CN106611134A - Cloud data integrity verification method - Google Patents

Cloud data integrity verification method Download PDF

Info

Publication number
CN106611134A
CN106611134A CN201610403218.0A CN201610403218A CN106611134A CN 106611134 A CN106611134 A CN 106611134A CN 201610403218 A CN201610403218 A CN 201610403218A CN 106611134 A CN106611134 A CN 106611134A
Authority
CN
China
Prior art keywords
data
data block
algorithm
information table
clouds
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610403218.0A
Other languages
Chinese (zh)
Inventor
范勇
胡成华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Yonglian Information Technology Co Ltd
Original Assignee
Sichuan Yonglian Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Yonglian Information Technology Co Ltd filed Critical Sichuan Yonglian Information Technology Co Ltd
Priority to CN201610403218.0A priority Critical patent/CN106611134A/en
Publication of CN106611134A publication Critical patent/CN106611134A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a cloud data integrity verification method for solving the problem of cloud data security and integrity. The method comprises the following steps: using a bilinear pairing algorithm to construct an original table data of the data at first, then randomly extracting a sample by using the algorithm to generate a verification request, generating an integrity verification parameter according to verification parameter data sent by the request, finally performing calculation according to the constructed verification function, and outputting a verification result. After a data owner updates the data, the data version is also updated in the original table data, and the values of data indexes are modified; and thus the algorithm can also support the dynamic update of the data beside the remote verification of the data integrity.

Description

A kind of high in the clouds data integrity verification method
Art
Data safety, data are complete, cloud computing field of data storage
Technical background
Cloud develops, and enterprises and individuals more and more tend to store data in high in the clouds, empty to save mobile storage Between and it is convenient access whenever and wherever possible, have great convenience for the user;Meanwhile, data can also be realized beyond the clouds sharing, facilitate other people Download.But, thus also result in the safety problem of data, data storage beyond the clouds, departing from the control of data owner, or Because cloud service provider system is unstable, cloud space by malicious attack, cause loss of data and damage.User is in unwitting situation Under, or various losses will be caused because data are imperfect;So how to determine whether high in the clouds data are completeIf periodically will Data are locally downloading to carry out integrity checking, or directly replaces;Substantial amounts of communication will be so consumed, be also result in greatly Trouble.So the invention discloses a kind of method that can be used for remote data integrity checking, being capable of timing or variable interval Inspection is stored in the data in high in the clouds, verifies its integrity, and supports that data owner updates the data at any time.
The content of the invention
For the high in the clouds data whether whether complete problem of safety, data, the present invention proposes a kind of high in the clouds data integrity Verification method.
The technical solution adopted in the present invention:This method uses Bilinear Pairing algorithm, constructs the original of data first Information table, then randomly selects sample using algorithm and generates checking request, then according to the certificate parameter data that request is sent, Integrity verification parameter is generated, is calculated finally according to the checking function for being constructed, export the result.In data owner couple After data are updated, versions of data renewal, the value of the every data directory of modification are equally carried out in raw information table;So this Algorithm is in addition to energy remote validation data integrity, moreover it is possible to support the dynamic renewal of data.
The invention has the beneficial effects as follows:Can variable interval selective examination be stored in the data in high in the clouds, whether checking packet complete, Meanwhile, the operation such as data owner can carry out increasing newly to packet at any time, change, deletes, without affecting proof procedure.
Specific embodiment
To solve cloud data safe and high in the clouds data integrity issues, the present invention has made and having explained, its Specific implementation step is as follows:
Step 1:Set up the private key and public key of algorithm index needs
Step 2:Generate the checking tag set and initial fresh information table of data block
Step 3:Needed for checking, sampled data block is generated
Step 4:Certificate parameter is generated
Step 5:By verifying function verification of data integrity
Step 6:When data are changed, data message table updates
Parameter and definition involved by above step, is described in detail below:
First, step 1 described above set up algorithm index needs private key and public key concrete calculating process it is as follows:
Step 1.1 bilinear map algorithm
On elliptic curve, setting tool has the multiplication loop group G of phase same order1, G2And GT, g1、g2It is G respectively1, G2Generation Unit, in bilinear map e:G1×G2→GTIn, any u ∈ G1、v∈G2With all of a, b ∈ ZpHave:
e(ua, vb)=e (u, v)ab
That is:
u1、u2∈G1, v ∈ G2When, (u1u2, v)=e (u1, v) e (u2, v)
Step 1.2 sets up the private key and public key of algorithm index needs
X ∈ Z are chosen arbitrarilypAnd u ∈ G1Calculate:
W=ux∈G1
Make private key SK=(x), public key PK=(v, u, g2, w)
Thus, data owner can browsing and download whenever and wherever possible to data F for uploading to high in the clouds, following algorithm for design reality The integrity verification of existing data.
2nd, step 2 described above generates the checking tag set of data block and specifically calculating for initial fresh information table Journey is as follows:
The fresh information table of step 2.1 data initial state
Initial state information table includes the empty gauge outfit of the first row and 4 row, is respectively defined as:Id (i) represents the reality of data block Border physics index, is that unique identifier, the BID of algorithm is indexed for logic, and when there is insertion operation, value has repetition, V and is data Version number, initial value are 0, and the renewal operation of essential record data owner, E record datas update operation, and initial value is 0;Possess If the data block of identical Real-time Logic index BID is not changed, will be distinguished by value E.Data owner is each text The integrity that part is safeguarded an initial state information table to follow the trail of the current state of data and check outer bag data.
Step 2.2 generates the checking tag set and initial fresh information table of data block
User data F is divided into into mnIndividual data block, wherein, mi∈Zp, i=1 ..., n, i.e.,:
F=(m1, m2..., mn), mi∈Zp, i=1 ..., n.
δ is made to represent the label of data block, then:
By function H () and G1In point mapped one by one:H(·):{ 0,1 }*→G1
wi=name | | BIDi||Vi||Ei
Name is that data owner randomly selects, the identifier as data F and:name∈Zp;BIDiFor data block mi File F grows location index, ViIt is data block miRefresh counter, initial value is 0, EiIt is insertion operation, if data block miNot yet There is insertion operation, then value is 0, when having insertion operation, be 1 monotonic increase according to step-length.All data blocks are calculated now Label, they are put into into setIn:
Now, after computing is finished, while obtaining tally set, also generate the original data fresh information table of F;Data Owner is by tally set1≤i≤n is sent to cloud storage service business together with data F.
3rd, step 3 described above verifies that the concrete calculating process that required sampled data block is generated is as follows:
When data owner needs verification of data integrity, j non-null value s is randomly selected from initial fresh information tablei
S={ s1, s2..., sj}
Wherein s1< ... < sj, then for each siSelect a random value vi, and vi∈Zp;If checking request is YZ, Then:
YZ={ (si, vi)}
YZ specifies the data block for being required sampling Detection in this checking.
4th, the concrete calculating process of step 4 certificate parameter generating algorithm described above is as follows:
There are three certificate parameters, respectively R, δ, μ in the method;After specified data block, YZ is sent to into cloud service Business, the sample required for extracting, then randomly selects r ∈ Zp, perform calculating:
R=wr=(ux)r∈G1
Cloud service provider can obtain a linear combination of sampled data block when YZ is received:
Thus calculate:
μ=rh (R)+μ ' ∈ Zp
μ ' is associated with r, hash function H ():G1→Zp, by G1In point and ZpIn element map one by one;So Afterwards in calculating parameter δ:
Certificate parameter { R, μ, δ } is calculated several times by above-mentioned
5th, step 5 described above is as follows by verifying the concrete calculating process of function verification of data integrity:
Perform following calculating:
P=e (δ Rh(R), g2),
Judge:
It is complete during data if P=Q, represent that data are imperfect if P ≠ Q.
6th, the concrete calculating process that data message table updates when step 6 data described above are changed is as follows:
V in the initial fresh information table of data represents that data modification operation is recorded, and carries out data block m per secondary data owneri During modification, version number's V monotonic increases, step-length is 1,;Perform and update operation:
V‘i=Vi+1
mi' cryptographic Hash H (w 'i)=H (name | | BIDi||v′i||Ei
When there is deletion action:
Data owner deletes data block mi, then Id values be set to 0, version number Vi- 1 is set to, from the beginning of i, i=i+1, that is, miSequence number below once adds 1.
When newly-increased data, in data miNew data block is inserted before, and i=i+1, Id (i), BID, V, E update successively, Update simultaneously:
H(w‘i)=H (name | | BID 'i||V′i||E’i
After data owner occurs three above renewal operation, by data message table and (H (w ' after renewali), σ 'iSend To cloud service provider, as the attribute of checking next time.

Claims (7)

1. a kind of high in the clouds data integrity verification method, it is complete that the method is related to data safety, data, cloud computing data storage neck Domain, which is mainly characterized by:Using Bilinear Pairing algorithm, construct the raw information table of data first, according to checking request with Machine extracted data is calculated by parameter and generates certificate parameter, is re-send to high in the clouds by verifying that function is verified, is finally exported The whether complete judgement information of data;
Its specific implementation step is as follows:
Step 1:Set up the private key and public key of algorithm index needs
Step 2:Generate the checking tag set and initial fresh information table of data block
Step 3:Needed for checking, sampled data block is generated
Step 4:Certificate parameter is generated
Step 5:By verifying function verification of data integrity
Step 6:When data are changed, data message table updates.
2., according to a kind of high in the clouds data integrity verification method described in claim 1, it is characterized in that:It is private in the step 1 Key and public key are calculated according to Bilinear Pairing algorithm, based on concrete calculating process is according to bilinear map function, concrete to solve Process is as follows:
Step 1.1 bilinear map algorithm
On elliptic curve, setting tool has the multiplication loop group of phase same order,With,It is respectively,'s Unit is generated, in bilinear map e:In, arbitrarilyWith it is all of Have:
That is:
,When,
Step 1.2 sets up the private key and public key of algorithm index needs
Arbitrarily chooseAndCalculate:
Make private key, public key
Thus, data owner can browsing and download whenever and wherever possible to data F for uploading to high in the clouds, following algorithm for design realizes number According to integrity verification.
3., according to a kind of high in the clouds data integrity verification method described in claim 1, it is characterized in that:The step 2 generates number According to the checking tag set and initial fresh information table of block, its concrete solution procedure is as follows:
The fresh information table of step 2.1 data initial state
Initial state information table includes the empty gauge outfit of the first row and 4 row, is respectively defined as:Id(i)Represent the actual thing of data block Reason index, is that unique identifier, the BID of algorithm is indexed for logic, and when there is insertion operation, it is version that value has repetition, V to data Number, initial value is 0, and the renewal operation of essential record data owner, E record datas update operation, and initial value is 0;Possess identical If the data block of Real-time Logic index BID is not changed, will be distinguished by value E, data owner is tieed up for each file Integrity of the one initial state information table of shield to follow the trail of the current state of data and check outer bag data
Step 2.2 generates the checking tag set and initial fresh information table of data block
User data F is divided intoIndividual data block, wherein,, i.e.,:
,,
OrderThe label of data block is represented, then:
By functionWithIn point mapped one by one:
Name is that data owner randomly selects, the identifier as data F and:For data block Location index is growed in file F,It is data blockRefresh counter, initial value is 0,It is insertion operation, if data BlockOperation is not inserted into, then value is 0, when having insertion operation, is 1 monotonic increase according to step-length, now calculates all They are put into set by the label of data blockIn:
Now, after computing is finished, while obtaining tally set, also generate the original data fresh information table of F;Data owner By tally set,Cloud storage service business is sent to together with data F.
4., according to a kind of high in the clouds data integrity verification method described in claim 1, it is characterized in that:The step 3 verifies institute Sampled data block is needed to generate, concrete solution procedure is as follows:
When data owner needs verification of data integrity, j non-null value is randomly selected from initial fresh information table
Wherein, then for eachSelect a random value, and;If checking request is YZ, Then:
YZ specifies the data block for being required sampling Detection in this checking.
5., according to a kind of high in the clouds data integrity verification method described in claim 1, it is characterized in that:The step 4 checking ginseng Number generating algorithm, its concrete solution procedure are as follows:
There are three certificate parameters in the method, respectively,,;After specified data block, YZ is sent to into cloud service Business, the sample required for extracting, then randomly selects, perform calculating:
Cloud service provider can obtain a linear combination of sampled data block when YZ is received:
Thus calculate:
WillAssociate with r, hash function, willIn point withIn element map one by one; Then in calculating parameter
Certificate parameter is calculated several times by above-mentioned
6., according to a kind of high in the clouds data integrity verification method described in claim 1, it is characterized in that:The step 5 is by testing Card function verification of data integrity, its concrete solution procedure are as follows:
Perform following calculating:
,
Judge:
It is complete during data if P=Q, ifThen represent that data are imperfect.
7., according to a kind of high in the clouds data integrity verification method described in claim 1, it is characterized in that:Step 6 data become When more, data message table updates, and its concrete solution procedure is as follows:
V in the initial fresh information table of data represents that data modification operation is recorded, and carries out data block per secondary data ownerRepair When changing, version number's V monotonic increases, step-length is 1,;Perform and update operation:
Cryptographic Hash
When there is deletion action:
Data owner deletes data block, then Id values be set to 0, version number- 1 is set to, from the beginning of i, i=i+1, that is,Sequence number below once adds 1
When newly-increased data, in dataNew data block, i=i+1, Id are inserted before(i), BID, V, E update successively, together Shi Gengxin:
Occur after three above updates operation in data owner, by the data message table after renewal and,It is sent to Cloud service provider, as the attribute of checking next time.
CN201610403218.0A 2016-06-06 2016-06-06 Cloud data integrity verification method Pending CN106611134A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610403218.0A CN106611134A (en) 2016-06-06 2016-06-06 Cloud data integrity verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610403218.0A CN106611134A (en) 2016-06-06 2016-06-06 Cloud data integrity verification method

Publications (1)

Publication Number Publication Date
CN106611134A true CN106611134A (en) 2017-05-03

Family

ID=58614888

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610403218.0A Pending CN106611134A (en) 2016-06-06 2016-06-06 Cloud data integrity verification method

Country Status (1)

Country Link
CN (1) CN106611134A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108600201A (en) * 2018-04-09 2018-09-28 东华大学 A kind of telesecurity replacing options of the data label of cloud storage integrity verification
CN109413450A (en) * 2018-09-30 2019-03-01 武汉斗鱼网络科技有限公司 A kind of integrity checking method, device, terminal and the storage medium of barrage data
CN109409116A (en) * 2018-11-12 2019-03-01 青岛大学 Solve the safely outsourced method of undirected weighted graph minimal cut
CN110061994A (en) * 2019-04-24 2019-07-26 青岛大学 A kind of cryptograph files set correctness verification method, system and relevant apparatus
CN116860509A (en) * 2023-09-04 2023-10-10 深圳麦风科技有限公司 PST file repairing method, device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101599959A (en) * 2009-07-10 2009-12-09 西北工业大学 Anonymous bidirectional authentication method based on identity
CN103699851A (en) * 2013-11-22 2014-04-02 杭州师范大学 Remote data completeness verification method facing cloud storage
CN103986732A (en) * 2014-06-04 2014-08-13 青岛大学 Cloud storage data auditing method for preventing secret key from being revealed
CN104811450A (en) * 2015-04-22 2015-07-29 电子科技大学 Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101599959A (en) * 2009-07-10 2009-12-09 西北工业大学 Anonymous bidirectional authentication method based on identity
CN103699851A (en) * 2013-11-22 2014-04-02 杭州师范大学 Remote data completeness verification method facing cloud storage
CN103986732A (en) * 2014-06-04 2014-08-13 青岛大学 Cloud storage data auditing method for preventing secret key from being revealed
CN104811450A (en) * 2015-04-22 2015-07-29 电子科技大学 Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108600201A (en) * 2018-04-09 2018-09-28 东华大学 A kind of telesecurity replacing options of the data label of cloud storage integrity verification
CN109413450A (en) * 2018-09-30 2019-03-01 武汉斗鱼网络科技有限公司 A kind of integrity checking method, device, terminal and the storage medium of barrage data
CN109409116A (en) * 2018-11-12 2019-03-01 青岛大学 Solve the safely outsourced method of undirected weighted graph minimal cut
CN109409116B (en) * 2018-11-12 2022-01-28 青岛大学 Safe outsourcing method for solving minimum cut of undirected weighted graph
CN110061994A (en) * 2019-04-24 2019-07-26 青岛大学 A kind of cryptograph files set correctness verification method, system and relevant apparatus
CN110061994B (en) * 2019-04-24 2022-02-25 青岛大学 Ciphertext file set correctness verification method, system and related device
CN116860509A (en) * 2023-09-04 2023-10-10 深圳麦风科技有限公司 PST file repairing method, device and storage medium
CN116860509B (en) * 2023-09-04 2023-12-26 深圳麦风科技有限公司 PST file repairing method, device and storage medium

Similar Documents

Publication Publication Date Title
CN106611134A (en) Cloud data integrity verification method
CN102938767B (en) The fuzzy keyword search methodology that efficiently can verify that based on the outer packet system of cloud data
CN103888262B (en) Secret key changing and signature updating method for cloud data audit
CN107807951A (en) A kind of block chain generation method, data verification method, node and system
CN108540291B (en) Identity-based data integrity verification method in cloud storage
CN105007157B (en) Generating and managing multiple base keys based on device-generated keys
CN104732159B (en) A kind of document handling method and device
CN106357701A (en) Integrity verification method for data in cloud storage
CN104978239A (en) Method, device and system for realizing multi-backup-data dynamic updating
CN105760781A (en) Storage method, restoration method and operation method of ordered and derivable large-data files
CN107707354A (en) A kind of cloud storage data verification method and system based on elliptic curve cryptography
CN105468990A (en) Sensitive information management control method and apparatus
CN106027240B (en) A kind of Key-insulated endorsement method based on attribute
CN108156138A (en) A kind of fine granularity calculated for mist can search for encryption method
Yu et al. Comments on “public integrity auditing for dynamic data sharing with multiuser modification”
CN105162760A (en) Random draw-off method, apparatus and system
CN101547184A (en) Method and device for authenticating data block transmitted in network
CN110958109B (en) Light dynamic data integrity auditing method based on hierarchical merck hash tree
CN109802967A (en) Block chain information method for tracing and system
CN108696356A (en) A kind of digital certificate delet method, apparatus and system based on block chain
CN107423637A (en) Support the traceable integrality auditing method of electronic health record data on cloud
CN106611136A (en) Data tampering verification method in cloud storage
CN104967693A (en) Document similarity calculation method facing cloud storage based on fully homomorphic password technology
CN103916393B (en) Cloud data-privacy protection public's auditing method based on symmetric key
CN106612174A (en) Data security verification and updating method supporting third-party administrator (TPA) in mobile cloud computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170503