CN109194466A - A kind of cloud data integrity detection method and system based on block chain - Google Patents
A kind of cloud data integrity detection method and system based on block chain Download PDFInfo
- Publication number
- CN109194466A CN109194466A CN201811264304.3A CN201811264304A CN109194466A CN 109194466 A CN109194466 A CN 109194466A CN 201811264304 A CN201811264304 A CN 201811264304A CN 109194466 A CN109194466 A CN 109194466A
- Authority
- CN
- China
- Prior art keywords
- cloud
- user
- data
- signature
- block
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 46
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 58
- 238000012795 verification Methods 0.000 claims abstract description 19
- 230000009977 dual effect Effects 0.000 claims abstract description 12
- 238000000034 method Methods 0.000 claims description 35
- 230000008569 process Effects 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000008859 change Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 2
- 238000004873 anchoring Methods 0.000 description 2
- 230000006378 damage Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 238000005498 polishing Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 230000033772 system development Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
A kind of data integrity detection method and system based on block chain.It include: that 1. users handle file to obtain multiple blocks of files using Encryption Algorithm and correcting and eleting codes.2. user signs to each obtained blocks of files using private key for user.3. obtained data block and signature are uploaded to cloud by user.4. the data block and its digital signature that receive are verified using signature verification algorithm in cloud.5. if cloud saves the data block received and its signature, and is published in block chain after carrying out dual signature to data block signature using cloud private key, and respective stored address is returned to user be proved to be successful in 4.6. user carries out completeness check to cloud data using storage address described in hash algorithm, private key for user described in 2 and cloud public key, 5.7. cloud carries out completeness check to data using storage address described in hash algorithm, client public key and cloud public key, 5.
Description
[technical field]
The invention belongs to cloud storage technical field, in particular to a kind of the integrality detection method and system of cloud data.
[background technique]
Cloud storage is a kind of data service model by third party cloud service provider's maintenance and management data.In order to guarantee
The availability of cloud storage, user need periodically payment purchase service so that they can on any smart machine access number
According to.Due to the increase of data volume and the finiteness of personal memory device, cloud storage is widely used by various clients, including
Personal user and enterprise customer.Cloud storage technology brings many conveniences to people's lives, however, when cloud storage service failure
There is generation.Data are during storing and transmitting because network transmission mistake or hacker attack and the maloperation of administrator cause to use
User data error, not can guarantee using the integrality of user data.
Block chain is one " decentralization " distributed account book system, and feature can not exactly be changed, can not be forged, and is made
The characteristics of it can not be distorted for a kind of emerging technology has attracted the concern of many industries, including finance, health care, public affairs
With cause, real estate and government organs.Each of block chain network node can share entity, but none is saved
Point can control modification entity.This technology is designed to pair that the confrontation in environment with keen competition carries out criminal manipulation
Hand.
When data are uploaded to cloud by user, user loses the control to data, judge cloud data whether be completely
One new challenge.
[summary of the invention]
In the case where for user and cloud mutual mistrust, to the integrality of the cloud data of user
The integrality detection method and system of a kind of cloud data based on block chain technology are provided, it can be effectively to cloud data
Integrality is detected, and more parts of different data for uploading cloud for user can quickly judge whether certain part of data are usurped
Change.
For the purpose for realizing foregoing invention, present invention firstly provides a kind of integralities of cloud data based on block chain
Detection method.Referring to Fig.1, key step includes:
Step 1 (101), user handle file to obtain multiple blocks of files using Encryption Algorithm and correcting and eleting codes.
Step 2 (102), user sign to each blocks of files obtained by 101 using private key for user.
Step 3 (103), user's data block as obtained in 101 and the signature as obtained in 102 are uploaded to cloud.
The data block and its digital signature that receive are verified using signature verification algorithm in step 4 (104), cloud.
Step 5 (105), if being proved to be successful in 104, cloud saves the data block received and its signature, and uses cloud
End private key signs to data block carry out dual signature after this dual signature is published in block chain, and by respective stored address
Return to user.
Step 6 (106), user are public using cloud described in hash algorithm described in 102, private key for user and 105
Key, storage address carry out completeness check to cloud data.
Step 7 (107), cloud are public using cloud described in hash algorithm described in 102, client public key and 105
Key, storage address carry out completeness check to data.
Optionally, the hash algorithm is SHA256 algorithm.
Optionally, the non-encrypted algorithm is AES encryption algorithm.
Optionally, the cloud is the cloudy cloud being made of several cloud service providers.
Optionally, the block chain is the block chain network using bit coin as representative.
For achieving the above object, the present invention also provides a kind of integrity detections of cloud data based on block chain
System, and the validity of the system is demonstrated in experimental situation.Referring to Fig. 3, which includes: user's uploading module, cloud
Accept module, user's detection module and cloud detection module.Wherein,
User's uploading module accepts module for being handled file and uploading to cloud;
Cloud accepts module, verifies for cloud to the data block and digital signature that receive, if being proved to be successful
On the address passback user for carrying out dual signature to data block and being uploaded to block chain network, and block chain network is returned
Transmission module;
User's detection module carries out completeness check to cloud data for user, accepts module from cloud and stored
Data, and from cloud accept module return block chain network address voucher, user's detection module using obtain data and
Voucher detects cloud data integrity;
Cloud detection module carries out completeness check to data for cloud, and cloud detection module use is from block link network
The address voucher and available data that network obtains carry out the detection of cloud data integrity.
The advantages of the present invention are that it is possible to effectively detect the integrality of cloud data, for
The more parts of different data that user uploads cloud can quickly judge whether certain part of data are tampered, and the present invention can fit extensively
Integrity detection field for cloud storage.
[Detailed description of the invention]
Fig. 1 is the integrality detection method flow chart of cloud data of the invention;
Fig. 2 is the method flow diagram of the integrity detection scheme processing file of cloud data of the invention;
Fig. 3 is the program output of the integrity detection scheme detection process of cloud data of the invention;
Fig. 4 is the integrity detection system schematic diagram of cloud data of the invention;
Fig. 5 is the chronergy comparison diagram of the integrity detection experiment of cloud data of the invention.
[specific embodiment]
The above objects, features and advantages of the present invention for ease of understanding, with reference to the accompanying drawing with specific embodiment to this
Invention is described in further detail.Obviously, following embodiments are only a part of the embodiments of the present invention, rather than whole
Embodiment.Based on the algorithm idea and embodiment in the present invention, those skilled in the art's other embodiments obtained all belong to
In protection category of the invention.
In the present embodiment, user and cloud are the both sides of mutual mistrust, in order to audit save data beyond the clouds whether by
It distorts, the open account book by block chain as storage validating documents.Block chain is distribution account book disclosed in one kind, rewrite or
The cost that person modifies transaction is very high.Once information is by verifying and being added in block chain, which permanent will be stored
Get up, unless most of node in system can be controlled simultaneously, be otherwise to the modification of information on individual node it is invalid,
Therefore block chain can be considered with the characteristic that can not be distorted;And block chain has publicity, and the data of block chain are to owner
Open, anyone can access block chain data and exploitation related application.Therefore block chain can be used as independently of user and
The trusted third party in cloud.
Embodiment 1,
The integrality detection method of cloud data provided by the invention based on block chain, as shown in Figure 1, key step packet
It includes:
[101] step 1: user handles file to obtain multiple blocks of files using Encryption Algorithm and correcting and eleting codes.
The processing includes encrypting to file.It is described to file carry out encryption be in order to prevent data content by not by
The user of letter accesses.The file of user may include privacy and confidential information under cloud storage scene, and user distrusts cloud service
Quotient, therefore cloud service provider reads the content of user file in order to prevent, guarantees data security, and needs before file upload to it
It is encrypted.
Specifically, the encryption can select to calculate using symmetric encipherment algorithm or asymmetric encryption according to different scenes
Method encrypts file.As other users that the file that user is uploaded only allows oneself to read, be not shared in system
When, using symmetric encryption method, that is, encrypts and decryption uses the same key.User generates at random before executing Encryption Algorithm
One encryption key encrypts file with the key, and when decryption also uses the key.When the file that user is uploaded allows other use
When family is read, using asymmet-ric encryption method, user generates a pair of of public key and private key, user at random before executing Encryption Algorithm
Using private key encryption file, and public key is disclosed to the trusted users for being allowed to read this document, public affairs can be used in these users
Key is decrypted file to read file content.
Particularly, for the key, user can save it in client personal computer or be securely stored in
Cloud.The method of described " being securely stored in cloud " is that encryption key is spread to multiple servers by privacy sharing method
On.
Illustratively, when user wants the file of a 8M size saving the use not allowed for beyond the clouds in addition to oneself
Family read file content when, first use random algorithm generate a random key, then using AES encryption algorithm to file into
Row encryption, i.e., using filename text and newly-generated key as the input of AES encryption function, function export it is encrypted after it is close
Text.Encryption to have read the data saved beyond the clouds even if attacker, as can not decrypt ciphertext and obtain not
To any information about plaintext document.The key that user uses when locally saving encryption, when user wants to read this document
When, as long as downloading ciphertext from cloud and being decrypted using previously stored key-pair file, can successfully read in file
Hold.
The treatment process further includes carrying out redundancy encoding to file using correcting and eleting codes.The use of the correcting and eleting codes be in order to
Improve the reliability of storage, even if so that file distorted, the fortuitous events such as partial destruction when be still able to be read.
After user stores files into cloud, the control to file is just lost;And it is possible to meet on Cloud Server each
Kind failure and attack: the file of user is possible to lose a part of information because of disk failure, it is possible to be attacked and be led
Data are caused partially to be distorted, etc..These failures and attack will lead to file permanent damages and can not read.It is deposited to improve
File division is equal-sized several blocks of files using correcting and eleting codes technology, includes one in these blocks of files by the reliability of storage
A little redundancies, therefore even if there is partial document block to be damaged can use the blocks of files that is not damaged still to restore
File out.
It specifically, first will be literary when being encoded using the RS code that parameter is (k, n) to the file that a size is F
Part cutting is the blocks of files that length is F/k;Particularly, it if the last one file block length is less than F/k, is mended at its end
0 to length be equal to F/k.The value of other (n-k) a block is calculated using this k block, the length of this (n-k) a block is also equal to
F/k.Thus n blocks of files is obtained, original can be recovered by arbitrarily choosing k block from this n blocks of files.
Illustratively, the file of one 8MB is encoded using the RS code that parameter is (4,6).First by file cutting
For 4 blocks of files that length is 2MB, the value of other 2 blocks is calculated using this 4 blocks, obtains 6 blocks of files.So, from this
Original can be recovered by arbitrarily choosing 4 in 6 blocks of files.
As shown in Fig. 2, described handle file to obtain the specific of multiple blocks of files using Encryption Algorithm and correcting and eleting codes
Process is as follows:
Step 1.1: being directed to a file, user encrypts file using Encryption Algorithm to obtain ciphertext.
The Encryption Algorithm refers to AES encryption.
Step 1.2: the ciphertext obtained for encryption, user is encoded to obtain equal-sized using correcting and eleting codes to ciphertext
Multiple data blocks.
The correcting and eleting codes refer to that parameter is the RS code of (k, n), and the value of parameter is specified by user.After the coding with the RS code
The number of the data block arrived is n.
[102] step 2: user signs to each blocks of files obtained by 101 using user's signature private key.
The signature process includes following two steps:
Step 2.1: to each data block Fi, user obtains the cryptographic Hash H of data block using hash algorithmi。
Hash algorithm is a kind of common compression mapping method, the input data of random length can be mapped as fixing
The output data of length, referred to as " cryptographic Hash " of the input data.SHA (Secure Hash Algorithm) secure Hash system
Column algorithm can guarantee that two different input datas will not generate identical cryptographic Hash, once that is, input data change it is defeated
Cryptographic Hash out also can be different, therefore can be by verification data cryptographic Hash come verification of data integrity.Different SHA algorithms can
To generate the cryptographic Hash of different length, the cryptographic Hash length that SHA256 algorithm generates is 256 bits.
Illustratively, Hash operation is carried out to the blocks of files that a length is 2MB using SHA256 hash algorithm and obtains one
A length is the character string of 256 bits.
Step 2.2: to each data block cryptographic Hash Hi, user encrypted to obtain digital signature S using private key for useri。
Used private key when the user's signature private key is different from the use of rivest, shamir, adelman encryption file.The label
Name private key generates when being user's registration, is served only for user and signs to blocks of files.Signature private key is locally taken care of by user, signature
Public key is disclosed to cloud service provider and other trusted users.Defined in signature algorithm using signature private key carry out signature algorithm and
The signature verification algorithm carried out using public signature key.
Illustratively, user is generated when first time system being added by key defined in operation elliptic curve
Algorithm generates a pair of private key and public key for signature, meanwhile, which also defines is calculated using the signature that signature private key carries out
Method and the signature verification algorithm carried out using public signature key.Signature private key is safely stored in local by user, by public signature key
It is disclosed to cloud service provider.It signs each time after this, user uses current signature private key generated, runs signature algorithm
It signs;And the cloud service provider for only possessing public signature key can run signature verification algorithm to verify the number that user sends
It is whether consistent according to signing with it, to verify the integrality of signer identity and data.
[103] step 3: user's data block as obtained in 101 and the signature as obtained in 102 are uploaded to cloud.
Channel used in the upload procedure is trusted channel, and the attack of information stealth will not occur, i.e. information will not
Leakage.But the trusted channel is in transmission process it is possible that mistake, the signature of data block is precisely in order to prevent such ask
Topic.Cloud service provider can verify the data received by operation signature verification algorithm after receiving data block and its signature
The integrality of block so that detect error in data in time.So far, processing terminate for file by user.
[104] step 4: the data block and its digital signature that receive are verified using signature verification algorithm in cloud.
Signature verification algorithm described in step 2.2 in the signature verification algorithm i.e. 102.Cloud is public using the signature of user
Key runs signature verification algorithm, can verify the integrality of signer identity and data block.Described in 103
There is mistake to the signature process of file in error of transmission or user, can be fast by signature verification algorithm in this step
Speed detected, and the data of mistake are saved so as to avoid cloud.This is the first time detection for data integrity.Especially
Result can be fed back to user and request data retransmission by ground, when failing the authentication, cloud.
Illustratively, the example in 102 is corresponded to, cloud is directed to each data block F receivedi, breathed out using SHA256
Uncommon algorithm obtains its cryptographic Hash Hash (Fi).The digital signature S received for eachi, cloud is solved using client public key
It is close to obtain Dec (Si), if Hash (Fi) and Dec (Si) identical, it is proved to be successful, otherwise output 0 exports 1.
The verification process has been to ensure that the non-something unexpected happened of the upload procedure from user to cloud: Hash (Fi) and
Dec(Si) it is identical illustrate the data that cloud receives and the data that user uploads be it is identical, i.e., accident does not occur for upload procedure.
[105] step 5: if being proved to be successful in 104, cloud saves the data block received and its signature, and uses cloud
End signature private key is disclosed in block chain after carrying out dual signature to data block signature, and respective stored address is returned to
User.
The cloud signature private key is identical as user's signature private key functionality described in 102, signs for cloud.Its is right
The public signature key answered is disclosed to all users by cloud, for carrying out signature verification.It signs described in the endorsement method and 102
Method is identical, includes two steps described in 102.
Specifically, cloud generates a pair of private key and public key for signature by operation elliptic curve, meanwhile, the calculation
Method also defines the signature algorithm carried out using signature private key and the signature verification algorithm carried out using public signature key.Cloud will be signed
Name private key safely saves, and public signature key is disclosed to all users, and all users can be with this public signature key to cloud
Signature and signature contents verified.When the verification result is successfully in 104, cloud saves the number received in 103
It tries again signature, i.e. dual signature according to block and its signature, and using private key to these data blocks signature, it is then that these are secondary
Signature is published in block chain.
The dual signature refer to cloud by the data block received signature as signature algorithm input data thus
The new signature generated is the equal of second of signature to former data block.
The block chain is that one kind can only execute the distributed data base increased with search operation, not with content on chain
The attribute that can be distorted.Bit coin block chain is used to record the bit coin transaction in bit coin network, retains in every transaction certain
Space message of transacting business, which is greater than the size of voucher (i.e. dual signature) being calculated in this step, therefore can
Voucher to be stored in the transaction of block chain.Since each transaction identifier is unique, the address of voucher is unique, use
Family can give voucher for change according to address.Bit coin block chain is current reliability and the strongest block chain of stability.Voucher is deposited
It can choose the global public chain or system development of such as bit coin block chain, ether mill block chain when storing up block chain
The private chain being only made of cloud and user that person's neotectonics goes out.If using public chain, the announcement process is come using existing api
It will be in signature write-in block chain;If announcing process i.e. cloud using private chain and successfully initiating a transaction and transaction in network
It is successfully packaged into block and is received by most of nodes in network.
The storage address with openly on block chain data content correspond, any use for possessing the storage address
Family can request data content corresponding to this storage address to block chain.
Illustratively, after being proved to be successful, cloud is by data block F1,…,FnWith digital signature S1,…,SnIt saves.For
Each digital signature S receivedi, cloud signs it to obtain S using cloud private keyi', then mentioned using Tierion
The open api supplied passes through http request for S according to regulation formati' send, and pass through Chainpoint agreement for Si' anchor
Determine into bit coin block chain, cloud can receive the anchoring successful information and storage address of Tierion return after being anchored successfully.
Anchoring successful information is for proving Si' it has successfully been anchored to bit coin block chain, storage address is for reading Si’。
So far the upload of step, data has been completed.User and cloud can at any time carry out the data uploaded
Whole property detection.
[106] step 6: user is public using cloud described in hash algorithm described in 102, private key for user and 105
Key, storage address carry out completeness check to cloud data.
Specific step is as follows for the completeness check:
Step 6.1: the data block F that user uploads from cloud downloading 1031,…,Fn。
Step 6.2: user requests to obtain data block F from block chain using storage address K1,…,FnCorresponding voucher
S1’,…,Sn’。
Illustratively, the api interface that user is provided by Tierion sends http request, request according to the format of regulation
Comprising storage address obtained in 105, Tierion can return to the content that user is anchored on block chain, i.e. this step is asked
The voucher asked.
Step 6.3: downloading obtained data block F for eachi, user obtains the Kazakhstan of digital signature using hash algorithm
Uncommon value Hash (Fi), and it is signed using private key for user to obtain digital signature Sign (Hash (Fi))。
Step 6.4: being directed to each data block voucher Si', user is decrypted it to obtain Dec using cloud public key
(Si'), if Sign (Hash (Fi')) and Dec (Si') it is identical, then user can primary data it is complete, otherwise data integrity is by broken
It is bad.
Illustratively, the byte number that the file of a 8MB size includes is 8388600, and carrying out end polishing makes this article
The byte number for the file that the multiple that part is 16 obtains is 8388608, with length and the length of the plaintext phase of ciphertext after AES encryption
Together.It is encoded by the RS code that parameter is (4,6), obtains the blocks of files that 6 byte numbers are 2097152.According to method described in 101
It is handled to obtain 6 sizes to be 2MB blocks of files (it is the RS code of (4,6) that we, which use parameter, herein).With first file
Block citing, is signed to obtain 256 signature 3F789D362290A847B432 using user's signature private key
[107] step 7: cloud is public using cloud described in hash algorithm described in 102, client public key and 105
Key, storage address carry out completeness check to data.
Specific step is as follows for the completeness check:
Step 7.1: requesting to obtain the corresponding voucher S of data block from block chain using storage address K in cloud1’,…,Sn’。
Illustratively, the api interface that cloud is provided by Tierion sends http request, request according to the format of regulation
Comprising storage address obtained in 105, Tierion can return to the content that cloud is anchored on block chain, i.e. this step is asked
The voucher asked.
Step 7.2: the data block F received in 103 for eachi, cloud obtains its Hash using hash algorithm
Value Hash (Fi)。
Step 7.3: being directed to each data block voucher Si', cloud is successively decrypted using cloud public key and private key for user
To Dec (Dec (Si')), if Hash (Fi) and Dec (Dec (Si')) it is identical, then cloud can primary data it is complete, otherwise data are complete
Property is destroyed.
Illustratively, there is detection data block integrality using the program code that the integrity checking method is realized out
Function, when a data block is that completely, program passes through integrity verification is returned;When a data block is distorted, journey
Sequence will return to integrity verification failure, show that data block is distorted.Experimental result output is as shown in Figure 3.Such as in Fig. 3
147 rows export shown, when the data block that we download to from cloud is complete, integrity detection output " good
Signature " (correctly signature);As shown in the 148th row in Fig. 3, when the data block that we download to from cloud is to be tampered
, complete heart difficulty measured data " BAD SIGNATURE " (bad signature).
Embodiment 2,
Another embodiment of the invention additionally provides a kind of integrity detection system of cloud data, as shown in figure 3, should
System includes: that user's uploading module, cloud accept module, user's detection module and cloud detection module.Wherein,
User's uploading module accepts module for being handled file and being uploaded to cloud, and specific method can refer to reality
Step 101,102 and 103 in example 1;
Cloud accepts module, verifies for cloud to the data block and digital signature that receive, if being proved to be successful
On the address passback user for carrying out dual signature to data block and being uploaded to block chain network, and block chain network is returned
Transmission module, specific method can refer to step 104 and 105 in example 1;
User's detection module carries out completeness check to cloud data for user, accepts module from cloud and stored
Data, and from cloud accept module return block chain network address voucher, user's detection module using obtain data
Cloud data integrity is detected with voucher, specific method can refer to step 106 in example 1;
Cloud detection module carries out completeness check to data for cloud, and cloud detection module use is from block link network
The address voucher and available data that network obtains carry out the detection of cloud data integrity, and specific method can refer to step in example 1
107。
The file that one size is 8MB is handled using the integrity detection system, it will be in file handling procedure
The parameter of RS code is set as (3,6).Under the simulation cloud environment that we are established, which is tested, is obtained
File upload, downloading and integrity detection required for the time it is as shown in Figure 4.
Detailed Jie has been carried out to the integrality detection method and system of the cloud data of the invention based on block chain above
It continues, specific examples are applied in the present invention is illustrated the principle of the present invention and embodiment, and the explanation of above embodiments is only
It is to be used to help understand method and its core concept of the invention;At the same time, for those skilled in the art, according to this hair
Bright thought, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification should not manage
Solution is limitation of the present invention.
Claims (6)
1. a kind of cloud data integrity detection method based on block chain, which is characterized in that the described method comprises the following steps:
Step 1, user handles file to obtain multiple blocks of files using Encryption Algorithm and correcting and eleting codes;
Step 2, user signs to each blocks of files as obtained in step 1 using private key for user;
Step 3, user's data block as obtained in step 1 and the signature as obtained in step 2 are uploaded to cloud;
Step 4, the data block and its digital signature that receive are verified using signature verification algorithm in cloud;
Step 5, if being proved to be successful in step 4, cloud saves the data block received and its signature, and uses cloud private key pair
This dual signature is published in block chain by data block signature after carrying out dual signature, and respective stored address is returned to use
Family;
Step 6, user stores ground using described in private key for user described in hash algorithm, step 2 and cloud public key, step 5
Location carries out completeness check to cloud data;
Step 7, cloud using storage address described in hash algorithm, client public key and cloud public key, step 5 to data into
Row completeness check.
2. the method as described in claim 1, which is characterized in that the hash algorithm is SHA256 algorithm.
3. the method as described in claim 1, which is characterized in that the Encryption Algorithm is AES encryption algorithm.
4. the method as described in claim 1, which is characterized in that the cloud is the cloudy cloud of several cloud service providers composition.
5. the method as described in claim 1, which is characterized in that the block chain is the block link network using bit coin as representative
Network.
6. a kind of integrity detection system of cloud data characterized by comprising user's uploading module, cloud accept module,
User's detection module and cloud detection module;Wherein,
User's uploading module accepts module for being handled file and uploading to cloud;
Cloud accepts module, verifies for cloud to the data block and digital signature that receive, the logarithm if being proved to be successful
Dual signature is carried out according to block and is uploaded to block chain network, and the address passback user that block chain network is returned uploads mould
Block;
User's detection module carries out completeness check to cloud data for user, accepts the number that module obtains storage from cloud
According to, and from cloud accept module return block chain network address voucher, user's detection module using obtain data and voucher
Cloud data integrity is detected;
Cloud detection module carries out completeness check to data for cloud, and cloud detection module use is obtained from block chain network
The address voucher and available data obtained carries out the detection of cloud data integrity.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811264304.3A CN109194466B (en) | 2018-10-29 | 2018-10-29 | Block chain-based cloud data integrity detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811264304.3A CN109194466B (en) | 2018-10-29 | 2018-10-29 | Block chain-based cloud data integrity detection method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109194466A true CN109194466A (en) | 2019-01-11 |
| CN109194466B CN109194466B (en) | 2021-07-06 |
Family
ID=64944194
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811264304.3A Active CN109194466B (en) | 2018-10-29 | 2018-10-29 | Block chain-based cloud data integrity detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109194466B (en) |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109767221A (en) * | 2019-01-16 | 2019-05-17 | 杭州趣链科技有限公司 | A kind of cross-platform endorsement method of movement towards block chain safety |
| CN109787765A (en) * | 2019-02-27 | 2019-05-21 | 东南大学 | A kind of teledata gateway encryption method for monitoring water quality on line |
| CN109871366A (en) * | 2019-01-17 | 2019-06-11 | 华东师范大学 | A kind of storage of block chain fragment and querying method based on correcting and eleting codes |
| CN109889497A (en) * | 2019-01-15 | 2019-06-14 | 南京邮电大学 | A kind of data integrity verification method for going to trust |
| CN109918942A (en) * | 2019-02-21 | 2019-06-21 | 领信智链(北京)科技有限公司 | A kind of decentralization identification code management system based on ether mill block chain |
| CN110008756A (en) * | 2019-04-04 | 2019-07-12 | 浙江数值跳跃网络科技有限公司 | Data verification method combining block chain system and intelligent hardware equipment |
| CN110018924A (en) * | 2019-02-21 | 2019-07-16 | 同方股份有限公司 | A kind of file damage preventing method based on block chain and correcting and eleting codes |
| CN110287048A (en) * | 2019-05-09 | 2019-09-27 | 清华大学 | Data exception detection method and device |
| CN110324150A (en) * | 2019-06-12 | 2019-10-11 | 东软集团股份有限公司 | Date storage method, device, computer readable storage medium and electronic equipment |
| CN110535656A (en) * | 2019-07-31 | 2019-12-03 | 阿里巴巴集团控股有限公司 | Medical data processing method, device, equipment and server |
| CN110532809A (en) * | 2019-08-21 | 2019-12-03 | 杭州趣链科技有限公司 | A kind of block chain multistage endorsement method based on configuration block |
| CN110782252A (en) * | 2019-10-24 | 2020-02-11 | 福建福链科技有限公司 | Monitoring video data transaction method and system based on block chain |
| CN110832519A (en) * | 2019-03-27 | 2020-02-21 | 阿里巴巴集团控股有限公司 | Improving integrity of communications between blockchain networks and external data sources |
| CN110851080A (en) * | 2019-11-04 | 2020-02-28 | 紫光云技术有限公司 | Distributed storage management system of multi-cloud-disk platform |
| CN111083105A (en) * | 2019-11-05 | 2020-04-28 | 湖南大学 | Cloud data possession verification method and system based on block chain |
| CN111079155A (en) * | 2019-11-13 | 2020-04-28 | 北京海益同展信息科技有限公司 | Data processing method and device, electronic equipment and computer storage medium |
| CN111526219A (en) * | 2020-07-03 | 2020-08-11 | 支付宝(杭州)信息技术有限公司 | Alliance chain consensus method and alliance chain system |
| CN111597590A (en) * | 2020-05-12 | 2020-08-28 | 重庆邮电大学 | Block chain-based data integrity rapid inspection method |
| CN111639939A (en) * | 2020-06-08 | 2020-09-08 | 杭州复杂美科技有限公司 | Block restoring method, equipment and storage medium |
| CN111723397A (en) * | 2020-05-21 | 2020-09-29 | 天津大学 | Block chain-based Internet of things data protection method |
| CN111917558A (en) * | 2020-08-13 | 2020-11-10 | 南开大学 | Video frame data double-authentication and hierarchical encryption method based on block chain |
| CN112039837A (en) * | 2020-07-09 | 2020-12-04 | 中原工学院 | Electronic evidence preservation method based on block chain and secret sharing |
| CN112565264A (en) * | 2020-12-04 | 2021-03-26 | 湖南大学 | Block chain-based cloud storage data integrity detection method and system |
| CN112738090A (en) * | 2020-12-29 | 2021-04-30 | 重庆邮电大学 | Data integrity detection method based on green computing consensus mechanism block chain in edge computing |
| CN112733203A (en) * | 2021-01-14 | 2021-04-30 | 南方科技大学 | Contact data storage method, device, equipment and storage medium |
| CN112861162A (en) * | 2021-03-15 | 2021-05-28 | 深圳市互联在线云计算股份有限公司 | Block chain storage safety guarantee system based on distributed storage |
| CN112887076A (en) * | 2021-01-15 | 2021-06-01 | 上海天俣可信物联网科技有限公司 | Internet of things system based on NB-IoT and blockchain technology and implementation method |
| CN113067703A (en) * | 2021-03-19 | 2021-07-02 | 上海摩联信息技术有限公司 | Terminal equipment data uplink method and system |
| CN113556232A (en) * | 2021-06-30 | 2021-10-26 | 东风汽车集团股份有限公司 | Signature checking method for vehicle cloud communication and file transmission |
| CN113660202A (en) * | 2021-07-08 | 2021-11-16 | 武汉光庭信息技术股份有限公司 | Method and system for checking driving data consistency |
| CN114726533A (en) * | 2022-03-23 | 2022-07-08 | 扬州大学 | Block chain based redundant data detection and deletion method in edge computing environment |
| CN114726878A (en) * | 2022-03-28 | 2022-07-08 | 广州广电运通金融电子股份有限公司 | Cloud storage system, equipment and method |
| CN117335997A (en) * | 2023-11-29 | 2024-01-02 | 广东电网有限责任公司湛江供电局 | Data processing method, system, equipment and medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103326856A (en) * | 2013-05-20 | 2013-09-25 | 西北工业大学 | Cloud storage data responsibility confirmation structure and method based on two-way digital signature |
| CN105320899A (en) * | 2014-07-22 | 2016-02-10 | 北京大学 | User-oriented cloud storage data integrity protection method |
| CN106487801A (en) * | 2016-11-03 | 2017-03-08 | 江苏通付盾科技有限公司 | Information Authentication method and device based on block chain |
| US20170279774A1 (en) * | 2016-03-28 | 2017-09-28 | International Business Machines Corporation | Decentralized Autonomous Edge Compute Coordinated by Smart Contract On A Blockchain |
| CN107360156A (en) * | 2017-07-10 | 2017-11-17 | 广东工业大学 | P2P network method for cloud storage based on block chain under a kind of big data environment |
| CN107566117A (en) * | 2017-07-14 | 2018-01-09 | 浙商银行股份有限公司 | A kind of block chain key management system and method |
| CN107770154A (en) * | 2017-09-22 | 2018-03-06 | 中国科学院信息工程研究所 | Block chain reliable data storage method, terminal and system based on cloud storage |
-
2018
- 2018-10-29 CN CN201811264304.3A patent/CN109194466B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103326856A (en) * | 2013-05-20 | 2013-09-25 | 西北工业大学 | Cloud storage data responsibility confirmation structure and method based on two-way digital signature |
| CN105320899A (en) * | 2014-07-22 | 2016-02-10 | 北京大学 | User-oriented cloud storage data integrity protection method |
| US20170279774A1 (en) * | 2016-03-28 | 2017-09-28 | International Business Machines Corporation | Decentralized Autonomous Edge Compute Coordinated by Smart Contract On A Blockchain |
| CN106487801A (en) * | 2016-11-03 | 2017-03-08 | 江苏通付盾科技有限公司 | Information Authentication method and device based on block chain |
| CN107360156A (en) * | 2017-07-10 | 2017-11-17 | 广东工业大学 | P2P network method for cloud storage based on block chain under a kind of big data environment |
| CN107566117A (en) * | 2017-07-14 | 2018-01-09 | 浙商银行股份有限公司 | A kind of block chain key management system and method |
| CN107770154A (en) * | 2017-09-22 | 2018-03-06 | 中国科学院信息工程研究所 | Block chain reliable data storage method, terminal and system based on cloud storage |
Cited By (48)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109889497A (en) * | 2019-01-15 | 2019-06-14 | 南京邮电大学 | A kind of data integrity verification method for going to trust |
| CN109889497B (en) * | 2019-01-15 | 2021-09-07 | 南京邮电大学 | Distrust-removing data integrity verification method |
| CN109767221A (en) * | 2019-01-16 | 2019-05-17 | 杭州趣链科技有限公司 | A kind of cross-platform endorsement method of movement towards block chain safety |
| CN109871366B (en) * | 2019-01-17 | 2021-09-10 | 华东师范大学 | Block chain fragment storage and query method based on erasure codes |
| CN109871366A (en) * | 2019-01-17 | 2019-06-11 | 华东师范大学 | A kind of storage of block chain fragment and querying method based on correcting and eleting codes |
| CN109918942B (en) * | 2019-02-21 | 2020-07-31 | 领信智链(北京)科技有限公司 | Decentralized identifier management system based on ether house block chain |
| CN109918942A (en) * | 2019-02-21 | 2019-06-21 | 领信智链(北京)科技有限公司 | A kind of decentralization identification code management system based on ether mill block chain |
| CN110018924A (en) * | 2019-02-21 | 2019-07-16 | 同方股份有限公司 | A kind of file damage preventing method based on block chain and correcting and eleting codes |
| CN109787765A (en) * | 2019-02-27 | 2019-05-21 | 东南大学 | A kind of teledata gateway encryption method for monitoring water quality on line |
| CN110832519A (en) * | 2019-03-27 | 2020-02-21 | 阿里巴巴集团控股有限公司 | Improving integrity of communications between blockchain networks and external data sources |
| CN110832519B (en) * | 2019-03-27 | 2024-03-19 | 创新先进技术有限公司 | Improving integrity of communications between a blockchain network and external data sources |
| CN110008756A (en) * | 2019-04-04 | 2019-07-12 | 浙江数值跳跃网络科技有限公司 | Data verification method combining block chain system and intelligent hardware equipment |
| CN110287048A (en) * | 2019-05-09 | 2019-09-27 | 清华大学 | Data exception detection method and device |
| CN110324150A (en) * | 2019-06-12 | 2019-10-11 | 东软集团股份有限公司 | Date storage method, device, computer readable storage medium and electronic equipment |
| CN110324150B (en) * | 2019-06-12 | 2022-03-22 | 东软集团股份有限公司 | Data storage method and device, computer readable storage medium and electronic equipment |
| CN110535656A (en) * | 2019-07-31 | 2019-12-03 | 阿里巴巴集团控股有限公司 | Medical data processing method, device, equipment and server |
| CN110532809A (en) * | 2019-08-21 | 2019-12-03 | 杭州趣链科技有限公司 | A kind of block chain multistage endorsement method based on configuration block |
| CN110782252A (en) * | 2019-10-24 | 2020-02-11 | 福建福链科技有限公司 | Monitoring video data transaction method and system based on block chain |
| CN110782252B (en) * | 2019-10-24 | 2022-09-16 | 福建福链科技有限公司 | Monitoring video data transaction method and system based on block chain |
| CN110851080A (en) * | 2019-11-04 | 2020-02-28 | 紫光云技术有限公司 | Distributed storage management system of multi-cloud-disk platform |
| CN110851080B (en) * | 2019-11-04 | 2023-07-04 | 紫光云技术有限公司 | Distributed storage management system of multi-cloud-disk platform |
| CN111083105A (en) * | 2019-11-05 | 2020-04-28 | 湖南大学 | Cloud data possession verification method and system based on block chain |
| CN111079155A (en) * | 2019-11-13 | 2020-04-28 | 北京海益同展信息科技有限公司 | Data processing method and device, electronic equipment and computer storage medium |
| CN111597590A (en) * | 2020-05-12 | 2020-08-28 | 重庆邮电大学 | Block chain-based data integrity rapid inspection method |
| CN111597590B (en) * | 2020-05-12 | 2023-08-25 | 重庆邮电大学 | Block chain-based data integrity quick inspection method |
| CN111723397A (en) * | 2020-05-21 | 2020-09-29 | 天津大学 | Block chain-based Internet of things data protection method |
| CN111639939A (en) * | 2020-06-08 | 2020-09-08 | 杭州复杂美科技有限公司 | Block restoring method, equipment and storage medium |
| CN111526219A (en) * | 2020-07-03 | 2020-08-11 | 支付宝(杭州)信息技术有限公司 | Alliance chain consensus method and alliance chain system |
| US11368317B2 (en) | 2020-07-03 | 2022-06-21 | Alipay (Hangzhou) Information Technology Co., Ltd. | Consensus method of consortium blockchain, and consortium blockchain system |
| CN112039837A (en) * | 2020-07-09 | 2020-12-04 | 中原工学院 | Electronic evidence preservation method based on block chain and secret sharing |
| CN111917558B (en) * | 2020-08-13 | 2021-03-23 | 南开大学 | Video frame data double-authentication and hierarchical encryption method based on block chain |
| CN111917558A (en) * | 2020-08-13 | 2020-11-10 | 南开大学 | Video frame data double-authentication and hierarchical encryption method based on block chain |
| CN112565264A (en) * | 2020-12-04 | 2021-03-26 | 湖南大学 | Block chain-based cloud storage data integrity detection method and system |
| CN112738090A (en) * | 2020-12-29 | 2021-04-30 | 重庆邮电大学 | Data integrity detection method based on green computing consensus mechanism block chain in edge computing |
| CN112733203A (en) * | 2021-01-14 | 2021-04-30 | 南方科技大学 | Contact data storage method, device, equipment and storage medium |
| CN112887076A (en) * | 2021-01-15 | 2021-06-01 | 上海天俣可信物联网科技有限公司 | Internet of things system based on NB-IoT and blockchain technology and implementation method |
| CN112861162B (en) * | 2021-03-15 | 2024-05-03 | 深圳市互联在线云计算股份有限公司 | Block chain storage safety guarantee system based on distributed storage |
| CN112861162A (en) * | 2021-03-15 | 2021-05-28 | 深圳市互联在线云计算股份有限公司 | Block chain storage safety guarantee system based on distributed storage |
| CN113067703A (en) * | 2021-03-19 | 2021-07-02 | 上海摩联信息技术有限公司 | Terminal equipment data uplink method and system |
| CN113067703B (en) * | 2021-03-19 | 2022-09-20 | 上海摩联信息技术有限公司 | Terminal equipment data uplink method and system |
| CN113556232A (en) * | 2021-06-30 | 2021-10-26 | 东风汽车集团股份有限公司 | Signature checking method for vehicle cloud communication and file transmission |
| CN113660202A (en) * | 2021-07-08 | 2021-11-16 | 武汉光庭信息技术股份有限公司 | Method and system for checking driving data consistency |
| CN114726533A (en) * | 2022-03-23 | 2022-07-08 | 扬州大学 | Block chain based redundant data detection and deletion method in edge computing environment |
| CN114726533B (en) * | 2022-03-23 | 2023-12-01 | 扬州大学 | Method for detecting and deleting redundant data in edge computing environment based on block chain |
| CN114726878B (en) * | 2022-03-28 | 2024-02-23 | 广州广电运通金融电子股份有限公司 | Cloud storage system, equipment and method |
| CN114726878A (en) * | 2022-03-28 | 2022-07-08 | 广州广电运通金融电子股份有限公司 | Cloud storage system, equipment and method |
| CN117335997A (en) * | 2023-11-29 | 2024-01-02 | 广东电网有限责任公司湛江供电局 | Data processing method, system, equipment and medium |
| CN117335997B (en) * | 2023-11-29 | 2024-03-19 | 广东电网有限责任公司湛江供电局 | Data processing method, system, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109194466B (en) | 2021-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109194466A (en) | A kind of cloud data integrity detection method and system based on block chain | |
| US11621833B2 (en) | Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system | |
| CN111066046B (en) | Replay attack resistant authentication protocol | |
| KR101999188B1 (en) | Secure personal devices using elliptic curve cryptography for secret sharing | |
| CN109067524B (en) | Public and private key pair generation method and system | |
| CN106254374B (en) | A kind of cloud data public audit method having duplicate removal function | |
| CN107800688A (en) | A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption | |
| CN108292402A (en) | The determination of the public secret of secure exchange for information and level certainty key | |
| US10528751B2 (en) | Secure and efficient cloud storage with retrievability guarantees | |
| US9531540B2 (en) | Secure token-based signature schemes using look-up tables | |
| CN106899406B (en) | A kind of method of proof of cloud data storage integrality | |
| CN101552669A (en) | Method and system of data transmission | |
| US9230114B1 (en) | Remote verification of file protections for cloud data storage | |
| Nirmala et al. | Data confidentiality and integrity verification using user authenticator scheme in cloud | |
| CN109670826B (en) | Anti-quantum computation block chain transaction method based on asymmetric key pool | |
| US11153074B1 (en) | Trust framework against systematic cryptographic | |
| CN112738051B (en) | Data information encryption method, system and computer readable storage medium | |
| CN115333857B (en) | Detection method for preventing data from being tampered based on smart city system cloud platform | |
| KR20110028968A (en) | Method for verifying the integrity of a user's data in remote computing and system thereof | |
| CN115225409B (en) | Cloud data safety duplicate removal method based on multi-backup joint verification | |
| CN108777673B (en) | Bidirectional identity authentication method in block chain | |
| Chidambaram et al. | Enhancing the security of customer data in cloud environments using a novel digital fingerprinting technique | |
| US8346742B1 (en) | Remote verification of file protections for cloud data storage | |
| Ponnuramu et al. | Secured storage for dynamic data in cloud | |
| CN113722749A (en) | Data processing method and device for block chain BAAS service based on encryption algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| OL01 | Intention to license declared | ||
| OL01 | Intention to license declared |