CN106611136A - Data tampering verification method in cloud storage - Google Patents
Data tampering verification method in cloud storage Download PDFInfo
- Publication number
- CN106611136A CN106611136A CN201610511021.9A CN201610511021A CN106611136A CN 106611136 A CN106611136 A CN 106611136A CN 201610511021 A CN201610511021 A CN 201610511021A CN 106611136 A CN106611136 A CN 106611136A
- Authority
- CN
- China
- Prior art keywords
- data
- lattice
- index
- cloud storage
- challenge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data tampering verification method in cloud storage. The method comprises the following steps: partitioning data by use of lattice theory, and then performing hashing to generate an index label and a header containing data dynamic information, transforming header data into leaf nodes of an MHT hashing tree, and saving the leaf nodes, and then respectively mapping a data block value and a data block index to two lattices to generate a coset of intersection of the two lattices, and computing a short vector in the coset by use of a short basis to generate a signature of a data block; combining the block index with a challenge weight to form a challenge request in verification, and designing a computing function to compute a data integrity evidence, wherein the evidence is used for computing whether the data is illegally accessed and tampered. The method disclosed by the invention is high in security and free from data copy operation; the communication expenditure and computation cost are lowered; and the verification can be synchronously initiated to multiple tasks so that the efficiency is improved.
Description
Technical field
The present invention relates to cloud computing, cloud storage field, are specifically related to information security field.
Background technology
With the development of cloud computing technology, beyond the clouds, user also tends to information be uploaded in cloud substantial amounts of application memory
To save locally stored resource.But, while cloud storage offers convenience, also bring new safety problem, information leakage
It is problem that each user worries, it is many that the computing environment of the data and complexity of high concentration causes user data to be subjected to
Threaten.As system complexity rises, vulnerability is consequently increased.Secondly, multi-tenant shares cloud computing resources, is subjected to data
The risk of damage is bigger.Under cloud computing environment, the resource customized between tenant and tenant typically by logic method every
From.Attacker's possible spoofing of malice is launched a offensive into tenant from inside, invades the data of other users.
In information Store, divulged a secret by fly-by-night cloud service provider, or peeped by malicious user, replicate leakage, data
Loss etc. is caused by attack, becomes current challenge, then how to verify whether data are divulged a secret by fraudulent copying, distorted
In order to solve this problem, researchers propose certain methods, but the security model adopted by these methods is base mostly
Difficult problem is calculated in big number decomposition and discrete logarithm etc..There is method to propose that a kind of data based on sentry post can recover proof mechanism,
The mechanism can not only recognize the behavior that data integrity is invaded on remote node, and can also recover a part of damaged data.But
The mechanism does not support open checking, and can only carry out limited number of time checking, and another is used to verify that data are complete on insincere node
Integrity verification model, referred to as the data property held prove that the model supports disclose checking, and are not limited by checking number of times;But
Calculation cost and communication overhead are larger, and security model is based on big number decomposition computation hardly possible problem.
Thus, present invention proposition is a kind of can carry out unusual fluctuation (bag in the case of no data copy to the data in cloud storage
Include unauthorized access and duplication, distort) checking, and can support that data owner is updated to data.
The content of the invention
For the above-mentioned deficiency of prior art, the present invention proposes a kind of data tampering verification method in cloud storage.
To solve the problems, such as appeal, the present invention is achieved by the following technical solutions:
The inventive method application case theory, Hash after deblocking generate index tab and comprising data multidate information
Gauge outfit, gauge outfit data are converted into the leaf node of MHT Hash trees and store, and then map data block value and data block index respectively
To on two lattice, the coset that two lattice occur simultaneously then is generated, the signature that the short amount in coset generates data block is calculated with short base;
During checking, block is indexed and challenged weight and combines composition challenge request, design calculates function and calculates the complete evidence of data, by evidence
Calculate whether data are distorted by unauthorized access.
In cloud storage, a kind of data tampering verification method, specifically includes following steps:
Step 1:The generation of dynamic operation function and file index information.
Step 2:Multidate information is implanted into and data public-key cryptographic keys are generated.
Step 3:Lattice theory calculates the digital signature of data.
Step 4:Certificate parameter is generated.
Step 5:The checking of data dynamic and integrity.
The invention has the beneficial effects as follows:
1st, safe, no data copy is operated, and reduces communication-cost and calculation cost.
2nd, simultaneously multiple tasks can be initiated to verify, improves efficiency.
Specific embodiment
For a kind of data tampering verification method in cloud storage, which comprises the following steps that:
Step 1:The generation of dynamic operation function and file index information
VectorIt is one group of linearly independent vector, then the lattice Λ for having B generations is:
Wherein c ∈ ZnRepresent that c is defined in the n-ary function on Z, B is referred to as the base of lattice Λ.For given ZnIn, 2 n dimensions
Lattice Λ1With Λ2It is coprime, i.e. Λ1+Λ2=Zn, have:
If the lattice vector of one group of full rankThen there is another group of a multinomial algorithm generation and meet commercial city length about
The short base T of beam, i.e.,:
For the file F that will store cloud, n blocks of files is classified as, blocks of files is represented with m, i.e.,:
F={ m1, m2..., mn}
A gauge outfit is generated, comprising 5 row, respectively data modification (M), data insertion (T), data deletion (D), data are visited
Ask number of times (N), modification time (time), front 4 initial values are all 0, and time term record is last modification time.
Using hash algorithm, to data block mi(1≤i≤n) carries out Hash, generates data block summary h (mi), wherein h (mi)
| | i is indexed for data block.
Step 2:Multidate information is implanted into and data public-key cryptographic keys are generated
P, q represent two different prime numbers, and it is Λ, Λ to define three lattice1、Λ2, wherein Λ=Λ1∩Λ2, Λ1=pZn,T=Tq, it is one group of short base of Λ kinds.
Define hash function H:Define s,So public key PK is defined as:Pk
=(Λ, Λ1, Λ2, s, H), private key SK=T.
Defined function f (t)=(N, M, T, D), y → f (t), using f (t) as the leaf node of MHT Hash trees, iterate to calculate
Go out root hashed value RMHTAnd as checking metadata storage, root node y is hashed in ciphering process, access is received per secondary data
During request, according to access request operation note f (t) value, N is embodied in, the change of tetra- values of M, T, D is above.That is work as number
When according to there is operation, R 'MHT≠RMHT, return R 'MHTValue, parsing is obtained N, the value of M, T, D, and determines that data were carried out
Which operation.
Data F are encrypted with public key, obtain ciphertext data CF
Step 3:Lattice theory calculates the digital signature of data
There are two lattice, Λ1+Λ2=Zn, by data block miWith h (mi) be respectively mapped on two lattice:
Wherein p, q represent two different prime numbers, as the homorphism of rings is expressed as:And there is one group completely
The lattice vector of orderThen:AndT represents one group of short lattice, makes δi=min (Ti), then have:
δi=mod Λ1modΛ2·H(h(mi)||i)
δiRepresent several piece miDigital signature, Φ={ δi, Φ represents the signature set of generation.Then by ciphertext dataHigh in the clouds, locally stored sk are uploaded to digital signature set Φ.
Step 4:Certificate parameter is generated
During checking, server parses Λ first1, Λ2, s, i information, then from block index { h (mi) | | i } middle extraction j
Index block is corresponded to the challenge index of extraction in challenge indexed set J, J=(j as challenge index1, j2..., jj), for
Each challenge index block ji(1≤i≤j) randomly selects challenge weight ui,Will the two in combination as
Challenge request chal=(ji, ui)j∈J, it is subsequently sent to server.
After server receives challenge request chal, using { the C to storeF, Φ } and calculation of integrity evidence Γ=(μ, σ),
The computational methods of μ, σ are as follows:
Meanwhile, by hashed value f (t) and its checking information { H (m of chal data blocksi), ΓiTogether with μ, the value one of σ rises
It is sent to checking port.
Step 5:The checking of data dynamic and integrity
5.1 dynamic authentication
The data for receiving are by f (t) and { H (mi), ΓiAfter, using f (t) as the leaf node of MHT Hash trees, iterate to calculate out
Root hashed value R 'MHT;As R 'MHT≠RMHT, return R 'MHTValue, parsing is obtained N, the value of M, T, D, time, and determines that data are entered
Went which operation.
5.2 integrity verification
After receiving the checking data of attached return, user parsing Γ=(μ, σ) makes the following judgment:
σ modp=μ;
For j ∈ J, calculate:
αi=H { h (mi) | | i },
Judge:
Whether set up, if establishment, then illustrate complete during data, be false, then data are damaged;What output was destroyed
Data block.
Claims (6)
1. a kind of data tampering verification method in cloud storage, the present invention relates to cloud computing, cloud storage field, are specifically related to information
Security fields, is characterized in that, comprise the steps:
Step 1:The generation of dynamic operation function and file index information
Step 2:Multidate information is implanted into and data public-key cryptographic keys are generated
Step 3:Lattice theory calculates the digital signature of data
Step 4:Certificate parameter is generated
Step 5:The checking of data dynamic and integrity.
2., according to a kind of data tampering verification method in the cloud storage described in claim 1, it is characterized in that, it is concrete in step 1
Calculating process it is as follows:
Step 1:The generation of dynamic operation function and file index information
VectorIt is one group of linearly independent vector, then the lattice Λ for having B generations is:
WhereinRepresent that c is defined in the n-ary function on Z, B is referred to as the base of lattice Λ, for givenIn, 2 n dimensions
LatticeIt is coprime, i.e.,, have:
If the lattice vector of one group of full rank, then there is another group of a multinomial algorithm generation and meet commercial city length constraint
Short base T, i.e.,:
For the file F that will store cloud, n blocks of files is classified as, blocks of files is represented with m, i.e.,:
A gauge outfit is generated, comprising 5 row, respectively data modification(M), data insertion(T), data deletion(D), data access time
Number(N), modification time(time), front 4 initial values are all 0, and time term record is last modification time
Using hash algorithm, to data blockHash is carried out, data block summary is generated, whereinIndex for data block.
3., according to a kind of data tampering verification method in the cloud storage described in claim 1, it is characterized in that, it is concrete in step 2
Elaborate process it is as follows:
Step 2:Multidate information is implanted into and data public-key cryptographic keys are generated
P, q represent two different prime numbers, define three lattice and are, wherein It isThe one group of short base planted
Define hash function H:, s is defined,, so public key PK is defined as:, private key SK=T
Defined functionf(t)=(N,M,T,D),, willf(t)As the leaf node of MHT Hash trees, iterate to calculate out
Root hashed valueAnd as checking metadata storage, root node y is hashed in ciphering process, access is received per secondary data
During request, according to access request operation notef(t)Value, is embodied in N, and the change of tetra- values of M, T, D is above, that is to say, that work as number
When according to there is operation,ReturnValue, parsing is obtained N, the value of M, T, D, and determines number
According to which operation carried out, data F are encrypted with public key, obtain ciphertext data。
4., according to a kind of data tampering verification method in the cloud storage described in claim 1, it is characterized in that, step 3 it is concrete
Calculating process is as follows:
Step 3:Lattice theory calculates the digital signature of data
There are two lattice,, by data blockWithIt is respectively mapped on two lattice:
Wherein p, q represent two different prime numbers, due toAnd there is one group of full rank
Lattice vector, then:T represents one group of short lattice, order,
Then have:
,, Φ represents the signature set of generation, then by ciphertext data
High in the clouds, locally stored sk are uploaded to digital signature set Φ.
5., according to a kind of data tampering verification method in the cloud storage described in claim 1, it is characterized in that, step 4 it is concrete
Calculating process is as follows:
Step 4:Certificate parameter is generated
During checking, server is parsed firstInformation, then from block index| | i } middle extraction j
Index block corresponds to the challenge index of extraction in challenge indexed set J as challenge index,, it is right
In each challenge index blockRandomly select challenge weightThe two is combined
As challenge requestIt is subsequently sent to server
Server receives challenge requestchalAfterwards, using storingCalculation of integrity evidence
Computational methods it is as follows:
Meanwhile, by the hashed value of chal data blocksf(t)And its checking informationTogether withValue be sent collectively to
Checking port.
6., according to a kind of data tampering verification method in the cloud storage described in claim 1, it is characterized in that, described in step 5
Calculating process it is as follows:
Step 5:The checking of data dynamic and integrity
5.1 dynamic authentication
The data for receiving willf(t)WithAfterwards, willf(t)As the leaf node of MHT Hash trees, root is iterated to calculate out
Hashed valueWhenReturnValue, parsing N, M, T, D is obtained,timeValue, and determine
Which operation was data carried out
5.2 integrity verification
After receiving the checking data of attached return, user's parsingMake the following judgment:
ForCalculate:
Judge:
Whether set up, if establishment, then illustrate complete during data, be false, then data are damaged;The destroyed data of output
Block.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610511021.9A CN106611136A (en) | 2016-07-01 | 2016-07-01 | Data tampering verification method in cloud storage |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610511021.9A CN106611136A (en) | 2016-07-01 | 2016-07-01 | Data tampering verification method in cloud storage |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106611136A true CN106611136A (en) | 2017-05-03 |
Family
ID=58614896
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610511021.9A Pending CN106611136A (en) | 2016-07-01 | 2016-07-01 | Data tampering verification method in cloud storage |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106611136A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107317819A (en) * | 2017-07-13 | 2017-11-03 | 北京邮电大学 | Encryption method, decryption method and its device of conventional data based on trust data form |
CN107423637A (en) * | 2017-07-31 | 2017-12-01 | 南京理工大学 | Support the traceable integrality auditing method of electronic health record data on cloud |
CN107508801A (en) * | 2017-08-04 | 2017-12-22 | 安徽智圣通信技术股份有限公司 | A kind of file tamper-proof method and device |
CN108647230A (en) * | 2018-03-29 | 2018-10-12 | 深圳市网心科技有限公司 | Distributed storage method, electronic device and storage medium |
CN109257954A (en) * | 2017-05-15 | 2019-01-22 | 松下电器(美国)知识产权公司 | Verification method, verifying device and program |
CN111090386A (en) * | 2018-10-23 | 2020-05-01 | 北京白山耘科技有限公司 | Cloud storage method, device and system and computer equipment |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105320899A (en) * | 2014-07-22 | 2016-02-10 | 北京大学 | User-oriented cloud storage data integrity protection method |
-
2016
- 2016-07-01 CN CN201610511021.9A patent/CN106611136A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105320899A (en) * | 2014-07-22 | 2016-02-10 | 北京大学 | User-oriented cloud storage data integrity protection method |
Non-Patent Citations (1)
Title |
---|
谭霜 等: "云存储中一种基于格的数据完整性验证方法", 《计算机研究与发展》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109257954A (en) * | 2017-05-15 | 2019-01-22 | 松下电器(美国)知识产权公司 | Verification method, verifying device and program |
CN109257954B (en) * | 2017-05-15 | 2022-10-28 | 松下电器(美国)知识产权公司 | Authentication method, authentication device, and computer-readable recording medium |
CN107317819A (en) * | 2017-07-13 | 2017-11-03 | 北京邮电大学 | Encryption method, decryption method and its device of conventional data based on trust data form |
CN107423637A (en) * | 2017-07-31 | 2017-12-01 | 南京理工大学 | Support the traceable integrality auditing method of electronic health record data on cloud |
CN107423637B (en) * | 2017-07-31 | 2020-07-31 | 南京理工大学 | Integrity auditing method supporting traceability of electronic medical record data on cloud |
CN107508801A (en) * | 2017-08-04 | 2017-12-22 | 安徽智圣通信技术股份有限公司 | A kind of file tamper-proof method and device |
CN108647230A (en) * | 2018-03-29 | 2018-10-12 | 深圳市网心科技有限公司 | Distributed storage method, electronic device and storage medium |
CN108647230B (en) * | 2018-03-29 | 2021-10-08 | 深圳市网心科技有限公司 | Distributed storage method, electronic device, and storage medium |
CN111090386A (en) * | 2018-10-23 | 2020-05-01 | 北京白山耘科技有限公司 | Cloud storage method, device and system and computer equipment |
CN111090386B (en) * | 2018-10-23 | 2023-12-19 | 北京白山耘科技有限公司 | Cloud storage method, device, system and computer equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110300112B (en) | Block chain key hierarchical management method | |
CN106611136A (en) | Data tampering verification method in cloud storage | |
CN113364600B (en) | Certificateless public auditing method for integrity of cloud storage data | |
Zheng et al. | Fair and dynamic proofs of retrievability | |
CN113556322B (en) | Cloud data integrity verification method based on blockchain | |
CN103501352B (en) | A kind of cloud storage data method for auditing safely allowing group user identity to cancel | |
CN110719165B (en) | Block chain distributed dynamic network key generation and encryption method | |
CN108039943B (en) | Verifiable encryption searching method | |
CN111130757A (en) | Multi-cloud CP-ABE access control method based on block chain | |
CN113312574A (en) | Cloud data integrity auditing method based on block chain | |
CN109525403B (en) | Anti-leakage public cloud auditing method supporting full-dynamic parallel operation of user | |
CN108123934B (en) | Mobile-end-oriented data integrity verification method | |
CN103778387B (en) | Big data dynamic memory integrity verification method based on lattice | |
CN110263584A (en) | A kind of data integrity auditing method and system based on block chain | |
CN107707354A (en) | A kind of cloud storage data verification method and system based on elliptic curve cryptography | |
CN111541666A (en) | Certificateless cloud end data integrity auditing method with privacy protection function | |
CN112565264B (en) | Cloud storage data integrity detection method based on block chain | |
CN112152813B (en) | Certificateless content extraction signcryption method supporting privacy protection | |
CN104899525A (en) | Cloud data integrity proving scheme with improved dynamic operations | |
Alupotha et al. | Aggregable confidential transactions for efficient quantum-safe cryptocurrencies | |
CN110460447A (en) | Edge calculations data accountability system and auditing method based on Hash binary tree | |
CN106612274A (en) | Homogeneity-based shared data verification algorithm in cloud computing | |
CN112671712A (en) | Cloud data integrity verification method and system supporting efficient dynamic update | |
CN109063513B (en) | Dynamic data integrity verification method based on Hadoop platform | |
Li et al. | A forward-secure certificate-based signature scheme |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170503 |
|
WD01 | Invention patent application deemed withdrawn after publication |