CN111539031B - Data integrity detection method and system for privacy protection of cloud storage tag - Google Patents

Data integrity detection method and system for privacy protection of cloud storage tag Download PDF

Info

Publication number
CN111539031B
CN111539031B CN202010386096.5A CN202010386096A CN111539031B CN 111539031 B CN111539031 B CN 111539031B CN 202010386096 A CN202010386096 A CN 202010386096A CN 111539031 B CN111539031 B CN 111539031B
Authority
CN
China
Prior art keywords
data
user
stored
parameter
cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010386096.5A
Other languages
Chinese (zh)
Other versions
CN111539031A (en
Inventor
张明武
韩波
刘忆宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guilin University of Electronic Technology
Original Assignee
Guilin University of Electronic Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guilin University of Electronic Technology filed Critical Guilin University of Electronic Technology
Priority to CN202010386096.5A priority Critical patent/CN111539031B/en
Publication of CN111539031A publication Critical patent/CN111539031A/en
Application granted granted Critical
Publication of CN111539031B publication Critical patent/CN111539031B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Abstract

The invention relates to a data integrity detection method and system for privacy protection of a cloud storage tag. The method comprises the following steps: acquiring system parameters disclosed by a key distribution center; acquiring a first parameter disclosed by a trusted authority; generating a label with privacy protection corresponding to the data to be stored of the user according to the system parameter, the private key of the user and the first parameter; sending the data to be stored and the label with privacy protection to a cloud service provider for cloud storage; acquiring a second parameter disclosed by the user; the cloud service provider performs integrity verification on the cloud-stored data according to the system parameters, the first parameters and the second parameters; and the third party audit carries out integrity verification on the data stored in the cloud according to the entrustment of the user. The invention can improve the safety performance of cloud storage.

Description

Data integrity detection method and system for privacy protection of cloud storage tag
Technical Field
The invention relates to the technical field of privacy protection, in particular to a data integrity detection method and system for privacy protection of a cloud storage tag.
Background
With the development and popularization of cloud computing technology, more and more individuals and enterprise users save data by means of remote cloud storage platforms. The user can use the cloud storage service in a pay-as-needed manner without building hardware resources locally. Once the data is sent to the cloud, the user loses control over the data, and meanwhile, no data copy is stored locally, so that the integrity of the data in the cloud cannot be guaranteed. In the data integrity detection mechanism, a user processes data (such as photos, videos, electronic checks and the like), generates a verifiable data signature tag for each data block, and sends the data signature tag and the data signature tag to a cloud service provider for storage. Once a user's signature tag (e.g., an electronic check) is obtained by others (e.g., a malicious cloud service provider, hacker, etc.), they can take the corresponding cash away, thereby causing immeasurable losses to the user. Therefore, the data integrity detection method and system scheme for privacy protection of the cloud storage tag is very meaningful and has extremely strong practical application background.
The signature mechanism is an important means of ensuring data integrity. In the data integrity detection system, the data signature tag is directly sent to a cloud service provider for storage, and once the cloud service provider is malicious, the data signature tag may be saved in an attempt to obtain the maximum benefit. Meanwhile, the integrity verification process requires the verifier to perform heavy modular exponentiation, and the integrity verification process needs to be performed periodically. A common approach is to delegate periodic integrity verification tasks to third-party audits or proxies, thereby reducing the computational burden on the user. Data signature tags are visible to third party audits and if they are malicious, the privacy of the data signature tags may be compromised. Therefore, a secure data integrity detection scheme is required to be considered, which can hide the data signature tag and efficiently perform data integrity detection. The data integrity detection method and system scheme for cloud storage tag privacy protection need to meet the requirements, and privacy of a data signature tag is guaranteed.
The current data integrity detection scheme is mainly divided into two processes. The data storage process is that a user processes data, a verifiable data signature tag is generated for each data block, the data signature tags are sent to a cloud service provider together for storage, and meanwhile, a local copy is deleted. And in the data auditing process, a user (verifier) submits a random inquiry challenge to the cloud end, the cloud server generates a response by using the stored data and the signature tag and returns the response to the user (verifier), and finally the user (verifier) judges the integrity of the data according to the response of the cloud server. Such a scheme may present a problem: data signature tags are visible to cloud service providers or third party audits, and if they are malicious, they may cause immeasurable loss to users, resulting in poor cloud storage security.
Disclosure of Invention
The invention aims to provide a data integrity detection method and a data integrity detection system for privacy protection of a cloud storage tag, so as to improve the safety performance of cloud storage.
In order to achieve the purpose, the invention provides the following scheme:
a data integrity detection method for privacy protection of a cloud storage tag comprises the following steps:
obtaining system parameters disclosed by a key distribution center;
acquiring a first parameter disclosed by a trusted authority;
generating a label with privacy protection corresponding to the data to be stored of the user according to the system parameter, the private key of the user and the first parameter; the private key of the user is generated by the key distribution center according to the identity of the user;
sending the data to be stored and the tag with privacy protection to a cloud service provider for cloud storage;
acquiring a second parameter disclosed by the user;
the cloud service provider performs integrity verification on the cloud stored data according to the system parameters, the first parameters and the second parameters;
and the third party audit carries out integrity verification on the data stored in the cloud according to the entrustment of the user.
Optionally, the obtaining of the system parameter disclosed by the key distribution center further includes:
the user submits a user Identity (ID) to the key distribution center to obtain a private key of the user returned by the key distribution center;
and the trusted authority submits the ID of the trusted authority to the key distribution center to obtain the private key of the trusted authority returned by the key distribution center.
Optionally, the generating a tag for privacy protection of data to be stored by the user according to the system parameter, the private key of the user, and the first parameter specifically includes:
dividing the data to be stored into a plurality of data blocks;
randomly generating a second parameter and a third parameter according to the first parameter;
for each data block, generating a verifiable label according to the system parameters and the private key of the user;
generating a label with privacy protection corresponding to each data block according to the third parameter and the verifiable label of each data block;
and determining a set formed by the privacy protection tags corresponding to each data block as the tags for privacy protection of the data to be stored by the user.
Optionally, the third-party audit performs integrity verification on the cloud-stored data according to a commission of a user, and specifically includes:
according to the data to be stored by the user, the third party audits and generates a challenge request;
the cloud service provider generates an integrity evidence according to the challenge request, the cloud-stored data and the label corresponding to the cloud-stored data;
the third party audit carries out validity verification on the integrity evidence according to the first parameter and the second parameter;
when the integrity evidence is valid, determining that the cloud stored data is complete;
when the integrity evidence is invalid, determining that the cloud stored data is incomplete.
Optionally, the method further includes:
when the cloud service provider requests the trusted authority for the real label of the data to be stored of the user, the trusted authority calculates the label with privacy protection corresponding to the data to be stored of the user according to the private key of the trusted authority and the second parameter, and the real label corresponding to the data to be stored of the user is obtained.
The invention also provides a data integrity detection system for privacy protection of the cloud storage tag, which comprises the following steps:
the system parameter acquisition module is used for acquiring system parameters disclosed by the key distribution center;
the first parameter acquisition module is used for acquiring a first parameter disclosed by a trusted authority;
the label generation module with privacy protection is used for generating a label with privacy protection corresponding to the data to be stored of the user according to the system parameters, the private key of the user and the first parameters; the private key of the user is generated by the key distribution center according to the identity of the user;
the cloud storage module is used for sending the data to be stored and the label with privacy protection to a cloud service provider for cloud storage;
the second parameter acquisition module is used for acquiring a second parameter disclosed by the user;
the cloud service provider integrity verification module is used for verifying the integrity of the cloud stored data by using a cloud service provider according to the system parameters, the first parameters and the second parameters;
and the third party audit integrity verification module is used for verifying the integrity of the cloud storage data by using third party audit according to the entrustment of the user.
Optionally, the method further includes:
the user private key generation module is used for generating a private key of the user by using the key distribution center according to the user identity ID submitted to the key distribution center by the user;
and the trusted authority private key generation module is used for submitting the trusted authority identity ID to the key distribution center according to the trusted authority and generating the private key of the trusted authority by using the key distribution center.
Optionally, the tag generation module with privacy protection specifically includes:
the data block dividing unit is used for dividing the data to be stored into a plurality of data blocks;
a second parameter and third parameter generating unit, configured to randomly generate a second parameter and a third parameter according to the first parameter;
the verifiable label generating unit is used for generating a verifiable label of each data block according to the system parameters and the private key of the user;
a label generating unit with privacy protection, configured to generate a label with privacy protection corresponding to each data block according to the third parameter and a verifiable label of each data block;
and the tag determining unit with privacy protection corresponding to the data to be stored is used for determining a set formed by the tags with privacy protection corresponding to each data block as the tags with privacy protection corresponding to the data to be stored of the user.
Optionally, the third party audit integrity verification module specifically includes:
the challenge request generating unit is used for generating a challenge request by utilizing the third-party audit according to the data to be stored by the user;
the integrity evidence generating unit is used for generating integrity evidence by using the cloud service provider according to the challenge request, the cloud-stored data and the label corresponding to the cloud-stored data;
the validity verification unit is used for verifying the validity of the integrity evidence by using the third-party audit according to the first parameter and the second parameter;
the data integrity determination unit is used for determining that the data stored in the cloud is complete when the integrity evidence is valid;
a data incomplete determination unit configured to determine that the cloud-stored data is incomplete when the integrity evidence is invalid.
Optionally, the method further includes:
and the real label calculation module is used for calculating a label with privacy protection corresponding to the data to be stored of the user by using the trusted authority according to the private key of the trusted authority and the second parameter when the cloud service provider requests the trusted authority for the real label of the data to be stored of the user, so as to obtain the real label corresponding to the data to be stored of the user.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the invention uses the verifiable encryption signature technology to encrypt the real data signature tag, and the cloud server or third party audit can still efficiently detect the data integrity without decryption, thereby ensuring the privacy of the data signature tag. The invention achieves the verifiable security in cryptography, has high safety, realizes a safe data integrity detection scheme, has the advantages of high efficiency, low cost, high safety, strong operability and the like, and can be used for storing important files such as photos, electronic checks, contract books and the like.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic flow chart of a data integrity detection method for privacy protection of a cloud storage tag according to the present invention;
FIG. 2 is a schematic structural diagram of a data integrity detection system for privacy protection of a cloud storage tag according to the present invention;
FIG. 3 is a system model diagram of an embodiment of the present invention;
fig. 4 is a data flow diagram according to an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Fig. 1 is a schematic flow chart of a data integrity detection method for privacy protection of a cloud storage tag according to the present invention. As shown in fig. 1, the data integrity detection method for privacy protection of cloud storage tags of the present invention includes the following steps:
step 100: system parameters disclosed by a key distribution center are obtained. According to the safety parametersThe number, key distribution center KGC selects two multiplication cyclic groups G with prime number p as order 1 And G 2 G is G 1 Generating element of group, randomly selecting u E G 1 . Defining bilinear operation e G 1 ×G 1 →G 2 . Defining two hash functions H 1 :{0,1} * →Z p * ,H 2 :{0,1} * →G 1 *
Figure BDA0002483998360000061
Represents->
Figure BDA0002483998360000062
Set of integers other than 0, G 1 * Represents G 1 Except for 0. Random selection>
Figure BDA0002483998360000063
Let Y = g r . Then the system parameter MPK = (G) 1 ,G 2 ,e,q,g,Y,u,H 1 ,H 2 ) The master private key MSK = r. The key distribution center KGC discloses the system parameters MPK.
Step 200: a first parameter disclosed by a trusted authority is obtained. Before the first parameter is disclosed by the trusted authority, the private key of the user and the private key of the trusted authority need to be generated. Specifically, the user submits a user identity ID to the key distribution center to obtain a private key of the user returned by the key distribution center, and the trusted authority submits a trusted authority identity ID to the key distribution center to obtain a private key of the trusted authority returned by the key distribution center. The key distribution center randomly selects s E Z P * Generating a private key sk of the user and the trusted authority i =(sk i,1 ,sk i,2 ) Wherein, sk i,1 =g s ,sk i,2 =s+rH 1 (ID i ,sk i,1 ) mod q, i ∈ { CU, TA }, and sends the private key sk through a secure channel CU And sk TA Respectively sent to the cloud user and the trusted authority, sk CU Is the private key, sk, of the user CU =(sk CU,1 ,sk CU,2 ),sk TA As a trusted authorityPrivate key of (Sk) TA =(sk TA,1 ,sk TA,2 )。
Is provided with
Figure BDA0002483998360000071
R=g s The first parameter disclosed by the trusted authority is (R, Z).
Step 300: and generating a label with privacy protection corresponding to the data to be stored of the user according to the system parameters, the private key of the user and the first parameters. The private key of the user is generated by the key distribution center according to the identity of the user. The specific process is as follows:
and dividing the data to be stored into a plurality of data blocks.
Randomly selecting alpha epsilon Z according to the first parameter (R, Z) p * Using the formula η = g α And λ = Z α A second parameter η and a third parameter λ are generated.
For each data block, using a formula based on the system parameters and the user's private key
Figure BDA0002483998360000072
And generating a tag which can be verified by the ith data block, wherein the name is the file name of the data to be stored, and i represents the ith data block.
And generating a label with privacy protection corresponding to each data block according to the third parameter and the verifiable label of each data block. The ith data block has a privacy protection label of sigma i =σ i ′·λ。
Phi = { sigma (σ) = a set of privacy-protected tags corresponding to each data block i } 1≤i≤n And determining a label for privacy protection of the data to be stored of the user.
Step 400: and sending the data to be stored and the label with privacy protection to a cloud service provider for cloud storage.
Step 500: and acquiring a second parameter disclosed by the user.
Step 600: the cloud service provider completes the cloud storage data according to the system parameters, the first parameters and the second parametersAnd (5) sex verification. After receiving the data, the cloud service provider firstly calculates
Figure BDA0002483998360000073
And &>
Figure BDA0002483998360000074
It is then determined whether the following equation holds:
Figure BDA0002483998360000075
if the equation is true, the data block is complete and then stored.
Step 700: and the third party audit carries out integrity verification on the data stored in the cloud according to the entrustment of the user. The specific process is as follows:
and generating a challenge request by the third party audit according to the data to be stored by the user. When a cloud user entrusts third party audit to execute a data integrity detection task, the third party audit divides the data F into block indexes [1,n ]]In the random selection of c block indexes s 1 ,...,s c H, let I = { s = } 1 ,...,s c }. For each I ∈ I, randomly choose ν i ∈Z p Simultaneously generating a challenge request chal = { i, v = [, v [ ] i } i∈I
And the cloud service provider generates an integrity evidence according to the challenge request, the cloud-stored data and the label corresponding to the cloud-stored data. When a challenge request is received by the cloud service provider
Figure BDA0002483998360000081
Then, from the data { F, Φ } stored on its server, μ = ∑ ν is calculated i m i And &>
Figure BDA0002483998360000082
Combining the two together generates one integrity proof P = (μ, σ).
And the third party audit carries out validity verification on the integrity evidence according to the first parameter and the second parameter. Verifying whether the integrity proof is valid by verifying whether the proof P satisfies the following equation:
Figure BDA0002483998360000083
determining that the cloud stored data is complete when the equation is such that the integrity evidence is immediately valid.
When the equation is false, i.e., the integrity evidence is invalid, it is determined that the cloud-stored data is incomplete.
In addition, when the cloud service provider requests the trusted authority for the real label of the data to be stored of the user, the trusted authority utilizes a formula for the label with privacy protection corresponding to the data to be stored of the user according to the private key of the trusted authority and the second parameter
Figure BDA0002483998360000084
Calculating to obtain a real label sigma corresponding to the data to be stored of the user i '。
Fig. 2 is a schematic structural diagram of a data integrity detection system for privacy protection of a cloud storage tag according to the present invention. As shown in fig. 2, the data integrity detection system for privacy protection of cloud storage tags of the present invention includes the following structures:
a system parameter obtaining module 201, configured to obtain a system parameter disclosed by the key distribution center.
The first parameter obtaining module 202 is configured to obtain a first parameter disclosed by the trusted authority.
The tag generation module with privacy protection 203 is used for generating a tag with privacy protection corresponding to the data to be stored of the user according to the system parameter, the private key of the user and the first parameter; and the private key of the user is generated by the key distribution center according to the identity of the user.
The cloud storage module 204 is configured to send the data to be stored and the tag with privacy protection to a cloud service provider for cloud storage.
A second parameter obtaining module 205, configured to obtain a second parameter disclosed by the user.
And the cloud service provider integrity verification module 206 is configured to perform integrity verification on the cloud-stored data by using a cloud service provider according to the system parameter, the first parameter, and the second parameter.
And the third party audit integrity verification module 207 is used for verifying the integrity of the cloud-stored data by using third party audit according to the entrustment of the user.
As another embodiment, the data integrity detection system for privacy protection of cloud storage tags of the present invention further includes:
and the user private key generation module is used for generating a private key of the user by using the key distribution center according to the user identity ID submitted to the key distribution center by the user.
And the trusted authority private key generation module is used for submitting the trusted authority identity ID to the key distribution center according to the trusted authority and generating the private key of the trusted authority by using the key distribution center.
As another embodiment, in the data integrity detection system with privacy protection for cloud storage tags according to the present invention, the tag generation module 203 with privacy protection specifically includes:
and the data block dividing unit is used for dividing the data to be stored into a plurality of data blocks.
And the second parameter and third parameter generating unit is used for randomly generating a second parameter and a third parameter according to the first parameter.
And the verifiable label generating unit is used for generating a verifiable label of each data block according to the system parameters and the private key of the user.
And the label generating unit with privacy protection is used for generating a label with privacy protection corresponding to each data block according to the third parameter and the verifiable label of each data block.
And the tag determination unit with privacy protection corresponding to the data to be stored is used for determining a set formed by the tags with privacy protection corresponding to each data block as the tags with privacy protection corresponding to the data to be stored of the user.
As another embodiment, in the data integrity detection system with privacy protection of cloud storage tags of the present invention, the third party audit integrity verification module 207 specifically includes:
and the challenge request generating unit is used for generating a challenge request by utilizing the third-party audit according to the data to be stored by the user.
And the integrity evidence generating unit is used for generating integrity evidence by using the cloud service provider according to the challenge request, the cloud-stored data and the label corresponding to the cloud-stored data.
And the validity verification unit is used for verifying the validity of the integrity evidence by using the third-party audit according to the first parameter and the second parameter.
And the data integrity determination unit is used for determining that the data stored in the cloud is complete when the integrity evidence is valid.
A data incomplete determination unit configured to determine that the cloud-stored data is incomplete when the integrity evidence is invalid.
As another embodiment, the system for detecting data integrity of privacy protection of cloud storage tags further includes:
and the real label calculation module is used for calculating a label with privacy protection corresponding to the data to be stored of the user by using the trusted authority according to the private key of the trusted authority and the second parameter when the cloud service provider requests the trusted authority for the real label of the data to be stored of the user, so as to obtain the real label corresponding to the data to be stored of the user.
The following example is provided to further illustrate the invention.
Fig. 3 is a model diagram of a system according to an embodiment of the present invention, and as shown in fig. 3, the system according to the embodiment includes a key distribution center KGC, a cloud user CU, a cloud service provider CSP, a third party audit TPA, and a trusted authority TA. The key distribution center KGC is responsible for generating private keys of users and trusted authorities, and is honest; the cloud user CU is responsible for outsourcing own data to a cloud service provider CSP, which is honest; the cloud service provider CSP is responsible for providing a large amount of storage space and computing services, and is semi-honest; the third party auditing TPA is entrusted by the cloud user CU, is responsible for detecting the integrity of data, and is semi-honest; the trusted authority TA is an authority trusted by both the cloud user CU and the cloud service provider CSP, and is responsible for recovering the authentic tag, which is trusted. By semi-honest is meant that the protocol can be executed correctly but it may be possible to save the authentic data tag in an attempt to gain its own interest.
Fig. 4 is a data flow diagram according to an embodiment of the invention. As shown in fig. 4, the process of this embodiment is as follows:
step 1: and initializing the system, and generating common parameters required by the scheme. System common parameter MPK = (G) 1 ,G 2 ,e,q,g,Y,u,H 1 ,H 2 ) The master private key MSK = r. The key distribution center KGC discloses the system parameters MPK.
And 2, step: and (5) extracting the secret key, and generating respective private keys according to the identities.
Step 2.1: the cloud user CU or the trusted authority TA submits the identity ID thereof i ∈{0,1} * To the key distribution center KGC. KGC randomly selects s ∈ Z P * Calculating the private key sk i =(sk i,1 ,sk i,2 ),sk i,1 =g s ,sk i,2 =s+rH 1 (ID i ,sk i,1 ) modq. Where i ∈ { CU, TA }.
Step 2.2: the secret key sk is sent to the secret key distribution center KGC through a secure channel CU And sk TA And respectively sending the data to the cloud user CU and the trusted authority TA.
Step 2.3: after the private key is received by the cloud user CU and the trusted authority TA, whether the following equation is established or not is verified:
Figure BDA0002483998360000111
if yes, receiving the private key of the user. Is arranged and/or is>
Figure BDA0002483998360000112
R=g s The trusted authority publishes the parameters (R, Z).
And step 3: generating a label, namely performing block processing on the data and generating a corresponding signature label at the same time;
step 3.1: the cloud user CU divides the data F with the file name of name into n blocks, namely F = (m) 1 ,...,m n ). Randomly selecting alpha epsilon Z p Calculating λ = Z α And η = g α . For each block m of data F i Generating a verifiable label
Figure BDA0002483998360000113
According to λ and σ i ', generating a privacy-preserving label sigma i =σ i '. λ and labelset Φ = { σ = { i } 1≤i≤n
Step 3.2: the cloud user CU sends the data F, Φ to the cloud service provider CPS.
Step 3.3: the cloud user CU discloses the parameter η.
And 4, step 4: the label is verified, and the received data is verified, updated and stored;
step 4.1: after receiving the data, the cloud service provider firstly calculates
Figure BDA0002483998360000114
And &>
Figure BDA0002483998360000115
It is then determined whether the following equation holds:
Figure BDA0002483998360000121
step 4.2: if the equation is true, the data block is complete and then stored.
And 5: generating a challenge, and initiating a challenge request of integrity verification;
step 5.1: and the CU of the cloud user entrusts a third party to audit the TPA and execute a data integrity detection task. Third party audits TPA fromData F Block index [1,n]In the random selection of c block indexes s 1 ,...,s c Let I = { s } 1 ,...,s c }. For each I ∈ I, randomly choose ν i ∈Z p Simultaneously generating a challenge request chal = { i, v = [, v [ ] i } i∈I
Step 5.2: the third party audits the TPA sending the challenge request to the cloud service provider CPS.
And 6: generating an evidence, namely generating an integrity evidence according to the request;
step 6.1: when a challenge request is received by a cloud service provider CPS
Figure BDA0002483998360000122
Then, from the data { F, Φ } stored on its server, μ = ∑ ν is calculated i m i And &>
Figure BDA0002483998360000123
Combining the two together generates one integrity proof P = (μ, σ).
Step 6.2: the cloud service provider CPS returns the evidence P to the third party audit TPA.
And 7: verifying the evidence, namely verifying the received evidence and returning a detection result;
step 7.1: after the third party audits the TPA to receive the evidence, verifying whether the evidence P correctly passes the following equation:
Figure BDA0002483998360000124
and 7.2: if the result is true, the TPA is audited by a third party to ensure that P is a valid evidence, which indicates that the data is complete; otherwise, the data is described as being corrupted. And the TPA is audited by the third party and the detection result is returned to the CU of the cloud user.
And 8: extracting a label, namely extracting a real label from the hidden signature label:
step 8.1: when the cloud service provider CPS needs a real label, the trusted authority TA calculates by using its private key
Figure BDA0002483998360000125
Thus obtaining the compound.
Step 8.2: trusted authority TA will σ i ' is sent to the cloud service provider CPS.
The invention aims to protect the privacy of a data signature tag, in a traditional data integrity detection scheme, a cloud user basically directly sends the data signature tag to a cloud server for storage, and once the cloud server or third-party audit is malicious, property or other important file loss can be brought to the cloud user. According to the scheme, the verifiable encryption signature technology is used for the data signature tag, so that the data integrity detection can still be efficiently carried out under the condition that a verifier does not obtain a real data signature tag.
The invention has the following beneficial effects:
(1) In a traditional data integrity detection scheme, a cloud user directly sends a data signature tag to a cloud server, and once the cloud server or third-party audit is malicious, the data signature tag may be saved for profit making. The invention uses the verifiable encryption signature technology to encrypt the real data signature tag, and the cloud server or third party audit can still efficiently detect the data integrity without decryption, thereby ensuring the privacy of the data signature tag.
(2) Current partial data integrity schemes are performed in a public key environment, and each cloud user needs to hold a public key certificate issued by a trusted intermediary, which increases the burden of system management, maintenance and verification. The invention uses the identity of the cloud user as the public key thereof, thereby eliminating the burden of managing the public key certificate.
(3) The invention achieves the verifiable security in cryptography, has high safety, realizes a safe data integrity detection scheme, has the advantages of high efficiency, low cost, high safety, strong operability and the like, and can be used for storing important files such as photos, electronic checks, contract books and the like.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the foregoing, the description is not to be taken in a limiting sense.

Claims (8)

1. A data integrity detection method for privacy protection of a cloud storage tag is characterized by comprising the following steps:
obtaining system parameters disclosed by a key distribution center;
obtaining a first parameter disclosed by a trusted authority, and sending a private key sk through a secure channel CU And sk TA Respectively sending the information to the cloud user and the trusted authority;
generating a label with privacy protection corresponding to the data to be stored of the user according to the system parameter, the private key of the user and the first parameter; the private key of the user is generated by the key distribution center according to the identity of the user;
sending the data to be stored and the tag with privacy protection to a cloud service provider for cloud storage;
acquiring a second parameter disclosed by the user;
the cloud service provider performs integrity verification on the cloud-stored data according to the system parameters, the first parameters and the second parameters;
the third party audit carries out integrity verification on the cloud storage data according to the entrustment of the user;
when the cloud service provider requests the trusted authority for the real label of the data to be stored of the user, the cloud service provider can be used for storing the real label of the data to be stored of the userThe trusted authority utilizes a formula for the label with privacy protection corresponding to the data to be stored of the user according to the private key of the trusted authority and the second parameter
Figure FDA0004109364550000011
Calculating to obtain a real label sigma corresponding to the data to be stored of the user i '。
2. The method for detecting data integrity of cloud storage tag privacy protection according to claim 1, wherein the obtaining system parameters disclosed by the key distribution center further includes:
the user submits a user Identity (ID) to the key distribution center to obtain a private key of the user returned by the key distribution center;
and the trusted authority submits the trusted authority identity ID to the key distribution center to obtain a private key of the trusted authority returned by the key distribution center.
3. The data integrity detection method for privacy protection of the cloud storage tag according to claim 1, wherein the generating of the tag for privacy protection of the data to be stored of the user according to the system parameter, the private key of the user, and the first parameter specifically includes:
dividing the data to be stored into a plurality of data blocks;
randomly generating a second parameter and a third parameter according to the first parameter;
for each data block, generating a verifiable label according to the system parameters and the private key of the user;
generating a label with privacy protection corresponding to each data block according to the third parameter and the verifiable label of each data block;
and determining a set formed by the privacy protection tags corresponding to each data block as the tags for privacy protection of the data to be stored by the user.
4. The data integrity detection method for privacy protection of the cloud storage tag according to claim 1, wherein the third party audit performs integrity verification on the cloud storage data according to a user's delegation, and specifically includes:
according to the data to be stored by the user, the third party audits and generates a challenge request;
the cloud service provider generates an integrity evidence according to the challenge request, the cloud-stored data and the label corresponding to the cloud-stored data;
the third party audit carries out validity verification on the integrity evidence according to the first parameter and the second parameter;
when the integrity evidence is valid, determining that the data stored by the cloud is complete;
when the integrity evidence is invalid, determining that the cloud stored data is incomplete.
5. A data integrity detection system for privacy protection of cloud storage tags, comprising:
the system parameter acquisition module is used for acquiring system parameters disclosed by the key distribution center;
a first parameter obtaining module, configured to obtain a first parameter disclosed by a trusted authority, and obtain the private key sk through a secure channel CU And sk TA Respectively sending the data to the cloud user and the trusted authority;
the label generation module with privacy protection is used for generating a label with privacy protection corresponding to the data to be stored of the user according to the system parameters, the private key of the user and the first parameters; the private key of the user is generated by the key distribution center according to the identity of the user;
the cloud storage module is used for sending the data to be stored and the tag with privacy protection to a cloud service provider for cloud storage;
the second parameter acquisition module is used for acquiring a second parameter disclosed by the user;
the cloud service provider integrity verification module is used for verifying the integrity of the cloud stored data by using a cloud service provider according to the system parameters, the first parameters and the second parameters;
the third-party audit integrity verification module is used for verifying the integrity of the cloud-stored data by using third-party audit according to the entrustment of the user;
the data integrity detection system for privacy protection of the cloud storage tag further comprises:
a real tag calculation module, configured to, when the cloud service provider requests the trusted authority for a real tag of the data to be stored of the user, the trusted authority, according to the private key of the trusted authority and the second parameter, apply a formula to a tag with privacy protection corresponding to the data to be stored of the user
Figure FDA0004109364550000031
Calculating to obtain a real label sigma corresponding to the data to be stored of the user i '。
6. The cloud storage tag privacy protected data integrity detection system of claim 5, further comprising:
the user private key generation module is used for generating a private key of the user by using the key distribution center according to the user identity ID submitted to the key distribution center by the user;
and the trusted authority private key generation module is used for submitting the trusted authority identity ID to the key distribution center according to the trusted authority and generating the private key of the trusted authority by using the key distribution center.
7. The data integrity detection system for privacy protection of cloud storage tags according to claim 5, wherein the tag generation module with privacy protection specifically comprises:
the data block dividing unit is used for dividing the data to be stored into a plurality of data blocks;
a second parameter and third parameter generating unit, configured to randomly generate a second parameter and a third parameter according to the first parameter;
a verifiable label generating unit, configured to generate a verifiable label for each data block according to the system parameter and the private key of the user;
the tag generation unit with privacy protection is used for generating a tag with privacy protection corresponding to each data block according to the third parameter and the verifiable tag of each data block;
and the tag determination unit with privacy protection corresponding to the data to be stored is used for determining a set formed by the tags with privacy protection corresponding to each data block as the tags with privacy protection corresponding to the data to be stored of the user.
8. The cloud storage tag privacy protection data integrity detection system according to claim 5, wherein the third party audit integrity verification module specifically comprises:
the challenge request generating unit is used for generating a challenge request by utilizing the third-party audit according to the data to be stored by the user;
the integrity evidence generating unit is used for generating integrity evidence by using the cloud service provider according to the challenge request, the cloud-stored data and the label corresponding to the cloud-stored data;
the validity verification unit is used for verifying the validity of the integrity evidence by using the third-party audit according to the first parameter and the second parameter;
the data integrity determination unit is used for determining that the data stored in the cloud is complete when the integrity evidence is valid;
a data incomplete determining unit, configured to determine that the cloud-stored data is incomplete when the integrity evidence is invalid.
CN202010386096.5A 2020-05-09 2020-05-09 Data integrity detection method and system for privacy protection of cloud storage tag Active CN111539031B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010386096.5A CN111539031B (en) 2020-05-09 2020-05-09 Data integrity detection method and system for privacy protection of cloud storage tag

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010386096.5A CN111539031B (en) 2020-05-09 2020-05-09 Data integrity detection method and system for privacy protection of cloud storage tag

Publications (2)

Publication Number Publication Date
CN111539031A CN111539031A (en) 2020-08-14
CN111539031B true CN111539031B (en) 2023-04-18

Family

ID=71979178

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010386096.5A Active CN111539031B (en) 2020-05-09 2020-05-09 Data integrity detection method and system for privacy protection of cloud storage tag

Country Status (1)

Country Link
CN (1) CN111539031B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113722767B (en) * 2021-09-03 2022-09-02 南京南瑞信息通信科技有限公司 Data integrity verification method, system, storage medium and computing equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109951296A (en) * 2019-03-05 2019-06-28 北京邮电大学 A kind of remote data integrity verification method based on short signature
CN110677487A (en) * 2019-09-30 2020-01-10 陕西师范大学 Outsourcing data duplicate removal cloud storage method supporting privacy and integrity protection

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106357701B (en) * 2016-11-25 2019-03-26 西安电子科技大学 The integrity verification method of data in cloud storage
US10896267B2 (en) * 2017-01-31 2021-01-19 Hewlett Packard Enterprise Development Lp Input/output data encryption
CN107948143B (en) * 2017-11-15 2021-03-30 安徽大学 Identity-based privacy protection integrity detection method and system in cloud storage
CN110505052B (en) * 2019-08-28 2022-11-25 安徽大学 Cloud data public verification method for protecting data privacy

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109951296A (en) * 2019-03-05 2019-06-28 北京邮电大学 A kind of remote data integrity verification method based on short signature
CN110677487A (en) * 2019-09-30 2020-01-10 陕西师范大学 Outsourcing data duplicate removal cloud storage method supporting privacy and integrity protection

Also Published As

Publication number Publication date
CN111539031A (en) 2020-08-14

Similar Documents

Publication Publication Date Title
US20210271764A1 (en) Method for storing data on a storage entity
CN111859348B (en) Identity authentication method and device based on user identification module and block chain technology
EP3563553B1 (en) Method for signing a new block in a decentralized blockchain consensus network
Waziri et al. Network security in cloud computing with elliptic curve cryptography
Yang et al. Provable data possession of resource-constrained mobile devices in cloud computing
EP3091690A1 (en) Rsa decryption using multiplicative secret sharing
CN109889497A (en) A kind of data integrity verification method for going to trust
CN105978695A (en) Batch self-auditing method for cloud storage data
Nirmala et al. Data confidentiality and integrity verification using user authenticator scheme in cloud
CN108712259B (en) Identity-based cloud storage efficient auditing method capable of uploading data by proxy
Luo et al. An effective integrity verification scheme of cloud data based on BLS signature
CN112906056A (en) Cloud storage key security management method based on block chain
Malina et al. Efficient security solution for privacy-preserving cloud services
Jalil et al. A secure and efficient public auditing system of cloud storage based on BLS signature and automatic blocker protocol
Skudnov Bitcoin clients
Yu et al. Veridedup: A verifiable cloud data deduplication scheme with integrity and duplication proof
Wu et al. Secure public data auditing scheme for cloud storage in smart city
Sathya et al. A comprehensive study of blockchain services: future of cryptography
Xu et al. Secure fuzzy identity-based public verification for cloud storage
CN111539031B (en) Data integrity detection method and system for privacy protection of cloud storage tag
Deng et al. A lightweight identity-based remote data auditing scheme for cloud storage
CN113285934B (en) Method and device for detecting IP (Internet protocol) of server cryptographic machine client based on digital signature
CN111585756B (en) Certificate-free cloud auditing method suitable for multi-copy-multi-cloud situation
Ganesh et al. An efficient integrity verification and authentication scheme over the remote data in the public clouds for mobile users
Rajeb et al. Formal analyze of a private access control protocol to a cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant