CN107800688B - Cloud data deduplication and integrity auditing method based on convergence encryption - Google Patents

Cloud data deduplication and integrity auditing method based on convergence encryption Download PDF

Info

Publication number
CN107800688B
CN107800688B CN201710895786.1A CN201710895786A CN107800688B CN 107800688 B CN107800688 B CN 107800688B CN 201710895786 A CN201710895786 A CN 201710895786A CN 107800688 B CN107800688 B CN 107800688B
Authority
CN
China
Prior art keywords
file
key
client
csp
ttp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710895786.1A
Other languages
Chinese (zh)
Other versions
CN107800688A (en
Inventor
付安民
郭晓勇
苏铓
周磊
陈珍珠
丁伟佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Science and Technology
Original Assignee
Nanjing University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Science and Technology filed Critical Nanjing University of Science and Technology
Priority to CN201710895786.1A priority Critical patent/CN107800688B/en
Publication of CN107800688A publication Critical patent/CN107800688A/en
Application granted granted Critical
Publication of CN107800688B publication Critical patent/CN107800688B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3257Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using blind signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response

Abstract

The invention discloses a cloud data deduplication and integrity auditing method based on convergence encryption. The method is based on a convergence key encapsulation/decapsulation algorithm of blind signatures, can realize the duplication removal of the convergence key while safely storing the convergence key, and is based on a BLS signature algorithm of the convergence key, stores an audit public key by using a trusted third party TTP and acts for audit, thereby realizing the duplication removal of the audit signature and the audit public key, and comprises the following specific steps: initializing a system; initializing a secret key; initializing a file; initializing authentication evidence; key encapsulation; storing data; repeating the challenge; repeating the response; repeating authentication; requesting an audit; agent auditing; auditing response; auditing and authenticating; and (5) downloading the file. The invention improves the utilization rate of the cloud storage space, realizes the duplicate removal of the audit signature and the audit public key, and reduces the storage and calculation cost of the client.

Description

Cloud data deduplication and integrity auditing method based on convergence encryption
Technical Field
The invention relates to the technical field of cloud storage and information security, in particular to a cloud data deduplication and integrity auditing method based on convergence encryption.
Background
With the wide application of cloud storage services, more and more users store data to the cloud. According to EMC research, about 75% of cloud storage space is occupied by repeated data, and because a cloud server is semi-credible, how to eliminate redundant data under the condition of protecting data privacy becomes a serious problem of cloud storage application development; in addition, since the data is stored in the cloud, the user loses control over the data, and therefore it cannot be determined whether the cloud data is complete, and therefore, how to efficiently verify the integrity of the data is also a problem to be considered in the security guarantee of the cloud storage.
In order to solve the problem of how to remove the duplicate of cloud privacy protection data, researchers usually adopt an encryption mode to protect data privacy, and on the basis, data duplication removal on a ciphertext is realized through mechanisms such as secret key safe sharing, ciphertext conversion, convergence encryption and the like, wherein the convergence encryption mechanism is a commonly used method for solving the problem of ciphertext data duplication at present, but as the convergence key is derived from a data original text, a large amount of data needs to be stored with a corresponding convergence key, so that extra overhead is added to a user.
In addition, some schemes propose a mode of encrypting a convergence key by using a main key and then outsourcing a storage key ciphertext to reduce the local storage overhead of a user, but the mode causes the redundant storage of the key ciphertext. In the scheme, key distribution is provided in a threshold mode, and key components are stored in n cloud servers, however, extra cloud server overhead is introduced, and meanwhile, the verification process is complicated.
For the problem of integrity verification, researchers provide a public auditing and sampling auditing mode to realize the integrity verification of remote data. However, signatures required by audit authentication are generated by a signature private key randomly generated by a user and file information, and the corresponding signatures of redundant data originals among users are inevitably redundant, so that cloud storage stores a large number of redundant signatures.
Disclosure of Invention
The invention aims to provide a safe and efficient cloud data deduplication and integrity auditing method based on a convergence key.
The technical solution for realizing the purpose of the invention is as follows: a cloud data duplicate removal and integrity auditing method based on convergence encryption comprises a Client side (Client), a cloud storage server side (CSP) and a trusted third party side (TTP); the method comprises the following steps:
step 1, system initialization:
the system randomly selects a prime number q and creates an elliptic curve equation G of order q1,G2And generates an acceptable linear pair e G1×G1→G2,g1、g2Is G1Two different generators of (2), a hash functionh(·):{0,1}*∈Zq,ZqRepresenting a q-th prime field, hash function H (·) {0,1}*∈G1Then the system part discloses the parameters as { e, g1,g2,G1,G2H (-), H (-) }; TTP randomly selects x ∈ ZqLet private parameter tsk be x, and calculate y1=g1 x
Figure GDA0002307852910000021
TTP public key public parameter y1And y2And keeping tsk private;
step 2, key initialization:
the client calculates a corresponding convergence key k for the file FFPrivate file signature key sskFAnd a file signature public key spkF
Step 3, file initialization:
client computing ciphertext C for File FF=Enc(kFF), while generating the file identification Tag ═ Sha1 (C)F) Wherein, Tag is a file identifier and is used for detecting the repeatability of the file;
step 4, initializing the authentication evidence:
the client firstly divides the file F into data blocks B with equal sizeiI is more than or equal to 1 and less than or equal to n, n is the total number of data blocks, and then a file convergence key k is utilizedFEncrypting a block of data to obtain a block cipher text
Figure GDA0002307852910000022
Finally for each data block BiComputing a data Block authentication evidence σiWhere σ isiFor repeated authentications and audit authentications;
step 5, key encapsulation:
when the CSP does not have the file identifier Tag, the client randomly generates a blinding factor r, and uses the blinding factor r to converge the key kFBlinding, and then sending the blinded convergence key a to a TTP (time to live) by the client for signature and returning to b; the client de-blinding the return value b to obtain a convergence key kFCiphertext CK ofF
Step 6, data storage:
when the CSP does not have the file identification Tag, the client uploads the file identification Tag and the file ciphertext CFAnd a file key ciphertext CKFBlock cipher text CBiAnd data Block authentication evidence σiTo the CSP, the CSP verifies whether the document ID and the document ciphertext are from the same document, and verifies the block signature σiThe correctness of the test; meanwhile, the client uploads the file attribute, the user identification and the file audit public key to the TTP; finally, the CSP stores a file identifier, a file ciphertext, a file block ciphertext and a file block authentication evidence for each file, and the TTP stores a file attribute, a user identifier and a file audit public key;
and 7, repeating the challenge:
when the CSP has the file identification Tag, executing a file repeated authentication protocol; CSP generates challenge information chal ═ (i, v)i)i∈IAnd returning the challenge information to the client, wherein I is [1, n ]]Random number vi∈ZqWherein Z isqIs a q-th prime field;
and 8, repeating response:
after receiving the challenge set, the client analyzes the challenge set chal to obtain a block index set I of the file, then processes the file F ' to be uploaded to generate a repeated response evidence sigma ', and feeds back the repeated response evidence sigma ' to the CSP;
step 9, repeating authentication:
after the CSP sends the challenge set to the designated client, the CSP utilizes the meta-evidence σiCalculating a challenge set chal to obtain a document authentication evidence sigma; after the CSP receives the response evidence sigma' returned by the client, the verification is carried out
Figure GDA0002307852910000032
If the client ID and the file ID are the same, the CSP successfully repeatedly authenticates the file, and adds the client ID to an ownership list of the file; otherwise, the repeated authentication fails, the client continuously uploads the file, and the CSP feeds back the repeated authentication result to the client;
step 10, request audit:
if the client needs to audit the integrity of the CSP data, sending audit request information to the TTP, wherein the audit request information comprises a user identifier U and a file identifier Tag;
step 11, agent audit:
TTP analyzes the auditing request of client and executes auditing protocol, firstly, according to user identification and file identification Tag, basic information of file is retrieved, and challenge set chal is generated as (i, v)i)i∈IThen send the challenge set to the CSP; wherein I is [1, n ]]A subset of, random number vi∈ZqWherein Z isqIs a q-th prime field;
step 12, auditing response:
after receiving the audit request from the TTP, the CSP analyzes the user identification U and the file identification Tag, and retrieves to obtain the file audit evidence sigmaiCiphertext block CiCloud according to chal, sigmai、CiCalculating out corresponding polymerization evidence
Figure GDA0002307852910000031
And aggregating the ciphertext mu ═ sigmai∈ICiviThen, returning the response evidence { mu, sigma }, the user identifier U and the file identifier Tag to the TTP;
step 13, auditing and authenticating:
after the TTP receives the feedback from the CSP, the TTP depends on the public key information spk of the fileFVerifying the response evidence of the CSP, then recording the audit result into a log table, and returning the audit result to the client;
step 14, downloading the file:
when the client needs to download the file from the CSP, the CSP firstly verifies the validity of the client identity and encrypts the cipher text CK of the keyFAnd ciphertext CFReturning to the client; the client and the TTP execute a key decapsulation algorithm to obtain a key plaintext kFThen use the key plaintext kFAnd decrypting to obtain the data plaintext F.
As a specific scheme, the key initialization in step 2 includes the following specific steps:
1) calculating to obtain a file convergence key k by taking the file F as a parameterF=H(F);
2) Using the file F as a parameter, calculating to obtain a file signature private key sskF=h(F);
3) Signing private key ssk with a fileFCalculating a file signature public key as a parameter
Figure GDA0002307852910000041
As a specific scheme, the authentication evidence in step 4 is initialized, and the specific steps are as follows:
1) the client divides the file F into n data blocks B according to the block size set by the systemi(1≤i≤n);
2) Using a convergent key kFEncrypt the data block to obtain Ci=Enc(Bi,kF)(1≤i≤n);
3) Generation of File signature private Key ssk from File FFH (f) and file signature public key
Figure GDA0002307852910000042
4) Calculating data block B corresponding to file FiAuthentication evidence collection
Figure GDA0002307852910000043
Wherein sigmaiIs an essential element of security deduplication and integrity audit authentication.
As a specific scheme, the key encapsulation in step 5 specifically includes the following steps:
1) the client randomly selects a blinding factor r, which belongs to ZqAnd blinding the convergence key k to obtain a blinded convergence key a ═ kF·g1 rSending the data to the TTP;
2) the TTP signs the blinded convergence secret key a by using a private key tsk to obtain b as atskAnd returning the b to the client U;
3) the client performs de-blinding processing on the b to obtain an encapsulated convergence key CKF,CKF=b·y1 -rAnd CK is verified by the following equationFThe legitimacy of (c):
Figure GDA0002307852910000044
if the verification is successful, CKFFor key ciphertext, the client can securely encrypt the CKFOutsourcing and storing to the CSP; otherwise, the signature may be subject to malicious attacks and fail.
As a specific scheme, in the file downloading in step 14, the specific steps of client file decryption are as follows:
1) the client randomly selects a blinding factor r, which belongs to ZqAnd blinding the key ciphertext CKFObtaining the blinded key ciphertext a ═ CKF·g1 rSending the data to the TTP;
2) TTP signs the blinded key ciphertext a by using a private key tsk to obtain
Figure GDA0002307852910000051
And returning b to the user U;
3) the client performs de-blinding processing on the b to obtain a convergence key kF,kF=b·y1 -rAnd k is verified by the following equationFThe legitimacy of (c):
Figure GDA0002307852910000052
if the verification is successful, kFTo converge the key, the client utilizes kFDecryption CFObtaining a plaintext F, and ending the file decryption operation; otherwise, the identity authentication fails, the blind signature fails, the key is discarded, and the ciphertext unsealing algorithm is continuously executed with the TTP.
Compared with the prior art, the invention has the remarkable advantages that: (1) managing convergence keys securely and efficiently: the convergence secret key is safely packaged by using the idea of combining the blind signature and the convergence secret key, and meanwhile, the duplication removal of the convergence secret key is realized; (2) the authentication signature with the same elimination effect has two purposes: the construction mode of the authentication signature is improved, the signature is carried out by using a convergence key method, and the same signature can be used for repeated authentication and audit authentication; (3) the file key plaintext does not need to be obtained, and the safety is high: the trusted third party processes the blinded key during key encapsulation, so that the plaintext of the file key does not need to be acquired, and the security is high; when the trusted third party agent conducts audit, the trusted third party only obtains some attribute information of the file, and plaintext information of the file cannot be leaked in the audit authentication process; meanwhile, the bilinear mapping relation is utilized to carry out safe signature verification, so that inconsistent attacks of malicious users can be resisted; (4) by means of safe and unified encapsulation of the convergence key, efficient transformation of the authentication signature and proxy storage of the public key, safe cloud data duplication removal and integrity verification services are provided, waste of potential redundant data on cloud storage space is saved, and computing cost of the client is reduced.
Drawings
Fig. 1 is a system structure diagram of a cloud data deduplication and integrity auditing method based on convergence encryption according to the present invention.
Fig. 2 is a basic flowchart of the cloud data deduplication and integrity auditing method based on convergence encryption according to the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and the examples of embodiment.
The invention provides a cloud data deduplication and integrity auditing method based on convergence encryption, wherein a system model of the method is shown in figure 1 and comprises three types of entities: the system comprises a Client (Client), a cloud storage server (cloud storage provider) and a Trusted Third Party (Trusted Third Party). The CSP is composed of a main server and a storage server, has enough storage space and computing capacity, and provides private data storage and repeated authentication and audit authentication services for users. TTP interacts with user, encapsulates/decapsulates convergence key safely, stores audit public key and acts audit. The Client comprises a plurality of common users, and the service provided by the cloud storage is also an important ring in realizing the security authentication.
With reference to fig. 2, a cloud data deduplication and integrity auditing method based on convergence encryption includes the following specific implementation steps:
step 1, initializing system parameters: the system selects the public parameters and initializes the public key and the private key of the TTP terminal. The method comprises the following specific steps:
1) the system randomly selects a prime number q and creates an elliptic curve equation G of order q1,G2And generates an acceptable linear pair e G1×G1→G2,g1、g2Is G1Let hash function h (·) → {0,1}*∈Zq,ZqRepresenting a q-th prime field, hash function H (·) → {0,1}*∈G1Then the system part discloses the parameters as { e, g1,g2,G1,G2,h(·),H(·)};
2) TTP randomly selects x ∈ ZqLet private parameter tsk be x, and calculate y1∈g1 x
Figure GDA0002307852910000061
Let the common parameter tpk be { y ═ y1,y2TTP discloses tpk and keeps tsk private.
Step 2, key initialization: the client calculates a corresponding convergence key k for the file FFPrivate file signature key sskFAnd a file signature public key spkF(ii) a The method comprises the following specific steps:
1) calculating a file convergence key k by using a one-way hash function H by taking the file F as a parameterF=H(F)。
2) Using file F as parameter, utilizing one-way hash function h to calculate file signature private key sskF=h(F)。
3) Signing private key ssk with a fileFCalculating a file signature public key as a parameter
Figure GDA0002307852910000062
Step 3, file initialization: the client side encrypts the file F by using the generated convergence key to obtain a ciphertext CF,CF=Enc(KFF) and generates a file unique identifier Tag-SHA 1 (C) according to the digest algorithm SHA1F) Which isThe middle Tag is a file identifier and is used for detecting the repeatability of the file.
Step 4, initializing the authentication evidence: the client firstly divides the file F into data blocks B with equal sizeiI is more than or equal to 1 and less than or equal to n, n is the total number of data blocks, and then a file convergence key k is utilizedFEncrypting a block of data to obtain a block cipher text
Figure GDA0002307852910000063
Finally for each data block BiComputing a data Block authentication evidence σiWhere σ isiFor repeated authentications and audit authentications. The method comprises the following specific steps:
1) the client divides the file F into n data blocks B according to the block size set by the systemi(1≤i≤n);
2) Using a convergent key kFEncrypt the data block to obtain Ci=Enc(Bi,kF)(1≤i≤n);
3) Generation of File signature private Key ssk from File FFH (f) and file signature public key
Figure GDA0002307852910000071
4) Calculating data block B corresponding to file FiAuthentication evidence collection
Figure GDA0002307852910000072
Wherein sigmaiIs an essential element of security deduplication and integrity audit authentication.
Step 5, key encapsulation: when the CSP does not have the file identifier Tag, the user randomly generates a blinding factor r and uses the blinding factor r to converge the key kFAnd (4) blinding, and then sending the blinded convergence key a to the TTP by the client for signature and returning to the step b. The client de-blinding the return value b to obtain a convergence key kFCiphertext CK ofF. The method comprises the following specific steps:
1) the client randomly selects a blinding factor r, r ← Zq
2) Using r pairs of convergence keys kFBlinding to obtain a ═ kF·g1 rAnd transmitSend r to TTP.
3) The TTP signs a by using a self-signature private key tsk to obtain b ═ atskAnd returns to the user.
4) The client firstly carries out de-blinding to obtain a ciphertext CK of a convergence keyF=b·y1 -rEncrypted by the private key tsk of the TTP.
Figure GDA0002307852910000073
5) Client pairs CK using equation (1)FIf the verification is passed, the user can verify the CKFAs k isFAnd the ciphertext is outsourced and stored to the cloud end, and the convergence key is safely stored. Otherwise, the CK is discardedFRe-performing the key encapsulation algorithm with the TTP to obtain the CKF
Figure GDA0002307852910000074
Step 6, data storage: when the CSP does not have the file identification Tag, the client uploads the file identification Tag and the file ciphertext CFAnd a file key ciphertext CKFBlock cipher text CBiAnd data Block authentication evidence σiTo the CSP, the CSP verifies whether the document ID and the document ciphertext are from the same document, and verifies the block signature σiThe correctness of the test; meanwhile, the client uploads the file attribute, the user identification and the file audit public key to the TTP; finally, the CSP stores file identification, file ciphertext, file block authentication evidence and TTP stores file attribute, user identification and file audit public key for each file. The method comprises the following specific steps:
1) client uploads file identification Tag and file ciphertext CFAnd a file key ciphertext CKFBlock cipher text
Figure GDA0002307852910000081
And data Block authentication evidence σiTo the CSP, the CSP verifies whether the document ID and the document ciphertext are from the same document, and verifies the block signature σiThe correctness of the operation.
2) The client uploads file attributes (file block number, file identification and file name), user identification and a file audit public key to the TTP.
And 7, repeating the challenge: when the CSP has the file identification Tag, executing a file repeated authentication protocol; CSP generates challenge information chal ═ (i, v)i)i∈IAnd returning the challenge information to the client, wherein I is [1, n ]]Random number vi∈ZqWherein Z isqIs the q-th prime field. The method comprises the following specific steps:
1) the CSP generates a challenge set chal according to the cloud record of the duplicate file F, wherein chal is (i, v)i)i∈IWherein I is [1, n ]]Represents a set of block indices; random number vi∈ZqAnd is used for resisting replay attack by a malicious attacker.
2) The CSP sends a challenge set chal to the designated client.
And 8, repeating response: after receiving the challenge set, the client analyzes the challenge set chal to obtain a block index set I of the file, then processes the file F ' to be uploaded to generate a repeated response evidence sigma ', and feeds back the repeated response evidence sigma ' to the CSP. The method comprises the following specific steps:
1) the client resolves the challenge set chal to obtain a block index set I.
2) The client initializes a duplicate file F' to be uploaded:
(2a) computing a file convergence key kF=H(F)。
(2b) Compute document signature private key sskF=h(F)。
(2c) Splitting files F' to B according to system set sizei(i is more than or equal to 1 and less than or equal to n) and encrypted to obtain ciphertext data block
Ci(1≤i≤n)。
3) For all data blocks in I, a block signature is calculated
Figure GDA0002307852910000082
From all σi' calculation of duplicate proof of authentication
Figure GDA0002307852910000083
And sends σ' to the cloud.
Step 9, repeating authentication: after the CSP sends the challenge set to the designated client, the CSP utilizes the meta-evidence σiCalculating a challenge set chal to obtain a document authentication evidence sigma; after the CSP receives the response evidence sigma' returned by the client, the verification is carried out
Figure GDA0002307852910000091
If the client ID and the file ID are the same, the CSP successfully repeatedly authenticates the file, and adds the client ID to an ownership list of the file; otherwise, the repeated authentication fails, the client continuously uploads the file, and the CSP feeds back the repeated authentication result to the client. The method comprises the following specific steps:
1) CSP retrieves the meta authentication evidence sigma' and the ciphertext block corresponding to the file by Tag
Figure GDA0002307852910000092
2) CSP calculates out repeated authentication evidence according to challenge set
Figure GDA0002307852910000093
3) After the CSP receives the client response evidence sigma ', the client response evidence sigma' is compared
Figure GDA0002307852910000094
If the equation is established, the file repetition evidence is successful, the client does not need to upload the file F' and related data, and the CSP gives ownership of the file F to the user U (adds a user U identifier in the file F authority table); otherwise, the client needs to upload all files.
Step 10, request audit: when the user needs to audit the integrity of the cloud data, the user can send audit request information (user identification U and file identification Tag) to the TTP.
Step 11, agent audit: TTP analyzes the auditing request of client and executes auditing protocol, firstly, according to user identification and file identification Tag, basic information of file is retrieved, and challenge set chal is generated as (i, v)i)i∈IThen send the challenge set to the CSP; wherein, I is a group of a [1,n]a subset of, random number vi∈ZqWherein Z isqIs the q-th prime field. The method comprises the following specific steps:
1) TTP analyzes audit request information from client U to obtain file identification Tag
2) The TTP retrieves a local storage file library according to the Tag to obtain file attributes, and generates a challenge set chal (i, v) by taking the total number n of the file blocks as a referencei)i∈I. And sending the chal and the file identification Tag to the cloud.
Step 12, auditing response: after receiving the audit request from the TTP, the CSP analyzes the user identification U and the file identification Tag, and retrieves to obtain the file audit evidence sigmaiCiphertext block CiCloud according to chal, sigmai、CiCalculating out corresponding polymerization evidence
Figure GDA0002307852910000095
And aggregating the ciphertext mu ═ sigmai∈ICiviThen, the response evidence { μ, σ }, the user identifier U and the file identifier Tag are returned to the TTP. The method comprises the following specific steps:
1) CSP analyzes audit information sent by TTP end to obtain file identification Tag
2) CSP retrieves the meta authentication evidence sigma according to the identification TagiCiphertext block CiUsing chal, sigmai、CiCalculating to obtain corresponding homomorphic audit authentication evidence
Figure GDA0002307852910000096
And homomorphic ciphertext mu ═ sigmai∈ICiviAnd returns { σ, μ, Tag } to the TTP terminal.
Step 13, auditing and authenticating: and after receiving the feedback from the CSP, the TTP verifies the cloud response evidence according to the file public key information. And then the TTP records the auditing result into a log table and returns the auditing result to the client. The method comprises the following specific steps:
1) TTP analyzes the feedback information and retrieves the local document library to obtain the corresponding document audit public key spkF
2) The TTP verifies whether the equation (3) is established or not by utilizing the CSP return information { sigma, mu, Tag }, and if the equation is established, the file stored in the CSP by the user is complete; otherwise, the file is corrupted. And then the TTP records the auditing result into a log table and returns the auditing result to the specified client U.
Figure GDA0002307852910000101
Step 14, downloading the file: when the client needs to download the file from the CSP, the CSP firstly verifies the validity of the client identity and encrypts the cipher text CK of the keyFAnd ciphertext CFReturning to the client; the client and the TTP execute a key decapsulation algorithm to obtain a key plaintext kFThen use the key plaintext kFAnd decrypting to obtain the data plaintext F. The method comprises the following specific steps:
1) the client randomly selects a blinding factor r, which belongs to ZqAnd blinding the key ciphertext CKFObtaining the blinded key ciphertext a ═ CKF·g1 rAnd sending a to TTP.
2) TTP signs a by using private key tsk to obtain
Figure GDA0002307852910000102
And returns b to user U.
3) The client performs de-blinding processing on the b to obtain a convergence key kF,kF=b·y1 -rAnd verifies k by equation (4)FIf the verification is successful, kFTo converge the key, the client utilizes kFDecryption CFObtaining a plaintext F, and ending the file decryption operation; otherwise, the client fails to verify the identity, the blind signature fails, the key is discarded, and the ciphertext unsealing algorithm is continuously executed with the TTP.
Figure GDA0002307852910000103
In conclusion, the convergence key encapsulation/decapsulation algorithm based on the blind signature can safely store the convergence key and simultaneously realize the duplication removal of the convergence key, so that the utilization rate of a cloud storage space is improved; on the other hand, the BLS signature algorithm based on the convergence key stores the audit public key and performs proxy audit by using a Trusted Third Party (TTP), thereby realizing the duplicate removal of the audit signature and the audit public key and reducing the storage and calculation expenses of the client.

Claims (5)

1. A cloud data duplicate removal and integrity auditing method based on convergence encryption is characterized by comprising a Client, a cloud storage server, a trusted third party, a Client side and a server side (CSP), wherein the Client is a Client; the method comprises the following steps:
step 1, system initialization:
the system randomly selects a prime number q and creates an elliptic curve equation G of order q1,G2And generates an acceptable linear pair e G1×G1→G2,g1、g2Is G1Let the hash function h (·) be {0,1}*∈Zq,ZqRepresenting a q-th prime field, hash function H (·) {0,1}*∈G1Then the system part discloses the parameters as { e, g1,g2,G1,G2H (-), H (-) }; TTP randomly selects x ∈ ZqLet private parameter tsk be x, and calculate y1=g1 x
Figure FDA0002307852900000011
TTP public key public parameter y1And y2And keeping tsk private;
step 2, key initialization:
the client calculates a corresponding convergence key k for the file FFPrivate file signature key sskFAnd a file signature public key spkF
Step 3, file initialization:
client computing ciphertext C for File FF=Enc(kFF), while generating the file identification Tag ═ Sha1 (C)F) Wherein, Tag is a file identifier and is used for detecting the repeatability of the file;
step 4, initializing the authentication evidence:
the client firstly divides the file F into data blocks B with equal sizeiI is more than or equal to 1 and less than or equal to n, n is the total number of data blocks, and then a file convergence key k is utilizedFEncrypting a block of data to obtain a block cipher text
Figure FDA0002307852900000012
Finally for each data block BiComputing a data Block authentication evidence σiWhere σ isiFor repeated authentications and audit authentications;
step 5, key encapsulation:
when the CSP does not have the file identifier Tag, the client randomly generates a blinding factor r, and uses the blinding factor r to converge the key kFBlinding, and then sending the blinded convergence key a to a TTP (time to live) by the client for signature and returning to b; the client de-blinding the return value b to obtain a convergence key kFCiphertext CK ofF
Step 6, data storage:
when the CSP does not have the file identification Tag, the client uploads the file identification Tag and the file ciphertext CFAnd a file key ciphertext CKFBlock cipher text CBiAnd data Block authentication evidence σiTo the CSP, the CSP verifies whether the document ID and the document ciphertext are from the same document, and verifies the block signature σiThe correctness of the test; meanwhile, the client uploads the file attribute, the user identification and the file audit public key to the TTP; finally, the CSP stores a file identifier, a file ciphertext, a file block ciphertext and a file block authentication evidence for each file, and the TTP stores a file attribute, a user identifier and a file audit public key;
and 7, repeating the challenge:
when the CSP has the file identification Tag, executing a file repeated authentication protocol; CSP generates challenge information chal ═ (i, v)i)i∈IAnd returning the challenge information to the client, wherein I is [1, n ]]Random number vi∈ZqWherein Z isqIs a q-th prime field;
and 8, repeating response:
after receiving the challenge set, the client analyzes the challenge set chal to obtain a block index set I of the file, then processes the file F ' to be uploaded to generate a repeated response evidence sigma ', and feeds back the repeated response evidence sigma ' to the CSP;
step 9, repeating authentication:
after the CSP sends the challenge set to the designated client, the CSP utilizes the meta-evidence σiCalculating a challenge set chal to obtain a document authentication evidence sigma; after the CSP receives the response evidence sigma' returned by the client, the verification is carried out
Figure FDA0002307852900000021
If the client ID and the file ID are the same, the CSP successfully repeatedly authenticates the file, and adds the client ID to an ownership list of the file; otherwise, the repeated authentication fails, the client continuously uploads the file, and the CSP feeds back the repeated authentication result to the client;
step 10, request audit:
if the client needs to audit the integrity of the CSP data, sending audit request information to the TTP, wherein the audit request information comprises a user identifier U and a file identifier Tag;
step 11, agent audit:
TTP analyzes the auditing request of client and executes auditing protocol, firstly, according to user identification and file identification Tag, basic information of file is retrieved, and challenge set chal is generated as (i, v)i)i∈IThen send the challenge set to the CSP; wherein I is [1, n ]]A subset of, random number vi∈ZqWherein Z isqIs a q-th prime field;
step 12, auditing response:
after receiving the audit request from the TTP, the CSP analyzes the user identification U and the file identification Tag, and retrieves to obtain the file audit evidence sigmaiCiphertext block CiCloud according to chal, sigmai、CiCalculating out corresponding polymerization evidence
Figure FDA0002307852900000022
And aggregating the ciphertext mu ═ sigmai∈ICiviThen, returning the response evidence { mu, sigma }, the user identifier U and the file identifier Tag to the TTP;
step 13, auditing and authenticating:
after the TTP receives the feedback from the CSP, the TTP depends on the public key information spk of the fileFVerifying the response evidence of the CSP, then recording the audit result into a log table, and returning the audit result to the client;
step 14, downloading the file:
when the client needs to download the file from the CSP, the CSP firstly verifies the validity of the client identity and encrypts the cipher text CK of the keyFAnd ciphertext CFReturning to the client; the client and the TTP execute a key decapsulation algorithm to obtain a key plaintext kFThen use the key plaintext kFAnd decrypting to obtain the data plaintext F.
2. The cloud data deduplication and integrity auditing method based on convergent encryption according to claim 1, characterized in that the key initialization of step 2 specifically comprises the following steps:
1) calculating to obtain a file convergence key k by taking the file F as a parameterF=H(F);
2) Using the file F as a parameter, calculating to obtain a file signature private key sskF=h(F);
3) Signing private key ssk with a fileFCalculating a file signature public key as a parameter
Figure FDA0002307852900000031
3. The cloud data deduplication and integrity auditing method based on convergence encryption according to claim 1, characterized in that the authentication evidence in step 4 is initialized, specifically including the following steps:
1) the client divides the file F into n data blocks B according to the block size set by the systemi,1≤i≤n;
2) Using a convergent key kFEncrypt the data block to obtain Ci=Enc(Bi,kF),1≤i≤n;
3) Generation of File signature private Key ssk from File FF=h(F)And file signature public key
Figure FDA0002307852900000032
4) Calculating data block B corresponding to file FiAuthentication evidence collection
Figure FDA0002307852900000033
I is more than or equal to 1 and less than or equal to n, wherein sigmaiIs an essential element of security deduplication and integrity audit authentication.
4. The cloud data deduplication and integrity auditing method based on convergent encryption according to claim 1, characterized in that the key encapsulation in step 5 specifically comprises the following steps:
1) the client randomly selects a blinding factor r, which belongs to ZqAnd blinding the convergence key kFObtaining a blinded convergence key a ═ kF·g1 rSending the data to the TTP;
2) the TTP signs the blinded convergence secret key a by using a private key tsk to obtain b as atskAnd returning the b to the client U;
3) the client performs de-blinding processing on the b to obtain an encapsulated convergence key CKF,CKF=b·y1 -rAnd CK is verified by the following equationFThe legitimacy of (c):
Figure FDA0002307852900000041
if the verification is successful, CKFFor key ciphertext, the client can securely encrypt the CKFOutsourcing and storing to the CSP; otherwise, the signature may be subject to malicious attacks and fail.
5. The cloud data deduplication and integrity auditing method based on convergent encryption according to claim 1, wherein in the file downloading in step 14, the specific steps of client file decryption are as follows:
1) customerRandomly selecting a blinding factor r from the terminal, wherein r belongs to ZqAnd blinding the key ciphertext CKFObtaining the blinded key ciphertext a ═ CKF·g1 rSending the data to the TTP;
2) TTP signs the blinded key ciphertext a by using a private key tsk to obtain
Figure FDA0002307852900000042
And returning b to the user U;
3) the client performs de-blinding processing on the b to obtain a convergence key kF,kF=b·y1 -rAnd k is verified by the following equationFThe legitimacy of (c):
Figure FDA0002307852900000043
if the verification is successful, kFTo converge the key, the client utilizes kFDecryption CFObtaining a plaintext F, and ending the file decryption operation; otherwise, the identity authentication fails, the blind signature fails, the key is discarded, and the ciphertext unsealing algorithm is continuously executed with the TTP.
CN201710895786.1A 2017-09-28 2017-09-28 Cloud data deduplication and integrity auditing method based on convergence encryption Active CN107800688B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710895786.1A CN107800688B (en) 2017-09-28 2017-09-28 Cloud data deduplication and integrity auditing method based on convergence encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710895786.1A CN107800688B (en) 2017-09-28 2017-09-28 Cloud data deduplication and integrity auditing method based on convergence encryption

Publications (2)

Publication Number Publication Date
CN107800688A CN107800688A (en) 2018-03-13
CN107800688B true CN107800688B (en) 2020-04-10

Family

ID=61532701

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710895786.1A Active CN107800688B (en) 2017-09-28 2017-09-28 Cloud data deduplication and integrity auditing method based on convergence encryption

Country Status (1)

Country Link
CN (1) CN107800688B (en)

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108494552B (en) * 2018-03-16 2020-11-20 西安电子科技大学 Cloud storage data deduplication method supporting efficient convergence key management
CN108776758B (en) * 2018-04-13 2021-08-17 西安电子科技大学 Block-level data deduplication method supporting dynamic ownership management in fog storage
CN108600263B (en) * 2018-05-09 2020-09-25 电子科技大学 Safe and effective client duplicate removal method based on possession certification
CN108664814B (en) * 2018-05-16 2021-12-28 东南大学 Group data integrity verification method based on agent
CN108881421A (en) * 2018-06-05 2018-11-23 天津大学 Cloud service Data Audit method based on block chain
CN109088720B (en) * 2018-08-14 2021-08-13 广东工业大学 Encrypted file duplicate removal method and device based on hybrid cloud storage
US11210413B2 (en) * 2018-08-17 2021-12-28 Microchip Technology Incorporated Authentication of files
CN109286490A (en) * 2018-08-27 2019-01-29 西安电子科技大学 Support close state data deduplication and integrity verification method and system
CN109359483B (en) * 2018-10-19 2021-09-10 东北大学秦皇岛分校 User privacy anonymity protection method based on block chain
CN109829326B (en) * 2018-11-20 2023-04-07 西安电子科技大学 Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain
CN109905230B (en) * 2019-02-13 2020-11-03 中国科学院信息工程研究所 Data confidentiality verification method and system in cloud storage
CN109861829B (en) * 2019-03-15 2021-10-26 上海海事大学 Cloud data justice auditing system supporting dynamic updating and auditing method thereof
CN109962769B (en) * 2019-05-09 2022-03-29 长春理工大学 Data security deduplication method based on threshold blind signature
CN110213042B (en) * 2019-05-09 2021-02-02 电子科技大学 Cloud data deduplication method based on certificate-free proxy re-encryption
CN111355705B (en) * 2020-02-08 2021-10-15 西安电子科技大学 Data auditing and safety duplicate removal cloud storage system and method based on block chain
CN111460524B (en) * 2020-03-27 2023-07-18 鹏城实验室 Method, apparatus and computer readable storage medium for detecting data integrity
IL275947A (en) * 2020-07-09 2022-02-01 Google Llc Anonymous event attestation
CN112688990A (en) * 2020-12-14 2021-04-20 百果园技术(新加坡)有限公司 Hybrid cloud data auditing method and system, electronic equipment and storage medium
CN112887281B (en) * 2021-01-13 2022-04-29 西安电子科技大学 Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application
CN113127463B (en) * 2021-03-15 2024-04-09 西安电子科技大学 Data de-duplication and shared audit method based on block chain for de-centralized storage
CN113761594B (en) * 2021-09-09 2024-04-09 安徽师范大学 Three-party authenticatable key negotiation and data sharing method based on identity
CN114978780A (en) * 2022-08-01 2022-08-30 四川公众项目咨询管理有限公司 Cloud security deduplication method based on convergence encryption technology
CN115442162A (en) * 2022-11-08 2022-12-06 四川公众项目咨询管理有限公司 Cloud security deduplication method based on convergence encryption technology
CN116245669B (en) * 2023-05-04 2023-08-25 南京青春信息科技有限公司 Homomorphic encryption and classification optimization-based financial audit method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8892866B2 (en) * 2011-09-26 2014-11-18 Tor Anumana, Inc. Secure cloud storage and synchronization systems and methods
CN105939191B (en) * 2016-07-08 2019-04-16 南京理工大学 The client secure De-weight method of ciphertext data in a kind of cloud storage
CN106254374B (en) * 2016-09-05 2019-10-01 电子科技大学 A kind of cloud data public audit method having duplicate removal function
CN107172071B (en) * 2017-06-19 2020-06-23 陕西师范大学 Attribute-based cloud data auditing method and system

Also Published As

Publication number Publication date
CN107800688A (en) 2018-03-13

Similar Documents

Publication Publication Date Title
CN107800688B (en) Cloud data deduplication and integrity auditing method based on convergence encryption
CN110213042B (en) Cloud data deduplication method based on certificate-free proxy re-encryption
Kaaniche et al. A secure client side deduplication scheme in cloud storage environments
Yu et al. Improved security of a dynamic remote data possession checking protocol for cloud storage
Nirmala et al. Data confidentiality and integrity verification using user authenticator scheme in cloud
CN110365469B (en) Data integrity verification method in cloud storage supporting data privacy protection
CN110971411B (en) SM2 homomorphic signature method for encrypting private key by multiplying based on SOTP technology
CN108881186B (en) Compressed sensing encryption method capable of realizing key sharing and error control
Gan et al. Efficient and secure auditing scheme for outsourced big data with dynamicity in cloud
Pardeshi et al. Improving data integrity for data storage security in cloud computing
CN108809996B (en) Integrity auditing method for duplicate deletion stored data with different popularity
CN109145650B (en) Efficient and safe outsourcing big data auditing method in cloud environment
CN113259317B (en) Cloud storage data deduplication method based on identity agent unencrypted
Abo-Alian et al. Auditing-as-a-service for cloud storage
Le et al. Auditing for distributed storage systems
CN109412788B (en) Anti-quantum computing agent cloud storage security control method and system based on public key pool
Yang et al. Provable Ownership of Encrypted Files in De-duplication Cloud Storage.
CN113656818B (en) Trusted-free third party cloud storage ciphertext deduplication method and system meeting semantic security
VS et al. A secure regenerating code‐based cloud storage with efficient integrity verification
Kavuri et al. An improved integrated hash and attributed based encryption model on high dimensional data in cloud environment
Li et al. An efficient provable data possession scheme with data dynamics
CN110225041B (en) Data management method, system and related components
Kanagamani et al. Zero knowledge based data deduplication using in-line Block Matching protocolfor secure cloud storage
Abbdal et al. Secure third party auditor for ensuring data integrity in cloud storage
Shaikh et al. Secure cloud auditing over encrypted data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant