CN108809996A - Different popularities delete the integrality auditing method for storing data again - Google Patents

Different popularities delete the integrality auditing method for storing data again Download PDF

Info

Publication number
CN108809996A
CN108809996A CN201810626339.0A CN201810626339A CN108809996A CN 108809996 A CN108809996 A CN 108809996A CN 201810626339 A CN201810626339 A CN 201810626339A CN 108809996 A CN108809996 A CN 108809996A
Authority
CN
China
Prior art keywords
user
index
file
cloud
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810626339.0A
Other languages
Chinese (zh)
Other versions
CN108809996B (en
Inventor
于佳
侯慧莹
郝蓉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao University
Original Assignee
Qingdao University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao University filed Critical Qingdao University
Priority to CN201810626339.0A priority Critical patent/CN108809996B/en
Publication of CN108809996A publication Critical patent/CN108809996A/en
Application granted granted Critical
Publication of CN108809996B publication Critical patent/CN108809996B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention provides a kind of integrality auditing methods for deleting storage data again that can be directed to different popularities, by studying the relationship being worth between initial authentication device and corresponding new authenticator, when popularity changes, so that Cloud Server generates new authenticator instead of user in the case where not knowing any privacy information of user.This does not need that user is always on, does not need user yet and expends computing resource and goes to calculate new authenticator.

Description

Different popularities delete the integrality auditing method for storing data again
Technical field
The invention belongs to cloud computing security technology areas, and in particular to a kind of to store data again for deleting for different popularities Integrality auditing method.
Background technology
In recent years, with the development of the network technology, occur the data of magnanimity in actual life, the storage of user local is empty Between can no longer meet this storage demand.The appearance of cloud storage technology solves the problems, such as this.Because having on-demand service, ubiquitous Network access, quick resource deployment, by using charge the advantages that, cloud storage become the ideal storage service pattern of people. By cloud storage service, user can store mass data beyond the clouds, unified storage management be carried out to it by cloud, to save About local hardware expenditure and maintenance costs.In addition, no matter anywhere user, can at any time be deposited by internet device Access evidence.Currently, some well-known IT companies are all proposed the cloud storage platform of oneself, such as Google, Amazon, Microsoft, apple Fruit.
Although cloud storage service brings great convenience for user, he is simultaneously also with some safety problems.When with After family upload the data to Cloud Server, the direct physical control to it is just lost.Although the infrastructure of Cloud Server Than personal computing devices safety and reliability, but still various security threats can be faced and user data is caused to be compromised.In addition, cloud Server is in order to save storage resource, to seek more interests, may delete the data that are of little use of user.Therefore, cloud takes Business device is not exclusively believable.
Therefore, it is a problem in the urgent need to address that how external bag data, which carries out integrity detection, for users. In conventional method, if user needs to detect the integrality of outer bag data, need entire data downloading to this from Cloud Server Ground.This obviously will produce a large amount of communication and computation burden, not meet practical application.In order to solve this realistic problem, people Propose cloud storage audit program.The program, which need not download entire data, can complete data integrity detection.
In addition, with the development of cloud storage service, cloud service provider needs the user data also sharp increase serviced.Such as What, which improves cloud storage efficiency, also becomes a hot issue.Different users may upload identical content in many cases, File is to Cloud Server.For example, popular film or song.The electronic data that the investigation of EMC Inc. shows 75% is to repeat 's.So it is to have very much suction that multiple, the file of the identical content from different user, which only stores portion, for Cloud Server Gravitation.This weight storage mode of deleting also produces certain challenge for integrality audit.
Unfortunately, previous all not account for outer bag data pair to deleting the cloud data integrity detection method stored again The requirement of safety different level.These methods be all using convergent encryption or deformation convergent encryption to will outsourcing number According to being encrypted.However, these Encryption Algorithm cannot provide the safety of Semantic Security for outer bag data.Due to more users Data are contracted out to Cloud Server, nearest leaking data event has higher requirement to safety.Therefore, convergent encryption with And the convergent encryption of deformation obviously cannot meet requirement of the people to safety, also can not thoroughly protect user data privacy. If user before data are outsourced to cloud, is directly encrypted data with the Encryption Algorithm of Semantic Security, Cloud Server will The data cannot be deleted and be operated again.Although this makes data-privacy be protected, existing data integrity auditing party Method is unable to correctly execute.Because when the popularity of data changes, the Encryption Algorithm used the data may It changes, that is, the ciphertext of the cloud data changes, corresponding authenticator will also change.Originally it is stored in cloud On authenticator can not complete again integrity detection effect.
Invention content
In order to protect user data privacy while realizing that data delete weight, and data integrity inspection can be carried out to it It surveys.Tradition solves the problems, such as this using direct method, that is, when the popularity of data changes, user is to its data Regenerate authenticator.Obviously, this can not practical application.Because when the variation of the popularity of data, each user first has to Their previous data are downloaded completely from Cloud Server.Then, it is that new ciphertext generates corresponding new authenticator.Most New ciphertext and new authenticator are sent to Cloud Server afterwards.Obviously, this is an extremely complex process, can also be spent very More time and resource.Further, since we are unable to the time that the variation of prediction data popularity occurs, so all users must It must be always on.This can be that user causes larger network bandwidth to bear, and result even in user and be no longer ready to use cloud storage Service.Also there is research to attempt to mitigate the computation burden of user using a third party, but do not prove effective still.The third party of introducing It increases the complexity of system and some safety problems may be caused.Because third party knows with the private key with audit, he Can be that any data forge rational authenticator.It is new to ensure whether the new authenticator of third party's generation corresponds to for cloud Ciphertext will be very difficult.
For the difficulty of existing way, this patent propose it is a kind of can be directed to different popularities delete storage data again Integrality auditing method, by studying the relationship being worth between initial authentication device and corresponding new authenticator so that Cloud Server In the case where not knowing any privacy information of user, new authenticator is generated instead of user.It is always on that this does not need user, User's consuming computing resource is not needed to go to calculate new authenticator yet.
To overcome above-mentioned technical problem, the present invention to provide a kind of integrality for deleting storage data again for different popularities Auditing method comprising:
The first step, systematic parameter generate, and various systematic parameters are centrally generated by systematic parameter generation;
Second step, authentication generate identifier by Identity Provider's certification user identity and for it;
Third walks, and data file uploads, and high in the clouds is uploaded to after user's preprocessed data file;
4th step, audit, audit center audits to file.
The first step is specially further
A is walked, and systematic parameter generates center and selects rank for the group G and T of prime number q,For computable bilinear mapThe generation member that g is G;Select three keyed Hash function H1:{ 0,1 }*→G1, H2:GT→ { 0,1 }lAnd H3: { 0,1 }*→G1.Select a pseudo-random functionOne pseudo-random permutationWith An and index function h:{ 0,1 }*→ { 0,1 }*
B is walked, operation algorithm εμSetup (κ, n, t) → (pk, sk, S);
C is walked, open systematic parameterPreserve n secret shadow
The second step is specially further with user identity UiAs input.As user UiWhen wanting to upload files to cloud, It is interacted first with Identity Provider (IdP) and submits its identity.Whether the identity that then IdP detections are submitted is legal.If legal, IdP issues an identification identifier U for itiWith a secret shadow xi
The third step further specifically includes:
A ' steps, user use convergent encryption key εCGenerate ciphertext Fc
B ' steps, in order to obtain the index being next used interchangeably with cloud, user Ui interacts (IS) with index service, First, it is that ciphertext FC generates index IFc that user, which runs index function h, and then, this index IFc is submitted to (IS), IS by user Receive this index (being expressed as index) and the number of users of submission same index is counted and (is expressed as ctr), if this A count value is less than popularity thresholding t, IS and runs one Bit String Irnd of a PRF generation to index IFc and user identity. Wherein the length of Irnd is as index IFc.Then, IS is responded.Conversely, IS is responded;
C ' steps, if the response of IS is a random index Irnd, user, which needs to pass through, executes symmetric cryptography ε and convergence Threshold cryptosystem εμCome to FcGenerate two ciphertext CεWithThen, the two ciphertexts are uploaded into cloud, finally, user deletes text Part preserves two file index IretAnd IFcAnd two encryption keys k and km
If the index that IS is responded is equal to IFc, in this case, file F has been popular file, possesses this document User has been over popular thresholding t, and user upper transmitting file F, deletion file simultaneously need not preserve index I againFcAnd encryption key km
4th step further specifically includes:
A " steps, with the randomly selected key of userWith file F={ m1, m2..., mmAs input, whereinUser calculates and public-key cryptographyNo matter whether file is popular file, user be required for for Each blocks of files mi(1≤i≤m) generates authenticator Ti, and authenticator is uploaded into cloud;
B " steps, TPA are constructed and challenge information chal are sent to cloud;
C " steps, after receiving challenge message, to all 1≤,≤c, cloud computingWithIt calculates
Cloud, which will possess, proves that P=(T, η) sends TPA, wherein η={ η1, η2..., ηs,
After receiving and possessing proof, to all 1≤,≤c, TPA are calculatedWithThen detect with Whether lower equation is true,
If equation is set up, it is meant that cloud completely stores user data, and otherwise, cloud is not stored with user correctly Data, last TPA return result to user.
Beneficial technique effect
(1) present invention is in view of different data is to the difference of security requirement, while realizing and realizing language to significant data The full safety in Yian city and permission Cloud Server execute to delete to general data to be operated again.
(2) by studying the relationship being worth between initial authentication device and corresponding new authenticator, first is designed and Implemented To the efficient integrality audit program of different popularity datas practicality.Any privacy information of user is not known in Cloud Server In the case of, new authenticator is generated instead of user.It is always on that this does not need user, does not need user yet and expends computing resource Calculate new authenticator.
(3) the invention can further support dynamic ownership management, dynamic popularity thresholding, no block chemical examination card and Criticize audit.
Description of the drawings
Fig. 1 is data file structure schematic diagram;
Fig. 2 is the integrality auditing system illustraton of model for deleting storage data again for different popularities;
Fig. 3 is file upload procedure schematic diagram;
Fig. 4 is audit phase schematic diagram.
Specific implementation mode
It is proposed by the present invention to contain five classes for deleting in the integrality auditing method of storage data again for different popularities Different entities:User, Identity Provider (IdP), cloud, index service (IS), auditing by third party person (TPA).User has largely Data need to be stored on cloud, and rely on cloud and its data be managed.User can be individual or tissue.Identity provides Person (IdP) is that the user of just addition system issues a letter of identity.The most important role of Identity Provider is every by ensuring A user can only register once to resist Sybil attack.Cloud Server has abundant storage and computing resource.In order to improve storage Efficiency, Cloud Server only store portion to the same file from different user.Index service (IS) in store record, the record Recite that how many different user uploads same text document.Index service also be each file issue one it is unique File identifier.Whether auditing by third party person (TPA) regularly represents the data that user goes detection to be stored on cloud complete.When careful When counting integrality, TPA sends a challenge information to cloud.After receiving this message, Cloud Server replys possessing property of a data card It is bright.Finally, TPA verifies this and proves whether rationally and return result to user.
The correlation theory that the art of this patent is applied is as follows:
Bilinear Pairing:
If G1It is the module that rank is q, G2It is the multiplicative group that two ranks are q, if mapping e:G1×G2→G2Meet following property Matter:
1) bilinearity:ForA, b ∈ G1Meet e (aP, bQ)=e (P, Q)ab
2) non-degeneracy:There are P, Q ∈ G so that
3) computability:There are efficient algorithm, forE (P, Q) can be calculated.
Then mapping e is referred to as Bilinear Pairing.
BLS short signatures
1) group G is the multiplicative cyclic group that rank is prime number q, and it is g to generate member, and signer randomly selectsThen it calculates X=gx∈ G, the public and private key of signer is respectively X and x.
2) assume that message is M, signer calculates σ=(H (M))x, wherein
3) when verifying, then known message M and its signature sigma first calculate e (g, σ) and whether e (X, H (M)) are equal, if It is equal, indicate that σ is the signature of message M.
Convergent encryption
Unlike symmetric cryptography, convergent encryption is not probabilistic.This is because convergent encryption algorithm use plus Key is generated by a determining function by message m.Convergent encryption includes following three algorithms:
Key generates:Input security parameter κ and message m.Export key km.Identical message generates identical key.
Encryption:Input message and key km.Export ciphertext c.
Decryption:Input ciphertext c and key km.Export message m.
Disclosed Threshold cryptosystem
Key can be divided into n parts by Threshold cryptosystem, then be distributed to the user of n mandate respectively, any t is a or is more than This key can be recovered.According to the safety of threshold cryptography, it is any less than t user cannot all recover it is close Key.Disclosed encryption is to use public key encryption message, and the user of any t mandate can decrypt corresponding ciphertext.Disclosed thresholding Encryption is made of following algorithm:
(1) Setup (κ, n, t) → (pk, sk, S):The algorithm is with security parameter κ, authorized user's quantity n and a door Limit value t is as input.Output is the public key pk, corresponding private key sk and a set being made of the n share of sk of systemThe set of any t share can reconstruct secret Sk using polynomial interopolation.Wherein riFor ski? Former phase in above-mentioned multinomial.
(2) Encrypt (pk, m) → (c):The algorithm is using public key pk and message m as input.Export corresponding ciphertext c.
(3)Dshare(ri, ski, m) and → (ri, dsi):The algorithm is with message m, a secret shadow skiAnd its is corresponding It is former to be mutually used as input.Export a decryption shares dsiAnd corresponding ri
(4) Decrypt (c, St)→(m):The algorithm is with the set of ciphertext c and t decryption shares pairMake For input.Export clear-text message m.
In order to improve storage efficiency and audit performance, this patent stores user data using a kind of common segment structure:It will Data file F is divided into n data block { m1..., mn, each data block is further separated into s sub-block { mJ, 1..., mJ, s, Reduce data block number of labels in this way, saves space.
The present invention provides a kind of integrality auditing method for deleting storage data again for different popularities comprising:
The first step, systematic parameter generate, and the public and private parameter of various systems is centrally generated by systematic parameter generation;
Second step, authentication generate identifier by Identity Provider's certification user identity and for it;
Third walks, and data file uploads, and high in the clouds is uploaded to after user's preprocessed data file;
4th step, audit, audit center audits to file.
The first step is specially further
A is walked, and systematic parameter generates center and selects rank for the group G and T of prime number q,For computable bilinear mapThe generation member that g is G;Select three keyed Hash function H1:{ 0,1 }*→G1, H2:GT→ { 0,1 }lAnd H3: { 0,1 }*→G1.Select a pseudo-random functionOne pseudo-random permutationWith An and index function h:{ 0,1 }*→ { 0,1 }*
B is walked, operation algorithm sμSetup (κ, n, t) → (pk, sk, S);
C is walked, open systematic parameterPreserve n secret shadow
The second step is specially further with user identity UiAs input.As user UiWhen wanting to upload files to cloud, It is interacted first with Identity Provider (IdP) and submits its identity.Whether the identity that then IdP detections are submitted is legal.If legal, IdP issues an identification identifier U for itiWith a secret shadow xi
The third step further specifically includes:
A ' steps, user use convergent encryption key εCGenerate ciphertext Fc
B ' steps, in order to obtain the index being next used interchangeably with cloud, user Ui interacts (IS) with index service, First, it is that ciphertext FC generates index IFc that user, which runs index function h, and then, this index IFc is submitted to (IS), IS by user Receive this index (being expressed as index) and the number of users of submission same index is counted and (is expressed as ctr), if this A count value is less than popularity thresholding t, IS and runs one Bit String Irnd of a PRF generation to index IFc and user identity. Wherein the length of Irnd is as index IFc.Then, IS is responded.Conversely, IS is responded;
C ' steps, if the response of IS is a random index Irnd, user, which needs to pass through, executes symmetric cryptography ε and convergence Threshold cryptosystem εμCome to FcGenerate two ciphertext CεWithThen, the two ciphertexts are uploaded into cloud, finally, user deletes text Part preserves two file index IretAnd IFcAnd two encryption keys k and km
If the index that IS is responded is equal to IFc, in this case, file F has been popular file, possesses this document User has been over popular thresholding t, and user upper transmitting file F, deletion file simultaneously need not preserve index I againFcAnd encryption key km
4th step uses public audit, therefore checks work by audit center implementation.
4th step further specifically includes:
A " steps, with the randomly selected key of userWith file F={ m1, m2..., mmAs input, whereinUser calculates and public-key cryptographyNo matter whether file is popular file, user be required for for Each blocks of files mi(1≤i≤m) generates authenticator Ti, and authenticator is uploaded into cloud;
B " steps, TPA are constructed and challenge information chal are sent to cloud;
C " steps, after receiving challenge message, to 1 all≤t≤c, cloud computingWithIt calculates
Cloud, which will possess, proves that P=(T, η) sends TPA, wherein η={ η1, η2..., ηs,
After receiving and possessing proof, 1 all≤t≤c, TPA are calculatedWithThen detect with Whether lower equation is true,
If equation is set up, it is meant that cloud completely stores user data, and otherwise, cloud is not stored with user correctly Data, last TPA return result to user.
The a " steps further specifically include:
A "-a steps, user select s random number { u1, u2..., us};
A "-b steps, enable τ0For name | | m | | u1||u2||...||us.User randomly chooses a signature keyAnd calculate corresponding authentication secret Pssk←gssk, the label SSig of file is τ0τ in connection0The ssk under key Signature, τ ← τ0||SSigssk0);
A "-c steps, user are that each blocks of files calculates authenticator:
Wherein mijIt is expressed as j-th of part of i-th of blocks of files;
A "-d steps, user calculate
A "-e step, user is by { Ti}1≤i≤m,It is sent to cloud with file label SSig.
When the number of users for possessing identical file is equal to popularity thresholding t, which is performed.User need not again on Transmitting file F.The set index obtained from IS is sent to cloud by user.According to the index in set, cloud can be collected into different use The decryption shares at family.Then, cloud can decrypt the ciphertext that each user uploadsLater, cloud has obtained calculating using convergent encryption The encrypted internal layer ciphertext F of methodc.Obviously, delete at this time again operation can be with naturally-occurring.Finally, cloud is recognized for each user generation is new Demonstrate,prove device
If the authenticator that cloud generates can not need to compensate user by verification, cloud.Therefore, cloud does not have motivation event Meaning ground calculates a wrong authenticator.It is right whereby below using embodiment and attached drawing come the embodiment that the present invention will be described in detail How the invention applies technical means to solve technical problems, and the realization process for reaching technique effect can be fully understood and according to this Implement.
Data file structure is as shown in Figure 1 in the present invention.Each behavioral data file is resolvable to data block in figure {m1..., mn, it is each to be classified as data block mkIt is divided into sub-block { mK, 1..., mK, s}.Wherein the i-th row j row indicate sub-block mI, j.For Raising storage efficiency and audit performance, the data file of outsourcing are divided into n data block { m1..., mn, then each data Block miFurther it is divided into s sub-block { mI, 1..., mI, s}.N block label will thus be generated to (mi, Ti), whereinIt is to block miThe block label calculated using Classification Documents τ.In audit, high in the clouds can be with It is receiveed the response according to the inquiry construction at audit center by label and data, the initial data without beaming back user.In addition Common segment structure is simple, direct, and file F is divided into n × s sub-block, and each block (s sub-block) corresponds to a block label, thus The storage cost of block label can be reduced with s increases.
Fig. 2 is the integrality auditing system illustraton of model for deleting storage data again for different popularities.This is illustrated to be in figure System contains the different entity of five classes:User, Identity Provider (IdP), cloud, index service (IS), auditing by third party person (TPA).User has a large amount of data to need to be stored on cloud, and relies on cloud and be managed to its data.User can be individual Or tissue.As shown in Figure 2, it when user wants that this system is added, needs to register to Identity Provider.Identity Provider (IdP) user identity is verified, if identity is correct, the user for system is just added issues a user identifier UiWith One secret shadow xiAs letter of identity.Cloud Server has abundant storage and computing resource.In order to improve storage efficiency, cloud Server only stores portion to the same file from different user.If subsequent user wants upper transmitting file to high in the clouds, need First its data file is encrypted using convergent encryption algorithm.It then interacts with index service IS, is returned according to IS File index type, to judge whether user file is popular file, if need usage threshold Encryption Algorithm to it into traveling One step is encrypted.And select the algorithm to be executed in next step.How many index service (IS) in store record, the record recite not Same user uploads same text document.Index service is also that each file issues a unique file identifier.When When user wants check data integrity, entrust auditing by third party person that him is replaced to be detected.Auditing by third party person (TPA) is fixed Whether complete represent to phase the data that user goes detection to be stored on cloud.When audit integrity, TPA sends an inquiry to cloud Information.After receiving this message, Cloud Server is replied a possessing property of data and is proved.Finally, TPA verifies this and proves whether rationally simultaneously Return result to user.
Fig. 3 is file upload procedure schematic diagram.User uses convergent encryption key εCGenerate ciphertext Fc.In order to be connect down Come the index I being used interchangeably with cloudret, user UiIt is interacted (IS) with index service.First, user's operation index function h is Ciphertext FCGenerate index IFc.Then, this is indexed I by userFcIt submits to (IS).IS receives this index (being expressed as index) And to submitting the number of users of same index to be counted and (be expressed as ctr).If this count value is less than popularity thresholding t, IS is to indexing IFcAnd user identity runs a PRF and generates a Bit String Irnd.Wherein IrndLength with index IFcOne Sample.Then, IS responds Iret=Irnd.Conversely, IS responds Iret=IFc
If the response of IS is a random index Irnd.In this case, file F is non-prevalence.Possess this document Number of users is less than popularity thresholding t.User needs by executing symmetric cryptography ε and convergent Threshold cryptosystem εμCome to FcIt generates Two ciphertext CεWithThen, the two ciphertexts are uploaded into cloud.If the file that user uploads never becomes popular text Part, user can pass through ciphertext CεReply data.If the file of user at a time becomes popular file, cloud can restore Convergence threshold encrypts εμKey and execution delete and operate again.Finally, user deletes file, preserves two file index IretAnd IFc, And two encryption keys k and km
Otherwise, it is popular file that user, which needs the file uploaded, it is only necessary to convergent encryption.And user need not also hold It is about to the operation that file uploads to high in the clouds.
Fig. 4 is audit phase schematic diagram.The purpose of user is intended to the integrality of the data of detection storage beyond the clouds.In order to Need not download entire file can check data integrity, user needs to generate corresponding authenticator for each blocks of files. The process for generating authenticator is as follows:With the randomly selected key of userWith file F={ m1, m2..., mmAs defeated Enter, whereinUser calculates and public-key cryptographyNo matter whether file is popular file, Yong Hudou It needs for each blocks of files mi(1≤i≤m) generates authenticator Ti, and authenticator is uploaded into cloud.
A. user selects s random number { u1, u2..., us}。
B. τ is enabled0For name | | m | | u1||u2||...||us.User randomly chooses a signature keyAnd Calculate corresponding authentication secret Pssk←gssk.The label SSig of file is τ0τ in connection0The signature of ssk, τ ← τ under key0|| SSigssk0)。
C. user is that each blocks of files calculates authenticator:
Wherein mijIt is expressed as j-th of part of i-th of blocks of files.
D. user calculates
E. user is by { Ti}1≤i≤m,It is sent to cloud with file label SSig.
When user wants check data integrity, TPA is constructed and challenge information chal is sent to cloud.
1.TPA from cloud obtains file label SSig and with key gk∈G1To τ0Signature verified.
If signature is unreasonable, TPA refuses and stops.
2. otherwise, TPA recovers filename name, m and { u1, u2..., us}.Then, a random value c (1≤c is selected ≤ m) as the quantity for addressing inquires to blocks of files.
3. selecting two random numbers
4.TPA is by challenge message chal=(c, k1, k2) it is sent to cloud.
After receiving challenge message, to all 1≤,≤c, cloud computingWithThen, it calculates
Finally, cloud, which will possess, proves that P=(T, η) sends TPA, wherein η={ η1, η2..., ηs}。
After receiving and possessing proof, 1 all≤t≤c, TPA are calculatedWithThen detect with Whether lower equation is true.
If above-mentioned equation is set up, it is meant that cloud completely stores user data.Otherwise, cloud is not stored with correctly User data.Last TPA returns result to user.
(1) system initialization:In systematic parameter generation phase, using security parameter κ as input.Then IG (1 is runκ) calculate Method generates the multiplicative cyclic group G of two Big prime p ranks1, G2An and bilinear mapSelection three adds Close hash function H1:{ 0,1 }*→G1, H2:GT→ { 0,1 }lAnd H3:{ 0,1 }*→G1.Select a pseudo-random functionOne pseudo-random permutationAn and index function h:{ 0,1 }*→ 0, 1}*.Run algorithm εμThe open systematic parameters of Setup (κ, n, t) → (pk, sk, s) Preserve n secret shadow
(2) authentication:In the authentication stage, as user UiWhen wanting to upload files to cloud, provided first with identity Person (IdP) interaction simultaneously submits its identity.Whether the identity that then IdP detections are submitted is legal.If legal, IdP issues one for it A identification identifier UiWith a secret shadow xi
(3) data upload:The stage is uploaded in data, user uses convergent encryption key ε firstCGenerate ciphertext Fc.In order to obtain Obtain the index I being next used interchangeably with cloudret, user UiIt is interacted (IS) with index service.First, user runs index Function h is ciphertext FCGenerate index IFc.Then, this is indexed I by userFcIt submits to (IS).IS receives this index and (is expressed as Index) and to submitting the number of users of same index to be counted and (be expressed as ctr).If this count value is less than popularity Thresholding t, IS are to indexing IFcAnd user identity runs a PRF and generates a Bit String Irnd.Wherein IrndLength and index IFcEqually.Then, IS responds Iret=Irnd.Conversely, IS responds Iret=IFc
If the response of IS is a random index Irnd.In this case, file F is non-prevalence.Possess this document Number of users is less than popularity thresholding t.User needs by executing symmetric cryptography ε and convergent Threshold cryptosystem εμCome to FcIt generates Two ciphertext CεWithThen, the two ciphertexts are uploaded into cloud.If the file that user uploads never becomes popular text Part, user can pass through ciphertext CεReply data.If the file of user at a time becomes popular file, cloud can restore Convergence threshold encrypts εμKey and execution delete and operate again.Finally, user deletes file, preserves two file index IretAnd IFc, And two encryption keys k and km
Otherwise, supporting paper is popular file, and user need not upload this document again.
(4) integrality is audited:In data integrity detection-phase, TPA is constructed and challenge information chal is sent to cloud. TPA from cloud obtains file label SSig and with key gk∈G1To τ0Signature verified.If signature is unreasonable, TPA refusals And stop.Otherwise, TPA recovers filename name, m and { u1, u2... us}.Then, a random value c (1≤c≤m) is selected As the quantity for addressing inquires to blocks of files.Select two random numbersTPA is by challenge message chal=(c, k1, k2) it is sent to cloud.
After receiving challenge message, to 1 all≤t≤c, cloud computingWithThen, it calculates
Finally, cloud, which will possess, proves that P=(T, η) sends TPA, wherein η={ η1, η2..., ηs}。
After receiving and possessing proof, 1 all≤t≤c, TPA are calculatedWithThen detect with Whether lower equation is true.
If equation is set up, it is meant that cloud completely stores user data.Otherwise, cloud is not stored with user correctly Data.Last TPA returns result to user.
Advantage of the invention is that:One, it in view of different data is to the difference of security requirement, while realizing to important Data realize the safety of Semantic Security and Cloud Server are allowed to delete general data execution and operate again.In the present solution, we Data are distinguished according to the popularity of data.For non-prevalence data, we ensure height using the Encryption Algorithm of Semantic Security Horizontal safety.May be some private datas because non-prevalence data is to upload to Cloud Server by a small number of users, it is such as a People's bill.For non-prevalence data, we provide weaker safety, but allow Cloud Server to delete it and operate again. Prevalence data is the data that many users possess simultaneously, such as popular video.
Two, first efficient integrality audit program to the practicality of different popularity datas is realized.To realize target, Have studied the relationship being worth between initial authentication device and corresponding new authenticator.Cloud Server is not knowing any privacy letter of user In the case of breath, new authenticator is generated instead of user.It is always on that this does not need user, does not need user yet and expends and calculates money Source is gone to calculate new authenticator.
Three, dynamic ownership management can be further supported, dynamic popularity thresholding, no block chemical examination, which is demonstrate,proved and criticized, to be examined Meter.
All above-mentioned this intellectual properties of primarily implementation, there is no this new products of implementation of setting limitation other forms And/or new method.Those skilled in the art will utilize this important information, the above modification, to realize similar execution feelings Condition.But all modifications or transformation belong to the right of reservation based on new product of the present invention.
The above described is only a preferred embodiment of the present invention, being not that the invention has other forms of limitations, appoint What those skilled in the art changed or be modified as possibly also with the technology contents of the disclosure above equivalent variations etc. Imitate embodiment.But it is every without departing from technical solution of the present invention content, according to the technical essence of the invention to above example institute Any simple modification, equivalent variations and the remodeling made, still fall within the protection domain of technical solution of the present invention.

Claims (5)

1. a kind of integrality auditing method for deleting storage data again for different popularities, which is characterized in that including:
The first step, systematic parameter generate, and various systematic parameters are centrally generated by systematic parameter generation;
Second step, authentication generate identifier by Identity Provider's certification user identity and for it;
Third walks, and data file uploads, and high in the clouds is uploaded to after user's preprocessed data file;
4th step, audit, audit center audits to file.
2. be directed to different popularities as described in claim 1 deletes the integrality auditing method for storing data again, feature exists In:The first step is specially further
A is walked, and systematic parameter generates center and selects rank for the group G and T of prime number q,For computable bilinear map The generation member that g is G;Select three keyed Hash function H1:{ 0,1 }*→G1, H2:GT→ { 0,1 }lAnd H3:{ 0,1 }*→G1.Choosing Select a pseudo-random functionOne pseudo-random permutationAn and index letter Number h:(0,1 }*→ { 0,1 }*
B is walked, operation algorithm εμ.Setup (κ, n, t) → (pk, sk, S);
C is walked, open systematic parameterPreserve n secret shadow
3. be directed to different popularities as claimed in claim 1 or 2 deletes the integrality auditing method for storing data again, feature It is:The second step is specially further with user identity UiAs input.As user UiIt is first when wanting to upload files to cloud First is interacted with Identity Provider (IdP) and submit its identity.Whether the identity that then IdP detections are submitted is legal.If legal, IdP issues an identification identifier U for itiWith a secret shadow Xi
4. the integrality auditing method for deleting storage data again for different popularities as described in claims 1 to 3, feature It is:The third step further specifically includes,
A ' steps, user use convergent encryption key εCGenerate ciphertext Fc
B ' steps, in order to obtain the index being next used interchangeably with cloud, user Ui is interacted (IS) with index service, first First, it is that ciphertext FC generates index IFc that user, which runs index function h, and then, this index IFc is submitted to (IS) by user, and IS connects By this index (being expressed as index) and to submitting the number of users of same index to be counted and (be expressed as ctr), if this Count value is less than popularity thresholding t, IS and runs one Bit String Irnd of a PRF generation to index IFc and user identity.Its The length of middle Irnd is as index IFc.Then, IS is responded.Conversely, IS is responded;
C ' steps, if the response of IS is a random index Irnd, user, which needs to pass through, executes symmetric cryptography ε and convergent door Limit encryption εμCome to FcGenerate two ciphertext CεWithThen, the two ciphertexts are uploaded into cloud, finally, user deletes file, Preserve two file index IretAnd IFcAnd two encryption keys k and km
If the index that IS is responded is equal to IFc, in this case, file F has been popular file, possesses the user of this document Popular thresholding t is had been over, user upper transmitting file F, deletion file simultaneously need not preserve index I againFcWith encryption key km
5. the integrality auditing method for deleting storage data again for different popularities as described in Claims 1-4, feature It is:4th step further specifically includes,
A " steps, with the randomly selected key of userWith file F={ m1, m2..., mmAs input, whereinUser calculates and public-key cryptographyNo matter whether file is popular file, user is required for being every A blocks of files mi(1≤i≤m) generates authenticator Ti, and authenticator is uploaded into cloud;
B " steps, TPA are constructed and challenge information chal are sent to cloud;
C " steps, after receiving challenge message, to all 1≤,≤c, cloud computingWithIt calculates
Cloud, which will possess, proves that P=(T, η) sends TPA, wherein η={ η1, η2..., ηs,
After receiving and possessing proof, to all 1≤,≤c, TPA are calculatedWithThen following equation is detected It is whether true,
If equation is set up, it is meant that cloud completely stores user data, and otherwise, cloud is not stored with number of users correctly According to last TPA returns result to user.
CN201810626339.0A 2018-06-15 2018-06-15 Integrity auditing method for duplicate deletion stored data with different popularity Active CN108809996B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810626339.0A CN108809996B (en) 2018-06-15 2018-06-15 Integrity auditing method for duplicate deletion stored data with different popularity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810626339.0A CN108809996B (en) 2018-06-15 2018-06-15 Integrity auditing method for duplicate deletion stored data with different popularity

Publications (2)

Publication Number Publication Date
CN108809996A true CN108809996A (en) 2018-11-13
CN108809996B CN108809996B (en) 2021-02-12

Family

ID=64083214

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810626339.0A Active CN108809996B (en) 2018-06-15 2018-06-15 Integrity auditing method for duplicate deletion stored data with different popularity

Country Status (1)

Country Link
CN (1) CN108809996B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110175169A (en) * 2019-05-30 2019-08-27 青岛大学 A kind of encryption data De-weight method, system and relevant apparatus
CN111090840A (en) * 2019-11-15 2020-05-01 杭州云象网络技术有限公司 Method for user service authentication by using block chain pre-registration information
CN114707983A (en) * 2022-06-02 2022-07-05 武汉智可信科技有限公司 Consumption credible prepayment method and device based on block chain

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150067331A1 (en) * 2013-08-30 2015-03-05 International Business Machines Corporation Remote data storage
CN106662981A (en) * 2014-06-27 2017-05-10 日本电气株式会社 Storage device, program, and information processing method
CN106790311A (en) * 2017-03-31 2017-05-31 青岛大学 Cloud Server stores integrality detection method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150067331A1 (en) * 2013-08-30 2015-03-05 International Business Machines Corporation Remote data storage
CN106662981A (en) * 2014-06-27 2017-05-10 日本电气株式会社 Storage device, program, and information processing method
CN106790311A (en) * 2017-03-31 2017-05-31 青岛大学 Cloud Server stores integrality detection method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张曙光、咸鹤群、刘红燕、侯瑞涛: "云存储环境中基于离线密钥传递的", 《技术研究》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110175169A (en) * 2019-05-30 2019-08-27 青岛大学 A kind of encryption data De-weight method, system and relevant apparatus
CN110175169B (en) * 2019-05-30 2023-05-09 青岛大学 Encrypted data deduplication method, system and related device
CN111090840A (en) * 2019-11-15 2020-05-01 杭州云象网络技术有限公司 Method for user service authentication by using block chain pre-registration information
CN114707983A (en) * 2022-06-02 2022-07-05 武汉智可信科技有限公司 Consumption credible prepayment method and device based on block chain

Also Published As

Publication number Publication date
CN108809996B (en) 2021-02-12

Similar Documents

Publication Publication Date Title
CN109687963B (en) Anti-quantum computing alliance chain transaction method and system based on public key pool
CN106254374B (en) A kind of cloud data public audit method having duplicate removal function
Guo et al. Outsourced dynamic provable data possession with batch update for secure cloud storage
Yu et al. Improved security of a dynamic remote data possession checking protocol for cloud storage
CN111639361A (en) Block chain key management method, multi-person common signature method and electronic device
CN109889497A (en) A kind of data integrity verification method for going to trust
CN107483585A (en) The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment
CN105227317B (en) A kind of cloud data integrity detection method and system for supporting authenticator privacy
CN104967693B (en) Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage
CN105721158A (en) Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system
Maffei et al. Maliciously secure multi-client ORAM
CN107359998A (en) A kind of foundation of portable intelligent password management system and operating method
Azad et al. M2m-rep: Reputation system for machines in the internet of things
Buccafurri et al. Integrating digital identity and blockchain
Cui et al. Ciphertext-policy attribute-based encrypted data equality test and classification
CN106790311A (en) Cloud Server stores integrality detection method and system
CN110392038A (en) The multi-key cipher that can verify that under a kind of multi-user scene can search for encryption method
CN108809996A (en) Different popularities delete the integrality auditing method for storing data again
CN109088719A (en) Outsourced database multi-key word can verify that cipher text searching method, data processing system
CN104361295B (en) Method for inquiring and verifying data of internet-of-vehicles RSU (Remote Subscriber Unit) based on cloud platform
Cui et al. Proof of retrievability with public verifiability resilient against related‐key attacks
CN108156139A (en) No certificate can verify that multiple key cryptogram search system and method
Gao et al. BFR‐SE: A Blockchain‐Based Fair and Reliable Searchable Encryption Scheme for IoT with Fine‐Grained Access Control in Cloud Environment
Xie et al. A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices
CN113014394A (en) Electronic data evidence storing method and system based on alliance chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 266071 Shandong city of Qingdao province Ningxia City Road No. 308

Applicant after: Qingdao University

Address before: 266071 Ningxia Road, Shandong, China, No. 308, No.

Applicant before: Qingdao University

GR01 Patent grant
GR01 Patent grant