CN112887281A - Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application - Google Patents

Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application Download PDF

Info

Publication number
CN112887281A
CN112887281A CN202110041527.9A CN202110041527A CN112887281A CN 112887281 A CN112887281 A CN 112887281A CN 202110041527 A CN202110041527 A CN 202110041527A CN 112887281 A CN112887281 A CN 112887281A
Authority
CN
China
Prior art keywords
protocol
file
client
data
copies
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110041527.9A
Other languages
Chinese (zh)
Other versions
CN112887281B (en
Inventor
姜涛
徐淑浩
陈婉清
郭钦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202110041527.9A priority Critical patent/CN112887281B/en
Publication of CN112887281A publication Critical patent/CN112887281A/en
Application granted granted Critical
Publication of CN112887281B publication Critical patent/CN112887281B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • G06F11/1453Management of the data involved in backup or backup restore using de-duplication of the data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • G06F11/1464Management of the backup or restore process for networked environments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Abstract

The invention belongs to the technical field of cloud storage safety, and discloses a storage method, a system and an application supporting efficient audit and multi-backup ciphertext deduplication
Figure DDA0002895517880000011
And
Figure DDA0002895517880000012
and assist the client in generating an encryption key for the file block;processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies; triggering a Get protocol when a client wants to download data; when the client wants to reduce the number of copies or Delete the outsourcing file thereof, a Delete protocol is triggered; the Attest protocol and the Verify protocol are used for assisting the verifier in verifying the integrity of data and copies in the cloud by the cloud user. The invention can effectively resist malicious attacks of all parties of the system including the cloud storage provider and ensure that the overall time delay of the system is acceptable.

Description

Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application
Technical Field
The invention belongs to the technical field of cloud storage safety, and particularly relates to a storage method, a system and application supporting efficient audit and multi-backup ciphertext deduplication.
Background
With continuous innovation and breakthrough of internet information technology, especially generation and development of IoT, artificial intelligence and cloud computing technology, data volume is increasing explosively, and cloud storage gradually becomes a trend of information storage. Cloud storage can provide users with cheap and convenient services such as data storage, access and seamless synchronization on different devices, and has become an indispensable part of people's daily life, so the cloud storage has been widely concerned by academia and industry. In recent years, researchers have invested a great deal of effort in designing encrypted storage solutions such as encrypted data deduplication, data availability certification, and data backup certification, respectively. Recent studies have shown that storage costs can be saved by more than 50% across user data deduplication in standard file systems and up to 90-95% in backup applications [ Dutch t.meyer and William j.bolosky.2012.a study of practical delivery. tos 7,4(2012),14: 1-14: 20 ]. Cloud Service Providers (CSPs) such as Dropbox, Google drive, and Amazon S3 rely heavily on client data deduplication to save storage and bandwidth costs.
Currently, the current state of the art commonly used in the industry is such that: to ensure that a File can only be accessed by a legitimate owner, researchers have been Converting Encryption (CE) [ John R. Douceur, Atul Adya, William J. Boloss, Dan Simon, and Marvin Themer.2002. Reclaiming Space from Dual Files in a service Distributed File System. in Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS' 02), Vienna, Austria, July 2-5,2002.IEEE Computer Society,617 and 624.]、Message-locked Encryption(MLE)[MihirBellare,Sriram Keelveedhi,and Thomas Ristenpart.2013.Message-Locked Encryption and Secure Deduplication.In Advances in Cryptology–EUROCRYPT 2013,32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques,Athens,Greece,May 26-30,2013.Proceedings(Lecture Notes in Computer Science),Thomas Johansson and Phong Q.Nguyen(Eds.),Vol.7881.Springer,296–312.]And their variant algorithms are used to support encrypted data deduplication across users. Since the profit-oriented cloud storage services CSP, for the purpose of great savings in storage costs, may take active Data deduplication rather than Data disaster preparation, trying to hide Data loss or corruption when encountering hardware/software failures, researchers have devised a number of storage solutions to verify the availability and reliability of Data in remote storage, such as Provable Data ownership (PDP) [ gigascope atteniese, random c.burns, Reza cutmortola, Joseph Herring, Lea Kissner, Zachary n.j.peterson, and Dawn xadion song 2007.Provable Data corruption at untrained storage, in Proceedings of the ACM and reference company and company, communication, ccharing, discovery, verification, vision, 35598, balance.]、[Ayad F.Barsoum and M.Anwar Hasan.2015.Provable Multicopy Dynamic Data Possession in Cloud Computing Systems.IEEE Trans.Information Forensics and Security 10,3(2015),485–497.]、[C.Christopher Erway,Alptekin
Figure BDA0002895517860000021
Charalampos Papamanthou,and Roberto Tamassia.2009.Dynamic provable data possession.In Proceedings of the 2009ACM Conference on Computer and Communications Security,CCS 2009,Chicago,Illinois,USA,November 9-13,2009,Ehab Al-Shaer,Somesh Jha,and Angelos D.Keromytis(Eds.).ACM,213–222.]Recoverable evidence (Proofs of Retrievability, POR) [ Frederik Armknecht, Jens-Matthias Bohli, Ghassan O.Karame, Zonggren Liu, and Christian A.Reuter.2014.Outsourced Proofs of Retrievability.In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security,Scottsdale,AZ,USA,November 3-7,2014,Gail-Joon Ahn,Moti Yung,and Ninghui Li(Eds.).ACM,831–843.]、[Hovav Shacham and Brent Waters.2008.Compact Proofs ofRetrievability.In Advances in Cryptology-ASIACRYPT 2008,14th International Conference on the Theory and Application of Cryptology and Information Security,Melbourne,Australia,December 7-11,2008.Proceedings(Lecture Notes in Computer Science),Josef Pieprzyk(Ed.),Vol.5350.Springer,90–107.]and Proof of copy (Proof of Replication) [ Ivan
Figure BDA0002895517860000031
Chaya Ganesh,and Claudio Orlandi.2019.Proofs of Replicated Storage Without Timing Assumptions.In Advances in Cryptology-CRYPTO 2019-39th Annual International Cryptology Conference,Santa Barbara,CA,USA,August 18-22,2019,Proceedings,Part I(Lecture Notes in Computer Science),Alexandra Boldyreva and Daniele Micciancio(Eds.),Vol.11692.Springer,355–380.]、[Iraklis Leontiadis and Reza Curtmola.2018.Secure Storage with Replication and Transparent Deduplication.In Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy,CODASPY 2018,Tempe,AZ,USA,March 19-21,2018,Ziming Zhao,Gail-JoonAhn,Ram Krishnan,and Gabriel Ghinita(Eds.).ACM,13–23.]。
Availability, efficiency and reliability are very important characteristics in cloud storage, however, most of these schemes set independent objectives, such as enabling a cloud service provider to deduplicate encrypted data, certify the integrity of stored data, and certify copies of data, with only one or two characteristics being guaranteed.
Through the above analysis, the problems and defects of the prior art are as follows: due to the contradiction between the security model of outsourced storage and the data backup-deduplication function, a technology that integrates the advantages of availability, efficiency, reliability and the like into the same cloud storage solution does not exist at present. The existing solutions cannot meet the requirements at the same time, and the existing solutions cannot be directly combined to meet the requirements of the existing cloud storage service.
The difficulty in solving the above problems and defects is: the method comprises the steps of designing a fine-grained ciphertext deduplication scheme supporting a user client, designing a data integrity auditing scheme in the cloud, designing a data multi-copy checking scheme in the cloud, and coordinating availability, efficiency and reliability functions to form a framework containing the three schemes.
The significance of solving the problems and the defects is as follows: the present invention addresses the above problems by devingbox, the first system to allow users to simultaneously perform data deduplication, multi-copy, and integrity audit in a storage system. The SharingBox excites a reliable and efficient cloud storage model, and joint storage allocation among users is achieved without affecting data confidentiality and system performance. Because the invention adopts the storage certification with novel public verifiable property and the MLE-style de-duplication encryption scheme, the computing, storing and bandwidth expenses of cloud users and servers are reduced. Meanwhile, the invention ensures that the file can only be accessed by the legal file owner and is safe for potential dishonest service providers.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a storage method, a system and application supporting efficient audit and multi-backup ciphertext deduplication.
The invention is realized in this way, a storage method supporting efficient audit and multi-backup ciphertext deduplication comprises the following steps:
SharingBox system is initialized according to Setup protocol
Figure BDA0002895517860000041
And
Figure BDA0002895517860000042
and assist the client in generating an encryption key for the file block;
processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies;
triggering a Get protocol when a client wants to download data;
when the client wants to reduce the number of copies or Delete the outsourcing file thereof, a Delete protocol is triggered;
the Attest protocol and the Verify protocol are used for assisting the verifier in verifying the integrity of data and copies in the cloud by the cloud user.
Further, the Setup protocol is used to initialize the SharingBox system, which is a set of key generation algorithms that calculate public and private keys for different participants; by running on the client
Figure BDA0002895517860000043
And
Figure BDA0002895517860000044
key generation algorithm of
Figure BDA0002895517860000045
To obtain
Figure BDA0002895517860000046
A pair of public and private keys, i.e.
Figure BDA0002895517860000047
At this time, the process of the present invention,
Figure BDA0002895517860000048
self-retaining
Figure BDA0002895517860000049
And will be
Figure BDA00028955178600000410
Disclosed is a method for producing a compound;
client terminal
Figure BDA00028955178600000411
With security parameter k, fileSet of blocks F ═ F1,...,fnR, a randomly selected set R ═ R1,...,rnAnd
Figure BDA00028955178600000412
of (2) a public key
Figure BDA00028955178600000413
As input, the key server side
Figure BDA00028955178600000414
With its private key
Figure BDA00028955178600000415
As input, the client
Figure BDA00028955178600000416
Output a pair of public and private keys
Figure BDA00028955178600000417
Integrity protection and verification for file F and outputting a symmetric key set through Server-aid key generation algorithm
Figure BDA00028955178600000418
For encryption and decryption, key server
Figure BDA00028955178600000419
A set of blind signatures Φ is output.
Figure BDA0002895517860000051
Secret preservation
Figure BDA0002895517860000052
And K, its own public key
Figure BDA0002895517860000053
Disclosed is a method for producing a synthetic resin:
Figure BDA0002895517860000054
in the Setup stage, the cloud storage server and the verifier can also perform initialization setting and maintenance on some public and private parameters for constructing a secure channel; the corresponding database of data stored in the cloud storage server also completes the initialization setup at this stage.
Further, the Put protocol is one in
Figure BDA0002895517860000055
And
Figure BDA0002895517860000056
an interactive protocol, a client running between
Figure BDA0002895517860000057
Confidentiality is protected in an encrypted manner, requiring F to store ξ copies to improve storage reliability; for the iota (1 ≦ iota ≦ ξ) copies,
Figure BDA0002895517860000058
using generated keys
Figure BDA0002895517860000059
Encrypting the ith (i is more than or equal to 1 and less than or equal to n) file block fiE.f as cipher text
Figure BDA00028955178600000510
Then calculate the authentication tag
Figure BDA00028955178600000511
To verify the integrity of the stored data, and finally both parties generate a file identifier
Figure BDA00028955178600000512
Acts as a unique handle to F;
Figure BDA00028955178600000513
Figure BDA00028955178600000514
finally uploading ciphertext set C ═ C1,...,Cξ}, identification
Figure BDA00028955178600000515
And Tag ═ Tag1,...,TagξTo give
Figure BDA00028955178600000516
Obtaining an access link of a file; before uploading
Figure BDA00028955178600000517
Will check if there are other users present
Figure BDA00028955178600000518
Thereon register idF
Figure BDA00028955178600000519
F and its copy and corresponding tag are deleted from the local disk.
Further, the Get protocol performs a download function, which allows
Figure BDA00028955178600000520
From
Figure BDA00028955178600000521
Download in
Figure BDA00028955178600000522
The stored file when
Figure BDA00028955178600000523
When it is desired to download F, the protocol is first initialized and sent to
Figure BDA00028955178600000524
File identification idFAnd the xth copy, upon receipt of the message,
Figure BDA00028955178600000525
first it is checked whether the database contains an entry
Figure BDA00028955178600000526
If so, further verification
Figure BDA00028955178600000527
Whether or not to register with
Figure BDA00028955178600000528
And x ≦ ξ, where ξ is the present
Figure BDA00028955178600000529
The number of copies maintained; if the authentication is passed through, the authentication is performed,
Figure BDA00028955178600000530
can pass idFFrom
Figure BDA00028955178600000531
Download CxAnd use of KxAnd decrypting to obtain the file F.
Figure BDA00028955178600000532
Further, the Delete protocol allows users to access the same
Figure BDA00028955178600000533
Delete a copy or cancel the registration of a particular file. When in use
Figure BDA00028955178600000534
When it is desired to delete the F,
Figure BDA00028955178600000535
sending File ID and number of copies IDFX to
Figure BDA00028955178600000536
Examination of
Figure BDA00028955178600000537
Whether or not id is registeredFAnd if the verification is passed, the verification module,
Figure BDA00028955178600000538
updating
Figure BDA00028955178600000539
In (1)
Figure BDA00028955178600000540
When xi-x > 0 is updated to
Figure BDA00028955178600000541
When xi-x is less than or equal to 0
Figure BDA00028955178600000542
Deletion in
Figure BDA00028955178600000543
If ξ -x > 0 and ξ -x is the maximum number of copies required by all registered users,
Figure BDA00028955178600000544
reduction of idFIs ξ -x if
Figure BDA00028955178600000545
Becomes empty, which means that no user is re-registered with the idF
Figure BDA00028955178600000546
Delete all related idsFThe whole contents of (A):
Figure BDA0002895517860000061
further, the Attest protocol operates between verifier v and prover
Figure BDA0002895517860000062
The function of the Attest protocol is two, on one hand, the function of allowing
Figure BDA0002895517860000063
Let v believe that the stored F is complete, v sends a challenge chal to
Figure BDA0002895517860000064
To check idFIn the presence of a gas, the integrity of,
Figure BDA0002895517860000065
calculating and returning a proof prof for further proof of the Verify protocol, formalized as:
Figure BDA0002895517860000066
on the other hand, in addition to file integrity, prof may also provide data integrity statements on different copies, which may let clients convince their copy stores.
Further, the Verify protocol checks the attestation prof generated by the Attest protocol, v executes the Verify protocol checks the attestation prof generated by the Attest protocol to ensure that
Figure BDA0002895517860000067
Where the file is stored with a specified number of copies and is complete, the protocol output accepts (b-1) or rejects (b-0) to indicate whether prof is validated:
b←Verify(idF,prof);
the Server-aid key generation scheme is a scheme for generating a Server-aid key at a client
Figure BDA0002895517860000068
And a key server
Figure BDA0002895517860000069
By the carelessness of the other partyA protocol based on BLS blind signature, rather than RSA assumption, whose main function is to generate an encryption key for the encrypted copy;
in the Setup phase, the first time the Setup phase,
Figure BDA00028955178600000610
a p-order cyclic group can be selected
Figure BDA00028955178600000611
And a computable bilinear map
Figure BDA00028955178600000612
Then, the user can use the device to perform the operation,
Figure BDA00028955178600000613
execute
Figure BDA00028955178600000614
Selecting a private key
Figure BDA00028955178600000615
And corresponding public key
Figure BDA00028955178600000616
Suppose that
Figure BDA00028955178600000617
Having file F ═ F1,...,fnH, will fi(1. ltoreq. i. ltoreq.n) is outsourced to
Figure BDA00028955178600000618
Before the start of the operation of the device,
Figure BDA00028955178600000619
computing
Figure BDA00028955178600000620
Random selection
Figure BDA00028955178600000621
By multiplying
Figure BDA00028955178600000630
Blinding hiThen the blinded values are compared
Figure BDA00028955178600000622
Is sent to
Figure BDA00028955178600000623
After receiving the message
Figure BDA00028955178600000624
Computing signatures
Figure BDA00028955178600000625
And is returned to
Figure BDA00028955178600000626
Will siDe-blinding and verification
Figure BDA00028955178600000631
The encryption key is then the Hash value of the de-blinded signature
Figure BDA00028955178600000627
The data deduplication and public auditing protocol DPA provides block-level data deduplication and can also provide public integrity auditing of outsourced data; client terminal
Figure BDA00028955178600000628
Encrypting an original file F to C using a server-assisted MLE scheme, where C is { C }1,...,cnIs the ciphertext of n blocks, where
Figure BDA00028955178600000629
And is p a large prime number, the DPA scheme comprises a set of algorithms: KeyGen, TagGen, Verify, Probe;
KeyGen(1k): by calling up this function, it is possible to,
Figure BDA0002895517860000071
generating a public and private key pair with random signature
Figure BDA0002895517860000072
Random selection
Figure BDA0002895517860000073
And calculate v ← gαThen the private key is
Figure BDA0002895517860000074
The public key is
Figure BDA0002895517860000075
Figure BDA0002895517860000076
Given C ═ C1,...,cn},
Figure BDA0002895517860000077
Calculating a file block identifier t0={τ1,...,τnTherein of
Figure BDA0002895517860000078
Selecting s random elements
Figure BDA0002895517860000079
Let t1=τ1|...|τn|n|u1|...|usLet us order
Figure BDA00028955178600000710
Is t1And its use in private keys
Figure BDA00028955178600000711
For each i, 1 ≦ i ≦ n, compute the signature tag:
Figure BDA00028955178600000712
Figure BDA00028955178600000713
resolve the public key into
Figure BDA00028955178600000714
Before sending the challenge, verifier v uses the public key
Figure BDA00028955178600000715
Verifying the signature in the t, and if the signature verification fails, sending 0 reject and stopping the protocol; otherwise, analyzing t to obtain t0N and { u1,...,us}. Randomly selecting a subset I of l elements in the set { 1.,. n }, and for each I ∈ I, selecting a random element
Figure BDA00028955178600000716
Let set { (i, v)i) Sending challenge chal to prover (server) for chal
Figure BDA00028955178600000717
Suppose that
Figure BDA00028955178600000718
In response to (2) contains
Figure BDA00028955178600000719
And
Figure BDA00028955178600000720
and (3) verification:
Figure BDA00028955178600000721
if yes, outputting 1, and if not, outputting 0;
Figure BDA00028955178600000722
consider C as { CijI is more than or equal to 1 and less than or equal to n, j is more than or equal to 1 and less than or equal to s and { sigma ≦iI is more than or equal to 1 and less than or equal to n. Suppose the message sent by verifier v is chal, with each i e 1, n]And are not repeated, each
Figure BDA00028955178600000723
v for 1. ltoreq. j. ltoreq. s
Figure BDA00028955178600000724
The prover sends the proof
Figure BDA00028955178600000725
To the verifier.
It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:
SharingBox system is initialized according to Setup protocol
Figure BDA00028955178600000726
And
Figure BDA00028955178600000727
and assist the client in generating an encryption key for the file block;
processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies;
triggering a Get protocol when a client wants to download data;
when the client wants to reduce the number of copies or Delete the outsourcing file thereof, a Delete protocol is triggered;
the Attest protocol and the Verify protocol are used for assisting the verifier in verifying the integrity of data and copies in the cloud by the cloud user.
Another object of the present invention is to provide a storage system supporting efficient audit and multi-backup ciphertext deduplication, which implements the storage method supporting efficient audit and multi-backup ciphertext deduplication, and the storage system supporting efficient audit and multi-backup ciphertext deduplication comprises:
the client uses the cloud storage service to store the data, and is used for blocking the file data, generating an encryption key, encrypting the file, generating a copy, constructing the file, uploading, downloading and deleting the data and the copy thereof, and checking whether the file stored in the cloud storage server is complete and whether a corresponding number of copies are reserved;
the key server is used for generating a pair of public and private keys to assist the client in generating a key of the encryptable file;
the cloud storage server is used for executing cross-user duplicate removal, storing the files and the copies uploaded by the client, and simultaneously ensuring the integrity and the reliability of the files, ensuring the data availability of all data owners and executing a deletion request of the client;
and the verifier is used for triggering the Attest protocol and the Verify protocol to periodically perform multi-copy data integrity audit for the client.
The invention also aims to provide a cloud storage security terminal, which is used for realizing the storage method supporting efficient audit and multi-backup ciphertext deduplication.
By combining all the technical schemes, the invention has the advantages and positive effects that: under the support of the public verification of a remote audit scheme and the safety guarantee of a cross-user data duplication removal encryption scheme, the invention provides a SharingBox to support the duplication removal of multi-backup fine-grained ciphertext data subjected to efficient audit, so that a cloud provider can effectively prove the integrity of the data stored on the cloud provider to a client. The SharingBox provided by the invention is a first scheme for allowing a user to simultaneously realize data deduplication, multiple copies and integrity audit in a storage system, and is a novel comprehensive safe cloud storage framework. The SharingBox provides a reliable and efficient cloud storage model, and joint storage allocation among users can be realized on the premise of not influencing data confidentiality and system performance. The SharingBox also provides fine-grained data deduplication, file multi-replication on the client, supports data integrity auditing, and can effectively resist curious or malicious system parties. The Sybil attack and the calculation attack on the copy storage by the dishonest server can be effectively dealt with. Theoretical analysis shows that, for cloud data storage, the SharingBox is efficient in storage, bandwidth, calculation and the like. The performance evaluation results of the shaningbox prototype system (as shown in fig. 6 and 7) show that the invention has good flexibility on the number of users and the number of files in the system, and the time overhead of the whole system is acceptable.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained from the drawings without creative efforts.
Fig. 1 is a flowchart of a storage method supporting efficient audit and multi-backup ciphertext deduplication according to an embodiment of the present invention.
FIG. 2 is a schematic structural diagram of a storage system supporting efficient audit and multi-backup ciphertext deduplication according to an embodiment of the present invention;
in fig. 2: 1. client (data owner); 2.a key server; 3. a cloud storage server; 4. a verifier (either party can act as a verifier).
Fig. 3 is a diagram of a Server-ordered key generation algorithm based on BLS signature according to an embodiment of the present invention.
Fig. 4 is a diagram of a PoW algorithm executed by a cloud server according to an embodiment of the present invention.
Fig. 5 is a specific flowchart of the Put protocol provided in the embodiment of the present invention.
FIG. 6 is a graph of the time spent by the KeyGen algorithm and the Get algorithm according to the embodiment of the present invention.
FIG. 7 is a diagram of testing time spent by the Put protocol provided by the embodiment of the invention;
in fig. 7: (a) indicating a case where no user uploads the same file, (b) indicating a case where there are 3 copies per file.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the problems in the prior art, the invention provides a storage method, a system and an application for supporting efficient audit and multi-backup ciphertext deduplication, and the invention is described in detail below with reference to the attached drawings.
As shown in fig. 1, the storage method supporting efficient audit and multi-backup ciphertext deduplication provided by the present invention includes the following steps:
s101: the SharingBox system initializes public and private parameters according to the Setup protocol and assists the client to generate an encryption key of the file block;
s102: processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies;
s103: triggering a Get protocol when a client wants to download data;
s104: triggering a Delete protocol when a client wants to reduce the number of copies and Delete a source file;
s105: the Attest protocol and Verify protocol are triggered when the verifier periodically performs a multi-copy data integrity audit for the client.
A person skilled in the art can also use other steps to implement the storage method supporting efficient audit and multi-backup ciphertext deduplication provided by the present invention, and the storage method supporting efficient audit and multi-backup ciphertext deduplication provided by the present invention in fig. 1 is only a specific embodiment.
As shown in fig. 2, the storage system supporting efficient audit and multi-backup ciphertext deduplication provided by the present invention includes:
the client (data owner) 1, wishing to store data using the cloud storage service, is used to block file data, generate encryption keys, encrypt files and generate copies, construct file uploads, download and delete data and their copies, check whether their files stored in the cloud storage server 3 are complete and whether a corresponding number of copies are retained.
And the key server 2 is used for generating a pair of public and private keys to assist the client 1 in generating the key of the encryptable file.
The cloud storage server 3 is used for executing cross-user deduplication, storing the files and the copies uploaded by the clients, and meanwhile, the integrity and the reliability of the files need to be guaranteed, the data availability of all data owners needs to be guaranteed, and the deletion requests of the clients need to be executed.
Verifier 4 (either party may act as a verifier) that triggers the Attest protocol and Verify protocol to periodically perform a multi-copy data integrity audit for the client.
The technical solution of the present invention is further described below with reference to the accompanying drawings.
The SharingBox system comprises a group of clients and a cloud storage server
Figure BDA0002895517860000111
Key server
Figure BDA0002895517860000112
And a verifier v. The work performed by each end in the SharingBox system is as shown in fig. 2, wherein the key server assists the client in generating an encryption key, the key server interacts with the client through a Setup protocol, the client first partitions file data, then encrypts the file through the key generated by the key server, and simultaneously generates a duplicate file, a file block ID, and an authentication tag. The client can also download and Delete the file stored by the client through a Get protocol and a Delete protocol. Because the audit is public, the client can also interact with the server through a Verify protocol to inquire whether the files stored by the client are completely available, safe and reliable and whether the number of the stored copies is correct. The cloud storage server interacts with the client through a Put protocol, and the method mainly executes cross-user deduplication before a user uploads a file, is responsible for storing the file and a copy uploaded by the client and needs to ensure the integrity of the fileThe reliability, and the deletion request in response to the client. The cloud storage server proves that the data of the cloud storage server is completely available to a reliable third-party audit center through an Attest protocol. The verifier carries out periodic inquiry to the cloud storage server for the client through the Verify protocol, and requires the client to prove that the stored data is complete and available, and at the moment, the cloud storage server is proved through the Attest protocol.
The core of the SharingBox system comprises a Setup operation, a Put operation, a Get operation, a Delete operation and an Attest and Veify additional protocol, and through the above operations and protocols, the multi-backup ciphertext data deduplication capable of being audited efficiently can be completed, so that a cloud provider can effectively prove the integrity of data stored on the cloud provider to a client. The SharingBox also provides fine-grained data deduplication, file multi-replication on the client, supports data integrity auditing, and is able to resist curious or malicious system parties. The relevant interactive protocols are as follows:
(1) setup protocol: in the Setup phase
Figure BDA0002895517860000121
First, a key generation algorithm is executed
Figure BDA0002895517860000122
Computing private keys
Figure BDA0002895517860000123
And public key
Figure BDA0002895517860000124
Then run Server-aid Key Generation Algorithm as in FIG. 3 to assist
Figure BDA0002895517860000125
And generating a server-ordered data block encryption key. In the same way as above, the first and second,
Figure BDA0002895517860000126
and
Figure BDA0002895517860000127
according to the DPA protocol (Deduplic)ate and Public audio Protocol) initialize their system parameters, which then use an asymmetric encryption scheme to generate a Public and private key pair for establishing an authenticated channel
Figure BDA0002895517860000128
Wherein
Figure BDA0002895517860000129
Figure BDA00028955178600001210
While
Figure BDA00028955178600001211
Finally, each party keeps the private key secret and publishes the public key.
(2) The Put protocol: when in use
Figure BDA00028955178600001212
To the direction of
Figure BDA00028955178600001213
An upload request is made, upload F ═ F1,...,fnAnd requires ξ copies to be stored into
Figure BDA00028955178600001214
When the temperature of the water is higher than the set temperature,
Figure BDA00028955178600001215
to the direction of
Figure BDA00028955178600001216
An upload request is made. Before the time of uploading, the user can upload the file,
Figure BDA00028955178600001217
and
Figure BDA00028955178600001218
first, a server-ordered key is calculated for each file block, as shown in FIG. 1, and the protocol outputs the key
Figure BDA00028955178600001219
Wherein
Figure BDA00028955178600001220
Then, for ki(1≤i≤n),
Figure BDA00028955178600001221
Computing
Figure BDA00028955178600001222
Wherein
Figure BDA00028955178600001223
Figure BDA00028955178600001224
For each of the blocks, the block is,
Figure BDA00028955178600001225
using a secret key
Figure BDA00028955178600001226
Encryption fiGenerating a ciphertext
Figure BDA00028955178600001227
Then the invention has K ═ K1,...,KξAnd
Figure BDA00028955178600001228
wherein
Figure BDA00028955178600001229
As such, for each block,
Figure BDA00028955178600001230
calculating unique Identification (ID)
Figure BDA00028955178600001231
Namely, it is
Figure BDA00028955178600001232
In the same way as above, the first and second,
Figure BDA00028955178600001233
computing file identification
Figure BDA00028955178600001234
Subsequently, the process of the present invention,
Figure BDA00028955178600001235
first by sending the file
Figure BDA00028955178600001236
And block
Figure BDA00028955178600001237
To give
Figure BDA00028955178600001238
Requesting all copies to be uploaded. Then, for
Figure BDA00028955178600001239
Check if there is a user already storing F, i.e.
Figure BDA00028955178600001240
Obviously, file-level data deduplication is best performed before block-level data deduplication for efficiency. Then, two situations can occur:
the file/block has not been stored. In this case, no client passes the index
Figure BDA00028955178600001241
Registered File ID as IDFThe file of (2). For convenience of analysis, the present invention assumes CιAll file blocks that are (0 ≦ iota ≦ ξ) have not been previously stored.
Figure BDA00028955178600001242
First of all execute
Figure BDA00028955178600001243
And calculate
Figure BDA00028955178600001244
And
Figure BDA00028955178600001245
then, the user can use the device to perform the operation,
Figure BDA00028955178600001246
upload to
Figure BDA00028955178600001247
To
Figure BDA00028955178600001248
After the receipt of the message, the user may,
Figure BDA0002895517860000131
issuing a timed URL grant
Figure BDA0002895517860000132
Uploading data to a server in a certain time
Figure BDA0002895517860000133
When the upload is finished, the upload is completed,
Figure BDA0002895517860000134
verifying all blocks
Figure BDA0002895517860000135
Matching its file ID. If all match, then
Figure BDA0002895517860000136
Will be provided with
Figure BDA0002895517860000137
By indexing
Figure BDA0002895517860000138
Is inserted into
Figure BDA0002895517860000139
In (1).If it is not
Figure BDA00028955178600001310
Does not exist, then is created before insertion, after registration of idFAfter that, the air conditioner is started to work,
Figure BDA00028955178600001311
the file/block is already stored. In this case, there is a case where the client has registered to the idFX (x ≧ 0) copies of (A). For each replica
Figure BDA00028955178600001312
As depicted in fig. 4
Figure BDA00028955178600001313
By sending challenges
Figure BDA00028955178600001314
Require proof of actual possession of Cl(PoW process). If the authentication is passed through, the authentication is performed,
Figure BDA00028955178600001315
by indexing
Figure BDA00028955178600001316
Registration
Figure BDA00028955178600001317
To idFAnd returns an ACK to
Figure BDA00028955178600001318
After the upload process of all the copies is finished,
Figure BDA00028955178600001319
files that can be deleted locally only keep idFThe corresponding decryption key and the number of duplicates ξ.
(3) The Get protocol: when in use
Figure BDA00028955178600001320
When it is desired to download F, the protocol is first initialized and sent to
Figure BDA00028955178600001321
File identification idFAnd the sixteenth copy: (
Figure BDA00028955178600001322
Commit { id }Fξ to
Figure BDA00028955178600001323
). After the receipt of the message, the user may,
Figure BDA00028955178600001324
first look at database checks
Figure BDA00028955178600001325
Whether or not to register to idF. If so, the mobile terminal can be started,
Figure BDA00028955178600001326
generating a timing
Figure BDA00028955178600001327
Allow for
Figure BDA00028955178600001328
The requested file is downloaded. At the slave
Figure BDA00028955178600001329
Receive CξAfter that, the air conditioner is started to work,
Figure BDA00028955178600001330
decipher and recombine to get F ═ F1,...,fnTherein of
Figure BDA00028955178600001331
(4) The Delete protocol: allow for
Figure BDA00028955178600001332
Delete his outsourced files or reduce the number of duplicates. When in use
Figure BDA00028955178600001333
Want to slave idFWhen x duplicates are deleted, notification is made
Figure BDA00028955178600001334
From
Figure BDA00028955178600001335
Removing a user
Figure BDA00028955178600001336
And idFThe associated replicas.
Figure BDA00028955178600001337
First, check
Figure BDA00028955178600001338
Whether or not id is registeredFAnd obtains the number of copies ξ currently stored.
Figure BDA00028955178600001339
Subtracting the user
Figure BDA00028955178600001340
And idFX replicas of the correlation, S from if ξ -x ≦ 0
Figure BDA00028955178600001341
Removing a user
Figure BDA00028955178600001342
If ξ -x > 0 and ξ -x is the maximum number of copies required by all registered users,
Figure BDA00028955178600001343
by deleting and
Figure BDA00028955178600001344
the associated duplicates reduce storage. Such asIf no user is registered to idFThen, then
Figure BDA00028955178600001345
Deleting
Figure BDA00028955178600001346
(5) Attest protocol: for verifier v to verify the integrity of the data copy for the cloud user. Let the server-ordered processed file be Cl={c ij1 ≦ i ≦ n, 1 ≦ j ≦ s, and { σ ≦ si},1≤i≤n。
Verifier V in set [1, n ]]In the method, a subset I of l elements is randomly selected, and for each I belonging to the I, a random element is selected
Figure BDA00028955178600001347
V then executes the pro protocol of DPA and sends to
Figure BDA00028955178600001348
One containing the document to be authenticated
Figure BDA00028955178600001349
And a set of l elements { (i, v)i) Challenge chal.
On receipt of a challenge, as described in the Prov protocol
Figure BDA0002895517860000141
Computing
Figure BDA0002895517860000142
And
Figure BDA0002895517860000143
finally, the process is carried out in a batch,
Figure BDA0002895517860000144
sending a certificate
Figure BDA0002895517860000145
In return to v.
(6) The Verify protocol: allowing v-authentication
Figure BDA0002895517860000146
Importance of returned certification. Is receiving
Figure BDA0002895517860000147
When replying to (v) first verifies tlIf the signature is correct, v is from tlMiddle recovery t0,n,{u1,...,usAnd checking
Figure BDA0002895517860000148
Whether or not this is true. If true, the output b equals 1 indicating that the current memory is present
Figure BDA0002895517860000149
Is complete, otherwise the output b is 0.
The technical effects of the present invention will be described in detail with reference to simulations.
The invention realizes the SharingBox by simulation and evaluates the performance of the SharingBox in detail, realizes the prototype system of the SharingBox by using the C/C + + language and OpenSSL and PBC code libraries, and stores the metadata information related to each file by using the MySQL database as a back-end data storage system. The invention simulates a client, a key server, a verifier and a cloud server on four independent machines, and the client, the key server, the verifier and the cloud server all operate on a system with a CPU of 3.10GHz Intel Core i9-9900 and a memory of 16GB Ubuntu 16.04 LTS. The communication bandwidth of the wired connection between the two is set to be 100Mbps, and Socket is adopted for communication. Fig. 6 and 7 show the evaluation results of the present invention. The invention also uses a plurality of computers as clients, uploads, downloads and integrally audits a large number of files on the same server host to evaluate the overall performance of the system, and simulates various malicious behaviors of tampering, destroying or reducing copies and the like of the server. Typically, clients can recover and audit their files correctly, but once the server makes any malicious activity, the audit fails. Experimental results show that the time overhead of the system is acceptable.
It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A storage method supporting efficient audit and multi-backup ciphertext deduplication is characterized by comprising the following steps:
SharingBox system is initialized according to Setup protocol
Figure FDA0002895517850000011
And
Figure FDA0002895517850000012
and assist the client in generating an encryption key for the file block;
processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies;
triggering a Get protocol when a client wants to download data;
when the client wants to reduce the number of copies or Delete the outsourcing file thereof, a Delete protocol is triggered;
the Attest protocol and the Verify protocol are used for assisting the verifier in verifying the integrity of data and copies in the cloud by the cloud user.
2. The storage method supporting efficient auditing and multi-backup ciphertext deduplication of claim 1, wherein the Setup protocol is used to initialize a SharingBox system, which is a set of key generation algorithms that compute public and private keys for different participants; by running on the client
Figure FDA0002895517850000013
And
Figure FDA0002895517850000014
key generation algorithm of
Figure FDA0002895517850000015
To obtain
Figure FDA0002895517850000016
A pair of public and private keys, i.e.
Figure FDA0002895517850000017
At this time, the process of the present invention,
Figure FDA0002895517850000018
self-retaining
Figure FDA0002895517850000019
And will be
Figure FDA00028955178500000110
Disclosed is a method for producing a compound;
client terminal
Figure FDA00028955178500000111
With security parameter k, file block set F ═ F1,...,fnR, a randomly selected set R ═ R1,...,rnAnd
Figure FDA00028955178500000112
of (2) a public key
Figure FDA00028955178500000113
As input, the key server side
Figure FDA00028955178500000114
With its private key
Figure FDA00028955178500000115
As input, the client
Figure FDA00028955178500000116
Output a pair of public and private keys
Figure FDA00028955178500000117
Integrity protection and verification for file F and outputting a symmetric key set through Server-aid key generation algorithm
Figure FDA00028955178500000118
For encryption and decryption, key server
Figure FDA00028955178500000119
A set of blind signatures phi is output,
Figure FDA00028955178500000120
secret preservation
Figure FDA00028955178500000121
And K, its own public key
Figure FDA00028955178500000122
Disclosed is a method for producing a synthetic resin:
Figure FDA00028955178500000123
Figure FDA00028955178500000124
in the Setup stage, the cloud storage server and the verifier can also perform initialization setting and maintenance on some public and private parameters for constructing a secure channel; the corresponding database of data stored in the cloud storage server also completes the initialization setup at this stage.
3. The storage method supporting efficient audit and multi-backup ciphertext de-duplication according to claim 1, wherein the Put protocol is one in
Figure FDA0002895517850000021
And
Figure FDA0002895517850000022
an interactive protocol, a client running between
Figure FDA0002895517850000023
Confidentiality is protected in an encrypted manner, requiring F to store ξ copies to improve storage reliability; for the iota (1 ≦ iota ≦ ξ) copies,
Figure FDA0002895517850000024
using generated keys
Figure FDA0002895517850000025
Encrypting the ith (i is more than or equal to 1 and less than or equal to i) file block fiE.f as cipher text
Figure FDA0002895517850000026
Then calculate the authentication tag
Figure FDA0002895517850000027
To verify the integrity of the stored data, and finally both parties generate a file identifier
Figure FDA0002895517850000028
Acts as a unique handle to F;
Put:
Figure FDA0002895517850000029
Figure FDA00028955178500000210
finally uploading ciphertext set C ═ C1,...,Cξ}, identification
Figure FDA00028955178500000211
And a label
Figure FDA00028955178500000212
To give
Figure FDA00028955178500000213
Obtaining an access link of a file; before uploading
Figure FDA00028955178500000214
Will check if there are other users present
Figure FDA00028955178500000215
Thereon register idF
Figure FDA00028955178500000216
F and its copy and corresponding tag are deleted from the local disk.
4. The storage method supporting efficient auditing and multi-backup ciphertext deduplication of claim 1, wherein the Get protocol performs a download function that allows for
Figure FDA00028955178500000217
From
Figure FDA00028955178500000218
Download in
Figure FDA00028955178500000219
The stored file when
Figure FDA00028955178500000220
When it is desired to download F, the protocol is first initialized and sent to
Figure FDA00028955178500000221
File identification idFAnd the xth copy, upon receipt of the message,
Figure FDA00028955178500000222
first it is checked whether the database contains an entry
Figure FDA00028955178500000223
If so, further verification
Figure FDA00028955178500000224
Whether or not to register with
Figure FDA00028955178500000225
And x is less than or equal to xiWhere ξ is the current
Figure FDA00028955178500000226
The number of copies maintained; if the authentication is passed through, the authentication is performed,
Figure FDA00028955178500000227
can pass idFFrom
Figure FDA00028955178500000228
Download CxAnd use of KxDecrypting to obtain a file F;
Get:
Figure FDA00028955178500000229
5. the storage method supporting efficient auditing and multi-backup ciphertext deduplication of claim 1, wherein the Delete protocol allows a user to
Figure FDA00028955178500000230
Delete copies or de-register particular files when
Figure FDA00028955178500000231
When it is desired to delete the F,
Figure FDA00028955178500000232
sending File ID and number of copies IDFX to
Figure FDA00028955178500000233
Figure FDA00028955178500000234
Examination of
Figure FDA00028955178500000235
Whether or not id is registeredFIf it is verifiedBy passing through the above-mentioned air-conditioner,
Figure FDA00028955178500000236
updating
Figure FDA00028955178500000237
In (1)
Figure FDA00028955178500000238
When xi-x > 0 is updated to
Figure FDA00028955178500000239
When xi-x is less than or equal to 0
Figure FDA00028955178500000240
Deletion in
Figure FDA00028955178500000241
If ξ -x > 0 and ξ -x is the maximum number of copies required by all registered users,
Figure FDA00028955178500000242
reduction of idFIs ξ -x if
Figure FDA00028955178500000243
Becomes empty, which means that no user is re-registered with the idF
Figure FDA00028955178500000244
Delete all related idsFThe whole contents of (A):
Delete:
Figure FDA00028955178500000245
6. the storage method supporting efficient audit and multi-backup ciphertext deduplication of claim 1, wherein the Attest protocol is run at a verifier
Figure FDA00028955178500000246
And a prover
Figure FDA00028955178500000247
The function of the Attest protocol is two, on one hand, the function of allowing
Figure FDA0002895517850000031
Let
Figure FDA0002895517850000032
It is believed that the stored F is complete,
Figure FDA0002895517850000033
sending a challenge chal to
Figure FDA0002895517850000034
To check idFIn the presence of a gas, the integrity of,
Figure FDA0002895517850000035
calculating and returning a proof prof for further proof of the Verify protocol, formalized as:
Attest:
Figure FDA0002895517850000036
on the other hand, in addition to file integrity, prof may also provide data integrity statements on different copies, which may let clients convince their copy stores.
7. The storage method supporting efficient auditing and multi-backup ciphertext deduplication of claim 1, wherein the Verify protocol checks a proof prof generated by the Attest protocol,
Figure FDA0002895517850000037
executing Verify protocolChecking the attestation prof generated by the Attest protocol to ensure that it is in
Figure FDA0002895517850000038
Where the file is stored with a specified number of copies and is complete, the protocol output accepts (b-1) or rejects (b-0) to indicate whether prof is validated:
b←Verify(idF,prof);
the Server-aid key generation scheme is a scheme for generating a Server-aid key at a client
Figure FDA0002895517850000039
And a key server
Figure FDA00028955178500000310
Based on BLS blind signature, rather than RSA assumptions, its primary function is to generate an encryption key for the encrypted copy;
in the Setup phase, the first time the Setup phase,
Figure FDA00028955178500000311
a p-order cyclic group can be selected
Figure FDA00028955178500000312
And a computable bilinear pair map e:
Figure FDA00028955178500000313
then, the user can use the device to perform the operation,
Figure FDA00028955178500000314
execute
Figure FDA00028955178500000315
Selecting a private key
Figure FDA00028955178500000316
And corresponding public key
Figure FDA00028955178500000317
Suppose that
Figure FDA00028955178500000318
Having file F ═ F1,...,fnH, will fi(1. ltoreq. i. ltoreq.n) is outsourced to
Figure FDA00028955178500000319
Before the start of the operation of the device,
Figure FDA00028955178500000320
computing
Figure FDA00028955178500000321
Random selection
Figure FDA00028955178500000322
By multiplying
Figure FDA00028955178500000323
Blinding hiThen the blinded values are compared
Figure FDA00028955178500000324
Is sent to
Figure FDA00028955178500000325
After receiving the message
Figure FDA00028955178500000326
Computing signatures
Figure FDA00028955178500000327
And is returned to
Figure FDA00028955178500000328
Figure FDA00028955178500000329
Will siDe-blinding and verification
Figure FDA00028955178500000330
The encryption key is then the Hash value of the de-blinded signature
Figure FDA00028955178500000331
The data deduplication and public auditing protocol DPA provides block-level data deduplication and can also provide public integrity auditing of outsourced data; client terminal
Figure FDA00028955178500000332
Encrypting an original file F to C using a server-assisted MLE scheme, where C is { C }1,...,cnIs the ciphertext of n blocks, where
Figure FDA00028955178500000333
And is p a large prime number, the DPA scheme comprises a set of algorithms: KeyGen, TagGen, Verify, Probe;
KeyGen(1k): by calling up this function, it is possible to,
Figure FDA00028955178500000334
generating a public and private key pair with random signature
Figure FDA00028955178500000335
Figure FDA00028955178500000336
Random selection
Figure FDA0002895517850000041
And calculate v ← gαThen the private key is
Figure FDA0002895517850000042
The public key is
Figure FDA0002895517850000043
Figure FDA0002895517850000044
Given C ═ C1,...,cn},
Figure FDA0002895517850000045
Calculating a file block identifier t0={τ1,...,τnTherein of
Figure FDA0002895517850000046
Selecting s random elements
Figure FDA0002895517850000047
Let t1=τ1|...|τn|n|u1|...|usLet us order
Figure FDA0002895517850000048
Is t1And its use in private keys
Figure FDA0002895517850000049
For each i, 1 ≦ i ≦ n, compute the signature tag:
Figure FDA00028955178500000410
Figure FDA00028955178500000411
resolve the public key into
Figure FDA00028955178500000412
Before sending the challenge, the verifier
Figure FDA00028955178500000413
Using public keys
Figure FDA00028955178500000414
Verifying the signature in the t, and if the signature verification fails, sending 0 reject and stopping the protocol; otherwise, analyzing t to obtain t0N and { u1,...,usAnd selecting a subset I of l elements randomly from the set { 1.. multidot.n }, and selecting a random element for each I ∈ I
Figure FDA00028955178500000415
Let set { (i, v)i) Sending challenge chal to prover (server) for chal
Figure FDA00028955178500000416
Suppose that
Figure FDA00028955178500000417
In response to (2) contains
Figure FDA00028955178500000418
And
Figure FDA00028955178500000419
and (3) verification:
Figure FDA00028955178500000420
if yes, outputting 1, and if not, outputting 0;
Figure FDA00028955178500000421
handle C*Viewed as { cijI is more than or equal to 1 and less than or equal to n, j is more than or equal to 1 and less than or equal to s and { sigma ≦i1 ≦ i ≦ n, assumed by verifier
Figure FDA00028955178500000422
Medicine for eliminating hairFor chal, each i ∈ [1, n ]]And are not repeated, each
Figure FDA00028955178500000423
Figure FDA00028955178500000424
For j is more than or equal to 1 and less than or equal to s
Figure FDA00028955178500000425
The prover sends a proof Prof { { μ { (mu)1,...,μs},
Figure FDA00028955178500000426
To the verifier.
8. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of:
SharingBox system is initialized according to Setup protocol
Figure FDA00028955178500000427
And
Figure FDA00028955178500000428
and assist the client in generating an encryption key for the file block;
processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies;
triggering a Get protocol when a client wants to download data;
when the client wants to reduce the number of copies or Delete the outsourcing file thereof, a Delete protocol is triggered;
the Attest protocol and the Verify protocol are used for assisting the verifier in verifying the integrity of data and copies in the cloud by the cloud user.
9. A storage system supporting efficient audit and multi-backup ciphertext deduplication, which implements the storage method supporting efficient audit and multi-backup ciphertext deduplication as claimed in any one of claims 1 to 7, wherein the storage system supporting efficient audit and multi-backup ciphertext deduplication comprises:
the client uses the cloud storage service to store the data, and is used for blocking the file data, generating an encryption key, encrypting the file, generating a copy, constructing the file, uploading, downloading and deleting the data and the copy thereof, and checking whether the file stored in the cloud storage server is complete and whether a corresponding number of copies are reserved;
the key server is used for generating a pair of public and private keys to assist the client in generating a key of the encryptable file;
the cloud storage server is used for executing cross-user duplicate removal, storing the files and the copies uploaded by the client, and simultaneously ensuring the integrity and the reliability of the files, ensuring the data availability of all data owners and executing a deletion request of the client;
and the verifier is used for triggering the Attest protocol and the Verify protocol to periodically perform multi-copy data integrity audit for the client.
10. A cloud storage security terminal is characterized in that the cloud storage security terminal is used for realizing the storage method supporting efficient audit and multi-backup ciphertext deduplication as claimed in any one of claims 1 to 7.
CN202110041527.9A 2021-01-13 2021-01-13 Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application Active CN112887281B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110041527.9A CN112887281B (en) 2021-01-13 2021-01-13 Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110041527.9A CN112887281B (en) 2021-01-13 2021-01-13 Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application

Publications (2)

Publication Number Publication Date
CN112887281A true CN112887281A (en) 2021-06-01
CN112887281B CN112887281B (en) 2022-04-29

Family

ID=76045288

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110041527.9A Active CN112887281B (en) 2021-01-13 2021-01-13 Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application

Country Status (1)

Country Link
CN (1) CN112887281B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115225409A (en) * 2022-08-31 2022-10-21 成都泛联智存科技有限公司 Cloud data safety deduplication method based on multi-backup joint verification

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104917609A (en) * 2015-05-19 2015-09-16 华中科技大学 Efficient and safe data deduplication method and efficient and safe data deduplication system based on user perception
CN105939191A (en) * 2016-07-08 2016-09-14 南京理工大学 Client secure deduplication method of ciphertext data in cloud storage
CN107483585A (en) * 2017-08-18 2017-12-15 西安电子科技大学 The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment
CA2936106A1 (en) * 2016-07-14 2018-01-14 Mirza Kamaludeen Encrypted data - data integrity verification and auditing system
CN107800688A (en) * 2017-09-28 2018-03-13 南京理工大学 A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption
CN109104276A (en) * 2018-07-31 2018-12-28 如般量子科技有限公司 A kind of cloud storage method of controlling security and system based on pool of keys
CN110677487A (en) * 2019-09-30 2020-01-10 陕西师范大学 Outsourcing data duplicate removal cloud storage method supporting privacy and integrity protection
CN110750796A (en) * 2019-08-28 2020-02-04 广东工业大学 Encrypted data duplication removing method supporting public audit

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104917609A (en) * 2015-05-19 2015-09-16 华中科技大学 Efficient and safe data deduplication method and efficient and safe data deduplication system based on user perception
CN105939191A (en) * 2016-07-08 2016-09-14 南京理工大学 Client secure deduplication method of ciphertext data in cloud storage
CA2936106A1 (en) * 2016-07-14 2018-01-14 Mirza Kamaludeen Encrypted data - data integrity verification and auditing system
CN107483585A (en) * 2017-08-18 2017-12-15 西安电子科技大学 The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment
CN107800688A (en) * 2017-09-28 2018-03-13 南京理工大学 A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption
CN109104276A (en) * 2018-07-31 2018-12-28 如般量子科技有限公司 A kind of cloud storage method of controlling security and system based on pool of keys
CN110750796A (en) * 2019-08-28 2020-02-04 广东工业大学 Encrypted data duplication removing method supporting public audit
CN110677487A (en) * 2019-09-30 2020-01-10 陕西师范大学 Outsourcing data duplicate removal cloud storage method supporting privacy and integrity protection

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
HOU, HY ETAL;: "Enabling secure auditing and deduplicating data without owner-relationship exposure in cloud storage", 《SPRINGER》 *
T. YOUN ETAL;: "Efficient Client-Side Deduplication of Encrypted Data With Public Auditing in Cloud Storage", 《IEEE》 *
贡坚等: "客户端密文去重方案的新设计", 《小型微型计算机系统》 *
郎为民等: "大数据中心云存储系统安全数据去重问题", 《电信快报》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115225409A (en) * 2022-08-31 2022-10-21 成都泛联智存科技有限公司 Cloud data safety deduplication method based on multi-backup joint verification

Also Published As

Publication number Publication date
CN112887281B (en) 2022-04-29

Similar Documents

Publication Publication Date Title
Guo et al. Outsourced dynamic provable data possession with batch update for secure cloud storage
Armknecht et al. Transparent data deduplication in the cloud
Barsoum et al. Provable multicopy dynamic data possession in cloud computing systems
Yuan et al. Secure cloud data deduplication with efficient re-encryption
Yang et al. Provable data possession of resource-constrained mobile devices in cloud computing
Jin et al. Dynamic and public auditing with fair arbitration for cloud data
Zhu et al. Cooperative provable data possession for integrity verification in multicloud storage
US11184168B2 (en) Method for storing data on a storage entity
Peng et al. Efficient, dynamic and identity-based remote data integrity checking for multiple replicas
Zhao et al. Distributed machine learning oriented data integrity verification scheme in cloud computing environment
Giri et al. A survey on data integrity techniques in cloud computing
Guo et al. Dynamic proof of data possession and replication with tree sharing and batch verification in the cloud
Bakas et al. Multi-client symmetric searchable encryption with forward privacy
Ma et al. CP-ABE-based secure and verifiable data deletion in cloud
Tu et al. Privacy-preserving outsourced auditing scheme for dynamic data storage in cloud
Yu et al. Veridedup: A verifiable cloud data deduplication scheme with integrity and duplication proof
Wu et al. Robust and auditable distributed data storage with scalability in edge computing
Xie et al. A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices
Mishra et al. MPoWS: Merged proof of ownership and storage for block level deduplication in cloud storage
Vasilopoulos et al. Message-locked proofs of retrievability with secure deduplication
CN112887281B (en) Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application
Sun et al. Public data integrity auditing without homomorphic authenticators from indistinguishability obfuscation
Armknecht et al. Sharing proofs of retrievability across tenants
Xu et al. A generic integrity verification algorithm of version files for cloud deduplication data storage
Bharat et al. A Secured and Authorized Data Deduplication in Hybrid Cloud with Public Auditing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant