CN109194466A - A kind of cloud data integrity detection method and system based on block chain - Google Patents
A kind of cloud data integrity detection method and system based on block chain Download PDFInfo
- Publication number
- CN109194466A CN109194466A CN201811264304.3A CN201811264304A CN109194466A CN 109194466 A CN109194466 A CN 109194466A CN 201811264304 A CN201811264304 A CN 201811264304A CN 109194466 A CN109194466 A CN 109194466A
- Authority
- CN
- China
- Prior art keywords
- cloud
- user
- data
- signature
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 39
- 238000012795 verification Methods 0.000 claims abstract description 28
- 238000000034 method Methods 0.000 claims description 38
- 238000012545 processing Methods 0.000 claims description 10
- 230000009977 dual effect Effects 0.000 abstract 1
- 238000004873 anchoring Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012550 audit Methods 0.000 description 1
- 230000002860 competitive effect Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001550 time effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
A kind of data integrity detection method and system based on block chain.It include: that 1. users handle file to obtain multiple blocks of files using Encryption Algorithm and correcting and eleting codes.2. user signs to each obtained blocks of files using private key for user.3. obtained data block and signature are uploaded to cloud by user.4. the data block and its digital signature that receive are verified using signature verification algorithm in cloud.5. if cloud saves the data block received and its signature, and is published in block chain after carrying out dual signature to data block signature using cloud private key, and respective stored address is returned to user be proved to be successful in 4.6. user carries out completeness check to cloud data using storage address described in hash algorithm, private key for user described in 2 and cloud public key, 5.7. cloud carries out completeness check to data using storage address described in hash algorithm, client public key and cloud public key, 5.
Description
[ technical field ] A method for producing a semiconductor device
The invention belongs to the technical field of cloud storage, and particularly relates to a method and a system for detecting integrity of cloud data.
[ background of the invention ]
Cloud storage is a data service model for data maintenance and management by third party cloud service providers. To ensure availability of cloud storage, users need to pay a regular fee to purchase services so that they can access data on any smart device. Due to the increase in data volume and the limited availability of personal storage devices, cloud storage is widely used by a variety of customers, including both individual users and enterprise users. Cloud storage technology brings convenience to life of people, however, cloud storage service failures happen sometimes. In the process of storing and transmitting the data, the user data is in error due to network transmission errors or hacker attacks and misoperation of an administrator, so that the integrity of the user data cannot be guaranteed.
The blockchain is a decentralized distributed account book system which is characterized by being unchangeable and unforgeable, and the unchangeable characteristic of the blockchain as an emerging technology attracts the attention of a plurality of industries, including finance, medical care, public utilities, real estate and government institutions. Each node in the blockchain network may share an entity, but none of the nodes may control the modifying entity. This technology is designed to combat adversaries performing illegal operations in a competitive environment.
When a user uploads data to the cloud, the user loses control over the data, and it is a new challenge to judge whether the cloud data is complete.
[ summary of the invention ]
The invention aims to provide a block chain technology-based cloud data integrity detection method and system for the integrity of cloud data of a user under the condition that the user and the cloud are not trusted with each other, so that the integrity of the cloud data can be effectively detected, and whether a certain part of data is tampered or not can be quickly judged for multiple different data uploaded to the cloud by the user.
In order to achieve the above object, the present invention first provides a block chain-based cloud data integrity detection method. Referring to fig. 1, the main steps include:
step 1(101), a user processes a file by using an encryption algorithm and an erasure code to obtain a plurality of file blocks.
And 2, (102) signing each file block obtained by the step 101 by the user by using a user private key.
And 3, uploading the data blocks obtained from the step 101 and the signatures obtained from the step 102 to the cloud by the user.
And step 4, (104) the cloud verifies the received data block and the digital signature thereof by using a signature verification algorithm.
And step 5, (105), if the verification in the step 104 is successful, the cloud stores the received data block and the signature thereof, performs secondary signature on the signature of the data block by using a cloud private key, then publishes the secondary signature to the block chain, and returns the corresponding storage address to the user.
And step 6, (106) the user uses the hash algorithm and the user private key in the step 102 and the cloud public key and the storage address in the step 105 to perform integrity check on the cloud data.
And 7, (107) the cloud uses the hash algorithm and the user public key in 102 and the cloud public key and the storage address in 105 to perform integrity check on the data.
Optionally, the hash algorithm is SHA256 algorithm.
Optionally, the non-encryption algorithm is an AES encryption algorithm.
Optionally, the cloud is a multi-cloud composed of several cloud service providers.
Optionally, the blockchain is a blockchain network represented by bitcoin.
In order to achieve the purpose, the invention further provides a block chain-based cloud data integrity detection system, and the effectiveness of the system is verified in an experimental environment. Referring to fig. 3, the system includes: the system comprises a user uploading module, a cloud acceptance module, a user detection module and a cloud detection module. Wherein,
the user uploading module is used for processing the file and uploading the file to the cloud acceptance module;
the cloud acceptance module is used for verifying the received data block and the digital signature by the cloud, performing secondary signature on the data block and uploading the data block to the block chain network if the verification is successful, and returning an address returned by the block chain network to the user uploading module;
the user detection module is used for carrying out integrity check on the cloud data by a user, obtaining the stored data from the cloud acceptance module and the block chain network address certificate returned from the cloud acceptance module, and detecting the integrity of the cloud data by using the obtained data and the certificate;
and the cloud detection module is used for carrying out integrity check on the data by the cloud end, and carrying out cloud data integrity detection by using the address certificate and the existing data obtained from the block chain network.
The cloud storage integrity detection method and the cloud storage integrity detection device have the advantages that the integrity of the cloud data can be effectively detected, whether a certain part of data is tampered or not can be rapidly judged according to a plurality of different data uploaded by a user to the cloud, and the cloud storage integrity detection method and the cloud storage integrity detection device can be widely applied to the field of integrity detection of cloud storage.
[ description of the drawings ]
FIG. 1 is a flowchart of a method for integrity detection of cloud data according to the present invention;
FIG. 2 is a flowchart of a method for processing a file according to the integrity detection scheme of cloud data of the present invention;
FIG. 3 is a program output of the cloud data integrity detection scheme detection process of the present invention;
FIG. 4 is a diagram of a system for integrity detection of cloud data according to the present invention;
fig. 5 is a comparison graph of time effect of the integrity check experiment of the cloud data according to the present invention.
[ detailed description ] embodiments
For the purpose of promoting an understanding of the above-described objects, features and advantages of the invention, reference will now be made in detail to the present embodiments of the invention illustrated in the accompanying drawings. It is apparent that the following embodiments are only a part of the embodiments of the present invention, and not all of them. Other embodiments obtained by those skilled in the art based on the algorithm idea and embodiments of the present invention belong to the protection scope of the present invention.
In this embodiment, the user and the cloud are both distrusted, and in order to audit whether the data stored in the cloud is tampered, the block chain is used as a public account book for storing the verification certificate. The blockchain is an open distributed ledger, and the cost of rewriting or modifying transactions is very high. Once the information is verified and added to the blockchain, the information is permanently stored, and unless the most nodes in the system can be controlled at the same time, the modification of the information on a single node is invalid, so that the blockchain can be regarded as having the characteristic of being not tampered; and the blockchain has public property, the data of the blockchain is public to all people, and anyone can access the blockchain data and develop related applications. The blockchain can thus act as a trusted third party independent of the user and cloud.
Examples 1,
As shown in fig. 1, the method for detecting integrity of cloud data based on a block chain according to the present invention mainly includes:
[101] step 1: and the user processes the file by using an encryption algorithm and an erasure code to obtain a plurality of file blocks.
The processing includes encrypting the file. The encryption of the file is to prevent the data content from being accessed by an untrusted user. The file of the user in the cloud storage scene may contain privacy and confidential information, and the user does not trust the cloud service provider, so in order to prevent the cloud service provider from reading the content of the file of the user and ensure data security, the file needs to be encrypted before being uploaded.
Specifically, the encryption process may select to use a symmetric encryption algorithm or an asymmetric encryption algorithm to encrypt the file according to different scenarios. When the file uploaded by the user only allows the user to read the file by himself and is not shared by other users in the system, a symmetric encryption method is used, namely the same key is used for encryption and decryption. The user randomly generates an encryption key before performing the encryption algorithm, encrypts the file with the key, and uses the key for decryption. When the file uploaded by the user is allowed to be read by other users, the asymmetric encryption method is used, the user randomly generates a pair of a public key and a private key before executing an encryption algorithm, the user encrypts the file by using the private key and discloses the public key to a trusted user allowed to read the file, and the users can decrypt the file by using the public key so as to read the content of the file.
In particular, the user may save the key in the user's personal computer or securely store it in the cloud. The method of "storing in the cloud securely" is to distribute an encryption key to a plurality of servers by a secret sharing method.
Illustratively, when a user wants to store an 8M-sized file in the cloud and does not allow users other than the user to read the content of the file, the user first uses a random algorithm to generate a random key, and then uses an AES encryption algorithm to encrypt the file, i.e., the file name and the newly generated key are used as the input of an AES encryption function, and the function outputs the encrypted ciphertext. The encryption processing makes it impossible for an attacker to obtain any information about the plaintext of the file because the ciphertext cannot be decrypted even if the attacker reads the data stored in the cloud. The user locally saves the key used in encryption, and when the user wants to read the file, the user can successfully read the file content as long as the user downloads the ciphertext from the cloud and decrypts the file by using the key saved before.
The process also includes redundantly encoding the file using an erasure code. The erasure code is used to improve the reliability of storage, so that the file can still be read even if an unexpected situation such as tampering, partial damage, etc. occurs. After the user stores the file in the cloud, the user loses the control right on the file; various faults and attacks may be encountered on the cloud server: a user's file may lose a part of information due to a disk failure, may be attacked, and may cause data to be partially tampered, and so on. These failures and attacks will result in permanent corruption of the file from being read. In order to improve the reliability of storage, an erasure coding technique is used to divide a file into a plurality of file blocks with equal size, and the file blocks contain some redundant information, so that even if some file blocks are damaged, the file can still be recovered by using the file blocks which are not damaged.
Specifically, when a file with the size of F is coded by using an RS code with the parameter of (k, n), the file is firstly cut into file blocks with the lengths of F/k; in particular, if the last file block length is less than F/k, then 0 is padded at its end to a length equal to F/k. The k blocks are used to calculate the values of further (n-k) blocks, which are also all equal in length to F/k. Thus, n file blocks are obtained, and the original file can be recovered by randomly selecting k blocks from the n file blocks.
Illustratively, an 8MB file is encoded using an RS code with a parameter of (4, 6). First, a file is divided into 4 file blocks each having a length of 2MB, and the values of the other 2 blocks are calculated from the 4 blocks, thereby obtaining 6 file blocks. Then, the original file can be recovered by arbitrarily selecting 4 from the 6 file blocks.
As shown in fig. 2, the specific process of processing the file by using the encryption algorithm and the erasure code to obtain a plurality of file blocks is as follows:
step 1.1: aiming at a file, a user encrypts the file by using an encryption algorithm to obtain a ciphertext.
The encryption algorithm refers to AES encryption.
Step 1.2: and aiming at the encrypted ciphertext, the user uses the erasure code to encode the ciphertext to obtain a plurality of data blocks with the same size.
The erasure code refers to an RS code with a parameter of (k, n), the value of which is specified by the user. The number of the data blocks obtained after the RS codes are used for coding is n.
[102] Step 2: the user signs each file block obtained by 101 with the user private signature key.
The signature process includes the following two steps:
step 2.1: for each data block FiThe user uses the Hash algorithm to obtain the Hash value H of the data blocki。
The hash algorithm is a common compression mapping method, which can map input data with arbitrary length into output data with fixed length, called "hash value" of the input data. The sha (secure Hash algorithm) secure Hash algorithm can ensure that two different input data do not generate the same Hash value, that is, once the input data changes, the output Hash values are different, so that the data integrity can be verified by checking the data Hash value. Different SHA algorithms can generate hash values with different lengths, and the hash value generated by the SHA256 algorithm is 256 bits in length.
Illustratively, a file block of length 2MB is hashed using SHA256 hashing algorithm to obtain a 256-bit string.
Step 2.2: hash value H for each data blockiThe user uses the private key of the user to encrypt and obtain the digital signature Si。
The user signature private key is different from a private key used when encrypting a file using an asymmetric encryption algorithm. The signature private key is generated when the user registers and is only used for signing the file block by the user. The signature private key is locally kept by the user, and the signature public key is disclosed to the cloud service provider and other trusted users. The signature algorithm defines a signature algorithm using a private signature key and a signature verification algorithm using a public signature key.
Illustratively, when a user joins the system for the first time, a pair of a private key and a public key for signature is generated by running a key generation algorithm defined in an elliptic curve algorithm, and meanwhile, the algorithm also defines a signature algorithm by using a signature private key and a signature verification algorithm by using a signature public key. The user safely stores the signature private key in the local and discloses the signature public key to the cloud service provider. After each signature, the user uses the generated signature private key to operate a signature algorithm to sign; only the cloud service provider with the public signature key can run a signature verification algorithm to verify whether the data sent by the user is consistent with the signature of the user, so that the identity of the signer and the integrity of the data are verified.
[103] And step 3: the user uploads the data blocks obtained in 101 and the signature obtained in 102 to the cloud.
The channel used in the uploading process is a trusted channel, so that the attack of information stealing cannot occur, namely, the information cannot be leaked. But the trusted channel may be in error during transmission, and the signature of the data block is just to prevent such problems. After receiving the data block and the signature thereof, the cloud service provider can verify the integrity of the received data block by operating a signature verification algorithm so as to detect the data error in time. By this point, the user's processing of the file ends.
[104] And 4, step 4: the cloud verifies the received data block and the digital signature thereof by using a signature verification algorithm.
The signature verification algorithm is the signature verification algorithm described in step 2.2 of 102. The cloud end runs a signature verification algorithm by using the signature public key of the user, and can verify the identity of the signer and the integrity of the data block. If the transmission error in 103 occurs or an error occurs in the file signing process of the user, the transmission error can be quickly detected through a signature verification algorithm in the step, so that the cloud end is prevented from storing wrong data. This is the first check for data integrity. In particular, when the verification fails, the cloud feeds back the result to the user and requests data retransmission.
Illustratively, the cloud corresponds to the example in 102 for each received data chunk FiUsing SHA256 hash algorithm to obtain its hash value Hash(Fi). For each received digital signature SiThe cloud decrypts the file to obtain Dec (S) using the user public keyi) If Hash (F)i) And Dec (S)i) If the two are the same, the verification is successful, 0 is output, otherwise, 1 is output.
The verification process ensures that no accident happens in the uploading process from the user to the cloud: hash (F)i) And Dec (S)i) The same indicates that the data received by the cloud is the same as the data uploaded by the user, that is, no accident occurs in the uploading process.
[105] And 5: if the verification is successful in 104, the cloud stores the received data block and the signature thereof, performs secondary signature on the signature of the data block by using a cloud signature private key, then discloses the signature of the data block into a block chain, and returns the corresponding storage address to the user.
The cloud signature private key has the same function as the user signature private key in 102 and is used for cloud signature. And the corresponding public signature key is disclosed to all users by the cloud for signature verification. The signature method is the same as the signature method in 102, and comprises the two steps in 102.
Specifically, the cloud generates a pair of a private key and a public key for signature by running an elliptic curve algorithm, and meanwhile, the algorithm also defines a signature algorithm performed by using the private signature key and a signature verification algorithm performed by using the public signature key. The cloud end safely stores the signature private key and discloses the signature public key to all users, and all users can verify the cloud signature and the signature content by using the signature public key. When the verification result in 104 is successful, the cloud stores the data blocks and the signatures thereof received in 103, and signs the data blocks again by using the private key, i.e. secondary signatures, and then publishes the secondary signatures to the block chain.
The secondary signature refers to a new signature generated by the cloud by using the received data block signature as input data of a signature algorithm, and is equivalent to a secondary signature of the original data block.
The blockchain is a type of distributed database that can only perform add and lookup operations, with the property that the content on the chain cannot be tampered with. The bit currency block chain is used for recording bit currency transactions in the bit currency network, a certain space is reserved in each transaction to be used as a transaction message, and the space is larger than the size of the certificate (namely, the secondary signature) calculated in the step, so that the certificate can be stored in the transactions of the block chain. Since each transaction identifier is unique, the address of the credential is unique, and the user can retrieve the credential from the address. The bitcoin blockchain is the blockchain with the strongest reliability and stability at present. When storing the certificate to the blockchain, a global public chain such as a bitcoin blockchain, an etherhouse blockchain, or a newly constructed private chain consisting of only a cloud and a user by a system developer can be selected. If a public chain is used, the publishing process uses the existing api to write a signature into the blockchain; if a private link is used, the cloud successfully initiates a transaction within the network and the transaction is successfully packaged into blocks and accepted by most nodes in the network.
The storage address corresponds to the data content disclosed to the block chain one by one, and any user who owns the storage address can request the data content corresponding to the storage address from the block chain.
Illustratively, the cloud will verify the data block F1,…,FnAnd a digital signature S1,…,SnAnd (5) storing. For each received digital signature SiThe cloud uses the cloud private key to sign the cloud to obtain Si', S is then requested by http in a prescribed format using the published api provided by Tierioni' Send out and send S via Chainpoint protocoli' anchoring to the bitcoin block chain, and after the anchoring is successful, the cloud end receives anchoring success information and a storage address returned by the Tierion. Anchoring success information for proving Si' successfully anchored to Bitstone Block chain, memory Address for reading Si’。
In this step, the uploading of the data is completed. And the user and the cloud can carry out integrity detection on the uploaded data at any time.
[106] Step 6: the user uses the hash algorithm and the user private key described in 102 and the cloud public key and the storage address described in 105 to perform integrity check on the cloud data.
The integrity check comprises the following specific steps:
step 6.1: data block F uploaded by user from cloud terminal downloading 1031,…,Fn。
Step 6.2: user gets data block F from blockchain request using memory address K1,…,FnCorresponding certificate S1’,…,Sn’。
Illustratively, the user sends an http request in a prescribed format via an api interface provided by tirion, which includes the memory address obtained in 105, and the tirion returns the content anchored to the blockchain to the user, i.e., the credential requested in this step.
Step 6.3: for each downloaded data block FiThe user uses the Hash algorithm to obtain the Hash value Hash (F) of the digital signaturei) And signs it with the user's private key to get the digital signature Sign (Hash (F)i))。
Step 6.4: for each data block certificate Si' the user decrypts the file by using the cloud public key to obtain the Dec (S)i') if Sign (Hash (F)i') and Dec (S)i') is the same, the user knows that the data is complete, otherwise the data integrity is compromised.
Illustratively, a file of 8MB size contains 8388600 bytes, and the number of bytes of the file obtained by performing end padding so that the file is a multiple of 16 is 8388608 bytes, and the length of the ciphertext after AES encryption is the same as the length of the plaintext. And (3) encoding by the RS code with the parameters of (4, 6) to obtain 6 file blocks with the number of 2097152 bytes. Processing as described in 101 results in 6 file blocks of 2MB size (here we use the RS code with parameter (4, 6)). Using the first file block as an example, signing with the user's private signature key results in 256-bit signature 3F789D362290A847B432
[107] And 7: the cloud uses the hash algorithm and the user public key in 102 and the cloud public key and the storage address in 105 to perform integrity check on the data.
The integrity check comprises the following specific steps:
step 7.1: the cloud uses the storage address K to obtain a certificate S corresponding to the data block from the block chain request1’,…,Sn’。
Illustratively, the cloud sends an http request according to a prescribed format through an api interface provided by the tirion, where the request includes the memory address obtained in 105, and the tirion returns to the content anchored to the blockchain by the cloud, i.e., the credential requested in this step.
Step 7.2: for each data block F received in 103iThe cloud uses the Hash algorithm to obtain the Hash value Hash (F)i)。
Step 7.3: for each data block certificate Si' the cloud end uses the cloud public key and the user private key to decrypt in sequence to obtain the Dec (Dec (S)i')) if Hash (F)i) And Dec (Dec (S)i') is the same, the cloud knows that the data is complete, otherwise the data integrity is destroyed.
Illustratively, the program code implemented by using the integrity checking method has a function of detecting the integrity of the data block, and when one data block is complete, the program returns that the integrity verification is passed; when a data block is tampered, the program will return an integrity verification failure indicating that the data block has been tampered. The experimental results are output as shown in fig. 3. As shown by the output at line 147 of fig. 3, when the data blocks we downloaded from the cloud are complete, the integrity check outputs "goodsignature" (correct signature); as shown in line 148 of fig. 3, when the data block we downloaded from the cloud is tampered, the complete mishaped data "BAD SIGNATURE".
Examples 2,
Another embodiment of the present invention further provides a system for detecting integrity of cloud data, as shown in fig. 3, the system includes: the system comprises a user uploading module, a cloud acceptance module, a user detection module and a cloud detection module. Wherein,
the user uploading module is used for processing the file and uploading the file to the cloud acceptance module, and the specific method can refer to steps 101, 102 and 103 in example 1;
the cloud acceptance module is used for verifying the received data block and the digital signature by the cloud, performing secondary signature on the data block and uploading the data block to the block chain network if the verification is successful, and returning an address returned by the block chain network to the user uploading module, and the specific method can refer to steps 104 and 105 in example 1;
the user detection module is used for verifying the integrity of the cloud data by a user, obtaining the stored data from the cloud acceptance module and the block chain network address certificate returned from the cloud acceptance module, and detecting the integrity of the cloud data by using the obtained data and the certificate by the user detection module, wherein the specific method can refer to step 106 in example 1;
the cloud detection module is configured to perform integrity check on data by using a cloud, and perform integrity detection on the cloud data by using an address credential obtained from a block chain network and existing data, where the specific method may refer to step 107 in example 1.
A file with the size of 8MB is processed by using the integrity detection system, and the RS code parameter in the file processing process is set to be (3, 6). Under the simulated cloud environment established by us, the integrity detection system is tested, and the time required by uploading, downloading and integrity detection of the obtained file is shown in fig. 4.
The integrity detection method and system of cloud data based on a block chain are introduced in detail, a specific example is applied in the invention to explain the principle and implementation mode of the invention, and the description of the embodiment is only used for helping to understand the method and core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (6)
1. A cloud data integrity detection method based on a block chain is characterized by comprising the following steps:
step 1, a user processes a file by using an encryption algorithm and an erasure code to obtain a plurality of file blocks;
step 2, the user signs each file block obtained in the step 1 by using a user private key;
step 3, the user uploads the data block obtained in the step 1 and the signature obtained in the step 2 to the cloud;
step 4, the cloud verifies the received data block and the digital signature thereof by using a signature verification algorithm;
step 5, if the verification in the step 4 is successful, the cloud stores the received data block and the signature thereof, performs secondary signature on the signature of the data block by using a cloud private key, then publishes the secondary signature to a block chain, and returns the corresponding storage address to the user;
step 6, the user uses a Hash algorithm, the user private key and the cloud public key in the step 2 and the storage address in the step 5 to carry out integrity check on the cloud data;
and 7, the cloud carries out integrity verification on the data by using a hash algorithm, the user public key, the cloud public key and the storage address in the step 5.
2. The method of claim 1, wherein the hashing algorithm is a SHA256 algorithm.
3. The method of claim 1, wherein the encryption algorithm is an AES encryption algorithm.
4. The method of claim 1, wherein the cloud is a multi-cloud comprising of several cloud providers.
5. The method of claim 1, wherein the blockchain is a blockchain network represented by bitcoins.
6. A system for integrity detection of cloud data, comprising: the system comprises a user uploading module, a cloud acceptance module, a user detection module and a cloud detection module; wherein,
the user uploading module is used for processing the file and uploading the file to the cloud acceptance module;
the cloud acceptance module is used for verifying the received data block and the digital signature by the cloud, performing secondary signature on the data block and uploading the data block to the block chain network if the verification is successful, and returning an address returned by the block chain network to the user uploading module;
the user detection module is used for carrying out integrity check on the cloud data by a user, obtaining the stored data from the cloud acceptance module and the block chain network address certificate returned from the cloud acceptance module, and detecting the integrity of the cloud data by using the obtained data and the certificate;
and the cloud detection module is used for carrying out integrity check on the data by the cloud end, and carrying out cloud data integrity detection by using the address certificate and the existing data obtained from the block chain network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811264304.3A CN109194466B (en) | 2018-10-29 | 2018-10-29 | Block chain-based cloud data integrity detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811264304.3A CN109194466B (en) | 2018-10-29 | 2018-10-29 | Block chain-based cloud data integrity detection method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109194466A true CN109194466A (en) | 2019-01-11 |
| CN109194466B CN109194466B (en) | 2021-07-06 |
Family
ID=64944194
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811264304.3A Active CN109194466B (en) | 2018-10-29 | 2018-10-29 | Block chain-based cloud data integrity detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109194466B (en) |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109767221A (en) * | 2019-01-16 | 2019-05-17 | 杭州趣链科技有限公司 | A kind of cross-platform endorsement method of movement towards block chain safety |
| CN109787765A (en) * | 2019-02-27 | 2019-05-21 | 东南大学 | A kind of teledata gateway encryption method for monitoring water quality on line |
| CN109871366A (en) * | 2019-01-17 | 2019-06-11 | 华东师范大学 | A kind of storage of block chain fragment and querying method based on correcting and eleting codes |
| CN109889497A (en) * | 2019-01-15 | 2019-06-14 | 南京邮电大学 | A kind of data integrity verification method for going to trust |
| CN109918942A (en) * | 2019-02-21 | 2019-06-21 | 领信智链(北京)科技有限公司 | A kind of decentralization identification code management system based on ether mill block chain |
| CN110008756A (en) * | 2019-04-04 | 2019-07-12 | 浙江数值跳跃网络科技有限公司 | Data verification method combining block chain system and intelligent hardware equipment |
| CN110018924A (en) * | 2019-02-21 | 2019-07-16 | 同方股份有限公司 | A kind of file damage preventing method based on block chain and correcting and eleting codes |
| CN110287048A (en) * | 2019-05-09 | 2019-09-27 | 清华大学 | Data exception detection method and device |
| CN110324150A (en) * | 2019-06-12 | 2019-10-11 | 东软集团股份有限公司 | Date storage method, device, computer readable storage medium and electronic equipment |
| CN110535656A (en) * | 2019-07-31 | 2019-12-03 | 阿里巴巴集团控股有限公司 | Medical data processing method, device, equipment and server |
| CN110532809A (en) * | 2019-08-21 | 2019-12-03 | 杭州趣链科技有限公司 | A kind of block chain multistage endorsement method based on configuration block |
| CN110782252A (en) * | 2019-10-24 | 2020-02-11 | 福建福链科技有限公司 | Monitoring video data transaction method and system based on block chain |
| CN110832519A (en) * | 2019-03-27 | 2020-02-21 | 阿里巴巴集团控股有限公司 | Improving integrity of communications between blockchain networks and external data sources |
| CN110851080A (en) * | 2019-11-04 | 2020-02-28 | 紫光云技术有限公司 | Distributed storage management system of multi-cloud-disk platform |
| CN111083105A (en) * | 2019-11-05 | 2020-04-28 | 湖南大学 | Cloud data possession verification method and system based on block chain |
| CN111079155A (en) * | 2019-11-13 | 2020-04-28 | 北京海益同展信息科技有限公司 | Data processing method and device, electronic equipment and computer storage medium |
| CN111526219A (en) * | 2020-07-03 | 2020-08-11 | 支付宝(杭州)信息技术有限公司 | Alliance chain consensus method and alliance chain system |
| CN111597590A (en) * | 2020-05-12 | 2020-08-28 | 重庆邮电大学 | Block chain-based data integrity rapid inspection method |
| CN111639939A (en) * | 2020-06-08 | 2020-09-08 | 杭州复杂美科技有限公司 | Block restoring method, equipment and storage medium |
| CN111723397A (en) * | 2020-05-21 | 2020-09-29 | 天津大学 | Block chain-based Internet of things data protection method |
| CN111917558A (en) * | 2020-08-13 | 2020-11-10 | 南开大学 | Video frame data double-authentication and hierarchical encryption method based on block chain |
| CN112039837A (en) * | 2020-07-09 | 2020-12-04 | 中原工学院 | Electronic evidence preservation method based on block chain and secret sharing |
| CN112565264A (en) * | 2020-12-04 | 2021-03-26 | 湖南大学 | Block chain-based cloud storage data integrity detection method and system |
| CN112738090A (en) * | 2020-12-29 | 2021-04-30 | 重庆邮电大学 | Data integrity detection method based on green computing consensus mechanism block chain in edge computing |
| CN112733203A (en) * | 2021-01-14 | 2021-04-30 | 南方科技大学 | Contact data storage method, device, equipment and storage medium |
| CN112861162A (en) * | 2021-03-15 | 2021-05-28 | 深圳市互联在线云计算股份有限公司 | Block chain storage safety guarantee system based on distributed storage |
| CN112887076A (en) * | 2021-01-15 | 2021-06-01 | 上海天俣可信物联网科技有限公司 | Internet of things system based on NB-IoT and blockchain technology and implementation method |
| CN113067703A (en) * | 2021-03-19 | 2021-07-02 | 上海摩联信息技术有限公司 | Terminal equipment data uplink method and system |
| CN113556232A (en) * | 2021-06-30 | 2021-10-26 | 东风汽车集团股份有限公司 | Signature checking method for vehicle cloud communication and file transmission |
| CN113660202A (en) * | 2021-07-08 | 2021-11-16 | 武汉光庭信息技术股份有限公司 | Method and system for checking driving data consistency |
| CN113901528A (en) * | 2021-10-29 | 2022-01-07 | 博雅正链(北京)科技有限公司 | Cloud data integrity auditing method based on block chain |
| CN114726533A (en) * | 2022-03-23 | 2022-07-08 | 扬州大学 | Block chain based redundant data detection and deletion method in edge computing environment |
| CN114726878A (en) * | 2022-03-28 | 2022-07-08 | 广州广电运通金融电子股份有限公司 | Cloud storage system, equipment and method |
| CN117335997A (en) * | 2023-11-29 | 2024-01-02 | 广东电网有限责任公司湛江供电局 | Data processing method, system, equipment and medium |
| CN117893213A (en) * | 2024-01-16 | 2024-04-16 | 温州城市一卡通服务有限公司 | Communication data processing method for citizen card consumption terminal |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103326856A (en) * | 2013-05-20 | 2013-09-25 | 西北工业大学 | Cloud storage data responsibility confirmation structure and method based on two-way digital signature |
| CN105320899A (en) * | 2014-07-22 | 2016-02-10 | 北京大学 | User-oriented cloud storage data integrity protection method |
| CN106487801A (en) * | 2016-11-03 | 2017-03-08 | 江苏通付盾科技有限公司 | Information Authentication method and device based on block chain |
| US20170279774A1 (en) * | 2016-03-28 | 2017-09-28 | International Business Machines Corporation | Decentralized Autonomous Edge Compute Coordinated by Smart Contract On A Blockchain |
| CN107360156A (en) * | 2017-07-10 | 2017-11-17 | 广东工业大学 | P2P network method for cloud storage based on block chain under a kind of big data environment |
| CN107566117A (en) * | 2017-07-14 | 2018-01-09 | 浙商银行股份有限公司 | A kind of block chain key management system and method |
| CN107770154A (en) * | 2017-09-22 | 2018-03-06 | 中国科学院信息工程研究所 | Block chain reliable data storage method, terminal and system based on cloud storage |
-
2018
- 2018-10-29 CN CN201811264304.3A patent/CN109194466B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103326856A (en) * | 2013-05-20 | 2013-09-25 | 西北工业大学 | Cloud storage data responsibility confirmation structure and method based on two-way digital signature |
| CN105320899A (en) * | 2014-07-22 | 2016-02-10 | 北京大学 | User-oriented cloud storage data integrity protection method |
| US20170279774A1 (en) * | 2016-03-28 | 2017-09-28 | International Business Machines Corporation | Decentralized Autonomous Edge Compute Coordinated by Smart Contract On A Blockchain |
| CN106487801A (en) * | 2016-11-03 | 2017-03-08 | 江苏通付盾科技有限公司 | Information Authentication method and device based on block chain |
| CN107360156A (en) * | 2017-07-10 | 2017-11-17 | 广东工业大学 | P2P network method for cloud storage based on block chain under a kind of big data environment |
| CN107566117A (en) * | 2017-07-14 | 2018-01-09 | 浙商银行股份有限公司 | A kind of block chain key management system and method |
| CN107770154A (en) * | 2017-09-22 | 2018-03-06 | 中国科学院信息工程研究所 | Block chain reliable data storage method, terminal and system based on cloud storage |
Cited By (51)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109889497B (en) * | 2019-01-15 | 2021-09-07 | 南京邮电大学 | Distrust-removing data integrity verification method |
| CN109889497A (en) * | 2019-01-15 | 2019-06-14 | 南京邮电大学 | A kind of data integrity verification method for going to trust |
| CN109767221A (en) * | 2019-01-16 | 2019-05-17 | 杭州趣链科技有限公司 | A kind of cross-platform endorsement method of movement towards block chain safety |
| CN109871366A (en) * | 2019-01-17 | 2019-06-11 | 华东师范大学 | A kind of storage of block chain fragment and querying method based on correcting and eleting codes |
| CN109871366B (en) * | 2019-01-17 | 2021-09-10 | 华东师范大学 | Block chain fragment storage and query method based on erasure codes |
| CN109918942A (en) * | 2019-02-21 | 2019-06-21 | 领信智链(北京)科技有限公司 | A kind of decentralization identification code management system based on ether mill block chain |
| CN110018924A (en) * | 2019-02-21 | 2019-07-16 | 同方股份有限公司 | A kind of file damage preventing method based on block chain and correcting and eleting codes |
| CN109918942B (en) * | 2019-02-21 | 2020-07-31 | 领信智链(北京)科技有限公司 | Decentralized identifier management system based on ether house block chain |
| CN109787765A (en) * | 2019-02-27 | 2019-05-21 | 东南大学 | A kind of teledata gateway encryption method for monitoring water quality on line |
| CN110832519A (en) * | 2019-03-27 | 2020-02-21 | 阿里巴巴集团控股有限公司 | Improving integrity of communications between blockchain networks and external data sources |
| CN110832519B (en) * | 2019-03-27 | 2024-03-19 | 创新先进技术有限公司 | Improving integrity of communications between a blockchain network and external data sources |
| CN110008756A (en) * | 2019-04-04 | 2019-07-12 | 浙江数值跳跃网络科技有限公司 | Data verification method combining block chain system and intelligent hardware equipment |
| CN110287048A (en) * | 2019-05-09 | 2019-09-27 | 清华大学 | Data exception detection method and device |
| CN110324150A (en) * | 2019-06-12 | 2019-10-11 | 东软集团股份有限公司 | Date storage method, device, computer readable storage medium and electronic equipment |
| CN110324150B (en) * | 2019-06-12 | 2022-03-22 | 东软集团股份有限公司 | Data storage method and device, computer readable storage medium and electronic equipment |
| CN110535656A (en) * | 2019-07-31 | 2019-12-03 | 阿里巴巴集团控股有限公司 | Medical data processing method, device, equipment and server |
| CN110532809A (en) * | 2019-08-21 | 2019-12-03 | 杭州趣链科技有限公司 | A kind of block chain multistage endorsement method based on configuration block |
| CN110782252A (en) * | 2019-10-24 | 2020-02-11 | 福建福链科技有限公司 | Monitoring video data transaction method and system based on block chain |
| CN110782252B (en) * | 2019-10-24 | 2022-09-16 | 福建福链科技有限公司 | Monitoring video data transaction method and system based on block chain |
| CN110851080B (en) * | 2019-11-04 | 2023-07-04 | 紫光云技术有限公司 | Distributed storage management system of multi-cloud-disk platform |
| CN110851080A (en) * | 2019-11-04 | 2020-02-28 | 紫光云技术有限公司 | Distributed storage management system of multi-cloud-disk platform |
| CN111083105A (en) * | 2019-11-05 | 2020-04-28 | 湖南大学 | Cloud data possession verification method and system based on block chain |
| CN111079155A (en) * | 2019-11-13 | 2020-04-28 | 北京海益同展信息科技有限公司 | Data processing method and device, electronic equipment and computer storage medium |
| CN111597590B (en) * | 2020-05-12 | 2023-08-25 | 重庆邮电大学 | Block chain-based data integrity quick inspection method |
| CN111597590A (en) * | 2020-05-12 | 2020-08-28 | 重庆邮电大学 | Block chain-based data integrity rapid inspection method |
| CN111723397A (en) * | 2020-05-21 | 2020-09-29 | 天津大学 | Block chain-based Internet of things data protection method |
| CN111639939A (en) * | 2020-06-08 | 2020-09-08 | 杭州复杂美科技有限公司 | Block restoring method, equipment and storage medium |
| US11368317B2 (en) | 2020-07-03 | 2022-06-21 | Alipay (Hangzhou) Information Technology Co., Ltd. | Consensus method of consortium blockchain, and consortium blockchain system |
| CN111526219A (en) * | 2020-07-03 | 2020-08-11 | 支付宝(杭州)信息技术有限公司 | Alliance chain consensus method and alliance chain system |
| CN112039837A (en) * | 2020-07-09 | 2020-12-04 | 中原工学院 | Electronic evidence preservation method based on block chain and secret sharing |
| CN111917558A (en) * | 2020-08-13 | 2020-11-10 | 南开大学 | Video frame data double-authentication and hierarchical encryption method based on block chain |
| CN111917558B (en) * | 2020-08-13 | 2021-03-23 | 南开大学 | Video frame data double-authentication and hierarchical encryption method based on block chain |
| CN112565264A (en) * | 2020-12-04 | 2021-03-26 | 湖南大学 | Block chain-based cloud storage data integrity detection method and system |
| CN112738090A (en) * | 2020-12-29 | 2021-04-30 | 重庆邮电大学 | Data integrity detection method based on green computing consensus mechanism block chain in edge computing |
| CN112733203A (en) * | 2021-01-14 | 2021-04-30 | 南方科技大学 | Contact data storage method, device, equipment and storage medium |
| CN112887076A (en) * | 2021-01-15 | 2021-06-01 | 上海天俣可信物联网科技有限公司 | Internet of things system based on NB-IoT and blockchain technology and implementation method |
| CN112861162B (en) * | 2021-03-15 | 2024-05-03 | 深圳市互联在线云计算股份有限公司 | Block chain storage safety guarantee system based on distributed storage |
| CN112861162A (en) * | 2021-03-15 | 2021-05-28 | 深圳市互联在线云计算股份有限公司 | Block chain storage safety guarantee system based on distributed storage |
| CN113067703B (en) * | 2021-03-19 | 2022-09-20 | 上海摩联信息技术有限公司 | Terminal equipment data uplink method and system |
| CN113067703A (en) * | 2021-03-19 | 2021-07-02 | 上海摩联信息技术有限公司 | Terminal equipment data uplink method and system |
| CN113556232A (en) * | 2021-06-30 | 2021-10-26 | 东风汽车集团股份有限公司 | Signature checking method for vehicle cloud communication and file transmission |
| CN113660202A (en) * | 2021-07-08 | 2021-11-16 | 武汉光庭信息技术股份有限公司 | Method and system for checking driving data consistency |
| CN113901528A (en) * | 2021-10-29 | 2022-01-07 | 博雅正链(北京)科技有限公司 | Cloud data integrity auditing method based on block chain |
| CN114726533B (en) * | 2022-03-23 | 2023-12-01 | 扬州大学 | Method for detecting and deleting redundant data in edge computing environment based on block chain |
| CN114726533A (en) * | 2022-03-23 | 2022-07-08 | 扬州大学 | Block chain based redundant data detection and deletion method in edge computing environment |
| CN114726878B (en) * | 2022-03-28 | 2024-02-23 | 广州广电运通金融电子股份有限公司 | Cloud storage system, equipment and method |
| CN114726878A (en) * | 2022-03-28 | 2022-07-08 | 广州广电运通金融电子股份有限公司 | Cloud storage system, equipment and method |
| CN117335997A (en) * | 2023-11-29 | 2024-01-02 | 广东电网有限责任公司湛江供电局 | Data processing method, system, equipment and medium |
| CN117335997B (en) * | 2023-11-29 | 2024-03-19 | 广东电网有限责任公司湛江供电局 | Data processing method, system, equipment and medium |
| CN117893213A (en) * | 2024-01-16 | 2024-04-16 | 温州城市一卡通服务有限公司 | Communication data processing method for citizen card consumption terminal |
| CN117893213B (en) * | 2024-01-16 | 2024-09-13 | 温州城市一卡通服务有限公司 | Communication data processing method for citizen card consumption terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109194466B (en) | 2021-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109194466B (en) | Block chain-based cloud data integrity detection method and system | |
| US7127067B1 (en) | Secure patch system | |
| Sookhak | Dynamic remote data auditing for securing big data storage in cloud computing | |
| CN107566407B (en) | Bidirectional authentication data secure transmission and storage method based on USBKey | |
| JP3964941B2 (en) | Information integrity verification method and apparatus using distributed collators | |
| KR20210134655A (en) | Security systems and related methods | |
| CN110264354B (en) | Method and device for creating block chain account and verifying block chain transaction | |
| US11153074B1 (en) | Trust framework against systematic cryptographic | |
| US20160182230A1 (en) | Secure token-based signature schemes using look-up tables | |
| US20220224532A1 (en) | Systems and Methods for Hiding Private Cryptographic Keys in Multimedia Files | |
| KR102282788B1 (en) | Blockchain system for supporting change of plain text data included in transaction | |
| CN114244508B (en) | Data encryption method, device, equipment and storage medium | |
| CN112907375B (en) | Data processing method, device, computer equipment and storage medium | |
| Gan et al. | Efficient and secure auditing scheme for outsourced big data with dynamicity in cloud | |
| He et al. | Public integrity auditing for dynamic regenerating code based cloud storage | |
| CN112764677B (en) | Method for enhancing data migration security in cloud storage | |
| VS et al. | A secure regenerating code‐based cloud storage with efficient integrity verification | |
| Le et al. | Auditing for distributed storage systems | |
| Yang et al. | Provable Ownership of Encrypted Files in De-duplication Cloud Storage. | |
| CN115828290A (en) | Encryption and decryption method and device based on distributed object storage | |
| KR20200130866A (en) | Tamper-resistant data encoding for mobile devices | |
| CN114143098A (en) | Data storage method and data storage device | |
| KR101290818B1 (en) | Secure patch system | |
| Jiao et al. | Dynamic data possession checking for secure cloud storage service | |
| Haifeng et al. | A Hierarchical Provable Massive Data Migration Method under Multicloud Storage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| OL01 | Intention to license declared | ||
| OL01 | Intention to license declared |