CN111565234A - Cloud security storage method, medium and equipment for duplicate files - Google Patents
Cloud security storage method, medium and equipment for duplicate files Download PDFInfo
- Publication number
- CN111565234A CN111565234A CN202010585583.4A CN202010585583A CN111565234A CN 111565234 A CN111565234 A CN 111565234A CN 202010585583 A CN202010585583 A CN 202010585583A CN 111565234 A CN111565234 A CN 111565234A
- Authority
- CN
- China
- Prior art keywords
- copy
- file
- user
- copies
- party auditor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
- G06F11/1464—Management of the backup or restore process for networked environments
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cloud security storage method and equipment for a duplicate file, which comprises the following steps: file copy and audit tag generation, copy storage evidence generation, storage evidence batch audit and file copy recovery. Before outsourcing of the file, a user generates a plurality of copies of the file by adopting incompressible coding and generates a corresponding audit tag of the file; the server generates evidence of safe storage of the copy by adopting a probabilistic auditing method; an auditor uses quick binary search and index test to realize efficient verification of copy storage; the original file is obtained after the user downloads the data and decodes the file copy. The invention solves the problem that the storage of the copy can not realize batch audit and quick error positioning, so that a third party auditor can carry out batch audit on the file copy which is outsourced and stored on the cloud service provider, and quickly position the error copy under the condition that the batch audit is error.
Description
Technical Field
The invention belongs to the technical field of cloud computing security, and particularly relates to a cloud security storage method, medium and equipment for a duplicate file.
Background
With the rapid development of outsourced storage, more and more users and enterprises outsource storage of their data on cloud service providers. While outsourcing storage faces many security challenges. First, since the user stores the outsourced data on the server, which separates the ownership and administrative rights of the user, it is difficult for the user to verify the integrity of the outsourced data. Second, to ensure the recoverability of data, a user may store data on multiple cloud service providers. However, this approach is vulnerable to a witch attack, i.e., a malicious cloud service provider owns multiple witch identities and uses these identities to commit to the user to store the user's data separately while actually storing only one copy of the file.
To verify the integrity of outsourced data, data auditing techniques are proposed. The data auditing technology can verify the integrity of the data of a user on the premise that the user does not download the data. Meanwhile, by using a probabilistic verification method, a user can verify a small part of data and simultaneously ensure the integrity of all data with a higher probability, and the integrity of the user data can be ensured. However, the data auditing scheme cannot resist Sybil attack, and a malicious server can cheat users through Sybil identities to obtain additional economic benefits. To address this problem, a provable copy storage technique is proposed. The provable replica storage technique generates multiple replicas of a file using incompressible coding and stores the multiple replicas on multiple cloud service providers, and then uses a data auditing technique to audit the multiple replicas of its file for ensuring the integrity of each data replica. However, most of the existing methods for storing the provable copy are based on the time assumption that the prover is required to return the proof stored by the file copy within the specified time, otherwise, the audit fails. However, an adversary with powerful computing power can always construct a correct proof and pass the auditor's verification before a timeout. In addition, the existing certifiable copy storage technology cannot support batch audit of audit results and quick positioning of error copies.
Through the above analysis, the problems and defects of the prior art are as follows:
most existing provable copy storage methods are based on a time assumption that requires the user to select a security parameter for the verifier as a timeout parameter and the prover to return a stored proof of the copy of the file within a specified time. However, an adversary with powerful computing power can always construct a correct proof before a timeout. In order to ensure the safety of the method, a user must set a large safety parameter. Therefore, the problem of batch verification and error location of the provable copy storage cannot be accomplished.
The difficulty in solving the above problems and defects is: the provable copy storage method supporting efficient verification and rapid error positioning is provided, a provable copy storage method not based on time hypothesis is provided, an efficient batch verification method needs to be designed, an error copy can be rapidly positioned under the condition of batch audit error, and rapid verification of a correct copy is achieved.
The significance of solving the problems and the defects is as follows: a provable copy storage method which is not based on any time hypothesis is designed, batch verification of audit results is achieved, and meanwhile, in the case of batch audit failure, an error data copy is located quickly. The method has important significance for improving the quality of outsourcing storage service of the cloud server.
Disclosure of Invention
In order to solve the problems, the invention provides a cloud security storage method, medium and equipment for a duplicate file.
The invention is realized in such a way, and the cloud security storage method of the duplicate file is characterized by comprising the following steps:
firstly, a user generates a plurality of copies of a file by using an incompressible coding technology and generates a corresponding integrity audit tag of the file;
secondly, the server generates evidence stored in the copy by adopting a probabilistic auditing scheme;
thirdly, using fast binary search and index test to realize efficient verification of the copy storage;
and fourthly, restoring the file by decoding the copy.
Further, the user generating multiple copies of the file and generating their corresponding integrity audit tags using non-compressible encoding techniques further comprises: by using non-compressible codingThe technique generates the fileIs/are as followsOne file copyThe user performs the following operations:
order toFor three different groups of multiplication cycles, the order of the groups being,Is composed ofIs generated fromIs a bilinear map;is a secure hash function,Is a secure hash function;A secure signature scheme is represented that is,is an RSA trapdoor permutation function whose field is,Is the inverse of the RSA trapdoor permutation function,is a security parameter of the signature algorithm andis a security parameter for the RSA trapdoor replacement;is a reversible random speaker in the field of(ii) a If the user wants to generate the fileIs/are as followsA copy of the document, the user first entering security parametersAnd randomly selects a key pairInputting security parameters as public and private keys of a signature algorithmGenerating the public key of the RSA trapdoor permutation functionAnd a private key(ii) a Random selectionAnd calculate(ii) a Simultaneous random selectionThe privacy parameter and the private key of the system areAndthe public parameter and the public key areAnd;
user uniform slaveIn selecting a random stringAnd calculateWhereinIs a reversible random prediction machine and,8-round Feistel network can be adopted for instantiation;
will be provided withIs uniformly divided intoData blocks and each data block has a size ofWhereinIs the domain of the RSA trapdoor permutation;
iterationAnd trapdoor replacementCount the timesFor number of roundsToAnd blockUser computingAndthe user gets the copy。
Further, the user generating multiple copies of the file and generating their corresponding integrity audit tags using non-compressible encoding techniques further comprises: the user generates a verification label for integrity audit;
for each duplicate blockGenerating a validation tagWhereinAnd isIs randomly and uniformly selected by the user and is used as the file copyIs identified by the identification of (a) a,is a set of authentication tags;
generating a file labelWhereinIs a copy of the fileIn the generation ofAfter each copy of the document and its corresponding authentication tag and signature, the user will proceedA copy of the fileAuthentication tag setAndare respectively sent toA cloud service provider, each of which stores a copy of the fileTo correspond toAnd。
further, the server generating the evidence stored in the copy by using a probabilistic auditing scheme further comprises:
third party auditor retrieves labels from the cloud service provider(ii) a The third party auditor passesVerifying each document labelFromToFor all verified tagsThe third party auditor fromRandomly generating a containedSubset of individual elements(ii) a For each elementRandom selection by third party auditor,Indicating the location of the challenge block, the third party auditor sendingProviding the corresponding cloud service provider;
receiving challenge informationAfter that, the firstThe cloud service provider computingGenerating a linear combination of random verification blocksWherein;
The cloud service provider generates an aggregated signatureAnd transmit itAnd giving the third party auditor.
Further, the implementation of efficient verification of the copy storage using fast binary search and exponent testing further includes:
fromThe cloud service provider receives the certificationThereafter, the third party auditor settingsIndicating the number of copies that have been verified to date, settingNumber ofTo representVerifying the copy;
the third party auditor calculatingAnd isWhereinIndicating bit negation; when the result is true, the third party auditor does not use binary inquiry and carries out independent verification on the rest copies; when the result is false, calculatingFromToCalculatingWhen is coming into contact withLet us orderOtherwise, calculating(ii) a After the calculation is completed, ifThe third party auditor order that all the copies are correctly stored on the cloud service providerFromTo,And performs all the checks of the copySyndrome/currentDetecting the presence or absence ofSo thatWherein(ii) a When in usePresence, the third party auditor settingThe number of the carbon atoms is 1,and the verification is completed, whereinThe copy is erroneous whenAbsent, the third party auditor willDividing the proof average of the duplicate storageAnd。
further, the implementing efficient verification of the copy storage using the fast binary search and exponent test further includes:
fromThe cloud service provider receives the certificationThereafter, the third party auditor settingsIndicating the number of copies that have been verified at present, settingNumber ofTo representVerifying the copy;
the third party auditor calculatingAnd is(ii) a When the result is true, the third party auditor does not use binary inquiry and carries out independent verification on the rest copies; when the result is false, the third party auditor calculatesFromTo, meterCalculating outWhen is coming into contact withLet us orderOtherwise, calculatingAfter the calculation is completed, ifThe third party auditor orderFromTo,And completes the copy 1 toVerifying; if it is notThat copy indicating all errors are presentThe third party auditor orderFromTo,(ii) a Otherwise, detecting whether the current state existsSo thatWherein(ii) a If it is notPresence, third party auditor settingsThe number of the carbon atoms is 1,and completing the copy from 1 toVerifying; otherwise, the third party auditor willThe certificates stored in the copy are divided intoAndand continuing to iterate the method until all the evidences are verified.
Further, the restoring the file by decoding the copy further comprises:
downloading the copy from the cloud service providerThereafter, the user willIs divided intoThen iterate RSA trapdoor replacementAndin totalNumber of wheels, of wheelsTo 1 and blockUser computingAndthe user obtains;
Another object of the present invention is to provide a receiving input program storage medium storing a computer program for an electronic device to execute the steps of:
firstly, a user generates a plurality of copies of a file by using an incompressible coding technology and generates a corresponding integrity audit tag of the file;
secondly, the server generates evidence stored in the copy by adopting a probabilistic auditing scheme;
thirdly, using fast binary search and index test to realize efficient verification of the copy storage;
and fourthly, restoring the file by decoding the copy.
It is another object of the present invention to provide a computer-readable storage medium, which stores a computer program, and when the computer program is executed by an electronic device, the computer program provides an input interface to implement a method for cloud-secure storage of a replica file as described in any one of the above.
The invention also aims to provide a client and a cloud server carrying the cloud security storage method of the duplicate file.
By combining all the technical methods, the invention has the advantages and positive effects that: the invention designs a cloud security storage method and equipment for a duplicate file, aiming at the problems of batch audit, quick positioning and the like faced by provable duplicate storage in a cloud environment. The method is not based on any time assumptions and supports batch audits that demonstrate results. Under the condition that batch audit is wrong, the wrong copy can be quickly positioned, and efficient verification of the correct copy is realized.
The cloud security storage method and the device for the duplicate files have the participation of three entities, namely a user, a cloud service provider and a third-party auditor. The system comprises four processes of file copy and audit tag generation, copy storage evidence generation, storage evidence batch audit and file copy recovery. The file copy and audit tag generation is that before the file is outsourced, a user adopts an incompressible code to generate a plurality of copies of the file and generate corresponding audit tags; the copy storage evidence generation is that the server generates the copy storage evidence by adopting a probabilistic auditing scheme; the storage certification batch audit is the efficient verification that an auditor uses quick binary search and index test to realize copy storage; file copy recovery is the acquisition of the original file after the user downloads the data and decodes the file copy.
Drawings
Fig. 1 is a flowchart of a cloud secure storage method for a replica file according to an embodiment of the present invention;
fig. 2 is a flowchart of a cloud secure storage method for a replica file according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of file copy generation time provided by an embodiment of the present invention;
FIG. 4 is a schematic diagram of a file copy recovery time provided by an embodiment of the present invention;
FIG. 5 is a schematic diagram of an audit time of a document copy storage attestation provided by an embodiment of the present invention;
FIG. 6 is a timing diagram illustrating the location of a copy of a provable copy storage error provided by an embodiment of the invention;
fig. 7 is a schematic diagram of file copy uploading and downloading time provided by the embodiment of the present invention.
Detailed Description
In order to make the objects, technical means and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the following examples. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In view of the problems in the prior art, the present invention provides a method for cloud secure storage of a replica file, which is described in detail below with reference to the accompanying drawings.
Referring to fig. 1, a cloud security storage method for a duplicate file provided by an embodiment of the present invention includes the following steps:
s101: a user generates a plurality of copies of a file by using an incompressible coding technology and generates a corresponding integrity audit tag of the file;
s102: the server generates evidence stored by the copy by adopting a probabilistic auditing scheme;
s103: efficient verification of the copy storage is achieved by using fast binary search and index test;
s104: the file is restored by decoding the copy.
The technical method of the present invention will be further described with reference to the accompanying drawings.
Due to the excellent characteristics of flexibility, expandability, convenience and the like, more and more users and enterprises tend to outsource data storage on a cloud server. However, since the ownership and management of user data are separated, it is difficult for a user to verify the integrity of data stored on a remote cloud server. Although the data auditing scheme may effectively verify integrity without requiring the user to download all outsourced data. But the existing data auditing method cannot resist Sybil attack. Although provable copy storage techniques may address this issue, existing provable copy storage may not support batch auditing of audit results and fast location of erroneous copies. Therefore, how to design a provable copy storage method supporting efficient verification and fast error location is an urgent problem to be solved.
The invention designs a cloud security storage method and equipment for a duplicate file, aiming at the problems of batch audit, quick positioning and the like in the provable duplicate storage in a cloud environment. The method realizes the high-efficiency verification of the testable copy storage result and the quick positioning of the error copy, and effectively improves the service quality of outsourced storage.
1. System model
The cloud security storage method and the device for the duplicate files provided by the embodiment of the invention have the participation of three entities, namely a user, a cloud service provider and a third-party auditor. The method comprises four processes of file copy and audit tag generation, copy storage evidence generation, storage evidence batch audit and file copy recovery. The file copy and audit tag generation is that before the file is outsourced, a user adopts an incompressible code to generate a plurality of copies of the file and generate corresponding audit tags; the copy storage evidence generation is that the server generates the copy storage evidence by adopting a probabilistic auditing scheme; the storage certification batch audit is the efficient verification that an auditor uses quick binary search and index test to realize copy storage; file copy recovery is the acquisition of the original file after the user downloads the data and decodes the file copy.
2. Preliminary knowledge
2.1 integrity Audit schema as disclosed
The disclosed integrity audit scheme defines: one disclosed integrity auditing scheme consists of four algorithms, Gen, SigGen, Genproof, verifyprofo.
1): scheme initialization algorithm, inputting public parametersGenerating public parametersAnd privacy parameters。
3): evidence generation algorithm, input challengeAnd documentsOutput aggregation authenticatorAnd auxiliary information、。
4): verification algorithm, input evidenceAnd common parametersAnd outputting a verification result 1 or 0.
2.2 bilinear pairings
Definition of、Andare groups of three different multiplication cycles of order。Andrespectively representAndthe generator of (1).Is a bilinear map with the following properties:
2.3 RSA trapdoor replacement
Definition of RSA trapdoor permutation: an RSA trapdoor replacement consists of the following three algorithms
(1): key generation algorithm, input parametersSelectingPrime number of bitsAndcalculatingAnd selectSo that. Then orderSatisfy the requirement of. Finally, the algorithm exports the public keyAnd a private key。
2.4 reversible random prophetic machine
The reversible random speaker is accessibleIn the reverse directionRandom prediction machine of two directions. In this patent, we useRandom prediction machine showing reversibility identical to RSA trap door permuted field, usingRepresenting a reversible random oracle of arbitrary length.The instantiation can be performed using 8 rounds of Feistel networks. In the instantiation ofBefore, we first defineIs a trapdoor replacementWhereinIs an RSA trapdoor replacement andis its public key.Both the input and the output ofOf (2) is used. By using modular multiplication instead of exclusive-or operations, we build the same fesiel Network as the RSA trapdoor permuted domain. Giving a random prediction machineInput ofThe output string is twice as long as its input. We defineSatisfy the requirement ofWherein,And represents a modular multiplication. It is worth emphasizing thatIn the domainIs nearly random in. In addition to the negligible probability that,is irreversible.
Referring to fig. 2, a cloud security storage method and device for a duplicate file provided in an embodiment of the present invention include:
s201, the user generates a plurality of copies of the file by using the incompressible encoding technology and generates a corresponding integrity audit tag, and the method further comprises the following steps: the user generates the file by using an incompressible encoding techniqueIs/are as followsOne file copyThe user performs the following operations:
(1) order toFor three different groups of multiplication cycles, the order of the groups being,Is composed ofIs generated fromIs a bilinear map;is a secure hash function,Is a secure hash function;Representing a secure signature scheme.Is an RSA trapdoor permutation function whose field is,Is the inverse operation of the RSA trapdoor permutation function;is a security parameter of the signature algorithm andis a safety parameter for trapdoor replacement;is a reversible random speaker in the field of. If the user wants to generate a fileIs/are as followsA copy of the document, the user first entering security parametersAnd randomly selects a key pairAs the public and private keys of the signature algorithm. Entering security parametersGenerating a public key of a trapdoor permutation functionAnd a private key. Random selectionAnd calculate(ii) a Simultaneous random selectionThe privacy parameter and the private key of the system areAndthe public parameter and the public key areAnd。
(2) to ensure the recoverability of a file, a user generates the file by using an incompressible encoding techniqueIs/are as followsOne file copy. The user then generates a validation tag for integrity audit. For file copyUser uniform slaveIn selecting a random stringAnd calculateWhereinIs a reversible random prediction machine and。it can be instantiated with 8 rounds of Feistel network.
(3) Will be provided withIs uniformly divided intoEach data block having a size ofWhereinIs the domain of RSA trapdoor permutation. IterationAnd RSA trapdoor replacementIn totalNext, the process is carried out. For number of wheelsToAnd blockUser computingAnd. Finally, the user gets a copy。
(4) For each copyGenerating a validation tagWhereinAnd isIs randomly and uniformly selected by a user and is used as a file copyIs detected.Is a set of authentication tags.
(5) Generating a file labelWhereinIs a copy of a fileThe signature of (2). In generatingAfter the copy of the document and its corresponding verification tag and signature, the user willOne file copyAuthentication tag setAndare respectively sent toA cloud service provider. Each cloud service provider stores one copy of a fileTo correspond toAnd。
s202, the server generates evidence stored in the copy by adopting a probabilistic auditing scheme, and the method comprises the following steps:
(1) to prove data integrity of a copy of a file stored on a cloud service provider, a third party auditor first retrieves a tag from the cloud service provider. The third party auditor then passesVerifying each document labelFromTo. For all verified tagsThird party auditors fromRandomly generate oneSubset of individual elements. For each elementRandom selection by third party auditor。Representing the location of the challenge block. Third party auditor deliveryTo the corresponding cloud service provider.
(2) Upon receipt of the challenge messageThereafter, the first cloud service provider calculatesGenerating a linear combination of random verification blocksWherein。
(3) Cloud service provider generation of aggregated signaturesAnd transmitAnd (5) giving the third party auditor.
S203, the efficient verification of the copy storage is realized by using the fast binary search and the index test, and the method comprises the following steps:
(1) fromReceipt of proof by individual cloud service providerThereafter, third party auditor settingsIndicating the number of copies that have been validated so far. Is provided withNumber ofTo representThe verification results of the individual copies.
(2) The third party auditor judges whether to judgeAnd isWhere it represents the bit inversion. If the result is true, the third party auditor no longer uses the binary query and separately verifies the remaining copies. Otherwise, calculatingFromToCalculating. If it is notLet us orderOtherwise, calculating. After the calculation is completed, ifIt is stated that all copies are correctly stored on the cloud service provider. At this time, the third party auditor orderFromTo,And completes the verification of all copies. If it is notDetecting whether or not there is such thatWherein. If it is notPresence, third party auditor settingsThe number of the carbon atoms is 1,and the verification is completed, whereinThe individual copies are the wrong copies. Otherwise, the third party auditor willPartitioning of a proof average of a copy storeAnd。
(3) the third party auditor judges whether to judgeAnd is. If the result is true, the third party auditor no longer uses the binary query and separately verifies the remaining copies. Otherwise, the third party auditor calculatesFromToCalculating. If it is notLet us orderOtherwise, calculating. After the calculation is completed, ifThird party auditor orderFromTo,And complete copies 1 throughAnd (4) verifying. If it is notAll incorrect copies are said to be presentIn, third party auditor orderFromTo,. Otherwise, detecting whether the current state existsSo thatWherein. If it is notPresence, third party auditor settingsThe number of the carbon atoms is 1,and complete copies 1 throughAnd (4) verifying. Otherwise, the third party auditor willMean division of certificates into duplicate storesAndand continuing to iterate the method until all the evidences are verified.
S204, restoring the file by decoding the copy, comprising the following steps:
(1) downloading copies from cloud service providersThereafter, the user willIs divided intoThen iterating trapdoor replacementAndin totalAnd (4) wheels. For number of wheelsTo 1 and blockUser computingAnd. Finally, the user gets。
The technical effects of the present invention will be described in detail with reference to experiments.
In order to test the method, programming simulation realizes the cloud security storage method of the duplicate file provided by the invention. Meanwhile, the provable copy storage method of the invention is compared with the existing provable copy storage method. The method is realized by using JAVA programming language and JPBC library v2.0.0. The test environment was Intel (R) core (TM) i7-7820HK CPU 2.90GHz 16.0GB RAM, Windows 10. In the experiment, the invention set the data size to be 1MB, 1024, 128. The test results are the average of 10 independent tests.
First, the present invention tests the time for file copy generation and file copy recovery for scheme 1 and scheme 2 and the method of the present application. Existing scheme 1 is vulnerable to recalc attacks. Servers with a large amount of computing power can always generate correct evidence before a timeout to fool an auditor into passing verification. Because small decoding parameters are adopted in the file copy recovery process, the decoding speed of the method is higher than that of the existing scheme 1. Details of the file copy generation and file copy recovery time are shown in fig. 3 and 4.
Secondly, the invention tests the auditing time of the scheme for the file copy storage certification. Unlike existing scenario 1 and existing scenario 2, the present invention uses a batch audit method to verify the proof of its copy store. From experimental results, the method can greatly reduce the calculation cost during the copy storage certification. Details of the audit time of a copy of a file are shown in FIG. 5.
Finally, the present invention tests the time of error copy location. Since neither the existing solution 1 nor the existing solution 2 solves the fast location of the erroneous copy, the existing solution 1 and the existing solution 2 will consume a large amount of computational overhead to find the erroneous copy of the file. The invention realizes the quick positioning of the error copy by combining the quick binary search and the index search. Meanwhile, in order to prevent the binary search from being not suitable for the situation that a large number of wrong copies exist, the method also takes the currently found error rate as the estimation of the error rate of the residual copies. When the error rate is greater than the security parameter, the patent terminates the binary search and verifies the remaining copies one by one. Therefore, the verification strategy can be dynamically adjusted to deal with different situations. Details of the error copy location time are shown in fig. 6. In addition, the patent also tests the time of copy uploading and downloading. The uploading time comprises file copy generation and audit tag generation, and the downloading time comprises file copy audit and copy recovery. Details of the upload time and download time of the file copy are shown in fig. 7.
It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A cloud security storage method for duplicate files is characterized by comprising the following steps:
firstly, a user generates a plurality of copies of a file by using an incompressible coding technology and generates a corresponding integrity audit tag of the file;
secondly, the server generates evidence stored in the copy by adopting a probabilistic auditing scheme;
thirdly, using fast binary search and index test to realize efficient verification of the copy storage;
and fourthly, restoring the file by decoding the copy.
2. The method of claim 1, wherein the user generating multiple copies of a file using non-compressible encoding techniques and generating their respective integrity audit tags further comprises: user generation of files by using non-compressible encoding techniquesIs/are as followsOne file copyThe user performs the following operations:
order toFor three different groups of multiplication cycles, the order of the groups being,Is composed ofIs generated fromIs a bilinear map;is a secure hash function,Is a secure hash function;A secure signature scheme is represented that is,is an RSA trapdoor permutation function whose field is,Is the inverse of the RSA trapdoor permutation function,is a security parameter of the signature algorithm andis a security parameter of the RSA trapdoor replacement;is a reversible random speaker in the field of(ii) a If the user wants to generate the fileIs/are as followsA copy of the file is stored in a memory of the file,is the length of said file F, the user first enters the security parametersAnd randomly selects a key pairInputting security parameters as public and private keys of a signature algorithmGenerating a public key of the RSA trapdoor permutation functionAnd a private key(ii) a Random selectionAnd calculate(ii) a Simultaneous random selectionThe privacy parameter and the private key of the system areAndthe public parameter and the public key areAnd;
user uniform slaveIn selecting a random stringAnd calculateWhereinIs a reversible random prediction machine and,8-wheel Feistel netwo can be adoptedrk is instantiated;
will be provided withIs uniformly divided intoEach data block having a size ofWhereinIs the domain of the RSA trapdoor permutation;
3. The method of claim 2, wherein the user generating multiple copies of the file using the incompressible encoding technique and generating their respective integrity audit tags further comprises: the user generates a verification label for integrity audit;
for each duplicate blockGenerating a validation tagWhereinAnd isIs randomly and uniformly selected by a user and used as the file copyIs identified by the identification of (a) a,is a set of authentication tags;
generating a file labelWhereinIs a copy of the fileIs signed in lifeBecome intoAfter each copy of the document and its corresponding verification tag and signature, the user will proceedCopy of the fileAuthentication tag setAndare respectively sent toA plurality of cloud service providers, each of the cloud service providers storing a copy of the fileTo correspond toAnd。
4. the method of claim 3, wherein the server employing a probabilistic auditing scheme to generate the replica stored evidence further comprises:
third party auditor retrieves labels from the cloud service provider(ii) a The third party auditor passesVerifying each document labelFromToFor all verified tagsSaid third party auditor fromRandomly generating a containedSubset of individual elements(ii) a For each elementRandom selection by third party auditor,Representing the location of the challenge block, the third party auditor sendingProviding the corresponding cloud service provider;
receiving challenge informationThereafter, a first one of the cloud service provider computingGenerating a linear combination of random verification blocksWherein;
5. The method of claim 4, wherein the using fast binary search and exponent testing to enable efficient verification of the replica storage further comprises:
fromReceiving certification by the cloud service providerThereafter, the third party auditor settingsIndicating the number of copies that have been verified to date, settingNumber ofTo representA verification result of each of the copies;
the third party auditor calculationAnd isWhereinIndicating bit negation; when the result is true, the third party auditor does not use binary query any more and carries out individual verification on the remaining copies; when the result is false, calculatingFromToCalculatingWhen is coming into contact withLet us orderOtherwise, calculating(ii) a After the calculation is completed, ifThe third party auditor orders all the copies to be stored correctly on the cloud service providerFromTo,And completing the verification of all the copies whenDetecting the presence or absence ofSo thatWherein(ii) a When in usePresence, said third party auditor settingThe number of the carbon atoms is 1,and the verification is completed, whereinEach of the copies is erroneous whenAbsent, the third party auditor willDivision of the proof average of the duplicate storesAnd。
6. the method of claim 5, wherein the using fast binary search and exponent testing to enable efficient verification of the replica storage further comprises:
fromReceiving certification by the cloud service providerThereafter, the third party auditor settingsRepresenting the number of copies that have been verified so far, settingNumber ofTo representA verification result of each of the copies;
the third party auditor calculationAnd is(ii) a When the result is true, the third party auditor does not use binary inquiry and carries out independent verification on the rest copies; when the result is false, the third party auditor calculatesFromTo, meterCalculating outWhen is coming into contact withLet us orderOtherwise, calculatingAfter the calculation is completed, ifThe third party auditor orderFromTo,And completes the copies 1 toVerifying; if it is notThe copy indicating all errors is presentThe third party auditor orderFromTo,(ii) a Otherwise, detecting whether the current state existsSo thatWherein(ii) a If it is notPresence, third party auditor settingsThe number of the carbon atoms is 1,and completing the copy from 1 toVerifying; otherwise, the third party auditor willAn average division of proofs stored per said copyAndand continuing to iterate the method until all the evidences are verified.
7. The method of claim 6, wherein the restoring the file by decoding the copy further comprises:
downloading the copy from the cloud service providerThereafter, the user willIs divided intoThen iterate RSA trapdoor replacementAndin totalNumber of wheels, of wheelsTo 1 and blockUser computingAndthe user obtains;
8. A program storage medium storing an input program for an electronic device to perform any of claims 1-7, comprising at least the steps of:
firstly, a user generates a plurality of copies of a file by using an incompressible coding technology and generates a corresponding integrity audit tag of the file;
secondly, the server generates evidence stored in the copy by adopting a probabilistic auditing scheme;
thirdly, using fast binary search and index test to realize efficient verification of the copy storage;
and fourthly, restoring the file by decoding the copy.
9. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by an electronic device, provides an input interface to implement a method of cloud-safe storage of replica files as claimed in any one of claims 1 to 7.
10. A cloud server carrying the cloud secure storage method of a replica file according to any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010585583.4A CN111565234A (en) | 2020-06-24 | 2020-06-24 | Cloud security storage method, medium and equipment for duplicate files |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010585583.4A CN111565234A (en) | 2020-06-24 | 2020-06-24 | Cloud security storage method, medium and equipment for duplicate files |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111565234A true CN111565234A (en) | 2020-08-21 |
Family
ID=72070310
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010585583.4A Pending CN111565234A (en) | 2020-06-24 | 2020-06-24 | Cloud security storage method, medium and equipment for duplicate files |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111565234A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112769842A (en) * | 2021-01-16 | 2021-05-07 | 西安电子科技大学 | Efficient cloud storage copy proving method and system supporting public verification and application |
CN114415978A (en) * | 2022-03-29 | 2022-04-29 | 维塔科技(北京)有限公司 | Multi-cloud cluster data reading and writing method and device, storage medium and electronic equipment |
-
2020
- 2020-06-24 CN CN202010585583.4A patent/CN111565234A/en active Pending
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112769842A (en) * | 2021-01-16 | 2021-05-07 | 西安电子科技大学 | Efficient cloud storage copy proving method and system supporting public verification and application |
CN112769842B (en) * | 2021-01-16 | 2021-11-16 | 西安电子科技大学 | Efficient cloud storage copy proving method and system supporting public verification and application |
CN114415978A (en) * | 2022-03-29 | 2022-04-29 | 维塔科技(北京)有限公司 | Multi-cloud cluster data reading and writing method and device, storage medium and electronic equipment |
CN114415978B (en) * | 2022-03-29 | 2022-06-21 | 维塔科技(北京)有限公司 | Multi-cloud cluster data reading and writing method and device, storage medium and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Breitner et al. | Biased nonce sense: Lattice attacks against weak ECDSA signatures in cryptocurrencies | |
Chen | Using algebraic signatures to check data possession in cloud storage | |
Tan et al. | A survey on proof of retrievability for cloud data integrity and availability: Cloud storage state-of-the-art, issues, solutions and future trends | |
Wang et al. | Privacy-preserving public auditing for data storage security in cloud computing | |
CN111355705A (en) | Data auditing and safety duplicate removal cloud storage system and method based on block chain | |
CA2792267C (en) | Verifying implicit certificates and digital signatures | |
CN111222176B (en) | Block chain-based cloud storage possession proving method, system and medium | |
CN109525403B (en) | Anti-leakage public cloud auditing method supporting full-dynamic parallel operation of user | |
JP5254497B2 (en) | Validating work performed by untrusted compute nodes | |
Chen et al. | Data dynamics for remote data possession checking in cloud storage | |
Yuchuan et al. | Enable data dynamics for algebraic signatures based remote data possession checking in the cloud storage | |
Luo et al. | An effective integrity verification scheme of cloud data based on BLS signature | |
US11722322B2 (en) | Method for providing information to be stored and method for providing a proof of retrievability | |
Kuang et al. | A new quantum-safe multivariate polynomial public key digital signature algorithm | |
US20090313171A1 (en) | Electronic transaction verification | |
Hu et al. | Enabling cloud storage auditing with key-exposure resilience under continual key-leakage | |
US20220166614A1 (en) | System and method to optimize generation of coprime numbers in cryptographic applications | |
CN111565234A (en) | Cloud security storage method, medium and equipment for duplicate files | |
Preston | Applying Grover's algorithm to hash functions: a software perspective | |
Xu et al. | Data tag replacement algorithm for data integrity verification in cloud storage | |
Mishra et al. | Dynamic large branching hash tree based secure and efficient dynamic auditing protocol for cloud environment | |
Hartung | Attacks on secure logging schemes | |
Tu et al. | Privacy‐Preserving Outsourced Auditing Scheme for Dynamic Data Storage in Cloud | |
Cao et al. | Lattice-based fault attacks on deterministic signature schemes of ECDSA and EdDSA | |
Li et al. | IPOR: An efficient IDA-based proof of retrievability scheme for cloud storage systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200821 |