CN103944874B - Highly reusable cloud storage data storage verification method and system - Google Patents
Highly reusable cloud storage data storage verification method and system Download PDFInfo
- Publication number
- CN103944874B CN103944874B CN201410054969.7A CN201410054969A CN103944874B CN 103944874 B CN103944874 B CN 103944874B CN 201410054969 A CN201410054969 A CN 201410054969A CN 103944874 B CN103944874 B CN 103944874B
- Authority
- CN
- China
- Prior art keywords
- verification
- checking
- key
- label
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a highly reusable cloud storage data storage verification method and system. The method includes: receiving a data storage verification query request of a user; confusing a current verification time and obtaining a challenge key sequence number; replacing the current verification time with the challenge key sequence number and obtaining a current challenge key and verification label; selecting P-1 pseudo-random numbers from a pseudo-random number group and mixing the pseudo-random numbers with the current challenge key so as to form a query number group; a server generating a verification label sequence and returning the verification label sequence to a client; and the client filtering the verification label sequence and comparing a filtered verification label with the verification label so as to judge whether a file is destroyed. The beneficial effects of the highly reusable cloud storage data storage verification method and system are capable of obtaining a comparatively high verification credibility at a comparatively small computing cost; and challenges of the file verification label include a real challenge parameter and a series of pseudo-random numbers at each time so that the number of possible pseudo-random labels is increased significantly and thus it is prevented that the user uses a saved correct signature to realize replay attacks.
Description
Technical field
A kind of the present invention relates to computer realm, more particularly, it relates to the cloud storage data storage checking of high durability
Method and system.
Background technology
Because cloud storage system can provide the magnanimity of resilient expansion on demand with cheap price for enterprises and individuals user
Data storage management service, saves the cost that user carries out special maintenance and management to document storage system, thus is subject to city
The welcome of field.
But, cloud storage, while bringing advantage to the user, also brings new challenge and threat to data protection.By
In data storage beyond the clouds, depart from user and control scope, user cannot carry out real-time monitoring and management to data.If cloud storage
In data and file because assault, manager's maloperation, malicious act etc. are tampered or damage, user relies only on
Cloud storage system come to find these change.
Because cloud storage system needs the data volume of inspection huge it is difficult to find the change of data, therefore, cloud storage in time
System is simultaneously not exclusively credible.And in some cases, for from the aspect of other, cloud service provider be not notified that user this
A little changes.Therefore, user needs a kind of credible means and the data mode being saved in cloud storage is verified, thus in time
Reply data fault.
At present, the data storage verification method of cloud storage system is mostly based on metadata verification.User is in files passe
Generate corresponding metadata for each blocks of files, to detect literary composition in the corresponding relation initiating verification metadata and blocks of files content
Whether part is intact.But, such method is realized being mostly based on the signature algorithm of complexity, and the computing capability of client is required relatively
Height, and the metadata when uploading calculates the time and increases with the growth of file.Another method is by being use in advance
Family prepares the integrity verification label of certain number of times, when user needs checking, challenge parameter is sent to server, server
Regenerate a corresponding checking label, client is by comparing whether label unanimously judges whether file is complete.This kind of
The usual difficulty in computation of method is low, and simple hash algorithm can meet demand, uploads time short.But, due to client
Only prepare the checking label of quantification, once label is used up it is possible to meet with the Replay Attack of server, and cannot continue
Continuous checking file statuss.
Cloud storage system lacks a kind of data storage verification method being applied to lightweight client.
Content of the invention
The technical problem to be solved in the present invention is, once the above-mentioned data storage verification method label for prior art
Use up, the Replay Attack of server may be met with, and cannot continue to verify the defect of file statuss, a kind of high durability is provided
Cloud storage data storage verification method and system, realize verifying the multiplexing of label in proof procedure, increase the available of checking label
Property.
The technical solution adopted for the present invention to solve the technical problems is: constructs a kind of cloud storage data of high durability and deposits
Storage verification method, comprises the following steps:
S1, the file configuration certificate parameter uploaded onto the server for each and blending parameter, and credible according to single authentication
Degree c and file size determine the file block number needing to read;
Wherein, certificate parameter includes: the filename of file, file size, checking frequency n, single authentication credibility c;Mixed
Parameter of confusing includes: pseudorandom array s, pseudorandom array generate key y, degree of aliasing p;
S2, the data storage revene lookup request of receive user, and initiate inquiry request;
S3, current authentication number of times is obscured, obtain challenge Key Sequence Number;
S4, with challenge Key Sequence Number replace current authentication number of times, obtain current challenges key and checking label;
S5, from pseudorandom array s, select p-1 pseudo random number, and mix with current challenges key, to generate inquiry number
Group, and record position in inquiry array for the current challenges key;
S6, inquiry array, filename and file block number are sent to server;
S7, server generate verification sequence label according to inquiry array, filename and file block number, and return to client
End;
S8, client filter to the verification sequence label returning;
The verification label that s9, client obtain after filtering is compared with checking label, to judge whether file is broken
Bad.
In one embodiment, step s2 specifically includes: is calculated according to formula (1) and challenges Key Sequence Number:
I=j*cur mod n (1)
In formula (1), i is challenge Key Sequence Number, and j is the numerical value of random choose from pseudorandom array s, and cur is currently to test
Card number of times, n is checking number of times.
In one embodiment, methods described also includes: random key seed k is generated according to the current time in system, according to
Random key seed k generates n random key { k1、k2、k3……kn}.
In one embodiment, obtain current challenges key in step s4 particularly as follows: according to challenge Key Sequence Number from n with
Secret key { k1、k2、k3……knMiddle acquisition.
In one embodiment, in step s1, the literary composition needing to read is determined according to single authentication credibility c and file size
The computational methods of part block number are: 1- (1-1%)num=c, wherein num are the file block number generating required for checking label, and c is single
Secondary checking credibility.
In one embodiment, obtain checking label in step s4 to comprise the following steps:
Num random site is selected in the range of file size;
From each random site start read length be y byte content t1, t2, t3 ... tnum }, deficiency is then mended
Zero;
The content order being read is connected, becomes sample files t={ t1 | | t2 | | ... | | tnum };
With kiFor key, calculate sample files checking label ri, ri=hmac (t, ki), wherein i is challenge Key Sequence Number;
Y is the size of each blocks of files default.
In one embodiment, in step s9, the verification label obtaining after filtration is the position in verification sequence label
Inquiring about the position identical verification label in array with the current challenges key of record.
A kind of cloud storage data storage checking system of high durability, comprising: client and server;
Wherein client includes: verifies preparation module, verifies initiation module, obscures module, filtering module, checking calibration mode
Block;Obscure module to include challenging Key Sequence Number acquisition module, replacement module, inquiry array generation module and sending module;
Server includes verifying generation module;
Checking preparation module, for the file configuration certificate parameter uploaded onto the server for each and blending parameter, and
For the file block number needing to read is determined according to single authentication credibility c and file size;Wherein, certificate parameter includes: literary composition
The filename of part, file size, checking frequency n, single authentication credibility c;Blending parameter includes: pseudorandom array s, pseudorandom
Array generates key y, degree of aliasing p;
Checking initiation module, for the data storage revene lookup request of receive user, and initiates inquiry request;
Challenge Key Sequence Number acquisition module, for when verifying that initiation module initiates inquiry request, to current authentication number of times
Obscured, obtained challenge Key Sequence Number;
Replacement module, for replacing current authentication number of times with challenge Key Sequence Number, obtains current challenges key and checking mark
Sign;
Inquiry array generation module is for selecting p-1 pseudo random number and close with current challenges from pseudorandom array s
Key mixes, and to generate inquiry array, and records position in inquiry array for the current challenges key;
Sending module, for being sent to server by inquiry array, filename and file block number;
Verification generation module, for generating verification sequence label according to inquiry array, filename and file block number, and returns
To client;
Filtering module, the verification sequence label for returning to verification generation module filters;
Checking correction verification module, verification label and checking label for obtaining after filtering are compared, to judge file
Whether it is destroyed.
In one embodiment, described client also includes verifying maintenance module, for storing certificate parameter and obscuring ginseng
Number, and be used for updating current authentication number of times.
In one embodiment, challenge Key Sequence Number acquisition module calculates according to formula (1) and challenges Key Sequence Number:
I=j*cur mod n (1)
In formula (1), i is challenge Key Sequence Number, and j is the numerical value of random choose from pseudorandom array s, and cur is currently to test
Card number of times, n is checking number of times.
Implement the cloud storage data storage verification method of high durability and the system of the present invention, have the advantages that
Because true challenge parameter is mixed in pseudorandom array, server cannot determine true challenge parameter;When pseudorandom array s foot
When enough big, server cannot determine all possible tally set, and the therefore sustainable reuse of label, until all possible label is equal
Occurred it may be verified that number of times is expanded to by n timeSecondary;Relatively high checking can be obtained with less calculation cost credible
Degree, the challenge of file verification label all comprises truly to challenge parameter and a series of pseudo random number the pseudorandom so that possible every time
Number of labels increases, it is to avoid the correct signature that server by utilizing preserves realizes Replay Attack.
Brief description
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the flow chart of the cloud storage data storage verification method of the high durability of the embodiment of the present invention;
Fig. 2 is the structured flowchart of the cloud storage data storage checking system of the high durability of the embodiment of the present invention;
Fig. 3 is the client and server of the cloud storage data storage checking system of the high durability of the embodiment of the present invention
Interaction schematic diagram.
Specific embodiment
In order to be more clearly understood to the technical characteristic of the present invention, purpose and effect, now comparison accompanying drawing describes in detail
The specific embodiment of the present invention.
Referring to Fig. 1 for the cloud storage data storage verification method of the high durability of the embodiment of the present invention flow chart.
The cloud storage data storage verification method of the high durability of the embodiment of the present invention comprises the following steps:
S1, the file configuration certificate parameter uploaded onto the server for each and blending parameter, and credible according to single authentication
Degree c and file size determine the file block number needing to read.
Wherein, certificate parameter includes: the filename of file, file size, checking frequency n, single authentication credibility c.Mixed
Parameter of confusing includes: pseudorandom array s, pseudorandom array generate key y, degree of aliasing p.
Checking frequency n, single authentication credibility c, the size of pseudorandom array s, degree of aliasing p, pseudorandom array generate close
Key y etc. is set by the user.Pseudorandom array s is to generate key y based on random algorithm and pseudorandom array to generate.
Being determined according to single authentication credibility c and file size needs the file block number reading to comprise the following steps: if literary composition
Part size is x byte (byte), with y byte for a blocks of files, then has x/y blocks of files.Can in order to meet single authentication
The requirement of reliability c, i.e. 1- (1-1%)num=c, wherein num are the file block number generating required for checking label.
S2, the data storage revene lookup request of receive user, and initiate inquiry request.
S3, current authentication number of times is obscured, obtain challenge Key Sequence Number.
Specifically, the cloud storage data storage verification method of the high durability of the embodiment of the present invention also includes: according to system
Current time generates random key seed k, generates n random key { k according to random key seed k1、k2、k3……kn}.
Step s3 specifically includes: is calculated according to formula (1) and challenges Key Sequence Number:
I=j*cur mod n (1)
In formula (1), i is challenge Key Sequence Number, and j is the numerical value of random choose from pseudorandom array s, and cur is currently to test
Card number of times, n is checking number of times.Formula (1) will from pseudorandom array s the numerical value j of random choose and current authentication number of times cur phase
After taking advantage of, then carry out complementation with checking frequency n, the value being calculated is challenges Key Sequence Number i.
S4, with challenge Key Sequence Number (i) replace current authentication number of times (cur), obtain current challenges key and checking label.
Wherein, current challenges key is from n random key { k according to challenge Key Sequence Number1、k2、k3……knMiddle acquisition
's.Current challenges key is ki, i is challenge Key Sequence Number.
The acquisition process of checking label includes: (1) selects num random site in the range of file size.Specifically, may be used
With k1For random key, carry out num random site of file generated of data storage checking for need.(2) from each random order
Put start read length be y byte content t1, t2, t3 ... tnum }, deficiency then zero padding.(3) will be suitable for the content being read
Sequence connects, and becomes sample files t={ t1 | | t2 | | ... | | tnum }.(4) with kiFor key, calculate sample files checking label
ri, i.e. ri=hmac (t, ki), wherein i is challenge Key Sequence Number.Hmac is the related Hash operation message authentication code of key
(hash-based message authentication code), hmac computing utilizes hash algorithm, with a key k and
Individual message m is input, generates an eap-message digest as output, algorithmic formula is expressed as hmac (m, k).The application adopts herein
Hmac computing come to calculate sample files checking label ri, with key kiWith sample files t as input, generate sample files checking
Label ri=hmac (t, ki).
S5, from pseudorandom array s, select p-1 pseudo random number, and mix with current challenges key, to generate inquiry number
Group q, and record position in inquiry array for the current challenges key.
S6, inquiry array q, filename and file block number num are sent to server.
S7, server generate verification sequence label according to inquiry array q, filename and file block number num, and return to visitor
Family end.
Specific:, with q as random key, the file generated num carrying out data storage checking for need is individual random for (1) server
Position.The big I of file obtains from storage server according to filename.Server generates method and the step of num random site
Generation method in rapid s1 is identical.(2) from each random site start read length be y byte content t1, t2,
T3 ... tnum }, deficiency then zero padding.(3) by the content order being read connect, become sample files t=t1 | | t2 |
|……||tnum}.(4) with q [u] as key, calculate sample files verification sequence label ru', i.e. ru'=hmac (t, q [u]),
Wherein u=1,2 ... p.P is degree of aliasing.Verify sequence label ru' comprise p check tag.
S8, client filter to the verification sequence label returning.Specifically, the verification label obtaining after filtration be
Verification sequence label ru' in position and record identical verification label in position in inquiry array q for the current challenges key.
For example, position in inquiry array q for the current challenges key is the 5th, then verify sequence label ru' in the 5th label be
The verification label being filtrated to get.
The verification label that s9, client obtain after filtering is compared with checking label, to judge whether file is broken
Bad.
If verification label is identical with the value of checking label, the file of checking is not destroyed, its depositing in server
Storage is normal;If differing, situations such as the file of checking destroyed, imperfect.
The cloud storage data storage verification method of the high durability of the embodiment of the present invention also includes, and enters the trade in step s6
The renewal of front checking number of times (cur), will add 1 by current authentication number of times cur, and with the increase of checking number of times, cur value increases successively
Long.But in execution step s4, cur value will be replaced by challenge Key Sequence Number i.Additionally, the renewal of cur value also can be in other steps
Carry out (for example in step s3) in rapid, currently test number of times to record.
It should be understood that step s1-s6 in the cloud storage data storage verification method of the high durability of the embodiment of the present invention by
Client executing.
Referring to Fig. 2 for the cloud storage data storage checking system of the high durability of the embodiment of the present invention structured flowchart.Should
System includes client 1 server 2.Wherein client 1 includes: checking preparation module 11, checking maintenance module 12, checking are sent out
Play module 13, obscure module 14, filtering module 15, checking correction verification module 16.Server 2 includes verifying generation module 21.
Checking preparation module 11, for the file configuration certificate parameter uploaded onto the server for each and blending parameter, with
And for according to single authentication credibility c and file size determine the file block number needing to read and for according to system current when
Between generate random key seed k, according to random key seed k generate n random key { k1、k2、k3……kn}.
Certificate parameter includes: the filename of file, file size, checking frequency n, single authentication credibility c.Blending parameter
Including: pseudorandom array s, pseudorandom array generate key y, degree of aliasing p.
Checking frequency n, single authentication credibility c, the size of pseudorandom array s, degree of aliasing p, pseudorandom array generate close
Key y etc. is set by the user.Pseudorandom array s is to generate key y based on random algorithm and pseudorandom array to generate.
Checking preparation module 11 determines according to single authentication credibility c and file size needs the file block number reading concrete
Including: if file size is x byte (byte), with y byte for a blocks of files, then have x/y blocks of files.In order to meet list
The requirement of secondary checking credibility c, i.e. 1- (1-1%)num=c, wherein num are the file block number generating required for checking label.
Checking maintenance module 12, for storing certificate parameter and blending parameter, and is used for updating current authentication number of times.Test
The card renewal to current authentication number of times (cur) for the maintenance module 12, will add 1 by current authentication number of times cur, with the increasing of checking number of times
Plus, cur value increases successively.
Checking initiation module 13, for the data storage revene lookup request of receive user, and initiates inquiry request.
Obscure module 14 to include challenging Key Sequence Number acquisition module 141, replacement module 142, inquiry array generation module 143
With sending module 144.
Wherein, challenge Key Sequence Number acquisition module 141, for verify initiation module 13 initiate inquiry request when, to work as
Front checking number of times is obscured, and obtains challenge Key Sequence Number.Specifically, challenge Key Sequence Number is calculated according to above-mentioned formula (1).
Replacement module 142, for replacing current authentication number of times (cur) with challenge Key Sequence Number (i), obtains current challenges close
Key and checking label.Current challenges key is from n random key { k according to challenge Key Sequence Number1、k2、k3……knMiddle acquisition
's.Current challenges key is ki, i is challenge Key Sequence Number.
The acquisition process of checking label includes: (1) selects num random site in the range of file size.Specifically, may be used
With k1For random key, carry out num random site of file generated of data storage checking for need.(2) from each random order
Put start read length be y byte content t1, t2, t3 ... tnum }, deficiency then zero padding.(3) will be suitable for the content being read
Sequence connects, and becomes sample files t={ t1 | | t2 | | ... | | tnum }.(4) with kiFor key, calculate sample files checking label
ri, i.e. ri=hmac (t, ki), wherein i is challenge Key Sequence Number.
Inquiry array generation module 143, for selecting p-1 pseudo random number from pseudorandom array s, and and current challenges
Key mixes, and to generate inquiry array q, and records position in inquiry array q for the current challenges key.
Sending module 144, for being sent to server by inquiry array q, filename and file block number num.
Verification generation module 21, for verification sequence label is generated according to inquiry array q, filename and file block number num,
And return to client.Specific: (1) with q as random key, for need carry out the file generated num of data storage checking with
Seat in the plane is put.The big I of file obtains from storage server according to filename.Server generate num random site method and
The method that client generates num is identical.(2) from each random site start read length be y byte content t1, t2,
T3 ... tnum }, deficiency then zero padding.(3) by the content order being read connect, become sample files t=t1 | | t2 |
|……||tnum}.(4) with q [u] as key, calculate sample files verification sequence label ru', i.e. ru'=hmac (t, q [u]),
Wherein u=1,2 ... p.P is degree of aliasing.Verify sequence label ru' comprise p check tag.
Filtering module 15, the verification sequence label for returning to verification generation module 21 filters.Specifically, filter
The verification label obtaining afterwards is in verification sequence label ru' in position with record current challenges key inquiry array q in
Position identical verification label.
Checking correction verification module 16, verification label and checking label for obtaining after filtering are compared, to judge literary composition
Whether part is destroyed.If verification label is identical with the value of checking label, the file of checking is not destroyed, and it is in server
Storage normal;If differing, situations such as the file of checking destroyed, imperfect.
Cloud storage data below in conjunction with the high durability to the embodiments of the present invention for Fig. 3 and specific example is deposited
Storage checking system is described in detail:
Checking preparation module 11 sets the entitled file1 of file to untrusted server up transfer file for the user, file size
For 100mb, verify that frequency n is 1000 times, single authentication credibility is 0.9 for c, degree of aliasing p is 4, the size of pseudorandom array s
For 10000, pseudorandom array generates key y=9387862494432, the random key seed being generated according to the current time in system
K=1285572979437, generates n random key { k according to random key seed k1、k2、k3……kn}.
Checking preparation module 11 determines, according to single authentication credibility 0.9 and file size 100mb, the file needing to read
Block number.Specifically, file size is 104857600 bytes (byte) (100mb), with 16 bytes for a blocks of files, then has
7864320 blocks of files.In order to meet the requirement of single authentication credibility 0.9, i.e. 1- (1-1%)num=0.9, then num=
229.
Checking maintenance module 12, according to the storage request of checking preparation module 11, stores to the parameter of above-mentioned setting.
When user initiates the request of data storage revene lookup by client, the number of checking initiation module 13 receive user
According to storage revene lookup request, and initiate inquiry request after checking preparation module 11 obtains relevant parameter.Challenge Key Sequence Number
Acquisition module 141 is obscured to current authentication number of times cur, obtains challenge Key Sequence Number.Specifically, challenge Key Sequence Number i=
J*cur mod n, wherein, j=s [207], generate key k and 207 generation using pseudorandom array, be worth for 8736;Current authentication
Number of times cur=1, n=1000, thus obtain i=736.Replacement module 142 replaces cur with i=736, and continues former request, obtains
Take current challenges key and checking label.The current challenges key getting is k736.
The acquisition process that replacement module 142 obtains checking label is: with k1For random key, carry out data storage for need and test
229 random sites of file generated of card;And from each random site start read length be 16 bytes content t1, t2,
T3 ... t229 }, deficiency then zero padding;By the content order being read connect, become sample files t=t1 | | t2 | | ... | |
t229};With k736For key, calculate sample files checking label r736, i.e. r736=hmac (t, k736).
Inquiry array generation module 143 selects the individual pseudo random number of 3 (p-1) from pseudorandom array s, and close with current challenges
Key mixes, to generate inquiry array q.For example, 3 pseudo random numbers selected are respectively s [94], s [385] and s [787].Profit
Generate key k and sequence number (94,385,787) with pseudorandom array to generate, then 3 pseudo random numbers be respectively 3489825427445,
2654478345628、7674398282265.k736For 85735279849542.
Inquiring about array generation module 143 by inquiry array q obtaining after 3 pseudo random numbers and the mixing of current challenges key is
{s[94]、s[385]、k736, s [787], current challenges key k736Position in q is 3.
Sending module 144 will be inquired about array q, filename (name) and file block number num and be sent to server.
The verification generation module 21 of server 2 generates verification label according to inquiry array q, filename and file block number num
Sequence, and return to client.Specific: (1), with q as random key, carries out the file generated num of data storage checking for need
(229) individual random site;(2) from each random site start read length be y byte content t1, t2, t3 ...
T229 }, deficiency then zero padding;The content order being read is connected, becomes sample files t={ t1 | | t2 | | ... | | t229 };
(3) with q [u] as key, calculate sample files verification sequence label ru', i.e. ru'=hmac (t, q [u]), wherein u=1,
2、……4.
The filtering module 15 of client 1 filters to the verification sequence label returning.
The check tag that the checking correction verification module 16 of client 1 obtains after filtering is drilled with proof list and is compared to judge
Whether file is destroyed.Specific filtering module 15 gets the checking label r that verification sequence label middle position is set to 33’.Checking
The verification label r that correction verification module 16 obtains after filtering3' and checking label r736It is compared, to judge whether file is broken
Bad.If verification label r3' and checking label r736Value identical, then the file of checking is not destroyed, its depositing in server
Storage is normal;If differing, situations such as the file of checking destroyed, imperfect.
In the cloud storage data storage checking system of the high durability of the embodiment of the present invention, checking maintenance module 12 plays
The effect such as storage and the renewal of current authentication number of times.Additionally, the system of the embodiment of the present invention may also comprise a memory module, it is used for
Store the checking label of each file, when verifying that maintenance module 12 initiates storage checking tag queries maintenance request, store mould
Block returns corresponding file verification label or safeguards result.
It should be understood that in embodiments of the invention, the determination of file block number also can be calculated by replacement module 142, or in step
Calculated in rapid s4, the application is not restricted to this.
The cloud storage data storage verification method of the high durability of the embodiment of the present invention and system, can make file verification mark
Label can be recycled: because true challenge parameter is mixed in pseudorandom array, server cannot determine true challenge parameter.When
When pseudorandom array s is sufficiently large, server cannot determine all possible tally set, the therefore sustainable reuse of label, Zhi Daosuo
Possible label all occurred it may be verified that number of times is expanded to by n timeSecondary.If this is because, there is no step s3 and s5
Obscure and mixed process, challenge through n order, server can be appreciated that all of challenge parameter and label.Pseudo- when introducing
After random array s, in server, all number of tags challenged are changed into | s |+n, and checking every time only consumes p label,
Therefore, whenAfter secondary challenge, server could obtain all of challenge key and label.Thus, checking number of times is expanded by n time
Arrive greatlySecondary.
Thus, in the above example, by the cloud storage data storage verification method of the high durability of the embodiment of the present invention
The checking label allowing to is 10000+1000 it may be verified that at least 11000/p=11000/4=2750 time.And using existing
The method having technology, 1000 labels can only be supported to verify 1000 times.The cloud storage data of the high durability of the embodiment of the present invention
Storage verification method increased checking label reusability.
The cloud storage data storage verification method of the high durability of the embodiment of the present invention and system can be in files passe to non-
Before believable server (for example, cloud storage service device), the secret held according to user and other specification are given birth to for file in advance
Become checking label, and generate a series of pseudorandom arrays, preserve simultaneously and safeguard all of parameter;When verifying file, user
Also from pseudorandom array, except specifying real challenge parameter, select the disturbance parameter of some, these parameters are mixed
Together, initiate challenge to server;Server regenerates multiple verification labels according to all parameters, and user only needs checking true
Just challenging the corresponding label of parameter, you can judge file statuss.The method and system of the embodiment of the present invention can be with less calculating
Cost obtains relatively high checking credibility, and the challenge of file verification label all comprises truly to challenge parameter and a series of puppet every time
Random number is so that possible pseudorandom number of labels increases, it is to avoid the correct signature that server by utilizing preserves realizes Replay Attack
Probability.
In flow chart or in an embodiment of the present invention any process described otherwise above or method description can be by
It is interpreted as, represent the code of the executable instruction including one or more steps for realizing specific logical function or process
Module, fragment or part, and the scope of embodiment of the present invention includes other realization, wherein can not press shown or
Discuss order, including according to involved function by substantially simultaneously in the way of or in the opposite order, carry out perform function, this should
Described in embodiments of the invention, those skilled in the art understand.
Above in conjunction with accompanying drawing, embodiments of the invention are described, but the invention is not limited in above-mentioned concrete
Embodiment, above-mentioned specific embodiment is only schematically, rather than restricted, those of ordinary skill in the art
Under the enlightenment of the present invention, in the case of without departing from present inventive concept and scope of the claimed protection, also can make a lot
Form, these belong within the protection of the present invention.
Claims (10)
1. a kind of cloud storage data storage verification method of high durability is it is characterised in that comprise the following steps:
S1, the file configuration certificate parameter uploaded onto the server for each and blending parameter, and according to single authentication credibility c and
File size determines the file block number needing to read;
Wherein, certificate parameter includes: the filename of file, file size, checking frequency n, single authentication credibility c;Obscure ginseng
Number includes: pseudorandom array s, pseudorandom array generate key y, degree of aliasing p;
S2, the data storage revene lookup request of receive user, and initiate inquiry request;
S3, current authentication number of times is obscured, obtain challenge Key Sequence Number;
S4, with challenge Key Sequence Number replace current authentication number of times, obtain current challenges key and checking label;
S5, from pseudorandom array s, select p-1 pseudo random number, and mix with current challenges key, to generate inquiry array,
And record position in inquiry array for the current challenges key;
S6, inquiry array, filename and file block number are sent to server;
S7, server generate verification sequence label according to inquiry array, filename and file block number, and return to client;
S8, client filter to the verification sequence label returning;
The verification label that s9, client obtain after filtering is compared with checking label, to judge whether file is destroyed.
2. the cloud storage data storage verification method of high durability according to claim 1 is it is characterised in that step s2 has
Body includes: is calculated according to formula (1) and challenges Key Sequence Number:
I=j*cur mod n (1)
In formula (1), i is challenge Key Sequence Number, and j is the numerical value of random choose from pseudorandom array s, and cur is current authentication
Number, n is checking number of times.
3. the high durability according to any one of claim 1-2 cloud storage data storage verification method it is characterised in that
Methods described also includes: generates random key seed k according to the current time in system, generates n at random according to random key seed k
Key { k1、k2、k3……kn}.
4. the cloud storage data storage verification method of high durability according to claim 3 is it is characterised in that in step s4
Obtain current challenges key particularly as follows: according to challenge Key Sequence Number from n random key { k1、k2、k3……knMiddle acquisition.
5. the cloud storage data storage verification method of high durability according to claim 3 is it is characterised in that in step s1
Determine that the computational methods of the file block number needing to read are according to single authentication credibility c and file size: 1-(1-1%)num=c,
Wherein num is the file block number generating required for checking label, and c is single authentication credibility.
6. the cloud storage data storage verification method of high durability according to claim 5 is it is characterised in that in step s4
Obtain checking label to comprise the following steps:
Num random site is selected in the range of file size;
From each random site start read length be y byte content t1, t2, t3 ... tnum }, deficiency then zero padding;
The content order being read is connected, becomes sample files t={ t1 | | t2 | | ... | | tnum };
With kiFor key, calculate sample files checking label ri, ri=hmac(t, ki), wherein i is challenge Key Sequence Number;
Y is the size of each blocks of files default.
7. the cloud storage data storage verification method of high durability according to claim 1 is it is characterised in that step s9
In, array is being inquired about with the current challenges key recording in the position that label is in verification sequence label that verifies obtaining after filtration
In position identical verification label.
8. a kind of cloud storage data storage checking system of high durability is it is characterised in that include: client (1) server
(2);
Wherein client (1) includes: verifies preparation module (11), checking initiation module (13), obscures module (14), filtering module
(15), checking correction verification module (16);Obscure module (14) and include challenge Key Sequence Number acquisition module (141), replacement module
(142), inquiry array generation module (143) and sending module (144);
Server (2) includes verification generation module (21);
Checking preparation module (11), for the file configuration certificate parameter uploaded onto the server for each and blending parameter, and
For the file block number needing to read is determined according to single authentication credibility c and file size;Wherein, certificate parameter includes: literary composition
The filename of part, file size, checking frequency n, single authentication credibility c;Blending parameter includes: pseudorandom array s, pseudorandom
Array generates key y, degree of aliasing p;
Checking initiation module (13), for the data storage revene lookup request of receive user, and initiates inquiry request;
Challenge Key Sequence Number acquisition module (141), for when verifying that initiation module (13) initiates inquiry request, to current authentication
Number of times is obscured, and obtains challenge Key Sequence Number;
Replacement module (142), for replacing current authentication number of times with challenge Key Sequence Number, obtains current challenges key and checking mark
Sign;
Inquiry array generation module (143) is for selecting p-1 pseudo random number and close with current challenges from pseudorandom array s
Key mixes, and to generate inquiry array, and records position in inquiry array for the current challenges key;
Sending module (144), for being sent to server by inquiry array, filename and file block number;
Verification generation module (21), for generating verification sequence label according to inquiry array, filename and file block number, and returns
To client;
Filtering module (15), the verification sequence label for returning to verification generation module (21) filters;
Checking correction verification module (16), verification label and checking label for obtaining after filtering are compared, to judge file
Whether it is destroyed.
9. the cloud storage data storage checking system of high durability according to claim 8 is it is characterised in that described client
End also includes verifying maintenance module (12), for storing certificate parameter and blending parameter, and is used for updating current authentication number of times.
10. the cloud storage data storage checking system of the high durability described in -9 any one according to Claim 8, its feature exists
In challenge Key Sequence Number acquisition module (141) calculates according to formula (1) and challenges Key Sequence Number:
I=j*cur mod n (1)
In formula (1), i is challenge Key Sequence Number, and j is the numerical value of random choose from pseudorandom array s, and cur is current authentication
Number, n is checking number of times.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410054969.7A CN103944874B (en) | 2014-02-18 | 2014-02-18 | Highly reusable cloud storage data storage verification method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410054969.7A CN103944874B (en) | 2014-02-18 | 2014-02-18 | Highly reusable cloud storage data storage verification method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103944874A CN103944874A (en) | 2014-07-23 |
CN103944874B true CN103944874B (en) | 2017-01-25 |
Family
ID=51192358
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410054969.7A Active CN103944874B (en) | 2014-02-18 | 2014-02-18 | Highly reusable cloud storage data storage verification method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103944874B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106161523B (en) * | 2015-04-02 | 2019-11-22 | 腾讯科技(深圳)有限公司 | A kind of data processing method and equipment |
CN104811300B (en) * | 2015-04-22 | 2017-11-17 | 电子科技大学 | The key updating method of cloud storage and the implementation method of cloud data accountability system |
CN106612274A (en) * | 2016-07-25 | 2017-05-03 | 四川用联信息技术有限公司 | Homogeneity-based shared data verification algorithm in cloud computing |
CN108737438B (en) * | 2018-06-02 | 2022-02-11 | 桂林电子科技大学 | Identity authentication method for anti-riot database |
CN114584328B (en) * | 2022-05-09 | 2022-08-02 | 武汉四通信息服务有限公司 | API interface access method, computer device and computer storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008105937A2 (en) * | 2006-09-28 | 2008-09-04 | Microsoft Corporation | Rights management in a cloud |
CN102045356A (en) * | 2010-12-14 | 2011-05-04 | 中国科学院软件研究所 | Cloud-storage-oriented trusted storage verification method and system |
CN102611749A (en) * | 2012-01-12 | 2012-07-25 | 电子科技大学 | Cloud-storage data safety auditing method |
CN103425941A (en) * | 2013-07-31 | 2013-12-04 | 广东数字证书认证中心有限公司 | Cloud storage data integrity verification method, equipment and server |
-
2014
- 2014-02-18 CN CN201410054969.7A patent/CN103944874B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008105937A2 (en) * | 2006-09-28 | 2008-09-04 | Microsoft Corporation | Rights management in a cloud |
CN102045356A (en) * | 2010-12-14 | 2011-05-04 | 中国科学院软件研究所 | Cloud-storage-oriented trusted storage verification method and system |
CN102611749A (en) * | 2012-01-12 | 2012-07-25 | 电子科技大学 | Cloud-storage data safety auditing method |
CN103425941A (en) * | 2013-07-31 | 2013-12-04 | 广东数字证书认证中心有限公司 | Cloud storage data integrity verification method, equipment and server |
Also Published As
Publication number | Publication date |
---|---|
CN103944874A (en) | 2014-07-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103944874B (en) | Highly reusable cloud storage data storage verification method and system | |
US11849023B2 (en) | Verifiable redactable audit log | |
CN107295002B (en) | Cloud data storage method and server | |
CN109508984B (en) | Block chain electronic evidence storing method based on deterministic consensus and trusted timestamp | |
CN110022298B (en) | Evidence verification method and device based on block chain and electronic equipment | |
CN102045356B (en) | Cloud-storage-oriented trusted storage verification method and system | |
CN102170440B (en) | Method suitable for safely migrating data between storage clouds | |
CN102648471B (en) | System and method for hardware based security | |
CN110069921A (en) | A kind of trusted software authority checking system and method towards container platform | |
CN110582775A (en) | Method for managing file based on block chain by using UTXO basic protocol and file management server using the same | |
CN110138733A (en) | Object storage system based on block chain is credible to deposit card and access right control method | |
CN114372296B (en) | Block chain-based user behavior data auditing method and system | |
CN111444257A (en) | Block chain-based electronic evidence storage method and system | |
Leontiadis et al. | Secure storage with replication and transparent deduplication | |
CN115208628B (en) | Data integrity verification method based on block chain | |
CN103595696A (en) | Method and device for file ownership certification | |
CN106611134A (en) | Cloud data integrity verification method | |
Zou et al. | Dynamic provable data possession based on ranked Merkle hash tree | |
Burns et al. | Verifiable audit trails for a versioning file system | |
EP4285263A1 (en) | Blockchain-based data management of distributed binary objects | |
CN114117516A (en) | Authentication method for experimental data of water-cooled magnet | |
CN113139209A (en) | Verifiable credential implementation method and system based on atomic signature | |
CN114462998A (en) | Log tamper-proofing method, system and storage medium | |
CN113961149B (en) | Polymorphic data storage system and method for electric power information system | |
CN114095174B (en) | Block chain-based industrial statistical data acquisition and storage method, device and equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |