CN108600171B - Cloud data deterministic deletion method supporting fine-grained access - Google Patents

Abstract

The invention relates to a cloud data deterministic deletion method supporting fine-grained access, which comprises the following steps: the data owner encrypts the data and outsources the encrypted data to the cloud server, so that only users meeting the access requirements can decrypt the data; when a data owner wants to delete data stored in the cloud server, the data owner firstly sends a deletion request to the trusted authority center, the center returns a deletion key, namely a re-encryption key to the data owner, the data owner sends the deletion key to the cloud server, and the cloud server deletes the data. After the deletion operation is performed, the cloud server returns a certificate to the data owner, and the data owner verifies whether the target data is deleted through the Merkle hash tree. The invention realizes verifiable data deletion by using the attribute revocation and the Merkle hash tree, supports fine-grained access control, achieves the purpose of privacy protection, and greatly improves the utilization rate of the cloud server.

Description

Cloud data deterministic deletion method supporting fine-grained access

Technical Field

The invention belongs to the technical field of network security, and particularly relates to a cloud data deterministic deletion method supporting fine-grained access.

Background

Cloud computing is used as a new computing mode, so that data storage and data sharing are more convenient and more economical. The system can integrate a large number of high-quality resources, integrates different resources to provide mass storage and efficient and rapid computing service for users, and users can access shared resources anytime and anywhere, thereby greatly saving the user cost and improving the resource utilization rate. More and more users like to store data on the cloud, which contains a large amount of sensitive data such as health data, financial data, trade secrets, etc., making data privacy and other security issues a focus of public concern.

Due to the separation of ownership and administrative rights of cloud data using cloud computing technology, users lose physical control over cloud data, which leads to security issues such as data leakage, illegal cross-cloud migration of data, unauthorized access, and the like. Therefore, the data needs to be encrypted before being outsourced to the cloud server, and the requirement that the data can be accessed with fine granularity is met. In addition, when the user issues a delete instruction to the cloud server, the cloud server may maliciously retain the file. Sometimes, even if the data is deleted, certain traces may exist, some cloud computing manufacturers may restore the data, and once the cloud server obtains the data key through some illegal way or the server side obtains a stronger decryption capability, the data may be exposed to a risk of being leaked. For example, the security company Carbon Black reports a serious vulnerability of its software products, from which thousands of sensitive files are compromised. Therefore, there is a need to ensure that data stored on the server side is deleted deterministically by technical means.

The purpose of deterministic deletion of data is to clear data from the storage medium so that the data is unrecoverable, preventing an adversary from still having access to the data after it has been deleted. If the storage medium does not need to be reused, physical destruction methods such as incineration and shredding may be employed. However, secure deletion does not delete all stored data at once. In general, not all data of the system need to be deleted, and the deletion of some data cannot affect the normal operation of the system. In particular, when data is stored in the cloud server, some data needs to be deleted according to the user's request.

Currently, most file systems allow users to "delete" their files. Users believe that when they delete data, the data will become unrecoverable. However, because the data is stored in the cloud server, the deleted data may be only a certain link or index data, and is not the entire file of the bottom layer, and the deleted data can still be recovered through a related technology of data recovery, and deterministic deletion of the data cannot be achieved.

In cloud computing, a deletion method based on cryptography is to encrypt data before storage and convert the deleted data into a deletion corresponding key. Therefore, even if the cloud server retains the ciphertext, the data of the user cannot be restored. In 2005, Perlman first proposed a time-based deterministic deletion method for files, in which data could be safely deleted and would never be accessible after a predetermined time. However, the key management of the above system is too simple and does not consider that different files should have different access control policies, and thus fine-grained secure access to the files cannot be realized. On the basis, Tang and the like expand and extend the scheme, and a policy-based file deterministic deletion (FADE) scheme is provided based on the existing cloud computing infrastructure, wherein a system model of the scheme comprises 3 entities which are a data owner, a trusted key manager and a cloud storage server respectively. The FADE system uses a trusted third party server to centrally manage the distribution keys. The FADE scheme enhances the security of the system by utilizing blind encryption and blind decryption technologies while realizing an access control strategy. The main limitations of FADE are that its deletion strategy is limited to one or two-level boolean expressions, cannot achieve diversified fine-grained deterministic deletions, and requires the use of complex public key cryptosystems.

Geambasu et al put forward a novel data self-destruction scheme for the first time, and realized the Vanish prototype system, he put forward a data trusted deletion mechanism based on DHT network: the user encrypts the data before sending the mail, then divides the encryption key into n shares and stores the n shares in the DHT network, the receiver of the mail can normally decrypt the key only by taking k shares, and all the keys are automatically deleted after a specified time, so that anyone can not recover the data plaintext after a certain time. However, in the scheme of implementing data secure deletion based on the DHT network, the life cycle of data is still limited by the update cycle of the DHT node. Wang et al improve the Vanish scheme, and propose an electronic data self-destruction scheme, on the basis of Vanish, SSDD transforms the ciphertext, extracts partial ciphertext information and secret keys, shares the ciphertext information and the secret keys together, generates a secret key component and distributes the secret key component to a DHT network, thereby effectively resisting the cryptoanalysis attack and brute force attack to the cloud.

Mo et al propose a fine-grained deterministic deletion scheme in which a key modulation function of a collision-resistant hash function is designed. The scheme mainly comprises deleting a modulation tree, a modulation hash chain and a modulator adjustment algorithm. All data keys are derived from the master key, which is changed when any data key is deleted to ensure that k is not recoverable in the future, while the corresponding files for the other keys remain unchanged by running the modulator adaptation algorithm.

Karvelas and Kiayias propose a secure delete protocol with the bounded storage advantage of low-cost embedded devices. Through the update of the security code, it can safely clear all content on the device and download the new security code. In 2014, Ateniese proposed a secure deletion method, and the verifier needed to be sure that the remote device has consumed all of its memory to perform a computation. In this way, the verifier can confirm that the contents of the remote embedded device have been successfully deleted. However, the method only aims at the embedded device with limited memory space, and cannot be directly applied to the cloud storage environment.

In a cloud storage environment, although many schemes have been proposed to ensure that a user deletes data stored in the cloud deterministically, there are different levels of security issues. The key centralized management solution proposed by Perlman, Tang, etc. performs secure deletion of a data encryption key by repeatedly overwriting unrecoverable data, but fails to achieve deterministic deletion of diversified fine granularity, and has certain limitations; geambasu, wang proposed a variety of distributed deterministic deletion solutions, however, the DHT network relied on by the Vanish system is vulnerable to Sybil attacks, and if an adversary can capture enough key components before data expiration to recover the original key, the solution still has security holes. The scheme provided by Atenise is suitable for embedded equipment and cannot be applied to a cloud storage environment.

For deterministic deletion of data in a cloud storage environment, user data is considered to be deleted deterministically from the system if an adversary given some system access behavior cannot recover the deleted data from the system within the polynomial time. The scheme realizes the first-layer meaning of deterministic deletion, namely the data ciphertext is unreadable, the safe deletion of user data is realized, the aim of not revealing sensitive information is achieved, a deletion certificate cannot be returned to a data owner after the data is deleted to confirm that the data is safely deleted, and the credible guarantee is provided for the data privacy safety.

Disclosure of Invention

In order to solve the problems in the prior art, the invention provides a cloud data deterministic deletion method supporting fine-grained access, and provides a key strategy based on attribute encryption method with an attribute revocation function to realize deterministic deletion of cloud data aiming at the safety problems of data leakage, illegal cross-cloud migration of data, unauthorized access and the like possibly existing in cloud storage and the problem that data requested to be deleted by a user is difficult to verify in a cloud storage environment is really deleted. Therefore, the attribute set corresponding to the ciphertext is changed through re-encryption, so that the attribute set cannot meet the access structure of private keys of all users to realize safe data deletion, and whether the data is deleted or not can be verified by constructing a Merkle hash tree. If the evidence returned by the cloud server is valid evidence, the deleted data in the cloud server is guaranteed to be unrecoverable, and malicious users are prevented from obtaining the access right of the data after deletion, so that the privacy of the cloud users is protected. According to the method, key updating is not needed, and only the cloud server is needed to update part of the ciphertext, so that the computing complexity of the cloud user is reduced. Therefore, the achievement of the invention has important theoretical significance and practical value for promoting the sustainable development of cloud computing. The technical problem to be solved by the invention is realized by the following technical scheme: a cloud data deterministic deletion method supporting fine-grained access comprises the following steps:

s100, system establishment is carried out, and system parameters are generated: selecting a security parameter k, and generating a public parameter of the system by the trusted authority center;

s200, applying and generating a private key of a cloud user:

the cloud user provides a private key application to a trusted authority center, and the trusted authority center generates an intermediate private key SK according to the system public parameters, the access structure W of the cloud user and the random number r_WReturning to the cloud user; the cloud user then selects a pair of signature keys { spk, ssk } and a random number α, the cloud user's private key being SK ═ (SK ═ for_W,ssk,α)；

The access structure W of the cloud user comprises an accessibility attribute, and a data owner is contained in the cloud user;

s300, the data owner encrypts and stores the data and uploads the data to a cloud server:

s301, data encryption and storage: the data owner selects a group of attribute set gamma and random number s for the data M to be uploaded, encrypts the data M and obtains a ciphertext CT (C)₁,C₂,C₃) Then with C₃Each element in the Merkle hash tree is used as a leaf node to construct a Merkle hash tree, and the root node R of the Merkle hash tree is signed by using the signature key ssk to obtain the sig_ssk(R)；

Wherein, the attribute set gamma includes the attribute of accessibility, and the attribute value is accessible;

step S302, uploading data to a cloud server by a data owner: the data owner selects an identifier fname for the data M to be uploaded, and then sets ind to be the ciphertext corresponding to the accessibility attribute

Setting AAI as ciphertext corresponding to accessibility attribute at position in Merkle hash tree

In the Merkle hash tree, the data owner calculates a label value sigma for the data M to be uploaded, and finally uploads { fname, ind, CT, sigma, AAI, sig_ssk(R) } to a cloud server;

step S400, accessing data in the cloud server by the cloud user:

different cloud users request to access data in a cloud server and obtain the ciphertext CT, and if the attribute corresponding to the ciphertext CT meets the access structure of the private key SK of the cloud user, the cloud user decrypts the ciphertext CT to access;

step S500, the data owner carries out deterministic deletion on the data stored in the cloud server:

step S501, the data owner sends a deletion request DR to the trusted authority center, and the trusted authority center returns a deletion key rk to the data owner.

S502, the data owner sends the deletion key rk to the cloud server, and the cloud server returns a ciphertext corresponding to the accessibility attribute

Corresponding information is given to the data owner, and the data owner verifies

And Ω_indWhether it is valid information; wherein omega_indAuxiliary authentication information representing ind;

step S503, the cloud server changes the attribute value contained in the data ciphertext CT to be deleted through re-encrypting the part of the data ciphertext CT to be deleted so as to delete the data, and then recalculates the root node of the new Merkle hash tree

Will be provided with

As a deletion proof back to the data owner;

step S504, the data owner verifies whether the cloud server deletes the data needing to be deleted deterministically by reconstructing a new Merkle hash tree.

Further, the specific steps of step S100 are:

step S101: selecting an ampereWith full parameters k, the trusted authority center selects two multiplication cycle groups G of order prime p₁And G₂Selecting G as the group G₁One generator of (e) G₁×G₁→G₂Representing a bilinear map;

wherein, the attribute complete set is omega ═ { att ═ att₁,att₂,…att_n}，A_i＝{υ_i,1,υ_i,2,…υ_i,niIs attribute A_iAll possible values of (A), attribute A_iContaining n_iA possible value;

the access structure of the cloud user is W ═ omega₁,ω₂,…ω_kThe attribute set corresponding to the ciphertext is gamma ═ gamma₁,γ₂,…γ_t]H is the Hash function of collision resistance, H: {0,1}^*→Z_p，Z_pA cyclic group modulo p;

step S102: the trusted authority center selects a random number h belonging to G₁And the system private key y ∈ Z_pCalculating the common parameter Y ═ e (g, h)^yThen the trusted authority center selects a random number t_i,j∈Z_p(i∈[1,n],j∈[1,n_i]) Calculating common parameters

Generating a system public key

And a master key

Step S103: trusted authority center publishing system parameters

Further, the specific step of the step S200 is that the cloud user proposes a private key application to the trusted authority center, and the trusted authority center selects a random number r e to Z_pCalculating according to the system parameters, the access structure W of the user and the random number rg^rAnd

returning the intermediate private Key SK_W＝(g^r,D_wW) to the cloud user; the cloud user generates a pair of signature keys { spk, ssk }, and selects a random number α ← Z }_pCalculating attribute v-g^αThe private key of the cloud user is SK ═ (SK)_W,ssk,α)。

Further, the specific steps of step S301 are: the data owner selects a set of attribute sets gamma and a random number s e Z for the data M to be uploaded_PCalculating C₁＝M·Y^s，C₂＝g^s，

The ciphertext CT of the data M to be uploaded is (C)₁,C₂,C₃) (ii) a Meanwhile, the data owner constructs a Merkle hash tree, and leaf nodes of the Merkle hash tree are hash values H (X)_i,j) In which X is_i,j∈C₃Signing the root node R of the Merkle hash tree with the signing key ssk to obtain the sig_ssk(R)。

Further, the specific steps of step S302 are: the data owner selects an identifier fname for the data M to be uploaded and calculates a tag value for the data M to be uploaded

Uploading { fname, ind, CT, sigma, AAI, sig_ssk(R) } to a cloud server;

wherein,

is represented by C₃In the ciphertext corresponding to the accessibility attribute, ind represents the index of the leaf node corresponding to the accessibility attribute in the Merkle Hash Tree, and AAI represents

And auxiliary authentication information of leaf nodes corresponding to the accessibility attribute in the Merkle hash tree.

Further, the specific steps of step S400 are:

different cloud users request to access data in the cloud server and obtain the ciphertext CT and the system public key PK, wherein the cloud user attribute set

AS ═ W; using the private key SK to perform calculations if

The cloud user decrypts the ciphertext CT for access.

Further, the specific steps of step S501 are: the data owner sends a delete request DR ═ (fname, att) to the trusted authority center_i,v_i,j,v′_i,j) (ii) a Wherein, att_iRepresenting accessibility attribute, v_i,jDenotes accessible, v'_i,jIndicating inaccessibility, DR ═ f name, att_i,v_i,j,v′_i,j) Representing the change of the accessibility attribute in the ciphertext from accessible to inaccessible, the trusted authority center selects a random number t'_i,jAnd calculate

The deletion key rk ═ (fname, att) is then assigned_i,ck_i) And returning to the data owner.

Further, the specific steps of step S502 are:

step S502-1, the data owner will delete the key rk ═ (fname, att)_i,ck_i) Sending the data to a cloud server, and returning att with the accessibility attribute by the cloud server_iCorresponding tuple

Ω_indAuxiliary authentication information representing the node ind;

step S502-2 data owner verification

Whether or not, if so, then

The ciphertext corresponding to the ciphertext accessibility attribute;

step S502-3, the data owner according to

And Ω_indGenerating new root node of Merkle Hash tree

Verification equation sig_ssk(R)＝sig_ssk(R') is true, if true, Ω_indIs that

Valid auxiliary authentication information AAI.

Further, the specific steps of step S503 are:

step S503-1: the cloud server according to the delete request DR ═ (fname, att)_i,v_i,j,v′_i,j) Finding the data ciphertext CT to be deleted, the accessibility attribute att_iE.g. rk, cloud server computing

By using

In place of the data ciphertext CT that needs to be deleted

Step S503-2, the cloud server outputs a new ciphertext CT ═ (C)₁,C₂,C′₃γ'). Gamma' is set as an attribute set corresponding to the ciphertext after the re-encryption;

step S503-3 cloud server computing

Generating a new root node of a Merkle hash tree

Will be provided with

As a deletion proof back to the data owner.

Further, the specific steps of step S504 are: data owner re-encrypts using the deletion key rk

To obtain

The data owner receives the new root node

According to

And Ω received from the cloud server_indGenerating new root nodes for Merkle hash trees

New root node

A root node sent from the cloud server

Make a comparison if

The cloud server confirms that the data has been deleted.

Compared with the prior art, the invention has the beneficial effects that:

(1) fine-grained access: files stored in the cloud server support fine-grained access control, and data owners can determine who can access and decrypt the data before uploading the data. The data owner can correspond the ciphertext to an attribute set, and when the attribute set meets the access structure of the private key of the cloud user, the cloud user can correctly decrypt the data.

(2) Verifiable data deletion: the invention realizes the deterministic deletion of cloud data. The attribute set corresponding to the ciphertext is changed by enabling the cloud server to re-encrypt part of the ciphertext, so that the ciphertext does not meet the access structures of all users any more, and data cannot be accessed. In addition, a data owner can verify whether the data in the cloud server is deleted or not by reconstructing the Merkle hash tree, so that the data of a user can not be leaked, the data privacy of the cloud user is protected, and the safety of the system is improved.

(3) The calculation cost is low: the invention does not need the user to update the ciphertext and does not need the credible authority to manage and delete the key. Only the cloud server needs to update part of the ciphertext, the cost of the user verification process is low, the system is simple to implement, and the efficiency of data deterministic deletion is improved.

Drawings

FIG. 1 is a schematic diagram of a data storage and deterministic deletion process in accordance with an embodiment of the present invention;

FIG. 2 is a diagram of a verifiable deterministic deletion process in accordance with an embodiment of the present invention.

Detailed Description

All of the features disclosed in this specification, or all of the steps in any method or process so disclosed, may be combined in any combination, except combinations of features and/or steps that are mutually exclusive.

Any feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving equivalent or similar purposes, unless expressly stated otherwise. That is, unless expressly stated otherwise, each feature is only an example of a generic series of equivalent or similar features.

The present invention will be described in further detail with reference to specific examples, but the embodiments of the present invention are not limited thereto.

The invention provides an attribute-based cloud data deterministic deletion method of a key strategy based on the public key cryptography theory, which simultaneously supports fine-grained access control and is applied to a cloud storage environment with higher security requirements. The data is encrypted before being outsourced to the cloud, the special attribute of 'accessibility' is introduced into the ciphertext attribute set, the value of the special attribute in the ciphertext is changed through re-encryption, the ciphertext does not meet the access structures of all users any more, and data deletion is achieved. The data owner generates a root of the MHT by constructing the MHT, uploads a ciphertext and a signature of the root to the cloud server, when the ciphertext is re-encrypted, the new root of the MHT can be regarded as an evidence for deletion, and the data owner can verify the evidence to realize verifiable data certainty deletion. Any information of user data cannot be revealed in the whole process, so that the method and the system have a promoting effect on the development of cloud computing and have a plurality of theoretical meanings and practical meanings.

Firstly, the applied cryptology theory of the invention is briefly introduced:

(1) bilinear pairings

Let G₁,G₂Two multiplicative cyclic groups of order p, and G is the generator of group G. If mapping e to G₁×G₁→G₂If the following three conditions are satisfied, the method is called bilinear mapping. Computability: for any h₁,h₂∈G₁,e(h₁,h₂) Can be efficiently calculated. Bilinear, for arbitrary h₁,h₂∈G₁,a,b∈Z_p,

If true; non-degenerating, for G₁The generator g in (1) satisfies

(2) Attribute-based encryption (ABE)

In an attribute-based encryption scheme, attributes are used to generate keys and construct access policies. Attribute-based encryption can be roughly divided into attribute-based encryption of a key policy and attribute-based encryption of a ciphertext policy. In an attribute-based encryption scheme (KP-ABE) of a key policy, the access structure is contained in the user's private key, while the ciphertext corresponds to a set of attributes. In ciphertext policy attribute-based encryption (CP-ABE), the access policy is built into the ciphertext, and the user's private key corresponds to the attribute the user possesses. The attribute-based encryption scheme of the key strategy consists of four polynomial time algorithms as follows:

setup (k) the algorithm inputs the security parameters k, exports the system public key PK and the master key MSK.

KeyGen(PK,MSK,A_U-KP) The algorithm input accesses structure A_U-KPAnd outputting the user private key D.

Encrypt(PK,M,A_CT) The algorithm inputs a message M, a set of attributes a_CTAnd outputting the ciphertext C of the M.

Decrypt (C, D). the algorithm inputs a user private key D and a ciphertext C, and if the ciphertext C meets the access structure of the private key, the user can Decrypt the ciphertext C and output M.

(3) Merkle Hash Tree

The Merkle Hash Tree (MHT) is a widely used authentication structure that can efficiently check whether elements are stored perfectly. MHT is a binary tree in which leaf nodes store hash values of authentication data, and each internal node as well as the root node is generated by its two children. The values of the internal node as well as the root node are the hash values of its two child nodes. Element a_iIs a_iSiblings of all nodes on the path to the root node, and thus can be according to a_iAnd a_iThe root node is calculated by the auxiliary authentication information.

Referring to fig. 1, the present invention is embodied as follows:

a cloud data deterministic deletion method supporting fine-grained access comprises the following steps:

s100, system establishment is carried out, and system parameters are generated: selecting a security parameter k, and generating a public parameter of the system by the trusted authority center;

step S101: selecting a security parameter k, and selecting two multiplication circulation groups G with prime number p as an order by a credible authority center₁And G₂Selecting G as the group G₁One generator of (e) G₁×G₁→G₂Representing a bilinear map;

wherein, the attribute complete set is omega ═ { att ═ att₁,att₂,…att_n}，A_i＝{υ_i,1,υ_i,2,…υ_i,niIs attribute A_iAll possible values of (A), attribute A_iContaining n_iA possible value;

the access structure of the cloud user is W ═ omega₁,ω₂,…ω_kThe attribute set corresponding to the ciphertext is gamma ═ gamma₁,γ₂,…γ_t]H is a Hash function of collision resistance, H: {0,1}^*→Z_q，Z_pA cyclic group modulo p;

step S102: the trusted authority center selects a random number h belonging to G₁And the system private key y ∈ Z_pCalculating the common parameter Y ═ e (g, h)^yThen the trusted authority center selects a random number t_i,j∈Z_p(i∈[1,n],j∈[1,n_i]) Calculating common parameters

Generating a system public key

And a master key

Step S103: trusted authority center publishing system parameters

S200, applying and generating a private key of a cloud user:

the cloud user provides a private key application to the trusted authority center, and the trusted authority center accesses the cloud user according to the system public parametersStructure W and random number r generate an intermediate private key SK_WReturning to the cloud user; then, the cloud user selects a pair of signature key { spk, ssk } and random number α, and the private key of the cloud user is SK ═ (SK ═_W,ssk,α)；

The cloud user puts forward a private key application to a trusted authority center, and the trusted authority center selects a random number r E to Z_pAnd calculating a parameter g according to the system parameter, the access structure W of the user and the random number r^rAnd

returning the intermediate private Key SK_W＝(g^r,D_wAnd W) to the cloud user,

the cloud user generates a pair of signature keys { spk, ssk }, and selects a random number α ← Z }_pCalculating the attribute v ═ g^αThe private key of the cloud user is SK ═ (SK)_W,ssk,α)。

The access structure W of the cloud user comprises an accessibility attribute, and a data owner is contained in the cloud user;

s300, the data owner encrypts and stores the data and uploads the data to a cloud server:

step S301. the data owner selects a random number s belonging to Z and a group of attribute sets gamma for the data M to be uploaded_PCalculating C₁＝M·Y^s，C₂＝g^s，

The ciphertext CT of the data M to be uploaded is (C)₁,C₂,C₃) Wherein the attribute set gamma contains the attribute of accessibility; x_i,jIs the third part of the ciphertext, which is related to the specific attributes in the attribute set, and is also the leaf node for constructing the MHT. Meanwhile, the data owner constructs a Merkle hash tree, and leaf nodes of the Merkle hash tree are hash values H (X)_i,j) In which X is_i,j∈C₃Signing the root node R of the Merkle hash tree with the signing key ssk to obtain the sig_ssk(R)。

Step S302, a data owner selects an identifier for data M to be uploadedIs given by fname, and calculates a tag value for the data M to be uploaded

Uploading { fname, ind, CT, sigma, AAI, sig_ssk(R) } to a cloud server;

wherein,

is represented by C₃In the ciphertext corresponding to the accessibility attribute, ind represents the index of the leaf node corresponding to the accessibility attribute in the Merkle Hash Tree, and AAI represents

And auxiliary authentication information of leaf nodes corresponding to the accessibility attribute in the Merkle hash tree.

Step S400, accessing data in the cloud server by the cloud user:

if the attribute corresponding to the ciphertext meets the access structure of the private key held by the user, the user can decrypt the data in the cloud server, different cloud users request to access the data in the cloud server and obtain the ciphertext CT and the system public key PK, wherein the cloud user attribute set

AS ═ W; using the private key SK to perform calculations if

The cloud user decrypts the ciphertext CT for access.

Step S500, the data owner carries out deterministic deletion on the data stored in the cloud server:

when a data owner wants to delete data in a cloud server, the data owner first sends a deletion request to a trusted authority center. The trusted authority center returns a deletion key, i.e., a re-encryption key, to the data owner. The data owner sends the deletion key to the cloud server. After the deletion operation is performed, the cloud server will return a deletion certificate to the data owner, verifying that the data has been deleted. Referring to fig. 2, the process is specifically implemented as follows:

step S501, the data owner sends a deletion request DR ═ f name, att to the trusted authority center_i,v_i,j,v′_i,j) (ii) a Wherein, att_iRepresenting accessibility attribute, v_i,jDenotes accessible, v'_i,jIndicating inaccessibility, DR ═ (fname, atti, v)_i,j,v′_i,j) Showing that the accessibility attribute in the ciphertext is changed from accessible to inaccessible, and the trusted authority center selects a random number t'_i,jAnd calculate

The deletion key rk ═ (fname, att) is then assigned_i,ck_i) And returning to the data owner. Accessibility has two attribute values, accessible and inaccessible.

S502, the data owner sends the deletion key rk to the cloud server, and the cloud server returns a ciphertext corresponding to the accessibility attribute

Corresponding information is given to the data owner, and the data owner verifies

And Ω_indWhether it is valid information; wherein omega_indAuxiliary authentication information representing ind;

step S502-1, the data owner will delete the key rk ═ (fname, att)_i,ck_i) Sending the data to a cloud server, and returning att with the accessibility attribute by the cloud server_iCorresponding tuple

Ω_indAuxiliary authentication information representing the node ind;

step S502-2 data owner verification

Whether or not, if so, then

The ciphertext corresponding to the ciphertext accessibility attribute;

step S502-3, the data owner according to

And Ω_indGenerating new root node of Merkle Hash tree

Verification equation sig_ssk(R)＝sig_ssk(R') is true, if true, Ω_indIs that

Valid auxiliary authentication information AAI.

And S503, the cloud server changes the attribute value contained in the ciphertext to delete the data by re-encrypting part of the ciphertext, so that the ciphertext does not meet the access structures of all users any more, and then generates a deletion certificate and returns the deletion certificate to the data owner. The specific steps of data deletion are as follows:

step S503-1: the cloud server according to the delete request DR ═ (fname, att)_i,v_i,j,v′_i,j) The fname in the data search table corresponds to the data ciphertext CT to be deleted, and the accessibility attribute att_iE.g. rk, cloud server computing

By using

In place of the data ciphertext CT that needs to be deleted

Step S503-2, the cloud server outputs a new ciphertext CT ═ (C)₁,C₂,C′₃γ'). Is gamma' is providedSetting an attribute set corresponding to the encrypted ciphertext;

step S503-3 cloud server computing

Generating a new root node of a Merkle hash tree

Will be provided with

As a deletion proof back to the data owner;

step S504, the data owner verifies whether the cloud server deletes the data needing to be deleted deterministically by reconstructing a new Merkle hash tree.

Data owner re-encrypts using the deletion key rk

To obtain

The data owner receives the new root node

According to

And Ω received from the cloud server_indGenerating new root nodes for Merkle hash trees

New root node

A root node sent from the cloud server

Make a comparison if

The cloud server confirms that the data has been deleted.

The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims (10)

1. A cloud data deterministic deletion method supporting fine-grained access is characterized by comprising the following steps: comprises the following steps:

s100, system establishment is carried out, and system parameters are generated: selecting a security parameter k, and generating a public parameter of the system by the trusted authority center;

s200, applying and generating a private key of a cloud user:

the cloud user provides a private key application to a trusted authority center, and the trusted authority center generates an intermediate private key SK according to the system public parameters, the access structure W of the cloud user and the random number r_WReturning to the cloud user; the cloud user then selects a pair of signature keys { spk, ssk } and a random number α, the cloud user's private key being SK ═ (SK ═ for_w,ssk,α)；

The access structure W of the cloud user comprises an accessibility attribute, and a data owner is contained in the cloud user;

s300, the data owner encrypts and stores the data and uploads the data to a cloud server:

s301, data encryption and storage: the data owner selects a group of attribute set gamma and random number s for the data M to be uploaded, encrypts the data M and obtains a ciphertext CT (C)₁,C₂,C₃) Then with C₃Each element in the Merkle hash tree is used as a leaf node to construct a Merkle hash tree, and the root node R of the Merkle hash tree is signed by using the signature key ssk to obtain the sig_ssk(R)；

Wherein, the attribute set gamma includes the attribute of accessibility, and the attribute value is accessible;

step S302, uploading data to a cloud server by a data owner: the data owner selects an identifier fname for the data M to be uploaded, and then sets ind to be the ciphertext corresponding to the accessibility attribute

Setting AAI as ciphertext corresponding to accessibility attribute at position in Merkle hash tree

In the Merkle hash tree, the data owner calculates a label value sigma for the data M to be uploaded, and finally uploads { fname, ind, CT, sigma, AAI, sig_ssk(R) } to a cloud server;

step S400, accessing data in the cloud server by the cloud user:

different cloud users request to access data in a cloud server and obtain the ciphertext CT, and if the attribute corresponding to the ciphertext CT meets the access structure of the private key SK of the cloud user, the cloud user decrypts the ciphertext CT to access;

step S500, the data owner carries out deterministic deletion on the data stored in the cloud server:

s501, the data owner sends a deletion request DR to the trusted authority center, and the trusted authority center returns a deletion key rk to the data owner;

s502, the data owner sends the deletion key rk to the cloud server, and the cloud server returns a ciphertext corresponding to the accessibility attribute

Corresponding information is given to the data owner, and the data owner verifies

And Ω_indWhether it is valid information; wherein omega_indAuxiliary authentication information representing ind;

step S503, the cloud server needs to pass the re-encryption partThe deleted data ciphertext CT changes the attribute values contained in the data ciphertext CT to be deleted to achieve data deletion, and then recalculates the root node of the new Merkle hash tree

Will be provided with

As a deletion proof back to the data owner;

step S504, the data owner verifies whether the cloud server deletes the data needing to be deleted deterministically by reconstructing a new Merkle hash tree.

2. The cloud data deterministic deletion method supporting fine-grained access according to claim 1, characterized in that: the specific steps of step S100 are:

step S101: selecting a security parameter k, and selecting two multiplication circulation groups G with prime number p as an order by a credible authority center₁And G₂Selecting G as the group G₁One generator of (e) G₁×G₁→G₂Representing a bilinear map;

wherein, the attribute complete set is omega ═ { att ═ att₁,att₂,…att_n}，A_i＝{v_i,1,υ_i,2,…υ_i,niIs attribute A_iAll possible values of (A), attribute A_iContaining n_iA possible value;

the access structure of the cloud user is W ═ omega₁,ω₂,…ω_kThe attribute set corresponding to the ciphertext is gamma ═ gamma₁,γ₂,…γ_t]H is the Hash function of collision resistance, H: {0,1}^*→Z_p，Z_pA cyclic group modulo p;

step S102: the trusted authority center selects a random number h belonging to G₁And the system private key y ∈ Z_pCalculating the common parameter Y ═ e (g, h)^yThen the trusted authority center selects a random number t_i,j∈Z_p(i∈[1,n],j∈[1,n_i]) Calculating common parameters

Generating a system public key

And a master key

Step S103: trusted authority center publishing system parameters

3. The cloud data deterministic deletion method supporting fine-grained access according to claim 2, characterized in that: the specific step of the step S200 is that the cloud user provides a private key application to the trusted authority center, and the trusted authority center selects a random number r E to Z_pG is calculated according to the system parameters, the access structure W of the user and the random number r^rAnd

returning the intermediate private Key SK_W＝(g^r,D_wW) to the cloud user; the cloud user generates a pair of signature keys { spk, ssk }, and selects a random number α ← Z }_pCalculating attribute v-g^αThe private key of the cloud user is SK ═ (SK)_W,ssk,α)。

4. The cloud data deterministic deletion method supporting fine-grained access according to claim 3, characterized in that: the specific steps of step S301 are: the data owner selects a set of attribute sets gamma and a random number s e Z for the data M to be uploaded_PCalculating C₁＝M·Y^s，C₂＝g^s，

The ciphertext CT of the data M to be uploaded is (C)₁,C₂,C₃) (ii) a Meanwhile, the data owner constructs a Merkle hash tree, and leaf nodes of the Merkle hash tree are hash values H (X)_i,j) In which X is_i,j∈C₃Signing the root node R of the Merkle hash tree with the signing key ssk to obtain the sig_ssk(R)。

5. The cloud data deterministic deletion method supporting fine-grained access according to claim 4, characterized in that: the specific steps of step S302 are: the data owner selects an identifier fname for the data M to be uploaded and calculates a tag value for the data M to be uploaded

Uploading { fname, ind, CT, sigma, AAI, sig_ssk(R) } to a cloud server;

wherein,

is represented by C₃In the ciphertext corresponding to the accessibility attribute, ind represents the index of the leaf node corresponding to the accessibility attribute in the Merkle Hash Tree, and AAI represents

And auxiliary authentication information of leaf nodes corresponding to the accessibility attribute in the Merkle hash tree.

6. The method for cloud data deterministic deletion supporting fine-grained access according to claim 5, wherein: the specific steps of step S400 are:

different cloud users request to access data in the cloud server and obtain the ciphertext CT and the system public key PK, wherein the cloud user attribute set

AS ═ W; make itComputing with the private key SK of the cloud user if

The cloud user decrypts the ciphertext CT for access.

7. The method for cloud data deterministic deletion supporting fine-grained access according to claim 6, characterized in that: the specific steps of step S501 are: the data owner sends a delete request DR ═ (fname, att) to the trusted authority center_i,v_i,j,v′_i,j) (ii) a Wherein, att_iRepresenting accessibility attribute, v_i,jDenotes accessible, v'_i,jIndicating inaccessibility, DR ═ f name, att_i,v_i,j,v′_i,j) Representing the change of the accessibility attribute in the ciphertext from accessible to inaccessible, the trusted authority center selects a random number t'_i,jAnd calculate

The deletion key rk ═ (fname, att) is then assigned_i,ck_i) And returning to the data owner.

8. The method for cloud data deterministic deletion supporting fine-grained access according to claim 7, characterized in that: the specific steps of step S502 are:

step S502-1, the data owner will delete the key rk ═ (fname, att)_i,ck_i) Sending the data to a cloud server, and returning att with the accessibility attribute by the cloud server_iCorresponding tuple

Ω_indAuxiliary authentication information representing the node ind;

step S502-2 data owner verification

Whether or not, if so, then

The ciphertext corresponding to the ciphertext accessibility attribute;

step S502-3, the data owner according to

And Ω_indGenerating new root node of Merkle Hash tree

Verification equation sig_ssk(R)＝sig_ssk(R') is true, if true, Ω_indIs that

Valid auxiliary authentication information AAI.

9. The method for cloud data deterministic deletion supporting fine-grained access according to claim 8, characterized in that: the specific steps of step S503 are:

step S503-1: the cloud server according to the delete request DR ═ (fname, att)_i,v_i,j,v′_i,j) Finding the data ciphertext CT to be deleted, the accessibility attribute att_iE.g. rk, cloud server computing

By using

In place of the data ciphertext CT that needs to be deleted

Step S503-2, the cloud server outputs a new ciphertext CT ═ (C)₁,C₂,C′₃,γ') to a host; gamma' is set as an attribute set corresponding to the ciphertext after the re-encryption;

step S503-3 cloud server computing

Generating a new root node of a Merkle hash tree

Will be provided with

As a deletion proof back to the data owner.

10. The method for cloud data deterministic deletion supporting fine-grained access according to claim 9, characterized in that: the specific steps of step S504 are: data owner re-encrypts using the deletion key rk

To obtain

The data owner receives the new root node

According to

And Ω received from the cloud server_indGenerating new root nodes for Merkle hash trees

New root node

A root node sent from the cloud server

Make a comparison if

The cloud server confirms that the data has been deleted.

Images