CN110650152B - Cloud data integrity verification method supporting dynamic key updating - Google Patents

Cloud data integrity verification method supporting dynamic key updating Download PDF

Info

Publication number
CN110650152B
CN110650152B CN201910970921.3A CN201910970921A CN110650152B CN 110650152 B CN110650152 B CN 110650152B CN 201910970921 A CN201910970921 A CN 201910970921A CN 110650152 B CN110650152 B CN 110650152B
Authority
CN
China
Prior art keywords
key
data
cloud
trusted
user side
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910970921.3A
Other languages
Chinese (zh)
Other versions
CN110650152A (en
Inventor
李莉
韦鹏程
王博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Education
Original Assignee
Chongqing University of Education
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Education filed Critical Chongqing University of Education
Priority to CN201910970921.3A priority Critical patent/CN110650152B/en
Publication of CN110650152A publication Critical patent/CN110650152A/en
Application granted granted Critical
Publication of CN110650152B publication Critical patent/CN110650152B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of cloud storage data processing, and discloses a cloud data integrity verification method supporting dynamic key updating; a quintuple is used for representing a cloud storage algorithm to realize cloud storage and verification; encrypting by using an RSA encryption algorithm and a user public key PK; the data owner requests a new key from the trusted third party, which returns the new key and is encrypted with the data owner's public key PK. The invention uses a secret key wrapping technology to process, the data uploaded to the cloud end is encrypted by a symmetric encryption algorithm, and an encrypted secret key is encrypted by a public key cryptosystem. In order to improve the safety of the scheme; a trusted third party is introduced to support dynamic updating of keys. According to the invention, a safe cloud storage scheme is adopted, so that a user can store data to the cloud server in a blocking manner and carry out integrity check on the data at regular time. And when the data is uploaded to the cloud, double encryption is carried out to protect the data security, and the secret key is dynamically updated when an event is triggered.

Description

Cloud data integrity verification method supporting dynamic key updating
Technical Field
The invention belongs to the technical field of cloud storage data processing, and particularly relates to a cloud data integrity verification method supporting dynamic key updating.
Background
Currently, the closest prior art: cloud storage is a new and developing storage technology based on cloud computing. With the advent of the big data era, how to safely store mass data is a headache problem for enterprises or individuals. If the user can safely store mass data in the cloud server of the enterprise or the leased cloud server, and can extract the data at any time when needed, the huge software and hardware cost and expenditure of the storage can be greatly reduced. Therefore, once cloud storage is proposed, the cloud storage is concerned by all communities, and all manufacturers also successively produce their own cloud storage products, such as amazon's simple cloud storage service, Rackspace's cloud files, and the like, and then the hardware of which the products mainly concern is the hot spot of research of today's scholars how to design safe storage data and provide integrity check by using the hardware.
In order to solve the above problems, a large number of papers for integrity detection of cloud data are emerging. In data integrity verification schemes, data ownership (PDP) is a critical technology among others. In 2007, Atenise et al put forward the concept of PDP for the first time, and then Swminathana et al improved the scheme, and introduced the homomorphic-based Hash function to improve efficiency, but the scheme does not address the dynamic update problem. Chen proposes a scheme for designing secure cloud storage according to network coding, any network coding is given, a corresponding cloud storage scheme can be systematically constructed, but the problems of data privacy and the like are not considered, Yang and Wang respectively propose a data auditing scheme for checking data integrity, but a complex cryptography tool is adopted in the scheme, and the overall efficiency needs to be improved.
In summary, the problems of the prior art are as follows:
(1) the existing scheme mainly focuses on the data integrity inspection problem and does not relate to data confidentiality and privacy protection.
(2) The existing scheme does not relate to the problems of key management and dynamic updating.
(3) The efficiency of outsourcing in the existing scheme needs to be improved, and the processing time is long.
The difficulty of solving the technical problems is as follows:
(1) the scheme needs to be added with a privacy protection function, data confidentiality is increased, and it is ensured that only authorized users can correctly access data.
(2) The key generation, distribution and storage under the trusted environment need to be solved.
(3) The data outsourcing algorithm needs to be redesigned, and a lighter-weight cryptographic algorithm is adopted, so that the scheme is more efficient.
The significance of solving the technical problems is as follows:
(1) the confidentiality of the data and the privacy of the data are effectively protected, and the credit on the cloud service is further improved.
(2) The cipher text can be updated regularly by dynamically updating the cipher key, so that the security is improved, and the risk of breaking the plaintext by intrusion is reduced.
(3) The efficiency of the scheme is improved, so that the scheme has more practical significance.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a cloud data integrity verification method supporting dynamic key updating.
The invention is realized in such a way that a cloud data integrity verification method supporting dynamic key updating comprises the following steps:
the method comprises the following steps that firstly, a quintuple is used for representing a cloud storage algorithm to realize cloud storage and verification;
secondly, encrypting by using an RSA encryption algorithm and a user public key PK;
and thirdly, the data owner requests a new secret key from the trusted third party, and the trusted third party returns the new secret key and encrypts the secret key by using the public key PK of the data owner.
Further, the quintuple of the first step specifically includes:
(1) KeyGen: inputting a security parameter lambda, and generating a private key SK and a public key PK used in a cloud storage and verification algorithm by a user side, wherein the specific process is as follows: generating prime number c, generating large random prime numbers a and b, and generating other random prime numbers e, p by taking note that a-1 and b-1 need to be relatively prime with c1,p2…pnLet d be a · b, and public key PK be (e, p)1,p2…pnC, d), the private key SK ═ (a, b);
(2) outsource: the data is divided into blocks, each block has a size of n, and m blocks are provided, wherein each block is expressed as: w is ai=1,2,...m=[yi1,yi2…yin]Each element belonging to a finite field
Figure BDA0002232044290000031
Generating random numbers
Figure BDA0002232044290000032
Find a random number for each block
Figure BDA0002232044290000033
So that the following equation holds:
Figure BDA0002232044290000034
let ti(s, v, y) is referred to as wiThe data block is sent to the cloud end C together with the authentication informationt={wi,ti}i=1,2...m
(3) And (2) Audit: the user terminal generates l random numbers, and ij=1,2...l,0≤ijLess than or equal to m, mixingj=1,2...lSending the cloud as a query Q;
(4) and (iv) pro: the cloud generates gamma as a corresponding proof of the query Q, and extracts information in the query block
Figure BDA0002232044290000035
Computing federation information w*And joint authentication information t*
Figure BDA0002232044290000036
Figure BDA0002232044290000037
Figure BDA0002232044290000038
Figure BDA0002232044290000039
And (3) calculating:
Figure BDA00022320442900000310
then the information w is combined*The joint authentication information of t*=(s*,v*,y*) Cloud will prove Γ ═ (w)*,t*) Returning to the user side;
(6) verify: the user end verifies whether the following formula holds:
Figure BDA0002232044290000041
the output δ is true if equal, otherwise it is false.
Further, the encrypting using RSA encryption algorithm and user public key PK in the second step specifically includes:
(1) ASK _ newkey (do): the user side sends a request for returning the encryption key to the trusted third party;
(2)DOPK(K) the method comprises the following steps The trusted third party returns an encryption key K, encrypts the K by using an RSA encryption algorithm and encrypts the K by using a user side public key PK;
(3)K=DOSK(DOPK(K)),C=EK(P): the user side decrypts K by using the private key SK and encrypts original data P by using K;
(4) outsource (C): the user side uploads data to the cloud side by adopting the algorithm introduced in the previous section;
(5) ASK _ c (do): the user side requests the encrypted data C from the cloud side;
(6) return (C): the cloud returns encrypted data C;
(7)P=DK(C) the method comprises the following steps The user side uses the decryption key K to decrypt and obtain P.
Further, the data owner in the third step requests a new key from the trusted third party, the trusted third party returns the new key, and the encrypting with the public key PK of the data owner specifically includes:
(1) ASK _ KEY & c (du): a user side sends a request for acquiring data to a data owner;
(2) ASK _ key (du): the data owner transmits a request for obtaining the secret key K to a trusted third party;
(3)DUPK(K) the method comprises the following steps The trusted third party returns K and encrypts the K by using a public key PK of the user side;
(4) ASK _ c (du): the data owner transmits a request for obtaining the ciphertext C to the cloud end;
(5) return (C): the cloud returns a ciphertext cloud;
(6)K=DUSK(DUPK(K)),P=DK(C): the user side decrypts K by using the private key and decrypts C by using K to obtain a plaintext P;
(7) response (DU): after the user side obtains the plaintext, sending feedback information to the data owner to replace the key;
(8) ASK _ newkey (do): the data owner requests a new key from a trusted third party;
(9)DOPK(K'): the trusted third party returns a new secret key K 'and encrypts the secret key K' by using a public key PK of the data owner;
(10)K'=DOSK(DOPK(K')),C'=EK'(P): the data owner decrypts K ' by using SK and encrypts original data P by using K ' to obtain a ciphertext C ';
(11) outsource (C'): and the data owner uploads the ciphertext C' to the cloud.
The invention also aims to provide a cloud storage data processing system applying the cloud data integrity verification method supporting dynamic key updating.
Another objective of the present invention is to provide a cloud server applying the cloud data integrity verification method supporting dynamic key update.
In summary, the advantages and positive effects of the invention are: the present document proposes a cloud data integrity detection scheme based on PDP. While paying attention to data integrity verification, the privacy of data is also not negligible, and for the privacy of data, the cloud security alliance points out: if the data in the cloud is not encrypted, the data can be considered as lost. It can be seen that it is essential to encrypt the cloud data. The invention uses a double encryption technology to protect the privacy of the data, and the data is encrypted before being uploaded to the cloud.
In view of the efficiency requirements, the present invention uses key wrapping techniques for processing, namely: and encrypting the data uploaded to the cloud by using a symmetric encryption algorithm, wherein an encrypted key is encrypted by using a public key cryptosystem. In order to further improve the safety of the scheme; a trusted third party is introduced to support dynamic updating of keys.
According to the invention, a safe cloud storage scheme is adopted, so that a user can store data to the cloud server in a blocking manner and carry out integrity check on the data at regular time. And when the data is uploaded to the cloud, double encryption is carried out to protect the data security, and the secret key is dynamically updated when an event is triggered.
Drawings
Fig. 1 is a flowchart of a cloud data integrity verification method supporting dynamic key update according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a double encryption/decryption framework according to an embodiment of the present invention.
Fig. 3 is a diagram of a double encryption and decryption process provided by an embodiment of the present invention.
Fig. 4 is a diagram of a dynamic key update framework according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.
As shown in fig. 1, the cloud data integrity verification method supporting dynamic key update according to the embodiment of the present invention includes the following steps:
s101: a quintuple is used for representing a cloud storage algorithm to realize cloud storage and verification;
s102: encrypting by using an RSA encryption algorithm and a user public key PK;
s103: the data owner requests a new key from the trusted third party, which returns the new key and is encrypted with the data owner's public key PK.
The application of the principles of the present invention will now be described in further detail with reference to the accompanying drawings.
1 preliminary knowledge
1.1 secure cloud storage framework
There are generally three entities in a secure cloud storage framework: namely: the user, the cloud service provider and the trusted third party. Wherein the user is responsible for encrypting data, uploading data, auditing data integrity, and retrieving data; the cloud service provider is responsible for storing data, receiving audit and returning integrity certification; the trusted third party is responsible for the management of the dynamic keys. In designing a cloud storage framework, the following design goals need to be considered:
(1) and (4) correctness. If the user uploads data to the dishonest cloud, which tampering or deleting the data without permission, then the probability that it passes integrity detection is negligible. Conversely, if the user and honest cloud strictly execute the scheme, the scheme can correctly verify the integrity of the data.
(2) High efficiency. The scheme is to reduce the calculation overhead, the storage overhead and the communication overhead as much as possible while primarily satisfying the correctness.
(3) And (4) dynamic property. The scheme has strong adaptability and can support dynamic update of data.
1.2 Dual encryption/decryption framework
As is well known, the encryption algorithms in the field of information security are divided into two categories: the symmetric encryption system has high safety, short key length and high encryption speed, but other information except secret keys in the encryption algorithm is even public, and the encryption and decryption keys are required to be consistent in the symmetric encryption algorithm, so that how to distribute and store the keys is a big problem. The asymmetric cryptosystem can effectively make up for the deficiency, in the cryptosystem, an encryption key and a decryption key have no direct relation, but the asymmetric cryptosystem is slow in encryption speed and needs a longer key length, and the asymmetric cryptosystem is not a particularly efficient choice for encrypting data. In order to achieve both efficiency and security, the use of double encryption based on key wrapping is a good choice. The user side encrypts data P to be uploaded to the cloud side by adopting a classical symmetric cryptographic algorithm AES encryption algorithm, the used secret key is K, then a trusted third party wraps the K by using a public key pk in an asymmetric cryptographic algorithm RSA encryption algorithm and transmits the K to the user side, the user side decrypts the K by using a private key sk in the RSA encryption algorithm, and finally, the original data P is decrypted by using the secret key K. The double encryption and decryption framework is shown in fig. 2:
2 scheme of the invention
2.1 cloud storage and authentication
The invention uses a quintuple to represent Cloud Storage Algorithm (CSA), namely: CSA (KeyGen, output, audio, pro, Verify) introduces the meaning of each element in the tuple one by one.
(1) KeyGen: inputting a security parameter lambda, and generating a private key SK and a public key PK used in a cloud storage and verification algorithm by a user side, wherein the specific process is as follows: generating prime number c, generating large random prime numbers a and b, and generating other random prime numbers e, p by taking note that a-1 and b-1 need to be relatively prime with c1,p2…pnLet d be a · b, and public key PK be (e, p)1,p2…pnC, d), the private key SK ═ (a, b).
(2) Outsource: the data is divided into blocks, each block has a size of n, and m blocks are provided, wherein each block is expressed as: w is ai=1,2,...m=[yi1,yi2…yin]Each element belonging to a finite field
Figure BDA0002232044290000071
Generating random numbers
Figure BDA0002232044290000072
Find a random number for each block
Figure BDA0002232044290000081
So that the following equation holds:
Figure BDA0002232044290000082
let ti(s, v, y) is referred to as wiThe data block is sent to the cloud end C together with the authentication informationt={wi,ti}i=1,2...m
(3) And (2) Audit: the user terminal generates l random numbers, and ij=1,2...l,0≤ijLess than or equal to m, mixingj=1,2...lAnd sending the cloud as a query Q.
(4) And (iv) pro: and the cloud end generates gamma as a corresponding proof of the query Q. Cloud extraction of information in query blocks
Figure BDA0002232044290000083
Computing federation information w*And joint authentication information t*As follows:
Figure BDA0002232044290000084
Figure BDA0002232044290000085
Figure BDA0002232044290000086
Figure BDA0002232044290000087
from (1) to (5), the following equation can be calculated:
Figure BDA0002232044290000088
then the information w is combined*The joint authentication information of t*=(s*,v*,y*) Cloud will prove Γ ═ (w)*,t*) And returning the data to the user terminal.
(6) Verify: the user end verifies whether the following formula holds:
Figure BDA0002232044290000089
the output δ is true if equal, otherwise it is false.
2.2 double encryption and decryption
The specific steps of double encryption and decryption are shown in fig. 3:
(1) ASK _ newkey (do): the user side sends a request for returning the encryption key to the trusted third party.
(2)DOPK(K) The method comprises the following steps And the trusted third party returns the encryption key K, encrypts the encryption key K by using an RSA encryption algorithm and encrypts the encryption key K by using the user public key PK.
(3)K=DOSK(DOPK(K)),C=EK(P): the user side decrypts K using the private key SK and encrypts the original data P using K.
(4) Outsource (C): and the user side uploads the data to the cloud side by adopting the algorithm introduced in the previous section.
(5) ASK _ c (do): and the user side requests the cloud side for the encrypted data C.
(6) Return (C): the cloud returns encrypted data C.
(7)P=DK(C) The method comprises the following steps The user side uses the decryption key K to decrypt and obtain P.
2.3 dynamic updating of the key, as shown in FIG. 4;
(1) ASK _ KEY & c (du): the client sends a request for obtaining data to the data owner.
(2) ASK _ key (du): the data owner forwards a request to obtain the key K to a trusted third party.
(3)DUPK(K) The method comprises the following steps The trusted third party returns K and encrypts it using the public key PK of the user side.
(4) ASK _ c (du): and the data owner transmits a request for obtaining the ciphertext C to the cloud.
(5) Return (C): the cloud returns the ciphertext cloud.
(6)K=DUSK(DUPK(K)),P=DK(C) The method comprises the following steps The user side decrypts K by using the private key and decrypts C by using K to obtain a plaintext P.
(7) Response (DU): and after the user side obtains the plaintext, sending feedback information to the data owner to replace the key.
(8) ASK _ newkey (do): the data owner requests a new key from a trusted third party.
(9)DOPK(K'): the trusted third party returns a new key K',and encrypted with the public key PK of the data owner.
(10)K'=DOSK(DOPK(K')),C'=EK'(P): the data owner decrypts K ' using SK and encrypts the original data P using K ' to obtain the ciphertext C '.
(11) Outsource (C'): and the data owner uploads the ciphertext C' to the cloud.
Table 1 comparison of the performance of the present invention with the advanced scheme (crypt stands for cryptographic operation)
Figure BDA0002232044290000101
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (3)

1. The cloud data integrity verification method supporting dynamic key updating is characterized by comprising the following steps:
the method comprises the following steps that firstly, a quintuple is used for representing a cloud storage algorithm to realize cloud storage and verification;
secondly, encrypting by using an RSA encryption algorithm and a user public key PK;
thirdly, the data owner requests a new secret key from the trusted third party, and the trusted third party returns the new secret key and encrypts the new secret key by using a public key PK of the data owner;
the quintuple of the first step specifically comprises:
(1) KeyGen: inputting a security parameter lambda, and generating a private key SK and a public key PK used in a cloud storage and verification algorithm by a user side, wherein the specific process is as follows: generating prime number c, generating large random prime numbers a and b, and generating other random prime numbers e, p by taking note that a-1 and b-1 need to be relatively prime with c1,p2…pnLet d be a · b, and public key PK be (e, p)1,p2...pnC, d), the private key SK ═ (a, b);
(2) outsource: the data is divided into blocks, each block has a size of n, and m blocks are provided, wherein each block is expressed as: w is ai=1,2,...m=[yi1,yi2...yin]Each element belonging to a finite field
Figure FDA0002787073430000011
Generating random numbers
Figure FDA0002787073430000012
Find a random number for each block
Figure FDA0002787073430000013
So that the following equation holds:
Figure FDA0002787073430000014
let ti(s, v, y) is referred to as wiThe data block is sent to the cloud end C together with the authentication informationt={wi,ti}i=1,2...m
(3) And (2) Audit: the user terminal generates l random numbers, and ij=1,2...l,0≤ijLess than or equal to m, mixingj=1,2...lSending the cloud as a query Q;
(4) and (iv) pro: the cloud generates gamma as a corresponding proof of the query Q, and extracts information in the query block
Figure FDA0002787073430000015
Computing federation information w*And joint authentication information t*
Figure FDA0002787073430000016
Figure FDA0002787073430000017
Figure FDA0002787073430000021
Figure FDA0002787073430000022
And (3) calculating:
Figure FDA0002787073430000023
then the information w is combined*The joint authentication information of t*=(s*,v*,y*) Cloud will prove Γ ═ (w)*,t*) Returning to the user side;
(5) verify: the user end verifies whether the following formula holds:
Figure FDA0002787073430000024
if the output delta is equal, the output delta is true, otherwise, the output delta is false;
the encrypting using the RSA encryption algorithm and the user public key PK in the second step specifically includes:
(1) ASK _ newkey (do): the user side sends a request for returning the encryption key to the trusted third party;
(2)DOPK(K) the method comprises the following steps The trusted third party returns an encryption key K, encrypts the K by using an RSA encryption algorithm and encrypts the K by using a user side public key PK;
(3)K=DOSK(DOPK(K)),C=EK(P): the user side decrypts K by using the private key SK and encrypts original data P by using K;
(4) outsource (C): the user side uploads data to the cloud side by adopting an outlet algorithm in the quintuple;
(5) ASK _ c (do): the user side requests the encrypted data C from the cloud side;
(6) return (C): the cloud returns the ciphertext to the user side;
(7)P=DK(C) the method comprises the following steps The user side decrypts by using the decryption key K to obtain P;
the third step of the data owner requests a new key from the trusted third party, the trusted third party returns the new key, and the encrypting by using the public key PK of the data owner specifically includes:
(1) ASK _ KEY & c (du): a user side sends a request for acquiring data to a data owner;
(2) ASK _ key (du): the data owner transmits a request for obtaining the secret key K to a trusted third party;
(3)DUPK(K) the method comprises the following steps The trusted third party returns K and encrypts the K by using a public key PK of the user side;
(4) ASK _ c (du): the data owner transmits a request for obtaining the ciphertext C to the cloud end;
(5) return (C): the cloud returns a ciphertext cloud;
(6)K=DUSK(DUPK(K)),P=DK(C) the method comprises the following steps The user side decrypts K by using the private key and decrypts C by using K to obtain a plaintext P;
(7) response (DU): after the user side obtains the plaintext, sending feedback information to the data owner to replace the key;
(8) ASK _ newkey (do): the data owner requests a new key from a trusted third party;
(9)DOPK(K'): the trusted third party returns a new secret key K 'and encrypts the secret key K' by using a public key PK of the data owner;
(10)K'=DOSK(DOPK(K')),C'=EK'(P): the data owner decrypts K ' by using SK and encrypts original data P by using K ' to obtain a ciphertext C ';
(11) outsource (C'): and the data owner uploads the ciphertext C' to the cloud.
2. A cloud storage data processing system to which the cloud data integrity verification method supporting dynamic key update of claim 1 is applied.
3. A cloud server applying the cloud data integrity verification method supporting dynamic key update according to claim 1.
CN201910970921.3A 2019-10-14 2019-10-14 Cloud data integrity verification method supporting dynamic key updating Active CN110650152B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910970921.3A CN110650152B (en) 2019-10-14 2019-10-14 Cloud data integrity verification method supporting dynamic key updating

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910970921.3A CN110650152B (en) 2019-10-14 2019-10-14 Cloud data integrity verification method supporting dynamic key updating

Publications (2)

Publication Number Publication Date
CN110650152A CN110650152A (en) 2020-01-03
CN110650152B true CN110650152B (en) 2021-01-12

Family

ID=68993949

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910970921.3A Active CN110650152B (en) 2019-10-14 2019-10-14 Cloud data integrity verification method supporting dynamic key updating

Country Status (1)

Country Link
CN (1) CN110650152B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302449A (en) * 2016-08-15 2017-01-04 中国科学院信息工程研究所 A kind of ciphertext storage cloud service method open with searching ciphertext and system
CN106612169A (en) * 2016-05-25 2017-05-03 四川用联信息技术有限公司 Safe data sharing method in cloud environment
CN107426165A (en) * 2017-05-16 2017-12-01 安徽大学 Bidirectional secure cloud storage data integrity detection method supporting key updating
CN108768975A (en) * 2018-05-16 2018-11-06 东南大学 Support the data integrity verification method of key updating and third party's secret protection

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103986732B (en) * 2014-06-04 2017-02-15 青岛大学 Cloud storage data auditing method for preventing secret key from being revealed
CN104811300B (en) * 2015-04-22 2017-11-17 电子科技大学 The key updating method of cloud storage and the implementation method of cloud data accountability system
US20190036703A1 (en) * 2017-07-28 2019-01-31 Nexenta Systems, Inc. Shard groups for efficient updates of, and access to, distributed metadata in an object storage system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106612169A (en) * 2016-05-25 2017-05-03 四川用联信息技术有限公司 Safe data sharing method in cloud environment
CN106302449A (en) * 2016-08-15 2017-01-04 中国科学院信息工程研究所 A kind of ciphertext storage cloud service method open with searching ciphertext and system
CN107426165A (en) * 2017-05-16 2017-12-01 安徽大学 Bidirectional secure cloud storage data integrity detection method supporting key updating
CN108768975A (en) * 2018-05-16 2018-11-06 东南大学 Support the data integrity verification method of key updating and third party's secret protection

Also Published As

Publication number Publication date
CN110650152A (en) 2020-01-03

Similar Documents

Publication Publication Date Title
CN110855671B (en) Trusted computing method and system
Khanezaei et al. A framework based on RSA and AES encryption algorithms for cloud computing services
WO2022199290A1 (en) Secure multi-party computation
Youn et al. Efficient client-side deduplication of encrypted data with public auditing in cloud storage
US11316671B2 (en) Accelerated encryption and decryption of files with shared secret and method therefor
WO2013139079A1 (en) Storage method, system and device
CN103812927A (en) Storage method
CN101924739A (en) Method for encrypting, storing and retrieving software certificate and private key
Huang et al. Secure and privacy-preserving DRM scheme using homomorphic encryption in cloud computing
Selvamani et al. A review on cloud data security and its mitigation techniques
KR20210058313A (en) Data access control method and system using attribute-based password for secure and efficient data sharing in cloud environment
Jalil et al. A secure and efficient public auditing system of cloud storage based on BLS signature and automatic blocker protocol
Cui et al. Towards Multi-User, Secure, and Verifiable $ k $ NN Query in Cloud Database
Ramachandran et al. Secure and efficient data forwarding in untrusted cloud environment
Hussien et al. Scheme for ensuring data security on cloud data storage in a semi-trusted third party auditor
CN109726584B (en) Cloud database key management system
Jabbar et al. Design and implementation of hybrid EC-RSA security algorithm based on TPA for cloud storage
Reddy et al. Secured privacy data using multi key encryption in cloud storage
CN115809459A (en) Data protection and decryption method, system, device and medium for software cryptographic module
CN110650152B (en) Cloud data integrity verification method supporting dynamic key updating
Sunitha et al. Enhancing privacy in cloud service provider using cryptographic algorithm
Dutta et al. Hybrid Encryption Technique to Enhance Security of Health Data in Cloud Environment
CN114244502A (en) Signature key generation method and device based on SM9 algorithm and computer equipment
Reddy et al. Data Storage on Cloud using Split-Merge and Hybrid Cryptographic Techniques
Ghorpade et al. Notice of Violation of IEEE Publication Principles: Towards Achieving Efficient and Secure Way to Share the Data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant