CN112632604A - Cloud data auditing method, system and device based on multiple authorized auditors - Google Patents

Cloud data auditing method, system and device based on multiple authorized auditors Download PDF

Info

Publication number
CN112632604A
CN112632604A CN202011520960.2A CN202011520960A CN112632604A CN 112632604 A CN112632604 A CN 112632604A CN 202011520960 A CN202011520960 A CN 202011520960A CN 112632604 A CN112632604 A CN 112632604A
Authority
CN
China
Prior art keywords
data
auditor
evidence
label
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011520960.2A
Other languages
Chinese (zh)
Other versions
CN112632604B (en
Inventor
焦恒
杨玉龙
郑少波
朱义杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Aerospace Institute of Measuring and Testing Technology
Original Assignee
Guizhou Aerospace Institute of Measuring and Testing Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Aerospace Institute of Measuring and Testing Technology filed Critical Guizhou Aerospace Institute of Measuring and Testing Technology
Priority to CN202011520960.2A priority Critical patent/CN112632604B/en
Publication of CN112632604A publication Critical patent/CN112632604A/en
Application granted granted Critical
Publication of CN112632604B publication Critical patent/CN112632604B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a cloud data auditing method, system and device based on multiple authorized auditors, wherein the method comprises the following steps: s1, initializing the system to generate public parameters; s2, generating a public and private key pair according to the public parameters; s3, generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited; s4, randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server; s5, according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor; s6 data auditing is completed by the auditor. The invention supports that only a plurality of auditors authorized by the user can execute the audit task, and unauthorized auditors can not execute the audit task, thereby effectively solving the problems that the user data is maliciously audited and the auditors audit dishonest.

Description

Cloud data auditing method, system and device based on multiple authorized auditors
Technical Field
The invention relates to a cloud data auditing method, system and device based on multiple authorized auditors, and belongs to the technical field of data security in the field of cloud computing.
Background
In the current big data era, more and more users choose to migrate local data to the cloud end and process the data by utilizing the strong storage capacity and the computing capacity of a cloud computing platform. The appearance of cloud computing solves the problem that individuals and enterprises need to store and manage massive data, but accompanying security problems cannot be ignored, such as security risks of privacy disclosure, data abuse and data loss. When user data is lost, the fact that the cloud service provider would hide from the user in order to maintain reputation is very essential to regularly detect whether the data on the remote cloud is kept intact.
Often, users submit cumbersome audit tasks to third party auditors for completion. On one hand, in most of the existing auditing algorithms, all auditors can audit user data, and malicious auditing reveals data privacy information, which is not desired by users. On the other hand, the existing few auditing algorithms perform auditing tasks by designating an auditor, and once the auditor loses computing power or is "lazy", a result is returned to a user at will without performing computing, and the user cannot correctly judge whether data is complete and available.
Disclosure of Invention
Based on the above, the invention provides a cloud data auditing method, system and device based on multiple authorized auditors, so as to solve the problems that cloud data is maliciously audited and an appointed auditor is not honest to audit.
The technical scheme of the invention is as follows:
in a first aspect, the invention provides a cloud data auditing method based on multiple authorized auditors, wherein the method comprises the following steps:
s1, initializing the system to generate public parameters;
s2, generating a public and private key pair according to the public parameters;
s3, generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited;
s4, randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server;
s5, according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor;
s6 data auditing is completed by the auditor.
Specifically, step S1 includes the steps of:
s11 selects two q-order cyclic groups, i.e. the first cyclic group G1And a second cyclic group G2Where q is a large prime number of 160 bits in length;
s12 selecting a first cyclic group G1One generator G of (a), and a bilinear map e: G1×G1→G2
S13 selects a hash function H satisfying H: {0,1}*→G1Means that a 01-bit string of arbitrary length is mapped into a cyclic group G1The elements of (1);
s14 assumes that the user authorizes d auditors to perform audit tasks, and the auditors use TPArRepresents, r ═ 1, 2.., d;
s15 user selection of S random numbers
Figure BDA0002848888730000021
Calculating parameters
Figure BDA0002848888730000022
Preservation of alphai,i=1,2,...,s;
S16 discloses a system parameter params, which is expressed as params ═ G1,G2,q,g,{ui}i=1,2,...,sE, d, H }, completing the system initialization.
Specifically, step S2 includes the steps of:
s21 random number selected by user
Figure BDA0002848888730000023
TPA as AuditorrBy a secure channel, xrIs sent to TPAr,r=1,2,...,d;
S22 random number selected by user
Figure BDA0002848888730000024
As its own private key, the public key y is calculated as gx
Specifically, step S3 includes the steps of:
s31 assuming that the user wants to upload file F, F is first divided into n data blocks, each consisting of S components, and file F can be expressed as F ═ { m ═ m1,m2,...,mnIn which m isi={mi1,mi2,...,mis},i=1,2,...,n;
S32 calculating data block miThe calculation formula of (2) is:
Figure BDA0002848888730000031
wherein, x and xrRespectively representing user private key and auditor TPArG is a generator, idiFor a data block miH is a hash function, αjIs a secret parameter chosen by the user, mijRepresenting a block of data miThe jth component of (a)riDenotes TPArData block m used in examinationiR 1,2, a, d, i 1,2, a, n;
s33: will { miri}1≤r≤d,1≤i≤nAnd sending the data to a cloud server for storage.
Specifically, step S4 includes the steps of:
s41 user randomly selects an auditor TPArAudit is conducted, TPArRandomly selecting c numbers from the set {1, 2.. multidot.n } to form a set L, and selecting c numbers from the set {1, 2.. multidot.n }, to form a set L
Figure BDA0002848888730000032
Randomly selecting c numbers to form a set
Figure BDA0002848888730000033
Wherein r ∈ [1, d ]];
S42 sends challenge information chal ═ { r, L, V } to the cloud server.
Specifically, step S5 includes the steps of:
s51 calculation of data evidence
Figure BDA0002848888730000034
S52 calculating label evidence
Figure BDA0002848888730000035
S53 the cloud server will respond to the evidence
Figure BDA0002848888730000036
TPA returned to auditorr
Wherein m isijRepresenting a block of data miThe jth component of (a)riDenotes TPArData block m used in examinationiThe label of (1).
Specifically, step S6 includes the steps of:
judgment of equality by auditor
Figure BDA0002848888730000037
Whether the result is true or not;
if yes, the file is well preserved, otherwise, at least one data in the file is damaged.
In a second aspect, the present invention provides a cloud data auditing apparatus based on multiple authorized auditors, the apparatus including:
a first generation module to: generating public parameters after the system is initialized;
a second generation module to: generating a public and private key pair according to the public parameters;
the file blocking and sending module is used for: generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited;
a task generating and sending module, configured to: randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server;
a task processing and sending module, configured to: according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor;
an audit processing module to: and finishing data auditing by the auditor.
In a third aspect, the invention further provides a cloud data auditing system based on multiple authorized auditors, which includes a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the above cloud data auditing method based on multiple authorized auditors.
In a fourth aspect, the present invention also provides a computer readable medium, on which a computer program is stored, wherein the program is executed by a processor to implement the above-mentioned multi-authorized auditor-based cloud data auditing method.
The invention has the beneficial effects that: according to the cloud data auditing method, system and device based on multiple authorized auditors, provided by the invention, more than one authorized auditors are provided, the number of the authorized auditors is determined by the user, each authorized auditor can execute the auditing task, and unauthorized auditors cannot audit data. If a certain authorized auditor is dishonest, the other auditors can complete the auditing task. And in each time of auditing, the user randomly selects an auditor to audit, the probability of the dishonest auditor being drawn is 1/d, wherein d is the number of authorized auditors. Therefore, the invention can effectively solve the problems that the user data is maliciously audited and the auditor is not honest to audit.
The present invention will be described in further detail below with reference to the drawings.
Drawings
FIG. 1 is a flow chart of a method of an embodiment of the present invention;
FIG. 2 is a structural framework diagram of an embodiment of the present invention;
FIG. 3 is a block diagram of yet another apparatus according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a computer-readable medium according to an embodiment of the invention.
Detailed Description
The present invention will be described in detail with reference to the following embodiments in order to make the aforementioned objects, features and advantages of the invention more comprehensible. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, but rather should be construed as broadly as the present invention is capable of modification in various respects, all without departing from the spirit and scope of the present invention.
Description of terms in the present invention:
the user: the data owner authorizes the auditor, generates a label for the data block, and stores the data block and the label to the cloud server;
and (3) an auditor: receiving an audit request of a user, generating challenge information, and auditing user data;
cloud server: storing user data, and generating corresponding data evidence and label evidence according to the challenge information of the auditor in the auditing stage.
The present invention will be further described with reference to the following examples and the accompanying drawings.
Example one
Referring to fig. 1, in an embodiment of the present invention, a cloud data auditing method based on multiple authorized auditors includes:
s1, initializing the system to generate public parameters;
s2, generating a public and private key pair according to the public parameters;
s3, generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited;
s4, randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server;
s5, according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor;
s6 data auditing is completed by the auditor.
The method comprises the following detailed steps:
step S1 includes the following steps:
s11 selects two q-order cyclic groups, i.e. the first cyclic group G1And a second cyclic group G2Where q is a large prime number of 160 bits in length;
s12 selecting a first cyclic group G1One generator G of (a), and a bilinear map e: G1×G1→G2
S13 selects a hash function H satisfying H: {0,1}*→G1Means that a 01-bit string of arbitrary length is mapped into a cyclic group G1The elements of (1);
s14 assumes that the user authorizes d auditors to perform audit tasks, and the auditors use TPArRepresents, r ═ 1, 2.., d;
s15 user selection of S random numbers
Figure BDA0002848888730000061
Calculating parameters
Figure BDA0002848888730000062
Preservation of alphai,i=1,2,...,s;
S16 discloses a system parameter params, which is expressed as params ═ G1,G2,q,g,{ui}i=1,2,...,sE, d, H }, completing the system initialization.
Step S2 includes the following steps:
s21 random number selected by user
Figure BDA0002848888730000063
TPA as AuditorrBy a secure channel, xrIs sent to TPAr,r=1,2,...,d;
S22 random number selected by user
Figure BDA0002848888730000064
As its own private key, the public key y is calculated as gx
Step S3 includes the following steps:
s31 assuming that the user wants to upload file F, F is first divided into n data blocks, each consisting of S components, and file F can be expressed as F ═ { m ═ m1,m2,...,mnIn which m isi={mi1,mi2,...,mis},i=1,2,...,n;
S32 calculating data block miThe calculation formula of (2) is:
Figure BDA0002848888730000065
wherein, x and xrRespectively representing user private key and auditor TPArG is a generator, idiFor a data block miH is a hash function, αjIs a secret parameter chosen by the user, mijRepresenting a block of data miThe jth component of (a)riDenotes TPArData block m used in examinationiR 1,2, a, d, i 1,2, a, n;
s33: will { miri}1≤r≤d,1≤i≤nAnd sending the data to a cloud server for storage.
In the invention, the file is divided into n data blocks, each data block is provided with a corresponding label, and the label contains secret information of an authorized auditor, which means that only the authorized auditor can verify the correctness of the data, thereby avoiding malicious auditing of the data by other irrelevant auditors.
Step S4 includes the following steps:
s41 user randomly selects an auditor TPArAudit is conducted, TPArRandomly selecting c numbers from the set {1, 2.. multidot.n } to form a set L, and selecting c numbers from the set {1, 2.. multidot.n }, to form a set L
Figure BDA0002848888730000071
Randomly selecting c numbers to form a set
Figure BDA0002848888730000072
Wherein r ∈ [1, d ]];
S42 sends challenge information chal ═ { r, L, V } to the cloud server.
In the invention, the user can optionally select an authorized auditor to audit the data.
Step S5 includes the following steps:
s51 calculation of data evidence
Figure BDA0002848888730000073
S52 calculating label evidence
Figure BDA0002848888730000074
S53 the cloud server will respond to the evidence
Figure BDA0002848888730000075
TPA returned to auditorr
Wherein m isijRepresenting a block of data miThe jth component of (a)riDenotes TPArData block m used in examinationiThe label of (1).
In the invention, the cloud server finds the corresponding data block and the label information related to the auditor, and generates the data evidence and the label evidence to be returned to the auditor.
Step S6 includes the following steps:
judgment of equality by auditor
Figure BDA0002848888730000081
Whether or not toIf true;
if yes, the file is well preserved, otherwise, at least one data in the file is damaged.
In the invention, only the appointed auditor can carry out audit judgment after receiving the information returned by the cloud server. If the equation is established, the file is well saved; otherwise, it indicates that at least one data block in the file is corrupted.
The working principle and the process of the invention are as follows: firstly, initializing a system to generate public parameters; the user distributes the secret information to an auditor as authorization, and then generates a public key and a private key of the user; the method comprises the steps of partitioning a file, generating a label for each data block, and uploading all the data blocks and the labels to a cloud server; a user randomly designates an authorized auditor to audit, and the auditor generates challenge information and sends the challenge information to the cloud server; the cloud server generates data evidence and label evidence according to the corresponding data block and the label related to the auditor, and returns the data evidence and the label evidence to the auditor; and judging whether the data is completely stored or not by the auditor according to the data evidence and the label evidence. Therefore, only authorized auditors can audit the user data, the number of authorized auditors is determined by the user, and the method has the capability of resisting malicious audit and dishonest audit.
Example two
Referring to fig. 2, a second embodiment of the present invention provides a cloud data auditing apparatus based on multiple authorized auditors, where the apparatus includes: a first generation module to: generating public parameters after the system is initialized; a second generation module to: generating a public and private key pair according to the public parameters; the file blocking and sending module is used for: generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited; a task generating and sending module, configured to: randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server; a task processing and sending module, configured to: according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor; an audit processing module to: and finishing data auditing by the auditor.
Since the apparatus described in the second embodiment of the present invention is an apparatus used for implementing the method of the first embodiment of the present invention, and the specific processing steps used by each apparatus are as shown in embodiment 1, based on the method described in the first embodiment of the present invention, those skilled in the art can understand the specific structure and variations of the apparatus, and thus are not described herein again. All the devices adopted in the method of the first embodiment of the present invention belong to the protection scope of the present invention.
EXAMPLE III
Referring to fig. 3, it should be noted that, based on the same inventive technique as in the first embodiment and the second embodiment, a third embodiment of the present invention provides a system, including: radio frequency circuit 310, memory 320, input unit 330, display unit 340, audio circuit 350, WiFi module 360, processor 370, and power supply 380. The storage 320 stores a computer program that can be executed on the processor 370, and the processor 370 executes the computer program to implement the steps S1, S2, S3, S4, S5, and S6 according to one embodiment.
In a specific implementation process, when the processor executes the computer program, either implementation manner of the first embodiment or the second embodiment can be realized.
Those skilled in the art will appreciate that the device configuration shown in fig. 3 is not intended to be limiting of the device itself and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The following describes the components of the computer device in detail with reference to fig. 3:
the rf circuit 310 may be used for receiving and transmitting signals, and in particular, receives downlink information of a base station and then sends the received downlink information to the processor. In general, the radio frequency circuitry 310 includes, but is not limited to, at least one amplifier, transceiver, coupler, low noise amplifier, duplexer, and the like.
The memory 320 may be used to store software programs and modules, and the processor 370 may execute various functional applications of the computer device and data processing by operating the software programs and modules stored in the memory 320. The memory 320 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to use of the computer device, and the like. Further, the memory 320 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The input unit 330 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the computer apparatus. Specifically, the input unit 330 may include a keyboard 331 and other input devices 332. The keyboard 331 is capable of collecting input operations of a user thereon and driving a corresponding connection device according to a preset program. The output information is collected by the keyboard and then fed to the processor 370. The input unit may include other input devices 332 in addition to the keyboard 331. In particular, other input devices 332 may include, but are not limited to, one or more of a touch panel, function keys (such as volume control keys, switch button lights), a trackball, a mouse, a joystick, and the like.
The display unit 340 may be used to display information input by a user or information provided to the user and various menus of the computer device. The display unit 340 may include a display panel 341, and optionally, the display panel 341 may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like. Further, the keyboard 331 may cover the display panel 341, and when the keyboard 331 detects a touch operation on or near the keyboard 331, the keyboard 331 transmits the touch event to the processor 370 to determine the type of the touch event, and then the processor 370 provides a corresponding visual output on the display panel 341 according to the type of the input event. Although the keyboard 331 and the display panel 341 are shown in fig. 3 as two separate components to implement input and output functions of the computer device, in some embodiments, the keyboard 331 and the display panel 341 may be integrated to implement input and output functions of the computer device.
Audio circuitry 350, speaker 351, microphone 352 may provide an audio interface between a user and a computer device. The audio circuit 350 may transmit the electrical signal converted from the received audio data to the speaker 351, and convert the electrical signal into a sound signal by the speaker 351 and output the sound signal.
WiFi belongs to short-distance wireless transmission technology, and computer equipment can help a user to receive and send e-mails, browse webpages, access streaming media and the like through the WiFi module 360, and provides wireless broadband internet access for the user. Although the WiFi module 360 is shown in fig. 3, it is understood that it does not belong to the essential constitution of the computer device, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 370 is a control center of the computer device, connects various parts of the entire computer device using various interfaces and lines, performs various functions of the computer device and processes data by running or executing software programs and/or modules stored in the memory, and calling data stored in the memory 320, thereby monitoring the computer device as a whole. Alternatively, processor 320 may report one or more processing units; preferably, the processor 320 may be integrated with an application processor, wherein the application processor mainly processes an operating system, a user interface, an application program, and the like.
The computer device also includes a power supply 380 (such as a power adapter) for powering the various components, which may preferably be logically connected to the processor 370 through a power management system.
Example four
Based on the same inventive concept, as shown in fig. 4, the fourth embodiment provides a computer-readable storage medium 400, on which a computer program 411 is stored, and when the computer program 411 is executed by a processor, the steps S1, S2, S3, S4, S5, and S6 in one embodiment are implemented.
In a specific implementation process, when the computer program 411 is executed by a processor, the implementation of any one of the first and second embodiments may be implemented.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, hard disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable medium that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable medium produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

Claims (10)

1. A cloud data auditing method based on multiple authorized auditors is disclosed, wherein the method comprises the following steps:
s1, initializing the system to generate public parameters;
s2, generating a public and private key pair according to the public parameters;
s3, generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited;
s4, randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server;
s5, according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor;
s6 data auditing is completed by the auditor.
2. The multi-authorization auditor-based cloud data auditing method of claim 1 where step S1 includes the steps of:
s11 selecting two q-order cyclic groups G1And G2
S12 selection of group G1One generator G of (a), and a bilinear map e: G1×G1→G2
S13 selects a hash function H satisfying H: {0,1}*→G1
S14 assumes that the user authorizes d auditors to perform audit tasks, and the auditors use TPArRepresents, r ═ 1, 2.., d;
s15 user selection of S random numbers
Figure FDA0002848888720000011
Calculating parameters
Figure FDA0002848888720000012
Preservation of alphai,i=1,2,...,s;
S16 discloses system parameters
Figure FDA0002848888720000015
The expression is params ═ G1,G2,q,g,{ui}i=1,2,...,sE, d, H }, completing the system initialization.
3. The multi-authorization auditor-based cloud data auditing method of claim 2 where step S2 includes the steps of:
s21 random number selected by user
Figure FDA0002848888720000013
TPA as AuditorrBy a secure channel, xrIs sent to TPAr,r=1,2,...,d;
S22 random number selected by user
Figure FDA0002848888720000014
As its own private key, the public key y is calculated as gx
4. The multi-authorization auditor-based cloud data auditing method of claim 3 where step S3 includes the steps of:
s31 assuming that the user wants to upload file F, F is first divided into n data blocks, each consisting of S components, and file F can be expressed as F ═ { m ═ m1,m2,...,mnIn which m isi={mi1,mi2,...mis,},i=1,2,...,n;
S32 calculating data block miThe calculation formula of (2) is:
Figure FDA0002848888720000021
wherein, x and xrRespectively representing user private key and auditor TPArG is a generator, idiFor a data block miIs identified by the unique identification of (a) a,h is a hash function, αjIs a secret parameter chosen by the user, mijRepresenting a block of data miThe jth component of (a)riDenotes TPArData block m used in examinationi1,2, d, i 1,2, d, n;
s33: will { miri}1≤r≤d,1≤i≤nAnd sending the data to a cloud server for storage.
5. The multi-authorization auditor-based cloud data auditing method of claim 4 where step S4 includes the steps of:
s41 user randomly selects an auditor TPArAudit is conducted, TPArRandomly selecting c numbers from the set {1, 2.. multidot.n } to form a set L, and selecting c numbers from the set {1, 2.. multidot.n }, to form a set L
Figure FDA0002848888720000022
Randomly selecting c numbers to form a set
Figure FDA0002848888720000023
Wherein r ∈ [1, d ]];
S42 sends challenge information chal ═ { r, L, V } to the cloud server.
6. The multi-authorization auditor-based cloud data auditing method of claim 5 where step S5 includes the steps of:
s51 calculation of data evidence
Figure FDA0002848888720000024
S52 calculating label evidence
Figure FDA0002848888720000031
S53 the cloud server will respond to the evidence
Figure FDA0002848888720000032
Is returned toAuditor TPAr
Wherein m isijRepresenting a block of data miThe jth component of (a)riDenotes TPArData block m used in examinationiThe label of (1).
7. The multi-authorization auditor-based cloud data auditing method of claim 6 where step S6 includes the steps of:
judgment of equality by auditor
Figure FDA0002848888720000033
Whether the result is true or not;
if yes, the file is well preserved, otherwise, at least one data in the file is damaged.
8. A cloud auditing system based on multiple authorized auditors, the system comprising:
a first generation module to: generating public parameters after the system is initialized;
a second generation module to: generating a public and private key pair according to the public parameters;
the file blocking and sending module is used for: generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited;
a task generating and sending module, configured to: randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server;
a task processing and sending module, configured to: according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor;
an audit processing module to: and finishing data auditing by the auditor.
9. A multi-authorized auditor based cloud data auditing system comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor performs the method of any one of claims 1 to 6.
10. A computer-readable medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 6.
CN202011520960.2A 2020-12-21 2020-12-21 Cloud data auditing method, system and device based on multi-authority auditors Active CN112632604B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011520960.2A CN112632604B (en) 2020-12-21 2020-12-21 Cloud data auditing method, system and device based on multi-authority auditors

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011520960.2A CN112632604B (en) 2020-12-21 2020-12-21 Cloud data auditing method, system and device based on multi-authority auditors

Publications (2)

Publication Number Publication Date
CN112632604A true CN112632604A (en) 2021-04-09
CN112632604B CN112632604B (en) 2024-01-23

Family

ID=75320416

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011520960.2A Active CN112632604B (en) 2020-12-21 2020-12-21 Cloud data auditing method, system and device based on multi-authority auditors

Country Status (1)

Country Link
CN (1) CN112632604B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114415943A (en) * 2021-12-23 2022-04-29 贵州航天计量测试技术研究所 Public auditing method and system for cloud multi-copy data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104994110A (en) * 2015-07-16 2015-10-21 电子科技大学 Method for assigning verifier for auditing cloud storage data
CN107147720A (en) * 2017-05-16 2017-09-08 安徽大学 Traceable effective public audit method and system in a kind of cloud storage data sharing
CN109981736A (en) * 2019-02-22 2019-07-05 南京理工大学 A kind of dynamic public audit method for supporting user and Cloud Server to trust each other
CN111222176A (en) * 2020-01-08 2020-06-02 中国人民解放军国防科技大学 Block chain-based cloud storage possession proving method, system and medium
CN111541666A (en) * 2020-04-16 2020-08-14 西南交通大学 Certificateless cloud end data integrity auditing method with privacy protection function
CN111859030A (en) * 2020-07-09 2020-10-30 西南交通大学 Public auditing method supporting composite data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104994110A (en) * 2015-07-16 2015-10-21 电子科技大学 Method for assigning verifier for auditing cloud storage data
CN107147720A (en) * 2017-05-16 2017-09-08 安徽大学 Traceable effective public audit method and system in a kind of cloud storage data sharing
CN109981736A (en) * 2019-02-22 2019-07-05 南京理工大学 A kind of dynamic public audit method for supporting user and Cloud Server to trust each other
CN111222176A (en) * 2020-01-08 2020-06-02 中国人民解放军国防科技大学 Block chain-based cloud storage possession proving method, system and medium
CN111541666A (en) * 2020-04-16 2020-08-14 西南交通大学 Certificateless cloud end data integrity auditing method with privacy protection function
CN111859030A (en) * 2020-07-09 2020-10-30 西南交通大学 Public auditing method supporting composite data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114415943A (en) * 2021-12-23 2022-04-29 贵州航天计量测试技术研究所 Public auditing method and system for cloud multi-copy data
CN114415943B (en) * 2021-12-23 2023-08-15 贵州航天计量测试技术研究所 Public auditing method and auditing system for cloud multi-copy data

Also Published As

Publication number Publication date
CN112632604B (en) 2024-01-23

Similar Documents

Publication Publication Date Title
CN106850220B (en) Data encryption method, data decryption method and device
CN103065080B (en) A kind of application program login method and device
CN107453870A (en) Mobile terminal authentication management method, device and corresponding mobile terminal based on block chain
CN111585760A (en) Key retrieving method, device, terminal and readable medium
CN106487743A (en) Method and apparatus for supporting multi-user's cluster authentication
CN107832567B (en) System efficiency collaborative evaluation system and evaluation method
CN104954126B (en) Sensitive operation verification method, device and system
CN103488922A (en) Method and equipment for providing verification code
CN101964789A (en) Method and system for safely accessing protected resources
CN102119506A (en) A method and system for sharing data
CN106789876A (en) The authentication method and its device of a kind of cloud terminal server
CN105426416A (en) Transmission method and device of uniform resource locator, and sharing method and device of uniform resource locator
CN107666470A (en) A kind of processing method and processing device of checking information
CN113569263A (en) Secure processing method and device for cross-private-domain data and electronic equipment
CN112632604B (en) Cloud data auditing method, system and device based on multi-authority auditors
CN110572268B (en) Anonymous authentication method and device
CN109766705B (en) Circuit-based data verification method and device and electronic equipment
US20180351736A1 (en) Session Key Negotiation Method, Apparatus, and System
CN113791910A (en) Memory allocation method, memory allocation device, electronic equipment and readable storage medium
CN104951690A (en) Terminal device unlocking method and terminal device unlocking device
CN109560914A (en) Data ciphering method and device, storage medium, electronic equipment
CN114092101B (en) Transaction verification method and device, storage medium and electronic equipment
CN116128468A (en) Management platform, data processing method, electronic device and storage medium
CN106355088A (en) Account management application strengthening method and device using same
CN115549889A (en) Decryption method, related device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant