CN109145612B - Block chain-based cloud data sharing method for preventing data tampering and user collusion - Google Patents

Block chain-based cloud data sharing method for preventing data tampering and user collusion Download PDF

Info

Publication number
CN109145612B
CN109145612B CN201810733972.XA CN201810733972A CN109145612B CN 109145612 B CN109145612 B CN 109145612B CN 201810733972 A CN201810733972 A CN 201810733972A CN 109145612 B CN109145612 B CN 109145612B
Authority
CN
China
Prior art keywords
data
user
dol
sharing
group leader
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810733972.XA
Other languages
Chinese (zh)
Other versions
CN109145612A (en
Inventor
徐光伟
马永东
王文涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Donghua University
Original Assignee
Donghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Donghua University filed Critical Donghua University
Priority to CN201810733972.XA priority Critical patent/CN109145612B/en
Publication of CN109145612A publication Critical patent/CN109145612A/en
Application granted granted Critical
Publication of CN109145612B publication Critical patent/CN109145612B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

In recent years, with the more and more wide application of cloud, the problem of privacy disclosure of cloud sharing data at home and abroad is continuously generated, the privacy disclosure problem in cloud data sharing becomes a focus of people's attention, and related solutions are also continuously provided. Most of the existing solutions consist of a single sharer or a specific user. However, in an actual data sharing scenario, the shared data is usually provided by a multi-bit data owner, which brings a new series of problems to protect the privacy of the data, such as malicious tampering of the shared data, collusion between malicious users, and collusion between users and cloud service providers. The invention provides a cloud data sharing method for realizing data tampering prevention and user collusion based on a block chain. The method realizes that data is not tampered by malicious users during sharing by adopting methods of public accounting and intelligent contracts in a block chain, and simultaneously realizes confidentiality of shared data by adopting a (p, t) threshold Paillier cryptosystem, thereby avoiding the problem that the malicious users collude to steal the shared data.

Description

Block chain-based cloud data sharing method for preventing data tampering and user collusion
Technical Field
The invention relates to a block chain-based cloud data sharing method for achieving data tamper resistance and user collusion resistance, and belongs to the field of cloud data sharing, data privacy and block chains.
Background
With the rapid development of network technologies and cloud computing, the amount of enterprise or personal data is rapidly increasing. In order to conveniently store and share data, more and more enterprises or individuals transfer own data storage and sharing to a cloud space, and compared with the traditional information sharing and communication technology, the cloud computing has the characteristics of low energy consumption and efficient resource sharing. However, this presents a significant challenge to information security, such as data loss and privacy leakage. Moreover, when data is stored in the cloud, users will simply not have control over their personal data, which is a major concern for ensuring confidentiality and privacy of shared data.
In order to solve the above problem, a conventional solution is to adopt a Central Authority (CA) or a Third-party certification authority (TPA) in the data sharing mode to manage the certification work of the data and the keys, or to protect a dedicated root certificate key in the certification authority. However, the above solutions still have disadvantages, and the central authority and the third party are not trusted, so that collusion or rights collection problems are easy to occur. And CA and TPA are not required in some scenarios. In a scientific research and study sharing scenario, users with similar data can trade data according to their needs, or obtain meaningful results through sharing calculation. There is no need to establish a trust center authority CA between them to manage their own shared data, and no special certification authority TPA is needed to do so. Moreover, if the method is adopted, the system processing steps are complicated, the shared data is easily tampered, and collusion among malicious users is easy to happen.
Disclosure of Invention
The purpose of the invention is: under the cloud data sharing environment, data is prevented from being maliciously tampered and shared data is prevented from being stolen by means of collusion of malicious users, and a safe cloud sharing method is provided.
In order to achieve the above object, a technical solution of the present invention is to provide a method for sharing cloud data based on a block chain to achieve data tampering prevention and user collusion, which is characterized by comprising the following steps:
step 1, obtaining system parameters through initialization calculation
Figure GDA0003057878280000011
Wherein G is a randomly selected generator, and G belongs to G1,G1Is a circulating group; p ═ γ · g, γ is a random integer,
Figure GDA0003057878280000012
Figure GDA0003057878280000013
a set of integers that are non-zero; H. h0To belong to the circulation group G1Two elements of (a); h1=ξ1·H0,H2=ξ2·H0,ξ1、ξ2Is an integer that is randomly selected and is,
Figure GDA0003057878280000021
Figure GDA0003057878280000022
a set of non-zero prime numbers;
Figure GDA0003057878280000023
W=γ*P;h1、h2two hash functions; f is a random integer and f is a random integer,
Figure GDA0003057878280000024
Figure GDA0003057878280000025
is an encryption algorithm;
step 2, a (p, t) threshold Paillier cipher system is adopted, a private key sk is separated and distributed to p users, p ═ 2, in the distribution process, a data owner group leader DOL is recommended according to the data sharing contribution rate, the distribution of the user private key is responsible for the data owner group leader DOL, the DOL, CA and TPA are different, and the authority of the DOL is not higher than that of the CA and TPA. In the method, DOL is only used for distributing and verifying the private key, and the maximum authority (member verification, data tampering) is taken charge of by each member. The data owner group leader DOL sends the secret key to a corresponding user through a secure channel;
step 3, generating a file by adopting a homomorphic encryption method, and then uploading the file;
step 4, when the user passes the authentication, the user performs the shared data access operation, when the user needs to update the data block, the user must perform the signature operation on the data block after the data block is updated, and the user i is set to perform the signature operation on the data block miAfter the update, at data block miIn the process, a signature operation is performed, and the signature is composed of an IDi,mi,σi,SiFour components, wherein, IDiFor a data block miId, m ofiFor a data block mi、σiIs a signature, SiIs the identity of the signer;
in the process of data sharing, if data is maliciously tampered by a certain user, other users are subjected to collective verification, if the data does not pass a verification formula, the current user is indicated to be a condition that the current user does not meet the honest user in sharing, and a data owner group leader DOL executes the revocation operation of the current user;
step 5, user group detection, wherein each user in the user group is a member, and the method comprises the following steps:
step 501, each member submits to the data owner group leader DOL
Figure GDA0003057878280000026
And a signature deltai,AiFor unique identification of member i, verify
Figure GDA0003057878280000027
If the determination is true, if the determination is false, the step 502 is executed, and if the determination is true, the step 503 is executed;
step 502, the member i sends an error report to the data owner group leader DOL, where the error report is (N, ID)i,γi,mi-1) In the formula: n ═ h2(IDiT is not less than | t |0 and not more than n-1), and t is an effective time threshold of the error report; r isjA random integer selected for member i; m ist-1Is a data block representing the updating at the time t-1; data owner group leader DOL checks against error reports Ai=Wi*ttmpIf yes, then (indicating that the member is not a malicious user); if the error report is not satisfied, the message that the member i sends to other members is different from the message that the member i submits to the data owner group leader DOL, the member i must resend the error report within a period of time, and if the member i resends the error report within the threshold value t, the data owner group leader DOL rechecks A according to the error reporti=Wi*ttmpIf the member i is not in the threshold value t, the error report is not sent again, the member i is indicated to be an untrusted node, the member i is deleted from the member, and the data owner group leader DOL executes the revocation operation of the member i;
step 503, the member i is an honest member, and the judgment operation of the next member is continuously executed;
and 6, publicly accounting, broadcasting after user data access, verifying and recording operation records of the broadcasting users by other users, applying for initiating error verification operation after a plurality of users find errors in the whole sharing process, and allowing at least t members to participate in verification. All data in the method are stored in a data block mode:
to ensure that the recorded content is authentic and has not been tampered with, the data hash value is stored in an item block structure, the data block is composed of a plurality of item blocks, and the hash value is calculated to obtain the Merkle root of the data block. The Merkle root is submitted to the blockchain so that the data cannot be tampered, and each item block only stores the hash value and the header information of the item;
each data contains five kinds of information: ith data block miC, signature σiData block miidID ofiIdentity of signer SiThe user records the request, takes the public key as the identity and realizes the updating operation of the node information by representing whether the node receives the broadcast request or not;
step 7, key updating:
the data owner group leader DOL periodically performs the updating operation of the user secret key, and meanwhile, in a certain time interval, after the problem of multiple times of malicious data tampering occurs in the model, the data owner group leader DOL initiates the updating operation of the user secret key.
The invention has the following advantages:
1) the cloud sharing data processing method and device can solve the problem that the cloud sharing data is tampered. By using the blockchain technology, each access of a user is recorded in the blockchain, and public key information based on identity is recorded in each access, so that once data is tampered, other users can efficiently trace back to the malicious user. Also, in this scheme, shared data can be exchanged between users, and transaction information is encrypted between a plurality of users to ensure security and reliability thereof.
2) The invention can solve the problem that the user is in the cloud sharing environmentThe problem of collusion. A (p, t) threshold Paillier cryptosystem is adopted to protect the privacy of multi-party data in a block chain. In the present invention, a (p, t) threshold Paillier cipher is applied to the block chain. The private key sk is divided (sk)1,sk2,...,skp) And is assigned to p participants. If one party wants to decrypt the ciphertext C, at least (t-1) private keys of the other parties need to be aggregated. This is difficult to achieve in practice.
3) The honest users in the invention are equal to each other, and update and maintenance operation of data is performed equally, so that the problem that the data is maintained by traditional central authority CA, third party certification authority TPA and the like, but the security of shared data is maintained by the participation of users in accounting is solved. Meanwhile, the problem that the cloud server is not trusted is solved, the calculated amount is decomposed, and the actual scene needs are met.
Drawings
FIG. 1 is a schematic diagram of a model of the method;
FIG. 2 is a diagram of a data block signature format structure of the method;
FIG. 3 is a schematic view of a user detection process;
FIG. 4 is a memory format of a Merkle tree;
fig. 5 is a project data structure.
Detailed Description
In order to make the invention more comprehensible, preferred embodiments are described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the model of the method is composed of three roles, namely, a data owner (data owner), a Cloud Service Provider (CSP), and a user (user). (1) The data owner firstly encrypts the data and then uploads the data to the cloud server for sharing, wherein the data owner comprises two roles of special sharing and part-time sharing (user). That is, the users in the scene can share all their data. In the Data Owner, a Data Owner group Leader (DOL) is recommended according to the Data sharing contribution rate, and some work of Data operation is responsible, and the DOL is the roles of honest Data sharer and responsible person in the scheme of the invention. (2) The cloud service provider is responsible for data storage of the data owner, is honest and curious, can honestly store data, and can also continuously detect the stored data content. (3) The user is a data demander in the scheme, and the user can continuously access or update the data in the cloud after passing the identity authentication. Meanwhile, the user can also be a data owner in the model, the uploaded data can be updated, and the data of other users can be accessed.
The cloud data sharing method for realizing data tampering prevention and user collusion based on the block chain can be divided into eight parts: initialization, key generation, user detection, file generation and uploading, file sharing, user accounting, user revocation and key updating.
Step 1: the initialization, the initialization part mainly includes the parameter initialization, the user registration and so on, including the following steps:
step 101: two elements H, H0 are selected, and H, H0 ∈ G1,G1For cyclic groups, and randomly selecting two prime numbers
Figure GDA0003057878280000051
Figure GDA0003057878280000052
Is a non-zero number set. This step is responsible for DOL. The DOL is recommended and selected for a data owner, the DOL has user registration and revocation authority of a user key, other authorities are the same as those of a data common owner, and the detailed formula (1):
Figure GDA0003057878280000053
step 102: randomly selecting a generator G E G1And a random integer
Figure GDA0003057878280000054
Figure GDA0003057878280000055
Is a non-zero integer set, and then P ═ γ · g, W ═ γ · P, are calculatedq. In addition, the DOL selects two hash functions h1、h2Mapping its arbitrary length to G respectively1Non-zero interval and non-zero point of
Figure GDA0003057878280000056
Figure GDA0003057878280000057
Step 103: another integer f is selected, and
Figure GDA0003057878280000058
after the calculation from step 101 to step 103, the system parameters can be obtained
Figure GDA0003057878280000059
Wherein
Figure GDA00030578782800000510
The method is a system encryption algorithm and is mainly used for data encryption.
Step 2: a secret key generation stage, adopting a (p, t) threshold Paillier cryptosystem, wherein: private key sk splitting (denoted as sk)1,sk2,...,skp) And distributed to p (p > ═ 2) users; t is the number threshold of people needing to decrypt the ciphertext, namely, the ciphertext can be decrypted only by t persons or more than t persons. In a practical scenario, the data is maintained by multiple parties, so if one party wants to decrypt the entire ciphertext C, at least (t-1) private keys of other parities need to be aggregated. In practical situations, it is difficult to achieve collusion. The step 2 specifically comprises the following steps:
step 201: key generation (sk, pk), pk being the public key. The DOL distributes the secret value to the group users as follows:
step 2011: creating a user polynomial f (x), and generating a private key as shown in formula (2):
Figure GDA00030578782800000511
in the formula (2), the reaction mixture is,
Figure GDA00030578782800000512
is secret, i.e. the complete private key; a. theiAll identities representing i users; skiTo represent the private key of i user, wherein the value range of i is [1, p ]]In the meantime. Finally, each user has a secret value, i.e. a shared secret key. When they need to be kept secret, the administrator reconstructs the key and sends a very secure channel to the corresponding user.
Step 2012: generating a public key pk
The generation of the public key pk is realized by the existing method. The data owner then sends the ciphertext C to the cloud data center along with the identity-based public key pk.
And step 3: file generation and upload
The file generation and uploading mainly comprises the operation between a data owner and a cloud server, the data owner firstly encrypts a file to be shared and then uploads the encrypted file to a cloud data center, and the method comprises the following steps:
step 301: file generation operations
The method mainly comprises the steps of carrying out blocking and encryption operation on uploaded files, wherein the method is homomorphic encryption. Homomorphic encryption allows users to directly perform ciphertext-specific algebraic operations, obtain results, and perform the same operations on the same plaintext encryption results. The public key pk and the private key sk are generated by a security parameter α. The public key pk is used to encrypt plaintext and the private key sk is used to decrypt ciphertext. Assuming that m is Zn, n is a large positive integer, ZnIs a set of integers modulo n, the encryption of the plaintext m in the present invention is denoted as Epk(m) of the reaction mixture. Homomorphic encryption has the attribute:
Figure GDA0003057878280000061
Figure GDA0003057878280000062
in the formulae (3) and (4), m1And m2Is the plaintext to be encrypted; and a is a constant.
Step 302 File upload
Uploading a file f between a user and a cloud, and carrying out hash operation on the file f, so that H: {0,1}*→{0,1}lAnd l denotes the length of the hash. Namely, after the user carries out hash operation on the file f, a hash key K is generatedfH (f), use KfA unique markup file f is made.
Step 303: in step 301, the encryption algorithm used in the encryption method is introduced, using the formula f*=EpkThe representative file f is encrypted. Since K is mentioned in step 302fAnd stored locally. Thus, it is possible to provide
Figure GDA0003057878280000063
Will be stored in the cloud.
Step 304: after the above steps, the user will f*And
Figure GDA0003057878280000064
and sending the data to a cloud data center.
And 4, step 4: file sharing, when the user passes the authentication, the user performs the shared data access operation, which comprises the following steps:
step 401: after the user passes the identity authentication, the user can access the data in the cloud sharing;
step 402: when a user needs to update a data block, the user must perform a signature operation on the data block after the data block is updated, and the format of the signature operation performed by the user on the data block is shown in fig. 2. Taking user i as an example, pair data block m at user iiAfter the update, at data block miIn the process, a signature operation is performed, and the signature is composed of an IDi,mi,σi,SiFour parts of which IDiRepresenting a data block miId, m ofiRepresenting a data block mi、σiRepresentative signature, SiRepresenting the identity of the signer. The signature structure diagram is shown in fig. 2.
In the process of data sharing, if data is maliciously tampered by a certain user, other users read the damaged data, and the other users perform collective verification to indicate that the user does not meet the condition of a honest user in sharing, and then delete operation is performed.
The user collective authentication formula is as follows:
Figure GDA0003057878280000071
equation (5), f (x) is the ciphertext decrypted by the combination of t users.
And when the deleting operation is executed, the DOL destroys the key of the user and the access authority of the data. Meanwhile, other users can record records of dishonest users in the account book of the other users, and when the user makes a data access request next time, the system can execute the operation of rejecting the request.
And 5: user detection cannot ensure that each user is trusted in a user group consisting of blind users, and the possibility that malicious users destroy shared data exists. This will result in the other users in the user group accessing the wrong data. Therefore, user detection needs to be performed in sharing, and the method for performing the sharing revocation operation on the malicious user comprises the following steps
Step 501: user detection
First, DOL broadcasts { N, ID for all membersdol,AiI is more than or equal to |0 and less than or equal to v-1}, wherein N is h2(IDi||t|0≤i≤n-1),IDdolIs an identity of DOL, AiIs a unique identification of a member. Each member is then required to send a verification report. Each user submits A to DOLi=γ2*g*ttmpAnd a signature deltaiF is an integer other than 0,
Figure GDA0003057878280000072
when the verification is passed, verifying Ai=Wi*ttmp(6) Whether or not equal.
Step 502: error discovery
If the verification equation (6) is not equal, DOL requires the current user i to send an error report (N, ID)j,γi,mt-1). The error report contains the key of user i and the message he receives from the intended user. Subsequently, DOL checks again whether equation (6) holds. If not, the message sent by the user i to other users is different from the message submitted by the user i to the DOL. Therefore, user i must resend the error report within a period of time. If so, the i user is not a malicious user.
In the case where equation (6) does not hold, if user i does not resend the report within threshold t, indicating that user i is an untrustworthy user, user i should be deleted from the user group and the DOL performs the revocation operation of user i. If user i resends the report within threshold t, the equation (6x holds true or not) is re-determined.
And if the verification formula (6) is equal, the current user i is an honest user, the DOL detects other users in the user group, and the detection form and the content are the same as the detection form of the user i. And if a user similar to the user i appears in the detection process, deleting the user. Fig. 3 shows a flowchart of the entire user detection.
Step 6: the method comprises the following steps of publicly accounting, broadcasting after user data access, verifying and recording operation records of other users to the broadcasting user, and the method comprises the following steps:
step 601: and storing the data blocks, wherein all data are stored in the form of the data blocks in the invention. To ensure that the recorded content is authentic and has not been tampered with, the data hash value will be stored in the project structure we build. The hash value of each item is put into the item block structure, so that the search space can be effectively reduced, and the record checking speed of a user is accelerated.
The data block is composed of multiple item blocks, and the hash value is calculatedTo obtain the Merkle root of the data block. The Merkle root is committed to the blockchain so that the data is not tampered with. Each item block stores only the hash value and header information of the item. Each data contains five kinds of information: m isi、σi、IDi、SiAnd a hash value. The memory structure and the project data structure of the Merkle tree are shown in fig. 4 and 5, respectively.
Step 602 Intelligent contract
The intelligent contract is used for writing data information into the block chain. The specification of the intelligent contract program is as follows:
step 6021: the user initiates a recording request and takes the public key as the identity authentication of the user.
Step 6022: the delegate node accepts the request and broadcasts the accepted request. If not, no response operation is performed.
Step 6023: the user submits a record that is added to the project on behalf of the node according to the user's public key.
Step 6024: and broadcasting project verification information on behalf of the node, verifying records on behalf of the node, and updating data by other nodes.
Step 6025: the number of project blocks is periodically checked and the Merkle root of the block is calculated. The Merkle roots of all newly generated data blocks are anchored to the blockchain.
Step 6026: returning to step 6021, proceed to execute the next contract operation.
And 7: in order to ensure the security of the shared data, the DOL periodically performs an operation of updating the user key. Meanwhile, in a certain time interval, after the data is maliciously tampered for many times in the model, the DOL initiates a user key updating operation in order to ensure the safety of the data.

Claims (1)

1. A cloud data sharing method for realizing data tampering prevention and user collusion based on a block chain is characterized by comprising the following steps:
step 1, obtaining system parameters through initialization calculation
Figure FDA0003057878270000011
Wherein G is a randomly selected generator, and G belongs to G1,G1Is a circulating group; p ═ γ · g, γ is a random integer,
Figure FDA0003057878270000012
Figure FDA0003057878270000013
is a non-zero integer set; H. h0To belong to the circulation group G1Two elements of (a); h1=ξ1·H0,H2=ξ2·H0,ξ1、ξ2Is an integer that is randomly selected and is,
Figure FDA0003057878270000014
Figure FDA0003057878270000015
is a non-zero number set;
Figure FDA0003057878270000016
W=γ*P;h1、h2two hash functions; f is a random integer and f is a random integer,
Figure FDA0003057878270000017
Figure FDA0003057878270000018
is an encryption algorithm;
step 2, a (p, t) threshold Paillier cryptosystem is adopted, the private key sk is separated and distributed to p users, p > is 2, in the distribution process, a data owner group leader DOL is recommended according to the data sharing contribution rate, the distribution of the user private key is responsible for by the data owner group leader DOL, and the data owner group leader DOL only has the functions of private key distribution and verification;
the data owner group leader DOL sends the secret key to a corresponding user through a secure channel;
step 3, generating a file by adopting a homomorphic encryption method, and then uploading the file to a cloud server;
step 4, when the user passes the authentication, the user performs the shared data access operation, when the user needs to update the data block, the user must perform the signature operation on the data block after the data block is updated, and the user i is set to perform the signature operation on the data block miAfter the update, at data block miIn the process, a signature operation is performed, and the signature is composed of an IDi,mii,SiFour components, wherein, IDiFor a data block miId, m ofiFor a data block mi、σiIs a signature, SiIs the identity of the signer;
in the process of data sharing, if data is maliciously tampered by a certain user, other users are subjected to collective verification, if the data does not pass a verification formula, the current user is indicated to be a condition that the current user does not meet the honest user in sharing, and a data owner group leader DOL executes the revocation operation of the current user;
step 5, user group detection, wherein each user in the user group is a member, and the method comprises the following steps:
step 501, each member submits A to the data owner group leader DOLi=γ2*g*ttmpAnd a signature deltai,AiFor unique identification of member i, verify Ai=Wi*ttmpIf the determination is true, if the determination is false, the step 502 is executed, and if the determination is true, the step 503 is executed;
step 502, the member i sends an error report to the data owner group leader DOL, where the error report is (N, ID)ii,mt-1) In the formula: n ═ h2(IDiI is more than or equal to | t |0 and less than or equal to n-1), and t is an effective time threshold of the error report; gamma rayiA random number selected to represent member i; m ist-1To indicate a block of data updated at time t-1, the data owner group leader DOL checks against the error report Ai=Wi*ttmpWhether the member is a malicious user or not is judged, if so, the member is not the malicious user; if not, the member i is sent to other membersThe member's message is different from the message submitted by member i to the data owner group leader DOL, and member i must resend the error report within a period of time, if member i resends the error report within threshold t, the data owner group leader DOL rechecks A according to the error reporti=Wi*ttmpIf the member i is not in the threshold value t, the error report is not sent again, the member i is indicated to be an untrusted node, the member i is deleted from the member, and the data owner group leader DOL executes the revocation operation of the member i;
step 503, the member i is an honest member, and the judgment operation of the next member is continuously executed;
step 6, open accounting, after user data access, broadcasting, verifying and recording operation records of the broadcasting users by other users, applying for initiating error verification operation after a plurality of users find errors in the whole sharing process, and allowing at least t members to participate in verification, wherein all data are stored in a data block mode:
in order to ensure that the recorded content is credible and is not tampered, a data hash value is stored in an item block structure, a data block is composed of a plurality of item blocks, and the hash value is calculated to obtain a Merkle root of the data block; the Merkle root is submitted to the blockchain so that the data cannot be tampered, and each item block only stores the hash value and the header information of the item;
each data contains five kinds of information: ith data block miC, signature σiData block miId of (2), identity of signer SiThe user records the request, takes the public key as the identity and realizes the updating operation of the node information by representing whether the node receives the broadcast request or not;
step 7, key updating:
the data owner group leader DOL periodically performs the updating operation of the user secret key, and meanwhile, in a certain time interval, after the problem of multiple times of malicious data tampering occurs in the model, the data owner group leader DOL initiates the updating operation of the user secret key.
CN201810733972.XA 2018-07-05 2018-07-05 Block chain-based cloud data sharing method for preventing data tampering and user collusion Active CN109145612B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810733972.XA CN109145612B (en) 2018-07-05 2018-07-05 Block chain-based cloud data sharing method for preventing data tampering and user collusion

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810733972.XA CN109145612B (en) 2018-07-05 2018-07-05 Block chain-based cloud data sharing method for preventing data tampering and user collusion

Publications (2)

Publication Number Publication Date
CN109145612A CN109145612A (en) 2019-01-04
CN109145612B true CN109145612B (en) 2021-11-16

Family

ID=64799733

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810733972.XA Active CN109145612B (en) 2018-07-05 2018-07-05 Block chain-based cloud data sharing method for preventing data tampering and user collusion

Country Status (1)

Country Link
CN (1) CN109145612B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11836616B2 (en) * 2018-12-04 2023-12-05 Jinan University Auditable privacy protection deep learning platform construction method based on block chain incentive mechanism

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110059088B (en) * 2019-03-26 2023-02-28 创新先进技术有限公司 Data attribute identification method, device and equipment in block chain type account book
CN109922077B (en) * 2019-03-27 2021-06-04 北京思源理想控股集团有限公司 Identity authentication method and system based on block chain
CN110098919B (en) * 2019-04-26 2021-06-25 西安电子科技大学 Block chain-based data permission acquisition method
CN110516469B (en) * 2019-07-31 2023-05-26 苏州白杨软件有限公司 Anti-hacking method in shared big data application scene based on block chain
CN112950367B (en) * 2019-12-11 2021-09-14 支付宝(杭州)信息技术有限公司 Method and device for generating and executing intelligent contract transaction
CN111259433A (en) * 2020-02-18 2020-06-09 重庆第二师范学院 Block chain privacy protection system
CN111368003B (en) * 2020-03-06 2020-10-16 安徽中科智链信息科技有限公司 Management method of multi-chain anchoring data
CN111950025A (en) * 2020-08-21 2020-11-17 安徽高山科技有限公司 File distributed storage method based on block chain intelligent contract
CN112953712B (en) * 2021-02-19 2022-10-18 昆明理工大学 Data cross-chain sharing method based on zero knowledge proof and homomorphic encryption
CN113094232B (en) * 2021-04-09 2024-07-16 中国工商银行股份有限公司 Block chain-based energy consumption data processing method and device
CN114282248B (en) * 2021-12-28 2024-04-05 航天科工智能运筹与信息安全研究院(武汉)有限公司 Offline data tamper-proof system based on hash chain
CN114266061B (en) * 2021-12-28 2024-03-26 航天科工智能运筹与信息安全研究院(武汉)有限公司 Offline data tamper-proof method based on hash chain

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107196934A (en) * 2017-05-18 2017-09-22 电子科技大学 A kind of cloud data managing method based on block chain
CN107533501A (en) * 2015-03-20 2018-01-02 里维茨公司 Use block chain automated validation appliance integrality

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10719771B2 (en) * 2016-11-09 2020-07-21 Cognitive Scale, Inc. Method for cognitive information processing using a cognitive blockchain architecture

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107533501A (en) * 2015-03-20 2018-01-02 里维茨公司 Use block chain automated validation appliance integrality
CN107196934A (en) * 2017-05-18 2017-09-22 电子科技大学 A kind of cloud data managing method based on block chain

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11836616B2 (en) * 2018-12-04 2023-12-05 Jinan University Auditable privacy protection deep learning platform construction method based on block chain incentive mechanism

Also Published As

Publication number Publication date
CN109145612A (en) 2019-01-04

Similar Documents

Publication Publication Date Title
CN109145612B (en) Block chain-based cloud data sharing method for preventing data tampering and user collusion
CN112019591B (en) Cloud data sharing method based on block chain
Ning et al. CryptCloud $^+ $+: secure and expressive data access control for cloud storage
Hu et al. A secure and verifiable access control scheme for big data storage in clouds
CN104901942A (en) Distributed access control method for attribute-based encryption
Xu et al. An integrated privacy preserving attribute-based access control framework supporting secure deduplication
CN111797427A (en) Block chain user identity supervision method and system considering privacy protection
Xu et al. Expressive bilateral access control for internet-of-things in cloud-fog computing
Wang et al. A pre-authentication approach to proxy re-encryption in big data context
CN113360925A (en) Method and system for storing and accessing trusted data in electric power information physical system
Li et al. Traceable Ciphertext‐Policy Attribute‐Based Encryption with Verifiable Outsourced Decryption in eHealth Cloud
CN115883102B (en) Cross-domain identity authentication method and system based on identity credibility and electronic equipment
Deng et al. Policy-based broadcast access authorization for flexible data sharing in clouds
CN117201132A (en) Multi-committee attribute base encryption method capable of achieving complete decentralization and application of multi-committee attribute base encryption method
CN115174184A (en) Attribute-based encryption-based transaction object identity anonymous traceable method, network device and storage device
Yoneyama Strongly secure two-pass attribute-based authenticated key exchange
CN115604030B (en) Data sharing method, device, electronic equipment and storage medium
Cassola et al. Authenticating privately over public Wi-Fi hotspots
Thangavel et al. An analysis of privacy preservation schemes in cloud computing
Hu et al. A secure and scalable data communication scheme in smart grids
JP6840685B2 (en) Data sharing method, data sharing system, communication terminal, data sharing server, program
Saxena et al. A Lightweight and Efficient Scheme for e-Health Care System using Blockchain Technology
CN114417419A (en) Outsourcing cloud storage medical data aggregation method with security authorization and privacy protection
Zhou et al. Secure and efficient fine-grained multiple file sharing in cloud-assisted crowd sensing networks
Akanksha et al. A Secure Multiowner Dynamic Groups Data Sharing In Cloud

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant