CN112632604A - Cloud data auditing method, system and device based on multiple authorized auditors - Google Patents
Cloud data auditing method, system and device based on multiple authorized auditors Download PDFInfo
- Publication number
- CN112632604A CN112632604A CN202011520960.2A CN202011520960A CN112632604A CN 112632604 A CN112632604 A CN 112632604A CN 202011520960 A CN202011520960 A CN 202011520960A CN 112632604 A CN112632604 A CN 112632604A
- Authority
- CN
- China
- Prior art keywords
- data
- auditor
- evidence
- label
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000012550 audit Methods 0.000 claims abstract description 25
- 238000004590 computer program Methods 0.000 claims description 17
- 230000006870 function Effects 0.000 claims description 16
- 238000012545 processing Methods 0.000 claims description 13
- 125000004122 cyclic group Chemical group 0.000 claims description 11
- 238000013475 authorization Methods 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 claims description 6
- 230000000903 blocking effect Effects 0.000 claims description 3
- 238000004321 preservation Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 11
- 230000005236 sound signal Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cloud data auditing method, system and device based on multiple authorized auditors, wherein the method comprises the following steps: s1, initializing the system to generate public parameters; s2, generating a public and private key pair according to the public parameters; s3, generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited; s4, randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server; s5, according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor; s6 data auditing is completed by the auditor. The invention supports that only a plurality of auditors authorized by the user can execute the audit task, and unauthorized auditors can not execute the audit task, thereby effectively solving the problems that the user data is maliciously audited and the auditors audit dishonest.
Description
Technical Field
The invention relates to a cloud data auditing method, system and device based on multiple authorized auditors, and belongs to the technical field of data security in the field of cloud computing.
Background
In the current big data era, more and more users choose to migrate local data to the cloud end and process the data by utilizing the strong storage capacity and the computing capacity of a cloud computing platform. The appearance of cloud computing solves the problem that individuals and enterprises need to store and manage massive data, but accompanying security problems cannot be ignored, such as security risks of privacy disclosure, data abuse and data loss. When user data is lost, the fact that the cloud service provider would hide from the user in order to maintain reputation is very essential to regularly detect whether the data on the remote cloud is kept intact.
Often, users submit cumbersome audit tasks to third party auditors for completion. On one hand, in most of the existing auditing algorithms, all auditors can audit user data, and malicious auditing reveals data privacy information, which is not desired by users. On the other hand, the existing few auditing algorithms perform auditing tasks by designating an auditor, and once the auditor loses computing power or is "lazy", a result is returned to a user at will without performing computing, and the user cannot correctly judge whether data is complete and available.
Disclosure of Invention
Based on the above, the invention provides a cloud data auditing method, system and device based on multiple authorized auditors, so as to solve the problems that cloud data is maliciously audited and an appointed auditor is not honest to audit.
The technical scheme of the invention is as follows:
in a first aspect, the invention provides a cloud data auditing method based on multiple authorized auditors, wherein the method comprises the following steps:
s1, initializing the system to generate public parameters;
s2, generating a public and private key pair according to the public parameters;
s3, generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited;
s4, randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server;
s5, according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor;
s6 data auditing is completed by the auditor.
Specifically, step S1 includes the steps of:
s11 selects two q-order cyclic groups, i.e. the first cyclic group G1And a second cyclic group G2Where q is a large prime number of 160 bits in length;
s12 selecting a first cyclic group G1One generator G of (a), and a bilinear map e: G1×G1→G2;
S13 selects a hash function H satisfying H: {0,1}*→G1Means that a 01-bit string of arbitrary length is mapped into a cyclic group G1The elements of (1);
s14 assumes that the user authorizes d auditors to perform audit tasks, and the auditors use TPArRepresents, r ═ 1, 2.., d;
S16 discloses a system parameter params, which is expressed as params ═ G1,G2,q,g,{ui}i=1,2,...,sE, d, H }, completing the system initialization.
Specifically, step S2 includes the steps of:
s21 random number selected by userTPA as AuditorrBy a secure channel, xrIs sent to TPAr,r=1,2,...,d;
Specifically, step S3 includes the steps of:
s31 assuming that the user wants to upload file F, F is first divided into n data blocks, each consisting of S components, and file F can be expressed as F ═ { m ═ m1,m2,...,mnIn which m isi={mi1,mi2,...,mis},i=1,2,...,n;
S32 calculating data block miThe calculation formula of (2) is:
wherein, x and xrRespectively representing user private key and auditor TPArG is a generator, idiFor a data block miH is a hash function, αjIs a secret parameter chosen by the user, mijRepresenting a block of data miThe jth component of (a)riDenotes TPArData block m used in examinationiR 1,2, a, d, i 1,2, a, n;
s33: will { mi,σri}1≤r≤d,1≤i≤nAnd sending the data to a cloud server for storage.
Specifically, step S4 includes the steps of:
s41 user randomly selects an auditor TPArAudit is conducted, TPArRandomly selecting c numbers from the set {1, 2.. multidot.n } to form a set L, and selecting c numbers from the set {1, 2.. multidot.n }, to form a set LRandomly selecting c numbers to form a setWherein r ∈ [1, d ]];
S42 sends challenge information chal ═ { r, L, V } to the cloud server.
Specifically, step S5 includes the steps of:
Wherein m isijRepresenting a block of data miThe jth component of (a)riDenotes TPArData block m used in examinationiThe label of (1).
Specifically, step S6 includes the steps of:
if yes, the file is well preserved, otherwise, at least one data in the file is damaged.
In a second aspect, the present invention provides a cloud data auditing apparatus based on multiple authorized auditors, the apparatus including:
a first generation module to: generating public parameters after the system is initialized;
a second generation module to: generating a public and private key pair according to the public parameters;
the file blocking and sending module is used for: generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited;
a task generating and sending module, configured to: randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server;
a task processing and sending module, configured to: according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor;
an audit processing module to: and finishing data auditing by the auditor.
In a third aspect, the invention further provides a cloud data auditing system based on multiple authorized auditors, which includes a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the above cloud data auditing method based on multiple authorized auditors.
In a fourth aspect, the present invention also provides a computer readable medium, on which a computer program is stored, wherein the program is executed by a processor to implement the above-mentioned multi-authorized auditor-based cloud data auditing method.
The invention has the beneficial effects that: according to the cloud data auditing method, system and device based on multiple authorized auditors, provided by the invention, more than one authorized auditors are provided, the number of the authorized auditors is determined by the user, each authorized auditor can execute the auditing task, and unauthorized auditors cannot audit data. If a certain authorized auditor is dishonest, the other auditors can complete the auditing task. And in each time of auditing, the user randomly selects an auditor to audit, the probability of the dishonest auditor being drawn is 1/d, wherein d is the number of authorized auditors. Therefore, the invention can effectively solve the problems that the user data is maliciously audited and the auditor is not honest to audit.
The present invention will be described in further detail below with reference to the drawings.
Drawings
FIG. 1 is a flow chart of a method of an embodiment of the present invention;
FIG. 2 is a structural framework diagram of an embodiment of the present invention;
FIG. 3 is a block diagram of yet another apparatus according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a computer-readable medium according to an embodiment of the invention.
Detailed Description
The present invention will be described in detail with reference to the following embodiments in order to make the aforementioned objects, features and advantages of the invention more comprehensible. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, but rather should be construed as broadly as the present invention is capable of modification in various respects, all without departing from the spirit and scope of the present invention.
Description of terms in the present invention:
the user: the data owner authorizes the auditor, generates a label for the data block, and stores the data block and the label to the cloud server;
and (3) an auditor: receiving an audit request of a user, generating challenge information, and auditing user data;
cloud server: storing user data, and generating corresponding data evidence and label evidence according to the challenge information of the auditor in the auditing stage.
The present invention will be further described with reference to the following examples and the accompanying drawings.
Example one
Referring to fig. 1, in an embodiment of the present invention, a cloud data auditing method based on multiple authorized auditors includes:
s1, initializing the system to generate public parameters;
s2, generating a public and private key pair according to the public parameters;
s3, generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited;
s4, randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server;
s5, according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor;
s6 data auditing is completed by the auditor.
The method comprises the following detailed steps:
step S1 includes the following steps:
s11 selects two q-order cyclic groups, i.e. the first cyclic group G1And a second cyclic group G2Where q is a large prime number of 160 bits in length;
s12 selecting a first cyclic group G1One generator G of (a), and a bilinear map e: G1×G1→G2;
S13 selects a hash function H satisfying H: {0,1}*→G1Means that a 01-bit string of arbitrary length is mapped into a cyclic group G1The elements of (1);
s14 assumes that the user authorizes d auditors to perform audit tasks, and the auditors use TPArRepresents, r ═ 1, 2.., d;
S16 discloses a system parameter params, which is expressed as params ═ G1,G2,q,g,{ui}i=1,2,...,sE, d, H }, completing the system initialization.
Step S2 includes the following steps:
s21 random number selected by userTPA as AuditorrBy a secure channel, xrIs sent to TPAr,r=1,2,...,d;
Step S3 includes the following steps:
s31 assuming that the user wants to upload file F, F is first divided into n data blocks, each consisting of S components, and file F can be expressed as F ═ { m ═ m1,m2,...,mnIn which m isi={mi1,mi2,...,mis},i=1,2,...,n;
S32 calculating data block miThe calculation formula of (2) is:
wherein, x and xrRespectively representing user private key and auditor TPArG is a generator, idiFor a data block miH is a hash function, αjIs a secret parameter chosen by the user, mijRepresenting a block of data miThe jth component of (a)riDenotes TPArData block m used in examinationiR 1,2, a, d, i 1,2, a, n;
s33: will { mi,σri}1≤r≤d,1≤i≤nAnd sending the data to a cloud server for storage.
In the invention, the file is divided into n data blocks, each data block is provided with a corresponding label, and the label contains secret information of an authorized auditor, which means that only the authorized auditor can verify the correctness of the data, thereby avoiding malicious auditing of the data by other irrelevant auditors.
Step S4 includes the following steps:
s41 user randomly selects an auditor TPArAudit is conducted, TPArRandomly selecting c numbers from the set {1, 2.. multidot.n } to form a set L, and selecting c numbers from the set {1, 2.. multidot.n }, to form a set LRandomly selecting c numbers to form a setWherein r ∈ [1, d ]];
S42 sends challenge information chal ═ { r, L, V } to the cloud server.
In the invention, the user can optionally select an authorized auditor to audit the data.
Step S5 includes the following steps:
Wherein m isijRepresenting a block of data miThe jth component of (a)riDenotes TPArData block m used in examinationiThe label of (1).
In the invention, the cloud server finds the corresponding data block and the label information related to the auditor, and generates the data evidence and the label evidence to be returned to the auditor.
Step S6 includes the following steps:
if yes, the file is well preserved, otherwise, at least one data in the file is damaged.
In the invention, only the appointed auditor can carry out audit judgment after receiving the information returned by the cloud server. If the equation is established, the file is well saved; otherwise, it indicates that at least one data block in the file is corrupted.
The working principle and the process of the invention are as follows: firstly, initializing a system to generate public parameters; the user distributes the secret information to an auditor as authorization, and then generates a public key and a private key of the user; the method comprises the steps of partitioning a file, generating a label for each data block, and uploading all the data blocks and the labels to a cloud server; a user randomly designates an authorized auditor to audit, and the auditor generates challenge information and sends the challenge information to the cloud server; the cloud server generates data evidence and label evidence according to the corresponding data block and the label related to the auditor, and returns the data evidence and the label evidence to the auditor; and judging whether the data is completely stored or not by the auditor according to the data evidence and the label evidence. Therefore, only authorized auditors can audit the user data, the number of authorized auditors is determined by the user, and the method has the capability of resisting malicious audit and dishonest audit.
Example two
Referring to fig. 2, a second embodiment of the present invention provides a cloud data auditing apparatus based on multiple authorized auditors, where the apparatus includes: a first generation module to: generating public parameters after the system is initialized; a second generation module to: generating a public and private key pair according to the public parameters; the file blocking and sending module is used for: generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited; a task generating and sending module, configured to: randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server; a task processing and sending module, configured to: according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor; an audit processing module to: and finishing data auditing by the auditor.
Since the apparatus described in the second embodiment of the present invention is an apparatus used for implementing the method of the first embodiment of the present invention, and the specific processing steps used by each apparatus are as shown in embodiment 1, based on the method described in the first embodiment of the present invention, those skilled in the art can understand the specific structure and variations of the apparatus, and thus are not described herein again. All the devices adopted in the method of the first embodiment of the present invention belong to the protection scope of the present invention.
EXAMPLE III
Referring to fig. 3, it should be noted that, based on the same inventive technique as in the first embodiment and the second embodiment, a third embodiment of the present invention provides a system, including: radio frequency circuit 310, memory 320, input unit 330, display unit 340, audio circuit 350, WiFi module 360, processor 370, and power supply 380. The storage 320 stores a computer program that can be executed on the processor 370, and the processor 370 executes the computer program to implement the steps S1, S2, S3, S4, S5, and S6 according to one embodiment.
In a specific implementation process, when the processor executes the computer program, either implementation manner of the first embodiment or the second embodiment can be realized.
Those skilled in the art will appreciate that the device configuration shown in fig. 3 is not intended to be limiting of the device itself and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The following describes the components of the computer device in detail with reference to fig. 3:
the rf circuit 310 may be used for receiving and transmitting signals, and in particular, receives downlink information of a base station and then sends the received downlink information to the processor. In general, the radio frequency circuitry 310 includes, but is not limited to, at least one amplifier, transceiver, coupler, low noise amplifier, duplexer, and the like.
The memory 320 may be used to store software programs and modules, and the processor 370 may execute various functional applications of the computer device and data processing by operating the software programs and modules stored in the memory 320. The memory 320 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to use of the computer device, and the like. Further, the memory 320 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The input unit 330 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the computer apparatus. Specifically, the input unit 330 may include a keyboard 331 and other input devices 332. The keyboard 331 is capable of collecting input operations of a user thereon and driving a corresponding connection device according to a preset program. The output information is collected by the keyboard and then fed to the processor 370. The input unit may include other input devices 332 in addition to the keyboard 331. In particular, other input devices 332 may include, but are not limited to, one or more of a touch panel, function keys (such as volume control keys, switch button lights), a trackball, a mouse, a joystick, and the like.
The display unit 340 may be used to display information input by a user or information provided to the user and various menus of the computer device. The display unit 340 may include a display panel 341, and optionally, the display panel 341 may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like. Further, the keyboard 331 may cover the display panel 341, and when the keyboard 331 detects a touch operation on or near the keyboard 331, the keyboard 331 transmits the touch event to the processor 370 to determine the type of the touch event, and then the processor 370 provides a corresponding visual output on the display panel 341 according to the type of the input event. Although the keyboard 331 and the display panel 341 are shown in fig. 3 as two separate components to implement input and output functions of the computer device, in some embodiments, the keyboard 331 and the display panel 341 may be integrated to implement input and output functions of the computer device.
WiFi belongs to short-distance wireless transmission technology, and computer equipment can help a user to receive and send e-mails, browse webpages, access streaming media and the like through the WiFi module 360, and provides wireless broadband internet access for the user. Although the WiFi module 360 is shown in fig. 3, it is understood that it does not belong to the essential constitution of the computer device, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 370 is a control center of the computer device, connects various parts of the entire computer device using various interfaces and lines, performs various functions of the computer device and processes data by running or executing software programs and/or modules stored in the memory, and calling data stored in the memory 320, thereby monitoring the computer device as a whole. Alternatively, processor 320 may report one or more processing units; preferably, the processor 320 may be integrated with an application processor, wherein the application processor mainly processes an operating system, a user interface, an application program, and the like.
The computer device also includes a power supply 380 (such as a power adapter) for powering the various components, which may preferably be logically connected to the processor 370 through a power management system.
Example four
Based on the same inventive concept, as shown in fig. 4, the fourth embodiment provides a computer-readable storage medium 400, on which a computer program 411 is stored, and when the computer program 411 is executed by a processor, the steps S1, S2, S3, S4, S5, and S6 in one embodiment are implemented.
In a specific implementation process, when the computer program 411 is executed by a processor, the implementation of any one of the first and second embodiments may be implemented.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, hard disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable medium that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable medium produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Claims (10)
1. A cloud data auditing method based on multiple authorized auditors is disclosed, wherein the method comprises the following steps:
s1, initializing the system to generate public parameters;
s2, generating a public and private key pair according to the public parameters;
s3, generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited;
s4, randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server;
s5, according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor;
s6 data auditing is completed by the auditor.
2. The multi-authorization auditor-based cloud data auditing method of claim 1 where step S1 includes the steps of:
s11 selecting two q-order cyclic groups G1And G2;
S12 selection of group G1One generator G of (a), and a bilinear map e: G1×G1→G2;
S13 selects a hash function H satisfying H: {0,1}*→G1;
S14 assumes that the user authorizes d auditors to perform audit tasks, and the auditors use TPArRepresents, r ═ 1, 2.., d;
3. The multi-authorization auditor-based cloud data auditing method of claim 2 where step S2 includes the steps of:
s21 random number selected by userTPA as AuditorrBy a secure channel, xrIs sent to TPAr,r=1,2,...,d;
4. The multi-authorization auditor-based cloud data auditing method of claim 3 where step S3 includes the steps of:
s31 assuming that the user wants to upload file F, F is first divided into n data blocks, each consisting of S components, and file F can be expressed as F ═ { m ═ m1,m2,...,mnIn which m isi={mi1,mi2,...mis,},i=1,2,...,n;
S32 calculating data block miThe calculation formula of (2) is:
wherein, x and xrRespectively representing user private key and auditor TPArG is a generator, idiFor a data block miIs identified by the unique identification of (a) a,h is a hash function, αjIs a secret parameter chosen by the user, mijRepresenting a block of data miThe jth component of (a)riDenotes TPArData block m used in examinationi1,2, d, i 1,2, d, n;
s33: will { mi,σri}1≤r≤d,1≤i≤nAnd sending the data to a cloud server for storage.
5. The multi-authorization auditor-based cloud data auditing method of claim 4 where step S4 includes the steps of:
s41 user randomly selects an auditor TPArAudit is conducted, TPArRandomly selecting c numbers from the set {1, 2.. multidot.n } to form a set L, and selecting c numbers from the set {1, 2.. multidot.n }, to form a set LRandomly selecting c numbers to form a setWherein r ∈ [1, d ]];
S42 sends challenge information chal ═ { r, L, V } to the cloud server.
6. The multi-authorization auditor-based cloud data auditing method of claim 5 where step S5 includes the steps of:
Wherein m isijRepresenting a block of data miThe jth component of (a)riDenotes TPArData block m used in examinationiThe label of (1).
8. A cloud auditing system based on multiple authorized auditors, the system comprising:
a first generation module to: generating public parameters after the system is initialized;
a second generation module to: generating a public and private key pair according to the public parameters;
the file blocking and sending module is used for: generating a label of a data block according to the public and private key pair, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be audited;
a task generating and sending module, configured to: randomly selecting an auditor, generating challenge information and sending the challenge information to the cloud server;
a task processing and sending module, configured to: according to the challenge information, the data block and the label, the cloud server generates a data evidence and a label evidence and returns the data evidence and the label evidence to the auditor;
an audit processing module to: and finishing data auditing by the auditor.
9. A multi-authorized auditor based cloud data auditing system comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor performs the method of any one of claims 1 to 6.
10. A computer-readable medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011520960.2A CN112632604B (en) | 2020-12-21 | 2020-12-21 | Cloud data auditing method, system and device based on multi-authority auditors |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011520960.2A CN112632604B (en) | 2020-12-21 | 2020-12-21 | Cloud data auditing method, system and device based on multi-authority auditors |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112632604A true CN112632604A (en) | 2021-04-09 |
CN112632604B CN112632604B (en) | 2024-01-23 |
Family
ID=75320416
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011520960.2A Active CN112632604B (en) | 2020-12-21 | 2020-12-21 | Cloud data auditing method, system and device based on multi-authority auditors |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112632604B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114415943A (en) * | 2021-12-23 | 2022-04-29 | 贵州航天计量测试技术研究所 | Public auditing method and system for cloud multi-copy data |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104994110A (en) * | 2015-07-16 | 2015-10-21 | 电子科技大学 | Method for assigning verifier for auditing cloud storage data |
CN107147720A (en) * | 2017-05-16 | 2017-09-08 | 安徽大学 | Traceable effective public audit method and system in a kind of cloud storage data sharing |
CN109981736A (en) * | 2019-02-22 | 2019-07-05 | 南京理工大学 | A kind of dynamic public audit method for supporting user and Cloud Server to trust each other |
CN111222176A (en) * | 2020-01-08 | 2020-06-02 | 中国人民解放军国防科技大学 | Block chain-based cloud storage possession proving method, system and medium |
CN111541666A (en) * | 2020-04-16 | 2020-08-14 | 西南交通大学 | Certificateless cloud end data integrity auditing method with privacy protection function |
CN111859030A (en) * | 2020-07-09 | 2020-10-30 | 西南交通大学 | Public auditing method supporting composite data |
-
2020
- 2020-12-21 CN CN202011520960.2A patent/CN112632604B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104994110A (en) * | 2015-07-16 | 2015-10-21 | 电子科技大学 | Method for assigning verifier for auditing cloud storage data |
CN107147720A (en) * | 2017-05-16 | 2017-09-08 | 安徽大学 | Traceable effective public audit method and system in a kind of cloud storage data sharing |
CN109981736A (en) * | 2019-02-22 | 2019-07-05 | 南京理工大学 | A kind of dynamic public audit method for supporting user and Cloud Server to trust each other |
CN111222176A (en) * | 2020-01-08 | 2020-06-02 | 中国人民解放军国防科技大学 | Block chain-based cloud storage possession proving method, system and medium |
CN111541666A (en) * | 2020-04-16 | 2020-08-14 | 西南交通大学 | Certificateless cloud end data integrity auditing method with privacy protection function |
CN111859030A (en) * | 2020-07-09 | 2020-10-30 | 西南交通大学 | Public auditing method supporting composite data |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114415943A (en) * | 2021-12-23 | 2022-04-29 | 贵州航天计量测试技术研究所 | Public auditing method and system for cloud multi-copy data |
CN114415943B (en) * | 2021-12-23 | 2023-08-15 | 贵州航天计量测试技术研究所 | Public auditing method and auditing system for cloud multi-copy data |
Also Published As
Publication number | Publication date |
---|---|
CN112632604B (en) | 2024-01-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106850220B (en) | Data encryption method, data decryption method and device | |
CN103065080B (en) | A kind of application program login method and device | |
CN107453870A (en) | Mobile terminal authentication management method, device and corresponding mobile terminal based on block chain | |
CN111585760A (en) | Key retrieving method, device, terminal and readable medium | |
CN106487743A (en) | Method and apparatus for supporting multi-user's cluster authentication | |
CN107832567B (en) | System efficiency collaborative evaluation system and evaluation method | |
CN104954126B (en) | Sensitive operation verification method, device and system | |
CN103488922A (en) | Method and equipment for providing verification code | |
CN101964789A (en) | Method and system for safely accessing protected resources | |
CN102119506A (en) | A method and system for sharing data | |
CN106789876A (en) | The authentication method and its device of a kind of cloud terminal server | |
CN105426416A (en) | Transmission method and device of uniform resource locator, and sharing method and device of uniform resource locator | |
CN107666470A (en) | A kind of processing method and processing device of checking information | |
CN113569263A (en) | Secure processing method and device for cross-private-domain data and electronic equipment | |
CN112632604B (en) | Cloud data auditing method, system and device based on multi-authority auditors | |
CN110572268B (en) | Anonymous authentication method and device | |
CN109766705B (en) | Circuit-based data verification method and device and electronic equipment | |
US20180351736A1 (en) | Session Key Negotiation Method, Apparatus, and System | |
CN113791910A (en) | Memory allocation method, memory allocation device, electronic equipment and readable storage medium | |
CN104951690A (en) | Terminal device unlocking method and terminal device unlocking device | |
CN109560914A (en) | Data ciphering method and device, storage medium, electronic equipment | |
CN114092101B (en) | Transaction verification method and device, storage medium and electronic equipment | |
CN116128468A (en) | Management platform, data processing method, electronic device and storage medium | |
CN106355088A (en) | Account management application strengthening method and device using same | |
CN115549889A (en) | Decryption method, related device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |