CN107231369A - A kind of efficient data processing method based on cloud computing - Google Patents

A kind of efficient data processing method based on cloud computing Download PDF

Info

Publication number
CN107231369A
CN107231369A CN201710484418.8A CN201710484418A CN107231369A CN 107231369 A CN107231369 A CN 107231369A CN 201710484418 A CN201710484418 A CN 201710484418A CN 107231369 A CN107231369 A CN 107231369A
Authority
CN
China
Prior art keywords
root
cryptographic hash
user
node
checking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710484418.8A
Other languages
Chinese (zh)
Inventor
许驰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHENGDU DINGZHIHUI SCIENCE AND TECHNOLOGY Co Ltd
Original Assignee
CHENGDU DINGZHIHUI SCIENCE AND TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHENGDU DINGZHIHUI SCIENCE AND TECHNOLOGY Co Ltd filed Critical CHENGDU DINGZHIHUI SCIENCE AND TECHNOLOGY Co Ltd
Priority to CN201710484418.8A priority Critical patent/CN107231369A/en
Publication of CN107231369A publication Critical patent/CN107231369A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The present invention proposes a kind of efficient data processing method based on cloud computing, and the checking to user file is realized using cum rights binary tree, and the cum rights binary tree is specially:All leafy nodes are all the cryptographic Hash of a blocks of files, while comprising a weights, in all leafy nodes, the weights of the small leafy node of depth must not drop below the weights of the leafy node bigger than its depth;And for n omicronn-leaf child node, all only comprising a cryptographic Hash, this cryptographic Hash is the cryptographic Hash cryptographic Hash that computing is tried to achieve again to its two child nodes;Methods described includes:(1) data storage;(2) checking request is initiated;(3) generation checking message;(4) verify.Methods described proposed by the present invention improves the efficiency of data processing, reduces the memory space of occupancy.

Description

A kind of efficient data processing method based on cloud computing
Technical field
The present invention relates to field of cloud calculation, and in particular to a kind of efficient data processing method based on cloud computing.
Background technology
With the fast development of Internet technology, the scope of business of internet is also constantly expanding, internet oneself through turning into Indispensable important component in people's daily life.User is to the use demand of internet from traditional portal Station has been increasingly turned to the Internet service of heavy traffic.At the same time, data show volatile growth, are taken for internet For business side, the cost of storage resource and computer hardware required in the business newly extended is improved constantly, in data The construction of the heart and maintenance cost are being raised year by year, and personal management and the consumption of resource are also being continuously increased.Solve this series of The problem of, it is necessary to set up new a platform and treatment mechanism to coordinate and dispatch limited resource, make collection, the place of data Reason and calculating become highly efficient, quick.
Exactly in the case of this, cloud computing technology arises at the historic moment.Calculating task is distributed in a large amount of cheap by cloud computing On the resource pool that computer is constituted, and various application systems are enable to obtain the computing power in resource pool, storage as needed Space and a kind of emerging business computation model of various software services.Cloud computing possess it is ultra-large, virtualization, it is highly reliable Property, high universalizable, enhanced scalability, on-demand service and it is extremely cheap the characteristics of.The general principle of cloud computing is to make calculating from originally Ground or remote server are distributed on substantial amounts of distributed computer, and not locally or remotely on server, enterprise's number Will be even more like with internet according to the operation at center, this enables enterprise by the application of resource switch to needs, according to need Ask access computer and storage system.While cloud computing continuous research and development, the technology cloud storage of its core is also by more next It is more of interest by people.Cloud storage be cluster application, grid and distributed file system etc. by network it is a large amount of not The storage device of same type gathers collaborative work by application software, common externally to provide data storage and Operational Visit work( Can, it is that user saves great amount of cost, therefore has obtained extensive support and application.User can by way of service, Measure on demand anywhere or anytime using the storage resource enriched in cloud storage, allow storage to become one as electricity as water so as to realize Planting public basic installations allows user to use on demand, while reliable safety assurance can also be provided the user.With cloud storage Further development, the importance of this technology is also displayed increasingly, has attracted increasing enterprises and individuals, is also caused more Transfer to move on cloud storage come more applications, so that further the safety to cloud storage proposes stricter want Ask.
However, using the service of cloud storage mean user need to store data into they control less than storage set In standby, these data are not possibly even in the service side's hand for providing cloud storage, but the cloud being used in conjunction with all users Completed in storage system, wherein certainly existing great security risk.Due to data be in user it is uncontrollable among so that User increases the distrust degree of cloud storage once again.It is generally acknowledged that it is most safe that data only can just feel in user oneself hand , so how to make the confidentiality and integrity of the protection sensitive data of user independently, as user under current cloud storage environment The problem of paying close attention to the most.So in the design of cloud storage system, first have to ensure is the safety of data and reliable, so More Internet users can be attracted.Otherwise, once unpredictable consequence may will be caused by occurring safety problem.So, The problem of cloud storage system design is firstly the need of being secure user data the problem of solution, this is also that can cloud storage pattern smooth The precondition of popularization.
Active demand for user to data security protecting, research main at present has:1st, for user secret information Confidentiality protection.Document proposes the file system framework of a secure file storage service, utilizes current safe client The achievement in research of cross-domain (ClientCross-domain) communication mechanism in end, an independent file system is provided to Web service Service, returns to user by the control of user data, improves the controllability of data, reduce application management server user The pressure of the access control policy of data.2nd, for the integrity protection of user secret information.It is proposed that one long-range complete Whole property detection protocol, the problem of agreement presence server end amount of calculation is exponentially increased with the increase of file size, and In cloud storage, kind of document is various, and data volume is big, therefore the agreement is poor for applicability in cloud storage.It is proposed that one carries Go out to use the homomorphism hash function based on RSA, realize the integrity certification that server is held for data, agreement presence server (Alice) amount of calculation is as the length of key is the problem of being added to exponential increase.Explanation is studied above:How to effectively improve Data block confidentiality and integrality, the safety of protection user data is the emphasis of cloud storage data safety research.
There is inefficient, occupancy memory space in the safe handling mode of existing cloud computing.
The content of the invention
At least part of solution problems of the prior art, the present invention proposes a kind of efficient data based on cloud computing Processing method, the checking to user file is realized using cum rights binary tree, and the cum rights binary tree is specially:All leaf knots Point is all the cryptographic Hash of a blocks of files, while comprising a weights, in all leafy nodes, the small leafy node of depth Weights must not drop below the weights of the leafy node bigger than its depth;And for n omicronn-leaf child node, all only comprising a cryptographic Hash, This cryptographic Hash is the cryptographic Hash cryptographic Hash that computing is tried to achieve again to its two child nodes;Methods described includes:
(1) data storage:User is when to cloud storage service device data storage, while needed for generating checking work Information, necessary information is respectively stored on third party and cloud storage service device;
First, user is file generated digital signature via third party, while generating a file for each blocks of files File cooperative digital signature and check value, are then collectively stored on cloud storage service device, detailed process includes by check value:
Each user is oneself a pair of Mi Lang of generation, is stored in third party's trusted certifying organization, key is by a private key With a public key composition;
Generation random number x is used as private key, wherein x ∈ Zp, ZpRepresent element number for prime number p finite field 0,1 ..., p- 1};
Random number u is generated simultaneously, calculates v=gx, o=ux, wherein, g is finite field ZpGeneration member, with pk=(v, o, g, U) as public key;
For each user k, according to the cryptographic Hash H (m of each blocks of filesi), and the initial power that each blocks of files is assigned Value Vi, a cum rights binary tree is generated as a leafy node, then further according to the cryptographic Hash of two child nodes, two-by-two The cryptographic Hash of its father node is tried to achieve, iteration is asked down, obtain the cryptographic Hash of the root node of the cum rights binary tree, then use user K private key is digitally signed to root node, generates a root signature file sig (Root), after generating root signature file, By root signature file, blocks of files, the signing of blocks of files, the weights of each blocks of files and the structural information of the cum rights binary tree It is sent collectively on cloud storage service device, { (m can be expressed asi,Vii), sig (Root), struc }, wherein struc is represented The related information of the cum rights binary tree structure, can obtain the structure of the cum rights binary tree according to the information;While user The private key of oneself is stored on third-party authentication platform trusty, cloud storage service device is according to the { (m receivedi,Vii), Sig (Root), struc }, generate a cum rights binary tree at cloud storage service device end;
(2) checking request is initiated:Under the requirement of user, or under scheduled task, third party's trusted certifying organization to Cloud storage service device initiates checking request, and checking solicited message is sent into cloud storage service device;
(3) generation checking message:Cloud storage service device is received after the checking request of third party's trusted certifying organization, according to The checking information received, calculates corresponding proof information, then will demonstrate that information is sent to third party's trusted certifying organization Receive checking;
(4) verify:Third party's trusted certifying organization is received after the feedback content that cloud storage service device is sent, with reference to (2) step issues the checking solicited message of cloud storage service device, and is stored in the user profile of third party's trusted certifying organization, Whether correctly stored according to the file of the rule verification user of definition.
It is preferred that, step (2) includes:
Third party's trusted certifying organization sends checking solicited message to cloud storage service device, and checking solicited message is a string The sequence of blocks of files, while also to generate a random number for each blocks of files, is represented, chal={ i, q with chali, wherein i Represent the sequence number of blocks of files, qiRepresent the random number of generation.
It is preferred that, step (3) includes:
According to the structure struc of the cum rights binary tree, hash value collection { H (mi) together with calculating root node cryptographic Hash When struc on other desired node hash value collection { { Ωj}j∈struc, and structure struc, the 3rd is returned to together Can trust authentication mechanism, the data of return are expressed as { { μk},σ,{Ωj}j∈struc,sig(Root),struc}。
It is preferred that, step (4) includes:
According to structure struc, with the cryptographic Hash { { H (m of nodei)},{Ωj}j∈strucThe reduction cum rights binary tree, enter And obtain the cryptographic Hash H (Root) of new root node, afterwards, with receive root node signature following formula are verified:
E (sig (Root), g)=e (H (Root), gsk)
sig(Root):The digital signature of the root node cryptographic Hash received, H (Root):The cryptographic Hash of root node, e ():It is double Linear function, g:The generation member of finite field, sk:The private key of user;
If the data fed back according to cloud storage service device and be stored in the data of third party's trusted certifying organization can Formula is met, then illustrating the data of cloud storage service device storage has no problem.
The present invention proposes the efficient data processing method based on cloud computing, improves the efficiency of data processing, reduces The memory space of occupancy.
Brief description of the drawings
Fig. 1 is a kind of flow chart of the efficient data processing method based on cloud computing of the present invention;
Embodiment
Below in conjunction with the accompanying drawing of the present invention, technical scheme is clearly and completely described.Here will be detailed Carefully exemplary embodiment is illustrated, its example is illustrated in the accompanying drawings.In the following description when referring to the accompanying drawings, unless otherwise table Show, the same numbers in different accompanying drawings represent same or analogous key element.Embodiment party described in following exemplary embodiment Formula does not represent all embodiments consistent with the present invention.On the contrary, they are only detailed with institute in such as appended claims The example of the consistent apparatus and method of some aspects state, the present invention.
Referring to Fig. 1, the present invention proposes a kind of efficient data processing method based on cloud computing, including:
(1) data storage:User is when to cloud storage service device data storage, while needed for generating checking work Information, necessary information is respectively stored on third party and cloud storage service device.
First, user is file generated digital signature via third party, while generating a file for each blocks of files File cooperative digital signature and check value, are then collectively stored on cloud storage service device, detailed process includes by check value:
Each user is oneself a pair of Mi Lang of generation, is stored in third party's trusted certifying organization, key is by a private key With a public key composition;
Generation random number x is used as private key, wherein x ∈ Zp, ZpRepresent element number for prime number p finite field 0,1 ..., p- 1};
Random number u is generated simultaneously, calculates v=gx, o=ux, wherein, g is finite field ZpGeneration member, with pk=(v, o, g, U) as public key;
User is signed in upper transmitting file with the private key of oneself for each blocks of files, generates a file signature, while with Specific file verification method is that each blocks of files generates a check value, such as MD5 verifications, SHA-1 verifications.
Specific endorsement method includes:
To the file F=(m being made up of n blocks of files1,m2,…,mi,…,mn), it is that each blocks of files generates a file SignatureH(mi) it is hash function;
It is simultaneously each blocks of files generation check value wi, then by mii,wiIt is stored in together on cloud storage service device, will mii,wiFrom local deletion, then by the sequence information of file, i.e., each user has several files, and what is respectively, is stored in Third party's trusted certifying organization.
(2) checking request is initiated:Under the requirement of user, or under scheduled task, third party's trusted certifying organization to Cloud storage service device initiates checking request, and checking solicited message is sent into cloud storage service device, specifically included:
Third party's trusted certifying organization sends checking solicited message to cloud storage service device, and checking solicited message is a string The sequence of blocks of files, while also to generate a random number for each blocks of files, is represented, chal={ i, q with chali, wherein i Represent the sequence number of blocks of files, qiRepresent the random number of generation;
(3) generation checking message:Cloud storage service device is received after the checking request of third party's trusted certifying organization, according to The checking information received, calculates corresponding proof information, then will demonstrate that information is sent to third party's trusted certifying organization Receive checking, specifically include:
If needing the blocks of files verified to be K user respectively, to each user k, k ∈ 1 ..., and K }, the text of K user Part block, digital signature and check value are m respectivelyk,1,…,mk,i,…,mk,n、σk,1,…,σk,i,…,σk,n、wk,1,…,wk,i,…, wk,n, while generating a random number μ for each user krk
Cloud storage service device needs to calculate following two parts content:
One is to calculate the linear combination of each user file:
Wherein, μrkBe cloud storage service device be during checking every time each user generation random number, for avoiding Third party's trusted certifying organization obtains the data of user;
If without μrk, then verifier may by linearly attacking the file obtained on server, for example, if the 3rd Can be during trust authentication mechanism to verify twice, second of checking is than the few file of checking for the first time, and alternative document is all It is identical, then only needing to use secondary μrkValue subtracts the μ of first timerkValue, so that it may to get that second of checking is few The information of file.If plus random number, then that also mixes every time has random number in the inside, passing through simple linear attack The information of file can not just be got.
Two be aggregate signature σ to be calculated:
Wherein
Result of calculation is fed back into third party's trusted certifying organization, the content of feedback is as follows:
{σ,{μk}1≤k≤K}
(4) verify:Third party's trusted certifying organization is received after the feedback content that cloud storage service device is sent, with reference to (2) step issues the checking solicited message of cloud storage service device, and is stored in the user profile of third party's trusted certifying organization, Whether correctly stored according to the file of the rule verification user of definition.
In the data verification model of cloud storage, because the data for needing to be stored in user on cloud storage service device are carried out Checking, if this checking work is done by user oneself, there is many inappropriate places.
First, the computing capability of user is limited, if the Comparision of checking is complicated, then the local resource of user may This task can not be competent at, such as CPU arithmetic speeds are inadequate, bandwidth is inadequate.Secondly, checking need of work authentication preserves one A little specific information, the close copper of such as user, if checking work is given user to do, then user may be special by these Fixed information is lost, and these information can not just do checking work again once losing.3rd, checking work may be periodically executed Or need the regular hour to be just finished, in this process, authentication must complete to verify work, and user online It might not ensure that online, therefore can not also be competent at for checking work in verification process.
Therefore, the fact that checking work can not be completed for user, it is necessary to there is a third party mechanism trusty to come Instead of user checking work is completed as authentication.File is still directly uploaded and downloaded between user and cloud storage service device, And the checking work for user file is then given third party and handled.
In the method verified using homomorphism authenticating tag to the data of user, because the key of each user differs Sample, and computing is encrypted in the experimental evidence for needing to use the key of user to return to server in verification method, therefore every The calculating process of secondary checking can only be carried out for the data of unique user.In actual data verification, due to there is enormous amount User exist, if every time verification process handled just for the file of a user, each transmitting procedure only transmits one The checking information of individual user, this efficiency is that comparison is low, and the data of all users have all been verified into too many certification of needs.
By research, it is found that natively oneself warp is stored on the server by key signature due to homomorphism authenticating tag, and The process that server end calculates aggregate signature is unrelated with user key, is simply combined the label of each file and obtains One aggregate signature, therefore the step of multiple users calculate aggregate signature can be carried out simultaneously, the aggregate signature that reduction is obtained Quantity, and then the quantity of transmission is reduced, accomplish the data mutual authentication of multiple users.
And during multi-user's file mutual authentication, the problem of bringing some other.Verification process each time, by Verify that direction storage side initiates checking request, evidence is returned to by storage side, evidence proves whether the file of these batch validations has It is abnormal.But if during one-time authentication, some file of some user has exception, then the evidence returned can only table The failure of bright this verification process, that is, illustrate that some parts of these files of this checking are problematic, can not but determine be specifically Which file is problematic.Such case is run into, needs to modify to the work of multi-user's mutual authentication, redistributes needs and test The quantity of documents of card simultaneously re-starts checking, occurs the file of mistake until being navigated to after multiple authentication.For this problem, sheet Invention is first carried out certainly by cloud storage service device before cloud storage service device starts checking with a kind of basic method to user data Inspection, wrong file is extracted, then self-detection result is sent into authentication, by authentication is verified with more definite method The self-detection result of cloud storage service device.
The method on cloud storage data verification of early stage, is all built upon on the checking basis of static file, this The premise of a little methods is that file can not change, if file is changed, then these methods will all fail.And in reality In the storage environment on border, file can change, it is therefore necessary to consider using file change as a necessary factor Enter the method for data verification.
The present invention realizes the checking to user file using a kind of cum rights binary tree, and the cum rights binary tree is specially:
All leafy nodes are all the cryptographic Hash of a blocks of files, while including a weights, all leafy nodes In, the weights of the small leafy node of depth must not drop below the weights of the leafy node bigger than its depth;And for non-leaf knot Point, all only comprising a cryptographic Hash, this cryptographic Hash is the cryptographic Hash Hash that computing is tried to achieve again to its two child nodes Value.
In above-mentioned steps (1), for each user k, according to the cryptographic Hash H (m of each blocks of filesi), and each text The initial weight V that part block is assignedi, a cum rights binary tree is generated as a leafy node, then further according to two sons The cryptographic Hash of node, tries to achieve the cryptographic Hash of its father node two-by-two, and iteration is asked down, obtains the root node of the cum rights binary tree Cryptographic Hash, is then digitally signed with user k private key to root node, generates a root signature file sig (Root), generation After root signature file, by root signature file, blocks of files, the signing of blocks of files, the weights of each blocks of files and the band The structural information of power binary tree is sent collectively on cloud storage service device, can be expressed as { (mi,Vii),sig(Root), Struc }, wherein struc represents the related information of the cum rights binary tree structure, and the cum rights two can be obtained according to the information Pitch the structure of tree;The private key of oneself is stored on third-party authentication platform trusty by user simultaneously, cloud storage service device root According to the { (m receivedi,Vii), sig (Root), struc }, generate a cum rights binary tree at cloud storage service device end.
In above-mentioned steps (3), according to the structure struc of the cum rights binary tree, hash value collection { H (mi) together with Calculate root node cryptographic Hash when struc on other desired node hash value collection { { Ωj}j∈struc, and structure Struc, returns to third party's trusted certifying organization together, and the data of return are expressed as { { μk},σ,{Ωj}j∈struc,sig (Root),struc}。
In above-mentioned steps (4), according to structure struc, with the cryptographic Hash { { H (m of nodei)},{Ωj}j∈strucReduction institute Cum rights binary tree is stated, and then obtains the cryptographic Hash H (Root) of new root node, afterwards, is signed with the root node that receives to following Formula is verified:
E (sig (Root), g)=e (H (Root), gsk)
sig(Root):The digital signature of the root node cryptographic Hash received, H (Root):The cryptographic Hash of root node, e ():It is double Linear function, g:The generation member of finite field, sk:The private key of user;
If the data fed back according to cloud storage service device and be stored in the data of third party's trusted certifying organization can Formula is met, then illustrating the data of cloud storage service device storage has no problem.
The data structure that the existing data verification method based on cloud computing is used is by data in data storage, all It is stored among leafy node, in this configuration, other upper strata nodes do not store real data, and simply store some use With the summary value information of checking, this undoubtedly adds the memory space expense on server.
In order to optimize this problem, the present invention proposes a kind of tree of storage completely again, that is, all nodes in setting can be used To store real data, the space expense on server is so not only reduced, and the height of tree can be reduced, so as to reduce The time complexity of the basic operations such as data insert and deletes.
The present invention realizes the checking to user file using a kind of complete storage tree, and the complete storage tree is specially:
Structure is set up each node in storage tree completely, the complete storage tree and deposited based on balanced binary search tree Store up herein below:
1) it is stored in the blocks of files m of the nodei
2) the cryptographic Hash H of this node blocks of filesi=H (mi);
3) joint cryptographic Hash Hsum(i), if i is leafy node, Hsum(i)=H (i), otherwise, is tied according to node i The cryptographic Hash of point, tries to achieve the cryptographic Hash of its father node, iteration is asked down, obtains the Hash of the root node of the complete storage tree Value, i.e., the cryptographic Hash H (Root) of the whole tree of storage completely.
In above-mentioned steps (3), cloud storage service device is received after the checking request of third party's trusted certifying organization, Yun Cun Storage server finds the respective objects node target that store target data in complete storage tree, and have recorded from root knot Point Root to destination node t accessed path, now, cloud storage service device return to corresponding evidence proof={ η, π to user1, π2,…,πn, wherein
If 1) t is leafy node, η={ mt, wherein, mtRepresent the blocks of files of node t storages;
If 2) t is not leafy node, η={ mt,Hsum(t→leftchild),Hsum(t → rightchild) }, its In, Hsum(t → leftchild) represents the joint cryptographic Hash of node t left node, Hsum(t → rightchild) represents node t Right node joint cryptographic Hash.
πiIt is defined as follows:
If 1) i-1 is left node, πi={ Hi,Hsum(i-1),Hsum(i→rightchild)};
If 2) i-1 is right node, πi={ Hi,Hsum(i→leftchild),Hsum(i-1)};
In above-mentioned steps (4), specific verification process is as follows:
1) a=H (m are calculated firstt), if t is leafy node, verify a=Hsum(t) whether set up, otherwise, verify H (a,Hsum(t→leftchild),Hsum(t → rightchild))=Hsum(t) whether set up;
2) for πi(i<N), if i-1 is left node, H (H are calculatedi,Hsum(i-1),Hsum(i → rightchild)), if i- 1 is right node, then calculates H (Hi,Hsum(i→leftchild),Hsum(i-1)), and H (H are verifiedi,Hsum(i-1),Hsum(i-1→ Brother))=Hsum(i) whether set up;
3) for πnIf n-1 is left node, calculates H (Hn,Hsum(n-1),Hsum(n → rightchild)), if it is Right node, then calculate H (Hn,Hsum(n→leftchild),Hsum(n-1)), and with the data set that is stored before user pluck Value H (Root) compares;
If all of above verification process is all set up, prove answer that cloud storage service device is returned be it is correct, It is complete to think verified data, conversely, user then thinks that the data have been tampered or forged.
The present invention proposes the efficient data processing method based on cloud computing, improves the efficiency of data processing, reduces The memory space of occupancy.
Those skilled in the art will readily occur to its of the present invention after considering specification and putting into practice invention disclosed herein Its embodiment.The application be intended to the present invention any modification, purposes or adaptations, these modifications, purposes or Person's adaptations follow the general principle of the present invention and including undocumented common knowledge in the art of the invention Or conventional techniques.
It should be appreciated that the invention is not limited in the precision architecture for being described above and being shown in the drawings, and And various modifications and changes can be being carried out without departing from the scope.The scope of the present invention is only limited by appended claim.

Claims (4)

1. a kind of efficient data processing method based on cloud computing, the checking to user file, institute are realized using cum rights binary tree Stating cum rights binary tree is specially:All leafy nodes are all the cryptographic Hash of a blocks of files, while comprising a weights, owning Leafy node in, the weights of the small leafy node of depth must not drop below the weights of the leafy node bigger than its depth;And it is right In n omicronn-leaf child node, all only comprising a cryptographic Hash, this cryptographic Hash is the cryptographic Hash computing again to its two child nodes The cryptographic Hash tried to achieve;Methods described includes:
(1) data storage:User is when to cloud storage service device data storage, while generating the letter needed for checking work Breath, necessary information is respectively stored on third party and cloud storage service device;
First, user is file generated digital signature via third party, while generating a file verification for each blocks of files File cooperative digital signature and check value, are then collectively stored on cloud storage service device, detailed process includes by value:
Each user is oneself a pair of Mi Lang of generation, is stored in third party's trusted certifying organization, key is by a private key and one Individual public key composition;
Generation random number x is used as private key, wherein x ∈ Zp, ZpRepresent finite field { 0,1 ..., p-1 } of the element number for prime number p;
Random number u is generated simultaneously, calculates v=gx, o=ux, wherein, g is finite field ZpGeneration member, with pk=(v, o, g, u) make For public key;
For each user k, according to the cryptographic Hash H (m of each blocks of filesi), and the initial weight V that each blocks of files is assignedi, A cum rights binary tree is generated as a leafy node, then further according to the cryptographic Hash of two child nodes, is tried to achieve two-by-two The cryptographic Hash of its father node, iteration is asked down, obtains the cryptographic Hash of the root node of the cum rights binary tree, then with user k's Private key is digitally signed to root node, generates a root signature file sig (Root), is generated after root signature file, is incited somebody to action Root signature file, blocks of files, the signing of blocks of files, the weights of each blocks of files and the structural information one of the cum rights binary tree Rise and be sent on cloud storage service device, { (m can be expressed asi,Vii), sig (Root), struc }, wherein struc represents institute The related information of cum rights binary tree structure is stated, the structure of the cum rights binary tree can be obtained according to the information;User will simultaneously The private key of oneself is stored on third-party authentication platform trusty, and cloud storage service device is according to the { (m receivedi,Vii),sig (Root), struc }, generate a cum rights binary tree at cloud storage service device end;
(2) checking request is initiated:Under the requirement of user, or under scheduled task, third party's trusted certifying organization deposits to cloud Store up server and initiate checking request, checking solicited message is sent to cloud storage service device;
(3) generation checking message:Cloud storage service device is received after the checking request of third party's trusted certifying organization, according to receiving Checking information, calculate it is corresponding prove information, then will demonstrate that information is sent to the receiving of third party's trusted certifying organization Checking;
(4) verify:Third party's trusted certifying organization is received after the feedback content that cloud storage service device is sent, with reference to (2) Step issues the checking solicited message of cloud storage service device, and is stored in the user profile of third party's trusted certifying organization, root Whether correctly stored according to the file of the rule verification user of definition.
2. the efficient data processing method as claimed in claim 1 based on cloud computing, step (2) includes:
Third party's trusted certifying organization sends checking solicited message to cloud storage service device, and checking solicited message is a string file The sequence of block, while also to generate a random number for each blocks of files, is represented, chal={ i, q with chali, wherein i is represented The sequence number of blocks of files, qiRepresent the random number of generation.
3. the efficient data processing method as claimed in claim 1 based on cloud computing, step (3) includes:
According to the structure struc of the cum rights binary tree, hash value collection { H (mi) together with calculate root node cryptographic Hash when The hash value collection { { Ω of the upper other desired nodes of strucj}j∈struc, and structure struc, third party is returned to together Trusted certifying organization, the data of return are expressed as { { μk},σ,{Ωj}j∈struc,sig(Root),struc}。
4. the efficient data processing method as claimed in claim 3 based on cloud computing, step (4) includes:
According to structure struc, with the cryptographic Hash { { H (m of nodei)},{Ωj}j∈strucThe reduction cum rights binary tree, and then To the cryptographic Hash H (Root) of new root node, afterwards, following formula are verified with the root node signature that receives:
E (sig (Root), g)=e (H (Root), gsk)
sig(Root):The digital signature of the root node cryptographic Hash received, H (Root):The cryptographic Hash of root node, e ():Bilinearity Function, g:The generation member of finite field, sk:The private key of user;
If disclosure satisfy that according to the data of cloud storage service device feedback and the data for being stored in third party's trusted certifying organization Formula, then illustrating the data of cloud storage service device storage has no problem.
CN201710484418.8A 2017-06-23 2017-06-23 A kind of efficient data processing method based on cloud computing Pending CN107231369A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710484418.8A CN107231369A (en) 2017-06-23 2017-06-23 A kind of efficient data processing method based on cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710484418.8A CN107231369A (en) 2017-06-23 2017-06-23 A kind of efficient data processing method based on cloud computing

Publications (1)

Publication Number Publication Date
CN107231369A true CN107231369A (en) 2017-10-03

Family

ID=59935201

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710484418.8A Pending CN107231369A (en) 2017-06-23 2017-06-23 A kind of efficient data processing method based on cloud computing

Country Status (1)

Country Link
CN (1) CN107231369A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108011713A (en) * 2017-11-16 2018-05-08 南京邮电大学 Cipher text retrieval method based on homomorphic cryptography in a kind of cloud storage
CN108777613A (en) * 2018-06-01 2018-11-09 杭州电子科技大学 The deblocking method for secure storing of heat transfer agent Virtual Service in Internet of Things

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104993937A (en) * 2015-07-07 2015-10-21 电子科技大学 Method for testing integrity of cloud storage data
WO2016128070A1 (en) * 2015-02-13 2016-08-18 Nec Europe Ltd. Method for storing a data file of a client on a storage entity
CN106612174A (en) * 2016-08-26 2017-05-03 四川用联信息技术有限公司 Data security verification and updating method supporting third-party administrator (TPA) in mobile cloud computing

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016128070A1 (en) * 2015-02-13 2016-08-18 Nec Europe Ltd. Method for storing a data file of a client on a storage entity
CN104993937A (en) * 2015-07-07 2015-10-21 电子科技大学 Method for testing integrity of cloud storage data
CN106612174A (en) * 2016-08-26 2017-05-03 四川用联信息技术有限公司 Data security verification and updating method supporting third-party administrator (TPA) in mobile cloud computing

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李莹: "云计算下的数据存储安全技术研究", 《万方学位论文山东师范大学学术论文》 *
沈志东等: "《面向移动云计算的轻量级数据完整性验证方法》", 《东北大学学报(自然科学版)》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108011713A (en) * 2017-11-16 2018-05-08 南京邮电大学 Cipher text retrieval method based on homomorphic cryptography in a kind of cloud storage
CN108011713B (en) * 2017-11-16 2020-11-20 南京邮电大学 Ciphertext retrieval method based on homomorphic encryption in cloud storage
CN108777613A (en) * 2018-06-01 2018-11-09 杭州电子科技大学 The deblocking method for secure storing of heat transfer agent Virtual Service in Internet of Things

Similar Documents

Publication Publication Date Title
US10824701B2 (en) System and method for mapping decentralized identifiers to real-world entities
US11853437B2 (en) Method for storing data on a storage entity
CN106254374B (en) A kind of cloud data public audit method having duplicate removal function
EP3563553B1 (en) Method for signing a new block in a decentralized blockchain consensus network
CN108683669B (en) Data verification method and secure multi-party computing system
WO2021000337A1 (en) System and method for mapping decentralized identifiers to real-world entities
Liu et al. Public auditing for big data storage in cloud computing--a survey
CN109889497A (en) A kind of data integrity verification method for going to trust
Alshaikhli et al. Evolution of Internet of Things from blockchain to IOTA: A survey
CN105227317B (en) A kind of cloud data integrity detection method and system for supporting authenticator privacy
CN107566118B (en) Cloud auditing method capable of dynamically revoking lightweight user and dynamically updating data
US11184168B2 (en) Method for storing data on a storage entity
CN105721158A (en) Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system
CN107231370A (en) A kind of data monitoring method based on cloud computing
CN106487786A (en) A kind of cloud data integrity verification method based on biological characteristic and system
CN107257342A (en) A kind of data safety processing method based on cloud computing
CN110351292B (en) Private key management method, device, equipment and storage medium
CN107231369A (en) A kind of efficient data processing method based on cloud computing
CN109104449A (en) A kind of more Backup Data property held methods of proof under cloud storage environment
Rana et al. A survey on privacy and security in mobile cloud computing
Zhang et al. Improved publicly verifiable auditing protocol for cloud storage
Ren et al. Attributed based provable data possession in public cloud storage
CN113935874A (en) District chain-based book management system for studying income
Patel et al. An approach to analyze data corruption and identify misbehaving server
Ren et al. Outsourced data tagging via authority and delegable auditing for cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171003