CN115913572A - Data verification method, device, equipment, medium and system for mimicry storage system - Google Patents

Data verification method, device, equipment, medium and system for mimicry storage system Download PDF

Info

Publication number
CN115913572A
CN115913572A CN202211487287.6A CN202211487287A CN115913572A CN 115913572 A CN115913572 A CN 115913572A CN 202211487287 A CN202211487287 A CN 202211487287A CN 115913572 A CN115913572 A CN 115913572A
Authority
CN
China
Prior art keywords
data
hash
homomorphic
value
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211487287.6A
Other languages
Chinese (zh)
Inventor
何川
张波
席泽生
王云帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Information and Telecommunication Branch of State Grid Anhui Electric Power Co Ltd
State Grid Smart Grid Research Institute of SGCC
Original Assignee
State Grid Corp of China SGCC
Information and Telecommunication Branch of State Grid Anhui Electric Power Co Ltd
State Grid Smart Grid Research Institute of SGCC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Information and Telecommunication Branch of State Grid Anhui Electric Power Co Ltd, State Grid Smart Grid Research Institute of SGCC filed Critical State Grid Corp of China SGCC
Priority to CN202211487287.6A priority Critical patent/CN115913572A/en
Publication of CN115913572A publication Critical patent/CN115913572A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明公开了一种拟态存储系统数据校验方法、装置、设备、介质及系统,该方法通过接收客户端上传的文件和哈希密钥;调用拟态防御系统根据哈希密钥计算每个数据块的同态哈希值,接收客户端发送的数据校验请求;基于数据校验请求获取要进行数据校验的数据块和对应的同态哈希值,调用至少两个同态校验执行体分别计算数据聚合值和哈希聚合值,以使所述客户端采用同态哈希函数对所述数据聚合值进行计算得到同态哈希标签,并根据所述同态哈希标签和所述哈希聚合值是否相同,确定数据校验请求对应的数据块所属的文件是否被正确持有,本发明实施例利用拟态防御系统防御外部攻击,提高系统安全性能,且引入同态哈希算法进行加密,降低数据泄露风险。

Figure 202211487287

The invention discloses a data verification method, device, equipment, medium and system of a mimetic storage system. The method receives a file and a hash key uploaded by a client; calls a mimetic defense system to calculate each data according to the hash key The homomorphic hash value of the block receives the data verification request sent by the client; based on the data verification request, the data block to be verified and the corresponding homomorphic hash value are obtained, and at least two homomorphic verification executions are called The entity calculates the data aggregation value and the hash aggregation value respectively, so that the client uses a homomorphic hash function to calculate the data aggregation value to obtain a homomorphic hash tag, and according to the homomorphic hash tag and the Whether the above hash aggregation values are the same, determine whether the file to which the data block corresponding to the data verification request belongs is correctly held, the embodiment of the present invention uses a mimic defense system to defend against external attacks, improves system security performance, and introduces a homomorphic hash algorithm Encrypt to reduce the risk of data leakage.

Figure 202211487287

Description

拟态存储系统数据校验方法、装置、设备、介质及系统Mimic storage system data verification method, device, equipment, medium and system

技术领域technical field

本发明涉及电力信息安全技术领域,尤其涉及一种拟态存储系统数据校验方法、装置、设备、介质及系统。The present invention relates to the technical field of electric power information security, in particular to a data verification method, device, equipment, medium and system of a mimetic storage system.

背景技术Background technique

电力物联网安全接入网关是应用于电力系统主站边界安全接入区中的网络安全加密设备,用来保证通信数据的安全性,目前,电力物联网安全接入网关自身安全防护方面采用了代码安全检测、管理员认证鉴权、数据加密存储校验、网络访问控制、操作系统内核裁剪、安全加固等技术措施。但在当前国家级网络攻防演练等高强度的实战对抗环境下,0DAY漏洞、未知攻击不断带来新的威胁,电力物联网安全接入网关现有安全防护措施有待加强。The secure access gateway of the electric power Internet of things is a network security encryption device applied in the secure access area of the main station of the electric power system to ensure the security of communication data. At present, the security protection of the secure access gateway of the electric power Internet of things adopts Technical measures such as code security detection, administrator authentication and authentication, data encryption storage verification, network access control, operating system kernel tailoring, and security reinforcement. However, in the current high-intensity actual combat environment such as national-level network attack and defense drills, 0DAY vulnerabilities and unknown attacks continue to bring new threats, and the existing security protection measures for the secure access gateway of the power Internet of Things need to be strengthened.

为全面提升电力信息安全,提升存储系统的安全性能,需要对存储在服务器的数据进行持有性证明,现有的研究工作主要集中在可证明数据持有方案和可恢复证明方案,采用现有方案,在进行数据验证时,容易受到攻击,且采用输出结果采用明文传输,面临数据泄露风险,安全性能不足。In order to comprehensively improve the security of power information and the security performance of the storage system, it is necessary to prove the possession of the data stored in the server. The existing research work mainly focuses on the provable data possession scheme and the recoverable proof scheme. The scheme is vulnerable to attacks during data verification, and the output results are transmitted in plain text, which faces the risk of data leakage and insufficient security performance.

发明内容Contents of the invention

有鉴于此,本发明实施例提供了一种拟态存储系统数据校验方法、装置、设备、介质及系统,以解决现有技术方案的安全性能不足的技术问题。In view of this, the embodiments of the present invention provide a data verification method, device, equipment, medium and system of a mimetic storage system, so as to solve the technical problem of insufficient security performance of the existing technical solution.

本发明提出的技术方案如下:The technical scheme that the present invention proposes is as follows:

本发明实施例第一方面提供一种拟态存储系统数据校验方法,应用于存储服务器,包括:The first aspect of the embodiments of the present invention provides a method for verifying data in a mimetic storage system, which is applied to a storage server, including:

接收客户端上传的文件和哈希密钥,所述文件包括若干数据块;调用拟态防御系统中的至少两个同态校验执行体分别根据所述哈希密钥计算每个数据块的同态哈希值,对所述同态哈希值进行裁决,将裁决通过的所述同态哈希值和对应的数据块进行存储;接收客户端发送的数据校验请求;基于所述数据校验请求获取要进行数据校验的数据块和对应的所述同态哈希值,调用至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的所述同态哈希值的哈希聚合值,对所述数据聚合值和所述哈希聚合值进行裁决;将裁决通过的所述数据聚合值和所述哈希聚合值返回至所述客户端,以使所述客户端采用同态哈希函数对所述数据聚合值进行计算得到同态哈希标签,并根据所述同态哈希标签和所述哈希聚合值是否相同,确定数据校验请求对应的数据块所属的文件是否被正确持有。Receive the file and the hash key uploaded by the client, the file includes several data blocks; call at least two homomorphic verification execution bodies in the mimic defense system to calculate the homomorphism of each data block according to the hash key State hash value, judge the homomorphic hash value, and store the homomorphic hash value and the corresponding data block that passed the judgment; receive the data verification request sent by the client; based on the data verification The verification request obtains the data block to be verified and the corresponding homomorphic hash value, and at least two homomorphic verification executive bodies are called to calculate the data aggregation value and the corresponding homomorphic hash value of the data block to be verified. The hash aggregation value of the homomorphic hash value, adjudicating the data aggregation value and the hash aggregation value; returning the data aggregation value and the hash aggregation value passed through the ruling to the client so that the client uses a homomorphic hash function to calculate the data aggregation value to obtain a homomorphic hash tag, and according to whether the homomorphic hash tag and the hash aggregation value are the same, determine the data calibration Check whether the file to which the data block corresponding to the request belongs is correctly held.

可选地,调用拟态防御系统中的至少两个同态校验执行体分别根据所述哈希密钥计算每个数据块的同态哈希值,包括:将所述哈希密钥和数据块分发给拟态防御系统中的至少两个同态校验执行体;接收至少两个同态校验执行体采用不同硬件系统和/或不同语言分别实现同态哈希标签算法并根据所述哈希密钥计算的每个数据块的同态哈希值。Optionally, invoking at least two homomorphic verification executives in the mimic defense system to calculate the homomorphic hash value of each data block according to the hash key, including: combining the hash key and data The block is distributed to at least two homomorphic verification executives in the mimic defense system; receiving at least two homomorphic verification executives uses different hardware systems and/or different languages to implement the homomorphic hash tag algorithm respectively and according to the hash The homomorphic hash value of each data block calculated by the hash key.

可选地,对所述同态哈希值进行裁决,包括:Optionally, making a ruling on the homomorphic hash value includes:

从不同的同态校验执行体计算的所述同态哈希值中获取满足预设规则的目标同态哈希值;将所述目标同态哈希值作为裁决通过的所述同态哈希值;对计算的所述同态哈希值和裁决通过的所述同态哈希值不相同的同态校验执行体进行异常反馈;对异常反馈的同态校验执行体进行离线或替换。Obtain a target homomorphic hash value that satisfies preset rules from the homomorphic hash values calculated by different homomorphic verification executors; use the target homomorphic hash value as the homomorphic hash value Hash value; give abnormal feedback to the homomorphic verification executive body whose calculated homomorphic hash value is different from the said homomorphic hash value passed by the ruling; perform offline or replace.

可选地,调用至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的所述同态哈希值的哈希聚合值,包括:将要进行数据校验的数据块和对应的所述同态哈希值分发给拟态防御系统中的至少两个同态校验执行体;接收至少两个同态校验执行体计算的要进行数据校验的数据块的和以及对应的所述同态哈希值的乘积,所述数据聚合值为要进行数据校验的数据块的和,所述哈希聚合值为对应的所述同态哈希值的乘积。Optionally, calling at least two homomorphic verification executives to calculate the data aggregation value of the data block to be verified and the corresponding hash aggregation value of the homomorphic hash value, including: data verification will be performed The verified data block and the corresponding homomorphic hash value are distributed to at least two homomorphic verification executives in the mimic defense system; the data to be verified is received by at least two homomorphic verification executives The sum of the blocks and the product of the corresponding homomorphic hash value, the data aggregation value is the sum of the data blocks to be verified, and the hash aggregation value is the corresponding homomorphic hash value product.

可选地,对所述数据聚合值和所述哈希聚合值进行裁决,包括:从不同的同态校验执行体计算的所述数据聚合值和所述哈希聚合值中获取满足预设规则的目标数据聚合值和目标哈希聚合值;将所述目标数据聚合值和所述目标哈希聚合值作为裁决通过的所述数据聚合值和所述哈希聚合值;对计算的所述数据聚合值和所述哈希聚合值和裁决通过的所述数据聚合值和所述哈希聚合值不相同的同态校验执行体进行异常反馈;对异常反馈的同态校验执行体进行离线或替换。Optionally, arbitrating the data aggregation value and the hash aggregation value includes: obtaining from the data aggregation value and the hash aggregation value calculated by different homomorphic verification executives The target data aggregate value and the target hash aggregate value of the rule; the target data aggregate value and the target hash aggregate value are used as the data aggregate value and the hash aggregate value passed by the ruling; the calculation of the The homomorphic verification execution body whose data aggregation value and the hash aggregation value are different from the data aggregation value passed by the ruling and the hash aggregation value is abnormally fed back; Offline or replace.

可选地,所述数据校验请求包括随机密钥和要进行数据校验的数据块的数量;所述基于所述数据校验请求获取要进行数据校验的数据块和对应的所述同态哈希值,包括:根据所述随机密钥和要进行数据校验的数据块的数量计算每个要进行数据校验的数据块和对应的所述同态哈希值的位置坐标;根据所述位置坐标获取要进行数据校验的数据块和对应的所述同态哈希值。Optionally, the data verification request includes a random key and the number of data blocks to be verified; A state hash value, comprising: calculating the position coordinates of each data block to be verified and the corresponding homomorphic hash value according to the random key and the number of data blocks to be verified; The location coordinates acquire the data block to be verified and the corresponding homomorphic hash value.

本发明实施例第二方面提供一种拟态存储系统数据校验装置,包括:The second aspect of the embodiment of the present invention provides a data verification device for a mimetic storage system, including:

第一接收模块,用于接收客户端上传的文件和哈希密钥,所述文件包括若干数据块;存储模块,用于调用拟态防御系统中的至少两个同态校验执行体分别根据所述哈希密钥计算每个数据块的同态哈希值,对所述同态哈希值进行裁决,将裁决通过的所述同态哈希值和对应的数据块进行存储;第二接收模块,用于接收客户端发送的数据校验请求;证据获取模块,用于基于所述数据校验请求获取要进行数据校验的数据块和对应的所述同态哈希值,并调用至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的所述同态哈希值的哈希聚合值,对所述数据聚合值和所述哈希聚合值进行裁决;响应模块,用于将裁决通过的所述数据聚合值和所述哈希聚合值返回至所述客户端,以使所述客户端采用同态哈希函数对所述数据聚合值进行计算得到同态哈希标签,并根据所述同态哈希标签和所述哈希聚合值是否相同,确定数据校验请求对应的数据块所属的文件是否被正确持有。The first receiving module is used to receive the file and the hash key uploaded by the client, and the file includes several data blocks; the storage module is used to call at least two homomorphic verification execution bodies in the mimic defense system according to the specified The hash key calculates the homomorphic hash value of each data block, arbitrates the homomorphic hash value, and stores the homomorphic hash value and the corresponding data block passed through the ruling; the second receiving module, configured to receive the data verification request sent by the client; the evidence acquisition module, configured to obtain the data block to be verified and the corresponding homomorphic hash value based on the data verification request, and call at least The two homomorphic verification executives respectively calculate the data aggregation value of the data block to be verified and the corresponding hash aggregation value of the homomorphic hash value, and calculate the data aggregation value and the hash aggregation value value; the response module is used to return the data aggregation value and the hash aggregation value passed by the arbitration to the client, so that the client uses a homomorphic hash function to the data aggregation value Perform calculation to obtain a homomorphic hash tag, and determine whether the file to which the data block corresponding to the data verification request belongs is correctly held according to whether the homomorphic hash tag and the hash aggregation value are the same.

本发明实施例第三方面提供一种电子设备,包括:存储器和处理器,所述存储器和所述处理器之间互相通信连接,所述存储器存储有计算机指令,所述处理器通过执行所述计算机指令,从而执行如本发明实施例第一方面及第一方面任一项所述的拟态存储系统数据校验方法。The third aspect of the embodiment of the present invention provides an electronic device, including: a memory and a processor, the memory and the processor are connected to each other in communication, the memory stores computer instructions, and the processor executes the Computer instructions, so as to execute the data verification method of the mimetic storage system according to the first aspect of the embodiment of the present invention and any one of the first aspect.

本发明实施例第四方面提供一种计算机可读存储介质,所述计算机可读存储介质存储有计算机指令,所述计算机指令用于使所述计算机执行如本发明实施例第一方面及第一方面任一项所述的拟态存储系统数据校验方法。The fourth aspect of the embodiments of the present invention provides a computer-readable storage medium, the computer-readable storage medium stores computer instructions, and the computer instructions are used to make the computer execute the first aspect and the first aspect of the present invention. The data verification method of the mimetic storage system described in any one of the aspects.

本发明实施例第五方面提供一种拟态存储系统数据校验系统,包括客户端和存储服务器,所述存储服务器包括拟态防御系统和数据节点;The fifth aspect of the embodiment of the present invention provides a data verification system for a mimic storage system, including a client and a storage server, and the storage server includes a mimic defense system and a data node;

所述客户端用于生成哈希密钥,将所述哈希密钥和要存储的文件上传至存储服务器,并向所述存储服务器发送数据校验请求;The client is used to generate a hash key, upload the hash key and the file to be stored to the storage server, and send a data verification request to the storage server;

所述存储服务器用于在接收所述客户端上传的文件和哈希密钥后,调用拟态防御系统中的至少两个同态校验执行体分别根据所述哈希密钥计算每个数据块的同态哈希值,对所述同态哈希值进行裁决,将裁决通过的所述同态哈希值和对应的数据块关联存储至所述数据节点,所述服务器还用于在接受到所述数据校验请求后,基于所述数据校验请求获取要进行数据校验的数据块和对应的所述同态哈希值,调用至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的所述同态哈希值的哈希聚合值,对所述数据聚合值和所述哈希聚合值进行裁决,将裁决通过的所述数据聚合值和所述哈希聚合值返回至所述客户端;The storage server is configured to, after receiving the file and the hash key uploaded by the client, call at least two homomorphic verification execution bodies in the mimic defense system to calculate each data block according to the hash key The homomorphic hash value, adjudicating the homomorphic hash value, and storing the homomorphic hash value and the corresponding data block associatively stored in the data node, the server is also used to accept After receiving the data verification request, obtain the data block to be verified and the corresponding homomorphic hash value based on the data verification request, and call at least two homomorphic verification executives to calculate the The data aggregation value of the data block of the data verification and the hash aggregation value of the corresponding homomorphic hash value, arbitrating the data aggregation value and the hash aggregation value, and arbitrating the data that passed the adjudication value and said hash aggregated value are returned to said client;

所述客户端还用于在接收所述服务器返回的所述数据聚合值和所述哈希聚合值后,采用同态哈希函数对所述数据聚合值进行计算得到同态哈希标签,并确认所述同态哈希标签和所述哈希聚合值是否相同从而判断进行数据校验的数据块所属的文件是否被正确持有。The client is further configured to, after receiving the data aggregation value and the hash aggregation value returned by the server, use a homomorphic hash function to calculate the data aggregation value to obtain a homomorphic hash tag, and Confirm whether the homomorphic hash tag and the hash aggregation value are the same, so as to determine whether the file to which the data block for data verification belongs is correctly held.

从以上技术方案可以看出,本发明实施例具有以下优点:It can be seen from the above technical solutions that the embodiments of the present invention have the following advantages:

本发明实施例提供的一种拟态存储系统数据校验方法、装置、设备介质及系统,通过接收客户端上传的文件和哈希密钥,所述文件包括若干数据块;调用拟态防御系统中的至少两个同态校验执行体分别根据所述哈希密钥计算每个数据块的同态哈希值,对所述同态哈希值进行裁决,将裁决通过的所述同态哈希值和对应的数据块进行存储;接收客户端发送的数据校验请求;基于所述数据校验请求获取要进行数据校验的数据块和对应的所述同态哈希值,调用至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的所述同态哈希值的哈希聚合值,对所述数据聚合值和所述哈希聚合值进行裁决;将裁决通过的所述数据聚合值和所述哈希聚合值返回至所述客户端,以使所述客户端采用同态哈希函数对所述数据聚合值进行计算得到同态哈希标签,并根据所述同态哈希标签和所述哈希聚合值是否相同,确定数据校验请求对应的数据块所属的文件是否被正确持有。本发明实施例在数据验证时,调用拟态防御系统中的至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的所述同态哈希值的哈希聚合值,对所述数据聚合值和所述哈希聚合值进行裁决,将裁决通过的所述数据聚合值和所述哈希聚合值返回至所述客户端,能够利用拟态防御系统防御外部攻击,从而提高系统安全性能,且引入同态哈希算法进行加密,降低数据泄露风险。In the data verification method, device, device medium and system of a mimic storage system provided by the embodiments of the present invention, by receiving the file and the hash key uploaded by the client, the file includes several data blocks; calling the mimic defense system At least two homomorphic verification executive bodies respectively calculate the homomorphic hash value of each data block according to the hash key, arbitrate the homomorphic hash value, and pass the homomorphic hash value value and the corresponding data block for storage; receive the data verification request sent by the client; obtain the data block for data verification and the corresponding homomorphic hash value based on the data verification request, and call at least two The homomorphic verification executive body separately calculates the data aggregation value of the data block to be verified and the corresponding hash aggregation value of the homomorphic hash value, and performs a calculation on the data aggregation value and the hash aggregation value. Ruling: returning the data aggregation value and the hash aggregation value passed through the ruling to the client, so that the client uses a homomorphic hash function to calculate the data aggregation value to obtain a homomorphic hash tag, and according to whether the homomorphic hash tag and the hash aggregation value are the same, determine whether the file to which the data block corresponding to the data verification request belongs is correctly held. In the embodiment of the present invention, during data verification, at least two homomorphic verification execution bodies in the mimic defense system are called to calculate the data aggregation value of the data block to be verified and the hash value of the corresponding homomorphic hash value respectively. Aggregating value, adjudicating the data aggregation value and the hash aggregation value, returning the data aggregation value and the hash aggregation value passed through the ruling to the client, and using the mimic defense system to defend against external attacks, thereby improving system security performance, and introducing a homomorphic hash algorithm for encryption to reduce the risk of data leakage.

附图说明Description of drawings

为了更清楚地表达说明本发明实施例的技术方案,下面将对实施例描述所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to express the technical solutions of the embodiments of the present invention more clearly, the following will briefly introduce the accompanying drawings required for the description of the embodiments. Obviously, the accompanying drawings in the following description are only some embodiments of the present invention. For Those of ordinary skill in the art can also obtain other drawings based on these drawings without making creative efforts.

图1为本发明实施例中拟态存储系统数据校验方法的流程图;Fig. 1 is the flow chart of the method for verifying the data of the mimetic storage system in the embodiment of the present invention;

图2为本发明实施例中拟态存储系统数据校验装置的模块框图;Fig. 2 is the modular block diagram of the data verification device of the mimic storage system in the embodiment of the present invention;

图3为本发明实施例中拟态存储系统数据校验系统的结构示意图;3 is a schematic structural diagram of a data verification system of a mimetic storage system in an embodiment of the present invention;

图4为本发明实施例中电子设备的结构示意图;4 is a schematic structural diagram of an electronic device in an embodiment of the present invention;

图5为本发明实施例中计算机可读存储介质的结构示意图。FIG. 5 is a schematic structural diagram of a computer-readable storage medium in an embodiment of the present invention.

具体实施方式Detailed ways

为了使本技术领域的人员更好地理解本发明方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to enable those skilled in the art to better understand the solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments are only It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

电力物联网安全接入网关作为公司核心的边界安全防护措施,其自身的安全防护亦至关重要。为全面提升电力物联网安全接入网关综合防御能力,解决目前电力物联网安全接入网关在未知漏洞防护、未知攻击防御、一体化安全防护方面存在的问题,引入内生安全理念,利用拟态等技术理论对电力物联网安全接入网关进行改造,提升电力网络安全边界的内生安全免疫能力。As the company's core border security protection measures, the security access gateway of the power Internet of Things is also very important for its own security protection. In order to comprehensively improve the comprehensive defense capabilities of the power Internet of Things security access gateway, and solve the problems existing in the current power Internet of Things security access gateway in terms of unknown vulnerability protection, unknown attack defense, and integrated security protection, the concept of endogenous security is introduced, and the use of mimicry, etc. The technical theory transforms the secure access gateway of the power Internet of Things to enhance the endogenous security immunity of the power network security boundary.

拟态防御是一种试图“改变现行游戏规则”的具有包容性、开放性、主动性的革命性防御技术体系。拟态防御不再追求建立一种无漏洞、无后门、无缺陷、完美无瑕的防御系统来对抗网络空间安全威胁,而是采取多样的、不断变化的评价和部署机制与策略,构建一种动态的、异构的、冗余的、不确定的体系架构,形成“探测难、渗透难、攻击激励难、攻击成果利用难”等困境,打破攻击链赖以形成的网络架构的静态性、确定性和相似性,极大的增加攻击者的攻击成本。拟态防御期望通过增加系统的动态性减少系统的可探测性,增加系统的随机性降低系统的可渗透性,运用系统的动态异构冗余架构迫使攻击者直面协同化攻击的难题,综合利用系统的动态性、随机性和多样性破坏攻击链的稳定性或有效利用度。在部署、运行网络和系统时,通过降低其确定性、相似性和静态性来显著的提高包括基于未知漏洞和后门在内的攻击难度,以及攻击成果的可利用难度,彻底扭转“易攻难守”的战略格局。Mimic defense is an inclusive, open and proactive revolutionary defense technology system that tries to "change the current rules of the game". Mimic defense no longer seeks to establish a flawless, flawless, and flawless defense system to combat cyberspace security threats, but adopts diverse and ever-changing evaluation and deployment mechanisms and strategies to build a dynamic , heterogeneous, redundant, and uncertain system architectures, resulting in difficulties such as "difficult detection, penetration, attack incentives, and attack results utilization", breaking the static and deterministic network architecture on which the attack chain is formed And the similarity greatly increases the attacker's attack cost. Mimic defense expects to increase the dynamics of the system to reduce the detectability of the system, increase the randomness of the system to reduce the permeability of the system, use the dynamic heterogeneous redundant architecture of the system to force attackers to face the problem of coordinated attacks, and comprehensively utilize the system The dynamics, randomness, and diversity of attacks destroy the stability or effective utilization of the attack chain. When deploying and operating networks and systems, by reducing their determinism, similarity, and staticity, the difficulty of attacks including unknown vulnerabilities and backdoors, as well as the difficulty of exploiting the results of attacks, is significantly improved, completely reversing the "easy to attack and difficult to attack" "defense" strategic pattern.

拟态防御系统的裁决方案中,多数一致性裁决是最常用的策略。该方案的优势在于实现简单,并且能够处理大多数异常输出情况,但是缺点在于多数不一致不能达成时无法给出进一步评判。采用基于权重的裁决策略可以解决此问题,当多数一致的条件无法满足时,系统将给出权重最高执行体的输出结果。竞赛式裁决模型虽然可以提高裁决效率,但是对裁决结果的正确性没有提高。基于异常值的拟态裁决优化方案通过构建拟态系统异构执行体输出数据集和训练深度学习异常检测模型,量化了执行体输出数据异常值,然后使用权值优化算法优化加权分配,选择最优加权结果作为表决输出结果,但是该方案未考虑云服务器漏洞分布的情况。Among the verdict schemes of the mimic defense system, majority consensus verdict is the most commonly used strategy. The advantage of this solution is that it is simple to implement and can handle most abnormal output situations, but the disadvantage is that it cannot give further judgment when most inconsistencies cannot be reached. This problem can be solved by adopting a decision strategy based on weight. When most of the consistent conditions cannot be met, the system will give the output result of the executive body with the highest weight. Although the competitive adjudication model can improve the efficiency of adjudication, it does not improve the correctness of the adjudication results. The outlier-based mimic judgment optimization scheme quantifies the outlier value of the executive output data by constructing the output data set of the heterogeneous executive body of the mimic system and training the deep learning anomaly detection model, and then uses the weight optimization algorithm to optimize the weight distribution and select the optimal weight The result is used as the voting output, but this scheme does not consider the distribution of cloud server vulnerabilities.

现有方案一般基于高阶异构度、历史置信度、执行体异构度等对异构执行体权重值进行优化,以提升系统的安全性。基于历史置信度裁决的方法的系统遭到恶意攻击者的连续同一种攻击后,其执行体持续产生近似输出,调度策略会收到影响。裁决模块如果选择历史置信度较高的执行体输出结果进行裁决的话,就忽略了异构度较低的执行体会给出一致结果的问题,此情况下共模逃逸概率会上升。基于执行体异构度的裁决方法在裁决方案中引入异构度也会导致执行体按照异构度进行了排名,弱化了拟态防御系统的动态性。Existing solutions generally optimize the weights of heterogeneous executives based on high-order heterogeneity, historical confidence, and executive heterogeneity to improve system security. After the system based on the historical confidence judgment method is continuously attacked by the same kind of malicious attacker, its executive body will continue to produce approximate output, and the scheduling strategy will be affected. If the adjudication module selects the output result of the executive body with a higher historical confidence for adjudication, it ignores the problem that the execution body with a lower degree of heterogeneity will give consistent results. In this case, the probability of common mode escape will increase. In the judgment method based on the degree of heterogeneity of the execution body, the introduction of the degree of heterogeneity in the judgment scheme will also lead to the ranking of the execution bodies according to the degree of heterogeneity, which weakens the dynamics of the mimic defense system.

综上,针对执行体的权重进行优化虽然可以延缓受到攻击的时间,但是,不能从根本上解决安全问题,甚至还会带来新的安全风险。另外,上述方案在数据传输时均采用了明文的方式,没有关注到数据本身的安全。而服务器不可信,服务器提供商权限不透明等问题都会产生数据泄露的风险。针对数据安全问题,研究人员提出了一种软硬件协同的拟态调度裁决器设计方法,该方法给予了判决模块很高的权限,在硬件层面保护了数据安全,裁决时的准确性和可信度完全由二级模块保障。但是,此方案执行结果仍为明文,面临着数据泄露的风险。根据上述分析,现有裁决方案安全性还存在不足,设计一个强度更高应用于数据持有性校验的拟态防御裁决方案是必要的。In summary, although optimizing the weight of the executive body can delay the time of being attacked, it cannot fundamentally solve the security problem, and may even bring new security risks. In addition, the above-mentioned schemes all adopt plain text during data transmission, and do not pay attention to the security of the data itself. However, problems such as untrustworthy servers and opaque permissions of server providers will cause data leakage risks. Aiming at the problem of data security, the researchers proposed a design method of a mimetic scheduling arbitrator based on software and hardware collaboration. This method gives the judgment module high authority, protects data security at the hardware level, and ensures the accuracy and credibility of the adjudication. Fully secured by secondary modules. However, the execution result of this scheme is still in plain text, facing the risk of data leakage. According to the above analysis, the security of the existing adjudication scheme is still insufficient, and it is necessary to design a mimetic defense adjudication scheme with higher strength and applied to data possession verification.

基于此,本发明实施例提供了一种拟态存储系统数据校验方法,应用于存储服务器,如图1所示,包括:Based on this, the embodiment of the present invention provides a mimetic storage system data verification method, which is applied to the storage server, as shown in Figure 1, including:

步骤S100、接收客户端上传的文件和哈希密钥,文件包括若干数据块。客户端和存储服务器通过网络进行交互,存储服务器包括拟态防御系统和多个数据节点,拟态防御系统具体采用动态异构冗余架构(Dynamic Heterogeneous Redundancy,DHR),包括输入代理、裁决模块、同态校验执行体和策略/调度模块,数据节点的作用是存储交互过程中传输的数据。用户通过客户端将需要存储的文件分解为n个数据块,即要储存的文件F=(b1,b2,…,bn),每个数据块bi又包括m个子块,然后将文件F上传至存储服务器。Step S100, receiving the file and the hash key uploaded by the client, the file includes several data blocks. The client and the storage server interact through the network, and the storage server includes a mimic defense system and multiple data nodes. Check the execution body and the policy/scheduling module, and the role of the data node is to store the data transmitted during the interaction process. The user decomposes the file to be stored into n data blocks through the client, that is, the file to be stored F=(b 1 ,b 2 ,...,b n ), each data block bi includes m sub-blocks, and then File F is uploaded to the storage server.

同时客户端根据初始值生成哈希密钥,通过KeyGeneration(λpq,m,s)生成哈希密钥K=(p,q,g)。λp和λq均为离散对数安全参数,分别为随机大素数p和随机大素数q的长度位数,m为每个数据块的子块数,其值为m=[β/(λq-1)],β表示数据块的大小。生成哈希密钥的过程为:首先根据离散对数安全参数λq和生成函数qGeneration(λq)生成随机大素数q。然后根据随机大素数q和离散对数安全参数λp调用pGeneration(q,λp)生成随机大素数p,同时保证p|(q-1)。得到随机大素数p和随机大素数q后,利用giGeneration(p,q)函数生成每个数据块的字块标签gi,而g即是所有子块标签gi的行向量,即g→(g1,g2,...,gm)。生成哈希密钥过程中应用的函数如下:At the same time, the client generates a hash key according to the initial value, and generates a hash key K=(p,q,g) through KeyGeneration(λ pq ,m,s). λ p and λ q are discrete logarithmic security parameters, which are respectively the length digits of the random large prime number p and the random large prime number q, m is the number of sub-blocks of each data block, and its value is m=[β/(λ q -1)], β represents the size of the data block. The process of generating the hash key is as follows: Firstly, a large random prime number q is generated according to the discrete logarithm security parameter λ q and the generation function qGeneration(λ q ). Then call pGeneration(q,λ p ) to generate a random large prime p according to the random large prime q and the discrete logarithm security parameter λ p , while guaranteeing p|(q-1). After obtaining the random large prime number p and the random large prime number q, use the g i Generation(p,q) function to generate the block label g i of each data block, and g is the row vector of all sub-block labels g i , that is, g →(g 1 ,g 2 ,...,g m ). The functions applied during hash key generation are as follows:

1)Function qGeneration(λq):1) Function qGeneration(λ q ):

dodo

Figure BDA0003955194090000081
Figure BDA0003955194090000081

while q is not prime donewhile q is not prime done

return qreturn q

2)Function pGeneration(q,λp):2) Function pGeneration(q,λ p ):

dodo

for i=1 to 4λp dofor i=1 to 4λ p do

Figure BDA0003955194090000082
Figure BDA0003955194090000082

c←X(mod 2q)c←X(mod 2q)

p←X-c+1//p≡1(mod2q)p←X-c+1//p≡1(mod2q)

if p is prime then return pif p is prime then return p

donedone

return 0return 0

3)Function giGeneration(p,q)3) Function g i Generation(p,q)

dodo

for i=1 to m dofor i=1 to m do

x←f(p-1)+1x←f(p-1)+1

gi←x(p-1)/q(modp)g i ←x (p-1)/q (modp)

whilegi=1 donewhile i = 1 done

donedone

g←(g1,g2,...,gm)g←(g 1 ,g 2 ,...,g m )

return(p,q,g)return(p,q,g)

步骤S200、调用拟态防御系统中的至少两个同态校验执行体分别根据哈希密钥计算每个数据块的同态哈希值,对同态哈希值进行裁决,将裁决通过的同态哈希值和对应的数据块进行存储。具体地,存储服务器接收到客户端上传的文件和哈希密钥后,针对上传文件的每个数据块利用拟态防御思想,调用多个拟态防御系统中的至少两个同态校验执行体分别执行同态哈希算法,所得结果进入裁决模块进行裁决和异常反馈。裁决通过的同态哈希值即可作为数据标签附加于数据块上和对应的数据块关联存储。同态校验执行体执行同态哈希算法获得同态哈希值的函数如下:Step S200, call at least two homomorphic verification executives in the mimic defense system to calculate the homomorphic hash value of each data block according to the hash key, make a judgment on the homomorphic hash value, and pass the same The state hash value and the corresponding data block are stored. Specifically, after receiving the file and the hash key uploaded by the client, the storage server uses the idea of mimicry defense for each data block of the uploaded file to call at least two homomorphic verification execution bodies in multiple mimicry defense systems, respectively Execute the homomorphic hash algorithm, and the obtained result enters the judgment module for judgment and abnormal feedback. The homomorphic hash value passed by the ruling can be attached to the data block as a data label and stored in association with the corresponding data block. The function for the homomorphic verification executive to execute the homomorphic hash algorithm to obtain the homomorphic hash value is as follows:

4)Function F'Gen(K,F)4)Function F'Gen(K,F)

K=(p,q,g),F=(b1,b2,...,bn)K=(p,q,g), F=(b 1 ,b 2 ,...,b n )

for i=1 to n dofor i=1 to n do

x←f(p-1)+1x←f(p-1)+1

Figure BDA0003955194090000091
Figure BDA0003955194090000091

DoneDone

F'=(b1,b2,...,bn;T1,T2,...,Tn)F'=(b 1 ,b 2 ,...,b n ; T 1 ,T 2 ,...,T n )

Return F'Return F'

步骤S300、接收客户端发送的数据校验请求。在数据存储在存储服务器上后,客户端可随时发起挑战验证数据完整性。客户端随机抽取一些数据块发起校验,数据校验请求包含抽取的数据块的信息,例如数据块的存储位置。具体地。抽取的数据块为要验证的文件的部分数据块,不需要对全部文件进行校验,减小计算量。Step S300, receiving a data verification request sent by the client. After the data is stored on the storage server, the client can initiate a challenge to verify the data integrity at any time. The client randomly extracts some data blocks to initiate verification, and the data verification request includes the information of the extracted data blocks, such as the storage location of the data blocks. specifically. The extracted data blocks are part of the data blocks of the file to be verified, and there is no need to verify all files, reducing the amount of calculation.

步骤S400、基于数据校验请求获取要进行数据校验的数据块和对应的同态哈希值,调用至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的同态哈希值的哈希聚合值,对数据聚合值和哈希聚合值进行裁决。具体地,数据校验请求包括随机密钥和要进行数据校验的数据块的数量。Step S400: Obtain the data block to be verified and the corresponding homomorphic hash value based on the data verification request, and call at least two homomorphic verification executives to calculate the data aggregation value of the data block to be verified respectively And the hash aggregation value of the corresponding homomorphic hash value, and judge the data aggregation value and hash aggregation value. Specifically, the data verification request includes a random key and the number of data blocks to be subjected to data verification.

基于数据校验请求获取要进行数据校验的数据块和对应的同态哈希值,包括:根据随机密钥和要进行数据校验的数据块的数量计算每个要进行数据校验的数据块和对应的同态哈希值的位置坐标;根据位置坐标获取要进行数据校验的数据块和对应的同态哈希值。例如,客户端首先需要根据一个随机数生成元生成一个随机密钥e同时确定要进行数据校验的数据块的数量c,将这包含随机密钥e和数量c的数据校验请求<e,c>发送到存储服务器,存储服务器接收到数据校验请求<e,c>后,进入证据生成阶段,存储服务器调用函数ri=σe(i),(1≤i≤c)计算得到客户端发起挑战的数据块的位置坐标,然后利用拟态防御系统中的策略/调度模块调取同态校验执行体,与此同时输入代理根据坐标取出对应数据节点中的每一个数据块和同态哈希值并分别发送到上述同态校验执行体中,同态校验执行体计算持有性证据即数据块的数据聚合值B和对应的同态哈希值的哈希聚合值T,并将该证据发送到裁决模块中。裁决模块收到数据聚合值B和哈希聚合值T后执行裁决方案,将结果输出作为应答返回给客户端。数据聚合值B为要进行数据校验的数据块的和,哈希聚合值T为对应的同态哈希值的乘积,数据聚合值B和哈希聚合值T的计算函数如下:Obtain the data block to be verified and the corresponding homomorphic hash value based on the data verification request, including: calculate each data to be verified according to the random key and the number of data blocks to be verified The location coordinates of the block and the corresponding homomorphic hash value; according to the location coordinates, the data block to be verified and the corresponding homomorphic hash value are obtained. For example, the client first needs to generate a random key e according to a random number generator and at the same time determine the number c of data blocks to be verified, and send the data verification request containing the random key e and the number c to <e, c>sent to the storage server, after the storage server receives the data verification request <e,c>, it enters the evidence generation stage, and the storage server calls the function r ie (i), (1≤i≤c) to calculate the client The location coordinates of the data blocks that initiate the challenge, and then use the strategy/scheduling module in the mimicry defense system to call the homomorphic verification execution body, and at the same time, the input agent retrieves each data block and homomorphic verification in the corresponding data node according to the coordinates. The hash values are sent to the above-mentioned homomorphic verification executive body respectively, and the homomorphic verification executive body calculates the proof of possession, that is, the data aggregation value B of the data block and the hash aggregation value T of the corresponding homomorphic hash value, and send this evidence to the adjudication module. After receiving the data aggregation value B and the hash aggregation value T, the ruling module executes the ruling plan, and returns the result output to the client as a response. The data aggregation value B is the sum of the data blocks to be verified, and the hash aggregation value T is the product of the corresponding homomorphic hash values. The calculation functions of the data aggregation value B and the hash aggregation value T are as follows:

5)Function ProofGen(e,c,F')→(B,T)5) Function ProofGen(e,c,F')→(B,T)

B=0,T=1B=0, T=1

for i=1to c dofor i=1to c do

ri=σe(i)r ie (i)

Figure BDA0003955194090000101
Figure BDA0003955194090000101

Figure BDA0003955194090000102
Figure BDA0003955194090000102

donedone

return(B,T)return(B,T)

步骤S500、将裁决通过的数据聚合值和哈希聚合值返回至客户端,以使客户端采用同态哈希函数对数据聚合值进行计算得到同态哈希标签,并根据同态哈希标签和哈希聚合值是否相同,确定数据校验请求对应的数据块所属的文件是否被正确持有。在证据验证阶段,客户端收到存储服务器返回的数据持有性证据(,T),即数据聚合值B和对应的同态哈希值的哈希聚合值T,根据数据聚合值B利用同态哈希函数计算同态哈希标签,即hK()=T′,判断同态哈希标签T′与存储服务器返回的哈希聚合值T是否相等,若相等则进行数据校验的数据块所属的文件完整,否则数据被破坏。客户端每次发起验证时,只需要计算数据聚合值B就可以判断文件是否完整,计算量小,验证过程只需传输少量数据,减少网络资源占用。Step S500, return the data aggregation value and hash aggregation value passed by the ruling to the client, so that the client uses a homomorphic hash function to calculate the data aggregation value to obtain a homomorphic hash tag, and according to the homomorphic hash tag Whether it is the same as the hash aggregation value determines whether the file to which the data block corresponding to the data verification request belongs is correctly held. In the evidence verification stage, the client receives the data possession evidence (, T) returned by the storage server, that is, the hash aggregation value T of the data aggregation value B and the corresponding homomorphic hash value, and uses the same hash value T according to the data aggregation value B The state hash function calculates the homomorphic hash tag, that is, h K ()=T′, judges whether the homomorphic hash tag T′ is equal to the hash aggregation value T returned by the storage server, and if they are equal, the data for data verification The file to which the block belongs is intact, otherwise the data is corrupted. Every time the client initiates a verification, it only needs to calculate the data aggregation value B to determine whether the file is complete. The amount of calculation is small, and only a small amount of data needs to be transmitted during the verification process, reducing the occupation of network resources.

本发明实施例的一种拟态存储系统数据校验方法,通过接收客户端上传的文件和哈希密钥,文件包括若干数据块;调用拟态防御系统中的至少两个同态校验执行体分别根据哈希密钥计算每个数据块的同态哈希值,对同态哈希值进行裁决,将裁决通过的同态哈希值和对应的数据块进行存储;接收客户端发送的数据校验请求;基于数据校验请求获取要进行数据校验的数据块和对应的同态哈希值;调用至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的同态哈希值的哈希聚合值,对数据聚合值和哈希聚合值进行裁决;将裁决通过的数据聚合值和哈希聚合值返回至客户端,以使客户端采用同态哈希函数对数据聚合值进行计算得到同态哈希标签,并根据同态哈希标签和哈希聚合值是否相同,确定数据校验请求对应的数据块所属的文件是否被正确持有,本发明实施例在数据验证时,调用拟态防御系统中的至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的同态哈希值的哈希聚合值,对数据聚合值和哈希聚合值进行裁决,将裁决通过的数据聚合值和哈希聚合值返回至客户端,能够利用拟态防御系统防御外部攻击,从而提高系统安全性能,且引入同态哈希算法进行加密,降低数据泄露风险。A method for verifying data in a mimetic storage system according to an embodiment of the present invention, by receiving a file and a hash key uploaded by a client, the file includes several data blocks; calling at least two homomorphic verification execution bodies in the mimetic defense system respectively Calculate the homomorphic hash value of each data block according to the hash key, make a judgment on the homomorphic hash value, and store the homomorphic hash value and the corresponding data block after the ruling; receive the data calibration sent by the client verification request; obtain the data block to be verified and the corresponding homomorphic hash value based on the data verification request; call at least two homomorphic verification executives to calculate the data aggregation value of the data block to be verified respectively And the hash aggregation value of the corresponding homomorphic hash value, arbitrate the data aggregation value and hash aggregation value; return the data aggregation value and hash aggregation value passed by the ruling to the client, so that the client adopts homomorphism The hash function calculates the data aggregation value to obtain the homomorphic hash tag, and according to whether the homomorphic hash tag and the hash aggregation value are the same, determine whether the file to which the data block corresponding to the data verification request belongs is correctly held. In the embodiment of the invention, during data verification, at least two homomorphic verification executives in the mimic defense system are called to calculate the data aggregation value of the data block to be verified and the hash aggregation value of the corresponding homomorphic hash value , make a ruling on the data aggregation value and hash aggregation value, and return the data aggregation value and hash aggregation value that passed the ruling to the client, which can use the mimic defense system to defend against external attacks, thereby improving system security performance, and introducing homomorphic hashing Greek algorithm for encryption to reduce the risk of data leakage.

在一实施例中,调用拟态防御系统中的至少两个同态校验执行体分别根据哈希密钥计算每个数据块的同态哈希值,包括:将哈希密钥和数据块分发给拟态防御系统中的至少两个同态校验执行体;接收至少两个同态校验执行体采用不同硬件系统和/或不同语言分别实现同态哈希标签算法并根据哈希密钥计算的每个数据块的同态哈希值。In one embodiment, invoking at least two homomorphic verification executives in the mimic defense system respectively calculates the homomorphic hash value of each data block according to the hash key, including: distributing the hash key and the data block Give at least two homomorphic verification execution bodies in the mimic defense system; receive at least two homomorphic verification execution bodies using different hardware systems and/or different languages to implement the homomorphic hash tag algorithm and calculate according to the hash key The homomorphic hash value of each data block of .

具体地,存储服务器接收数据块和哈希密钥后,通过拟态防御系统的输入代理将数据块分发给拟态防御系统中的每一个同态校验执行体,每一个同态校验执行体基于不同硬件系统和不同语言完成同态哈希标签算法,根据哈希密钥计算的每个数据块的同态哈希值。通过基于不同硬件系统和不同语言完成同态哈希标签算法的同态校验执行体实现动态的、异构的、冗余的、不确定的体系架构,提高系统安全性。Specifically, after receiving the data block and the hash key, the storage server distributes the data block to each homomorphic verification executive in the mimic defense system through the input agent of the mimic defense system, and each homomorphic verification execution body is based on Different hardware systems and different languages complete the homomorphic hash tag algorithm, and the homomorphic hash value of each data block is calculated according to the hash key. A dynamic, heterogeneous, redundant, and uncertain architecture is realized through the homomorphic verification executive body of the homomorphic hash tag algorithm based on different hardware systems and different languages to improve system security.

在一实施例中,对同态哈希值进行裁决,包括:从不同的同态校验执行体计算的所述同态哈希值中获取满足预设规则的目标同态哈希值;将所述目标同态哈希值作为裁决通过的所述同态哈希值;对计算的所述同态哈希值和裁决通过的所述同态哈希值不相同的同态校验执行体进行异常反馈;对异常反馈的同态校验执行体进行离线或替换。In an embodiment, arbitrating on the homomorphic hash value includes: obtaining a target homomorphic hash value that satisfies preset rules from the homomorphic hash values calculated by different homomorphic verification executives; The target homomorphic hash value is used as the homomorphic hash value passed by the ruling; the homomorphic verification executive body whose calculated homomorphic hash value is different from the homomorphic hash value passed by the ruling Perform abnormal feedback; offline or replace the homomorphic verification execution body of abnormal feedback.

具体地,预设规则为多数一致规则,即多数一致的同态哈希值为裁决通过的同态哈希值。裁决模块对同态校验执行体计算的同态哈希值进行裁决,基于裁决策略获得多数一致的同态哈希值,其中多数一致的同态哈希值为大多数同态校验执行体计算得到的相同的同态哈希值,例如统计各个同态校验执行体计算的同态哈希值个个数,若超过80%以上的同态校验执行体计算的同态哈希值均相同,则该同态哈希值为目标同态哈希值。并找出计算结果和其他大多数同态校验执行体计算的值不一样的异常同态校验执行体,将该异常同态校验执行体反馈给策略/调度模块,策略/调度模块运行调度算法在时域上进行调度,根据异常反馈结果对同态校验执行体进行处理,例如将异常的同态校验执行体进行离线处理并新增其他同态校验执行体进行替换。通过不断检测更新同态校验执行体降低系统被攻击的概率,提高系统安全性能。Specifically, the preset rule is the majority consensus rule, that is, the majority consistent homomorphic hash value is the homomorphic hash value that passes the ruling. The judgment module judges the homomorphic hash value calculated by the homomorphic verification executive body, and obtains the majority consistent homomorphic hash value based on the judgment strategy, among which the majority consistent homomorphic hash value is the majority of the homomorphic verification execution body Calculate the same homomorphic hash value, such as counting the number of homomorphic hash values calculated by each homomorphic verification execution body, if more than 80% of the homomorphic hash values calculated by the homomorphic verification execution body are the same, then the homomorphic hash value is the target homomorphic hash value. And find out the abnormal homomorphic verification execution body whose calculation result is different from the value calculated by most other homomorphic verification execution bodies, and feed back the abnormal homomorphic verification execution body to the strategy/scheduling module, and the strategy/scheduling module runs The scheduling algorithm performs scheduling in the time domain, and processes the homomorphic verification execution body according to the abnormal feedback results, for example, the abnormal homomorphic verification execution body is processed offline and other homomorphic verification execution bodies are added to replace it. By continuously detecting and updating the homomorphic verification execution body, the probability of the system being attacked is reduced, and the system security performance is improved.

在一实施例中,调用至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的同态哈希值的哈希聚合值,包括:将要进行数据校验的数据块和对应的同态哈希值分发给拟态防御系统中的至少两个同态校验执行体;接收至少两个同态校验执行体计算的要进行数据校验的数据块的和以及对应的同态哈希值的乘积,数据聚合值为要进行数据校验的数据块的和,哈希聚合值为对应的同态哈希值的乘积。In one embodiment, calling at least two homomorphic verification executive bodies to calculate the data aggregation value of the data block to be verified and the hash aggregation value of the corresponding homomorphic hash value respectively, including: The verified data block and the corresponding homomorphic hash value are distributed to at least two homomorphic verification executives in the mimic defense system; the data blocks to be verified are received by at least two homomorphic verification executives The sum and the product of the corresponding homomorphic hash value, the data aggregation value is the sum of the data blocks to be verified, and the hash aggregation value is the product of the corresponding homomorphic hash value.

通过同态校验执行体计算的要进行数据校验的数据块的和以及对应的同态哈希值的乘积,得到数据聚合值和哈希聚合值,即不需要返回每一个数据块和同态哈希值,客户端只需要计算数据聚合值的哈希值即可校验数据是否完整,减少客户端的计算量。The sum of the data blocks to be verified by the homomorphic verification executive and the product of the corresponding homomorphic hash values are obtained to obtain the data aggregation value and the hash aggregation value, that is, it is not necessary to return each data block and the same The client only needs to calculate the hash value of the data aggregation value to verify whether the data is complete, reducing the amount of calculation on the client.

在一实施例中,对数据聚合值和哈希聚合值进行裁决,包括:In one embodiment, arbitrating the data aggregation value and the hash aggregation value includes:

从不同的同态校验执行体计算的所述数据聚合值和所述哈希聚合值中获取满足预设规则的目标数据聚合值和目标哈希聚合值;将所述目标数据聚合值和所述目标哈希聚合值作为裁决通过的所述数据聚合值和所述哈希聚合值;对计算的所述数据聚合值和所述哈希聚合值和裁决通过的所述数据聚合值和所述哈希聚合值不相同的同态校验执行体进行异常反馈;对异常反馈的同态校验执行体进行离线或替换。Obtain a target data aggregation value and a target hash aggregation value satisfying a preset rule from the data aggregation value and the hash aggregation value calculated by different homomorphic verification executives; combine the target data aggregation value and the hash aggregation value The target hash aggregate value is used as the data aggregate value and the hash aggregate value passed by the ruling; the calculated data aggregate value and the hash aggregate value and the data aggregate value and the The homomorphic verification execution body whose hash aggregation value is not the same gives abnormal feedback; the homomorphic verification execution body with abnormal feedback is offline or replaced.

具体地,预设规则为多数一致规则,即多数一致的数据聚合值和哈希聚合值为裁决通过的数据聚合值和哈希聚合值。裁决模块对同态校验执行体计算的数据聚合值和哈希聚合值进行裁决,基于裁决策略获得多数一致的数据聚合值和哈希聚合值,其中多数一致的数据聚合值和哈希聚合值为大多数同态校验执行体计算得到的相同的数据聚合值和哈希聚合值。并找出计算结果和其他大多数同态校验执行体计算的值不一样的异常同态校验执行体,将该异常同态校验执行体反馈给策略/调度模块,策略/调度模块运行调度算法在时域上进行调度,根据异常反馈结果对同态校验执行体进行处理,例如将异常的同态校验执行体进行离线处理并新增其他同态校验执行体进行替换。通过不断检测更新同态校验执行体降低系统被攻击的概率,提高系统安全性能。Specifically, the preset rule is a majority consensus rule, that is, the data aggregation value and the hash aggregation value that are most consistent are the data aggregation value and the hash aggregation value that pass the ruling. The judgment module judges the data aggregation value and hash aggregation value calculated by the homomorphic verification execution body, and obtains the most consistent data aggregation value and hash aggregation value based on the ruling strategy, among which the most consistent data aggregation value and hash aggregation value The same data aggregate and hash aggregate values computed for most homomorphic verification actors. And find out the abnormal homomorphic verification execution body whose calculation result is different from the value calculated by most other homomorphic verification execution bodies, and feed back the abnormal homomorphic verification execution body to the strategy/scheduling module, and the strategy/scheduling module runs The scheduling algorithm performs scheduling in the time domain, and processes the homomorphic verification execution body according to the abnormal feedback results, for example, the abnormal homomorphic verification execution body is processed offline and other homomorphic verification execution bodies are added to replace it. By continuously detecting and updating the homomorphic verification execution body, the probability of the system being attacked is reduced, and the system security performance is improved.

综上,本发明实施例的一种拟态存储系统数据校验方法的优点包括:首先,保护存储服务器的系统安全,利用拟态防御系统的DHR架构防御外部攻击;然后,丰富系统功能,引入同态哈希算法,保留该算法的功能,支持数据的动态更新、无限次验证和完整性验证;最后,保障系统高效,调用多个执行体后确保系统运行速度块,存储冗余少。To sum up, the advantages of a data verification method for a mimic storage system in the embodiment of the present invention include: first, protecting the system security of the storage server, using the DHR architecture of the mimic defense system to defend against external attacks; second, enriching system functions and introducing homomorphic Hash algorithm, which retains the function of the algorithm, supports dynamic update of data, unlimited verification and integrity verification; finally, it ensures the efficiency of the system, and ensures the speed of the system after calling multiple executives, with less storage redundancy.

本发明实施例还提供一种拟态存储系统数据校验装置,如图2所示,包括:The embodiment of the present invention also provides a mimetic storage system data verification device, as shown in Figure 2, including:

第一接收模块201,用于接收客户端上传的文件和哈希密钥,文件包括若干数据块。具体内容参见上述方法实施例对应部分,在此不再赘述。The first receiving module 201 is configured to receive the file and the hash key uploaded by the client, and the file includes several data blocks. For specific content, refer to the corresponding part of the foregoing method embodiment, and details are not repeated here.

存储模块202,用于调用拟态防御系统中的至少两个同态校验执行体分别根据哈希密钥计算每个数据块的同态哈希值,对同态哈希值进行裁决,将裁决通过的同态哈希值和对应的数据块进行存储。具体内容参见上述方法实施例对应部分,在此不再赘述。The storage module 202 is used to call at least two homomorphic verification executives in the mimic defense system to calculate the homomorphic hash value of each data block according to the hash key, and make a judgment on the homomorphic hash value, and the judgment The passed homomorphic hash value and the corresponding data block are stored. For specific content, refer to the corresponding part of the foregoing method embodiment, and details are not repeated here.

第二接收模块203,用于接收客户端发送的数据校验请求。具体内容参见上述方法实施例对应部分,在此不再赘述。The second receiving module 203 is configured to receive the data verification request sent by the client. For specific content, refer to the corresponding part of the foregoing method embodiment, and details are not repeated here.

证据获取模块204,用于基于数据校验请求获取要进行数据校验的数据块和对应的同态哈希值,并调用至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的同态哈希值的哈希聚合值,对数据聚合值和哈希聚合值进行裁决。具体内容参见上述方法实施例对应部分,在此不再赘述。Evidence acquisition module 204, configured to obtain the data block to be verified and the corresponding homomorphic hash value based on the data verification request, and call at least two homomorphic verification executives to calculate the data to be verified respectively The data aggregation value of the block and the hash aggregation value of the corresponding homomorphic hash value are used to judge the data aggregation value and the hash aggregation value. For specific content, refer to the corresponding part of the foregoing method embodiment, and details are not repeated here.

响应模块205,用于将裁决通过的数据聚合值和哈希聚合值返回至客户端,以使客户端采用同态哈希函数对数据聚合值进行计算得到同态哈希标签,并根据同态哈希标签和哈希聚合值是否相同,确定数据校验请求对应的数据块所属的文件是否被正确持有。具体内容参见上述方法实施例对应部分,在此不再赘述。The response module 205 is used to return the data aggregation value and hash aggregation value passed by the ruling to the client, so that the client uses a homomorphic hash function to calculate the data aggregation value to obtain a homomorphic hash tag, and according to the homomorphic Whether the hash tag and the hash aggregation value are the same determines whether the file to which the data block corresponding to the data verification request belongs is correctly held. For specific content, refer to the corresponding part of the foregoing method embodiment, and details are not repeated here.

本发明实施例的一种拟态存储系统数据校验装置,通过接收客户端上传的文件和哈希密钥,文件包括若干数据块;调用拟态防御系统中的至少两个同态校验执行体分别根据哈希密钥计算每个数据块的同态哈希值,对同态哈希值进行裁决,将裁决通过的同态哈希值和对应的数据块进行存储;接收客户端发送的数据校验请求;基于数据校验请求获取要进行数据校验的数据块和对应的同态哈希值;调用至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的同态哈希值的哈希聚合值,对数据聚合值和哈希聚合值进行裁决;将裁决通过的数据聚合值和哈希聚合值返回至客户端,以使客户端采用同态哈希函数对数据聚合值进行计算得到同态哈希标签,并根据同态哈希标签和哈希聚合值是否相同,确定数据校验请求对应的数据块所属的文件是否被正确持有,本发明实施例在数据验证时,利用拟态防御系统防御外部攻击,提高系统安全性能,且引入同态哈希算法进行加密,降低数据泄露风险。A device for verifying data in a mimic storage system according to an embodiment of the present invention receives a file and a hash key uploaded by a client, and the file includes several data blocks; calls at least two homomorphic verification execution entities in the mimic defense system, respectively Calculate the homomorphic hash value of each data block according to the hash key, make a judgment on the homomorphic hash value, and store the homomorphic hash value and the corresponding data block after the ruling; receive the data calibration sent by the client verification request; obtain the data block to be verified and the corresponding homomorphic hash value based on the data verification request; call at least two homomorphic verification executives to calculate the data aggregation value of the data block to be verified respectively And the hash aggregation value of the corresponding homomorphic hash value, arbitrate the data aggregation value and hash aggregation value; return the data aggregation value and hash aggregation value passed by the ruling to the client, so that the client adopts homomorphism The hash function calculates the data aggregation value to obtain the homomorphic hash tag, and according to whether the homomorphic hash tag and the hash aggregation value are the same, determine whether the file to which the data block corresponding to the data verification request belongs is correctly held. In the embodiment of the invention, the mimetic defense system is used to defend against external attacks during data verification to improve system security performance, and a homomorphic hash algorithm is introduced for encryption to reduce the risk of data leakage.

本发明实施例还提供一种拟态存储系统数据校验系统,如图3所示,该系统包括客户端和存储服务器,存储服务器包括拟态防御系统和数据节点,拟态防御系统具体采用动态异构冗余架构,包括输入代理、裁决模块、同态校验执行体和策略/调度模块,输入代理和裁决模块组成元服务节点和客户端进行交互。The embodiment of the present invention also provides a data verification system for a mimic storage system. As shown in FIG. 3 , the system includes a client and a storage server, and the storage server includes a mimic defense system and data nodes. The rest of the architecture, including input agent, ruling module, homomorphic verification executive body and policy/scheduling module, the input agent and the ruling module form the meta-service node to interact with the client.

客户端用于生成哈希密钥,将哈希密钥和要存储的文件上传至存储服务器,并向存储服务器发送数据校验请求;The client is used to generate a hash key, upload the hash key and the file to be stored to the storage server, and send a data verification request to the storage server;

存储服务器用于在接收客户端上传的文件和哈希密钥后,调用拟态防御系统中的至少两个同态校验执行体分别根据哈希密钥计算每个数据块的同态哈希值,对同态哈希值进行裁决,将裁决通过的同态哈希值和对应的数据块关联存储至数据节点,存储服务器还用于在接受到数据校验请求后,基于数据校验请求获取要进行数据校验的数据块和对应的同态哈希值,调用至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的同态哈希值的哈希聚合值,对数据聚合值和哈希聚合值进行裁决,将裁决通过的数据聚合值和哈希聚合值返回至客户端;After receiving the file and hash key uploaded by the client, the storage server calls at least two homomorphic verification execution bodies in the mimic defense system to calculate the homomorphic hash value of each data block according to the hash key , make a judgment on the homomorphic hash value, associate and store the passed homomorphic hash value and the corresponding data block to the data node, and the storage server is also used to obtain the data based on the data verification request after receiving the data verification request For the data block to be verified and the corresponding homomorphic hash value, call at least two homomorphic verification executives to calculate the data aggregation value of the data block to be verified and the corresponding homomorphic hash value Hash aggregation value, adjudicating the data aggregation value and hash aggregation value, and returning the data aggregation value and hash aggregation value that passed the ruling to the client;

客户端还用于在接收服务器返回的数据聚合值和哈希聚合值后,采用同态哈希函数对数据聚合值进行计算得到同态哈希标签,并确认同态哈希标签和哈希聚合值是否相同从而判断进行数据校验的数据块所属的文件是否被正确持有。The client is also used to calculate the data aggregation value using the homomorphic hash function to obtain the homomorphic hash tag after receiving the data aggregation value and hash aggregation value returned by the server, and confirm the homomorphic hash tag and hash aggregation value Whether the values are the same to determine whether the file to which the data block for data verification belongs is correctly held.

本发明实施例的拟态存储系统数据校验系统的运行原理为:客户端在初始化时生成初始密钥,将哈希密钥和要存储的文件上传至存储服务器。在数据标签阶段,客户端通过网络和存储服务器交互,通过存储服务器的拟态防御系统对所有的数据块做同态哈希运算,生成同态哈希值作为数据标签和数据块共同存储在存储节点,同态哈希值作为持有性证明依据和提供完整性保障。准备阶段完毕后,客户端可以随时向存储服务器发起挑战,发送数据校验请求进行完整性验证,存储服务器接收到数据校验请求后,元服务节点与在线的同态校验执行体建立联系,进行数据块的分发与裁决,将要进行数据校验的数据块和对应的同态哈希值分发给每一个同态校验执行体,同态校验执行体计算要进行数据校验的数据块的数据聚合值和对应的同态哈希值的哈希聚合值,然后将结果输出到裁决模块进行裁决,裁决模块裁决完毕后发送裁决结果至策略/调度模块,策略/调度模块接收裁决结果,根据裁决结果运行调度算法在时域上进行调度,同时发送同态校验执行体信息给元服务节点。The operating principle of the data verification system of the mimetic storage system in the embodiment of the present invention is as follows: the client generates an initial key during initialization, and uploads the hash key and the file to be stored to the storage server. In the data labeling stage, the client interacts with the storage server through the network, performs homomorphic hash operations on all data blocks through the mimic defense system of the storage server, and generates homomorphic hash values as data labels and data blocks to be stored in the storage node , the homomorphic hash value serves as the basis for proof of possession and provides integrity protection. After the preparation phase is completed, the client can initiate a challenge to the storage server at any time and send a data verification request for integrity verification. After the storage server receives the data verification request, the meta service node establishes a connection with the online homomorphic verification execution body. Distribute and judge data blocks, distribute the data blocks to be verified and the corresponding homomorphic hash values to each homomorphic verification executive, and the homomorphic verification executive calculates the data blocks to be verified The data aggregation value and the hash aggregation value of the corresponding homomorphic hash value, and then output the result to the adjudication module for adjudication. After the adjudication module completes the adjudication, it sends the adjudication result to the strategy/scheduling module, which receives the adjudication result. According to the ruling result, the scheduling algorithm is run to schedule in the time domain, and at the same time, the homomorphic verification executive body information is sent to the meta-service node.

本发明实施例的拟态存储系统数据校验系统中,客户端用于生成哈希密钥,将哈希密钥和要存储的文件上传至存储服务器,并向存储服务器发送数据校验请求;存储服务器用于在接收客户端上传的文件和哈希密钥后,调用拟态防御系统中的至少两个同态校验执行体分别根据哈希密钥计算每个数据块的同态哈希值,对同态哈希值进行裁决,将裁决通过的同态哈希值和对应的数据块关联存储至数据节点,服务器还用于在接受到数据校验请求后,基于数据校验请求获取要进行数据校验的数据块和对应的同态哈希值,调用至少两个同态校验执行体分别计算要进行数据校验的数据块的数据聚合值和对应的同态哈希值的哈希聚合值,对数据聚合值和哈希聚合值进行裁决,将裁决通过的数据聚合值和哈希聚合值返回至客户端;客户端还用于在接收服务器返回的数据聚合值和哈希聚合值后,采用同态哈希函数对数据聚合值进行计算得到同态哈希标签,并确认同态哈希标签和哈希聚合值是否相同从而判断进行数据校验的数据块所属的文件是否被正确持有。通过本发明实施例在数据验证时,利用拟态防御系统防御外部攻击,提高系统安全性能,且引入同态哈希算法进行加密,降低数据泄露风险。In the mimetic storage system data verification system of the embodiment of the present invention, the client is used to generate a hash key, upload the hash key and the file to be stored to the storage server, and send a data verification request to the storage server; After receiving the file and hash key uploaded by the client, the server invokes at least two homomorphic verification execution bodies in the mimic defense system to calculate the homomorphic hash value of each data block according to the hash key, Judgment is made on the homomorphic hash value, and the homomorphic hash value passed by the ruling and the corresponding data block are associated and stored in the data node. After receiving the data verification request, the server is also used to obtain the The data block for data verification and the corresponding homomorphic hash value, call at least two homomorphic verification executives to calculate the data aggregation value of the data block to be verified and the corresponding hash value of the homomorphic hash value Aggregate value, judge the data aggregate value and hash aggregate value, and return the data aggregate value and hash aggregate value passed by the ruling to the client; the client is also used to receive the data aggregate value and hash aggregate value returned by the server Finally, use the homomorphic hash function to calculate the data aggregation value to obtain the homomorphic hash tag, and confirm whether the homomorphic hash tag and the hash aggregation value are the same to determine whether the file to which the data block for data verification belongs is correct hold. Through the embodiment of the present invention, the mimetic defense system is used to defend against external attacks during data verification, the system security performance is improved, and a homomorphic hash algorithm is introduced for encryption to reduce the risk of data leakage.

本发明实施例还提供了一种电子设备,如图4所示,包括:存储器501和处理器502,存储器501和处理器502之间互相通信连接,存储器501存储有计算机指令,处理器502通过执行计算机指令,从而执行如本发明上述实施例中的拟态存储系统数据校验方法。其中处理器502和存储器501可以通过总线或者其他方式连接。处理器502可以为中央处理器(CentralProcessingUnit,CPU)。处理器502还可以为其他通用处理器、数字信号处理器(DigitalSignalProcessor,DSP)、专用集成电路(ApplicationSpecificIntegratedCircuit,ASIC)、现场可编程门阵列(Field-ProgrammableGateArray,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等芯片,或者上述各类芯片的组合。存储器501作为一种非暂态计算机存储介质,可用于存储非暂态软件程序、非暂态计算机可执行程序以及模块,如本发明实施例中的对应的程序指令/模块。处理器502通过运行存储在存储器501中的非暂态软件程序、指令以及模块,从而执行处理器502的各种功能应用以及数据处理,即实现上述方法实施例中的拟态存储系统数据校验方法。存储器501可以包括存储程序区和存储数据区,其中,存储程序区可存储操作装置、至少一个功能所需要的应用程序;存储数据区可存储处理器502所创建的数据等。此外,存储器501可以包括高速随机存取存储器501,还可以包括非暂态存储器501,例如至少一个磁盘存储器件、闪存器件、或其他非暂态固态存储器件。在一些实施例中,存储器501可选包括相对于处理器502远程设置的存储器501,这些远程存储器501可以通过网络连接至处理器502。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。一个或者多个模块存储在存储器501中,当被处理器502执行时,执行如上述方法实施例中的拟态存储系统数据校验方法。上述电子设备具体细节可以对应上述方法实施例中对应的相关描述和效果进行理解,此处不再赘述。The embodiment of the present invention also provides an electronic device, as shown in FIG. 4 , including: a memory 501 and a processor 502, the memory 501 and the processor 502 are connected by communication, the memory 501 stores computer instructions, and the processor 502 passes Executing computer instructions, thereby executing the data verification method of the mimetic storage system in the above-mentioned embodiments of the present invention. The processor 502 and the memory 501 may be connected through a bus or in other ways. The processor 502 may be a central processing unit (Central Processing Unit, CPU). The processor 502 can also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete Chips such as gate or transistor logic devices, discrete hardware components, or a combination of the above types of chips. As a non-transitory computer storage medium, the memory 501 can be used to store non-transitory software programs, non-transitory computer executable programs and modules, such as corresponding program instructions/modules in the embodiments of the present invention. The processor 502 executes various functional applications and data processing of the processor 502 by running the non-transitory software programs, instructions and modules stored in the memory 501, that is, to realize the data verification method of the mimetic storage system in the above method embodiment . The memory 501 may include a program storage area and a data storage area, wherein the program storage area may store an application program required by the operating device and at least one function; the data storage area may store data created by the processor 502 and the like. In addition, the memory 501 may include a high-speed random access memory 501, and may also include a non-transitory memory 501, such as at least one magnetic disk storage device, a flash memory device, or other non-transitory solid-state storage devices. In some embodiments, the memory 501 may optionally include memory 501 remotely located relative to the processor 502, and these remote memory 501 may be connected to the processor 502 through a network. Examples of the aforementioned networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof. One or more modules are stored in the memory 501, and when executed by the processor 502, the method for verifying data in a mimetic storage system as in the above method embodiment is executed. The specific details of the foregoing electronic device can be understood corresponding to the corresponding descriptions and effects in the foregoing method embodiments, and details are not repeated here.

本发明实施例还提供一种计算机可读存储介质,如图5所示,其上存储有计算机程序13,该指令被处理器执行时实现上述实施例中拟态存储系统数据校验方法的步骤。该存储介质上还存储有音视频流数据,特征帧数据、交互请求信令、加密数据以及预设数据大小等。其中,存储介质可为磁碟、光盘、只读存储记忆体(Read-OnlyMemory,ROM)、随机存储记忆体(RandomAccessMemory,RAM)、快闪存储器(FlashMemory)、硬盘(HardDiskDrive,缩写:HDD)或固态硬盘(Solid-StateDrive,SSD)等;存储介质还可以包括上述种类的存储器的组合。本领域技术人员可以理解,实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,计算机程序13可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,存储介质可为磁碟、光盘、只读存储记忆体(Read-OnlyMemory,ROM)、随机存储记忆体(RandomAccessMemory,RAM)、快闪存储器(FlashMemory)、硬盘(HardDiskDrive,缩写:HDD)或固态硬盘(Solid-StateDrive,SSD)等;存储介质还可以包括上述种类的存储器的组合。The embodiment of the present invention also provides a computer-readable storage medium, as shown in FIG. 5 , on which a computer program 13 is stored. When the instruction is executed by a processor, the steps of the method for verifying the data of the mimetic storage system in the above-mentioned embodiments are implemented. The storage medium also stores audio and video stream data, feature frame data, interaction request signaling, encrypted data, and preset data sizes. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a flash memory (FlashMemory), a hard disk (HardDiskDrive, abbreviation: HDD) or A solid-state drive (Solid-State Drive, SSD), etc.; the storage medium may also include a combination of the above-mentioned types of memories. Those skilled in the art can understand that all or part of the processes in the method of the above-mentioned embodiments can be completed by instructing related hardware through a computer program. The computer program 13 can be stored in a computer-readable storage medium. During execution, it may include the processes of the embodiments of the above-mentioned methods. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a flash memory (FlashMemory), a hard disk (HardDiskDrive, abbreviation: HDD) or A solid-state drive (Solid-State Drive, SSD), etc.; the storage medium may also include a combination of the above-mentioned types of memories.

以上,以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Above, the above embodiments are only used to illustrate the technical solutions of the present invention, not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still be applied to the foregoing embodiments The technical solutions described in the examples are modified, or some of the technical features are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the present invention.

Claims (10)

1. A data verification method of a mimicry storage system is applied to a storage server and comprises the following steps:
receiving a file and a hash key uploaded by a client, wherein the file comprises a plurality of data blocks;
calling at least two homomorphic check executors in the mimicry defense system to respectively calculate the homomorphic hash value of each data block according to the hash key, judging the homomorphic hash value, and storing the homomorphic hash value passing the judgment and the corresponding data block;
receiving a data verification request sent by a client;
acquiring a data block to be subjected to data verification and the corresponding homomorphic hash value based on the data verification request, calling at least two homomorphic verification executors to respectively calculate a data aggregation value of the data block to be subjected to data verification and a corresponding hash aggregation value of the homomorphic hash value, and judging the data aggregation value and the hash aggregation value;
and returning the data aggregation value and the hash aggregation value which pass the judgment to the client so that the client calculates the data aggregation value by adopting a homomorphic hash function to obtain a homomorphic hash label, and determining whether the file to which the data block corresponding to the data verification request belongs is correctly held according to whether the homomorphic hash label is the same as the hash aggregation value.
2. The data verification method for the mimicry storage system according to claim 1, wherein the step of calling at least two homomorphic verification executors in the mimicry defense system to calculate the homomorphic hash value of each data block according to the hash key comprises the following steps:
distributing the hash key and the data block to at least two homomorphic check executors in a mimicry defense system;
and receiving homomorphic hash values of each data block, which are calculated by at least two homomorphic check executors according to the hash key, wherein the homomorphic check executors respectively realize homomorphic hash label algorithms by adopting different hardware systems and/or different languages.
3. The data verification method of the mimicry storage system of claim 1, wherein arbitrating the homomorphic hash values comprises:
acquiring a target homomorphic hash value meeting a preset rule from the homomorphic hash values calculated by different homomorphic check executors;
taking the target homomorphic hash value as the homomorphic hash value passing the arbitration;
performing exception feedback on homomorphic check executors which are different from the homomorphic hash value passing the arbitration and the homomorphic hash value;
and (4) performing off-line or replacement on the homomorphic check executive body fed back by the exception.
4. The data verification method of the mimicry storage system according to claim 1, wherein invoking at least two homomorphic verification executors to respectively calculate a data aggregation value of a data block to be subjected to data verification and a hash aggregation value of the corresponding homomorphic hash value, includes:
the data block to be subjected to data verification and the corresponding homomorphic hash value are distributed to at least two homomorphic verification executors in the mimicry defense system;
receiving the sum of data blocks to be subjected to data verification calculated by at least two homomorphic verification executors and the product of the corresponding homomorphic hash values, wherein the data aggregation value is the sum of the data blocks to be subjected to data verification, and the hash aggregation value is the product of the corresponding homomorphic hash values.
5. The data verification method of the mimicry storage system of claim 1, wherein arbitrating the data aggregation value and the hash aggregation value comprises:
acquiring a target data aggregation value and a target hash aggregation value which meet a preset rule from the data aggregation value and the hash aggregation value calculated by different homomorphic check executors;
taking the target data aggregation value and the target hash aggregation value as the data aggregation value and the hash aggregation value which are decided to pass;
performing exception feedback on the calculated data aggregation value, the hash aggregation value and the homomorphic check executive body which passes the arbitration and is different from the hash aggregation value;
and carrying out off-line or replacement on the homomorphic check executive body fed back by the exception.
6. The mimicry storage system data checking method according to claim 1, wherein the data checking request includes a random key and a number of data blocks to be checked for data;
the obtaining of the data block to be subjected to data verification and the corresponding homomorphic hash value based on the data verification request includes:
calculating the position coordinates of each data block to be subjected to data verification and the corresponding homomorphic hash value according to the random key and the number of the data blocks to be subjected to data verification;
and acquiring a data block to be subjected to data verification and the corresponding homomorphic hash value according to the position coordinates.
7. A data verification device for a mimicry storage system, comprising:
the first receiving module is used for receiving a file and a hash key uploaded by a client, wherein the file comprises a plurality of data blocks;
the storage module is used for calling at least two homomorphic check executors in the mimicry defense system to respectively calculate the homomorphic hash value of each data block according to the hash key, judging the homomorphic hash values and storing the homomorphic hash values and the corresponding data blocks which pass the judgment;
the second receiving module is used for receiving a data verification request sent by the client;
an evidence obtaining module, configured to obtain a data block to be subjected to data verification and the corresponding homomorphic hash value based on the data verification request, and call at least two homomorphic verification executors to calculate a data aggregation value of the data block to be subjected to data verification and a hash aggregation value of the corresponding homomorphic hash value, respectively, and decide the data aggregation value and the hash aggregation value;
and the response module is used for returning the data aggregation value and the hash aggregation value which pass the judgment to the client so as to enable the client to calculate the data aggregation value by adopting a homomorphic hash function to obtain a homomorphic hash label, and determining whether the file to which the data block corresponding to the data verification request belongs is correctly held according to whether the homomorphic hash label is the same as the hash aggregation value.
8. An electronic device, comprising: a memory and a processor, the memory and the processor being communicatively connected to each other, the memory storing computer instructions, and the processor executing the computer instructions to perform the data verification method of the mimicry storage system according to any one of claims 1 to 5.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium stores computer instructions for causing the computer to execute the mimicry storage system data checking method according to any one of claims 1 to 5.
10. The data verification system of the mimicry storage system is characterized by comprising a client and a storage server, wherein the storage server comprises a mimicry defense system and data nodes;
the client is used for generating a hash key, uploading the hash key and a file to be stored to a storage server, and sending a data verification request to the storage server;
the storage server is used for calling at least two homomorphic check executors in a mimicry defense system to respectively calculate a homomorphic hash value of each data block according to the hash key after receiving the file and the hash key uploaded by the client, arbitrating the homomorphic hash value, and storing the homomorphic hash value and the corresponding data block which are arbitrated to pass in an associated manner to the data node;
and the client is further used for calculating the data aggregation value by adopting a homomorphic hash function to obtain a homomorphic hash tag after receiving the data aggregation value and the hash aggregation value returned by the server, and determining whether the homomorphic hash tag and the hash aggregation value are the same so as to judge whether a file to which the data block subjected to data verification belongs is correctly held.
CN202211487287.6A 2022-11-17 2022-11-17 Data verification method, device, equipment, medium and system for mimicry storage system Pending CN115913572A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211487287.6A CN115913572A (en) 2022-11-17 2022-11-17 Data verification method, device, equipment, medium and system for mimicry storage system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211487287.6A CN115913572A (en) 2022-11-17 2022-11-17 Data verification method, device, equipment, medium and system for mimicry storage system

Publications (1)

Publication Number Publication Date
CN115913572A true CN115913572A (en) 2023-04-04

Family

ID=86489151

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211487287.6A Pending CN115913572A (en) 2022-11-17 2022-11-17 Data verification method, device, equipment, medium and system for mimicry storage system

Country Status (1)

Country Link
CN (1) CN115913572A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117134981A (en) * 2023-09-07 2023-11-28 中南大学湘雅二医院 Body surgical trauma pressure data processing method and system based on AI learning

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070140479A1 (en) * 2005-12-19 2007-06-21 Microsoft Corporation Privacy-preserving data aggregation using homomorphic encryption
CN110086599A (en) * 2019-04-24 2019-08-02 电子科技大学 Hash calculation method and label decryption method based on homomorphism chameleon hash function
CN111597590A (en) * 2020-05-12 2020-08-28 重庆邮电大学 Block chain-based data integrity rapid inspection method
CN114650128A (en) * 2022-03-31 2022-06-21 启明星辰信息技术集团股份有限公司 Aggregation verification method for federated learning

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070140479A1 (en) * 2005-12-19 2007-06-21 Microsoft Corporation Privacy-preserving data aggregation using homomorphic encryption
CN110086599A (en) * 2019-04-24 2019-08-02 电子科技大学 Hash calculation method and label decryption method based on homomorphism chameleon hash function
CN111597590A (en) * 2020-05-12 2020-08-28 重庆邮电大学 Block chain-based data integrity rapid inspection method
CN114650128A (en) * 2022-03-31 2022-06-21 启明星辰信息技术集团股份有限公司 Aggregation verification method for federated learning

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
赵海宁: "拟态防御系统中的同态技术应用研究", 中国优秀硕士论文电子期刊网, no. 2022, 15 July 2022 (2022-07-15), pages 19 - 49 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117134981A (en) * 2023-09-07 2023-11-28 中南大学湘雅二医院 Body surgical trauma pressure data processing method and system based on AI learning
CN117134981B (en) * 2023-09-07 2024-05-14 中南大学湘雅二医院 Body surgical surface trauma pressure data processing method and system based on AI learning

Similar Documents

Publication Publication Date Title
Velmurugadass et al. Enhancing Blockchain security in cloud computing with IoT environment using ECIES and cryptography hash algorithm
Suhail et al. On the role of hash-based signatures in quantum-safe internet of things: Current solutions and future directions
Yavari et al. An Improved Blockchain‐Based Authentication Protocol for IoT Network Management
US9509690B2 (en) Methods and systems for managing network activity using biometrics
Hao et al. Efficient, private and robust federated learning
US9804891B1 (en) Parallelizing multiple signing and verifying operations within a secure routing context
CN113098691B (en) Digital signature method, signature information verification method, related device and electronic equipment
CN113469371B (en) Federal learning method and apparatus
US20230237437A1 (en) Apparatuses and methods for determining and processing dormant user data in a job resume immutable sequential listing
KR20230147761A (en) Authenticated modification of blockchain-based data
Kołodziej et al. Blockchain secure cloud: a new generation integrated cloud and blockchain platforms–general concepts and challenges
CN108416221B (en) Secure similar data possession proof scheme in cloud environment
Ye et al. VREFL: Verifiable and reconnection-efficient federated learning in IoT scenarios
CN115913572A (en) Data verification method, device, equipment, medium and system for mimicry storage system
Sharma et al. BLAST-IoT: Blockchain assisted scalable trust in internet of things
Azizpour et al. Nada: new architecture for detecting dos and ddos attacks in fog computing
Kokila et al. BlockDLO: Blockchain computing with deep learning orchestration for secure data communication in IoT Environment
Idris et al. Enhancement Data Integrity Checking Using Combination MD5 and SHA1 Algorithm in Hadoop Architecture
Yang et al. A novel two-layer DAG-based reactive protocol for IoT data reliability in metaverse
Wang et al. AI‐enabled blockchain and SDN‐integrated IoT security architecture for cyber‐physical systems
Dornala et al. An Enhanced Data Quality Management System in Cloud Computing
Khan et al. Integrating AI and Blockchain for Enhanced Data Security in IoT-Driven Smart Cities. Processes 2024, 12, 1825
Xu et al. Fedbc: an efficient and privacy-preserving federated consensus scheme
Laftimi et al. Ai-based intelligent blockchain for the authentication of the metering system
Peelam et al. Enhancing security using quantum blockchain in consumer IoT networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination