CN106911708A - It is a kind of to support batch processing to verify and possess the cloud data public audit method of wrong data positioning function - Google Patents

Abstract

The invention discloses a cloud data open audit method that supports batch verification and has the function of locating error data. The method is as follows: each cloud user stores its file blocks and data tags in the cloud server, and sends the positioning tags of the file blocks to the TPA; after receiving the user's audit request, the TPA will store the data of these users on multiple cloud servers. Make a challenge. After receiving the returned certificate, TPA will verify the validity based on the sent challenge and the certificate returned by the server. If the verification is passed, the data audit result is passed; otherwise, TPA verifies the location tag. If the location tag is verified, then The audit result is passed, otherwise, the cloud user index and the server index to which the error data belongs are output. Finally, the TPA sends the audit success to the cloud user whose audit result is passed, and sends the index of the server to which the error data belongs to the cloud user whose audit result is not passed. The invention facilitates the user to quickly find out the location of the damaged data.

Description

A cloud data disclosure that supports batch verification and has the function of locating error data Audit method

technical field

The invention belongs to the technical field of network security, and in particular relates to a cloud data public audit method that supports batch verification and has the function of locating error data.

Background technique

The Provable Data Possession (PDP) scheme allows users to remotely verify the integrity of the data stored on the untrusted server with a high probability without having to retrieve the data without local backup. Communication bandwidth is saved. At present, most PDP schemes perform integrity verification on data stored on a single server by a single user. But in reality, the services provided by cloud storage are oriented to many users. At the same time, there is not a single cloud service provider, and each cloud service provider has more than just a single server. In order to better adapt to the reality, in recent years, PDP schemes under the scenarios of multi-user single server, single user multi-server, and multi-user multi-server have been proposed one after another. The data integrity batch verification scheme that supports multi-users and multi-servers greatly reduces the computing overhead, but after data errors, it is often impossible to accurately and quickly determine the source of the error data. Therefore, the purpose of the present invention is to: in a multi-user and multi-server environment, while realizing batch processing remote data integrity verification, it can also realize the positioning of error data, that is, to find which user the error data belongs to and which server it is stored on , so that users can quickly find out which servers their data is damaged on.

related work

In 2013, Wang et al. used BLS signatures to construct homomorphic verification labels. In a multi-user single-server environment, they proposed a batch verification scheme to protect user data privacy, and used binary search to determine which user's data was wrong. In 2016, Mao et al. also used BLS short signatures to propose a data integrity verification scheme that supports batch processing in a single-user multi-cloud server environment, but the scheme does not consider the problem of erroneous data location.

In 2014, Liu et al. used bilinear pairing to propose a batch verification scheme in a multi-user multi-server scenario, and used an ordered Merkle Hash Tree to resist replacement attacks. Ren et al. used the Co-GDH signature on the elliptic curve to construct a homomorphic verification label, proposed a batch verification scheme that can be verified publicly and protects privacy, and used the data update information table to realize dynamic data update. In 2016, Zhou et al. proposed an ID-based batch PDP scheme using bilinear pairings and the CDH problem. The above solutions can quickly and effectively verify the integrity of the data stored by multiple users on multiple servers at one time, but they do not consider the location of wrong data.

In the batch processing scheme in the multi-user and multi-server scenario, some people have also proposed the idea of erroneous data location. In 2013, He et al. proposed a data integrity verification scheme that can identify damaged data and support batch processing by using a recoverable coding method. at the server. In 2015, Shin et al. also proposed a batch data integrity verification scheme to identify damaged data. However, when there are errors in the data returned by multiple servers, the scheme can only determine the last wrong server, and Unable to determine owner of bad data.

The present invention proposes a batch-processing cloud data open audit method that supports error data location in a multi-user and multi-server environment, and cloud users entrust the audit work of data integrity verification to a third party auditor (TPA). After TPA receives audit requests from multiple cloud users, it batch-checks the integrity of the data stored by these cloud users on multiple servers. While implementing batch verification, after detecting data errors, the error data location function can be implemented in a challenge, that is, to find the owner of the error data and the server where it is located.

Contents of the invention

The technology of the present invention aims at the deficiencies of the prior art, and the present invention provides a cloud data public audit method that supports batch verification and has the function of locating error data.

The present invention discloses a cloud data open audit method that can support error data location and batch processing verification in a multi-user and multi-server environment. The present invention includes: a CA (Certificate Authority, authentication center) server performs initialization parameter setting, All cloud users can apply to CA for their own public-private key pair; each cloud user stores their file blocks and data tags in the cloud server, and sends the location tags of file blocks to TPA; TPA receives audits from multiple cloud users After the request, the data stored by these users on multiple cloud servers can be challenged at the same time. After receiving the certificate returned by the challenged cloud server, TPA performs batch verification of validity based on the challenge sent and the certificate returned by the server. verification, it means that the data audit result of the cloud users involved in the challenge is passed. Otherwise, TPA verifies the location tag. If the location tag is verified, it means that the corresponding data is complete, that is, the audit result is passed; if the location tag is not verified, it means that the data is damaged, and TPA outputs the cloud user index to which the wrong data belongs. and the index of the server where it resides. Finally, the TPA sends an audit report of successful audit to the cloud user whose audit result is passed. Send the index of the server to which the error data belongs to the cloud user whose audit result is not passed.

Compared with prior art, the beneficial effect of the present invention:

False data positioning is realized: the present invention not only realizes that in a multi-user and multi-server environment, multiple cloud users can entrust a third-party auditor to perform batch auditing on the data stored in multiple cloud servers. In addition, if the batch audit fails, only one comparison operation can determine whether the data stored by a specific user on a specific server has been damaged. In addition, the present invention can also find out all error data, and at the same time locate the user and the server where the error data belongs, so that the user can quickly find out the location of the damaged data, reduce the time for the user to find the error data, and make it easier to judge the location of the cloud server. degree of reliability.

The invention realizes data integrity verification of batch processing in a multi-user and multi-server environment, and also constructs a positioning label to realize the positioning function of wrong data, which can make users whose data is damaged in time after batch verification It is found that the data is wrong, and the location of the damaged data can be known, and the efficiency of the user in detecting the wrong part of the file can be improved.

Description of drawings

Fig. 1 is a flow chart of the specific implementation method of the present invention.

FIG. 2 is a schematic diagram of a data label generation process in a specific embodiment of the present invention.

Fig. 3 is a schematic diagram of the generation process of the positioning tag according to the specific embodiment of the present invention.

Fig. 4 is a schematic diagram of the public audit and error data location process in the specific embodiment of the present invention.

Figure 5 shows the MHT (Merkle Hash Tree, Merkle Hash Tree) TR constructed by the cloud user DO ₁ for the four data blocks M ₁₁₁ , M ₁₁₂ , M ₁₁₃ , and M ₁₁₄ stored on the cloud server CS ₁ with a _1t as a parameter _11t .

detailed description

The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. All other embodiments obtained by those skilled in the art without creative work belong to this invention. scope of invention protection.

The method flow process of the present invention is as shown in Figure 1, and its steps are:

1. The CA server performs initialization parameter settings;

●Take k as the safety parameter, choose two multiplicative cyclic groups G ₁ and G ₂ with order q, q is a large prime number and satisfy q>2 ^k , take the generator of G ₁ as g, in the groups G ₁ and G _2. Choose a bilinear map e:G ₁ ×G ₁ →G ₂ .

●Choose four cryptographic Hash functions H ₁ , H ₂ , H ₃ , H ₄ and a pseudorandom function f, where H ₁ : {0, 1} ^* → G ₁ , H ₂ : {0, 1} ^* → Z _q , H ₃ : {0, 1} ^* → G ₁ , H ₄ : {0, 1} ^* → Z _q (H ₁ and H ₃ , H ₂ and H ₄ are different Hash functions), Where Z _q ={0,1,2,...,q-1}, each user index can be expressed as a w _i -bit string, each server index can be expressed as a w _j -bit string, and each file block index can be Represented as a string of w _k bits.

●Random selection As a partition coefficient, let λ=k be the number of MHT (Merkle Hash Tree, Merkle Hash Tree) that each user constructs for the same data.

●Random selection As the master private key msk, and let the master public key be mpk=g ^x .

Public parameters params=(G ₁ ,G ₂ ,q,g,e,H ₁ ,H ₂ ,H ₃ ,H ₄ ,f,{v _l },λ) and master public key mpk=g ^x are made public, Keep the master private key msk=x secret.

2. Cloud user DO _i applies to CA for its own public-private key pair

●DO _i generates a key application request and sends it to the CA server, and the CA server generates a key pair (pk _i , sk _i ) for DO _i , where the public key pk _i =H ₁ (ID _i ), and the private key sk _i =H ₁ (ID _i ) ^x =pk _i ^x , i is the index of cloud user DO _i , and ID _i is the identity identifier of DO _i .

3. The CA server sends the private key sk _i to DO _i through a secure channel.

4. DO _i preprocesses the file blocks to be uploaded (Figure 2 is the data label generation process)

●DO _i divides the file to be uploaded by a fixed length. Let M _ijk represent the kth block of cloud user DO _i stored on server CS _j . Each block is composed of s partitions. Let F _ijkl represent DO _i stored in CS _j The l-th partition in the k-th block above.

●DO _i generates a label value σ _ijk =(S _ijk ,T _ijk ) for each data block M _ijk , the specific generation method is: DO _i randomly selects Calculate M _ijk for each file block of its own h _i =H ₂ (ID _i ), hpk=H ₃ (mpk), and calculate

5. DO _i uploads the file blocks and data tags to the corresponding cloud server

DO _i sends all its file blocks {M _ijk } and corresponding data labels {σ _ijk } to the corresponding server according to the server index.

6. Each server checks the availability of the data label it receives. As shown in Figure 2, after each server receives the data block and data label sent by the user, it determines whether the data label is correct by checking whether the following equation holds.

If the equation is true, it means that the data tag uploaded by the user is available, and the server stores the data blocks and data tags that pass the verification; if the equation is not true, the cloud server requires the user to re-upload.

7. DO _i generates a location tag and sends it to TPA (Figure 3 is the location tag generation process)

●Assume that the server index set storing the uploaded file data of DO _i is J _i , and the number of file blocks stored by DO _i on the server CS _j (j∈J _i ) is N _ij . DO _i randomly selected For each server CS _j (j∈J _i ), DO _i takes a _it (1≤t≤λ) as the MHT parameter, and constructs a λ MHT for N _ij data blocks stored on CS _j . Each tree is represented by TR _ijt (1≤t≤λ), and the root node of TR _ijt is represented by R _ijt .

For example, user DO ₁ has stored four data blocks M ₁₁₁ , M ₁₁₂ , M ₁₁₃ , and M ₁₁₄ on server CS _1. Using a _1t (1≤t≤λ) as a parameter, the construction of TR _11t is shown in Figure 5. The tree The root of is R _11t .

●DO _i constructs a positioning index table Where a _it (1≤t≤λ) is the MHT parameter, let chr _ijt =R _ijt (j∈J _i , 1≤t≤λ) indicates the tth positioning tag of all data stored in CS _j by DO _i . If chr _ijt does not exist, that is Then set chr _ijt =-1. Where n represents the number of servers. The positioning index table Index _i constructed by DO _i is shown in Table 2.

●DO _i sends the location index table, that is, the location label, to the TPA.

Table 2 The positioning index table Index _i constructed for user DO _i

8. Cloud user DO _i initiates an audit request to TPA

●The audit request is the index set {(i,j,k)} of all data blocks uploaded by DO _i , including cloud user DO _i index i, cloud server CS _j index j∈J _i storing DO _i data, stored in Data block index k on cloud server CS _j .

9. TPA generates a challenge according to the user's audit request (the detailed process of steps 9 to 13 is reflected in Figure 4)

● After receiving audit requests from multiple cloud users, TPA combines all audit requests to obtain the total audit request set Q=∪{(i,j,k)}.

TPA selects c blocks from the total audit request set Q for verification, so that (1≤n≤c,(i _n ,j _n ,k _n )∈Q) represents the selected c blocks, and the index of the c blocks is used as the element to construct the set I={(i _n ,j _n ,k _n )|n=1,...,c}.

TPA constructs mapping f ₁ :I→Z _q , Satisfy When i _s =i _t , there is order collection

●TPA random selection TPA Build Mapping Satisfy When i _s =i _t , there is where the MHT parameter by cloud users Generated in step 7 and sent to TPA via the location index table. Let MHT parameter set

• Total challenge chal = (I, K, α).

●Assuming that the index set {j} of the cloud server where the c data blocks selected by TPA is represented by U, TPA divides the total challenge chal into |U| divided challenges {chal _j },| U| represents the number of elements in the set U, satisfying Each chal _j = (I _j ,K _j ,α _j ), where I _j ={(i _n ,j _n ,k _n )|(i _n ,j _n ,k _n )∈I and j _n =j} ,

• TPA sends chal _j to server CS _j .

10. The server receiving the challenge calculates the corresponding proof

● The cloud server CS _j that receives the challenge chal _j indexes (i _n , j _n , k _n ) for each data block in I _j , respectively with the corresponding As the key, use the pseudo-random function f to calculate That is, each data block index corresponds to one r _n . in Picked up and published by the CA in the first step.

Cloud server CS _j pairs all data blocks in I _j belonging to the same user (such as user DO _i ) {(i _n ,j _n ,k _n )|(i _n ,j _n ,k _n )∈I _j and i _n =i,j _n =j}'s l∈[1,s]th partition, calculate Get a set {F _ij ′ _l |l=1,...,s} containing s elements, where Indicates the cloud user whose index is i _n The lth partition of the _knth data block stored on cloud server CS _j with index j. The cloud server CS _j performs the same operation above for all users in I _j , and combines all obtained sets to form a new set {F′ _ijl |i∈O _j ,l=1,...,s} , where O _j represents the set of indices of all cloud users contained in I _j .

● Data labels for all data blocks in I _j CS _j Computing is the data label of the k _nth data block stored by the i _nth cloud user on the j _nth server, which consists of two parts, namely with

For each challenged cloud user DO _i (i∈O _j ), the cloud server CS _j , for all data blocks stored on it, takes the a _iτ corresponding to the data block index of the cloud user DO _i in α _j as Parameters, build an MHT according to the method shown in Figure 5, denoted as TR _ijτ , and its tree root is R _ijτ . where α _j is given by chal _j = (I _j , K _j , α _j ). The MHT tree root constructed by the data blocks of all cloud users in O _j and its corresponding user and server indexes form a set {(i,j,R _ijτ )|i∈O _j }.

Cloud server CS _j constructs proof P _j =(S′ _j ,T′ _j ,{F′ _ijl |i∈O _j ,l=1,...,s},{(i,j,R _ijτ )| i∈O _j }).

11. All challenged cloud servers send proofs to the verifier TPA

12. TPA batch verification certificate

After TPA receives all the certificates returned by the challenged server, it performs batch verification on these certificates. The verification steps are as follows: first calculate Then check whether Equation (1) holds true, where O in Equation (1) represents the index set of cloud users involved in the total challenge chal generated by the verifier.

1) If equation (1) holds true, it means that the batch verification is passed, that is, the data audit result of the cloud users involved in the total challenge is verified as passed.

2) If _equation (1) is not established, then for each element ( _i , _j , R _ijτ ), TPA uses (i, j) and τ (τ is selected by TPA in step 9), to query the value chr _ijτ in row τ and column j+1 in index _i of the positioning index table, and check, etc. Whether formula (2) holds

If equation (2) holds true, it means that the data stored by cloud user DO _i on cloud server CS _j is complete, that is, the audit result of data stored on CS _j by DO _i is verified.

If the equation (2) is not established, it means that the data stored by the cloud user DO _i on the cloud server CS _j is damaged, that is, the audit result is that the verification fails. TPA outputs the cloud user index to which the error data belongs and the index (i, j) of the server where it resides.

13. The TPA sends an audit report of successful audit to the corresponding cloud user whose audit result is verified as passing. Send the index of the server to which the error data block belongs to the corresponding user whose audit result is that the verification fails.

Claims (8)

1. A cloud data open audit method that supports batch verification and has the function of locating error data, the steps of which are: 1) Cloud user DO _i applies to the CA server for its own public-private key pair; 2) Cloud user DO _i divides the file to be uploaded into several blocks and generates a data label for each block; 3) Cloud user DO _i uploads each block and its data label to the corresponding cloud server; 4) The cloud server verifies the availability of the data tag it receives, and if the verification is passed, it stores the data tag and its corresponding block; then, the cloud user DO _i generates the location tag and audit request of the uploaded file block and sends it Send to third party audit TPA; 5) After the TPA receives the audit request, it challenges the data of multiple cloud users on multiple cloud servers, and after receiving the proof returned by the challenged cloud server, the TPA verifies the correctness of the proof. verification, TPA sends a verification success message to all cloud users; otherwise, TPA verifies the location tag and returns the index of the wrong data to the corresponding cloud user. 2. The method according to claim 1, wherein each block is composed of s partitions; M _ijk represents the kth data block stored on cloud server CS _j by cloud user DO _i , and F _ijkl represents DO _i The lth partition in the kth data block stored on the cloud server CS _j . 3. The method according to claim 2, wherein the method for generating a data label σ _ijk = (S _ijk , T _ijk ) for block M _ijk is as follows: cloud user DO _i randomly selects a parameter u _i , M _ijk calculation h _i =H ₂ (ID _i ), hpk=H ₃ (mpk), and calculate Among them, g is the generator of group _G1 , mpk is the master public key of CA, ID _i is the identity of cloud user DO _i , sk _i is the private key of DO _i , H ₁ (), H ₂ (), H ₃ () and H ₄ () are four different hash functions respectively, and v _l is a partition coefficient. 4. The method according to claim 3, characterized in that, the cloud server passes the formula Check the availability of the received data label, e() is a bilinear map. 5. The method according to claim 3 or 4, wherein the method for generating the positioning label of the uploaded file block is: 51) Assuming that the cloud server index set storing DO _i uploaded file blocks is J _i , and the number of file blocks stored by cloud user DO _i on cloud server CS _j is N _ij ; cloud user DO _i randomly selects λ parameters, a _it is the tth parameter; 52) For each cloud server CS _j , DO _i uses each a _it as the MHT parameter to build an MHT for N _ij blocks stored on the cloud server CS _j ; get λ MHT in total; where, t= 1,...,λ, j∈J _i ; the tth MHT is represented by TR _ijt , and the root node of TR _ijt is represented by R _ijt ; 53) Let chr _ijt =R _ijt , assume that there are n total cloud servers, and cloud user DO _i builds a positioning index table Among them, chr _ijt =R _ijt means that DO _i stores the t-th positioning label of all data on CS _j , j∈J _i ; if chr _ijt does not exist, that is Then set chr _ijt =-1; the positioning index table is the positioning label. 6. The method according to claim 5, wherein the TPA challenges the data of multiple cloud users on multiple cloud servers after the audit request is as follows: 61) The TPA combines the received audit requests to obtain an audit request set Q; 62) TPA selects c blocks from the audit requests Q of all cloud users for verification, and builds the index set I={(i _n ,j _n ,k _n )|n=1, ...,c}; Indicates the data block specified by the nth audit request (i _n , j _n , k _n ) in I; where i _n is the data block The user index to which it belongs, j _n is the storage block The server index of k _n is the block index; 63) TPA Build Mapping Satisfy When i _s =i _t , there is key set 64) TPA random selection build map Satisfy When i _s =i _t , there is Let parameter set 65) TPA generates total challenge chal = (I, K, α); 66) Use U to represent the index set {j} of the cloud server where the challenged block is located. TPA divides the total challenge chal into |U| sub-challenges {chal _j } according to the different cloud servers to be challenged. TPA sends the challenge chal _j =(I _j ,K _j ,α _j ) to the cloud server CS _j ; where, I _j ={(i _n ,j _n ,k _n )|(i _n ,j _n ,k _n )∈I and j _n = j}, 7. The method according to claim 6, wherein the challenged cloud server generates the proof by: 71) The cloud server CS _j that receives the challenge chal _j indexes each data block (i _n , j _n , k _n ) in I _j with the corresponding As the key, use the pseudo-random function f to calculate For the l∈[1,s]th partition of all data blocks belonging to the same user in _Ij , compute Get the set {F′ _ijl |i∈O _j ,l=1,...,s}, where, Indicates the cloud user whose index is i _n In the lth partition of the k _nth data block stored on the cloud server CS _j with index _j , O _j represents the set of indexes of all cloud users contained in I _j ; then cloud server CS _j utilizes all Data label of the data block calculate 72) Cloud server CS _j , for each challenged cloud user DO _i (i∈O _j ), for all data blocks stored on it, uses a _iτ corresponding to the data block index of cloud user DO _i in α _j As a parameter, construct an MHT, expressed as TR _ijτ , whose tree root is R _ijτ , where α _j is given by chal _j = (I _j ,K _j ,α _j ); 73) Construct the MHT tree roots of all challenged cloud user blocks in O _j , and the cloud user and cloud server indexes corresponding to each tree root to form a set {(i,j,R _ijτ )|i∈O _j }, Obtain the proof of cloud server CS _j P _j =(S′ _j ,T′ _j ,{F′ _ijl |i∈O _j ,l=1,...,s},{(i,j,R _ijτ )| i∈O _j }). 8. The method according to claim 7, wherein the method for verifying the correctness of the proof is: after the TPA receives the proofs sent back by all challenged cloud servers, it first calculates Then check the equation: is true; if true, the verification is passed; if not _true , each element ( _i , _j ,R _ijτ ), TPA uses (i, j) and τ to query the value chr _ijτ in the j+1th row and column j+1 of the positioning index table Index _i , and checks the equation Whether it is established, if it is established, the verification is passed, otherwise, the cloud user index to which the error data belongs and the index (i, j) of the server where the error data belongs are output.