CN112732695A - Cloud storage data security deduplication method based on block chain - Google Patents
Cloud storage data security deduplication method based on block chain Download PDFInfo
- Publication number
- CN112732695A CN112732695A CN202110080490.0A CN202110080490A CN112732695A CN 112732695 A CN112732695 A CN 112732695A CN 202110080490 A CN202110080490 A CN 202110080490A CN 112732695 A CN112732695 A CN 112732695A
- Authority
- CN
- China
- Prior art keywords
- data
- file
- storage
- block chain
- csp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/215—Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
- G06F16/2246—Trees, e.g. B+trees
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Abstract
The invention discloses a block chain-based cloud storage data security duplicate removal method, which is characterized in that a generated file label is sent to a cloud storage service provider for repeated detection; if the result is file repetition, the user generates a file repeated storage log, and executes an intelligent contract through an intelligent contract management center to integrate the storage log into a transaction and upload the transaction to a block chain for storage, so that the current storage state information is safely stored; if the result is that the file is not repeated, the key server generates a permission key of the user by constructing a role hierarchical hash tree, performs safe encryption operation on data by using the permission key, and uploads a ciphertext to a cloud storage server for storage; and generating a file unrepeated storage log and transaction with the assistance of the intelligent contract management center. The method and the system can realize safe duplication removal and storage of the data of the cloud user, resist stealing and tampering malicious behaviors of a cloud storage service provider, greatly reduce the computing overhead of the cloud storage server and ensure privacy safety.
Description
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to a cloud data security duplicate removal method based on a block chain.
Background
Currently, the cloud computing technology has been widely applied in the information field, and can effectively allocate computing resources and improve the efficiency of data storage. With the continuous development of cloud computing technology, more and more users choose to outsource their data to cloud storage server providers, and cloud storage service providers face data storage management problems in a big data environment. With the rapid growth of user data, a large amount of redundant data is uploaded to and stored on the cloud storage server, which consumes a large amount of communication bandwidth and storage space of the cloud storage service provider. The data de-duplication technology can detect and eliminate redundant data on the cloud storage server, so that the cloud storage server is prevented from storing the same user data for multiple times, but the data de-duplication technology cannot be compatible with a traditional encryption algorithm. Generally, to ensure the security of data, users need to perform encryption operations on data using conventional encryption algorithms before outsourcing their data. Since a user may select different encryption keys, even the same data may be eventually encrypted into different ciphertexts, which makes it impossible for a cloud storage service provider to perform a corresponding deduplication technology.
In order to realize effective deduplication of encrypted data, related researchers propose a safe deduplication algorithm based on convergent encryption, namely a convergent key of user data is calculated through a safe hash function, and then the data is encrypted through the convergent key to obtain a unique ciphertext. However, since the encryption algorithm is a deterministic encryption strategy, the cloud storage service provider can crack the key through brute force attack to obtain the original ciphertext. Related researchers put forward a security guarantee scheme of a convergence secret key, namely, a secret sharing scheme is used for cutting the secret key into fragments, the fragments are scattered to a plurality of cloud storage servers for storage, and meanwhile, a deterministic hash value is used for replacing a random value generated by a traditional secret sharing scheme, so that higher reliability is realized; however, the scheme still cannot resist collusion attack performed by a cloud storage service provider, and once a plurality of cloud storage servers collude with each other, the key fragments can still be reconstructed and restored to a complete key, so as to obtain an original file.
In recent years, the blockchain technology has attracted extensive attention and applications in academia and industry due to the characteristics of decentralization, information traceability, data non-falsification and the like. Related researchers have proposed a block chain-based security deduplication scheme, which stores tag information of user data by using a block chain as a secure log database, downloads corresponding tag information from a block when the user data needs to be verified, and determines whether the user data is complete by matching the tag information. However, due to the lack of effective encryption algorithm participation and the guarantee of the security protocol, the confidentiality and security of the data in the storage state and the transmission state cannot be guaranteed. Therefore, a better method is needed to ensure the security of the user data and resist malicious tampering and stealing of the user data by the cloud storage provider.
Disclosure of Invention
The invention aims to provide a block chain-based cloud storage data security deduplication method, which ensures confidentiality and security of data on a cloud storage server, generates a storage log by using a block chain technology to generate information of user data, and integrates the storage log into a transaction to be uploaded to a block chain for storage; the user can decrypt the file and execute a local data auditing protocol through the transaction information on the blockchain at any time so as to complete the safe storage and the integrity verification.
In order to achieve the purpose, the invention adopts the following technical scheme:
a cloud storage data security deduplication method based on a block chain comprises the following steps:
step S1, generating a file label by constructing a Merkle hash tree, and sending the file label to a cloud storage service provider for repeatability detection;
step S2, if the result is file repetition, generating a file repeated storage log, and executing an intelligent contract through an intelligent contract management center to integrate the storage log into a transaction and upload the transaction to a block chain for storage, so as to safely store the current storage state information;
step S3, if the result is that the file is not repeated, the key server generates an authority key of the user by constructing a role hierarchical hash tree, performs safe encryption operation on data through the authority key, and uploads a ciphertext to a cloud storage server for storage; and meanwhile, generating a file unrepeated storage log and transaction under the assistance of the intelligent contract management center.
Preferably, in step S1, the file F is divided into n data blocks F ═ BiConstructing a Merkle hash tree by taking the data blocks as leaf nodes, and calculating a root node R (i is more than or equal to 1 and less than or equal to n-1); the root node R is used as a label of the file F and is sent to a cloud storage service provider CSP for repeated check; the CSP will check if the tag is already present and return the detection result to the user.
Preferably, if a file label exists, the user identity is identified by IDUAnd the identity ID of the cloud storage service providerCSPUploading the file to a block chain, sending a request of storing the file to the block chain, entrusting the request to an intelligent contract management center (SCMC), and uploading the ID by the SCMCUAnd IDCSPConversion into blockchain accounts EA by elliptic curve algorithmUAnd EACSPGenerating a transaction TX (To From Value Data) including file repeated storage log Data by executing the intelligent contract I, and submitting the transaction TX To a block chain by the SCMC;
wherein To is the account EA of the senderUFrom is the account number EA of the receiving partyCSPValue pays for the need to create the transactionData is the information stored in the transaction TX, sig (TX) is the signature of the user U on the transaction TX.
Preferably, if the file label does not exist, the convergence key is calculated to be KCEi=H(Bi) The key server KS generates a corresponding key authority K according to the role hierarchical hash treeRAnd sending to the user; user-calculated final encryption keyAnd additional information I ═ ID of the fileU||IDF||KR| n | | T, and data BiEncrypted with additional information I to ciphertext CIEncrypt (pk, I) and CBi=Encrypt(KBi,Bi) Wherein Encrypt (.) is a DES symmetric encryption algorithm; then the user calculates the ID of the unrepeated log information Data of the fileU||IDCSP||CI||Sigsk(R) and the detected value Y m.H (data), and transmits information (H (data), Y, CBi) The CSP is given; the CSP detects whether the formula e (Y, g) e (H (data) and pk) is true or not, so as to verify the correctness of the additional information; if the equation holds, SCMC accepts (ID)U,IDCSPData) and executing smart contract II To create a transaction containing log information Data as TX To From Value Data sig (TX), wherein the log information Data is IDU||IDCSP||CI||Sigsk(R); the SCMC submits TX to the block chain to generate a new block.
Preferably, a memory log TX is created along with the blockchain, which includes a file-duplicate memory log and a file-non-duplicate memory log for recording the file storage condition.
Preferably, the method further comprises the following steps: when the integrity of the file needs to be verified, a local data auditing algorithm is executed by downloading the storage log, so that whether the downloaded file is complete or not is verified.
Preferably, after downloading the file F ', the file F' is divided into n data blocks F '═ B'i}1≤i≤n-1Then constructing a Merkle hash tree by taking the data blocks as leaf nodes, and finally constructing a Merkle hash tree by taking the data blocks as leaf nodesCalculating a root node R'; downloading and storing log information Data from block chain as IDU||IDCSP||C(I)||Sigsk(R) and checking the correctness of the time stamp T and the number n of data blocks; if correct, the transaction signature Sig is decrypted using its public key pksk(R), obtaining a file label R, and finally verifying whether the formula R 'is true, if true, indicating that the downloaded file is complete, i.e. F is F'.
Preferably, when the data is stored in the cloud server, the user sends an integrity check request to the SCMC, which selects an index set S { S } containing c elements1,s2,...,scAnd the set Q { (i, v)i) In which v isiIs the ith random value, satisfies i ∈ S andthe BSC then sets Q { (i, v)i) Sending to the CSP as a challenge, and outputting a result t (t ═ 1 indicates successful verification, and t ═ 0 indicates failed verification); when t is 1, the CSP needs to sort out the corresponding data block serial number on the server by using the set Q and generate the certification label P of the corresponding data block as GenProof (C)Bi,Q,Φi) Wherein GenProof (,) is a proof tag generation function, CBiIs the ciphertext and phi corresponding to the data blockiThe CSP returns a proof tag P to the user, and the user determines the integrity of the cloud data by verifying the correctness of the P.
According to the invention, the data security deduplication and storage of the cloud user are realized through the block chain technology, the malicious behaviors of stealing, tampering and the like of a cloud storage service provider are resisted, the computing overhead of the cloud storage server is greatly reduced, and the privacy security is ensured.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts; wherein the content of the first and second substances,
FIG. 1 is a flow chart of a cloud storage data security deduplication method of the present invention;
FIG. 2 is a schematic diagram of a hierarchical role hash tree according to the present invention;
FIG. 3 is a schematic representation of the Mercker hash tree of the present invention (when the data block n is 6);
FIG. 4 is an intelligent contract I according to the present invention;
FIG. 5 is a smart contract II according to the present invention;
FIG. 6 is a schematic diagram of a transaction in which a document according to the present invention is stored;
FIG. 7 is a schematic diagram of a transaction when a file is not stored according to the present invention;
fig. 8 is a smart contract III according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
As shown in fig. 1, the present invention provides a block chain-based cloud storage data security deduplication method, which includes the following steps:
step S1, generating a file label by constructing a Merkle hash tree, and sending the file label to a cloud storage service provider for repeatability detection;
step S2, if the result is file repetition, generating a file repeated storage log, and executing an intelligent contract through an intelligent contract management center to integrate the storage log into a transaction and upload the transaction to a block chain for storage, so as to safely store the current storage state information;
step S3, if the result is that the file is not repeated, the key server generates the authority key of the user by constructing a role hierarchical hash tree, performs safe encryption operation on the data through the authority key, and uploads the ciphertext to the cloud storage server for storage; and meanwhile, generating a file unrepeated storage log and transaction under the assistance of the intelligent contract management center.
According to the invention, the data security deduplication and storage of the cloud user are realized through the block chain technology, the malicious actions of stealing, tampering and the like of a cloud storage service provider are resisted, the computing overhead of the cloud storage server is greatly reduced, and the privacy security is ensured.
Further, step S1 specifically includes:
dividing file F into n data blocks F ═ BiThe data blocks are used as leaf nodes to construct a Merkle hash tree (as shown in figure 3), a root node R is calculated, and a user uses the root node R as a label of a file F and sends the file F to a cloud storage service provider (CSP) for repeatability check; the CSP will check if the tag is already present and return the detection result to the user.
Further, let the user ID be represented as IDUThe identity of the file owned by it is represented as IDFSetting e: GXG → GTIs a bilinear map, G and GTFor both multiplicative groups, p, G is the generator of G, with the same prime order. A storage log TX is created together with the blockchain, and includes a file duplicate storage log and a file non-duplicate storage log, so as to record the file storage condition.
If the file tag is present, this indicates that the file F has been stored. First, identify the user IDUAnd the identity ID of the cloud storage service providerCSPUploading the file to a block chain, sending a request of storing the file to the block chain, entrusting the request to an intelligent contract management center (SCMC), and enabling the SCMC to upload an identification ID (identity) firstUAnd IDCSPConversion into block chain account EA by elliptic curve algorithm ECDSA-secp256k1UAnd EACSPAnd generates a one by executing the intelligent contract I (as shown in FIG. 4)The pen includes a transaction TX ═ To | | From | | | Value | | | Data | | sig (TX) for the file repeated storage log Data, as shown in fig. 6, To is the account EA of the senderUFrom is the account EA of the receiverCSPValue is the fee to be paid for creating the transaction, and the Value is the service fee of the storage file F; data is the information stored in the transaction TX, with a value of 0, sig (TX) being the signature of the user U on the transaction TX. Finally the SCMC submits the transaction TX to the blockchain.
If the file label does not exist, the file is not stored on the cloud server, and the convergence key is calculated to be KCEi=H(Bi). The key server KS will generate a corresponding key authority K according to the role hierarchical hash treeRAnd sent to the user. User-calculated final encryption keyAnd additional information I ═ ID of the fileU||IDF||KR| n | | T, and data BiEncrypted with additional information I to ciphertext CIEncrypt (pk, I) and CBi=Encrypt(KBi,Bi) Wherein Encrypt () is DES symmetric encryption algorithm. Then the user calculates the ID of the unrepeated log information Data of the fileU||IDCSP||CI||Sigsk(R) and the detected value Y m.H (data), and transmits information (H (data), Y, CBi) To the CSP. The CSP first checks whether the formula e (Y, g) ═ e (h (data)) and pk are true, thereby verifying the correctness of the additional information. If the equation holds, SCMC accepts (ID)U,IDCSPData) and execute smart contract II (as shown in fig. 5) To create a transaction TX To From Value Data sig (TX) containing log information Data, as shown in fig. 7, where Value is the storage service fee and log information Data IDU||IDCSP||CI||Sigsk(R) in the presence of a catalyst. Finally the SCMC submits TX to the block chain to generate a new block.
The generated encryption key comprises two types: a public-private key pair and an authority key. For the generation of the public-private key pair, the Key Server (KS) may randomly select an integer m as the private key sk ═ m, and the public key may beTo calculate as pk ═ gm. For the generation of the authority key, the Key Server (KS) calculates the authority key according to the authority difference of the users, and a role hierarchical hash tree can be constructed by utilizing a balanced binary tree as shown in figure 2, so as to map the relationship between the user authority and the encryption key. Since users in the common hierarchical system have different roles, different roles have different privilege levels correspondingly. The invention defines the role attributes of the users as L (L belongs to N), each user has the respective role attribute L, therefore, the role attributes of m users form an ordered set { L ∈ N }i}1≤i≤mThe ordered set { L }i}1≤i≤mAs a key to a node, a role-level hash tree is constructed using properties of a balanced binary tree. Each node of the hash tree may represent a group of roles. Wherein the value of the ith node is RG | | | LiAnd RG represents a unique identification of the node. When rights belong to a role group RGU||LiThe user U needs to upload the data F to the cloud server and its specified rights belong to RGU' | | L in the role groupjCan the member U' access the data F. The authority key KRThe calculation formula of (2) is as follows: kR=H1(RGU||Li)||H2(RGU,||Lj) Wherein H is1And H2For a secure hash function, | | represents a connector. When the user belongs to the role group RGUWhen updating is needed, only the node value corresponding to the authority level hash tree needs to be updated.
Further, in order to download the file F, the encryption key K needs to be recoveredBi. First the user sends a download request to the SCMC. SCMC downloads stored log information Data from block chain as IDU||IDCSP||C(I)||SigskAnd (R) and sending to the user. The user analyzes the ciphertext C (I) of the additional information of the file from the Data of the storage log, and decrypts the plaintext I (ID) of the additional information by using the private key sk of the userU||IDF||KRIf n T, the user can continue to analyze the authority key K from the additional information IRAnd using the authority key KRAnd a convergence key KCEiTo obtainEncryption keyThe end user utilizes the encryption key KBiDecrypting a data block Bi ═ Decrypt (K) from the cloud storage serverBi,CBi) And restore file F ═ Bi}。
Further, the present invention also includes: when the integrity of the file needs to be verified, a local data auditing algorithm is executed by downloading the storage log, so that whether the downloaded file is complete or not is verified. The method specifically comprises the following steps:
after downloading the file F ', the file F' is divided into n data blocks F '═ B'i}1≤i≤n-1Then, constructing a Merkle Hash tree by taking the data blocks as leaf nodes, and finally calculating a root node R' of the Merkle Hash tree; downloading and storing log information Data from block chain as IDU||IDCSP||C(I)||Sigsk(R) and checking the correctness of the time stamp T and the number n of data blocks; if correct, the transaction signature Sig is decrypted using its public key pksk(R), obtaining a file label R, and finally verifying whether the formula R 'is true, if true, indicating that the downloaded file is complete, i.e. F is F'.
The invention also supports the integrity verification of the remote cloud data, and can verify the integrity of the data on the remote cloud server through a random sampling algorithm based on an intelligent contract. When the data is stored at the cloud server, the user sends an integrity audit request to the SCMC. The SCMC executes the smart contract III shown in fig. 8 to transmit a randomly sampled set Q of data block sequence numbers. Specifically, the SCMC selects an index set S ═ { S } containing c elements1,s2,...,scAnd the set Q { (i, v)i) In which v isiIs the ith random value, satisfies i ∈ S andthe BSC then sets Q { (i, v)i) It sends it as a challenge to the CSP and outputs the result t (t-1 indicates successful authentication and t-0 indicates failed authentication). When t is 1, the CSP needs to select the corresponding data block sequence number on the server by using the set Q and generatesProof tag P-GenProof (C) corresponding to the data blockBi,Q,Φi). Wherein GenProof (,) is the proof tag Generation function, CBiIs the ciphertext and phi corresponding to the data blockiAnd finally, the CSP returns a proof tag P to the user, and the user determines the integrity of the cloud data by verifying the correctness of the P.
The cloud storage data security deduplication method provided by the invention can ensure the confidentiality and the security of data on a cloud storage server, and mainly utilizes a block chain technology to generate a storage log from information of user data, and integrates the storage log into a transaction to be uploaded to a block chain for storage. The user can decrypt the file and execute a local data auditing protocol through the transaction information on the blockchain at any time so as to complete the safe storage and the integrity verification.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention. It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that modifications and variations can be made without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (8)
1. A cloud storage data security deduplication method based on a block chain is characterized by comprising the following steps:
step S1, generating a file label by constructing a Merkle hash tree, and sending the file label to a cloud storage service provider for repeatability detection;
step S2, if the result is file repetition, generating a file repeated storage log, and executing an intelligent contract through an intelligent contract management center to integrate the storage log into a transaction and upload the transaction to a block chain for storage, so as to safely store the current storage state information;
step S3, if the result is that the file is not repeated, the key server generates an authority key of the user by constructing a role hierarchical hash tree, performs safe encryption operation on data through the authority key, and uploads a ciphertext to a cloud storage server for storage; and meanwhile, generating a file unrepeated storage log and transaction under the assistance of the intelligent contract management center.
2. The block chain-based cloud storage data security deduplication method of claim 1, wherein in step S1, file F is divided into n data blocks F ═ BiConstructing a Merkle hash tree by taking the data blocks as leaf nodes, and calculating a root node R; the root node R is used as a label of the file F and is sent to a cloud storage service provider CSP for repeated check; the CSP will check if the tag is already present and return the detection result to the user.
3. The block chain-based cloud storage data security deduplication method of claim 1 or 2, wherein if a file tag exists, a user identity ID is usedUAnd the identity ID of the cloud storage service providerCSPUploading the file to a block chain, sending a request of storing the file to the block chain, entrusting the request to an intelligent contract management center (SCMC), and uploading the ID by the SCMCUAnd IDCSPConversion into blockchain accounts EA by elliptic curve algorithmUAnd EACSPGenerating a transaction TX (To From Value Data) including file repeated storage log Data by executing the intelligent contract I, and submitting the transaction TX To a block chain by the SCMC;
wherein To is the account EA of the senderUFrom is the account EA of the receiverCSPValue is the fee to be paid for creating the transaction, Data is the information stored in the transaction TX, sig (TX) is the signature of the transaction TX by the user U.
4. The block chain-based cloud storage data security deduplication method of claim 3, wherein if a file label does not exist, a convergence key is calculated to be KCEi=H(Bi) The key server KS generates a corresponding key authority K according to the role hierarchical hash treeRAnd sending to the user; user-calculated final encryption keyAnd additional information I ═ ID of the fileU||IDF||KR| n | | T, and data BiEncrypted with additional information I to ciphertext CIEncrypt (pk, I) and CBi=Encrypt(KBi,Bi) Wherein Encrypt (.) is a DES symmetric encryption algorithm; then the user calculates the ID of the unrepeated log information Data of the fileU||IDCSP||CI||Sigsk(R) and the detected value Y m.H (data), and transmits information (H (data), Y, CBi) The CSP is given; the CSP detects whether the formula e (Y, g) e (H (data) and pk) is true or not, so as to verify the correctness of the additional information; if the equation holds, SCMC accepts (ID)U,IDCSPData) and executing an intelligent contract II To create a transaction containing log information Data as TX To From Value Data sig (TX), wherein the log information Data is IDU||IDCSP||CI||Sigsk(R); the SCMC submits TX to the block chain to generate a new block.
5. The safe deduplication method for block chain-based cloud storage data as claimed in claim 2 or 4, wherein a storage log TX is created together with the block chain, and the storage log TX includes a file duplicate storage log and a file non-duplicate storage log for recording file storage.
6. The block chain based cloud storage data security deduplication method of claim 5, further comprising: when the integrity of the file needs to be verified, a local data auditing algorithm is executed by downloading the storage log, so that whether the downloaded file is complete or not is verified.
7. The secure block chain-based cloud storage data deduplication method of claim 6, wherein after downloading the file F ', the file F' is divided into n data blocks F '═ B'i}1≤i≤n-1Then the data block is taken as a leafConstructing a Merkle hash tree by the nodes, and finally calculating a root node R' of the Merkle hash tree; downloading and storing log information Data from block chain as IDU||IDCSP||C(I)||Sigsk(R) and checking the correctness of the time stamp T and the number n of data blocks; if correct, the transaction signature Sig is decrypted using its public key pksk(R), obtaining a file label R, and finally verifying whether the formula R 'is true, if true, indicating that the downloaded file is complete, i.e. F is F'.
8. The block chain based secure deduplication method of cloud storage data as claimed in claim 4, wherein when the data is stored in the cloud server, the user sends an integrity audit request to the SCMC, which selects the index set S ═ { S } containing c elements1,s2,...,scAnd the set Q { (i, v)i) In which v isiIs the ith random value, satisfies i ∈ S andthe BSC then sets Q { (i, v)i) Sending to the CSP as a challenge, and outputting a result t (t ═ 1 indicates successful verification, and t ═ 0 indicates failed verification); when t is 1, the CSP needs to sort out the corresponding data block serial number on the server by using the set Q and generate the certification label P of the corresponding data block as GenProof (C)Bi,Q,Φi) Wherein Genproof () is a proof tag generation function, CBiIs the ciphertext and phi corresponding to the data blockiThe CSP returns a proof tag P to the user, and the user determines the integrity of the cloud data by verifying the correctness of the P.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110080490.0A CN112732695B (en) | 2021-01-21 | 2021-01-21 | Cloud storage data security deduplication method based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110080490.0A CN112732695B (en) | 2021-01-21 | 2021-01-21 | Cloud storage data security deduplication method based on block chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112732695A true CN112732695A (en) | 2021-04-30 |
CN112732695B CN112732695B (en) | 2022-02-18 |
Family
ID=75594583
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110080490.0A Active CN112732695B (en) | 2021-01-21 | 2021-01-21 | Cloud storage data security deduplication method based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112732695B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113656818A (en) * | 2021-08-17 | 2021-11-16 | 山东大学 | No-trusted third party cloud storage ciphertext duplication removing method and system meeting semantic security |
WO2023156670A1 (en) * | 2022-02-21 | 2023-08-24 | Nchain Licensing Ag | Computer implemented method and system for the provision of access to a plurality of functions and applications associated with a blockchain |
CN117010000A (en) * | 2023-09-28 | 2023-11-07 | 之江实验室 | Data security service method, device, computer equipment and storage medium |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070124453A1 (en) * | 2003-03-31 | 2007-05-31 | Veritas Operating Corporation | Handling un-partitioning of a computer network |
CN102710757A (en) * | 2012-05-21 | 2012-10-03 | 北京航空航天大学 | Distributed cloud storage data integrity protection method |
CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
CN106910072A (en) * | 2017-02-15 | 2017-06-30 | 捷德(中国)信息科技有限公司 | Digital cash management method and system |
CN106961431A (en) * | 2017-03-17 | 2017-07-18 | 福建师范大学 | The method and system of role's symmetric cryptography proof of ownership |
CN107360156A (en) * | 2017-07-10 | 2017-11-17 | 广东工业大学 | P2P network method for cloud storage based on block chain under a kind of big data environment |
CN108494552A (en) * | 2018-03-16 | 2018-09-04 | 西安电子科技大学 | Support the cloud storage data duplicate removal method of efficiently convergence key management |
CN109670334A (en) * | 2018-12-19 | 2019-04-23 | 平安科技(深圳)有限公司 | Electronic health record sharing method, device, computer equipment and storage medium |
CN109829326A (en) * | 2018-11-20 | 2019-05-31 | 西安电子科技大学 | Cross-domain certification and fair audit duplicate removal cloud storage system based on block chain |
CN111355705A (en) * | 2020-02-08 | 2020-06-30 | 西安电子科技大学 | Data auditing and safety duplicate removal cloud storage system and method based on block chain |
US20200322132A1 (en) * | 2017-12-15 | 2020-10-08 | nChain Holdings Limited | System and method for authenticating off-chain data based on proof verification |
CN111859412A (en) * | 2020-06-11 | 2020-10-30 | 中国科学院信息工程研究所 | Cloud data position public verification method and system based on CPOR model |
CN111949602A (en) * | 2020-07-16 | 2020-11-17 | 桂林电子科技大学 | Outsourcing data safety migration method and system supporting integrity verification |
-
2021
- 2021-01-21 CN CN202110080490.0A patent/CN112732695B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070124453A1 (en) * | 2003-03-31 | 2007-05-31 | Veritas Operating Corporation | Handling un-partitioning of a computer network |
CN102710757A (en) * | 2012-05-21 | 2012-10-03 | 北京航空航天大学 | Distributed cloud storage data integrity protection method |
CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
CN106910072A (en) * | 2017-02-15 | 2017-06-30 | 捷德(中国)信息科技有限公司 | Digital cash management method and system |
CN106961431A (en) * | 2017-03-17 | 2017-07-18 | 福建师范大学 | The method and system of role's symmetric cryptography proof of ownership |
CN107360156A (en) * | 2017-07-10 | 2017-11-17 | 广东工业大学 | P2P network method for cloud storage based on block chain under a kind of big data environment |
US20200322132A1 (en) * | 2017-12-15 | 2020-10-08 | nChain Holdings Limited | System and method for authenticating off-chain data based on proof verification |
CN108494552A (en) * | 2018-03-16 | 2018-09-04 | 西安电子科技大学 | Support the cloud storage data duplicate removal method of efficiently convergence key management |
CN109829326A (en) * | 2018-11-20 | 2019-05-31 | 西安电子科技大学 | Cross-domain certification and fair audit duplicate removal cloud storage system based on block chain |
CN109670334A (en) * | 2018-12-19 | 2019-04-23 | 平安科技(深圳)有限公司 | Electronic health record sharing method, device, computer equipment and storage medium |
CN111355705A (en) * | 2020-02-08 | 2020-06-30 | 西安电子科技大学 | Data auditing and safety duplicate removal cloud storage system and method based on block chain |
CN111859412A (en) * | 2020-06-11 | 2020-10-30 | 中国科学院信息工程研究所 | Cloud data position public verification method and system based on CPOR model |
CN111949602A (en) * | 2020-07-16 | 2020-11-17 | 桂林电子科技大学 | Outsourcing data safety migration method and system supporting integrity verification |
Non-Patent Citations (1)
Title |
---|
李境一: "基于区块链的数据存储安全技术研究", 《万方学位论文库》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113656818A (en) * | 2021-08-17 | 2021-11-16 | 山东大学 | No-trusted third party cloud storage ciphertext duplication removing method and system meeting semantic security |
CN113656818B (en) * | 2021-08-17 | 2023-07-28 | 山东大学 | Trusted-free third party cloud storage ciphertext deduplication method and system meeting semantic security |
WO2023156670A1 (en) * | 2022-02-21 | 2023-08-24 | Nchain Licensing Ag | Computer implemented method and system for the provision of access to a plurality of functions and applications associated with a blockchain |
CN117010000A (en) * | 2023-09-28 | 2023-11-07 | 之江实验室 | Data security service method, device, computer equipment and storage medium |
CN117010000B (en) * | 2023-09-28 | 2024-03-01 | 之江实验室 | Data security service method, device, computer equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN112732695B (en) | 2022-02-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111639361B (en) | Block chain key management method, multi-person common signature method and electronic device | |
Li et al. | Blockchain-based public auditing for big data in cloud storage | |
EP4120114A1 (en) | Data processing method and apparatus, smart device and storage medium | |
Aujla et al. | SecSVA: secure storage, verification, and auditing of big data in the cloud environment | |
CN111130757B (en) | Multi-cloud CP-ABE access control method based on block chain | |
CN112732695B (en) | Cloud storage data security deduplication method based on block chain | |
CN110213042A (en) | A kind of cloud data duplicate removal method based on no certification agency re-encryption | |
CN111066285A (en) | Method for recovering public key based on SM2 signature | |
CN111523133B (en) | Block chain and cloud data collaborative sharing method | |
Thompson | The preservation of digital signatures on the blockchain | |
CN111526197A (en) | Cloud data secure sharing method | |
CN112906056A (en) | Cloud storage key security management method based on block chain | |
CN111475866A (en) | Block chain electronic evidence preservation method and system | |
CN111656386A (en) | Managing transaction requests in ledger system | |
Wang et al. | Distributed secure storage scheme based on sharding blockchain | |
Li et al. | Lattice-based privacy-preserving and forward-secure cloud storage public auditing scheme | |
CN111630545B (en) | Managing transaction requests in ledger system | |
Pardeshi et al. | Improving data integrity for data storage security in cloud computing | |
CN112382376A (en) | Medical instrument management tracing system based on block chain | |
Hu et al. | Keychain: Blockchain-based key distribution | |
CN113225318B (en) | Method and system for government affair big data encryption transmission and safe storage | |
CN108809996B (en) | Integrity auditing method for duplicate deletion stored data with different popularity | |
CN112699123A (en) | Method and system for verifying existence and integrity of data in data storage system | |
CN114826607B (en) | Edge computing node compression method based on block chain and lightweight storage system | |
CN116069856A (en) | Data integrity verification method and system based on blockchain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |