CN112804209A - Cloud storage audit data processing method - Google Patents

Cloud storage audit data processing method Download PDF

Info

Publication number
CN112804209A
CN112804209A CN202011630060.3A CN202011630060A CN112804209A CN 112804209 A CN112804209 A CN 112804209A CN 202011630060 A CN202011630060 A CN 202011630060A CN 112804209 A CN112804209 A CN 112804209A
Authority
CN
China
Prior art keywords
tpm
data
cloud server
group
blind
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011630060.3A
Other languages
Chinese (zh)
Inventor
杨海滨
易铮阁
涂正
李瑞峰
孔咏骏
王绪安
杨晓元
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Engineering University of Chinese Peoples Armed Police Force
Original Assignee
Engineering University of Chinese Peoples Armed Police Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Engineering University of Chinese Peoples Armed Police Force filed Critical Engineering University of Chinese Peoples Armed Police Force
Priority to CN202011630060.3A priority Critical patent/CN112804209A/en
Publication of CN112804209A publication Critical patent/CN112804209A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of cloud storage auditing, and particularly discloses a cloud storage auditing data processing method, wherein a public key of a TPM is generated during parameter setting, so that information leakage is prevented, and a malicious cloud server cannot forge a label through the public key of the TPM and a large amount of verification label information; after the cloud server receives the blind data, only restoring the blind data into real data without restoring the corresponding tags; and blindly processing the data in an auditing stage, and generating an integrity evidence by using the blind data and the corresponding label. According to the method, a data integrity certification protocol framework is optimized, the cloud server only recovers the real data after receiving the blind data and does not recover the real label, the data is blindly processed again when generating the audit data, multiplication and power operation of the recovered label are changed into addition operation during blind data processing, and therefore the efficiency of the cloud audit protocol is improved.

Description

Cloud storage audit data processing method
Technical Field
The invention belongs to the technical field of cloud storage auditing, and particularly relates to a cloud storage auditing data processing method.
Background
With the rise of cloud computing, more and more users store data in the cloud, and the users lose control over own data because the users no longer store original data locally, which inevitably causes the users to worry about the security of the own data. Therefore, the user needs to audit and check own data to ensure the security of the own data, and thus an integrity audit scheme of the data in the cloud storage is generated. In some cases, it is often not a single user but a group-based cloud storage system. For example, in an enterprise, employees outsource work documents to cloud storage servers and then share them to colleagues. However, when work documents are outsourced to cloud servers, because they are not physically controlled by the owner of the data, how to ensure their security is a difficult problem, especially the integrity of the outsourced data.
In 2019, Tian et al proposed a lightweight security audit scheme for shared data in cloud storage. But we have proven their solution to be insecure mathematically, and an adversary can easily forge the authentication tag. In this case, even if all outsourced data has been deleted by the cloud server, it can still provide the correct proof of possession of the data. Meanwhile, the malicious cloud server can modify the data block and the corresponding identity authentication tag at will without detection.
Disclosure of Invention
The invention aims to provide a cloud audit data processing method, which solves the problems that an adversary can forge a verification label and the scheme efficiency in the prior art.
The invention is realized by the following technical scheme:
a cloud storage audit data processing method is characterized by comprising the following steps:
s1, generating data according to the set parameters;
s2, carrying out blind processing on the generated data to obtain blind data;
s3, selecting a TPM for authorization from the virtual TPM pool according to the TPM management strategy, and calculating an authentication tag corresponding to the blind data by the authorized TPM within the authorization time of the blind data;
s4, the authorized TPM sends the blind data and the authentication tag to the cloud server; before receiving the messages, the cloud server checks whether the authorization of the TPM at the current time is valid;
if the authorization of the TPM is invalid, the cloud server does not store the data and returns a reply of invalid authorization to the TPM;
if authorization of the TPM is valid, the cloud server verifies correctness of the authentication tag, if the verification is correct, blind data are recovered, and the cloud server stores real data and the authentication tag corresponding to the blind data; if the verification is incorrect, rejecting; if the authorization of the TPM is invalid, the cloud server does not take any measures;
s5, when the data integrity of the cloud server is to be checked, the TPM initiates challenge information of integrity check to the cloud server;
s6, the cloud server generates a data integrity evidence according to the challenge information of the TPM;
s7, the TPM examines the integrity evidence provided by the cloud server and verifies the correctness of the integrity evidence.
Further, step S1 specifically includes: by group administrator selecting a random
Figure BDA0002876064340000021
As private key of TPM, simultaneously calculating
Figure BDA0002876064340000022
βiFor TPMiPrivate key of, Zp *Is a prime number field composed of non-zero elements;
random number selected by group administrator
Figure BDA0002876064340000023
Sending the information to the group members and the cloud server; k is a radical of1To benefit from group usersA random secret seed generated with a pseudorandom function;
group administrator random selection
Figure BDA0002876064340000024
And calculate
Figure BDA0002876064340000025
And calculates TPM in the following manneriPublic key of (2):
Figure BDA0002876064340000026
αja random value alpha of the jth fragment of the corresponding data block;
and the group administrator selects an interaction function f and a function sequence fi', sets an input sending window and an output sending window, and then sends the input sending window and the output sending window to the cloud server.
Further, step S2 specifically includes: (a) random secret seed k1Blind factor for user computing group membership
Figure BDA0002876064340000031
Then calculates blind data block m'ij,m′ij=miji
(b) Upload data m'ijIs sent by the group member to the group administrator, who also calculates the hash (id)i,j) And will idi,j,m′ijSecurely sent to a group administrator, and then a new event is created by the group members; idi,jIs a blind data block m'ijIdentification information of (a);
(c) for new events, use hash (id)i,j) Recording the event and broadcasting the event in the group; according to the same hash algorithm, the group administrator verifies the hash (id) after receiving the requesti,j) (ii) a If the verification passes, the group administrator will receive the blind data block m'ij
Further, in step S3, selecting one TPM for authorization from the virtual TPM pool according to the TPM management policy, specifically:
(a) group administrator computing according to TPM management policyAND input port u in virtual TPM pooliCorresponding output port TPMi
(b) TPM generated by group administratoriThe authorization message is as follows: { (ID)group||ui||Δti),Δt′iWhere the identity of the group manager is IDgroup,ΔtiDenotes the time, Δ t ', at which the group administrator is requested to process'iRepresenting a time of authorization of the TPM by the group administrator; u. ofiA port for handling this event on behalf of the group administrator;
(c) the group administrator calculates the value H according to the authorization message1As follows:
H1((IDgroup||ui||Δt),Δti′);
(d) the group administrator sends an authorization message to the cloud server and sends alphaji,m′ijAnd H1Send to TPMi
Wherein alpha isjA TPM for a random value α corresponding to a jth fragment of a data block (used in generating a tag for a jth data block)iPrivate key of betaiFor TPMiThe private key of (2) for generating an authentication tag; m'ijAre blind data blocks.
Further, in step S3, the specific process of calculating the corresponding authentication tag by the authorized TPM includes the following steps:
(a) obtaining a blind data block m'ijThen, TPMiTo give m'ijAuthentication tag of'iThe following were used:
Figure BDA0002876064340000041
then, data File (m'ij,σ′i) And H1By TPMiSending the data to a cloud server;
(b) upon receipt of the authorization message of the corresponding group administrator and the corresponding TPM'is(m′ij,σ′i) Then, the output port TPM is calculated by the cloud server firsti
If the message is only made by TPMiAt Δ t'iSent H to be calculated by the cloud server1((IDgroup||ui||Δt),Δt′i) And TPMiCalculated H1((IDgroup||ui||Δt),Δt′i) Comparing; if the two are the same, the next algorithm is run, otherwise, execution is stopped.
Further, in step S4, the cloud server checks whether the authorization of the TPM at the current time is valid, which includes the following specific steps:
computing a validation tag σ by a cloud serveriThe correctness of (2):
Figure BDA0002876064340000042
if the above equation is true, then (m ') is received and stored'ij,σ′i) Otherwise, rejecting.
Further, in step S4, the specific process of restoring the blind data to the real data is as follows:
based on k1Cloud server computing
Figure BDA0002876064340000043
And the real data is calculated using the following formula:
mij=m′iji
m'ijfor blind data blocks, αiBlind factors corresponding to the ith data block;
finally, the cloud stores the real data block mi=(mi1,mi2,…,mis) And corresponding authentication tag sigma of blind datai
Further, step S6 specifically includes: when the group administrator needs to audit the integrity of the cloud server data, a challenge is initiated to the cloud server, and Δ t is randomly selectediAs to TPMiWherein the input uiHas a transmission window of Δ ti
Group administrator passinguiAt Δ tiTo TPMiSend audit grant command and will { IDgroup||uiSending | Δ t } as audit authorization information to the cloud server;
when TPMiAfter receiving the authorization command, executing an audit process, specifically as follows:
(a) by TPMiRandomly selecting c blocks from all blocks sharing data, and representing the index of the selected block as L;
(b) by TPMiThe two random numbers o that are generated are,
Figure BDA0002876064340000051
and calculating X ═ go,R=gr
(c) By TPMiComputing
Figure BDA0002876064340000052
(d) By TPMiOutputting challenge information:
Figure BDA0002876064340000053
then, TPMiThe CM is sent to the cloud.
Further, step S6 specifically includes: after receiving the challenge information, the cloud server firstly bases on the { ID }group||uiCalculating a TPM of a port; the cloud server then verifies the authorization message IDgroup||ui||Δt};
The cloud server generates a data integrity certification as follows:
(a) decomposing the subset L from the index set L1,…,LdWherein the TPMiSelected block and signed is Li
(b) Based on k1Cloud server computing
Figure BDA0002876064340000054
And calculating m 'from this'ij=mijiThen countCalculating out
Figure BDA0002876064340000055
And for each subset L by the cloud serveriComputing
Figure BDA0002876064340000056
Wherein i is more than or equal to 1 and less than or equal to d and j is more than or equal to 1 and less than or equal to s;
(c) computing by cloud server
Figure BDA0002876064340000057
And
Figure BDA0002876064340000058
integrity proofs are then generated as follows:
Pr f={{wi}1≤i≤d,π}
finally sends it to TPMi
Further, step S7 specifically includes: based on the received integrity proof and challenge message, the TPM verifies the correctness of the following equation:
Figure BDA0002876064340000061
herein, the
Figure BDA0002876064340000062
So it is equivalent to verify:
Figure BDA0002876064340000063
if the equation is True, the TPM outputs True, otherwise outputs False.
Compared with the prior art, the invention has the following beneficial technical effects:
the invention discloses a cloud audit data processing method, and designs a safe TPM public key generation method. The novel public key enables the safety of the scheme to be based on the problem of difficult discrete logarithm, and in a semi-honest environment, malicious adversaries cannot utilize known public information to crack key parameters of users by a method of solving a linear equation set to forge data labels, so that the information leakage is effectively prevented, and the data safety of the users is protected; the invention designs an efficient cloud data processing method, after a cloud server receives blind data of a user, only the blind data is restored into real data, but tags corresponding to blind data blocks are not restored into real tags; instead, the data is blindly processed again in the data auditing stage, and integrity evidence is generated by using the blind data and the corresponding label. According to the method, the multiplication operation and the power operation required by the cloud server for recovering the label corresponding to the real data block are converted into the addition operation required by the data in the blind processing process, so that a large amount of calculation burden of the cloud server at the order end is reduced, and the efficiency of the cloud audit protocol is improved.
Drawings
Fig. 1 is a model diagram of a cloud storage auditing system of the invention.
Detailed Description
The present invention will now be described in further detail with reference to specific examples, which are intended to be illustrative, but not limiting, of the invention.
The cloud storage auditing system model provided by the invention comprises four entities: a group administrator (GM), a group member (M), a cloud server (C), and a TPM. For a group, there are multiple group members. And after the data owner creates the data file, the data file is outsourced to a cloud server. And corresponding shared data can then be accessed and modified by any group member. Here, the GM may be an original data owner. Here we describe the functionality of four entities:
1. cloud server (C): the cloud (C) also provides a cloud platform for group members to share data.
2. Group member (M): the following tasks need to be accomplished: a) blind data; b) blind data is recorded and broadcast in the swarm.
3. Group Manager (GM): the following tasks need to be accomplished: a) giving a management strategy of the TPM; b) generating a public and private key pair of the TPM; c) and generating a secret seed for blinding the data of the group members and recovering the real data of the cloud.
4. The TPM needs to accomplish the following tasks: a) generating a data authentication tag for the group members; b) integrity of cloud data is verified on behalf of the swarm members.
The cloud storage audit protocol is executed in the following manner:
1. and (3) data uploading stage:
(a) the group members (data owners) generate and outsource data to cloud server servers. The data is first blindly processed and recorded by the hah diagram and then sent to the group administrator.
(b) And the group administrator selects a TPM for authorization from the virtual TPM pool according to the TPM management strategy, and the authorized TPM calculates a corresponding authentication tag in the authorization time of the blind data.
(c) The authorized TPM then sends the blind data and authentication tag to the cloud server. Before receiving these messages, the cloud server checks whether the authorization of the TPM at the current time is valid.
(d) If the authorization of the TPM is invalid, the cloud server does not store the data and returns a reply of invalid authorization to the TPM;
if valid, the cloud server will verify the correctness of the authentication tag. And if the verification is correct, recovering the blind data. Finally, the cloud server stores the real data and the authentication tag corresponding to the blind data.
2. And (3) auditing stage:
(a) and according to the TPM management strategy, selecting a TPM by the group administrator and authorizing.
(b) The challenge message is sent to the authorized TPM through the cloud. The cloud will then check if the authorization from the TPM is valid. If valid, the cloud will generate a shared data integrity manifest.
(c) Finally, by checking the correctness of the proof, the TPM may verify the integrity of the shared data in the cloud.
During parameter setting, a public key of the TPM is generated, so that information leakage is prevented, and a malicious cloud server cannot forge a label through the public key of the TPM and a large amount of verification label information; after the cloud server receives the blind data, only the blind data is restored to be real data, and the corresponding label is not restored. And blindly processing the data in an auditing stage, and generating an integrity evidence by using the blind data and the corresponding label. The efficiency of the overall protocol can be improved.
The invention discloses a cloud audit data processing method, which specifically comprises the following steps:
the method comprises the following steps: setting parameters, and generating all parameters required by the scheme;
step two: blind processing of data, namely blinding the data by a user;
step three: group administrator authorization;
step four: generating a verification label;
step five: checking the verification tag;
step six: recovering the data, namely recovering blind data into real data;
step seven: initiating a challenge, and when a group administrator wants to check the integrity of cloud data, enabling the TPM to initiate challenge information of integrity check to the cloud server;
step eight: generating an evidence, wherein the cloud server generates a data integrity evidence according to the challenge information of the TPM;
and step nine, evidence examination, wherein the TPM examines the integrity evidence provided by the cloud server and verifies the correctness of the integrity evidence.
The following is a table of letter annotations for each formula:
Figure BDA0002876064340000091
step one, parameter setting:
(a) the group administrator selects a random
Figure BDA0002876064340000092
Private key as TPMWhile calculating
Figure BDA0002876064340000093
(b) Random number selected by group administrator
Figure BDA0002876064340000094
And sending the information to the group members and the cloud server.
(c) Group administrator random selection
Figure BDA0002876064340000101
And calculate
Figure BDA0002876064340000102
And calculates TPM in the following manneriPublic key of (2):
Figure BDA0002876064340000103
(d) the group administrator selects an interaction function f and a function sequence f'iAnd sets input and output transmission windows and then transmits them to the cloud server.
Step two: data blind processing, namely, blind processing of data by a user:
(a) random secret seed k1Blind factor for computing group membership
Figure BDA0002876064340000104
Blind data block m'ijIs calculated as m'ij=miji
(b) Upload data m'ijIs sent by the group member to the group administrator, which also calculates the hash (id)i,j) (hash value) and will idi,j,m′ijSecurely sent to the group administrator and then a new event is created by the group members.
(c) For new events, use hash (id)i,j) The event is recorded and will be broadcast within the group. According to the same hash algorithm, the group administrator verifies the hash (id) after receiving the requesti,j). Such asIf fruit verified, it will receive m'ij
Step three: group administrator authorization:
(a) according to the TPM management strategy, the group administrator calculates the input port u in the virtual TPM pooliCorresponding output port TPMi
(b) TPM generated by group administratoriThe authorization message is as follows: { (ID)group||ui||Δti),Δt′iWherein the identity of the group manager is IDgroup,ΔtiIndicating the time of request for the group administrator's processing, Δ ti' denotes the time of authorization of the TPM by the group administrator, uiRepresenting the port that the group administrator uses to handle this event.
(c) The group administrator calculates the value H according to the authorization message1As follows:
H1((IDgroup||ui||Δt),Δt′i)
(d) the group administrator then sends an authorization message to the cloud and sends alphaji,m′ijAnd H1Send to TPMi
Step four: generation of the verification tag:
(a) obtaining a blind data block m'ijThen, TPMiTo give m'ijAuthentication tag of'iThe following were used:
Figure BDA0002876064340000111
e.g. m'5Is generated as an authentication tag
Figure BDA0002876064340000112
Then, data File (m'ij,σ′i) And H1By TPMiAnd sending the data to a cloud server.
(b) Upon receipt of the authorization message of the corresponding group administrator and the corresponding TPM'is(m′ij,σ′i) Then, first, output port TPM is calculated by cloudi. If the message is only made by TPMiAt Δ ti' sent, then H to be computed by the cloud server1((IDgroup||ui||Δt),Δt′i) And TPMiCalculated H1((IDgroup||ui||Δt),Δt′i) A comparison is made. If the two are the same, the next algorithm is run, otherwise, execution is stopped.
Step five: checking of the verification tag:
computing a validation tag σ by a cloud serveriThe correctness of (2):
Figure BDA0002876064340000113
if the above equation is true, then (m ') is received and stored'ij,σ′i) Otherwise, rejecting.
Step six: and (3) data recovery, namely recovering blind data into real data:
based on k1Cloud server computing
Figure BDA0002876064340000114
And the real data is calculated using the following equation:
mij=m′iji
note that the true blind data validation tag σ is not computed herei. Finally, the cloud stores the real data block mi=(mi1,mi2,…,mis) And corresponding blind authenticator sigmai
Step seven: initiating a challenge
When a group administrator needs to audit the integrity of cloud server data, the cloud is challenged, and delta t is randomly selectediAs to TPMiWherein the input uiHas a transmission window of Δ ti. Group administrator through uiAt Δ tiTo TPMiSend audit grant command and will { IDgroup||uiAnd | Δ t } is sent to the cloud server as audit authorization information. When TPMiAfter receiving an authorization command of a group manager, executing an audit process, specifically as follows:
(a) by TPMiC blocks are randomly selected from all blocks sharing data, and an index of the selected block is denoted as L.
(b) By TPMiThe two random numbers o that are generated are,
Figure BDA0002876064340000121
and calculating X ═ go,R=gr
(c) By TPMiComputing
Figure BDA0002876064340000122
(d) By TPMiOutputting challenge information:
Figure BDA0002876064340000123
then, TPMiChallenge information CM is sent to the cloud.
Step eight: generating integrity evidence with a server:
after receiving the challenge information CM, the cloud server firstly bases on the { IDgroup||uiCalculate port TPM. The cloud server then verifies the authorization message IDgroup||ui| Δ t }. The cloud server generates a data integrity certification as follows:
(a) decomposing the subset L from the index set L1,…,LdWherein the TPMiSelected block and signed is Li
(b) Based on k1Cloud server computing
Figure BDA0002876064340000124
And calculating m 'from this'ij=mijiThen calculate
Figure BDA0002876064340000125
And for each subset L by the cloud serveriComputing
Figure BDA0002876064340000126
Wherein i is more than or equal to 1 and less than or equal to d and j is more than or equal to 1 and less than or equal to s.
(c) Computing by cloud server
Figure BDA0002876064340000131
And
Figure BDA0002876064340000132
integrity proofs are then generated as follows:
Prf={{wi}1≤i≤d,π}
finally sends it to TPMi
Step nine: and (3) evidence examination, wherein the TPM examines integrity evidence provided by the cloud server and verifies the correctness of the integrity evidence:
based on the received integrity proof and challenge message CM, the TPM verifies the correctness of the following formula:
Figure BDA0002876064340000133
herein, the
Figure BDA0002876064340000134
So it is equivalent to verification:
Figure BDA0002876064340000135
if the equation is True, the TPM outputs True, otherwise outputs False.

Claims (10)

1. A cloud storage audit data processing method is characterized by comprising the following steps:
s1, generating data according to the set parameters;
s2, carrying out blind processing on the generated data to obtain blind data;
s3, selecting a TPM for authorization from the virtual TPM pool according to the TPM management strategy, and calculating an authentication tag corresponding to the blind data by the authorized TPM within the authorization time of the blind data;
s4, the authorized TPM sends the blind data and the authentication tag to the cloud server; before receiving the messages, the cloud server checks whether the authorization of the TPM at the current time is valid;
if the authorization of the TPM is invalid, the cloud server does not store the data and returns a reply of invalid authorization to the TPM;
if authorization of the TPM is valid, the cloud server verifies correctness of the authentication tag, if the verification is correct, blind data are recovered, and the cloud server stores real data and the authentication tag corresponding to the blind data; if the verification is incorrect, rejecting; if the authorization of the TPM is invalid, the cloud server does not take any measures;
s5, when the data integrity of the cloud server is to be checked, the TPM initiates challenge information of integrity check to the cloud server;
s6, the cloud server generates a data integrity evidence according to the challenge information of the TPM;
s7, the TPM examines the integrity evidence provided by the cloud server and verifies the correctness of the integrity evidence.
2. The cloud storage audit data processing method according to claim 1, wherein step S1 specifically includes: by group administrator selecting a random
Figure FDA0002876064330000011
As private key of TPM, simultaneously calculating
Figure FDA0002876064330000012
βiFor TPMiPrivate key of, Zp *Is a prime number composed of non-zero elementsA domain;
random number selected by group administrator
Figure FDA0002876064330000013
Sending the information to the group members and the cloud server; k is a radical of1A random secret seed generated for a group of users using a pseudorandom function;
group administrator random selection
Figure FDA0002876064330000014
And calculate
Figure FDA0002876064330000015
And calculates TPM in the following manneriPublic key of (2):
Figure FDA0002876064330000016
αja random value alpha of the jth fragment of the corresponding data block;
group administrator selects interaction function f and function sequence fi' and sets an input transmission and output transmission window, and then transmits to the cloud server.
3. The cloud storage audit data processing method according to claim 2, wherein step S2 specifically includes: (a) random secret seed k1Blind factor for user computing group membership
Figure FDA0002876064330000021
Then calculates blind data block m'ij,m′ij=miji
(b) Upload data m'ijIs sent by the group member to the group administrator, who also calculates the hash (id)i,j) And will idi,j,m′ijSecurely sent to a group administrator, and then a new event is created by the group members; idi,jIs a blind data block m'ijIdentification information of (a);
(c) for new eventsUsing hash (id)i,j) Recording the event and broadcasting the event in the group; according to the same hash algorithm, the group administrator verifies the hash (id) after receiving the requesti,j) (ii) a If the verification passes, the group administrator will receive the blind data block m'ij
4. The method for processing cloud storage audit data according to claim 1, wherein in step S3, one TPM for authorization is selected from a virtual TPM pool according to a TPM management policy, specifically:
(a) according to the TPM management strategy, the group administrator calculates the input port u in the virtual TPM pooliCorresponding output port TPMi
(b) TPM generated by group administratoriThe authorization message is as follows: { (ID)group||ui||Δti),Δt′iWhere the identity of the group manager is IDgroup,ΔtiIndicating the time of request for the group administrator's processing, Δ ti' represents the time authorized by the group administrator for the TPM; u. ofiA port for handling this event on behalf of the group administrator;
(c) the group administrator calculates the value H according to the authorization message1As follows:
H1((IDgroup||ui||Δt),Δt′i);
(d) the group administrator sends an authorization message to the cloud server and sends alphaji,m′ijAnd H1Send to TPMi
Wherein alpha isjA TPM for a random value α corresponding to a jth fragment of a data block (used in generating a tag for a jth data block)iPrivate key of betaiFor TPMiThe private key of (2) for generating an authentication tag; m'ijAre blind data blocks.
5. The cloud storage audit data processing method according to claim 3, wherein in step S3, the specific process of calculating the corresponding authentication tag by the authorized TPM comprises the following steps:
(a) obtaining a blind data block m'ijThen, TPMiTo give m'ijAuthentication tag of'iThe following were used:
Figure FDA0002876064330000031
then, data File (m'ij,σ′i) And H1By TPMiSending the data to a cloud server;
(b) upon receipt of the authorization message of the corresponding group administrator and the corresponding TPM'is(m′ij,σ′i) Then, the output port TPM is calculated by the cloud server firsti
If the message is only made by TPMiAt Δ ti' sent, then H to be computed by the cloud server1((IDgroup||ui||Δt),Δt′i) And TPMiCalculated H1((IDgroup||ui||Δt),Δt′i) Comparing; if the two are the same, the next algorithm is run, otherwise, execution is stopped.
6. The cloud storage audit data processing method according to claim 3, wherein in step S4, the cloud server checks whether the authorization of the TPM at the current time is valid, and the specific process is as follows:
computing a validation tag σ by a cloud serveriThe correctness of (2):
Figure FDA0002876064330000032
if the above equation is true, then (m ') is received and stored'ij,σ′i) Otherwise, rejecting.
7. The cloud storage audit data processing method according to claim 3, wherein in step S4, the specific process of restoring the blind data to the real data is as follows:
based on k1Cloud server computing
Figure FDA0002876064330000033
And the real data is calculated using the following formula:
mij=m′iji
m'ijfor blind data blocks, αiBlind factors corresponding to the ith data block;
finally, the cloud stores the real data block mi=(mi1,mi2,…,mis) And corresponding authentication tag sigma of blind datai
8. The cloud storage audit data processing method according to claim 1, wherein step S6 specifically includes: when the group administrator needs to audit the integrity of the cloud server data, a challenge is initiated to the cloud server, and Δ t is randomly selectediAs to TPMiWherein the input uiHas a transmission window of Δ ti
Group administrator through uiAt Δ tiTo TPMiSend audit grant command and will { IDgroup||uiSending | Δ t } as audit authorization information to the cloud server;
when TPMiAfter receiving the authorization command, executing an audit process, specifically as follows:
(a) by TPMiRandomly selecting c blocks from all blocks sharing data, and representing the index of the selected block as L;
(b) by TPMiThe two random numbers o that are generated are,
Figure FDA0002876064330000041
and calculating X ═ go,R=gr
(c) By TPMiComputing
Figure FDA0002876064330000042
(d) By TPMiOutputting challenge information:
Figure FDA0002876064330000043
then, TPMiThe CM is sent to the cloud.
9. The cloud storage audit data processing method according to claim 3, wherein step S6 specifically includes: after receiving the challenge information, the cloud server firstly bases on the { ID }group||uiCalculating a TPM of a port; the cloud server then verifies the authorization message IDgroup||ui||Δt};
The cloud server generates a data integrity certification as follows:
(a) decomposing the subset L from the index set L1,…,LdWherein the TPMiSelected block and signed is Li
(b) Based on k1Cloud server computing
Figure FDA0002876064330000051
And calculating m 'from this'ij=mijiThen calculate
Figure FDA0002876064330000052
And for each subset L by the cloud serveriComputing
Figure FDA0002876064330000053
Wherein i is more than or equal to 1 and less than or equal to d and j is more than or equal to 1 and less than or equal to s;
(c) computing by cloud server
Figure FDA0002876064330000054
And
Figure FDA0002876064330000058
integrity proofs are then generated as follows:
Prf={{wi}1≤i≤d,π}
finally sends it to TPMi
10. The cloud storage audit data processing method according to claim 1, wherein step S7 specifically includes: based on the received integrity proof and challenge message, the TPM verifies the correctness of the following equation:
Figure FDA0002876064330000055
herein, the
Figure FDA0002876064330000056
1 ≦ i ≦ d, so it is equivalent to verify:
Figure FDA0002876064330000057
if the equation is True, the TPM outputs True, otherwise outputs False.
CN202011630060.3A 2020-12-30 2020-12-30 Cloud storage audit data processing method Pending CN112804209A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011630060.3A CN112804209A (en) 2020-12-30 2020-12-30 Cloud storage audit data processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011630060.3A CN112804209A (en) 2020-12-30 2020-12-30 Cloud storage audit data processing method

Publications (1)

Publication Number Publication Date
CN112804209A true CN112804209A (en) 2021-05-14

Family

ID=75808137

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011630060.3A Pending CN112804209A (en) 2020-12-30 2020-12-30 Cloud storage audit data processing method

Country Status (1)

Country Link
CN (1) CN112804209A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108400981A (en) * 2018-02-08 2018-08-14 陕西师范大学 The public cloud auditing system and method for lightweight and secret protection in smart city
CN110430046A (en) * 2019-07-18 2019-11-08 上海交通大学 A kind of credible platform module two stages phase-key replication mechanism towards cloud environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108400981A (en) * 2018-02-08 2018-08-14 陕西师范大学 The public cloud auditing system and method for lightweight and secret protection in smart city
CN110430046A (en) * 2019-07-18 2019-11-08 上海交通大学 A kind of credible platform module two stages phase-key replication mechanism towards cloud environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
井宣: ""云环境下外包数据的完整性验证技术研究"", 《中国知网硕士电子期刊》 *

Similar Documents

Publication Publication Date Title
CN107948143B (en) Identity-based privacy protection integrity detection method and system in cloud storage
US6178508B1 (en) System for controlling access to encrypted data files by a plurality of users
Yu et al. Improved security of a dynamic remote data possession checking protocol for cloud storage
CN109905247B (en) Block chain based digital signature method, device, equipment and storage medium
US20160269397A1 (en) Reissue of cryptographic credentials
Yu et al. Comments on “public integrity auditing for dynamic data sharing with multiuser modification”
CN113783700B (en) Authority and interest proving method and system capable of monitoring safety under fragmented block chain
MacKenzie et al. Delegation of cryptographic servers for capture-resilient devices
CN112000993B (en) Block chain-based data storage verification method, equipment and storage medium
CN111091380B (en) Block chain asset management method based on friend hidden verification
CN109600216B (en) Construction method of chameleon hash function with strong collision resistance
Orsini et al. How to recover a cryptographic secret from the cloud
CN109088850B (en) Lot cloud auditing method for positioning error files based on Lucas sequence
Gan et al. Online/offline remote data auditing with strong key-exposure resilience for cloud storage
Misbahuddin et al. A secure image-based authentication scheme employing DNA crypto and steganography
CN117077092A (en) Model property right protection method, device, storage medium and program product
CN112804209A (en) Cloud storage audit data processing method
Poorvadevi et al. Enhancing distributed data integrity verification scheme in cloud environment using machine learning approach
CN107046465B (en) Intrusion-tolerant cloud storage data auditing method
CN116318890A (en) Encryption technology method based on domestic password and enhanced key distributed remote sensing simulation platform
Sumathi Secure blockchain based data storage and integrity auditing in cloud
CN113949584A (en) Password authentication method for resisting password credential disclosure
CN113963468A (en) Unlocking code generation method and device
Husain et al. Novel Technique for Secure Keyless Car Authentication using Block-Chain System
Strelkovskaya et al. Two-factor authentication protocol in access control systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210514