CN106650503A

CN106650503A - Cloud side data integrity verification and restoration method based on IDA

Info

Publication number: CN106650503A
Application number: CN201611128811.5A
Authority: CN
Inventors: 付安民; 李雨含; 李帅
Original assignee: Nanjing University of Science and Technology
Current assignee: Nanjing University of Science and Technology
Priority date: 2016-12-09
Filing date: 2016-12-09
Publication date: 2017-05-10
Anticipated expiration: 2036-12-09
Also published as: CN106650503B

Abstract

The invention discloses a cloud side data integrity verification and restoration method based on IDA. The method comprises the following steps of 1, user initialization; 2, storage block generation; 3, vector quantity encryption; 4, label generation; 5, challenging auditing; 6, challenging responding; 7, responding verification; 8, original data restoration. According to the scheme, an original file is encoded, and damaged data is completely restored on the basis of verifying cloud side data integrity. Meanwhile, under the condition of guaranteeing system safety, the complexity of completely verifying labels and restoring calculation is reduced, and the efficiency of the method is effectively improved.

Description

High in the clouds data integrity validation and restoration methods based on IDA

Technical field

The present invention relates to cloud storage and information security field, are related specifically to a kind of high in the clouds data integrity based on IDA Checking and restoration methods.

Background technology

With the extensive application of cloud storage service, increasing user stores data into high in the clouds.But Cloud Server is " half is credible ", data are stored in behind high in the clouds and can lose the control to data by user, therefore cannot determine the number in Cloud Server According to whether complete, when data are destroyed, corresponding initial data cannot be even more recovered.Therefore, it is how complete in checking data The initial data of destroyed data is recovered while whole property becomes a problem demanding prompt solution.

For this problem of integrity verification, research worker proposes the auditing party of integrity verification in many cloud storages Case.These schemes carry out integrity verification using means such as signature, labels to high in the clouds data.However, these schemes are being verified Can not recover to destroying data after whole property, therefore, researcher proposes the recoverable concept of data.

Although having there is the recoverable research of data, existing scheme majority is also all merely resting on integrity verification Stage, without actual restoration methods；Or simply simply original document is encoded using correcting and eleting codes, but this side Method recovery rate is relatively low.

Additionally, some minorities are realized in the recoverable scheme of data based on what is encoded, the computing cost of scheme greatly, increases The overhead burden of whole system.For example, user is not directly the corresponding integrity verification label of memory block calculating, but is first Original block calculates label, and storage label is then calculated again, has more a redundant computation；Or, user's certain server of auditing out is deposited When data are destroyed, the server is replaced using a new server generation, recalculate all data blocks of the server storage And label.

The content of the invention

It is an object of the invention to provide a kind of high in the clouds data integrity validation and restoration methods based on IDA, the method System model as shown in Fig. 2 include three class entities：Cloud storage service device, auditing by third party person TPA and user.When user needs When verifying the integrity of high in the clouds data, user sends audit request to TPA, and TPA to cloud storage service device sends challenge message. After receiving challenge message, Cloud Server can generate corresponding response message and return to TPA.TPA verifies the correctness of response message, And return result to user.When discovery has destroyed data, user initiates recovery request, and TPA audits and finds out m and is good for The data of respective stored are simultaneously returned to user by health server.User is received after not destroyed data, extensive using these data The initial data of destroyed data of appearing again.

The inventive method can not only support the checking of high in the clouds data integrity, and go back when there is destroyed data block The initial data of destroyed data can be effectively recovered, the secret protection of data can be realized, it is ensured that in audit process not The private information of user is revealed, while reducing label complexity, the efficiency of method is effectively improved.

The technical solution for realizing the object of the invention is：A kind of high in the clouds data integrity validation and recovery based on IDA Method, specifically includes following steps：

(1) user's initialization：

User is that system arranges open parameter { G, G_T,q,g,e,H₁,H₂,spk,x₁,x₂,…,x_n, name }, and keep {ssk,υ,K_encPrivately owned.

(2) memory block is generated：

Coefficient vector is chosen, and original document F is carried out into piecemeal, the file after coefficient vector and piecemeal is carried out into Matrix Multiplication Method, obtains file to be stored F^*。

(3) encryption vector：

Using key K_encN coefficient vector is encrypted respectively, obtains encryption vector ε_i。

(4) label is generated：

User randomly selects filename name, and for file calculation document label t, then respectively blocks of files c_ikWith vectorial a_i Calculate corresponding integrity verification label and generate σ_ikAnd ω_i, obtain file set of blocks F_i ^*With integrity tag set Ψ_i, finally By { t, F_i ^*,ε_i,Ψ_i,ω_i(1≤i≤n) is uploaded on i-th server.

(5) audit challenge：

When user needs to verify the integrity of high in the clouds data, to auditing by third party person audit request is sent, then the 3rd Square audit person generates challenge server sequence number set and challenge message, and the cloud that the challenge message is sent in sequence number set is deposited Storage server.

(6) response challenge：

Cloud Server is received after challenge message, generates response message, then the response message is returned to into auditing by third party Person.

(7) response is verified：

Auditing by third party person receives and verify after response message the integrity of data and reach a conclusion, then returns result to use Family.

(8) initial data is recovered：

When auditing by third party person notifies that user has destroyed data block, user initiates recovery request.Third party examines Meter person audits and t (as long as just can realize during t >=m completely recover) individual health servers and returns its data storage to using again Family.User is calculated the initial data of destroyed block.

Compared with prior art, its remarkable result is the present invention：(1) recovery completely to destroying data, the present invention are realized The high in the clouds data integrity validation and restoration methods based on IDA is proposed first.The thought of IDA is applied to into high in the clouds destruction data In recovery, the recovery completely to destroying data is realized.(2) computation complexity is reduced, reduces computing cost, this invention simplifies complete Integrity verification label, reduces computation complexity, and using the less multiplication of expense and addition during data are recovered Computing, solves the problems, such as to a certain extent computing cost in background technology.(3) safety of invention be it is evincible, the Tripartite audit person requires no knowledge about the private information of user during checking integrity, it is ensured that the private information of user is not Can reveal.Because different block and label can not generate identical checking information, therefore integrity label has and can not forge Property, the label that any attacker forges can not all pass through integrity verification.

Description of the drawings

Fig. 1 is the basic flow sheet of the present invention.

Fig. 2 is the system model of the present invention.

Fig. 3 is the relation for destroying data recovery rate and health servers number t audited again.

Specific embodiment

Below in conjunction with the drawings and specific embodiments, the present invention is described in further detail.

Choose user U under a cloud storage environment to verify its integrity of data stored and data recovery event.

As shown in the inventive method basic flow sheet (Fig. 1), the present embodiment specific implementation step is as follows：

Step 101：User initializes：User is that system chooses open parameter and arranges the public key and private key of system.

It is specific as follows：

1) multiplication loop group G, G that rank is q are chosen_T, g is the generation unit of G；Choose bilinear map e:G×G→G_T；Choosing Take two one-way Hash functions H₁:T → G, H₂:Z → G, wherein, Z is a set of integers, T ∈ (i, k) | 1≤i≤n, 1≤k≤ N/m}.Above parameter is disclosed.

2) user is that system arranges public key pk=(spk, z, { x_i}_1≤i≤n) and private key sk=(ssk, K_enc,υ).Concrete step It is rapid as follows：

(1a) signature key is randomly selected to (spk, ssk).

(1b) x is randomly selected₁,x₂,…,x_n←Z_p。

(1c) secret value υ, K are randomly selected_enc←Z_p, calculate z=g^υ。

Step 102：Memory block is generated：Choose coefficient vector, and original document F carried out into piecemeal, by coefficient vector and point File after block carries out matrix multiplication, obtains file to be stored F^*.It is specific as follows：

1) user randomly selects n m dimensional vectorAnd combine n vector To coefficient matrix M=[a_i,j] (1≤i≤n, 1≤j≤m) (any m*m matrixes must be reversible in M).

2) by original document F={ b₁,b₂,…,b_NN/m blocks are divided into, obtain file the F={ (b after piecemeal₁,…, b_m),(b_m+1,…,b_2m),…,(…,b_N), the blocked file combination is obtained into the document matrix of m* (N/m).

3) coefficient matrix for randomly selecting and document matrix are done into matrix multiplication as follows, obtains file to be stored F^*。

Wherein, c_ik=a_i*S_k=a_i1*b_(k-1)m+1+…+a_im*b_km, the i-th row blocks of files F_i ^*={ c_i1,c_i2,…,c_iN/mDeposit Store up in i-th server.

Step 103：Encryption vector：User uses private key K_encN coefficient vector is encrypted respectively, obtain encrypting to Amount

Step 104：Label is generated：User is file calculation document label t, then respectively blocks of files c_ikWith vectorial a_iCalculate Corresponding integrity verification label generates σ_ikAnd ω_i, obtain file set of blocks F_i ^*With integrity tag set Ψ_i, finally incite somebody to action t, F_i ^*,ε_i,Ψ_i,ω_i(1≤i≤n) is uploaded on i-th server.It is specific as follows：

1) calculation document label t processes are as follows：

(1a) user's random selection filename name ← Z_p。

(1b) by name, n, x₁,x₂,…,x_nLink | | n | | x that obtain θ=name₁||…||x_n。

(1c) θ is signed using private key ssk, and θ its corresponding signature links is obtained into file label t= (name||n||x₁||…||x_n)||Sig_ssk(name||n||x₁||…||x_n)。

2) data block c is calculated_ikIntegrity verification label

3) encryption vector ε is calculated_iIntegrity verification label ω_i=H₂(i)·ε_i ^υ。

4) integrity verification tag set Ψ={ Ψ is exported_i={ σ_ik}_1≤k≤N/m}_1≤i≤n, Γ={ ω_i}_{1≤i ＜ n}。

5) by { t, F_i,ε_i,Ψ_i,ω_iUpload on i-th server, delete initial data local.

Step 105：Audit challenge：When user needs to verify the integrity of high in the clouds data, send to auditing by third party person Audit request, then auditing by third party person generates challenge server sequence number set and challenge message, and the challenge message is sent To the cloud storage service device in sequence number set.It is specific as follows：

1) TPA random selections one from [1, n] have subset I of L element, and element representation is challenged the index of server Number.

2) random number v is generated_k←Z_p, wherein k ∈ [1, N/m].

3) by challenge collection Q={ (k, v_k)}_1≤k≤N/mCloud server is sent to, k represents the index of data block in server Number, the call number of server is in set I.

Step 106：Response is challenged：Cloud Server is received after challenge message, response message is generated, then by the response message The person that returns to auditing by third party.It is specific as follows：

1) Cloud Server is calculatedWith

2) by response message R={ t, μ_i,σ_i,ε_i,ω_iReturn to TPA.

Step 107：Checking response：Auditing by third party person receives and verify after response message the integrity of data and draw knot By, then return result to user.It is specific as follows：

1) TPA public key spk verify the signature in file label, and if signature is effective { x is recovered₁,x₂,…,x_n, if Invalid audit is interrupted.

2) TPA is calculated

3) verify whether following equalities are set up：

e(∏_i∈Iσ_i, g)=e (∏_i∈Iδ_i·η_i,z)

e(∏_i∈Iω_i, g)=e (∏_i∈IH₂(i)·ε_i,z)

If 4) two above equation is set up, effective response is returned to user, user high in the clouds data are otherwise notified immediately There are destroyed data.

Step 108：Recover initial data：When auditing by third party person notifies that user has destroyed data block, user Initiate recovery request.Auditing by third party person audits t (as long as just can realize during t >=m completely recover) individual health servers again And its data storage is returned to user.User is calculated the initial data of destroyed block.It is specific as follows：

1) user uses private key K_encCoefficient vector is decrypted, is obtained

2) coefficient vector is combined and obtains m*m matrix As=(a_ij)_1≤i,j≤m, due to recovering to need at least m health service Device, here matrix directly write as m*m.

3) inverse matrix A of A is calculated^-1=(α_ij)_1≤i,j≤m。

4) inverse matrix and the memory block for returning are done into matrix operationss, obtains initial data, calculating process is as follows：

Wherein, b_j=α_i1·c_1k+…+α_im·c_mk。

Embodiment：The number for arranging server is 50, and the value of m provides destruction data recovery rate and examine again for 8, Fig. 3 The relation of health servers number t of meter.

Claims

1. a kind of high in the clouds data integrity validation and restoration methods based on IDA, the method cloud storage data model is related to Entity includes：User (Users), cloud storage service device (Cloud Storage Servers) and auditing by third party person TPA (the Third Party Auditor)；

It is characterized in that step is as follows：

(1) user's initialization：

It is { G, G that user arranges the open parameter of system_T,q,g,e,H₁,H₂,spk,x₁,x₂,…,x_n, privately owned parameter for ssk, υ,K_enc, wherein, G, G_TIt is multiplication loop group, exponent number is q, and g is the generation unit of G；Bilinear map mapping e meets：e:G×G →G_T；One-way Hash function H₁、H₂Meet：H₁:T→Z,H₂:Z → G, wherein T ∈ (i, k) | and 1≤i≤n, 1≤k≤N/m }, Z is Set of integers；Spk/ssk is the public private key-pair for calculating signature；Randomly select x₁,x₂,…,x_n←Z_p, υ, K_enc←Z_p；

(2) memory block is generated：

User chooses the coefficient vector { a of n m dimension₁..., a_i..., a_n}；Piecemeal is carried out to original document F and obtains F={ (b₁,…, b_m),(b_m+1,…,b_2m),…,(…,b_N), coefficient vector and blocked file are carried out into matrix multiplication, obtain file to be stored F^* =F_i ^*={ c_i1,c_i2,…,c_iN/m}(1≤i≤n)；

(3) encryption vector：

Using key K_encN coefficient vector is encrypted respectively, obtains encryption vectorWherein, 1≤i≤ N, Enc are symmetric encipherment algorithms；

(4) label is generated：

User randomly selects filename name ← Z_p, it is file calculation document label t, then respectively blocks of files c_ikWith vectorial a_iMeter Calculate corresponding integrity verification label σ_ikAnd ω_i, obtain integrity tag set Ψ_i, finally by { t, F_i ^*,ε_i,Ψ_i,ω_i}(1 ≤ i≤n) upload on i-th server；Wherein, 1≤i≤n, 1≤k≤N/m, t=(name | | n | | x₁||…||x_n)|| Sig_ssk(name||n||x₁||…||x_n), Sig is Digital Signature Algorithm,ω_i=H₂(i)·ε_i ^υ, Ψ_i={ σ_i1,…,σ_ik,…,σ_i(N/m)}；

(5) audit challenge：

When user needs to verify the integrity of high in the clouds data, to auditing by third party person audit request, auditing by third party person are sent Generate sequence number set I and challenge collection Q={ (k, v_k)}_1≤k≤N/m, and the server challenge collection being sent in set I；Wherein, I is the subset of [1, n], there is l (l>M) individual element；Random number v_k←Z_p；

(6) response challenge：

Cloud Server is received after challenge collection, generates response message R={ t, μ_i,σ_i,ε_i,ω_i, and the message is returned to into third party Audit person；Wherein,

(7) response is verified：

Auditing by third party person receives and verify after response message the integrity of data and reach a conclusion, then returns result to user；

(8) initial data is recovered：

When auditing by third party person notifies that user has destroyed data block, user initiates recovery request；Auditing by third party person Again t health servers of auditing simultaneously return its data storage to user, as long as just can realize recovering completely during t >=m；User It is calculated the initial data of destroyed block.

2. the high in the clouds data integrity validation and restoration methods based on IDA according to claim 1, it is characterised in that：Step Suddenly the generating process of memory block is as follows in (2)：

1) coefficient vector of n m dimension is randomly selected

2) coefficient vector of selection is combined into into a coefficient matrix M=[a_i,j](1≤i≤n,1≤j≤m)；

3) coefficient matrix and initial data block matrix are done into matrix multiplication to obtain storing block matrix, calculating process is as follows：

Wherein, c_ik=a_i*S_k=a_i1*b_(k-1)m+1+…+a_im*b_km。

3. the high in the clouds data integrity validation and restoration methods based on IDA according to claim 1, it is characterised in that：Step Suddenly checking answering is as follows in (7)：

1) TPA public key spk verify whether the signature on file label t is correct, and { x is extracted if correct₁,x₂,…,x_n, if wrong By mistake then audit terminates；

2) TPA is calculated

3) verify whether below equation is set up：

e(∏_i∈Iσ_i, g)=e (∏_i∈Iδ_i·η_i,z)

e(∏_i∈Iω_i, g)=e (∏_i∈IH₂(i)·ε_i,z)

If 4) two above equation is set up, TPA to user returns effective response；Otherwise notify that user is present immediately destroyed Block.

4. the high in the clouds data integrity validation and restoration methods based on IDA according to claim 1, it is characterised in that：Step Suddenly the initial data process for recovering destroyed block in (8) is as follows：

1) coefficient vector in the t health servers that decryption is received

2) inverse matrix A of coefficient matrix is solved^-1=(α_ij)_1≤i,j≤m, recover to need at least m health servers, here matrix is straight Connect and write as m*m；

3) do matrix multiplication with inverse matrix and corresponding health data block and obtain original data block, process is as follows：

Wherein, b_j=α_i1·c_1k+…+α_im·c_mk。