CN105721146A - Big data sharing method for cloud storage based on SMC - Google Patents

Abstract

The invention discloses a big data sharing method for cloud storage based on SMC. The big data sharing method comprises the following stages: (1), initializing, wherein the stage comprises three processes: finishing data encryption and uploading by DO, AA initialization and user registration; (2), secrete splitting, wherein the stage allows the DO to split a key Ki into the following formulas, which are respectively kept by the AA (temporarily), the DO and a CSP; (3), inquiring, a system allows a User to transmit a query request to the CSP, and after the AA verifies a user attribute, the AA transmits the user attribute to the User, and after that, the CSP transmits ciphertext data and the following formula to the User, and finally, the User recovers the key Ki and decrypts a ciphertext. The big data sharing method for the cloud storage based on the SMC provided by the invention can allow the User to directly acquire shared data from the CSP and alleviate the workload of the DO in a data sharing process to the utmost extent; besides, the method can also verify the attribute of the User, so as to guarantee that only legitimate User can acquire data.

Description

The storage of a kind of facing cloud is based on the big data sharing method of SMC

Technical field

The present invention relates to cloud storage technology, be specifically related to a kind of facing cloud storage big data sharing method based on SMC.

Background technology

Along with bringing of big data age, data are presenting explosive growth.For individual or enterprise, storage, the limited PC of calculated performance, the privately owned server of mobile phone or enterprise can not meet demand.People start to select big data are stored cloud.

But under cloud environment, data are uploaded to cloud service provider by data owner, in order to ensure the confidentiality of sensitive data, data owner will be uploaded to cloud service provider again after data encryption.Although encryption can ensure that the confidentiality of data, but reduces the quality of cloud service to a certain extent.

Data sharing is a very important function in cloud storage.In order to alleviate the workload of data owner, data owner allows authorized user directly to download ciphertext data from cloud service provider end, and formulates different deciphering schemes for specific user.But data owner is necessary for different users and formulates different deciphering schemes, and is likely to the privacy of leak data owner in this process.

In order to protect the confidentiality of data, it is prevented that incredible CSP peeps and analytical data, data encryption is first uploaded to CSP by DO again.In order to give specific user by data sharing, DO is necessary for each user and formulates special encipherment scheme, then decruption key is distributed to user, but under this scheme, the encryption overhead of DO is very big.

A kind of desirably scheme is the unified encryptions of all of data, but distributes different keys for different user, and each user can only decipher the data of his Internet access.Based on encryption attribute (Attribute-BasedEncryption, ABE) also known as fuzzy Identity based encryption (FuzzyIdentity-BasedEncryption), it it is a kind of encipherment scheme based on user property.ABE has two important branches: key strategy based on encryption attribute (Key-PolicyAttribute-BasedEncryption, KP-ABE) and Ciphertext policy based on encryption attribute (Ciphertext-PolicyAttribute-BasedEncryption, CP-ABE).No matter it is KP-ABE or CP-ABE, all includes four main process initialization, encryption, key generation and deciphering.In key generation process, ABE requires that DO is for the different attribute of user, generates different keys for each user, and therefore, DO must be always maintained at online in whole data sharing process, and the expense of DO is relatively larger.

The another kind of scheme that can be effectively realized under cloud environment big data sharing is to act on behalf of re-encryption (ProxyRe-Encryption, PRE).We by one simply example introduce her PKI PK of PRE:Alice_AEncrypt her photo, and be uploaded to the CSP of an incomplete trust by safe lane.When she go on business not time, she wants the PKI that his photo shares to her good friend Bob, Bob to be PK_B, but Alice is not desired to her private key SK again_AIt is leaked to Bob.PRE allows Alice to provide a re-encrypted private key RK_A→BRK can be used to CSP, CSP_A→BRe-encrypted PK_ACiphertext after encryption, and ciphertext is transformed into the private key SK that can use Bob_BThe ciphertext of deciphering, and confidential data and any relevant private key SK will not be exposed in this process_AAnd SK_BAny information.But in PRE, DO needs to generate the communication of different re-encrypted private key RK, DO for different users and computing cost is bigger.

The data of encryption are uploaded to CSP by DO, and legal user can obtain secret key decryption data and obtain plaintext value.But general data sharing is all data entirety encrypted, and then shares to User, and this way is easy to expose the privacy of DO.In order to solve this problem, Cheng-KangChu et al. provides extendible data-sharing scheme (being called for short Key-Aggregate below) in a kind of cloud storage, and scheme allows DO that data are carried out block encryption storage.In order to avoid exposing the privacy of DO and extra information; the encryption key of multiple piecemeals is aggregated into the aggregation key of a fixed size by Key-Aggregate scheme; it is sent to user, so both protects the privacy of DO, decrease again the communication overhead between DO and User to a certain extent.In Key-Aggregate scheme, DO needs the different pieces of information sharing request for different User to generate different aggregation key, and therefore the communication overhead of DO and calculation cost are all relatively larger.

Summary of the invention

Goal of the invention: it is an object of the invention to solve the deficiencies in the prior art, there is provided the storage of a kind of facing cloud based on the big data sharing method of SMC, method provided by the invention is built upon on encipherment scheme, the key of encryption is performed the big data-sharing scheme based on SMC, both can realize privacy share, DO can be allowed again to depart from from the extensive work of data sharing.

Technical scheme: a kind of facing cloud of the present invention storage, based on the big data sharing method of SMC, comprises the following steps successively:

(1) initialize: the encryption of the complete paired data of DO and upload, AA initializes and user's registration；

(2) secret segmentation: secret is divided into three parts by (2,3) threshold secret sharing scheme by DO:WithWhereinBe sent to AA temporarily for preserve,It is sent to CSP, DO storageWherein, i.e. κ_i∈ K, 1≤i≤n；

(3) inquiry: User shares data.

Further, the detailed process of described step (1) is:

(1-1) first DO adds ciphertext data with existing AES (such as SDB and protection encryption etc.) and ciphertext is uploaded to CSP, and DO is each key κ_i∈ K generates a KeyID, corresponding Sub-KeyIDs and access rights tree T；

(1-2) AA initializes, and user access control table is sent to believable attribute certification authority AA by DO, comprises KeyID and access rights tree T in user access control table；

(1-3) user's registration, it is allowed to user U_iSending application for registration to CA, CA is each user U_iDistribute a unique identity Uid_i, CA sends attribute logging request to AA, and AA carrys out distributive property collection S according to role or the identity of user_iTo user U_i, and property set is returned to the Uid that CA, CA generation comprises user identity_iWith property set S_iCertificateCertificate is sent to user U by escape way by CA_i。

Further, in described step (2), for κ_i, participant gathers the secret of P={User, CSP, DO} and is divided into three below step:

(2-1) DO is by all key κ_i∈ K is encoded into ACSII code, and the purpose of do so is in order to meet the data of all data types；

(2-2) t=2, n=3 are set, it is determined that a three-dimensional vector X={x₁,x₂,x₃, DO is by x_iDistribute to p_i∈ P, and x_iValue be disclosed in；

(2-3) DO is randomly chosen a coefficient a₁, then three order polynomial P_iX () is respectively defined as P₁(x)=a₁x₁+a₀, P₂(x)=a₁x₂+a₀, P₃(x)=a₁x₃+a₀, polynomial value is the secret Sub-Key of the son after segmentation；DO is one Sub-KeyID of each Sub-Key stochastic generation, and indexes table, is randomly assigned two of which Sub-Key and Sub-KeyID to CSP and User, and the SubKey of User is kept in by AA, and concordance list is sent to CSP by DO.

Further, in described step (3), the detailed process of the shared data of User is:

(3-1) user User sends inquiry request Query to CSP；

(3-2) after CSP receives request, relate to the cipher key sets QK of data for Query, after search index table, κ will be comprised_iKeyID and Sub-KeyIDs attribute checking request be sent to AA；

(3-3) AA inquires about UACL table checking user property, if user property is legal, then AA willIt is sent to user User, and transmits verification result to CSP；

If what (3-4) CSP received is that attribute is verified, then CSP is by corresponding with Sub-KeyIDs for ciphertext dataIt is sent to User；If what receive is do not pass through, then it is illegal that CSP returns user property；

(3-5) User receivesWithAfter utilize Lagrange interpolating function to calculate κ_i, User is by κ_iASCII character translate into plaintext value.

Further, in described step (3-3), when AA inquires about user access control table checking user property, it is judged that whether its attribute meets corresponding authority access tree T, in user access control table, each key associates with authority access tree T, and the root node of T isConcrete verification step is as follows:

If (3-3-1) x is the leaf node of T, then judge S_iWhether belong to property set S, ifThenIf S_i∈ S, then

If (3-3-2) x is not the leaf node of T, then, first calculateWherein x ' is the child node of x,Return 1 and if only if at least k_xIndividual child node returns 1；

If (3-3-3)So user User is legal；IfSo user User is illegal.

Further, in described step (3-5), User receivesWithAfter, if meeting threshold value 2, recover key κ_i；

Assume vector X={x₁,x₂,x₃, x₁、x₂And x₃All it is randomly generated, for instance x₁=20, x₂=10, x₃=30, User holds x₁, CSP holds x₂, DO holds x₃, User holds two polynomial values ${\mathrm{\κ}}_i^{User}=P{\left(x\right)}^{User}=y_i^{User},{\mathrm{\κ}}_i^{CSP}=P{\left(x\right)}^{CSP}=y_i^{CSP},$ So can obtain κ according to following formula_iSolution be:

${\mathrm{\κ}}_i=\underset{j=1}{\overset{t}{\Σ}}{y}_j\underset{1\≤i\≤t,i\≠j}{\Π}\frac{x_i}{x_i-x_j}.$

Beneficial effect: the present invention can either allow User directly to obtain shared data from CSP end, and alleviates the DO workload at data sharing process dramatically；The attribute of User can also be verified by method, to guarantee that legal User could obtain data.

Accompanying drawing explanation

Fig. 1 is the schematic diagram of access rights tree T in embodiment；

Fig. 2 is embodiment system architecture diagram；

Fig. 3 is the initialization of embodiment and secret segmentation phase flow figure, and wherein, step 1-6 is initial phase, step 7-9 is the secret segmentation stage；

Fig. 4 is inquiry phase Organization Chart in embodiment；

Fig. 5 is the flow chart of inquiry phase in embodiment.

Detailed description of the invention

Below technical solution of the present invention is described in detail, but protection scope of the present invention is not limited to described embodiment.

The facing cloud storage of the present invention includes the three below stage based on the big data sharing method of SMC:

(1) initialize: the encryption of the complete paired data of DO and upload, AA initializes and user's registration.

As it is shown on figure 3, first (1-1) DO adds ciphertext data with existing AES and ciphertext is uploaded to CSP.DO is each key κ_i∈ K generates a KeyID, corresponding Sub-KeyIDs and access rights tree T.

(1-2) AA initializes.User access control table (UACL) is sent to believable attribute certification authority AA, UACL and is shown in Table 1 by DO, and UACL contains KeyID and access rights tree T；Wherein, access rights tree T defines the access structure of key.Assume key κ_iAccess rights tree T_iAs shown in Figure 1, then user U_iAttribute S_iIt must is fulfilled for S_i={ A} or S_i={ B, C, D} or S_i={ E, F} could recover κ_iValue.

(1-3) user's registration.System allows user U_iSending application for registration to CA, CA is each user U_iDistribute a unique identity Uid_i, CA sends attribute logging request, the AA role according to user to AA

Or identity carrys out distributive property collection S_iTo user U_i, and property set is returned to the Uid that CA, CA generation comprises user identity_iWith property set S_iCertificateCertificate is sent to user U by escape way by CA_i。

(2) secret segmentation: DO passes through (2,3) threshold secret sharing scheme by secret (i.e. κ_i∈ K) it is divided into three parts:WithWhereinBe sent to AA temporarily for preserve,It is sent to CSP, oneself storageFor κ_i, participant gathers the secret of P={User, CSP, DO} and is divided into three below step:

(2-1) DO is by all key κ_i∈ K is encoded into ACSII code (the translater coding in Fig. 2).The purpose of do so is in order to meet the data of all data types.

(2-2) set us and set t=2, n=3.Determine a three-dimensional vector X={x₁,x₂,x₃}.DO is by x_iDistribute to p_i∈ P, and x_iValue be disclosed in.

(2-3) DO is randomly chosen a coefficient a₁.So three order polynomial P_iX () can be defined as P₁(x)=a₁x₁+a₀, P₂(x)=a₁x₂+a₀, P₃(x)=a₁x₃+a₀, polynomial value is the secret Sub-Key of the son after segmentation.DO is one Sub-KeyID of each Sub-Key stochastic generation, and indexes table (IndexTable, in Table 2), is randomly assigned by two of which Sub-Key and Sub-KeyID to CSP and User (SubKey of User is kept in by AA).Concordance list is sent to CSP by DO.

(3) inquiry: User shares the process (see Fig. 4) of data.Inquiry phase is divided into following five steps:

(3-1) user User sends inquiry request Query to CSP.

(3-2), after CSP receives request, first analyze Query and relate to the cipher key sets QK of data, after search index table (IndexTable), κ will be comprised_iKeyID and Sub-KeyIDs attribute checking request be sent to AA.

(3-3) AA inquires about UACL table checking user property, if user property is legal, then AA willIt is sent to user User, and when transmitting verification result to CSP, AA inquiry UACL table checking user property, it is judged that whether its attribute meets corresponding authority access tree T.In UACL, each key associates with authority access tree T, and the root node of T isConcrete proof procedure is as follows:

If (3-3-1) x is the leaf node of T, then judge S_iWhether belong to property set S.IfThenIf S_i∈ S, then

If (3-3-2) x is not the leaf node of T, then, first calculateWherein x ' is the child node of x,Return 1 and if only if at least k_xIndividual child node returns 1.

If (3-3-3)So user User is legal；IfSo user User is illegal.

If what (3-4) CSP received is that attribute is verified, then CSP is by corresponding with Sub-KeyIDs for ciphertext dataIt is sent to User；If what receive is do not pass through, then it is illegal that CSP returns user property.

(3-5) User receivesWithAfter utilize Lagrange interpolating function to calculate κ_i, User is by κ_iASCII character translate into plaintext value (translater decoding) in Fig. 2.The flow chart of inquiry phase is as shown in Figure 5.The process of User deciphering is as follows:

User receivesWithAfter, meet threshold value 2, it is possible to recover key κ_i.Assume vector X={x₁=20, x₂=10, x₃=30}, User hold x₁, CSP holds x₂, DO holds x₃.User holds two polynomial values ${\mathrm{\κ}}_i^{User}=P{\left(x\right)}^{User}=y_i^{User}=240,{\mathrm{\κ}}_i^{CSP}=P{\left(x\right)}^{CSP}=y_i^{CSP}=170,$ So can obtain κ according to following formula_iSolution be:

$\begin{array}{c}{\mathrm{\κ}}_i=\underset{j=1}{\overset{t}{\Σ}}{y}_j\underset{1\≤i\≤t,i\≠j}{\Π}\frac{x_i}{x_i-x_j}=P_1\left(x_1\right)\×\frac{x_2}{x_2-x_1}+P_2\left(x_2\right)\×\frac{x_1}{x_1-x_2}\\ =240\×\frac{10}{10-20}+170\×\frac{20}{20-10}\\ =100\end{array}$

The present invention is directed to the attribute evaluation of the secret segmentation of method and inquiry phase, additionally provide secret segmentation (SSDA) and two algorithms of attribute evaluation (AEA).

(1) secret partitioning algorithm (SecretShareDistributionAlgorithm is called for short SSDA): as shown in algorithm 1, this algorithm is to gather K as input.Algorithm is by each key κ in set K_iIt is divided into 3 Sub-Key:

First algorithm 1 sets the entity number of privacy share as 3, and the threshold value of secret reconstruction is 2 (line1-2), then defines a series of variable (line3-6).Algorithm 1 is each key κ_i∈ K generates KeyID and Sub-KeyIDs (line7-11).Then it is that participant User, CSP and DO distribute an x_i(line12-14), a three-dimensional vector X ← { x is constituted₁,x₂,x₃(line15).For each x_jEach key κ of ∈ X_i∈ K, algorithm 1 generates a multinomial, and multinomial coefficient is (line16-21) that randomly choose.Finally by addition set corresponding for sub-key (line22-26), and send result to AA and CSP (line27-28).Set hypothesis and there is a cipher key sets K={ κ₁,κ₂,κ₃,κ₄,κ₅(table 3), after the secret segmentation stage, obtain son secret (table 4a, 4b, 4c), held by User, CSP and DO respectively.

Table 3

Table 4a

Table 4b

Table 4c

(2) attribute evaluation algorithm (AttributeEvaluationAlgorithm is called for short AEA): as shown in algorithm 2, this algorithm is used to assessment User attribute S_UserWhether meet access rights tree T corresponding in UACL table.AEA is with UACL, User property set S_UserAs input, export result simultaneously, if result=1, represent that user property is legal；Otherwise illegal.

First algorithm 2 defines a series of variable (line1-5), and wherein attr (x) represents when the node x leaf node being T, the value of the attribute corresponding with node x；T_xRepresent a stalk tree of T, and with node x for root node；K_xRepresent the threshold value of node x.For user property collection S_UserEach x node (line6), first determine whether that whether x is the leaf node of T.If node x is the leaf node of T, if attr (x) is ∈ S, thenOtherwise(line7-10).If node x is not the leaf node (line11) of T, then the child node x's ' of computing node xValue (line12).The number of the accumulative x ' returning 1, is stored in num (line13-15).If k_xIndividual x ' returns 1, thenOtherwiseFinally return to result (line23).If result is 1, then user property is legal；Otherwise user property is illegal.

Above-mentioned secret partitioning algorithm (SSDA) is:

Above-mentioned attribute evaluation algorithm (AEA) is:

By above-described embodiment it can be seen that the present invention has following 2 advantages: the amount of storage of (1) DO: the length of the son secret of participant is not less than the length of its shared secret.Method provided by the invention is by attribute and cipher key associated, and only key is carried out privacy share.Therefore, relatively initial data being carried out privacy share, the amount of storage of the DO of this scheme is less.DO has only to store each encryption keyDO can to CSP request encryption after data andRecycling Lagrange interpolating function recovers clear data.(2) workload of DO: DO only completes the encryption of initial data and the segmentation of key at the initial phase of system and sends UACL table to the work of AA.DO is not involved in inquiry phase.This means that DO need not complete the substantial amounts of work uploading download, re-encrypted, it is not required that keep always on.

Claims (6)

1. a facing cloud stores the big data sharing method based on SMC, it is characterised in that: comprise the following steps successively:

(1) initialize: the encryption of the complete paired data of DO and upload, AA initializes and user's registration；

(2) secret segmentation: secret is divided into three parts by (2,3) threshold secret sharing scheme by DO:WithWhereinBe sent to AA temporarily for preserve,It is sent to CSP, DO storageWherein, i.e. κ_i∈ K；1≤i≤n, the key κ of encryption have n, κ_iRepresent one of them；

(3) inquiry: User shares data.

2. facing cloud according to claim 1 storage is based on the big data sharing method of SMC, it is characterised in that: the detailed process of described step (1) is:

(1-1) first DO adds ciphertext data with AES and ciphertext is uploaded to CSP, DO is each key κ_i∈ K generates a KeyID, corresponding Sub-KeyIDs and access rights tree T；

(1-2) AA initializes, and user access control table is sent to believable attribute certification authority AA by DO, comprises KeyID and access rights tree T in user access control table；

(1-3) user's registration, it is allowed to user U_iSending application for registration to CA, CA is each user U_iDistribute a unique identity Uid_i, CA sends attribute logging request to AA, and AA carrys out distributive property collection S according to role or the identity of user_iTo user U_i, and property set is returned to the Uid that CA, CA generation comprises user identity_iWith property set S_iCertificateCertificate is sent to user U by escape way by CA_i。

3. facing cloud according to claim 1 storage is based on the big data sharing method of SMC, it is characterised in that: in described step (2), for κ_i, participant gathers the secret of P={User, CSP, DO} and is divided into three below step:

(2-1) DO is by all key κ_i∈ K is encoded into ACSII code；

(2-2) t=2, n=3 are set, it is determined that a three-dimensional vector X={x₁,x₂,x₃, DO is by x_iDistribute to p_i∈ P, and x_iValue be disclosed in；

(2-3) DO is randomly chosen a coefficient a₁, then three order polynomial P_iX () is respectively defined as P₁(x)=a₁x₁+a₀, P₂(x)=a₁x₂+a₀, P₃(x)=a₁x₃+a₀, polynomial value is the secret Sub-Key of the son after segmentation；DO is one Sub-KeyID of each Sub-Key stochastic generation, and indexes table, is randomly assigned two of which Sub-Key and Sub-KeyID to CSP and User, and the SubKey of User is kept in by AA, and concordance list is sent to CSP by DO.

4. facing cloud according to claim 1 storage is based on the big data sharing method of SMC, it is characterised in that: in described step (3), the detailed process of the shared data of User is:

(3-1) user User sends inquiry request Query to CSP；

(3-2) after CSP receives request, relate to the cipher key sets QK of data for Query, after search index table, κ will be comprised_iKeyID and Sub-KeyIDs attribute checking request be sent to AA；

(3-3) AA inquires about UACL table checking user property, if user property is legal, then AA willIt is sent to user User, and transmits verification result to CSP；

If what (3-4) CSP received is that attribute is verified, then CSP is by corresponding with Sub-KeyIDs for ciphertext dataIt is sent to User；If what receive is do not pass through, then it is illegal that CSP returns user property；

(3-5) User receivesWithAfter utilize Lagrange interpolating function to calculate κ_i, User is by κ_iASCII character translate into plaintext value.

5. facing cloud according to claim 4 storage is based on the big data sharing method of SMC, it is characterized in that: in described step (3-3), when AA inquires about user access control table checking user property, judge whether its attribute meets corresponding authority access tree T, in user access control table, each key associates with authority access tree T, and the root node of T is γ；Concrete verification step is as follows:

If (3-3-1) x is the leaf node of T, then judge S_iWhether belong to property set S, ifThen T_x(γ)=0；If S_i∈ S, then T_x(γ)=1；

If (3-3-2) x is not the leaf node of T, then, first calculate T_x′(γ), wherein x ' is the child node of x, T_x(γ) 1 is returned and if only if at least k_xIndividual child node returns 1；

If (3-3-3) T_x(γ)=1, then user User is legal；If T_x(γ)=0, then user User is illegal.

6. facing cloud according to claim 4 storage is based on the big data sharing method of SMC, it is characterised in that: in described step (3-5), User receivesWithAfter, if meeting threshold value 2, recover key κ_i；

Assume vector X={x₁,x₂,x₃, User holds x₁, CSP holds x₂, DO holds x₃, User holds two polynomial values ${\mathrm{\κ}}_i^{User}=P{\left(x\right)}^{User}=y_i^{User},{\mathrm{\κ}}_i^{CSP}=P{\left(x\right)}^{CSP}=y_i^{CSP},$ So can obtain κ according to following formula_iSolution be:

${\mathrm{\κ}}_i=\underset{j=1}{\overset{t}{\mathrm{\Σ}}}{y}_j\underset{1\≤i\≤t,i\≠j}{\Π}\frac{x_i}{x_i-x_j}.$