CN112887281B - Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application - Google Patents

Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application Download PDF

Info

Publication number
CN112887281B
CN112887281B CN202110041527.9A CN202110041527A CN112887281B CN 112887281 B CN112887281 B CN 112887281B CN 202110041527 A CN202110041527 A CN 202110041527A CN 112887281 B CN112887281 B CN 112887281B
Authority
CN
China
Prior art keywords
protocol
file
data
client
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110041527.9A
Other languages
Chinese (zh)
Other versions
CN112887281A (en
Inventor
姜涛
徐淑浩
陈婉清
郭钦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202110041527.9A priority Critical patent/CN112887281B/en
Publication of CN112887281A publication Critical patent/CN112887281A/en
Application granted granted Critical
Publication of CN112887281B publication Critical patent/CN112887281B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • G06F11/1453Management of the data involved in backup or backup restore using de-duplication of the data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • G06F11/1464Management of the backup or restore process for networked environments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Abstract

The invention belongs to the technical field of cloud storage safety, and discloses a storage method, a system and an application supporting efficient audit and multi-backup ciphertext deduplication
Figure DDA0002895517880000011
And
Figure DDA0002895517880000012
and assist the client in generating an encryption key for the file block; processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies; triggering a Get protocol when a client wants to download data; when the client wants to reduce the number of copies or Delete the outsourcing file thereof, a Delete protocol is triggered; the Attest protocol and the Verify protocol are used for assisting the verifier in verifying the integrity of data and copies in the cloud by the cloud user. The invention can effectively resist malicious attacks of all parties of the system including the cloud storage provider and ensure that the overall time delay of the system is acceptable.

Description

Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application
Technical Field
The invention belongs to the technical field of cloud storage safety, and particularly relates to a storage method, a system and application supporting efficient audit and multi-backup ciphertext deduplication.
Background
With continuous innovation and breakthrough of internet information technology, especially generation and development of IoT, artificial intelligence and cloud computing technology, data volume is increasing explosively, and cloud storage gradually becomes a trend of information storage. Cloud storage can provide users with cheap and convenient services such as data storage, access and seamless synchronization on different devices, and has become an indispensable part of people's daily life, so the cloud storage has been widely concerned by academia and industry. In recent years, researchers have invested a great deal of effort in designing encrypted storage solutions such as encrypted data deduplication, data availability certification, and data backup certification, respectively. Recent studies have shown that storage costs can be saved by more than 50% across user data deduplication in standard file systems and up to 90-95% in backup applications [ Dutch t.meyer and William j.bolosky.2012.a study of practical delivery. tos 7,4(2012),14: 1-14: 20 ]. Cloud Service Providers (CSPs) such as Dropbox, Google drive, and Amazon S3 rely heavily on client data deduplication to save storage and bandwidth costs.
Currently, the current state of the art commonly used in the industry is such that: to ensure that a File can only be accessed by a legitimate owner, researchers have been Converting Encryption (CE) [ John R. Douceur, Atul Adya, William J. Boloss, Dan Simon, and Marvin Themer.2002. Reclaiming Space from Dual Files in a service Distributed File System. in Proceedings of the 22nd International Conference on Distributed Computing Systems (ICDCS' 02), Vienna, Austria, July 2-5,2002.IEEE Computer Society,617 and 624.]、Message-locked Encryption(MLE)[MihirBellare,Sriram Keelveedhi,and Thomas Ristenpart.2013.Message-Locked Encryption and Secure Deduplication.In Advances in Cryptology–EUROCRYPT 2013,32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques,Athens,Greece,May 26-30,2013.Proceedings(Lecture Notes in Computer Science),Thomas Johansson and Phong Q.Nguyen(Eds.),Vol.7881.Springer,296–312.]And their variant algorithms are used to support encrypted data deduplication across users. Since the CSP of the cloud storage service for profit-oriented purposes may take active Data deduplication rather than Data disaster recovery for great savings in storage costs, trying to hide Data loss or corruption when a hardware/software failure is encountered, researchers have devised many storage solutions to verify the availability and reliability of Data in remote storage, such as Provable Data ownership (Provable Data Pos), in maintaining Data integrity and providing multiple copiessession,PDP)[Giuseppe Ateniese,Randal C.Burns,Reza Curtmola,Joseph Herring,Lea Kissner,Zachary N.J.Peterson,and Dawn Xiaodong Song.2007.Provable datapossession at untrusted stores.In Proceedings of the 2007ACM Conference on Computer and Communications Security,CCS 2007,Alexandria,Virginia,USA,October 28-31,2007,Peng Ning,Sabrina De Capitani di Vimercati,and Paul F.Syverson(Eds.).ACM,598–609.]、[Ayad F.Barsoum and M.Anwar Hasan.2015.Provable Multicopy Dynamic Data Possession in Cloud Computing Systems.IEEE Trans.Information Forensics and Security 10,3(2015),485–497.]、[C.Christopher Erway,Alptekin
Figure BDA0002895517860000021
Charalampos Papamanthou,and Roberto Tamassia.2009.Dynamic provable data possession.In Proceedings of the 2009ACM Conference on Computer and Communications Security,CCS 2009,Chicago,Illinois,USA,November 9-13,2009,Ehab Al-Shaer,Somesh Jha,and Angelos D.Keromytis(Eds.).ACM,213–222.]The proof of recoverability (Proofs of Retrievability, POR) [ Fredenik arms knecht, Jens-Matthias Bohli, Ghassan O.Karame, Zonggren Liu, and Christian A.Reuter.2014.Outsoured Proofs of Retrievability. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scotsdale, AZ, USA, November 3-7,2014, Gail-Joon Ahn, Moyung, and Ninghui Li (Eds.). ACM, 831-.]、[Hovav Shacham and Brent Waters.2008.Compact Proofs ofRetrievability.In Advances in Cryptology-ASIACRYPT 2008,14th International Conference on the Theory and Application of Cryptology and Information Security,Melbourne,Australia,December 7-11,2008.Proceedings(Lecture Notes in Computer Science),Josef Pieprzyk(Ed.),Vol.5350.Springer,90–107.]And Proof of copy (Proof of Replication) [ Ivan
Figure BDA0002895517860000031
Chaya Ganesh,and Claudio Orlandi.2019.Proofs of Replicated Storage Without Timing Assumptions.In Advances in Cryptology-CRYPTO 2019-39th Annual International Cryptology Conference,Santa Barbara,CA,USA,August 18-22,2019,Proceedings,Part I(Lecture Notes in Computer Science),Alexandra Boldyreva and Daniele Micciancio(Eds.),Vol.11692.Springer,355–380.]、[Iraklis Leontiadis and Reza Curtmola.2018.Secure Storage with Replication and Transparent Deduplication.In Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy,CODASPY 2018,Tempe,AZ,USA,March 19-21,2018,Ziming Zhao,Gail-JoonAhn,Ram Krishnan,and Gabriel Ghinita(Eds.).ACM,13–23.]。
Availability, efficiency and reliability are very important characteristics in cloud storage, however, most of these schemes set independent objectives, such as enabling a cloud service provider to deduplicate encrypted data, certify the integrity of stored data, and certify copies of data, with only one or two characteristics being guaranteed.
Through the above analysis, the problems and defects of the prior art are as follows: due to the contradiction between the security model of outsourced storage and the data backup-deduplication function, a technology that integrates the advantages of availability, efficiency, reliability and the like into the same cloud storage solution does not exist at present. The existing solutions cannot meet the requirements at the same time, and the existing solutions cannot be directly combined to meet the requirements of the existing cloud storage service.
The difficulty in solving the above problems and defects is: the method comprises the steps of designing a fine-grained ciphertext deduplication scheme supporting a user client, designing a data integrity auditing scheme in the cloud, designing a data multi-copy checking scheme in the cloud, and coordinating availability, efficiency and reliability functions to form a framework containing the three schemes.
The significance of solving the problems and the defects is as follows: the present invention addresses the above problems by devingbox, the first system to allow users to simultaneously perform data deduplication, multi-copy, and integrity audit in a storage system. The SharingBox excites a reliable and efficient cloud storage model, and joint storage allocation among users is achieved without affecting data confidentiality and system performance. Because the invention adopts the storage certification with novel public verifiable property and the MLE-style de-duplication encryption scheme, the computing, storing and bandwidth expenses of cloud users and servers are reduced. Meanwhile, the invention ensures that the file can only be accessed by the legal file owner and is safe for potential dishonest service providers.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a storage method, a system and application supporting efficient audit and multi-backup ciphertext deduplication.
The invention is realized in this way, a storage method supporting efficient audit and multi-backup ciphertext deduplication comprises the following steps:
SharingBox system is initialized according to Setup protocol
Figure BDA0002895517860000041
And
Figure BDA0002895517860000042
and assist the client in generating an encryption key for the file block;
processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies;
triggering a Get protocol when a client wants to download data;
when the client wants to reduce the number of copies or Delete the outsourcing file thereof, a Delete protocol is triggered;
the Attest protocol and the Verify protocol are used for assisting the verifier in verifying the integrity of data and copies in the cloud by the cloud user.
Further, the Setup protocol is used to initialize the SharingBox system, which is a set of key generation algorithms that calculate public and private keys for different participants; by running on the client
Figure BDA0002895517860000043
And
Figure BDA0002895517860000044
key generation algorithm of
Figure BDA0002895517860000045
To obtain
Figure BDA0002895517860000046
A pair of public and private keys, i.e.
Figure BDA0002895517860000047
At this time, the process of the present invention,
Figure BDA0002895517860000048
self-retaining
Figure BDA0002895517860000049
And will be
Figure BDA00028955178600000410
Disclosed is a method for producing a compound;
client terminal
Figure BDA00028955178600000411
With security parameter k, file block set F ═ F1,...,fnR, a randomly selected set R ═ R1,...,rnAnd
Figure BDA00028955178600000412
of (2) a public key
Figure BDA00028955178600000413
As input, the key server side
Figure BDA00028955178600000414
With its private key
Figure BDA00028955178600000415
As input, the client
Figure BDA00028955178600000416
Output a pair of public and private keys
Figure BDA00028955178600000417
Integrity protection and verification for file F and outputting a symmetric key set through Server-aid key generation algorithm
Figure BDA00028955178600000418
For encryption and decryption, key server
Figure BDA00028955178600000419
A set of blind signatures Φ is output.
Figure BDA0002895517860000051
Secret preservation
Figure BDA0002895517860000052
And K, its own public key
Figure BDA0002895517860000053
Disclosed is a method for producing a synthetic resin:
Figure BDA0002895517860000054
in the Setup stage, the cloud storage server and the verifier can also perform initialization setting and maintenance on some public and private parameters for constructing a secure channel; the corresponding database of data stored in the cloud storage server also completes the initialization setup at this stage.
Further, the Put protocol is one in
Figure BDA0002895517860000055
And
Figure BDA0002895517860000056
an interactive protocol, a client running between
Figure BDA0002895517860000057
Confidentiality is protected in an encrypted manner, requiring F to store ξ copies toThe storage reliability is improved; for the iota (1 ≦ iota ≦ ξ) copies,
Figure BDA0002895517860000058
using generated keys
Figure BDA0002895517860000059
Encrypting the ith (i is more than or equal to 1 and less than or equal to n) file block fiE.f as cipher text
Figure BDA00028955178600000510
Then calculate the authentication tag
Figure BDA00028955178600000511
To verify the integrity of the stored data, and finally both parties generate a file identifier
Figure BDA00028955178600000512
Acts as a unique handle to F;
Figure BDA00028955178600000513
Figure BDA00028955178600000514
finally uploading ciphertext set C ═ C1,...,Cξ}, identification
Figure BDA00028955178600000515
And Tag ═ Tag1,...,TagξTo give
Figure BDA00028955178600000516
Obtaining an access link of a file; before uploading
Figure BDA00028955178600000517
Will check if there are other users present
Figure BDA00028955178600000518
Thereon register idF
Figure BDA00028955178600000519
F and its copy and corresponding tag are deleted from the local disk.
Further, the Get protocol performs a download function, which allows
Figure BDA00028955178600000520
From
Figure BDA00028955178600000521
Download in
Figure BDA00028955178600000522
The stored file when
Figure BDA00028955178600000523
When it is desired to download F, the protocol is first initialized and sent to
Figure BDA00028955178600000524
File identification idFAnd the xth copy, upon receipt of the message,
Figure BDA00028955178600000525
first it is checked whether the database contains an entry
Figure BDA00028955178600000526
If so, further verification
Figure BDA00028955178600000527
Whether or not to register with
Figure BDA00028955178600000528
And x ≦ ξ, where ξ is the present
Figure BDA00028955178600000529
The number of copies maintained; if the authentication is passed through, the authentication is performed,
Figure BDA00028955178600000530
can pass idFFrom
Figure BDA00028955178600000531
Download CxAnd use of KxAnd decrypting to obtain the file F.
Figure BDA00028955178600000532
Further, the Delete protocol allows users to access the same
Figure BDA00028955178600000533
Delete a copy or cancel the registration of a particular file. When in use
Figure BDA00028955178600000534
When it is desired to delete the F,
Figure BDA00028955178600000535
sending File ID and number of copies IDFX to
Figure BDA00028955178600000536
Examination of
Figure BDA00028955178600000537
Whether or not id is registeredFAnd if the verification is passed, the verification module,
Figure BDA00028955178600000538
updating
Figure BDA00028955178600000539
In (1)
Figure BDA00028955178600000540
When xi-x > 0 is updated to
Figure BDA00028955178600000541
When xi-x is less than or equal to 0
Figure BDA00028955178600000542
Deletion in
Figure BDA00028955178600000543
If ξ -x > 0 and ξ -x is the maximum number of copies required by all registered users,
Figure BDA00028955178600000544
reduction of idFIs ξ -x if
Figure BDA00028955178600000545
Becomes empty, which means that no user is re-registered with the idF
Figure BDA00028955178600000546
Delete all related idsFThe whole contents of (A):
Figure BDA0002895517860000061
further, the Attest protocol operates between verifier v and prover
Figure BDA0002895517860000062
The function of the Attest protocol is two, on one hand, the function of allowing
Figure BDA0002895517860000063
Let v believe that the stored F is complete, v sends a challenge chal to
Figure BDA0002895517860000064
To check idFIn the presence of a gas, the integrity of,
Figure BDA0002895517860000065
calculating and returning a proof prof for further proof of the Verify protocol, formalized as:
Figure BDA0002895517860000066
on the other hand, in addition to file integrity, prof may also provide data integrity statements on different copies, which may let clients convince their copy stores.
Further, the Verify protocol checks the attestation prof generated by the Attest protocol, v executes the Verify protocol checks the attestation prof generated by the Attest protocol to ensure that
Figure BDA0002895517860000067
Where the file is stored with a specified number of copies and is complete, the protocol output accepts (b-1) or rejects (b-0) to indicate whether prof is validated:
b←Verify(idF,prof);
the Server-aid key generation scheme is a scheme for generating a Server-aid key at a client
Figure BDA0002895517860000068
And a key server
Figure BDA0002895517860000069
Based on BLS blind signature, rather than RSA assumptions, its primary function is to generate an encryption key for the encrypted copy;
in the Setup phase, the first time the Setup phase,
Figure BDA00028955178600000610
a p-order cyclic group can be selected
Figure BDA00028955178600000611
And a computable bilinear map
Figure BDA00028955178600000612
Then, the user can use the device to perform the operation,
Figure BDA00028955178600000613
execute
Figure BDA00028955178600000614
Selecting a private key
Figure BDA00028955178600000615
And corresponding public key
Figure BDA00028955178600000616
Suppose that
Figure BDA00028955178600000617
Having file F ═ F1,...,fnH, will fi(1. ltoreq. i. ltoreq.n) is outsourced to
Figure BDA00028955178600000618
Before the start of the operation of the device,
Figure BDA00028955178600000619
computing
Figure BDA00028955178600000620
Random selection
Figure BDA00028955178600000621
By multiplying
Figure BDA00028955178600000630
Blinding hiThen the blinded values are compared
Figure BDA00028955178600000622
Is sent to
Figure BDA00028955178600000623
After receiving the message
Figure BDA00028955178600000624
Computing signatures
Figure BDA00028955178600000625
And is returned to
Figure BDA00028955178600000626
Will siRemove blindness andauthentication
Figure BDA00028955178600000631
The encryption key is then the Hash value of the de-blinded signature
Figure BDA00028955178600000627
The data deduplication and public auditing protocol DPA provides block-level data deduplication and can also provide public integrity auditing of outsourced data; client terminal
Figure BDA00028955178600000628
Encrypting an original file F to C using a server-assisted MLE scheme, where C is { C }1,...,cnIs the ciphertext of n blocks, where
Figure BDA00028955178600000629
And is p a large prime number, the DPA scheme comprises a set of algorithms: KeyGen, TagGen, Verify, Probe;
KeyGen(1k): by calling up this function, it is possible to,
Figure BDA0002895517860000071
generating a public and private key pair with random signature
Figure BDA0002895517860000072
Random selection
Figure BDA0002895517860000073
And calculate v ← gαThen the private key is
Figure BDA0002895517860000074
The public key is
Figure BDA0002895517860000075
Figure BDA0002895517860000076
Given C ═ C1,...,cn},
Figure BDA0002895517860000077
Calculating a file block identifier t0={τ1,...,τnTherein of
Figure BDA0002895517860000078
Selecting s random elements
Figure BDA0002895517860000079
Let t1=τ1|...|τn|n|u1|...|usLet us order
Figure BDA00028955178600000710
Is t1And its use in private keys
Figure BDA00028955178600000711
For each i, 1 ≦ i ≦ n, compute the signature tag:
Figure BDA00028955178600000712
Figure BDA00028955178600000713
resolve the public key into
Figure BDA00028955178600000714
Before sending the challenge, verifier v uses the public key
Figure BDA00028955178600000715
Verifying the signature in the t, and if the signature verification fails, sending 0 reject and stopping the protocol; otherwise, analyzing t to obtain t0N and { u1,...,us}. Randomly selecting a subset I of l elements in the set { 1.,. n }, and for each I ∈ I, selecting a random element
Figure BDA00028955178600000716
Let set { (i, v)i) Is chal, andsending challenge chal to prover (server)
Figure BDA00028955178600000717
Suppose that
Figure BDA00028955178600000718
In response to (2) contains
Figure BDA00028955178600000719
And
Figure BDA00028955178600000720
and (3) verification:
Figure BDA00028955178600000721
if yes, outputting 1, and if not, outputting 0;
Figure BDA00028955178600000722
consider C as { CijI is more than or equal to 1 and less than or equal to n, j is more than or equal to 1 and less than or equal to s and { sigma ≦iI is more than or equal to 1 and less than or equal to n. Suppose the message sent by verifier v is chal, with each i e 1, n]And are not repeated, each
Figure BDA00028955178600000723
v for 1. ltoreq. j. ltoreq. s
Figure BDA00028955178600000724
The prover sends the proof
Figure BDA00028955178600000725
To the verifier.
It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:
SharingBox system is initialized according to Setup protocol
Figure BDA00028955178600000726
And
Figure BDA00028955178600000727
and assist the client in generating an encryption key for the file block;
processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies;
triggering a Get protocol when a client wants to download data;
when the client wants to reduce the number of copies or Delete the outsourcing file thereof, a Delete protocol is triggered;
the Attest protocol and the Verify protocol are used for assisting the verifier in verifying the integrity of data and copies in the cloud by the cloud user.
Another object of the present invention is to provide a storage system supporting efficient audit and multi-backup ciphertext deduplication, which implements the storage method supporting efficient audit and multi-backup ciphertext deduplication, and the storage system supporting efficient audit and multi-backup ciphertext deduplication comprises:
the client uses the cloud storage service to store the data, and is used for blocking the file data, generating an encryption key, encrypting the file, generating a copy, constructing the file, uploading, downloading and deleting the data and the copy thereof, and checking whether the file stored in the cloud storage server is complete and whether a corresponding number of copies are reserved;
the key server is used for generating a pair of public and private keys to assist the client in generating a key of the encryptable file;
the cloud storage server is used for executing cross-user duplicate removal, storing the files and the copies uploaded by the client, and simultaneously ensuring the integrity and the reliability of the files, ensuring the data availability of all data owners and executing a deletion request of the client;
and the verifier is used for triggering the Attest protocol and the Verify protocol to periodically perform multi-copy data integrity audit for the client.
The invention also aims to provide a cloud storage security terminal, which is used for realizing the storage method supporting efficient audit and multi-backup ciphertext deduplication.
By combining all the technical schemes, the invention has the advantages and positive effects that: under the support of the public verification of a remote audit scheme and the safety guarantee of a cross-user data duplication removal encryption scheme, the invention provides a SharingBox to support the duplication removal of multi-backup fine-grained ciphertext data subjected to efficient audit, so that a cloud provider can effectively prove the integrity of the data stored on the cloud provider to a client. The SharingBox provided by the invention is a first scheme for allowing a user to simultaneously realize data deduplication, multiple copies and integrity audit in a storage system, and is a novel comprehensive safe cloud storage framework. The SharingBox provides a reliable and efficient cloud storage model, and joint storage allocation among users can be realized on the premise of not influencing data confidentiality and system performance. The SharingBox also provides fine-grained data deduplication, file multi-replication on the client, supports data integrity auditing, and can effectively resist curious or malicious system parties. The Sybil attack and the calculation attack on the copy storage by the dishonest server can be effectively dealt with. Theoretical analysis shows that, for cloud data storage, the SharingBox is efficient in storage, bandwidth, calculation and the like. The performance evaluation results of the shaningbox prototype system (as shown in fig. 6 and 7) show that the invention has good flexibility on the number of users and the number of files in the system, and the time overhead of the whole system is acceptable.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained from the drawings without creative efforts.
Fig. 1 is a flowchart of a storage method supporting efficient audit and multi-backup ciphertext deduplication according to an embodiment of the present invention.
FIG. 2 is a schematic structural diagram of a storage system supporting efficient audit and multi-backup ciphertext deduplication according to an embodiment of the present invention;
in fig. 2: 1. client (data owner); 2.a key server; 3. a cloud storage server; 4. a verifier (either party can act as a verifier).
Fig. 3 is a diagram of a Server-ordered key generation algorithm based on BLS signature according to an embodiment of the present invention.
Fig. 4 is a diagram of a PoW algorithm executed by a cloud server according to an embodiment of the present invention.
Fig. 5 is a specific flowchart of the Put protocol provided in the embodiment of the present invention.
FIG. 6 is a graph of the time spent by the KeyGen algorithm and the Get algorithm according to the embodiment of the present invention.
FIG. 7 is a diagram of testing time spent by the Put protocol provided by the embodiment of the invention;
in fig. 7: (a) indicating a case where no user uploads the same file, (b) indicating a case where there are 3 copies per file.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the problems in the prior art, the invention provides a storage method, a system and an application for supporting efficient audit and multi-backup ciphertext deduplication, and the invention is described in detail below with reference to the attached drawings.
As shown in fig. 1, the storage method supporting efficient audit and multi-backup ciphertext deduplication provided by the present invention includes the following steps:
s101: the SharingBox system initializes public and private parameters according to the Setup protocol and assists the client to generate an encryption key of the file block;
s102: processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies;
s103: triggering a Get protocol when a client wants to download data;
s104: triggering a Delete protocol when a client wants to reduce the number of copies and Delete a source file;
s105: the Attest protocol and Verify protocol are triggered when the verifier periodically performs a multi-copy data integrity audit for the client.
A person skilled in the art can also use other steps to implement the storage method supporting efficient audit and multi-backup ciphertext deduplication provided by the present invention, and the storage method supporting efficient audit and multi-backup ciphertext deduplication provided by the present invention in fig. 1 is only a specific embodiment.
As shown in fig. 2, the storage system supporting efficient audit and multi-backup ciphertext deduplication provided by the present invention includes:
the client (data owner) 1, wishing to store data using the cloud storage service, is used to block file data, generate encryption keys, encrypt files and generate copies, construct file uploads, download and delete data and their copies, check whether their files stored in the cloud storage server 3 are complete and whether a corresponding number of copies are retained.
And the key server 2 is used for generating a pair of public and private keys to assist the client 1 in generating the key of the encryptable file.
The cloud storage server 3 is used for executing cross-user deduplication, storing the files and the copies uploaded by the clients, and meanwhile, the integrity and the reliability of the files need to be guaranteed, the data availability of all data owners needs to be guaranteed, and the deletion requests of the clients need to be executed.
Verifier 4 (either party may act as a verifier) that triggers the Attest protocol and Verify protocol to periodically perform a multi-copy data integrity audit for the client.
The technical solution of the present invention is further described below with reference to the accompanying drawings.
The present invention SharingBox System bagComprises a group of clients and a cloud storage server
Figure BDA0002895517860000111
Key server
Figure BDA0002895517860000112
And a verifier v. The work performed by each end in the SharingBox system is as shown in fig. 2, wherein the key server assists the client in generating an encryption key, the key server interacts with the client through a Setup protocol, the client first partitions file data, then encrypts the file through the key generated by the key server, and simultaneously generates a duplicate file, a file block ID, and an authentication tag. The client can also download and Delete the file stored by the client through a Get protocol and a Delete protocol. Because the audit is public, the client can also interact with the server through a Verify protocol to inquire whether the files stored by the client are completely available, safe and reliable and whether the number of the stored copies is correct. The cloud storage server interacts with the client through a Put protocol, and the method mainly executes cross-user deduplication before a user uploads a file, is responsible for storing the file and a copy uploaded by the client, and needs to ensure the integrity and reliability of the file and respond to a deletion request of the client. The cloud storage server proves that the data of the cloud storage server is completely available to a reliable third-party audit center through an Attest protocol. The verifier carries out periodic inquiry to the cloud storage server for the client through the Verify protocol, and requires the client to prove that the stored data is complete and available, and at the moment, the cloud storage server is proved through the Attest protocol.
The core of the SharingBox system comprises a Setup operation, a Put operation, a Get operation, a Delete operation and an Attest and Veify additional protocol, and through the above operations and protocols, the multi-backup ciphertext data deduplication capable of being audited efficiently can be completed, so that a cloud provider can effectively prove the integrity of data stored on the cloud provider to a client. The SharingBox also provides fine-grained data deduplication, file multi-replication on the client, supports data integrity auditing, and is able to resist curious or malicious system parties. The relevant interactive protocols are as follows:
(1) setup protocol: in the Setup phase
Figure BDA0002895517860000121
First, a key generation algorithm is executed
Figure BDA0002895517860000122
Computing private keys
Figure BDA0002895517860000123
And public key
Figure BDA0002895517860000124
Then run Server-aid Key Generation Algorithm as in FIG. 3 to assist
Figure BDA0002895517860000125
And generating a server-ordered data block encryption key. In the same way as above, the first and second,
Figure BDA0002895517860000126
and
Figure BDA0002895517860000127
initialize their system parameters according to the DPA Protocol (Deduplidate and Public Audio Protocol), then they use asymmetric encryption scheme to generate Public and private key pairs for establishing authenticated channels
Figure BDA0002895517860000128
Wherein
Figure BDA0002895517860000129
Figure BDA00028955178600001210
While
Figure BDA00028955178600001211
Finally, each party keeps the private key secret and publishes the public key.
(2) The Put protocol: when in use
Figure BDA00028955178600001212
To the direction of
Figure BDA00028955178600001213
An upload request is made, upload F ═ F1,...,fnAnd requires ξ copies to be stored into
Figure BDA00028955178600001214
When the temperature of the water is higher than the set temperature,
Figure BDA00028955178600001215
to the direction of
Figure BDA00028955178600001216
An upload request is made. Before the time of uploading, the user can upload the file,
Figure BDA00028955178600001217
and
Figure BDA00028955178600001218
first, a server-ordered key is calculated for each file block, as shown in FIG. 1, and the protocol outputs the key
Figure BDA00028955178600001219
Wherein
Figure BDA00028955178600001220
Then, for ki(1≤i≤n),
Figure BDA00028955178600001221
Computing
Figure BDA00028955178600001222
Wherein
Figure BDA00028955178600001223
Figure BDA00028955178600001224
For each of the blocks, the block is,
Figure BDA00028955178600001225
using a secret key
Figure BDA00028955178600001226
Encryption fiGenerating a ciphertext
Figure BDA00028955178600001227
Then the invention has K ═ K1,...,KξAnd
Figure BDA00028955178600001228
wherein
Figure BDA00028955178600001229
As such, for each block,
Figure BDA00028955178600001230
calculating unique Identification (ID)
Figure BDA00028955178600001231
Namely, it is
Figure BDA00028955178600001232
In the same way as above, the first and second,
Figure BDA00028955178600001233
computing file identification
Figure BDA00028955178600001234
Subsequently, the process of the present invention,
Figure BDA00028955178600001235
first by sending the file
Figure BDA00028955178600001236
And block
Figure BDA00028955178600001237
To give
Figure BDA00028955178600001238
Request upload of all serviesThe method is as follows. Then, for
Figure BDA00028955178600001239
Check if there is a user already storing F, i.e.
Figure BDA00028955178600001240
Obviously, file-level data deduplication is best performed before block-level data deduplication for efficiency. Then, two situations can occur:
the file/block has not been stored. In this case, no client passes the index
Figure BDA00028955178600001241
Registered File ID as IDFThe file of (2). For convenience of analysis, the present invention assumes CιAll file blocks that are (0 ≦ iota ≦ ξ) have not been previously stored.
Figure BDA00028955178600001242
First of all execute
Figure BDA00028955178600001243
And calculate
Figure BDA00028955178600001244
And
Figure BDA00028955178600001245
then, the user can use the device to perform the operation,
Figure BDA00028955178600001246
upload to
Figure BDA00028955178600001247
To
Figure BDA00028955178600001248
After the receipt of the message, the user may,
Figure BDA0002895517860000131
issuing a timed URL grant
Figure BDA0002895517860000132
Uploading data to a server in a certain time
Figure BDA0002895517860000133
When the upload is finished, the upload is completed,
Figure BDA0002895517860000134
verifying all blocks
Figure BDA0002895517860000135
Matching its file ID. If all match, then
Figure BDA0002895517860000136
Will be provided with
Figure BDA0002895517860000137
By indexing
Figure BDA0002895517860000138
Is inserted into
Figure BDA0002895517860000139
In (1). If it is not
Figure BDA00028955178600001310
Does not exist, then is created before insertion, after registration of idFAfter that, the air conditioner is started to work,
Figure BDA00028955178600001311
the file/block is already stored. In this case, there is a case where the client has registered to the idFX (x ≧ 0) copies of (A). For each replica
Figure BDA00028955178600001312
As depicted in fig. 4
Figure BDA00028955178600001313
By sending challenges
Figure BDA00028955178600001314
Require proof of actual possession of Cl(PoW process). If the authentication is passed through, the authentication is performed,
Figure BDA00028955178600001315
by indexing
Figure BDA00028955178600001316
Registration
Figure BDA00028955178600001317
To idFAnd returns an ACK to
Figure BDA00028955178600001318
After the upload process of all the copies is finished,
Figure BDA00028955178600001319
files that can be deleted locally only keep idFThe corresponding decryption key and the number of duplicates ξ.
(3) The Get protocol: when in use
Figure BDA00028955178600001320
When it is desired to download F, the protocol is first initialized and sent to
Figure BDA00028955178600001321
File identification idFAnd the sixteenth copy: (
Figure BDA00028955178600001322
Commit { id }Fξ to
Figure BDA00028955178600001323
). After the receipt of the message, the user may,
Figure BDA00028955178600001324
first look at database checks
Figure BDA00028955178600001325
Whether to registerTo idF. If so, the mobile terminal can be started,
Figure BDA00028955178600001326
generating a timing
Figure BDA00028955178600001327
Allow for
Figure BDA00028955178600001328
The requested file is downloaded. At the slave
Figure BDA00028955178600001329
Receive CξAfter that, the air conditioner is started to work,
Figure BDA00028955178600001330
decipher and recombine to get F ═ F1,...,fnTherein of
Figure BDA00028955178600001331
(4) The Delete protocol: allow for
Figure BDA00028955178600001332
Delete his outsourced files or reduce the number of duplicates. When in use
Figure BDA00028955178600001333
Want to slave idFWhen x duplicates are deleted, notification is made
Figure BDA00028955178600001334
From
Figure BDA00028955178600001335
Removing a user
Figure BDA00028955178600001336
And idFThe associated replicas.
Figure BDA00028955178600001337
First, check
Figure BDA00028955178600001338
Whether or not id is registeredFAnd obtains the number of copies ξ currently stored.
Figure BDA00028955178600001339
Subtracting the user
Figure BDA00028955178600001340
And idFX replicas of the correlation, S from if ξ -x ≦ 0
Figure BDA00028955178600001341
Removing a user
Figure BDA00028955178600001342
If ξ -x > 0 and ξ -x is the maximum number of copies required by all registered users,
Figure BDA00028955178600001343
by deleting and
Figure BDA00028955178600001344
the associated duplicates reduce storage. If no user is registered to the idFThen, then
Figure BDA00028955178600001345
Deleting
Figure BDA00028955178600001346
(5) Attest protocol: for verifier v to verify the integrity of the data copy for the cloud user. Let the server-ordered processed file be Cl={c ij1 ≦ i ≦ n, 1 ≦ j ≦ s, and { σ ≦ si},1≤i≤n。
Verifier V in set [1, n ]]In the method, a subset I of l elements is randomly selected, and for each I belonging to the I, a random element is selected
Figure BDA00028955178600001347
Then v Prov to perform DPAe protocol, sent to
Figure BDA00028955178600001348
One containing the document to be authenticated
Figure BDA00028955178600001349
And a set of l elements { (i, v)i) Challenge chal.
On receipt of a challenge, as described in the Prov protocol
Figure BDA0002895517860000141
Computing
Figure BDA0002895517860000142
And
Figure BDA0002895517860000143
finally, the process is carried out in a batch,
Figure BDA0002895517860000144
sending a certificate
Figure BDA0002895517860000145
In return to v.
(6) The Verify protocol: allowing v-authentication
Figure BDA0002895517860000146
Importance of returned certification. Is receiving
Figure BDA0002895517860000147
When replying to (v) first verifies tlIf the signature is correct, v is from tlMiddle recovery t0,n,{u1,...,usAnd checking
Figure BDA0002895517860000148
Whether or not this is true. If true, the output b equals 1 indicating that the current memory is present
Figure BDA0002895517860000149
Is complete, otherwise the output b is 0.
The technical effects of the present invention will be described in detail with reference to simulations.
The invention realizes the SharingBox by simulation and evaluates the performance of the SharingBox in detail, realizes the prototype system of the SharingBox by using the C/C + + language and OpenSSL and PBC code libraries, and stores the metadata information related to each file by using the MySQL database as a back-end data storage system. The invention simulates a client, a key server, a verifier and a cloud server on four independent machines, and the client, the key server, the verifier and the cloud server all operate on a system with a CPU of 3.10GHz Intel Core i9-9900 and a memory of 16GB Ubuntu 16.04 LTS. The communication bandwidth of the wired connection between the two is set to be 100Mbps, and Socket is adopted for communication. Fig. 6 and 7 show the evaluation results of the present invention. The invention also uses a plurality of computers as clients, uploads, downloads and integrally audits a large number of files on the same server host to evaluate the overall performance of the system, and simulates various malicious behaviors of tampering, destroying or reducing copies and the like of the server. Typically, clients can recover and audit their files correctly, but once the server makes any malicious activity, the audit fails. Experimental results show that the time overhead of the system is acceptable.
It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.

Claims (3)

1. A storage method supporting efficient audit and multi-backup ciphertext deduplication is characterized by comprising the following steps:
SharingBox system is initialized according to Setup protocol
Figure FDA0003541009940000011
And
Figure FDA0003541009940000012
and assist the client in generating an encryption key for the file block;
processing data according to a Put protocol client, generating a verification tag, uploading the data, the verification tag and the like to a cloud server, and requiring to store a plurality of copies;
triggering a Get protocol when a client wants to download data;
when the client wants to reduce the number of copies or Delete the outsourcing file thereof, a Delete protocol is triggered;
the Attest protocol and the Verify protocol are used for assisting the verifier in verifying the integrity of the data and the copy in the cloud by the cloud user;
the Setup protocol is used for initializing a SharingBox system, which is a group of key generation algorithms for calculating public and private keys for different participants; by running on the client
Figure FDA0003541009940000013
And
Figure FDA0003541009940000014
key generation algorithm of
Figure FDA0003541009940000015
To obtain
Figure FDA0003541009940000016
A pair of public and private keys, i.e.
Figure FDA0003541009940000017
At this time, the process of the present invention,
Figure FDA0003541009940000018
self-retaining
Figure FDA0003541009940000019
And will be
Figure FDA00035410099400000110
Disclosed is a method for producing a compound;
client terminal
Figure FDA00035410099400000111
With security parameter k, file block set F ═ F1,...,fnR, a randomly selected set R ═ R1,...,rnAnd
Figure FDA00035410099400000112
of (2) a public key
Figure FDA00035410099400000113
As input, the key server side
Figure FDA00035410099400000114
With its private key
Figure FDA00035410099400000115
As input, the client
Figure FDA00035410099400000116
Output a pair of public and private keys
Figure FDA00035410099400000117
For integrity protection and verification of file F and outputting a symmetric key set through Server-aid key generation algorithm
Figure FDA00035410099400000118
For encryption and decryption, key server
Figure FDA00035410099400000119
A set of blind signatures phi is output,
Figure FDA00035410099400000120
secret preservation
Figure FDA00035410099400000121
And K, its own public key
Figure FDA00035410099400000122
Disclosed is a method for producing a synthetic resin:
Figure FDA00035410099400000123
in the Setup stage, the cloud storage server and the verifier can also perform initialization setting and maintenance on some public and private parameters for constructing a secure channel; the corresponding database of the data stored in the cloud storage server also completes initialization setting at this stage;
the Put protocol is one in
Figure FDA00035410099400000124
And
Figure FDA00035410099400000125
an interactive protocol, a client running between
Figure FDA00035410099400000126
Confidentiality is protected in an encrypted manner, requiring F to store ξ copies to improve storage reliability; for the first
Figure FDA0003541009940000021
The number of copies is such that,
Figure FDA0003541009940000022
using generated keys
Figure FDA0003541009940000023
Encrypting the ith (i is more than or equal to 1 and less than or equal to n) file block fiE.f as cipher text
Figure FDA0003541009940000024
Then calculate the authentication tag
Figure FDA0003541009940000025
To verify the integrity of the stored data, and finally both parties generate a file identifier
Figure FDA0003541009940000026
Acts as a unique handle to F;
Put:
Figure FDA0003541009940000027
Figure FDA0003541009940000028
finally uploading ciphertext set C ═ C1,...,Cξ}, identification
Figure FDA0003541009940000029
And Tag ═ Tag1,...,TagξTo give
Figure FDA00035410099400000210
Obtaining an access link of a file; before uploading
Figure FDA00035410099400000211
Will check if there are other users present
Figure FDA00035410099400000212
Thereon register idF
Figure FDA00035410099400000213
F, a copy of the F and a corresponding tag are deleted from the local disk;
the Get protocol performs a download function that allows
Figure FDA00035410099400000214
From
Figure FDA00035410099400000215
Download in
Figure FDA00035410099400000216
The stored file when
Figure FDA00035410099400000217
When it is desired to download F, the protocol is first initialized and sent to
Figure FDA00035410099400000218
File identification idFAnd the xth copy, upon receipt of the message,
Figure FDA00035410099400000219
first it is checked whether the database contains an entry
Figure FDA00035410099400000220
If so, further verification
Figure FDA00035410099400000221
Whether or not to register with
Figure FDA00035410099400000222
And x ≦ ξ, where ξ is the present
Figure FDA00035410099400000223
The number of copies maintained; if the authentication is passed through, the authentication is performed,
Figure FDA00035410099400000224
can pass idFFrom
Figure FDA00035410099400000225
Download CxAnd use of KxDecrypting to obtain a file F;
Get:
Figure FDA00035410099400000226
the Delete protocol allows users to access the data
Figure FDA00035410099400000227
Delete copies or de-register particular files when
Figure FDA00035410099400000228
When it is desired to delete the F,
Figure FDA00035410099400000229
sending File ID and number of copies IDFX to
Figure FDA00035410099400000230
Figure FDA00035410099400000231
Examination of
Figure FDA00035410099400000232
Whether or not id is registeredFAnd if the verification is passed, the verification module,
Figure FDA00035410099400000233
updating
Figure FDA00035410099400000234
In (1)
Figure FDA00035410099400000235
When xi-x > 0 is updated to
Figure FDA00035410099400000236
When xi-x is less than or equal to 0
Figure FDA00035410099400000237
Deletion in
Figure FDA00035410099400000238
If ξ -x > 0 and ξ -x is the maximum number of copies required by all registered users,
Figure FDA00035410099400000239
reduction of idFIs ξ -x if
Figure FDA00035410099400000240
Becomes empty, which means that no user is re-registered with the idF
Figure FDA00035410099400000241
Delete all related idsFThe whole contents of (A):
Delete:
Figure FDA00035410099400000242
the Attest protocol is run at the verifier
Figure FDA00035410099400000243
And a prover
Figure FDA00035410099400000244
The function of the Attest protocol is two, on one hand, the function of allowing
Figure FDA00035410099400000245
Let
Figure FDA00035410099400000246
It is believed that the stored F is complete,
Figure FDA00035410099400000247
sending a challenge chal to
Figure FDA00035410099400000248
To check idFIn the presence of a gas, the integrity of,
Figure FDA00035410099400000249
calculating and returning a proof prof for further proof of the Verify protocol, formalized as:
Attest:
Figure FDA00035410099400000250
on the other hand, besides file integrity, prof may also provide data integrity statements on different copies, which may let clients convince their copy storage;
the Verify protocol checks the proof prof generated by the Attest protocol,
Figure FDA0003541009940000031
the Verify protocol is executed to check the proof prof generated by the Attest protocol to ensure that it is in
Figure FDA0003541009940000032
Where the file is stored with a specified number of copies and is complete, the protocol output accepts (b-1) or rejects (b-0) to indicate whether prof is validated:
b←Verify(idF,prof);
the Server-aid key generation algorithm is a method for generating a Server-aid key at a client
Figure FDA0003541009940000033
And a key server
Figure FDA0003541009940000034
Based on BLS blind signature, rather than RSA assumptions, its primary function is to generate an encryption key for the encrypted copy;
in the Setup phase, the first time the Setup phase,
Figure FDA0003541009940000035
a p-order cyclic group can be selected
Figure FDA0003541009940000036
And a computable bilinear pair map e:
Figure FDA0003541009940000037
then, the user can use the device to perform the operation,
Figure FDA0003541009940000038
execute
Figure FDA0003541009940000039
Selecting a private key
Figure FDA00035410099400000310
And corresponding public key
Figure FDA00035410099400000311
Suppose that
Figure FDA00035410099400000312
Having file F ═ F1,...,fnH, will fi(1. ltoreq. i. ltoreq.n) is outsourced to
Figure FDA00035410099400000313
Before the start of the operation of the device,
Figure FDA00035410099400000314
computing
Figure FDA00035410099400000315
Random selection
Figure FDA00035410099400000316
By multiplying
Figure FDA00035410099400000317
Blinding hiThen the blinded values are compared
Figure FDA00035410099400000318
Is sent to
Figure FDA00035410099400000319
After receiving the message
Figure FDA00035410099400000320
Computing signatures
Figure FDA00035410099400000321
And is returned to
Figure FDA00035410099400000322
Figure FDA00035410099400000323
Will siDe-blinding and verification
Figure FDA00035410099400000324
The encryption key is then the Hash value of the de-blinded signature
Figure FDA00035410099400000325
The data deduplication and public auditing protocol DPA provides block-level data deduplication and can also provide public integrity auditing of outsourced data; client terminal
Figure FDA00035410099400000326
Encrypting an original file F to C using a server-assisted MLE scheme, where C is { C }1,...,cnIs the ciphertext of n blocks, where
Figure FDA00035410099400000327
And is p a large prime number, the DPA scheme comprises a set of algorithms: KeyGen, TagGen, Verify, Probe;
KeyGen(1k): by calling up this function, it is possible to,
Figure FDA00035410099400000328
generating a public and private key pair with random signature
Figure FDA00035410099400000329
Figure FDA00035410099400000330
Random selection
Figure FDA00035410099400000331
And calculate v ← gαThen the private key is
Figure FDA00035410099400000332
The public key is
Figure FDA00035410099400000333
Figure FDA00035410099400000334
Given C ═ C1,...,cn},
Figure FDA00035410099400000335
Calculating a file block identifier t0={τ1,...,τnTherein of
Figure FDA00035410099400000336
Selecting s random elements
Figure FDA00035410099400000337
Let t1=τ1|...|τn||n||u1|...|usLet us order
Figure FDA00035410099400000338
Is t1And its use in private keys
Figure FDA00035410099400000339
For each i, 1 ≦ i ≦ n, compute the signature tag:
Figure FDA0003541009940000041
Figure FDA0003541009940000042
resolve the public key into
Figure FDA0003541009940000043
Before sending the challenge, the verifier
Figure FDA0003541009940000044
Using public keys
Figure FDA0003541009940000045
Verifying the signature in the t, and if the signature verification fails, sending 0 reject and stopping the protocol; otherwise, analyzing t to obtain t0N and { u1,…,usAnd selecting a subset I of l elements randomly from the set { 1.. multidot.n }, and selecting a random element for each I ∈ I
Figure FDA0003541009940000046
Let set { (i, v)i) Sending challenge chal to prover server
Figure FDA0003541009940000047
Suppose that
Figure FDA0003541009940000048
In response to (2) contains
Figure FDA0003541009940000049
And
Figure FDA00035410099400000410
and (3) verification:
Figure FDA00035410099400000411
if yes, outputting 1, and if not, outputting 0;
Figure FDA00035410099400000412
handle C*Viewed as { cijI is more than or equal to 1 and less than or equal to n, j is more than or equal to 1 and less than or equal to s and { sigma ≦i1 ≦ i ≦ n, assumed by verifier
Figure FDA00035410099400000413
The sent message is chal, and each i belongs to [1, n ]]And are not repeated, each
Figure FDA00035410099400000414
Figure FDA00035410099400000415
For j is more than or equal to 1 and less than or equal to s
Figure FDA00035410099400000416
Figure FDA00035410099400000417
The prover sends a proof Prof { { μ { (mu)1,...,μs},σ,
Figure FDA00035410099400000418
To the verifier.
2.A computer device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the storage method of claim 1 supporting efficient auditing and multiple backup ciphertext deduplication.
3. A storage system supporting efficient audit and multi-backup ciphertext deduplication implementing the storage method supporting efficient audit and multi-backup ciphertext deduplication of claim 1, wherein the storage system supporting efficient audit and multi-backup ciphertext deduplication comprises:
the client uses the cloud storage service to store the data, and is used for blocking the file data, generating an encryption key, encrypting the file, generating a copy, constructing the file, uploading, downloading and deleting the data and the copy thereof, and checking whether the file stored in the cloud storage server is complete and whether a corresponding number of copies are reserved;
the key server is used for generating a pair of public and private keys to assist the client in generating a key of the encryptable file;
the cloud storage server is used for executing cross-user duplicate removal, storing the files and the copies uploaded by the client, and simultaneously ensuring the integrity and the reliability of the files, ensuring the data availability of all data owners and executing a deletion request of the client;
and the verifier is used for triggering the Attest protocol and the Verify protocol to periodically perform multi-copy data integrity audit for the client.
CN202110041527.9A 2021-01-13 2021-01-13 Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application Active CN112887281B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110041527.9A CN112887281B (en) 2021-01-13 2021-01-13 Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110041527.9A CN112887281B (en) 2021-01-13 2021-01-13 Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application

Publications (2)

Publication Number Publication Date
CN112887281A CN112887281A (en) 2021-06-01
CN112887281B true CN112887281B (en) 2022-04-29

Family

ID=76045288

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110041527.9A Active CN112887281B (en) 2021-01-13 2021-01-13 Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application

Country Status (1)

Country Link
CN (1) CN112887281B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115225409B (en) * 2022-08-31 2022-12-06 成都泛联智存科技有限公司 Cloud data safety duplicate removal method based on multi-backup joint verification

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105939191A (en) * 2016-07-08 2016-09-14 南京理工大学 Client secure deduplication method of ciphertext data in cloud storage
CN109104276A (en) * 2018-07-31 2018-12-28 如般量子科技有限公司 A kind of cloud storage method of controlling security and system based on pool of keys

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104917609B (en) * 2015-05-19 2017-11-10 华中科技大学 A kind of highly effective and safe data duplicate removal method and system perceived based on user
CA2936106A1 (en) * 2016-07-14 2018-01-14 Mirza Kamaludeen Encrypted data - data integrity verification and auditing system
CN107483585B (en) * 2017-08-18 2020-03-10 西安电子科技大学 Efficient data integrity auditing system and method supporting safe deduplication in cloud environment
CN107800688B (en) * 2017-09-28 2020-04-10 南京理工大学 Cloud data deduplication and integrity auditing method based on convergence encryption
CN110750796B (en) * 2019-08-28 2023-10-31 西安华企众信科技发展有限公司 Encrypted data deduplication method supporting public audit
CN110677487B (en) * 2019-09-30 2022-04-26 中科柏诚科技(北京)股份有限公司 Outsourcing data duplicate removal cloud storage method supporting privacy and integrity protection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105939191A (en) * 2016-07-08 2016-09-14 南京理工大学 Client secure deduplication method of ciphertext data in cloud storage
CN109104276A (en) * 2018-07-31 2018-12-28 如般量子科技有限公司 A kind of cloud storage method of controlling security and system based on pool of keys

Also Published As

Publication number Publication date
CN112887281A (en) 2021-06-01

Similar Documents

Publication Publication Date Title
Guo et al. Outsourced dynamic provable data possession with batch update for secure cloud storage
CN109508552B (en) Privacy protection method of distributed cloud storage system
Barsoum et al. Provable multicopy dynamic data possession in cloud computing systems
Jin et al. Dynamic and public auditing with fair arbitration for cloud data
Zhu et al. Cooperative provable data possession for integrity verification in multicloud storage
Yuan et al. Secure cloud data deduplication with efficient re-encryption
Yang et al. Provable data possession of resource-constrained mobile devices in cloud computing
CN107483585B (en) Efficient data integrity auditing system and method supporting safe deduplication in cloud environment
CN111639361A (en) Block chain key management method, multi-person common signature method and electronic device
Zhang et al. Provable multiple replication data possession with full dynamics for secure cloud storage
Peng et al. Efficient, dynamic and identity-based remote data integrity checking for multiple replicas
Eskandarian et al. Clarion: Anonymous communication from multiparty shuffling protocols
Zhao et al. Distributed machine learning oriented data integrity verification scheme in cloud computing environment
Giri et al. A survey on data integrity techniques in cloud computing
Guo et al. Dynamic proof of data possession and replication with tree sharing and batch verification in the cloud
Bakas et al. Multi-client symmetric searchable encryption with forward privacy
Gan et al. Efficient and secure auditing scheme for outsourced big data with dynamicity in cloud
Tu et al. Privacy-preserving outsourced auditing scheme for dynamic data storage in cloud
Ma et al. CP-ABE-based secure and verifiable data deletion in cloud
Yu et al. Veridedup: A verifiable cloud data deduplication scheme with integrity and duplication proof
Wu et al. Robust and auditable distributed data storage with scalability in edge computing
Xie et al. A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices
Mishra et al. MPoWS: Merged proof of ownership and storage for block level deduplication in cloud storage
Vasilopoulos et al. Message-locked proofs of retrievability with secure deduplication
CN112887281B (en) Storage method and system supporting efficient audit and multi-backup ciphertext deduplication and application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant