CN117555864B - Cloud data safe deleting method based on trusted execution environment - Google Patents

Cloud data safe deleting method based on trusted execution environment Download PDF

Info

Publication number
CN117555864B
CN117555864B CN202410039044.9A CN202410039044A CN117555864B CN 117555864 B CN117555864 B CN 117555864B CN 202410039044 A CN202410039044 A CN 202410039044A CN 117555864 B CN117555864 B CN 117555864B
Authority
CN
China
Prior art keywords
data
block
request
cloud
seed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410039044.9A
Other languages
Chinese (zh)
Other versions
CN117555864A (en
Inventor
田晖
王梦成
卢璥
全韩彧
李越
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaqiao University
Original Assignee
Huaqiao University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaqiao University filed Critical Huaqiao University
Priority to CN202410039044.9A priority Critical patent/CN117555864B/en
Publication of CN117555864A publication Critical patent/CN117555864A/en
Application granted granted Critical
Publication of CN117555864B publication Critical patent/CN117555864B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • G06F16/162Delete operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/172Caching, prefetching or hoarding of files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a cloud data security deleting method based on a trusted execution environment, and relates to the technical field of data security. When the user terminal deletes the cloud file: the user side generates data for rewriting, a deleting request and an auditing request, sends the data and the deleting request to the cloud service side, and sends the data and the auditing request to the third party auditing side. And the trusted execution environment component of the cloud service end generates useless data and a deletion request according to the data and sends the useless data and the deletion request to the storage environment component. And the storage environment component of the cloud service end performs coverage update on the data blocks to be deleted according to the useless data. And the third party auditing end generates challenge information according to the auditing request and sends the challenge information to the cloud service end. And the storage environment component of the cloud service end generates verification information according to the challenge information and sends the verification information to the third party auditing end. And the third party audit terminal verifies whether the cloud service terminal deletes the data according to the verification information and feeds the data back to the user terminal. The method reduces the expenditure of the user end and improves the safety of data deletion.

Description

Cloud data safe deleting method based on trusted execution environment
Technical Field
The invention relates to the technical field of data security, in particular to a cloud data security deleting method based on a trusted execution environment.
Background
Cloud data deletion is an important problem in the field of cloud storage. As more and more users store data in the cloud, it becomes critical how to ensure that users can safely delete the data of the cloud server when needed. This is because users may have legal, compliance, or privacy requirements that require them to have full control over the lifecycle of their data. However, since the underlying storage system is typically managed by the cloud server, it is difficult for the user to verify whether the data has been completely deleted. This situation may lead to data leakage or misuse problems.
Thus, related research layers related to data deletion in cloud storage in the prior art are endless, and they can be divided into two main categories: secure deletion and trusted deletion.
Trusted data deletion is mostly implemented based on encryption. Based on the trusted deletion scheme of the strategy, when the file of the system is required to be deleted, the corresponding strategy is cancelled, so that the corresponding control key is invalid, and finally the file data is not available. However, the control key in this scheme is centrally managed and stored by a third party authority, and there is a possibility that the key may be deleted or leaked.
The secure erase verifies the result of the erase by means of the idea of PDP through a verifiable overwrite-based secure erase scheme. However, this scheme requires the user to verify the deletion result, increasing the burden on the user.
In view of the above, the applicant has studied the prior art and has made the present application.
Disclosure of Invention
The invention provides a cloud data security deleting method based on a trusted execution environment, which aims to improve at least one of the technical problems.
In a first aspect, an embodiment of the present invention provides a method for securely deleting cloud data based on a trusted execution environment, where the method can be executed by a user end, a cloud service end, and a third party audit end that are communicatively connected. The cloud server comprises a trusted execution environment component and a storage environment component.
When the user side stores the data file to the cloud service side:
the user terminal is used for: generating a file identifier according to a data file to be stored to a cloud server, and performing block mapping on the data file according to a secure hash function and a first private key to obtain a data block set and a tag set corresponding to the data block set. Wherein the first private key is generated by the user side.
The user end is also used for: and sending the file identifier to a third party auditing end, sending the file identifier, the tag set and the data block set to a cloud service end, and deleting the file identifier, the data block set and the tag set after the file identifier, the tag set and the data block set are successfully sent.
The storage environment component of the cloud service end is used for: and carrying out consistency verification according to the first public key, the received file identifier, the tag set and the data block set. When the consistency verification passes, the received data is stored. And when the consistency verification is not passed, refusing to store the received data, and requiring the user side to resend the data. The first public key is generated by the user side and sent to the cloud service side.
When the user terminal deletes the data file from the cloud service terminal:
The user terminal is used for: and generating a deletion request, an audit request and a number for rewriting, wherein the number comprises the first index set, according to the data blocks needing to be deleted. And then, sending the data for rewriting and the deletion request to a trusted execution environment component of the cloud service end so as to entrust the trusted execution environment component to delete the data according to the request. And then, the first index set and the audit request are sent to a third party audit terminal so as to entrust the third party audit terminal to verify whether the cloud service terminal deletes the corresponding data. The data used for rewriting is used for updating and deleting the data stored on the cloud server through a rewriting method.
The trusted execution environment component of the cloud service end is used for: and generating useless data used for covering and updating old data according to the data used for rewriting, and a deletion request disguised as an update request, and sending the useless data and the deletion request disguised as the update request to a storage environment component of the cloud server.
The storage environment component of the cloud service end is used for: and carrying out coverage updating on the data blocks to be deleted according to the useless data.
The third party audit terminal is used for: and generating challenge information according to the first index set, and sending the challenge information to a storage environment component of the cloud server. The challenge information at least comprises part of serial numbers of data blocks to be deleted.
The storage environment component of the cloud service is further configured to: and generating verification information according to the challenge information, and sending the verification information to a third party audit terminal. Wherein the verification information is used for proving the holding property of the useless data.
The third party audit terminal is also used for: and verifying whether the cloud server deletes the data to be deleted according to the verification information, and feeding back the data to the user side.
In a second aspect, an embodiment of the present invention provides a cloud data security deletion method based on a trusted execution environment. The cloud data security deletion method is described from the side of the user terminal, and at least comprises the steps executed by the user terminal in the first aspect;
when the user side stores the data file to the cloud service side:
Generating a file identifier according to a data file to be stored to a cloud server, and performing block mapping on the data file according to a secure hash function and a first private key to obtain a data block set and a tag set corresponding to the data block set. Wherein the first private key is generated by the user side.
And sending the file identifier to a third party auditing end, sending the file identifier, the tag set and the data block set to a cloud service end, and deleting the file identifier, the data block set and the tag set after the file identifier, the tag set and the data block set are successfully sent.
When the user terminal deletes the data file from the cloud service terminal:
and generating a deletion request, an audit request and data for rewriting, wherein the data comprises the first index set, according to the data blocks needing to be deleted. The data used for rewriting is used for updating and deleting the data stored on the cloud server through a rewriting method.
And sending the data for rewriting and the deletion request to a trusted execution environment component of the cloud server to delegate the trusted execution environment component to delete the data according to the request.
And sending the first index set and the audit request to a third party audit terminal so as to entrust the third party audit terminal to verify whether the cloud service terminal deletes corresponding data.
In a third aspect, an embodiment of the present invention provides a method for securely deleting cloud data based on a trusted execution environment. The cloud data security deletion method is described from the cloud server side and at least comprises the steps executed by the cloud server in the first aspect; the cloud service end comprises a trusted execution environment component and a storage environment component.
When the user side stores the data file to the cloud service side:
The storage environment component of the cloud service end is used for: and carrying out consistency verification according to the first public key, the received file identifier, the tag set and the data block set. When the consistency verification passes, the received data is stored. And when the consistency verification is not passed, refusing to store the received data, and requiring the user side to resend the data.
When the user terminal deletes the data file from the cloud service terminal:
The trusted execution environment component of the cloud service end is used for: generating useless data used for covering and updating old data according to the received data used for rewriting, and a deletion request disguised as an update request, and sending the useless data and the deletion request disguised as the update request to a storage environment component of the cloud server.
The storage environment component of the cloud service end is used for: and carrying out coverage updating on the data blocks to be deleted according to the useless data.
The storage environment component of the cloud service is further configured to: and generating verification information according to the received challenge information, and sending the verification information to a third party auditing end.
In a fourth aspect, an embodiment of the present invention provides a cloud data security deletion method based on a trusted execution environment. The cloud data security deletion method is described from the side of the third party audit terminal and at least comprises the steps executed by the third party audit terminal in the first aspect.
When the user terminal deletes the data file from the cloud service terminal:
The third party audit terminal is used for: and generating challenge information according to the first index set, and sending the challenge information to a storage environment component of the cloud server. The challenge information at least comprises part of serial numbers of data blocks to be deleted.
The third party audit terminal is also used for: and verifying whether the cloud server deletes the data to be deleted according to the received verification information, and feeding back the data to the user side.
By adopting the technical scheme, the invention can obtain the following technical effects:
The cloud data security deleting method based on the trusted execution environment can ensure low computing cost of a user side and improve the security of sensitive data during data deleting and the high efficiency of user deleting operation.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a cloud data security deletion method based on a trusted execution environment for storing data and deleting data.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It will be apparent that the described embodiments are only some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, a first embodiment of the present invention provides a method for securely deleting cloud data based on a trusted execution environment, which can be executed by a user terminal, a cloud service terminal, and a third party audit terminal that are connected through communication. The cloud server comprises a trusted execution environment component and a storage environment component.
The cloud data security deleting method based on the trusted execution environment is described from interaction among a user side, a cloud service side and a third party audit side and at least comprises the following steps:
when the user side stores the data file to the cloud service side, the method includes steps S101 to S104.
S101, a user side is used for generating a first key pair comprising a first private key and a first public key, sending the first public key to a cloud service side and a third party audit side, and deleting the first public key after the first public key is sent successfully.
The first private key is:
The first public key is:
Where x 1 is a random number in the integer set Z p, G is a generator in the p-order multiplication loop group G 1, u is a random element in the p-order multiplication loop group G 1, and y 1=gx1 is a first public key parameter.
Preferably, in this embodiment, a different first key pair is generated each time data is saved to the cloud server. In other embodiments, only one key pair need be generated for the first use, and the same key pair is used for subsequent file save operations. The number of key pairs and the generation time node are not particularly limited in the present invention.
S102, the user side generates a file identifier according to a data file to be stored to the cloud server side, and performs block mapping on the data file according to a secure hash function and a first private key to obtain a data block set and a corresponding tag set. Wherein the first private key is generated by the user side.
Preferably, step S102 specifically includes steps S1021 to S1024.
S1021, generating a file identifier ID F according to the data file F to be saved to the cloud server.
S1022, dividing the data file F into n data blocks to obtain a data block set F.
The expression for the data block set F is:
Where m i (i=1, 2.,; n) represents the i-th data block.
S1023, according to the data block set F, mapping each data block m i into an element b i in the integer set Z p.
The mapping model is as follows:
where is a secure hash function.
Specifically, the function of the secure hash function is to map character strings of arbitrary length onto the cyclic group G1.
S1024, generating a corresponding homomorphic authentication label sigma i for each data block m i according to the data block set F and the element b i to obtain a label set sigma.
The expression of the label set is:
σ={σi|1≤i≤n}
Wherein σ i represents homomorphic authentication labels of the ith data block, and n is the number of data blocks to be saved.
The generation model of the homomorphic authentication label sigma i is as follows:
where is a secure hash function,/> , u is a random element,/> is the element of the/> number and is the first private key.
Specifically, the function of the secure hash function is to map character strings of arbitrary length onto the cyclic group G1.
And S103, the user side sends the file identifier to a third party auditing side, sends the file identifier, the tag set and the data block set to a cloud service side, and deletes the file identifier, the data block set and the tag set after the file identifier, the tag set and the data block set are successfully sent.
Specifically, the user side submits the file identifier ID F to the third party audit side for storage, sends the file identifier ID F, the tag set σ= { σ i |1 +.i +.n } and the file set F to the cloud service side, and then deletes all data except the private key.
S104, storage environment component of cloud server
And carrying out consistency verification according to the first public key, the received file identifier, the tag set and the data block set. When the consistency verification passes, the received data is stored. And when the consistency verification is not passed, refusing to store the received data, and requiring the user side to resend the data. The first public key is generated by the user side and sent to the cloud service side.
Preferably, step S104 specifically includes steps S1041 to S1043.
S1041, performing consistency verification according to the first public key and the received file identifier ID F, the tag set σ, and the data block set F.
The consistency verification model is as follows:
Wherein is a homomorphic authentication tag of an ith data block,/> is a generator of a first public key,/> is a secure hash function,/> is a file identifier of the ith data block to be saved, u is a random element of the first public key, is an element mapped by the data block to be saved, and/> is the first public key.
And S1042, if the equation is satisfied, the data and the label are consistent, and the received data is stored.
Specifically, if the equation is satisfied, the data and the tag are proved to be consistent, and then the cloud service end helps the user store the data.
S1043, if the equation is not satisfied, the data and the label are inconsistent, the received data is refused to be stored, and the user terminal is required to resend the data.
Specifically, if the equation is not satisfied, the data and the tag are proved to be inadvisable, and the cloud service end refuses to store the data of the user and requests the user to resend the data.
When the user terminal deletes the data file from the cloud service terminal:
s105, the user side generates a deleting request, an auditing request and data for rewriting, which contain the first index set, according to the data blocks to be deleted. And then, sending the data for rewriting and the deletion request to a trusted execution environment component of the cloud service end so as to entrust the trusted execution environment component to delete the data according to the request. And then, the first index set and the audit request are sent to a third party audit terminal so as to entrust the third party audit terminal to verify whether the cloud service terminal deletes the corresponding data. The data used for rewriting is used for updating and deleting the data stored on the cloud server through a rewriting method.
Preferably, the data for overwriting includes: a first index set, a seed block, a seed label, and an auxiliary parameter.
The first index set IDX is set according to the number N of data blocks to be deleted. The expression of the first index set is: idx= { IDX i |1 +.ltoreq.i +.ltoreq.n }, where IDX i is the index of the ith data block.
The seed block seed is the same size as the data block m i.
The seed label σ seed is generated from the seed block. The calculation model of the seed label is as follows: Where u is a random element,/> is a secure hash function, seed is a seed block, and/> is a first private key.
The calculation model of the auxiliary parameter R is as follows: r=u sk1, where u is a random element and is a first private key.
S106, the trusted execution environment component of the cloud service end generates useless data used for covering and updating old data according to the data used for rewriting, and a deletion request disguised as an update request, and sends the useless data and the deletion request disguised as the update request to the storage environment component of the cloud service end.
Preferably, step S106 includes steps S1061 to S1066.
S1061, generating a second key pair after receiving the data for overwriting. Wherein the data for overwriting includes: a first index set, a seed block, a seed label, and an auxiliary parameter. The second key pair includes a second private key and a second public key.
The second private key is:
the second public key is:
Where x 2 is a random number in the integer set Z p, y 2=gx2 is a second public key parameter, and G is a generator in the p-order multiplicative cycle group G 1.
S1062, generating a rewriting block according to the seed block seed.
The generation model of the rewriting block is as follows:
Where is the secure hash function, seed is the seed block,/> is the overwrite difference parameter.
Specifically, is to differentiate the values of the overwrite blocks.
S1063, calculating and generating a rewriting block label in a label conversion mode according to the seed label sigma seed and the auxiliary parameter R.
The generation model of the rewriting block label is as follows:
In the formula, sigma seed is a seed label, R is the auxiliary parameter, is a rewriting difference parameter, i.e., > is a secure hash function, i.e., > is an index of i > rewriting blocks, i.e., > is an index of i > rewriting blocks, i.e., > is an index of i > rewriting blocks, i.e., > is a second private key, u is a random element, seed is a seed block, and i.e., > is a first private key.
S1064, generating a set of data blocks OD for overwriting and a corresponding set of labels σ OD according to the overwriting block and the first index set, so as to obtain useless data for overwriting updated old data.
The expression of the data block set OD is:
OD={ODi|1≤i≤N}
Where OD i is th overwrite block and N is the number of data blocks to be deleted.
The expression of the label set sigma OD is:
σOD={σODi|1≤i≤N}
Where σ ODi is the label of th overwrite block, and N is the number of data blocks to be deleted.
S1065, a delete request masquerading as an update request is generated.
Specifically, in order to prevent the cloud server from detecting the deletion request given by the user, the trusted execution environment disguises the data deletion request of the user as an update request, so that the data to be deleted is updated in a rewriting manner.
S1066, sending the useless data (OD, sigma OD, IDX) and the deletion request disguised as the update request to a storage environment component of the cloud service side.
And S107, the storage environment component of the cloud service end performs coverage update on the data blocks to be deleted according to the useless data.
Specifically, after the storage environment component of the cloud server receives the update index set IDX, the update data set OD, the update tag set σ OD and the update request sent by the trusted execution environment component of the cloud server, the data is updated by using a rewriting method. I.e., the storage environment component of the cloud server updates the index set IDX, uses the update data set OD i and the label sigma ODi, covering the original data block b i and the label sigma i, i.e. b i for OD ii for sigma ODi, wherein i=1, 2, ·······, N.
The overwrite deletion method is a method of overwriting an original data block with a random block that is not valuable and has the same size as the original data block.
S108, the third party auditing end generates challenge information according to the first index set and sends the challenge information to a storage environment component of the cloud service end. The challenge information at least comprises part of serial numbers of data blocks to be deleted.
Preferably, the challenge information includes a sequence number set v= { v i |i=1, 2, …, c, c.ltoreq.n } of the randomly selected data blocks to be deleted, where v i is the sequence number of the ith data block, c is the number of the data blocks to be challenged in each update file, and N is the number of the data blocks to be deleted.
Specifically, the third party auditing end responds to the auditing request of user data deletion to generate challenge information, and then sends the challenge information set v to the storage environment component of the cloud service end. The challenge information comprises a randomly selected data block sequence number set v= { v i |i=1, 2, …, c, c is less than or equal to N }, wherein c is the number of data blocks to be challenged in each update file, and N is the number of data blocks to be deleted by a user.
And S109, the storage environment component of the cloud service end also generates verification information according to the challenge information and sends the verification information to a third party auditing end. Wherein the verification information is used for proving the holding property of the useless data.
Preferably, step S109 includes steps S1091 to S1093.
S1091, generating holding evidence of the rewriting data according to the challenge information. The generation model of the holding evidence is as follows:
Where is the holding evidence, c is the number of data blocks to be challenged in each update file, and/() is the element of/> .
S1092, generating tag evidence for each data block. The label evidence generation model is as follows:
Wherein is label evidence, c is the number of data blocks to be challenged in each updated file, and/() is homomorphic authentication label of the (i) > data blocks.
And S1093, the verification information is sent to a third party audit terminal for verification by the third party audit terminal. Wherein the verification information includes the holding evidence and the tag evidence/> .
And S110, the third party auditing end verifies whether the cloud service end deletes the data to be deleted according to the verification information, and feeds the data back to the user end.
Preferably, step S110 includes steps S1101 to S1103.
S1101, performing verification judgment through a verification model according to the verification information. Wherein, the verification model is:
Where is tag evidence,/> is generator, u is random element,/> is holding evidence,/> is first public key, c is number of data blocks to be challenged in each update file,/> is secure hash function,/> /> is index of the/> rewrite blocks,/> is the/> rewrite blocks, and/> is second public key.
Specifically, after receiving verification information (Ω, M) returned by the cloud server, the third party audit terminal brings the verification information into the verification model for verification.
And 1102, when the equation is judged to be established, the verification is successful, and the cloud server is determined to delete the corresponding data according to the requirement of the user. Otherwise, the verification is determined to be unsuccessful, and the cloud server side is not required to delete the corresponding data according to the user.
S1103, feeding the verification result back to the user side.
The cloud data security deleting method based on the trusted execution environment can ensure low computing expense of a user side and improve the security of sensitive data and the high efficiency of user deleting operation during data deleting. And, the data deleting operation under the user line is supported (namely, the user can finish the deleting operation of cloud data when the user is off line).
The public auditing method provided by the cloud data security deleting method provided by the embodiment of the invention can support the dynamic update of the multi-copy data and the batch auditing of the multi-copy data while ensuring the efficient auditing of the multi-copy cloud data.
The second embodiment of the invention provides a cloud data security deleting method based on a trusted execution environment. The cloud data security deletion method is described from the side of the user. Specifically, the method comprises steps S201 to S205.
When the user side stores the data file to the cloud service side:
S201, generating a file identifier according to a data file to be stored to a cloud server, and performing block mapping on the data file according to a secure hash function and a first private key to obtain a data block set and a tag set corresponding to the data block set. Wherein the first private key is generated by the user side.
S202, sending the file identifier to a third party auditing end, sending the file identifier, the tag set and the data block set to a cloud service end, and deleting the file identifier, the data block set and the tag set after the file identifier, the tag set and the data block set are sent successfully.
The file identifier, the tag set and the data block set are used for consistency verification by a storage environment component of the cloud server. When the consistency verification passes, the received data is stored. And when the consistency verification is not passed, refusing to store the received data, and requiring the user side to resend the data. The first public key is generated by the user side and sent to the cloud service side.
When the user terminal deletes the data file from the cloud service terminal:
S203, generating a deleting request, an auditing request and data for rewriting, wherein the data comprises the first index set, according to the data blocks which need to be deleted. The data used for rewriting is used for updating and deleting the data stored on the cloud server through a rewriting method.
S204, sending the data for rewriting and the deletion request to a trusted execution environment component of the cloud server to delegate the trusted execution environment component to delete the data according to the request.
The trusted execution environment component of the cloud server can generate useless data used for covering and updating old data according to the data used for rewriting, disguise a deletion request of the update request, and send the useless data and the deletion request disguised as the update request to the storage environment component of the cloud server. And enabling the storage environment component of the cloud service end to carry out coverage update on the data blocks to be deleted according to the useless data.
S205, the first index set and the audit request are sent to a third party audit terminal so as to entrust the third party audit terminal to verify whether the cloud service terminal deletes corresponding data.
The third party auditing end can generate challenge information at least comprising part of serial numbers of data blocks to be deleted according to the first index set, and send the challenge information to a storage environment component of the cloud server. And the storage environment component of the cloud service end can generate verification information for proving the holding property of the useless data according to the challenge information and send the verification information to a third party audit end. And the third party auditing end can also verify whether the cloud service end deletes the data to be deleted according to the verification information and feed the data back to the user end.
The third embodiment of the invention provides a cloud data security deleting method based on a trusted execution environment. The cloud data security deletion method is described from the cloud server side. The cloud service side comprises a trusted execution environment component and a storage environment component, and specifically comprises steps S301 to S306.
When the user side stores the data file to the cloud service side: the storage environment component of the cloud service is used for executing step S301 to step S303.
And S301, carrying out consistency verification according to the first public key, the received file identifier, the tag set and the data block set.
S302, when the consistency verification is passed, the received data is stored.
And S303, refusing to store the received data and requiring the user side to resend the data when the consistency verification is not passed.
The first public key is generated by the user side and sent to the cloud service side. The file identifier is generated by the user side according to the data file to be saved to the cloud service side. The data block set and the corresponding tag set are obtained by the user performing block mapping on the data file according to the secure hash function and the first private key. The first private key is generated by the user side. And the user terminal can delete the file identifier, the data block set and the tag set after successfully sending the file identifier to the third party audit terminal and successfully sending the file identifier, the tag set and the data block set to the cloud service terminal.
When the user terminal deletes the data file from the cloud service terminal, it includes steps S304 to S306.
S304, a trusted execution environment component of the cloud server is used for: generating useless data used for covering and updating old data according to the received data used for rewriting, and a deletion request disguised as an update request, and sending the useless data and the deletion request disguised as the update request to a storage environment component of the cloud server.
The method comprises the steps that a deleting request and an auditing request are generated by a data block which is deleted by a user side according to requirements, wherein the data block comprises a first index set and is used for rewriting; the data for rewriting and the deletion request can be sent to a trusted execution environment component of the cloud service end by the user end; the first index set and the audit request can be sent to a third party audit terminal by a user terminal. The data used for rewriting is used for updating and deleting the data stored on the cloud server through a rewriting method.
S305, a storage environment component of the cloud service end is used for: and carrying out coverage updating on the data blocks to be deleted according to the useless data.
S306, the storage environment component of the cloud service end is further used for: and generating verification information according to the received challenge information, and sending the verification information to a third party auditing end.
And the challenge information is generated by a third party audit terminal according to the first index set and is sent to a storage environment component of the cloud service terminal. The challenge information at least comprises serial numbers of partial data blocks to be deleted. The verification information is used to prove the holding of the useless data. And the verification information can be received by a third party audit terminal, and whether the cloud service terminal deletes the data to be deleted or not is verified according to the verification information, and the data to be deleted is fed back to the user terminal.
The fourth embodiment of the invention provides a cloud data security deleting method based on a trusted execution environment. The cloud data security deletion method is described from the side of the third party audit terminal. Specifically, the method comprises steps S401 to S402.
When the user terminal deletes the data file from the cloud service terminal:
S401, a third party audit terminal is used for: and generating challenge information according to the first index set, and sending the challenge information to a storage environment component of the cloud server. The challenge information at least comprises part of serial numbers of data blocks to be deleted.
The deleting request, the auditing request and the data for rewriting comprising the first index set can be generated by a data block which can be deleted by the user side according to the need; the data for rewriting and the deletion request can be sent to a trusted execution environment component of the cloud server; the first index set and the audit request can be sent to a third party audit terminal. The data for rewriting can be used by a trusted execution environment component of the cloud server to generate useless data which covers and updates old data and a deletion request disguised as an update request, and the useless data and the deletion request disguised as the update request are sent to a storage environment component of the cloud server. And according to the useless data, the useless data can be used by a storage environment component of the cloud server to carry out coverage update on the data blocks to be deleted.
S402, the third party audit terminal is further used for: and verifying whether the cloud server deletes the data to be deleted according to the received verification information, and feeding back the data to the user side.
The verification information is generated by a storage environment component of the cloud server according to the challenge information and is sent to a third party audit terminal to prove the holding property of useless data.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus and method embodiments described above are merely illustrative, for example, flow diagrams and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present invention may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, an electronic device, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a read-only memory (ROM), a random access memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be understood that the term "and/or" as used herein is merely one relationship describing the association of the associated objects, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
Depending on the context, the word "if" as used herein may be interpreted as "at … …" or "at … …" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if determined" or "if detected (stated condition or event)" may be interpreted as "when determined" or "in response to determination" or "when detected (stated condition or event)" or "in response to detection (stated condition or event), depending on the context.
References to "first\second" in the embodiments are merely to distinguish similar objects and do not represent a particular ordering for the objects, it being understood that "first\second" may interchange a particular order or precedence where allowed. It is to be understood that the "first\second" distinguishing aspects may be interchanged where appropriate, such that the embodiments described herein may be implemented in sequences other than those illustrated or described herein.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (5)

1. The cloud data security deleting method based on the trusted execution environment is characterized by being executed by a user side, a cloud service side and a third party audit side which are in communication connection; the cloud server comprises a trusted execution environment component and a storage environment component;
when the user side stores the data file to the cloud service side:
The user terminal is used for: generating a file identifier according to a data file to be stored to a cloud server, and performing block mapping on the data file according to a secure hash function and a first private key to obtain a data block set and a corresponding tag set thereof; the first private key is generated by the user side;
The user end is also used for: transmitting the file identifier to a third party auditing end, transmitting the file identifier, the tag set and the data block set to a cloud service end, and deleting the file identifier, the data block set and the tag set after the file identifier, the tag set and the data block set are successfully transmitted;
The storage environment component of the cloud service end is used for: performing consistency verification according to the first public key, the received file identifier, the tag set and the data block set; when the consistency verification is passed, storing the received data; when the consistency verification fails, refusing to store the received data, and requiring the user side to resend the data; the cloud server generates a first public key and sends the first public key to the cloud server;
when the user terminal deletes the data file from the cloud service terminal:
The user terminal is used for: generating a deleting request, an auditing request and data for rewriting, which contain a first index set, according to the data blocks to be deleted; then, the data for rewriting and the deleting request are sent to a trusted execution environment component of the cloud service end, so that the trusted execution environment component is entrusted to delete the data according to the request; then, the first index set and the audit request are sent to a third party audit terminal so as to entrust the third party audit terminal to verify whether the cloud service terminal deletes corresponding data; the data used for rewriting is used for updating and deleting the data stored on the cloud server through a rewriting method;
The trusted execution environment component of the cloud service end is used for: generating useless data used for covering and updating old data according to the data used for rewriting, and a deletion request disguised as an update request, and sending the useless data and the deletion request disguised as the update request to a storage environment component of a cloud server;
the storage environment component of the cloud service end is used for: performing coverage update on the data blocks to be deleted according to the useless data;
The third party audit terminal is used for: generating challenge information according to the first index set, and sending the challenge information to a storage environment component of a cloud server; the challenge information at least comprises serial numbers of partial data blocks to be deleted;
The storage environment component of the cloud service is further configured to: generating verification information according to the challenge information, and sending the verification information to a third party auditing end; wherein the verification information is used for proving the holding property of the useless data;
the third party audit terminal is also used for: verifying whether the cloud server deletes the data to be deleted according to the verification information, and feeding back the data to the user side;
The user is also used for generating a first key pair comprising a first private key and a first public key;
the first private key is:
the first public key is:
wherein x 1 is a random number in the integer set Z p, G is a generator in the p-order multiplication loop group G 1, u is a random element in the p-order multiplication loop group G 1, and y 1= gx1 is a first public key parameter;
the user is also used for sending the first public key to the cloud server and the third party audit terminal, and deleting the first public key after the sending is successful;
Generating a file identifier according to a data file to be stored to a cloud server, and performing block mapping on the data file according to a secure hash function and a first private key to obtain a data block set and a tag set corresponding to the data block set, wherein the method specifically comprises the following steps of:
Generating a file identifier ID F according to a data file to be stored to the cloud server;
dividing a data file into n data blocks to obtain a data block set F; wherein , wherein m i (i=1, 2,., n) represents an i-th data block;
According to the data block set F, mapping each data block m i into an element b i in an integer set Z p; wherein, the mapping model is:
Wherein is a secure hash function;
Generating a corresponding homomorphic authentication label sigma i for each data block m i according to the data block set F and the element b i, and obtaining a label set sigma; wherein, sigma= { sigma i |1 is less than or equal to i is less than or equal to n }, wherein, sigma i represents homomorphic authentication labels of the ith data block, and n is the number of the data blocks; the label generation model is as follows:
Where is a secure hash function,/> , u is a random element,/> is the element of the/> number,/> is the first private key.
2. The method for securely deleting cloud data based on a trusted execution environment according to claim 1, wherein consistency verification is performed according to a first public key and a received file identifier, tag set and data block set; when the consistency verification is passed, storing the received data; when the consistency verification fails, refusing to store the received data and requiring the user side to resend the data, wherein the method specifically comprises the following steps of:
performing consistency verification according to the first public key, the received file identifier ID F, the tag set sigma and the data block set F; wherein, the consistency verification model is:
Wherein is homomorphic authentication label of ith data block,/() is generator, and/() is secure hash function,
. U is a random element,/> is an element,/> is a first public key;
if the equation is satisfied, the data and the label are consistent, and the received data is stored;
if the equation is not satisfied, the data and the label are inconsistent, the received data is refused to be stored, and the user terminal is required to resend the data.
3. The method for securely deleting cloud data based on a trusted execution environment according to claim 1, wherein the data for overwriting comprises: a first index set, a seed block, a seed label, and an auxiliary parameter;
The first index set IDX is set according to the number N of data blocks to be deleted; wherein the first index set is IDX= { IDX i |1 +.i.ltoreq.N }, where IDX i is the index of the ith data block;
the seed block seed is the same size as the data block m i;
seed label sigma seed is generated according to the seed block; the calculation model of the seed label is as follows: Where u is a random element,/> is a secure hash function, seed is a seed block, and/> is a first private key;
The calculation model of the auxiliary parameter R is as follows: r=u sk1, where u is a random element and is a first private key.
4. The method for securely deleting cloud data based on a trusted execution environment according to claim 1, wherein generating, according to the data for overwriting, useless data for overwriting old data, and a deletion request disguised as an update request, and sending the useless data and the deletion request disguised as the update request to a storage environment component of a cloud server, specifically includes:
Generating a second key pair after receiving the data for overwriting; wherein the data for overwriting includes: a first index set, a seed block, a seed label, and an auxiliary parameter; the second key pair includes a second private key and a second public key; the second private key is: /(); the second public key/> is:/> ; wherein x 2 is a random number in the integer set Z p, y 2= gx2 is a second public key parameter, G is a generator in the p-order multiplication loop group G 1;
generating a rewrite block from the seed block; the generation model of the rewriting block is as follows: Wherein,/> is a secure hash function, seed is a seed block,/> is a overwrite difference parameter;
According to the seed label and the auxiliary parameter, generating a rewriting block label through label conversion mode calculation; the generation model of the rewriting block label is as follows: in the formula,/> , σ seed is a seed label, R is the auxiliary parameter,/> is a overwrite difference parameter,/> is a secure hash function,/> is an index of/> to/> overwrite blocks,/> is the/> overwrite blocks,/> is a second private key, u is a random element, seed is a seed block,/> is a first private key;
Generating a data block set OD for overwriting and a corresponding tag set sigma OD thereof according to the overwriting block and the first index set to acquire useless data for overwriting updated old data; wherein OD= { OD i |1 is less than or equal to i is less than or equal to N }, and in the formula, OD i is the/> rewriting blocks; sigma OD={σODi |1 is less than or equal to i is less than or equal to N, wherein sigma ODi is the label of the () th rewriting block;
Generating a delete request masquerading as an update request;
and sending the useless data (OD, sigma OD, IDX) and the deletion request disguised as the update request to a storage environment component of the cloud service end.
5. The cloud data security deletion method based on the trusted execution environment as claimed in claim 1, wherein the challenge information includes a sequence number set v= { v i |i=1, 2, …, c, c is less than or equal to N } of data blocks to be deleted, where v i is a sequence number of an ith data block, c is a number of data blocks to be challenged in each update file, and N is a number of data blocks to be deleted;
Generating verification information according to the challenge information and sending the verification information to a third party audit terminal, wherein the verification information specifically comprises the following steps:
generating holding evidence of the rewriting data according to the challenge information; the generation model of the holding evidence is as follows:
Wherein is a holding evidence, c is the number of data blocks to be challenged in each updated file, and/() is an element of/> ;
generating tag evidence for each data block respectively; the label evidence generation model is as follows:
wherein is label evidence, c is the number of data blocks to be challenged in each updated file, and/() is homomorphic authentication label of the data blocks/> ;
Sending the verification information to a third party audit terminal; wherein the verification information includes the holding evidence and the tag evidence/> ;
Verifying whether the cloud server deletes the data to be deleted according to the verification information, and feeding back the data to the user terminal, wherein the method specifically comprises the following steps:
According to the verification information, performing verification judgment through a verification model; wherein, the verification model is:
Wherein is tag evidence,/> is generator, u is random element,/> is holding evidence,/> is first public key, c is number of data blocks to be challenged in each update file,/> is secure hash function,/> /> is index of the/> rewrite blocks,/> is the/> rewrite blocks,/> is second public key;
When the equation is judged to be established, the verification is successful, and the cloud server is determined to delete the corresponding data according to the requirements of the user; otherwise, the verification is determined to be unsuccessful;
And feeding the verification result back to the user side.
CN202410039044.9A 2024-01-11 2024-01-11 Cloud data safe deleting method based on trusted execution environment Active CN117555864B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410039044.9A CN117555864B (en) 2024-01-11 2024-01-11 Cloud data safe deleting method based on trusted execution environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410039044.9A CN117555864B (en) 2024-01-11 2024-01-11 Cloud data safe deleting method based on trusted execution environment

Publications (2)

Publication Number Publication Date
CN117555864A CN117555864A (en) 2024-02-13
CN117555864B true CN117555864B (en) 2024-04-16

Family

ID=89813196

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410039044.9A Active CN117555864B (en) 2024-01-11 2024-01-11 Cloud data safe deleting method based on trusted execution environment

Country Status (1)

Country Link
CN (1) CN117555864B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108229208A (en) * 2018-01-08 2018-06-29 华侨大学 A kind of public audit method of more copy datas in cloud storage service
CN111355705A (en) * 2020-02-08 2020-06-30 西安电子科技大学 Data auditing and safety duplicate removal cloud storage system and method based on block chain
CN113312574A (en) * 2021-05-21 2021-08-27 太原科技大学 Cloud data integrity auditing method based on block chain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108229208A (en) * 2018-01-08 2018-06-29 华侨大学 A kind of public audit method of more copy datas in cloud storage service
CN111355705A (en) * 2020-02-08 2020-06-30 西安电子科技大学 Data auditing and safety duplicate removal cloud storage system and method based on block chain
CN113312574A (en) * 2021-05-21 2021-08-27 太原科技大学 Cloud data integrity auditing method based on block chain

Also Published As

Publication number Publication date
CN117555864A (en) 2024-02-13

Similar Documents

Publication Publication Date Title
CN110311782B (en) Zero-knowledge proof method, system and storage medium for personal information
CN110321735B (en) Business handling method, system and storage medium based on zero knowledge certification
EP1724658B1 (en) Structured document signature device, structured document adaptation device and structured document verification device
EP1622301B1 (en) Methods and system for providing a public key fingerprint list in a PK system
KR100702499B1 (en) System and method for guaranteeing software integrity
US8341616B2 (en) Updating digitally signed active content elements without losing attributes associated with an original signing user
CN112231647A (en) Software authorization verification method
JPH08328472A (en) Authentication exchange method, restoration-type electronic signature method, addition-type electronic signature method,key exchange method, restoration-type public electronic signature method, addition-type public electronic signature method and blind electronic signature method
CN107992753B (en) Method for updating software of a control device of a vehicle
CN110826092A (en) File signature processing system
CN113225324B (en) Block chain anonymous account creation method, system, device and storage medium
CN112019326A (en) Vehicle charging safety management method and system
KR102250430B1 (en) Method for using service with one time id based on pki, and user terminal using the same
CN111311258A (en) Block chain based trusted transaction method, device, system, equipment and medium
CN108768975A (en) Support the data integrity verification method of key updating and third party's secret protection
US20040083359A1 (en) Delegation by electronic certificate
CN109981677B (en) Credit granting management method and device
CN103152724B (en) A kind of method and system of hardware lock SIM
CN117555864B (en) Cloud data safe deleting method based on trusted execution environment
CN113810410A (en) Unmisuse key decentralized attribute-based encryption method, system and storage medium
JP2022101819A (en) Electronic key system
CN107294707B (en) Mobile phone shield signature key protection method
CN110378133B (en) File protection method and device, electronic equipment and storage medium
CN112926956A (en) Block chain financial payment management method and system
CN112286553B (en) User lock upgrading method, device, system, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant