CN102710661A - Cloud storage and aggregation architecture and data storage and aggregation method by using same - Google Patents

Abstract

The invention discloses cloud storage and aggregation architecture and a data storage and aggregation method by using the same. The cloud storage and aggregation architecture comprises users for partitioning data or encrypting the data through aggregation servers, independent storage clouds for storing and locally aggregating the data, third-party credible servers for performing key distribution on the storage clouds and data aggregation servers for performing total aggregation on the received data and decrypting results. By the cloud storage and aggregation architecture and the data storage and aggregation method by using the same, the security of the data in the storage clouds of the user is guaranteed, and the user cannot know the data condition of the storage clouds when the aggregation servers aggregate the data.

Description

Cloud storage and polymerization framework and storage and polymerization

Technical field

The invention belongs to computer realm, relate to network data existence technology, specifically relate to a kind of cloud storage and polymerization framework and storage and polymerization.

Background technology

At present, the storage of the cloud of data all becomes more and more important with data aggregation technique in scientific research and practical application.And in the data cloud storage is used, inevitably can run into the challenge of privacy leakage problem.Traditionally, when the personal user stored sensitive information on home server, the personal user must believe that hardware of server and software are safe and reliable.At the protected data secure context, existed many mature technique, such as access control, intrusion detection and data access strategy or the like.Yet these technology that exist at present all can not guarantee the immunity that is perfectly safe and invades of database.The limit access document problem of going beyond one's commission that is exposed such as Google Docs.

Summary of the invention

In order to solve above-mentioned deficiency to data safeguard protection and data aggregation technique; The invention provides a kind of cloud storage and polymerization framework and storage and polymerization; Can not only guarantee the safety of data and user's privacy, and can easily let the data aggregate server carry out data aggregate through the storage cloud.

Technical solution of the present invention is following:

A kind of cloud storage and polymerization framework are characterized in, comprising: user, a plurality of cloud, third party's trusted servers and data aggregate server independently stored mutually, wherein:

Described user is used for data are cut apart or through aggregate server data encrypted;

Described storage cloud is used for data are stored and local polymerization;

Described third party's trusted servers is used for the storage cloud is carried out encryption key distribution; With

Described aggregate server is used for the data that receive are carried out total polymerization and/or data are encrypted.

A kind of storage and polymerization that utilizes cloud storage and polymerization framework is characterized in that this method comprises the steps:

Third party's trusted servers is carried out encryption key distribution to the storage cloud, and each storage cloud obtains a key, and all keys are added up and are zero;

When the storage data, the user is divided into a plurality of data blocks with data, and data block is stored in respectively on the different storage clouds; Each stores the data block that cloud obtains each user; Each storage cloud is mutually independent, and do not allow mutual communication to conspire to survey user's data information, so complete user data all can't be learnt in each high in the clouds.

When aggregated data, aggregate server is sent request to each storage cloud, and aggregate server produces non-singular matrix simultaneously, and sends to each storage cloud;

The storage cloud all need the data block of syndication users in local polymerization, then local polymerization result is carried out data conversion through non-singular matrix after, send to aggregate server;

The total polymerization that aggregate server is carried out the data that receive.

A kind of storage and polymerization that utilizes cloud storage and polymerization framework is characterized in that this method comprises the steps:

Third party's trusted servers is carried out encryption key distribution to the storage cloud, and each storage cloud obtains a key, and all keys are added up and are zero;

When the storage data, the user carries out homomorphic cryptography through the PKI of aggregate server to data, is stored in then on any storage cloud; The storage cloud can't be known the private key of aggregate server, so can't learn user's clear data.

When aggregated data, aggregate server is sent request to each storage cloud;

The storage cloud needs the data block of syndication users to carry out this locality to all to connect and to take advantage of operation, and takes advantage of operating result to send to aggregate server this locality company;

Aggregate server connects the data that receive takes advantage of polymerization, just takes advantage of the polymerization result deciphering to connecting then.

Compared with prior art, the invention has the beneficial effects as follows to guarantee the user in the data security of storage cloud, can guarantee when aggregate server is carried out polymerization to data, can't learn the data cases of storing high in the clouds again.

Description of drawings

Fig. 1 is the structural representation of cloud storage of the present invention and polymerization framework.

Embodiment

Below in conjunction with accompanying drawing and embodiment the present invention is further specified, but should not limit protection scope of the present invention with this.

First kind of scheme: in Fig. 1, the user on the left side is stored in a plurality of different storage high in the clouds (mid portion) after cutting apart user's data through the user.Each storage cloud obtains a user's data piece.Each storage cloud is mutually independent, and do not allow mutual communication to conspire to survey user's data information, so complete user data all can't be learnt in each high in the clouds.

Aspect data aggregate: in this framework, have a believable third-party server of independence (right-hand component) to be each storage high in the clouds distributing key (r ₁, r ₂..., r _n).Each storage cloud obtains a key, and is that all keys are added up and be zero, uses c _ImRepresent each private key.

${\mathrm{\Σ}}_{i=1}^n{r}_i=0$ ${\mathrm{\Σ}}_{i=1}^n{c}_{\mathrm{im}}=0$

Wherein n representes to store the number of cloud.

The first step: when aggregate server needs polymerization, send a request and store cloud to each, and non-singular matrix of data aggregate server generation, dimension is m, x _IjBe the entry of a matrix element.

$\left(\begin{array}{c}{x}_{11}{x}_{12}...x_{1m}\\ x_{21}{x}_{22}...x_{2m}\\ ...\\ x_{m1}{x}_{m2}...x_{\mathrm{mm}}\end{array}\right)$

Issue each storage cloud then, all participate in the user data block of polymerization to the storage cloud in local polymerization earlier.

$R_i={\mathrm{\Σ}}_{i=1}^k{u}_i$

Wherein k is local user's number of participating in polymerization, u _iIt is user's data.

Store cloud then the data result R of local polymerization _iResolve into the m+1 branch.

c _i0+c _i1+c _i2+…+c _im?←R _i

Through non-singular matrix data are carried out conversion to local polymerization result then.

$\left\{\begin{array}{c}{y}_{i1}=c_{i0}+c_{i1}+x_{11}+c_{i2}{x}_{12}+...+c_{\mathrm{im}}{x}_{1m}\\ y_{i2}=c_{i0}+c_{i1}{x}_{21}+c_{i2}{x}_{22}+...+c_{\mathrm{im}}{x}_{2m}\\ ...\\ y_{\mathrm{im}}=c_{i0}+c_{i1}{x}_{m1}+c_{i2}{x}_{m2}+...+c_{\mathrm{im}}{x}_{\mathrm{mm}}\end{array}\right.$

Again the data y after the conversion _I1, y _I2..., y _ImSend to the data aggregate server, the final data aggregate server all conversion after data add with:

$\left\{\begin{array}{c}{\mathrm{\Σ}}_{i=1}^n{y}_{i1}={\mathrm{\Σ}}_{i=1}^n{c}_{i0}+{\mathrm{\Σ}}_{i=1}^n{c}_{i1}{x}_{11}+{\mathrm{\Σ}}_{i=1}^n{c}_{i2}{x}_{12}+...+{\mathrm{\Σ}}_{i=1}^n{c}_{\mathrm{im}}{x}_{1m}\\ {\mathrm{\Σ}}_{i=1}^n{y}_{i2}={\mathrm{\Σ}}_{i=1}^n{c}_{i0}+{\mathrm{\Σ}}_{i=1}^n{c}_{i1}{x}_{21}+{\mathrm{\Σ}}_{i=1}^n{c}_{i2}{x}_{22}+...+{\mathrm{\Σ}}_{i=1}^n{c}_{\mathrm{im}}{x}_{2m}\\ {\mathrm{\Σ}}_{i=1}^n{y}_{\mathrm{im}}={\mathrm{\Σ}}_{i=1}^n{c}_{i0}+{\mathrm{\Σ}}_{i=1}^n{c}_{i1}{x}_{m1}+{\mathrm{\Σ}}_{i=1}^n{c}_{i2}{x}_{m2}+...+{\mathrm{\Σ}}_{i=1}^n{c}_{\mathrm{im}}{x}_{\mathrm{mm}}\end{array}\right.$

Because

is so last of above formula can cancellation, just in time a m equation m unknown number.

Obtained by solving the equations

put all the solutions together to get the final result is polymerized

In the process of data aggregation server can not detect personal data.

Second kind of scheme: in Fig. 1, user's data is not cut apart, but encrypts through the PKI of aggregate server, and AES is the Paillier homomorphic cryptography.Store any storage cloud after encrypting into, the storage cloud can't be known the private key of aggregate server, so can't learn user's clear data.User's enciphered data is designated as P (u _i).U wherein _iClear data for each user.

Aspect data aggregate: in this framework, have a believable third-party server of independence (right-hand component) to be each storage cloud distributing key (sk ₁, sk ₂..., sk _n).Each storage cloud obtains a key, and is that all keys are added up and be zero.

${\mathrm{\Σ}}_{i=1}^n{\mathrm{sk}}_i=0$

Wherein n is the number of storage cloud.

When aggregate server is carried out polymerization, send a request to all storage clouds, each storage cloud carries out this locality to the user who participates in the polymerization computing earlier and even takes advantage of operation after the request that receives the aggregate server transmission.Operating result is designated as A _I

$R_i=\underset{i=1}{\overset{k}{\mathrm{\Π}}}P\left(u_i\right)$

$A_i=R_{i}H{\left(t\right)}^{{\mathrm{sk}}_i}$

Wherein k is for participating in local user's number of computing, and H is a hash function, and t is current timestamp, R _iTake advantage of result, A for connecting _iBe the storage cloud encrypted result behind the joining day stamp.

Store cloud then A _iSend to aggregate server, when aggregate server is received the A that all storage clouds are sent _iAfterwards, aggregate server is carried out following company and is taken advantage of polymerization:

${\mathrm{Res}}^{\′}=\underset{i=1}{\overset{n}{\mathrm{\Π}}}{A}_i=\underset{i=1}{\overset{n}{\mathrm{\Π}}}{R}_{i}H{\left(t\right)}^{{\mathrm{sk}}_1+{\mathrm{sk}}_2+...+{\mathrm{sk}}_n}$

Because sk ₁+ sk ₂+ ... + sk _n=0, so intermediate object program

Because operating process is the Paillier homomorphic cryptography, so the result that aggregate server is directly deciphered to the end to Res ':

$\mathrm{Res}=D\left({\mathrm{Res}}^{\′}\right)=D\left(\underset{i=1}{\overset{n}{\mathrm{\Π}}}{R}_i\right)=\underset{j=1}{\overset{m}{\mathrm{\Σ}}}{u}_j$

Wherein m is all numbers of users of participating in the polymerization computing, and Res is final polymerization result.

Claims (3)

1. a cloud is stored and the polymerization framework, it is characterized in that, comprising: user, a plurality of cloud, third party's trusted servers and aggregate server of independently storing mutually, wherein:

Described user is used for data are cut apart or through aggregate server data encrypted;

Described storage cloud is used for data are stored and local polymerization;

Described third party's trusted servers is used for the storage cloud is carried out encryption key distribution;

Described aggregate server is used for the data that receive are carried out total polymerization and the result is deciphered.

2. a storage and a polymerization that utilizes described cloud storage of claim 1 and polymerization framework is characterized in that this method comprises the steps:

Third party's trusted servers is carried out encryption key distribution to the storage cloud, and each storage cloud obtains a key, and all keys are added up and are zero;

When the storage data, the user is divided into a plurality of data blocks with data, and data block is stored in respectively on the different storage clouds;

Each stores the data block that cloud obtains each user;

When aggregated data, aggregate server is sent request to each storage cloud, and aggregate server produces non-singular matrix simultaneously, and sends to each storage cloud;

The storage cloud all need the data block of syndication users in local polymerization, then local polymerization result is carried out data conversion through non-singular matrix after, send to aggregate server;

The total polymerization that aggregate server is carried out the data that receive.

3. a storage and a polymerization that utilizes described cloud storage of claim 1 and polymerization framework is characterized in that this method comprises the steps:

Third party's trusted servers is carried out encryption key distribution to the storage cloud, and each storage cloud obtains a key, and all keys are added up and are zero;

When the storage data, the user carries out homomorphic cryptography through the PKI of aggregate server to data, is stored in then on any storage cloud;

When aggregated data, aggregate server is sent request to each storage cloud;

The storage cloud needs the data block of syndication users to carry out this locality to all to connect and to take advantage of operation, and takes advantage of operating result to send to aggregate server this locality company;

Aggregate server connects the data that receive takes advantage of polymerization, just takes advantage of the polymerization result deciphering to connecting then.

Images