CN106899406B - A kind of method of proof of cloud data storage integrality - Google Patents
A kind of method of proof of cloud data storage integrality Download PDFInfo
- Publication number
- CN106899406B CN106899406B CN201710156259.9A CN201710156259A CN106899406B CN 106899406 B CN106899406 B CN 106899406B CN 201710156259 A CN201710156259 A CN 201710156259A CN 106899406 B CN106899406 B CN 106899406B
- Authority
- CN
- China
- Prior art keywords
- user
- cloud
- files
- blocks
- proof
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1074—Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
- H04L67/1078—Resource delivery mechanisms
- H04L67/108—Resource delivery mechanisms characterised by resources being split in blocks or fragments
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The invention discloses a kind of methods of proof of cloud data storage integrality, include the following steps: that user pre-processes file to be uploaded: generating private key, to file block and calculate the label of each blocks of files;Pretreated file is sent to cloud storage service device by user, local only to save private key;When needing to verify the integrality of cloud data storage, user randomly selects some blocks of files and initiates to challenge to cloud;Cloud generates the proof for possessing blocks of files and returns to user;The proof that user possesses blocks of files to cloud carries out cloud data integrity validation.Compared with prior art, the positive effect of the present invention is: using the additive homomorphism of binary data step-by-step extract operation, can disposably verify the integrality of multiple blocks of files, and this method has the characteristics that data expanding rate is low low with computation complexity.
Description
Technical field
The present invention relates to a kind of methods of proof of cloud data storage integrality.
Background technique
Universal with data explosion and broadband network, cloud storage has become one of current field of cloud calculation and important answers
Use branch.Current popular cloud storage service have DropBox, Google Drive of Google, Microsoft SkyDrive, with
And domestic Baidu's Dropbox, Kingsoft fast disk, Huawei's Dropbox etc..These cloud storage services provide one to sea for enterprises and individuals
Measure the solution that data carry out safekeeping and efficient access.More and more enterprises and individuals are intended to the number of oneself
According to being hosted in cloud storage service quotient.Cloud storage is cheap with memory space, accesses everywhere, is convenient shared, disaster recovery backup
Advantage.
However, cloud storage, while bringing convenience, safety is the major issue generated therewith.If with
Mass data has been deposited on Cloud Server in family, and how he checks whether data are lost or damaged.On the surface, cloud storage
Risk caused by the technologies such as security protection and disaster recovery backup inside service provider have been evaded because of user's local data volatibility.So
And hacker attacks, equipment fault, internal staff's malice the security threats such as are distorted and are still remained.For a user, cloud is deposited
Storage server remains an incomplete believable entity.
Obviously, if user is by downloading the data of all trustships come the integrality of inspection data, in bandwidth, local capacity
It is all unpractical with efficiency aspect.Still more, the binary file of large sizes some for multimedia, database etc., Yong Hugeng
Adding can not be by the integrality of the plain mode checking file of opening Fileview.Therefore, cloud storage service quotient must pass through
A kind of efficient method provides a user the proof of data integrity.
The thought that provable data hold technology is originated from the integrity checking of teledata.In October, 2007, Ateniese
Et al. define the concept that provable data hold (PDP) for the first time.There are user and service two roles of quotient in scheme, user can be right
The file being stored in incredible service provider carries out completeness check.User pre-processes file, and file is divided into
Block, generating a homomorphism for each data block can verify that label;User randomly chooses some blocks of files when verifying, it is desirable that server
Return to the evidence for completely holding these blocks;Server is according to requested piece and their label generates proof;User according to
It is accurate that private key verification proves whether.Due to only having surveyed sample certain blocks of files when verification, and their label has homomorphism
Property can be overlapped mutually, and the interactive information between user and server is approximately a constant, the calculation amount of both sides when verification
It is smaller, and allow to carry out unlimited number of verification.This scheme is based on public key cryptography technology, file preprocessing process and verification process
Computing cost it is bigger.
2008, Ateniese proposed the extension PDP scheme based on symmetric cryptographic technique, the setting challenge in initialization
Content and number, response is placed on client as metadata, is able to achieve the modification, deletion and addition of blocks of files.But it
Challenge and update times are all to be limited by initialization value, and do not support open verify.C.Erway et al. proposes dynamic can
Prove that data hold (DPDP) scheme.They introduce a table based on level on the basis of PDP scheme, are used for constituent act
Block can realize newly-increased, modification in blocks and delete, can be effectively used for document storage system, Database Systems
With point-to-point storage system.DPDP scheme access level table is required during verification and update with determine it is specific certain
A blocks of files also includes access path information in the proof value that server returns, so its computation complexity and communication are complicated
It spends relatively high.
In conclusion there are following two defects for existing scheme:
(1) currently based in the remote data integrity verification method of public key cryptography technology, user locates file in advance
Computing cost during reason and Late Stage Verification is bigger, is not suitable for the use in lightweight equipment.
(2) currently based in the remote data integrity verification method of symmetric cryptographic technique, file label is larger, original number
According to expansion rate height.In dynamic aspect, computing cost and communication overhead are all bigger.
Summary of the invention
In order to overcome the disadvantages mentioned above of the prior art, the present invention provides a kind of proof sides of cloud data storage integrality
Method.
The technical solution adopted by the present invention to solve the technical problems is: a kind of proof side of cloud data storage integrality
Method includes the following steps:
Step 1: user pre-processes file to be uploaded: generating private key, to file block and calculate each file
The label of block;
Step 2: pretreated file is sent to cloud storage service device by user, it is local only to save private key;
Step 3: user randomly selects some blocks of files and to cloud when needing to verify the integrality of cloud data storage
Initiate challenge in end;
Step 4: cloud generates the proof for possessing blocks of files and returns to user;
Step 5: the proof that user possesses blocks of files to cloud carries out cloud data integrity validation.
Compared with prior art, the positive effect of the present invention is: uploading to the data on cloud storage service device for user
There are problems that being deleted and distorting, the invention proposes a kind of cloud number based on pseudo-random function and pseudo-random permutation function
According to the method for proof of storage integrality, to verify the safety of user data beyond the clouds.This method utilizes binary data step-by-step
The additive homomorphism of extract operation can disposably verify the integrality of multiple blocks of files, and this method has data expansion
The low feature low with computation complexity of rate.Specific manifestation is as follows:
1, data initialization computation complexity is low, and processing speed is fast;
2, blocks of files label is small, and data expanding rate is low;
3, the integrality of multiple blocks of files can be verified simultaneously.
Specific embodiment
The core concept for the cloud data integrity method of proof that this patent proposes are as follows: user divides file to be uploaded
Block, and blocks of files label is generated based on the pseudo-random function with parameter and pseudo-random permutation function, then by blocks of files, blocks of files
Corresponding label and cloud storage service device is uploaded to the parameter after symmetric password encryption, user terminal only saves symmetric key.When
When needing to verify the integrality of cloud data storage, user randomly selects some blocks of files and initiates to challenge to cloud, and cloud will
These blocks of files and corresponding label are polymerize, and aggregate file, aggregate label and encrypted parameter are returned to user.With
The integrality of blocks of files is verified using the additive homomorphism of binary data step-by-step extract operation in family.
Entire method includes two stages: " challenge -- the sound of file pretreatment stage, client and cloud storage service device
Answer " stage.File pretreatment stage is that user pre-processes file to be uploaded, and then by treated, file is uploaded to
Cloud storage service device.When " challenge-response " stage is that user wants verifying cloud data integrity, some files are randomly selected
Block initiates to challenge to cloud storage service device, and cloud storage service device generates the proof for possessing these blocks of files, these cards of user's checking
The bright integrality to confirm cloud data.
(1) file pretreatment stage
File pretreatment stage includes two algorithms: key schedule (KeyGen) and blocks of files label generating algorithm
(TagBlock)。
1)KeyGen(1k) → sk: utilizing random number generator, and generating two length is the random number of k respectively as symmetrical
Password encryption key kencWith the key k of hash functionmac, wherein k is security parameter.The private key of user is sk=(kenc,kmac)。
2)TagBlock(sk,M)→M*: file M is divided into s block { M1,M2,…,Ms, every block size is n bit (n=
[size/s of M], if the size of blocks of files is not the multiple of n, with 0 filling behind file).Utilize generating random number
Device generates a random number kextParameter as pseudo-random permutation function π.It enables:
Wherein π () isThe random permutation function with parameter, l be each blocks of files extract bit number.
Each blocks of files extracts { i1,i2,…,ilCorresponding position bit, if extract after result be { m1,m2,…,ms, it is denoted as mi
=Extract (Mi), 1≤i≤s.Using random number generator, a random number k is generatedprfGinseng as pseudo-random function f
Number.The label of each blocks of files is calculated as follows:
WhereinFor step-by-step XOR operation,For pseudo-random function with parameter, that output is l bit.It enablesThe label of file M is
WhereinBe key be kencSymmetric encipherment algorithm,Be key be kmacHash letter
Number.File M treated result is M*={ { M1,…,Ms}, {σ1..., σ s }, τ }, user is by M*Upload to cloud storage service
Device, it is local only to save private key sk=(kenc,kmac)。
(2) " challenge -- the response " stage
The stage includes two algorithms: proving that generating algorithm (GenProof) and verifying prove algorithm (CheckProof).
1)GenProof(M*, I) and → v: user randomly chooses a subset I of [1, s], is sent to cloud storage service device work
For challenge.Server calculates polymerization authentication code σ and syndication message
Then it will possess the proof of I respective file blockIt is sent to user.
2) CheckProof (sk, v) → { 0,1 }: firstly, user utilizes the k in private key skmacFile label τ is verified, such as
Fruit is unsatisfactory forThen authentication failed returns to 0.Otherwise, user utilizes the k in private key skencDecryption
The parameter k of pseudo-random permutation function π and pseudo-random function f outextAnd kprf。
User calculates { i by formula (1)1,i2,…,il, it extractsIn { i1,i2,…,ilThe corresponding bit in position,
If the result after extracting isIt is denoted asUser authentication servers possess I respective file block and return
Return 1 and if only if
User, can be completely to store text close to 1 probability confirmation cloud storage service device by multiple challenge
Part M.
(3) scheme protocol designs
Before pre-processing to file M, user has generated private key sk=(kenc,kmac), it is stored in client.Client
End possesses random number generator, for generating the random number needed in algorithm.Cloud data proposed by the present invention store integrality
Identification protocol steps are as follows:
1) for file M to be uploaded, user pre-processes M according to algorithm TagBlock (sk, M), and treated
It as a result is M*;
2) user will treated file M*It is sent to cloud storage service device, it is local only to save private key sk;
3) user arbitrarily chooses a subset I of [1, s], is sent to cloud storage service device as challenge, requests cloud storage
Server returns to the proof for possessing I respective file block;
4) cloud storage service device is according to proof generating algorithm GenProof (M*, I) and generate the corresponding syndication message of IWith it is poly-
Close authentication code σ.
5) cloud storage service device is by file label τ, the corresponding syndication message of IUser is sent to polymerization authentication code σ.
6) user is returned using cloud storage service deviceIt is verified according to algorithm CheckProof (sk, v)
Whether cloud storage service device possesses the corresponding blocks of files of I.If returning to 1, it is corresponding that cloud storage service device completely stores I
Blocks of files.
Claims (4)
1. a kind of method of proof of cloud data storage integrality, characterized by the following steps:
Step 1: user pre-processes file to be uploaded:
(1) it generates private key: utilizing random number generator, generating two length is the random number of k respectively as symmetric password encryption
Key kencWith the key k of hash functionmac, wherein k is security parameter, then private key sk=(kenc, kmac);
(2) to file block and the label of each blocks of files is calculated:
(1) file M is divided into s block { M1, M2..., Ms, every block size is n bit;
(2) random number generator is utilized, a random number k is generatedextAs the parameter of pseudo-random permutation function π, enable:
…
Wherein π () isThe random permutation function with parameter, l be each blocks of files extract bit number;Each
Blocks of files extracts { i1, i2..., ilCorresponding position bit, if extract after result be { m1, m2..., ms, it is denoted as mi=
Extract(Mi), 1≤i≤s;
(3) random number generator is utilized, a random number k is generatedprfAs the parameter of pseudo-random function f, it is calculated as follows
The label of each blocks of files:
Its byFor step-by-step XOR operation,For pseudo-random function with parameter, that output is l bit, enableThe label of file M:
Its byBe key be kencSymmetric encipherment algorithm,Be key be kmacHash function;
Step 2: pretreated file is sent to cloud storage service device by user, it is local only to save private key;
Step 3: user randomly selects some blocks of files and sends out to cloud when needing to verify the integrality of cloud data storage
Play challenge;
Step 4: cloud generates the proof for possessing blocks of files and returns to user;
Step 5: the proof that user possesses blocks of files to cloud carries out cloud data integrity validation.
2. a kind of method of proof of cloud data storage integrality according to claim 1, it is characterised in that: step 2 institute
State the pretreated file M that user is sent to cloud storage service device*={ { M1..., Ms, { σ1..., σs, τ }.
3. a kind of method of proof of cloud data storage integrality according to claim 2, it is characterised in that: cloud generates
Possess the method for the proof of blocks of files are as follows:
(1) cloud storage service device randomly chooses subset I using user and polymerization authentication code σ and syndication message is calculated as follows
(2) what is then generated possesses the proof of I respective file block
4. a kind of method of proof of cloud data storage integrality according to claim 3, it is characterised in that: user is to cloud
End possesses the method that the proof of blocks of files carries out cloud data integrity validation are as follows:
(1) user utilizes the k in private key skmacFile label τ is verified, if be unsatisfactory for Then
Authentication failed returns to 0;Otherwise, user utilizes the k in private key skencDecrypt kextAnd kprf;
(2) user calculates { i1, i2..., il, it extractsIn { i1, i2..., ilThe corresponding bit in position, if after extracting
As a result it isIt is denoted as
(3) and if only ifWhen, user authentication servers possess I respective file block and return
1。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2016111572198 | 2016-12-15 | ||
CN201611157219 | 2016-12-15 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106899406A CN106899406A (en) | 2017-06-27 |
CN106899406B true CN106899406B (en) | 2019-07-19 |
Family
ID=59193968
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710156259.9A Active CN106899406B (en) | 2016-12-15 | 2017-03-16 | A kind of method of proof of cloud data storage integrality |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106899406B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107395652A (en) * | 2017-09-08 | 2017-11-24 | 郑州云海信息技术有限公司 | A kind of integrity of data stored inspection method, apparatus and system |
CN108416221B (en) * | 2018-01-22 | 2021-05-14 | 西安电子科技大学 | Secure similar data possession proof scheme in cloud environment |
CN108718314B (en) * | 2018-06-01 | 2021-09-07 | 北京兰云科技有限公司 | Integrity detection method and device for network message |
CN109948372B (en) * | 2019-03-29 | 2022-10-04 | 福建师范大学 | Remote data holding verification method in cloud storage of designated verifier |
CN110138750A (en) * | 2019-04-23 | 2019-08-16 | 上海数据交易中心有限公司 | Encryption method, apparatus and system, storage medium, the terminal of configuration file |
CN111552990A (en) * | 2020-04-17 | 2020-08-18 | 贵州电网有限责任公司 | Safety protection method based on power grid big data |
CN111782623A (en) * | 2020-05-21 | 2020-10-16 | 北京交通大学 | File checking and repairing method in HDFS storage platform |
CN111967060A (en) * | 2020-08-18 | 2020-11-20 | 中国银行股份有限公司 | Data file integrity verification method and device |
CN112883398B (en) * | 2021-03-03 | 2022-12-02 | 西安电子科技大学 | Homomorphic encryption-based data integrity verification method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102647433A (en) * | 2012-05-21 | 2012-08-22 | 北京航空航天大学 | Efficient cloud storage data possession verification method |
CN103605784A (en) * | 2013-11-29 | 2014-02-26 | 北京航空航天大学 | Data integrity verifying method under multi-cloud environment |
CN105491069A (en) * | 2016-01-14 | 2016-04-13 | 西安电子科技大学 | Integrity verification method based on active attack resistance in cloud storage |
-
2017
- 2017-03-16 CN CN201710156259.9A patent/CN106899406B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102647433A (en) * | 2012-05-21 | 2012-08-22 | 北京航空航天大学 | Efficient cloud storage data possession verification method |
CN103605784A (en) * | 2013-11-29 | 2014-02-26 | 北京航空航天大学 | Data integrity verifying method under multi-cloud environment |
CN105491069A (en) * | 2016-01-14 | 2016-04-13 | 西安电子科技大学 | Integrity verification method based on active attack resistance in cloud storage |
Also Published As
Publication number | Publication date |
---|---|
CN106899406A (en) | 2017-06-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106899406B (en) | A kind of method of proof of cloud data storage integrality | |
CN109194466A (en) | A kind of cloud data integrity detection method and system based on block chain | |
CN109614818B (en) | Authorized identity-based keyword search encryption method | |
CN106254374B (en) | A kind of cloud data public audit method having duplicate removal function | |
CN107800688B (en) | Cloud data deduplication and integrity auditing method based on convergence encryption | |
Xu et al. | Weak leakage-resilient client-side deduplication of encrypted data in cloud storage | |
Yang et al. | Provable data possession of resource-constrained mobile devices in cloud computing | |
CN105681273B (en) | Client-side deduplication method | |
CN110213042A (en) | A kind of cloud data duplicate removal method based on no certification agency re-encryption | |
CN104184740B (en) | Trusted transmission method, trusted third party and credible delivery system | |
CN109728914B (en) | Digital signature verification method, system, device and computer readable storage medium | |
CN104935568A (en) | Interface authentication signature method facing cloud platform | |
CN106850566B (en) | Method and device for verifying data consistency | |
Nirmala et al. | Data confidentiality and integrity verification using user authenticator scheme in cloud | |
CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
CN103414690A (en) | Publicly-verifiable cloud data possession checking method | |
CN104836656B (en) | A kind of storage of video file and transmission method | |
KR101082917B1 (en) | Method for verifying the integrity of a user's data in remote computing and System thereof | |
CN105721153A (en) | System and method for key exchange based on authentication information | |
CN115225409B (en) | Cloud data safety duplicate removal method based on multi-backup joint verification | |
EP3395031A1 (en) | Method for storing data on a storage entity | |
CN106936579A (en) | Cloud storage data storage and read method based on trusted third party agency | |
Kumar et al. | Data outsourcing: A threat to confidentiality, integrity, and availability | |
CN103595696A (en) | Method and device for file ownership certification | |
US20140237239A1 (en) | Techniques for validating cryptographic applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |