CN108809996A - Different popularities delete the integrality auditing method for storing data again - Google Patents
Different popularities delete the integrality auditing method for storing data again Download PDFInfo
- Publication number
- CN108809996A CN108809996A CN201810626339.0A CN201810626339A CN108809996A CN 108809996 A CN108809996 A CN 108809996A CN 201810626339 A CN201810626339 A CN 201810626339A CN 108809996 A CN108809996 A CN 108809996A
- Authority
- CN
- China
- Prior art keywords
- user
- index
- file
- cloud
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The present invention provides a kind of integrality auditing methods for deleting storage data again that can be directed to different popularities, by studying the relationship being worth between initial authentication device and corresponding new authenticator, when popularity changes, so that Cloud Server generates new authenticator instead of user in the case where not knowing any privacy information of user.This does not need that user is always on, does not need user yet and expends computing resource and goes to calculate new authenticator.
Description
Technical field
The invention belongs to cloud computing security technology areas, and in particular to a kind of to store data again for deleting for different popularities
Integrality auditing method.
Background technology
In recent years, with the development of the network technology, occur the data of magnanimity in actual life, the storage of user local is empty
Between can no longer meet this storage demand.The appearance of cloud storage technology solves the problems, such as this.Because having on-demand service, ubiquitous
Network access, quick resource deployment, by using charge the advantages that, cloud storage become the ideal storage service pattern of people.
By cloud storage service, user can store mass data beyond the clouds, unified storage management be carried out to it by cloud, to save
About local hardware expenditure and maintenance costs.In addition, no matter anywhere user, can at any time be deposited by internet device
Access evidence.Currently, some well-known IT companies are all proposed the cloud storage platform of oneself, such as Google, Amazon, Microsoft, apple
Fruit.
Although cloud storage service brings great convenience for user, he is simultaneously also with some safety problems.When with
After family upload the data to Cloud Server, the direct physical control to it is just lost.Although the infrastructure of Cloud Server
Than personal computing devices safety and reliability, but still various security threats can be faced and user data is caused to be compromised.In addition, cloud
Server is in order to save storage resource, to seek more interests, may delete the data that are of little use of user.Therefore, cloud takes
Business device is not exclusively believable.
Therefore, it is a problem in the urgent need to address that how external bag data, which carries out integrity detection, for users.
In conventional method, if user needs to detect the integrality of outer bag data, need entire data downloading to this from Cloud Server
Ground.This obviously will produce a large amount of communication and computation burden, not meet practical application.In order to solve this realistic problem, people
Propose cloud storage audit program.The program, which need not download entire data, can complete data integrity detection.
In addition, with the development of cloud storage service, cloud service provider needs the user data also sharp increase serviced.Such as
What, which improves cloud storage efficiency, also becomes a hot issue.Different users may upload identical content in many cases,
File is to Cloud Server.For example, popular film or song.The electronic data that the investigation of EMC Inc. shows 75% is to repeat
's.So it is to have very much suction that multiple, the file of the identical content from different user, which only stores portion, for Cloud Server
Gravitation.This weight storage mode of deleting also produces certain challenge for integrality audit.
Unfortunately, previous all not account for outer bag data pair to deleting the cloud data integrity detection method stored again
The requirement of safety different level.These methods be all using convergent encryption or deformation convergent encryption to will outsourcing number
According to being encrypted.However, these Encryption Algorithm cannot provide the safety of Semantic Security for outer bag data.Due to more users
Data are contracted out to Cloud Server, nearest leaking data event has higher requirement to safety.Therefore, convergent encryption with
And the convergent encryption of deformation obviously cannot meet requirement of the people to safety, also can not thoroughly protect user data privacy.
If user before data are outsourced to cloud, is directly encrypted data with the Encryption Algorithm of Semantic Security, Cloud Server will
The data cannot be deleted and be operated again.Although this makes data-privacy be protected, existing data integrity auditing party
Method is unable to correctly execute.Because when the popularity of data changes, the Encryption Algorithm used the data may
It changes, that is, the ciphertext of the cloud data changes, corresponding authenticator will also change.Originally it is stored in cloud
On authenticator can not complete again integrity detection effect.
Invention content
In order to protect user data privacy while realizing that data delete weight, and data integrity inspection can be carried out to it
It surveys.Tradition solves the problems, such as this using direct method, that is, when the popularity of data changes, user is to its data
Regenerate authenticator.Obviously, this can not practical application.Because when the variation of the popularity of data, each user first has to
Their previous data are downloaded completely from Cloud Server.Then, it is that new ciphertext generates corresponding new authenticator.Most
New ciphertext and new authenticator are sent to Cloud Server afterwards.Obviously, this is an extremely complex process, can also be spent very
More time and resource.Further, since we are unable to the time that the variation of prediction data popularity occurs, so all users must
It must be always on.This can be that user causes larger network bandwidth to bear, and result even in user and be no longer ready to use cloud storage
Service.Also there is research to attempt to mitigate the computation burden of user using a third party, but do not prove effective still.The third party of introducing
It increases the complexity of system and some safety problems may be caused.Because third party knows with the private key with audit, he
Can be that any data forge rational authenticator.It is new to ensure whether the new authenticator of third party's generation corresponds to for cloud
Ciphertext will be very difficult.
For the difficulty of existing way, this patent propose it is a kind of can be directed to different popularities delete storage data again
Integrality auditing method, by studying the relationship being worth between initial authentication device and corresponding new authenticator so that Cloud Server
In the case where not knowing any privacy information of user, new authenticator is generated instead of user.It is always on that this does not need user,
User's consuming computing resource is not needed to go to calculate new authenticator yet.
To overcome above-mentioned technical problem, the present invention to provide a kind of integrality for deleting storage data again for different popularities
Auditing method comprising:
The first step, systematic parameter generate, and various systematic parameters are centrally generated by systematic parameter generation;
Second step, authentication generate identifier by Identity Provider's certification user identity and for it;
Third walks, and data file uploads, and high in the clouds is uploaded to after user's preprocessed data file;
4th step, audit, audit center audits to file.
The first step is specially further
A is walked, and systematic parameter generates center and selects rank for the group G and T of prime number q,For computable bilinear mapThe generation member that g is G;Select three keyed Hash function H1:{ 0,1 }*→G1, H2:GT→ { 0,1 }lAnd H3:
{ 0,1 }*→G1.Select a pseudo-random functionOne pseudo-random permutationWith
An and index function h:{ 0,1 }*→ { 0,1 }*;
B is walked, operation algorithm εμSetup (κ, n, t) → (pk, sk, S);
C is walked, open systematic parameterPreserve n secret shadow
The second step is specially further with user identity UiAs input.As user UiWhen wanting to upload files to cloud,
It is interacted first with Identity Provider (IdP) and submits its identity.Whether the identity that then IdP detections are submitted is legal.If legal,
IdP issues an identification identifier U for itiWith a secret shadow xi。
The third step further specifically includes:
A ' steps, user use convergent encryption key εCGenerate ciphertext Fc;
B ' steps, in order to obtain the index being next used interchangeably with cloud, user Ui interacts (IS) with index service,
First, it is that ciphertext FC generates index IFc that user, which runs index function h, and then, this index IFc is submitted to (IS), IS by user
Receive this index (being expressed as index) and the number of users of submission same index is counted and (is expressed as ctr), if this
A count value is less than popularity thresholding t, IS and runs one Bit String Irnd of a PRF generation to index IFc and user identity.
Wherein the length of Irnd is as index IFc.Then, IS is responded.Conversely, IS is responded;
C ' steps, if the response of IS is a random index Irnd, user, which needs to pass through, executes symmetric cryptography ε and convergence
Threshold cryptosystem εμCome to FcGenerate two ciphertext CεWithThen, the two ciphertexts are uploaded into cloud, finally, user deletes text
Part preserves two file index IretAnd IFcAnd two encryption keys k and km;
If the index that IS is responded is equal to IFc, in this case, file F has been popular file, possesses this document
User has been over popular thresholding t, and user upper transmitting file F, deletion file simultaneously need not preserve index I againFcAnd encryption key
km。
4th step further specifically includes:
A " steps, with the randomly selected key of userWith file F={ m1, m2..., mmAs input, whereinUser calculates and public-key cryptographyNo matter whether file is popular file, user be required for for
Each blocks of files mi(1≤i≤m) generates authenticator Ti, and authenticator is uploaded into cloud;
B " steps, TPA are constructed and challenge information chal are sent to cloud;
C " steps, after receiving challenge message, to all 1≤,≤c, cloud computingWithIt calculates
Cloud, which will possess, proves that P=(T, η) sends TPA, wherein η={ η1, η2..., ηs,
After receiving and possessing proof, to all 1≤,≤c, TPA are calculatedWithThen detect with
Whether lower equation is true,
If equation is set up, it is meant that cloud completely stores user data, and otherwise, cloud is not stored with user correctly
Data, last TPA return result to user.
Beneficial technique effect
(1) present invention is in view of different data is to the difference of security requirement, while realizing and realizing language to significant data
The full safety in Yian city and permission Cloud Server execute to delete to general data to be operated again.
(2) by studying the relationship being worth between initial authentication device and corresponding new authenticator, first is designed and Implemented
To the efficient integrality audit program of different popularity datas practicality.Any privacy information of user is not known in Cloud Server
In the case of, new authenticator is generated instead of user.It is always on that this does not need user, does not need user yet and expends computing resource
Calculate new authenticator.
(3) the invention can further support dynamic ownership management, dynamic popularity thresholding, no block chemical examination card and
Criticize audit.
Description of the drawings
Fig. 1 is data file structure schematic diagram;
Fig. 2 is the integrality auditing system illustraton of model for deleting storage data again for different popularities;
Fig. 3 is file upload procedure schematic diagram;
Fig. 4 is audit phase schematic diagram.
Specific implementation mode
It is proposed by the present invention to contain five classes for deleting in the integrality auditing method of storage data again for different popularities
Different entities:User, Identity Provider (IdP), cloud, index service (IS), auditing by third party person (TPA).User has largely
Data need to be stored on cloud, and rely on cloud and its data be managed.User can be individual or tissue.Identity provides
Person (IdP) is that the user of just addition system issues a letter of identity.The most important role of Identity Provider is every by ensuring
A user can only register once to resist Sybil attack.Cloud Server has abundant storage and computing resource.In order to improve storage
Efficiency, Cloud Server only store portion to the same file from different user.Index service (IS) in store record, the record
Recite that how many different user uploads same text document.Index service also be each file issue one it is unique
File identifier.Whether auditing by third party person (TPA) regularly represents the data that user goes detection to be stored on cloud complete.When careful
When counting integrality, TPA sends a challenge information to cloud.After receiving this message, Cloud Server replys possessing property of a data card
It is bright.Finally, TPA verifies this and proves whether rationally and return result to user.
The correlation theory that the art of this patent is applied is as follows:
Bilinear Pairing:
If G1It is the module that rank is q, G2It is the multiplicative group that two ranks are q, if mapping e:G1×G2→G2Meet following property
Matter:
1) bilinearity:ForA, b ∈ G1Meet e (aP, bQ)=e (P, Q)ab。
2) non-degeneracy:There are P, Q ∈ G so that
3) computability:There are efficient algorithm, forE (P, Q) can be calculated.
Then mapping e is referred to as Bilinear Pairing.
BLS short signatures
1) group G is the multiplicative cyclic group that rank is prime number q, and it is g to generate member, and signer randomly selectsThen it calculates
X=gx∈ G, the public and private key of signer is respectively X and x.
2) assume that message is M, signer calculates σ=(H (M))x, wherein
3) when verifying, then known message M and its signature sigma first calculate e (g, σ) and whether e (X, H (M)) are equal, if
It is equal, indicate that σ is the signature of message M.
Convergent encryption
Unlike symmetric cryptography, convergent encryption is not probabilistic.This is because convergent encryption algorithm use plus
Key is generated by a determining function by message m.Convergent encryption includes following three algorithms:
Key generates:Input security parameter κ and message m.Export key km.Identical message generates identical key.
Encryption:Input message and key km.Export ciphertext c.
Decryption:Input ciphertext c and key km.Export message m.
Disclosed Threshold cryptosystem
Key can be divided into n parts by Threshold cryptosystem, then be distributed to the user of n mandate respectively, any t is a or is more than
This key can be recovered.According to the safety of threshold cryptography, it is any less than t user cannot all recover it is close
Key.Disclosed encryption is to use public key encryption message, and the user of any t mandate can decrypt corresponding ciphertext.Disclosed thresholding
Encryption is made of following algorithm:
(1) Setup (κ, n, t) → (pk, sk, S):The algorithm is with security parameter κ, authorized user's quantity n and a door
Limit value t is as input.Output is the public key pk, corresponding private key sk and a set being made of the n share of sk of systemThe set of any t share can reconstruct secret Sk using polynomial interopolation.Wherein riFor ski?
Former phase in above-mentioned multinomial.
(2) Encrypt (pk, m) → (c):The algorithm is using public key pk and message m as input.Export corresponding ciphertext c.
(3)Dshare(ri, ski, m) and → (ri, dsi):The algorithm is with message m, a secret shadow skiAnd its is corresponding
It is former to be mutually used as input.Export a decryption shares dsiAnd corresponding ri。
(4) Decrypt (c, St)→(m):The algorithm is with the set of ciphertext c and t decryption shares pairMake
For input.Export clear-text message m.
In order to improve storage efficiency and audit performance, this patent stores user data using a kind of common segment structure:It will
Data file F is divided into n data block { m1..., mn, each data block is further separated into s sub-block { mJ, 1..., mJ, s,
Reduce data block number of labels in this way, saves space.
The present invention provides a kind of integrality auditing method for deleting storage data again for different popularities comprising:
The first step, systematic parameter generate, and the public and private parameter of various systems is centrally generated by systematic parameter generation;
Second step, authentication generate identifier by Identity Provider's certification user identity and for it;
Third walks, and data file uploads, and high in the clouds is uploaded to after user's preprocessed data file;
4th step, audit, audit center audits to file.
The first step is specially further
A is walked, and systematic parameter generates center and selects rank for the group G and T of prime number q,For computable bilinear mapThe generation member that g is G;Select three keyed Hash function H1:{ 0,1 }*→G1, H2:GT→ { 0,1 }lAnd H3:
{ 0,1 }*→G1.Select a pseudo-random functionOne pseudo-random permutationWith
An and index function h:{ 0,1 }*→ { 0,1 }*;
B is walked, operation algorithm sμSetup (κ, n, t) → (pk, sk, S);
C is walked, open systematic parameterPreserve n secret shadow
The second step is specially further with user identity UiAs input.As user UiWhen wanting to upload files to cloud,
It is interacted first with Identity Provider (IdP) and submits its identity.Whether the identity that then IdP detections are submitted is legal.If legal,
IdP issues an identification identifier U for itiWith a secret shadow xi。
The third step further specifically includes:
A ' steps, user use convergent encryption key εCGenerate ciphertext Fc;
B ' steps, in order to obtain the index being next used interchangeably with cloud, user Ui interacts (IS) with index service,
First, it is that ciphertext FC generates index IFc that user, which runs index function h, and then, this index IFc is submitted to (IS), IS by user
Receive this index (being expressed as index) and the number of users of submission same index is counted and (is expressed as ctr), if this
A count value is less than popularity thresholding t, IS and runs one Bit String Irnd of a PRF generation to index IFc and user identity.
Wherein the length of Irnd is as index IFc.Then, IS is responded.Conversely, IS is responded;
C ' steps, if the response of IS is a random index Irnd, user, which needs to pass through, executes symmetric cryptography ε and convergence
Threshold cryptosystem εμCome to FcGenerate two ciphertext CεWithThen, the two ciphertexts are uploaded into cloud, finally, user deletes text
Part preserves two file index IretAnd IFcAnd two encryption keys k and km;
If the index that IS is responded is equal to IFc, in this case, file F has been popular file, possesses this document
User has been over popular thresholding t, and user upper transmitting file F, deletion file simultaneously need not preserve index I againFcAnd encryption key
km。
4th step uses public audit, therefore checks work by audit center implementation.
4th step further specifically includes:
A " steps, with the randomly selected key of userWith file F={ m1, m2..., mmAs input, whereinUser calculates and public-key cryptographyNo matter whether file is popular file, user be required for for
Each blocks of files mi(1≤i≤m) generates authenticator Ti, and authenticator is uploaded into cloud;
B " steps, TPA are constructed and challenge information chal are sent to cloud;
C " steps, after receiving challenge message, to 1 all≤t≤c, cloud computingWithIt calculates
Cloud, which will possess, proves that P=(T, η) sends TPA, wherein η={ η1, η2..., ηs,
After receiving and possessing proof, 1 all≤t≤c, TPA are calculatedWithThen detect with
Whether lower equation is true,
If equation is set up, it is meant that cloud completely stores user data, and otherwise, cloud is not stored with user correctly
Data, last TPA return result to user.
The a " steps further specifically include:
A "-a steps, user select s random number { u1, u2..., us};
A "-b steps, enable τ0For name | | m | | u1||u2||...||us.User randomly chooses a signature keyAnd calculate corresponding authentication secret Pssk←gssk, the label SSig of file is τ0τ in connection0The ssk under key
Signature, τ ← τ0||SSigssk(τ0);
A "-c steps, user are that each blocks of files calculates authenticator:
Wherein mijIt is expressed as j-th of part of i-th of blocks of files;
A "-d steps, user calculate
A "-e step, user is by { Ti}1≤i≤m,It is sent to cloud with file label SSig.
When the number of users for possessing identical file is equal to popularity thresholding t, which is performed.User need not again on
Transmitting file F.The set index obtained from IS is sent to cloud by user.According to the index in set, cloud can be collected into different use
The decryption shares at family.Then, cloud can decrypt the ciphertext that each user uploadsLater, cloud has obtained calculating using convergent encryption
The encrypted internal layer ciphertext F of methodc.Obviously, delete at this time again operation can be with naturally-occurring.Finally, cloud is recognized for each user generation is new
Demonstrate,prove device
If the authenticator that cloud generates can not need to compensate user by verification, cloud.Therefore, cloud does not have motivation event
Meaning ground calculates a wrong authenticator.It is right whereby below using embodiment and attached drawing come the embodiment that the present invention will be described in detail
How the invention applies technical means to solve technical problems, and the realization process for reaching technique effect can be fully understood and according to this
Implement.
Data file structure is as shown in Figure 1 in the present invention.Each behavioral data file is resolvable to data block in figure
{m1..., mn, it is each to be classified as data block mkIt is divided into sub-block { mK, 1..., mK, s}.Wherein the i-th row j row indicate sub-block mI, j.For
Raising storage efficiency and audit performance, the data file of outsourcing are divided into n data block { m1..., mn, then each data
Block miFurther it is divided into s sub-block { mI, 1..., mI, s}.N block label will thus be generated to (mi, Ti), whereinIt is to block miThe block label calculated using Classification Documents τ.In audit, high in the clouds can be with
It is receiveed the response according to the inquiry construction at audit center by label and data, the initial data without beaming back user.In addition
Common segment structure is simple, direct, and file F is divided into n × s sub-block, and each block (s sub-block) corresponds to a block label, thus
The storage cost of block label can be reduced with s increases.
Fig. 2 is the integrality auditing system illustraton of model for deleting storage data again for different popularities.This is illustrated to be in figure
System contains the different entity of five classes:User, Identity Provider (IdP), cloud, index service (IS), auditing by third party person
(TPA).User has a large amount of data to need to be stored on cloud, and relies on cloud and be managed to its data.User can be individual
Or tissue.As shown in Figure 2, it when user wants that this system is added, needs to register to Identity Provider.Identity Provider
(IdP) user identity is verified, if identity is correct, the user for system is just added issues a user identifier UiWith
One secret shadow xiAs letter of identity.Cloud Server has abundant storage and computing resource.In order to improve storage efficiency, cloud
Server only stores portion to the same file from different user.If subsequent user wants upper transmitting file to high in the clouds, need
First its data file is encrypted using convergent encryption algorithm.It then interacts with index service IS, is returned according to IS
File index type, to judge whether user file is popular file, if need usage threshold Encryption Algorithm to it into traveling
One step is encrypted.And select the algorithm to be executed in next step.How many index service (IS) in store record, the record recite not
Same user uploads same text document.Index service is also that each file issues a unique file identifier.When
When user wants check data integrity, entrust auditing by third party person that him is replaced to be detected.Auditing by third party person (TPA) is fixed
Whether complete represent to phase the data that user goes detection to be stored on cloud.When audit integrity, TPA sends an inquiry to cloud
Information.After receiving this message, Cloud Server is replied a possessing property of data and is proved.Finally, TPA verifies this and proves whether rationally simultaneously
Return result to user.
Fig. 3 is file upload procedure schematic diagram.User uses convergent encryption key εCGenerate ciphertext Fc.In order to be connect down
Come the index I being used interchangeably with cloudret, user UiIt is interacted (IS) with index service.First, user's operation index function h is
Ciphertext FCGenerate index IFc.Then, this is indexed I by userFcIt submits to (IS).IS receives this index (being expressed as index)
And to submitting the number of users of same index to be counted and (be expressed as ctr).If this count value is less than popularity thresholding t,
IS is to indexing IFcAnd user identity runs a PRF and generates a Bit String Irnd.Wherein IrndLength with index IFcOne
Sample.Then, IS responds Iret=Irnd.Conversely, IS responds Iret=IFc。
If the response of IS is a random index Irnd.In this case, file F is non-prevalence.Possess this document
Number of users is less than popularity thresholding t.User needs by executing symmetric cryptography ε and convergent Threshold cryptosystem εμCome to FcIt generates
Two ciphertext CεWithThen, the two ciphertexts are uploaded into cloud.If the file that user uploads never becomes popular text
Part, user can pass through ciphertext CεReply data.If the file of user at a time becomes popular file, cloud can restore
Convergence threshold encrypts εμKey and execution delete and operate again.Finally, user deletes file, preserves two file index IretAnd IFc,
And two encryption keys k and km。
Otherwise, it is popular file that user, which needs the file uploaded, it is only necessary to convergent encryption.And user need not also hold
It is about to the operation that file uploads to high in the clouds.
Fig. 4 is audit phase schematic diagram.The purpose of user is intended to the integrality of the data of detection storage beyond the clouds.In order to
Need not download entire file can check data integrity, user needs to generate corresponding authenticator for each blocks of files.
The process for generating authenticator is as follows:With the randomly selected key of userWith file F={ m1, m2..., mmAs defeated
Enter, whereinUser calculates and public-key cryptographyNo matter whether file is popular file, Yong Hudou
It needs for each blocks of files mi(1≤i≤m) generates authenticator Ti, and authenticator is uploaded into cloud.
A. user selects s random number { u1, u2..., us}。
B. τ is enabled0For name | | m | | u1||u2||...||us.User randomly chooses a signature keyAnd
Calculate corresponding authentication secret Pssk←gssk.The label SSig of file is τ0τ in connection0The signature of ssk, τ ← τ under key0||
SSigssk(τ0)。
C. user is that each blocks of files calculates authenticator:
Wherein mijIt is expressed as j-th of part of i-th of blocks of files.
D. user calculates
E. user is by { Ti}1≤i≤m,It is sent to cloud with file label SSig.
When user wants check data integrity, TPA is constructed and challenge information chal is sent to cloud.
1.TPA from cloud obtains file label SSig and with key gk∈G1To τ0Signature verified.
If signature is unreasonable, TPA refuses and stops.
2. otherwise, TPA recovers filename name, m and { u1, u2..., us}.Then, a random value c (1≤c is selected
≤ m) as the quantity for addressing inquires to blocks of files.
3. selecting two random numbers
4.TPA is by challenge message chal=(c, k1, k2) it is sent to cloud.
After receiving challenge message, to all 1≤,≤c, cloud computingWithThen, it calculates
Finally, cloud, which will possess, proves that P=(T, η) sends TPA, wherein η={ η1, η2..., ηs}。
After receiving and possessing proof, 1 all≤t≤c, TPA are calculatedWithThen detect with
Whether lower equation is true.
If above-mentioned equation is set up, it is meant that cloud completely stores user data.Otherwise, cloud is not stored with correctly
User data.Last TPA returns result to user.
(1) system initialization:In systematic parameter generation phase, using security parameter κ as input.Then IG (1 is runκ) calculate
Method generates the multiplicative cyclic group G of two Big prime p ranks1, G2An and bilinear mapSelection three adds
Close hash function H1:{ 0,1 }*→G1, H2:GT→ { 0,1 }lAnd H3:{ 0,1 }*→G1.Select a pseudo-random functionOne pseudo-random permutationAn and index function h:{ 0,1 }*→ 0,
1}*.Run algorithm εμThe open systematic parameters of Setup (κ, n, t) → (pk, sk, s)
Preserve n secret shadow
(2) authentication:In the authentication stage, as user UiWhen wanting to upload files to cloud, provided first with identity
Person (IdP) interaction simultaneously submits its identity.Whether the identity that then IdP detections are submitted is legal.If legal, IdP issues one for it
A identification identifier UiWith a secret shadow xi。
(3) data upload:The stage is uploaded in data, user uses convergent encryption key ε firstCGenerate ciphertext Fc.In order to obtain
Obtain the index I being next used interchangeably with cloudret, user UiIt is interacted (IS) with index service.First, user runs index
Function h is ciphertext FCGenerate index IFc.Then, this is indexed I by userFcIt submits to (IS).IS receives this index and (is expressed as
Index) and to submitting the number of users of same index to be counted and (be expressed as ctr).If this count value is less than popularity
Thresholding t, IS are to indexing IFcAnd user identity runs a PRF and generates a Bit String Irnd.Wherein IrndLength and index
IFcEqually.Then, IS responds Iret=Irnd.Conversely, IS responds Iret=IFc。
If the response of IS is a random index Irnd.In this case, file F is non-prevalence.Possess this document
Number of users is less than popularity thresholding t.User needs by executing symmetric cryptography ε and convergent Threshold cryptosystem εμCome to FcIt generates
Two ciphertext CεWithThen, the two ciphertexts are uploaded into cloud.If the file that user uploads never becomes popular text
Part, user can pass through ciphertext CεReply data.If the file of user at a time becomes popular file, cloud can restore
Convergence threshold encrypts εμKey and execution delete and operate again.Finally, user deletes file, preserves two file index IretAnd IFc,
And two encryption keys k and km。
Otherwise, supporting paper is popular file, and user need not upload this document again.
(4) integrality is audited:In data integrity detection-phase, TPA is constructed and challenge information chal is sent to cloud.
TPA from cloud obtains file label SSig and with key gk∈G1To τ0Signature verified.If signature is unreasonable, TPA refusals
And stop.Otherwise, TPA recovers filename name, m and { u1, u2... us}.Then, a random value c (1≤c≤m) is selected
As the quantity for addressing inquires to blocks of files.Select two random numbersTPA is by challenge message chal=(c, k1,
k2) it is sent to cloud.
After receiving challenge message, to 1 all≤t≤c, cloud computingWithThen, it calculates
Finally, cloud, which will possess, proves that P=(T, η) sends TPA, wherein η={ η1, η2..., ηs}。
After receiving and possessing proof, 1 all≤t≤c, TPA are calculatedWithThen detect with
Whether lower equation is true.
If equation is set up, it is meant that cloud completely stores user data.Otherwise, cloud is not stored with user correctly
Data.Last TPA returns result to user.
Advantage of the invention is that:One, it in view of different data is to the difference of security requirement, while realizing to important
Data realize the safety of Semantic Security and Cloud Server are allowed to delete general data execution and operate again.In the present solution, we
Data are distinguished according to the popularity of data.For non-prevalence data, we ensure height using the Encryption Algorithm of Semantic Security
Horizontal safety.May be some private datas because non-prevalence data is to upload to Cloud Server by a small number of users, it is such as a
People's bill.For non-prevalence data, we provide weaker safety, but allow Cloud Server to delete it and operate again.
Prevalence data is the data that many users possess simultaneously, such as popular video.
Two, first efficient integrality audit program to the practicality of different popularity datas is realized.To realize target,
Have studied the relationship being worth between initial authentication device and corresponding new authenticator.Cloud Server is not knowing any privacy letter of user
In the case of breath, new authenticator is generated instead of user.It is always on that this does not need user, does not need user yet and expends and calculates money
Source is gone to calculate new authenticator.
Three, dynamic ownership management can be further supported, dynamic popularity thresholding, no block chemical examination, which is demonstrate,proved and criticized, to be examined
Meter.
All above-mentioned this intellectual properties of primarily implementation, there is no this new products of implementation of setting limitation other forms
And/or new method.Those skilled in the art will utilize this important information, the above modification, to realize similar execution feelings
Condition.But all modifications or transformation belong to the right of reservation based on new product of the present invention.
The above described is only a preferred embodiment of the present invention, being not that the invention has other forms of limitations, appoint
What those skilled in the art changed or be modified as possibly also with the technology contents of the disclosure above equivalent variations etc.
Imitate embodiment.But it is every without departing from technical solution of the present invention content, according to the technical essence of the invention to above example institute
Any simple modification, equivalent variations and the remodeling made, still fall within the protection domain of technical solution of the present invention.
Claims (5)
1. a kind of integrality auditing method for deleting storage data again for different popularities, which is characterized in that including:
The first step, systematic parameter generate, and various systematic parameters are centrally generated by systematic parameter generation;
Second step, authentication generate identifier by Identity Provider's certification user identity and for it;
Third walks, and data file uploads, and high in the clouds is uploaded to after user's preprocessed data file;
4th step, audit, audit center audits to file.
2. be directed to different popularities as described in claim 1 deletes the integrality auditing method for storing data again, feature exists
In:The first step is specially further
A is walked, and systematic parameter generates center and selects rank for the group G and T of prime number q,For computable bilinear map
The generation member that g is G;Select three keyed Hash function H1:{ 0,1 }*→G1, H2:GT→ { 0,1 }lAnd H3:{ 0,1 }*→G1.Choosing
Select a pseudo-random functionOne pseudo-random permutationAn and index letter
Number h:(0,1 }*→ { 0,1 }*;
B is walked, operation algorithm εμ.Setup (κ, n, t) → (pk, sk, S);
C is walked, open systematic parameterPreserve n secret shadow
3. be directed to different popularities as claimed in claim 1 or 2 deletes the integrality auditing method for storing data again, feature
It is:The second step is specially further with user identity UiAs input.As user UiIt is first when wanting to upload files to cloud
First is interacted with Identity Provider (IdP) and submit its identity.Whether the identity that then IdP detections are submitted is legal.If legal,
IdP issues an identification identifier U for itiWith a secret shadow Xi。
4. the integrality auditing method for deleting storage data again for different popularities as described in claims 1 to 3, feature
It is:The third step further specifically includes,
A ' steps, user use convergent encryption key εCGenerate ciphertext Fc;
B ' steps, in order to obtain the index being next used interchangeably with cloud, user Ui is interacted (IS) with index service, first
First, it is that ciphertext FC generates index IFc that user, which runs index function h, and then, this index IFc is submitted to (IS) by user, and IS connects
By this index (being expressed as index) and to submitting the number of users of same index to be counted and (be expressed as ctr), if this
Count value is less than popularity thresholding t, IS and runs one Bit String Irnd of a PRF generation to index IFc and user identity.Its
The length of middle Irnd is as index IFc.Then, IS is responded.Conversely, IS is responded;
C ' steps, if the response of IS is a random index Irnd, user, which needs to pass through, executes symmetric cryptography ε and convergent door
Limit encryption εμCome to FcGenerate two ciphertext CεWithThen, the two ciphertexts are uploaded into cloud, finally, user deletes file,
Preserve two file index IretAnd IFcAnd two encryption keys k and km;
If the index that IS is responded is equal to IFc, in this case, file F has been popular file, possesses the user of this document
Popular thresholding t is had been over, user upper transmitting file F, deletion file simultaneously need not preserve index I againFcWith encryption key km。
5. the integrality auditing method for deleting storage data again for different popularities as described in Claims 1-4, feature
It is:4th step further specifically includes,
A " steps, with the randomly selected key of userWith file F={ m1, m2..., mmAs input, whereinUser calculates and public-key cryptographyNo matter whether file is popular file, user is required for being every
A blocks of files mi(1≤i≤m) generates authenticator Ti, and authenticator is uploaded into cloud;
B " steps, TPA are constructed and challenge information chal are sent to cloud;
C " steps, after receiving challenge message, to all 1≤,≤c, cloud computingWithIt calculates
Cloud, which will possess, proves that P=(T, η) sends TPA, wherein η={ η1, η2..., ηs,
After receiving and possessing proof, to all 1≤,≤c, TPA are calculatedWithThen following equation is detected
It is whether true,
If equation is set up, it is meant that cloud completely stores user data, and otherwise, cloud is not stored with number of users correctly
According to last TPA returns result to user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810626339.0A CN108809996B (en) | 2018-06-15 | 2018-06-15 | Integrity auditing method for duplicate deletion stored data with different popularity |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810626339.0A CN108809996B (en) | 2018-06-15 | 2018-06-15 | Integrity auditing method for duplicate deletion stored data with different popularity |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108809996A true CN108809996A (en) | 2018-11-13 |
CN108809996B CN108809996B (en) | 2021-02-12 |
Family
ID=64083214
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810626339.0A Active CN108809996B (en) | 2018-06-15 | 2018-06-15 | Integrity auditing method for duplicate deletion stored data with different popularity |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108809996B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110175169A (en) * | 2019-05-30 | 2019-08-27 | 青岛大学 | A kind of encryption data De-weight method, system and relevant apparatus |
CN111090840A (en) * | 2019-11-15 | 2020-05-01 | 杭州云象网络技术有限公司 | Method for user service authentication by using block chain pre-registration information |
CN114707983A (en) * | 2022-06-02 | 2022-07-05 | 武汉智可信科技有限公司 | Consumption credible prepayment method and device based on block chain |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150067331A1 (en) * | 2013-08-30 | 2015-03-05 | International Business Machines Corporation | Remote data storage |
CN106662981A (en) * | 2014-06-27 | 2017-05-10 | 日本电气株式会社 | Storage device, program, and information processing method |
CN106790311A (en) * | 2017-03-31 | 2017-05-31 | 青岛大学 | Cloud Server stores integrality detection method and system |
-
2018
- 2018-06-15 CN CN201810626339.0A patent/CN108809996B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150067331A1 (en) * | 2013-08-30 | 2015-03-05 | International Business Machines Corporation | Remote data storage |
CN106662981A (en) * | 2014-06-27 | 2017-05-10 | 日本电气株式会社 | Storage device, program, and information processing method |
CN106790311A (en) * | 2017-03-31 | 2017-05-31 | 青岛大学 | Cloud Server stores integrality detection method and system |
Non-Patent Citations (1)
Title |
---|
张曙光、咸鹤群、刘红燕、侯瑞涛: "云存储环境中基于离线密钥传递的", 《技术研究》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110175169A (en) * | 2019-05-30 | 2019-08-27 | 青岛大学 | A kind of encryption data De-weight method, system and relevant apparatus |
CN110175169B (en) * | 2019-05-30 | 2023-05-09 | 青岛大学 | Encrypted data deduplication method, system and related device |
CN111090840A (en) * | 2019-11-15 | 2020-05-01 | 杭州云象网络技术有限公司 | Method for user service authentication by using block chain pre-registration information |
CN114707983A (en) * | 2022-06-02 | 2022-07-05 | 武汉智可信科技有限公司 | Consumption credible prepayment method and device based on block chain |
Also Published As
Publication number | Publication date |
---|---|
CN108809996B (en) | 2021-02-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109687963B (en) | Anti-quantum computing alliance chain transaction method and system based on public key pool | |
CN106254374B (en) | A kind of cloud data public audit method having duplicate removal function | |
Guo et al. | Outsourced dynamic provable data possession with batch update for secure cloud storage | |
Yu et al. | Improved security of a dynamic remote data possession checking protocol for cloud storage | |
CN111639361A (en) | Block chain key management method, multi-person common signature method and electronic device | |
CN109889497A (en) | A kind of data integrity verification method for going to trust | |
CN107483585A (en) | The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment | |
CN105227317B (en) | A kind of cloud data integrity detection method and system for supporting authenticator privacy | |
CN104967693B (en) | Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage | |
CN105721158A (en) | Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system | |
Maffei et al. | Maliciously secure multi-client ORAM | |
CN107359998A (en) | A kind of foundation of portable intelligent password management system and operating method | |
Azad et al. | M2m-rep: Reputation system for machines in the internet of things | |
Buccafurri et al. | Integrating digital identity and blockchain | |
Cui et al. | Ciphertext-policy attribute-based encrypted data equality test and classification | |
CN106790311A (en) | Cloud Server stores integrality detection method and system | |
CN110392038A (en) | The multi-key cipher that can verify that under a kind of multi-user scene can search for encryption method | |
CN108809996A (en) | Different popularities delete the integrality auditing method for storing data again | |
CN109088719A (en) | Outsourced database multi-key word can verify that cipher text searching method, data processing system | |
CN104361295B (en) | Method for inquiring and verifying data of internet-of-vehicles RSU (Remote Subscriber Unit) based on cloud platform | |
Cui et al. | Proof of retrievability with public verifiability resilient against related‐key attacks | |
CN108156139A (en) | No certificate can verify that multiple key cryptogram search system and method | |
Gao et al. | BFR‐SE: A Blockchain‐Based Fair and Reliable Searchable Encryption Scheme for IoT with Fine‐Grained Access Control in Cloud Environment | |
Xie et al. | A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices | |
CN113014394A (en) | Electronic data evidence storing method and system based on alliance chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 266071 Shandong city of Qingdao province Ningxia City Road No. 308 Applicant after: Qingdao University Address before: 266071 Ningxia Road, Shandong, China, No. 308, No. Applicant before: Qingdao University |
|
GR01 | Patent grant | ||
GR01 | Patent grant |