Summary of the invention
Technical problem: the object of this invention is to provide a kind of method that cloud computation user data checks; public key technology based on homomorphism certification will be improved; obtain the data-privacy protective effect of public cloud system; due to improvement opportunity; add the reliability of inspection; the integrality of the cloud user data ensured; due to this technology bilinear characteristics; thus make to check that user scope expands to multi-user environment; TPA thus simultaneously can perform multiple inspection task, reduces workload further and improves checking efficiency.
Technical scheme: the concrete steps of the method that a kind of cloud computation user data of the present invention checks are as follows:
1) cloud computing user runs key schedule KeyGenerator order to produce PKI pk and private key sk, KeyGenerator is a kind of key schedule, and user is used for generating PKI and private key;
2) for the user data F=(m of given user file
1... .m
n), user data is divided into n block, and each data block is expressed as m
i(1≤i≤n), gets name
kas each user file unique identification, user runs SigGenerator order to generate the label t of user data F; SigGenerator is used for generating the metadata of certification, comprises MAC, signature, or other relevant information being used to check;
3) signature sigma of each data block is then calculated
i, signature set is expressed as Φ={ σ
i}
1≤j≤n, { t, F, Φ } is then sent to Cloud Server by user;
4) examination phase: at examination phase, third party checks that first TPA obtains file label t, and then TPA carrys out certifying signature t by public keys pk, if authentification failure just produces represent that inspection makes mistakes FALSE information, shows that label is imperfect, otherwise enters next step;
5) TPA produces challenge information chal, and " chal " specifies the particular location needing checked data block at examination phase, then challenge information is sent to Cloud Server;
6) Cloud Server is once be subject to challenge information chal, will run GeneratorProof to produce to show that data store the response evidence proof of correctness; GeneratorProof is run by Cloud Server, is used for producing the evidence that data store correctness;
7) then Cloud Server sends proof and stores the proof of correctness to TPA as data;
8) after receiving the corresponding evidence that Cloud Server sends, TPA runs VerifyProof order and checks the correctness that data store, if certification is passed through, show that Cloud Server correctly stores user data, finding out from scheme does not need maintenance customer's private key can not bring any added burden to user at examination phase TPA yet, in addition, owing to not needing to obtain user data in checking process, thus the object of secret protection is reached; By third party, VerifyProof checks that TPA runs and is used for checking that server end beams back the correctness of corresponding evidence.
The inspection that described TPA processes from different user is simultaneously acted on behalf of, the technical support of bilinearity aggregate signature is multiple has the signature of multiple different user to different information to aggregate into single signature, K certification equation is aggregated into one, and check while realizing multitask, concrete steps are as follows:
1) have K user in supposing the system, each user k has
F
k=(m
k, 1, m
k, 2...., m
k, n), k ∈ 1 ...., K}, for specific user k, KeyGenerator order generation system public keys pk and private key pk;
2) establishment stage: for each user data F
k=(m
k, 1, m
k, 2...., m
k, n), k ∈ 1 ...., K}, gets name
kas each user file unique identification, user runs the label t that SigGenerator order carrys out calculation document F
k=name
k|| SSig
sk(name
k), SSig
sk(name
k) be by name
kwith the signature that a kth private key for user produces;
3) then each user k calculates each data block m
k, i(i ∈ 1 ... .n}) signature { σ
k,i}
1≤k≤K(i=1 ..., n); Signature set is expressed as Φ
k={ σ
k,i}
1≤i≤n; User is then by { t
k, F
k, Φ
kbe sent to Cloud Server;
4) first examination phase: TPA obtains the file label t of each user k
k, then TPA verifies each user's signature SSig by public keys
ssk(name
k), if authentification failure just produces FALSE information, show that label is imperfect, otherwise enter next step;
5) then TPA sends and checks that challenge information chal acts on behalf of the data checks of all K user to Cloud Server, Cloud Server after receiving challenge information, for each user i (i ∈ 1 ..., k}), server generates the proof proof of corresponding proof data memory integrity
i(i ∈ 1 ..., and k}), then each user's integrity certification is aggregated into P={proof
i}
1≤i≤k;
6) Cloud Server then having property of return data evidence P={proof
i}
1≤i≤kto TPA, similar with unique user example, TPA runs the correctness that VerifyProof acts on behalf of k user authentication data storage, and batch inspection not only allows TPA to complete multiple check work simultaneously, and the calculating of the traffic and TPA end that greatly reduce cloud server end spends.
Beneficial effect:
1. allow cloud computing user the work of inspection to be submitted to computational resource and the stronger third party of reliability checks, reduce burden that user carries out separately checking and complexity.
2., owing to adding the inspection to data file signature, the reliability checked is improved further, expands the further use of cloud computing.
3. third party is not obtaining user data and carrying out the inspection work of user data correctness under bringing the prerequisite of added burden to cloud computing user, reaches the effect of secret protection.
4. this scheme supports easily extensible and efficient public inspection in cloud computing, particularly supports batch inspection from different user inspection agency, compares concrete single inspection and wants many efficiently with other schemes, and do not bring the increase of communication and amount of calculation.
Embodiment
The invention reside in and improve the existing public key technology based on homomorphism certification, be intended to the reliability guaranteeing to check, the i.e. uniqueness mark of user's selecting file, then private key for user spanned file label is used to unique identification, first client public key certifying signature integrality is used in inspection cloud computing user procedures, complete if sign, then continue to check individual data block, owing to adding the proof procedure to user's signature, compare the existing public key technology based on homomorphism certification, add the reliability of inspection, support the secret protection of cloud computation user data in public inspection simultaneously, namely believable third party is issued to the effect of inspection in the process checked in the prerequisite of the user data mustn't go to, compare some to need user data to submit to third party examiner and want safety many to the object reaching inspection, because user does not want oneself privately owned data to check for inspection side, new unsafe factor can be brought like this, simultaneously owing to checking that task will be dull in heavy one by one, support that batch inspection task will improve checking efficiency greatly, by improving homomorphism authentication techniques, our scheme ensure that the reliability of inspection, compare and directly inspection is carried out to the block of user data and compare, higher safety is had to protect, this authentication mode will optimize existing inspection scheme further.Check process will be made a concrete analysis of below.
One, model and architecture
A) cloud stores service relates to three different entities:
1) cloud terminal use U, he has the data needing in a large number to be stored on Cloud Server;
2) Cloud Server CS(cloud server), it is by cloud service provider CSP(cloud serviceprovider) manage and data storage service be provided and have enough memory spaces and huge computational resource (after this, we will not distinguish for CS and CSP);
3) third party checks TPA, and he has the unexistent professional checking ability of cloud user and agent client request checks cloud storage security;
User relies on Cloud Server CS to carry out cloud storage and data maintenance, and user also can carry out obtaining and renewal rewards theory of data with Cloud Server alternately in order to various application purpose.User also can seek help from TPA and guarantee the data security that they store, and wish store data not understand by TPA, we think that TPA is reliable and independently, and can not privately gang up with CS or user in checking process, the phenomenon of any leaking data or loss in CS all will be found when being checked by TPA.Its concrete data security check system frame diagram is as shown in accompanying drawing 1..
B) public check system framework and definition
Public inspection scheme includes four kinds of algorithms, that is: SigGenerator, GeneratorProof, VerifyProof, KeyGenerator is a kind of key schedule, user is used for generating PKI and private key, SigGenerator is used for generating the metadata of certification, comprise MAC, signature, or other relevant information being used to check, GeneratorProof is run by Cloud Server, be used for producing the evidence that data store correctness, VerifyProof is run by TPA and is used for checking that server end beams back the correctness of corresponding evidence.
Our public check system can be divided into two stages by the scheme that checks above, sets up and checks:
● establishment stage: user, by performing the public and private cipher key of KeyGenerator order initialization system, produces data signature label by using private cipher key preprocessed data file F.Then signature set is produced to data block signature, then the signatures tab of data file F and data file signatures tab and data block is stored on Cloud Server.
● first from cloud service, it obtains file label to examination phase: TPA, then use client public key carry out signature authentication, if certification by will send one check or challenge information guarantee Cloud Server during checking complete preservation data file F to Cloud Server.Cloud Server generates corresponding message by performing GeneratorProof order from storage data and verify data unit and feeds back to TPA, and TPA is then by VerifyProof order certification corresponding message!
Two, existing inspection scheme
Basic scheme 1.
The each data block m of cloud computing user precomputation
i(i ∈ 1 ... n}) MACs, σ
i=MAC
si(i|m
i), by data file F and MACs{ σ
i}
1≤i≤nbe sent on Cloud Server, then private key sk sent to TPA.At examination phase, TPA it is chosen immediately the MACs of some data blocks and their correspondences to confirm the correctness of data file from cloud service, the benefit of this way checks that partial document is easy to many than inspection all files, but, there is following critical defect in this simple solution: needs to obtain user data when 1) TPA checks, this should be prohibited under the prerequisite of privacy of user protection; 2) its communication and computation complexity linear relative to data from the sample survey size, this can cause the extension of the traffic and time delay, particularly particularly evident when limited bandwidth available between TPA and Cloud Server.Its checking process as shown in Figure 2.
Basic scheme 2.
In order to avoid choosing user data from Cloud Server thus protection privacy of user, scheme can make into as follows by we: before user upload the data to Cloud Server, cloud user random selecting s authenticate key { sk
τ}
1≤τ≤s, for whole file system, the MACs of precomputation s correspondence,
these authorize metadata are submitted to TPA.TPA takes a sk at every turn
τto Cloud Server, and require that Cloud Server produces new MAC and compares, so just reach the object of secret protection.The checking process of its correspondence as shown in Figure 3.
Shortcoming:
1) number of times that specific file can be used to check receives the restriction of key number.Once all possible key has been used up, cloud user has to from cloud service, and it has obtained data, thus calculates new MACs for TPA checking from new.
2) TPA has to safeguard state between renewal inspection, records the MAC key had, and considers from multi-user inspection agency potential in a large number, safeguards that so many state is that difficulty produces error with easy for TPA.
This programme: the improvement of the public inspection scheme of secret protection
In order to ensure the reliability checked, in our scheme, existing inspection is improved, the uniqueness mark of first user's selecting file, then private key for user spanned file label is used to unique identification, in inspection cloud computing user procedures, first use client public key certifying signature integrality, if it is complete to sign, then continue to check individual data block, owing to adding the proof procedure to user's signature, compare the existing public key technology based on homomorphism certification, add the reliability of inspection.
In order to be issued to public Checking on effect in the prerequisite not obtaining user data; adopt homomorphism authentication techniques, but, directly adopt these technology and be not suitable for our final purpose; because the linear combination of these data blocks probably demonstrates user data information, violate secret protection principle.Particularly, if the linear combination of the same data block of sufficient amount is collected into, TPA can gently and magnanimous act undertaken for the public good obtains user data content from a series of linear equation.
For this reason, adopt the technology that homomorphism certification combines with random mask, in our agreement, from the linear combination of the data from the sample survey of the response of server cover by the random number that produced by pseudo-random function (PRF), due to the effect covered, TPA is not having the necessary information can setting up correct system of linear equations group, so can not obtain user data content, the linear combination of how many file data blocks is collected into all like this.
Simultaneously, notice in our scheme, we adopt the public key technology based on homomorphism certification, specifically, bilinearity aggregate signature, improves public inspection agreement, and it will make our benifit from multiple design task in the flexibility in polymerization of signing, as shown in Figure 3, in figure, dash area is improved scheme place to its checking process.
Adopt the technology of homomorphism certification can carry out inspection work when user data not being revealed to TPA, make the reliability checked improve further and not bring extra burden to user to the improvement of existing scheme, the support simultaneously criticizing inspection makes the more effective when checking user data of this technology will make a concrete analysis of its inspection step below.
(1) unique user checks scheme
Concrete steps are as follows:
1. establishment stage: cloud computing user runs KeyGenerator order generation system public keys pk and private key sk;
2. for user data F=(m
1... .m
n), get name, as file unique identification, user runs the label t=name||SSig that SigGenerator order carrys out calculation document F
sk(name), SSig
sk(name) be that name private key sk is produced signature;
3. then calculate the signature sigma of each data block
i, i ∈ (1 ... n).Signature set is expressed as Φ={ σ
i}
1≤i≤n.{ t, F, Φ } is then sent to Cloud Server by user;
4. examination phase: at examination phase, first TPA obtains file label t, and then TPA carrys out certifying signature SSig by public keys pk
ssk(name), if authentification failure just produces FALSE information, show that label is imperfect, otherwise enter next step;
5., in order to produce inspection message chal, chal specifies the particular location needing checked data block at examination phase;
6. Cloud Server is once be subject to challenge information proof, will run GeneratorProof to produce to show that data store the response evidence proof of correctness;
7. send proof and store the proof of correctness to TPA as data;
8., after receiving the corresponding evidence that Cloud Server sends, TPA runs VerifyProof order and verifies corresponding correctness by inspection certification equation;
9. if check and pass through, prove storage of subscriber data integrality, user is checked by the agency of third party TPA and passes through, and shows that Cloud Server correctly stores data block;
Clearly the R of random mask does not have anything to affect on the validation verification of data.Concrete flow process as shown in Figure 4.
(2) for the support that the batch of multiple user checks
The inspection work of unique user for TPA be dull with lack efficiency, this programme can support batch inspection, namely the inspection that TPA can process from different user is simultaneously acted on behalf of, the technical support of bilinearity aggregate signature is multiple has the signature of multiple different user to different information to aggregate into single signature, therefore provides effective certification to all information authenticities.Owing to having signature polymerization technique and bilinear characteristic, K certification equation can be aggregated into one by us, therefore checks while multitask that target can realize.
Concrete steps are as follows:
1. have K user in supposing the system, each user k has F
k=(m
k, 1, m
k, 2...., m
k, n), k ∈ 1 ...., K}, for specific user k, KeyGenerator order generation system public keys pk and private key pk;
2. establishment stage: for each user data F
k=(m
k, 1, m
k, 2...., m
k, n), k ∈ 1 ...., K}, gets name
kas each user file unique identification, user runs the label t that SigGen order carrys out calculation document F
k=name
k|| SSig
sk(name
k), SSig
sk(name
k) be by name
kwith the signature that a kth private key for user produces;
3. then each user k calculates each data block m
k, i(i ∈ 1 ... .n}) signature { σ
k,i}
1 < k < K(i=1 ..., n), signature set is expressed as Φ
k={ σ
k,i}
1 < k < n.User is then by { t
k, F
k, Φ
kbe sent to Cloud Server;
4. first examination phase: TPA obtains the file label t of each user k
k, then TPA verifies each user's signature SSig by public keys
ssk(name
k), if authentification failure just produces FALSE information.Show that label is imperfect, otherwise enter next step;
5. then TPA sends and checks that challenge information chal acts on behalf of the data checks of all K user to Cloud Server, Cloud Server after receiving challenge information, for each user i (i ∈ 1 ..., k}), server generates the proof proof of corresponding proof data memory integrity
i(i ∈ 1 ..., and k}), then each user's integrity certification is aggregated into P={proof
i}
1≤i≤k;
6. Cloud Server then having property of return data evidence P={proof
i}
1≤i≤kto TPA, similar with unique user example, TPA runs the correctness that VerifyProof acts on behalf of k user authentication data storage.Criticize and check that not only permission TPA completes multiple check work simultaneously, and greatly reduce the traffic of cloud server end and the calculating cost of TPA end.