CN107094075A - A kind of data block dynamic operation method based on convergent encryption - Google Patents

A kind of data block dynamic operation method based on convergent encryption Download PDF

Info

Publication number
CN107094075A
CN107094075A CN201710544167.8A CN201710544167A CN107094075A CN 107094075 A CN107094075 A CN 107094075A CN 201710544167 A CN201710544167 A CN 201710544167A CN 107094075 A CN107094075 A CN 107094075A
Authority
CN
China
Prior art keywords
index
server
user
file
new
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710544167.8A
Other languages
Chinese (zh)
Other versions
CN107094075B (en
Inventor
张小松
黄可
牛伟纳
刘小垒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201710544167.8A priority Critical patent/CN107094075B/en
Publication of CN107094075A publication Critical patent/CN107094075A/en
Application granted granted Critical
Publication of CN107094075B publication Critical patent/CN107094075B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of data block dynamic operation method based on convergent encryption, belong to technical field of network security, solve to realize dynamic operation under existing convergent encryption technology, there can be the problem of data integrity conflict, tenure management and access control and difficult key updating.The present invention is comprised the following steps that:Step 1, user's selection security parameter, export open parameter according to security parameter and are sent to server;Step 2, server are dynamically changed original according to open parameter while convergent encryption is carried out to original;Step 3, user to the result that step 2 is obtained take, the metadata information of the missing documents after being updated in completion server.The present invention is for there is provided data block dynamic operation while data encryption and deduplication.

Description

A kind of data block dynamic operation method based on convergent encryption
Technical field
A kind of data block dynamic operation method based on convergent encryption, for while data encryption and deduplication, carrying For data block dynamic operation, belong to technical field of network security.
Background technology
Cloud storage is one of earliest cloud computing application, and the running of its scale and the management of clustering cause data storage Business is able to efficiently carry out, and is favored by a large amount of service providers.
In recent years, the growth of data explosion type brought huge burden to cloud storage service device.Duplicate removal recovering technology is mesh The widely used technology of preceding cloud service provider, it can effectively reduce redundant data, improve storage efficiency.Convergent encryption be at present most For popular deduplication AES, it can perform deterministic encryption to data, so as to allow identical in plain text encrypted It can also be identified afterwards, so as to realize the function of deduplication on the premise of privacy is protected.
Although current convergent encryption is widely used and studied, but its exclusive speciality also allows user right The data of oneself storage carry out dynamic operation.Difficult point mainly has three:(1) data integrity conflict:If server is actively Execution deduplication while, user also actively implements dynamic operation, certainly will so cause the inconsistent of data file;(2) hold Have authority over and access control problem:There is malicious user or server to data unauthorized access and operation;(3) key updating It is difficult:Data are in dynamic change in the environment of deduplication, and its key is also the same, and how managing and updating these keys is one Individual problem.Just between 2015-2017, the existing high-level achievement in research largely for second and third point occurs, such as 《Rekeying for Encrypted Dedupl ication Storage》,《Secure Data Dedupl ication with Dynamic Ownership Management in Cloud Storage》Etc..However, nobody proposes a pin To the solution of all 3 problems, i.e.,:On the premise of convergent encryption, it is allowed to which user carries out dynamic operation to data.With In the popularization of current smart machine, bring the convenience of data access and quick, user to the importance of the dynamic operation of data not Hold and ignore, therefore how to realize that the operation of the data dynamic under convergent encryption is the problem with economic potential and researching value.
The content of the invention
It is an object of the invention to:It may be faced based on implementation dynamic operation under existing convergent encryption technology:(1) data Integrality conflicts;(2) tenure management and access control;(3) the problem of key updating is difficult, the invention provides one kind based on receipts Hold back the data block dynamic operation method of encryption.
The technical solution adopted by the present invention is as follows:
A kind of data block dynamic operation method based on convergent encryption, it is characterised in that comprise the following steps that:
Step 1, user's selection security parameter, open parameter is exported according to security parameter;
Step 2, user are sent to server, server pair according to open parameter generation convergent encryption and dynamic modification request Original is dynamically changed while original carries out convergent encryption;
Step 3, user to the result that step 2 is obtained take, the missing documents after being updated in completion server Metadata information.
Further, the step 1 is specially:
Security parameter λ is selected, a prime number p is randomly choosed in security parameter λ, two ranks are the group G that p generation members are g, GT
Select a Bilinear map:e:G×G→GT
Randomly choose an integer s and three hash function Ha:{0,1}*→ZP,Hb:{ZP}s→G,Hc:G→{ZP}s
S+1 element is randomly choosed from group G:
The open parameter of output:P=<p,g,G,GT,s,Ha,Hb,Hc,u0,u1,…,us>。
Further, the step 2 is comprised the following steps that:
Step 2.1, pretreatment:User calculates the metadata of original and encrypts original according to open parameter P;
Step 2.2, tenure checking:Request of the server according to user to encryption original, checking encryption original is held Have the right;
Step 2.3, deduplication:Server, to tenure encryption original request, performs tenure encryption former according to user File deduplication.
Further, the step 2.1 is specially:
According to open parameter P, it is as follows that original M is divided into n block by user first:M=M1||…||Mn
Calculate original M master key kmas=Ha(M) and original block blocks of files key ki=Hb(M[i])(1≤i≤ N), key set k={ k are obtainedmas,{ki}1≤i≤n};
According to blocks of files cipher key calculation ciphertext blocksObtain former ciphertext C=C1||…| |Cn
According to cryptogram computation file index index0=Ha(C) and blocks of files index indexi=Ha(Ci) (1≤i≤n), obtain To indexed set index={ indexi}1≤i≤n
Calculate original M file labelWith the blocks of files label of original blockObtain tally set σ={ σi}0≤i≤n
Use indexed set { indexi}1≤i≤nIn element as leaf node, build not Cole's Hash tree Ψ and calculate root section Point R;
Finally, { index, σ, R } is sent to server by user as deduplication request.
Further, the step 2.2 is specially:
Server is received after user's deduplication request { index, σ, R }, each in the indexed set index uploaded using user Individual element indexi(1≤i≤n) builds not Cole's Hash tree Ψ and calculates new root node R ' as leaf node, then, clothes Business device judges and performed as follows:If R ' ≠ R, terminate and return to error identifier;If R '=R, server proceeds Reprocessing.
Further, the step 2.3 is specially:
Listed files List of the server first in primary storage device is stored infileMiddle search file indexes index0, And perform as follows:
If index0It is not present, then server continues to search for index in the blocks of files list in secondary storage devicesi(1 ≤ i≤n), server is by the index searchediIdentifier i recorded in not duplicate file block message collection T, T is returned to User, user is received after T, produces not duplicate message U={ Ci}i∈TAnd be sent to server, server to each i ∈ T, Verify indexi=Ha(Ci) whether set up, if not, then return to error identifier and exit;If setting up, server Certification user is file cipher text C legitimate holder, and is holding list ListownerMiddle record, finally, server is by text Part collection W={ C, index, σ, R } is stored in cloud, and user is locally preserving { kmas,index00}.;
If index0In the presence of server continues to judge:If σ0≠ null, server returns to file access address to user, together When return success flag accord with and terminate;If σ0=null, then the file of representative server storage is obtained by dynamic modification , the file label σ by being obtained after dynamic modification is marked with null values in dynamic operation agreement0, therefore, server will With the tally set σ that the amended new tally set σ ' replacements of dynamic are old;The old indexed set of new indexed set index ' replacements, so Afterwards, server authentication user is file cipher text C legitimate holder, and is holding list ListownerMiddle record, finally, File set W={ C, index, σ, R } is stored in cloud by server, and user is locally preserving { kmas,index00}。
Further, dynamic modification is comprised the following steps that:
Step 3.1. server dynamic operations:Server asks to perform former ciphertext data block modification, addition according to user Or the operation deleted;
Step 3.2. user's checking correctness:Server returns to the voucher performed after operation to user, and user passes through checking Judge whether dynamic operation correctly performs.
Further, the step 3.1 is specifically divided into three kinds of situations:
The data block of j-th of position of file C is revised as
User calculates new file block keyNew ciphertext blocksOrdinary label By modification requestIt is sent to server;
Server produces shadow file collection X={ C, an index0=null, { index }1≤i≤n0=null, {σi}1≤i≤n, R }, and useReplace Cj, obtain new file ciphertext C*, useReplace σj, obtain ordinary tally setWithReplace indexj, obtain new indexed set index*, build new not Cole Hash tree Ψ*And calculate new root section Point R*, use R*Replace old node R;
A data block is added behind j-th of data block of file C
User calculates new file block keyNew ciphertext blocksIt is flat All labelsBy modification requestIt is sent to server;
Server produces a shadow file collection X, and new file block is inserted afterwards in C [j]Obtain new file ciphertext C*, σ [j] is inserted afterwardsObtain ordinary tally setCalculate new file indexWith blocks of files index WithReplace index0, willIt is inserted intoBelow, new index is obtained Collect index*, calculate new not Cole tree Ψ*And calculate new root node R*, use R*Replace R;
Delete the data block of j-th of position of file C
User will change request { delete, j, null, null } and be sent to server, and server produces a shadow file Collect X, and delete C [j], indexjWith σ [j], new ciphertext C is obtained*With ordinary labelCalculate new file indexAnd useReplace index0, finally obtain new indexed set index*, calculate new not Cole Set Ψ*And calculate new root node R*, use R*Replace R.
Further, the data block of j-th of position of file C is revised asIn ordinary labelIt is defined as follows:
A data block will be added behind j-th of data block of file CIn ordinary labelIt is defined as follows:
The data block of j-th of position of file C will be deletedIn ordinary labelIt is defined as follows:
Further, the step 3 is specially:
Step 4.1, user, which send back, takes request { retrieve, index00Give server;Server is first in file List ListfileMiddle search index0If being not present, return to error identifier and terminate, otherwise, perform step 4.2;
Step 4.2, server are according to index0Retrieve file label σ0, and according to holder's list ListownerSentence Whether disconnected user is holder, if it is not, then returning to error message and exiting;Otherwise, step 4.3 is performed;
Step 4.3, server continue to judge:If σ0≠ null, then server directly returns to file Reference address, user's calculation document block keyThen calculate Finally give ciphertext M=M1||…||Mn
If σ0=null, it represents this document and produced by dynamic modification, and user calculates ordinary blocks of files key Then, user calculates each cryptograph files block: End user obtains complete plaintext
Step 4.4, user calculate new master keyNew file labelAnd blocks of files LabelFinally obtain new tally set
Step 4.5, user are by new tally set σ*Return to server, server σ*Replace ordinary labelFor mending The metadata information of missing documents after being updated entirely.
In summary, by adopting the above-described technical solution, the beneficial effects of the invention are as follows:
1st, the present invention realizes dynamic operation under convergent encryption technology, is not in data integrity conflict, tenure pipe The problem of reason and access control and difficult key updating;
2. the present invention has used the concept of shadow file collection, here shadow file collection X={ C, index0=null, {index}1≤i≤n0=null, { σi}1≤i≤n, R }, it refers to clone's copy to file and metadata, but and copy Unlike, Wo Menyong, σ0=null makes a distinction it with ordinary file collection W={ C, index, σ, R }, the mesh so done Be to allow dynamic operation not cover original file directly, and as an independent copy, and by dynamic operation (dynamic Modification) after, the copy can be compared with original file again, so as to reach 99% data by performing deduplication Save (because two files are to become different by a dynamic operation, their most only one of which blocks of files not phase Together);
3. the present invention has used the concept of ordinary label, here, ordinary label refers to that we do not update the close of label Key, and the key before file is dynamically changed is continued to use, so, it is possible to the trouble for avoiding key updating from bringing, but with And come be file consistence and decryption the problem of, but be due to be identified file we used file index index Block message, therefore label is served only for package file block key, the label without renewal is named as ordinary label by us.
Brief description of the drawings
Fig. 1 is schematic flow sheet of the invention.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the present invention, not For limiting the present invention.
Reference picture 1, of the invention is implemented as follows:
Initialization:
Security parameter λ is selected, a prime number p is randomly choosed in security parameter λ, two ranks are the group G that p generation members are g, GT,
Select a Bilinear map:e:G×G→GT, randomly choose an integer s and three hash function Ha:{0,1}*→ ZP,Hb:{ZP}s→G,Hc:G→{ZP}s, s+1 element is randomly choosed from group GThe open parameter of output: P=<p,g,G,GT,s,Ha,Hb,Hc,u0,u1,…,us>。
User is according to open parameter P, and it is as follows that original M is divided into n block by user first:M=M1||…||Mn
Calculate original M master key kmas=Ha(M) and original block blocks of files key ki=Hb(M[i])(1≤i≤ N), key set k={ k are obtainedmas,{ki}1≤i≤n};
According to blocks of files cipher key calculation ciphertext blocksObtain former ciphertext C=C1||…| |Cn
According to cryptogram computation file index index0=Ha(C) and blocks of files index indexi=Ha(Ci) (1≤i≤n), obtain To indexed set index={ indexi}1≤i≤n
Calculate original M file labelWith the blocks of files label of original blockObtain tally set σ={ σi}0≤i≤n
Use indexed set { indexi}1≤i≤nIn element as leaf node, build not Cole's Hash tree Ψ and calculate root section Point R;
Finally, { index, σ, R } is sent to server by user as deduplication request.
Server is received after user's deduplication request { index, σ, R }, each in the indexed set index uploaded using user Individual element indexi(1≤i≤n) builds not Cole's Hash tree Ψ and calculates new root node R ' as leaf node.Then, take Business device judges and performed as follows:If R ' ≠ R, terminate and return to error identifier;If R '=R, server proceeds Reprocessing.
Listed files List of the server first in primary storage device is previously stored infileMiddle search file index index0, and perform as follows:
If index0It is not present, then server continues to search in blocks of files list in advance in secondary storage devices indexi(1≤i≤n), server is by the index searchediIdentifier i recorded in not duplicate file block message collection T, by T User is returned to, user is received after T, produce not duplicate message U={ Ci}i∈TAnd server is sent to, server is to each I ∈ T, verify indexi=Ha(Ci) whether set up, if not, then return to error identifier and exit;If setting up, Server authentication user is file cipher text C legitimate holder, and is holding list ListownerMiddle record, finally, service File set W={ C, index, σ, R } is stored in cloud by device, and user is locally preserving { kmas,index00};
If index0In the presence of server continues to judge:If σ0≠ null, server returns to file access address to user, together When return success flag accord with and terminate;If σ0=null, then the file of representative server storage is obtained by dynamic modification , because we mark the file label σ by being obtained after dynamic modification in dynamic operation agreement with null values0。 Therefore, server is by with the old tally set σ of the amended new tally set σ ' replacements of dynamic;New indexed set index ' replacements are old Indexed set, then, server authentication user is file cipher text C legitimate holder, and is holding list ListownerIn Record, finally, file set W={ C, index, σ, R } is stored in cloud by server, and user is locally preserving { kmas,index0, σ0}。
Dynamic modification is comprised the following steps that:
Server dynamic operation:Server is asked to perform former ciphertext data block modification, addition or deleted according to user Operation;
The data block of j-th of position of file C is revised as
User calculates new file block keyNew ciphertext blocksOrdinary label By modification requestIt is sent to server;
Server produces shadow file collection X={ C, an index0=null, { index }1≤i≤n0=null, {σi}1≤i≤n, R }, and useReplace Cj, obtain new file ciphertext C*, useReplace σj, obtain ordinary tally setWithReplace indexj, obtain new indexed set index*, build new not Cole Hash tree Ψ*And calculate new root section Point R*, use R*Replace old node R;
A data block is added behind j-th of data block of file C
User calculates new file block keyNew ciphertext blocksIt is flat All labelsBy modification requestIt is sent to server;
Server produces a shadow file collection X, and new file block is inserted afterwards in C [j]Obtain new file ciphertext C*, σ [j] is inserted afterwardsObtain ordinary tally setCalculate new file indexWith blocks of files index WithReplace index0, willIt is inserted intoBelow, new index is obtained Collect index*, calculate new not Cole tree Ψ*And calculate new root node R*, use R*Replace R;
Delete the data block of j-th of position of file C
User will change request { delete, j, null, null } and be sent to server, and server produces a shadow file Collect X, and delete C [j], indexjWith σ [j], new ciphertext C is obtained*With ordinary labelCalculate new file indexAnd useReplace index0, finally obtain new indexed set index*, calculate new not Cole Set Ψ*And calculate new root node R*, use R*Replace R.
Wherein, the data block of j-th of position of file C is revised asIn ordinary labelIt is defined as follows:
A data block will be added behind j-th of data block of file CIn ordinary labelIt is defined as follows:
The data block of j-th of position of file C will be deletedIn ordinary labelIt is defined as follows:
Then, server and user perform dynamic operation agreement to perform the dynamic operation of blocks of files, and server is obtained newly File set afterIn order to prove the correctness of the file after updating to user, server will New root node R*User is sent to, user generates a set of random numbers Q and is sent to server, and server is according in Q Element, generate corresponding leaf segment point set L*={ indexi}i∈QWith corresponding certification path S*, and by voucher { L*,S*} User is sent to, user is according to { L*,S*Generation not Cole's Hash tree and calculate obtain new root node R ', then, user sentences It is disconnectedIf fruit equation is set up, dynamic operation is correctly performed, the file set after renewal It is ultimately stored on server;Otherwise, return to error identifier and terminate;
File is taken in order to return, user, which sends back, takes request { retrieve, index00Give server;Server exists first Listed files ListfileMiddle search index0If being not present, return to error identifier and terminate, otherwise, continue executing with down One step;
Server is according to index0Retrieve file label σ0, and according to holder's list ListownerJudging user is No is holder, if it is not, then returning to error message and exiting;Otherwise, next step is continued executing with;
Server continues to judge:If σ0≠ null, then server directly return to file access address, user's calculation document block KeyThen calculate Finally give ciphertext M=M1||…||Mn
If σ0=null, it represents this document and produced by dynamic operation, and user calculates ordinary blocks of files key Finally Obtain in plain text
Finally, user calculates new master keyNew file labelWith blocks of files mark LabelFinally obtain new tally set
User is by new tally set σ*Return to server, server σ*Replace ordinary labelIt is updated for completion The metadata information of missing documents afterwards.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention Any modifications, equivalent substitutions and improvements made within refreshing and principle etc., should be included in the scope of the protection.

Claims (10)

1. a kind of data block dynamic operation method based on convergent encryption, it is characterised in that comprise the following steps that:
Step 1, user's selection security parameter, open parameter is exported according to security parameter;
Step 2, user are sent to server according to open parameter generation convergent encryption and dynamic modification request, and server is to original text Original is dynamically changed while part carries out convergent encryption;
Step 3, user to the result that step 2 is obtained take, first number of the missing documents after being updated in completion server It is believed that breath.
2. a kind of data block dynamic operation method based on convergent encryption as claimed in claim 1, it is characterised in that the step Rapid 1 is specially:
Security parameter λ is selected, a prime number p is randomly choosed in security parameter λ, two ranks are the group G, G that p generation members are gT
Select a Bilinear map:e:G×G→GT
Randomly choose an integer s and three hash function Ha:{0,1}*→ZP,Hb:{ZP}s→G,Hc:G→{ZP}s
S+1 element is randomly choosed from group G:
The open parameter of output:P=<p,g,G,GT,s,Ha,Hb,Hc,u0,u1,…,us>。
3. a kind of data block dynamic operation method based on convergent encryption as claimed in claim 2, it is characterised in that the step Rapid 2 comprise the following steps that:
Step 2.1, pretreatment:User calculates the metadata of original and encrypts original according to open parameter P;
Step 2.2, tenure checking:Request of the server according to user to encryption original, checking encryption original tenure;
Step 2.3, deduplication:Server, to tenure encryption original request, performs tenure encryption original according to user Deduplication.
4. a kind of data block dynamic operation method based on convergent encryption as claimed in claim 3, it is characterised in that the step Rapid 2.1 are specially:
According to open parameter P, it is as follows that original M is divided into n block by user first:M=M1||…||Mn
Calculate original M master key kmas=Ha(M) and original block blocks of files key ki=Hb(M [i]) (1≤i≤n), Obtain key set k={ kmas,{ki}1≤i≤n};
According to blocks of files cipher key calculation ciphertext blocksObtain former ciphertext C=C1||…||Cn
According to cryptogram computation file index index0=Ha(C) and blocks of files index indexi=Ha(Ci) (1≤i≤n), obtain rope Draw collection index={ indexi}1≤i≤n
Calculate original M file labelWith the blocks of files label of original block (1≤i≤n), obtains tally set σ={ σi}0≤i≤n
Use indexed set { indexi}1≤i≤nIn element as leaf node, build not Cole's Hash tree Ψ and calculate root node R;
Finally, { index, σ, R } is sent to server by user as deduplication request.
5. a kind of data block dynamic operation method based on convergent encryption as claimed in claim 4, it is characterised in that the step Rapid 2.2 are specially:
Server is received after user's deduplication request { index, σ, R }, the member of each in the indexed set index uploaded using user Plain indexi(1≤i≤n) builds not Cole's Hash tree Ψ and calculates new root node R ', then, server as leaf node Judge and perform as follows:If R ' ≠ R, terminate and return to error identifier;If R '=R, server proceeds deduplication Processing.
6. a kind of data block dynamic operation method based on convergent encryption as claimed in claim 5, it is characterised in that the step Rapid 2.3 are specially:
Listed files List of the server first in primary storage device is stored infileMiddle search file indexes index0, and Perform as follows:
If index0It is not present, then server continues to search for index in the blocks of files list in secondary storage devicesi(1≤i≤ N), server is by the index searchediIdentifier i recorded in not duplicate file block message collection T, T is returned into user, User is received after T, produces not duplicate message U={ Ci}i∈TAnd server is sent to, server is to each i ∈ T, checking indexi=Ha(Ci) whether set up, if not, then return to error identifier and exit;If setting up, server authentication User is file cipher text C legitimate holder, and is holding list ListownerMiddle record, finally, server is by file set W={ C, index, σ, R } is stored in cloud, and user is locally preserving { kmas,index00}.;
If index0In the presence of server continues to judge:If σ0≠ null, server returns to file access address to user, returns simultaneously Success flag is returned to accord with and terminate;If σ0=null, then the file of representative server storage is changed by dynamic obtains, The file label σ by being obtained after dynamic modification is marked in dynamic operation agreement with null values0, therefore, server will be used dynamic The old tally set σ of the amended new tally set σ ' replacements of state;The old indexed set of new indexed set index ' replacements, then, clothes Be engaged in legitimate holder of the device certification user for file cipher text C, and is holding list ListownerMiddle record, finally, server File set W={ C, index, σ, R } is stored in cloud, user is locally preserving { kmas,index00}。
7. a kind of data block dynamic operation method based on convergent encryption as described in claim 1,6, it is characterised in that dynamic Modification is comprised the following steps that:
Step 3.1. server dynamic operations:Server according to user ask to former ciphertext perform data block modification, addition or The operation of deletion;
Step 3.2. user's checking correctness:Server returns to the voucher performed after operation to user, and user is judged by verifying Whether dynamic operation correctly performs.
8. a kind of data block dynamic operation method based on convergent encryption as claimed in claim 7, it is characterised in that the step Rapid 3.1 are specifically divided into three kinds of situations:
The data block of j-th of position of file C is revised as
User calculates new file block keyNew ciphertext blocksOrdinary label By modification requestIt is sent to server;
Server produces shadow file collection X={ C, an index0=null, { index }1≤i≤n0=null, { σi}1≤i≤n, R }, and useReplace Cj, obtain new file ciphertext C*, useReplace σj, obtain ordinary tally setWithReplace indexj, obtain new indexed set index*, build new not Cole Hash tree Ψ*And calculate new root node R*, use R*Replace Change old node R;
A data block is added behind j-th of data block of file C
User calculates new file block keyNew ciphertext blocksOrdinary mark LabelBy modification requestIt is sent to server;
Server produces a shadow file collection X, and new file block is inserted afterwards in C [j]Obtain new file ciphertext C*, at σ [j] After insertObtain ordinary tally setCalculate new file indexWith blocks of files index WithReplace index0, willIt is inserted intoBelow, new index is obtained Collect index*, calculate new not Cole tree Ψ*And calculate new root node R*, use R*Replace R;
Delete the data block of j-th of position of file C
User will change request { delete, j, null, null } and be sent to server, and server produces a shadow file collection X, And delete C [j], indexjWith σ [j], new ciphertext C is obtained*With ordinary labelCalculate new file indexAnd useReplace index0, finally obtain new indexed set index*, calculate new not Cole Set Ψ*And calculate new root node R*, use R*Replace R.
9. a kind of data block dynamic operation method based on convergent encryption as claimed in claim 8, it is characterised in that
The data block of j-th of position of file C is revised asIn ordinary labelIt is defined as follows:
For
For
For
A data block will be added behind j-th of data block of file CIn ordinary labelIt is defined as follows:
For
For
For
For
The data block of j-th of position of file C will be deletedIn ordinary labelIt is defined as follows:
For
For
For
10. a kind of data block dynamic operation method based on convergent encryption as described in claim 8,9, it is characterised in that institute Stating step 3 is specially:
Step 4.1, user, which send back, takes request { retrieve, index00Give server;Server is first in listed files ListfileMiddle search index0If being not present, return to error identifier and terminate, otherwise, perform step 4.2;
Step 4.2, server are according to index0Retrieve file label σ0, and according to holder's list ListownerJudge user Whether it is holder, if it is not, then returning to error message and exiting;Otherwise, step 4.3 is performed;
Step 4.3, server continue to judge:If σ0≠ null, then server directly returns to file access address, and user calculates text Part block key1≤i of for≤n, are then calculatedfor 1≤i ≤ n, finally gives ciphertext M=M1||…||Mn
If σ0=null, it represents this document and produced by dynamic modification, and user calculates ordinary blocks of files key 1≤i of for≤n, then, user calculate each cryptograph files block:for 1≤ I≤n, end user obtains complete plaintext
Step 4.4, user calculate new master keyNew file labelWith blocks of files label1≤i of for≤n, finally obtain new tally set
Step 4.5, user are by new tally set σ*Return to server, server σ*Replace ordinary labelFor completion quilt The metadata information of missing documents after renewal.
CN201710544167.8A 2017-07-05 2017-07-05 Data block dynamic operation method based on convergence encryption Active CN107094075B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710544167.8A CN107094075B (en) 2017-07-05 2017-07-05 Data block dynamic operation method based on convergence encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710544167.8A CN107094075B (en) 2017-07-05 2017-07-05 Data block dynamic operation method based on convergence encryption

Publications (2)

Publication Number Publication Date
CN107094075A true CN107094075A (en) 2017-08-25
CN107094075B CN107094075B (en) 2021-05-28

Family

ID=59641500

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710544167.8A Active CN107094075B (en) 2017-07-05 2017-07-05 Data block dynamic operation method based on convergence encryption

Country Status (1)

Country Link
CN (1) CN107094075B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108200172A (en) * 2018-01-03 2018-06-22 西安电子科技大学 A kind of cloud storage system and method supported secure data duplicate removal and deleted
CN108776758A (en) * 2018-04-13 2018-11-09 西安电子科技大学 The block level data De-weight method of dynamic ownership management is supported in a kind of storage of mist
CN112106323A (en) * 2018-07-12 2020-12-18 塞克罗斯股份有限公司 Method for establishing a secure hierarchical reference system
CN112580083A (en) * 2020-12-30 2021-03-30 电子科技大学 Data outsourcing deduplication method based on bidirectional extensible ownership certificate
CN114978780A (en) * 2022-08-01 2022-08-30 四川公众项目咨询管理有限公司 Cloud security deduplication method based on convergence encryption technology

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103605784A (en) * 2013-11-29 2014-02-26 北京航空航天大学 Data integrity verifying method under multi-cloud environment
CN104917609A (en) * 2015-05-19 2015-09-16 华中科技大学 Efficient and safe data deduplication method and efficient and safe data deduplication system based on user perception
CN106603561A (en) * 2016-12-30 2017-04-26 电子科技大学 Block level encryption method in cloud storage and multi-granularity deduplication method
WO2017097344A1 (en) * 2015-12-08 2017-06-15 Nec Europe Ltd. Method for re-keying an encrypted data file

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103605784A (en) * 2013-11-29 2014-02-26 北京航空航天大学 Data integrity verifying method under multi-cloud environment
CN104917609A (en) * 2015-05-19 2015-09-16 华中科技大学 Efficient and safe data deduplication method and efficient and safe data deduplication system based on user perception
WO2017097344A1 (en) * 2015-12-08 2017-06-15 Nec Europe Ltd. Method for re-keying an encrypted data file
CN106603561A (en) * 2016-12-30 2017-04-26 电子科技大学 Block level encryption method in cloud storage and multi-granularity deduplication method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
YAFANG ZHANG,JIANBING NI等: "Provable multiple replication data possession with fulldy namics for secure cloud storage", 《CONCURRENCY AND COMPUTATION PRACTICE AND EXPERIENCE》 *
项菲: "面向环境可靠和体系可靠的云存储关键技术研究", 《CNKI中国博士学位论文全文数据库信息科技辑》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108200172A (en) * 2018-01-03 2018-06-22 西安电子科技大学 A kind of cloud storage system and method supported secure data duplicate removal and deleted
CN108200172B (en) * 2018-01-03 2020-12-08 西安电子科技大学 Cloud storage system and method supporting safe data deduplication and deletion
CN108776758A (en) * 2018-04-13 2018-11-09 西安电子科技大学 The block level data De-weight method of dynamic ownership management is supported in a kind of storage of mist
CN108776758B (en) * 2018-04-13 2021-08-17 西安电子科技大学 Block-level data deduplication method supporting dynamic ownership management in fog storage
CN112106323A (en) * 2018-07-12 2020-12-18 塞克罗斯股份有限公司 Method for establishing a secure hierarchical reference system
CN112106323B (en) * 2018-07-12 2024-03-22 塞克罗斯股份有限公司 Method for storing and reading data on a storage device in an untrusted environment
CN112580083A (en) * 2020-12-30 2021-03-30 电子科技大学 Data outsourcing deduplication method based on bidirectional extensible ownership certificate
CN112580083B (en) * 2020-12-30 2023-04-14 电子科技大学 Data outsourcing deduplication method based on bidirectional extensible ownership certificate
CN114978780A (en) * 2022-08-01 2022-08-30 四川公众项目咨询管理有限公司 Cloud security deduplication method based on convergence encryption technology

Also Published As

Publication number Publication date
CN107094075B (en) 2021-05-28

Similar Documents

Publication Publication Date Title
CN111355705B (en) Data auditing and safety duplicate removal cloud storage system and method based on block chain
US11726993B1 (en) Systems and methods for cryptographically-secure queries using filters generated by multiple parties
US9977918B2 (en) Method and system for verifiable searchable symmetric encryption
CN106127075B (en) Encryption method can search for based on secret protection under a kind of cloud storage environment
CN106503574B (en) Block chain safe storage method
CN108737374B (en) Privacy protection method for data storage in block chain
US8533489B2 (en) Searchable symmetric encryption with dynamic updating
CN107094075A (en) A kind of data block dynamic operation method based on convergent encryption
CN109074434A (en) Method and system for verifying ownership of digital assets using distributed hash tables and point-to-point distributed ledgers
CN106612320A (en) Encrypted data dereplication method for cloud storage
CN103107889A (en) System and method for cloud computing environment data encryption storage and capable of searching
CN102685148A (en) Method for realizing secure network backup system under cloud storage environment
CN103607405A (en) Ciphertext search authentication method oriented towards cloud storage
CN108400970A (en) Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment
CN115225409B (en) Cloud data safety duplicate removal method based on multi-backup joint verification
CN110175169A (en) A kind of encryption data De-weight method, system and relevant apparatus
US20220209945A1 (en) Method and device for storing encrypted data
Virvilis et al. A cloud provider-agnostic secure storage protocol
US11856085B2 (en) Information management system and method for the same
CN109088719A (en) Outsourced database multi-key word can verify that cipher text searching method, data processing system
CN117240452A (en) Plateau data safe sharing method based on block chain
CN107995147A (en) Metadata encryption and decryption method and system based on distributed file system
CN104794243B (en) Third party&#39;s cipher text retrieval method based on filename
CN108494552B (en) Cloud storage data deduplication method supporting efficient convergence key management
Gohel et al. A new data integrity checking protocol with public verifiability in cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant