CN114266061B - Offline data tamper-proof method based on hash chain - Google Patents
Offline data tamper-proof method based on hash chain Download PDFInfo
- Publication number
- CN114266061B CN114266061B CN202111624926.4A CN202111624926A CN114266061B CN 114266061 B CN114266061 B CN 114266061B CN 202111624926 A CN202111624926 A CN 202111624926A CN 114266061 B CN114266061 B CN 114266061B
- Authority
- CN
- China
- Prior art keywords
- offline
- user
- data
- hash
- hash chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000012795 verification Methods 0.000 claims description 15
- 230000001172 regenerating effect Effects 0.000 claims description 7
- 238000001514 detection method Methods 0.000 abstract description 3
- 230000007246 mechanism Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000001723 curing Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000013138 pruning Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to an offline data tamper-proof method based on a hash chain, and belongs to the technical field of offline user tamper-proof offline data behavior detection. The invention uses the hash chain technology to realize the record and the trace of the offline data, provides a reliable and safe technical scheme for the tamper resistance of the offline data, opens up a new application scene for the hash chain technology, and has important practical application value.
Description
Technical Field
The invention belongs to the technical field of offline data tampering detection behaviors of offline users, and particularly relates to an offline data tampering prevention method based on a hash chain.
Background
The data sharing service is a bridge and a medium for realizing the scientific data value, and a good sharing service form is a necessary condition for fully exerting the scientific data value. Offline data is an important ring in data sharing services, and with the sustainable development of open science, offline data security sharing is increasingly important. However, offline data is unique as a digital asset: in the offline mode, the user breaks away from the online supervision of the data sharing platform, the use condition is not supervised, and the data holder can use the data for illegal use under the condition of violating the supervision, so that the ecological development of the data sharing service is severely restricted. Therefore, the data sharing service platform can regularly require offline users to submit offline data in order to realize supervision of the offline data. Under the premise, the tamper resistance of offline data becomes one of key links of a data sharing service system.
The offline data security has important significance in promoting data sharing, and the tamper-proof mechanism can provide powerful security guarantee for interaction and sharing of the offline data. There are various ways of tamper-proofing data, including file curing techniques, hash value verification techniques, digital signature techniques, trusted time stamping techniques, blockchain techniques, and the like. The prior tamper-proof technology is mainly applied to the fields of webpage tamper-proof, blockchain application, file integrity verification and the like. The invention realizes the offline data tamper resistance and meets the requirement of offline data dynamic update by using the hash chain combined digital signature technology based on the hash value verification technology. Aiming at the difficult problem of offline data tamper resistance, the invention uses a hash value verification technology to verify the integrity and correctness of the offline data. In addition, in order to meet the requirement of dynamic update of the offline data and realize real-time recording of the offline data, the invention uses a hash chain to record the offline data. Finally, to prevent offline users from pruning the offline hash chain node hash digests, the present invention encrypts the offline hash chain link points using digital signature techniques.
The idea of hash chain (hash chain) was originally proposed by the american mathematician Lamport for application in various network security environments, such as authentication systems, cryptocurrency, and various blockchain driving systems. The hash chain is specifically implemented by performing multiple hash operations on the data asset, and the result of each hash operation is formed into a sequence (W0→W1→W2→ … … →Wn-1→Wn), which is called a hash chain. The security of the hash chain depends on the unidirectional nature of the one-way hash function, i.e., wn can be derived from Wn-1, but Wn cannot be derived from Wn-1. It follows that the hash chain is suitable for hash operations when data grows dynamically.
Disclosure of Invention
First, the technical problem to be solved
The invention aims to solve the technical problems that: the technical scheme of reliability and safety is provided for offline data tamper resistance.
(II) technical scheme
In order to solve the technical problems, the invention provides an offline data tamper-proof method based on a hash chain, which comprises the following steps:
s1, a user sends a request to a cloud service platform, wherein the request contains a unique user identity identifier, the cloud service platform verifies user identity information after receiving the request, and generates a unique hash value W0 and SM2 key pair bound with the user according to the request after the user identity information is verified, safely stores an SM2 private key, backs up the hash value W0, and then issues an encryption program containing an SM2 public key and the hash value W0 to the user;
s2, generating data D1 offline by a user, carrying out hash operation on the hash value W0 and the offline data D1 by using the encryption program to obtain a hash value W1, and encrypting the hash value W0 by using an SM4 and SM2 mixed encryption algorithm after the hash operation is completed by using the encryption program;
s3, generating a hash value Wi and encrypting Wi-1 after each piece of data Di is generated offline by a user, and finally, obtaining an offline hash chain with the length of n+1 when generating data with the length of n, wherein the offline hash chain nodes Wi, i=2, 1,2, the n+1 is encrypted, and the tail node Wn is not encrypted;
s4, submitting offline data and an offline hash chain online by the user, and after receiving the offline data and the offline hash chain, the cloud service platform reads a locally backed-up hash value W0 and performs hash operation for a plurality of times by using the backed-up hash value W0 and the offline data submitted by the user to obtain the hash chain;
s5, the cloud service platform carries out hash verification on the calculated hash chain and an offline hash chain submitted by the user, and if the verification is not passed, the cloud service platform judges that the offline user modifies the offline data;
s6, the cloud service platform detects whether the tail node of the offline hash chain submitted by the user is an unencrypted hash value, and if the cloud service platform detects that the offline hash chain does not have the unencrypted tail node, the cloud service platform judges that the offline user deletes the hash chain;
and S7, detecting the SM4 and SM2 mixed encryption times of each node of the offline hash chain submitted by the user by the cloud service platform, and if the encryption times of any node are detected to be greater than 1, judging that the offline user deletes the offline data and the offline hash chain node, and regenerating the offline data and the offline hash chain node.
Preferably, the specific flow of encrypting the offline hash chain node by using the SM4 and SM2 hybrid algorithm is as follows:
(1) The offline user A randomly generates a key encrypted and decrypted by an SM4 algorithm; a user A acquires an SM2 public key publicKeyB issued by a cloud service platform B from an encryption program; the user A encrypts the plaintext Data by using an SM4 Key to obtain a ciphertext block CipherData; the user A encrypts the Key Key by using a public Key publicKey B of the cloud service platform B and an SM2 algorithm to obtain a Key block CipherKey; the user A adds the ciphertext block CipherData and the key block CipherKey to form encrypted data Cipher;
(2) The cloud service platform B divides the data Cipher into a ciphertext block cipherData and a key block cipherKey; the cloud server B decrypts the CipherKey by using an SM2 private Key PrivateKey B to obtain an SM4 Key; and the cloud server B uses the SM4 Key to perform SM4 decryption on the ciphertext block CipherData to obtain plaintext Data.
Preferably, the unique user identity identifier comprises a user certificate and personal information.
Preferably, in step S5, if the verification is not passed, it is determined that the offline user modifies the offline data according to the collision resistance of the Hash function.
Preferably, in step S6, after determining that the offline user has pruned the hash chain, a preset countermeasure is performed for the user.
Preferably, in step S6, after determining that the offline user has pruned the hash chain, the authority control measure is performed on the user.
Preferably, in step S7, after regenerating the offline data and the offline hash chain node, a preset countermeasure is performed for the user.
Preferably, in step S7, after regenerating the offline data and the offline hash chain node, the rights control measures are performed on the user.
The invention also provides application of the method in the technical field of offline data tampering detection of offline users.
The invention also provides application of the method in data sharing service.
(III) beneficial effects
In order to realize the tamper resistance of the offline data, the invention encrypts the offline data by adopting a hash chain technology and a hybrid encryption mechanism, uses a hash function to carry out hash operation on the offline data, relies on the unidirectional property of the hash function to prevent a user from modifying the offline data, and then encrypts the offline hash value by utilizing the hybrid encryption mechanism to prevent the user from deleting the offline hash chain. And finally, recovering the offline data to perform hash verification and encryption frequency verification. The scheme has the following advantages and beneficial effects:
1. the invention adopts the hash chain technology to realize the tamper resistance of the off-line data, and can carry out real-time hash operation and record the off-line data under the condition of dynamically generating the data on line;
2. the invention adopts a mixed encryption mechanism based on SM4 and SM2 algorithms, and utilizes the advantages of high encryption speed of the SM4 algorithm, high encryption security of the SM2 algorithm, simple key management and low bandwidth requirement to obtain a more efficient and safer encryption technology.
The invention uses the hash chain technology to realize the record and the trace of the offline data, provides a reliable and safe technical scheme for the tamper resistance of the offline data, exploits a new application scene for the hash chain technology, and has important practical application value.
Drawings
FIG. 1 is a schematic block diagram of offline data tamper resistance of the present invention;
FIG. 2 is a diagram of a hybrid encryption model of the SM4 and SM2 algorithms of the present invention;
FIG. 3 is a hash chain encryption model diagram of the present invention;
FIG. 4 is a hash chain check model diagram of the present invention.
Detailed Description
For the purposes of clarity, content, and advantages of the present invention, a detailed description of the embodiments of the present invention will be described in detail below with reference to the drawings and examples.
Aiming at the problem of offline data tamper resistance, the invention provides a safe and reliable offline data tamper resistance system based on a hash chain technology and a hybrid encryption mechanism. The offline data tamper resistance is realized by adopting a hash chain technology, and the offline hash chain is prevented from being deleted by an offline user by using a hybrid encryption mechanism. Some basic concepts related to the present invention are:
1. hash chain: a hash chain is generally defined as the repeated application of a cryptographic hash function to a given data asset, and is implemented by performing multiple hash operations on the data asset, with the results of each hash operation forming a sequence (w0→w1→w2→ … … →wn-1→wn), which is referred to as a hash chain.
Sm4 algorithm: the SM4 algorithm, which is collectively referred to as the SM4 block cipher algorithm, is a cipher industry standard published in the 23 rd publication issued by the national cipher administration, 2012, month 3. The SM4 algorithm is a group symmetric key algorithm, the plaintext, the key and the ciphertext are all 16 bytes, and the encryption key and the decryption key are the same. The encryption algorithm and the key expansion algorithm both adopt a 32-round nonlinear iterative structure. The decryption process is similar to the encryption process except that the round keys are used in reverse order.
SM2 algorithm: the SM2 algorithm is totally called SM2 elliptic curve public key cryptographic algorithm, and is a cryptographic industry standard published in the 21 st publication published by the national institutes of ciphers, month 12 of 2010. The SM2 algorithm belongs to an asymmetric key algorithm, uses a public key for encryption and a private key for decryption, and is not computationally feasible for the known public key. The encryptor encrypts the message into ciphertext by using the public key of the decryptor, and the decryptor decrypts the received ciphertext into the original message by using the private key of the decryptor.
4. Hybrid encryption mechanism: before data is communicated on a network, a sender randomly generates a random key of an SM4 algorithm, the SM4 algorithm is used for encrypting plaintext data to be transmitted, and then the SM2 algorithm is used for encrypting the key. After receiving the ciphertext data and the encrypted key data, the receiver also decrypts the random key by using the SM2 algorithm, and then decrypts the ciphertext by using the random key to perform SM4 decryption. The random key of each plaintext data encryption is different, the problem of SM4 key management does not exist, and the encryption and decryption scheme ensures the data security and improves the encryption and decryption speed.
Aiming at the problem of offline data security protection, the offline data tamper-proof system based on the hash chain technology and the hybrid encryption mechanism is used for preventing offline data tamper, preventing offline users from tampering with the data, encrypting the hash chain node by using the hybrid encryption algorithm, and detecting whether the offline users delete the offline data.
Referring to fig. 1 to 3, the present invention includes the steps of:
s1, a user sends a request to a cloud service platform, wherein the request contains user identity unique identifiers such as a user certificate and personal information, after the cloud service platform receives the request, the user identity information is verified, after the user identity information passes verification, a unique hash value W0 and SM2 key pair bound with the user is generated for the request, an SM2 private key is safely stored, the hash value W0 is backed up, and then an encryption program containing an SM2 public key and the hash value W0 is issued to the user;
s2, generating data D1 offline by a user, carrying out hash operation on the hash value W0 and the offline data D1 by using an encryption program to obtain a hash value W1, and encrypting the hash value W0 by using an SM4 and SM2 hybrid encryption algorithm after the hash operation is completed by using the encryption program, as shown in FIG. 2;
s3, generating a hash value Wi and encrypting Wi-1 after each piece of data Di is generated offline by a user, and finally, obtaining an offline hash chain with the length of n+1 when generating data with the length of n, wherein the offline hash chain nodes Wi, i=2, 1,2, the n+1 is encrypted, and the tail node Wn is not encrypted;
s4, submitting offline data and an offline hash chain online by the user, and after receiving the offline data and the offline hash chain, the cloud service platform reads a locally backed-up hash value W0 and performs hash operation for a plurality of times by using the backed-up hash value W0 and the offline data submitted by the user to obtain the hash chain;
s5, carrying out Hash verification on the calculated Hash chain and an offline Hash chain submitted by a user by the cloud service platform, and if the Hash chain does not pass the verification, judging that the offline data is modified by the offline user according to the strong collision resistance of the Hash function;
s6, the cloud service platform detects whether the tail node of the offline hash chain submitted by the user is an unencrypted hash value, if the cloud service platform detects that the offline hash chain does not have the unencrypted tail node, the offline user is judged to delete the hash chain, and authority control or other countermeasures are executed for the user;
and S7, detecting the mixed encryption times of SM4 and SM2 of each node of the offline hash chain submitted by the user by the cloud service platform, if the encryption times of any node are detected to be more than 1, judging that the offline user deletes the offline data and the offline hash chain node (offline hash node), regenerating the offline data and the offline hash chain node, and executing authority control or other countermeasures on the user.
In this embodiment, the specific flow of encrypting the offline hash chain node (corresponding hash value) by using the SM4 and SM2 hybrid algorithm is as follows:
(1) The offline user A randomly generates a key encrypted and decrypted by an SM4 algorithm; a user A acquires an SM2 public key publicKeyB issued by a cloud service platform B from an encryption program; the user A encrypts the plaintext Data by using an SM4 Key to obtain a ciphertext block CipherData; the user A encrypts the Key Key by using a public Key publicKey B of the cloud service platform B and an SM2 algorithm to obtain a Key block CipherKey; the user A adds the ciphertext block CipherData and the key block CipherKey to form encrypted data Cipher;
(2) The cloud service platform B divides the data Cipher into a ciphertext block cipherData and a key block cipherKey; the cloud server B decrypts the CipherKey by using an SM2 private Key PrivateKey B to obtain an SM4 Key; and the cloud server B uses the SM4 Key to perform SM4 decryption on the ciphertext block CipherData to obtain plaintext Data.
According to the method, the offline data is prevented from being tampered and deleted, and the offline data which needs to be collected by the cloud service platform is prevented from being tampered and deleted by the offline user.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and variations could be made by those skilled in the art without departing from the technical principles of the present invention, and such modifications and variations should also be regarded as being within the scope of the invention.
Claims (10)
1. An offline data tamper-proof method based on a hash chain is characterized by comprising the following steps:
s1, a user sends a request to a cloud service platform, wherein the request contains a unique user identity identifier, the cloud service platform verifies user identity information after receiving the request, and generates a unique hash value W0 and SM2 key pair bound with the user according to the request after the user identity information is verified, safely stores an SM2 private key, backs up the hash value W0, and then issues an encryption program containing an SM2 public key and the hash value W0 to the user;
s2, generating data D1 offline by a user, carrying out hash operation on the hash value W0 and the offline data D1 by using the encryption program to obtain a hash value W1, and encrypting the hash value W0 by using an SM4 and SM2 mixed encryption algorithm after the hash operation is completed by using the encryption program;
s3, generating a hash value Wi and encrypting Wi-1 after each piece of data Di is generated offline by a user, and finally, obtaining an offline hash chain with the length of n+1 when generating data with the length of n, wherein the offline hash chain nodes Wi, i=2, 1,2, the n+1 is encrypted, and the tail node Wn is not encrypted;
s4, submitting offline data and an offline hash chain online by the user, and after receiving the offline data and the offline hash chain, the cloud service platform reads a locally backed-up hash value W0 and performs hash operation for a plurality of times by using the backed-up hash value W0 and the offline data submitted by the user to obtain the hash chain;
s5, the cloud service platform carries out hash verification on the calculated hash chain and an offline hash chain submitted by the user, and if the verification is not passed, the cloud service platform judges that the offline user modifies the offline data;
s6, the cloud service platform detects whether the tail node of the offline hash chain submitted by the user is an unencrypted hash value, and if the cloud service platform detects that the offline hash chain does not have the unencrypted tail node, the cloud service platform judges that the offline user deletes the hash chain;
and S7, detecting the SM4 and SM2 mixed encryption times of each node of the offline hash chain submitted by the user by the cloud service platform, and if the encryption times of any node are detected to be greater than 1, judging that the offline user deletes the offline data and the offline hash chain node, and regenerating the offline data and the offline hash chain node.
2. The method of claim 1, wherein the specific flow of performing the SM4 and SM2 hybrid algorithm encryption offline hash chain node is as follows:
(1) The offline user A randomly generates a key encrypted and decrypted by an SM4 algorithm; a user A acquires an SM2 public key publicKeyB issued by a cloud service platform B from an encryption program; the user A encrypts the plaintext Data by using an SM4 Key to obtain a ciphertext block CipherData; the user A encrypts the Key Key by using a public Key publicKey B of the cloud service platform B and an SM2 algorithm to obtain a Key block CipherKey; the user A adds the ciphertext block CipherData and the key block CipherKey to form encrypted data Cipher;
(2) The cloud service platform B divides the data Cipher into a ciphertext block cipherData and a key block cipherKey; the cloud server B decrypts the CipherKey by using an SM2 private Key PrivateKey B to obtain an SM4 Key; and the cloud server B uses the SM4 Key to perform SM4 decryption on the ciphertext block CipherData to obtain plaintext Data.
3. The method of claim 1, wherein the user identity unique identification comprises a user certificate, personal information.
4. The method of claim 1, wherein in step S5, if the verification is not passed, it is determined that the offline user has modified the offline data according to the collision resistance of the Hash function.
5. The method of claim 1, wherein in step S6, after determining that the offline user has pruned the hash chain, a preset countermeasure is performed for the user.
6. The method of claim 5, wherein in step S6, the authority control measure is performed on the offline user after determining that the user has deleted the hash chain.
7. The method of claim 1, wherein in step S7, after regenerating the offline data and offline hash chain nodes, a preset countermeasure is performed for the user.
8. The method of claim 7, wherein in step S7, after regenerating the offline data and offline hash chain nodes, rights control measures are performed on the user.
9. Use of a method according to any of claims 1 to 8 in the technical field of detecting offline user tampering with offline data.
10. Use of the method according to any of claims 1 to 8 in a data sharing service.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111624926.4A CN114266061B (en) | 2021-12-28 | 2021-12-28 | Offline data tamper-proof method based on hash chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111624926.4A CN114266061B (en) | 2021-12-28 | 2021-12-28 | Offline data tamper-proof method based on hash chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114266061A CN114266061A (en) | 2022-04-01 |
| CN114266061B true CN114266061B (en) | 2024-03-26 |
Family
ID=80830798
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111624926.4A Active CN114266061B (en) | 2021-12-28 | 2021-12-28 | Offline data tamper-proof method based on hash chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114266061B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20010090167A (en) * | 2000-03-23 | 2001-10-18 | 윤종용 | Method for mutual authentication and key exchange based on the user's password and apparatus thereof |
| CN109145612A (en) * | 2018-07-05 | 2019-01-04 | 东华大学 | The cloud data sharing method of anti-data tampering, user's collusion is realized based on block chain |
| CN110059503A (en) * | 2019-04-24 | 2019-07-26 | 成都派沃特科技股份有限公司 | The retrospective leakage-preventing method of social information |
-
2021
- 2021-12-28 CN CN202111624926.4A patent/CN114266061B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20010090167A (en) * | 2000-03-23 | 2001-10-18 | 윤종용 | Method for mutual authentication and key exchange based on the user's password and apparatus thereof |
| CN109145612A (en) * | 2018-07-05 | 2019-01-04 | 东华大学 | The cloud data sharing method of anti-data tampering, user's collusion is realized based on block chain |
| CN110059503A (en) * | 2019-04-24 | 2019-07-26 | 成都派沃特科技股份有限公司 | The retrospective leakage-preventing method of social information |
Non-Patent Citations (1)
| Title |
|---|
| 基于区块链的防特权账号篡改审计系统;方国强;;通信技术;20200430(第04期);第963-969页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114266061A (en) | 2022-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111130757B (en) | Multi-cloud CP-ABE access control method based on block chain | |
| CN110881048B (en) | Safety communication method and device based on identity authentication | |
| CN110535868A (en) | Data transmission method and system based on Hybrid Encryption algorithm | |
| CN113364576A (en) | Data encryption evidence storing and sharing method based on block chain | |
| CN108768652A (en) | It is a kind of can the attack of anti-quantum alliance's block chain bottom encryption method | |
| CN111769938B (en) | Key management system and data verification system of block chain sensor | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| US7894608B2 (en) | Secure approach to send data from one system to another | |
| CN111914291A (en) | Message processing method, device, equipment and storage medium | |
| CN112732695B (en) | Cloud storage data security deduplication method based on block chain | |
| CN109005184A (en) | File encrypting method and device, storage medium, terminal | |
| CN115345618B (en) | Block chain transaction verification method and system based on mixed quantum digital signature | |
| CN112685786A (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
| CN114697040A (en) | Electronic signature method and system based on symmetric key | |
| CN112749232A (en) | Production data monitoring method and device, block chain node and storage medium | |
| CN114448641A (en) | Privacy encryption method, electronic equipment, storage medium and chip | |
| CN112671735A (en) | Data encryption sharing system and method based on block chain and re-encryption | |
| CN110233729B (en) | Encrypted solid-state disk key management method based on PUF | |
| CN106453362A (en) | Data transmission method and apparatus of vehicle-mounted device | |
| CN110708155B (en) | Copyright information protection method, copyright information protection system, copyright confirming method, copyright confirming device, copyright confirming equipment and copyright confirming medium | |
| CN109495257B (en) | Data acquisition unit encryption method based on improved SM2 cryptographic algorithm | |
| CN114266061B (en) | Offline data tamper-proof method based on hash chain | |
| CN116743372A (en) | Quantum security protocol implementation method and system based on SSL protocol | |
| CN117155549A (en) | Key distribution method, key distribution device, computer equipment and storage medium | |
| CN114282248B (en) | Offline data tamper-proof system based on hash chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |