CN108600171A

CN108600171A - A kind of cloud data certainty delet method for supporting fine granularity to access

Info

Publication number: CN108600171A
Application number: CN201810241812.3A
Authority: CN
Inventors: 禹勇; 苏西洛·威利; 张凌越; 薛靓; 李艳楠
Original assignee: Shaanxi Normal University
Current assignee: Shaanxi Normal University
Priority date: 2018-03-22
Filing date: 2018-03-22
Publication date: 2018-09-28
Anticipated expiration: 2038-03-22
Also published as: CN108600171B

Abstract

The present invention relates to a kind of cloud data certainty delet methods for supporting fine granularity to access, and include the following steps：Data are encrypted in data owner, and encryption data is contracted out to Cloud Server so that the user for only meeting visiting demand just can be with ciphertext data；When data owner, which wants to delete, stores the data in Cloud Server, it sends removal request and gives trusted authority center first, the center returns to a deletion key, i.e. re-encrypted private key is to data owner, data owner will delete key and be sent to Cloud Server, and Cloud Server carries out delete operation to data.After executing delete operation, Cloud Server, which returns to one, proves that, to data owner, data owner verifies whether target data has been deleted by Merkle Hash trees.The present invention realizes the data that can verify that using attribute revocation and Merkle Hash trees and deletes, while supporting fine-grained access control, achievees the purpose that secret protection, substantially increases the utilization rate of Cloud Server.

Description

Cloud data deterministic deletion method supporting fine-grained access

Technical Field

The invention belongs to the technical field of network security, and particularly relates to a cloud data deterministic deletion method supporting fine-grained access.

Background

Cloud computing is used as a new computing mode, so that data storage and data sharing are more convenient and more economical. The system can integrate a large number of high-quality resources, integrates different resources to provide mass storage and efficient and rapid computing service for users, and users can access shared resources anytime and anywhere, thereby greatly saving the user cost and improving the resource utilization rate. More and more users like to store data on the cloud, which contains a large amount of sensitive data such as health data, financial data, trade secrets, etc., making data privacy and other security issues a focus of public concern.

Due to the separation of ownership and administrative rights of cloud data using cloud computing technology, users lose physical control over cloud data, which leads to security issues such as data leakage, illegal cross-cloud migration of data, unauthorized access, and the like. Therefore, the data needs to be encrypted before being outsourced to the cloud server, and the requirement that the data can be accessed with fine granularity is met. In addition, when the user issues a delete instruction to the cloud server, the cloud server may maliciously retain the file. Sometimes, even if the data is deleted, certain traces may exist, some cloud computing manufacturers may restore the data, and once the cloud server obtains the data key through some illegal way or the server side obtains a stronger decryption capability, the data may be exposed to a risk of being leaked. For example, the security company Carbon Black reports a serious vulnerability of its software products, from which thousands of sensitive files are compromised. Therefore, there is a need to ensure that data stored on the server side is deleted deterministically by technical means.

The purpose of deterministic deletion of data is to clear data from the storage medium so that the data is unrecoverable, preventing an adversary from still having access to the data after it has been deleted. If the storage medium does not need to be reused, physical destruction methods such as incineration and shredding may be employed. However, secure deletion does not delete all stored data at once. In general, not all data of the system need to be deleted, and the deletion of some data cannot affect the normal operation of the system. In particular, when data is stored in the cloud server, some data needs to be deleted according to the user's request.

Currently, most file systems allow users to "delete" their files. Users believe that when they delete data, the data will become unrecoverable. However, because the data is stored in the cloud server, the deleted data may be only a certain link or index data, and is not the entire file of the bottom layer, and the deleted data can still be recovered through a related technology of data recovery, and deterministic deletion of the data cannot be achieved.

In cloud computing, a deletion method based on cryptography is to encrypt data before storage and convert the deleted data into a deletion corresponding key. Therefore, even if the cloud server retains the ciphertext, the data of the user cannot be restored. In 2005, Perlman first proposed a time-based deterministic deletion method for files, in which data could be safely deleted and would never be accessible after a predetermined time. However, the key management of the above system is too simple and does not consider that different files should have different access control policies, and thus fine-grained secure access to the files cannot be realized. On the basis, Tang and the like expand and extend the scheme, and a policy-based file deterministic deletion (FADE) scheme is provided based on the existing cloud computing infrastructure, wherein a system model of the scheme comprises 3 entities which are a data owner, a trusted key manager and a cloud storage server respectively. The FADE system uses a trusted third party server to centrally manage the distribution keys. The FADE scheme enhances the security of the system by utilizing blind encryption and blind decryption technologies while realizing an access control strategy. The main limitations of FADE are that its deletion strategy is limited to one or two-level boolean expressions, cannot achieve diversified fine-grained deterministic deletions, and requires the use of complex public key cryptosystems.

Geambasu et al put forward a novel data self-destruction scheme for the first time, and realized the Vanish prototype system, he put forward a data trusted deletion mechanism based on DHT network: the user encrypts the data before sending the mail, then divides the encryption key into n shares and stores the n shares in the DHT network, the receiver of the mail can normally decrypt the key only by taking k shares, and all the keys are automatically deleted after a specified time, so that anyone can not recover the data plaintext after a certain time. However, in the scheme of implementing data secure deletion based on the DHT network, the life cycle of data is still limited by the update cycle of the DHT node. Wang et al improve the Vanish scheme, and propose an electronic data self-destruction scheme, on the basis of Vanish, SSDD transforms the ciphertext, extracts partial ciphertext information and secret keys, shares the ciphertext information and the secret keys together, generates a secret key component and distributes the secret key component to a DHT network, thereby effectively resisting the cryptoanalysis attack and brute force attack to the cloud.

Mo et al propose a fine-grained deterministic deletion scheme in which a key modulation function of a collision-resistant hash function is designed. The scheme mainly comprises deleting a modulation tree, a modulation hash chain and a modulator adjustment algorithm. All data keys are derived from the master key, which is changed when any data key is deleted to ensure that k is not recoverable in the future, while the corresponding files for the other keys remain unchanged by running the modulator adaptation algorithm.

Karvelas and Kiayias propose a secure delete protocol with the bounded storage advantage of low-cost embedded devices. Through the update of the security code, it can safely clear all content on the device and download the new security code. In 2014, Ateniese proposed a secure deletion method, and the verifier needed to be sure that the remote device has consumed all of its memory to perform a computation. In this way, the verifier can confirm that the contents of the remote embedded device have been successfully deleted. However, the method only aims at the embedded device with limited memory space, and cannot be directly applied to the cloud storage environment.

In a cloud storage environment, although many schemes have been proposed to ensure that a user deletes data stored in the cloud deterministically, there are different levels of security issues. The key centralized management solution proposed by Perlman, Tang, etc. performs secure deletion of a data encryption key by repeatedly overwriting unrecoverable data, but fails to achieve deterministic deletion of diversified fine granularity, and has certain limitations; geambasu, wang proposed a variety of distributed deterministic deletion solutions, however, the DHT network relied on by the Vanish system is vulnerable to Sybil attacks, and if an adversary can capture enough key components before data expiration to recover the original key, the solution still has security holes. The scheme provided by Atenise is suitable for embedded equipment and cannot be applied to a cloud storage environment.

For deterministic deletion of data in a cloud storage environment, user data is considered to be deleted deterministically from the system if an adversary given some system access behavior cannot recover the deleted data from the system within the polynomial time. The scheme realizes the first-layer meaning of deterministic deletion, namely the data ciphertext is unreadable, the safe deletion of user data is realized, the aim of not revealing sensitive information is achieved, a deletion certificate cannot be returned to a data owner after the data is deleted to confirm that the data is safely deleted, and the credible guarantee is provided for the data privacy safety.

Disclosure of Invention

In order to solve the problems in the prior art, the invention provides a cloud data deterministic deletion method supporting fine-grained access, and provides a key strategy based on attribute encryption method with an attribute revocation function to realize deterministic deletion of cloud data aiming at the safety problems of data leakage, illegal cross-cloud migration of data, unauthorized access and the like possibly existing in cloud storage and the problem that data requested to be deleted by a user is difficult to verify in a cloud storage environment is really deleted. Therefore, the attribute set corresponding to the ciphertext is changed through re-encryption, so that the attribute set cannot meet the access structure of private keys of all users to realize safe data deletion, and whether the data is deleted or not can be verified by constructing a Merkle hash tree. If the evidence returned by the cloud server is valid evidence, the deleted data in the cloud server is guaranteed to be unrecoverable, and malicious users are prevented from obtaining the access right of the data after deletion, so that the privacy of the cloud users is protected. According to the method, key updating is not needed, and only the cloud server is needed to update part of the ciphertext, so that the computing complexity of the cloud user is reduced. Therefore, the achievement of the invention has important theoretical significance and practical value for promoting the sustainable development of cloud computing. The technical problem to be solved by the invention is realized by the following technical scheme: a cloud data deterministic deletion method supporting fine-grained access comprises the following steps:

s100, system establishment is carried out, and system parameters are generated: selecting a security parameter k, and generating a public parameter of the system by the trusted authority center;

s200, applying and generating a private key of a cloud user:

the cloud user provides a private key application to a trusted authority center, and the trusted authority center generates an intermediate private key SK according to the system public parameters, the access structure W of the cloud user and the random number r_Wand then the cloud user selects a pair of signature keys { spk, ssk } and a random number alpha, and the private key of the cloud user is SK ═ (SK)_W,ssk,α)；

The access structure W of the cloud user comprises an accessibility attribute, and a data owner is contained in the cloud user;

s300, the data owner encrypts and stores the data and uploads the data to a cloud server:

s301, data encryption and storage: the data owner selects a group of attribute set gamma and random number s for the data M to be uploaded, encrypts the data M and obtains a ciphertext CT (C)₁,C₂,C₃) Then with C₃Each element in the Merkle hash tree is used as a leaf node to construct a Merkle hash tree, and the root node R of the Merkle hash tree is signed by using the signature key ssk to obtain the sig_ssk(R)；

Wherein, the attribute set gamma includes the attribute of accessibility, and the attribute value is accessible;

step S302, uploading data to a cloud server by a data owner: the data owner selects an identifier fname for the data M to be uploaded, and then sets ind to be the ciphertext corresponding to the accessibility attributeSetting AAI as ciphertext corresponding to accessibility attribute at position in Merkle hash treeIn the Merkle hash tree, the data owner calculates a label value sigma for the data M to be uploaded, and finally uploads { fname, ind, CT, sigma, AAI, sig_ssk(R) } to a cloud server;

step S400, accessing data in the cloud server by the cloud user:

different cloud users request to access data in a cloud server and obtain the ciphertext CT, and if the attribute corresponding to the ciphertext CT meets the access structure of the private key SK of the cloud user, the cloud user decrypts the ciphertext CT to access;

step S500, the data owner carries out deterministic deletion on the data stored in the cloud server:

step S501, the data owner sends a deletion request DR to the trusted authority center, and the trusted authority center returns a deletion key rk to the data owner.

S502, the data owner sends the deletion key rk to the cloud server, and the cloud server returns a ciphertext corresponding to the accessibility attributeCorresponding information is given to the data owner, and the data owner verifiesAnd Ω_indWhether it is valid information; wherein omega_indAuxiliary authentication information representing ind;

step S503, the cloud server changes the attribute value contained in the data ciphertext CT to be deleted through re-encrypting the part of the data ciphertext CT to be deleted so as to delete the data, and then recalculates the root node of the new Merkle hash treeWill be provided withAs a deletion proof back to the data owner;

step S504, the data owner verifies whether the cloud server deletes the data needing to be deleted deterministically by reconstructing a new Merkle hash tree.

Further, the specific steps of step S100 are:

step S101: selecting a security parameter k, and selecting two multiplication circulation groups G with prime number p as an order by a credible authority center₁And G₂Selecting G as the group G₁One generator of (e) G₁×G₁→G₂Representing a bilinear map;

wherein, the attribute complete set is omega ═ { att ═ att₁,att₂,…att_n}，A_i＝{υ_i,1,υ_i,2,…υ_i,niIs attribute A_iAll possible values of (A), attribute A_iContaining n_iA possible value;

the access structure of the cloud user is W ═ omega₁,ω₂,…ω_kThe attribute set corresponding to the ciphertext is gamma ═ gamma₁,γ₂,…γ_t]H is the Hash function of collision resistance, H: {0,1}^*→Z_p，Z_pA cyclic group modulo p;

step S102: the trusted authority center selects a random number h belonging to G₁And the system private key y ∈ Z_pCalculating the public parameterNumber Y ═ e (g, h)^yThen the trusted authority center selects a random number t_i,j∈Z_p(i∈[1,n],j∈[1,n_i]) Calculating common parametersGenerating a system public keyAnd a master key

Step S103: trusted authority center publishing system parameters

Further, the specific step of the step S200 is that the cloud user proposes a private key application to the trusted authority center, and the trusted authority center selects a random number r e to Z_pG is calculated according to the system parameters, the access structure W of the user and the random number r^rAndreturning the intermediate private Key SK_W＝(g^r,D_wW) to the cloud user, the cloud user generating a pair of signature keys { spk, ssk }, and selecting a random number α ← Z }_pCalculating attribute v-g^αThe private key of the cloud user is SK ═ (SK)_W,ssk,α)。

Further, the specific steps of step S301 are: the data owner selects a set of attribute sets gamma and a random number s e Z for the data M to be uploaded_PCalculating C₁＝M·Y^s，C₂＝g^s，The ciphertext CT of the data M to be uploaded is (C)₁,C₂,C₃) (ii) a Simultaneous data owner builds Merkle hash tree, its leavesThe child node is a hash value H (X)_i,j) In which X is_i,j∈C₃Signing the root node R of the Merkle hash tree with the signing key ssk to obtain the sig_ssk(R)。

Further, the specific steps of step S302 are: the data owner selects an identifier fname for the data M to be uploaded and calculates a tag value for the data M to be uploadedUploading { fname, ind, CT, sigma, AAI, sig_ssk(R) } to a cloud server;

wherein,is represented by C₃In the ciphertext corresponding to the accessibility attribute, ind represents the index of the leaf node corresponding to the accessibility attribute in the Merkle Hash Tree, and AAI representsAnd auxiliary authentication information of leaf nodes corresponding to the accessibility attribute in the Merkle hash tree.

Further, the specific steps of step S400 are:

different cloud users request to access data in the cloud server and obtain the ciphertext CT and the system public key PK, wherein the cloud user attribute setAS ═ W; using the private key SK to perform calculations if

The cloud user decrypts the ciphertext CT for access.

Further, the specific steps of step S501 are: data owner sending to trusted authority centerDelete request DR ═ (fname, att)_i,v_i,j,v′_i,j) (ii) a Wherein, att_iRepresenting accessibility attribute, v_i,jDenotes accessible, v'_i,jIndicating inaccessibility, DR ═ f name, att_i,v_i,j,v′_i,j) Representing the change of the accessibility attribute in the ciphertext from accessible to inaccessible, the trusted authority center selects a random number t'_i,jAnd calculateThe deletion key rk ═ (fname, att) is then assigned_i,ck_i) And returning to the data owner.

Further, the specific steps of step S502 are:

step S502-1, the data owner will delete the key rk ═ (fname, att)_i,ck_i) Sending the data to a cloud server, and returning att with the accessibility attribute by the cloud server_iCorresponding tupleΩ_indAuxiliary authentication information representing the node ind;

step S502-2 data owner verificationWhether or not, if so, thenThe ciphertext corresponding to the ciphertext accessibility attribute;

step S502-3, the data owner according toAnd Ω_indGenerating new root node of Merkle Hash treeVerification equation sig_ssk(R)＝sig_ssk(R') is true, if true, Ω_indIs thatValid auxiliary authentication information AAI.

Further, the specific steps of step S503 are:

step S503-1: the cloud server according to the delete request DR ═ (fname, att)_i,v_i,j,v′_i,j) Finding the data ciphertext CT to be deleted, the accessibility attribute att_iE.g. rk, cloud server computingBy usingIn place of the data ciphertext CT that needs to be deleted

Step S503-2, the cloud server outputs a new ciphertext CT ═ (C)₁,C₂,C′₃γ'). Gamma' is set as an attribute set corresponding to the ciphertext after the re-encryption;

step S503-3 cloud server computingGenerating a new root node of a Merkle hash treeWill be provided withAs a deletion proof back to the data owner.

Further, the specific steps of step S504 are: data owner re-encrypts using the deletion key rkTo obtainThe data owner receives the new root nodeAccording toAnd Ω received from the cloud server_indGenerating new root nodes for Merkle hash treesNew root nodeA root node sent from the cloud serverMake a comparison ifThe cloud server confirms that the data has been deleted.

Compared with the prior art, the invention has the beneficial effects that:

(1) fine-grained access: files stored in the cloud server support fine-grained access control, and data owners can determine who can access and decrypt the data before uploading the data. The data owner can correspond the ciphertext to an attribute set, and when the attribute set meets the access structure of the private key of the cloud user, the cloud user can correctly decrypt the data.

(2) Verifiable data deletion: the invention realizes the deterministic deletion of cloud data. The attribute set corresponding to the ciphertext is changed by enabling the cloud server to re-encrypt part of the ciphertext, so that the ciphertext does not meet the access structures of all users any more, and data cannot be accessed. In addition, a data owner can verify whether the data in the cloud server is deleted or not by reconstructing the Merkle hash tree, so that the data of a user can not be leaked, the data privacy of the cloud user is protected, and the safety of the system is improved.

(3) The calculation cost is low: the invention does not need the user to update the ciphertext and does not need the credible authority to manage and delete the key. Only the cloud server needs to update part of the ciphertext, the cost of the user verification process is low, the system is simple to implement, and the efficiency of data deterministic deletion is improved.

Drawings

FIG. 1 is a schematic diagram of a data storage and deterministic deletion process in accordance with an embodiment of the present invention;

FIG. 2 is a diagram of a verifiable deterministic deletion process in accordance with an embodiment of the present invention.

Detailed Description

All of the features disclosed in this specification, or all of the steps in any method or process so disclosed, may be combined in any combination, except combinations of features and/or steps that are mutually exclusive.

Any feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving equivalent or similar purposes, unless expressly stated otherwise. That is, unless expressly stated otherwise, each feature is only an example of a generic series of equivalent or similar features.

The present invention will be described in further detail with reference to specific examples, but the embodiments of the present invention are not limited thereto.

The invention provides an attribute-based cloud data deterministic deletion method of a key strategy based on the public key cryptography theory, which simultaneously supports fine-grained access control and is applied to a cloud storage environment with higher security requirements. The data is encrypted before being outsourced to the cloud, the special attribute of 'accessibility' is introduced into the ciphertext attribute set, the value of the special attribute in the ciphertext is changed through re-encryption, the ciphertext does not meet the access structures of all users any more, and data deletion is achieved. The data owner generates a root of the MHT by constructing the MHT, uploads a ciphertext and a signature of the root to the cloud server, when the ciphertext is re-encrypted, the new root of the MHT can be regarded as an evidence for deletion, and the data owner can verify the evidence to realize verifiable data certainty deletion. Any information of user data cannot be revealed in the whole process, so that the method and the system have a promoting effect on the development of cloud computing and have a plurality of theoretical meanings and practical meanings.

Firstly, the applied cryptology theory of the invention is briefly introduced:

(1) bilinear pairings

Let G₁,G₂Two multiplicative cyclic groups of order p, and G is the generator of group G. If mapping e to G₁×G₁→G₂if the following three conditions are satisfied, it is called bilinear mapping₁,h₂∈G₁,e(h₁,h₂) can be efficiently calculated.bilinear, for any h₁,h₂∈G₁,a,b∈Z_p,(iii) non-degradability, for G₁The generator g in (1) satisfies

(2) Attribute-based encryption (ABE)

In an attribute-based encryption scheme, attributes are used to generate keys and construct access policies. Attribute-based encryption can be roughly divided into attribute-based encryption of a key policy and attribute-based encryption of a ciphertext policy. In an attribute-based encryption scheme (KP-ABE) of a key policy, the access structure is contained in the user's private key, while the ciphertext corresponds to a set of attributes. In ciphertext policy attribute-based encryption (CP-ABE), the access policy is built into the ciphertext, and the user's private key corresponds to the attribute the user possesses. The attribute-based encryption scheme of the key strategy consists of four polynomial time algorithms as follows:

setup (k) the algorithm inputs security parameters k, outputs a system public key PK and a master key MSK.

KeyGen(PK,MSK,A_U-KP) The algorithm input accesses structure A_U-KPAnd outputting the user private key D.

Encrypt(PK,M,A_CT) The algorithm inputs a message M, a set of attributes a_CTAnd outputting the ciphertext C of the M.

Decrypt (C, D). the algorithm inputs a user private key D and a ciphertext C, and if the ciphertext C meets the access structure of the private key, the user can Decrypt the ciphertext C and output M.

(3) Merkle Hash Tree

The Merkle Hash Tree (MHT) is a widely used authentication structure that can efficiently check whether elements are stored perfectly. MHT is a binary tree in which leaf nodes store hash values of authentication data, and each internal node as well as the root node is generated by its two children. The values of the internal node as well as the root node are the hash values of its two child nodes. Element a_iIs a_iSiblings of all nodes on the path to the root node, and thus can be according to a_iAnd a_iThe root node is calculated by the auxiliary authentication information.

Referring to fig. 1, the present invention is embodied as follows:

a cloud data deterministic deletion method supporting fine-grained access comprises the following steps:

the access structure of the cloud user is W ═ omega₁,ω₂,…ω_kThe attribute set corresponding to the ciphertext is gamma ═ gamma₁,γ₂,…γ_t]H is a Hash function of collision resistance, H: {0,1}^*→Z_q，Z_pA cyclic group modulo p;

step S102: the trusted authority center selects a random number h belonging to G₁And the system private key y ∈ Z_pCalculating the common parameter Y ═ e (g, h)^yThen the trusted authority center selects a random number t_i,j∈Z_p(i∈[1,n],j∈[1,n_i]) Calculating common parametersGenerating a system public keyAnd a master key

Step S103: trusted authority center publishing system parameters

S200, applying and generating a private key of a cloud user:

the cloud user provides a private key application to a trusted authority center, and the trusted authority center generates an intermediate private key SK according to system public parameters, an access structure W of the cloud user and a random number r_Wreturning to the cloud user, and then selecting a pair of signature keys { spk, ssk } and a random number α by the cloud user, wherein the private key of the cloud user is SK (SK)_W,ssk,α)；

The cloud user puts forward a private key application to a trusted authority center, and the trusted authority center selects a random number r E to Z_pAnd calculating a parameter g according to the system parameter, the access structure W of the user and the random number r^rAndreturning the intermediate private Key SK_W＝(g^r,D_wAnd W) to the cloud user,

the cloud user generates a pair of signature keys { spk, ssk }, and selects a random number α ← Z }_pCalculating the attribute v ═ g^αThe private key of the cloud user is SK ═ (SK)_W,ssk,α)。

step S301. the data owner selects a random number s belonging to Z and a group of attribute sets gamma for the data M to be uploaded_PCalculating C₁＝M·Y^s，C₂＝g^s，The ciphertext CT of the data M to be uploaded is (C)₁,C₂,C₃) Wherein the attribute set gamma contains the attribute of accessibility; x_i,jIs the third part of the ciphertext, which is related to the specific attributes in the attribute set, and is also the leaf node for constructing the MHT.Meanwhile, the data owner constructs a Merkle hash tree, and leaf nodes of the Merkle hash tree are hash values H (X)_i,j) In which X is_i,j∈C₃Signing the root node R of the Merkle hash tree with the signing key ssk to obtain the sig_ssk(R)。

Step S302, a data owner selects an identifier fname for data M to be uploaded, and calculates a tag value for the data M to be uploadedUploading { fname, ind, CT, sigma, AAI, sig_ssk(R) } to a cloud server;

Step S400, accessing data in the cloud server by the cloud user:

if the attribute corresponding to the ciphertext meets the access structure of the private key held by the user, the user can decrypt the data in the cloud server, different cloud users request to access the data in the cloud server and obtain the ciphertext CT and the system public key PK, wherein the cloud user attribute setAS ═ W; using the private key SK to perform calculations if

The cloud user decrypts the ciphertext CT for access.

when a data owner wants to delete data in a cloud server, the data owner first sends a deletion request to a trusted authority center. The trusted authority center returns a deletion key, i.e., a re-encryption key, to the data owner. The data owner sends the deletion key to the cloud server. After the deletion operation is performed, the cloud server will return a deletion certificate to the data owner, verifying that the data has been deleted. Referring to fig. 2, the process is specifically implemented as follows:

step S501, the data owner sends a deletion request DR ═ f name, att to the trusted authority center_i,v_i,j,v′_i,j) (ii) a Wherein, att_iRepresenting accessibility attribute, v_i,jDenotes accessible, v'_i,jIndicating inaccessibility, DR ═ (fname, atti, v)_i,j,v′_i,j) Showing that the accessibility attribute in the ciphertext is changed from accessible to inaccessible, and the trusted authority center selects a random number t'_i,jAnd calculateThe deletion key rk ═ (fname, att) is then assigned_i,ck_i) And returning to the data owner. Accessibility has two attribute values, accessible and inaccessible.

And S503, the cloud server changes the attribute value contained in the ciphertext to delete the data by re-encrypting part of the ciphertext, so that the ciphertext does not meet the access structures of all users any more, and then generates a deletion certificate and returns the deletion certificate to the data owner. The specific steps of data deletion are as follows:

step S503-1: the cloud server according to the delete request DR ═ (fname, att)_i,v_i,j,v′_i,j) The fname in the data search table corresponds to the data ciphertext CT to be deleted and can be accessedProperty attribute att_iE.g. rk, cloud server computingBy usingIn place of the data ciphertext CT that needs to be deleted

step S503-3 cloud server computingGenerating a new root node of a Merkle hash treeWill be provided withAs a deletion proof back to the data owner;

Data owner re-encrypts using the deletion key rkTo obtainThe data owner receives the new root nodeAccording toAnd Ω received from the cloud server_indGenerating new root nodes for Merkle hash treesNew root nodeA root node sent from the cloud serverMake a comparison ifThe cloud server confirms that the data has been deleted.

The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims

1. A cloud data deterministic deletion method supporting fine-grained access is characterized by comprising the following steps: comprises the following steps:

s200, applying and generating a private key of a cloud user:

the cloud user provides a private key application to a trusted authority center, and the trusted authority center generates an intermediate private key SK according to the system public parameters, the access structure W of the cloud user and the random number r_WReturn toand then, the cloud user selects a pair of signature keys { spk, ssk } and a random number alpha, wherein the private key of the cloud user is SK ═ SK_W,ssk,α)；

step S400, accessing data in the cloud server by the cloud user:

2. The cloud data deterministic deletion method supporting fine-grained access according to claim 1, characterized in that: the specific steps of step S100 are:

Step S103: trusted authority center publishing system parameters

3. The cloud data deterministic deletion method supporting fine-grained access according to claim 2, characterized in that: the specific step of the step S200 is that the cloud user provides a private key application to the trusted authority center, and the trusted authority center selects a random number r E to Z_pAccording to the system parameters, the access structure W of the user and the random numberr calculating g^rAndreturning the intermediate private Key SK_W＝(g^r,D_wW) to the cloud user, the cloud user generating a pair of signature keys { spk, ssk }, and selecting a random number α ← Z }_pCalculating attribute v-g^αThe private key of the cloud user is SK ═ (SK)_W,ssk,α)。

4. The cloud data deterministic deletion method supporting fine-grained access according to claim 3, characterized in that: the specific steps of step S301 are: the data owner selects a set of attribute sets gamma and a random number s e Z for the data M to be uploaded_PCalculating C₁＝M·Y^s，C₂＝g^s，The ciphertext CT of the data M to be uploaded is (C)₁,C₂,C₃) (ii) a Meanwhile, the data owner constructs a Merkle hash tree, and leaf nodes of the Merkle hash tree are hash values H (X)_i,j) In which X is_i,j∈C₃Signing the root node R of the Merkle hash tree with the signing key ssk to obtain the sig_ssk(R)。

5. The cloud data deterministic deletion method supporting fine-grained access according to claim 4, characterized in that: the specific steps of step S302 are: the data owner selects an identifier fname for the data M to be uploaded and calculates a tag value for the data M to be uploadedUploading { fname, ind, CT, sigma, AAI, sig_ssk(R) } to a cloud server;

6. The method for cloud data deterministic deletion supporting fine-grained access according to claim 5, wherein: the specific steps of step S400 are:

The cloud user decrypts the ciphertext CT for access.

7. The method for cloud data deterministic deletion supporting fine-grained access according to claim 6, characterized in that: the specific steps of step S501 are: the data owner sends a delete request DR ═ (fname, att) to the trusted authority center_i,v_i,j,v_i′_,j) (ii) a Wherein, att_iRepresenting accessibility attribute, v_i,jRepresentation accessible, v_i′_,jIndicating inaccessibility, DR ═ f name, att_i,v_i,j,v_i′_,j) Indicating that the accessibility attribute in the ciphertext is changed from accessible to inaccessible, the trusted authority center selects a random number t_i′_,jAnd calculateThe deletion key rk ═ (fname, att) is then assigned_i,ck_i) And returning to the data owner.

8. The method for cloud data deterministic deletion supporting fine-grained access according to claim 7, characterized in that: the specific steps of step S502 are:

9. The method for cloud data deterministic deletion supporting fine-grained access according to claim 8, characterized in that: the specific steps of step S503 are:

step S503-1: the cloud server requests DR ═ (fname, atti, v) according to the deletion_i,j,v_i′_,j) Finding the data ciphertext CT to be deleted, the accessibility attribute att_iE.g. rk, cloud server computingBy usingIn place of the data ciphertext CT that needs to be deleted

Step S503-2, the cloud server outputs a new ciphertext CT ═ (C)₁,C₂,C₃', γ'). Gamma' is set as an attribute set corresponding to the ciphertext after the re-encryption;

10. The method for cloud data deterministic deletion supporting fine-grained access according to claim 9, characterized in that: the specific steps of step S504 are: data owner re-encrypts using the deletion key rkTo obtainThe data owner receives the new root nodeAccording toAnd Ω received from the cloud server_indGenerating new root nodes for Merkle hash treesNew root nodeRoot node sent by the cloud serverMake a comparison ifThe cloud server confirms that the data has been deleted.