CN111935091A - Anti-leakage forward security cloud data integrity remote verification method and system - Google Patents

Anti-leakage forward security cloud data integrity remote verification method and system Download PDF

Info

Publication number
CN111935091A
CN111935091A CN202010652408.2A CN202010652408A CN111935091A CN 111935091 A CN111935091 A CN 111935091A CN 202010652408 A CN202010652408 A CN 202010652408A CN 111935091 A CN111935091 A CN 111935091A
Authority
CN
China
Prior art keywords
node
data
file
data owner
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010652408.2A
Other languages
Chinese (zh)
Inventor
胡程瑜
郭山清
鞠雷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong University
Original Assignee
Shandong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong University filed Critical Shandong University
Priority to CN202010652408.2A priority Critical patent/CN111935091A/en
Publication of CN111935091A publication Critical patent/CN111935091A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The application discloses a method and a system for remotely verifying the integrity of anti-leakage forward-direction safe cloud data, wherein a data owner generates a private and public key pair by using a safety parameter; the data owner generates authentication information of the outsourced data by using a private key of the data owner, and uploads the outsourced data and the authentication information to the cloud storage server together; the data owner generates challenge information and sends the challenge information to the cloud storage server; the cloud storage server generates verification certification information by using a public key, challenge information, an outsourced data file and an authentication information set of a data owner, and returns the verification certification information to the data owner; and the data owner verifies the integrity of the outsourced data file by using the own public key, the challenge information and the verification certification information to obtain a verification result. The data owner acquires the current time period and updates the current time period to the next time period; the data owner obtains the key representing the current time period node, updates the key into a random new key and covers the original key.

Description

Anti-leakage forward security cloud data integrity remote verification method and system
Technical Field
The application relates to the technical field of cloud data verification, in particular to a leakage-resistant forward-safe cloud data integrity remote verification method and system.
Background
The statements in this section merely provide background information related to the present disclosure and may not constitute prior art.
Cloud storage allows a data owner to remotely store data on a cloud server, and meanwhile, the data can be conveniently and efficiently acquired from the cloud server. However, such new data hosting services face an important security challenge, namely data integrity. Once the user's data is stored on the cloud server, the data owner loses control of the stored data. If the facilitator is untrusted or semi-trusted, the cloud server may hide the data loss incident from the data owner or discard data that has not been accessed or has been accessed very infrequently for a long period of time. Therefore, a secure and trusted service mechanism is needed by the data owner to ensure that the data is truly and completely stored in the cloud server.
In the process of implementing the present application, the inventors found that the following technical problems exist in the prior art:
the existing remote data integrity verification protocol faces the risk of key leakage, and the security of the data stored in the server side of the client can be threatened due to side channel attack or accidental leakage of the client key. The method is provided for overcoming the defect of the existing remote verification scheme for the integrity of the cloud data, namely, the existing scheme only considers the correctness of data verification in the previous time period when the key is completely disclosed in a certain time period. However, the occurrence of the new side channel attack causes that an adversary can obtain a partial key instead of a complete key to forge the proof of verification, that is, in the case of leakage of the partial key, the security of the existing protocol cannot be guaranteed.
Disclosure of Invention
In order to overcome the defects of the prior art, the application provides an anti-leakage forward-security remote cloud data integrity verification method and system; the method constructs a polymerizable signature scheme for resisting continuous memory leakage, constructs a check protocol for resisting continuous memory leakage on the basis of the polymerizable signature scheme, and combines the check protocol with a binary tree structure on the basis to construct a remote check protocol for resisting leakage and achieving forward security cloud data integrity. In the verification protocol, even if an adversary obtains partial key leakage within a period of time, the scheme can still ensure safety. Furthermore, our scheme will also maintain forward security if the key is fully disclosed within a certain time period. Compared with the existing integrity check protocol, the method solves the problem of security of the cloud data integrity check protocol under the condition of key leakage, and can provide stronger security.
In a first aspect, the application provides a leakage-resistant forward-secure cloud data integrity remote verification method;
the anti-leakage forward security cloud data integrity remote verification method comprises the following steps:
a key generation step: a data owner generates a private and public key pair by using the security parameters;
a data authentication generation step: the data owner generates authentication information of the outsourced data by using a private key of the data owner, and uploads the outsourced data and the authentication information to the cloud storage server together;
outsourcing data verification: the data owner generates challenge information Chal and sends the challenge information Chal to the cloud storage server; the cloud storage server generates verification certification information by using a public key of a data owner, challenge information Chal, an outsourced data file F and an authentication information set, and returns the verification certification information to the data owner; and the data owner verifies the integrity of the outsourced data file F by using the own public key, the challenge information Chal and the verification certification information to obtain a verification result.
In a second aspect, the present application provides a leakage-resistant forward-secured cloud data integrity remote verification system;
a leakage-resistant forward-secured cloud data integrity remote verification system, comprising: a data owner and a cloud storage server;
a data owner generates a private and public key pair by using the security parameters; the data owner generates authentication information of the outsourced data by using a private key of the data owner, and uploads the outsourced data and the authentication information to the cloud storage server together; the data owner generates challenge information Chal and sends the challenge information Chal to the cloud storage server;
the cloud storage server generates verification certification information by using a public key of a data owner, challenge information Chal, an outsourced data file F and an authentication information set, and returns the verification certification information to the data owner;
and the data owner verifies the integrity of the outsourced data file F by using the own public key, the challenge information Chal and the verification certification information to obtain a verification result.
Compared with the prior art, the beneficial effects of this application are:
1. compared with a cloud data integrity remote verification method which does not support forward security, the whole life cycle of the secret key is divided into a plurality of time periods, and the secret key is updated among the time periods, so that the forward security is provided for the cloud data integrity verification protocol, namely if the secret key is completely leaked in a certain time period, the method can ensure that the integrity verification is still effective in the time period before the time period is leaked; the method has forward security, and can ensure the validity of authentication before the time period when the key is completely leaked;
2. the method can resist side channel attack and solve the problem of partial secret key leakage caused by side channel attack. The novel side channel attack can acquire partial key leakage information in a time period before the key is completely leaked to forge authentication, so that remote verification fails. The method can ensure that even if an attacker obtains the key information segment between two time period updates through novel side channel attack, the verification protocol is still safe and cannot forge effective authentication, namely, the integrity verification is still effective.
Compared with the existing cloud data integrity remote verification method supporting forward security, the method and the device can solve the problem of partial secret key leakage caused by side channel attack. The novel side channel attack can acquire partial key leakage information in a time period before the key is completely leaked to forge authentication, so that remote verification fails. The method and the device can ensure that even if an adversary obtains partial secret key leakage within a period of time, the verification protocol is still safe and effective authentication cannot be forged.
Furthermore, the present application may ensure forward security of the verification if the key is fully disclosed within a certain time period. Therefore, compared with the existing method, the method has stronger safety.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the application and, together with the description, serve to explain the application and are not intended to limit the application.
FIG. 1 is a diagram of a program architecture of a first embodiment;
FIG. 2 is a schematic diagram of a binary tree structure of the first embodiment;
fig. 3(a) and 3(b) are binary tree structures of the first embodiment when T is 4, currentT is 0, and 1;
fig. 4 is a system architecture diagram of a second embodiment.
Detailed Description
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments according to the present application. As used herein, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise, and it should be understood that the terms "comprises" and "comprising", and any variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The embodiments and features of the embodiments in the present application may be combined with each other without conflict.
Example one
The embodiment provides a leakage-resistant forward-safe remote cloud data integrity verification method;
the anti-leakage forward security cloud data integrity remote verification method comprises the following steps:
s101: a key generation step: a data owner generates a private and public key pair by using the security parameters;
s102: a data authentication generation step: the data owner generates authentication information of the outsourced data by using a private key of the data owner, and uploads the outsourced data and the authentication information to the cloud storage server together;
s103: outsourcing data verification: the data owner generates challenge information Chal and sends the challenge information Chal to the cloud storage server; the cloud storage server generates verification certification information by using a public key of a data owner, challenge information Chal, an outsourced data file F and an authentication information set, and returns the verification certification information to the data owner; and the data owner verifies the integrity of the outsourced data file F by using the own public key, the challenge information Chal and the verification certification information to obtain a verification result.
As one or more embodiments, the method further comprises:
s104: a time period updating step: the data owner acquires the current time period and updates the current time period to the next time period;
s105: and a key updating step: and the data owner acquires the key of the current time period, updates the key into a random new key and covers the original key.
In one or more embodiments, in the data certification generating step, after the data owner uploads the outsourced data file F and the certification information set to the cloud storage server, the locally stored outsourced data file F and the certification information set are deleted.
As one or more embodiments, the key generating step includes:
the data owner appoints the time quantum number T of the whole life cycle, the root node of the binary tree is generated and set as the current node, and the left child node and the right child node of the current node are generatedSetting the left child node as the current node, continuing to generate the left and right child nodes of the current node, and so on until generating a depth log2The 1 st and 2 nd leaf nodes (the leftmost two leaf nodes) of the binary tree of T;
then publishing system public parameters and generating a public and private key pair of a polymerizable signature scheme for resisting continuous memory leakage for each node as a node key;
then, along the path from the leaf node to the root node, calculating the signature of the public key of the parent node of each non-root node by using the private key of the parent node of each non-root node, and endowing the leaf node with the represented time slot; if the left child node and the right child node of a certain non-leaf node are generated, deleting the private key of the node;
that is, each node of the binary tree includes: the public key of the node, the signature of the public key of the node by using the private key of the father node of the node, the time period corresponding to the node and the private key of the node;
the public key of the data owner is the public key of the root node of the binary tree, and the private key of the time period t is the private key of the corresponding leaf node in the binary tree.
Illustratively, the key generating step includes:
firstly, the data owner receives a security parameter lambda and randomly selects an N-order composite-order bilinear group G, wherein N is p1p2p3p4. Randomly selecting elements:
Figure BDA0002575464830000065
the structure PK ═ { N, G, R, u ═1,gR1,uR2,hR3}
Random elements and vectors are selected:
Figure BDA0002575464830000066
Figure BDA0002575464830000061
Figure BDA0002575464830000062
Figure BDA0002575464830000063
Figure BDA0002575464830000064
Figure BDA0002575464830000071
Figure BDA0002575464830000072
Figure BDA0002575464830000073
Figure BDA0002575464830000074
are three vectors containing n elements, which are defined as follows:
Figure BDA0002575464830000075
Figure BDA0002575464830000076
Figure BDA0002575464830000077
structure of the device
Figure BDA0002575464830000078
A binary tree required by the check protocol is constructed. Suppose the entire life cycle of the data is divided into T independent time segments, denoted 0,1, …, T-1, respectively. Without loss of generality, let T be 2l. A binary tree structure is used to represent the time segments. The leaf nodes represent T independent check protocols from 0 to T-1 time periods respectively in a left-to-right sequence. That is, assuming that the depth of the root node is 0, the depth of the binary tree is l log2T。
Each node of the binary tree includes: the public key PK of the node, the signature sigma of the public key of the node by using the private key of the parent node of the node, the time period ts corresponding to the node and the private key SK of the node.
Since the root node has no parent, this node does not contain the signature σ. When two sub-nodes of a certain node are generated, the SK of the node is deleted; when the time period t enters the time period t +1, the leaf node corresponding to the time period t is deleted; and when two sub-nodes of a certain node are deleted after being generated, the node is also deleted.
The public key of the data owner is the public key of the root node of the binary tree, and the private key of the time period t is the private key SK contained in the corresponding leaf node in the binary tree.
In one or more embodiments, in S102, the data owner generates authentication information of the outsourced data by using its own private key; the method comprises the following specific steps:
the data owner firstly divides outsourced data files into blocks, signs the file blocks by using a private key in a binary tree leaf node representing the current time period, and binds the file blocks, block indexes and file names by using a hash function and a blinding mode to obtain the certification phi.
As one or more embodiments, in S102, the authenticating information includes:
the authentication phi generated by the private key of the binary tree node representing the current time period, and the public key signature chain formed by the public keys and the signatures of all nodes on the path from the root node of the binary tree to the current node.
Illustratively, suppose a File is divided into n File blocks, i.e. File ═ m1,m2,…,mnIn which m isi∈ZNI is 1,2, … n. The authentication includes U and n processed file block signatures computed using a polymerizable signature scheme Π that is resistant to continuous memory leaks.
Specifically, n file blocks are first signed, i.e. σ is calculatedi}1≤i≤n
Wherein sigmai=Π.Sign(mi,SKi)。
Then, randomly select element r ← ZNAnd calculating U ═ gR1)rIf the File has the following authentication information Φ:
Figure BDA0002575464830000081
wherein, the Hash function connects FileName, i, U as character string, then processes Hash, and converts it into ZNOf (2) is used.
In S103, as one or more embodiments, a data integrity check process is performed between the data owner and the cloud storage server.
Further, in S103, the step of generating challenge information Chal by the data owner includes:
several integers are randomly selected as the file chunk index to challenge, i.e., representing the corresponding file chunk. And randomly selecting a blinding factor corresponding to the file block for each selected integer.
Challenge information Chal is formed by a set of (file block index, file block blinding factor).
Illustratively, the step of generating challenge information Chal by the data owner includes:
randomly selecting C integers from the set {0,1,2, …, N-1}, and then selecting C integers from ZNRandomly selecting C elements from the group, and adding the C integers to ZNThe C elements selected in the step (B) are in one-to-one correspondence to form C (i, v)i) To be used as a pickWar information Chal.
Further, in S103, the cloud storage server generates verification certification information by using the public key of the data owner, the challenge information Chal, the outsourced data file F, and the authentication information set, and the specific steps include:
finding out the authentication of the corresponding file blocks from the authentication information set according to the file names and the file block indexes in the challenge information, and then generating file block aggregation authentication by using the corresponding file block blinding factors;
finding out corresponding file blocks by using the file block indexes, and blinding the file blocks by using corresponding file block blinding factors and generating file block aggregation information;
and finally, forming an integrity certification of the file by the public key signature chain consisting of the public keys and the signatures of all nodes on the path from the root node of the binary tree to the current leaf node in the file authentication set stored in the cloud storage server and file block aggregation authentication and file block aggregation information.
Illustratively, the cloud storage server generates verification certification information by using a public key of a data owner, challenge information Chal, an outsourced data file F and an authentication information set, and the specific steps include:
suppose that a File can be divided into n File blocks, i.e. File ═ m1,m2,…,mnIn which m isi∈ZN,i=1,2,…n。
To generate the file integrity certification, the cloud storage server first accepts a challenge set Chal { (i, v) sent by a data owneri)}i∈IThen, the cloud storage server calculates:
Figure BDA0002575464830000091
and mu ═ sigmai∈Ivimi
And finally, storing the public key signature consisting of the public keys and the signatures of all the nodes on the path from the root node of the binary tree to the current node in the file authentication set of the cloud storage serverFirst name chain { (PK)00),(PK11),…,(PKcurcur) The addition of the water is carried out,
form an integrity certification of a document as
Figure BDA0002575464830000102
Further, in S103, the data owner verifies the integrity of the outsourced data file F by using the own public key, challenge information Chal and verification certification information to obtain a verification result; the method comprises the following specific steps:
firstly, the public key/signature pairs in the public key signature chain are sequentially checked according to the sequence:
if all the signatures pass the verification, verifying the blinded block signatures of the aggregation files by using the public keys of the leaf nodes corresponding to the current time period and the blinding factors in the challenge information;
the integrity of the document may be certified if all checks pass, otherwise the integrity verification does not pass.
Illustratively, the data owner verifies the integrity of the outsourced data file F by using a public key, challenge information Chal and verification certification information of the data owner to obtain a verification result; the method comprises the following specific steps:
the (PK, sigma) pairs in the public key signature chain are firstly checked sequentially according to the sequence, if all the signatures are verified, the check is continued
Figure BDA0002575464830000101
Figure BDA0002575464830000103
And if the above checks are passed, the integrity of the file is proved, otherwise, the integrity verification is not passed.
As one or more embodiments, in S104, the data owner acquires the current time period and updates it to the next time period;
illustratively, in S104, the time period updating step includes:
let the node subscript corresponding to the current time period in the binary tree be j.
If currentT in the current time period is an even number, deleting the node representing the current time period, and jumping to the node with the subscript j + 1;
if currentT in the current time period is an odd number, all nodes with the odd number in the following table are deleted in sequence along the path from the current node to the root node until the subscript of the node is an even number, then the node jumps to the right child node (namely the brother node) of the parent node of the node, and continuously generates new nodes downwards until the leaf node is reached.
As one or more embodiments, in S105, the data owner obtains the key of the current time period, updates the key to a random new key, and overwrites the original key.
Further, in S105, the key updating step includes:
the data owner finds the binary tree leaf node representing the current time period, randomizes the private key in the leaf node by using the random vector, and keeps other information in the leaf node unchanged.
Illustratively, in S105, the key updating step includes:
first, two random vectors are selected
Figure BDA0002575464830000111
The updated key SKi={Si,Ui,HiThe definition is as follows:
Figure BDA0002575464830000112
a data owner generates a private and public key pair by using the security parameters; the data owner generates authentication information of the outsourced data by using a private key of the data owner, and uploads the outsourced data and the authentication information to the cloud storage server together; executing an outsourcing data verification protocol between a data owner and a cloud storage server, wherein the data owner generates challenge information Chal and sends the challenge information Chal to the cloud storage server, the cloud storage server generates verification information by using a public key of the data owner, the challenge information Chal, an outsourcing data file F and an authentication information set, and returns verification information to the data owner, and the data owner verifies the integrity of the outsourcing data file F by using the own public key, the challenge information Chal and the verification information to obtain a verification result; the data owner acquires the current time period and updates the current time period to the next time period; the data owner obtains the key representing the current time period node, updates the key into a random new key and covers the original key. The method and the device solve the problem that the existing cloud data integrity verification scheme cannot resist side channel attack, and can provide stronger safety.
As shown in fig. 1, is a diagram of the program architecture of the present application. The whole program is divided into two modules, namely a data integrity checking module and a basic function module. The two operations are independent and interactive with each other. The dotted line box in the figure is a schematic diagram of a typical cloud storage service, that is, a user uploads a file to a cloud server with the aid of a basic function module and downloads a required file from the cloud server. And embedding the data integrity check module in the structure without changing the structure. The specific implementation process is as follows:
after the user selects the file to be uploaded, the program does not directly send the file to the cloud service provider, but transfers the file to the data integrity verification module, and after the module generates the file authentication, the file and the authentication I are sent to the cloud server.
In addition, the data integrity check module also directly accepts instructions of a user to update the key, the time period and verify the integrity of the file. After the user selects the file to be verified, the data integrity checking module directly interacts with the cloud service provider, receives integrity certification provided by the cloud service provider, checks the correctness of the integrity certification, and directly feeds the result back to the user.
As can be seen from the above description, since the data integrity check does not change the original cloud storage service structure, the cloud service provider can conveniently put the protocol into the existing service architecture without worrying about other influences.
Fig. 2 is a schematic diagram of a binary tree structure according to the present application. We will explain how the binary tree structure can be combined with the check protocol of the second part to satisfy forward security.
Suppose the entire life cycle of the data is divided into T independent time segments, denoted 0,1, …, T-1, respectively. Without loss of generality, let T be 2l. A binary tree structure is used to represent the time segments. The leaf nodes represent T independent check protocols from 0 to T-1 time periods respectively in a left-to-right sequence. That is, assuming that the depth of the root node is 0, the depth of the binary tree is l log2And T. The two leaf nodes at the far left representing time periods 0 and 1 will be generated during the system set-up. Leaf nodes representing other time periods will be generated in the time period updating process, and generally, if the current time period is currentT 2j-1, the execution of the time period updating process will generate nodes representing time periods T2 j, T2 j + 1. The specific generation algorithm is specifically set forth in each function.
Each node of the binary tree will contain the contents of table 1. Since the root node has no parent, this node does not contain the signature σ. When two sub-nodes of a certain node are generated, the SK of the node is deleted; when the time period t enters the time period t +1, the leaf node corresponding to the time period t is deleted; and when two sub-nodes of a certain node are deleted after being generated, the node is also deleted.
TABLE 1 binary tree node Contents
Figure BDA0002575464830000131
The system setup procedure is explained in detail below. According to the foregoing, the depth of the binary tree is
Figure BDA0002575464830000132
It should be noted that the array index corresponding to the root node is 1, and therefore the array length for storing the binary tree should be 2len+1. According to the knowledge of graph theory, the subscript of the left child node is n > 1, the subscript of the right child node is (n > 1) +1, and the subscript of the father node is n < 1; when n is more than or equal to T, the node is a leaf node. The execution flow of this part is given below.
Step 1: generating an array Tree [ ] containing 2T elements;
step 2: generating a public and private key pair (PK, SK) of a root node of a binary Tree by using a polymerizable signature scheme for resisting continuous memory leakage, and putting (PK, null,0, SK) into Tree [1 ];
and step 3: setting a root node as a current node;
and 4, step 4: generating two child nodes of the current node, generating public and private key pairs of the two child nodes by using a polymerizable signature scheme for resisting continuous memory leakage, signing the public key by using the private key of the parent node, and putting the public and private key pairs and the signature into corresponding positions of an array Tree;
and 5: deleting the private key of the current node;
step 6: setting a left child node of the current node as the current node, if the current node is not at the len-1 level of the binary tree, entering the step 4, and otherwise, entering the step 7;
and 7: generating the 1 st and 2 nd leaf nodes as subnodes of the current node, generating a public and private key pair by using a polymerizable signature scheme for resisting continuous memory leakage, signing the public key by using the private key of the current node, and putting the public and private key pair and the signature into corresponding positions of the array Tree.
As shown in fig. 3(a) and 3(b), a binary tree structure is shown when T is 4, currentT is 0, and 1. We specifically describe the time period updating process with reference to fig. 3(a) and fig. 3 (b). The time period updating process is considered in two cases. Taking fig. 3(a) and fig. 3(b) as an example, let the node subscript corresponding to the current time period be j. When the currentT of the current time period is an even number, deleting the node representing the current time period in the time period updating process, and jumping to the node with the subscript j + 1; when currentT is an odd number, the time period updating process firstly continuously deletes the current node and reaches the father node upwards until the node subscript is an even number, then jumps to the node with the node subscript added with 1 and continuously generates a new node downwards until the leaf node is reached. The execution flow of the process is given below:
step 1: if the time period corresponding to the current node is an even number, deleting the current node, and enabling the right brother node to be the current node, and finishing the updating; if the time period corresponding to the current node is an odd number, entering the step 2;
step 2: deleting the current node to make the father node as the current node;
and step 3: if the time period corresponding to the current node is an odd number, entering the step 2, otherwise entering the step 4;
and 4, step 4: setting the right child node of the current node as the current node;
and 5: generating left and right child nodes of the current node, generating a public and private key pair by using a polymerizable signature scheme for resisting continuous memory leakage, signing a public key by using a private key of the current node, and putting the public and private key pair and the signature into corresponding positions of an array Tree;
step 6: deleting the private key of the current node;
and 7: making a left child node of the current node be the current node, if the current node is not at the len-1 level of the binary tree, entering the step 5, and otherwise, entering the step 8;
and 8: generating left and right child nodes (leaf nodes) of the current node, generating a public and private key pair by using a polymerizable signature scheme for resisting continuous memory leakage, signing a public key by using a private key of the current node, and putting the public and private key pair and the signature into corresponding positions of an array Tree. And deleting the private key of the current node, and enabling the left child node to be the node represented by the current time period. The update process ends.
Example two
The embodiment provides a leakage-resistant forward-safe cloud data integrity remote verification system;
as shown in fig. 4, the system for remotely verifying cloud data integrity of leakage-resistant forward security includes: a data owner and a cloud storage server;
a data owner generates a private and public key pair by using the security parameters; the data owner generates authentication information of the outsourced data by using a private key of the data owner, and uploads the outsourced data and the authentication information to the cloud storage server together; the data owner generates challenge information Chal and sends the challenge information Chal to the cloud storage server;
the cloud storage server generates verification certification information by using a public key of a data owner, challenge information Chal, an outsourced data file F and an authentication information set, and returns the verification certification information to the data owner;
and the data owner verifies the integrity of the outsourced data file F by using the own public key, the challenge information Chal and the verification certification information to obtain a verification result.
The cloud storage server has storage space and computing capacity and provides data management and storage services;
and the data owner uploads the data to the cloud storage server, remotely accesses the data, and judges the integrity of the data uploaded to the cloud storage under the condition that local data are not reserved and all data are not downloaded.
In the system, the detailed description of the step of each device is consistent with the description of the corresponding method step in the first embodiment, and is not repeated here.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. The anti-leakage forward security cloud data integrity remote verification method is characterized by comprising the following steps:
a key generation step: a data owner generates a private and public key pair by using the security parameters;
a data authentication generation step: the data owner generates authentication information of the outsourced data by using a private key of the data owner, and uploads the outsourced data and the authentication information to the cloud storage server together;
outsourcing data verification: the data owner generates challenge information Chal and sends the challenge information Chal to the cloud storage server; the cloud storage server generates verification certification information by using a public key of a data owner, challenge information Chal, an outsourced data file F and an authentication information set, and returns the verification certification information to the data owner; and the data owner verifies the integrity of the outsourced data file F by using the own public key, the challenge information Chal and the verification certification information to obtain a verification result.
2. The method of claim 1, further comprising:
a time period updating step: the data owner acquires the current time period and updates the current time period to the next time period;
and a key updating step: and the data owner acquires the key of the current time period, updates the key into a random new key and covers the original key.
3. The method of claim 1, wherein in the data certification generating step, after the data owner uploads the outsourced data file F and the certification information set to the cloud storage server, the locally stored outsourced data file F and the certification information set are deleted.
4. The method of claim 1, wherein the key generating step comprises:
the data owner specifies the number of time periods T for the entire lifecycle, generating a depth log2Two leaf nodes on the leftmost side of the binary tree of T and all intermediate nodes on the path from the root node to the leaf nodes;
then, publishing system public parameters and generating a public and private key pair node key of a polymerizable signature scheme for resisting continuous memory leakage for each node;
then, along the path from the leaf node to the root node, calculating the signature of the public key of the parent node of each non-root node by using the private key of the parent node of each non-root node, and endowing the leaf node with the represented time slot;
that is, each node of the binary tree includes: the public key of the node, the signature of the public key of the node by using the private key of the father node of the node, the time period corresponding to the node and the private key of the node;
the public key of the data owner is the public key of the root node of the binary tree, and the private key of the time period t is the private key of the corresponding leaf node in the binary tree.
5. The method of claim 1, wherein the data owner generates certification information for the outsourced data using its own private key; the method comprises the following specific steps:
the method comprises the following steps that a data owner firstly blocks an outsourced data file, signs the file blocks by using a private key in a binary tree leaf node representing the current time period, and binds the file blocks, block indexes and file names by using a hash function and a blinding mode to obtain authentication phi;
alternatively, the first and second electrodes may be,
authentication information, including: the authentication phi generated by the private key of the binary tree node representing the current time period, and the public key signature chain formed by the public keys and the signatures of all nodes on the path from the root node of the binary tree to the current node.
6. The method of claim 1, wherein the data owner generates challenge information Chal, comprising: randomly selecting a plurality of integers as file block indexes to be challenged, namely representing corresponding file blocks; randomly selecting a blinding factor corresponding to the file block for each selected integer; challenge information Chal is formed by combining file blocking blinding factors.
7. The method as claimed in claim 1, wherein the cloud storage server generates the verification certification information by using the public key of the data owner, the challenge information Chal, the outsourced data file F and the certification information set, and the specific steps include:
finding out the authentication of the corresponding file blocks from the authentication information set according to the file names and the file block indexes in the challenge information, and then generating file block aggregation authentication by using the corresponding file block blinding factors;
finding out corresponding file blocks by using the file block indexes, and blinding the file blocks by using corresponding file block blinding factors and generating file block aggregation information;
and finally, forming an integrity certification of the file by the public key signature chain consisting of the public keys and the signatures of all nodes on the path from the root node of the binary tree to the current leaf node in the file authentication set stored in the cloud storage server and file block aggregation authentication and file block aggregation information.
8. The method as claimed in claim 1, wherein the data owner verifies the integrity of the outsourced data file F by using its own public key, challenge information Chal and verification certification information to obtain a verification result; the method comprises the following specific steps:
firstly, the public key/signature pairs in the public key signature chain are sequentially checked according to the sequence:
if all the signatures pass the verification, verifying the blinded block signatures of the aggregation files by using the public keys of the leaf nodes corresponding to the current time period and the blinding factors in the challenge information;
the integrity of the document may be certified if all checks pass, otherwise the integrity verification does not pass.
9. The method of claim 2, wherein the time period updating step comprises:
setting a node subscript corresponding to the current time period in the binary tree as j;
if currentT in the current time period is an even number, deleting the node representing the current time period, and jumping to the node with the subscript j + 1;
if currentT in the current time period is an odd number, all nodes with the odd numbers in the following table are deleted in sequence along the path from the current node to the root node until the subscript of the node is an even number, then the node jumps to the right child node of the father node of the node, and new nodes are continuously generated downwards until the leaf nodes are reached.
10. Anti-leakage forward-security cloud data integrity remote verification system, characterized by comprising: a data owner and a cloud storage server;
a data owner generates a private and public key pair by using the security parameters; the data owner generates authentication information of the outsourced data by using a private key of the data owner, and uploads the outsourced data and the authentication information to the cloud storage server together; the data owner generates challenge information Chal and sends the challenge information Chal to the cloud storage server;
the cloud storage server generates verification certification information by using a public key of a data owner, challenge information Chal, an outsourced data file F and an authentication information set, and returns the verification certification information to the data owner;
and the data owner verifies the integrity of the outsourced data file F by using the own public key, the challenge information Chal and the verification certification information to obtain a verification result.
CN202010652408.2A 2020-07-08 2020-07-08 Anti-leakage forward security cloud data integrity remote verification method and system Pending CN111935091A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010652408.2A CN111935091A (en) 2020-07-08 2020-07-08 Anti-leakage forward security cloud data integrity remote verification method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010652408.2A CN111935091A (en) 2020-07-08 2020-07-08 Anti-leakage forward security cloud data integrity remote verification method and system

Publications (1)

Publication Number Publication Date
CN111935091A true CN111935091A (en) 2020-11-13

Family

ID=73313573

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010652408.2A Pending CN111935091A (en) 2020-07-08 2020-07-08 Anti-leakage forward security cloud data integrity remote verification method and system

Country Status (1)

Country Link
CN (1) CN111935091A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103268460A (en) * 2013-06-20 2013-08-28 北京航空航天大学 Integrity verification method of cloud storage data
CN105791321A (en) * 2016-05-03 2016-07-20 西南石油大学 Cloud storage data common auditing method possessing secret key leakage resistance characteristic
CN105978695A (en) * 2016-05-03 2016-09-28 西南石油大学 Batch self-auditing method for cloud storage data
CN106612174A (en) * 2016-08-26 2017-05-03 四川用联信息技术有限公司 Data security verification and updating method supporting third-party administrator (TPA) in mobile cloud computing
CN107426165A (en) * 2017-05-16 2017-12-01 安徽大学 A kind of bidirectional safe cloud storage data integrity detection method for supporting key updating
US20170373847A1 (en) * 2016-06-23 2017-12-28 National Chi Nan University Method for updating a public key

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103268460A (en) * 2013-06-20 2013-08-28 北京航空航天大学 Integrity verification method of cloud storage data
CN105791321A (en) * 2016-05-03 2016-07-20 西南石油大学 Cloud storage data common auditing method possessing secret key leakage resistance characteristic
CN105978695A (en) * 2016-05-03 2016-09-28 西南石油大学 Batch self-auditing method for cloud storage data
US20170373847A1 (en) * 2016-06-23 2017-12-28 National Chi Nan University Method for updating a public key
CN106612174A (en) * 2016-08-26 2017-05-03 四川用联信息技术有限公司 Data security verification and updating method supporting third-party administrator (TPA) in mobile cloud computing
CN107426165A (en) * 2017-05-16 2017-12-01 安徽大学 A kind of bidirectional safe cloud storage data integrity detection method for supporting key updating

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CHENGYU HU, YUQIN XU , PENGTAO LIU , JIA YU, SHANQING GUO, MING: "Enabling cloud storage auditing with key-exposure resilience under continual key-leakage", 《 INFORMATION SCIENCES》 *

Similar Documents

Publication Publication Date Title
CN108885741B (en) Tokenization method and system for realizing exchange on block chain
US8713329B2 (en) Authenticated secret sharing
Schröder et al. Verifiable data streaming
CN113422688B (en) Rapid auditing method for cloud storage data
Koo et al. An online data-oriented authentication based on Merkle tree with improved reliability
Anwar et al. Hash Algorithm In Verification Of Certificate Data Integrity And Security
Meckler et al. Coda: Decentralized cryptocurrency at scale
CN111010265A (en) Block chain organization key management method based on hierarchical key and BLS digital signature
CN110719172B (en) Signature method, signature system and related equipment in block chain system
EP3685290A1 (en) Secure boot of kernel modules
CN109274504B (en) Multi-user big data storage sharing method and system based on cloud platform
Alkeilani Alkadri et al. BlindOR: an efficient lattice-based blind signature scheme from OR-proofs
CN112257107A (en) Block chain-based storage verification method and system
CN109743327B (en) Certificateless cloud storage based integrity public verification method for shared data
Lim Secure code dissemination and remote image management using short-lived signatures in WSNs
CN112184441A (en) Data processing method, data processing device, node equipment and storage medium
CN111935091A (en) Anti-leakage forward security cloud data integrity remote verification method and system
CN109088850B (en) Lot cloud auditing method for positioning error files based on Lucas sequence
US10043039B2 (en) Verification paths of leaves of a tree
CN110912687A (en) Distributed identity authentication method
Endignoux Design and implementation of a post-quantum hash-based cryptographic signature scheme
CN115906149A (en) KP-ABE based on directed acyclic graph and user data credible sharing method of block chain
Zou et al. Dynamic provable data possession based on ranked merkle hash tree
CN112217629B (en) Cloud storage public auditing method
Frey et al. Dietcoin: shortcutting the Bitcoin verification process for your smartphone

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201113

RJ01 Rejection of invention patent application after publication