CN107147720B - Traceable effective public audit method and system in a kind of cloud storage data sharing - Google Patents

Traceable effective public audit method and system in a kind of cloud storage data sharing Download PDF

Info

Publication number
CN107147720B
CN107147720B CN201710344794.7A CN201710344794A CN107147720B CN 107147720 B CN107147720 B CN 107147720B CN 201710344794 A CN201710344794 A CN 201710344794A CN 107147720 B CN107147720 B CN 107147720B
Authority
CN
China
Prior art keywords
data
user
label
attribute
cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710344794.7A
Other languages
Chinese (zh)
Other versions
CN107147720A (en
Inventor
田苗苗
王玲燕
仲红
崔杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui University
Original Assignee
Anhui University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui University filed Critical Anhui University
Priority to CN201710344794.7A priority Critical patent/CN107147720B/en
Publication of CN107147720A publication Critical patent/CN107147720A/en
Application granted granted Critical
Publication of CN107147720B publication Critical patent/CN107147720B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Abstract

The invention discloses a kind of effective public audit methods traceable in cloud storage data sharing and cloud computing application system, this method to include the following steps:System initialization, attribute mechanism generate main private key and open parameter, and attribute private key is issued, and user identity is embedded into attribute private key for each user;Data owner formulates Sign Policies, and generates label for data block and upload to Cloud Server;Meeting Sign Policies user can modify to data;Cloud Server verifies modified data label;Verifier sends to Cloud Server and challenges;Cloud Server calculates audit evidence and returns to verifier;The correctness of verifier's experimental evidence;Track malicious user.The present invention protects user identity privacy under multi-user data shared environment, while realizes malicious user traceability, and realize tracking storage overhead be constant.

Description

Traceable effective public audit method and system in a kind of cloud storage data sharing
Technical field
The present invention relates to cloud computing safe practices, and in particular to one kind can under multi-user data shared environment in cloud storage Effective public audit method of tracking and cloud computing application system.
Background technology
Cloud storage be one extremely important and universal in cloud computing service form (such as:Dropbox,Amazon S3, ICloud), it is that storage resource is put into cloud service provider for a kind of service of people's access.User can at any time, appoint It is where square, it is connected on cloud through any web-enabled device and easily accesses data.User is in order to reduce in local to data Maintenance and computation burden, their data are stored on Cloud Server.Since Cloud Server is insincere, it may be in order to save Memory space is saved, loses the data that some users seldom access or seldom look at, it is also possible in order to safeguard the reputation of oneself, Hiding data loss situation, so we need to carry out periodic detection to data on cloud before data are used.
However, cloud can be with omnipresent accessed, multiple users are to compare just by cloud storage service accessing shared data Prompt.In fact, data sharing is allowed in a group multiple users to access data be a traditional example, such as one The employee of same department of company stores a Log Report on Cloud Server, they can be very convenient according to their needs Access data.There is great significance for being operated in for same group of user.In order to meet this demand, many cloud storages ISP provides data sharing and using it as main services.
Due to the computing resource of client be it is limited, by client come the integrality of shared data on cloud of auditing, in this way Certain burden can be brought to client, so auditing by third party (TPA) is used to that client is replaced to complete audit task.In order to The integrality of shared data on cloud is detected, the public key that TPA must obtain user could complete audit task, but public in PKI The relationship that existence anduniquess is bound between key and identity information, since different data blocks can be operated simultaneously by different users Verification label is generated, when TPA performs an audit task, TPA may will appreciate which user produces verification label, altogether The identity information of user will be exposed by enjoying in data.So there are problems that the exposure of user identity privacy in data sharing.
So in the case where multi-user data is shared, need to protect the privacy of identities of user, realize the anonymity of user, But unconfined anonymity the problem of one can be brought new, user may be dishonest in group, user may in order to oneself Interests carry out malicious modification to data, thus user may malicious modification shared data, due to realizing hideing for user Name property, malicious user will not be worried to be found, and this uncontrolled malicious modification may destroy the use of shared data Property, so we need to be tracked this malicious user, and disclose malicious user identity.
Conventional method be using ring signatures protection user privacy of identities, but the size of data label can with group in into Member's increase of number and it is linearly increasing, very big expense can be caused when group member is very big, and can not achieve and can chase after Track.And the privacy of identities of user is protected using group ranking, although data label will not with the increase of group member line Property increase, and can realize traceability, but this scheme communication-cost is bigger and does not support open verify.Due to existing Method there are these shortcomings, for this purpose, in implementing the present invention, it may, we will protect user's using attribute signature Privacy of identities, and above-mentioned required, while malicious user is tracked using thresholding Shamir (t, a n) scheme can be met.
Invention content
The purpose of the present invention is to provide a kind of effective public audit method traceable in cloud storage data sharing, with User identity privacy is protected under multi-user data shared environment, while realizes malicious user traceability and realizes the reasonable of tracking Storage overhead.
The present invention also aims to provide a kind of cloud computing application system, ring is shared for multi-user data in cloud storage Border tracks malicious user and discloses its identity.
For this purpose, one aspect of the present invention provides a kind of traceable effective public audit method in cloud storage data sharing, Include the following steps:
(1) system initialisation phase.Attribute authority randomly selects the Probabilistic Encryption Scheme of a different keys, initially Change a threshold secret sharing scheme example, last attribute authorized organization generates main private key and open parameter.
(2) the attribute private key extraction stage.Attribute authority generates attribute private key, profit according to user property for each user User identity encryption is embedded into attribute private key with Probabilistic Encryption Scheme, attribute private key is sent to use by escape way Family.
(3) data upload the stage.Data owner formulates a Sign Policies, is given birth to using attribute private key for each data block Into data label, Sign Policies, data and data label are uploaded to Cloud Server by data owner.
(4) the data modification stage.The user for meeting Sign Policies can utilize data modification on cloud, data modification later Attribute private key recalculates data label to corresponding data, and data block after modification and label are uploaded to Cloud Server.
(5) the label Verification stage.Cloud Server verifies label validity, if be proved to be successful, Cloud Server update number According to block and its label.
(6) stage is challenged.Verifier sends a challenge information using grab sample strategy to Cloud Server.
(7) the evidence stage is generated.After Cloud Server receives challenge, data block and corresponding label are subjected to linear polymerization As audit evidence.Audit evidence is sent to verifier.
(8) the proof validation stage.After verifier receives evidence, using the correctness of public information experimental evidence, if Correctly, then show that it is complete to be stored in data on cloud.Conversely, data are destroyed.
(9) track phase.When data are destroyed on cloud, attribute mechanism is using a threshold secret sharing scheme according to damage The tag extraction of data block goes out subscriber identity information, show that a secret value judges that the user is using Lagrange's interpolation Malicious user.If malicious user then discloses the user identity.Conversely, output additional character shows that data corruption is cloud service Device it is dishonest carried out by.
Further, the detailed process of the step (1) is:
(11) attribute mechanism performs initialization algorithm, inputs security parameter k, generates the p rank cyclic groups that two generation members are g G1、G2, a Bilinear Pairing e:G1×G1→G2And the hash function H of a safety:{0,1}*×G1→G1.Randomly select α ∈Zp, g2∈G1, and calculate g1=gα, GD=(p, G1, G2, e).IfAnd i ∈ S, define Lagrange coefficientRandomly select k+1 element ti∈ G, wherein 1≤i≤k+1, defined function T areWherein i=(1,2 ..., k+1).
(12) attribute mechanism randomly selects a different key k1,k2∈ZpProbabilistic Encryption Scheme (Enc, Dec).
(13) Shamir ' s (t, a n) thresholding example INS (t, n) is initialized, and stores a polynomial f (x) and f (x) t-1 point { (x on1,y1),(x2,y2),...,(xt-1,yt-1)}。
(14) attribute mechanism generates main private key MK=(α, k1,k2), open parameter PP=(d, g, g1,g2,t1,...,tk+1, GD,H)。
Further, the detailed process of the step (2) is:
(21) for user id, attribute mechanism defines user property Ω for user.
(22) attribute mechanism chooses the multinomial q (x), q (0)=α that a rank is d-1.
(23) to each i ∈ Ω, attribute mechanism randomly selects ri∈Zp, calculate
(24) attribute mechanism calculatesY=f (x),
(25) attribute mechanism output attribute private key skΩ=(c, { (di,1,di,2)i∈Ω), by attribute private key by leading to safely Road is sent to user.
Further, the detailed process of the step (3) is:
(31) data owner's attribute set is Ω, formulates Sign Policies for data block first, randomly selects attribute set| ω | >=d, then attribute set ω ' is randomly selected, wherein ω ∩ ω '=φ enables ψ=ω ∪ ω ', Sign Policies Υ =(ψ, d, Φ ").
(32) data are divided into n data block by data owner, and each data block is divided into s area.Utilize attribute Private key generates data label for each data block.Randomly select a ∈ Zp, calculate ρ=ga.To all i ∈ ψ, r' is randomly selectedi,j∈ Zp, it calculates as i ∈ ω,As i ∈ ω ',Finally calculate
(33) it is σ that data owner, which is the label of each data block generation,j=({ σi,j}i∈ψ0,j,c)。
(34) Sign Policies, data and corresponding data block label are uploaded to Cloud Server by data owner.
Further, the detailed process of the step (4) is:
(41) user for meeting Sign Policies can access and change to data on cloud, and label life is called after modification Into algorithm label is recalculated for data block after modification.
(42) modified data and corresponding data label are uploaded into Cloud Server.
Further, the detailed process of the step (5) is:
(51) when Cloud Server receives the data of user's modification and corresponding label, pass through equationVerify the validity of label.
(52) if be proved to be successful, Cloud Server updates the data block and respective labels, conversely, Cloud Server refusal update.
Further, the detailed process of the step (6) is:
(61) verifier selects the index of c data block as a subset conjunction J from data block set [1, n] at random. And generate a random number yj∈Zp.Generate challenge information chal={ j, yj}j∈J
(62) challenge information is sent to Cloud Server by verifier.
Further, the detailed process of the step (7) is:
(71) Cloud Server receives challenge information, and the data block of challenge and data label are carried out polymerization μl=∑j∈ Jyjmj,l,
(72) the data label unfolding calculation in step (71) can be obtained σ={ σ0, σi}。
(73) Cloud Server is by proof={ μ, σ, ρ }, μ=(μ1,...,μk) as audit evidence it is sent to verifier.
Further, the detailed process of the step (8) is:
(81) verifier passes through equation according to audit evidence and challenge informationVerification be stored on cloud data whether by It destroys.Data are complete if correct, otherwise data are destroyed.
(82) auditing result is notified to system.
Further, the detailed process of the step (9) is:
(91) auditing result in step (82), if data are destroyed on cloud, it is necessary first to be chased after to user Track.Attribute mechanism is from the label of damage dataIt extracts (x*=x, y*=y).
(92) if (x*=x, y*=y) ∈ { (x1,y1),(x2,y2),...,(xt-1,yt-1), directly x* is decryptedObtain malicious user identity id.Otherwise, next step is performed.
(93) there be t-1 point { (x in attribute mechanism by INS (t, n) by Lagrange's interpolation1,y1),(x2,y2),..., (xt-1,yt-1) and (x*=x, y*=y) carry out Restore Secret valueIfX* is decryptedMalice is obtained to use Family identity id, otherwise exports additional character, be shown to be Cloud Server it is dishonest carried out by.
According to another aspect of the present invention, a kind of cloud computing application system is provided, for multi-user data in cloud storage Shared environment tracks malicious user and discloses its identity, including data owner, user (data consumer), attribute mechanism, cloud Server, verifier.Attribute mechanism issues attribute private key for each user, and data owner is generated using attribute private key for data Label, then by data and label storage beyond the clouds, user to high in the clouds data access and can change, verifier's periodic detection cloud Whether end data is complete.When discovery high in the clouds data are destroyed, attribute mechanism can be tracked according to the data label of damage Malicious user.
Compared with prior art, the present invention has the following advantages that:
1) present invention stores the situation of data beyond the clouds in view of users to share multiple in practical application scene, in this ring Under border, the thought signed using attribute protects user identity privacy, i.e. verifier cannot during high in the clouds data of auditing Obtain subscriber identity information.Here verifier is an open verifier, can be any one entity in system, can also be One and half believable third parties audit task to replace user.
2) present invention considers the situation of large user's array in practical application, the computing cost and user of user and verifier Number size is unrelated.Large user's array accesses high in the clouds data suitable for actual scene.
3) present invention provides tracing problem when high in the clouds data are destroyed, it is contemplated that practical application medium cloud end data is destroyed Differ establish a capital be Cloud Server it is dishonest carried out by, it is also possible to be user's malicious modification high in the clouds number for one's own profit According to so will be to destroying data person's tracking.The present invention realizes that the storage overhead of tracking is constant simultaneously.
It can be seen that the present invention protects user identity privacy, while realize evil under multi-user data shared environment Anticipate user's traceability, and realize tracking storage overhead be constant.
Other than objects, features and advantages described above, the present invention also has other objects, features and advantages. Below with reference to figure, the present invention is described in further detail.
Description of the drawings
The accompanying drawings which form a part of this application are used to provide further understanding of the present invention, and of the invention shows Meaning property embodiment and its explanation do not constitute improper limitations of the present invention for explaining the present invention.In the accompanying drawings:
Fig. 1 is the flow chart according to traceable effective public audit method of the present invention;
Fig. 2 is the function structure schematic diagram according to the cloud computing application system of the present invention;And
Fig. 3 is the execution flow chart of the function structure of cloud computing application system of the present invention.
Specific embodiment
It should be noted that in the absence of conflict, the feature in embodiment and embodiment in the application can phase Mutually combination.The present invention will be described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
The explanation and illustration of technical term in the present invention:
Attribute authority:Attribute certification is carried out to user, attribute private key is issued for user according to user property;
Data owner:The owner of data formulates Sign Policies, and calculate data block for each data block for data Sign Policies, data and data block label are uploaded to Cloud Server by label;
User:The data that data owner can be uploaded by meeting the user of Sign Policies are accessed and are changed;
Cloud Server:Possess the distributed memory system of a large amount of storages and computing resource, provide data storage, meter to the user The services such as calculation;
Verifier:The integrality of data on verification cloud storage service device can be any one entity in system, can also It is one and half believable third parties to realize public audit;
The present invention will be further described with attached drawing with reference to embodiments.
As shown in Figure 1, traceable effective public audit method in the cloud storage data sharing of the present invention, includes following step Suddenly:
(1) system initialisation phase.Attribute authority randomly selects the Probabilistic Encryption Scheme of a different keys, initially Change a threshold secret sharing scheme example, last attribute authorized organization generates main private key and open parameter.
(2) the attribute private key extraction stage.Attribute authority generates attribute private key, profit according to user property for each user User identity encryption is embedded into attribute private key with Probabilistic Encryption Scheme, attribute private key is sent to use by escape way Family.
(3) data upload the stage.Data owner formulates a Sign Policies, is given birth to using attribute private key for each data block Into data label, Sign Policies, data and data label are uploaded to Cloud Server by data owner.
(4) the data modification stage.The user for meeting Sign Policies can utilize data modification on cloud, data modification later Attribute private key recalculates data label to corresponding data, and data block after modification and label are uploaded to Cloud Server.
(5) the label Verification stage.Cloud Server verifies label validity, if be proved to be successful, Cloud Server update number According to block and its label.
(6) stage is challenged.Open verifier sends a challenge information using grab sample strategy to Cloud Server.
(7) the evidence stage is generated.After Cloud Server receives challenge, data block and corresponding label are subjected to linear polymerization As audit evidence.Audit evidence is sent to open verifier.
(8) the proof validation stage.After open verifier receives evidence, using the correctness of public information experimental evidence, If correct, it is complete to show to be stored in data on cloud.Conversely, data are destroyed.
(9) track phase.When data are destroyed on cloud, attribute mechanism is using a threshold secret sharing scheme according to damage The tag extraction of data block goes out subscriber identity information, show that a secret value judges that the user is using Lagrange's interpolation Malicious user.If malicious user then discloses the user identity.Conversely, output additional character shows that data corruption is cloud service Carried out by device.
As shown in Figures 2 and 3, effective public audit method traceable in above-mentioned cloud storage data sharing is applied to cloud Computing system, the system include attribute authority, data owner, user, Cloud Server and verifier.
The present invention detailed step be:
Step (1) specific implementation process is as follows:
1) attribute mechanism performs initialization algorithm, inputs security parameter k, generates the p rank cyclic groups that two generation members are g G1、G2, a Bilinear Pairing e:G1×G1→G2And the hash function H of a safety:{0,1}*×G1→G1.Randomly select α ∈Zp, g2∈G1, and calculate g1=gα, GD=(p, G1, G2, e).IfAnd i ∈ S, define Lagrange coefficientRandomly select k+1 element ti∈ G, wherein 1≤i≤k+1, defined function T areWherein i=(1,2 ..., k+1).
2) attribute mechanism randomly selects a different key k1,k2∈ZpProbabilistic Encryption Scheme (Enc, Dec).
3) Shamir ' s (t, a n) thresholding example INS (t, n) is initialized, and stores a polynomial f (x) and f (x) Upper t-1 point { (x1,y1),(x2,y2),...,(xt-1,yt-1)}。
4) attribute mechanism generates main private key MK=(α, k1,k2), open parameter PP=(d, g, g1,g2,t1,...,tk+1,GD, H)。
Step (2) specific implementation process is as follows:
1) for user id, attribute mechanism defines user property Ω for user.
2) attribute mechanism chooses the multinomial q (x), q (0)=α that a rank is d-1.
3) to each i ∈ Ω, attribute mechanism randomly selects ri∈Zp, calculate
4) attribute mechanism calculatesY=f (x),
5) attribute mechanism output attribute private key skΩ=(c, { (di,1,di,2)i∈Ω), attribute private key is passed through into escape way It is sent to user.
Step (3) specific implementation process is as follows:
1) data owner's attribute set is Ω, formulates Sign Policies for data block first, randomly selects attribute set| ω | >=d, then attribute set ω ' is randomly selected, wherein ω ∩ ω '=φ enables ψ=ω ∪ ω ', Sign Policies Υ =(ψ, d, Φ ").
2) data are divided into n data block by data owner, and each data block is divided into s area.Utilize attribute private Key generates data label for each data block.Randomly select a ∈ Zp, calculate ρ=ga.To all i ∈ ψ, r' is randomly selectedi,j∈ Zp, it calculates as i ∈ ω,As i ∈ ω ',Finally calculate
3) it is σ that data owner, which is the label of each data block generation,j=({ σi,j}i∈ψ0,j,c)。
4) Sign Policies, data and corresponding data block label are uploaded to Cloud Server by data owner.
Step (4) specific implementation process is as follows:
1) user for meeting Sign Policies can access and change to data on cloud, to the data of modification after modification Block recalculates label.
2) modified data and corresponding data label are uploaded into Cloud Server.
Step (5) specific implementation process is as follows:
1) when Cloud Server receives the data of user's modification and corresponding label, pass through equationVerify the validity of label.
If 2) be proved to be successful, Cloud Server updates the data block and respective labels, conversely, Cloud Server refusal update.
Step (6) specific implementation process is as follows:
1) verifier selects the index of c data block as a subset conjunction J from data block set [1, n] at random.And And generate a random number yj∈Zp.Generate challenge information chal={ j, yj}j∈J
2) challenge information is sent to Cloud Server by verifier.
Step (7) specific implementation process is as follows:
1) Cloud Server receives challenge information, and the data block of challenge and data label are carried out polymerization μl=∑j∈Jyjmj,l,
2) the label unfolding calculation of data aggregate can be obtainedσ ={ σ0, σi}。
3) Cloud Server is by proof={ μ, σ, ρ }, μ=(μ1,...,μk) as audit evidence it is sent to verifier.
Step (8) specific implementation process is as follows:
1) verifier is stored in whether data on cloud are broken according to audit evidence and challenge information by following equation verification It is bad:Data are complete if correct , otherwise data are destroyed.
2) auditing result is notified to system.
Step (9) specific implementation process is as follows:
1) if data are destroyed on cloud, it is necessary first to which user is tracked.Attribute mechanism from damage data label InIt extracts (x*=x, y*=y).
2) (if x*=x, y*=y) ∈ { (x1,y1),(x2,y2),...,(xt-1,yt-1), directly x* is decryptedObtain malicious user identity id.Otherwise, next step is performed.
3) there be t-1 point { (x in attribute mechanism by INS (t, n) by Lagrange's interpolation1,y1),(x2,y2),..., (xt-1,yt-1) and (x*=x, y*=y) carry out Restore Secret valueIfX* is decryptedMalice is obtained to use Family identity id, otherwise exports additional character, be shown to be Cloud Server it is dishonest carried out by.
Program analysis
1st, scheme correctness
2nd, solution security
(1) label unforgeable
The proof thought of label unforgeable is stipulations to CDH difficult problems, give a polynomial time opponent A and One simulator S, simulator simulation true environment cause opponent's undistinguishable simulated environment and true environment.Simulator will be tired The parameter of difficult problem is embedded into open parameter PP=(d, g, g1=gα,g2=gβ,g2,t1,...,tk+1, GD, H) in, then simulate Open parameter is sent to opponent by device.The polynomial f (x) and a multinomial that random selection degree is kFirst, opponent can select some user properties to carry out private key inquiry, mould to simulator Intend device and receive the corresponding private key of user property calculating Return to opponent. Then, opponent carries out Hash inquiry to simulator, and opponent selects some data block numbers and data name is sent to simulator, simulator The information for receiving opponent's transmission calculates corresponding cryptographic HashIt can calculateReturn to opponent.Finally, opponent carries out simulator signature inquiry, and opponent selects some data Block is sent to simulator, and simulator receives data block and calculates corresponding signature, and simulator calculates ρ=ga, It returns To opponent.Opponent forges a data block and corresponding label (m*, σ *), the data and label of forgery according to the result of inquiry It did not inquire above.It enablesIf data and label that simulator is forged according to opponent pass through equationIt can be calculated Then show that simulator can solve a difficulty problem, show that signature can not be forged here with apagogic thought.
(2) audit evidence unforgeable
It can not be forged in label, the proof that audit evidence can not be forged can be with stipulations to DL difficult problems, it is assumed that Data are correct beyond the clouds for storage, and when verifier sends a challenge to high in the clouds, Cloud Server, which receives challenge calculating one, to be had The audit evidence proof=(μ, σ, ρ) of effect, this audit evidence can pass through the equation of verifierVerification, when high in the clouds is disliked with data Meaning modification, similary Cloud Server calculate an invalid audit evidence proof=(μ ', σ, ρ), it is assumed that this audit can pass through The equation of verifierVerification.Δμl= μ'll, { Δ μlIn at least one element be non-zero, be calculated according to the equation of both the aboveG=h can further be calculatedx,Mould DL difficulty sex chromosome mosaicisms can be solved by intending device, then shows that audit evidence can not be forged.
3rd, efficiency analysis
In the present invention, T is definedpRepresent the time of Bilinear Pairing of execution, TeIt represents in group G1Exponentiation of middle execution Time, TmIt represents in group G1The middle time for performing a multiplication operation.| T | represent element in group G1Size, | P | represent member Element is in domain ZpOn size.Ignore other operating times.The total block data that n represents data is defined, c represents the number of verifier's challenge According to block number, w statement numbers of users, d represents user property number.
Table 1 is compared respectively from the computation complexity of label generation, evidence generation, verification.
Table 2 uploads to Cloud Server from user's calculating label and Cloud Server calculates audit evidence and returns to verifier two Aspect compares communication overhead.
1 computation complexity of table compares
Tag size Evidence size
Knox 5|T|+6|P| 2c|P|+10c|T|
Oruta w|T| 2|P|+w|T|
The present invention (n+d)|T| |P|+d|T|
2 communication complexity of table compares
From Tables 1 and 2 it can be seen that Oruta scheme computing cost and communication overhead all with the increase of number of users and Increase, so being not suitable for large user's array.In table 1 it can be seen that although the calculating time of present invention verification omits than Knox scheme Height, but label calculate with audit evidence calculate compare it is relatively low.The communication overhead of present invention upload label compares Knox in table 2 It is slightly higher, but the expense of Cloud Server return audit evidence is smaller, and the present invention realizes open verification.In general, originally Invention is better than other two method in the function of calculating and the rational situation of communication overhead is completed.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, that is made any repaiies Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (9)

1. traceable effective public audit method, shares for multi-user data in cloud storage in a kind of cloud storage data sharing Environment tracks malicious user and discloses its identity, which is characterized in that including five participation objects:Attribute authority, data are gathered around The person of having, user, Cloud Server and verifier, described method includes following steps:
System initialisation phase:Attribute authority randomly selects the Probabilistic Encryption Scheme of a different keys, initializes one Threshold secret sharing scheme, the main private key of attribute authority generation later and open parameter;
Attribute private key extracts the stage:Attribute authority generates attribute private key according to user property for each user, utilizes probability User identity encryption is embedded into attribute private key by encipherment scheme, and attribute private key is sent to user by escape way;
Data upload the stage:Data owner formulates a Sign Policies, and data are generated for each data block using attribute private key Sign Policies, data and data label are uploaded to Cloud Server by label, data owner;
The data modification stage:The user for meeting Sign Policies can utilize attribute private later to data modification on cloud, data modification Key recalculates data label to corresponding data, and data block after modification and label are uploaded to Cloud Server;
The label Verification stage:Cloud Server verify label validity, if be proved to be successful, Cloud Server update the data block and its Label;
The challenge stage:Verifier sends a challenge information using grab sample strategy to Cloud Server;
Generate the evidence stage:After Cloud Server receives challenge, data block and corresponding label are subjected to linear polymerization as careful Evidence is counted, audit evidence is sent to verifier;
The proof validation stage:After verifier receives evidence, using the correctness of public information experimental evidence, if correctly, It is complete to show to be stored in data on cloud;Conversely, data are destroyed;And
Track phase:When data are destroyed on cloud, attribute authority is using the threshold secret sharing scheme according to damage number Go out subscriber identity information according to the tag extraction of block, show that a secret value judges whether the user dislikes using Lagrange's interpolation Anticipate user;If malicious user then discloses the user identity, conversely, output additional character shows that data corruption is Cloud Server It is dishonest carried out by,
Wherein, the system initialisation phase includes the following steps:
(11) attribute authority performs initialization algorithm, inputs security parameter k, generates the p rank cyclic groups that two generation members are g G1、G2, a Bilinear Pairing e:G1×G1→G2And the hash function H of a safety:{0,1}*×G1→G1, randomly select α ∈Zp, g2∈G1, and calculate g1=gα, GD=(p, G1, G2, e), ifAnd i ∈ S, define Lagrange coefficientRandomly select k+1 element ti∈G1, wherein 1≤i≤k+1, defined function T areWherein i=(1,2 ..., k+1);
(12) attribute authority randomly selects a different key k1,k2∈ZpProbabilistic Encryption Scheme (Enc, Dec);
(13) Shamir ' s (t, a n) thresholding example INS (t, n) is initialized, and is stored on a polynomial f (x) and f (x) T-1 point { (x1,y1),(x2,y2),...,(xt-1,yt-1)};And
(14) attribute authority generates main private key MK=(α, k1,k2), open parameter PP=(d, g, g1,g2,t1,...,tk+1, GD,H)。
2. traceable effective public audit method in cloud storage data sharing according to claim 1, which is characterized in that The attribute private key extraction stage includes the following steps:
(21) for user id, attribute authority defines user property Ω for user;
(22) attribute authority chooses the multinomial q (x), q (0)=α that a rank is d-1;
(23) to each i ∈ Ω, attribute authority randomly selects ri∈Zp, calculate
(24) attribute authority calculatesY=f (x),And
(25) attribute authority output attribute private key skΩ=(c, { (di,1,di,2)i∈Ω), attribute private key is passed through into escape way It is sent to user.
3. traceable effective public audit method in cloud storage data sharing according to claim 2, which is characterized in that The data upload stage includes the following steps:
(31) data owner's attribute set is Ω, formulates Sign Policies for data block first, randomly selects attribute set | ω | >=d, then randomly select attribute set ω ', wherein ω ∩ ω '=φ enable ψ=ω ∪ ω ', Sign Policies for γ=(ψ, d,Φ”);
(32) data are divided into n data block by data owner, and each data block is divided into s area, utilize attribute private key Data label is generated for each data block, randomly selects a ∈ Zp, calculate ρ=ga, to all i ∈ ψ, randomly select r'i,j∈Zp, It calculates as i ∈ ω,As i ∈ ω ',Finally calculate
(33) it is σ that data owner, which is the label of each data block generation,j=({ σi,j}i∈ψ0,j,c);And
(34) Sign Policies, data and corresponding data block label are uploaded to Cloud Server by data owner.
4. traceable effective public audit method in cloud storage data sharing according to claim 3, which is characterized in that The data modification stage includes the following steps:
(41) user for meeting Sign Policies can access and change to data on cloud, after modification in invocation step (32) Labeling algorithm for modification after data block recalculate label;And
(42) modified data and corresponding data label are uploaded into Cloud Server.
5. traceable effective public audit method in cloud storage data sharing according to claim 4, which is characterized in that The label Verification stage includes the following steps:
(51) when Cloud Server receives the data of user's modification and corresponding label, pass through equationVerify the validity of label, wherein, J tables Show that the index for selecting b data block from data block set [1, n] at random is closed as a subset;And
(52) if be proved to be successful, Cloud Server updates the data block and respective labels, conversely, Cloud Server refusal update.
6. traceable effective public audit method in cloud storage data sharing according to claim 5, which is characterized in that The challenge stage includes the following steps:
(61) verifier selects the index of b data block from data block set [1, n] and closes J as a subset at random, and Generate a random number yj∈Zp, generate challenge information chal={ j, yj}j∈J;And
(62) challenge information is sent to Cloud Server by verifier.
7. traceable effective public audit method in cloud storage data sharing according to claim 6, which is characterized in that The proof validation stage includes the following steps:
(81) verifier is stored in whether data on cloud are destroyed according to audit evidence and challenge information by following equation verification:
Data are complete if correct, otherwise data are destroyed;And
(82) auditing result is notified to system.
8. traceable effective public audit method in cloud storage data sharing according to claim 7, which is characterized in that The track phase includes the following steps:
(91) auditing result in step (82), if data are destroyed on cloud, it is necessary first to be tracked, belong to user Property mechanism from damage data label inIt extracts (x*=x, y*=y);
(92) if (x*=x, y*=y) ∈ { (x1,y1),(x2,y2),...,(xt-1,yt-1), directly x* is decrypted Malicious user identity id is obtained, otherwise, performs next step;And
(93) there be t-1 point { (x in attribute mechanism by INS (t, n) by Lagrange's interpolation1,y1),(x2,y2),...,(xt-1, yt-1) and (x*=x, y*=y) carry out Restore Secret valueIfX* is decryptedObtain malicious user body Part id, otherwise exports additional character, be shown to be Cloud Server it is dishonest carried out by.
9. a kind of cloud computing application system for multi-user data shared environment in cloud storage, tracks malicious user and discloses it Identity, which is characterized in that including:Attribute authority and the first program module run on it;Data owner and at it Second program module of upper operation;Data consumer and the third program module run on it;It Cloud Server and is transporting above The 4th capable program module;And verifier and the 5th program module that runs on it, wherein,
First program module realizes following steps at runtime:The Probabilistic Encryption Scheme of a different keys is randomly selected, just One threshold secret sharing scheme of beginningization generates main private key and open parameter later;It is generated according to user property for each user User identity encryption is embedded into attribute private key, by attribute private key by leading to safely by attribute private key using Probabilistic Encryption Scheme Road is sent to user;When learning that data are destroyed on cloud at verifier, using the threshold secret sharing scheme according to damage The tag extraction of bad data blocks goes out subscriber identity information, show that a secret value judges that the user is not using Lagrange's interpolation It is malicious user;If malicious user then discloses the user identity, conversely, output additional character shows that data corruption is cloud clothes Be engaged in device it is dishonest carried out by;
Second program module realizes following steps at runtime:A Sign Policies are formulated, are per number using attribute private key Data label is generated according to block, Sign Policies, data and data label are uploaded to Cloud Server by data owner;
The third program module realizes following steps at runtime:Meet Sign Policies user can to data modification on cloud, Data label is recalculated to corresponding data using attribute private key after data modification, data block after modification is uploaded to label Cloud Server;
4th program module realizes following steps at runtime:Verify data label validity, if be proved to be successful, cloud clothes Business device updates the data block and its label;After the challenge information of verifier is received, by data block and corresponding label into line Property polymerization as audit evidence, audit evidence is sent to verifier;And
5th program module realizes following steps at runtime:One challenge is sent to Cloud Server using grab sample strategy Information;After receiving the audit evidence that Cloud Server is sent for challenge information, using the correctness of public information experimental evidence, If correct, it is complete to show to be stored in data on cloud;Conversely, data are destroyed.
CN201710344794.7A 2017-05-16 2017-05-16 Traceable effective public audit method and system in a kind of cloud storage data sharing Active CN107147720B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710344794.7A CN107147720B (en) 2017-05-16 2017-05-16 Traceable effective public audit method and system in a kind of cloud storage data sharing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710344794.7A CN107147720B (en) 2017-05-16 2017-05-16 Traceable effective public audit method and system in a kind of cloud storage data sharing

Publications (2)

Publication Number Publication Date
CN107147720A CN107147720A (en) 2017-09-08
CN107147720B true CN107147720B (en) 2018-07-03

Family

ID=59778119

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710344794.7A Active CN107147720B (en) 2017-05-16 2017-05-16 Traceable effective public audit method and system in a kind of cloud storage data sharing

Country Status (1)

Country Link
CN (1) CN107147720B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107948143B (en) * 2017-11-15 2021-03-30 安徽大学 Identity-based privacy protection integrity detection method and system in cloud storage
CN108259606B (en) * 2018-01-18 2021-05-18 成都四象联创科技有限公司 Cloud computing public cloud file storage and retrieval method
CN108768642B (en) * 2018-06-19 2021-06-01 安徽大学 Data aggregation method and device, computer equipment and storage medium
CN109981736B (en) * 2019-02-22 2021-09-21 南京理工大学 Dynamic public auditing method supporting mutual trust of user and cloud server
CN109861829B (en) * 2019-03-15 2021-10-26 上海海事大学 Cloud data justice auditing system supporting dynamic updating and auditing method thereof
CN110113320B (en) * 2019-04-18 2021-11-16 南京信息工程大学 Cloud storage data integrity verification method based on bilinear pair accumulator
CN110545279A (en) * 2019-09-05 2019-12-06 国网区块链科技(北京)有限公司 block chain transaction method, device and system with privacy and supervision functions
CN111107094B (en) * 2019-12-25 2022-05-20 青岛大学 Lightweight ground-oriented medical Internet of things big data sharing system
CN111611614B (en) * 2020-04-29 2023-09-08 南京财经大学 Cloud storage public auditing method and system for resisting malicious auditors based on blockchain
CN111859030B (en) * 2020-07-09 2023-04-28 西南交通大学 Public auditing method supporting composite data
CN112632604B (en) * 2020-12-21 2024-01-23 贵州航天计量测试技术研究所 Cloud data auditing method, system and device based on multi-authority auditors
CN112560070B (en) * 2020-12-28 2024-03-22 杭州趣链科技有限公司 Data sharing method with auditing function
CN112560071B (en) * 2020-12-28 2022-06-14 杭州趣链科技有限公司 Data sharing method with functions of auditing and designating verifier
CN113193960B (en) * 2021-04-01 2022-11-29 西安电子科技大学 Accountability shared cloud data ownership transferring and auditing method and system
CN114415943B (en) * 2021-12-23 2023-08-15 贵州航天计量测试技术研究所 Public auditing method and auditing system for cloud multi-copy data

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105007284A (en) * 2015-08-12 2015-10-28 南京理工大学 Public auditing method with privacy protection for shared data of multi-manager group

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105007284A (en) * 2015-08-12 2015-10-28 南京理工大学 Public auditing method with privacy protection for shared data of multi-manager group

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Accountable Authority Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability and Public Auditing in the Cloud;Jianting Ning、等;《computer security -ESORICS 2015》;20151118;全文 *
一个可追踪身份的基于属性签名方案;张秋璞、等;《软件学报》;20120915;正文第2450-2456页 *
云端多管理者群组共享数据中具有隐私保护的公开审计方案;付安民、等;《计算机研究与发展》;20151015;正文第2355-2360页 *

Also Published As

Publication number Publication date
CN107147720A (en) 2017-09-08

Similar Documents

Publication Publication Date Title
CN107147720B (en) Traceable effective public audit method and system in a kind of cloud storage data sharing
CN106254374B (en) A kind of cloud data public audit method having duplicate removal function
Han et al. Improving privacy and security in decentralized ciphertext-policy attribute-based encryption
CN104811450B (en) The date storage method and integrity verification method of a kind of identity-based in cloud computing
CN103095453B (en) The Bloom filter of the public key encryption occured simultaneously using privately owned set
CN110622165A (en) Security measures for determining privacy set intersections
CN109829326A (en) Cross-domain certification and fair audit duplicate removal cloud storage system based on block chain
JP6016948B2 (en) Secret calculation system, arithmetic device, secret calculation method, and program
CN107483585A (en) The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment
CN104243169B (en) The shared data cloud auditing method of traceable identity
Yang et al. Publicly verifiable data transfer and deletion scheme for cloud storage
Hussein et al. A survey of cryptography cloud storage techniques
CN106790311A (en) Cloud Server stores integrality detection method and system
CN114175028B (en) Cryptographic pseudonym mapping method, computer system, computer program and computer-readable medium
Stefanov et al. Policy-enhanced private set intersection: sharing information while enforcing privacy policies
Adams Achieving non‐transferability in credential systems using hidden biometrics
Tian et al. A provably secure and public auditing protocol based on the bell triangle for cloud data
CN107360252A (en) A kind of Data Access Security method that isomery cloud domain authorizes
Yi et al. Distributed data possession provable in cloud
Xu et al. A decentralized pseudonym scheme for cloud-based eHealth systems
Cao et al. Multiuser access control searchable privacy‐preserving scheme in cloud storage
Maram Bitcoin generation using Blockchain technology
Mu et al. An assured deletion scheme for encrypted data in Internet of Things
Bhagyashri et al. A survey on privacy preserving techniques for secure cloud storage
CN110943846A (en) Novel heterogeneous identity federation user reputation value transmission method based on ring signature technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant