CN103944874B - Highly reusable cloud storage data storage verification method and system - Google Patents

Highly reusable cloud storage data storage verification method and system Download PDF

Info

Publication number
CN103944874B
CN103944874B CN201410054969.7A CN201410054969A CN103944874B CN 103944874 B CN103944874 B CN 103944874B CN 201410054969 A CN201410054969 A CN 201410054969A CN 103944874 B CN103944874 B CN 103944874B
Authority
CN
China
Prior art keywords
verification
checking
key
label
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410054969.7A
Other languages
Chinese (zh)
Other versions
CN103944874A (en
Inventor
陈开渠
付艳艳
张敏
李�昊
洪澄
冯登国
王蓉
庞妍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NATIONAL SUPERCOMPUTING CENTER IN SHENZHEN
Institute of Software of CAS
Original Assignee
NATIONAL SUPERCOMPUTING CENTER IN SHENZHEN
Institute of Software of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NATIONAL SUPERCOMPUTING CENTER IN SHENZHEN, Institute of Software of CAS filed Critical NATIONAL SUPERCOMPUTING CENTER IN SHENZHEN
Priority to CN201410054969.7A priority Critical patent/CN103944874B/en
Publication of CN103944874A publication Critical patent/CN103944874A/en
Application granted granted Critical
Publication of CN103944874B publication Critical patent/CN103944874B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a highly reusable cloud storage data storage verification method and system. The method includes: receiving a data storage verification query request of a user; confusing a current verification time and obtaining a challenge key sequence number; replacing the current verification time with the challenge key sequence number and obtaining a current challenge key and verification label; selecting P-1 pseudo-random numbers from a pseudo-random number group and mixing the pseudo-random numbers with the current challenge key so as to form a query number group; a server generating a verification label sequence and returning the verification label sequence to a client; and the client filtering the verification label sequence and comparing a filtered verification label with the verification label so as to judge whether a file is destroyed. The beneficial effects of the highly reusable cloud storage data storage verification method and system are capable of obtaining a comparatively high verification credibility at a comparatively small computing cost; and challenges of the file verification label include a real challenge parameter and a series of pseudo-random numbers at each time so that the number of possible pseudo-random labels is increased significantly and thus it is prevented that the user uses a saved correct signature to realize replay attacks.

Description

The cloud storage data storage verification method of high durability and system
Technical field
A kind of the present invention relates to computer realm, more particularly, it relates to the cloud storage data storage checking of high durability Method and system.
Background technology
Because cloud storage system can provide the magnanimity of resilient expansion on demand with cheap price for enterprises and individuals user Data storage management service, saves the cost that user carries out special maintenance and management to document storage system, thus is subject to city The welcome of field.
But, cloud storage, while bringing advantage to the user, also brings new challenge and threat to data protection.By In data storage beyond the clouds, depart from user and control scope, user cannot carry out real-time monitoring and management to data.If cloud storage In data and file because assault, manager's maloperation, malicious act etc. are tampered or damage, user relies only on Cloud storage system come to find these change.
Because cloud storage system needs the data volume of inspection huge it is difficult to find the change of data, therefore, cloud storage in time System is simultaneously not exclusively credible.And in some cases, for from the aspect of other, cloud service provider be not notified that user this A little changes.Therefore, user needs a kind of credible means and the data mode being saved in cloud storage is verified, thus in time Reply data fault.
At present, the data storage verification method of cloud storage system is mostly based on metadata verification.User is in files passe Generate corresponding metadata for each blocks of files, to detect literary composition in the corresponding relation initiating verification metadata and blocks of files content Whether part is intact.But, such method is realized being mostly based on the signature algorithm of complexity, and the computing capability of client is required relatively Height, and the metadata when uploading calculates the time and increases with the growth of file.Another method is by being use in advance Family prepares the integrity verification label of certain number of times, when user needs checking, challenge parameter is sent to server, server Regenerate a corresponding checking label, client is by comparing whether label unanimously judges whether file is complete.This kind of The usual difficulty in computation of method is low, and simple hash algorithm can meet demand, uploads time short.But, due to client Only prepare the checking label of quantification, once label is used up it is possible to meet with the Replay Attack of server, and cannot continue Continuous checking file statuss.
Cloud storage system lacks a kind of data storage verification method being applied to lightweight client.
Content of the invention
The technical problem to be solved in the present invention is, once the above-mentioned data storage verification method label for prior art Use up, the Replay Attack of server may be met with, and cannot continue to verify the defect of file statuss, a kind of high durability is provided Cloud storage data storage verification method and system, realize verifying the multiplexing of label in proof procedure, increase the available of checking label Property.
The technical solution adopted for the present invention to solve the technical problems is: constructs a kind of cloud storage data of high durability and deposits Storage verification method, comprises the following steps:
S1, the file configuration certificate parameter uploaded onto the server for each and blending parameter, and credible according to single authentication Degree c and file size determine the file block number needing to read;
Wherein, certificate parameter includes: the filename of file, file size, checking frequency n, single authentication credibility c;Mixed Parameter of confusing includes: pseudorandom array s, pseudorandom array generate key y, degree of aliasing p;
S2, the data storage revene lookup request of receive user, and initiate inquiry request;
S3, current authentication number of times is obscured, obtain challenge Key Sequence Number;
S4, with challenge Key Sequence Number replace current authentication number of times, obtain current challenges key and checking label;
S5, from pseudorandom array s, select p-1 pseudo random number, and mix with current challenges key, to generate inquiry number Group, and record position in inquiry array for the current challenges key;
S6, inquiry array, filename and file block number are sent to server;
S7, server generate verification sequence label according to inquiry array, filename and file block number, and return to client End;
S8, client filter to the verification sequence label returning;
The verification label that s9, client obtain after filtering is compared with checking label, to judge whether file is broken Bad.
In one embodiment, step s2 specifically includes: is calculated according to formula (1) and challenges Key Sequence Number:
I=j*cur mod n (1)
In formula (1), i is challenge Key Sequence Number, and j is the numerical value of random choose from pseudorandom array s, and cur is currently to test Card number of times, n is checking number of times.
In one embodiment, methods described also includes: random key seed k is generated according to the current time in system, according to Random key seed k generates n random key { k1、k2、k3……kn}.
In one embodiment, obtain current challenges key in step s4 particularly as follows: according to challenge Key Sequence Number from n with Secret key { k1、k2、k3……knMiddle acquisition.
In one embodiment, in step s1, the literary composition needing to read is determined according to single authentication credibility c and file size The computational methods of part block number are: 1- (1-1%)num=c, wherein num are the file block number generating required for checking label, and c is single Secondary checking credibility.
In one embodiment, obtain checking label in step s4 to comprise the following steps:
Num random site is selected in the range of file size;
From each random site start read length be y byte content t1, t2, t3 ... tnum }, deficiency is then mended Zero;
The content order being read is connected, becomes sample files t={ t1 | | t2 | | ... | | tnum };
With kiFor key, calculate sample files checking label ri, ri=hmac (t, ki), wherein i is challenge Key Sequence Number;
Y is the size of each blocks of files default.
In one embodiment, in step s9, the verification label obtaining after filtration is the position in verification sequence label Inquiring about the position identical verification label in array with the current challenges key of record.
A kind of cloud storage data storage checking system of high durability, comprising: client and server;
Wherein client includes: verifies preparation module, verifies initiation module, obscures module, filtering module, checking calibration mode Block;Obscure module to include challenging Key Sequence Number acquisition module, replacement module, inquiry array generation module and sending module;
Server includes verifying generation module;
Checking preparation module, for the file configuration certificate parameter uploaded onto the server for each and blending parameter, and For the file block number needing to read is determined according to single authentication credibility c and file size;Wherein, certificate parameter includes: literary composition The filename of part, file size, checking frequency n, single authentication credibility c;Blending parameter includes: pseudorandom array s, pseudorandom Array generates key y, degree of aliasing p;
Checking initiation module, for the data storage revene lookup request of receive user, and initiates inquiry request;
Challenge Key Sequence Number acquisition module, for when verifying that initiation module initiates inquiry request, to current authentication number of times Obscured, obtained challenge Key Sequence Number;
Replacement module, for replacing current authentication number of times with challenge Key Sequence Number, obtains current challenges key and checking mark Sign;
Inquiry array generation module is for selecting p-1 pseudo random number and close with current challenges from pseudorandom array s Key mixes, and to generate inquiry array, and records position in inquiry array for the current challenges key;
Sending module, for being sent to server by inquiry array, filename and file block number;
Verification generation module, for generating verification sequence label according to inquiry array, filename and file block number, and returns To client;
Filtering module, the verification sequence label for returning to verification generation module filters;
Checking correction verification module, verification label and checking label for obtaining after filtering are compared, to judge file Whether it is destroyed.
In one embodiment, described client also includes verifying maintenance module, for storing certificate parameter and obscuring ginseng Number, and be used for updating current authentication number of times.
In one embodiment, challenge Key Sequence Number acquisition module calculates according to formula (1) and challenges Key Sequence Number:
I=j*cur mod n (1)
In formula (1), i is challenge Key Sequence Number, and j is the numerical value of random choose from pseudorandom array s, and cur is currently to test Card number of times, n is checking number of times.
Implement the cloud storage data storage verification method of high durability and the system of the present invention, have the advantages that Because true challenge parameter is mixed in pseudorandom array, server cannot determine true challenge parameter;When pseudorandom array s foot When enough big, server cannot determine all possible tally set, and the therefore sustainable reuse of label, until all possible label is equal Occurred it may be verified that number of times is expanded to by n timeSecondary;Relatively high checking can be obtained with less calculation cost credible Degree, the challenge of file verification label all comprises truly to challenge parameter and a series of pseudo random number the pseudorandom so that possible every time Number of labels increases, it is to avoid the correct signature that server by utilizing preserves realizes Replay Attack.
Brief description
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the flow chart of the cloud storage data storage verification method of the high durability of the embodiment of the present invention;
Fig. 2 is the structured flowchart of the cloud storage data storage checking system of the high durability of the embodiment of the present invention;
Fig. 3 is the client and server of the cloud storage data storage checking system of the high durability of the embodiment of the present invention Interaction schematic diagram.
Specific embodiment
In order to be more clearly understood to the technical characteristic of the present invention, purpose and effect, now comparison accompanying drawing describes in detail The specific embodiment of the present invention.
Referring to Fig. 1 for the cloud storage data storage verification method of the high durability of the embodiment of the present invention flow chart.
The cloud storage data storage verification method of the high durability of the embodiment of the present invention comprises the following steps:
S1, the file configuration certificate parameter uploaded onto the server for each and blending parameter, and credible according to single authentication Degree c and file size determine the file block number needing to read.
Wherein, certificate parameter includes: the filename of file, file size, checking frequency n, single authentication credibility c.Mixed Parameter of confusing includes: pseudorandom array s, pseudorandom array generate key y, degree of aliasing p.
Checking frequency n, single authentication credibility c, the size of pseudorandom array s, degree of aliasing p, pseudorandom array generate close Key y etc. is set by the user.Pseudorandom array s is to generate key y based on random algorithm and pseudorandom array to generate.
Being determined according to single authentication credibility c and file size needs the file block number reading to comprise the following steps: if literary composition Part size is x byte (byte), with y byte for a blocks of files, then has x/y blocks of files.Can in order to meet single authentication The requirement of reliability c, i.e. 1- (1-1%)num=c, wherein num are the file block number generating required for checking label.
S2, the data storage revene lookup request of receive user, and initiate inquiry request.
S3, current authentication number of times is obscured, obtain challenge Key Sequence Number.
Specifically, the cloud storage data storage verification method of the high durability of the embodiment of the present invention also includes: according to system Current time generates random key seed k, generates n random key { k according to random key seed k1、k2、k3……kn}.
Step s3 specifically includes: is calculated according to formula (1) and challenges Key Sequence Number:
I=j*cur mod n (1)
In formula (1), i is challenge Key Sequence Number, and j is the numerical value of random choose from pseudorandom array s, and cur is currently to test Card number of times, n is checking number of times.Formula (1) will from pseudorandom array s the numerical value j of random choose and current authentication number of times cur phase After taking advantage of, then carry out complementation with checking frequency n, the value being calculated is challenges Key Sequence Number i.
S4, with challenge Key Sequence Number (i) replace current authentication number of times (cur), obtain current challenges key and checking label.
Wherein, current challenges key is from n random key { k according to challenge Key Sequence Number1、k2、k3……knMiddle acquisition 's.Current challenges key is ki, i is challenge Key Sequence Number.
The acquisition process of checking label includes: (1) selects num random site in the range of file size.Specifically, may be used With k1For random key, carry out num random site of file generated of data storage checking for need.(2) from each random order Put start read length be y byte content t1, t2, t3 ... tnum }, deficiency then zero padding.(3) will be suitable for the content being read Sequence connects, and becomes sample files t={ t1 | | t2 | | ... | | tnum }.(4) with kiFor key, calculate sample files checking label ri, i.e. ri=hmac (t, ki), wherein i is challenge Key Sequence Number.Hmac is the related Hash operation message authentication code of key (hash-based message authentication code), hmac computing utilizes hash algorithm, with a key k and Individual message m is input, generates an eap-message digest as output, algorithmic formula is expressed as hmac (m, k).The application adopts herein Hmac computing come to calculate sample files checking label ri, with key kiWith sample files t as input, generate sample files checking Label ri=hmac (t, ki).
S5, from pseudorandom array s, select p-1 pseudo random number, and mix with current challenges key, to generate inquiry number Group q, and record position in inquiry array for the current challenges key.
S6, inquiry array q, filename and file block number num are sent to server.
S7, server generate verification sequence label according to inquiry array q, filename and file block number num, and return to visitor Family end.
Specific:, with q as random key, the file generated num carrying out data storage checking for need is individual random for (1) server Position.The big I of file obtains from storage server according to filename.Server generates method and the step of num random site Generation method in rapid s1 is identical.(2) from each random site start read length be y byte content t1, t2, T3 ... tnum }, deficiency then zero padding.(3) by the content order being read connect, become sample files t=t1 | | t2 | |……||tnum}.(4) with q [u] as key, calculate sample files verification sequence label ru', i.e. ru'=hmac (t, q [u]), Wherein u=1,2 ... p.P is degree of aliasing.Verify sequence label ru' comprise p check tag.
S8, client filter to the verification sequence label returning.Specifically, the verification label obtaining after filtration be Verification sequence label ru' in position and record identical verification label in position in inquiry array q for the current challenges key. For example, position in inquiry array q for the current challenges key is the 5th, then verify sequence label ru' in the 5th label be The verification label being filtrated to get.
The verification label that s9, client obtain after filtering is compared with checking label, to judge whether file is broken Bad.
If verification label is identical with the value of checking label, the file of checking is not destroyed, its depositing in server Storage is normal;If differing, situations such as the file of checking destroyed, imperfect.
The cloud storage data storage verification method of the high durability of the embodiment of the present invention also includes, and enters the trade in step s6 The renewal of front checking number of times (cur), will add 1 by current authentication number of times cur, and with the increase of checking number of times, cur value increases successively Long.But in execution step s4, cur value will be replaced by challenge Key Sequence Number i.Additionally, the renewal of cur value also can be in other steps Carry out (for example in step s3) in rapid, currently test number of times to record.
It should be understood that step s1-s6 in the cloud storage data storage verification method of the high durability of the embodiment of the present invention by Client executing.
Referring to Fig. 2 for the cloud storage data storage checking system of the high durability of the embodiment of the present invention structured flowchart.Should System includes client 1 server 2.Wherein client 1 includes: checking preparation module 11, checking maintenance module 12, checking are sent out Play module 13, obscure module 14, filtering module 15, checking correction verification module 16.Server 2 includes verifying generation module 21.
Checking preparation module 11, for the file configuration certificate parameter uploaded onto the server for each and blending parameter, with And for according to single authentication credibility c and file size determine the file block number needing to read and for according to system current when Between generate random key seed k, according to random key seed k generate n random key { k1、k2、k3……kn}.
Certificate parameter includes: the filename of file, file size, checking frequency n, single authentication credibility c.Blending parameter Including: pseudorandom array s, pseudorandom array generate key y, degree of aliasing p.
Checking frequency n, single authentication credibility c, the size of pseudorandom array s, degree of aliasing p, pseudorandom array generate close Key y etc. is set by the user.Pseudorandom array s is to generate key y based on random algorithm and pseudorandom array to generate.
Checking preparation module 11 determines according to single authentication credibility c and file size needs the file block number reading concrete Including: if file size is x byte (byte), with y byte for a blocks of files, then have x/y blocks of files.In order to meet list The requirement of secondary checking credibility c, i.e. 1- (1-1%)num=c, wherein num are the file block number generating required for checking label.
Checking maintenance module 12, for storing certificate parameter and blending parameter, and is used for updating current authentication number of times.Test The card renewal to current authentication number of times (cur) for the maintenance module 12, will add 1 by current authentication number of times cur, with the increasing of checking number of times Plus, cur value increases successively.
Checking initiation module 13, for the data storage revene lookup request of receive user, and initiates inquiry request.
Obscure module 14 to include challenging Key Sequence Number acquisition module 141, replacement module 142, inquiry array generation module 143 With sending module 144.
Wherein, challenge Key Sequence Number acquisition module 141, for verify initiation module 13 initiate inquiry request when, to work as Front checking number of times is obscured, and obtains challenge Key Sequence Number.Specifically, challenge Key Sequence Number is calculated according to above-mentioned formula (1).
Replacement module 142, for replacing current authentication number of times (cur) with challenge Key Sequence Number (i), obtains current challenges close Key and checking label.Current challenges key is from n random key { k according to challenge Key Sequence Number1、k2、k3……knMiddle acquisition 's.Current challenges key is ki, i is challenge Key Sequence Number.
The acquisition process of checking label includes: (1) selects num random site in the range of file size.Specifically, may be used With k1For random key, carry out num random site of file generated of data storage checking for need.(2) from each random order Put start read length be y byte content t1, t2, t3 ... tnum }, deficiency then zero padding.(3) will be suitable for the content being read Sequence connects, and becomes sample files t={ t1 | | t2 | | ... | | tnum }.(4) with kiFor key, calculate sample files checking label ri, i.e. ri=hmac (t, ki), wherein i is challenge Key Sequence Number.
Inquiry array generation module 143, for selecting p-1 pseudo random number from pseudorandom array s, and and current challenges Key mixes, and to generate inquiry array q, and records position in inquiry array q for the current challenges key.
Sending module 144, for being sent to server by inquiry array q, filename and file block number num.
Verification generation module 21, for verification sequence label is generated according to inquiry array q, filename and file block number num, And return to client.Specific: (1) with q as random key, for need carry out the file generated num of data storage checking with Seat in the plane is put.The big I of file obtains from storage server according to filename.Server generate num random site method and The method that client generates num is identical.(2) from each random site start read length be y byte content t1, t2, T3 ... tnum }, deficiency then zero padding.(3) by the content order being read connect, become sample files t=t1 | | t2 | |……||tnum}.(4) with q [u] as key, calculate sample files verification sequence label ru', i.e. ru'=hmac (t, q [u]), Wherein u=1,2 ... p.P is degree of aliasing.Verify sequence label ru' comprise p check tag.
Filtering module 15, the verification sequence label for returning to verification generation module 21 filters.Specifically, filter The verification label obtaining afterwards is in verification sequence label ru' in position with record current challenges key inquiry array q in Position identical verification label.
Checking correction verification module 16, verification label and checking label for obtaining after filtering are compared, to judge literary composition Whether part is destroyed.If verification label is identical with the value of checking label, the file of checking is not destroyed, and it is in server Storage normal;If differing, situations such as the file of checking destroyed, imperfect.
Cloud storage data below in conjunction with the high durability to the embodiments of the present invention for Fig. 3 and specific example is deposited Storage checking system is described in detail:
Checking preparation module 11 sets the entitled file1 of file to untrusted server up transfer file for the user, file size For 100mb, verify that frequency n is 1000 times, single authentication credibility is 0.9 for c, degree of aliasing p is 4, the size of pseudorandom array s For 10000, pseudorandom array generates key y=9387862494432, the random key seed being generated according to the current time in system K=1285572979437, generates n random key { k according to random key seed k1、k2、k3……kn}.
Checking preparation module 11 determines, according to single authentication credibility 0.9 and file size 100mb, the file needing to read Block number.Specifically, file size is 104857600 bytes (byte) (100mb), with 16 bytes for a blocks of files, then has 7864320 blocks of files.In order to meet the requirement of single authentication credibility 0.9, i.e. 1- (1-1%)num=0.9, then num= 229.
Checking maintenance module 12, according to the storage request of checking preparation module 11, stores to the parameter of above-mentioned setting.
When user initiates the request of data storage revene lookup by client, the number of checking initiation module 13 receive user According to storage revene lookup request, and initiate inquiry request after checking preparation module 11 obtains relevant parameter.Challenge Key Sequence Number Acquisition module 141 is obscured to current authentication number of times cur, obtains challenge Key Sequence Number.Specifically, challenge Key Sequence Number i= J*cur mod n, wherein, j=s [207], generate key k and 207 generation using pseudorandom array, be worth for 8736;Current authentication Number of times cur=1, n=1000, thus obtain i=736.Replacement module 142 replaces cur with i=736, and continues former request, obtains Take current challenges key and checking label.The current challenges key getting is k736.
The acquisition process that replacement module 142 obtains checking label is: with k1For random key, carry out data storage for need and test 229 random sites of file generated of card;And from each random site start read length be 16 bytes content t1, t2, T3 ... t229 }, deficiency then zero padding;By the content order being read connect, become sample files t=t1 | | t2 | | ... | | t229};With k736For key, calculate sample files checking label r736, i.e. r736=hmac (t, k736).
Inquiry array generation module 143 selects the individual pseudo random number of 3 (p-1) from pseudorandom array s, and close with current challenges Key mixes, to generate inquiry array q.For example, 3 pseudo random numbers selected are respectively s [94], s [385] and s [787].Profit Generate key k and sequence number (94,385,787) with pseudorandom array to generate, then 3 pseudo random numbers be respectively 3489825427445, 2654478345628、7674398282265.k736For 85735279849542.
Inquiring about array generation module 143 by inquiry array q obtaining after 3 pseudo random numbers and the mixing of current challenges key is {s[94]、s[385]、k736, s [787], current challenges key k736Position in q is 3.
Sending module 144 will be inquired about array q, filename (name) and file block number num and be sent to server.
The verification generation module 21 of server 2 generates verification label according to inquiry array q, filename and file block number num Sequence, and return to client.Specific: (1), with q as random key, carries out the file generated num of data storage checking for need (229) individual random site;(2) from each random site start read length be y byte content t1, t2, t3 ... T229 }, deficiency then zero padding;The content order being read is connected, becomes sample files t={ t1 | | t2 | | ... | | t229 }; (3) with q [u] as key, calculate sample files verification sequence label ru', i.e. ru'=hmac (t, q [u]), wherein u=1, 2、……4.
The filtering module 15 of client 1 filters to the verification sequence label returning.
The check tag that the checking correction verification module 16 of client 1 obtains after filtering is drilled with proof list and is compared to judge Whether file is destroyed.Specific filtering module 15 gets the checking label r that verification sequence label middle position is set to 33’.Checking The verification label r that correction verification module 16 obtains after filtering3' and checking label r736It is compared, to judge whether file is broken Bad.If verification label r3' and checking label r736Value identical, then the file of checking is not destroyed, its depositing in server Storage is normal;If differing, situations such as the file of checking destroyed, imperfect.
In the cloud storage data storage checking system of the high durability of the embodiment of the present invention, checking maintenance module 12 plays The effect such as storage and the renewal of current authentication number of times.Additionally, the system of the embodiment of the present invention may also comprise a memory module, it is used for Store the checking label of each file, when verifying that maintenance module 12 initiates storage checking tag queries maintenance request, store mould Block returns corresponding file verification label or safeguards result.
It should be understood that in embodiments of the invention, the determination of file block number also can be calculated by replacement module 142, or in step Calculated in rapid s4, the application is not restricted to this.
The cloud storage data storage verification method of the high durability of the embodiment of the present invention and system, can make file verification mark Label can be recycled: because true challenge parameter is mixed in pseudorandom array, server cannot determine true challenge parameter.When When pseudorandom array s is sufficiently large, server cannot determine all possible tally set, the therefore sustainable reuse of label, Zhi Daosuo Possible label all occurred it may be verified that number of times is expanded to by n timeSecondary.If this is because, there is no step s3 and s5 Obscure and mixed process, challenge through n order, server can be appreciated that all of challenge parameter and label.Pseudo- when introducing After random array s, in server, all number of tags challenged are changed into | s |+n, and checking every time only consumes p label, Therefore, whenAfter secondary challenge, server could obtain all of challenge key and label.Thus, checking number of times is expanded by n time Arrive greatlySecondary.
Thus, in the above example, by the cloud storage data storage verification method of the high durability of the embodiment of the present invention The checking label allowing to is 10000+1000 it may be verified that at least 11000/p=11000/4=2750 time.And using existing The method having technology, 1000 labels can only be supported to verify 1000 times.The cloud storage data of the high durability of the embodiment of the present invention Storage verification method increased checking label reusability.
The cloud storage data storage verification method of the high durability of the embodiment of the present invention and system can be in files passe to non- Before believable server (for example, cloud storage service device), the secret held according to user and other specification are given birth to for file in advance Become checking label, and generate a series of pseudorandom arrays, preserve simultaneously and safeguard all of parameter;When verifying file, user Also from pseudorandom array, except specifying real challenge parameter, select the disturbance parameter of some, these parameters are mixed Together, initiate challenge to server;Server regenerates multiple verification labels according to all parameters, and user only needs checking true Just challenging the corresponding label of parameter, you can judge file statuss.The method and system of the embodiment of the present invention can be with less calculating Cost obtains relatively high checking credibility, and the challenge of file verification label all comprises truly to challenge parameter and a series of puppet every time Random number is so that possible pseudorandom number of labels increases, it is to avoid the correct signature that server by utilizing preserves realizes Replay Attack Probability.
In flow chart or in an embodiment of the present invention any process described otherwise above or method description can be by It is interpreted as, represent the code of the executable instruction including one or more steps for realizing specific logical function or process Module, fragment or part, and the scope of embodiment of the present invention includes other realization, wherein can not press shown or Discuss order, including according to involved function by substantially simultaneously in the way of or in the opposite order, carry out perform function, this should Described in embodiments of the invention, those skilled in the art understand.
Above in conjunction with accompanying drawing, embodiments of the invention are described, but the invention is not limited in above-mentioned concrete Embodiment, above-mentioned specific embodiment is only schematically, rather than restricted, those of ordinary skill in the art Under the enlightenment of the present invention, in the case of without departing from present inventive concept and scope of the claimed protection, also can make a lot Form, these belong within the protection of the present invention.

Claims (10)

1. a kind of cloud storage data storage verification method of high durability is it is characterised in that comprise the following steps:
S1, the file configuration certificate parameter uploaded onto the server for each and blending parameter, and according to single authentication credibility c and File size determines the file block number needing to read;
Wherein, certificate parameter includes: the filename of file, file size, checking frequency n, single authentication credibility c;Obscure ginseng Number includes: pseudorandom array s, pseudorandom array generate key y, degree of aliasing p;
S2, the data storage revene lookup request of receive user, and initiate inquiry request;
S3, current authentication number of times is obscured, obtain challenge Key Sequence Number;
S4, with challenge Key Sequence Number replace current authentication number of times, obtain current challenges key and checking label;
S5, from pseudorandom array s, select p-1 pseudo random number, and mix with current challenges key, to generate inquiry array, And record position in inquiry array for the current challenges key;
S6, inquiry array, filename and file block number are sent to server;
S7, server generate verification sequence label according to inquiry array, filename and file block number, and return to client;
S8, client filter to the verification sequence label returning;
The verification label that s9, client obtain after filtering is compared with checking label, to judge whether file is destroyed.
2. the cloud storage data storage verification method of high durability according to claim 1 is it is characterised in that step s2 has Body includes: is calculated according to formula (1) and challenges Key Sequence Number:
I=j*cur mod n (1)
In formula (1), i is challenge Key Sequence Number, and j is the numerical value of random choose from pseudorandom array s, and cur is current authentication Number, n is checking number of times.
3. the high durability according to any one of claim 1-2 cloud storage data storage verification method it is characterised in that Methods described also includes: generates random key seed k according to the current time in system, generates n at random according to random key seed k Key { k1、k2、k3……kn}.
4. the cloud storage data storage verification method of high durability according to claim 3 is it is characterised in that in step s4 Obtain current challenges key particularly as follows: according to challenge Key Sequence Number from n random key { k1、k2、k3……knMiddle acquisition.
5. the cloud storage data storage verification method of high durability according to claim 3 is it is characterised in that in step s1 Determine that the computational methods of the file block number needing to read are according to single authentication credibility c and file size: 1-(1-1%)num=c, Wherein num is the file block number generating required for checking label, and c is single authentication credibility.
6. the cloud storage data storage verification method of high durability according to claim 5 is it is characterised in that in step s4 Obtain checking label to comprise the following steps:
Num random site is selected in the range of file size;
From each random site start read length be y byte content t1, t2, t3 ... tnum }, deficiency then zero padding;
The content order being read is connected, becomes sample files t={ t1 | | t2 | | ... | | tnum };
With kiFor key, calculate sample files checking label ri, ri=hmac(t, ki), wherein i is challenge Key Sequence Number;
Y is the size of each blocks of files default.
7. the cloud storage data storage verification method of high durability according to claim 1 is it is characterised in that step s9 In, array is being inquired about with the current challenges key recording in the position that label is in verification sequence label that verifies obtaining after filtration In position identical verification label.
8. a kind of cloud storage data storage checking system of high durability is it is characterised in that include: client (1) server (2);
Wherein client (1) includes: verifies preparation module (11), checking initiation module (13), obscures module (14), filtering module (15), checking correction verification module (16);Obscure module (14) and include challenge Key Sequence Number acquisition module (141), replacement module (142), inquiry array generation module (143) and sending module (144);
Server (2) includes verification generation module (21);
Checking preparation module (11), for the file configuration certificate parameter uploaded onto the server for each and blending parameter, and For the file block number needing to read is determined according to single authentication credibility c and file size;Wherein, certificate parameter includes: literary composition The filename of part, file size, checking frequency n, single authentication credibility c;Blending parameter includes: pseudorandom array s, pseudorandom Array generates key y, degree of aliasing p;
Checking initiation module (13), for the data storage revene lookup request of receive user, and initiates inquiry request;
Challenge Key Sequence Number acquisition module (141), for when verifying that initiation module (13) initiates inquiry request, to current authentication Number of times is obscured, and obtains challenge Key Sequence Number;
Replacement module (142), for replacing current authentication number of times with challenge Key Sequence Number, obtains current challenges key and checking mark Sign;
Inquiry array generation module (143) is for selecting p-1 pseudo random number and close with current challenges from pseudorandom array s Key mixes, and to generate inquiry array, and records position in inquiry array for the current challenges key;
Sending module (144), for being sent to server by inquiry array, filename and file block number;
Verification generation module (21), for generating verification sequence label according to inquiry array, filename and file block number, and returns To client;
Filtering module (15), the verification sequence label for returning to verification generation module (21) filters;
Checking correction verification module (16), verification label and checking label for obtaining after filtering are compared, to judge file Whether it is destroyed.
9. the cloud storage data storage checking system of high durability according to claim 8 is it is characterised in that described client End also includes verifying maintenance module (12), for storing certificate parameter and blending parameter, and is used for updating current authentication number of times.
10. the cloud storage data storage checking system of the high durability described in -9 any one according to Claim 8, its feature exists In challenge Key Sequence Number acquisition module (141) calculates according to formula (1) and challenges Key Sequence Number:
I=j*cur mod n (1)
In formula (1), i is challenge Key Sequence Number, and j is the numerical value of random choose from pseudorandom array s, and cur is current authentication Number, n is checking number of times.
CN201410054969.7A 2014-02-18 2014-02-18 Highly reusable cloud storage data storage verification method and system Active CN103944874B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410054969.7A CN103944874B (en) 2014-02-18 2014-02-18 Highly reusable cloud storage data storage verification method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410054969.7A CN103944874B (en) 2014-02-18 2014-02-18 Highly reusable cloud storage data storage verification method and system

Publications (2)

Publication Number Publication Date
CN103944874A CN103944874A (en) 2014-07-23
CN103944874B true CN103944874B (en) 2017-01-25

Family

ID=51192358

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410054969.7A Active CN103944874B (en) 2014-02-18 2014-02-18 Highly reusable cloud storage data storage verification method and system

Country Status (1)

Country Link
CN (1) CN103944874B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161523B (en) * 2015-04-02 2019-11-22 腾讯科技(深圳)有限公司 A kind of data processing method and equipment
CN104811300B (en) * 2015-04-22 2017-11-17 电子科技大学 The key updating method of cloud storage and the implementation method of cloud data accountability system
CN106612274A (en) * 2016-07-25 2017-05-03 四川用联信息技术有限公司 Homogeneity-based shared data verification algorithm in cloud computing
CN108737438B (en) * 2018-06-02 2022-02-11 桂林电子科技大学 Identity authentication method for anti-riot database
CN114584328B (en) * 2022-05-09 2022-08-02 武汉四通信息服务有限公司 API interface access method, computer device and computer storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008105937A2 (en) * 2006-09-28 2008-09-04 Microsoft Corporation Rights management in a cloud
CN102045356A (en) * 2010-12-14 2011-05-04 中国科学院软件研究所 Cloud-storage-oriented trusted storage verification method and system
CN102611749A (en) * 2012-01-12 2012-07-25 电子科技大学 Cloud-storage data safety auditing method
CN103425941A (en) * 2013-07-31 2013-12-04 广东数字证书认证中心有限公司 Cloud storage data integrity verification method, equipment and server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008105937A2 (en) * 2006-09-28 2008-09-04 Microsoft Corporation Rights management in a cloud
CN102045356A (en) * 2010-12-14 2011-05-04 中国科学院软件研究所 Cloud-storage-oriented trusted storage verification method and system
CN102611749A (en) * 2012-01-12 2012-07-25 电子科技大学 Cloud-storage data safety auditing method
CN103425941A (en) * 2013-07-31 2013-12-04 广东数字证书认证中心有限公司 Cloud storage data integrity verification method, equipment and server

Also Published As

Publication number Publication date
CN103944874A (en) 2014-07-23

Similar Documents

Publication Publication Date Title
CN103944874B (en) Highly reusable cloud storage data storage verification method and system
US11849023B2 (en) Verifiable redactable audit log
CN110022298B (en) Evidence verification method and device based on block chain and electronic equipment
CN102045356B (en) Cloud-storage-oriented trusted storage verification method and system
CN102170440B (en) Method suitable for safely migrating data between storage clouds
CA2731954C (en) Apparatus, methods, and computer program products providing dynamic provable data possession
CN102648471B (en) System and method for hardware based security
CN107220559B (en) Encryption storage method for non-tamperable file
CN110069921A (en) A kind of trusted software authority checking system and method towards container platform
CN110582775A (en) Method for managing file based on block chain by using UTXO basic protocol and file management server using the same
US8904184B2 (en) Certification of authenticity of media signals
CN110138733A (en) Object storage system based on block chain is credible to deposit card and access right control method
CN106603561B (en) Block level encryption method and more granularity deduplication methods in a kind of cloud storage
CN105993043A (en) Security device, method therefor and program
CN110785783A (en) Method and apparatus for testing signature verification for blockchain systems
CN114372296B (en) Block chain-based user behavior data auditing method and system
CN111444257A (en) Block chain-based electronic evidence storage method and system
CN115208628B (en) Data integrity verification method based on block chain
Fernando et al. SciBlock: A blockchain-based tamper-proof non-repudiable storage for scientific workflow provenance
CN105550230B (en) The method for detecting and device of distributed memory system node failure
CN110493011B (en) Block chain-based certificate issuing management method and device
CN111400270A (en) Block chain-based file time service method and device
Zou et al. Dynamic provable data possession based on ranked merkle hash tree
CN112115101B (en) Method and system for determinacy deletion of data in cloud storage
Burns et al. Verifiable audit trails for a versioning file system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant