CN106899406A - A kind of method of proof of high in the clouds data storage integrality - Google Patents

A kind of method of proof of high in the clouds data storage integrality Download PDF

Info

Publication number
CN106899406A
CN106899406A CN201710156259.9A CN201710156259A CN106899406A CN 106899406 A CN106899406 A CN 106899406A CN 201710156259 A CN201710156259 A CN 201710156259A CN 106899406 A CN106899406 A CN 106899406A
Authority
CN
China
Prior art keywords
user
blocks
files
proof
clouds
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710156259.9A
Other languages
Chinese (zh)
Other versions
CN106899406B (en
Inventor
周洁
白健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Publication of CN106899406A publication Critical patent/CN106899406A/en
Application granted granted Critical
Publication of CN106899406B publication Critical patent/CN106899406B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
    • H04L67/1078Resource delivery mechanisms
    • H04L67/108Resource delivery mechanisms characterised by resources being split in blocks or fragments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The invention discloses a kind of method of proof of high in the clouds data storage integrality, comprise the following steps:User pre-processes to file to be uploaded:Generation private key, to file block and calculate the label of each blocks of files;Pretreated file is sent to cloud storage service device by user, local only to preserve private key;When needing to verify the integrality of high in the clouds data storage, user randomly selects some blocks of files and initiates to challenge to high in the clouds;High in the clouds generation possesses the proof of blocks of files and returns to user;The proof that user possesses high in the clouds blocks of files carries out high in the clouds data integrity validation.Compared with prior art, the positive effect of the present invention is:Using the additive homomorphism of binary data step-by-step extract operation, the integrality of multiple blocks of files can be disposably verified, and the method has data expanding rate low and the characteristics of computation complexity is low.

Description

A kind of method of proof of high in the clouds data storage integrality
Technical field
The present invention relates to a kind of method of proof of high in the clouds data storage integrality.
Background technology
With the popularization of data explosion and broadband network, cloud storage have become one of current field of cloud calculation it is important should Use branch.Current popular cloud storage service has DropBox, the Google Drive of Google, the SkyDrive of Microsoft, with And Baidu's Dropbox, Kingsoft fast disk, Huawei's Dropbox of the country etc..These cloud storage services provide one to sea for enterprises and individuals Amount data carry out the solution of safekeeping and efficient access.Increasing enterprises and individuals are intended to the number of oneself According to being hosted in cloud storage service business.Cloud storage has cheap memory space, everywhere access, convenience shared, disaster-tolerant backup Advantage.
However, cloud storage is while convenience is brought, security is but the major issue for producing therewith.If with Mass data has been deposited on Cloud Server in family, and how he checks whether data are lost or damaged.On the surface, cloud storage The technologies such as security protection and disaster-tolerant backup inside service provider have been evaded because of risk caused by user's local data volatibility.So And, hacker attacks, equipment fault, internal staff's malice the security threat such as are distorted and are still existed.For a user, high in the clouds is deposited Storage server remains an incomplete believable entity.
Obviously, if user is by downloading the data of all trustships come the integrality of inspection data, in bandwidth, local capacity All it is unpractical with efficiency aspect.Still more, for multimedia, database some large-scale binary files, Yong Hugeng Plus can not possibly be by opening the integrality of the plain mode checking file of Fileview.Therefore, cloud storage service business must pass through A kind of efficient method provides a user with the proof of data integrity.
Provable data hold the integrity checking of the thought from teledata of technology.In October, 2007, Ateniese Et al. define the concept that provable data hold (PDP) first.There are user and service two roles of business in scheme, user can be right The file stored in incredible service provider carries out completeness check.User is pre-processed to file, and file is divided into Block, is that one homomorphism of each data block generation can verify that label;User randomly chooses some blocks of files during checking, it is desirable to server The evidence of these blocks is intactly held in return;Server is generated and proved according to requested piece with their label;User according to It is accurate that private key verification is proved whether.It is to have surveyed sample some blocks of files during due to verification, and their label has homomorphism Property can be overlapped mutually, and the interactive information between user and server is approximately a constant, the amount of calculation of both sides during verification It is smaller, and allow to carry out unlimited number of verification.This scheme is based on public key cryptography technology, file preprocessing process and verification process Computing cost than larger.
2008, Ateniese proposed the extension PDP schemes based on symmetric cryptographic technique, the setting challenge in initialization Content and number of times, response is placed on client as metadata, the modification of blocks of files can be realized, deleted and additional.But it Challenge and update times are limited by initialization value, and do not support open checking.C.Erway et al. proposes dynamic can Prove that data hold (DPDP) scheme.They introduce a table based on level on the basis of PDP schemes, for constituent act Block, can realize increasing newly, change and deleting in units of block, can be effectively used for document storage system, Database Systems With point-to-point storage system.DPDP schemes access level table is required for during verification and renewal with determine it is specific certain Blocks of files, also includes access path information, so its computation complexity and communication complexity in the proof value that server is returned It is all higher.
In sum, there is following two defect in existing scheme:
(1) it is currently based in the remote data integrity verification method of public key cryptography technology, user carries out pre- place to file Computing cost during reason and Late Stage Verification is not suitable for the use in lightweight equipment than larger.
(2) it is currently based in the remote data integrity verification method of symmetric cryptographic technique, file label is larger, original number It is high according to expansion rate.In dynamic aspect, computing cost and communication overhead are all than larger.
The content of the invention
In order to overcome the disadvantages mentioned above of prior art, the invention provides a kind of proof side of high in the clouds data storage integrality Method.
The technical solution adopted for the present invention to solve the technical problems is:A kind of proof side of high in the clouds data storage integrality Method, comprises the following steps:
Step one, user pre-process to file to be uploaded:Generation private key, to file block and calculate each file The label of block;
Pretreated file is sent to cloud storage service device by step 2, user, local only to preserve private key;
Step 3, when need verify high in the clouds data storage integrality when, user randomly selects some blocks of files and to cloud Initiate challenge in end;
Step 4, high in the clouds generation possess the proof of blocks of files and return to user;
The proof that step 5, user possess high in the clouds blocks of files carries out high in the clouds data integrity validation.
Compared with prior art, the positive effect of the present invention is:The data on cloud storage service device are uploaded to for user There is a problem of being deleted and distorting, the present invention proposes a kind of high in the clouds number based on pseudo-random function and pseudo-random permutation function According to the method for proof of storage integrality, to verify user data security beyond the clouds.The method utilizes binary data step-by-step The additive homomorphism of extract operation, can disposably verify the integrality of multiple blocks of files, and the method has data expansion The characteristics of rate is low low with computation complexity.Specific manifestation is as follows:
1st, data initialization computation complexity is low, and processing speed is fast;
2nd, blocks of files label is small, and data expanding rate is low;
3rd, the integrality of multiple blocks of files can simultaneously be verified.
Specific embodiment
The core concept of high in the clouds data integrity method of proof that this patent is proposed is:User divides file to be uploaded Block, and based on the pseudo-random function with parameter and pseudo-random permutation function generation blocks of files label, then by blocks of files, blocks of files Corresponding label and cloud storage service device is uploaded to the parameter after symmetric password encryption, user terminal only preserves symmetric key.When When needing to verify the integrality of high in the clouds data storage, user randomly selects some blocks of files and initiates to challenge to high in the clouds, and high in the clouds will These blocks of files and corresponding label are polymerized, and the parameter after aggregate file, aggregate label and encryption is returned into user.With The integrality of blocks of files is verified using the additive homomorphism of binary data step-by-step extract operation in family.
Whole method includes two stages:File pretreatment stage, client and cloud storage service device " challenge -- ring Should " stage.File pretreatment stage is pre-processed file to be uploaded for user, then arrives the files passe after treatment Cloud storage service device.When " challenge-response " stage is that user wants checking high in the clouds data integrity, some files are randomly selected Block initiates to challenge to cloud storage service device, and the generation of cloud storage service device possesses the proof of these blocks of files, user's checking these cards The bright integrality to confirm high in the clouds data.
(1) file pretreatment stage
File pretreatment stage includes two algorithms:Key schedule (KeyGen) and blocks of files label generating algorithm (TagBlock)。
1)KeyGen(1k)→sk:Using random number generator, the random number that two length are k is produced respectively as symmetrical Password encryption key kencWith the key k of hash functionmac, wherein k is security parameter.The private key of user is sk=(kenc, kmac)。
2)TagBlock(sk,M)→M*:File M is divided into s blocks { M1,M2,…,Ms, it is n bit (n=per block size [size/s of M], if the size of blocks of files is not the multiple of n, with 0 filling behind file).Using generating random number Device, produces a random number kextAs the parameter of pseudo-random permutation function π.Order:
Wherein π () isThe random permutation function with parameter, l be each blocks of files extract bit number. Each blocks of files extracts { i1,i2,…,ilCorrespondence position bit, if extract after result be { m1,m2,…,ms, it is designated as mi =Extract (Mi), 1≤i≤s.Using random number generator, a random number k is producedpfAs the ginseng of pseudo-random function f Number.It is calculated as follows the label of each blocks of files:
WhereinIt is step-by-step XOR,It is with parameter, is output as the pseudo-random function of l bits.OrderThe label of file M is
WhereinIt is that key is kencSymmetric encipherment algorithm,It is that key is kmacHash letter Number.Result after file M treatment is M*={ { M1,…,Ms},{σ1..., σ s }, τ }, user is by M*Upload to cloud storage service Device, it is local only to preserve private key sk=(kenc,kmac)。
(2) " challenge -- the response " stage
The stage includes two algorithms:Prove that generating algorithm (GenProof) and checking prove algorithm (CheckProof).
1)GenProof(M*,I)→v:The a subset I of user's random selection [1, s], is sent to cloud storage service device work It is challenge.Server calculates polymerization authentication code σ and syndication message
Then the proof of I respective file blocks will be possessedIt is sent to user.
2)CheckProof(sk,v)→{0,1}:First, user is using the k in private key skmacChecking file label τ, such as Fruit is unsatisfactory forThen authentication failed returns to 0.Otherwise, user is using the k in private key skencDecryption Go out the parameter k of pseudo-random permutation function π and pseudo-random function fextAnd kprf
User calculates { i by formula (1)1,i2,…,il, extractIn { i1,i2,…,ilThe corresponding bit in position, If the result after extracting isIt is designated asUser authentication servers possess I respective files block and return And if only if to return 1
User by multiple challenge, can with close to 1 probability confirm cloud storage service device it is complete store text Part M.
(3) scheme protocol design
Before being pre-processed to file M, user has generated private key sk=(kenc,kmac), it is stored in client.Client End possesses random number generator, for producing the random number needed in algorithm.Data storage integrality in high in the clouds proposed by the present invention Identification protocol step it is as follows:
1) for file M to be uploaded, user pre-processes according to algorithm TagBlock (sk, M) to M, after treatment Result is M*
2) user is by the file M after treatment*Cloud storage service device is sent to, it is local only to preserve private key sk;
3) user arbitrarily chooses a subset I of [1, s], is sent to cloud storage service device as challenge, asks cloud storage Server returns to the proof for possessing I respective file blocks;
4) cloud storage service device is according to proof generating algorithm GenProof (M*, I) and the corresponding syndication messages of generation IWith it is poly- Close authentication code σ.
5) cloud storage service device is by file label τ, the corresponding syndication messages of IUser is sent to polymerization authentication code σ.
6) user is returned using cloud storage service deviceAccording to algorithm CheckProof, (sk v) is verified Whether cloud storage service device possesses the corresponding blocks of files of I.If returning to 1, cloud storage service device it is complete to store I corresponding Blocks of files.

Claims (6)

1. a kind of method of proof of high in the clouds data storage integrality, it is characterised in that:Comprise the following steps:
Step one, user pre-process to file to be uploaded:Generation private key, to file block and calculate each blocks of files Label;
Pretreated file is sent to cloud storage service device by step 2, user, local only to preserve private key;
Step 3, when need verify high in the clouds data storage integrality when, user randomly select some blocks of files and to high in the clouds send out Play challenge;
Step 4, high in the clouds generation possess the proof of blocks of files and return to user;
The proof that step 5, user possess high in the clouds blocks of files carries out high in the clouds data integrity validation.
2. the method for proof of a kind of high in the clouds data storage integrality according to claim 1, it is characterised in that:Generation private key Method be:Using random number generator, the random number that two length are k is produced respectively as symmetric password encryption key kenc With the key k of hash functionmac, wherein k is security parameter, then private key sk=(kenc,kmac)。
3. the method for proof of a kind of high in the clouds data storage integrality according to claim 2, it is characterised in that:To file point The method of block and the label for calculating each blocks of files is:
(1) file M is divided into s blocks { M1,M2,…,Ms, it is n bit per block size;
(2) random number generator is utilized, a random number k is producedextAs the parameter of pseudo-random permutation function π, order:
i 1 = π k e x t ( 1 ) , i 2 = π k e x t ( 2 ) , ... i l = π k e x t ( l ) ,
Wherein π () isThe random permutation function with parameter, l be each blocks of files extract bit number;Each Blocks of files extracts { i1,i2,…,ilCorrespondence position bit, if extract after result be { m1,m2,…,ms, it is designated as mi= Extract(Mi), 1≤i≤s;
(3) random number generator is utilized, a random number k is producedp1fAs the parameter of pseudo-random function f, it is calculated as follows The label of each blocks of files:
σ i = f k p r f ( i ) ⊕ m i ,
WhereinIt is step-by-step XOR,It is with parameter, is output as the pseudo-random function of l bits, makesThe label of file M:
τ = τ 0 | | Mac k m a c ( τ 0 ) ,
WhereinIt is that key is kencSymmetric encipherment algorithm,It is that key is kmacHash function.
4. the method for proof of a kind of high in the clouds data storage integrality according to claim 3, it is characterised in that:Step 2 institute State the pretreated file M that user is sent to cloud storage service device*={ { M1,…,MS},{σ1,…,σS},τ}。
5. the method for proof of a kind of high in the clouds data storage integrality according to claim 4, it is characterised in that:High in the clouds generates The method for possessing the proof of blocks of files is:
(1) cloud storage service device is calculated as follows polymerization authentication code σ and syndication message using user's random selection subset I
σ = ⊕ i ∈ I σ i , M ‾ = ⊕ i ∈ I M i ,
(2) what is then generated possesses the proof of I respective file blocks
6. the method for proof of a kind of high in the clouds data storage integrality according to claim 5, it is characterised in that:User is to cloud The proof that end possesses blocks of files carries out the method for high in the clouds data integrity validation and is:
(1) user is using the k in private key skmacChecking file label τ, if be unsatisfactory for Then test Card failure, returns to 0;Otherwise, user is using the k in private key skencDecrypt kextAnd kp1f
(2) user calculates { i1,i2,…,il, extractIn { i1,i2,…,ilThe corresponding bit in position, if the knot after extracting It is reallyIt is designated as
(3) and if only ifWhen, user authentication servers possess I respective files block and return 1。
CN201710156259.9A 2016-12-15 2017-03-16 A kind of method of proof of cloud data storage integrality Active CN106899406B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2016111572198 2016-12-15
CN201611157219 2016-12-15

Publications (2)

Publication Number Publication Date
CN106899406A true CN106899406A (en) 2017-06-27
CN106899406B CN106899406B (en) 2019-07-19

Family

ID=59193968

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710156259.9A Active CN106899406B (en) 2016-12-15 2017-03-16 A kind of method of proof of cloud data storage integrality

Country Status (1)

Country Link
CN (1) CN106899406B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107395652A (en) * 2017-09-08 2017-11-24 郑州云海信息技术有限公司 A kind of integrity of data stored inspection method, apparatus and system
CN108416221A (en) * 2018-01-22 2018-08-17 西安电子科技大学 Safe set of metadata of similar data possesses proof scheme in a kind of cloud environment
CN108718314A (en) * 2018-06-01 2018-10-30 北京兰云科技有限公司 A kind of integrality detection method and device of network message
CN109948372A (en) * 2019-03-29 2019-06-28 福建师范大学 A kind of cloud storage medium-long range data of Designated-Verifier hold verification method
CN110138750A (en) * 2019-04-23 2019-08-16 上海数据交易中心有限公司 Encryption method, apparatus and system, storage medium, the terminal of configuration file
CN111552990A (en) * 2020-04-17 2020-08-18 贵州电网有限责任公司 Safety protection method based on power grid big data
CN111782623A (en) * 2020-05-21 2020-10-16 北京交通大学 File checking and repairing method in HDFS storage platform
CN111967060A (en) * 2020-08-18 2020-11-20 中国银行股份有限公司 Data file integrity verification method and device
CN112883398A (en) * 2021-03-03 2021-06-01 西安电子科技大学 Homomorphic encryption-based data integrity verification method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647433A (en) * 2012-05-21 2012-08-22 北京航空航天大学 Efficient cloud storage data possession verification method
CN103605784A (en) * 2013-11-29 2014-02-26 北京航空航天大学 Data integrity verifying method under multi-cloud environment
CN105491069A (en) * 2016-01-14 2016-04-13 西安电子科技大学 Integrity verification method based on active attack resistance in cloud storage

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647433A (en) * 2012-05-21 2012-08-22 北京航空航天大学 Efficient cloud storage data possession verification method
CN103605784A (en) * 2013-11-29 2014-02-26 北京航空航天大学 Data integrity verifying method under multi-cloud environment
CN105491069A (en) * 2016-01-14 2016-04-13 西安电子科技大学 Integrity verification method based on active attack resistance in cloud storage

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107395652A (en) * 2017-09-08 2017-11-24 郑州云海信息技术有限公司 A kind of integrity of data stored inspection method, apparatus and system
CN108416221A (en) * 2018-01-22 2018-08-17 西安电子科技大学 Safe set of metadata of similar data possesses proof scheme in a kind of cloud environment
CN108718314A (en) * 2018-06-01 2018-10-30 北京兰云科技有限公司 A kind of integrality detection method and device of network message
CN108718314B (en) * 2018-06-01 2021-09-07 北京兰云科技有限公司 Integrity detection method and device for network message
CN109948372A (en) * 2019-03-29 2019-06-28 福建师范大学 A kind of cloud storage medium-long range data of Designated-Verifier hold verification method
CN109948372B (en) * 2019-03-29 2022-10-04 福建师范大学 Remote data holding verification method in cloud storage of designated verifier
CN110138750A (en) * 2019-04-23 2019-08-16 上海数据交易中心有限公司 Encryption method, apparatus and system, storage medium, the terminal of configuration file
CN111552990A (en) * 2020-04-17 2020-08-18 贵州电网有限责任公司 Safety protection method based on power grid big data
CN111782623A (en) * 2020-05-21 2020-10-16 北京交通大学 File checking and repairing method in HDFS storage platform
CN111967060A (en) * 2020-08-18 2020-11-20 中国银行股份有限公司 Data file integrity verification method and device
CN112883398A (en) * 2021-03-03 2021-06-01 西安电子科技大学 Homomorphic encryption-based data integrity verification method
CN112883398B (en) * 2021-03-03 2022-12-02 西安电子科技大学 Homomorphic encryption-based data integrity verification method

Also Published As

Publication number Publication date
CN106899406B (en) 2019-07-19

Similar Documents

Publication Publication Date Title
CN106899406B (en) A kind of method of proof of cloud data storage integrality
CN109194466A (en) A kind of cloud data integrity detection method and system based on block chain
CN106254374B (en) A kind of cloud data public audit method having duplicate removal function
CN108494775B (en) Method for preventing network attack by using legal data or tampering legal data
CN105939191B (en) The client secure De-weight method of ciphertext data in a kind of cloud storage
CN109614818B (en) Authorized identity-based keyword search encryption method
Yang et al. Provable data possession of resource-constrained mobile devices in cloud computing
CN112199649B (en) Anonymous identity verification method under moving edge calculation based on block chain
CN113556322B (en) Cloud data integrity verification method based on blockchain
CN107800688A (en) A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption
CN110213042A (en) A kind of cloud data duplicate removal method based on no certification agency re-encryption
CN104935568A (en) Interface authentication signature method facing cloud platform
CN106357701A (en) Integrity verification method for data in cloud storage
CN109286490A (en) Support close state data deduplication and integrity verification method and system
US9230114B1 (en) Remote verification of file protections for cloud data storage
KR101082917B1 (en) Method for verifying the integrity of a user's data in remote computing and System thereof
CN110008755B (en) Cloud storage revocable dynamic data integrity verification system and method
CN108833117B (en) Private key storage and reading method and device and hardware equipment
CN110750796B (en) Encrypted data deduplication method supporting public audit
CN107659401A (en) The secure data duplicate removal encryption method that a kind of similitude perceives
CN102647433A (en) Efficient cloud storage data possession verification method
CN105721153A (en) System and method for key exchange based on authentication information
CN104601563B (en) The method of the sharable content object cloud storage data property held based on MLE
CN115225409B (en) Cloud data safety duplicate removal method based on multi-backup joint verification
CN109039656A (en) SM9 Combination with Digital endorsement method, device and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant