CN111291388A - Cloud platform privacy protection method based on cuckoo filter - Google Patents

Cloud platform privacy protection method based on cuckoo filter Download PDF

Info

Publication number
CN111291388A
CN111291388A CN201911241847.8A CN201911241847A CN111291388A CN 111291388 A CN111291388 A CN 111291388A CN 201911241847 A CN201911241847 A CN 201911241847A CN 111291388 A CN111291388 A CN 111291388A
Authority
CN
China
Prior art keywords
data
module
storage
layer
cuckoo
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201911241847.8A
Other languages
Chinese (zh)
Inventor
吕太之
颜悦
张军
蒋玉婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Maritime Institute
Original Assignee
Jiangsu Maritime Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Maritime Institute filed Critical Jiangsu Maritime Institute
Priority to CN201911241847.8A priority Critical patent/CN111291388A/en
Publication of CN111291388A publication Critical patent/CN111291388A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/004Artificial life, i.e. computing arrangements simulating life
    • G06N3/006Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Biomedical Technology (AREA)
  • Computing Systems (AREA)
  • Molecular Biology (AREA)
  • Evolutionary Computation (AREA)
  • Mathematical Physics (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Databases & Information Systems (AREA)
  • Biophysics (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention particularly relates to a cloud platform privacy protection method based on a cuckoo filter, which comprises a user side and a server side; the user side comprises a data storage module and a data access module; the data storage module comprises a virtual data generation module, a data encryption module and an encryption grouping module; the data access module comprises a data reading module, a data updating module, a data encryption module and a data re-encryption module; the server comprises a data access control module and a parallel module; the data access control module comprises a hash storage control module, a data layer reconstruction module and a member verification module. The hidden random access adopting the method can realize that an unauthorized user cannot know which target data element the user really needs to access.

Description

Cloud platform privacy protection method based on cuckoo filter
Technical Field
The invention relates to the field of computer information protection, in particular to a cloud platform privacy protection method based on a cuckoo filter.
Background
With the rapid development of computer and network information and the massive growth of data, more and more customers tend to outsource the data storage and maintenance work to professional data service providers, so that the data storage and maintenance work is relieved from the heavy pressure of basic storage management and maintenance, and the research and the development focusing on the core business of the customers are realized. Under the demand, research on cloud storage reveals the corners of the head and is rapidly developed. The cloud storage has the advantages of good convenience and expandability, obvious reduction of local storage and maintenance expenses, small economic cost and the like. However, the security of cloud storage is also called into question, and the security is becoming a crucial bottleneck for the development of cloud storage systems. The privacy protection is an extremely important aspect in cloud storage security, and in general, the purpose of privacy protection is realized by adopting a hidden user access mode. However, some methods have been used in the prior art to solve the security problem of how to hide the access mode of data, but some key problems exist, such as (1) because a cloud server needs to return all data each time a user accesses, the communication traffic between the user and the cloud server is huge; (2) in order to hide the access mode of the data, the cloud end needs to store the virtual data, which undoubtedly increases the space overhead and the average access time of the storage; (3) a plurality of users send access requests to the same data at the same time, and the cloud server can see two similar data access processes, so that the two users are identified to access the same data, and the privacy of the users is revealed.
Disclosure of Invention
1. The technical problem to be solved is as follows:
aiming at the technical problems, the invention provides a cloud platform privacy protection method based on a cuckoo filter, and provides a hidden random access cloud platform method.
2. The technical scheme is as follows:
a cloud platform privacy protection method based on a cuckoo filter is characterized by comprising the following steps: comprises a user side and a server side; the user side comprises a data storage module and a data access module; the data storage module comprises a virtual data generation module, a data encryption module and an encryption grouping module; the data access module comprises a data reading module, a data updating module, a data encryption module and a data re-encryption module; the server comprises a data access control module and a parallel module; the data access control module comprises a hash storage control module, a data layer reconstruction module and a member verification module.
The data storage module generates virtual data for protecting real data according to the real data and stores the virtual book and the real user data together; the data encryption module encrypts real data together with the virtual data by adopting a Paillier probability public key encryption method; the encryption grouping module groups the data encrypted by the user to realize the partition storage in the cloud server; the data access control module of the server side controls the storage of data elements by applying a back court type cuckoo hash algorithm in the hash storage control module; the data layer reconstruction module forcibly reorders and inserts the data elements by adopting a shuffling strategy, so that the position of the data elements is not unique, and the privacy is improved; the member verification module is applied to the partition bloom filter and ensures constant-level query of member verification.
The server side data layer reconstruction module partitions the storage area; the O-RAM structure is set to be a plurality of parallel O-RAM small structures; each O-RAM has the same small structure and the same number of stored data elements; each O-RAM small structure is a multi-layer hierarchical storage structure with gradually increased storage capacity; adding a small cache to the highest layer of each small O-RAM hierarchical data structure for storing a recently accessed data element set; the storage data structure of each layer adopts a hinding court type cuckoo filter structure.
Further, the user side adopts a member function method in the userClient class file to preprocess data stored by the user; the geneVirtualData method generates virtual data of the same size as the user's real data, and encrypts the set of real data and virtual data by the dataEncrypt method, and then packetizes the data with dataSplit in preparation for data to be placed into the cloud server.
Further, the server side represents the hash storage control module by a backsyardcuckoo class; in the backyardcutkoo class, three static member HashMap variables are respectively three data storage structures in a Cuckoo hash algorithm, the storage size of the class is initialized through a constructor of the class, and rabinbHash is used for outputting a hash result of data; the algorithm of post-garden cuckoo hashing is done by insert bucket and insert _ LowLevel, then classes provide a common way to look for delete inserts in the storage structure HashMap for instantiation calls.
Further, the member verification module employs a modified partition bloom filter; the partition bloom filter uses a binary number set to represent the existence state of data, a class initiates a hash function array, the binary number set is used for distributing the data to partitions containing mutually independent hash functions according to getSubIndex, element positions are added through an addElement function, or whether elements exist in a set is inquired through a checkElement method.
Further, in the O-RAM partition model on the server side, a houndstooth cuckoo hash structure corresponds to a bloom filter of a corresponding partition to control member access.
Further, when the number of times that the data layer i is accessed reaches 2i times, the server-side data layer reconstruction module reconstructs the data layer i and the data layer i + 1: and merging the data in the data layer i and the data layer i +1, and storing the merged data in the data layer i +1 again. In the reconstruction process, in order to protect the privacy of the user access mode, hidden shuffling is carried out on the merged data.
3. Has the advantages that:
(1) the hidden random access adopting the method can realize that an unauthorized user cannot know which target data element the user really needs to access.
(2) The hidden random access unauthorized user adopting the method can not know whether the target data elements accessed twice are the same or not.
(3) The hidden random access unauthorized user adopting the method can not distinguish read-write operation.
(4) The hidden random access unauthorized user adopting the method can not distinguish two different data access requests with equal length.
Drawings
FIG. 1 is an overall functional architecture diagram of the present invention;
fig. 2 is an architecture diagram of the present invention.
Detailed Description
The present invention will be described in detail with reference to the accompanying drawings.
As shown in fig. 1, a cloud platform privacy protection method based on a cuckoo filter is characterized in that: comprises a user side and a server side; the user side comprises a data storage module and a data access module; the data storage module comprises a virtual data generation module, a data encryption module and an encryption grouping module; the data access module comprises a data reading module, a data updating module, a data encryption module and a data re-encryption module; the server comprises a data access control module and a parallel module; the data access control module comprises a hash storage control module, a data layer reconstruction module and a member verification module.
The data storage module generates virtual data for protecting real data according to the real data and stores the virtual book and the real user data together; the data encryption module encrypts real data together with the virtual data by adopting a Paillier probability public key encryption method; the encryption grouping module groups the data encrypted by the user to realize the partition storage in the cloud server; the data access control module of the server side controls the storage of data elements by applying a back court type cuckoo hash algorithm in the hash storage control module; the data layer reconstruction module forcibly reorders and inserts the data elements by adopting a shuffling strategy, so that the position of the data elements is not unique, and the privacy is improved; the member verification module is applied to the partition bloom filter and ensures constant-level query of member verification.
The server side data layer reconstruction module partitions the storage area; the O-RAM structure is set to be a plurality of parallel O-RAM small structures; each O-RAM has the same small structure and the same number of stored data elements; each O-RAM small structure is a multi-layer hierarchical storage structure with gradually increased storage capacity; adding a small cache to the highest layer of each small O-RAM hierarchical data structure for storing a recently accessed data element set; the storage data structure of each layer adopts a hinding court type cuckoo filter structure.
Further, the user side adopts a member function method in the userClient class file to preprocess data stored by the user; the geneVirtualData method generates virtual data of the same size as the user's real data, and encrypts the set of real data and virtual data by the dataEncrypt method, and then packetizes the data with dataSplit in preparation for data to be placed into the cloud server.
Further, the server side represents the hash storage control module by a backsyardcuckoo class; in the backyardcutkoo class, three static member HashMap variables are respectively three data storage structures in a Cuckoo hash algorithm, the storage size of the class is initialized through a constructor of the class, and rabinbHash is used for outputting a hash result of data; the algorithm of post-garden cuckoo hashing is done by insert bucket and insert _ LowLevel, then classes provide a common way to look for delete inserts in the storage structure HashMap for instantiation calls.
Further, the member verification module employs a modified partition bloom filter; the partition bloom filter uses a binary number set to represent the existence state of data, a class initiates a hash function array, the binary number set is used for distributing the data to partitions containing mutually independent hash functions according to getSubIndex, element positions are added through an addElement function, or whether elements exist in a set is inquired through a checkElement method.
Further, in the O-RAM partition model on the server side, a houndstooth cuckoo hash structure corresponds to a bloom filter of a corresponding partition to control member access.
Further, when the number of times that the data layer i is accessed reaches 2i times, the server-side data layer reconstruction module reconstructs the data layer i and the data layer i + 1: and merging the data in the data layer i and the data layer i +1, and storing the merged data in the data layer i +1 again. In the reconstruction process, in order to protect the privacy of the user access mode, hidden shuffling is carried out on the merged data.
As shown in fig. 2; in the method, data access is carried out by taking equal-length data elements as units, and the number of the data elements is assumed to be n, namely the storage size of the O-RAM is n. Before storing the data, the user first performs local pre-processing on the data elements, including data encryption and grouping. The encryption method of the method adopts Paillier probability public key encryption, and different groups are stored in different O-RAM structures. And then, uploading the data to a cloud storage server side, and storing the data in a specific data structure.
The data storage area adopts the partition idea, namely, a single O-RAM structure is improved into a plurality of parallel O-RAM structures. The original O-RAM structure with larger storage capacity is divided into a plurality of O-RAM structures with small storage capacity. Each small O-RAM structure stores an equal amount of data elements and is identical in structure. In particular, in the hidden random access scheme herein, the data storage area is divided into
Figure BDA0002306472080000041
O-RAM structures, each O-RAM structure storing data of the number
Figure BDA0002306472080000042
Figure BDA0002306472080000043
The grouping method is to map by using a Hash function h', wherein n is the number of data.
The structure of each partition is a multi-layer hierarchical storage structure with gradually increased storage capacity. And adding a small cache at the highest layer of each small O-RAM hierarchical data structure for storing the recently accessed data element set. And adopting a Backyard Cuckoo Hash (Backyard Cuckoo Hash) as a storage data structure of each layer. The bucket Hash table and Cuckoo Hash table of the ith layer in the Backyard Cuckoo Hash structure are both 2i+1Storage 2 ofiA real data element and 2iA virtual data element. When inserting the element x, first calculate p ═ h0(x) Determining the position of x in a Bucket (Bucket) in the barrel hash table, and if the number of elements stored in the Bucket (Bucket) at the position is less than d, directly storing the elements into the Bucket, wherein the position of x in the Bucket is determined by the position of x in the Bucket hash table, and the number of the elements stored in the Bucket (Bucket) at the position of x is directly stored into the Bucket, and the position of
Figure BDA0002306472080000051
Otherwise, storing the data into the hash table of the cuckoo at the lower layer.
Each layer of post-court cuckoo hash is associated with an encrypted partition bloom filter structure, and the partition bloom filter is realized by using the partition hash and is used for performing member verification, namely, member verification is performed firstly every time the data layer is accessed, and whether the data needs to be searched is judged. If the data is not stored at this level, the dummy data is accessed. By adopting the member verification technology, the leakage of the access mode information caused by the empty data query can be effectively prevented, and the security of the access mode is well ensured.
When the number of times of accessing the data layer i reaches 2iAfter that time, data layer i and data layer i +1 are to be reconstructed: and merging the data in the data layer i and the data layer i +1, and storing the merged data in the data layer i +1 again. In the reconstruction process, in order to protect the privacy of the user access mode, hidden shuffling is carried out on the merged data. The time overhead of a hidden shuffle is a major contributor to the time overhead in the overall scheme. It is very necessary to select an efficient shuffling method. The shuffling method is to achieve hiding firstly, and cannot display the sequential relation between the sequencing input and the output, namely, to ensure that any input x can be mapped to any output y. Which should reduce its time overhead as much as possible. In the scheme herein, a buffer shuffling strategy is employed. The buffer shuffling strategy well supports the hidden random access scheme herein and improves access efficiency.
Although the present invention has been described with reference to the preferred embodiments, it should be understood that various changes and modifications can be made therein by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (6)

1. A cloud platform privacy protection method based on a cuckoo filter is characterized by comprising the following steps: comprises a user side and a server side; the user side comprises a data storage module and a data access module; the data storage module comprises a virtual data generation module, a data encryption module and an encryption grouping module; the data access module comprises a data reading module, a data updating module, a data encryption module and a data re-encryption module; the server comprises a data access control module and a parallel module; the data access control module comprises a hash storage control module, a data layer reconstruction module and a member verification module;
the data storage module generates virtual data for protecting real data according to the real data and stores the virtual book and the real user data together; the data encryption module encrypts real data together with the virtual data by adopting a Paillier probability public key encryption method; the encryption grouping module groups the data encrypted by the user to realize the partition storage in the cloud server;
the data access control module of the server side controls the storage of data elements by applying a back court type cuckoo hash algorithm in the hash storage control module; the data layer reconstruction module forcibly reorders and inserts the data elements by adopting a shuffling strategy, so that the position of the data elements is not unique, and the privacy is improved; the member verification module is applied to the partition bloom filter and ensures constant-level query of member verification;
the server side data layer reconstruction module partitions the storage area; namely, the O-RAM structure is set into a plurality of parallel O-RAM small structures; each O-RAM has the same small structure and the same number of stored data elements; each O-RAM small structure is a multi-layer hierarchical storage structure with gradually increased storage capacity; adding a small cache to the highest layer of each small O-RAM hierarchical data structure for storing a recently accessed data element set; the storage data structure of each layer adopts a hinding court type cuckoo filter structure.
2. The cuckoo filter-based cloud platform privacy protection method of claim 1, wherein: the user side adopts a membership function method in a userClient file to preprocess data stored by a user; the geneVirtualData method generates virtual data of the same size as the user's real data, and encrypts the set of real data and virtual data by the dataEncrypt method, and then packetizes the data with dataSplit in preparation for data to be placed into the cloud server.
3. The cuckoo filter-based cloud platform privacy protection method of claim 1, wherein: the server side represents a Hash storage control module by a backsyardcackoo-like model; in the backyardcutkoo class, three static member HashMap variables are respectively three data storage structures in a Cuckoo hash algorithm, the storage size of the class is initialized through a constructor of the class, and rabinbHash is used for outputting a hash result of data; the algorithm of post-garden cuckoo hashing is done by insert bucket and insert _ LowLevel, then classes provide a common way to look for delete inserts in the storage structure HashMap for instantiation calls.
4. The cuckoo filter-based cloud platform privacy protection method of claim 1, wherein: the member verification module adopts an improved partition bloom filter; the partition bloom filter uses a binary number set to represent the existence state of data, a class initiates a hash function array, the binary number set is used for distributing the data to partitions containing mutually independent hash functions according to getSubIndex, element positions are added through an addElement function, or whether elements exist in a set is inquired through a checkElement method.
5. The cuckoo filter-based cloud platform privacy protection method of claim 1, wherein: in the O-RAM partition model of the server side, a houndstooth cuckoo hash structure corresponds to a bloom filter of a corresponding partition to control member access.
6. The cuckoo filter-based cloud platform privacy protection method of claim 1, wherein: when the number of times of accessing the data layer i reaches 2i times, the server-side data layer reconstruction module reconstructs the data layer i and the data layer i + 1: merging the data in the data layer i and the data layer i +1, and storing the merged data in the data layer i +1 again; in the reconstruction process, the merged data is subjected to hidden shuffling, so that the privacy of a user access mode is protected.
CN201911241847.8A 2019-12-06 2019-12-06 Cloud platform privacy protection method based on cuckoo filter Withdrawn CN111291388A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911241847.8A CN111291388A (en) 2019-12-06 2019-12-06 Cloud platform privacy protection method based on cuckoo filter

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911241847.8A CN111291388A (en) 2019-12-06 2019-12-06 Cloud platform privacy protection method based on cuckoo filter

Publications (1)

Publication Number Publication Date
CN111291388A true CN111291388A (en) 2020-06-16

Family

ID=71022993

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911241847.8A Withdrawn CN111291388A (en) 2019-12-06 2019-12-06 Cloud platform privacy protection method based on cuckoo filter

Country Status (1)

Country Link
CN (1) CN111291388A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114844638A (en) * 2022-07-03 2022-08-02 浙江九州量子信息技术股份有限公司 Big data volume secret key duplication removing method and system based on cuckoo filter

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114844638A (en) * 2022-07-03 2022-08-02 浙江九州量子信息技术股份有限公司 Big data volume secret key duplication removing method and system based on cuckoo filter

Similar Documents

Publication Publication Date Title
Goodrich et al. Oblivious RAM simulation with efficient worst-case access overhead
Goodrich et al. Practical oblivious storage
US8219544B2 (en) Method and a computer program product for indexing files and searching files
CN106022155B (en) Method and server for database security management
Chang et al. Oblivious RAM: A dissection and experimental evaluation
CN102521330A (en) Mirror distributed storage method under desktop virtual environment
CN107124271A (en) A kind of data encryption, decryption method and equipment
US7114050B2 (en) Method and system for accessing spatially organized geographic data in blocks
US20080189558A1 (en) System and Method for Secure Data Storage
CN109241056A (en) A kind of digital ID generation system for distributed system
CN113923235B (en) Data distributed storage system based on cloud computing platform
Doukas et al. Hash function design for cloud storage data auditing
Zhou et al. Hiding data accesses in steganographic file system
CN113157821B (en) Inquirable encryption method suitable for relational database
CN111291388A (en) Cloud platform privacy protection method based on cuckoo filter
CN103414555A (en) Array key management method based on IO block encryption
CN113722366B (en) Safety data retrieval method based on careless ciphertext inverted index
Al-Saleh et al. Radix path: A reduced bucket size oram for secure cloud storage
CN112131304B (en) Novel calculation and storage architecture based on block chain technology
CN111639364A (en) Distributed efficient obfuscation method for cloud data access mode
Zhang et al. S-oram: A segmentation-based oblivious ram
CN113297210A (en) Data processing method and device
KR20140088962A (en) System and method for storing data in a cloud environment
Tian et al. Loco-store: Locality-based oblivious data storage
CN110177092A (en) A kind of electronic data based on block chain is credible method for down loading

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20200616

WW01 Invention patent application withdrawn after publication