CN114415943B - Public auditing method and auditing system for cloud multi-copy data - Google Patents

Public auditing method and auditing system for cloud multi-copy data Download PDF

Info

Publication number
CN114415943B
CN114415943B CN202111590444.1A CN202111590444A CN114415943B CN 114415943 B CN114415943 B CN 114415943B CN 202111590444 A CN202111590444 A CN 202111590444A CN 114415943 B CN114415943 B CN 114415943B
Authority
CN
China
Prior art keywords
data
evidence
stored
auditing
cloud server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111590444.1A
Other languages
Chinese (zh)
Other versions
CN114415943A (en
Inventor
焦恒
李帅
杨玉龙
朱义杰
吴宇佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Aerospace Institute of Measuring and Testing Technology
Original Assignee
Guizhou Aerospace Institute of Measuring and Testing Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Aerospace Institute of Measuring and Testing Technology filed Critical Guizhou Aerospace Institute of Measuring and Testing Technology
Priority to CN202111590444.1A priority Critical patent/CN114415943B/en
Publication of CN114415943A publication Critical patent/CN114415943A/en
Application granted granted Critical
Publication of CN114415943B publication Critical patent/CN114415943B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/0614Improving the reliability of storage systems
    • G06F3/0619Improving the reliability of storage systems in relation to data integrity, e.g. data losses, bit errors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/067Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention discloses a public auditing method and an auditing system for cloud multi-copy data, which relate to the technical field of cloud computing data security and are used for solving the problem that integrity audit cannot be carried out on shared data uploaded by multiple users. The auditing method comprises the steps of firstly generating challenge information and sending the challenge information to a cloud server. And then receiving data evidence and label evidence generated and returned by the cloud server according to the challenge information. And finally, auditing the stored data stored in the cloud server by utilizing an audit formula according to the data evidence and the tag evidence, and further, carrying out integrity audit on shared data uploaded by multiple users, thereby effectively solving the problem of multi-copy data integrity audit for group sharing. The auditing method and the auditing system provided by the invention are used for carrying out integrity audit on the shared data uploaded by multiple users.

Description

Public auditing method and auditing system for cloud multi-copy data
Technical Field
The invention relates to the technical field of cloud computing data security, in particular to a public auditing method and auditing system of cloud multi-copy data for group sharing.
Background
Cloud computing is a typical data processing model, and by virtue of its powerful storage and computing capabilities and pay-per-demand service model, the difficult problem that individuals and enterprises need to store and manage massive data is solved. Currently, each large-tech enterprise actively deploys a cloud computing platform for providing data storage services and computing services for individual users and enterprise users. However, in recent years, frequent cloud data security events bring economic loss to users, reduce the trust of the public to cloud service providers, and limit the popularization and application of cloud computing. Therefore, it is necessary to periodically detect whether the data stored by the user on the cloud server is completely available.
In general, a user performs backup storage on first data in a cloud server to prevent data loss, and all existing multi-copy audit algorithms consider only one user, namely only one data owner, and cloud data can only be used and audited by the data owner. However, with the popularity of cloud sharing services, a plurality of users form a group, and data sharing is performed through the cloud. Backup storage of important shared data in a group is a common security means, but no auditing method and auditing system for integrity audit of shared data uploaded by multiple users exist at present.
Disclosure of Invention
The invention aims to provide a public auditing method and system for cloud multi-copy data, which are used for carrying out integrity audit on shared data uploaded by multiple users.
In order to achieve the above object, the present invention provides the following technical solutions:
a public auditing method of cloud multi-copy data, the auditing method comprising:
generating challenge information and sending the challenge information to a cloud server; the cloud server stores storage data corresponding to a plurality of users respectively;
receiving data evidence and tag evidence returned by the cloud server; the data evidence and the tag evidence are generated by the cloud server according to the challenge information;
and auditing the stored data stored in the cloud server by using an auditing formula by taking the data evidence and the tag evidence as input.
Compared with the prior art, in the auditing method provided by the invention, the auditing end firstly generates the challenge information and sends the challenge information to the cloud server. And then receiving data evidence and label evidence generated and returned by the cloud server according to the challenge information. And finally, auditing the stored data stored in the cloud server by utilizing an audit formula according to the data evidence and the tag evidence, and further, carrying out integrity audit on shared data uploaded by multiple users, thereby effectively solving the problem of multi-copy data integrity audit for group sharing.
The invention also provides a public auditing method of the cloud multi-copy data, which comprises the following steps:
receiving challenge information generated by an auditing end; the challenge information comprises a set L and a set V; the set L is divided into d first sets according to different users; d is the number of users; each first set is divided into a first subset and a second subset according to the data type; the first element stored in the first subset is an index of first data; the first elements stored in the second subset are indexes of second data; the second elements in the set V are in one-to-one correspondence with the first elements in the set L;
generating data evidence and tag evidence according to the challenge information; and the data evidence and the tag evidence are used for combining an auditing formula to audit the stored data stored in the cloud server.
Compared with the prior art, the auditing method has the advantages that the auditing method has the same advantages as those of the auditing method in the technical scheme, and the auditing method is not repeated here.
The invention also provides a public auditing system of the cloud multi-copy data, which comprises:
the generation module is used for generating challenge information and sending the challenge information to the cloud server; the cloud server stores storage data corresponding to a plurality of users respectively;
the first receiving module is used for receiving the data evidence and the tag evidence returned by the cloud server; the data evidence and the tag evidence are generated by the cloud server according to the challenge information;
and the first audit module is used for utilizing the data evidence and the tag evidence as input and utilizing an audit formula to audit the stored data stored in the cloud server.
Compared with the prior art, the auditing system provided by the invention has the same beneficial effects as the auditing method described in the technical scheme, and the auditing method is not described in detail herein.
The invention also provides a public auditing system of the cloud multi-copy data, which comprises:
the second receiving module is used for receiving the challenge information generated by the auditing end; the challenge information comprises a set L and a set V; the set L is divided into d first sets according to different users; d is the number of users; each first set is divided into a first subset and a second subset according to the data type; the first element stored in the first subset is an index of first data; the first elements stored in the second subset are indexes of second data; the second elements in the set V are in one-to-one correspondence with the first elements in the set L;
the second audit module is used for generating data evidence and label evidence according to the challenge information; and the data evidence and the tag evidence are used for combining an auditing formula to audit the stored data stored in the cloud server.
Compared with the prior art, the auditing system provided by the invention has the same beneficial effects as the auditing method described in the technical scheme, and the auditing method is not described in detail herein.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention and do not constitute a limitation on the invention. In the drawings:
FIG. 1 is a flow chart of the auditing method according to embodiment 1 of the present invention;
fig. 2 is a schematic diagram of an interaction process of the auditing method provided in embodiment 3 of the present invention.
Detailed Description
In order to clearly describe the technical solution of the embodiments of the present invention, in the embodiments of the present invention, the words "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect. For example, the first threshold and the second threshold are merely for distinguishing between different thresholds, and are not limited in order. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ. In the present invention, "at least one" means one or more, and "a plurality" means two or more.
In the present invention, the words "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
Example 1:
the embodiment is used for providing a public auditing method of cloud multi-copy data, as shown in fig. 1, where the auditing method includes:
s1: generating challenge information and sending the challenge information to a cloud server; the cloud server stores storage data corresponding to a plurality of users respectively;
as an optional implementation manner, the stored data corresponding to each of the plurality of users stored in the cloud server is calculated and uploaded by the data uploading system, which may include:
1) The data uploading system receives the original data uploaded by each user;
prior to 1), the auditing method of this embodiment may further include: the data uploading system is initialized to generate system parameters. Specifically, two q-order cyclic groups are selected to obtain a first q-order cyclic group G 1 And a second q-th order cyclic group G 2 . Selecting a first q-th order cyclic group G 1 The first independent generating element G, the second independent generating element u and the bilinear mapping e: G 1 ×G 1 →G 2 . And selecting two hash functions to obtain a first secure hash function H and a second secure hash function H. The group consists of d users, u i I=1, 2, …, d. The system parameter params is disclosed, and the expression is params= { G 1 ,G 2 Q, g, u, e, d, H, H, completing the system initialization. Where q is a large prime number of 160 bits in size, a first secure hash functionRepresenting the mapping of 01 bit strings of arbitrary length to finite field +.>The second secure hash function H {0,1} * →G 1 Representing the mapping of 01 bit strings of arbitrary length into a first q-th order cyclic group G 1 Is a component of the group. Further, the system parameters include a first q-th order cyclic group G 1 Second q-th order cyclic group G 2 The order q and the first q-order cyclic group G 1 The first independent generation element g, the second independent generation element u, the bilinear map e, the first secure hash function H, the second secure hash function H and the number d of users. And initializing the data uploading system to obtain system parameters, which is beneficial to the follow-up steps.
After initializing the data uploading system and generating the system parameters and before 1), the auditing method of the embodiment further includes: the data uploading system generates public and private key pairs corresponding to each user respectively according to system parameters, and the steps can include: for each user, the data uploading system uses the first random number selected by the user from the finite field as the private key corresponding to the user, specifically, user u i Selecting a first random numberAs private key, wherein->Is a finite field. After the private key is obtained, the data uploading system calculates a public key corresponding to the user according to the private key and system parameters, and the public key is +.>The private key and the public key form a public-private key pair corresponding to the user, and further public-private key pairs corresponding to all the users respectively are obtained. The system will secret the private key x i Public key y i . And the public key of each user is public and can be obtained by anyone, and the public key represents the identity of the user.
2) For each original data, the data uploading system judges whether the original data is first data or not;
the original data is first data or second data, the first data is important data, and the second data is non-important data.
3) If yes, the data uploading system generates a tag and a plurality of copy data based on the original data, and uploads the tag and all the copy data to the cloud server; at this time, the stored data includes the tag and all the copy data;
when the original data uploaded by the user is the first data, the data uploading system can generate a tag and a plurality of copy data based on the original data, upload the tag and all the copy data to the cloud server for storage, and the risk that all the data uploaded by the user are lost when the cloud server fails can be effectively relieved by carrying out backup storage on the first data.
Further, the data uploading system may generate a tag based on the original data, including: and the data uploading system generates a label according to the original data, the system parameters and the private key corresponding to the user. The data upload system generating the plurality of replica data based on the original data may include: the data uploading system randomly selects a second random number in the finite field, and then the data uploading system generates a plurality of copy data according to the second random number, the original data, the system parameters and the private key corresponding to the user.
Specifically, with the jth user u j Uploading the kth first data m k For example, a specific process of computing the tag and the plurality of replica data is described: the calculation formula used in calculating the tag is:
in formula 1, σ k For the first data m k A corresponding tag; id (id) k For the first data m k Is a unique identification of (a); x is x j For user u j A corresponding private key.
When calculating multiple copies of data, first selecting the second randomNumber of digitsAnd calculates the verification parameter T k The calculation formula is as follows:
let the first data m k The number of copies is n k First data m k Copy data m of the r-th copy of (2) k,r The calculation formula of (2) is as follows:
in formula 3, r=1, 2, n k . In addition, the system will n k And the copy data, the labels and the verification parameters are all sent to the cloud server for storage.
As an alternative embodiment, user u j Utilizing secure channels to transmit dataThe value of (2) is sent to the remaining users in the group by calculating +.>The original data can be restored.
Further, by using the steps, the user can upload the first data for sharing.
4) If not, the data uploading system generates a label based on the original data and uploads the original data and the label to the cloud server; at this time, the stored data includes the original data and the tag.
When the original data uploaded by the user is the second data, the data uploading system generates a label based on the original data, and uploads the label and the original data to the cloud server for storage. Further, the system generating the tag based on the raw data may include: and the system generates a label according to the original data, the system parameters and the private key corresponding to the user.
Specifically, with the jth user u j Uploading the second data m i For example, a specific procedure for calculating the tag is described: the calculation formula used in calculating the tag is:
in formula 4, σ i For the second data m i A corresponding tag; id (id) i For the second data m i Is a unique identification of (c). And will second data m i Sum label sigma i And sending the cloud server to store.
And the user can upload the second data for data sharing. According to the auditing method of the embodiment, a user can upload first data and second data to share the data, the first data needs to be backed up and stored, and the second data does not need to be backed up and stored.
Generating challenge information in S1 may include: c elements, c, are randomly selected from a positive integer set {1,2,..n }, c>0, constituting a set L. The set L is divided into d disjoint first sets l=l according to user differences 1 ∪L 2 ∪...∪L d D is the number of users, where L i Representing the user u i Uploaded data, i=1, 2,..d. Each first set can be divided into first subsets L according to data types i1 And a second subset L i2 ,L i =L i1 ∪L i2 ,L i1 Representing first data uploaded by a user, L i2 And the second data uploaded by the user is represented, namely the first element stored in the first subset is an index of the first data, and the first element stored in the second subset is an index of the second data. And then from the finite fieldC second elements are randomly selected to form a set V,i.e. the second element in set V andthe first elements in set L are in one-to-one correspondence. Then, a pending copy number corresponding to each first element in each first subset is determined, i.e., which copy of the first data is to be detected. Specifically, for any first element L ε L i1 Determining first data m to be detected l Copy number r to be checked of copy data of (a) l . The challenge information includes set L, set V, and a pending copy number. Audit terminal challenges informationAnd sending the cloud server. Wherein l represents data m l Is a reference to (a).
Furthermore, according to the auditing method provided by the embodiment, when the integrity of the data stored on the cloud server by a plurality of users in the group is required to be audited, the auditing end can audit both the first data and the second data.
S2: receiving data evidence and tag evidence returned by the cloud server; the data evidence and the tag evidence are generated by the cloud server according to the challenge information;
the auditing method of the embodiment further includes that the cloud server generates data evidence and tag evidence according to the challenge information, and specifically includes: the cloud server receives the challenge information. For each first element in each first set, the cloud server selects first storage data corresponding to the first element and second elements in a set V corresponding to the first element according to the first elements, and calculates data evidence and tag data according to the first storage data and the second elements.
Further, after receiving the challenge information, the cloud server divides the set L into d first disjoint sets according to different users, where l=l 1 ∪L 2 ∪...∪L d Wherein L is i Representing user u i Uploaded data, i=1, 2,..d.
The cloud server selects first storage data corresponding to the first element and second elements in a set V corresponding to the first element according to the first element, and calculates data evidence and tag data according to the first storage data and the second elements, wherein the data evidence and tag data specifically comprise:
for L i The cloud server judges whether the first elements are in a first subset or not;
if yes, selecting first storage data corresponding to the first element and a second element in the set V corresponding to the first element, calculating data evidence by using a first calculation formula according to the first storage data and the second element, and calculating tag evidence by using a second calculation formula. Specifically, the first element is an index of the first storage data, so the first storage data is selected according to the first element. The first calculation formula is:
in formula 5, m i1 Data evidence; v l Is a second element;for the first data m in the first stored data l Is the (r) th l Copy data, l is data m l Is a reference to (a).
The second calculation formula is:
in 6, sigma i Is label evidence; sigma (sigma) l For the first data m in the first stored data l Is a label of (a).
If not, selecting first storage data corresponding to the first element and a second element in the set V corresponding to the first element, calculating data evidence by using a third calculation formula according to the first storage data and the second element, and calculating tag evidence by using a second calculation formula.
The third calculation formula is:
in formula 7, m i2 Data evidence; v l Is a second element; m is m l For the second data in the first stored data, l is data m l Is a reference to (a).
The cloud server will respond to evidence { m } i1 ,m i2 ,σ i } i=1,2,...d And returning to the auditing end. And the cloud server finds out corresponding data and labels thereof according to the challenge information, generates data evidence and label evidence as response data and returns the response data to the auditing end.
S3: and auditing the stored data stored in the cloud server by using an auditing formula by taking the data evidence and the tag evidence as input.
The audit formula is:
and judging whether the equation 8 is satisfied, if yes, indicating that all the data are well preserved, otherwise, indicating that at least one data are damaged, auditing the stored data by an audit formula, and judging the integrity of the data after the audit terminal receives the information returned by the cloud server to finish audit.
According to the auditing method provided by the embodiment, firstly, a data uploading system is initialized to generate system parameters, and each user generates own public and private key pairs according to the system parameters. When the user uploads the first data, a plurality of copy data and labels are generated based on the original data, and the copy data and the labels are sent to the cloud server for storage. And the user initiates an audit request to the audit terminal, the audit terminal generates challenge information and sends the challenge information to the cloud server, the cloud server generates data evidence and label evidence according to the corresponding data and labels and returns the data evidence and the label evidence to the audit terminal, and the audit terminal judges whether the data is well preserved or not according to the data evidence and the label evidence. The auditing method of the embodiment has the advantages of carrying out first data sharing and second data sharing in the group, and carrying out backup storage on the first data can effectively relieve the risk of user data loss when the cloud server fails, and can effectively solve the problem of multi-copy data integrity auditing for the group sharing.
Example 2:
the embodiment is used for providing a public auditing method of cloud multi-copy data, and the auditing method comprises the following steps:
receiving challenge information generated by an auditing end; the challenge information comprises a set L and a set V; the set L is divided into d first sets according to different users; d is the number of users; each first set is divided into a first subset and a second subset according to the data type; the first element stored in the first subset is an index of first data; the first elements stored in the second subset are indexes of second data; the second elements in the set V are in one-to-one correspondence with the first elements in the set L;
generating data evidence and tag evidence according to the challenge information; and the data evidence and the tag evidence are used for combining an auditing formula to audit the stored data stored in the cloud server.
Example 3:
as shown in fig. 2, the present embodiment is configured to provide a public auditing method of cloud multi-copy data, where the data uploading system processes received original data uploaded by each user to generate storage data, and uploads the storage data to a cloud server. The auditing method in this embodiment is to audit the storage data stored in the cloud server. When the stored data is required to be checked, the auditing end generates challenge information and sends the challenge information to the cloud server. And the cloud server generates data evidence and label evidence according to the challenge information, and returns the data evidence and the label evidence to the auditing end. The auditing end takes the data evidence and the label evidence as input, and judges whether the stored data is well preserved by utilizing an auditing formula, so that the problem of multi-copy data integrity auditing oriented to group sharing can be effectively solved.
Example 4:
the embodiment of the present invention may perform division of functional modules according to the method example described in embodiment 1, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated modules may be implemented in hardware or in software functional modules. It should be noted that, in the embodiment of the present invention, the division of the modules is schematic, which is merely a logic function division, and other division manners may be implemented in actual implementation.
In the case of dividing each functional module by corresponding each function, the auditing system includes:
the generation module is used for generating challenge information and sending the challenge information to the cloud server; the cloud server stores storage data corresponding to a plurality of users respectively;
the first receiving module is used for receiving the data evidence and the tag evidence returned by the cloud server; the data evidence and the tag evidence are generated by the cloud server according to the challenge information;
and the first audit module is used for utilizing the data evidence and the tag evidence as input and utilizing an audit formula to audit the stored data stored in the cloud server.
All relevant contents of each step related to the above method embodiment may be cited to the functional descriptions of the corresponding functional modules, which are not described herein.
The auditing system of the embodiment has the advantages of carrying out first data sharing and second data sharing in the group, and carrying out backup storage on the first data can effectively relieve the risk of user data loss when the cloud server fails, and can effectively solve the problem of multi-copy data integrity auditing for the group sharing.
Example 5:
the embodiment of the present invention may perform division of functional modules according to the method example described in embodiment 2, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated modules may be implemented in hardware or in software functional modules. It should be noted that, in the embodiment of the present invention, the division of the modules is schematic, which is merely a logic function division, and other division manners may be implemented in actual implementation.
In the case of dividing each functional module by corresponding each function, the auditing system includes:
the second receiving module is used for receiving the challenge information generated by the auditing end; the challenge information comprises a set L and a set V; the set L is divided into d first sets according to different users; d is the number of users; each first set is divided into a first subset and a second subset according to the data type; the first element stored in the first subset is an index of first data; the first elements stored in the second subset are indexes of second data; the second elements in the set V are in one-to-one correspondence with the first elements in the set L;
the second audit module is used for generating data evidence and label evidence according to the challenge information; and the data evidence and the tag evidence are used for combining an auditing formula to audit the stored data stored in the cloud server.
Although the invention is described herein in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed invention, from a study of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
Although the invention has been described in connection with specific features and embodiments thereof, it will be apparent that various modifications and combinations can be made without departing from the spirit and scope of the invention. Accordingly, the specification and drawings are merely exemplary illustrations of the present invention as defined in the appended claims and are considered to cover any and all modifications, variations, combinations, or equivalents that fall within the scope of the invention. It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (9)

1. The utility model provides a public audit method of high in the clouds multiple copy data which characterized in that, the audit method includes:
generating challenge information and sending the challenge information to a cloud server; the cloud server stores storage data corresponding to a plurality of users respectively;
receiving data evidence and tag evidence returned by the cloud server; the data evidence and the tag evidence are generated by the cloud server according to the challenge information;
taking the data evidence and the tag evidence as input, and auditing the stored data stored in the cloud server by utilizing an auditing formula;
the generating challenge information specifically includes:
c first elements are randomly selected from the positive integer set to form a set L; c >0; the set L is divided into d first sets according to different users; d is the number of users; each first set is divided into a first subset and a second subset according to the data type; the first element stored in the first subset is an index of first data; the first elements stored in the second subset are indexes of second data;
c second elements are randomly selected from the finite field to form a set V; the second elements in the set V are in one-to-one correspondence with the first elements in the set L;
determining the serial number of the copy to be checked corresponding to each first element in each first subset; the challenge information includes the set L, the set V, and the pending copy number.
2. The utility model provides a public audit method of high in the clouds multiple copy data which characterized in that, the audit method includes:
receiving challenge information generated by an auditing end; the challenge information comprises a set L and a set V; the set L is divided into d first sets according to different users; d is the number of users; each first set is divided into a first subset and a second subset according to the data type; the first element stored in the first subset is an index of first data; the first elements stored in the second subset are indexes of second data; the second elements in the set V are in one-to-one correspondence with the first elements in the set L;
generating data evidence and tag evidence according to the challenge information; and the data evidence and the tag evidence are used for combining an auditing formula to audit the stored data stored in the cloud server.
3. The auditing method of claim 2, wherein generating data evidence and label evidence from the challenge information specifically comprises:
for each first element in each first set, selecting first stored data corresponding to the first element and second elements in the set V corresponding to the first element according to the first elements, and calculating data evidence and tag evidence according to the first stored data and the second elements.
4. An auditing method according to claim 3, wherein the selecting, from the first element, first stored data corresponding to the first element and second elements in the set V corresponding to the first element, and calculating data evidence and tag evidence from the first stored data and the second elements specifically comprises:
determining whether the first element is in the first subset;
if yes, selecting first storage data corresponding to the first element and a second element in the set V corresponding to the first element, calculating data evidence by using a first calculation formula according to the first storage data and the second element, and calculating tag evidence by using a second calculation formula;
if not, selecting first stored data corresponding to the first element and a second element in the set V corresponding to the first element, calculating data evidence by using a third calculation formula according to the first stored data and the second element, and calculating tag evidence by using the second calculation formula.
5. The auditing method according to claim 2, wherein the stored data stored in the cloud server is calculated and uploaded by a data uploading system, specifically comprising:
the method comprises the steps that stored data stored in a cloud server are judged by a data uploading system, when the original data are first data, labels and a plurality of copy data are generated based on the original data, the labels and all the copy data are uploaded to the cloud server, and the stored data comprise the labels and all the copy data; and when the original data is second data, generating a label based on the original data, and uploading the original data and the label to the cloud server, wherein the stored data comprises the original data and the label.
6. The auditing method of claim 5, wherein the label is generated by the data uploading system based on the raw data, system parameters of the data uploading system, and a private key corresponding to the user.
7. The auditing method according to claim 6, wherein the duplicate data is generated by the data uploading system according to a second random number randomly selected in a finite field, the original data, the system parameters and a private key corresponding to the user.
8. A public auditing system of cloud multi-copy data, the auditing system comprising:
the generation module is used for generating challenge information and sending the challenge information to the cloud server; the cloud server stores storage data corresponding to a plurality of users respectively;
the first receiving module is used for receiving the data evidence and the tag evidence returned by the cloud server; the data evidence and the tag evidence are generated by the cloud server according to the challenge information;
the first auditing module is used for auditing the stored data stored in the cloud server by using an auditing formula by taking the data evidence and the tag evidence as input;
the generating challenge information specifically includes:
c first elements are randomly selected from the positive integer set to form a set L; c >0; the set L is divided into d first sets according to different users; d is the number of users; each first set is divided into a first subset and a second subset according to the data type; the first element stored in the first subset is an index of first data; the first elements stored in the second subset are indexes of second data;
c second elements are randomly selected from the finite field to form a set V; the second elements in the set V are in one-to-one correspondence with the first elements in the set L;
determining the serial number of the copy to be checked corresponding to each first element in each first subset; the challenge information includes the set L, the set V, and the pending copy number.
9. A public auditing system of cloud multi-copy data, the auditing system comprising:
the second receiving module is used for receiving the challenge information generated by the auditing end; the challenge information comprises a set L and a set V; the set L is divided into d first sets according to different users; d is the number of users; each first set is divided into a first subset and a second subset according to the data type; the first element stored in the first subset is an index of first data; the first elements stored in the second subset are indexes of second data; the second elements in the set V are in one-to-one correspondence with the first elements in the set L;
the second audit module is used for generating data evidence and label evidence according to the challenge information; and the data evidence and the tag evidence are used for combining an auditing formula to audit the stored data stored in the cloud server.
CN202111590444.1A 2021-12-23 2021-12-23 Public auditing method and auditing system for cloud multi-copy data Active CN114415943B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111590444.1A CN114415943B (en) 2021-12-23 2021-12-23 Public auditing method and auditing system for cloud multi-copy data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111590444.1A CN114415943B (en) 2021-12-23 2021-12-23 Public auditing method and auditing system for cloud multi-copy data

Publications (2)

Publication Number Publication Date
CN114415943A CN114415943A (en) 2022-04-29
CN114415943B true CN114415943B (en) 2023-08-15

Family

ID=81267072

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111590444.1A Active CN114415943B (en) 2021-12-23 2021-12-23 Public auditing method and auditing system for cloud multi-copy data

Country Status (1)

Country Link
CN (1) CN114415943B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107147720A (en) * 2017-05-16 2017-09-08 安徽大学 Traceable effective public audit method and system in a kind of cloud storage data sharing
CN108229208A (en) * 2018-01-08 2018-06-29 华侨大学 A kind of public audit method of more copy datas in cloud storage service
CN111783148A (en) * 2020-06-30 2020-10-16 中国工商银行股份有限公司 Justice-supporting lightweight multi-copy data cloud auditing method and device
CN111859030A (en) * 2020-07-09 2020-10-30 西南交通大学 Public auditing method supporting composite data
CN112632604A (en) * 2020-12-21 2021-04-09 贵州航天计量测试技术研究所 Cloud data auditing method, system and device based on multiple authorized auditors
CN113364600A (en) * 2021-08-11 2021-09-07 西南石油大学 Certificateless public auditing method for integrity of cloud storage data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107147720A (en) * 2017-05-16 2017-09-08 安徽大学 Traceable effective public audit method and system in a kind of cloud storage data sharing
CN108229208A (en) * 2018-01-08 2018-06-29 华侨大学 A kind of public audit method of more copy datas in cloud storage service
CN111783148A (en) * 2020-06-30 2020-10-16 中国工商银行股份有限公司 Justice-supporting lightweight multi-copy data cloud auditing method and device
CN111859030A (en) * 2020-07-09 2020-10-30 西南交通大学 Public auditing method supporting composite data
CN112632604A (en) * 2020-12-21 2021-04-09 贵州航天计量测试技术研究所 Cloud data auditing method, system and device based on multiple authorized auditors
CN113364600A (en) * 2021-08-11 2021-09-07 西南石油大学 Certificateless public auditing method for integrity of cloud storage data

Also Published As

Publication number Publication date
CN114415943A (en) 2022-04-29

Similar Documents

Publication Publication Date Title
US11917051B2 (en) Systems and methods for storage, generation and verification of tokens used to control access to a resource
US9438412B2 (en) Computer-implemented system and method for multi-party data function computing using discriminative dimensionality-reducing mappings
CN107426165B (en) Bidirectional secure cloud storage data integrity detection method supporting key updating
CN108989045B (en) Apparatus and system for preventing global tampering
CN112131227A (en) Data query method and device based on alliance chain
CN114860735A (en) Method and device for inquiring hiding trace
CN111930688B (en) Method and device for searching secret data of multi-keyword query in cloud server
JP2021515271A (en) Computer-based voting process and system
CN106603561A (en) Block level encryption method in cloud storage and multi-granularity deduplication method
CN109241352A (en) The acquisition methods and server of Profile information
CN110866135A (en) Response length hiding-based k-NN image retrieval method and system
CN115276969A (en) Wireless channel key generation method and device, computer equipment and storage medium
EP4000216A1 (en) Cryptographic pseudonym mapping method, computer system, computer program and computer-readable medium
CN109274504B (en) Multi-user big data storage sharing method and system based on cloud platform
CN114415943B (en) Public auditing method and auditing system for cloud multi-copy data
CN109409111B (en) Encrypted image-oriented fuzzy search method
CN114398651B (en) Secret data sharing method and distributed system
CN110851848A (en) Privacy protection method for symmetric searchable encryption
CN115643090A (en) Longitudinal federal analysis method, device, equipment and medium based on privacy retrieval
CN110059630B (en) Verifiable outsourced monitoring video pedestrian re-identification method with privacy protection
CN114547684A (en) Method and device for protecting multi-party joint training tree model of private data
Gao et al. Similarity-based deduplication and secure auditing in IoT decentralized storage
CN112636907A (en) Key management method, key using method, device and equipment
CN116781234B (en) Financial data sharing method and device based on pseudorandom disordered encryption
CN116579005B (en) User data safety storage management method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant