CN113285812A - Cloud storage self-auditing method based on SGX and Ether house block chain - Google Patents

Cloud storage self-auditing method based on SGX and Ether house block chain Download PDF

Info

Publication number
CN113285812A
CN113285812A CN202110840994.8A CN202110840994A CN113285812A CN 113285812 A CN113285812 A CN 113285812A CN 202110840994 A CN202110840994 A CN 202110840994A CN 113285812 A CN113285812 A CN 113285812A
Authority
CN
China
Prior art keywords
enclave
cloud server
self
data block
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110840994.8A
Other languages
Chinese (zh)
Inventor
薛婧婷
史凌杰
罗抒琴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southwest Petroleum University
Original Assignee
Southwest Petroleum University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southwest Petroleum University filed Critical Southwest Petroleum University
Priority to CN202110840994.8A priority Critical patent/CN113285812A/en
Publication of CN113285812A publication Critical patent/CN113285812A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The invention discloses a cloud storage self-auditing method based on SGX and ether house block chains, which comprises the following steps: selecting public parameters and generating a key of an entity; a user preprocesses data to be outsourced to generate an outsourcing data packet and generates auxiliary information; the user sends the outsourced data packet and the auxiliary information to the cloud server, and the user and the enclave deployed on the cloud server complete bidirectional identity authentication; verifying the integrity of the outsourced data packet and the correctness of the auxiliary information, storing the outsourced data packet by the cloud server after the verification is passed, and loading the auxiliary information into the enclave; according to a preset audit period, the cloud server reads the random number of the block chain system to generate challenge information, and a self-audit program in the enclave is operated to finish integrity audit of the sampled data block. The method supports the data owner to periodically acquire the integrity state of the outsourced data package when the resource is limited on the premise of not depending on any trusted third party participant.

Description

Cloud storage self-auditing method based on SGX and Ether house block chain
Technical Field
The invention belongs to the field of information security and network space security, and particularly relates to a cloud storage self-auditing method based on an SGX and ether house block chain.
Background
With the development of network technology and the explosive growth of data, data owners are willing to store and manage their own data by means of cloud storage systems to avoid the local maintenance cost of personal data. In cloud storage, a data owner (i.e., a user of a cloud storage service) only needs to outsource personal data to a cloud server, and then can enjoy remote retrieval service as required. Despite these advantages, cloud storage systems also expose some security issues, the most important of which is the integrity assurance issue of outsourced data. Briefly, a user loses physical control of personal data once the data is outsourced to a cloud server. Therefore, the user needs to consider whether the outsourced data is always completely stored on the cloud server. Indeed, the integrity of the outsourced data does present a security risk. As an independent operation entity, the cloud server may have various inappropriate behaviors. For example, data corruption events (due to administrative errors, hardware failures, internal attacks, etc.) are hidden to maintain good reputation; or deleting outsourced data that the user has never retrieved to free up storage space of the cloud platform. Another notable fact is that network hackers may attack the cloud server for profitability and corrupt the outsourced data. If any of the above malicious events occur, the integrity of the user outsourced data may be compromised. Therefore, it is necessary to periodically audit the integrity of user outsourced data.
Currently, data integrity auditing technologies support two common auditing modes: private auditing and public auditing. Specifically, in the private audit mode, the user himself audits the integrity of the outsourced data. This model requires the user to remain online periodically and perform audit tasks, which will place stringent communication resource requirements on the user. For users with limited bandwidth resources, a private audit mode that requires periodic keeping online is not an optimal way. Public auditing, by comparison, is a more widely used auditing model in which a user authorizes a third party auditor to audit the integrity of outsourced data. It assumes that the auditor authorized by the user is fully trusted. That is, those solutions based on common audit models will not provide system security once an auditor is under attack or making malicious actions. For example, in order to reduce the computational overhead caused by executing the audit task, the auditor can forge the audit result by null; or the auditor collaborates with the cloud server to generate an unobtrusive audit report for the benefit. Under the above-mentioned conditions, the role of the auditor does not assume the responsibility of auditing the integrity of the outsourced data, and the user cannot obtain the objective auditing result of the integrity of the outsourced data.
Disclosure of Invention
The invention aims to overcome one or more defects in the prior art and provides a cloud storage self-auditing method based on an SGX and an Ethernet bay block chain.
The purpose of the invention is realized by the following technical scheme: the cloud storage self-auditing method based on the SGX and the Ether house block chain comprises the following steps:
s1, system initialization: selecting public parameters and generating a key of an entity, wherein the public parameters comprise a secure hash function and a signature algorithm, and the key of the entity comprises a signature key pair of a user and a signature key pair of an enclave;
s2, local preparation: a user preprocesses data to be outsourced to generate an outsourcing data packet and auxiliary information, wherein the auxiliary information comprises a Mercker hash tree, a self-auditing program and an intelligent contract corresponding to the outsourcing data packet;
s3, outsourcing of data packets: the user sends the outsourcing data packet and the auxiliary information to the cloud server, and the user and the enclave deployed on the cloud server complete bidirectional identity authentication;
s4, cloud storage: verifying the integrity of the outsourced data packet and the correctness of the auxiliary information, storing the outsourced data packet by the cloud server after the verification is passed, and loading the auxiliary information into the enclave;
s5, self-auditing: according to a preset audit period, the cloud server reads the random number of the block chain system to generate challenge information, and a self-audit program in the enclave is operated to finish integrity audit of the sampled data block.
Preferably, the specific step of step S1 is:
s11, selecting a secure hash function
Figure 53387DEST_PATH_IMAGE001
And signature algorithm
Figure 49156DEST_PATH_IMAGE002
Step S12, generating a signature key pair of the user U
Figure 360051DEST_PATH_IMAGE003
And Ethernet house address of user U
Figure 20840DEST_PATH_IMAGE004
Wherein
Figure 366371DEST_PATH_IMAGE005
Is the public key of the user U,
Figure 470724DEST_PATH_IMAGE006
a private key for user U;
step S13, generating a signature key pair of the enclave E
Figure 65653DEST_PATH_IMAGE007
And Ether house address of enclave E
Figure 795712DEST_PATH_IMAGE008
Wherein
Figure 480902DEST_PATH_IMAGE009
Is the public key of the enclave E and,
Figure 5425DEST_PATH_IMAGE010
a private key for enclave E;
s14, obtaining the Ethernet bay address of the cloud server CS
Figure 290912DEST_PATH_IMAGE011
Preferably, the specific step of step S2 is:
s21, encrypting the original data F and carrying out blocking processing to generate an outsourced data block set
Figure 106553DEST_PATH_IMAGE012
Wherein, in the step (A),
Figure 161097DEST_PATH_IMAGE013
in order to connect the symbols, the user can select the symbol,
Figure 856520DEST_PATH_IMAGE014
indicates a data block numbered n;
step S22, data block is used
Figure 629304DEST_PATH_IMAGE015
Hash value of
Figure 983056DEST_PATH_IMAGE016
Constructing a Mercker hash tree Tr as a leaf node, wherein the root value of the Mercker hash tree Tr is root;
and S23, generating a self-auditing program P and an intelligent contract SC.
Preferably, the specific step of step S3 is:
step S31. generating signature
Figure 157685DEST_PATH_IMAGE017
And sends the outsourcing set to the cloud server CS
Figure 758431DEST_PATH_IMAGE018
Wherein, in the step (A),
Figure 769244DEST_PATH_IMAGE019
wherein P is a self-auditing program to be used for cloud server self-auditing,
Figure 175954DEST_PATH_IMAGE020
for a data packet that the cloud server will store in its storage space,
Figure 205090DEST_PATH_IMAGE021
loading a data packet stored in a enclave isolated memory (PRM) region for a cloud server;
s32, broadcasting the intelligent contract SC to an Ethernet workshop network, verifying the intelligent contract SC by a miner of the Ethernet workshop network, and writing the intelligent contract SC into an Ethernet workshop block chain after the verification is passed;
s33, after the intelligent contract SC is written into the Etherhouse block chain, transferring accounts to the intelligent contract SC by a user to serve as a pre-stored amount of storage cost;
s34, by utilizing a remote authentication mechanism of an SGX technology, the user U and the enclave E deployed on the cloud server CS complete bidirectional identity authentication, and the user U shares a signature key pair of the enclave E after the bidirectional identity authentication is successful to the enclave E
Figure 993049DEST_PATH_IMAGE022
Preferably, the specific step of step S4 is:
s41, the cloud server collects the received outsourcing
Figure 474845DEST_PATH_IMAGE023
A verification is performed in which, among other things,
Figure 888509DEST_PATH_IMAGE024
to external package set
Figure 772152DEST_PATH_IMAGE025
Performing verification includes verifying the signature
Figure 793328DEST_PATH_IMAGE026
The legitimacy of the outsourced data block set D, the integrity of the outsourced data block set D and the correctness of the Mercker hash tree Tr;
step S42. will
Figure 762421DEST_PATH_IMAGE027
The intelligent contract is stored in a storage space of the cloud server, and the cloud server CS transfers the intelligent contract SC as deposit;
step S43. will
Figure 714197DEST_PATH_IMAGE028
And loading the data into an isolated memory area PRM of the enclave E for storage.
Preferably, the specific step of step S5 is:
s51, taking preset audit period time t as input of an intelligent contract SC, and generating and outputting a random seed r by a challenge function of the intelligent contract SC;
s52, the cloud server CS selects a data block set B to be audited based on the random seeds r;
step S53, the cloud server CS operates the self-auditing program P in the enclave E to read the certification information generated by the cloud server CS
Figure 468657DEST_PATH_IMAGE029
Q is a block number set of a data block set B to be audited, B is a data block set to be audited, and H is a hash value set used for root value verification of a Mercker hash tree;
s54, the self-auditing program P decrypts the data block to be audited in the data block set B to be audited, and judges whether the data block to be audited is the data block to be selected for sampling or not according to the serial number of the data block to be audited;
s55, if the data block to be audited is the data block to be selected by sampling, reading the Hash value in the H set to reconstruct the Mercker Hash tree of the data block to be audited, and generating a root value of the reconstructed Mercker Hash tree;
s56, judging whether the root value of the reconstructed Mercker Hash tree of the data block to be audited is equal to the initially loaded root value, and if the root value of the reconstructed Mercker Hash tree of the data block to be audited is equal to the initially loaded root value, verifying the integrity of the data block to be audited;
s57, repeating the steps S54-S56 until all the data blocks to be audited in the data block set B are traversed;
step S58. enclave E outputs self-auditing result
Figure 113265DEST_PATH_IMAGE030
Wherein, in the step (A),
Figure 569655DEST_PATH_IMAGE031
for the data block to be checked in the data block set B to be checked
Figure 325121DEST_PATH_IMAGE032
The integrity of the equation (a) of (b),
Figure 668509DEST_PATH_IMAGE033
private key representing enclave E
Figure 484018DEST_PATH_IMAGE034
And (3) signature: if the integrity of all the data blocks to be audited passes verification, the self-auditing result output by the enclave E
Figure 427703DEST_PATH_IMAGE035
Is composed of
Figure 986861DEST_PATH_IMAGE036
Otherwise, the self-auditing result output by the enclave E
Figure 450334DEST_PATH_IMAGE037
Is composed of
Figure 171165DEST_PATH_IMAGE038
Preferably, the step S5 is followed by the following steps:
s6, transferring accounts: and reading an auditing result by the intelligent contract, and executing automatic transfer according to the auditing result.
Preferably, the specific step of step S6 is:
s61, reading a self-auditing result output by the enclave E by the intelligent contract SC
Figure 602147DEST_PATH_IMAGE039
Step S62. intelligent contract SC judgment
Figure 699416DEST_PATH_IMAGE040
The value of (c):
when in use
Figure 282975DEST_PATH_IMAGE041
Then, the intelligent contract SC transfers the cost of one storage period to the Ethenhouse account of the cloud server CS according to a preset program;
when in use
Figure 174708DEST_PATH_IMAGE042
And then, the intelligent contract SC transfers all the deposit of the cloud server CS to the Ethernet house account of the user U as compensation according to a preset program.
The invention has the beneficial effects that:
(1) the cloud storage self-auditing method supports a data owner to acquire the integrity state of an outsourced data packet when resources are limited on the premise of not depending on any trusted third party participant and based on the SGX and the Ether house block chain;
(2) in the invention, the latest Ethernet house block chain is used as the basis
Figure 92985DEST_PATH_IMAGE043
The cloud server randomly samples the data blocks in the external data packet and runs a self-auditing program in the enclave to check the integrity state of the sampled data blocks, so that the verifiable randomness of a sampling set is ensured, the cloud server can be effectively prevented from selecting a specific data block set as an auditing sample set, and the replacement attack of a malicious cloud server can be resisted without introducing external participants;
(3) the invention provides a trusted execution environment (enclave) for a cloud server by utilizing an SGX technology, and can complete integrity audit of outsourced data blocks by root value verification of a Mercker hash tree under the protection of an isolation execution mechanism of the enclave; compared with the existing common auditing scheme based on homomorphic signature, the auditing method of the invention provides high auditing performance (Hash operation level) and low storage overhead (a cloud server does not need to store homomorphic data labels with larger size);
(4) the invention designs a payment mechanism, when the cloud server passes the data integrity verification, the cloud server is paid storage cost, otherwise, deposit of the cloud server is transferred to an Etherhouse account of the user, and the mechanism not only can prevent the user from keeping the pressure of receiving the integrity audit result on line, but also can restrict the malicious behavior of the cloud server in an indemnification mode.
Drawings
FIG. 1 is a flow chart of a cloud storage self-auditing method;
FIG. 2 is a schematic diagram of remote identity authentication of an inter-platform enclave;
fig. 3 is a schematic diagram of enclave identity authentication of a local platform;
FIG. 4 is a schematic diagram of reconstruction and root validation of a Mercker hash tree;
fig. 5 is another flowchart of a cloud storage self-auditing method.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
Referring to fig. 1 to 5, the embodiment provides a cloud storage self-auditing method based on an SGX and an ethernet block chain:
as shown in fig. 1, the cloud storage self-auditing method based on the SGX and the ethernet block chain includes:
s1, system initialization: selecting public parameters and generating a key of an entity, wherein the public parameters comprise a secure hash function and a signature algorithm, and the key of the entity comprises a signature key pair of a user and a signature key pair of an enclave.
Specifically, the step S1 includes the following steps:
s11, selecting a secure hash function
Figure 993945DEST_PATH_IMAGE001
And signature algorithm
Figure 900852DEST_PATH_IMAGE002
Step S12, generating a signature key pair of the user U
Figure 229065DEST_PATH_IMAGE003
And Ethernet house address of user U
Figure 369060DEST_PATH_IMAGE004
Wherein
Figure 73710DEST_PATH_IMAGE005
Is the public key of the user U,
Figure 366283DEST_PATH_IMAGE006
is the private key of user U.
Step S13, generating a signature key pair of the enclave E
Figure 865397DEST_PATH_IMAGE007
And Ether house address of enclave E
Figure 492688DEST_PATH_IMAGE008
Wherein
Figure 735450DEST_PATH_IMAGE009
Is the public key of the enclave E and,
Figure 882529DEST_PATH_IMAGE010
is the private key of enclave E.
The "enclave" refers to an isolated environment created in computer memory using the Intel software protection extension (Intel SGX), where data and programs can be used securely.
S14, obtaining the Ethernet bay address of the cloud server CS
Figure 552544DEST_PATH_IMAGE011
S2, local preparation: the method comprises the steps that a user preprocesses data to be outsourced to generate an outsourced data packet and auxiliary information used for self-auditing is generated, wherein the auxiliary information comprises a Mercker hash tree, a self-auditing program and an intelligent contract corresponding to the outsourced data packet.
Specifically, the step S2 includes the following steps:
s21, encrypting the original data F and carrying out blocking processing to generate an outsourced data block set
Figure 667131DEST_PATH_IMAGE012
Wherein the content of the first and second substances,
Figure 448005DEST_PATH_IMAGE013
in order to connect the symbols, the user can select the symbol,
Figure 511907DEST_PATH_IMAGE014
representing a data block numbered n, outsourcing a set of data blocks
Figure 352824DEST_PATH_IMAGE044
Namely the outsourced data packet.
Step S22, data block is used
Figure 157969DEST_PATH_IMAGE015
Hash value of
Figure 899791DEST_PATH_IMAGE016
The merkel hash tree Tr is constructed as a leaf node, the root value of which is root.
And S23, generating (compiling) a self-auditing program P and an intelligent contract SC.
The self-auditing program P supports reading auditing information and verifying the root value root of the Mercker hash tree Tr. In some embodiments, the self-auditing program P is specifically configured as shown in table 1, and first verifies whether a data block is a randomly sampled data block, then verifies the integrity of the corresponding data block, and finally outputs a signed audit result. Specifically, the method comprises the following steps: a. calling a getLock function and a getSilbing function by a self-auditing program P according to an auditing request of a cloud server CS to read a sampling data block and a corresponding auxiliary hash value set stored in a memory of the cloud server CS (lines 4-5 in Table 1); b. decrypting each data block from the auditing program P (line 6 in Table 1) and judging whether the sequence number of the data block is consistent with the sampling set (lines 7-8 in Table 1); c. if the sequence number of the data block is consistent with the sample set, judging whether the root value of the reconstructed Mercker hash tree is equal to the initially loaded root value (line 9 in Table 1); repeating a-c until all data blocks in the sample set are traversed (row 3 in table 1); if the root values of all reconstructed merkel hash trees are equal to the originally loaded root values, then a transaction is created and signed (transaction) (lines 12-13 in table 1), and then the transaction is sent to the cloud server (line 14 in table 1), otherwise an error message is output (line 10 in table 1).
TABLE 1 code implementation of self-Audit program
Figure DEST_PATH_IMAGE046A
And the intelligent contract SC is made to collect the deposit of the user and the cloud server, supports the generation of random seeds for self-auditing and supports the completion of automatic transfer according to the auditing result. In some embodiments, the specific configuration of the self-auditing program P is as shown in tables 2-4.
As shown in table 2, the smart contract SC verifies the identities of the cloud server CS and the user U; after the identity authentication is passed, a giveDeposit function of the intelligent contract SC judges the transfer condition of the deposit of the cloud server CS and the pre-stored amount of the user U: and if the cloud server CS and the user U both complete the transfer of corresponding funds (the deposit of the cloud server CS and the pre-stored amount of money of the user U), switching the state of the intelligent contract SC to a standby state, otherwise, not entering a data outsourcing storage mode.
Table 2 deposit receipt code implementation for smart contracts
Figure DEST_PATH_IMAGE048A
As shown in table 3, after the state of the smart contract SC is switched to the standby state, if the cloud server CS is availableIf the identity of the user U is legal, then, at the time t of the audit cycle, the challenge function of the smart contract SC reads the latest continuous block chain of the Etherhouse
Figure 37774DEST_PATH_IMAGE049
Random numbers of one (e.g., 12) blocks generate random seeds, and the intelligent contract SC is switched from a ready state to an audit state.
Table 3 random number generation code implementation of smart contracts
Figure DEST_PATH_IMAGE051A
As shown in table 4, after entering the audit state, the intelligent contract SC automatically transfers money according to the audit result. Specifically, if the integrity verification of the data block sampled from the cloud server CS fails, the terminate function of the intelligent contract SC transfers the deposit of the cloud server CS as the reimbursement to the ethernet account of the user U, and simultaneously enters the state of the intelligent contract SC into the end state; and if the integrity of the data block sampled on the cloud server CS passes verification, the terminate function of the intelligent contract SC transfers the appointed part of the pre-stored amount of the user U as the storage cost of one period to the Ethernet account of the cloud server CS, and simultaneously enters the state of the intelligent contract SC into a preparation state and waits for next audit.
Table 4 automatic transfer code implementation for intelligent contracts
Figure DEST_PATH_IMAGE053A
S3, outsourcing of data packets: and the user sends the outsourcing data packet and the auxiliary information to the cloud server, and the user and the enclave deployed on the cloud server complete bidirectional identity authentication.
Specifically, the step S3 includes the following steps:
step S31. generating signature
Figure 551057DEST_PATH_IMAGE017
And sends the outsourcing set to the cloud server CS
Figure 374657DEST_PATH_IMAGE018
Wherein, in the step (A),
Figure 513645DEST_PATH_IMAGE019
wherein P is a self-auditing program to be used for cloud server self-auditing,
Figure 739090DEST_PATH_IMAGE020
for a data packet that the cloud server will store in its storage space,
Figure 921810DEST_PATH_IMAGE021
and loading the data packet stored in the enclave isolated memory area PRM for the cloud server. The above-mentioned
Figure 498285DEST_PATH_IMAGE054
Loading to the enclave for storage by a cloud server CS
Figure 175385DEST_PATH_IMAGE055
To be stored in the storage space of the cloud server.
And S32, broadcasting the intelligent contract SC to the Ethernet workshop network, verifying the intelligent contract SC by miners of the Ethernet workshop network, and writing the intelligent contract SC into the Ethernet workshop block chain after the verification is passed. The verification of the intelligent contract SC by the miners of the Ethernet workshop network comprises the following steps: and verifying the legality of the block chain account addresses of the cloud server CS and the user U in the intelligent contract SC, and whether the balance of the block chain account meets the preset amount or not.
And S33, after the intelligent contract SC is written into the Etherhouse block chain, transferring accounts to the intelligent contract SC by the user to serve as the pre-stored amount of the storage fee.
Step S34, by utilizing a remote authentication mechanism (remote authentication mechanism) of an (Intel) SGX technology, a user U and an enclave E deployed on a cloud server CS complete bidirectional identity authentication, and the user U shares a signature key pair of the enclave E after the bidirectional identity authentication is successful to the enclave E
Figure 255336DEST_PATH_IMAGE022
In some embodiments, user U shares the signature key pair of enclave E with enclave E via the established secure channel after the bidirectional authentication is successful
Figure 874536DEST_PATH_IMAGE022
The bidirectional identity authentication process of the user U and the enclave E comprises the following steps: the remote authentication mechanism of the Intel SGX technology supports a user to verify the authenticity of an enclave deployed on a cloud server, and is mainly realized through two instructions of EREPORT and EGETKEY. The remote authentication mechanism comprises a local authentication part and a remote authentication part. The local authentication is used for confirming whether the target enclave and the local authentication operate on the same platform or not; it relates to a Message Authentication Code (MAC) and a report key. The reporting key is only visible to the enclave itself and the ereprt of the same platform. Remote authentication between the user and the cloud server is used for confirming the authenticity of the remote enclave; it relates to a signature mechanism, a signature key and a public key certificate. On the basis of the local authentication mechanism, the remote attestation mechanism introduces a special enclave with an open identity, called a quoted enclave (quoting enclave). The reference enclave E creates a platform-approved signing key
Figure 672728DEST_PATH_IMAGE056
(enhanced private identification) which binds the version number of the processor firmware and represents the trustworthiness of the platform and the underlying hardware. When the enclave system is running, the key can only be read by referring to the enclave
Figure 153519DEST_PATH_IMAGE057
As shown in fig. 2, remote authentication between platforms employs an asymmetric key mechanism. The steps of bidirectional authentication of the requester Enclave a (i.e. user) and the target Enclave B (Enclave deployed on a cloud server) are as follows: (1) enclave a sends an identity authentication request to Enclave B. (2) After receiving an identity authentication request of Enclave A, the Enclave B calls an EREPORRT instruction to generate a REPORT structure and sends the REPORT structure to a reference Enclave C; (3) after receiving the REPORT structure of Enclave B, Enclave C performs local mutual authentication with Enclave B in the local platform. (4) After Enclave B and Enclave C mutually authenticate, Enclave C generates a remote authentication result quite and generates a signature with a processor private key EPID. (5) Enclave C sends the remote authentication result quite, the signature and the related manifest to the authentication requester Enclave a. (6) After receiving the relevant data, the Enclave A verifies the validity of the signature through a public key certificate of the target Enclave platform, and confirms the identity of the Enclave B through the content of the manifest and the abstract.
Notably, the REPORT structure can provide additional user data fields (storing user-defined data structures) to support more complex interaction approaches. The session key is shared as in the method of the present embodiment to establish a secure channel to support sharing of the enclave signing key pair.
As shown in fig. 3, the steps of bidirectional authentication between Enclave a and Enclave B on the same platform are as follows: (1) the method comprises the following steps that an Enclave B sends an identity authentication request to an Enclave A; (2) enclave A calls an EREPORT instruction to generate a REPORT structure (including identity information and some other data); (3) enclave A acquires a REPORT key of Enclave B and calculates a MAC label of a REPORT structure; (4) enclave A generates a final REPORT structure and sends the final REPORT structure to Enclave B; (5) after receiving the REPORT structure of Enclave a, Enclave B calls an EGETKEY instruction to acquire a REPORT key, and compares the recalculated MAC value with the received MAC value in the REPORT structure. Enclave B recognizes the identity of Enclave a when the trusted hardware part is validated and the MAC values match. Similarly, Enclave a verifies the identity of Enclave B in the same way, thereby completing mutual authentication in the platform.
S4, cloud storage: verifying the integrity of the outsourced data packet and the correctness of the auxiliary information, storing the outsourced data packet by the cloud server after the verification is passed, and loading the auxiliary information into the enclave.
Specifically, the step S4 includes the following steps:
s41, the cloud server collects the received outsourcing
Figure 87977DEST_PATH_IMAGE023
A verification is performed in which, among other things,
Figure 612499DEST_PATH_IMAGE024
to external package set
Figure 897987DEST_PATH_IMAGE025
Performing verification includes verifying the signature
Figure 916890DEST_PATH_IMAGE026
The legitimacy of the outsourced data block set D and the correctness of the mercker hash tree Tr.
Step S42. will
Figure 971434DEST_PATH_IMAGE027
Stored in the storage space of the cloud server, the cloud server CS transfers money as deposit to the smart contract SC.
Step S43. will
Figure 932436DEST_PATH_IMAGE028
And loading the data into an isolated memory area PRM (processor reserved memory) of the enclave E for storage.
S5, self-auditing: according to a preset audit period, the cloud server reads the random number of the block chain system to generate challenge information, and a self-audit program in the enclave is operated to finish integrity audit of the sampled data block.
Specifically, the step S5 includes the following steps:
and S51, taking the preset auditing period time t as the input of the intelligent contract SC, and generating and outputting a random seed r by a challenge function of the intelligent contract SC.
And S52, the cloud server CS selects a data block set B to be audited based on the random seed r.
Step S53, the cloud server CS operates the self-auditing program in the enclave EP to read attestation information generated by cloud server CS
Figure 439641DEST_PATH_IMAGE029
Q is a block number set of a data block set B to be audited, B is a data block set to be audited, and H is a hash value set used for root value verification of the Mercker hash tree. The method for acquiring the hash value set H comprises the following steps: and calling a getLock function and a getSilbing function (through an OCALL instruction) by the self-auditing program P according to an auditing request of the cloud server CS to read the sample data blocks and the corresponding auxiliary hash value set H stored in the memory of the cloud server CS.
And S54, the self-auditing program P decrypts the data block to be audited in the data block set B to be audited, and judges whether the data block to be audited is the data block to be selected for sampling or not according to the serial number of the data block to be audited. For example, if the serial numbers of the data blocks to be selected by sampling are 1, 3, and 5, respectively, in this step, it is determined whether the serial number of the data block to be audited in the data block set B to be audited is 1, 3, or 5, and if so, the data block to be audited is the data block to be selected by sampling.
And S55, if the data block to be audited is the data block to be selected by sampling, reading the Hash value in the H set to reconstruct the Mercker Hash tree of the data block to be audited, and generating a root value of the reconstructed Mercker Hash tree.
And S56, judging whether the root value of the reconstructed Mercker Hash tree of the data block to be audited is equal to the initially loaded root value, and if the root value of the reconstructed Mercker Hash tree of the data block to be audited is equal to the initially loaded root value, verifying the integrity of the data block to be audited. It should be noted that the cloud server CS in S43 will
Figure 262235DEST_PATH_IMAGE028
And loading the root value root into an isolated memory region PRM of the enclave E for storage, namely acquiring the root value root loaded initially.
For example, as shown in fig. 4, when the cloud server CS selects based on the random seed r, the set of data blocks to be examined is counted
Figure 436864DEST_PATH_IMAGE058
And hash value set
Figure 303189DEST_PATH_IMAGE059
. The cloud server CS operates a self-auditing program P in the enclave to verify the root value and judge the equation
Figure 563269DEST_PATH_IMAGE060
And
Figure 759912DEST_PATH_IMAGE061
whether or not they are simultaneously true, wherein,
Figure 789048DEST_PATH_IMAGE062
for the data block to be checked in the data block set B to be checked
Figure 826274DEST_PATH_IMAGE063
The integrity of the equation (a) of (b),
Figure 573650DEST_PATH_IMAGE064
for the data block to be checked in the data block set B to be checked
Figure 738046DEST_PATH_IMAGE065
The integrity equation of (c).
And S57, repeating the steps S54-S56 until all the data blocks to be audited in the data block set B are traversed.
Step S58. enclave E outputs self-auditing result
Figure 621689DEST_PATH_IMAGE030
Wherein, in the step (A),
Figure 95395DEST_PATH_IMAGE031
for the data block to be checked in the data block set B to be checked
Figure 64488DEST_PATH_IMAGE032
The integrity of the equation (a) of (b),
Figure 766996DEST_PATH_IMAGE033
private key representing enclave E
Figure 770724DEST_PATH_IMAGE034
And (3) signature: if the integrity of all the data blocks to be audited passes verification, the self-auditing result output by the enclave E
Figure 946491DEST_PATH_IMAGE035
Is composed of
Figure 153612DEST_PATH_IMAGE036
Otherwise, the self-auditing result output by the enclave E
Figure 909079DEST_PATH_IMAGE037
Is composed of
Figure 767313DEST_PATH_IMAGE038
. Specifically, if the root value of the reconstructed Mercker hash tree of the data block to be audited is equal to the root value of the original loading of the data block to be audited, the root value of the reconstructed Mercker hash tree is equal to the root value of the original loading of the data block to be audited
Figure 582822DEST_PATH_IMAGE066
Otherwise
Figure DEST_PATH_IMAGE067
(ii) a That is, if the integrity of any data block to be audited fails, the audit is completed
Figure DEST_PATH_IMAGE068
When the temperature of the water is higher than the set temperature,
Figure DEST_PATH_IMAGE069
then the integrity verification of the sampled data block fails.
In some embodiments, as shown in fig. 5, in the cloud storage self-auditing method, after step S5, the method further includes the following steps:
s6, transferring accounts: and reading an auditing result by the intelligent contract, and executing automatic transfer according to the auditing result.
Specifically, the step S6 includes the following steps:
s61, reading a self-auditing result output by the enclave E by the intelligent contract SC
Figure 870715DEST_PATH_IMAGE039
Step S62. intelligent contract SC judgment
Figure 915026DEST_PATH_IMAGE040
The value of (c):
when in use
Figure 627767DEST_PATH_IMAGE041
Then, the intelligent contract SC transfers the cost of one storage period to the Ethenhouse account of the cloud server CS according to a preset program;
when in use
Figure 614178DEST_PATH_IMAGE042
And then, the intelligent contract SC transfers all the deposit of the cloud server CS to the Ethernet house account of the user U as compensation according to a preset program.
The foregoing is illustrative of the preferred embodiments of this invention, and it is to be understood that the invention is not limited to the precise form disclosed herein and that various other combinations, modifications, and environments may be resorted to, falling within the scope of the concept as disclosed herein, either as described above or as apparent to those skilled in the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (8)

1. Cloud storage self-auditing method based on SGX and ether house block chain is characterized by comprising the following steps:
s1, system initialization: selecting public parameters and generating a key of an entity, wherein the public parameters comprise a secure hash function and a signature algorithm, and the key of the entity comprises a signature key pair of a user and a signature key pair of an enclave;
s2, local preparation: a user preprocesses data to be outsourced to generate an outsourcing data packet and auxiliary information, wherein the auxiliary information comprises a Mercker hash tree, a self-auditing program and an intelligent contract corresponding to the outsourcing data packet;
s3, outsourcing of data packets: the user sends the outsourcing data packet and the auxiliary information to the cloud server, and the user and the enclave deployed on the cloud server complete bidirectional identity authentication;
s4, cloud storage: verifying the integrity of the outsourced data packet and the correctness of the auxiliary information, storing the outsourced data packet by the cloud server after the verification is passed, and loading the auxiliary information into the enclave;
s5, self-auditing: according to a preset audit period, the cloud server reads the random number of the block chain system to generate challenge information, and a self-audit program in the enclave is operated to finish integrity audit of the sampled data block.
2. The SGX and Etherhouse block chain-based cloud storage self-auditing method according to claim 1, wherein the specific steps of step S1 are:
s11, selecting a secure hash function
Figure DEST_PATH_IMAGE001
And signature algorithm
Figure DEST_PATH_IMAGE002
Step S12, generating a signature key pair of the user U
Figure DEST_PATH_IMAGE003
And Ethernet house address of user U
Figure DEST_PATH_IMAGE004
Wherein
Figure DEST_PATH_IMAGE005
Is the public key of the user U,
Figure DEST_PATH_IMAGE006
a private key for user U;
step S13, generating a signature key pair of the enclave E
Figure DEST_PATH_IMAGE007
And Ether house address of enclave E
Figure DEST_PATH_IMAGE008
Wherein
Figure DEST_PATH_IMAGE009
Is the public key of the enclave E and,
Figure DEST_PATH_IMAGE010
a private key for enclave E;
s14, obtaining the Ethernet bay address of the cloud server CS
Figure DEST_PATH_IMAGE011
3. The SGX and Etherhouse block chain-based cloud storage self-auditing method according to claim 2, wherein the specific steps of step S2 are:
s21, encrypting the original data F and carrying out blocking processing to generate an outsourced data block set
Figure DEST_PATH_IMAGE012
Wherein, in the step (A),
Figure DEST_PATH_IMAGE013
in order to connect the symbols, the user can select the symbol,
Figure DEST_PATH_IMAGE014
indicates a data block numbered n;
step S22, data block is used
Figure DEST_PATH_IMAGE015
Hash value of
Figure DEST_PATH_IMAGE016
Constructing a Mercker hash tree Tr as a leaf node, wherein the root value of the Mercker hash tree Tr is root;
and S23, generating a self-auditing program P and an intelligent contract SC.
4. The SGX and Etherhouse block chain-based cloud storage self-auditing method according to claim 3, wherein the specific steps of step S3 are:
step S31. generating signature
Figure DEST_PATH_IMAGE017
And sends the outsourcing set to the cloud server CS
Figure DEST_PATH_IMAGE018
Wherein, in the step (A),
Figure DEST_PATH_IMAGE019
wherein P is a self-auditing program to be used for cloud server self-auditing,
Figure DEST_PATH_IMAGE020
for a data packet that the cloud server will store in its storage space,
Figure DEST_PATH_IMAGE021
loading a data packet stored in a enclave isolated memory (PRM) region for a cloud server;
s32, broadcasting the intelligent contract SC to an Ethernet workshop network, verifying the intelligent contract SC by a miner of the Ethernet workshop network, and writing the intelligent contract SC into an Ethernet workshop block chain after the verification is passed;
s33, after the intelligent contract SC is written into the Etherhouse block chain, transferring accounts to the intelligent contract SC by a user to serve as a pre-stored amount of storage cost;
step S34, remote authentication by utilizing SGX technologyThe mechanism is that a user U and an enclave E deployed on a cloud server CS complete bidirectional identity authentication, and the user U shares a signature key pair of the enclave E after the bidirectional identity authentication is successful
Figure DEST_PATH_IMAGE022
5. The SGX and Etherhouse block chain-based cloud storage self-auditing method according to claim 4, wherein the specific steps of step S4 are:
s41, the cloud server collects the received outsourcing
Figure DEST_PATH_IMAGE023
A verification is performed in which, among other things,
Figure DEST_PATH_IMAGE024
to external package set
Figure DEST_PATH_IMAGE025
Performing verification includes verifying the signature
Figure DEST_PATH_IMAGE026
The legitimacy of the outsourced data block set D, the integrity of the outsourced data block set D and the correctness of the Mercker hash tree Tr;
step S42. will
Figure DEST_PATH_IMAGE027
The intelligent contract is stored in a storage space of the cloud server, and the cloud server CS transfers the intelligent contract SC as deposit;
step S43. will
Figure DEST_PATH_IMAGE028
And loading the data into an isolated memory area PRM of the enclave E for storage.
6. The SGX and Etherhouse block chain-based cloud storage self-auditing method according to claim 5, wherein the specific steps of step S5 are:
s51, taking preset audit period time t as input of an intelligent contract SC, and generating and outputting a random seed r by a challenge function of the intelligent contract SC;
s52, the cloud server CS selects a data block set B to be audited based on the random seeds r;
step S53, the cloud server CS operates the self-auditing program P in the enclave E to read the certification information generated by the cloud server CS
Figure DEST_PATH_IMAGE029
Q is a block number set of a data block set B to be audited, B is a data block set to be audited, and H is a hash value set used for root value verification of a Mercker hash tree;
s54, the self-auditing program P decrypts the data block to be audited in the data block set B to be audited, and judges whether the data block to be audited is the data block to be selected for sampling or not according to the serial number of the data block to be audited;
s55, if the data block to be audited is the data block to be selected by sampling, reading the Hash value in the H set to reconstruct the Mercker Hash tree of the data block to be audited, and generating a root value of the reconstructed Mercker Hash tree;
s56, judging whether the root value of the reconstructed Mercker Hash tree of the data block to be audited is equal to the initially loaded root value, and if the root value of the reconstructed Mercker Hash tree of the data block to be audited is equal to the initially loaded root value, verifying the integrity of the data block to be audited;
s57, repeating the steps S54-S56 until all the data blocks to be audited in the data block set B are traversed;
step S58. enclave E outputs self-auditing result
Figure DEST_PATH_IMAGE030
Wherein, in the step (A),
Figure DEST_PATH_IMAGE031
counting data blocks for pending reviewPending data block in set B
Figure DEST_PATH_IMAGE032
The integrity of the equation (a) of (b),
Figure DEST_PATH_IMAGE033
private key representing enclave E
Figure DEST_PATH_IMAGE034
And (3) signature: if the integrity of all the data blocks to be audited passes verification, the self-auditing result output by the enclave E
Figure DEST_PATH_IMAGE035
Is composed of
Figure DEST_PATH_IMAGE036
Otherwise, the self-auditing result output by the enclave E
Figure DEST_PATH_IMAGE037
Is composed of
Figure DEST_PATH_IMAGE038
7. The SGX and Etherhouse blockchain-based cloud storage self-auditing method according to claim 6 further comprising the following steps after step S5:
s6, transferring accounts: and reading an auditing result by the intelligent contract, and executing automatic transfer according to the auditing result.
8. The SGX and Etherhouse block chain-based cloud storage self-auditing method according to claim 7, wherein the specific steps of step S6 are:
s61, reading a self-auditing result output by the enclave E by the intelligent contract SC
Figure DEST_PATH_IMAGE039
Step S62. intelligent contract SC judgment
Figure DEST_PATH_IMAGE040
The value of (c):
when in use
Figure DEST_PATH_IMAGE041
Then, the intelligent contract SC transfers the cost of one storage period to the Ethenhouse account of the cloud server CS according to a preset program;
when in use
Figure DEST_PATH_IMAGE042
And then, the intelligent contract SC transfers all the deposit of the cloud server CS to the Ethernet house account of the user U as compensation according to a preset program.
CN202110840994.8A 2021-07-26 2021-07-26 Cloud storage self-auditing method based on SGX and Ether house block chain Pending CN113285812A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110840994.8A CN113285812A (en) 2021-07-26 2021-07-26 Cloud storage self-auditing method based on SGX and Ether house block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110840994.8A CN113285812A (en) 2021-07-26 2021-07-26 Cloud storage self-auditing method based on SGX and Ether house block chain

Publications (1)

Publication Number Publication Date
CN113285812A true CN113285812A (en) 2021-08-20

Family

ID=77287190

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110840994.8A Pending CN113285812A (en) 2021-07-26 2021-07-26 Cloud storage self-auditing method based on SGX and Ether house block chain

Country Status (1)

Country Link
CN (1) CN113285812A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992389A (en) * 2021-10-26 2022-01-28 东北大学秦皇岛分校 SGX data integrity auditing method based on dynamic frequency table
CN114781006A (en) * 2022-06-20 2022-07-22 山东省计算中心(国家超级计算济南中心) Outsourcing data integrity auditing method and system based on block chain and SGX
CN117473020A (en) * 2023-12-27 2024-01-30 湖南天河国云科技有限公司 Data access method, system, computer storage medium and terminal device

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109190410A (en) * 2018-09-26 2019-01-11 华中科技大学 A kind of log behavior auditing method based on block chain under cloud storage environment
CN109245894A (en) * 2018-07-18 2019-01-18 电子科技大学 A kind of distributed cloud storage system based on intelligent contract
CN109391621A (en) * 2018-10-24 2019-02-26 电子科技大学 The public cloud integrity of data stored method of inspection based on block chain
US20190325044A1 (en) * 2018-04-24 2019-10-24 Microsoft Technology Licensing, Llc Relational distributed ledger for smart contracts
US20200014691A1 (en) * 2018-05-28 2020-01-09 Royal Bank Of Canada System and method for storing and distributing consumer information
CN111949602A (en) * 2020-07-16 2020-11-17 桂林电子科技大学 Outsourcing data safety migration method and system supporting integrity verification
US20200382310A1 (en) * 2019-05-29 2020-12-03 International Business Machines Corporation Reduced-step blockchain verification of media file
CN112054897A (en) * 2020-08-13 2020-12-08 武汉大学 Outsourcing Internet of things data for protecting privacy based on block chain and integrity verification method for backup of outsourcing Internet of things data
CN112261020A (en) * 2020-10-15 2021-01-22 中国电子科技集团公司第五十四研究所 Distributed remote outsourcing data auditing system and method
US20210119774A1 (en) * 2019-04-03 2021-04-22 Advanced New Technologies Co., Ltd. Processing blockchain data based on smart contract operations executed in a trusted execution environment

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190325044A1 (en) * 2018-04-24 2019-10-24 Microsoft Technology Licensing, Llc Relational distributed ledger for smart contracts
US20200014691A1 (en) * 2018-05-28 2020-01-09 Royal Bank Of Canada System and method for storing and distributing consumer information
CN109245894A (en) * 2018-07-18 2019-01-18 电子科技大学 A kind of distributed cloud storage system based on intelligent contract
CN109190410A (en) * 2018-09-26 2019-01-11 华中科技大学 A kind of log behavior auditing method based on block chain under cloud storage environment
CN109391621A (en) * 2018-10-24 2019-02-26 电子科技大学 The public cloud integrity of data stored method of inspection based on block chain
US20210119774A1 (en) * 2019-04-03 2021-04-22 Advanced New Technologies Co., Ltd. Processing blockchain data based on smart contract operations executed in a trusted execution environment
US20200382310A1 (en) * 2019-05-29 2020-12-03 International Business Machines Corporation Reduced-step blockchain verification of media file
CN111949602A (en) * 2020-07-16 2020-11-17 桂林电子科技大学 Outsourcing data safety migration method and system supporting integrity verification
CN112054897A (en) * 2020-08-13 2020-12-08 武汉大学 Outsourcing Internet of things data for protecting privacy based on block chain and integrity verification method for backup of outsourcing Internet of things data
CN112261020A (en) * 2020-10-15 2021-01-22 中国电子科技集团公司第五十四研究所 Distributed remote outsourcing data auditing system and method

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
JIANGANG SHU;XING ZOU: ""Blockchain-Based Decentralized Public Auditing for Cloud Storage"", 《IEEE TRANSACTIONS ON CLOUD COMPUTING》 *
YING WANG;YONG GOU: ""Construction of Audit Internal Control Intelligent System Based on Blockchain and Cloud Storage"", 《2020 4TH INTERNATIONAL CONFERENCE ON TRENDS IN ELECTRONICS AND INFORMATICS (ICOEI)(48184)》 *
姜亚南: ""基于区块链的数据完整性审计和私密性保护研究"", 《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》 *
张源: ""数据安全外包存储关键技术研究"", 《中国优秀博硕士学位论文全文数据库(博士)信息科技辑》 *
薛婧婷: ""云环境中数据安全存储关键技术研究"", 《中国优秀博硕士学位论文全文数据库(博士)信息科技辑》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992389A (en) * 2021-10-26 2022-01-28 东北大学秦皇岛分校 SGX data integrity auditing method based on dynamic frequency table
CN114781006A (en) * 2022-06-20 2022-07-22 山东省计算中心(国家超级计算济南中心) Outsourcing data integrity auditing method and system based on block chain and SGX
CN114781006B (en) * 2022-06-20 2022-09-13 山东省计算中心(国家超级计算济南中心) Outsourcing data integrity auditing method and system based on block chain and SGX
CN117473020A (en) * 2023-12-27 2024-01-30 湖南天河国云科技有限公司 Data access method, system, computer storage medium and terminal device
CN117473020B (en) * 2023-12-27 2024-03-22 湖南天河国云科技有限公司 Data access method, system, computer storage medium and terminal device

Similar Documents

Publication Publication Date Title
Saad et al. Exploring the attack surface of blockchain: A comprehensive survey
Saad et al. Exploring the attack surface of blockchain: A systematic overview
US11477032B2 (en) System and method for decentralized-identifier creation
US20240119166A1 (en) Distributed privately subspaced blockchain data structures with secure access restriction management
US20200328878A1 (en) System and method for blockchain-based cross-entity authentication
US20200145229A1 (en) System and method for blockchain-based cross-entity authentication
CN113285812A (en) Cloud storage self-auditing method based on SGX and Ether house block chain
KR102237014B1 (en) System and method for blockchain-based authentication
CN113422688B (en) Rapid auditing method for cloud storage data
CN110291757A (en) For providing the method for simplified account register service, user authentication service and utilizing its certificate server
CN109245894B (en) Distributed cloud storage system based on intelligent contracts
Zhu et al. Hybrid blockchain design for privacy preserving crowdsourcing platform
US20200204338A1 (en) Securing public key cryptographic algorithms
CN114900290A (en) Data transaction model and privacy protection method based on block chain
CN110019101B (en) External storage method and system for blockchain object
CN114297304A (en) Product information block chain transaction storage method, server and readable medium
CN114866323B (en) User-controllable privacy data authorization sharing system and method
Jonathan et al. Security issues and vulnerabilities on a blockchain system: A review
CN113992526B (en) Coalition chain cross-chain data fusion method based on credibility calculation
KR20090095940A (en) System and Method for Non-faced Financial Transaction by Using Verification of Transaction Step and Program Recording Medium
CN114567491A (en) Medical record sharing method and system based on zero trust principle and block chain technology
Oakley et al. Unmasking criminal enterprises: an analysis of Bitcoin transactions
Qing et al. An assessment framework for distributed ledger technology in financial application
CN108848096A (en) Handle method, apparatus, equipment and the computer readable storage medium of service contract
TW202135504A (en) Platform services verification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20210820

WD01 Invention patent application deemed withdrawn after publication