CN106899406B - A kind of method of proof of cloud data storage integrality - Google Patents

A kind of method of proof of cloud data storage integrality Download PDF

Info

Publication number
CN106899406B
CN106899406B CN201710156259.9A CN201710156259A CN106899406B CN 106899406 B CN106899406 B CN 106899406B CN 201710156259 A CN201710156259 A CN 201710156259A CN 106899406 B CN106899406 B CN 106899406B
Authority
CN
China
Prior art keywords
user
cloud
files
blocks
proof
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710156259.9A
Other languages
Chinese (zh)
Other versions
CN106899406A (en
Inventor
周洁
白健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Publication of CN106899406A publication Critical patent/CN106899406A/en
Application granted granted Critical
Publication of CN106899406B publication Critical patent/CN106899406B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
    • H04L67/1078Resource delivery mechanisms
    • H04L67/108Resource delivery mechanisms characterised by resources being split in blocks or fragments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The invention discloses a kind of methods of proof of cloud data storage integrality, include the following steps: that user pre-processes file to be uploaded: generating private key, to file block and calculate the label of each blocks of files;Pretreated file is sent to cloud storage service device by user, local only to save private key;When needing to verify the integrality of cloud data storage, user randomly selects some blocks of files and initiates to challenge to cloud;Cloud generates the proof for possessing blocks of files and returns to user;The proof that user possesses blocks of files to cloud carries out cloud data integrity validation.Compared with prior art, the positive effect of the present invention is: using the additive homomorphism of binary data step-by-step extract operation, can disposably verify the integrality of multiple blocks of files, and this method has the characteristics that data expanding rate is low low with computation complexity.

Description

A kind of method of proof of cloud data storage integrality
Technical field
The present invention relates to a kind of methods of proof of cloud data storage integrality.
Background technique
Universal with data explosion and broadband network, cloud storage has become one of current field of cloud calculation and important answers Use branch.Current popular cloud storage service have DropBox, Google Drive of Google, Microsoft SkyDrive, with And domestic Baidu's Dropbox, Kingsoft fast disk, Huawei's Dropbox etc..These cloud storage services provide one to sea for enterprises and individuals Measure the solution that data carry out safekeeping and efficient access.More and more enterprises and individuals are intended to the number of oneself According to being hosted in cloud storage service quotient.Cloud storage is cheap with memory space, accesses everywhere, is convenient shared, disaster recovery backup Advantage.
However, cloud storage, while bringing convenience, safety is the major issue generated therewith.If with Mass data has been deposited on Cloud Server in family, and how he checks whether data are lost or damaged.On the surface, cloud storage Risk caused by the technologies such as security protection and disaster recovery backup inside service provider have been evaded because of user's local data volatibility.So And hacker attacks, equipment fault, internal staff's malice the security threats such as are distorted and are still remained.For a user, cloud is deposited Storage server remains an incomplete believable entity.
Obviously, if user is by downloading the data of all trustships come the integrality of inspection data, in bandwidth, local capacity It is all unpractical with efficiency aspect.Still more, the binary file of large sizes some for multimedia, database etc., Yong Hugeng Adding can not be by the integrality of the plain mode checking file of opening Fileview.Therefore, cloud storage service quotient must pass through A kind of efficient method provides a user the proof of data integrity.
The thought that provable data hold technology is originated from the integrity checking of teledata.In October, 2007, Ateniese Et al. define the concept that provable data hold (PDP) for the first time.There are user and service two roles of quotient in scheme, user can be right The file being stored in incredible service provider carries out completeness check.User pre-processes file, and file is divided into Block, generating a homomorphism for each data block can verify that label;User randomly chooses some blocks of files when verifying, it is desirable that server Return to the evidence for completely holding these blocks;Server is according to requested piece and their label generates proof;User according to It is accurate that private key verification proves whether.Due to only having surveyed sample certain blocks of files when verification, and their label has homomorphism Property can be overlapped mutually, and the interactive information between user and server is approximately a constant, the calculation amount of both sides when verification It is smaller, and allow to carry out unlimited number of verification.This scheme is based on public key cryptography technology, file preprocessing process and verification process Computing cost it is bigger.
2008, Ateniese proposed the extension PDP scheme based on symmetric cryptographic technique, the setting challenge in initialization Content and number, response is placed on client as metadata, is able to achieve the modification, deletion and addition of blocks of files.But it Challenge and update times are all to be limited by initialization value, and do not support open verify.C.Erway et al. proposes dynamic can Prove that data hold (DPDP) scheme.They introduce a table based on level on the basis of PDP scheme, are used for constituent act Block can realize newly-increased, modification in blocks and delete, can be effectively used for document storage system, Database Systems With point-to-point storage system.DPDP scheme access level table is required during verification and update with determine it is specific certain A blocks of files also includes access path information in the proof value that server returns, so its computation complexity and communication are complicated It spends relatively high.
In conclusion there are following two defects for existing scheme:
(1) currently based in the remote data integrity verification method of public key cryptography technology, user locates file in advance Computing cost during reason and Late Stage Verification is bigger, is not suitable for the use in lightweight equipment.
(2) currently based in the remote data integrity verification method of symmetric cryptographic technique, file label is larger, original number According to expansion rate height.In dynamic aspect, computing cost and communication overhead are all bigger.
Summary of the invention
In order to overcome the disadvantages mentioned above of the prior art, the present invention provides a kind of proof sides of cloud data storage integrality Method.
The technical solution adopted by the present invention to solve the technical problems is: a kind of proof side of cloud data storage integrality Method includes the following steps:
Step 1: user pre-processes file to be uploaded: generating private key, to file block and calculate each file The label of block;
Step 2: pretreated file is sent to cloud storage service device by user, it is local only to save private key;
Step 3: user randomly selects some blocks of files and to cloud when needing to verify the integrality of cloud data storage Initiate challenge in end;
Step 4: cloud generates the proof for possessing blocks of files and returns to user;
Step 5: the proof that user possesses blocks of files to cloud carries out cloud data integrity validation.
Compared with prior art, the positive effect of the present invention is: uploading to the data on cloud storage service device for user There are problems that being deleted and distorting, the invention proposes a kind of cloud number based on pseudo-random function and pseudo-random permutation function According to the method for proof of storage integrality, to verify the safety of user data beyond the clouds.This method utilizes binary data step-by-step The additive homomorphism of extract operation can disposably verify the integrality of multiple blocks of files, and this method has data expansion The low feature low with computation complexity of rate.Specific manifestation is as follows:
1, data initialization computation complexity is low, and processing speed is fast;
2, blocks of files label is small, and data expanding rate is low;
3, the integrality of multiple blocks of files can be verified simultaneously.
Specific embodiment
The core concept for the cloud data integrity method of proof that this patent proposes are as follows: user divides file to be uploaded Block, and blocks of files label is generated based on the pseudo-random function with parameter and pseudo-random permutation function, then by blocks of files, blocks of files Corresponding label and cloud storage service device is uploaded to the parameter after symmetric password encryption, user terminal only saves symmetric key.When When needing to verify the integrality of cloud data storage, user randomly selects some blocks of files and initiates to challenge to cloud, and cloud will These blocks of files and corresponding label are polymerize, and aggregate file, aggregate label and encrypted parameter are returned to user.With The integrality of blocks of files is verified using the additive homomorphism of binary data step-by-step extract operation in family.
Entire method includes two stages: " challenge -- the sound of file pretreatment stage, client and cloud storage service device Answer " stage.File pretreatment stage is that user pre-processes file to be uploaded, and then by treated, file is uploaded to Cloud storage service device.When " challenge-response " stage is that user wants verifying cloud data integrity, some files are randomly selected Block initiates to challenge to cloud storage service device, and cloud storage service device generates the proof for possessing these blocks of files, these cards of user's checking The bright integrality to confirm cloud data.
(1) file pretreatment stage
File pretreatment stage includes two algorithms: key schedule (KeyGen) and blocks of files label generating algorithm (TagBlock)。
1)KeyGen(1k) → sk: utilizing random number generator, and generating two length is the random number of k respectively as symmetrical Password encryption key kencWith the key k of hash functionmac, wherein k is security parameter.The private key of user is sk=(kenc,kmac)。
2)TagBlock(sk,M)→M*: file M is divided into s block { M1,M2,…,Ms, every block size is n bit (n= [size/s of M], if the size of blocks of files is not the multiple of n, with 0 filling behind file).Utilize generating random number Device generates a random number kextParameter as pseudo-random permutation function π.It enables:
Wherein π () isThe random permutation function with parameter, l be each blocks of files extract bit number. Each blocks of files extracts { i1,i2,…,ilCorresponding position bit, if extract after result be { m1,m2,…,ms, it is denoted as mi =Extract (Mi), 1≤i≤s.Using random number generator, a random number k is generatedprfGinseng as pseudo-random function f Number.The label of each blocks of files is calculated as follows:
WhereinFor step-by-step XOR operation,For pseudo-random function with parameter, that output is l bit.It enablesThe label of file M is
WhereinBe key be kencSymmetric encipherment algorithm,Be key be kmacHash letter Number.File M treated result is M*={ { M1,…,Ms}, {σ1..., σ s }, τ }, user is by M*Upload to cloud storage service Device, it is local only to save private key sk=(kenc,kmac)。
(2) " challenge -- the response " stage
The stage includes two algorithms: proving that generating algorithm (GenProof) and verifying prove algorithm (CheckProof).
1)GenProof(M*, I) and → v: user randomly chooses a subset I of [1, s], is sent to cloud storage service device work For challenge.Server calculates polymerization authentication code σ and syndication message
Then it will possess the proof of I respective file blockIt is sent to user.
2) CheckProof (sk, v) → { 0,1 }: firstly, user utilizes the k in private key skmacFile label τ is verified, such as Fruit is unsatisfactory forThen authentication failed returns to 0.Otherwise, user utilizes the k in private key skencDecryption The parameter k of pseudo-random permutation function π and pseudo-random function f outextAnd kprf
User calculates { i by formula (1)1,i2,…,il, it extractsIn { i1,i2,…,ilThe corresponding bit in position, If the result after extracting isIt is denoted asUser authentication servers possess I respective file block and return Return 1 and if only if
User, can be completely to store text close to 1 probability confirmation cloud storage service device by multiple challenge Part M.
(3) scheme protocol designs
Before pre-processing to file M, user has generated private key sk=(kenc,kmac), it is stored in client.Client End possesses random number generator, for generating the random number needed in algorithm.Cloud data proposed by the present invention store integrality Identification protocol steps are as follows:
1) for file M to be uploaded, user pre-processes M according to algorithm TagBlock (sk, M), and treated It as a result is M*
2) user will treated file M*It is sent to cloud storage service device, it is local only to save private key sk;
3) user arbitrarily chooses a subset I of [1, s], is sent to cloud storage service device as challenge, requests cloud storage Server returns to the proof for possessing I respective file block;
4) cloud storage service device is according to proof generating algorithm GenProof (M*, I) and generate the corresponding syndication message of IWith it is poly- Close authentication code σ.
5) cloud storage service device is by file label τ, the corresponding syndication message of IUser is sent to polymerization authentication code σ.
6) user is returned using cloud storage service deviceIt is verified according to algorithm CheckProof (sk, v) Whether cloud storage service device possesses the corresponding blocks of files of I.If returning to 1, it is corresponding that cloud storage service device completely stores I Blocks of files.

Claims (4)

1. a kind of method of proof of cloud data storage integrality, characterized by the following steps:
Step 1: user pre-processes file to be uploaded:
(1) it generates private key: utilizing random number generator, generating two length is the random number of k respectively as symmetric password encryption Key kencWith the key k of hash functionmac, wherein k is security parameter, then private key sk=(kenc, kmac);
(2) to file block and the label of each blocks of files is calculated:
(1) file M is divided into s block { M1, M2..., Ms, every block size is n bit;
(2) random number generator is utilized, a random number k is generatedextAs the parameter of pseudo-random permutation function π, enable:
Wherein π () isThe random permutation function with parameter, l be each blocks of files extract bit number;Each Blocks of files extracts { i1, i2..., ilCorresponding position bit, if extract after result be { m1, m2..., ms, it is denoted as mi= Extract(Mi), 1≤i≤s;
(3) random number generator is utilized, a random number k is generatedprfAs the parameter of pseudo-random function f, it is calculated as follows The label of each blocks of files:
Its byFor step-by-step XOR operation,For pseudo-random function with parameter, that output is l bit, enableThe label of file M:
Its byBe key be kencSymmetric encipherment algorithm,Be key be kmacHash function;
Step 2: pretreated file is sent to cloud storage service device by user, it is local only to save private key;
Step 3: user randomly selects some blocks of files and sends out to cloud when needing to verify the integrality of cloud data storage Play challenge;
Step 4: cloud generates the proof for possessing blocks of files and returns to user;
Step 5: the proof that user possesses blocks of files to cloud carries out cloud data integrity validation.
2. a kind of method of proof of cloud data storage integrality according to claim 1, it is characterised in that: step 2 institute State the pretreated file M that user is sent to cloud storage service device*={ { M1..., Ms, { σ1..., σs, τ }.
3. a kind of method of proof of cloud data storage integrality according to claim 2, it is characterised in that: cloud generates Possess the method for the proof of blocks of files are as follows:
(1) cloud storage service device randomly chooses subset I using user and polymerization authentication code σ and syndication message is calculated as follows
(2) what is then generated possesses the proof of I respective file block
4. a kind of method of proof of cloud data storage integrality according to claim 3, it is characterised in that: user is to cloud End possesses the method that the proof of blocks of files carries out cloud data integrity validation are as follows:
(1) user utilizes the k in private key skmacFile label τ is verified, if be unsatisfactory for Then Authentication failed returns to 0;Otherwise, user utilizes the k in private key skencDecrypt kextAnd kprf
(2) user calculates { i1, i2..., il, it extractsIn { i1, i2..., ilThe corresponding bit in position, if after extracting As a result it isIt is denoted as
(3) and if only ifWhen, user authentication servers possess I respective file block and return 1。
CN201710156259.9A 2016-12-15 2017-03-16 A kind of method of proof of cloud data storage integrality Active CN106899406B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2016111572198 2016-12-15
CN201611157219 2016-12-15

Publications (2)

Publication Number Publication Date
CN106899406A CN106899406A (en) 2017-06-27
CN106899406B true CN106899406B (en) 2019-07-19

Family

ID=59193968

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710156259.9A Active CN106899406B (en) 2016-12-15 2017-03-16 A kind of method of proof of cloud data storage integrality

Country Status (1)

Country Link
CN (1) CN106899406B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107395652A (en) * 2017-09-08 2017-11-24 郑州云海信息技术有限公司 A kind of integrity of data stored inspection method, apparatus and system
CN108416221B (en) * 2018-01-22 2021-05-14 西安电子科技大学 Secure similar data possession proof scheme in cloud environment
CN108718314B (en) * 2018-06-01 2021-09-07 北京兰云科技有限公司 Integrity detection method and device for network message
CN109948372B (en) * 2019-03-29 2022-10-04 福建师范大学 Remote data holding verification method in cloud storage of designated verifier
CN110138750A (en) * 2019-04-23 2019-08-16 上海数据交易中心有限公司 Encryption method, apparatus and system, storage medium, the terminal of configuration file
CN111552990A (en) * 2020-04-17 2020-08-18 贵州电网有限责任公司 Safety protection method based on power grid big data
CN111782623A (en) * 2020-05-21 2020-10-16 北京交通大学 File checking and repairing method in HDFS storage platform
CN111967060A (en) * 2020-08-18 2020-11-20 中国银行股份有限公司 Data file integrity verification method and device
CN112883398B (en) * 2021-03-03 2022-12-02 西安电子科技大学 Homomorphic encryption-based data integrity verification method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647433A (en) * 2012-05-21 2012-08-22 北京航空航天大学 Efficient cloud storage data possession verification method
CN103605784A (en) * 2013-11-29 2014-02-26 北京航空航天大学 Data integrity verifying method under multi-cloud environment
CN105491069A (en) * 2016-01-14 2016-04-13 西安电子科技大学 Integrity verification method based on active attack resistance in cloud storage

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647433A (en) * 2012-05-21 2012-08-22 北京航空航天大学 Efficient cloud storage data possession verification method
CN103605784A (en) * 2013-11-29 2014-02-26 北京航空航天大学 Data integrity verifying method under multi-cloud environment
CN105491069A (en) * 2016-01-14 2016-04-13 西安电子科技大学 Integrity verification method based on active attack resistance in cloud storage

Also Published As

Publication number Publication date
CN106899406A (en) 2017-06-27

Similar Documents

Publication Publication Date Title
CN106899406B (en) A kind of method of proof of cloud data storage integrality
CN109194466A (en) A kind of cloud data integrity detection method and system based on block chain
CN109614818B (en) Authorized identity-based keyword search encryption method
CN106254374B (en) A kind of cloud data public audit method having duplicate removal function
CN107800688B (en) Cloud data deduplication and integrity auditing method based on convergence encryption
Xu et al. Weak leakage-resilient client-side deduplication of encrypted data in cloud storage
Yang et al. Provable data possession of resource-constrained mobile devices in cloud computing
CN105681273B (en) Client-side deduplication method
CN110213042A (en) A kind of cloud data duplicate removal method based on no certification agency re-encryption
CN104184740B (en) Trusted transmission method, trusted third party and credible delivery system
CN109728914B (en) Digital signature verification method, system, device and computer readable storage medium
CN104935568A (en) Interface authentication signature method facing cloud platform
CN106850566B (en) Method and device for verifying data consistency
Nirmala et al. Data confidentiality and integrity verification using user authenticator scheme in cloud
CN113691502B (en) Communication method, device, gateway server, client and storage medium
CN103414690A (en) Publicly-verifiable cloud data possession checking method
CN104836656B (en) A kind of storage of video file and transmission method
KR101082917B1 (en) Method for verifying the integrity of a user's data in remote computing and System thereof
CN105721153A (en) System and method for key exchange based on authentication information
CN115225409B (en) Cloud data safety duplicate removal method based on multi-backup joint verification
EP3395031A1 (en) Method for storing data on a storage entity
CN106936579A (en) Cloud storage data storage and read method based on trusted third party agency
Kumar et al. Data outsourcing: A threat to confidentiality, integrity, and availability
CN103595696A (en) Method and device for file ownership certification
US20140237239A1 (en) Techniques for validating cryptographic applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant