CN109688107B - Cloud data safety positioning method based on integrity audit and communication time delay - Google Patents

Cloud data safety positioning method based on integrity audit and communication time delay Download PDF

Info

Publication number
CN109688107B
CN109688107B CN201811384531.XA CN201811384531A CN109688107B CN 109688107 B CN109688107 B CN 109688107B CN 201811384531 A CN201811384531 A CN 201811384531A CN 109688107 B CN109688107 B CN 109688107B
Authority
CN
China
Prior art keywords
data
cloud
delay
node
data owner
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811384531.XA
Other languages
Chinese (zh)
Other versions
CN109688107A (en
Inventor
姜涛
赵尹源
袁浩然
王一凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201811384531.XA priority Critical patent/CN109688107B/en
Publication of CN109688107A publication Critical patent/CN109688107A/en
Application granted granted Critical
Publication of CN109688107B publication Critical patent/CN109688107B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response

Abstract

The invention belongs to the technical field of distributed data geographic positioning, and discloses a cloud data safety positioning method based on integrity audit and communication time delay; the data owner uses a Reed-Solomon error correcting code to encode and encrypt an original data file, and the encoding operation is completed in an initialization stage; when a data owner wants to locate data in the cloud, each agent node is required to perform distributed challenge operation; each distributed agent receiving the data owner instruction will challenge cloud storage; the cloud server needs to receive a set of challenge requests and provide a certification result; the cloud server executes a challenge response protocol and broadcasts a recoverability certificate to each agent node; in the verification stage, the distributed nodes mainly execute a restorability verification function and extract geographic measurement information; the data owner runs a location estimation algorithm to estimate the location of the cloud server. The invention can check the potential malicious server which controls delay and forges position; it is considered to be effective and correct by theoretical analysis.

Description

Cloud data safety positioning method based on integrity audit and communication time delay
Technical Field
The invention belongs to the technical field of distributed data geographic positioning, and particularly relates to a cloud data safety positioning method based on integrity audit and communication time delay.
Background
Currently, the current state of the art commonly used in the industry is such that: cloud computing is an information technology that is now widely used and that can access and manage configuration system resources and higher level services anytime and anywhere. The most important advantage is that cloud computing technology allows companies to minimize the cost of building infrastructure in the early stages. Cloud storage is a main branch of cloud computing, and is widely applied to various fields. However, cloud service providers for data users are not completely trustworthy, and users lose physical control of data after uploading local data to a cloud server, so data location auditing is becoming one of the ever-increasing demands of users. At the same time, a semi-honest server may migrate/outsource data to other countries based on some economic benefits (e.g., lower taxes and lower infrastructure costs) or circumvent the data regulatory rules of the country. This may lead to a series of dangerous consequences. On the one hand, location sensitive service data that a user is enjoying may be stolen, and on the other hand, data may be outsourced to a host vulnerable to both physical and information security attacks, and natural disasters or disasters caused by cyber-world war may cause the user to lose the data completely. Even IT is not without precedent that amazon AWS cloud services and Google Drive could potentially have a large-scale disaster. Corresponding data protection laws and regulations have been promulgated by different countries and organizations. The european union's General Data Protection Regulation (GDPR), referred to as the "most historically strict privacy policy", will be enforced 5/25 of 2018. The regulations indicate that: the territory or department of the third country, or international organization, cannot ensure an adequate level of data protection. In other words, the european union believes that certain data should be contained within certain geographic boundaries. At the same time, regulations require that regulatory agencies can audit data periodically. Similar provisions can be found in russian data privacy laws and china network security laws. In the united states, user data belonging to different countries is protected by law across different countries, which shows the necessity for data location audits. The HIPAA standard compliant data center white paper also highlights the impact of geographical location changes. It proposes that natural disasters, climate changes and geographical boundary protection can in fact affect the quality of service of cloud service providers. This also alerts the importance and challenges of geolocation data. However, representatives of hardware geolocation such as cellular network, GPS, WIFI and bluetooth are not better applicable to hosts storing data in cloud environments. On the one hand, in order to achieve high accuracy with the above-mentioned positioning method, it is necessary to provide more infrastructure or to cooperate with the providers who own the facilities, which undoubtedly raises additional security problems. On the other hand, equipment costs are undoubtedly increased due to procurement requirements of hardware module facilities. Therefore, most recent research has focused on finding correlations between network delays and geographical distances in existing internet infrastructures. With the rapid development of internet infrastructure, smart devices play an increasingly important role in the cloud computing era. The 2018 global digital report from We Are Social and Hootsuite shows that over 40 million people Are now using the internet worldwide. Meanwhile, the number of mobile phone users in 2018 is 51.35 hundred million. That is, two-thirds of the 76 billion population worldwide now own a mobile phone. The smart phone serves as a mobile node, and the excellent mobility and the efficient positioning hardware module of the smart phone can replace the role of a fixed-position landmark host. A malicious cloud server can manipulate detailed parameters of geographic positioning measurement to forge a data position based on spoofing existing position software and hardware, a DLoc technology proposed in 2017 by academia gives consideration to all data certificates and a data positioning technology with considerable precision, but the scheme does not consider the situation that the malicious server outsources data for the second time, the technical reason is that an existing Ping protocol (round-trip delay halving algorithm) with measurement delay is used, and the defect of the protocol makes it difficult for a data owner to know the real geographic position of a cloud service provider; unfortunately, existing solutions are not sufficient to find such potential attackers.
In summary, the problems of the prior art are as follows:
(1) the existing distributed positioning scheme only considers the improvement of precision, however, for a malicious cloud server which secondarily outsources data based on economic motivation, if delayed injection attack is carried out, the existing positioning algorithm cannot detect such an attacker; in the academic world, attacks against traditional positioning methods have achieved great success.
(2) Although the existing scheme aiming at location verification can effectively detect a potential malicious attacker, the premise is that a user needs to know the specific location of data, however, the practical problem is that most cloud service providers do not give an accurate data location in a service level protocol based on the requirements of security and privacy, and therefore the data location verification scheme is often difficult to implement in actual situations.
(3) The latest academic scheme combining integrity verification and data positioning technology is performed in a manner of downloading data blocks by distributed nodes, which causes great communication overhead. In fact, similar overhead should be done at the server side.
The difficulty and significance for solving the technical problems are as follows:
(1) the difficulty of the above problem is that the data owner cannot exactly know the authenticity of the cloud server geographical location from the measured network parameters and the old technical solution causes a large communication overhead. Reducing and even transferring overhead to the cloud server is of great significance to a client that may be resource limited.
(2) The detection function of delayed injection attack is realized, whether the cloud service provider secondarily outsources the data of the user can be detected, so that the service of the service provider is timely terminated, and even the arbitration is applied through the existing electronic evidence, so that the method has important economic significance for ensuring a data owner enjoying the cloud service.
(3) The new delay estimation and position estimation algorithm is realized, and the error caused by network delay jitter can be reduced, so that the data can be positioned more accurately.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a cloud data safety positioning method based on integrity audit and communication time delay.
The invention is realized in such a way that a cloud data safety positioning method based on integrity audit and communication time delay comprises the following steps:
firstly, a data owner uses a Reed-Solomon error correcting code to encode an original data file and uses AES to encrypt, and the encoding operation is completed in an initialization stage;
secondly, when a data owner wants to locate data in the cloud, each agent node is required to perform distributed operation, and the distributed operation comprises two processes of agent selection and challenge arrangement;
thirdly, each distributed agent receiving the instruction of the data owner stores the challenge cloud; the cloud server needs to receive a set of challenge requests and provide a certification result, which contains some information of the integrity verification result and the network measurement;
fourthly, the cloud server executes a challenge response protocol and broadcasts a recoverability certification to each agent node;
fifthly, in a verification stage, the distributed nodes mainly execute a restorability verification function and extract geographic measurement information;
sixthly, the data owner operates a position estimation algorithm to estimate the position of the cloud server; the basic mathematical principle is a positive correlation of distance and delay; positioning by using a positioning algorithm containing positive and negative constraints; distance-delay relation function D through each proxy nodei=vit+biTo obtain each DiValue of (i), i.e. proxy node i to server AiDetermining the maximum and minimum values of the distance range
Figure GDA0001973351670000041
Figure GDA0001973351670000042
Then the agent node is taken as the center of a circle on the map,
Figure GDA0001973351670000043
drawing a circular ring for the radius range, and considering the centroid coordinate of the overlapping area as the presumed position of the cloud server; if the area of the overlapped area is 0, the cloud server is considered to transmit the data IIAnd (5) secondary outsourcing.
Further, the first step specifically includes: dividing an encoded file F into n file blocks M1,...,MnEach block has s sectors, Mi=(Mi1,Mi2,...,Mis) (ii) a Wherein
Figure GDA0001973351670000044
i 1,2, n, j 1,2, s, p is a large prime number; let e: GXG → GTIs a bilinear map with three hash functions H, H: {0,1}*→ G and
Figure GDA0001973351670000045
g is a generator of the group G, and the whole process of the protocol is as follows:
data owner random selection
Figure GDA0001973351670000046
Calculating v ═ gαThe private key is sk ═ (α), and the public key is pk=(v,{uj}1≤j≤s);
Data owner saves F ═ locally (M)1,...,Mn) The data owner generates a root R based on the construction of the Merkle hash tree and stores a file block H (M)i) The hash value of (i ═ 1., n) serves as the leaf node of the MHT. Thereafter, the data owner signs the root node R with his private key α: h (r)α←sigsk(R); file tag t ═ sigsk(R) a client maintained at the data owner; data owner for each block Mi=(Mi1,Mi2,...,Mis) Computing the signature σi
Figure GDA0001973351670000051
And phi ═ sigmai}1≤i≤nIs the set of signatures for all blocks, when the data owner sends F*Give the server { F, phi } and keep the file tag t local, without storing the file F locally*
Further, the second step specifically includes: the data owner maintains a database S locally, which includes list information for the entire distributed agent; for a certain file F at the owner of the received dataidUpon request, the data owner generates a request to the distributed agent riRequest list and file block identification SiSet of (C) { s ═ si,riRandomly selecting a data block of the file; and after the set is generated, sending the information of each challenge file block to the distributed nodes.
Further, the third step specifically includes: distributed agent riFile block identifier SiAnd a random number viSending to the server with local time stamp of each agent
Figure GDA00019733516700000511
Signing using a private key
Figure GDA0001973351670000052
Sent to the cloud server together
Figure GDA0001973351670000053
Further, the fourth step specifically includes: the cloud server receives the node i request
Figure GDA0001973351670000054
First, verify
Figure GDA0001973351670000055
And then performing an evidence generation algorithm. Detailed description of the invention
Figure GDA0001973351670000056
And
Figure GDA0001973351670000057
meanwhile, the cloud server returns auxiliary information about the Merkle tree, wherein the auxiliary information comprises the hash value { H } of the node where the file block is located(Mi)}1≤i≤cAnd data of some children of the tree [ omega ] finally, the cloud server broadcasts evidence to all distributed nodes
Figure GDA0001973351670000058
Further, the fifth step specifically includes:
by obtaining
Figure GDA0001973351670000059
Verifying signatures
Figure GDA00019733516700000510
By { H (M)i),Ω}1≤i≤cObtaining R and verifying received sigsk(R) a signature;
verification e (sig)sk(R),g)=e(R,v);
Authentication
Figure GDA0001973351670000061
If the verification of the steps is successful, the recoverability verification is passed.
Using local time stamp TjendCalculate from riIs sent out to rjTotal response time to challenge
Figure GDA0001973351670000062
Further, the sixth step specifically includes:
(1) distance estimation, distance D is defined as:
Di=vit+bi
and respectively estimating a relation function of the distance and the delay of each node. This can be obtained by analyzing a sample scatter plot between the geographic distances of the different nodes and the network delay.
(2) One-way delay estimation, each proxy node receives the broadcast and sends all measurement information I ═ vi,bi,TisjIs sent toAnd (3) a data owner, wherein the data owner optimizes the measurement data and calculates:
Figure GDA0001973351670000063
meanwhile, jointly calculating the traditional one-way delay estimation to obtain the final delay estimation:
Figure GDA0001973351670000064
(3) a positioning algorithm, which uses a positioning algorithm containing positive and negative constraints to perform positioning; distance-delay relation function D through each proxy nodei=vit+biTo obtain each DiTo the server A, proxy node iiDetermining the maximum and minimum values of the distance range
Figure GDA0001973351670000065
Figure GDA0001973351670000066
Then the agent node is taken as the center of a circle on the map,
Figure GDA0001973351670000067
drawing a circular ring for the radius range, and considering the centroid coordinate of the overlapping area as the presumed position of the cloud server; if the area of the overlapped area is 0, the cloud server is considered to carry out secondary outsourcing on the data;
finally, the data owner returns the audit results and estimated geographic location to the data owner.
The invention also aims to provide a distributed node model simulation system applying the cloud data safety positioning method based on integrity audit and communication time delay.
The invention further aims to provide a recoverability certification control system applying the cloud data safety positioning method based on integrity audit and communication time delay.
The invention further aims to provide a geographical positioning system of data in a remote cloud host, which applies the cloud data safety positioning method based on integrity audit and communication time delay.
In summary, the advantages and positive effects of the invention are:
the invention designs a decentralized data positioning system aiming at the problems that the ownership and the management right of user data are separated in a cloud environment, whether the data is outsourced for the second time is difficult to detect by a user and the like. The system challenges a cloud server storing data by using a distributed node through the existing Internet infrastructure and a challenge response protocol, collects network measurement data while receiving a response, and performs data recoverability certification and position estimation. Through a new delay estimation mode, an attacker who outsources data for the second time and maliciously manipulates delay can be effectively detected.
The recoverable certification tool used by the present invention is primarily directed to the user's identification of data for a particular user and reduces the user's communication overhead. By sending a file block challenge to be verified, the server performs an evidence generation operation on the file block, and a user can perform an evidence verification operation on the client. Firstly, editing an encrypted file through a Reed-Solomon error correcting code so as to reduce the probability of error storage of data; secondly, as the data is encrypted by the user, any other proxy node can initiate a challenge protocol instead of the user; thirdly, by performing data block challenge probabilistically, the challenge efficiency can be maximized (for example, for a file with 10000 file blocks, only 460 data blocks need to be verified, and whether the server is completely stored can be detected with a probability of 99%); finally, the tool is publicly verifiable, and a third party with user metadata can also perform evidence verification operation, which can be used as electronic evidence for assisting arbitration when relevant legal disputes occur.
The location estimation algorithm used by the present invention is primarily directed to finding a specific geographic location of a user. Compared with the prior positioning technology, the method has the advantages that on one hand, compared with the prior round-trip binary algorithm, the one-way delay estimation algorithm used by the method can effectively reduce errors and can effectively detect the position forgery attack of adversaries, on the other hand, the triangular positioning algorithm with positive and negative constraints is used for generating a specific linear regression function aiming at each distributed node instead of using the predefined internet speed, so that the positioning accuracy can be effectively improved;
drawings
Fig. 1 is a flowchart of a cloud data security positioning method based on integrity audit and communication delay according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of triangulation provided by an embodiment of the invention.
Fig. 3 is a schematic diagram of modes A2A and A2S according to an embodiment of the present invention.
Fig. 4 is a schematic diagram of a system model provided in an embodiment of the present invention.
FIG. 5 is a schematic diagram of a positioning algorithm including positive and negative constraints according to an embodiment of the present invention.
FIG. 6 is a diagram illustrating the results of applying a delay to affect an algorithm according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the problems that the existing data owners enjoying cloud services are difficult to check data storage positions, malicious cloud servers can manipulate parameters of geographic positioning measurement to forge data positions, and the existing scheme is not enough to find out the attackers. The invention can check the potential malicious server which controls delay and forges position; it is considered to be effective and correct by theoretical analysis.
The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.
As shown in fig. 1, the cloud data security positioning method based on integrity audit and communication delay provided by the embodiment of the present invention includes the following steps:
s101: the data owner uses Reed-Solomon codes to encode the original data file and uses AES algorithm to encrypt, and the encoding operation is completed in the initialization stage;
s102: when a data owner wants to locate data in the cloud, each agent node is required to perform distributed operation, and the distributed operation comprises two processes of agent selection and challenge arrangement;
s103: each distributed agent receiving the data owner instruction will challenge the cloud storage. The cloud server needs to receive a set of challenge requests and provide a certification result, which contains some information of the integrity verification result and the network measurement;
s104: the cloud server executes a challenge response protocol and broadcasts a recoverability certificate to each agent node;
s105: in the verification stage, the distributed nodes mainly execute a restorability verification function and extract geographic measurement information;
s106: the data owner runs a location estimation algorithm to estimate the location of the cloud server. The basic mathematical principle is a positive correlation of distance and delay.
The application of the principles of the present invention will now be described in further detail with reference to specific embodiments.
1. Preparation work
1.1 outsourcing Return Attestation
The recoverability certification model enables data owners to verify the recoverability of outsourced files on their storage servers. The data owner first encodes the data using a redundant code, such as a Reed-Solomon error correction code, and uploads it. To check the recoverability of its data, the data owner interacts with the cloud storage provider in a challenge-response protocol, checking the recoverability of a series of randomly selected file blocks, a new scheme named "outsourced recoverable evidence" (OPoR), which has the advantage of providing public verifiability and supporting dynamic data operations:
to support the above functions, two important pieces of knowledge need to be briefly described. Bilinear mapping is used to efficiently validate challenges, whereas Reed-Solomon codes are used in the pre-processing data phase.
1.1.1 bilinear mapping
Bilinear mapping properties, namely three prime p-th order group multiplication loop groups G1, G2, and GT. And defines a mapping e over the three groups: g1×G2→GTAnd satisfies the following properties: (1) bilinear: for arbitrary g1∈G1,g2∈G2,a,b∈ZpAll are provided with
Figure GDA0001973351670000091
If true; (2) non-degradability:
Figure GDA0001973351670000101
satisfy the requirement of
Figure GDA0001973351670000102
(3) Calculability: there are efficient algorithms, for arbitrary g1∈G1,g2∈G2All can calculate e (g)1,g2)。
1.1.2Reed-Solomon coding
Reed-Solomon codes are a group of error correcting codes proposed by irvings. In coding theory, Reed-Solomon codes belong to non-binary cyclic error correction codes. Reed-Solomon codes are based on univariate polynomials over finite fields. Any combination of up to t erroneous characters can be detected or up to t/2 characters can be corrected by adding t characters, where t is an additional check character. It is widely used in mass storage systems to correct burst errors associated with storage medium defects.
1.2 delay-based positioning technology
1.2.1 triangulation
There is a strong correlation between delay and distance, and certainly, the latest research on geolocation schemes is delay-based geolocation techniques. The search for delay-based geolocation techniques dates back at least to 2001. They use network delay measurements from geographically distributed locations to derive the coordinates of the target host. The main tools are triangulation algorithms, one-way delay estimation algorithms and cartesian coordinate system conversion tools.
The basic measurement consists of three hosts of known location and one host of unknown location. The invention can be seen in figure 2. When the invention has at least three positions of nearby hosts and the distances between the hosts and cloud data, the invention can draw three circle centers H1,H2And H3And their distance radius circle r1,r2And r3. The area of overlap may be the location of the data. Referred to as "triangulation.
1.2.2 one-way delay estimation
Triangulation schemes are mainly based on strong correlation between delay and geographical distance. In previous schemes, round trip delay (RTT) halving algorithms are often used as schemes to approximate the one-way delay, i.e., assuming that the forward and reverse delays are equal to half of the RTT. However, there are several disadvantages: (1) recent research has shown that the delay on the internet is asymmetric between unequal network nodes, such as data owners and servers. (2) Malicious adversaries can manipulate the results by increasing or decreasing the delay; (3) in a real network environment, network congestion and delay jitter (the difference between the maximum delay and the minimum delay) have a greater impact on round-trip delay.
In the present invention, the present invention estimates the delay using a one-way delay (OWD) instead of RTT to reduce the above disadvantages.
The invention uses three distributed agents A1,A2,A3And a cloud storage server S are described as an example. The overall one-way delay estimation algorithm can be divided into two methods, referred to as proxy-proxy (A2A) estimation and proxy-server (A2S) estimation.
Agent-agent estimation (A2A): the proxy node in the solution of the invention is considered trusted. As shown in fig. 3, the present invention makes the subscript of T denote the transmission direction of the data packet. E.g. T12Represents from A1To A2Transmission of (a), t12Indicating a smaller transmission time. If agent A sends a timestamp to B, it is clear thatEasy to accomplish, B can calculate T by subtracting the timestamp A sends to B from the timestamp at that time12. Finally, the invention will obtain T12,T21,T13,T31,T23,T32Six parameters of (2). Required time t12Can be calculated by the following formula:
Figure GDA0001973351670000111
similarly, other parameters t may be calculated in the same manner23And t13
Proxy-server estimation (A2S): unlike the previous A2A solution, where the server was considered untrusted in A2S, a malicious cloud server might forge the timestamp to hide itself. Abdou proposes an efficient algorithm for estimating OWD. As shown in fig. 2, the present invention requires the server to forward the request to three agents after receiving it. The invention can obtain 9 parameters, T respectively1S1,T1S2,T1S3,T2S1,T2S2,T2S3,T3S1,T3S2And T3S3. Then the invention calculates:
Figure GDA0001973351670000112
one-way delay TisCan be calculated by the following formula:
Figure GDA0001973351670000121
1.2.3 Cartesian coordinate System
When calculating the distance between two points, the earth is not a plane but a sphere, and the earth representing the position is called a geographical coordinate system, which is composed of latitude Φ and longitude λ. The haversine formula may be used to calculate the euclidean distance between two points. For any two points x (phi) on the earth11),y(φ22):
hav(d/R)=hav(φ21)+cos(φ1)cos(φ2)hav(λ21);
hav(θ)=sin2(θ/2)=(1-cos(θ))/2;
D is the distance between two points, R is the radius of the earth, and the value R of the invention is 6371km generally;
then the invention calculates d: d ═ Rhav-1(hav(d/R));
Substituting numerical values:
Figure GDA0001973351670000122
2 System model
In this section, the present invention will explain the working principles of the distributed data geolocation scheme. The three main entities in fig. 4 are explained first:
the owner of the data. And the entity stores the data into the cloud storage and maintains the data by depending on the cloud server. At the same time, will be responsible for the entire audit process.
And (4) cloud storage. An entity, set by the cloud service provider, is responsible for storing data of the data owner. Meanwhile, cloud storage is required to generate an integrity certificate to realize an auditing function.
A distributed agent. The distributed agent may be a smartphone or landmark host. They exclusively implement challenge-response protocols and collect network delay information separately.
3 threat model
3.1 general description
In this model, a data owner intends to outsource files to a cloud storage provider and claims that the data is stored in a secure and controllable storage server. However, based on many economic incentives, the owner's data may be re-outsourced by the cloud storage provider multiple times, which will pose serious economic and security problems in the cloud storage environment. Further, malicious cloud service providers, who intend to escape local data policing, may make data easily lost or even maliciously stolen.
The present invention contemplates an adversary that may use some special tools to hide its IP address and manipulate other identifying information that may reveal its relative location.
3.2 adversary ability
The present invention considers an adversary as a dishonest prover, with full authority to control its internal storage, servers and networks. That is, an adversary can change the delay in the following ways:
and (4) position measurement. In the countermeasure model of the present invention, to confirm the ability of an adversary to accurately estimate time measurements, the present invention assumes that the adversary has knowledge of the geographic information of all distributed nodes. An adversary may timely falsify responses to meet the correct delay.
And hiding the position. An attacker may (1) use proxy, Virtual Private Network (VPN), or onion routing techniques to hide its IP address. (2) Using ARP spoofing or BGP spoofing attacks, the switch data table is poisoned by redirecting network traffic to other hosts (3) with the same domain name and IP address, so that the data owner accesses the wrong network with the exact same domain name, IP address and unique MAC address, which makes the user unable to learn the data.
The manipulation is delayed. An attacker can randomly manipulate the delay to mislead the user's estimated position.
3.3 adversary limits
A limited number of false responses. It is assumed that the data owner can tolerate several false responses (e.g., response or delay time variations due to the actual internet environment) but the attacker cannot forge invalid evidence to the verifier many times.
An atomic operation. An atomic operation may be one step or multiple operation steps, but the order cannot be interrupted and cut to perform only one of the parts. This means that data reads by the outsource server may prove to take longer to generate than if stored on the cloud storage service provider's local drive.
Quality of service. Dishonest cloud storage service providers re-outsource data based on economic incentives, i.e., they can gain more benefit from re-outsourcing. If the cloud storage service provider provides the outsourcing scheme in the multi-hop mode in the storage, the cloud storage service provider may not respond to the request of the customer in time. In a practical situation, the user may terminate the service agreement because the service offered is lower than the required contract quality.
4 protocol
The whole auditing process can be divided into 6 steps including an initialization algorithm:
4.1 initialization
In order to better reflect the recoverability of the file and simplify the process, the invention firstly assumes that a data owner uses a Reed-Solomon code to encode the data file F encrypted by AES into F so as to further reduce the calculation cost of the resource-limited data owner client, and the encoding operation is completed in an initialization stage.
Now the encoded file F is divided into n file blocks M1,...,MnEach block having s sectors, i.e. Mi=(Mi1,Mi2,...,Mis). Wherein
Figure GDA0001973351670000141
i 1,2, n, j 1,2, s, p is a large prime number. Setting e: g → GTIs a bilinear map with three hash functions H, H: {0,1}*→ G and
Figure GDA0001973351670000142
let G be the generator of group G. The whole process of the protocol is as follows:
data owner random selection
Figure GDA0001973351670000143
Then, v ═ g is calculatedα. The private key is sk ═ (α) and the public key is pk=(v,{uj}1≤j≤s);
Data owner saves F ═ locally (M)1,...,Mn). To support dynamic operations, the data owner generates a root R based on the construction of the Merkle hash tree, andand order the storage file block H (M)i) The hash value of (i ═ 1., n) serves as the leaf node of the MHT. Thereafter, the data owner signs the root node R with his private key α: rα=sigsk(R) in the presence of a catalyst. File tag t ═ sigsk(R) is stored at the client of the data owner. Thereafter, the data owner M for each blocki=(Mi1,Mi2,...,Mis) Computing the signature σi
Figure GDA0001973351670000144
And phi ═ sigmai}1≤i≤nIs the set of signatures for all blocks, when the data owner sends F*Give the server { F, phi } and keep the file tag t local, without storing the file F locally*
4.2 setting challenges
When a data owner wants to locate data in his cloud, it needs to ask each proxy node to perform distributed operations. It includes two processes of agent selection and challenge arrangement. First, the basic requirement for proxy node selection is random selection. The goal is that an attacker cannot predict not only the proxy address, but also the file block that challenges the selection. Furthermore, agents should be selected near the estimated target cloud server, since not only the number of agents will affect accuracy, but their distance from the server will also have a significant impact. This means that the closer the proxy node is to the server, the more efficiently the data can be located.
The data owner maintains a database S locally that includes listing information for the entire distributed agent to properly perform the distributed challenge. For a certain file F at the owner of the received dataidUpon request, the data owner generates a request to the distributed agent riRequest list and file block identification siSet of (C) { s ═ si,ri}. To reduce the likelihood of adversary predicting challenging data blocks, data blocks of the file will be randomly selected. After the set is generated, the information of the respective challenge file blocks is sentAnd sending the data to the distributed nodes.
4.3 challenge phase
Each distributed agent receiving the data owner instruction will challenge the cloud storage. The cloud server needs to receive a set of challenge requests and provide a certification result, which contains some information of the integrity verification result and the network measurement.
Distributed agent riFile block identifier siAnd a random number
Figure GDA0001973351670000151
Sending to the server with local time stamp of each agent
Figure GDA0001973351670000152
Signing using a private key
Figure GDA0001973351670000153
Then, send
Figure GDA0001973351670000154
Sending the data to a cloud server;
4.4 evidence Generation
The cloud server executes a challenge-response protocol and broadcasts a recoverability certificate to each proxy node. The present invention uses a distributed proxy as verifier and a cloud server as prover to describe this algorithm model:
the cloud server receives the node i request
Figure GDA0001973351670000155
First, verify
Figure GDA0001973351670000156
And then performing an evidence generation algorithm. Detailed description of the invention
Figure GDA0001973351670000157
And
Figure GDA0001973351670000158
meanwhile, the cloud server will return some auxiliary information about the Merkle tree, including the hash value { H (M) of the node where the file block is locatedi)}1≤i≤cAnd data of some children of the tree [ omega ] finally, the cloud server broadcasts evidence to all distributed nodes
Figure GDA0001973351670000161
4.5 recoverability verification
In the verification stage, the distributed nodes mainly execute a recoverability verification function and extract geographic measurement information, and the method specifically comprises the following five steps:
by obtaining
Figure GDA0001973351670000162
Verifying signatures
Figure GDA0001973351670000163
By { H (M)i),Ω}1≤i≤cObtaining R and verifying received sigsk(R) a signature;
verification e (sig)sk(R),g)=e(R,v);
Authentication
Figure GDA0001973351670000164
If the four steps verify successfully, the recoverability verification is passed.
Using local time stamp TjendCalculate from riIs sent out to rjTotal response time T of received challengeisj=Tjend-Tjstart
It is noted that due to the presence of the broadcast mechanism, the authentication algorithm may be executed at a certain node (even the data owner may act as a certain node), while the geographical measurement information requires the participation of all distributed nodes.
And after the algorithm is finished, each node sends the acquired measurement information to a data owner.
4.6 location estimation
The data owner runs a location estimation algorithm to estimate the location of the cloud server. The basic mathematical principle is a positive correlation of distance and delay, and the invention will next discuss and define the relevant parameters.
4.6.1 distance estimation
The data transmission speed is very fast. Data is transmitted through the optical fiber cable to almost
Figure GDA0001973351670000165
Where c is the speed of light in vacuum (c is 3 × 10)8m/s) for deducing the delay of the distance, the speed of the data packet is such that the data transmitted via the internet is already close
Figure GDA0001973351670000166
This ratio is called the internet Speed (SOI).
However, to achieve better granularity, it is a challenge to better estimate the speed of data transmitted over a cable. In fact, the present invention should be a function of the distance estimated separately and the delay of each node, since the network environment (delay jitter, router detour) of different agents is different. This can be obtained by analyzing a sample scatter plot between geographic distance and network delay. IP addresses of known locations (e.g., universities, companies, etc. with public addresses) are challenged by using ping.
By computing a linear regression function, the distance D can be defined simply as:
Di=vit+bi
4.6.2 one-way delay estimation
Each proxy node receives the broadcast and sends all the measurement information I ═ vi,bi,TisjIs sent to the data owner
Optimizing the measurement data by the data owner, and calculating:
Figure GDA0001973351670000171
meanwhile, the traditional one-way delay estimation is jointly calculated (using a round-trip time halving algorithm), and the invention obtains the final delay estimation:
Figure GDA0001973351670000172
4.6.3 location algorithm
Through the improvement of the triangulation algorithm, the invention uses a positioning algorithm containing positive and negative constraints for positioning, as shown in fig. 5. Distance-delay relation function D through each proxy nodei=vit+biCan derive each DiValue of (proxy node i to server a)iDistance) of the distance range, determining the maximum and minimum of the distance range on the basis thereof
Figure GDA0001973351670000173
Figure GDA0001973351670000174
Then the invention takes the agent node as the center of a circle on the map,
Figure GDA0001973351670000175
for the range of radii, a circle is drawn, and the centroid coordinates of the overlapping area are considered as the presumed location of the cloud server. If the overlapped area is 0, the cloud server is considered to outsource the data for the second time.
It should be noted that in order to better detect whether the detection adversary is manipulating a delay, the present invention uses max in checking the overlapping areaiTo calculate the distance function and perform the overlap check, if the check area exists, then use miniAnd substituting the distance function to calculate the mass center.
Finally, the data owner returns the audit results and estimated geographic location to the data owner.
The effect of the present invention will be described in detail with reference to the experiments.
Simple geo-location algorithms cannot detect whether an adversary manipulates a delay without knowing the user data location. However, for the operation that the broadcast mechanism algorithm mentioned in the invention can effectively detect the malicious attacker, the main method is to utilize the maximum one-way delay estimation value maxi
Now assume that an adversary can understand all the environmental jitter in the landmark network links and try to manipulate and execute attacks against the target injection delay based on the information that has been acquired. Notably, since the challenge block for integrity audit is randomly generated and the process of generating evidence is involved in random numbers, an attacker cannot shorten the response time by predicting the challenge block and generating data in advance. The only ability of an attacker to influence the outcome of the algorithm by increasing the delay.
Now assume that the network delay jitter is negligible, maxi=mini. According to the algorithm provided by the scheme, if the attacker wants to increase a certain maxiThe value of (c):
increase of TisiThe value of (c). This means that the attacker inserts a delay in responding to the proxy node i. DiThe increase in (c) may result in the triangulation algorithms not overlapping.
Increase tiskOr tisjThe value of (c). That is, a delayed injection attack is performed when broadcasting to the proxy node k or j. To increase tiskFor example. According to the algorithm of the invention, t is increasediskWill result in maxiAnd maxkWhile increasing, this will certainly also cause the triangulation algorithm to fail (as shown in fig. 6).
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. A cloud data safety positioning method based on integrity audit and communication delay is characterized by comprising the following steps:
firstly, a data owner uses a Reed-Solomon code to encode an original data file and uses AES (advanced encryption standard) to encrypt, and the encoding operation is completed in an initialization stage;
secondly, when a data owner wants to locate data in the cloud, each agent node is required to perform distributed challenge operation, wherein the distributed challenge operation comprises two processes of agent selection and challenge arrangement;
thirdly, each distributed agent receiving the instruction of the data owner stores the challenge cloud; the cloud server needs to receive a set of challenge requests and provide a certification result, which contains some information of the integrity verification result and the network measurement;
fourthly, the cloud server executes a challenge response protocol and broadcasts a recoverability certification to each agent node;
fifthly, in the verification stage, the distributed nodes execute a restorability verification function and extract geographic measurement information;
sixthly, the data owner operates a position estimation algorithm to estimate the position of the cloud server; the basic mathematical principle is a positive correlation of distance and delay; positioning by using a positioning algorithm containing positive and negative constraints; distance-delay relation function D through each proxy nodei=vit+biTo obtain each DiTo the server A, proxy node iiDetermining the maximum and minimum values of the distance range
Figure FDA0003244819480000011
Figure FDA0003244819480000012
Then the agent node is taken as the center of a circle on the map,
Figure FDA0003244819480000013
drawing a circular ring for the radius range, and considering the centroid coordinate of the overlapping area as the presumed position of the cloud server; if the areas of overlapAnd if the area is 0, the cloud server is considered to carry out secondary outsourcing on the data.
2. The cloud data security positioning method based on integrity audit and communication delay as claimed in claim 1, wherein the first step specifically includes: dividing an encoded file F into n file blocks M1,...,MnEach block has s sectors, Mi=(Mi1,Mi2,...,Mis) (ii) a Wherein
Figure FDA0003244819480000014
p is a large prime number; setting e: g → GTIs a bilinear map with three hash functions H, H: {0,1}*→ G and
Figure FDA0003244819480000021
g is a generator of the group G, and the whole process of the protocol is as follows:
data owner random selection
Figure FDA0003244819480000022
Calculating v ═ gαThe private key sk (α) and the public key pk (v, { u) are used as the keysj}1≤j≤s);
Data owner saves F ═ locally (M)1,...,Mn) The data owner generates a root R based on the construction of a Merkle Hash Tree (MHT) and stores a file block H (M)i) A hash value of (i ═ 1..., n) as a leaf node of the MHT; the data owner signs the root node R with his private key α: h (r)α←sigsk(R); file tag t ═ sigsk(R) a client maintained at the data owner; data owner for each block Mi=(Mi1,Mi2,...,Mis) Computing the signature σi
Figure FDA0003244819480000023
And phi ═ sigmai}1≤i≤nIs the set of signatures for all blocks, when the data owner sends F*Give the server { F, phi } and keep the file tag t local, without storing the file F locally*
3. The cloud data security positioning method based on integrity audit and communication delay as claimed in claim 1, wherein the second step specifically includes: the data owner maintains a database S locally, which includes list information for the entire distributed agent; for a certain file F at the owner of the received dataidUpon request, the data owner generates a request to the distributed agent riRequest list and file block identification SiSet of (C) { S ═ Si,riRandomly selecting a data block of the file; and after the set is generated, sending the information of each challenge file block to the distributed nodes.
4. The cloud data security positioning method based on integrity audit and communication delay as claimed in claim 1, wherein the third step specifically includes: distributed agent riFile block identifier SiAnd a random number viSending to the server with local time stamp of each agent
Figure FDA0003244819480000024
Signing using a private key
Figure FDA0003244819480000025
Sent to the cloud server together
Figure FDA0003244819480000026
5. The cloud data security positioning method based on integrity audit and communication delay as claimed in claim 1, wherein said fourth step specifically includes: the cloud server receives the node i request
Figure FDA0003244819480000031
First, verify
Figure FDA0003244819480000032
Carrying out an evidence generation algorithm after correctness is achieved; detailed description of the invention
Figure FDA0003244819480000033
And
Figure FDA0003244819480000034
meanwhile, the cloud server returns auxiliary information about the merkle tree, wherein the auxiliary information comprises the hash value { H (M) of the node where the file block is locatedi)}1≤i≤cAnd data for some children of the tree { Ω }; finally, the cloud server broadcasts evidence to all distributed nodes
Figure FDA0003244819480000035
6. The cloud data security positioning method based on integrity audit and communication delay as claimed in claim 1, wherein the fifth step specifically includes:
by obtaining
Figure FDA0003244819480000036
Verifying signatures
Figure FDA0003244819480000037
Figure FDA0003244819480000038
A local timestamp representing the ith agent at the start of the challenge;
by { H (M)i),Ω}1≤i≤cObtaining R and verifying received sigsk(R) a signature;
verification e (sig)sk(R),g)=e(R,v);
Authentication
Figure FDA0003244819480000039
If the verification of the steps is successful, the recoverability verification is passed;
using local timestamps
Figure FDA00032448194800000310
Calculate from riIs sent out to rjTotal response time to challenge
Figure FDA00032448194800000311
7. The cloud data security positioning method based on integrity audit and communication delay as claimed in claim 1, wherein the sixth step specifically includes:
(1) distance estimation, distance D is defined as:
Di=vit+bi
the relationship function of the respectively estimated distance and the delay of each node can be obtained by collecting and analyzing a sample scatter diagram between the geographical distance of each agent node and the network delay;
(2) one-way delay estimation, each proxy node receives the broadcast and sends all measurement information I ═ vi,bi,TisjSending the data to a data owner, optimizing measurement data by the data owner, and calculating:
Figure FDA0003244819480000041
meanwhile, jointly calculating the traditional one-way delay estimation to obtain the final delay estimation:
Figure FDA0003244819480000042
(3) a positioning algorithm, which uses a positioning algorithm containing positive and negative constraints to perform positioning; distance-delay relation function D through each proxy nodei=vit+biTo obtain each DiValue of (i), i.e. proxy node i to server AiDetermining the maximum and minimum values of the distance range
Figure FDA0003244819480000043
Figure FDA0003244819480000044
Then the agent node is taken as the center of a circle on the map,
Figure FDA0003244819480000045
drawing a circular ring for the radius range, and considering the centroid coordinate of the overlapping area as the presumed position of the cloud server; if the area of the overlapped area is 0, the cloud server is considered to carry out secondary outsourcing on the data;
finally, the data owner returns the audit results and estimated geographic location to the data owner.
8. A distributed node model simulation system applying the integrity audit and communication delay based cloud data safety positioning method as claimed in any one of claims 1 to 7.
9. A recoverability certification control system applying the integrity audit and communication delay based cloud data safety positioning method according to any one of claims 1 to 7.
10. A geographical positioning system of data in a remote cloud host applying the cloud data safety positioning method based on integrity audit and communication time delay of any one of claims 1 to 7.
CN201811384531.XA 2018-11-20 2018-11-20 Cloud data safety positioning method based on integrity audit and communication time delay Active CN109688107B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811384531.XA CN109688107B (en) 2018-11-20 2018-11-20 Cloud data safety positioning method based on integrity audit and communication time delay

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811384531.XA CN109688107B (en) 2018-11-20 2018-11-20 Cloud data safety positioning method based on integrity audit and communication time delay

Publications (2)

Publication Number Publication Date
CN109688107A CN109688107A (en) 2019-04-26
CN109688107B true CN109688107B (en) 2021-11-09

Family

ID=66185459

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811384531.XA Active CN109688107B (en) 2018-11-20 2018-11-20 Cloud data safety positioning method based on integrity audit and communication time delay

Country Status (1)

Country Link
CN (1) CN109688107B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110266475A (en) * 2019-05-20 2019-09-20 广东工业大学 A kind of cloud storage data safety auditing method
CN110300368B (en) * 2019-05-24 2021-01-01 中国人民解放军63880部队 IP geographical positioning system overall processing method
CN111859412A (en) * 2020-06-11 2020-10-30 中国科学院信息工程研究所 Cloud data position public verification method and system based on CPOR model
CN111914044B (en) * 2020-06-11 2023-06-30 中国科学院信息工程研究所 Verification method and system for cloud data geographic position
CN113423108B (en) * 2021-05-11 2022-07-12 西安电子科技大学 Remote certification method, system, computer equipment and data processing terminal
CN113507512B (en) * 2021-06-30 2022-10-21 中标慧安信息技术股份有限公司 Internet of things platform storage end data storage security detection method and system
CN113938483B (en) * 2021-10-29 2023-06-16 北京京航计算通讯研究所 Node identity verification method and system of distributed AI collaborative computing system
CN114091057B (en) * 2021-11-08 2022-04-26 深圳致星科技有限公司 Federal learning safety audit method and device based on model simulation
CN114844781B (en) * 2022-05-20 2023-05-09 南京大学 Method and system for optimizing Shuffle performance for encoding MapReduce under Rack architecture
CN116527729B (en) * 2023-07-03 2023-09-05 厦门泛卓信息科技有限公司 Distributed data management system based on Web3

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488104A (en) * 2009-02-26 2009-07-22 北京世纪互联宽带数据中心有限公司 System and method for implementing high-efficiency security memory
CN104601605A (en) * 2015-02-28 2015-05-06 北方工业大学 Efficient privacy protection auditing scheme based on chameleon hash function in cloud storage
CN104902027A (en) * 2015-06-12 2015-09-09 电子科技大学 Cloud storage service-oriented dynamic data integrity auditing program
US9148173B2 (en) * 2012-03-30 2015-09-29 California Institute Of Technology Distributed reed-solomon codes for simple multiple access networks
CN105474166A (en) * 2013-03-15 2016-04-06 先进元素科技公司 Methods and systems for purposeful computing
CN107483585A (en) * 2017-08-18 2017-12-15 西安电子科技大学 The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment
CN108647525A (en) * 2018-05-09 2018-10-12 西安电子科技大学 The secret protection single layer perceptron batch training method that can verify that

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8817984B2 (en) * 2011-02-03 2014-08-26 mSignia, Inc. Cryptographic security functions based on anticipated changes in dynamic minutiae

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488104A (en) * 2009-02-26 2009-07-22 北京世纪互联宽带数据中心有限公司 System and method for implementing high-efficiency security memory
US9148173B2 (en) * 2012-03-30 2015-09-29 California Institute Of Technology Distributed reed-solomon codes for simple multiple access networks
CN105474166A (en) * 2013-03-15 2016-04-06 先进元素科技公司 Methods and systems for purposeful computing
CN104601605A (en) * 2015-02-28 2015-05-06 北方工业大学 Efficient privacy protection auditing scheme based on chameleon hash function in cloud storage
CN104902027A (en) * 2015-06-12 2015-09-09 电子科技大学 Cloud storage service-oriented dynamic data integrity auditing program
CN107483585A (en) * 2017-08-18 2017-12-15 西安电子科技大学 The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment
CN108647525A (en) * 2018-05-09 2018-10-12 西安电子科技大学 The secret protection single layer perceptron batch training method that can verify that

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revocation》;Tao Jiang,et.al;《IEEE TRANSACTIONS ON COMPUTERS》;20160831;全文 *
《Secure and Efficient Cloud Data Deduplication with Ownership Management》;Haoran Yuan,et.al;《IEEE》;20171231;全文 *

Also Published As

Publication number Publication date
CN109688107A (en) 2019-04-26

Similar Documents

Publication Publication Date Title
CN109688107B (en) Cloud data safety positioning method based on integrity audit and communication time delay
US9178894B2 (en) Secure routing based on the physical locations of routers
Gondree et al. Geolocation of data in the cloud
Peterson et al. A position paper on data sovereignty: The importance of geolocating data in the cloud
US9201131B2 (en) Secure routing based on degree of trust
Benson et al. Do you know where your cloud files are?
CN111386674B (en) Terminal identity protection method in communication system
Watson et al. Lost: location based storage
JP6538644B2 (en) Secure routing based on physical location of router
Esposito et al. On data sovereignty in cloud-based computation offloading for smart cities applications
EP2810419B1 (en) Secure routing based on degree of trust
CN106062750B (en) Provable geolocation
Paladi et al. “One of our hosts in another country”: Challenges of data geolocation in cloud storage
Ries et al. Verification of data location in cloud networking
CN110808953B (en) Cloud data verifiable backup method with position perception
Jiang et al. Reliablebox: Secure and verifiable cloud storage with location-aware backup
Salek et al. A review on cybersecurity of cloud computing for supporting connected vehicle applications
Badr et al. Blockchain-based ride-sharing system with accurate matching and privacy-preservation
CN115052286A (en) User privacy protection and target query method and system based on location service
JP6556976B2 (en) Geocentration based on network ranging
Son et al. Design of secure and lightweight authentication scheme for UAV-enabled intelligent transportation systems using blockchain and PUF
Eskandari et al. Vloc: An approach to verify the physical location of a virtual machine in cloud
Zhao et al. Secure distributed data geolocation scheme against location forgery attack
Hegde et al. Hash based integrity verification for vehicular cloud environment
de Moraes et al. A systematic review of security in the lorawan network protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant