CN106611134A - Cloud data integrity verification method - Google Patents
Cloud data integrity verification method Download PDFInfo
- Publication number
- CN106611134A CN106611134A CN201610403218.0A CN201610403218A CN106611134A CN 106611134 A CN106611134 A CN 106611134A CN 201610403218 A CN201610403218 A CN 201610403218A CN 106611134 A CN106611134 A CN 106611134A
- Authority
- CN
- China
- Prior art keywords
- data
- data block
- algorithm
- information table
- clouds
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a cloud data integrity verification method for solving the problem of cloud data security and integrity. The method comprises the following steps: using a bilinear pairing algorithm to construct an original table data of the data at first, then randomly extracting a sample by using the algorithm to generate a verification request, generating an integrity verification parameter according to verification parameter data sent by the request, finally performing calculation according to the constructed verification function, and outputting a verification result. After a data owner updates the data, the data version is also updated in the original table data, and the values of data indexes are modified; and thus the algorithm can also support the dynamic update of the data beside the remote verification of the data integrity.
Description
Art
Data safety, data are complete, cloud computing field of data storage
Technical background
Cloud develops, and enterprises and individuals more and more tend to store data in high in the clouds, empty to save mobile storage
Between and it is convenient access whenever and wherever possible, have great convenience for the user;Meanwhile, data can also be realized beyond the clouds sharing, facilitate other people
Download.But, thus also result in the safety problem of data, data storage beyond the clouds, departing from the control of data owner, or
Because cloud service provider system is unstable, cloud space by malicious attack, cause loss of data and damage.User is in unwitting situation
Under, or various losses will be caused because data are imperfect;So how to determine whether high in the clouds data are completeIf periodically will
Data are locally downloading to carry out integrity checking, or directly replaces;Substantial amounts of communication will be so consumed, be also result in greatly
Trouble.So the invention discloses a kind of method that can be used for remote data integrity checking, being capable of timing or variable interval
Inspection is stored in the data in high in the clouds, verifies its integrity, and supports that data owner updates the data at any time.
The content of the invention
For the high in the clouds data whether whether complete problem of safety, data, the present invention proposes a kind of high in the clouds data integrity
Verification method.
The technical solution adopted in the present invention:This method uses Bilinear Pairing algorithm, constructs the original of data first
Information table, then randomly selects sample using algorithm and generates checking request, then according to the certificate parameter data that request is sent,
Integrity verification parameter is generated, is calculated finally according to the checking function for being constructed, export the result.In data owner couple
After data are updated, versions of data renewal, the value of the every data directory of modification are equally carried out in raw information table;So this
Algorithm is in addition to energy remote validation data integrity, moreover it is possible to support the dynamic renewal of data.
The invention has the beneficial effects as follows:Can variable interval selective examination be stored in the data in high in the clouds, whether checking packet complete,
Meanwhile, the operation such as data owner can carry out increasing newly to packet at any time, change, deletes, without affecting proof procedure.
Specific embodiment
To solve cloud data safe and high in the clouds data integrity issues, the present invention has made and having explained, its
Specific implementation step is as follows:
Step 1:Set up the private key and public key of algorithm index needs
Step 2:Generate the checking tag set and initial fresh information table of data block
Step 3:Needed for checking, sampled data block is generated
Step 4:Certificate parameter is generated
Step 5:By verifying function verification of data integrity
Step 6:When data are changed, data message table updates
Parameter and definition involved by above step, is described in detail below:
First, step 1 described above set up algorithm index needs private key and public key concrete calculating process it is as follows:
Step 1.1 bilinear map algorithm
On elliptic curve, setting tool has the multiplication loop group G of phase same order1, G2And GT, g1、g2It is G respectively1, G2Generation
Unit, in bilinear map e:G1×G2→GTIn, any u ∈ G1、v∈G2With all of a, b ∈ ZpHave:
e(ua, vb)=e (u, v)ab
That is:
u1、u2∈G1, v ∈ G2When, (u1u2, v)=e (u1, v) e (u2, v)
Step 1.2 sets up the private key and public key of algorithm index needs
X ∈ Z are chosen arbitrarilypAnd u ∈ G1Calculate:
W=ux∈G1
Make private key SK=(x), public key PK=(v, u, g2, w)
Thus, data owner can browsing and download whenever and wherever possible to data F for uploading to high in the clouds, following algorithm for design reality
The integrity verification of existing data.
2nd, step 2 described above generates the checking tag set of data block and specifically calculating for initial fresh information table
Journey is as follows:
The fresh information table of step 2.1 data initial state
Initial state information table includes the empty gauge outfit of the first row and 4 row, is respectively defined as:Id (i) represents the reality of data block
Border physics index, is that unique identifier, the BID of algorithm is indexed for logic, and when there is insertion operation, value has repetition, V and is data
Version number, initial value are 0, and the renewal operation of essential record data owner, E record datas update operation, and initial value is 0;Possess
If the data block of identical Real-time Logic index BID is not changed, will be distinguished by value E.Data owner is each text
The integrity that part is safeguarded an initial state information table to follow the trail of the current state of data and check outer bag data.
Step 2.2 generates the checking tag set and initial fresh information table of data block
User data F is divided into into mnIndividual data block, wherein, mi∈Zp, i=1 ..., n, i.e.,:
F=(m1, m2..., mn), mi∈Zp, i=1 ..., n.
δ is made to represent the label of data block, then:
By function H () and G1In point mapped one by one:H(·):{ 0,1 }*→G1
wi=name | | BIDi||Vi||Ei
Name is that data owner randomly selects, the identifier as data F and:name∈Zp;BIDiFor data block mi
File F grows location index, ViIt is data block miRefresh counter, initial value is 0, EiIt is insertion operation, if data block miNot yet
There is insertion operation, then value is 0, when having insertion operation, be 1 monotonic increase according to step-length.All data blocks are calculated now
Label, they are put into into setIn:
Now, after computing is finished, while obtaining tally set, also generate the original data fresh information table of F;Data
Owner is by tally set1≤i≤n is sent to cloud storage service business together with data F.
3rd, step 3 described above verifies that the concrete calculating process that required sampled data block is generated is as follows:
When data owner needs verification of data integrity, j non-null value s is randomly selected from initial fresh information tablei:
S={ s1, s2..., sj}
Wherein s1< ... < sj, then for each siSelect a random value vi, and vi∈Zp;If checking request is YZ,
Then:
YZ={ (si, vi)}
YZ specifies the data block for being required sampling Detection in this checking.
4th, the concrete calculating process of step 4 certificate parameter generating algorithm described above is as follows:
There are three certificate parameters, respectively R, δ, μ in the method;After specified data block, YZ is sent to into cloud service
Business, the sample required for extracting, then randomly selects r ∈ Zp, perform calculating:
R=wr=(ux)r∈G1
Cloud service provider can obtain a linear combination of sampled data block when YZ is received:
Thus calculate:
μ=rh (R)+μ ' ∈ Zp
μ ' is associated with r, hash function H ():G1→Zp, by G1In point and ZpIn element map one by one;So
Afterwards in calculating parameter δ:
Certificate parameter { R, μ, δ } is calculated several times by above-mentioned
5th, step 5 described above is as follows by verifying the concrete calculating process of function verification of data integrity:
Perform following calculating:
P=e (δ Rh(R), g2),
Judge:
It is complete during data if P=Q, represent that data are imperfect if P ≠ Q.
6th, the concrete calculating process that data message table updates when step 6 data described above are changed is as follows:
V in the initial fresh information table of data represents that data modification operation is recorded, and carries out data block m per secondary data owneri
During modification, version number's V monotonic increases, step-length is 1,;Perform and update operation:
V‘i=Vi+1
mi' cryptographic Hash H (w 'i)=H (name | | BIDi||v′i||Ei
When there is deletion action:
Data owner deletes data block mi, then Id values be set to 0, version number Vi- 1 is set to, from the beginning of i, i=i+1, that is,
miSequence number below once adds 1.
When newly-increased data, in data miNew data block is inserted before, and i=i+1, Id (i), BID, V, E update successively,
Update simultaneously:
H(w‘i)=H (name | | BID 'i||V′i||E’i
After data owner occurs three above renewal operation, by data message table and (H (w ' after renewali), σ 'iSend
To cloud service provider, as the attribute of checking next time.
Claims (7)
1. a kind of high in the clouds data integrity verification method, it is complete that the method is related to data safety, data, cloud computing data storage neck
Domain, which is mainly characterized by:Using Bilinear Pairing algorithm, construct the raw information table of data first, according to checking request with
Machine extracted data is calculated by parameter and generates certificate parameter, is re-send to high in the clouds by verifying that function is verified, is finally exported
The whether complete judgement information of data;
Its specific implementation step is as follows:
Step 1:Set up the private key and public key of algorithm index needs
Step 2:Generate the checking tag set and initial fresh information table of data block
Step 3:Needed for checking, sampled data block is generated
Step 4:Certificate parameter is generated
Step 5:By verifying function verification of data integrity
Step 6:When data are changed, data message table updates.
2., according to a kind of high in the clouds data integrity verification method described in claim 1, it is characterized in that:It is private in the step 1
Key and public key are calculated according to Bilinear Pairing algorithm, based on concrete calculating process is according to bilinear map function, concrete to solve
Process is as follows:
Step 1.1 bilinear map algorithm
On elliptic curve, setting tool has the multiplication loop group of phase same order,With,It is respectively,'s
Unit is generated, in bilinear map e:In, arbitrarily、With it is all of
Have:
That is:
,When,
Step 1.2 sets up the private key and public key of algorithm index needs
Arbitrarily chooseAndCalculate:
Make private key, public key
Thus, data owner can browsing and download whenever and wherever possible to data F for uploading to high in the clouds, following algorithm for design realizes number
According to integrity verification.
3., according to a kind of high in the clouds data integrity verification method described in claim 1, it is characterized in that:The step 2 generates number
According to the checking tag set and initial fresh information table of block, its concrete solution procedure is as follows:
The fresh information table of step 2.1 data initial state
Initial state information table includes the empty gauge outfit of the first row and 4 row, is respectively defined as:Id(i)Represent the actual thing of data block
Reason index, is that unique identifier, the BID of algorithm is indexed for logic, and when there is insertion operation, it is version that value has repetition, V to data
Number, initial value is 0, and the renewal operation of essential record data owner, E record datas update operation, and initial value is 0;Possess identical
If the data block of Real-time Logic index BID is not changed, will be distinguished by value E, data owner is tieed up for each file
Integrity of the one initial state information table of shield to follow the trail of the current state of data and check outer bag data
Step 2.2 generates the checking tag set and initial fresh information table of data block
User data F is divided intoIndividual data block, wherein,, i.e.,:
,,
OrderThe label of data block is represented, then:
By functionWithIn point mapped one by one:
Name is that data owner randomly selects, the identifier as data F and:;For data block
Location index is growed in file F,It is data blockRefresh counter, initial value is 0,It is insertion operation, if data
BlockOperation is not inserted into, then value is 0, when having insertion operation, is 1 monotonic increase according to step-length, now calculates all
They are put into set by the label of data blockIn:
Now, after computing is finished, while obtaining tally set, also generate the original data fresh information table of F;Data owner
By tally set,Cloud storage service business is sent to together with data F.
4., according to a kind of high in the clouds data integrity verification method described in claim 1, it is characterized in that:The step 3 verifies institute
Sampled data block is needed to generate, concrete solution procedure is as follows:
When data owner needs verification of data integrity, j non-null value is randomly selected from initial fresh information table:
Wherein, then for eachSelect a random value, and;If checking request is YZ,
Then:
YZ specifies the data block for being required sampling Detection in this checking.
5., according to a kind of high in the clouds data integrity verification method described in claim 1, it is characterized in that:The step 4 checking ginseng
Number generating algorithm, its concrete solution procedure are as follows:
There are three certificate parameters in the method, respectively,,;After specified data block, YZ is sent to into cloud service
Business, the sample required for extracting, then randomly selects, perform calculating:
Cloud service provider can obtain a linear combination of sampled data block when YZ is received:
Thus calculate:
WillAssociate with r, hash function, willIn point withIn element map one by one;
Then in calculating parameter:
Certificate parameter is calculated several times by above-mentioned。
6., according to a kind of high in the clouds data integrity verification method described in claim 1, it is characterized in that:The step 5 is by testing
Card function verification of data integrity, its concrete solution procedure are as follows:
Perform following calculating:
,
Judge:
It is complete during data if P=Q, ifThen represent that data are imperfect.
7., according to a kind of high in the clouds data integrity verification method described in claim 1, it is characterized in that:Step 6 data become
When more, data message table updates, and its concrete solution procedure is as follows:
V in the initial fresh information table of data represents that data modification operation is recorded, and carries out data block per secondary data ownerRepair
When changing, version number's V monotonic increases, step-length is 1,;Perform and update operation:
Cryptographic Hash
When there is deletion action:
Data owner deletes data block, then Id values be set to 0, version number- 1 is set to, from the beginning of i, i=i+1, that is,Sequence number below once adds 1
When newly-increased data, in dataNew data block, i=i+1, Id are inserted before(i), BID, V, E update successively, together
Shi Gengxin:
Occur after three above updates operation in data owner, by the data message table after renewal and,It is sent to
Cloud service provider, as the attribute of checking next time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610403218.0A CN106611134A (en) | 2016-06-06 | 2016-06-06 | Cloud data integrity verification method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610403218.0A CN106611134A (en) | 2016-06-06 | 2016-06-06 | Cloud data integrity verification method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106611134A true CN106611134A (en) | 2017-05-03 |
Family
ID=58614888
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610403218.0A Pending CN106611134A (en) | 2016-06-06 | 2016-06-06 | Cloud data integrity verification method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106611134A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108600201A (en) * | 2018-04-09 | 2018-09-28 | 东华大学 | A kind of telesecurity replacing options of the data label of cloud storage integrity verification |
CN109413450A (en) * | 2018-09-30 | 2019-03-01 | 武汉斗鱼网络科技有限公司 | A kind of integrity checking method, device, terminal and the storage medium of barrage data |
CN109409116A (en) * | 2018-11-12 | 2019-03-01 | 青岛大学 | Solve the safely outsourced method of undirected weighted graph minimal cut |
CN110061994A (en) * | 2019-04-24 | 2019-07-26 | 青岛大学 | A kind of cryptograph files set correctness verification method, system and relevant apparatus |
CN116860509A (en) * | 2023-09-04 | 2023-10-10 | 深圳麦风科技有限公司 | PST file repairing method, device and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101599959A (en) * | 2009-07-10 | 2009-12-09 | 西北工业大学 | Anonymous bidirectional authentication method based on identity |
CN103699851A (en) * | 2013-11-22 | 2014-04-02 | 杭州师范大学 | Remote data completeness verification method facing cloud storage |
CN103986732A (en) * | 2014-06-04 | 2014-08-13 | 青岛大学 | Cloud storage data auditing method for preventing secret key from being revealed |
CN104811450A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing |
-
2016
- 2016-06-06 CN CN201610403218.0A patent/CN106611134A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101599959A (en) * | 2009-07-10 | 2009-12-09 | 西北工业大学 | Anonymous bidirectional authentication method based on identity |
CN103699851A (en) * | 2013-11-22 | 2014-04-02 | 杭州师范大学 | Remote data completeness verification method facing cloud storage |
CN103986732A (en) * | 2014-06-04 | 2014-08-13 | 青岛大学 | Cloud storage data auditing method for preventing secret key from being revealed |
CN104811450A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108600201A (en) * | 2018-04-09 | 2018-09-28 | 东华大学 | A kind of telesecurity replacing options of the data label of cloud storage integrity verification |
CN109413450A (en) * | 2018-09-30 | 2019-03-01 | 武汉斗鱼网络科技有限公司 | A kind of integrity checking method, device, terminal and the storage medium of barrage data |
CN109409116A (en) * | 2018-11-12 | 2019-03-01 | 青岛大学 | Solve the safely outsourced method of undirected weighted graph minimal cut |
CN109409116B (en) * | 2018-11-12 | 2022-01-28 | 青岛大学 | Safe outsourcing method for solving minimum cut of undirected weighted graph |
CN110061994A (en) * | 2019-04-24 | 2019-07-26 | 青岛大学 | A kind of cryptograph files set correctness verification method, system and relevant apparatus |
CN110061994B (en) * | 2019-04-24 | 2022-02-25 | 青岛大学 | Ciphertext file set correctness verification method, system and related device |
CN116860509A (en) * | 2023-09-04 | 2023-10-10 | 深圳麦风科技有限公司 | PST file repairing method, device and storage medium |
CN116860509B (en) * | 2023-09-04 | 2023-12-26 | 深圳麦风科技有限公司 | PST file repairing method, device and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106611134A (en) | Cloud data integrity verification method | |
CN102938767B (en) | The fuzzy keyword search methodology that efficiently can verify that based on the outer packet system of cloud data | |
CN103888262B (en) | Secret key changing and signature updating method for cloud data audit | |
CN107807951A (en) | A kind of block chain generation method, data verification method, node and system | |
CN108540291B (en) | Identity-based data integrity verification method in cloud storage | |
CN105007157B (en) | Generating and managing multiple base keys based on device-generated keys | |
CN104732159B (en) | A kind of document handling method and device | |
CN106357701A (en) | Integrity verification method for data in cloud storage | |
CN104978239A (en) | Method, device and system for realizing multi-backup-data dynamic updating | |
CN105760781A (en) | Storage method, restoration method and operation method of ordered and derivable large-data files | |
CN107707354A (en) | A kind of cloud storage data verification method and system based on elliptic curve cryptography | |
CN105468990A (en) | Sensitive information management control method and apparatus | |
CN106027240B (en) | A kind of Key-insulated endorsement method based on attribute | |
CN108156138A (en) | A kind of fine granularity calculated for mist can search for encryption method | |
Yu et al. | Comments on “public integrity auditing for dynamic data sharing with multiuser modification” | |
CN105162760A (en) | Random draw-off method, apparatus and system | |
CN101547184A (en) | Method and device for authenticating data block transmitted in network | |
CN110958109B (en) | Light dynamic data integrity auditing method based on hierarchical merck hash tree | |
CN109802967A (en) | Block chain information method for tracing and system | |
CN108696356A (en) | A kind of digital certificate delet method, apparatus and system based on block chain | |
CN107423637A (en) | Support the traceable integrality auditing method of electronic health record data on cloud | |
CN106611136A (en) | Data tampering verification method in cloud storage | |
CN104967693A (en) | Document similarity calculation method facing cloud storage based on fully homomorphic password technology | |
CN103916393B (en) | Cloud data-privacy protection public's auditing method based on symmetric key | |
CN106612174A (en) | Data security verification and updating method supporting third-party administrator (TPA) in mobile cloud computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170503 |