CN106899406A - A kind of method of proof of high in the clouds data storage integrality - Google Patents
A kind of method of proof of high in the clouds data storage integrality Download PDFInfo
- Publication number
- CN106899406A CN106899406A CN201710156259.9A CN201710156259A CN106899406A CN 106899406 A CN106899406 A CN 106899406A CN 201710156259 A CN201710156259 A CN 201710156259A CN 106899406 A CN106899406 A CN 106899406A
- Authority
- CN
- China
- Prior art keywords
- user
- blocks
- files
- proof
- clouds
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1074—Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
- H04L67/1078—Resource delivery mechanisms
- H04L67/108—Resource delivery mechanisms characterised by resources being split in blocks or fragments
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The invention discloses a kind of method of proof of high in the clouds data storage integrality, comprise the following steps:User pre-processes to file to be uploaded:Generation private key, to file block and calculate the label of each blocks of files;Pretreated file is sent to cloud storage service device by user, local only to preserve private key;When needing to verify the integrality of high in the clouds data storage, user randomly selects some blocks of files and initiates to challenge to high in the clouds;High in the clouds generation possesses the proof of blocks of files and returns to user;The proof that user possesses high in the clouds blocks of files carries out high in the clouds data integrity validation.Compared with prior art, the positive effect of the present invention is:Using the additive homomorphism of binary data step-by-step extract operation, the integrality of multiple blocks of files can be disposably verified, and the method has data expanding rate low and the characteristics of computation complexity is low.
Description
Technical field
The present invention relates to a kind of method of proof of high in the clouds data storage integrality.
Background technology
With the popularization of data explosion and broadband network, cloud storage have become one of current field of cloud calculation it is important should
Use branch.Current popular cloud storage service has DropBox, the Google Drive of Google, the SkyDrive of Microsoft, with
And Baidu's Dropbox, Kingsoft fast disk, Huawei's Dropbox of the country etc..These cloud storage services provide one to sea for enterprises and individuals
Amount data carry out the solution of safekeeping and efficient access.Increasing enterprises and individuals are intended to the number of oneself
According to being hosted in cloud storage service business.Cloud storage has cheap memory space, everywhere access, convenience shared, disaster-tolerant backup
Advantage.
However, cloud storage is while convenience is brought, security is but the major issue for producing therewith.If with
Mass data has been deposited on Cloud Server in family, and how he checks whether data are lost or damaged.On the surface, cloud storage
The technologies such as security protection and disaster-tolerant backup inside service provider have been evaded because of risk caused by user's local data volatibility.So
And, hacker attacks, equipment fault, internal staff's malice the security threat such as are distorted and are still existed.For a user, high in the clouds is deposited
Storage server remains an incomplete believable entity.
Obviously, if user is by downloading the data of all trustships come the integrality of inspection data, in bandwidth, local capacity
All it is unpractical with efficiency aspect.Still more, for multimedia, database some large-scale binary files, Yong Hugeng
Plus can not possibly be by opening the integrality of the plain mode checking file of Fileview.Therefore, cloud storage service business must pass through
A kind of efficient method provides a user with the proof of data integrity.
Provable data hold the integrity checking of the thought from teledata of technology.In October, 2007, Ateniese
Et al. define the concept that provable data hold (PDP) first.There are user and service two roles of business in scheme, user can be right
The file stored in incredible service provider carries out completeness check.User is pre-processed to file, and file is divided into
Block, is that one homomorphism of each data block generation can verify that label;User randomly chooses some blocks of files during checking, it is desirable to server
The evidence of these blocks is intactly held in return;Server is generated and proved according to requested piece with their label;User according to
It is accurate that private key verification is proved whether.It is to have surveyed sample some blocks of files during due to verification, and their label has homomorphism
Property can be overlapped mutually, and the interactive information between user and server is approximately a constant, the amount of calculation of both sides during verification
It is smaller, and allow to carry out unlimited number of verification.This scheme is based on public key cryptography technology, file preprocessing process and verification process
Computing cost than larger.
2008, Ateniese proposed the extension PDP schemes based on symmetric cryptographic technique, the setting challenge in initialization
Content and number of times, response is placed on client as metadata, the modification of blocks of files can be realized, deleted and additional.But it
Challenge and update times are limited by initialization value, and do not support open checking.C.Erway et al. proposes dynamic can
Prove that data hold (DPDP) scheme.They introduce a table based on level on the basis of PDP schemes, for constituent act
Block, can realize increasing newly, change and deleting in units of block, can be effectively used for document storage system, Database Systems
With point-to-point storage system.DPDP schemes access level table is required for during verification and renewal with determine it is specific certain
Blocks of files, also includes access path information, so its computation complexity and communication complexity in the proof value that server is returned
It is all higher.
In sum, there is following two defect in existing scheme:
(1) it is currently based in the remote data integrity verification method of public key cryptography technology, user carries out pre- place to file
Computing cost during reason and Late Stage Verification is not suitable for the use in lightweight equipment than larger.
(2) it is currently based in the remote data integrity verification method of symmetric cryptographic technique, file label is larger, original number
It is high according to expansion rate.In dynamic aspect, computing cost and communication overhead are all than larger.
The content of the invention
In order to overcome the disadvantages mentioned above of prior art, the invention provides a kind of proof side of high in the clouds data storage integrality
Method.
The technical solution adopted for the present invention to solve the technical problems is:A kind of proof side of high in the clouds data storage integrality
Method, comprises the following steps:
Step one, user pre-process to file to be uploaded:Generation private key, to file block and calculate each file
The label of block;
Pretreated file is sent to cloud storage service device by step 2, user, local only to preserve private key;
Step 3, when need verify high in the clouds data storage integrality when, user randomly selects some blocks of files and to cloud
Initiate challenge in end;
Step 4, high in the clouds generation possess the proof of blocks of files and return to user;
The proof that step 5, user possess high in the clouds blocks of files carries out high in the clouds data integrity validation.
Compared with prior art, the positive effect of the present invention is:The data on cloud storage service device are uploaded to for user
There is a problem of being deleted and distorting, the present invention proposes a kind of high in the clouds number based on pseudo-random function and pseudo-random permutation function
According to the method for proof of storage integrality, to verify user data security beyond the clouds.The method utilizes binary data step-by-step
The additive homomorphism of extract operation, can disposably verify the integrality of multiple blocks of files, and the method has data expansion
The characteristics of rate is low low with computation complexity.Specific manifestation is as follows:
1st, data initialization computation complexity is low, and processing speed is fast;
2nd, blocks of files label is small, and data expanding rate is low;
3rd, the integrality of multiple blocks of files can simultaneously be verified.
Specific embodiment
The core concept of high in the clouds data integrity method of proof that this patent is proposed is:User divides file to be uploaded
Block, and based on the pseudo-random function with parameter and pseudo-random permutation function generation blocks of files label, then by blocks of files, blocks of files
Corresponding label and cloud storage service device is uploaded to the parameter after symmetric password encryption, user terminal only preserves symmetric key.When
When needing to verify the integrality of high in the clouds data storage, user randomly selects some blocks of files and initiates to challenge to high in the clouds, and high in the clouds will
These blocks of files and corresponding label are polymerized, and the parameter after aggregate file, aggregate label and encryption is returned into user.With
The integrality of blocks of files is verified using the additive homomorphism of binary data step-by-step extract operation in family.
Whole method includes two stages:File pretreatment stage, client and cloud storage service device " challenge -- ring
Should " stage.File pretreatment stage is pre-processed file to be uploaded for user, then arrives the files passe after treatment
Cloud storage service device.When " challenge-response " stage is that user wants checking high in the clouds data integrity, some files are randomly selected
Block initiates to challenge to cloud storage service device, and the generation of cloud storage service device possesses the proof of these blocks of files, user's checking these cards
The bright integrality to confirm high in the clouds data.
(1) file pretreatment stage
File pretreatment stage includes two algorithms:Key schedule (KeyGen) and blocks of files label generating algorithm
(TagBlock)。
1)KeyGen(1k)→sk:Using random number generator, the random number that two length are k is produced respectively as symmetrical
Password encryption key kencWith the key k of hash functionmac, wherein k is security parameter.The private key of user is sk=(kenc,
kmac)。
2)TagBlock(sk,M)→M*:File M is divided into s blocks { M1,M2,…,Ms, it is n bit (n=per block size
[size/s of M], if the size of blocks of files is not the multiple of n, with 0 filling behind file).Using generating random number
Device, produces a random number kextAs the parameter of pseudo-random permutation function π.Order:
Wherein π () isThe random permutation function with parameter, l be each blocks of files extract bit number.
Each blocks of files extracts { i1,i2,…,ilCorrespondence position bit, if extract after result be { m1,m2,…,ms, it is designated as mi
=Extract (Mi), 1≤i≤s.Using random number generator, a random number k is producedpfAs the ginseng of pseudo-random function f
Number.It is calculated as follows the label of each blocks of files:
WhereinIt is step-by-step XOR,It is with parameter, is output as the pseudo-random function of l bits.OrderThe label of file M is
WhereinIt is that key is kencSymmetric encipherment algorithm,It is that key is kmacHash letter
Number.Result after file M treatment is M*={ { M1,…,Ms},{σ1..., σ s }, τ }, user is by M*Upload to cloud storage service
Device, it is local only to preserve private key sk=(kenc,kmac)。
(2) " challenge -- the response " stage
The stage includes two algorithms:Prove that generating algorithm (GenProof) and checking prove algorithm (CheckProof).
1)GenProof(M*,I)→v:The a subset I of user's random selection [1, s], is sent to cloud storage service device work
It is challenge.Server calculates polymerization authentication code σ and syndication message
Then the proof of I respective file blocks will be possessedIt is sent to user.
2)CheckProof(sk,v)→{0,1}:First, user is using the k in private key skmacChecking file label τ, such as
Fruit is unsatisfactory forThen authentication failed returns to 0.Otherwise, user is using the k in private key skencDecryption
Go out the parameter k of pseudo-random permutation function π and pseudo-random function fextAnd kprf。
User calculates { i by formula (1)1,i2,…,il, extractIn { i1,i2,…,ilThe corresponding bit in position,
If the result after extracting isIt is designated asUser authentication servers possess I respective files block and return
And if only if to return 1
User by multiple challenge, can with close to 1 probability confirm cloud storage service device it is complete store text
Part M.
(3) scheme protocol design
Before being pre-processed to file M, user has generated private key sk=(kenc,kmac), it is stored in client.Client
End possesses random number generator, for producing the random number needed in algorithm.Data storage integrality in high in the clouds proposed by the present invention
Identification protocol step it is as follows:
1) for file M to be uploaded, user pre-processes according to algorithm TagBlock (sk, M) to M, after treatment
Result is M*;
2) user is by the file M after treatment*Cloud storage service device is sent to, it is local only to preserve private key sk;
3) user arbitrarily chooses a subset I of [1, s], is sent to cloud storage service device as challenge, asks cloud storage
Server returns to the proof for possessing I respective file blocks;
4) cloud storage service device is according to proof generating algorithm GenProof (M*, I) and the corresponding syndication messages of generation IWith it is poly-
Close authentication code σ.
5) cloud storage service device is by file label τ, the corresponding syndication messages of IUser is sent to polymerization authentication code σ.
6) user is returned using cloud storage service deviceAccording to algorithm CheckProof, (sk v) is verified
Whether cloud storage service device possesses the corresponding blocks of files of I.If returning to 1, cloud storage service device it is complete to store I corresponding
Blocks of files.
Claims (6)
1. a kind of method of proof of high in the clouds data storage integrality, it is characterised in that:Comprise the following steps:
Step one, user pre-process to file to be uploaded:Generation private key, to file block and calculate each blocks of files
Label;
Pretreated file is sent to cloud storage service device by step 2, user, local only to preserve private key;
Step 3, when need verify high in the clouds data storage integrality when, user randomly select some blocks of files and to high in the clouds send out
Play challenge;
Step 4, high in the clouds generation possess the proof of blocks of files and return to user;
The proof that step 5, user possess high in the clouds blocks of files carries out high in the clouds data integrity validation.
2. the method for proof of a kind of high in the clouds data storage integrality according to claim 1, it is characterised in that:Generation private key
Method be:Using random number generator, the random number that two length are k is produced respectively as symmetric password encryption key kenc
With the key k of hash functionmac, wherein k is security parameter, then private key sk=(kenc,kmac)。
3. the method for proof of a kind of high in the clouds data storage integrality according to claim 2, it is characterised in that:To file point
The method of block and the label for calculating each blocks of files is:
(1) file M is divided into s blocks { M1,M2,…,Ms, it is n bit per block size;
(2) random number generator is utilized, a random number k is producedextAs the parameter of pseudo-random permutation function π, order:
Wherein π () isThe random permutation function with parameter, l be each blocks of files extract bit number;Each
Blocks of files extracts { i1,i2,…,ilCorrespondence position bit, if extract after result be { m1,m2,…,ms, it is designated as mi=
Extract(Mi), 1≤i≤s;
(3) random number generator is utilized, a random number k is producedp1fAs the parameter of pseudo-random function f, it is calculated as follows
The label of each blocks of files:
WhereinIt is step-by-step XOR,It is with parameter, is output as the pseudo-random function of l bits, makesThe label of file M:
WhereinIt is that key is kencSymmetric encipherment algorithm,It is that key is kmacHash function.
4. the method for proof of a kind of high in the clouds data storage integrality according to claim 3, it is characterised in that:Step 2 institute
State the pretreated file M that user is sent to cloud storage service device*={ { M1,…,MS},{σ1,…,σS},τ}。
5. the method for proof of a kind of high in the clouds data storage integrality according to claim 4, it is characterised in that:High in the clouds generates
The method for possessing the proof of blocks of files is:
(1) cloud storage service device is calculated as follows polymerization authentication code σ and syndication message using user's random selection subset I
(2) what is then generated possesses the proof of I respective file blocks
6. the method for proof of a kind of high in the clouds data storage integrality according to claim 5, it is characterised in that:User is to cloud
The proof that end possesses blocks of files carries out the method for high in the clouds data integrity validation and is:
(1) user is using the k in private key skmacChecking file label τ, if be unsatisfactory for Then test
Card failure, returns to 0;Otherwise, user is using the k in private key skencDecrypt kextAnd kp1f;
(2) user calculates { i1,i2,…,il, extractIn { i1,i2,…,ilThe corresponding bit in position, if the knot after extracting
It is reallyIt is designated as
(3) and if only ifWhen, user authentication servers possess I respective files block and return
1。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2016111572198 | 2016-12-15 | ||
CN201611157219 | 2016-12-15 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106899406A true CN106899406A (en) | 2017-06-27 |
CN106899406B CN106899406B (en) | 2019-07-19 |
Family
ID=59193968
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710156259.9A Active CN106899406B (en) | 2016-12-15 | 2017-03-16 | A kind of method of proof of cloud data storage integrality |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106899406B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107395652A (en) * | 2017-09-08 | 2017-11-24 | 郑州云海信息技术有限公司 | A kind of integrity of data stored inspection method, apparatus and system |
CN108416221A (en) * | 2018-01-22 | 2018-08-17 | 西安电子科技大学 | Safe set of metadata of similar data possesses proof scheme in a kind of cloud environment |
CN108718314A (en) * | 2018-06-01 | 2018-10-30 | 北京兰云科技有限公司 | A kind of integrality detection method and device of network message |
CN109948372A (en) * | 2019-03-29 | 2019-06-28 | 福建师范大学 | A kind of cloud storage medium-long range data of Designated-Verifier hold verification method |
CN110138750A (en) * | 2019-04-23 | 2019-08-16 | 上海数据交易中心有限公司 | Encryption method, apparatus and system, storage medium, the terminal of configuration file |
CN111552990A (en) * | 2020-04-17 | 2020-08-18 | 贵州电网有限责任公司 | Safety protection method based on power grid big data |
CN111782623A (en) * | 2020-05-21 | 2020-10-16 | 北京交通大学 | File checking and repairing method in HDFS storage platform |
CN111967060A (en) * | 2020-08-18 | 2020-11-20 | 中国银行股份有限公司 | Data file integrity verification method and device |
CN112883398A (en) * | 2021-03-03 | 2021-06-01 | 西安电子科技大学 | Homomorphic encryption-based data integrity verification method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102647433A (en) * | 2012-05-21 | 2012-08-22 | 北京航空航天大学 | Efficient cloud storage data possession verification method |
CN103605784A (en) * | 2013-11-29 | 2014-02-26 | 北京航空航天大学 | Data integrity verifying method under multi-cloud environment |
CN105491069A (en) * | 2016-01-14 | 2016-04-13 | 西安电子科技大学 | Integrity verification method based on active attack resistance in cloud storage |
-
2017
- 2017-03-16 CN CN201710156259.9A patent/CN106899406B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102647433A (en) * | 2012-05-21 | 2012-08-22 | 北京航空航天大学 | Efficient cloud storage data possession verification method |
CN103605784A (en) * | 2013-11-29 | 2014-02-26 | 北京航空航天大学 | Data integrity verifying method under multi-cloud environment |
CN105491069A (en) * | 2016-01-14 | 2016-04-13 | 西安电子科技大学 | Integrity verification method based on active attack resistance in cloud storage |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107395652A (en) * | 2017-09-08 | 2017-11-24 | 郑州云海信息技术有限公司 | A kind of integrity of data stored inspection method, apparatus and system |
CN108416221A (en) * | 2018-01-22 | 2018-08-17 | 西安电子科技大学 | Safe set of metadata of similar data possesses proof scheme in a kind of cloud environment |
CN108718314A (en) * | 2018-06-01 | 2018-10-30 | 北京兰云科技有限公司 | A kind of integrality detection method and device of network message |
CN108718314B (en) * | 2018-06-01 | 2021-09-07 | 北京兰云科技有限公司 | Integrity detection method and device for network message |
CN109948372A (en) * | 2019-03-29 | 2019-06-28 | 福建师范大学 | A kind of cloud storage medium-long range data of Designated-Verifier hold verification method |
CN109948372B (en) * | 2019-03-29 | 2022-10-04 | 福建师范大学 | Remote data holding verification method in cloud storage of designated verifier |
CN110138750A (en) * | 2019-04-23 | 2019-08-16 | 上海数据交易中心有限公司 | Encryption method, apparatus and system, storage medium, the terminal of configuration file |
CN111552990A (en) * | 2020-04-17 | 2020-08-18 | 贵州电网有限责任公司 | Safety protection method based on power grid big data |
CN111782623A (en) * | 2020-05-21 | 2020-10-16 | 北京交通大学 | File checking and repairing method in HDFS storage platform |
CN111967060A (en) * | 2020-08-18 | 2020-11-20 | 中国银行股份有限公司 | Data file integrity verification method and device |
CN112883398A (en) * | 2021-03-03 | 2021-06-01 | 西安电子科技大学 | Homomorphic encryption-based data integrity verification method |
CN112883398B (en) * | 2021-03-03 | 2022-12-02 | 西安电子科技大学 | Homomorphic encryption-based data integrity verification method |
Also Published As
Publication number | Publication date |
---|---|
CN106899406B (en) | 2019-07-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106899406B (en) | A kind of method of proof of cloud data storage integrality | |
CN109194466A (en) | A kind of cloud data integrity detection method and system based on block chain | |
CN106254374B (en) | A kind of cloud data public audit method having duplicate removal function | |
CN108494775B (en) | Method for preventing network attack by using legal data or tampering legal data | |
CN105939191B (en) | The client secure De-weight method of ciphertext data in a kind of cloud storage | |
CN109614818B (en) | Authorized identity-based keyword search encryption method | |
Yang et al. | Provable data possession of resource-constrained mobile devices in cloud computing | |
CN112199649B (en) | Anonymous identity verification method under moving edge calculation based on block chain | |
CN113556322B (en) | Cloud data integrity verification method based on blockchain | |
CN107800688A (en) | A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption | |
CN110213042A (en) | A kind of cloud data duplicate removal method based on no certification agency re-encryption | |
CN104935568A (en) | Interface authentication signature method facing cloud platform | |
CN106357701A (en) | Integrity verification method for data in cloud storage | |
CN109286490A (en) | Support close state data deduplication and integrity verification method and system | |
US9230114B1 (en) | Remote verification of file protections for cloud data storage | |
KR101082917B1 (en) | Method for verifying the integrity of a user's data in remote computing and System thereof | |
CN110008755B (en) | Cloud storage revocable dynamic data integrity verification system and method | |
CN108833117B (en) | Private key storage and reading method and device and hardware equipment | |
CN110750796B (en) | Encrypted data deduplication method supporting public audit | |
CN107659401A (en) | The secure data duplicate removal encryption method that a kind of similitude perceives | |
CN102647433A (en) | Efficient cloud storage data possession verification method | |
CN105721153A (en) | System and method for key exchange based on authentication information | |
CN104601563B (en) | The method of the sharable content object cloud storage data property held based on MLE | |
CN115225409B (en) | Cloud data safety duplicate removal method based on multi-backup joint verification | |
CN109039656A (en) | SM9 Combination with Digital endorsement method, device and computer equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |