CN112632604B - Cloud data auditing method, system and device based on multi-authority auditors - Google Patents
Cloud data auditing method, system and device based on multi-authority auditors Download PDFInfo
- Publication number
- CN112632604B CN112632604B CN202011520960.2A CN202011520960A CN112632604B CN 112632604 B CN112632604 B CN 112632604B CN 202011520960 A CN202011520960 A CN 202011520960A CN 112632604 B CN112632604 B CN 112632604B
- Authority
- CN
- China
- Prior art keywords
- data
- auditor
- evidence
- auditors
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000012550 audit Methods 0.000 claims abstract description 27
- 238000004590 computer program Methods 0.000 claims description 16
- 230000006870 function Effects 0.000 claims description 16
- 238000004364 calculation method Methods 0.000 claims description 9
- 125000004122 cyclic group Chemical group 0.000 claims description 7
- 238000012545 processing Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 9
- 230000000903 blocking effect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012905 input function Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 230000005236 sound signal Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cloud data auditing method, a system and a device based on a multi-authority auditor, wherein the method comprises the following steps: s1, initializing a system to generate public parameters; s2, generating a public and private key pair according to the public parameters; s3, generating labels of data blocks according to the public and private key pairs, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be checked; s4, randomly selecting auditors, generating challenge information and sending the challenge information to the cloud server; s5, according to the challenge information, the data block and the label, the cloud server generates data evidence and label evidence and returns the data evidence and the label evidence to the auditor; and S6, finishing data audit by the auditor. The invention supports that only a plurality of auditors authorized by the user can execute the audit task, and the auditors not authorized can not execute the audit task, thereby effectively solving the problems that the user data is audited maliciously and the auditors are audited dishonest.
Description
Technical Field
The invention relates to a cloud data auditing method, system and device based on multiple authorized auditors, and belongs to the technical field of data security in the field of cloud computing.
Background
In the current big data age, more and more users choose to migrate local data to the cloud, and the data is processed by utilizing the powerful storage capacity and the powerful computing capacity of the cloud computing platform. The cloud computing solves the problem that individuals and enterprises need to store and manage massive data, but the accompanying security problems, such as privacy disclosure, data abuse, data loss and other potential safety hazards, are not ignored. When user data is lost, the cloud service provider may hide facts from the user in order to maintain reputation, so it is very necessary to periodically detect whether data on the remote cloud is kept intact.
Typically, the user communicates the tedious audit task to a third party auditor. On the one hand, in most existing auditing algorithms, all auditors can audit user data, and malicious audit can reveal data privacy information, which is undesirable for users. On the other hand, the existing few auditing algorithms execute auditing tasks by designating an auditor, once the auditor loses computing power or is lazy, the auditor does not execute computation and returns a result to the user at will, and the user cannot correctly judge whether the data is completely available.
Disclosure of Invention
Based on the above, the invention provides a cloud data auditing method, system and device based on multiple authorized auditors, so as to solve the problems that cloud data are audited maliciously and auditors are appointed to audit dishonest.
The technical scheme of the invention is as follows:
in a first aspect, the present invention provides a cloud data auditing method based on multiple authority auditors, where the method includes:
s1, initializing a system to generate public parameters;
s2, generating a public and private key pair according to the public parameters;
s3, generating labels of data blocks according to the public and private key pairs, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be checked;
s4, randomly selecting auditors, generating challenge information and sending the challenge information to the cloud server;
s5, according to the challenge information, the data block and the label, the cloud server generates data evidence and label evidence and returns the data evidence and the label evidence to the auditor;
and S6, finishing data audit by the auditor.
Specifically, step S1 includes the steps of:
s11 selecting two q-th order cyclic groups, i.e. a first cyclic group G 1 And a second circulation group G 2 Where q is a large prime number 160 bits in length;
s12 selecting a first cycle group G 1 The last generator G, and bilinear map e: G 1 ×G 1 →G 2 ;
S13, selecting a hash function H, and meeting H {0,1} * →G 1 Representing the mapping of 01 bit strings of arbitrary length into cyclic groups G 1 Elements of (a) and (b);
s14, assuming that the user authorizes d auditors to execute audit tasks, the auditors use TPA r And r=1, 2, d;
s15 user selects S random numbersCalculation parameters->Preserving alpha i ,i=1,2,...,s;
S16 discloses a system parameter params, and the expression of the system parameter params is params= { G 1 ,G 2 ,q,g,{u i } i=1,2,...,s E, d, H }, completing the system initialization.
Specifically, step S2 includes the steps of:
s21 user selects random numberTPA as auditor r Is to x through a secure channel r Sent to TPA r ,r=1,2,...,d;
S22, the user selects a random numberAs its own private key, calculate public key y=g x 。
Specifically, step S3 includes the steps of:
s31 assuming that the user wants to upload the file F, first divide F into n data blocks, each consisting of S components, the file F can be expressed as f= { m 1 ,m 2 ,...,m n -wherein m is i ={m i1 ,m i2 ,...,m is },i=1,2,...,n;
S32 calculating data block m i The calculation formula is as follows:
wherein x and x r TPA respectively representing user private key and auditor r G is the generator, id i For data block m i Is a hash function, alpha j Is a secret parameter selected by the user, m ij Representing data block m i J-th component, sigma ri Representing TPA r Data block m for examination time i R=1, 2, d, i=1, 2, n;
s33: will { m } i ,σ ri } 1≤r≤d,1≤i≤n And sending the cloud server to store.
Specifically, step S4 includes the steps of:
s41 user randomly selects one auditor TPA r Auditing for TPA r Randomly selecting c numbers from the sets {1,2,.,. N } to form a set L, and thenC numbers are randomly selected to form a set +.>Wherein r is E [1, d];
S42 sends challenge information chal= { r, L, V } to the cloud server.
Specifically, step S5 includes the steps of:
s51 calculation of data evidence
S52 calculating tag evidence
S53 the cloud server will respond to the evidenceTPA returned to auditor r ;
Wherein m is ij Representing data block m i J-th component, sigma ri Representing TPA r Use in audit timeData block m of (2) i Is a label of (a).
Specifically, step S6 includes the steps of:
judging equation by auditorWhether or not to establish;
if so, the file is shown to be well preserved, otherwise, the file is shown to have at least one damaged data.
In a second aspect, the present invention provides a cloud data auditing apparatus based on multiple authorized auditors, the apparatus comprising:
a first generation module for: generating public parameters after initializing a system;
a second generation module, configured to: generating a public-private key pair according to the public parameters;
file blocking and sending module for: generating labels of data blocks according to the public and private key pairs, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be checked;
the task generating and transmitting module is used for: randomly selecting auditors, generating challenge information and sending the challenge information to the cloud server;
the task processing and sending module is used for: according to the challenge information, the data block and the label, the cloud server generates data evidence and label evidence and returns the data evidence and the label evidence to the auditor;
an audit processing module for: and finishing data audit by the auditor.
In a third aspect, the present invention further provides a cloud data auditing system based on multiple authorized auditors, including a memory, a processor, and a computer program stored on the memory and capable of running on the processor, where the processor executes the cloud data auditing method based on multiple authorized auditors.
In a fourth aspect, the present invention also provides a computer readable medium having stored thereon a computer program, wherein the program when executed by a processor implements the above-described multi-authority auditor-based cloud data auditing method.
The beneficial effects of the invention are as follows: according to the cloud data auditing method, system and device based on the multiple authorized auditors, more than one authorized auditor is determined by the user, each authorized auditor can execute the auditing task, and the unauthorized auditor cannot audit the data. If an authorized auditor is dishonest, the rest auditors can complete the audit task. And each time of auditing, a user randomly selects one auditor for auditing, wherein the probability of the dishonest auditor being extracted is 1/d, and d is the number of authorized auditors. Therefore, the invention can effectively solve the problems that the user data is audited maliciously and auditors are audited dishonest.
The present invention will be described in further detail with reference to the drawings.
Drawings
FIG. 1 is a flow chart of a method according to an embodiment of the present invention;
FIG. 2 is a structural frame diagram of an embodiment of the present invention;
FIG. 3 is a block diagram of yet another apparatus according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a computer readable medium according to an embodiment of the invention.
Detailed Description
The following detailed description of the present invention will provide further details in order to make the above-mentioned objects, features and advantages of the present invention more comprehensible. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. The invention may be embodied in many other forms than described herein and similarly modified by those skilled in the art without departing from the spirit or scope of the invention, which is therefore not limited to the specific embodiments disclosed below.
Description of terms in the present invention:
the user: the data owner authorizes an auditor and generates a label for the data block, and the data block and the label thereof are sent to the cloud server for storage;
auditor: receiving an audit request of a user, generating challenge information, and auditing user data;
cloud server: and storing user data, and generating corresponding data evidence and label evidence according to the challenge information of the auditor in an auditing stage.
The invention is further described below with reference to examples and figures.
Example 1
Referring to fig. 1, the embodiment of the invention provides a cloud data auditing method based on multiple authorized auditors, wherein the method comprises the following steps:
s1, initializing a system to generate public parameters;
s2, generating a public and private key pair according to the public parameters;
s3, generating labels of data blocks according to the public and private key pairs, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be checked;
s4, randomly selecting auditors, generating challenge information and sending the challenge information to the cloud server;
s5, according to the challenge information, the data block and the label, the cloud server generates data evidence and label evidence and returns the data evidence and the label evidence to the auditor;
and S6, finishing data audit by the auditor.
The method comprises the following detailed steps:
step S1 comprises the steps of:
s11 selecting two q-th order cyclic groups, i.e. a first cyclic group G 1 And a second circulation group G 2 Where q is a large prime number 160 bits in length;
s12 selecting a first cycle group G 1 The last generator G, and bilinear map e: G 1 ×G 1 →G 2 ;
S13, selecting a hash function H, and meeting H {0,1} * →G 1 Representing the mapping of 01 bit strings of arbitrary length into cyclic groups G 1 Elements of (a) and (b);
s14, assuming that the user authorizes d auditors to execute audit tasks, the auditors use TPA r And r=1, 2, d;
s15 user selects S random numbersCalculation parameters->Preserving alpha i ,i=1,2,...,s;
S16 discloses a system parameter params, and the expression of the system parameter params is params= { G 1 ,G 2 ,q,g,{u i } i=1,2,...,s E, d, H }, completing the system initialization.
Step S2 comprises the steps of:
s21 user selects random numberTPA as auditor r Is to x through a secure channel r Sent to TPA r ,r=1,2,...,d;
S22, the user selects a random numberAs its own private key, calculate public key y=g x 。
Step S3 comprises the steps of:
s31 assuming that the user wants to upload the file F, first divide F into n data blocks, each consisting of S components, the file F can be expressed as f= { m 1 ,m 2 ,...,m n -wherein m is i ={m i1 ,m i2 ,...,m is },i=1,2,...,n;
S32 calculating data block m i The calculation formula is as follows:
wherein x and x r TPA respectively representing user private key and auditor r G is the generator, id i For data block m i Is a hash function, alpha j Is a secret parameter selected by the user, m ij Representing data block m i J-th component, sigma ri Representing TPA r Data block m for examination time i R=1, 2, d, i=1, 2, n;
s33: will { m } i ,σ ri } 1≤r≤d,1≤i≤n And sending the cloud server to store.
In the invention, the file is divided into n data blocks, each data block is provided with a corresponding tag, and the tags contain secret information of authorized auditors, which means that only the authorized auditors can verify the correctness of the data, thus being capable of avoiding malicious audit of the data by other irrelevant auditors.
Step S4 comprises the steps of:
s41 user randomly selects one auditor TPA r Auditing for TPA r Randomly selecting c numbers from the sets {1,2,.,. N } to form a set L, and thenC numbers are randomly selected to form a set +.>Wherein r is E [1, d];
S42 sends challenge information chal= { r, L, V } to the cloud server.
In the invention, the user can randomly select an authorized auditor to audit the data.
Step S5 comprises the steps of:
s51 calculation of data evidence
S52 calculating tag evidence
S53 the cloud server will respond to the evidenceTPA returned to auditor r ;
Wherein m is ij Representing data block m i J-th component, sigma ri Representing TPA r Data block m for examination time i Is a label of (a).
In the invention, the cloud server finds out the corresponding data block and the label information related to the auditor, generates data evidence and label evidence and returns the data evidence and label evidence to the auditor.
Step S6 includes the steps of:
judging equation by auditorWhether or not to establish;
if so, the file is shown to be well preserved, otherwise, the file is shown to have at least one damaged data.
In the invention, after receiving the information returned by the cloud server, only the designated auditor can carry out audit judgment. If the equation is true, the file is well saved; otherwise, it indicates that at least one of the data blocks in the file is corrupted.
The working principle and the working process of the invention are as follows: firstly, initializing a system to generate public parameters; the user distributes secret information to an auditor as authorization, and then generates a public and private key of the user; partitioning the file, generating a label for each data block, and uploading all the data blocks and the labels to a cloud server; the user randomly designates an authorized auditor for auditing, and the auditor generates challenge information and sends the challenge information to the cloud server; the cloud server generates data evidence and label evidence according to the corresponding data blocks and labels related to the auditor, and returns the data evidence and the label evidence to the auditor; and the auditor judges whether the data is completely stored according to the data evidence and the tag evidence. Therefore, only authorized auditors can audit the user data, the number of the authorized auditors is determined by the user, and the invention has the capability of resisting malicious audit and dishonest audit.
Example two
Referring to fig. 2, a second embodiment of the present invention provides a cloud data auditing apparatus based on multiple authorized auditors, including: a first generation module for: generating public parameters after initializing a system; a second generation module, configured to: generating a public-private key pair according to the public parameters; file blocking and sending module for: generating labels of data blocks according to the public and private key pairs, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be checked; the task generating and transmitting module is used for: randomly selecting auditors, generating challenge information and sending the challenge information to the cloud server; the task processing and sending module is used for: according to the challenge information, the data block and the label, the cloud server generates data evidence and label evidence and returns the data evidence and the label evidence to the auditor; an audit processing module for: and finishing data audit by the auditor.
Since the apparatus described in the second embodiment of the present invention is an apparatus for implementing the method of the first embodiment of the present invention, and the specific processing steps adopted by each apparatus are shown in embodiment 1, based on the method described in the first embodiment of the present invention, those skilled in the art can understand the specific structure and the modifications of the apparatus, and thus will not be described herein. All devices used in the method according to the first embodiment of the present invention are within the scope of the present invention.
Example III
Referring to fig. 3, it should be noted that, based on the same inventive technique as the first and second embodiments, a third embodiment of the present invention provides a system, which includes: radio frequency circuitry 310, memory 320, input unit 330, display unit 340, audio circuitry 350, wiFi module 360, processor 370, and power supply 380. The memory 320 stores a computer program that can be executed by the processor 370, and the processor 370 executes one of the steps S1, S2, S3, S4, S5, and S6 described in the embodiment.
In a specific implementation process, when the processor executes the computer program, any implementation manner of the first embodiment and the second embodiment may be implemented.
It will be appreciated by those skilled in the art that the device structure shown in fig. 3 is not limiting on the device itself, and may include more or fewer components than shown, or certain components in combination, or a different arrangement of components.
The following describes the respective constituent elements of the computer apparatus in detail with reference to fig. 3:
the radio frequency circuit 310 may be used for receiving and transmitting signals, and in particular, after receiving downlink information of the base station, the downlink information is processed by a processor. In general, the radio frequency circuitry 310 includes, but is not limited to, at least one amplifier, transceiver, coupler, low noise amplifier, diplexer, and the like.
The memory 320 may be used to store software programs and modules, and the processor 370 performs various functional applications and data processing of the computer device by executing the software levels and modules stored in the memory 320. The memory 320 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, application programs required for at least one function, and the like; the storage data area may store data created according to the use of the computer device, etc. In addition, memory 320 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
The input unit 330 may be used to receive input numeric or character information and to generate key signal inputs related to user settings and function control of the computer device. In particular, the input unit 330 may include a keyboard 331 and other input devices 332. The keyboard 331 may collect input operations of a user thereon and drive the corresponding connection device according to a preset program. The keyboard collects the output information and then sends it to the processor 370. In addition to the keyboard 331, the input unit may also include other input devices 332. In particular, other input devices 332 may include, but are not limited to, one or more of a touch panel, function keys (such as volume control keys, switch key lights), a trackball, a mouse, a joystick, and the like.
The display unit 340 may be used to display information input by a user or information provided to the user as well as various menus of the computer device. The display unit 340 may include a display panel 341, and alternatively, the display panel 341 may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like. Further, the keyboard 331 may cover the display panel 341, and when the keyboard 331 detects a touch operation thereon or thereabout, the touch operation is transferred to the processor 370 to determine the type of touch event, and then the processor 370 provides a corresponding visual output on the display panel 341 according to the type of input event. Although in fig. 3 the keyboard 331 and the display panel 341 are shown as two separate components to implement the input and input functions of the computer device, in some embodiments the keyboard 331 and the display panel set 341 may be integrated to implement the input and output functions of the computer device.
Audio circuitry 350, speaker 351, microphone 352 may provide an audio interface between a user and a computer device. The audio circuit 350 may transmit the received electrical signal converted from audio data to the speaker 351, and convert the electrical signal into a sound signal by the speaker 351.
WiFi belongs to a short-distance wireless transmission technology, and computer equipment can help a user to send and receive e-mails, browse web pages, access streaming media and the like through the WiFi module 360, so that wireless broadband Internet access is provided for the user. Although a WiFi module 360 is shown in FIG. 3, it will be appreciated that it does not belong to the essential constitution of a computer device, and may be omitted entirely as desired within the scope of not changing the essence of the invention.
Processor 370 is a control center of the computer device and connects various portions of the overall computer device using various interfaces and lines to perform various functions and process data of the computer device by running or executing software programs and/or modules stored in memory and invoking data stored in memory 320. Optionally, the processor 370 may report to one or more processing units; preferably, the processor 370 may integrate an application processor, wherein the application processor primarily processes operating systems, user interfaces, application programs and the like.
The computer device also includes a power supply 380 (e.g., a power adapter) for powering the various components, which may preferably be logically connected to the processor 370 through a power management system.
Example IV
Based on the same inventive concept, as shown in fig. 4, the fourth embodiment provides a computer readable storage medium 400, on which a computer program 411 is stored, which computer program 411, when executed by a processor, implements steps S1, S2, S3, S4, S5, S6 of one of the embodiments.
In a specific implementation, the computer program 411 may implement any implementation of the first and second embodiments when executed by a processor.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, hard disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable medium that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable medium produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instructions which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
Claims (3)
1. Cloud data auditing method based on multi-authority auditors, wherein the method comprises the following steps:
s1, initializing a system to generate public parameters, wherein the method comprises the following steps of:
s11 selecting two q-order cyclic groups G 1 And G 2 ;
S12 selection group G 1 The last generator G, and bilinear map e: G 1 ×G 1 →G 2 ;
S13, selecting a hash function H, and meeting H {0,1} * →G 1 ;
S14, assuming that the user authorizes d auditors to execute audit tasks, the auditors use TPA r And r=1, 2, d;
s15 user selects S random numbersCalculation parameters->Preserving alpha i ,i=1,2,...,s;
S16 discloses a system parameter params, and the expression of the system parameter params is params= { G 1 ,G 2 ,q,g,{u i } i=1,2,...,s E, d, H }, completing system initialization;
s2, generating a public and private key pair according to the public parameters, wherein the public and private key pair comprises the following steps:
s21 user selects random numberTPA as auditor r Is to x through a secure channel r Sent to TPA r ,r=1,2,...,d;
S22, the user selects a random numberAs its own private key, calculate public key y=g x ;
S3, generating labels of data blocks according to the public and private key pairs, and sending all the data blocks and the labels thereof to a cloud server, wherein the data blocks are a plurality of data blocks divided by a file to be checked, and the method comprises the following steps:
s31 assuming that the user wants to upload the file F, first divide F into n data blocks, each consisting of S components, the file F can be expressed as f= { m 1 ,m 2 ,...,m n -wherein m is i ={m i1 ,m i2 ,...,m is },i=1,2,...,n;
S32 calculating data block m i The calculation formula is as follows:
wherein x and x r TPA respectively representing user private key and auditor r G is the generator, id i For data block m i Is a hash function, alpha j Is a secret parameter selected by the user, m ij Representing data block m i J-th component, sigma ri Representing TPA r Data block m for examination time i R=1, 2, d, i=1, 2, n;
s33: will { m } i ,σ ri } 1≤r≤d,1≤i≤n Sending the cloud server to store;
s4, randomly selecting auditors, generating challenge information and sending the challenge information to the cloud server, wherein the method comprises the following steps of:
s41 user randomly selects one auditor TPA r Auditing for TPA r Randomly selecting c numbers from the sets {1,2,.,. N } to form a set L, and thenC numbers are randomly selected to form a set +.>Wherein r is E [1, d];
S42, challenge information chal= { r, L, V } is sent to a cloud server;
s5, according to the challenge information, the data block and the label, the cloud server generates data evidence and label evidence and returns the data evidence and the label evidence to the auditor, and the method comprises the following steps of:
s51 calculation of data evidence
S52 calculating tag evidence
S53 the cloud server will respond to the evidenceTPA returned to auditor r ;
Wherein m is ij Representing data block m i J-th component, sigma ri Representing TPA r Data block m for examination time i Is a label of (2);
s6, finishing data audit by the auditor, including the following steps:
judging equation by auditorWhether or not to establish;
if so, the file is shown to be well preserved, otherwise, the file is shown to have at least one damaged data.
2. A multi-authority auditor-based cloud data auditing system comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor performs the method of claim 1.
3. A computer readable medium on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method of claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011520960.2A CN112632604B (en) | 2020-12-21 | 2020-12-21 | Cloud data auditing method, system and device based on multi-authority auditors |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011520960.2A CN112632604B (en) | 2020-12-21 | 2020-12-21 | Cloud data auditing method, system and device based on multi-authority auditors |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112632604A CN112632604A (en) | 2021-04-09 |
| CN112632604B true CN112632604B (en) | 2024-01-23 |
Family
ID=75320416
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011520960.2A Active CN112632604B (en) | 2020-12-21 | 2020-12-21 | Cloud data auditing method, system and device based on multi-authority auditors |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112632604B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114415943B (en) * | 2021-12-23 | 2023-08-15 | 贵州航天计量测试技术研究所 | Public auditing method and auditing system for cloud multi-copy data |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104994110A (en) * | 2015-07-16 | 2015-10-21 | 电子科技大学 | Method for assigning verifier for auditing cloud storage data |
| CN107147720A (en) * | 2017-05-16 | 2017-09-08 | 安徽大学 | Traceable effective public audit method and system in a kind of cloud storage data sharing |
| CN109981736A (en) * | 2019-02-22 | 2019-07-05 | 南京理工大学 | A kind of dynamic public audit method for supporting user and Cloud Server to trust each other |
| CN111222176A (en) * | 2020-01-08 | 2020-06-02 | 中国人民解放军国防科技大学 | Block chain-based cloud storage possession proving method, system and medium |
| CN111541666A (en) * | 2020-04-16 | 2020-08-14 | 西南交通大学 | Certificateless cloud end data integrity auditing method with privacy protection function |
| CN111859030A (en) * | 2020-07-09 | 2020-10-30 | 西南交通大学 | Public auditing method supporting composite data |
-
2020
- 2020-12-21 CN CN202011520960.2A patent/CN112632604B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104994110A (en) * | 2015-07-16 | 2015-10-21 | 电子科技大学 | Method for assigning verifier for auditing cloud storage data |
| CN107147720A (en) * | 2017-05-16 | 2017-09-08 | 安徽大学 | Traceable effective public audit method and system in a kind of cloud storage data sharing |
| CN109981736A (en) * | 2019-02-22 | 2019-07-05 | 南京理工大学 | A kind of dynamic public audit method for supporting user and Cloud Server to trust each other |
| CN111222176A (en) * | 2020-01-08 | 2020-06-02 | 中国人民解放军国防科技大学 | Block chain-based cloud storage possession proving method, system and medium |
| CN111541666A (en) * | 2020-04-16 | 2020-08-14 | 西南交通大学 | Certificateless cloud end data integrity auditing method with privacy protection function |
| CN111859030A (en) * | 2020-07-09 | 2020-10-30 | 西南交通大学 | Public auditing method supporting composite data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112632604A (en) | 2021-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11196541B2 (en) | Secure machine learning analytics using homomorphic encryption | |
| KR101575030B1 (en) | Method of multi-signature generation for shared data in the cloud | |
| CN111898137A (en) | Private data processing method, equipment and system for federated learning | |
| CN102611692B (en) | Secure computing method in multi-tenant data centers | |
| CN110414567B (en) | Data processing method and device and electronic equipment | |
| US20100215172A1 (en) | Sharing a secret with modular inverses | |
| CN109478279A (en) | Method and system for realizing block chain | |
| Wang et al. | Image encryption using genetic operators and intertwining logistic map | |
| CN105282126A (en) | Login authentication method, terminal and server | |
| CN106487743A (en) | Method and apparatus for supporting multi-user's cluster authentication | |
| CN113537633B (en) | Prediction method, device, equipment, medium and system based on longitudinal federal learning | |
| JP2021515271A (en) | Computer-based voting process and system | |
| CN112769542B (en) | Multiplication triple generation method, device, equipment and medium based on elliptic curve | |
| CN102119506A (en) | A method and system for sharing data | |
| CN107592202A (en) | Application signature method, apparatus, system, computing device and storage medium | |
| CN113900598A (en) | Block chain based data storage method, device, equipment and storage medium | |
| CN105426416A (en) | Transmission method and device of uniform resource locator, and sharing method and device of uniform resource locator | |
| CN113569263A (en) | Secure processing method and device for cross-private-domain data and electronic equipment | |
| CN112632604B (en) | Cloud data auditing method, system and device based on multi-authority auditors | |
| US20190279136A1 (en) | Method and system for selective data visualization and posting of supply chain information to a blockchain | |
| CN112445873B (en) | List display processing method, related device, equipment and medium | |
| CN103685216A (en) | Information processing apparatus, information processing system, information processing method, program and client terminal | |
| CN107005576A (en) | The bridge joint matching identification symbol for link identifiers is generated from server log | |
| CN113032817B (en) | Data alignment method, device, equipment and medium based on block chain | |
| CN115225367A (en) | Data processing method, device, computer equipment, storage medium and product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |