CN112887281B - Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application - Google Patents
Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application Download PDFInfo
- Publication number
- CN112887281B CN112887281B CN202110041527.9A CN202110041527A CN112887281B CN 112887281 B CN112887281 B CN 112887281B CN 202110041527 A CN202110041527 A CN 202110041527A CN 112887281 B CN112887281 B CN 112887281B
- Authority
- CN
- China
- Prior art keywords
- protocol
- file
- data
- client
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
- G06F11/1453—Management of the data involved in backup or backup restore using de-duplication of the data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
- G06F11/1464—Management of the backup or restore process for networked environments
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The invention belongs to the technical field of cloud storage safety, and discloses a storage method, a system and an application supporting efficient audit and multi-backup ciphertext deduplicationAndand assist the client in generating an encryption key for the file block; processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies; triggering a Get protocol when a client wants to download data; when the client wants to reduce the number of copies or Delete the outsourcing file thereof, a Delete protocol is triggered; the Attest protocol and the Verify protocol are used for assisting the verifier in verifying the integrity of data and copies in the cloud by the cloud user. The invention can effectively resist malicious attacks of all parties of the system including the cloud storage provider and ensure that the overall time delay of the system is acceptable.
Description
Technical Field
The invention belongs to the technical field of cloud storage safety, and particularly relates to a storage method, a system and application supporting efficient audit and multi-backup ciphertext deduplication.
Background
With continuous innovation and breakthrough of internet information technology, especially generation and development of IoT, artificial intelligence and cloud computing technology, data volume is increasing explosively, and cloud storage gradually becomes a trend of information storage. Cloud storage can provide users with cheap and convenient services such as data storage, access and seamless synchronization on different devices, and has become an indispensable part of people's daily life, so the cloud storage has been widely concerned by academia and industry. In recent years, researchers have invested a great deal of effort in designing encrypted storage solutions such as encrypted data deduplication, data availability certification, and data backup certification, respectively. Recent studies have shown that storage costs can be saved by more than 50% across user data deduplication in standard file systems and up to 90-95% in backup applications [ Dutch t.meyer and William j.bolosky.2012.a study of practical delivery. tos 7,4(2012),14: 1-14: 20 ]. Cloud Service Providers (CSPs) such as Dropbox, Google drive, and Amazon S3 rely heavily on client data deduplication to save storage and bandwidth costs.
Currently, the current state of the art commonly used in the industry is such that: to ensure that a File can only be accessed by a legitimate owner, researchers have been Converting Encryption (CE) [ John R. Douceur, Atul Adya, William J. Boloss, Dan Simon, and Marvin Themer.2002. Reclaiming Space from Dual Files in a service Distributed File System. in Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS' 02), Vienna, Austria, July 2-5,2002.IEEE Computer Society,617 and 624.]、Message-locked Encryption(MLE)[MihirBellare,Sriram Keelveedhi,and Thomas Ristenpart.2013.Message-Locked Encryption and Secure Deduplication.In Advances in Cryptology–EUROCRYPT 2013,32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques,Athens,Greece,May 26-30,2013.Proceedings(Lecture Notes in Computer Science),Thomas Johansson and Phong Q.Nguyen(Eds.),Vol.7881.Springer,296–312.]And their variant algorithms are used to support encrypted data deduplication across users. Since the CSP of the cloud storage service for profit-oriented purposes may take active Data deduplication rather than Data disaster recovery for great savings in storage costs, trying to hide Data loss or corruption when a hardware/software failure is encountered, researchers have devised many storage solutions to verify the availability and reliability of Data in remote storage, such as Provable Data ownership (Provable Data Pos), in maintaining Data integrity and providing multiple copiessession,PDP)[Giuseppe Ateniese,Randal C.Burns,Reza Curtmola,Joseph Herring,Lea Kissner,Zachary N.J.Peterson,and Dawn Xiaodong Song.2007.Provable datapossession at untrusted stores.In Proceedings of the 2007ACM Conference on Computer and Communications Security,CCS 2007,Alexandria,Virginia,USA,October 28-31,2007,Peng Ning,Sabrina De Capitani di Vimercati,and Paul F.Syverson(Eds.).ACM,598–609.]、[Ayad F.Barsoum and M.Anwar Hasan.2015.Provable Multicopy Dynamic Data Possession in Cloud Computing Systems.IEEE Trans.Information Forensics and Security 10,3(2015),485–497.]、[C.Christopher Erway,AlptekinCharalampos Papamanthou,and Roberto Tamassia.2009.Dynamic provable data possession.In Proceedings of the 2009ACM Conference on Computer and Communications Security,CCS 2009,Chicago,Illinois,USA,November 9-13,2009,Ehab Al-Shaer,Somesh Jha,and Angelos D.Keromytis(Eds.).ACM,213–222.]The proof of recoverability (Proofs of Retrievability, POR) [ Fredenik arms knecht, Jens-Matthias Bohli, Ghassan O.Karame, Zonggren Liu, and Christian A.Reuter.2014.Outsoured Proofs of Retrievability. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scotsdale, AZ, USA, November 3-7,2014, Gail-Joon Ahn, Moyung, and Ninghui Li (Eds.). ACM, 831-.]、[Hovav Shacham and Brent Waters.2008.Compact Proofs ofRetrievability.In Advances in Cryptology-ASIACRYPT 2008,14th International Conference on the Theory and Application of Cryptology and Information Security,Melbourne,Australia,December 7-11,2008.Proceedings(Lecture Notes in Computer Science),Josef Pieprzyk(Ed.),Vol.5350.Springer,90–107.]And Proof of copy (Proof of Replication) [ IvanChaya Ganesh,and Claudio Orlandi.2019.Proofs of Replicated Storage Without Timing Assumptions.In Advances in Cryptology-CRYPTO 2019-39th Annual International Cryptology Conference,Santa Barbara,CA,USA,August 18-22,2019,Proceedings,Part I(Lecture Notes in Computer Science),Alexandra Boldyreva and Daniele Micciancio(Eds.),Vol.11692.Springer,355–380.]、[Iraklis Leontiadis and Reza Curtmola.2018.Secure Storage with Replication and Transparent Deduplication.In Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy,CODASPY 2018,Tempe,AZ,USA,March 19-21,2018,Ziming Zhao,Gail-JoonAhn,Ram Krishnan,and Gabriel Ghinita(Eds.).ACM,13–23.]。
Availability, efficiency and reliability are very important characteristics in cloud storage, however, most of these schemes set independent objectives, such as enabling a cloud service provider to deduplicate encrypted data, certify the integrity of stored data, and certify copies of data, with only one or two characteristics being guaranteed.
Through the above analysis, the problems and defects of the prior art are as follows: due to the contradiction between the security model of outsourced storage and the data backup-deduplication function, a technology that integrates the advantages of availability, efficiency, reliability and the like into the same cloud storage solution does not exist at present. The existing solutions cannot meet the requirements at the same time, and the existing solutions cannot be directly combined to meet the requirements of the existing cloud storage service.
The difficulty in solving the above problems and defects is: the method comprises the steps of designing a fine-grained ciphertext deduplication scheme supporting a user client, designing a data integrity auditing scheme in the cloud, designing a data multi-copy checking scheme in the cloud, and coordinating availability, efficiency and reliability functions to form a framework containing the three schemes.
The significance of solving the problems and the defects is as follows: the present invention addresses the above problems by devingbox, the first system to allow users to simultaneously perform data deduplication, multi-copy, and integrity audit in a storage system. The SharingBox excites a reliable and efficient cloud storage model, and joint storage allocation among users is achieved without affecting data confidentiality and system performance. Because the invention adopts the storage certification with novel public verifiable property and the MLE-style de-duplication encryption scheme, the computing, storing and bandwidth expenses of cloud users and servers are reduced. Meanwhile, the invention ensures that the file can only be accessed by the legal file owner and is safe for potential dishonest service providers.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a storage method, a system and application supporting efficient audit and multi-backup ciphertext deduplication.
The invention is realized in this way, a storage method supporting efficient audit and multi-backup ciphertext deduplication comprises the following steps:
SharingBox system is initialized according to Setup protocolAndand assist the client in generating an encryption key for the file block;
processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies;
triggering a Get protocol when a client wants to download data;
when the client wants to reduce the number of copies or Delete the outsourcing file thereof, a Delete protocol is triggered;
the Attest protocol and the Verify protocol are used for assisting the verifier in verifying the integrity of data and copies in the cloud by the cloud user.
Further, the Setup protocol is used to initialize the SharingBox system, which is a set of key generation algorithms that calculate public and private keys for different participants; by running on the clientAndkey generation algorithm ofTo obtainA pair of public and private keys, i.e.At this time, the process of the present invention,self-retainingAnd will beDisclosed is a method for producing a compound;
client terminalWith security parameter k, file block set F ═ F1,...,fnR, a randomly selected set R ═ R1,...,rnAndof (2) a public keyAs input, the key server sideWith its private keyAs input, the clientOutput a pair of public and private keysIntegrity protection and verification for file F and outputting a symmetric key set through Server-aid key generation algorithmFor encryption and decryption, key serverA set of blind signatures Φ is output.Secret preservationAnd K, its own public keyDisclosed is a method for producing a synthetic resin:
in the Setup stage, the cloud storage server and the verifier can also perform initialization setting and maintenance on some public and private parameters for constructing a secure channel; the corresponding database of data stored in the cloud storage server also completes the initialization setup at this stage.
Further, the Put protocol is one inAndan interactive protocol, a client running betweenConfidentiality is protected in an encrypted manner, requiring F to store ξ copies toThe storage reliability is improved; for the iota (1 ≦ iota ≦ ξ) copies,using generated keysEncrypting the ith (i is more than or equal to 1 and less than or equal to n) file block fiE.f as cipher textThen calculate the authentication tagTo verify the integrity of the stored data, and finally both parties generate a file identifierActs as a unique handle to F;
finally uploading ciphertext set C ═ C1,...,Cξ}, identificationAnd Tag ═ Tag1,...,TagξTo giveObtaining an access link of a file; before uploadingWill check if there are other users presentThereon register idF,F and its copy and corresponding tag are deleted from the local disk.
Further, the Get protocol performs a download function, which allowsFromDownload inThe stored file whenWhen it is desired to download F, the protocol is first initialized and sent toFile identification idFAnd the xth copy, upon receipt of the message,first it is checked whether the database contains an entryIf so, further verificationWhether or not to register withAnd x ≦ ξ, where ξ is the presentThe number of copies maintained; if the authentication is passed through, the authentication is performed,can pass idFFromDownload CxAnd use of KxAnd decrypting to obtain the file F.
Further, the Delete protocol allows users to access the sameDelete a copy or cancel the registration of a particular file. When in useWhen it is desired to delete the F,sending File ID and number of copies IDFX toExamination ofWhether or not id is registeredFAnd if the verification is passed, the verification module,updatingIn (1)When xi-x > 0 is updated toWhen xi-x is less than or equal to 0Deletion inIf ξ -x > 0 and ξ -x is the maximum number of copies required by all registered users,reduction of idFIs ξ -x ifBecomes empty, which means that no user is re-registered with the idF,Delete all related idsFThe whole contents of (A):
further, the Attest protocol operates between verifier v and proverThe function of the Attest protocol is two, on one hand, the function of allowingLet v believe that the stored F is complete, v sends a challenge chal toTo check idFIn the presence of a gas, the integrity of,calculating and returning a proof prof for further proof of the Verify protocol, formalized as:
on the other hand, in addition to file integrity, prof may also provide data integrity statements on different copies, which may let clients convince their copy stores.
Further, the Verify protocol checks the attestation prof generated by the Attest protocol, v executes the Verify protocol checks the attestation prof generated by the Attest protocol to ensure thatWhere the file is stored with a specified number of copies and is complete, the protocol output accepts (b-1) or rejects (b-0) to indicate whether prof is validated:
b←Verify(idF,prof);
the Server-aid key generation scheme is a scheme for generating a Server-aid key at a clientAnd a key serverBased on BLS blind signature, rather than RSA assumptions, its primary function is to generate an encryption key for the encrypted copy;
in the Setup phase, the first time the Setup phase,a p-order cyclic group can be selectedAnd a computable bilinear mapThen, the user can use the device to perform the operation,executeSelecting a private keyAnd corresponding public keySuppose thatHaving file F ═ F1,...,fnH, will fi(1. ltoreq. i. ltoreq.n) is outsourced toBefore the start of the operation of the device,computingRandom selectionBy multiplyingBlinding hiThen the blinded values are comparedIs sent toAfter receiving the messageComputing signaturesAnd is returned toWill siRemove blindness andauthenticationThe encryption key is then the Hash value of the de-blinded signature
The data deduplication and public auditing protocol DPA provides block-level data deduplication and can also provide public integrity auditing of outsourced data; client terminalEncrypting an original file F to C using a server-assisted MLE scheme, where C is { C }1,...,cnIs the ciphertext of n blocks, whereAnd is p a large prime number, the DPA scheme comprises a set of algorithms: KeyGen, TagGen, Verify, Probe;
KeyGen(1k): by calling up this function, it is possible to,generating a public and private key pair with random signatureRandom selectionAnd calculate v ← gαThen the private key isThe public key is Given C ═ C1,...,cn},Calculating a file block identifier t0={τ1,...,τnTherein ofSelecting s random elementsLet t1=τ1|...|τn|n|u1|...|usLet us orderIs t1And its use in private keysFor each i, 1 ≦ i ≦ n, compute the signature tag:
resolve the public key intoBefore sending the challenge, verifier v uses the public keyVerifying the signature in the t, and if the signature verification fails, sending 0 reject and stopping the protocol; otherwise, analyzing t to obtain t0N and { u1,...,us}. Randomly selecting a subset I of l elements in the set { 1.,. n }, and for each I ∈ I, selecting a random elementLet set { (i, v)i) Is chal, andsending challenge chal to prover (server)
if yes, outputting 1, and if not, outputting 0;
consider C as { CijI is more than or equal to 1 and less than or equal to n, j is more than or equal to 1 and less than or equal to s and { sigma ≦iI is more than or equal to 1 and less than or equal to n. Suppose the message sent by verifier v is chal, with each i e 1, n]And are not repeated, eachv for 1. ltoreq. j. ltoreq. sThe prover sends the proofTo the verifier.
It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:
SharingBox system is initialized according to Setup protocolAndand assist the client in generating an encryption key for the file block;
processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies;
triggering a Get protocol when a client wants to download data;
when the client wants to reduce the number of copies or Delete the outsourcing file thereof, a Delete protocol is triggered;
the Attest protocol and the Verify protocol are used for assisting the verifier in verifying the integrity of data and copies in the cloud by the cloud user.
Another object of the present invention is to provide a storage system supporting efficient audit and multi-backup ciphertext deduplication, which implements the storage method supporting efficient audit and multi-backup ciphertext deduplication, and the storage system supporting efficient audit and multi-backup ciphertext deduplication comprises:
the client uses the cloud storage service to store the data, and is used for blocking the file data, generating an encryption key, encrypting the file, generating a copy, constructing the file, uploading, downloading and deleting the data and the copy thereof, and checking whether the file stored in the cloud storage server is complete and whether a corresponding number of copies are reserved;
the key server is used for generating a pair of public and private keys to assist the client in generating a key of the encryptable file;
the cloud storage server is used for executing cross-user duplicate removal, storing the files and the copies uploaded by the client, and simultaneously ensuring the integrity and the reliability of the files, ensuring the data availability of all data owners and executing a deletion request of the client;
and the verifier is used for triggering the Attest protocol and the Verify protocol to periodically perform multi-copy data integrity audit for the client.
The invention also aims to provide a cloud storage security terminal, which is used for realizing the storage method supporting efficient audit and multi-backup ciphertext deduplication.
By combining all the technical schemes, the invention has the advantages and positive effects that: under the support of the public verification of a remote audit scheme and the safety guarantee of a cross-user data duplication removal encryption scheme, the invention provides a SharingBox to support the duplication removal of multi-backup fine-grained ciphertext data subjected to efficient audit, so that a cloud provider can effectively prove the integrity of the data stored on the cloud provider to a client. The SharingBox provided by the invention is a first scheme for allowing a user to simultaneously realize data deduplication, multiple copies and integrity audit in a storage system, and is a novel comprehensive safe cloud storage framework. The SharingBox provides a reliable and efficient cloud storage model, and joint storage allocation among users can be realized on the premise of not influencing data confidentiality and system performance. The SharingBox also provides fine-grained data deduplication, file multi-replication on the client, supports data integrity auditing, and can effectively resist curious or malicious system parties. The Sybil attack and the calculation attack on the copy storage by the dishonest server can be effectively dealt with. Theoretical analysis shows that, for cloud data storage, the SharingBox is efficient in storage, bandwidth, calculation and the like. The performance evaluation results of the shaningbox prototype system (as shown in fig. 6 and 7) show that the invention has good flexibility on the number of users and the number of files in the system, and the time overhead of the whole system is acceptable.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained from the drawings without creative efforts.
Fig. 1 is a flowchart of a storage method supporting efficient audit and multi-backup ciphertext deduplication according to an embodiment of the present invention.
FIG. 2 is a schematic structural diagram of a storage system supporting efficient audit and multi-backup ciphertext deduplication according to an embodiment of the present invention;
in fig. 2: 1. client (data owner); 2.a key server; 3. a cloud storage server; 4. a verifier (either party can act as a verifier).
Fig. 3 is a diagram of a Server-ordered key generation algorithm based on BLS signature according to an embodiment of the present invention.
Fig. 4 is a diagram of a PoW algorithm executed by a cloud server according to an embodiment of the present invention.
Fig. 5 is a specific flowchart of the Put protocol provided in the embodiment of the present invention.
FIG. 6 is a graph of the time spent by the KeyGen algorithm and the Get algorithm according to the embodiment of the present invention.
FIG. 7 is a diagram of testing time spent by the Put protocol provided by the embodiment of the invention;
in fig. 7: (a) indicating a case where no user uploads the same file, (b) indicating a case where there are 3 copies per file.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the problems in the prior art, the invention provides a storage method, a system and an application for supporting efficient audit and multi-backup ciphertext deduplication, and the invention is described in detail below with reference to the attached drawings.
As shown in fig. 1, the storage method supporting efficient audit and multi-backup ciphertext deduplication provided by the present invention includes the following steps:
s101: the SharingBox system initializes public and private parameters according to the Setup protocol and assists the client to generate an encryption key of the file block;
s102: processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies;
s103: triggering a Get protocol when a client wants to download data;
s104: triggering a Delete protocol when a client wants to reduce the number of copies and Delete a source file;
s105: the Attest protocol and Verify protocol are triggered when the verifier periodically performs a multi-copy data integrity audit for the client.
A person skilled in the art can also use other steps to implement the storage method supporting efficient audit and multi-backup ciphertext deduplication provided by the present invention, and the storage method supporting efficient audit and multi-backup ciphertext deduplication provided by the present invention in fig. 1 is only a specific embodiment.
As shown in fig. 2, the storage system supporting efficient audit and multi-backup ciphertext deduplication provided by the present invention includes:
the client (data owner) 1, wishing to store data using the cloud storage service, is used to block file data, generate encryption keys, encrypt files and generate copies, construct file uploads, download and delete data and their copies, check whether their files stored in the cloud storage server 3 are complete and whether a corresponding number of copies are retained.
And the key server 2 is used for generating a pair of public and private keys to assist the client 1 in generating the key of the encryptable file.
The cloud storage server 3 is used for executing cross-user deduplication, storing the files and the copies uploaded by the clients, and meanwhile, the integrity and the reliability of the files need to be guaranteed, the data availability of all data owners needs to be guaranteed, and the deletion requests of the clients need to be executed.
Verifier 4 (either party may act as a verifier) that triggers the Attest protocol and Verify protocol to periodically perform a multi-copy data integrity audit for the client.
The technical solution of the present invention is further described below with reference to the accompanying drawings.
The present invention SharingBox System bagComprises a group of clients and a cloud storage serverKey serverAnd a verifier v. The work performed by each end in the SharingBox system is as shown in fig. 2, wherein the key server assists the client in generating an encryption key, the key server interacts with the client through a Setup protocol, the client first partitions file data, then encrypts the file through the key generated by the key server, and simultaneously generates a duplicate file, a file block ID, and an authentication tag. The client can also download and Delete the file stored by the client through a Get protocol and a Delete protocol. Because the audit is public, the client can also interact with the server through a Verify protocol to inquire whether the files stored by the client are completely available, safe and reliable and whether the number of the stored copies is correct. The cloud storage server interacts with the client through a Put protocol, and the method mainly executes cross-user deduplication before a user uploads a file, is responsible for storing the file and a copy uploaded by the client, and needs to ensure the integrity and reliability of the file and respond to a deletion request of the client. The cloud storage server proves that the data of the cloud storage server is completely available to a reliable third-party audit center through an Attest protocol. The verifier carries out periodic inquiry to the cloud storage server for the client through the Verify protocol, and requires the client to prove that the stored data is complete and available, and at the moment, the cloud storage server is proved through the Attest protocol.
The core of the SharingBox system comprises a Setup operation, a Put operation, a Get operation, a Delete operation and an Attest and Veify additional protocol, and through the above operations and protocols, the multi-backup ciphertext data deduplication capable of being audited efficiently can be completed, so that a cloud provider can effectively prove the integrity of data stored on the cloud provider to a client. The SharingBox also provides fine-grained data deduplication, file multi-replication on the client, supports data integrity auditing, and is able to resist curious or malicious system parties. The relevant interactive protocols are as follows:
(1) setup protocol: in the Setup phaseFirst, a key generation algorithm is executedComputing private keysAnd public keyThen run Server-aid Key Generation Algorithm as in FIG. 3 to assistAnd generating a server-ordered data block encryption key. In the same way as above, the first and second,andinitialize their system parameters according to the DPA Protocol (Deduplidate and Public Audio Protocol), then they use asymmetric encryption scheme to generate Public and private key pairs for establishing authenticated channelsWherein WhileFinally, each party keeps the private key secret and publishes the public key.
(2) The Put protocol: when in useTo the direction ofAn upload request is made, upload F ═ F1,...,fnAnd requires ξ copies to be stored intoWhen the temperature of the water is higher than the set temperature,to the direction ofAn upload request is made. Before the time of uploading, the user can upload the file,andfirst, a server-ordered key is calculated for each file block, as shown in FIG. 1, and the protocol outputs the keyWhereinThen, for ki(1≤i≤n),ComputingWherein For each of the blocks, the block is,using a secret keyEncryption fiGenerating a ciphertextThen the invention has K ═ K1,...,KξAndwhereinAs such, for each block,calculating unique Identification (ID)Namely, it isIn the same way as above, the first and second,computing file identificationSubsequently, the process of the present invention,first by sending the fileAnd blockTo giveRequest upload of all serviesThe method is as follows. Then, forCheck if there is a user already storing F, i.e.Obviously, file-level data deduplication is best performed before block-level data deduplication for efficiency. Then, two situations can occur:
the file/block has not been stored. In this case, no client passes the indexRegistered File ID as IDFThe file of (2). For convenience of analysis, the present invention assumes CιAll file blocks that are (0 ≦ iota ≦ ξ) have not been previously stored.First of all executeAnd calculateAndthen, the user can use the device to perform the operation,upload toToAfter the receipt of the message, the user may,issuing a timed URL grantUploading data to a server in a certain timeWhen the upload is finished, the upload is completed,verifying all blocksMatching its file ID. If all match, thenWill be provided withBy indexingIs inserted intoIn (1). If it is notDoes not exist, then is created before insertion, after registration of idFAfter that, the air conditioner is started to work,
the file/block is already stored. In this case, there is a case where the client has registered to the idFX (x ≧ 0) copies of (A). For each replicaAs depicted in fig. 4By sending challengesRequire proof of actual possession of Cl(PoW process). If the authentication is passed through, the authentication is performed,by indexingRegistrationTo idFAnd returns an ACK toAfter the upload process of all the copies is finished,files that can be deleted locally only keep idFThe corresponding decryption key and the number of duplicates ξ.
(3) The Get protocol: when in useWhen it is desired to download F, the protocol is first initialized and sent toFile identification idFAnd the sixteenth copy: (Commit { id }Fξ to). After the receipt of the message, the user may,first look at database checksWhether to registerTo idF. If so, the mobile terminal can be started,generating a timingAllow forThe requested file is downloaded. At the slaveReceive CξAfter that, the air conditioner is started to work,decipher and recombine to get F ═ F1,...,fnTherein of
(4) The Delete protocol: allow forDelete his outsourced files or reduce the number of duplicates. When in useWant to slave idFWhen x duplicates are deleted, notification is madeFromRemoving a userAnd idFThe associated replicas.First, checkWhether or not id is registeredFAnd obtains the number of copies ξ currently stored.Subtracting the userAnd idFX replicas of the correlation, S from if ξ -x ≦ 0Removing a userIf ξ -x > 0 and ξ -x is the maximum number of copies required by all registered users,by deleting andthe associated duplicates reduce storage. If no user is registered to the idFThen, thenDeleting
(5) Attest protocol: for verifier v to verify the integrity of the data copy for the cloud user. Let the server-ordered processed file be Cl={c ij1 ≦ i ≦ n, 1 ≦ j ≦ s, and { σ ≦ si},1≤i≤n。
Verifier V in set [1, n ]]In the method, a subset I of l elements is randomly selected, and for each I belonging to the I, a random element is selectedThen v Prov to perform DPAe protocol, sent toOne containing the document to be authenticatedAnd a set of l elements { (i, v)i) Challenge chal.
On receipt of a challenge, as described in the Prov protocolComputingAndfinally, the process is carried out in a batch,sending a certificateIn return to v.
(6) The Verify protocol: allowing v-authenticationImportance of returned certification. Is receivingWhen replying to (v) first verifies tlIf the signature is correct, v is from tlMiddle recovery t0,n,{u1,...,usAnd checking
Whether or not this is true. If true, the output b equals 1 indicating that the current memory is presentIs complete, otherwise the output b is 0.
The technical effects of the present invention will be described in detail with reference to simulations.
The invention realizes the SharingBox by simulation and evaluates the performance of the SharingBox in detail, realizes the prototype system of the SharingBox by using the C/C + + language and OpenSSL and PBC code libraries, and stores the metadata information related to each file by using the MySQL database as a back-end data storage system. The invention simulates a client, a key server, a verifier and a cloud server on four independent machines, and the client, the key server, the verifier and the cloud server all operate on a system with a CPU of 3.10GHz Intel Core i9-9900 and a memory of 16GB Ubuntu 16.04 LTS. The communication bandwidth of the wired connection between the two is set to be 100Mbps, and Socket is adopted for communication. Fig. 6 and 7 show the evaluation results of the present invention. The invention also uses a plurality of computers as clients, uploads, downloads and integrally audits a large number of files on the same server host to evaluate the overall performance of the system, and simulates various malicious behaviors of tampering, destroying or reducing copies and the like of the server. Typically, clients can recover and audit their files correctly, but once the server makes any malicious activity, the audit fails. Experimental results show that the time overhead of the system is acceptable.
It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.
Claims (3)
1. A storage method supporting efficient audit and multi-backup ciphertext deduplication is characterized by comprising the following steps:
SharingBox system is initialized according to Setup protocolAndand assist the client in generating an encryption key for the file block;
processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies;
triggering a Get protocol when a client wants to download data;
when the client wants to reduce the number of copies or Delete the outsourcing file thereof, a Delete protocol is triggered;
the Attest protocol and the Verify protocol are used for assisting the verifier in verifying the integrity of the data and the copy in the cloud by the cloud user;
the Setup protocol is used for initializing a SharingBox system, which is a group of key generation algorithms for calculating public and private keys for different participants; by running on the clientAndkey generation algorithm ofTo obtainA pair of public and private keys, i.e.At this time, the process of the present invention,self-retainingAnd will beDisclosed is a method for producing a compound;
client terminalWith security parameter k, file block set F ═ F1,...,fnR, a randomly selected set R ═ R1,...,rnAndof (2) a public keyAs input, the key server sideWith its private keyAs input, the clientOutput a pair of public and private keysFor integrity protection and verification of file F and outputting a symmetric key set through Server-aid key generation algorithmFor encryption and decryption, key serverA set of blind signatures phi is output,secret preservationAnd K, its own public keyDisclosed is a method for producing a synthetic resin:
in the Setup stage, the cloud storage server and the verifier can also perform initialization setting and maintenance on some public and private parameters for constructing a secure channel; the corresponding database of the data stored in the cloud storage server also completes initialization setting at this stage;
the Put protocol is one inAndan interactive protocol, a client running betweenConfidentiality is protected in an encrypted manner, requiring F to store ξ copies to improve storage reliability; for the firstThe number of copies is such that,using generated keysEncrypting the ith (i is more than or equal to 1 and less than or equal to n) file block fiE.f as cipher textThen calculate the authentication tagTo verify the integrity of the stored data, and finally both parties generate a file identifierActs as a unique handle to F;
finally uploading ciphertext set C ═ C1,...,Cξ}, identificationAnd Tag ═ Tag1,...,TagξTo giveObtaining an access link of a file; before uploadingWill check if there are other users presentThereon register idF,F, a copy of the F and a corresponding tag are deleted from the local disk;
the Get protocol performs a download function that allowsFromDownload inThe stored file whenWhen it is desired to download F, the protocol is first initialized and sent toFile identification idFAnd the xth copy, upon receipt of the message,first it is checked whether the database contains an entryIf so, further verificationWhether or not to register withAnd x ≦ ξ, where ξ is the presentThe number of copies maintained; if the authentication is passed through, the authentication is performed,can pass idFFromDownload CxAnd use of KxDecrypting to obtain a file F;
the Delete protocol allows users to access the dataDelete copies or de-register particular files whenWhen it is desired to delete the F,sending File ID and number of copies IDFX to Examination ofWhether or not id is registeredFAnd if the verification is passed, the verification module,updatingIn (1)When xi-x > 0 is updated toWhen xi-x is less than or equal to 0Deletion inIf ξ -x > 0 and ξ -x is the maximum number of copies required by all registered users,reduction of idFIs ξ -x ifBecomes empty, which means that no user is re-registered with the idF,Delete all related idsFThe whole contents of (A):
the Attest protocol is run at the verifierAnd a proverThe function of the Attest protocol is two, on one hand, the function of allowingLetIt is believed that the stored F is complete,sending a challenge chal toTo check idFIn the presence of a gas, the integrity of,calculating and returning a proof prof for further proof of the Verify protocol, formalized as:
on the other hand, besides file integrity, prof may also provide data integrity statements on different copies, which may let clients convince their copy storage;
the Verify protocol checks the proof prof generated by the Attest protocol,the Verify protocol is executed to check the proof prof generated by the Attest protocol to ensure that it is inWhere the file is stored with a specified number of copies and is complete, the protocol output accepts (b-1) or rejects (b-0) to indicate whether prof is validated:
b←Verify(idF,prof);
the Server-aid key generation algorithm is a method for generating a Server-aid key at a clientAnd a key serverBased on BLS blind signature, rather than RSA assumptions, its primary function is to generate an encryption key for the encrypted copy;
in the Setup phase, the first time the Setup phase,a p-order cyclic group can be selectedAnd a computable bilinear pair map e:then, the user can use the device to perform the operation,executeSelecting a private keyAnd corresponding public keySuppose thatHaving file F ═ F1,...,fnH, will fi(1. ltoreq. i. ltoreq.n) is outsourced toBefore the start of the operation of the device,computingRandom selectionBy multiplyingBlinding hiThen the blinded values are comparedIs sent toAfter receiving the messageComputing signaturesAnd is returned to Will siDe-blinding and verificationThe encryption key is then the Hash value of the de-blinded signature
The data deduplication and public auditing protocol DPA provides block-level data deduplication and can also provide public integrity auditing of outsourced data; client terminalEncrypting an original file F to C using a server-assisted MLE scheme, where C is { C }1,...,cnIs the ciphertext of n blocks, whereAnd is p a large prime number, the DPA scheme comprises a set of algorithms: KeyGen, TagGen, Verify, Probe;
KeyGen(1k): by calling up this function, it is possible to,generating a public and private key pair with random signature Random selectionAnd calculate v ← gαThen the private key isThe public key is Given C ═ C1,...,cn},Calculating a file block identifier t0={τ1,...,τnTherein ofSelecting s random elementsLet t1=τ1|...|τn||n||u1|...|usLet us orderIs t1And its use in private keysFor each i, 1 ≦ i ≦ n, compute the signature tag:
resolve the public key intoBefore sending the challenge, the verifierUsing public keysVerifying the signature in the t, and if the signature verification fails, sending 0 reject and stopping the protocol; otherwise, analyzing t to obtain t0N and { u1,…,usAnd selecting a subset I of l elements randomly from the set { 1.. multidot.n }, and selecting a random element for each I ∈ ILet set { (i, v)i) Sending challenge chal to prover server
if yes, outputting 1, and if not, outputting 0;
handle C*Viewed as { cijI is more than or equal to 1 and less than or equal to n, j is more than or equal to 1 and less than or equal to s and { sigma ≦i1 ≦ i ≦ n, assumed by verifierThe sent message is chal, and each i belongs to [1, n ]]And are not repeated, each For j is more than or equal to 1 and less than or equal to s The prover sends a proof Prof { { μ { (mu)1,...,μs},σ,To the verifier.
2.A computer device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the storage method of claim 1 supporting efficient auditing and multiple backup ciphertext deduplication.
3. A storage system supporting efficient audit and multi-backup ciphertext deduplication implementing the storage method supporting efficient audit and multi-backup ciphertext deduplication of claim 1, wherein the storage system supporting efficient audit and multi-backup ciphertext deduplication comprises:
the client uses the cloud storage service to store the data, and is used for blocking the file data, generating an encryption key, encrypting the file, generating a copy, constructing the file, uploading, downloading and deleting the data and the copy thereof, and checking whether the file stored in the cloud storage server is complete and whether a corresponding number of copies are reserved;
the key server is used for generating a pair of public and private keys to assist the client in generating a key of the encryptable file;
the cloud storage server is used for executing cross-user duplicate removal, storing the files and the copies uploaded by the client, and simultaneously ensuring the integrity and the reliability of the files, ensuring the data availability of all data owners and executing a deletion request of the client;
and the verifier is used for triggering the Attest protocol and the Verify protocol to periodically perform multi-copy data integrity audit for the client.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110041527.9A CN112887281B (en) | 2021-01-13 | 2021-01-13 | Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110041527.9A CN112887281B (en) | 2021-01-13 | 2021-01-13 | Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112887281A CN112887281A (en) | 2021-06-01 |
CN112887281B true CN112887281B (en) | 2022-04-29 |
Family
ID=76045288
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110041527.9A Active CN112887281B (en) | 2021-01-13 | 2021-01-13 | Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112887281B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115225409B (en) * | 2022-08-31 | 2022-12-06 | 成都泛联智存科技有限公司 | Cloud data safety duplicate removal method based on multi-backup joint verification |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105939191A (en) * | 2016-07-08 | 2016-09-14 | 南京理工大学 | Client secure deduplication method of ciphertext data in cloud storage |
CN109104276A (en) * | 2018-07-31 | 2018-12-28 | 如般量子科技有限公司 | A kind of cloud storage method of controlling security and system based on pool of keys |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104917609B (en) * | 2015-05-19 | 2017-11-10 | 华中科技大学 | A kind of highly effective and safe data duplicate removal method and system perceived based on user |
CA2936106A1 (en) * | 2016-07-14 | 2018-01-14 | Mirza Kamaludeen | Encrypted data - data integrity verification and auditing system |
CN107483585B (en) * | 2017-08-18 | 2020-03-10 | 西安电子科技大学 | Efficient data integrity auditing system and method supporting safe deduplication in cloud environment |
CN107800688B (en) * | 2017-09-28 | 2020-04-10 | 南京理工大学 | Cloud data deduplication and integrity auditing method based on convergence encryption |
CN110750796B (en) * | 2019-08-28 | 2023-10-31 | 西安华企众信科技发展有限公司 | Encrypted data deduplication method supporting public audit |
CN110677487B (en) * | 2019-09-30 | 2022-04-26 | 中科柏诚科技(北京)股份有限公司 | Outsourcing data duplicate removal cloud storage method supporting privacy and integrity protection |
-
2021
- 2021-01-13 CN CN202110041527.9A patent/CN112887281B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105939191A (en) * | 2016-07-08 | 2016-09-14 | 南京理工大学 | Client secure deduplication method of ciphertext data in cloud storage |
CN109104276A (en) * | 2018-07-31 | 2018-12-28 | 如般量子科技有限公司 | A kind of cloud storage method of controlling security and system based on pool of keys |
Also Published As
Publication number | Publication date |
---|---|
CN112887281A (en) | 2021-06-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Guo et al. | Outsourced dynamic provable data possession with batch update for secure cloud storage | |
CN109508552B (en) | Privacy protection method of distributed cloud storage system | |
Barsoum et al. | Provable multicopy dynamic data possession in cloud computing systems | |
Jin et al. | Dynamic and public auditing with fair arbitration for cloud data | |
Zhu et al. | Cooperative provable data possession for integrity verification in multicloud storage | |
Yuan et al. | Secure cloud data deduplication with efficient re-encryption | |
Yang et al. | Provable data possession of resource-constrained mobile devices in cloud computing | |
CN107483585B (en) | Efficient data integrity auditing system and method supporting safe deduplication in cloud environment | |
CN111639361A (en) | Block chain key management method, multi-person common signature method and electronic device | |
Zhang et al. | Provable multiple replication data possession with full dynamics for secure cloud storage | |
Peng et al. | Efficient, dynamic and identity-based remote data integrity checking for multiple replicas | |
Eskandarian et al. | Clarion: Anonymous communication from multiparty shuffling protocols | |
Zhao et al. | Distributed machine learning oriented data integrity verification scheme in cloud computing environment | |
Giri et al. | A survey on data integrity techniques in cloud computing | |
Guo et al. | Dynamic proof of data possession and replication with tree sharing and batch verification in the cloud | |
Bakas et al. | Multi-client symmetric searchable encryption with forward privacy | |
Gan et al. | Efficient and secure auditing scheme for outsourced big data with dynamicity in cloud | |
Tu et al. | Privacy-preserving outsourced auditing scheme for dynamic data storage in cloud | |
Ma et al. | CP-ABE-based secure and verifiable data deletion in cloud | |
Yu et al. | Veridedup: A verifiable cloud data deduplication scheme with integrity and duplication proof | |
Wu et al. | Robust and auditable distributed data storage with scalability in edge computing | |
Xie et al. | A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices | |
Mishra et al. | MPoWS: Merged proof of ownership and storage for block level deduplication in cloud storage | |
Vasilopoulos et al. | Message-locked proofs of retrievability with secure deduplication | |
CN112887281B (en) | Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |