CN110049033A - A kind of cloud auditing method for supporting business data dynamic operation - Google Patents

A kind of cloud auditing method for supporting business data dynamic operation Download PDF

Info

Publication number
CN110049033A
CN110049033A CN201910283489.0A CN201910283489A CN110049033A CN 110049033 A CN110049033 A CN 110049033A CN 201910283489 A CN201910283489 A CN 201910283489A CN 110049033 A CN110049033 A CN 110049033A
Authority
CN
China
Prior art keywords
file
data block
information
data
cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910283489.0A
Other languages
Chinese (zh)
Inventor
沈剑
蒋玲红
金鑫
刘帅
苗田田
冯孟
戚荣鑫
董昳辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Information Science and Technology
Original Assignee
Nanjing University of Information Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Information Science and Technology filed Critical Nanjing University of Information Science and Technology
Priority to CN201910283489.0A priority Critical patent/CN110049033A/en
Publication of CN110049033A publication Critical patent/CN110049033A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention is a kind of cloud auditing method for supporting business data dynamic operation, forms a dynamic structure mutually mapped using bi-directional chaining information table and position array, can effectively realize the update of data dynamic and operation, reach the mobility and accessibility of data.Specific method process includes file pretreatment stage and integrity verification stage.Wherein file pretreatment stage includes public and private key to generating algorithm and file Preprocessing Algorithm.The integrity verification stage is divided into challenge generating algorithm, it was demonstrated that generating algorithm, and verifying prove algorithm.This kind of method solves mutual mistrustful problem between enterprise customer and cloud service provider.Simultaneously, it is contemplated that the privacy of outsourcing file data, the present invention also take the mode of no block verifying to realize to by the protection of Audit data privacy.

Description

A kind of cloud auditing method for supporting business data dynamic operation
Technical field
The invention belongs to big data processing technology field, specifically a kind of cloud for supporting business data dynamic operation is examined Meter method.
Background technique
In big data era, many enterprises are although it is recognized that the meaning and effect of information system management, but due to big Data have the characteristics that many kinds of, structure is complicated, quantity is big, and the storage redundancy of company information is many and diverse, search be even more it is inefficient not Convenient, authentic security is not effective for the storage of mass data, and expends mass communication and cost of device.With the development of cloud computing And the construction of mating basis instrument, cloud platform provide stronger and stronger storage service for user, data storage to cloud at For a kind of inexorable trend.But there are still enterprise customers and the mutually mistrustful problem of cloud service provider at present.Firstly, enterprise uses After file is uploaded to cloud and delete local data by family, the direct physical control to file is lost, incomplete cloud trusty The cloud data of user are distorted or deleted to the possible secret of service provider (for example, for saving memory space or due to hardware event Barrier), especially for the file seldom accessed, to obtain more interests.On the contrary, enterprise customer may also forge, frame a case against cloud clothes Business provider is without properly saving data and seeking compensation for.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of cloud auditing methods for supporting business data dynamic operation, can The efficient storage and lookup for supporting company information are realized to the real-time dynamic operation of data from cloud, make efficient and convenient cloud Audit platform, Strengthening Management transparency.
In order to solve the above technical problems, the technical solution adopted by the present invention are as follows:
A kind of cloud auditing method for supporting business data dynamic operation, it is characterized in that: utilizing bi-directional chaining information table and position It sets array and forms the dynamic structure mutually mapped, wherein include the file information and two kinds of data block information in bi-directional chaining information table Information element, the file information and data block information are bi-directional chaining, include user number and document number in the file information, The user number and document number includes version number V in the data block information for uniquely determining the file informationnWith when Between stab Tu,f,n, version number VnAnd time stamp Tu,f,nFor indicating the V of f-th of file of u-th of usernN-th of a version Data block information, is bi-directional chaining between the file information, is double between the corresponding data block information of same file information To link;
The position array is the storage of user file data block information, is named with user number, for cutting as index Parallel operation forms the mapping between data block call number and its physical location, Ax,yFor storing the physical location of each data block, In, Ax,ySubscript be used to indicate y-th of data block of x-th of file;
The cloud auditing method includes file pretreatment stage and integrity verification stage, the specific steps are as follows:
Step 1, file pre-processes;
S1 generates one group of signature key at random and encrypts to (ssk, spk) to filename;
S2, from ZpIn randomly select a several a part of a as system private key, generate complete private key sk=(a, ssk), And saved by enterprise customer's secret, wherein ZpRefer to the nonnegative integer set for being less than prime number p;
S3, system randomly select two generation member g and u from multiplicative cyclic group, enable v=ga, generate complete public key pk= (u, g, v, spk), the public key are in open state, and public key is used to verify the proof of cloud service provider generation;
S4 obtains complete key pair (sk, pk)={ (a, ssk), (u, g, v, spk) };
S5, splits the file into n data block, and enterprise customer is that each data block generates corresponding validatorWherein miData block is represented, indicates m1To mn, h () indicate hash function, act on random length and disappear Breath, σ={ σ can be obtained by returning to regular lengthi}i∈[1,n];ViIt is the version number of i-th of data block, TiIt is the time of i-th of data block Stamp;
S6 is each file generated file label: θ=U based on sskID||FID||SIG(UID||FID)ssk;Wherein, UIDTable Show User ID, FIDIndicate file ID, SIG is signature algorithm, for generating the file label based on ssk;
S7 uploads { F, σ, θ } to cloud service provider;
S8 uploads FID,UID,Vi,Ti,LociTo auditing by third party person, wherein LociMean that the physics of i-th of data block Position;
Step 2, integrity verification;
S1, auditing by third party person receive appointing for enterprise customer, issue testing for specified data file to cloud service provider Card application, that is, challenge, and verifying application is used for the integrality of verify data, and cloud service provider is by the files-designated of specified data file Label θ feeds back to auditor, verifies its validity by public key spk after auditor's reception;If authentication failed, documentary evidence by Damage;
S2, if validation verification success, auditor randomly selects the element in s position array, in bi-directional chaining information The information of respective data blocks indicated by s element is obtained in table;
S3, auditor send to cloud service provider and challenge: chal={ i, ri}i∈[1,s], wherein [1, n] s ∈, riBe from ZpIn randomly select;
S4, the label that cloud service provider provides instruction validator integrality proveIt is complete with designation date The data of whole property prove D=ΣI ∈ [1, s]mi·ri, and will completely prove that (T, D) is sent to auditor;
S5, auditor are each data block meter challenged according to the data information being stored in bi-directional chaining information table It calculates: DIi=e (h (Vi||Ti), v), wherein e () indicates Bilinear Pairing function, and be easy to get DI=∏i∈[1,s]DIi
S6, auditor examine equation:If equation is set up, cloud China and foreign countries bag data is complete;It is no Then, then documentary evidence is impaired.
When multiple files of the auditor to the same user, which carry out batch, audits, equation is verifiedIt is whether true, if equation is set up, prove the integrality of file verified And correctness;If equation is invalid, prove that at least one file is impaired in the file verified.
When multiple files of the auditor to multiple users, which carry out batch, audits, equation is verifiedIt is whether true, if equation is set up, prove The integrality and correctness for the file verified;If equation is invalid, at least one file in the file verified is proved It is impaired.
The operation that the data block information bi-directional chaining table can be inserted into, be deleted, modified, the data block information The concrete operations process of insertion are as follows: in data block miIt is inserted into data block m belowxWhen, enterprise customer generates data block information (Vx, Tx) and inserting instruction Binsert2T=(insert, UID,FID,i,x,Vx,Tx) it is sent to auditing by third party person, after auditor receives Update the information stored in bi-directional chaining information table and position array;Meanwhile enterprise customer is data block mxGenerate validator σxWith Binsert2C=(insert, UID,FID,i,mxx) it is sent to cloud service provider, in this document phase after cloud service provider reception Position is answered to be inserted into data block.
The concrete operations process that the data block information is deleted are as follows: deleting data block miWhen, enterprise customer generates Bdelect2T=(delect, UID,FID, i) be sent to auditing by third party person, auditor deleted after receiving bi-directional chaining information table and The information stored in the array of position;Meanwhile enterprise customer sends Bdelect2C=(delect, UID,FID, i) and it is provided to cloud service Quotient, cloud service provider delete this document corresponding position data block after receiving.
The concrete operations process of the described data block information replacement are as follows: by data block miIt is revised as mi *When, it generates corresponding Data block information (Vi *,Ti *) and Bmodify2T=(modify, UID,FID,i,Vi *,Ti *) it is sent to auditing by third party person, wherein easily Know Vi *=Vi+1.Auditor need to only update the information in bi-directional chaining information table after receiving;Meanwhile enterprise customer is data block For data block mi *Generate validator σx *WithIt is sent to cloud service provider, cloud clothes Business provider modifies data block in file corresponding position after receiving and updates validator.
This kind supports the cloud auditing method of business data dynamic operation that can realize number the beneficial effects are as follows: first According to the efficient convenient of dynamic operation.Propose a new structure to support the dynamic operation of data, simultaneously, it is contemplated that data are real Expense required for when property is excessive, and the program can postpone to update to data.
Second, solve mutual mistrustful problem between enterprise customer and cloud service provider.It is proposed in the present invention global The audit agreement of verifying and sampling verification.Overall situation verifying requires enterprise customer to be provided with respective counts when uploading or updating file It was demonstrated that the malice that can effectively avoid enterprise customer is slandered and is extorted;Sampling verification requires cloud service provider to provide outsourcing text Whether the outer bag data that the integrity certification of part investigates oneself to enterprise customer, for enterprise customer in real time is safely stored.
Third supports a variety of audit performances.In order to solve the problems, such as in audit process the ability of enterprise customer and resource-constrained, We introduce to have the auditor of professional ability and replace enterprise customer to participate in audit process as third party entity and help User investigates whether data are safely stored.Simultaneously, it is contemplated that the privacy of outsourcing file data, we take no block verifying Mode is realized to by the protection of Audit data privacy.
Detailed description of the invention
Fig. 1 is bi-directional chaining information table signal in a kind of cloud auditing method for supporting business data dynamic operation of the present invention Figure.
Fig. 2 is bi-directional chaining information table insertion text in a kind of cloud auditing method for supporting business data dynamic operation of the present invention Status diagram before part.
Fig. 3 is bi-directional chaining information table insertion text in a kind of cloud auditing method for supporting business data dynamic operation of the present invention Status diagram after part.
Fig. 4 is that bi-directional chaining information table deletes text in a kind of cloud auditing method for supporting business data dynamic operation of the present invention The variation schematic diagram of part.
Fig. 5 is bi-directional chaining information table modification text in a kind of cloud auditing method for supporting business data dynamic operation of the present invention The variation schematic diagram of part.
Fig. 6 is position array schematic diagram in a kind of cloud auditing method for supporting business data dynamic operation of the present invention.
Fig. 7 is the dynamic operation in a kind of cloud auditing method for supporting business data dynamic operation of the present invention in the array of position Schematic diagram.
Fig. 8 is data block insertion operation timing in a kind of cloud auditing method for supporting business data dynamic operation of the present invention Figure.
Fig. 9 is data block delete operation timing in a kind of cloud auditing method for supporting business data dynamic operation of the present invention Figure.
Figure 10 is that data block modifies the operation timing in a kind of cloud auditing method for supporting business data dynamic operation of the present invention Figure.
Specific embodiment
Below in conjunction with Figure of description and specific preferred embodiment, the invention will be further described.
A kind of cloud auditing method for supporting business data dynamic operation, this method is using global audit in audit by test service In enterprise customer, on the basis of ensureing enterprise customer's interests, overall situation audit is then to serve cloud provider, to all updates with it is upper The file of biography just audits to wherein all data blocks when being uploaded to cloud, can effectively avoid enterprise customer and third party examines The conspiracy attack of meter person.Wherein, enterprise customer possesses the auditing by third party person for having profession audit knowledge.
A dynamic structure mutually mapped is formed using bi-directional chaining information table and position array in the cloud auditing method, Efficiently to support dynamic operation.Firstly, bi-directional chaining information table is a kind of two dimensional data structure, audit letter for storing data Breath wherein includes two kinds of information elements, the file information and data block information, and the file information and data in bi-directional chaining information table Block message is bi-directional chaining between the two.As shown in Figure 1, left side is the file information, right side is data block information.In the file information Comprising user number and document number, in conjunction with user number and document number, representing this document is pair uploaded by the user of corresponding user number Answer document number file, the file information uniquely determined with this, at the same alleviate file it is more when the too long problem of document number.Data It include version number and timestamp in block message, it is specified that the version number newly uploaded is 1, one secondary version number of every update adds 1 thereafter.Time Stamp name includes user number, and the information such as document number and data block call number have uniquely indicated the file information.Version number VnWith when Between stab Tu,f,nRepresent the V of f-th of file of u-th of usernThe nth data block message of a version.By bi-directional chaining table Structural property it is found that be bi-directional chaining between the file information, can additions and deletions forward or backward change and look into file, and each the file information links Respective file data block.Also be bi-directional chaining between data block information, can additions and deletions forward or backward change and look into file data blocks.File and Data block information can arbitrarily search file and data block before and after present position, and when carrying out insertion with delete operation It will not cause the variation of alternative document and data block and recalculate.
It is respectively the bi-directional chaining information table before and after user x insertion file y such as Fig. 2 and Fig. 3.Detailed process is to disconnect first Bi-directional chaining before and after file insertion position resettles the bi-directional chaining of insertion file and front and back file.By the knot of position array Structure is not it is found that the inquiry of data block impacts array with modification, and the insertion of data block and deletion will cause array element A large amount of movements.Fig. 4 is the change procedure that file is deleted in bi-directional chaining information table, as shown, disconnected first when deleting file File front and back file to be deleted and the bi-directional chaining between it are opened, then re-forms the bi-directional chaining between the file of front and back.Text Part modification such as Fig. 5, carries out data block information modification in the data block information of respective file link, and version number adds 1 at this time, User number is operation user.
Position array is the storage of same user file data block information, is named with user number, can be used as index switch, Form the mapping between data block call number and its physical location.As shown in fig. 6, its structure is a common array, elements Ax,y Subscript represents y-th of data block of xth file, and storage content is the name of corresponding position data block.Element in the array of position Subscript represents the position of data block storage.It is inserted into a new element in the array of position, is illustrated in figure 7 insertion one and is named as mnNew element and delete one be named as m2Element variation.
This kind of cloud auditing method includes file pretreatment and integrity verification stage.Wherein file pretreatment stage includes public affairs Private key is to generating algorithm and file Preprocessing Algorithm.The integrity verification stage is divided into challenge generating algorithm, it was demonstrated that generating algorithm, And verifying proves algorithm.
File pretreatment stage: enterprise customer completes the pre-processing work of external APMB package in this stage.Firstly, enterprise User executes public and private key and automatically generates key pair to generating algorithm.Secondly, enterprise customer's operating file Preprocessing Algorithm is external APMB package is pre-processed, and audit information needed is sent respectively to auditing by third party person and cloud service provider.
The integrity verification stage: firstly, enterprise customer proposes audit requirement, third party to auditing by third party person in this stage Auditor executes challenge generating algorithm and challenges to cloud service provider.It is calculated secondly, cloud service provider executes to prove to generate Method, which will demonstrate that, feeds back to auditing by third party person.Finally, auditing by third party person, which executes verifying, proves that result is fed back to enterprise by algorithm User.
Further, the detailed process of file pretreatment stage are as follows:
S1 generates one group of signature key at random and encrypts to (ssk, spk) to filename;
S2, from ZpIn randomly select a several a part of a as system private key, generate complete private key sk=(a, ssk), And saved by enterprise customer's secret, wherein ZpRefer to the nonnegative integer set for being less than prime number p;
S3, system randomly select two generation member g and u from multiplicative cyclic group, enable v=ga, generate complete public key pk= (u, g, v, spk), the public key are in open state, and public key is used to verify the proof of cloud service provider generation;
S4 obtains complete key pair (sk, pk)={ (a, ssk), (u, g, v, spk) };
S5, splits the file into n data block, and enterprise customer is that each data block generates corresponding validatorσ={ σ can be obtainedi}i∈[1,n];Wherein, ViIt is the version number of i-th of data block, TiIt is i-th of data block Timestamp;
S6 is each file generated file label: θ=U based on sskID||FID||SIG(UID||FID)ssk;Wherein, UIDTable Show User ID, FIDIndicate file ID, SIG is signature algorithm, for generating the file label based on ssk;
S7 uploads { F, σ, θ } to cloud service provider;
S8 uploads FID,UID,Vi,Ti,LociTo auditing by third party person, wherein LociMean that the physics of i-th of data block Position;
The detailed process in integrity verification stage are as follows:
S1, auditing by third party person receive appointing for enterprise customer, issue testing for specified data file to cloud service provider Card application, verifying application are used for the integrality of verify data, and cloud service provider feeds back the file label θ of specified data file To auditor, its validity is verified by public key spk after auditor's reception;If authentication failed, documentary evidence is impaired;
S2, if validation verification success, auditor randomly selects the element in s position array, in bi-directional chaining information The information of respective data blocks indicated by s element is obtained in table;
S3, auditor send to cloud service provider and challenge: chal={ i, ri}i∈[1,s], wherein [1, n] s ∈, riBe from ZpIn randomly select;
S4, the label that cloud service provider provides instruction validator integrality proveIt is complete with designation date The data of whole property prove D=ΣI ∈ [1, s]mi·ri, and will completely prove that (T, D) is sent to auditor;
S5, auditor are each data block meter challenged according to the data information being stored in bi-directional chaining information table It calculates: DIi=e (h (Vi||Ti), v), be easy to get DI=∏i∈[1,s]DIi
S6, auditor examine equation:If equation is set up, cloud China and foreign countries bag data is complete;It is no Then, then documentary evidence is impaired.
In the S6 step of step 2, when multiple files of the auditor to the same user, which carry out batch, audits, verifying etc. FormulaIt is whether true, if equation is set up, prove the complete of the file verified Property and correctness;If equation is invalid, prove that at least one file is impaired in the file verified.
Further, when multiple files of the auditor to multiple users, which carry out batch, audits, equation is verifiedIt is whether true, if equation is set up, prove to be tested The integrality and correctness of the file of card;If equation is invalid, prove that at least one file is impaired in the file verified.
In the present embodiment, the operation that data block information bi-directional chaining table can be inserted into, be deleted, modified, the data The concrete operations process of block message insertion are as follows: in data block miIt is inserted into data block m belowxWhen, enterprise customer generates data block information (Vx,Tx) and inserting instruction Binsert2T=(insert, UID,FID,i,x,Vx,Tx) it is sent to auditing by third party person, auditor connects The information stored in bi-directional chaining information table and position array is updated after receipts;Meanwhile enterprise customer is data block mxGenerate verifying Device σxAnd Binsert2C=(insert, UID,FID,i,mxx) it is sent to cloud service provider, at this after cloud service provider reception Data block is inserted into file corresponding position.
The concrete operations process that data block information is deleted are as follows: deleting data block miWhen, enterprise customer generates Bdelect2T= (delect,UID,FID, i) and it is sent to auditing by third party person, auditor deletes bi-directional chaining information table and position array after receiving The information of middle storage;Meanwhile enterprise customer sends Bdelect2C=(delect, UID,FID, i) and give cloud service provider, cloud service This document corresponding position data block is deleted after receiving by provider.
The concrete operations process of data block information replacement are as follows: by data block miIt is revised as mi *When, generate respective data blocks Information (Vi *,Ti *) and Bmodify2T=(modify, UID,FID,i,Vi *,Ti *) it is sent to auditing by third party person, wherein V known to easilyi * =Vi+1.Auditor need to only update the information in bi-directional chaining information table after receiving;Meanwhile it is data that enterprise customer, which is data block, Block mi *Generate validator σx *WithIt is sent to cloud service provider, cloud service provides Quotient modifies data block in file corresponding position after receiving and updates validator.
This kind of cloud auditing method has references to a variety of important categories of audit agreement in order to have more actual application values Property.By introducing the auditing by third party person for being hired by enterprise customer and having profession audit knowledge, by auditor's audit document number According to obtaining the whether safe and complete conclusion of data and feeding back to enterprise customer, avoids enterprise customer's ability and asked with resource-constrained Topic, effectively reduces the burden of user terminal.In audit process, we are verified using no block realizes audit task, and third party examines Meter person and cloud service provider do not need to access entire file that answer is ensured in audit process according to integrity inquiries with this back and forth The privacy and safety of data.In addition, we support the batch of data to audit, auditor can verify multiple file datas simultaneously The case where, time and expense are largely saved simultaneously.
The above is only the preferred embodiment of the present invention, protection scope of the present invention is not limited merely to above-described embodiment, All technical solutions belonged under thinking of the present invention all belong to the scope of protection of the present invention.It should be pointed out that for the art For those of ordinary skill, several improvements and modifications without departing from the principles of the present invention should be regarded as protection of the invention Range.

Claims (6)

1. a kind of cloud auditing method for supporting business data dynamic operation, it is characterized in that: utilizing bi-directional chaining information table and position Array forms the dynamic structure mutually mapped, and the file information and two kinds of data block information letters are wherein included in bi-directional chaining information table Element is ceased, it includes user number and document number, institute in the file information that the file information and data block information, which are bi-directional chaining, The user number and document number stated include version number V in the data block information for uniquely determining the file informationnWith the time Stab Tu,f,n, version number VnAnd time stamp Tu,f,nFor indicating the V of f-th of file of u-th of usernThe nth of a version According to block message, it is bi-directional chaining between the file information, is two-way between the corresponding data block information of same file information Link;
The position array is the storage of user file data block information, is named with user number, for being used as index switch, Form the mapping between data block call number and its physical location, Ax,yFor storing the physical location of each data block, wherein Ax,y Subscript be used to indicate y-th of data block of x-th of file;
The cloud auditing method includes file pretreatment stage and integrity verification stage, the specific steps are as follows:
Step 1, file pre-processes;
S1 generates one group of signature key at random and encrypts to (ssk, spk) to filename;
S2, from ZpIn randomly select a several a part of a as system private key, generate complete private key sk=(a, ssk), and by Enterprise customer's secret saves, wherein ZpRefer to the nonnegative integer set for being less than prime number p;
S3, system randomly select two generation member g and u from multiplicative cyclic group, enable v=ga, generate complete public key pk=(u, g, V, spk), the public key is in open state, and public key is used to verify the proof of cloud service provider generation;
S4 obtains complete key pair (sk, pk)={ (a, ssk), (u, g, v, spk) };
S5, splits the file into n data block, and enterprise customer is that each data block generates corresponding validatorWherein miData block is represented, indicates m1To mn, h () indicate hash function, act on random length and disappear Breath, σ={ σ can be obtained by returning to regular lengthi}i∈[1,n];ViIt is the version number of i-th of data block, TiIt is the time of i-th of data block Stamp;
S6 is each file generated file label: θ=U based on sskID||FID||SIG(UID||FID)ssk;Wherein, UIDIt indicates to use Family ID, FIDIndicate file ID, SIG is signature algorithm, for generating the file label based on ssk;
S7 uploads { F, σ, θ } to cloud service provider;
S8 uploads FID,UID,Vi,Ti,LociTo auditing by third party person, wherein LociMean that the physical bit of i-th of data block It sets;
Step 2, integrity verification;
S1, auditing by third party person receive appointing for enterprise customer, and the verifying Shen of specified data file is issued to cloud service provider Please, that is, it challenges, verifying application is used for the integrality of verify data, and cloud service provider is by the file label θ of specified data file Auditor is fed back to, its validity is verified by public key spk after auditor's reception;If authentication failed, documentary evidence is impaired;
S2, if validation verification success, auditor randomly selects the element in s position array, in bi-directional chaining information table Obtain the information of respective data blocks indicated by s element;
S3, auditor send to cloud service provider and challenge: chal={ i, ri}i∈[1,s], wherein [1, n] s ∈, riIt is from ZpIn It randomly selects;
S4, the label that cloud service provider provides instruction validator integrality proveWith designation date integrality Data prove D=∑i∈[1,s]mi·ri, and will completely prove that (T, D) is sent to auditor;
S5, auditor calculate according to the data information being stored in bi-directional chaining information table for each data block challenged: DIi=e (h (Vi||Ti), v), wherein e () indicates Bilinear Pairing function, and be easy to get DI=∏i∈[1,s]DIi
S6, auditor examine equation:If equation is set up, cloud China and foreign countries bag data is complete;Otherwise, then Documentary evidence is impaired.
2. a kind of cloud auditing method for supporting business data dynamic operation according to claim 1, it is characterised in that: work as audit When member carries out batch audit to multiple files of the same user, equation is verified It is whether true, if equation is set up, prove the integrality and correctness of the file verified;If equation is invalid, institute is proved At least one file is impaired in the file of verifying.
3. a kind of cloud auditing method for supporting business data dynamic operation according to claim 1, it is characterised in that: when careful When meter person carries out batch audit to multiple files of multiple users, equation is verifiedIt is whether true, if equation is set up, demonstrate,prove The integrality and correctness of bright verified file;If equation is invalid, at least one text in the file verified is proved Part is impaired.
4. a kind of cloud auditing method for supporting business data dynamic operation according to claim 1, it is characterised in that: described The operation that can be inserted into, be deleted, modified of data block information bi-directional chaining table, the specific behaviour of the data block information insertion Make process are as follows: in data block miIt is inserted into data block m belowxWhen, enterprise customer generates data block information (Vx,Tx) and inserting instruction Binsert2T=(insert, UID,FID,i,x,Vx,Tx) it is sent to auditing by third party person, auditor updates bi-directional chaining letter after receiving The information stored in breath table and position array;Meanwhile enterprise customer is data block mxGenerate validator σxAnd Binsert2C= (insert,UID,FID,i,mxx) it is sent to cloud service provider, cloud service provider is inserted after receiving in this document corresponding position Enter data block.
5. a kind of cloud auditing method for supporting business data dynamic operation according to claim 4, it is characterised in that: described Data block information delete concrete operations process are as follows: delete data block miWhen, enterprise customer generates Bdelect2T= (delect,UID,FID, i) and it is sent to auditing by third party person, auditor deletes bi-directional chaining information table and position array after receiving The information of middle storage;Meanwhile enterprise customer sends Bdelect2C=(delect, UID,FID, i) and give cloud service provider, cloud service This document corresponding position data block is deleted after receiving by provider.
6. a kind of cloud auditing method for supporting business data dynamic operation according to claim 4, it is characterised in that: described Data block information replacement concrete operations process are as follows: by data block miIt is revised as mi *When, generate corresponding data block message (Vi *,Ti *) and Bmodify2T=(modify, UID,FID,i,Vi *,Ti *) it is sent to auditing by third party person, wherein V known to easilyi *=Vi+ 1.Auditor need to only update the information in bi-directional chaining information table after receiving;Meanwhile it is data block m that enterprise customer, which is data block,i * Generate validator σx *WithIt is sent to cloud service provider, cloud service provider connects Data block is modified in file corresponding position after receipts and updates validator.
CN201910283489.0A 2019-04-10 2019-04-10 A kind of cloud auditing method for supporting business data dynamic operation Pending CN110049033A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910283489.0A CN110049033A (en) 2019-04-10 2019-04-10 A kind of cloud auditing method for supporting business data dynamic operation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910283489.0A CN110049033A (en) 2019-04-10 2019-04-10 A kind of cloud auditing method for supporting business data dynamic operation

Publications (1)

Publication Number Publication Date
CN110049033A true CN110049033A (en) 2019-07-23

Family

ID=67276558

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910283489.0A Pending CN110049033A (en) 2019-04-10 2019-04-10 A kind of cloud auditing method for supporting business data dynamic operation

Country Status (1)

Country Link
CN (1) CN110049033A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113034811A (en) * 2021-03-23 2021-06-25 深圳市顺易通信息技术有限公司 Intelligent electronic cabinet supporting remote control protocol

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067363A (en) * 2012-12-20 2013-04-24 华中科技大学 Index conversion method for public data integrity checking
CN107426165A (en) * 2017-05-16 2017-12-01 安徽大学 Bidirectional secure cloud storage data integrity detection method supporting key updating
CN109525403A (en) * 2018-12-29 2019-03-26 陕西师范大学 A kind of anti-leakage that supporting user's full dynamic parallel operation discloses cloud auditing method
US20190097992A1 (en) * 2017-09-28 2019-03-28 Ramesh VelurEunni System and methods for minimizing security key exposure using dynamically administered bounds to cloud access
CN109639420A (en) * 2019-01-02 2019-04-16 西南石油大学 Based on block chain technology can anonymous Identity the public auditing method of medical cloud storage

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067363A (en) * 2012-12-20 2013-04-24 华中科技大学 Index conversion method for public data integrity checking
CN107426165A (en) * 2017-05-16 2017-12-01 安徽大学 Bidirectional secure cloud storage data integrity detection method supporting key updating
US20190097992A1 (en) * 2017-09-28 2019-03-28 Ramesh VelurEunni System and methods for minimizing security key exposure using dynamically administered bounds to cloud access
CN109525403A (en) * 2018-12-29 2019-03-26 陕西师范大学 A kind of anti-leakage that supporting user's full dynamic parallel operation discloses cloud auditing method
CN109639420A (en) * 2019-01-02 2019-04-16 西南石油大学 Based on block chain technology can anonymous Identity the public auditing method of medical cloud storage

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JIAN SHEN,DENGZHI LIU, QI LIU, ZHIHUA XIA AND TIANQI ZHOU: "A Novel Authentication Protocol with Tree-based", 《IEEE数据库》 *
沈珺: "云环境下支持动态操作的外包数据审计协议研究", 《中国优秀硕士论文全文数据库信息科技辑》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113034811A (en) * 2021-03-23 2021-06-25 深圳市顺易通信息技术有限公司 Intelligent electronic cabinet supporting remote control protocol

Similar Documents

Publication Publication Date Title
CN110958110B (en) Block chain private data management method and system based on zero knowledge proof
CN110011781B (en) Homomorphic encryption method and medium for transaction amount encryption and supporting zero knowledge proof
CN110300112A (en) Block chain key tiered management approach
CN107682308A (en) The electronic evidence preservation system for Channel Technology of being dived based on block chain
CN110321735B (en) Business handling method, system and storage medium based on zero knowledge certification
CN108737374A (en) The method for secret protection that data store in a kind of block chain
Elkhiyaoui et al. CHECKER: On-site checking in RFID-based supply chains
CN105227317B (en) A kind of cloud data integrity detection method and system for supporting authenticator privacy
CN105787389B (en) Cloud file integrality public audit evidence generation method and public audit method
CN112069547B (en) Identity authentication method and system for supply chain responsibility main body
CN110263584A (en) A kind of data integrity auditing method and system based on block chain
CN111835526B (en) Method and system for generating anonymous credential
CN109949035B (en) Block chain data privacy control method, device and system
CN108123934A (en) A kind of data integrity verifying method towards mobile terminal
CN109600228A (en) The signature method and sealing system of anti-quantum calculation based on public keys pond
CN109560935B (en) Anti-quantum-computation signature method and signature system based on public asymmetric key pool
CN111656386A (en) Managing transaction requests in ledger system
CN110597836A (en) Information query request response method and device based on block chain network
CN106991148A (en) It is a kind of to support the full database authentication system and method for updating operation
CN106611136A (en) Data tampering verification method in cloud storage
US11394533B2 (en) Method for storing database security audit records
CN107612969A (en) Cloud storage data integrity auditing method based on B Tree Bloom filters
CN115473703A (en) Identity-based ciphertext equivalence testing method, device, system and medium for authentication
Prasetyadi et al. Blockchain-based electronic voting system with special ballot and block structures that complies with Indonesian principle of voting
CN111630545A (en) Managing transaction requests in ledger system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190723

RJ01 Rejection of invention patent application after publication