number set to represent the existence state of data, a class initiates a hash function array, the binary number set is used for distributing the data to partitions containing mutually independent hash functions according to getSubIndex, element positions are added through an addElement function, or whether elements exist in a set is inquired through a checkElement method.
Further, in the O-RAM partition model on the server side, a houndstooth cuckoo hash structure corresponds to a bloom filter of a corresponding partition to control member access.
Further, when the number of times that the data layer i is accessed reaches 2i times, the server-side data layer reconstruction module reconstructs the data layer i and the data layer i + 1: and merging the data in the data layer i and the data layer i +1, and storing the merged data in the data layer i +1 again. In the reconstruction process, in order to protect the privacy of the user access mode, hidden shuffling is carried out on the merged data.
3. Has the advantages that:
(1) the hidden random access adopting the method can realize that an unauthorized user cannot know which target data element the user really needs to access.
(2) The hidden random access unauthorized user adopting the method can not know whether the target data elements accessed twice are the same or not.
(3) The hidden random access unauthorized user adopting the method can not distinguish read-write operation.
(4) The hidden random access unauthorized user adopting the method can not distinguish two different data access requests with equal length.
Drawings
FIG. 1 is an overall functional architecture diagram of the present invention;
fig. 2 is an architecture diagram of the present invention.
Detailed Description
The present invention will be described in detail with reference to the accompanying drawings.
As shown in fig. 1, a cloud platform privacy protection method based on a cuckoo filter is characterized in that: comprises a user side and a server side; the user side comprises a data storage module and a data access module; the data storage module comprises a virtual data generation module, a data encryption module and an encryption grouping module; the data access module comprises a data reading module, a data updating module, a data encryption module and a data re-encryption module; the server comprises a data access control module and a parallel module; the data access control module comprises a hash storage control module, a data layer reconstruction module and a member verification module.
The data storage module generates virtual data for protecting real data according to the real data and stores the virtual book and the real user data together; the data encryption module encrypts real data together with the virtual data by adopting a Paillier probability public key encryption method; the encryption grouping module groups the data encrypted by the user to realize the partition storage in the cloud server; the data access control module of the server side controls the storage of data elements by applying a back court type cuckoo hash algorithm in the hash storage control module; the data layer reconstruction module forcibly reorders and inserts the data elements by adopting a shuffling strategy, so that the position of the data elements is not unique, and the privacy is improved; the member verification module is applied to the partition bloom filter and ensures constant-level query of member verification.
The server side data layer reconstruction module partitions the storage area; the O-RAM structure is set to be a plurality of parallel O-RAM small structures; each O-RAM has the same small structure and the same number of stored data elements; each O-RAM small structure is a multi-layer hierarchical storage structure with gradually increased storage capacity; adding a small cache to the highest layer of each small O-RAM hierarchical data structure for storing a recently accessed data element set; the storage data structure of each layer adopts a hinding court type cuckoo filter structure.
Further, the user side adopts a member function method in the userClient class file to preprocess data stored by the user; the geneVirtualData method generates virtual data of the same size as the user's real data, and encrypts the set of real data and virtual data by the dataEncrypt method, and then packetizes the data with dataSplit in preparation for data to be placed into the cloud server.
Further, the server side represents the hash storage control module by a backsyardcuckoo class; in the backyardcutkoo class, three static member HashMap variables are respectively three data storage structures in a Cuckoo hash algorithm, the storage size of the class is initialized through a constructor of the class, and rabinbHash is used for outputting a hash result of data; the algorithm of post-garden cuckoo hashing is done by insert bucket and insert _ LowLevel, then classes provide a common way to look for delete inserts in the storage structure HashMap for instantiation calls.
Further, the member verification module employs a modified partition bloom filter; the partition bloom filter uses a binary number set to represent the existence state of data, a class initiates a hash function array, the binary number set is used for distributing the data to partitions containing mutually independent hash functions according to getSubIndex, element positions are added through an addElement function, or whether elements exist in a set is inquired through a checkElement method.
Further, in the O-RAM partition model on the server side, a houndstooth cuckoo hash structure corresponds to a bloom filter of a corresponding partition to control member access.
Further, when the number of times that the data layer i is accessed reaches 2i times, the server-side data layer reconstruction module reconstructs the data layer i and the data layer i + 1: and merging the data in the data layer i and the data layer i +1, and storing the merged data in the data layer i +1 again. In the reconstruction process, in order to protect the privacy of the user access mode, hidden shuffling is carried out on the merged data.
As shown in fig. 2; in the method, data access is carried out by taking equal-length data elements as units, and the number of the data elements is assumed to be n, namely the storage size of the O-RAM is n. Before storing the data, the user first performs local pre-processing on the data elements, including data encryption and grouping. The encryption method of the method adopts Paillier probability public key encryption, and different groups are stored in different O-RAM structures. And then, uploading the data to a cloud storage server side, and storing the data in a specific data structure.
The data storage area adopts the partition idea, namely, a single O-RAM structure is improved into a plurality of parallel O-RAM structures. The original O-RAM structure with larger storage capacity is divided into a plurality of O-RAM structures with small storage capacity. Each small O-RAM structure stores an equal amount of data elements and is identical in structure. In particular, in the hidden random access scheme herein, the data storage area is divided intoO-RAM structures, each O-RAM structure storing data of the number The grouping method is to map by using a Hash function h', wherein n is the number of data.
The structure of each partition is a multi-layer hierarchical storage structure with gradually increased storage capacity. And adding a small cache at the highest layer of each small O-RAM hierarchical data structure for storing the recently accessed data element set. And adopting a Backyard Cuckoo Hash (Backyard Cuckoo Hash) as a storage data structure of each layer. The bucket Hash table and Cuckoo Hash table of the ith layer in the Backyard Cuckoo Hash structure are both 2i+1Storage 2 ofiA real data element and 2iA virtual data element. When inserting the element x, first calculate p ═ h0(x) Determining the position of x in a Bucket (Bucket) in the barrel hash table, and if the number of elements stored in the Bucket (Bucket) at the position is less than d, directly storing the elements into the Bucket, wherein the position of x in the Bucket is determined by the position of x in the Bucket hash table, and the number of the elements stored in the Bucket (Bucket) at the position of x is directly stored into the Bucket, and the position ofOtherwise, storing the data into the hash table of the cuckoo at the lower layer.
Each layer of post-court cuckoo hash is associated with an encrypted partition bloom filter structure, and the partition bloom filter is realized by using the partition hash and is used for performing member verification, namely, member verification is performed firstly every time the data layer is accessed, and whether the data needs to be searched is judged. If the data is not stored at this level, the dummy data is accessed. By adopting the member verification technology, the leakage of the access mode information caused by the empty data query can be effectively prevented, and the security of the access mode is well ensured.
When the number of times of accessing the data layer i reaches 2iAfter that time, data layer i and data layer i +1 are to be reconstructed: and merging the data in the data layer i and the data layer i +1, and storing the merged data in the data layer i +1 again. In the reconstruction process, in order to protect the privacy of the user access mode, hidden shuffling is carried out on the merged data. The time overhead of a hidden shuffle is a major contributor to the time overhead in the overall scheme. It is very necessary to select an efficient shuffling method. The shuffling method is to achieve hiding firstly, and cannot display the sequential relation between the sequencing input and the output, namely, to ensure that any input x can be mapped to any output y. Which should reduce its time overhead as much as possible. In the scheme herein, a buffer shuffling strategy is employed. The buffer shuffling strategy well supports the hidden random access scheme herein and improves access efficiency.
Although the present invention has been described with reference to the preferred embodiments, it should be understood that various changes and modifications can be made therein by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (6)
1. A cloud platform privacy protection method based on a cuckoo filter is characterized by comprising the following steps: comprises a user side and a server side; the user side comprises a data storage module and a data access module; the data storage module comprises a virtual data generation module, a data encryption module and an encryption grouping module; the data access module comprises a data reading module, a data updating module, a data encryption module and a data re-encryption module; the server comprises a data access control module and a parallel module; the data access control module comprises a hash storage control module, a data layer reconstruction module and a member verification module;
the data storage module generates virtual data for protecting real data according to the real data and stores the virtual book and the real user data together; the data encryption module encrypts real data together with the virtual data by adopting a Paillier probability public key encryption method; the encryption grouping module groups the data encrypted by the user to realize the partition storage in the cloud server;
the data access control module of the server side controls the storage of data elements by applying a back court type cuckoo hash algorithm in the hash storage control module; the data layer reconstruction module forcibly reorders and inserts the data elements by adopting a shuffling strategy, so that the position of the data elements is not unique, and the privacy is improved; the member verification module is applied to the partition bloom filter and ensures constant-level query of member verification;
the server side data layer reconstruction module partitions the storage area; namely, the O-RAM structure is set into a plurality of parallel O-RAM small structures; each O-RAM has the same small structure and the same number of stored data elements; each O-RAM small structure is a multi-layer hierarchical storage structure with gradually increased storage capacity; adding a small cache to the highest layer of each small O-RAM hierarchical data structure for storing a recently accessed data element set; the storage data structure of each layer adopts a hinding court type cuckoo filter structure.
2. The cuckoo filter-based cloud platform privacy protection method of claim 1, wherein: the user side adopts a membership function method in a userClient file to preprocess data stored by a user; the geneVirtualData method generates virtual data of the same size as the user's real data, and encrypts the set of real data and virtual data by the dataEncrypt method, and then packetizes the data with dataSplit in preparation for data to be placed into the cloud server.
3. The cuckoo filter-based cloud platform privacy protection method of claim 1, wherein: the server side represents a Hash storage control module by a backsyardcackoo-like model; in the backyardcutkoo class, three static member HashMap variables are respectively three data storage structures in a Cuckoo hash algorithm, the storage size of the class is initialized through a constructor of the class, and rabinbHash is used for outputting a hash result of data; the algorithm of post-garden cuckoo hashing is done by insert bucket and insert _ LowLevel, then classes provide a common way to look for delete inserts in the storage structure HashMap for instantiation calls.
4. The cuckoo filter-based cloud platform privacy protection method of claim 1, wherein: the member verification module adopts an improved partition bloom filter; the partition bloom filter uses a binary number set to represent the existence state of data, a class initiates a hash function array, the binary number set is used for distributing the data to partitions containing mutually independent hash functions according to getSubIndex, element positions are added through an addElement function, or whether elements exist in a set is inquired through a checkElement method.
5. The cuckoo filter-based cloud platform privacy protection method of claim 1, wherein: in the O-RAM partition model of the server side, a houndstooth cuckoo hash structure corresponds to a bloom filter of a corresponding partition to control member access.
6. The cuckoo filter-based cloud platform privacy protection method of claim 1, wherein: when the number of times of accessing the data layer i reaches 2i times, the server-side data layer reconstruction module reconstructs the data layer i and the data layer i + 1: merging the data in the data layer i and the data layer i +1, and storing the merged data in the data layer i +1 again; in the reconstruction process, the merged data is subjected to hidden shuffling, so that the privacy of a user access mode is protected.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911241847.8A CN111291388A (en) | 2019-12-06 | 2019-12-06 | Cloud platform privacy protection method based on cuckoo filter |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911241847.8A CN111291388A (en) | 2019-12-06 | 2019-12-06 | Cloud platform privacy protection method based on cuckoo filter |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111291388A true CN111291388A (en) | 2020-06-16 |
Family
ID=71022993
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911241847.8A Withdrawn CN111291388A (en) | 2019-12-06 | 2019-12-06 | Cloud platform privacy protection method based on cuckoo filter |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111291388A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114844638A (en) * | 2022-07-03 | 2022-08-02 | 浙江九州量子信息技术股份有限公司 | Big data volume secret key duplication removing method and system based on cuckoo filter |
-
2019
- 2019-12-06 CN CN201911241847.8A patent/CN111291388A/en not_active Withdrawn
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114844638A (en) * | 2022-07-03 | 2022-08-02 | 浙江九州量子信息技术股份有限公司 | Big data volume secret key duplication removing method and system based on cuckoo filter |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Goodrich et al. | Oblivious RAM simulation with efficient worst-case access overhead | |
Goodrich et al. | Practical oblivious storage | |
US8219544B2 (en) | Method and a computer program product for indexing files and searching files | |
CN106022155B (en) | Method and server for database security management | |
Chang et al. | Oblivious RAM: A dissection and experimental evaluation | |
CN102521330A (en) | Mirror distributed storage method under desktop virtual environment | |
CN107124271A (en) | A kind of data encryption, decryption method and equipment | |
US7114050B2 (en) | Method and system for accessing spatially organized geographic data in blocks | |
US20080189558A1 (en) | System and Method for Secure Data Storage | |
CN109241056A (en) | A kind of digital ID generation system for distributed system | |
CN113923235B (en) | Data distributed storage system based on cloud computing platform | |
Doukas et al. | Hash function design for cloud storage data auditing | |
Zhou et al. | Hiding data accesses in steganographic file system | |
CN113157821B (en) | Inquirable encryption method suitable for relational database | |
CN111291388A (en) | Cloud platform privacy protection method based on cuckoo filter | |
CN103414555A (en) | Array key management method based on IO block encryption | |
CN113722366B (en) | Safety data retrieval method based on careless ciphertext inverted index | |
Al-Saleh et al. | Radix path: A reduced bucket size oram for secure cloud storage | |
CN112131304B (en) | Novel calculation and storage architecture based on block chain technology | |
CN111639364A (en) | Distributed efficient obfuscation method for cloud data access mode | |
Zhang et al. | S-oram: A segmentation-based oblivious ram | |
CN113297210A (en) | Data processing method and device | |
KR20140088962A (en) | System and method for storing data in a cloud environment | |
Tian et al. | Loco-store: Locality-based oblivious data storage | |
CN110177092A (en) | A kind of electronic data based on block chain is credible method for down loading |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200616 |
|
WW01 | Invention patent application withdrawn after publication |