[go: up one dir, main page]

CN106899406B - A method for proving the integrity of cloud data storage - Google Patents

A method for proving the integrity of cloud data storage Download PDF

Info

Publication number
CN106899406B
CN106899406B CN201710156259.9A CN201710156259A CN106899406B CN 106899406 B CN106899406 B CN 106899406B CN 201710156259 A CN201710156259 A CN 201710156259A CN 106899406 B CN106899406 B CN 106899406B
Authority
CN
China
Prior art keywords
cloud
user
file
proof
blocks
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710156259.9A
Other languages
Chinese (zh)
Other versions
CN106899406A (en
Inventor
周洁
白健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Publication of CN106899406A publication Critical patent/CN106899406A/en
Application granted granted Critical
Publication of CN106899406B publication Critical patent/CN106899406B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
    • H04L67/1078Resource delivery mechanisms
    • H04L67/108Resource delivery mechanisms characterised by resources being split in blocks or fragments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种云端数据存储完整性的证明方法,包括如下步骤:用户对待上传的文件进行预处理:生成私钥、对文件分块并计算每个文件块的标签;用户将预处理后的文件发送给云存储服务器,本地只保存私钥;当需要验证云端数据存储的完整性时,用户随机选取一些文件块并向云端发起挑战;云端生成拥有文件块的证明并返回给用户;用户对云端拥有文件块的证明进行云端数据完整性验证。与现有技术相比,本发明的积极效果是:利用二进制数据按位抽取运算的加法同态性,可以一次性验证多个文件块的完整性,并且该方法具有数据膨胀率低和计算复杂度低的特点。The invention discloses a method for proving the integrity of cloud data storage. The file is sent to the cloud storage server, and only the private key is stored locally; when the integrity of the cloud data storage needs to be verified, the user randomly selects some file blocks and challenges the cloud; the cloud generates a proof of possession of the file block and returns it to the user; the user Perform cloud data integrity verification on proof of cloud ownership of file blocks. Compared with the prior art, the positive effect of the present invention is: by using the additive homomorphism of the bitwise extraction operation of binary data, the integrity of multiple file blocks can be verified at one time, and the method has the advantages of low data expansion rate and complex calculation. low-grade characteristics.

Description

一种云端数据存储完整性的证明方法A method for proving the integrity of cloud data storage

技术领域technical field

本发明涉及一种云端数据存储完整性的证明方法。The invention relates to a method for proving the integrity of cloud data storage.

背景技术Background technique

随着数据爆炸和宽带网络的普及,云存储已经成为当今云计算领域的一个重要应用分支。目前非常流行的云存储服务有DropBox、谷歌的Google Drive、微软的SkyDrive,以及国内的百度网盘、金山快盘、华为网盘等。这些云存储服务为企业和个人提供了一个对海量数据进行安全保管和高效访问的解决方案。越来越多的企业和个人都趋向于将自己的数据托管于云存储服务商。云存储具有存储空间价格低廉、随处存取、方便共享、容灾备份的优点。With the explosion of data and the popularization of broadband networks, cloud storage has become an important application branch in the field of cloud computing today. Currently very popular cloud storage services include DropBox, Google's Google Drive, Microsoft's SkyDrive, and domestic Baidu Netdisk, Kingsoft Express, Huawei Netdisk, etc. These cloud storage services provide businesses and individuals a solution for safe custody and efficient access to massive amounts of data. More and more enterprises and individuals tend to host their data in cloud storage service providers. Cloud storage has the advantages of low price of storage space, anywhere access, convenient sharing, and disaster recovery backup.

然而,云存储在带来便捷性的同时,安全性却是随之产生的一个重要问题。如果用户存了大量数据在云服务器上,他该如何检查数据是否丢失或者损坏。从表面上看,云存储服务商内部的安全防护和容灾备份等技术规避了因用户本地数据易失性而导致的风险。然而,黑客入侵、设备故障、内部人员恶意篡改等安全威胁依然存在。对于用户而言,云端的存储服务器依旧是一个不完全可信的实体。However, while cloud storage brings convenience, security is an important issue. If a user saves a lot of data on the cloud server, how should he check whether the data is lost or damaged. On the surface, the internal security protection and disaster recovery backup technologies of cloud storage service providers avoid the risks caused by the volatility of users' local data. However, security threats such as hacking, equipment failure, and malicious tampering by insiders still exist. For users, the storage server in the cloud is still an incompletely trusted entity.

显然,如果用户通过下载所有托管的数据来检验数据的完整性,在带宽、本地容量和效率方面都是不现实的。更何况,对于多媒体、数据库等一些大型的二进制文件,用户更加不可能通过打开文件查看的简单方式检验文件的完整性。因此,云存储服务商必须通过一种高效的方法来向用户提供数据完整性的证明。Clearly, it would be impractical in terms of bandwidth, local capacity, and efficiency for users to verify data integrity by downloading all hosted data. What's more, for some large binary files such as multimedia and databases, it is even more impossible for users to check the integrity of the file by simply opening the file for viewing. Therefore, cloud storage service providers must provide users with proof of data integrity through an efficient method.

可证明数据持有技术的思想源自远程数据的完整性检查。2007 年10月,Ateniese等人首次定义了可证明数据持有(PDP)的概念。方案中有用户和服务商两个角色,用户可对存储在不可信的服务商上的文件进行完整性校验。用户对文件进行预处理,将文件划分成块,为每个数据块生成一个同态可验证标签;验证时用户随机选择一些文件块,要求服务器返回完整地持有这些块的证据;服务器根据被请求的块和他们的标签生成证明;用户根据私钥校验证明是否准确。由于校验时只是抽样检查了某些文件块,且他们的标签具有同态性可以相互叠加,用户和服务器之间的交互信息近似为一个常量,校验时双方的计算量也较小,且允许进行无限次的校验。这个方案基于公钥密码技术,文件预处理过程和验证过程的计算开销比较大。The idea of provable data holding techniques originates from the integrity checking of remote data. In October 2007, Ateniese et al. first defined the concept of Provable Data Possession (PDP). There are two roles of user and service provider in the scheme. Users can perform integrity check on files stored on untrusted service providers. The user preprocesses the file, divides the file into blocks, and generates a homomorphic verifiable label for each data block; during verification, the user randomly selects some file blocks, and requires the server to return evidence of complete holding of these blocks; Requested blocks and their tags generate proofs; the user verifies that the proofs are accurate against the private key. Since only some file blocks are sampled during verification, and their labels are homomorphic and can be superimposed on each other, the interaction information between the user and the server is approximately a constant, and the amount of calculation for both parties during verification is also small, and Unlimited verifications are allowed. This scheme is based on public key cryptography, and the computational overhead of file preprocessing and verification is relatively large.

2008年,Ateniese提出了基于对称密码技术的扩展PDP方案,在初始化时设定挑战的内容和次数,将响应作为元数据放在客户端,能实现文件块的修改、删除和追加。但它的挑战和更新次数都是受初始化值限制的,而且不支持公开验证。C.Erway等人提出了动态可证明数据持有(DPDP)方案。他们在PDP方案的基础上引进一个基于层次的表,用于组织文件块,使其能实现以块为单位的新增、修改和删除,能有效的用于文件存储系统、数据库系统和点对点存储系统。 DPDP方案在校验和更新的过程中都需要访问层次表以确定具体的某个文件块,服务器返回的证明值中也包含访问路径信息,所以它的计算复杂度和通信复杂度都比较高。In 2008, Ateniese proposed an extended PDP scheme based on symmetric cryptography. The content and number of challenges are set during initialization, and the response is placed on the client side as metadata, which can modify, delete and append file blocks. However, its challenges and update times are limited by initialization values, and public verification is not supported. The Dynamic Provable Data Possession (DPDP) scheme was proposed by C. Erway et al. Based on the PDP scheme, they introduced a hierarchy-based table to organize file blocks, enabling them to add, modify and delete blocks as a unit, and can be effectively used in file storage systems, database systems and peer-to-peer storage. system. The DPDP scheme needs to access the hierarchical table to determine a specific file block during the checksum update process, and the proof value returned by the server also contains access path information, so its computational complexity and communication complexity are relatively high.

综上所述,现有方案存在下面两个缺陷:To sum up, the existing scheme has the following two defects:

(1)目前基于公钥密码技术的远程数据完整性验证方法中,用户对文件进行预处理和后期验证过程中的计算开销比较大,不适合在轻量级设备中的使用。(1) In the current remote data integrity verification method based on public key cryptography, the computational overhead in the process of user preprocessing and post-verification of the file is relatively large, which is not suitable for use in lightweight devices.

(2)目前基于对称密码技术的远程数据完整性验证方法中,文件标签较大,原始数据膨胀率高。在动态方案中,计算开销和通信开销都比较大。(2) In the current remote data integrity verification method based on symmetric cryptography, the file label is large and the original data expansion rate is high. In the dynamic scheme, the computational overhead and communication overhead are relatively large.

发明内容SUMMARY OF THE INVENTION

为了克服现有技术的上述缺点,本发明提供了一种云端数据存储完整性的证明方法。In order to overcome the above shortcomings of the prior art, the present invention provides a method for proving the integrity of cloud data storage.

本发明解决其技术问题所采用的技术方案是:一种云端数据存储完整性的证明方法,包括如下步骤:The technical solution adopted by the present invention to solve the technical problem is: a method for proving the integrity of cloud data storage, comprising the following steps:

步骤一、用户对待上传的文件进行预处理:生成私钥、对文件分块并计算每个文件块的标签;Step 1. The user preprocesses the file to be uploaded: generates a private key, divides the file into blocks and calculates the label of each file block;

步骤二、用户将预处理后的文件发送给云存储服务器,本地只保存私钥;Step 2: The user sends the preprocessed file to the cloud storage server, and only the private key is stored locally;

步骤三、当需要验证云端数据存储的完整性时,用户随机选取一些文件块并向云端发起挑战;Step 3. When the integrity of cloud data storage needs to be verified, the user randomly selects some file blocks and challenges the cloud;

步骤四、云端生成拥有文件块的证明并返回给用户;Step 4. The cloud generates a proof of possession of the file block and returns it to the user;

步骤五、用户对云端拥有文件块的证明进行云端数据完整性验证。Step 5: The user performs cloud data integrity verification on the proof that the cloud owns the file block.

与现有技术相比,本发明的积极效果是:针对用户上传到云存储服务器上的数据存在被删除和篡改的问题,本发明提出了一种基于伪随机函数和伪随机置换函数的云端数据存储完整性的证明方法,以验证用户数据在云端的安全性。该方法利用二进制数据按位抽取运算的加法同态性,可以一次性验证多个文件块的完整性,并且该方法具有数据膨胀率低和计算复杂度低的特点。具体表现如下:Compared with the prior art, the positive effect of the present invention is: in view of the problem of deletion and tampering of the data uploaded by the user to the cloud storage server, the present invention proposes a cloud data based on a pseudo-random function and a pseudo-random permutation function. A proof method of storage integrity to verify the security of user data in the cloud. The method utilizes the additive homomorphism of the bitwise extraction operation of binary data, which can verify the integrity of multiple file blocks at one time, and has the characteristics of low data expansion rate and low computational complexity. The specific performance is as follows:

1、数据初始化计算复杂度低,处理速度快;1. Data initialization has low computational complexity and fast processing speed;

2、文件块标签小,数据膨胀率低;2. The file block label is small and the data expansion rate is low;

3、可以同时验证多个文件块的完整性。3. The integrity of multiple file blocks can be verified at the same time.

具体实施方式Detailed ways

本专利提出的云端数据完整性证明方法的核心思想为:用户将待上传的文件分块,并基于带参数的伪随机函数和伪随机置换函数生成文件块标签,然后将文件块、文件块对应的标签和用对称密码加密后的参数上传到云存储服务器,用户端只保存对称密钥。当需要验证云端数据存储的完整性时,用户随机选取一些文件块并向云端发起挑战,云端将这些文件块和对应的标签进行聚合,将聚合文件、聚合标签和加密后的参数返回给用户。用户利用二进制数据按位抽取运算的加法同态性来验证文件块的完整性。The core idea of the cloud data integrity proof method proposed in this patent is as follows: the user divides the file to be uploaded into blocks, and generates the file block label based on the pseudo-random function with parameters and the pseudo-random permutation function, and then the file block and the file block correspond to The label and the parameters encrypted with the symmetric password are uploaded to the cloud storage server, and the client only saves the symmetric key. When it is necessary to verify the integrity of cloud data storage, the user randomly selects some file blocks and challenges the cloud. The cloud aggregates these file blocks and corresponding tags, and returns the aggregated files, aggregation tags and encrypted parameters to the user. Users utilize additive homomorphism of bitwise decimation operations on binary data to verify the integrity of file blocks.

整个方法包含两个阶段:文件预处理阶段、客户端与云存储服务器的“挑战--响应”阶段。文件预处理阶段为用户将待上传的文件进行预处理,然后将处理后的文件上传到云存储服务器。“挑战—响应”阶段为用户想要验证云端数据完整性时,随机选取一些文件块向云存储服务器发起挑战,云存储服务器生成拥有这些文件块的证明,用户验证这些证明以确认云端数据的完整性。The whole method consists of two stages: the file preprocessing stage and the "challenge-response" stage between the client and the cloud storage server. In the file preprocessing stage, the user preprocesses the files to be uploaded, and then uploads the processed files to the cloud storage server. In the "challenge-response" phase, when the user wants to verify the integrity of the cloud data, he randomly selects some file blocks to challenge the cloud storage server. The cloud storage server generates a certificate of possession of these file blocks, and the user verifies the certificate to confirm the integrity of the cloud data. sex.

(1)文件预处理阶段(1) File preprocessing stage

文件预处理阶段包括两个算法:密钥生成算法(KeyGen)和文件块标签生成算法(TagBlock)。The file preprocessing stage includes two algorithms: the key generation algorithm (KeyGen) and the file block tag generation algorithm (TagBlock).

1)KeyGen(1k)→sk:利用随机数生成器,产生两个长度为k的随机数分别作为对称密码加密密钥kenc和哈希函数的密钥kmac,其中k为安全参数。用户的私钥为sk=(kenc,kmac)。1) KeyGen(1 k )→sk: use a random number generator to generate two random numbers of length k as the symmetric encryption key k enc and the key k mac of the hash function, where k is a security parameter. The user's private key is sk=(k enc ,k mac ).

2)TagBlock(sk,M)→M*:将文件M分割为s块{M1,M2,…,Ms},每块大小为n bit(n=[M的大小/s],如果文件块的大小不是n的倍数,则在文件后面用0填充)。利用随机数生成器,产生一个随机数kext作为伪随机置换函数π的参数。令:2)TagBlock(sk,M)→M * : Divide the file M into s blocks {M 1 , M 2 ,...,M s }, and the size of each block is n bits (n=[M size/s], if If the size of the file block is not a multiple of n, it is filled with 0 at the end of the file). Using a random number generator, a random number k ext is generated as a parameter of the pseudo-random permutation function π. make:

其中π(·)为的带参数的随机置换函数,l为每个文件块抽取的比特数。每个文件块抽取{i1,i2,…,il}对应位置的比特,设抽取后的结果为{m1,m2,…,ms},记为mi=Extract(Mi),1≤i≤s。利用随机数生成器,产生一个随机数kprf作为伪随机函数f的参数。按如下公式计算每个文件块的标签:where π( ) is The random permutation function with parameters, l is the number of bits extracted from each file block. Extract the bits corresponding to {i 1 , i 2 ,...,i l } from each file block, and set the extracted result as {m 1 ,m 2 ,...,m s }, denoted as m i =Extract(M i ), 1≤i≤s. Using a random number generator, generate a random number k prf as a parameter of the pseudo-random function f. The label for each file block is calculated as follows:

其中为按位异或运算,为带参数的、输出为l比特的伪随机函数。令文件M的标签为in is a bitwise XOR operation, is a pseudorandom function with parameters and an output of 1 bits. make File M is labeled as

其中是密钥为kenc的对称加密算法,是密钥为 kmac的哈希函数。文件M处理后的结果为M*={{M1,…,Ms}, {σ1,…,σs},τ},用户将M*上传到云存储服务器,本地只保存私钥sk=(kenc,kmac)。in is a symmetric encryption algorithm with the key k enc , is the hash function with key k mac . The result of file M processing is M * = {{M 1 ,...,Ms}, {σ 1 ,...,σs},τ}, the user uploads M * to the cloud storage server, and only the private key sk = ( k enc ,k mac ).

(2)“挑战--响应”阶段(2) "challenge-response" stage

该阶段包括两个算法:证明生成算法(GenProof)和验证证明算法 (CheckProof)。This stage includes two algorithms: the proof generation algorithm (GenProof) and the verification proof algorithm (CheckProof).

1)GenProof(M*,I)→v:用户随机选择[1,s]的一个子集I,发送给云存储服务器作为挑战。服务器计算聚合认证码σ和聚合消息 1) GenProof(M * ,I)→v: The user randomly selects a subset I of [1,s] and sends it to the cloud storage server as a challenge. The server calculates the aggregated authentication code σ and aggregated message

然后将拥有I对应文件块的证明发送给用户。Then there will be a proof of the file block corresponding to I sent to the user.

2)CheckProof(sk,v)→{0,1}:首先,用户利用私钥sk中的kmac验证文件标签τ,如果不满足则验证失败返回0。否则,用户利用私钥sk中的kenc解密出伪随机置换函数π和伪随机函数f的参数kext和kprf2) CheckProof(sk,v)→{0,1}: First, the user uses the k mac in the private key sk to verify the file label τ, if not satisfied If the verification fails, 0 is returned. Otherwise, the user uses k enc in the private key sk to decrypt the parameters k ext and k prf of the pseudorandom permutation function π and the pseudorandom function f.

用户按公式(1)计算出{i1,i2,…,il},抽取中{i1,i2,…,il}位置对应的比特,设抽取后的结果为记为用户验证服务器拥有I对应文件块并返回1当且仅当The user calculates {i 1 ,i2,...,i l } according to formula (1), extracts The bits corresponding to the positions of {i 1 ,i2,…,i l } in the marked as The user authenticates that the server owns the file block corresponding to I and returns 1 if and only if

用户通过多次的挑战,可以以接近于1的概率确认云存储服务器完整的存储了文件M。Through multiple challenges, the user can confirm that the cloud storage server has completely stored the file M with a probability close to 1.

(3)方案协议设计(3) Scheme protocol design

在对文件M进行预处理之前,用户已生成私钥sk=(kenc,kmac),保存在客户端。客户端拥有随机数生成器,用于产生算法中需要的随机数。本发明提出的云端数据存储完整性的证明协议步骤如下:Before preprocessing the file M, the user has generated the private key sk=(k enc , k mac ) and saved it on the client. The client has a random number generator, which is used to generate the random numbers required in the algorithm. The steps of the proof protocol for the integrity of cloud data storage proposed by the present invention are as follows:

1)对于待上传的文件M,用户按照算法TagBlock(sk,M)对M进行预处理,处理后的结果为M*1) for the file M to be uploaded, the user preprocesses M according to the algorithm TagBlock(sk, M), and the processed result is M * ;

2)用户将处理后的文件M*发送给云存储服务器,本地只保存私钥sk;2) The user sends the processed file M * to the cloud storage server, and only the private key sk is stored locally;

3)用户任意选取[1,s]的一个子集I,发送给云存储服务器作为挑战,请求云存储服务器返回拥有I对应文件块的证明;3) The user arbitrarily selects a subset I of [1, s], sends it to the cloud storage server as a challenge, and requests the cloud storage server to return the proof that it has the corresponding file block of I;

4)云存储服务器按照证明生成算法GenProof(M*,I)生成I对应的聚合消息和聚合认证码σ。4) The cloud storage server generates an aggregated message corresponding to I according to the proof generation algorithm GenProof(M * ,I). and the aggregated authentication code σ.

5)云存储服务器将文件标签τ,I对应的聚合消息和聚合认证码σ发送给用户。5) The cloud storage server aggregates the message corresponding to the file label τ, I and the aggregated authentication code σ is sent to the user.

6)用户利用云存储服务器返回的按照算法 CheckProof(sk,v)验证云存储服务器是否拥有I对应的文件块。如果返回1,则云存储服务器完整的存储了I对应的文件块。6) The user returns from the cloud storage server Verify whether the cloud storage server has the file block corresponding to I according to the algorithm CheckProof(sk, v). If 1 is returned, the cloud storage server completely stores the file block corresponding to I.

Claims (4)

1. a kind of method of proof of cloud data storage integrality, characterized by the following steps:
Step 1: user pre-processes file to be uploaded:
(1) it generates private key: utilizing random number generator, generating two length is the random number of k respectively as symmetric password encryption Key kencWith the key k of hash functionmac, wherein k is security parameter, then private key sk=(kenc, kmac);
(2) to file block and the label of each blocks of files is calculated:
(1) file M is divided into s block { M1, M2..., Ms, every block size is n bit;
(2) random number generator is utilized, a random number k is generatedextAs the parameter of pseudo-random permutation function π, enable:
Wherein π () isThe random permutation function with parameter, l be each blocks of files extract bit number;Each Blocks of files extracts { i1, i2..., ilCorresponding position bit, if extract after result be { m1, m2..., ms, it is denoted as mi= Extract(Mi), 1≤i≤s;
(3) random number generator is utilized, a random number k is generatedprfAs the parameter of pseudo-random function f, it is calculated as follows The label of each blocks of files:
Its byFor step-by-step XOR operation,For pseudo-random function with parameter, that output is l bit, enableThe label of file M:
Its byBe key be kencSymmetric encipherment algorithm,Be key be kmacHash function;
Step 2: pretreated file is sent to cloud storage service device by user, it is local only to save private key;
Step 3: user randomly selects some blocks of files and sends out to cloud when needing to verify the integrality of cloud data storage Play challenge;
Step 4: cloud generates the proof for possessing blocks of files and returns to user;
Step 5: the proof that user possesses blocks of files to cloud carries out cloud data integrity validation.
2. a kind of method of proof of cloud data storage integrality according to claim 1, it is characterised in that: step 2 institute State the pretreated file M that user is sent to cloud storage service device*={ { M1..., Ms, { σ1..., σs, τ }.
3. a kind of method of proof of cloud data storage integrality according to claim 2, it is characterised in that: cloud generates Possess the method for the proof of blocks of files are as follows:
(1) cloud storage service device randomly chooses subset I using user and polymerization authentication code σ and syndication message is calculated as follows
(2) what is then generated possesses the proof of I respective file block
4. a kind of method of proof of cloud data storage integrality according to claim 3, it is characterised in that: user is to cloud End possesses the method that the proof of blocks of files carries out cloud data integrity validation are as follows:
(1) user utilizes the k in private key skmacFile label τ is verified, if be unsatisfactory for Then Authentication failed returns to 0;Otherwise, user utilizes the k in private key skencDecrypt kextAnd kprf
(2) user calculates { i1, i2..., il, it extractsIn { i1, i2..., ilThe corresponding bit in position, if after extracting As a result it isIt is denoted as
(3) and if only ifWhen, user authentication servers possess I respective file block and return 1。
CN201710156259.9A 2016-12-15 2017-03-16 A method for proving the integrity of cloud data storage Active CN106899406B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2016111572198 2016-12-15
CN201611157219 2016-12-15

Publications (2)

Publication Number Publication Date
CN106899406A CN106899406A (en) 2017-06-27
CN106899406B true CN106899406B (en) 2019-07-19

Family

ID=59193968

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710156259.9A Active CN106899406B (en) 2016-12-15 2017-03-16 A method for proving the integrity of cloud data storage

Country Status (1)

Country Link
CN (1) CN106899406B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107395652A (en) * 2017-09-08 2017-11-24 郑州云海信息技术有限公司 A kind of integrity of data stored inspection method, apparatus and system
CN108416221B (en) * 2018-01-22 2021-05-14 西安电子科技大学 Secure similar data possession proof scheme in cloud environment
CN108718314B (en) * 2018-06-01 2021-09-07 北京兰云科技有限公司 Integrity detection method and device for network message
CN109948372B (en) * 2019-03-29 2022-10-04 福建师范大学 Remote data holding verification method in cloud storage of designated verifier
CN110138750A (en) * 2019-04-23 2019-08-16 上海数据交易中心有限公司 Encryption method, apparatus and system, storage medium, the terminal of configuration file
CN111552990A (en) * 2020-04-17 2020-08-18 贵州电网有限责任公司 Safety protection method based on power grid big data
CN111782623B (en) * 2020-05-21 2024-10-25 北京交通大学 File checking and repairing method in HDFS (Hadoop distributed File System) storage platform
CN111967060A (en) * 2020-08-18 2020-11-20 中国银行股份有限公司 Data file integrity verification method and device
CN112883398B (en) * 2021-03-03 2022-12-02 西安电子科技大学 Data Integrity Verification Method Based on Homomorphic Encryption
CN117828630B (en) * 2023-12-13 2025-09-30 天翼云科技有限公司 A cloud storage deduplication method based on blockchain and fusion encryption technology

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647433A (en) * 2012-05-21 2012-08-22 北京航空航天大学 An Efficient Cloud Storage Data Possession Verification Method
CN103605784A (en) * 2013-11-29 2014-02-26 北京航空航天大学 Data integrity verifying method under multi-cloud environment
CN105491069A (en) * 2016-01-14 2016-04-13 西安电子科技大学 Integrity verification method based on active attack resistance in cloud storage

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647433A (en) * 2012-05-21 2012-08-22 北京航空航天大学 An Efficient Cloud Storage Data Possession Verification Method
CN103605784A (en) * 2013-11-29 2014-02-26 北京航空航天大学 Data integrity verifying method under multi-cloud environment
CN105491069A (en) * 2016-01-14 2016-04-13 西安电子科技大学 Integrity verification method based on active attack resistance in cloud storage

Also Published As

Publication number Publication date
CN106899406A (en) 2017-06-27

Similar Documents

Publication Publication Date Title
CN106899406B (en) A method for proving the integrity of cloud data storage
CN109194466B (en) A blockchain-based cloud data integrity detection method and system
CN107483585B (en) Efficient data integrity auditing system and method supporting safe deduplication in cloud environment
CN105939191B (en) The client secure De-weight method of ciphertext data in a kind of cloud storage
CN106302312B (en) Obtain the method and device of electronic document
US8897450B2 (en) System, processing device, computer program and method, to transparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords
CN103530201B (en) A kind of secure data De-weight method and system being applicable to standby system
CN113691502B (en) Communication method, device, gateway server, client and storage medium
CN103414690B (en) One can openly be verified the high in the clouds data property held method of calibration
Yang et al. Provable data possession of resource-constrained mobile devices in cloud computing
CN106101257B (en) A method and device for cloud storage data management based on Bloom filter
CN103986732B (en) Cloud storage data auditing method for preventing secret key from being revealed
CN107800688A (en) A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption
CN104935568A (en) Interface authentication signature method facing cloud platform
CN106850566B (en) Method and device for verifying data consistency
CN115225409B (en) Cloud data safety duplicate removal method based on multi-backup joint verification
CN114338648B (en) SFTP multi-terminal file secure transmission method and system based on cryptographic algorithm
CN115632880B (en) A method and system for reliable data transmission and storage based on national secret algorithm
CN106603561A (en) Block level encryption method in cloud storage and multi-granularity deduplication method
CN113726523B (en) Multiple identity authentication method and device based on Cookie and DR identity cryptosystem
CN110750796A (en) A Deduplication Method for Encrypted Data Supporting Public Audit
CN117318941A (en) Method, system, terminal and storage medium for distributing preset secret key based on in-car network
GB2488753A (en) Encrypted communication
CN115361165A (en) Verifiable dynamic searchable encryption method based on block chain and renewable encryption
CN105071941A (en) Method and device for identity authentication of nodes of distributed system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant