CN109688107B

CN109688107B - Cloud data safety positioning method based on integrity audit and communication time delay

Info

Publication number: CN109688107B
Application number: CN201811384531.XA
Authority: CN
Inventors: 姜涛; 赵尹源; 袁浩然; 王一凡
Original assignee: Xidian University
Current assignee: Xidian University
Priority date: 2018-11-20
Filing date: 2018-11-20
Publication date: 2021-11-09
Anticipated expiration: 2038-11-20
Also published as: CN109688107A

Abstract

The invention belongs to the technical field of distributed data geolocation, and discloses a cloud data security location method based on integrity audit and communication delay; data owners use Reed-Solomon error correction codes to encode and encrypt original data files, and the encoding operation It will be completed in the initialization phase; when the data owner wants to locate the data in its cloud, each agent node is required to perform a distributed challenge operation; each distributed agent that receives the instruction of the data owner will challenge the cloud storage; the cloud server needs to receive A set of challenge requests and provide proof results; the cloud server executes the challenge response protocol and broadcasts the recoverability proof to each proxy node; in the verification phase, distributed nodes mainly perform recoverability verification functions and extract geographic measurement information; data owners Run a location estimation algorithm to estimate the location of the cloud server. The present invention can check for potentially malicious servers that manipulate delays and falsify locations; through theoretical analysis, it is considered valid and correct.

Description

Cloud data safety positioning method based on integrity audit and communication time delay

Technical Field

The invention belongs to the technical field of distributed data geographic positioning, and particularly relates to a cloud data safety positioning method based on integrity audit and communication time delay.

Background

Currently, the current state of the art commonly used in the industry is such that: cloud computing is an information technology that is now widely used and that can access and manage configuration system resources and higher level services anytime and anywhere. The most important advantage is that cloud computing technology allows companies to minimize the cost of building infrastructure in the early stages. Cloud storage is a main branch of cloud computing, and is widely applied to various fields. However, cloud service providers for data users are not completely trustworthy, and users lose physical control of data after uploading local data to a cloud server, so data location auditing is becoming one of the ever-increasing demands of users. At the same time, a semi-honest server may migrate/outsource data to other countries based on some economic benefits (e.g., lower taxes and lower infrastructure costs) or circumvent the data regulatory rules of the country. This may lead to a series of dangerous consequences. On the one hand, location sensitive service data that a user is enjoying may be stolen, and on the other hand, data may be outsourced to a host vulnerable to both physical and information security attacks, and natural disasters or disasters caused by cyber-world war may cause the user to lose the data completely. Even IT is not without precedent that amazon AWS cloud services and Google Drive could potentially have a large-scale disaster. Corresponding data protection laws and regulations have been promulgated by different countries and organizations. The european union's General Data Protection Regulation (GDPR), referred to as the "most historically strict privacy policy", will be enforced 5/25 of 2018. The regulations indicate that: the territory or department of the third country, or international organization, cannot ensure an adequate level of data protection. In other words, the european union believes that certain data should be contained within certain geographic boundaries. At the same time, regulations require that regulatory agencies can audit data periodically. Similar provisions can be found in russian data privacy laws and china network security laws. In the united states, user data belonging to different countries is protected by law across different countries, which shows the necessity for data location audits. The HIPAA standard compliant data center white paper also highlights the impact of geographical location changes. It proposes that natural disasters, climate changes and geographical boundary protection can in fact affect the quality of service of cloud service providers. This also alerts the importance and challenges of geolocation data. However, representatives of hardware geolocation such as cellular network, GPS, WIFI and bluetooth are not better applicable to hosts storing data in cloud environments. On the one hand, in order to achieve high accuracy with the above-mentioned positioning method, it is necessary to provide more infrastructure or to cooperate with the providers who own the facilities, which undoubtedly raises additional security problems. On the other hand, equipment costs are undoubtedly increased due to procurement requirements of hardware module facilities. Therefore, most recent research has focused on finding correlations between network delays and geographical distances in existing internet infrastructures. With the rapid development of internet infrastructure, smart devices play an increasingly important role in the cloud computing era. The 2018 global digital report from We Are Social and Hootsuite shows that over 40 million people Are now using the internet worldwide. Meanwhile, the number of mobile phone users in 2018 is 51.35 hundred million. That is, two-thirds of the 76 billion population worldwide now own a mobile phone. The smart phone serves as a mobile node, and the excellent mobility and the efficient positioning hardware module of the smart phone can replace the role of a fixed-position landmark host. A malicious cloud server can manipulate detailed parameters of geographic positioning measurement to forge a data position based on spoofing existing position software and hardware, a DLoc technology proposed in 2017 by academia gives consideration to all data certificates and a data positioning technology with considerable precision, but the scheme does not consider the situation that the malicious server outsources data for the second time, the technical reason is that an existing Ping protocol (round-trip delay halving algorithm) with measurement delay is used, and the defect of the protocol makes it difficult for a data owner to know the real geographic position of a cloud service provider; unfortunately, existing solutions are not sufficient to find such potential attackers.

In summary, the problems of the prior art are as follows:

(1) the existing distributed positioning scheme only considers the improvement of precision, however, for a malicious cloud server which secondarily outsources data based on economic motivation, if delayed injection attack is carried out, the existing positioning algorithm cannot detect such an attacker; in the academic world, attacks against traditional positioning methods have achieved great success.

(2) Although the existing scheme aiming at location verification can effectively detect a potential malicious attacker, the premise is that a user needs to know the specific location of data, however, the practical problem is that most cloud service providers do not give an accurate data location in a service level protocol based on the requirements of security and privacy, and therefore the data location verification scheme is often difficult to implement in actual situations.

(3) The latest academic scheme combining integrity verification and data positioning technology is performed in a manner of downloading data blocks by distributed nodes, which causes great communication overhead. In fact, similar overhead should be done at the server side.

The difficulty and significance for solving the technical problems are as follows:

(1) the difficulty of the above problem is that the data owner cannot exactly know the authenticity of the cloud server geographical location from the measured network parameters and the old technical solution causes a large communication overhead. Reducing and even transferring overhead to the cloud server is of great significance to a client that may be resource limited.

(2) The detection function of delayed injection attack is realized, whether the cloud service provider secondarily outsources the data of the user can be detected, so that the service of the service provider is timely terminated, and even the arbitration is applied through the existing electronic evidence, so that the method has important economic significance for ensuring a data owner enjoying the cloud service.

(3) The new delay estimation and position estimation algorithm is realized, and the error caused by network delay jitter can be reduced, so that the data can be positioned more accurately.

Disclosure of Invention

Aiming at the problems in the prior art, the invention provides a cloud data safety positioning method based on integrity audit and communication time delay.

The invention is realized in such a way that a cloud data safety positioning method based on integrity audit and communication time delay comprises the following steps:

firstly, a data owner uses a Reed-Solomon error correcting code to encode an original data file and uses AES to encrypt, and the encoding operation is completed in an initialization stage;

secondly, when a data owner wants to locate data in the cloud, each agent node is required to perform distributed operation, and the distributed operation comprises two processes of agent selection and challenge arrangement;

thirdly, each distributed agent receiving the instruction of the data owner stores the challenge cloud; the cloud server needs to receive a set of challenge requests and provide a certification result, which contains some information of the integrity verification result and the network measurement;

fourthly, the cloud server executes a challenge response protocol and broadcasts a recoverability certification to each agent node;

fifthly, in a verification stage, the distributed nodes mainly execute a restorability verification function and extract geographic measurement information;

sixthly, the data owner operates a position estimation algorithm to estimate the position of the cloud server; the basic mathematical principle is a positive correlation of distance and delay; positioning by using a positioning algorithm containing positive and negative constraints; distance-delay relation function D through each proxy node_i＝v_it+b_iTo obtain each D_iValue of (i), i.e. proxy node i to server A_iDetermining the maximum and minimum values of the distance range

Then the agent node is taken as the center of a circle on the map,

drawing a circular ring for the radius range, and considering the centroid coordinate of the overlapping area as the presumed position of the cloud server; if the area of the overlapped area is 0, the cloud server is considered to transmit the data IIAnd (5) secondary outsourcing.

Further, the first step specifically includes: dividing an encoded file F into n file blocks M₁,...,M_nEach block has s sectors, M_i＝(M_i1,M_i2,...,M_is) (ii) a Wherein

i 1,2, n, j 1,2, s, p is a large prime number; let e: GXG → G_TIs a bilinear map with three hash functions H, H: {0,1}^*→ G and

g is a generator of the group G, and the whole process of the protocol is as follows:

data owner random selection

Calculating v ═ g^αThe private key is sk ═ (α), and the public key is p^k＝(v，{u_j}_1≤j≤s)；

Data owner saves F ═ locally (M)₁，...，M_n) The data owner generates a root R based on the construction of the Merkle hash tree and stores a file block H (M)_i) The hash value of (i ═ 1., n) serves as the leaf node of the MHT. Thereafter, the data owner signs the root node R with his private key α: h (r)^α←sig_sk(R); file tag t ═ sig_sk(R) a client maintained at the data owner; data owner for each block M_i＝(M_i1，M_i2，...，M_is) Computing the signature σ_i：

And phi ═ sigma_i}_1≤i≤nIs the set of signatures for all blocks, when the data owner sends F^*Give the server { F, phi } and keep the file tag t local, without storing the file F locally^*

Further, the second step specifically includes: the data owner maintains a database S locally, which includes list information for the entire distributed agent; for a certain file F at the owner of the received data_idUpon request, the data owner generates a request to the distributed agent r_iRequest list and file block identification S_iSet of (C) { s ═ s_i，r_iRandomly selecting a data block of the file; and after the set is generated, sending the information of each challenge file block to the distributed nodes.

Further, the third step specifically includes: distributed agent r_iFile block identifier S_iAnd a random number v_iSending to the server with local time stamp of each agent

Signing using a private key

Sent to the cloud server together

Further, the fourth step specifically includes: the cloud server receives the node i request

First, verify

And then performing an evidence generation algorithm. Detailed description of the invention

And

meanwhile, the cloud server returns auxiliary information about the Merkle tree, wherein the auxiliary information comprises the hash value { H } of the node where the file block is located(M_i)}_1≤i≤cAnd data of some children of the tree [ omega ] finally, the cloud server broadcasts evidence to all distributed nodes

Further, the fifth step specifically includes:

by obtaining

Verifying signatures

By { H (M)_i)，Ω}_1≤i≤cObtaining R and verifying received sig_sk(R) a signature;

verification e (sig)_sk(R)，g)＝e(R，v)；

Authentication

If the verification of the steps is successful, the recoverability verification is passed.

Using local time stamp T_jendCalculate from r_iIs sent out to r_jTotal response time to challenge

Further, the sixth step specifically includes:

(1) distance estimation, distance D is defined as:

D_i＝v_it+b_i；

and respectively estimating a relation function of the distance and the delay of each node. This can be obtained by analyzing a sample scatter plot between the geographic distances of the different nodes and the network delay.

(2) One-way delay estimation, each proxy node receives the broadcast and sends all measurement information I ═ v_i，b_i，T_isjIs sent toAnd (3) a data owner, wherein the data owner optimizes the measurement data and calculates:

meanwhile, jointly calculating the traditional one-way delay estimation to obtain the final delay estimation:

(3) a positioning algorithm, which uses a positioning algorithm containing positive and negative constraints to perform positioning; distance-delay relation function D through each proxy node_i＝v_it+b_iTo obtain each D_iTo the server A, proxy node i_iDetermining the maximum and minimum values of the distance range

Then the agent node is taken as the center of a circle on the map,

drawing a circular ring for the radius range, and considering the centroid coordinate of the overlapping area as the presumed position of the cloud server; if the area of the overlapped area is 0, the cloud server is considered to carry out secondary outsourcing on the data;

finally, the data owner returns the audit results and estimated geographic location to the data owner.

The invention also aims to provide a distributed node model simulation system applying the cloud data safety positioning method based on integrity audit and communication time delay.

The invention further aims to provide a recoverability certification control system applying the cloud data safety positioning method based on integrity audit and communication time delay.

The invention further aims to provide a geographical positioning system of data in a remote cloud host, which applies the cloud data safety positioning method based on integrity audit and communication time delay.

In summary, the advantages and positive effects of the invention are:

the invention designs a decentralized data positioning system aiming at the problems that the ownership and the management right of user data are separated in a cloud environment, whether the data is outsourced for the second time is difficult to detect by a user and the like. The system challenges a cloud server storing data by using a distributed node through the existing Internet infrastructure and a challenge response protocol, collects network measurement data while receiving a response, and performs data recoverability certification and position estimation. Through a new delay estimation mode, an attacker who outsources data for the second time and maliciously manipulates delay can be effectively detected.

The recoverable certification tool used by the present invention is primarily directed to the user's identification of data for a particular user and reduces the user's communication overhead. By sending a file block challenge to be verified, the server performs an evidence generation operation on the file block, and a user can perform an evidence verification operation on the client. Firstly, editing an encrypted file through a Reed-Solomon error correcting code so as to reduce the probability of error storage of data; secondly, as the data is encrypted by the user, any other proxy node can initiate a challenge protocol instead of the user; thirdly, by performing data block challenge probabilistically, the challenge efficiency can be maximized (for example, for a file with 10000 file blocks, only 460 data blocks need to be verified, and whether the server is completely stored can be detected with a probability of 99%); finally, the tool is publicly verifiable, and a third party with user metadata can also perform evidence verification operation, which can be used as electronic evidence for assisting arbitration when relevant legal disputes occur.

The location estimation algorithm used by the present invention is primarily directed to finding a specific geographic location of a user. Compared with the prior positioning technology, the method has the advantages that on one hand, compared with the prior round-trip binary algorithm, the one-way delay estimation algorithm used by the method can effectively reduce errors and can effectively detect the position forgery attack of adversaries, on the other hand, the triangular positioning algorithm with positive and negative constraints is used for generating a specific linear regression function aiming at each distributed node instead of using the predefined internet speed, so that the positioning accuracy can be effectively improved;

drawings

Fig. 1 is a flowchart of a cloud data security positioning method based on integrity audit and communication delay according to an embodiment of the present invention.

Fig. 2 is a schematic diagram of triangulation provided by an embodiment of the invention.

Fig. 3 is a schematic diagram of modes A2A and A2S according to an embodiment of the present invention.

Fig. 4 is a schematic diagram of a system model provided in an embodiment of the present invention.

FIG. 5 is a schematic diagram of a positioning algorithm including positive and negative constraints according to an embodiment of the present invention.

FIG. 6 is a diagram illustrating the results of applying a delay to affect an algorithm according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

Aiming at the problems that the existing data owners enjoying cloud services are difficult to check data storage positions, malicious cloud servers can manipulate parameters of geographic positioning measurement to forge data positions, and the existing scheme is not enough to find out the attackers. The invention can check the potential malicious server which controls delay and forges position; it is considered to be effective and correct by theoretical analysis.

The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.

As shown in fig. 1, the cloud data security positioning method based on integrity audit and communication delay provided by the embodiment of the present invention includes the following steps:

s101: the data owner uses Reed-Solomon codes to encode the original data file and uses AES algorithm to encrypt, and the encoding operation is completed in the initialization stage;

s102: when a data owner wants to locate data in the cloud, each agent node is required to perform distributed operation, and the distributed operation comprises two processes of agent selection and challenge arrangement;

s103: each distributed agent receiving the data owner instruction will challenge the cloud storage. The cloud server needs to receive a set of challenge requests and provide a certification result, which contains some information of the integrity verification result and the network measurement;

s104: the cloud server executes a challenge response protocol and broadcasts a recoverability certificate to each agent node;

s105: in the verification stage, the distributed nodes mainly execute a restorability verification function and extract geographic measurement information;

s106: the data owner runs a location estimation algorithm to estimate the location of the cloud server. The basic mathematical principle is a positive correlation of distance and delay.

The application of the principles of the present invention will now be described in further detail with reference to specific embodiments.

1. Preparation work

1.1 outsourcing Return Attestation

The recoverability certification model enables data owners to verify the recoverability of outsourced files on their storage servers. The data owner first encodes the data using a redundant code, such as a Reed-Solomon error correction code, and uploads it. To check the recoverability of its data, the data owner interacts with the cloud storage provider in a challenge-response protocol, checking the recoverability of a series of randomly selected file blocks, a new scheme named "outsourced recoverable evidence" (OPoR), which has the advantage of providing public verifiability and supporting dynamic data operations:

to support the above functions, two important pieces of knowledge need to be briefly described. Bilinear mapping is used to efficiently validate challenges, whereas Reed-Solomon codes are used in the pre-processing data phase.

1.1.1 bilinear mapping

Bilinear mapping properties, namely three prime p-th order group multiplication loop groups G1, G2, and GT. And defines a mapping e over the three groups: g₁×G₂→G_TAnd satisfies the following properties: (1) bilinear: for arbitrary g₁∈G₁，g₂∈G₂，a，b∈Z_pAll are provided with

If true; (2) non-degradability:

satisfy the requirement of

(3) Calculability: there are efficient algorithms, for arbitrary g₁∈G₁，g₂∈G₂All can calculate e (g)₁，g₂)。

1.1.2Reed-Solomon coding

Reed-Solomon codes are a group of error correcting codes proposed by irvings. In coding theory, Reed-Solomon codes belong to non-binary cyclic error correction codes. Reed-Solomon codes are based on univariate polynomials over finite fields. Any combination of up to t erroneous characters can be detected or up to t/2 characters can be corrected by adding t characters, where t is an additional check character. It is widely used in mass storage systems to correct burst errors associated with storage medium defects.

1.2 delay-based positioning technology

1.2.1 triangulation

There is a strong correlation between delay and distance, and certainly, the latest research on geolocation schemes is delay-based geolocation techniques. The search for delay-based geolocation techniques dates back at least to 2001. They use network delay measurements from geographically distributed locations to derive the coordinates of the target host. The main tools are triangulation algorithms, one-way delay estimation algorithms and cartesian coordinate system conversion tools.

The basic measurement consists of three hosts of known location and one host of unknown location. The invention can be seen in figure 2. When the invention has at least three positions of nearby hosts and the distances between the hosts and cloud data, the invention can draw three circle centers H₁,H₂And H₃And their distance radius circle r₁,r₂And r₃. The area of overlap may be the location of the data. Referred to as "triangulation.

1.2.2 one-way delay estimation

Triangulation schemes are mainly based on strong correlation between delay and geographical distance. In previous schemes, round trip delay (RTT) halving algorithms are often used as schemes to approximate the one-way delay, i.e., assuming that the forward and reverse delays are equal to half of the RTT. However, there are several disadvantages: (1) recent research has shown that the delay on the internet is asymmetric between unequal network nodes, such as data owners and servers. (2) Malicious adversaries can manipulate the results by increasing or decreasing the delay; (3) in a real network environment, network congestion and delay jitter (the difference between the maximum delay and the minimum delay) have a greater impact on round-trip delay.

In the present invention, the present invention estimates the delay using a one-way delay (OWD) instead of RTT to reduce the above disadvantages.

The invention uses three distributed agents A₁，A₂，A₃And a cloud storage server S are described as an example. The overall one-way delay estimation algorithm can be divided into two methods, referred to as proxy-proxy (A2A) estimation and proxy-server (A2S) estimation.

Agent-agent estimation (A2A): the proxy node in the solution of the invention is considered trusted. As shown in fig. 3, the present invention makes the subscript of T denote the transmission direction of the data packet. E.g. T₁₂Represents from A₁To A₂Transmission of (a), t₁₂Indicating a smaller transmission time. If agent A sends a timestamp to B, it is clear thatEasy to accomplish, B can calculate T by subtracting the timestamp A sends to B from the timestamp at that time₁₂. Finally, the invention will obtain T₁₂，T₂₁，T₁₃，T₃₁，T₂₃，T₃₂Six parameters of (2). Required time t₁₂Can be calculated by the following formula:

similarly, other parameters t may be calculated in the same manner₂₃And t₁₃。

Proxy-server estimation (A2S): unlike the previous A2A solution, where the server was considered untrusted in A2S, a malicious cloud server might forge the timestamp to hide itself. Abdou proposes an efficient algorithm for estimating OWD. As shown in fig. 2, the present invention requires the server to forward the request to three agents after receiving it. The invention can obtain 9 parameters, T respectively_1S1，T_1S2，T_1S3，T_2S1，T_2S2，T_2S3，T_3S1，T_3S2And T_3S3. Then the invention calculates:

one-way delay T_isCan be calculated by the following formula:

1.2.3 Cartesian coordinate System

When calculating the distance between two points, the earth is not a plane but a sphere, and the earth representing the position is called a geographical coordinate system, which is composed of latitude Φ and longitude λ. The haversine formula may be used to calculate the euclidean distance between two points. For any two points x (phi) on the earth₁,λ₁),y(φ₂,λ₂)：

hav(d/R)＝hav(φ₂-φ₁)+cos(φ₁)cos(φ₂)hav(λ₂-λ₁)；

hav(θ)＝sin²(θ/2)＝(1-cos(θ))/2；

D is the distance between two points, R is the radius of the earth, and the value R of the invention is 6371km generally;

then the invention calculates d: d ═ Rhav^-1(hav(d/R))；

Substituting numerical values:

2 System model

In this section, the present invention will explain the working principles of the distributed data geolocation scheme. The three main entities in fig. 4 are explained first:

the owner of the data. And the entity stores the data into the cloud storage and maintains the data by depending on the cloud server. At the same time, will be responsible for the entire audit process.

And (4) cloud storage. An entity, set by the cloud service provider, is responsible for storing data of the data owner. Meanwhile, cloud storage is required to generate an integrity certificate to realize an auditing function.

A distributed agent. The distributed agent may be a smartphone or landmark host. They exclusively implement challenge-response protocols and collect network delay information separately.

3 threat model

3.1 general description

In this model, a data owner intends to outsource files to a cloud storage provider and claims that the data is stored in a secure and controllable storage server. However, based on many economic incentives, the owner's data may be re-outsourced by the cloud storage provider multiple times, which will pose serious economic and security problems in the cloud storage environment. Further, malicious cloud service providers, who intend to escape local data policing, may make data easily lost or even maliciously stolen.

The present invention contemplates an adversary that may use some special tools to hide its IP address and manipulate other identifying information that may reveal its relative location.

3.2 adversary ability

The present invention considers an adversary as a dishonest prover, with full authority to control its internal storage, servers and networks. That is, an adversary can change the delay in the following ways:

and (4) position measurement. In the countermeasure model of the present invention, to confirm the ability of an adversary to accurately estimate time measurements, the present invention assumes that the adversary has knowledge of the geographic information of all distributed nodes. An adversary may timely falsify responses to meet the correct delay.

And hiding the position. An attacker may (1) use proxy, Virtual Private Network (VPN), or onion routing techniques to hide its IP address. (2) Using ARP spoofing or BGP spoofing attacks, the switch data table is poisoned by redirecting network traffic to other hosts (3) with the same domain name and IP address, so that the data owner accesses the wrong network with the exact same domain name, IP address and unique MAC address, which makes the user unable to learn the data.

The manipulation is delayed. An attacker can randomly manipulate the delay to mislead the user's estimated position.

3.3 adversary limits

A limited number of false responses. It is assumed that the data owner can tolerate several false responses (e.g., response or delay time variations due to the actual internet environment) but the attacker cannot forge invalid evidence to the verifier many times.

An atomic operation. An atomic operation may be one step or multiple operation steps, but the order cannot be interrupted and cut to perform only one of the parts. This means that data reads by the outsource server may prove to take longer to generate than if stored on the cloud storage service provider's local drive.

Quality of service. Dishonest cloud storage service providers re-outsource data based on economic incentives, i.e., they can gain more benefit from re-outsourcing. If the cloud storage service provider provides the outsourcing scheme in the multi-hop mode in the storage, the cloud storage service provider may not respond to the request of the customer in time. In a practical situation, the user may terminate the service agreement because the service offered is lower than the required contract quality.

4 protocol

The whole auditing process can be divided into 6 steps including an initialization algorithm:

4.1 initialization

In order to better reflect the recoverability of the file and simplify the process, the invention firstly assumes that a data owner uses a Reed-Solomon code to encode the data file F encrypted by AES into F so as to further reduce the calculation cost of the resource-limited data owner client, and the encoding operation is completed in an initialization stage.

Now the encoded file F is divided into n file blocks M₁，...，M_nEach block having s sectors, i.e. M_i＝(M_i1，M_i2，...，M_is). Wherein

i 1,2, n, j 1,2, s, p is a large prime number. Setting e: g → G_TIs a bilinear map with three hash functions H, H: {0,1}^*→ G and

let G be the generator of group G. The whole process of the protocol is as follows:

data owner random selection

Then, v ═ g is calculated^α. The private key is sk ═ (α) and the public key is p^k＝(v，{u_j}_1≤j≤s)；

Data owner saves F ═ locally (M)₁，...，M_n). To support dynamic operations, the data owner generates a root R based on the construction of the Merkle hash tree, andand order the storage file block H (M)_i) The hash value of (i ═ 1., n) serves as the leaf node of the MHT. Thereafter, the data owner signs the root node R with his private key α: r^α＝sig_sk(R) in the presence of a catalyst. File tag t ═ sig_sk(R) is stored at the client of the data owner. Thereafter, the data owner M for each block_i＝(M_i1，M_i2，...，M_is) Computing the signature σ_i：

4.2 setting challenges

When a data owner wants to locate data in his cloud, it needs to ask each proxy node to perform distributed operations. It includes two processes of agent selection and challenge arrangement. First, the basic requirement for proxy node selection is random selection. The goal is that an attacker cannot predict not only the proxy address, but also the file block that challenges the selection. Furthermore, agents should be selected near the estimated target cloud server, since not only the number of agents will affect accuracy, but their distance from the server will also have a significant impact. This means that the closer the proxy node is to the server, the more efficiently the data can be located.

The data owner maintains a database S locally that includes listing information for the entire distributed agent to properly perform the distributed challenge. For a certain file F at the owner of the received data_idUpon request, the data owner generates a request to the distributed agent r_iRequest list and file block identification s_iSet of (C) { s ═ s_i，r_i}. To reduce the likelihood of adversary predicting challenging data blocks, data blocks of the file will be randomly selected. After the set is generated, the information of the respective challenge file blocks is sentAnd sending the data to the distributed nodes.

4.3 challenge phase

Each distributed agent receiving the data owner instruction will challenge the cloud storage. The cloud server needs to receive a set of challenge requests and provide a certification result, which contains some information of the integrity verification result and the network measurement.

Distributed agent r_iFile block identifier s_iAnd a random number

Sending to the server with local time stamp of each agent

Signing using a private key

Then, send

Sending the data to a cloud server;

4.4 evidence Generation

The cloud server executes a challenge-response protocol and broadcasts a recoverability certificate to each proxy node. The present invention uses a distributed proxy as verifier and a cloud server as prover to describe this algorithm model:

the cloud server receives the node i request

First, verify

And

meanwhile, the cloud server will return some auxiliary information about the Merkle tree, including the hash value { H (M) of the node where the file block is located_i)}_1≤i≤cAnd data of some children of the tree [ omega ] finally, the cloud server broadcasts evidence to all distributed nodes

4.5 recoverability verification

In the verification stage, the distributed nodes mainly execute a recoverability verification function and extract geographic measurement information, and the method specifically comprises the following five steps:

by obtaining

Verifying signatures

verification e (sig)_sk(R)，g)＝e(R，v)；

Authentication

If the four steps verify successfully, the recoverability verification is passed.

Using local time stamp T_jendCalculate from r_iIs sent out to r_jTotal response time T of received challenge_isj＝T_jend-T_jstart

It is noted that due to the presence of the broadcast mechanism, the authentication algorithm may be executed at a certain node (even the data owner may act as a certain node), while the geographical measurement information requires the participation of all distributed nodes.

And after the algorithm is finished, each node sends the acquired measurement information to a data owner.

4.6 location estimation

The data owner runs a location estimation algorithm to estimate the location of the cloud server. The basic mathematical principle is a positive correlation of distance and delay, and the invention will next discuss and define the relevant parameters.

4.6.1 distance estimation

The data transmission speed is very fast. Data is transmitted through the optical fiber cable to almost

Where c is the speed of light in vacuum (c is 3 × 10)⁸m/s) for deducing the delay of the distance, the speed of the data packet is such that the data transmitted via the internet is already close

This ratio is called the internet Speed (SOI).

However, to achieve better granularity, it is a challenge to better estimate the speed of data transmitted over a cable. In fact, the present invention should be a function of the distance estimated separately and the delay of each node, since the network environment (delay jitter, router detour) of different agents is different. This can be obtained by analyzing a sample scatter plot between geographic distance and network delay. IP addresses of known locations (e.g., universities, companies, etc. with public addresses) are challenged by using ping.

By computing a linear regression function, the distance D can be defined simply as:

D_i＝v_it+b_i；

4.6.2 one-way delay estimation

Each proxy node receives the broadcast and sends all the measurement information I ═ v_i，b_i，T_isjIs sent to the data owner

Optimizing the measurement data by the data owner, and calculating:

meanwhile, the traditional one-way delay estimation is jointly calculated (using a round-trip time halving algorithm), and the invention obtains the final delay estimation:

4.6.3 location algorithm

Through the improvement of the triangulation algorithm, the invention uses a positioning algorithm containing positive and negative constraints for positioning, as shown in fig. 5. Distance-delay relation function D through each proxy node_i＝v_it+b_iCan derive each D_iValue of (proxy node i to server a)_iDistance) of the distance range, determining the maximum and minimum of the distance range on the basis thereof

Then the invention takes the agent node as the center of a circle on the map,

for the range of radii, a circle is drawn, and the centroid coordinates of the overlapping area are considered as the presumed location of the cloud server. If the overlapped area is 0, the cloud server is considered to outsource the data for the second time.

It should be noted that in order to better detect whether the detection adversary is manipulating a delay, the present invention uses max in checking the overlapping area_iTo calculate the distance function and perform the overlap check, if the check area exists, then use min_iAnd substituting the distance function to calculate the mass center.

The effect of the present invention will be described in detail with reference to the experiments.

Simple geo-location algorithms cannot detect whether an adversary manipulates a delay without knowing the user data location. However, for the operation that the broadcast mechanism algorithm mentioned in the invention can effectively detect the malicious attacker, the main method is to utilize the maximum one-way delay estimation value max_i。

Now assume that an adversary can understand all the environmental jitter in the landmark network links and try to manipulate and execute attacks against the target injection delay based on the information that has been acquired. Notably, since the challenge block for integrity audit is randomly generated and the process of generating evidence is involved in random numbers, an attacker cannot shorten the response time by predicting the challenge block and generating data in advance. The only ability of an attacker to influence the outcome of the algorithm by increasing the delay.

Now assume that the network delay jitter is negligible, max_i＝min_i. According to the algorithm provided by the scheme, if the attacker wants to increase a certain max_iThe value of (c):

increase of T_isiThe value of (c). This means that the attacker inserts a delay in responding to the proxy node i. D_iThe increase in (c) may result in the triangulation algorithms not overlapping.

Increase t_iskOr t_isjThe value of (c). That is, a delayed injection attack is performed when broadcasting to the proxy node k or j. To increase t_iskFor example. According to the algorithm of the invention, t is increased_iskWill result in max_iAnd max_kWhile increasing, this will certainly also cause the triangulation algorithm to fail (as shown in fig. 6).

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims

1. a cloud data security positioning method based on integrity audit and communication delay, is characterized in that, the cloud data security positioning method based on integrity audit and communication delay comprises:

In the first step, the data owner encodes the original data file using Reed-Solomon code and encrypts it with AES, and the encoding operation will be completed in the initialization phase;

In the second step, when the data owner wants to locate the data in its cloud, each agent node is required to perform a distributed challenge operation, including two processes of agent selection and challenge arrangement;

In the third step, each distributed agent that receives the instruction of the data owner will challenge the cloud storage; the cloud server needs to receive a set of challenge requests and provide the proof result, which includes the integrity verification result and some information of network measurement;

The fourth step, the cloud server executes the challenge response protocol and broadcasts the recoverability proof to each proxy node;

The fifth step, in the verification phase, the distributed nodes perform the recoverability verification function and extract the geographic measurement information;

The sixth step, the data owner runs the location estimation algorithm to estimate the location of the cloud server; the basic mathematical principle is the positive correlation between distance and delay; use the positioning algorithm containing positive and negative constraints for positioning; through the distance-delay relationship of each proxy node The function D _i =v _i t+bi obtains the value of each D _i , the distance from the agent node _i to the server A _i , and determines the maximum and minimum values of the distance range

Then take the proxy node as the center on the map,

A circle is drawn for the range of the radius, and the center of mass coordinates of the overlapping area is considered to be the presumed position of the cloud server; if the area of the overlapping area is 0, it is considered that the cloud server has outsourced the data twice.

2. The cloud data security positioning method based on integrity audit and communication delay as claimed in claim 1, wherein the first step specifically comprises: dividing the encoded file F into n file blocks M ₁ ,. .., M _n , each block has s sectors, M _i =(M _i1 , M _i2 , . . . , M _is ); where

p is a large prime; let e: G × G → G _T be a bilinear map with three hash functions H, h: {0, 1} ^* → G and

g is the generator of group G, and the whole process of the protocol is as follows:

Data owner randomly selected

Calculate v=g ^α , the private key is sk=(α), the public key is pk=(v, {u _j } _1≤j≤s );

The data owner saves F=(M ₁ , . . . , _Mn ) locally, the data owner generates the root R based on the construction of the Merkle Hash Tree (MHT), and stores the file block H(M _i ) (i=1 _, ^. _sk (R) is stored at the data owner's client; the data owner computes the signature σ _i for each block M _i = (M _i1 , M _i2 , . . . , M _is ):

And φ={σ _i } _1≤i≤n is the set of signatures of all blocks. At this time, the data owner sends F ^* ={F,φ} to the server and keeps the file label t locally, and does not need to store the file locally F ^* .

3. the cloud data security positioning method based on integrity audit and communication time delay as claimed in claim 1, is characterized in that, described second step specifically comprises: data owner maintains a database S locally, and this database includes whole. List information of the distributed agent; after receiving the request for a certain file F _id from the data owner, the data owner generates a request list for the distributed agent _ri and a set of file block identifiers S _i C={S _i , r _i }, will randomly select the data block of the file; after generating the set, send the information of each challenged file block to the distributed nodes.

4. the cloud data security positioning method based on integrity audit and communication delay as claimed in claim 1, is characterized in that, described 3rd step specifically comprises: distributed agent r _i will file block identifier S _i and a The random number _vi is sent to the server, and the local timestamp of each agent is

Sign with private key

Send to cloud server together

5. the cloud data security positioning method based on integrity audit and communication delay as claimed in claim 1, is characterized in that, described 4th step specifically comprises: cloud server receives node i request

Verify first

correctness, and then proceed to the evidence generation algorithm; specific calculation

and

At the same time, the cloud server will return auxiliary information about the merkle tree, including the hash value of the node where the file block is located {H(M _i )} _1≤i≤c and the data of some child nodes of the tree {Ω}; finally, the cloud Server broadcasts evidence to all distributed nodes

6. the cloud data security positioning method based on integrity audit and communication delay as claimed in claim 1, is characterized in that, described 5th step specifically comprises:

obtained by

Verify signature

represents the local timestamp of the ith agent at the start of the challenge;

Obtain R by {H(M _i ), Ω} _1≤i≤c and verify the received sig _sk (R) signature;

Verify that e(sig _sk (R), g) = e(R, v);

verify

If the above steps are verified successfully, the recoverability verification is passed;

Use local timestamp

Calculate the total response time from r _i to r _j receiving the challenge

7. the cloud data security positioning method based on integrity audit and communication delay as claimed in claim 1, is characterized in that, described 6th step specifically comprises:

(1) Distance estimation, the distance D is defined as:

D _i =v _i t+ _bi ;

The relationship function between the estimated distance and the delay of each node, respectively, can be obtained by collecting and analyzing the sample scatter plot between the geographical distance and network delay of each agent node;

(2) One-way delay estimation, each proxy node receives the broadcast and sends all the measurement information I={v _i , _bi , T _isj } to the data owner, and the data owner optimizes the measurement data and calculates:

At the same time, the traditional one-way delay estimates are jointly calculated to obtain the final delay estimates:

(3) Positioning algorithm, use the positioning algorithm containing positive and negative constraints for positioning; obtain the value of each D _i through the distance-delay relationship function D _i =v _i t+bi of each proxy node, that is, the value of each D _i from the proxy node i to The distance of the server A _i , determine the maximum and minimum value of the distance range

Then take the proxy node as the center on the map,

For the range of radius, a circle is drawn, and the coordinates of the center of mass of the overlapping area are considered to be the presumed position of the cloud server; if the area of the overlapping area is 0, it is considered that the cloud server has outsourced the data twice;

8. A distributed node model simulation system applying the cloud data security positioning method based on integrity audit and communication delay according to any one of claims 1 to 7.

9 . A recoverability proof control system applying the cloud data security location method based on integrity audit and communication delay according to any one of claims 1 to 7 .

10. A geolocation system for data in a remote cloud host using the cloud data security location method based on integrity audit and communication delay according to any one of claims 1 to 7.