CN106911708B - A kind of cloud data public audit method for supporting batch processing to verify and to have wrong data positioning function - Google Patents
A kind of cloud data public audit method for supporting batch processing to verify and to have wrong data positioning function Download PDFInfo
- Publication number
- CN106911708B CN106911708B CN201710178312.5A CN201710178312A CN106911708B CN 106911708 B CN106911708 B CN 106911708B CN 201710178312 A CN201710178312 A CN 201710178312A CN 106911708 B CN106911708 B CN 106911708B
- Authority
- CN
- China
- Prior art keywords
- cloud
- data
- user
- tpa
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of cloud data public audit methods for supporting batch processing to verify and to have wrong data positioning function.The method include the steps that its blocks of files and data label are stored in Cloud Server by each cloud user, the positioning label of blocks of files is sent to TPA;TPA receives the data being stored on multiple Cloud Servers after the audit request of user to these users and throws down the gauntlet, after receiving the proof of return, the proof that challenge and server of the TPA based on transmission return carries out validation verification, if Data Audit result is to pass through by verifying;Otherwise TPA verification positioning label, the then auditing result that positioning label Verification passes through are to pass through, otherwise the index of cloud user index and place server belonging to output error data.Last TPA to auditing result be by cloud user send and audit successfully, be the index of unacceptable cloud user transmission wrong data subordinate server to auditing result.The present invention is convenient for the position for allowing user faster to find out damaged data.
Description
Technical field
It is verified the invention belongs to technical field of network security more particularly to a kind of support batch processing and has wrong data and determined
The cloud data public audit method of bit function.
Background technique
Possessing property of data proves that (Provable Data Possession, PDP) scheme can allow user in no local
It in the case where backup, does not need to fetch data, the number that can be stored in very high probability remote verification on insincere server
According to whether completely, communication bandwidth is saved.Currently, most of PDP schemes are stored on a single server for single user
Data carry out completeness check.But reality situation in, cloud storage provide service be towards many users, meanwhile, cloud
Service provider be not it is single, each cloud service provider possessed also be not only individual server.In order to more suitable
Reality is answered, in recent years, the PDP scheme under multi-user's list server, single user multiserver, multi-user's multiserver scene is successively
It is suggested.The data integrity batch processing checkschema of multi-user's multiserver is supported to substantially reduce computing cost, but
After corrupt data, the source of wrong data often accurately can not be quickly determined.So it is an object of the invention to: in multi-user
Under environment of multi-server, while realizing the verification of batch processing remote data integrity, moreover it is possible to realize the positioning to wrong data, i.e.,
It finds which user is wrong data belong to, and stores on which server, be convenient for that user is allowed faster to find that oneself is stored in this way
Corrupted data on which server.
Related work
2013, Wang et al. was mentioned under multi-user's list server environment using BLS signature construction homomorphism verifying label
A kind of batch processing checkschema for protecting user data privacy is gone out, and has judged that the data of which user go out using binary chop
It is wrong.2016, Mao et al. was proposed at supporting under a kind of cloudy server environment of single user batch also with BLS short signature
The data integrity verifying scheme of reason, but scheme does not account for the problem of wrong data positions.
2014, Liu et al. people proposed the batch processing verification side under a kind of multi-user's multiserver scene using Bilinear map
Case, and displacement attack is resisted using orderly Merkle Hash Tree.Ren et al. uses the Co-GDH on elliptic curve
Signature construction homomorphism verifies label, proposes that one kind can disclose the batch processing checkschema for verifying and protecting privacy, and utilize data
It updates information table and realizes that data dynamic updates.2016, Zhou et al. proposed one kind using Bilinear map and CDH problem and is based on
The batch processing PDP scheme of ID.Above scheme fast and effeciently can disposably verify multiple users and be stored on multiple servers
Data it is whether complete, but they do not consider the orientation problem of wrong data.
In the batch processing scheme under multi-user's multiserver scene, also someone is it is proposed that the idea that wrong data positions.
2013, He et al. proposed a kind of recognizable damage data, support batch processing data using recoverable coding method
Integrity check scheme can all detected the user of all corrupt datas, but without clothes locating for positioning error data
Business device.2015, Shin et al. also proposed a kind of batching data integrity check scheme for realizing damage data identification, but
It is that after the corrupt data for having multiple servers to return, the program can only determine the last one erroneous servers, and can not be true
Determine the owner of wrong data.
The batch processing cloud data that the invention proposes a kind of to support wrong data to position under multi-user's environment of multi-server
The audit work of data integrity verifying is entrusted to auditing by third party person (Third Party by public audit method, cloud user
Auditor, TPA).After TPA receives the audit request of multiple cloud users, batch processing verifies these clouds user and is stored in multiple services
The integrality of data on device.It, can be real in primary challenge after detecting corrupt data while realizing batch processing verification
Existing wrong data positioning function, that is, the owner for finding error data and the server locating for it.
Summary of the invention
The technology of the present invention in view of the deficiencies of the prior art, the present invention provides a kind of support batch processing verification and has mistake
The cloud data public audit method of data positioning function.
Disclosed by the invention is one kind under multi-user's environment of multi-server, can support wrong data positioning and batch processing school
The cloud data public audit method tested, the present invention include: CA (Certificate Authority, authentication center) server into
The setting of row initiation parameter, all cloud users can be to the one's own public private key pair of CA application;Each cloud user is by theirs
Blocks of files and data label are stored in Cloud Server, and the positioning label of blocks of files is sent to TPA;TPA receives multiple clouds
After the audit request of user, data that these users are stored on multiple Cloud Servers can throw down the gauntlet simultaneously, receive by
After challenging the proof that Cloud Server returns, the proof that challenge and server of the TPA based on transmission return carries out validity batch and tests
Card, if illustrating that the Data Audit result of cloud user involved in challenge is to pass through by verifying.Otherwise, TPA verification positioning mark
Label pass through positioning label Verification, illustrate that corresponding data are complete, i.e., auditing result is to pass through;Positioning label is tested
It demonstrate,proves unacceptable, illustrates that data are destroyed, the rope of cloud user index and place server belonging to TPA output error data
Draw.Last TPA to auditing result be by cloud user send successful Audit Report of auditing.It is unacceptable to auditing result
The index of cloud user transmission wrong data subordinate server.
Compared with prior art, beneficial effects of the present invention:
Realize wrong data positioning: the present invention not only realizes under multi-user's environment of multi-server, multiple cloud users
The person that can entrust auditing by third party carries out batch processing audit to the data being stored in multiple Cloud Servers.In addition it is examined in batch processing
It counts in unacceptable situation, only does and once relatively operate the data that can judge that specific user is stored on particular server and be
It is no to be destroyed.In addition, the present invention can also find out all error datas, while positioning user belonging to error data and place clothes
Business device reduces user and finds the time of wrong data, and more easily determine convenient for allowing user faster to find out the position of damaged data
The degree of reliability of Cloud Server.
The present invention realizes under multi-user's environment of multi-server, supports the data integrity validation of batch processing, while going back structure
A kind of positioning label has been made to realize the positioning function of wrong data, can make after batch processing verification corrupted data user and
Its corrupt data of Shi Faxian, and it can be seen that damaged data position, improve user detect document lending position efficiency.
Detailed description of the invention
Fig. 1 is specific implementation method flow chart of the present invention.
Fig. 2 is the data label generating process schematic diagram of the specific embodiment of the invention.
Fig. 3 is the positioning label generating process schematic diagram of the specific embodiment of the invention.
Fig. 4 is the public audit and wrong data position fixing process schematic diagram of the specific embodiment of the invention.
Fig. 5 is cloud user DO1With a1tFor parameter, for Cloud Server CS14 data block M of upper storage111, M112, M113,
M114MHT (Merkle Hash Tree, Merkle Hash tree) TR of building11t。
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, those skilled in the art's every other embodiment obtained without making creative work all belong to
In the scope of protection of the invention.
Method flow of the invention is as shown in Figure 1, the steps include:
1, CA server carries out initiation parameter setting;
● using k as security parameter, select two ranks for the multiplicative cyclic group G of q1And G2, q be a Big prime and meet q >
2k, take G1Generation member be g, in group G1And G2One bilinear map e:G of upper selection1×G1→G2。
● four cryptography Hash function H of selection1,H2,H3,H4With a pseudo-random function f, wherein H1: { 0,1 }*→G1,
H2: { 0,1 }*→Zq, H3: { 0,1 }*→G1, H4: { 0,1 }*→Zq(H1And H3, H2And H4It is different Hash function respectively),Wherein Zq=0,1,2 ..., and q-1 }, each user index can be expressed as wiThan
Special string, each server index can be expressed as wjThe string of bit, each blocks of files index can be expressed as wkThe string of bit.
● random selectionAs subregion coefficient, and enable λ=k as each user to identical number
According to the quantity of building MHT (Merkle Hash Tree, Merkle Hash tree).
● random selectionAs main private key msk, and enabling Your Majesty's key is mpk=gx。
● by common parameter params=(G1,G2,q,g,e,H1,H2,H3,H4,f,{vl, λ) and Your Majesty's key mpk=gxIt is public
It opens, main private key msk=x secret is saved.
2, cloud user DOiTo the public private key pair of CA application oneself
●DOiIt generates key application request Concurrency to send to CA server, CA server is DOiGenerate key pair (pki,
ski), wherein public key pki=H1(IDi), private key ski=H1(IDi)x=pki x, i is cloud user DOiIndex, IDiFor DOiBody
Part identifier.
3, CA server is by private key skiDO is sent to by safe lanei。
4、DOiBlocks of files to be uploaded is pre-processed into (Fig. 2 is data label generating process)
●DOiFixed length segmentation is carried out to file to be uploaded, enables MijkIndicate cloud user DOiIt is stored in server CSjOn kth
A block, each piece is made of s subregion, enables FijklIndicate DOiIt is stored in CSjOn k-th piece in first of subregion.
●DOiTo each data block MijkGenerate a label value σijk=(Sijk,Tijk), specific generation method are as follows: DOiWith
Machine is chosenTo each blocks of files M of oneselfijkIt calculateshi=H2(IDi), hpk=H3
(mpk), it and calculates
5、DOiBlocks of files and data label are uploaded in corresponding Cloud Server
DOiBy its all blocks of files { MijkAnd corresponding data label { σijkBe sent to accordingly by server index
Server.
6, each server verifies the availability such as Fig. 2 for the data label that it is received, and each server receives user's transmission
Data block and data label after, by verifying whether following equation at Rob Roy determines whether data label correct.
If equation is set up, illustrate that the data label that user uploads is available, the data block that server storage verification passes through
With data label;If equation is invalid, Cloud Server requires user to upload again.
7、DOiIt generates positioning label and sends it to TPA (Fig. 3 is to position label generating process)
● set storage DOiThe server indexed set for uploading file data is combined into Ji, and DOiIn server CSj(j∈Ji) on deposit
The blocks of files block number of storage is Nij。DOiRandom selectionDOiTo each server CSj(j∈Ji),
Respectively with ait(1≤t≤λ) is MHT parameter, is stored in CS to itjOn NijA data block constructs λ MHT.Each tree is used
TRijt(1≤t≤λ) is indicated, TRijtRoot node RijtIt indicates.
Such as user DO1In server CS1On house 4 data block M altogether111、M112、M113、M114, use a1t(1≤t
≤ λ) it is used as parameter, TR11tBuilding such as Fig. 5, the root of tree is R11t。
●DOiConstruct a positioning concordance listWherein ait(1≤t≤λ)
For MHT parameter, chr is enabledijt=Rijt(j∈Ji, 1≤t≤λ) and indicate DOiIt is stored in CSjT-th of positioning mark of upper all data
Label.If chrijtIt is not present, i.e.,Then enable chrijt=-1.Wherein η indicates the number of server.DOiThe positioning rope of building
Draw Table I ndexiAs shown in table 2.
●DOiConcordance list will be positioned, i.e. positioning label is sent to TPA.
Table 2 is user DOiThe positioning concordance list Index of buildingi
8, cloud user DOiAudit request is initiated to TPA
● audit request DOiThe indexed set { (i, j, k) } of all data blocks of upper transmitting file, including cloud user DOiIndex
I stores DOiThe Cloud Server CS of datajIndex j ∈ Ji, it is stored in Cloud Server CSjOn data block index k.
9, TPA generates challenge according to the audit request of user (step 9~13 detailed process are reacted by Fig. 4)
● after the audit request for receiving multiple cloud users, all audit requests are done union by TPA, obtain total audit request
Set Q=∪ { (i, j, k) }.
● TPA selects c block from total audit request set Q and is verified, and enables(1≤n≤c,(in,jn,
kn) ∈ Q) indicate c selected block, set I={ (i is constructed by element of the index of this c blockn,jn,kn) | n=1 ...,
c}。
● TPA building mapping f1:I→Zq,MeetWork as is=itWhen, haveEnable set
● TPA is randomly selectedTPA building mapping MeetWork as is=itWhen, haveWherein MHT parameterBy cloud userIt is generated in step 7, and be sent to TPA by positioning concordance list.Enable MHT parameter sets
● always challenge chal=(I, K, α).
● setting indicates that TPA will be challenged always with U by the index set { j } for the c data block place Cloud Server that TPA chooses
Chal is pressed by the difference of challenge Cloud Server, is divided into | U | a point of challenge { chalj, | U | indicate the element number in set U,
MeetEach chalj=(Ij,Kj,αj), wherein Ij={ (in,jn,kn)|(in,jn,kn) ∈ I and jn
=j },
● TPA is by chaljIt is sent to server CSj。
10, the server for receiving challenge calculates corresponding prove
● receive challenge chaljCloud Server CSjTo IjEach of data block index (in,jn,kn), respectively with phase
It answersFor key, calculated using pseudo-random function fI.e. each number
A corresponding r is indexed according to blockn.WhereinIt is chosen in the first step by CA and openly.
● Cloud Server CSjTo IjIn belong to same user (such as user DOi) all data block { (in,jn,kn)|(in,
jn,kn)∈IjAnd in=i, jn=j } l ∈ [1, s] a subregion, calculateIt is wrapped
Set { F containing s elementij′l| l=1 ..., s }, whereinIndicate that index is inCloud userIt is stored in index
For the Cloud Server CS of jjOn kthnFirst of subregion of a data block.Cloud Server CSjTo IjIn all user do it is above-mentioned
Identical operation, and all obtained set are done into union and form new set { F 'ijl|i∈Oj, l=1 ..., s }, wherein Oj
Indicate IjIn include all cloud users index set.
● to IjIn all data blocks data label
CSjIt calculates It is i-thnA cloud user is stored in jthnA clothes
The kth being engaged on devicenThe data label of a data block is comprising two partsWith
● Cloud Server CSjFor each cloud user DO challengedi(i∈Oj), to all data being stored thereon
Block, with αjIn with cloud user DOiData block index corresponding aiτFor parameter, one is constructed according to method as shown in Figure 5
MHT is expressed as TRijτ, tree root Rijτ.Wherein αjBy chalj=(Ij,Kj,αj) provide.All OjThe data block of medium cloud user
The MHT tree root of building user corresponding with its, server index constitute set { (i, j, Rijτ)|i∈Oj}。
● Cloud Server CSjConstruction proves Pj=(S 'j,T′j,{F′ijl|i∈Oj, l=1 ..., s }, { (i, j, Rijτ)|i
∈Oj})。
11, all Cloud Servers challenged, which will demonstrate that, is sent to verifier TPA
12, TPA batch processing verification proves
● after TPA receives all proofs returned by challenge server, these are proved to carry out batch processing verification, verification step
It is rapid as follows: first to calculateThen whether verification equation (1) is true, medium
O indicates the index set of cloud user involved in total challenge chal of verifier generation in formula (1).
If 1) equation (1) is set up, illustrate that batch processing verification passes through, i.e., the Data Audit knot of cloud user involved in total challenge
Fruit is to be verified.
2) if equation (1) is invalid, to Cloud Server CSjSet { (i, j, the R that (j ∈ U) is returnedijτ)|i∈OjIn
Each element (i, j, Rijτ), TPA utilizes (i, j) and τ (τ is chosen in step 9 by TPA), Query Location concordance list IndexiIn
τ row, jth+1 column in value chrijτ, and whether verify equation (2) true
If equation (2) is set up, illustrate cloud user DOiIt is stored in Cloud Server CSjOn data it is complete, i.e. DOiIt is stored in
CSjOn Data Audit result be verified.
If equation (2) is invalid, illustrate cloud user DOiIt is stored in Cloud Server CSjOn data destroyed, that is, audit
As a result do not pass through for verifying.The index (i, j) of cloud user index belonging to TPA output error data and place server.
13, TPA is that the corresponding cloud user being verified sends successful Audit Report of auditing to auditing result.It is tied to audit
Fruit is the index that the unacceptable relative users of verifying send error block subordinate server.
Claims (7)
1. a kind of cloud data public audit method for supporting batch processing to verify and to have wrong data positioning function, the steps include:
1) CA server carries out initiation parameter setting, selectionAs subregion coefficient, and enable λ=k
Quantity as the Hash tree MHT that each user constructs identical data, wherein k is security parameter, and s is the subregion number of block,
Zq={ 0,1,2 ..., q-1 }, q are a Big primes and meet q > 2k;Cloud user DOiTo the public and private key of CA server application oneself
It is right;CA server is by private key skiCloud user DO is sent to by safe lanei;
2) cloud user DOiIt is several pieces by file division to be uploaded and is each piece of one data label of generation;
3) cloud user DOiEach piece and its data label are uploaded in corresponding Cloud Server;
4) Cloud Server verifies the availability for the data label that it is received, if verification pass through, store the data label and its
Corresponding piece;Then, cloud user DOiIt generates the positioning label for uploading blocks of files and audit request and sends it to third party and examine
Count TPA;
5) after TPA receives the audit request, throw down the gauntlet to the data of cloud users multiple on multiple Cloud Servers, receive by
After the proof that the Cloud Server of challenge returns, TPA verifies the correctness of the proof, if TPA is used to all clouds by verification
Family sends verification successful information;Otherwise TPA verification positioning label, returns to corresponding cloud user for the index of wrong data;Wherein,
Generate the method for uploading the positioning label of blocks of files are as follows:
51) storage DO is setiThe Cloud Server indexed set for uploading blocks of files is combined into Ji, and cloud user DOiIn Cloud Server CSjUpper storage
Blocks of files block number be Nij;Cloud user DOiRandomly choose λ parameter, aitFor wherein t-th of parameter;
52)DOiTo each Cloud Server CSjRespectively with every aitFor MHT parameter, Cloud Server CS is stored in itjOn Nij
A block constructs a MHT;It is total to obtain λ MHT;Wherein, t=1 ..., λ, j ∈ Ji;The t MHT TRijtIt indicates, TRijt
Root node RijtIt indicates;Wherein, MHT is Merkle Hash tree;
53) chr is enabledijt=RijtIf Cloud Server shares η, cloud user DOiConstruct a positioning concordance listWherein, chrijt=RijtIndicate DOiIt is stored in CSjThe t of upper all data
A positioning label, j ∈ Ji;If chrijtIt is not present, i.e.,Then enable chrijt=-1;The positioning concordance list, that is, positioning mark
Label.
2. the method as described in claim 1, which is characterized in that each piece is made of s subregion;MijkIndicate cloud user DOiIt deposits
It is placed on Cloud Server CSjOn k-th of data block, FijklIndicate DOiIt is stored in Cloud Server CSjOn k-th of data block in
First of subregion.
3. method according to claim 2, which is characterized in that block MijkGenerate a data label σijk=(Sijk,Tijk)
Method are as follows: cloud user DOiRandomly select a parameter ui, to block MijkIt calculateshi=H2(IDi), hpk=H3
(mpk), it and calculatesWherein, g is group G1Generation member, mpk be CA Your Majesty's key,
IDiFor cloud user DOiIdentity, skiFor DOiPrivate key, H1()、H2()、H3() is respectively different hash functions, vl
For subregion coefficient.
4. method as claimed in claim 3, which is characterized in that Cloud Server passes through formula
The data label availability received is verified, e () is a bilinear map.
5. the method as described in claim 1, which is characterized in that after TPA is according to the audit request, on multiple Cloud Servers
The method that the data of multiple cloud users throw down the gauntlet are as follows:
61) audit request received is done union by TPA, obtains an audit request set Q;
62) TPA selects c block from the audit request Q of all cloud users and verifies, and constructs the index for the c block selected
Set I={ (in,jn,kn) | n=1 ..., c };Indicate n-th of audit request (i in In,jn,kn) specified data
Block;Wherein inIt is data blockAffiliated user index, jnIt is storage blockServer index, knForBlock index;
63) TPA building mappingMeetWork as is=itWhen, haveEnable key
Set
64) TPA is randomly selectedBuilding mappingMeetWork as is=
itWhen, haveEnable parameter sets
65) TPA generates total challenge chal=(I, K, α);
66) the index set { j } of Cloud Server where indicating the block challenged with U, TPA press total challenge chal by challenge cloud
The difference of server, is divided into | U | a point of challenge { chalj, haveTPA will divide challenge chalj=(Ij,
Kj,αj) it is sent to Cloud Server CSj;Wherein, Ij={ (in,jn,kn)(in,jn,kn) ∈ I and jn=j },
6. method as claimed in claim 5, which is characterized in that the method that the Cloud Server challenged generates the proof are as follows:
71) challenge chal is receivedjCloud Server CSjTo IjEach of data block index (in,jn,kn), respectively with corresponding
'sFor key, calculated using pseudo-random function fTo IjIn belong to it is same
L ∈ [1, s] a subregion of all data blocks of one user calculatesGathered
{F′ijl|i∈Oj, l=1 ..., s }, whereinIndicate that index is inCloud userThe cloud that index is j is stored in take
Be engaged in device CSjOn kthnFirst of subregion of a data block, OjIndicate IjIn include all cloud users index set;Then
Cloud Server CSjUtilize IjIn all data blocks data label
It calculates
72) Cloud Server CSjFor each cloud user DO challengedi(i∈Oj), to all data blocks being stored thereon, with
αjIn with cloud user DOiData block index corresponding aiτFor parameter, a MHT is constructed, TR is expressed asijτ, tree root Rijτ,
Wherein αjBy chalj=(Ij,Kj,αj) provide;
73) by OjIn the MHT tree root that constructs of all blocks by challenge cloud user and the corresponding cloud user of each tree root, cloud service
Device index constitutes set { (i, j, Rijτ)|i∈Oj, obtain Cloud Server CSjProof
Pj=(S 'j,T′j,{F′ijl|i∈Oj, l=1 ..., s }, { (i, j, Rijτ)|i∈Oj})。
7. method as claimed in claim 6, which is characterized in that the method for verifying the correctness of the proof are as follows: TPA receives institute
After the proof for thering is the Cloud Server challenged to send back to, first calculateThen it verifies
Equation:It is
No establishment;If so, then verification passes through;If not, then to Cloud Server CSjSet { (i, j, the R of returnijτ)|i∈OjIn
Each element (i, j, Rijτ), TPA utilizes (i, j) and τ Query Location concordance list IndexiIn τ row jth+1 column in value
chrijτ, and verify equationIt is whether true, if so, then verification passes through, and otherwise cloud belonging to output error data is used
The index (i, j) of family index and place server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710178312.5A CN106911708B (en) | 2017-03-23 | 2017-03-23 | A kind of cloud data public audit method for supporting batch processing to verify and to have wrong data positioning function |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710178312.5A CN106911708B (en) | 2017-03-23 | 2017-03-23 | A kind of cloud data public audit method for supporting batch processing to verify and to have wrong data positioning function |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106911708A CN106911708A (en) | 2017-06-30 |
CN106911708B true CN106911708B (en) | 2019-12-03 |
Family
ID=59194566
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710178312.5A Active CN106911708B (en) | 2017-03-23 | 2017-03-23 | A kind of cloud data public audit method for supporting batch processing to verify and to have wrong data positioning function |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106911708B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108256048A (en) * | 2018-01-12 | 2018-07-06 | 哈尔滨工业大学深圳研究生院 | The auditing by third party method that user file data is supported to restore |
CN111473851A (en) * | 2020-05-12 | 2020-07-31 | 上海电机学院 | Weighing scale system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106169954A (en) * | 2016-08-01 | 2016-11-30 | 浪潮集团有限公司 | A kind of cloud service auditing system based on digital signature and timestamp and method |
CN106254374A (en) * | 2016-09-05 | 2016-12-21 | 电子科技大学 | A kind of cloud data public audit method possessing duplicate removal function |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160196517A1 (en) * | 2015-01-07 | 2016-07-07 | Byron Burpulis | Engine, system and method of providing automated risk mitigation |
-
2017
- 2017-03-23 CN CN201710178312.5A patent/CN106911708B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106169954A (en) * | 2016-08-01 | 2016-11-30 | 浪潮集团有限公司 | A kind of cloud service auditing system based on digital signature and timestamp and method |
CN106254374A (en) * | 2016-09-05 | 2016-12-21 | 电子科技大学 | A kind of cloud data public audit method possessing duplicate removal function |
Non-Patent Citations (2)
Title |
---|
An Efficient Public Batch Auditing Protocol for Data Security in Multi-Cloud Storage;He K,et al;《2013 8th Annual ChinaGrid Conference》;20131010;正文第4节,表1 * |
Identity-Based Batch Provable Data Possession;Fucai Zhou,et al;《Springer International Publishing AG 2016》;20161013;正文第52页右边栏第C小节,第53页左边栏第A,B小节 * |
Also Published As
Publication number | Publication date |
---|---|
CN106911708A (en) | 2017-06-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106254374B (en) | A kind of cloud data public audit method having duplicate removal function | |
CN113364600B (en) | Certificateless public auditing method for integrity of cloud storage data | |
CN107508686B (en) | Identity authentication method and system, computing device and storage medium | |
CN103425941B (en) | The verification method of cloud storage data integrity, equipment and server | |
He et al. | Secure and efficient two-party signing protocol for the identity-based signature scheme in the IEEE P1363 standard for public key cryptography | |
CN104993937B (en) | A kind of method of inspection for cloud storage data integrity | |
JP2019510444A5 (en) | ||
CN109286490A (en) | Support close state data deduplication and integrity verification method and system | |
Wang et al. | Efficient public verification on the integrity of multi-owner data in the cloud | |
Abdalla et al. | Verifiable random functions: Relations to identity-based key encapsulation and new constructions | |
CN109688107A (en) | Cloud data safety localization method based on integrality audit and communication delay | |
CN105007161B (en) | A kind of fuzzy keyword public key search encryption method of trapdoor None- identified | |
TW202034656A (en) | Method for generating secure randomness on blockchain | |
CN105515778B (en) | Cloud storage data integrity services signatures method | |
CN110011998A (en) | A kind of prepare more part teledata of identity-based holds verification method | |
CN105227317A (en) | A kind of cloud data integrity detection method and system supporting authenticator privacy | |
CN108337092B (en) | Method and system for performing collective authentication in a communication network | |
CN112910632B (en) | Novel cloud data integrity verification method facing multiple data users and protecting user privacy | |
CN108123934A (en) | A kind of data integrity verifying method towards mobile terminal | |
CN106911708B (en) | A kind of cloud data public audit method for supporting batch processing to verify and to have wrong data positioning function | |
CN103780386A (en) | Blind signature method based on identity and device thereof | |
CN113609533A (en) | Integrity auditing method for smart power grid data | |
CN108494561B (en) | Aggregation electronic signature method with fixed signature length | |
CN106034122A (en) | Information processing method, electronic equipment and server | |
Crutchfield et al. | Generic on-line/off-line threshold signatures |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |