CN103944874A - Highly reusable cloud storage data storage verification method and system - Google Patents

Highly reusable cloud storage data storage verification method and system Download PDF

Info

Publication number
CN103944874A
CN103944874A CN201410054969.7A CN201410054969A CN103944874A CN 103944874 A CN103944874 A CN 103944874A CN 201410054969 A CN201410054969 A CN 201410054969A CN 103944874 A CN103944874 A CN 103944874A
Authority
CN
China
Prior art keywords
checking
verification
label
module
current
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410054969.7A
Other languages
Chinese (zh)
Other versions
CN103944874B (en
Inventor
陈开渠
付艳艳
张敏
李�昊
洪澄
冯登国
王蓉
庞妍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NATIONAL SUPERCOMPUTING CENTER IN SHENZHEN
Institute of Software of CAS
Original Assignee
NATIONAL SUPERCOMPUTING CENTER IN SHENZHEN
Institute of Software of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NATIONAL SUPERCOMPUTING CENTER IN SHENZHEN, Institute of Software of CAS filed Critical NATIONAL SUPERCOMPUTING CENTER IN SHENZHEN
Priority to CN201410054969.7A priority Critical patent/CN103944874B/en
Publication of CN103944874A publication Critical patent/CN103944874A/en
Application granted granted Critical
Publication of CN103944874B publication Critical patent/CN103944874B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a highly reusable cloud storage data storage verification method and system. The method includes: receiving a data storage verification query request of a user; confusing a current verification time and obtaining a challenge key sequence number; replacing the current verification time with the challenge key sequence number and obtaining a current challenge key and verification label; selecting P-1 pseudo-random numbers from a pseudo-random number group and mixing the pseudo-random numbers with the current challenge key so as to form a query number group; a server generating a verification label sequence and returning the verification label sequence to a client; and the client filtering the verification label sequence and comparing a filtered verification label with the verification label so as to judge whether a file is destroyed. The beneficial effects of the highly reusable cloud storage data storage verification method and system are capable of obtaining a comparatively high verification credibility at a comparatively small computing cost; and challenges of the file verification label include a real challenge parameter and a series of pseudo-random numbers at each time so that the number of possible pseudo-random labels is increased significantly and thus it is prevented that the user uses a saved correct signature to realize replay attacks.

Description

Cloud storage data storage verification method and the system of high durability
Technical field
The present invention relates to computer realm, more particularly, relate to a kind of cloud storage data storage verification method and system of high durability.
Background technology
Because cloud storage system can provide taking cheap price as enterprises and individuals user the mass data storage management service of resilient expansion as required, save user and document storage system has been carried out to the cost of special maintenance and management, thereby be subject to the welcome in market.
But cloud is stored in when bringing advantage to the user, also new challenge and threat are brought to data protection.Because data are stored in high in the clouds, depart from user and control scope, user cannot carry out Real-Time Monitoring and management to data.If the data in cloud storage and file are because assault, keeper's misoperation, malicious act etc. are tampered or damage, user can only depend on cloud storage system and find these variations.
Because the data volume that cloud storage system need to be checked is huge, be difficult to find in time the variation of data, therefore, cloud storage system is also not exclusively credible.And in some cases, consider for other aspects, cloud service provider can't notify user these variations.Therefore, user need to have a kind of credible means to verify the data mode being kept in cloud storage, thereby tackles data fault in time.
At present, the data storage verification method of cloud storage system is mostly based on metadata verification.User is that each blocks of files generates corresponding metadata in the time that file is uploaded, and whether intact detects file at the corresponding relation of initiating verification metadata and blocks of files content.But this class methods realize the signature algorithm based on complicated mostly, the computing capability of client is had relatively high expectations, and metadata in the time uploading increases with the growth of file computing time.Another method is the integrity verification label by prepare in advance certain number of times for user, in the time that user need to verify, challenge parameter is sent to server, and server regenerates a corresponding checking label, and whether client unanimously judges that by comparing label whether file is complete.The common difficulty in computation of these class methods is low, and simple hash algorithm can satisfy the demands, and uploads time short.But, because client has only been prepared the checking label of quantification, once label is used up, just likely meet with the Replay Attack of server, and cannot continue authenticating documents state.
Cloud storage system lacks a kind of data storage verification method that is applicable to lightweight client.
Summary of the invention
The technical problem to be solved in the present invention is, once the above-mentioned data storage verification method label for prior art is used up, may meet with the Replay Attack of server, and cannot continue the defect of authenticating documents state, a kind of cloud storage data storage verification method and system of high durability are provided, realize in proof procedure and verify and the multiplexing of label increase the availability of verifying label.
The technical solution adopted for the present invention to solve the technical problems is: construct a kind of cloud storage data storage verification method of high durability, comprise the following steps:
S1, set certificate parameter and obscure parameter for each file of uploading onto the server, and determining the blocks of files number that need to read according to single checking confidence level C and file size;
Wherein, certificate parameter comprises: the filename of file, file size, checking times N, single checking confidence level C; Obscuring parameter comprises: pseudorandom array S, pseudorandom array generate key Y, degree of obscuring P;
S2, reception user's data storage revene lookup request, and initiate inquiry request;
S3, current checking number of times is obscured, obtained challenge key sequence number;
S4, replace current checking number of times by challenge key sequence number, obtain current challenge key and checking label;
S5, from pseudorandom array S, select P-1 pseudo random number, and mix with current challenge key, with generated query array, and record the position of current challenge key in inquiry array;
S6, inquiry array, filename and blocks of files number are sent to server;
S7, server generate verification sequence label according to inquiry array, filename and blocks of files number, and return to client;
S8, client are filtered the verification sequence label returning;
Whether S9, client compare the verification label obtaining after filtering and checking label, destroyed to judge file.
In one embodiment, step S2 specifically comprises: calculate challenge key sequence number according to formula (1):
i=j*cur mod N (1)
In formula (1), i is challenge key sequence number, and j is the numerical value of random choose from pseudorandom array S, and cur is current checking number of times, and N is checking number of times.
In one embodiment, described method also comprises: according to current time in system generation random key seed K, generate N random key { K according to random key seed K 1, K 2, K 3k n.
In one embodiment, in step S4, obtaining current challenge key is specially: according to challenging key sequence number from N random key { K 1, K 2, K 3k nin obtain.
In one embodiment, in step S1, determine that according to single checking confidence level C and file size the computational methods of the blocks of files number that need to read are: 1-(1-1%) num=C, wherein num is for generating the needed blocks of files number of checking label, and C is single checking confidence level.
In one embodiment, in step S4, obtaining checking label comprises the following steps:
Within the scope of file size, select num random site;
From each random site start to read the content that length is y byte t1, t2, t3 ... tnum}, deficiency is zero padding;
Read content is linked in sequence, becomes sample files T={t1||t2|| ... || tnum};
With K ifor key, calculate sample files checking label R i, R i=HMAC(T, K i), wherein i is challenge key sequence number;
Y is the size of each blocks of files of presetting.
In one embodiment, in step S9, the verification label obtaining after the filtration verification label identical with the position of the current challenge key of record in inquiry array that be position in verification sequence label.
A cloud storage data storage verification system for high durability, comprising: client and server;
Wherein client comprises: checking preparation module, verify initiation module, obscure module, filtering module, checking correction verification module; Obscure module and comprise challenge key sequence number acquisition module, replacement module, inquiry array generation module and sending module;
Server comprises verification generation module;
Checking preparation module, is used to each file of uploading onto the server set certificate parameter and obscure parameter, and for determining the blocks of files number that need to read according to single checking confidence level C and file size; Wherein, certificate parameter comprises: the filename of file, file size, checking times N, single checking confidence level C; Obscuring parameter comprises: pseudorandom array S, pseudorandom array generate key Y, degree of obscuring P;
Checking initiation module, for receiving user's data storage revene lookup request, and initiates inquiry request;
Challenge key sequence number acquisition module, in the time that checking initiation module is initiated inquiry request, obscures current checking number of times, obtains challenge key sequence number;
Replacement module, for replacing current checking number of times by challenge key sequence number, obtains current challenge key and checking label;
Inquiry array generation module, for selecting P-1 pseudo random number from pseudorandom array S, and mixes with current challenge key, with generated query array, and records the position of current challenge key in inquiry array;
Sending module, for sending to server by inquiry array, filename and blocks of files number;
Verification generation module, for generating verification sequence label according to inquiry array, filename and blocks of files number, and returns to client;
Filtering module, filters for the verification sequence label that verification generation module is returned;
Checking correction verification module, for the verification label obtaining after filtering and checking label are compared, whether destroyed to judge file.
In one embodiment, described client also comprises checking maintenance module, for storing certificate parameter and obscuring parameter, and for upgrading current checking number of times.
In one embodiment, challenge key sequence number acquisition module calculates challenge key sequence number according to formula (1):
i=j*cur mod N (1)
In formula (1), i is challenge key sequence number, and j is the numerical value of random choose from pseudorandom array S, and cur is current checking number of times, and N is checking number of times.
Cloud storage data storage verification method and the system of implementing high durability of the present invention, have following beneficial effect: because true challenge parameter is mixed in pseudorandom array, server cannot be determined true challenge parameter; In the time that pseudorandom array S is enough large, server cannot be determined all possible tally set, and therefore label is sustainable reuses, until all possible label all occurred, can verify that number of times expands to by N time inferior; Can obtain relatively high checking confidence level with less calculation cost, the challenge of file verification label all comprises true challenge parameter and a series of pseudo random number at every turn, possible pseudorandom number of labels is increased, and the correct signature of avoiding server by utilizing to preserve is realized Replay Attack.
Brief description of the drawings
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the flow chart of the cloud storage data storage verification method of the high durability of the embodiment of the present invention;
Fig. 2 is the structured flowchart of the cloud storage data storage verification system of the high durability of the embodiment of the present invention;
Fig. 3 is the mutual schematic diagram of the client and server of the cloud storage data storage verification system of the high durability of the embodiment of the present invention.
Embodiment
Understand for technical characterictic of the present invention, object and effect being had more clearly, now contrast accompanying drawing and describe the specific embodiment of the present invention in detail.
The flow chart of the cloud storage data storage verification method of the high durability that is the embodiment of the present invention referring to Fig. 1.
The cloud storage data storage verification method of the high durability of the embodiment of the present invention comprises the following steps:
S1, set certificate parameter and obscure parameter for each file of uploading onto the server, and determining the blocks of files number that need to read according to single checking confidence level C and file size.
Wherein, certificate parameter comprises: the filename of file, file size, checking times N, single checking confidence level C.Obscuring parameter comprises: pseudorandom array S, pseudorandom array generate key Y, degree of obscuring P.
Size, degree of obscuring P, the pseudorandom array generation key Y etc. of checking times N, single checking confidence level C, pseudorandom array S are set by the user.Pseudorandom array S generates key Y generation based on random algorithm and pseudorandom array.
Determine that according to single checking confidence level C and file size the blocks of files number that need to read comprises the following steps: if file size is x byte (byte), taking y byte as a blocks of files, total x/y blocks of files.In order to meet the requirement of single checking confidence level C, i.e. 1-(1-1%) num=C, wherein num is and generates the needed blocks of files number of checking label.
S2, reception user's data storage revene lookup request, and initiate inquiry request.
S3, current checking number of times is obscured, obtained challenge key sequence number.
Concrete, the cloud storage data storage verification method of the high durability of the embodiment of the present invention also comprises: according to current time in system generation random key seed K, generate N random key { K according to random key seed K 1, K 2, K 3k n.
Step S3 specifically comprises: calculate challenge key sequence number according to formula (1):
i=j*cur mod N (1)
In formula (1), i is challenge key sequence number, and j is the numerical value of random choose from pseudorandom array S, and cur is current checking number of times, and N is checking number of times.Formula (1) is about to after from pseudorandom array S, numerical value j and the current checking number of times cur of random choose multiplies each other, then carries out complementation with checking times N, and the value calculating is challenges key sequence number i.
S4, (i) replace current checking number of times (cur) by challenge key sequence number, obtain current challenge key and checking label.
Wherein, current challenge key is from N random key { K according to challenge key sequence number 1, K 2, K 3k nin obtain.Current challenge key is K i, i is challenge key sequence number.
The acquisition process of checking label comprises: (1) selects num random site within the scope of file size.Concrete, can K 1for random key, for need carry out the file generated num random site that data storage is verified.(2) from each random site start to read the content that length is y byte t1, t2, t3 ... tnum}, deficiency is zero padding.(3) read content is linked in sequence, becomes sample files T={t1||t2|| ... || tnum}.(4) with K ifor key, calculate sample files checking label R i, i.e. R i=HMAC(T, K i), wherein i is challenge key sequence number.
S5, from pseudorandom array S, select P-1 pseudo random number, and mix with current challenge key, with generated query array Q, and record the position of current challenge key in inquiry array.
S6, inquiry array Q, filename and blocks of files are counted to num send to server.
S7, server are counted num according to inquiry array Q, filename and blocks of files and are generated verification sequence label, and return to client.
Concrete: (1) server is taking Q as random key, for need carry out the file generated num random site that data storage is verified.The large I of file obtains from storage server according to filename.The method that server generates num random site is identical with the generation method in step S1.(2) from each random site start to read the content that length is y byte t1, t2, t3 ... tnum}, deficiency is zero padding.(3) read content is linked in sequence, becomes sample files T={t1||t2|| ... || tnum}.(4) taking Q[u] be key, calculate sample files verification sequence label R u', i.e. R u'=HMAC(T, Q[u]), wherein u=1,2 ... P.P is degree of obscuring.Be verification sequence label R u' comprise P check tag.
S8, client are filtered the verification sequence label returning.Concrete, the verification label obtaining after filtration is at verification sequence label R u' in the identical verification label in position in inquiry array Q of the current challenge key of position and record.For example, the position of current challenge key in inquiry array Q is the 5th, verification sequence label R u' in the 5th label be and filter the verification label that obtains.
Whether S9, client compare the verification label obtaining after filtering and checking label, destroyed to judge file.
If verification label is identical with the value of checking label, the file of checking is not destroyed, and its storage at server is normal; If not identical, there is the situations such as destroyed, imperfect in the file of checking.
The cloud storage data storage verification method of the high durability of the embodiment of the present invention also comprises, carries out the renewal of current checking number of times (cur) in step S6, adds 1 by current checking number of times cur, and along with the increase of checking number of times, cur value increases successively.But in the time of execution step S4, cur value will be replaced by challenge key sequence number i.In addition, the renewal of cur value also can be carried out (for example, in step S3) in other steps, to record the current number of times of testing.
Should be understood that step S1-S6 in the cloud storage data storage verification method of high durability of the embodiment of the present invention is by client executing.
The structured flowchart of the cloud storage data storage verification system of the high durability that is the embodiment of the present invention referring to Fig. 2.This system comprises client 1 and server 2.Wherein client 1 comprises: verify preparation module 11, checking maintenance module 12, checking initiation module 13, obscure module 14, filtering module 15, checking correction verification module 16.Server 2 comprises verification generation module 21.
Checking preparation module 11, be used to each file of uploading onto the server set certificate parameter and obscure parameter, and for verifying the definite blocks of files number that need to read of confidence level C and file size according to single and for generate random key seed K according to the current time in system, generating N random key { K according to random key seed K 1, K 2, K 3k n.
Certificate parameter comprises: the filename of file, file size, checking times N, single checking confidence level C.Obscuring parameter comprises: pseudorandom array S, pseudorandom array generate key Y, degree of obscuring P.
Size, degree of obscuring P, the pseudorandom array generation key Y etc. of checking times N, single checking confidence level C, pseudorandom array S are set by the user.Pseudorandom array S generates key Y generation based on random algorithm and pseudorandom array.
Checking preparation module 11 determines that according to single checking confidence level C and file size the blocks of files number that need to read specifically comprises: if file size is x byte (byte), and taking y byte as a blocks of files, total x/y blocks of files.In order to meet the requirement of single checking confidence level C, i.e. 1-(1-1%) num=C, wherein num is and generates the needed blocks of files number of checking label.
Checking maintenance module 12, for storing certificate parameter and obscuring parameter, and for upgrading current checking number of times.The renewal of checking maintenance module 12 to current checking number of times (cur), adds 1 by current checking number of times cur, and along with the increase of checking number of times, cur value increases successively.
Checking initiation module 13, for receiving user's data storage revene lookup request, and initiates inquiry request.
Obscure module 14 and comprise challenge key sequence number acquisition module 141, replacement module 142, inquiry array generation module 143 and sending module 144.
Wherein, challenge key sequence number acquisition module 141, in the time that checking initiation module 13 is initiated inquiry request, obscures current checking number of times, obtains challenge key sequence number.Concrete, calculate challenge key sequence number according to above-mentioned formula (1).
Replacement module 142, for (i) replacing current checking number of times (cur) by challenge key sequence number, obtains current challenge key and checking label.Current challenge key is from N random key { K according to challenge key sequence number 1, K 2, K 3k nin obtain.Current challenge key is K i, i is challenge key sequence number.
The acquisition process of checking label comprises: (1) selects num random site within the scope of file size.Concrete, can K 1for random key, for need carry out the file generated num random site that data storage is verified.(2) from each random site start to read the content that length is y byte t1, t2, t3 ... tnum}, deficiency is zero padding.(3) read content is linked in sequence, becomes sample files T={t1||t2|| ... || tnum}.(4) with K ifor key, calculate sample files checking label R i, i.e. R i=HMAC(T, K i), wherein i is challenge key sequence number.
Inquiry array generation module 143, for selecting P-1 pseudo random number from pseudorandom array S, and mixes with current challenge key, with generated query array Q, and records the position of current challenge key in inquiry array Q.
Sending module 144, sends to server for inquiry array Q, filename and blocks of files are counted to num.
Verification generation module 21, generates verification sequence label for counting num according to inquiry array Q, filename and blocks of files, and returns to client.Concrete: (1) is taking Q as random key, for need carry out the file generated num random site that data storage is verified.The large I of file obtains from storage server according to filename.The method that server generates num random site is identical with the method that client generates num.(2) from each random site start to read the content that length is y byte t1, t2, t3 ... tnum}, deficiency is zero padding.(3) read content is linked in sequence, becomes sample files T={t1||t2|| ... || tnum}.(4) taking Q[u] be key, calculate sample files verification sequence label R u', i.e. R u'=HMAC(T, Q[u]), wherein u=1,2 ... P.P is degree of obscuring.Be verification sequence label R u' comprise P check tag.
Filtering module 15, filters for the verification sequence label that verification generation module 21 is returned.Concrete, the verification label obtaining after filtration is at verification sequence label R u' in the identical verification label in position in inquiry array Q of the current challenge key of position and record.
Checking correction verification module 16, for the verification label obtaining after filtering and checking label are compared, whether destroyed to judge file.If verification label is identical with the value of checking label, the file of checking is not destroyed, and its storage at server is normal; If not identical, there is the situations such as destroyed, imperfect in the file of checking.
Below in conjunction with Fig. 3 and concrete example, the cloud storage data storage verification system of the high durability to the invention described above embodiment is described in detail:
Checking preparation module 11 is set the file by name file1 of user to untrusted server up transfer file, file size is 100MB, checking times N is 1000 times, single checking confidence level is that C is 0.9, degree of obscuring P is 4, and the size of pseudorandom array S is 10000, and pseudorandom array generates key Y=9387862494432, according to the random key seed K=1285572979437 that the current time in system generates, generate N random key { K according to random key seed K 1, K 2, K 3k n.
Checking preparation module 11 is determined the blocks of files number that need to read according to single checking confidence level 0.9 and file size 100MB.Concrete, file size be 104857600 bytes (byte) (100MB), taking 16 bytes as a blocks of files, have 7864320 blocks of files.In order to meet the requirement of single checking confidence level 0.9, i.e. 1-(1-1%) num=0.9, num=229.
Checking maintenance module 12, according to the storage resource request of checking preparation module 11, is stored the parameter of above-mentioned setting.
In the time that user initiates the request of data storage revene lookup by client, checking initiation module 13 receives user's data storage revene lookup request, and initiates inquiry request from checking preparation module 11 obtains relevant parameter.Challenge key sequence number acquisition module 141 is obscured current checking number of times cur, obtains challenge key sequence number.Concrete, challenge key sequence number i=j*cur mod N, wherein, j=S[207], to utilize pseudorandom array to generate key K and 207 and generate, value is 8736; Current checking number of times cur=1, N=1000, obtains i=736 thus.Replacement module 142 use i=736 replace cur, and continue former request, obtain current challenge key and checking label.The current challenge key getting is K 736.
The acquisition process that replacement module 142 obtains checking label is: with K 1for random key, for need carry out 229 random sites of file generated that data storage is verified; And from each random site start to read the content that length is 16 bytes t1, t2, t3 ... t229}, deficiency is zero padding; Read content is linked in sequence, becomes sample files T={t1||t2|| ... || t229}; With K 736for key, calculate sample files checking label R 736, i.e. R 736=HMAC(T, K 736).
Inquiry array generation module 143 is selected 3(P-1 from pseudorandom array S) individual pseudo random number, and mix with current challenge key, with generated query array Q.For example, 3 pseudo random numbers selecting are respectively S[94], S[385] and S[787].Utilize pseudorandom array to generate key K and sequence number (94,385,787) generation, 3 pseudo random numbers are respectively 3489825427445,2654478345628,7674398282265.K 736be 85735279849542.
The inquiry array Q that inquiry array generation module 143 obtains after 3 pseudo random numbers and current challenge key are mixed for S[94], S[385], K 736, S[787], current challenge key K 736position in Q is 3.
Sending module 144 will be inquired about array Q, filename (name) and blocks of files and count num and send to server.
The verification generation module 21 of server 2 is counted num according to inquiry array Q, filename and blocks of files and is generated verification sequence label, and returns to client.Concrete: (1) is taking Q as random key, for need carry out the file generated num(229 that data storage is verified) individual random site; (2) from each random site start to read the content that length is y byte t1, t2, t3 ... t229}, deficiency is zero padding; Read content is linked in sequence, becomes sample files T={t1||t2|| ... || t229}; (3) taking Q[u] be key, calculate sample files verification sequence label R u', i.e. R u'=HMAC(T, Q[u]), wherein u=1,2 ... 4.
The filtering module 15 of client 1 filters the verification sequence label returning.
The checking correction verification module 16 of client 1 is drilled the check tag that obtains after filtering and proof list to compare to judge that whether file is destroyed.Concrete filtering module 15 gets verification sequence label meta and is set to 3 checking label R 3'.Checking correction verification module 16 is by the verification label R obtaining after filtering 3' and checking label R 736compare, whether destroyed to judge file.If verification label R 3' and checking label R 736value identical, the file of checking is not destroyed, its storage at server is normal; If not identical, there is the situations such as destroyed, imperfect in the file of checking.
In the cloud storage data storage verification system of the high durability of the embodiment of the present invention, checking maintenance module 12 plays the effects such as storage and the renewal of current checking number of times.In addition, the system of the embodiment of the present invention also can comprise a memory module, for storing the checking label of each file, in the time that checking maintenance module 12 is initiated the request of storage checking label inquiry maintenance, memory module is returned to corresponding file verification label or is safeguarded result.
Should be understood that in embodiments of the invention, determining of blocks of files number also can be calculated by replacement module 142, or calculate in step S4, the application is not restricted this.
Cloud storage data storage verification method and the system of the high durability of the embodiment of the present invention, can make file verification label can be recycled: because true challenge parameter is mixed in pseudorandom array, server cannot be determined true challenge parameter.In the time that pseudorandom array S is enough large, server cannot be determined all possible tally set, and therefore label is sustainable reuses, until all possible label all occurred, can verify that number of times expands to by N time inferior.This be due to, if there is no obscuring and mixed process of step S3 and S5, through N time order challenge, server can be understood all challenge parameter and label.When introducing after pseudorandom array S, at server, all number of tags of challenging become | S|+N, and each checking only consumes P label, therefore, when after inferior challenge, server could obtain the secret key of all challenges and label.Thus, checking number of times expands to by N time inferior.
Thus, in above-mentioned example, it is 10000+1000 that the cloud storage data storage verification method of the high durability by the embodiment of the present invention makes possible checking label, can verify at least 11000/P=11000/4=2750 time.And the method for employing prior art, 1000 labels can only be supported to verify 1000 times.The cloud storage data storage verification method of the high durability of the embodiment of the present invention has increased checking label reusability.
The server that the cloud storage data storage verification method of the high durability of the embodiment of the present invention and system can upload to untrusted at file (for example, cloud storage server) before, the secret of holding according to user and other parameters are file generated checking label in advance, and generate a series of pseudorandom arrays, preserve simultaneously and safeguard all parameters; In the time of authenticating documents, user, except specifying real challenge parameter, also selects the disturbance parameter of some from pseudorandom array, and these parameters are mixed, and initiates challenge to server; Server regenerates multiple verification labels according to all parameters, and user only needs to verify label corresponding to real challenge parameter, can judge file status.The method and system of the embodiment of the present invention can obtain relatively high checking confidence level with less calculation cost, the challenge of file verification label all comprises true challenge parameter and a series of pseudo random number at every turn, possible pseudorandom number of labels is increased, and the correct signature of avoiding server by utilizing to preserve is realized the possibility of Replay Attack.
In flow chart or in an embodiment of the present invention, otherwise any process of description or method are described and can be understood to, represent to comprise that one or more is for realizing the module of code of executable instruction of step of specific logical function or process, fragment or part, and the scope of embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by those skilled in the art described in embodiments of the invention.
By reference to the accompanying drawings embodiments of the invention are described above; but the present invention is not limited to above-mentioned embodiment; above-mentioned embodiment is only schematic; instead of restrictive; those of ordinary skill in the art is under enlightenment of the present invention; not departing from the scope situation that aim of the present invention and claim protect, also can make a lot of forms, within these all belong to protection of the present invention.

Claims (10)

1. a cloud storage data storage verification method for high durability, is characterized in that, comprises the following steps:
S1, set certificate parameter and obscure parameter for each file of uploading onto the server, and determining the blocks of files number that need to read according to single checking confidence level C and file size;
Wherein, certificate parameter comprises: the filename of file, file size, checking times N, single checking confidence level C; Obscuring parameter comprises: pseudorandom array S, pseudorandom array generate key Y, degree of obscuring P;
S2, reception user's data storage revene lookup request, and initiate inquiry request;
S3, current checking number of times is obscured, obtained challenge key sequence number;
S4, replace current checking number of times by challenge key sequence number, obtain current challenge key and checking label;
S5, from pseudorandom array S, select P-1 pseudo random number, and mix with current challenge key, with generated query array, and record the position of current challenge key in inquiry array;
S6, inquiry array, filename and blocks of files number are sent to server;
S7, server generate verification sequence label according to inquiry array, filename and blocks of files number, and return to client;
S8, client are filtered the verification sequence label returning;
Whether S9, client compare the verification label obtaining after filtering and checking label, destroyed to judge file.
2. the cloud storage data storage verification method of high durability according to claim 1, is characterized in that, step S2 specifically comprises: calculate challenge key sequence number according to formula (1):
i=j*cur mod N (1)
In formula (1), i is challenge key sequence number, and j is the numerical value of random choose from pseudorandom array S, and cur is current checking number of times, and N is checking number of times.
3. according to the cloud storage data storage verification method of the high durability described in claim 1-2 any one, it is characterized in that, described method also comprises: according to current time in system generation random key seed K, generate N random key { K according to random key seed K 1, K 2, K 3k n.
4. the cloud storage data storage verification method of high durability according to claim 3, is characterized in that, obtains current challenge key and be specially in step S4: according to challenging key sequence number from N random key { K 1, K 2, K 3k nin obtain.
5. the cloud storage data storage verification method of high durability according to claim 3, is characterized in that, determines that the computational methods of the blocks of files number that need to read are: 1-(1-1%) in step S1 according to single checking confidence level C and file size num=C, wherein num is for generating the needed blocks of files number of checking label, and C is single checking confidence level.
6. the cloud storage data storage verification method of high durability according to claim 5, is characterized in that, obtains checking label and comprise the following steps in step S4:
Within the scope of file size, select num random site;
From each random site start to read the content that length is y byte t1, t2, t3 ... tnum}, deficiency is zero padding;
Read content is linked in sequence, becomes sample files T={t1||t2|| ... || tnum};
With K ifor key, calculate sample files checking label R i, R i=HMAC(T, K i), wherein i is challenge key sequence number;
Y is the size of each blocks of files of presetting.
7. the cloud storage data storage verification method of high durability according to claim 1, it is characterized in that, in step S9, the verification label obtaining after the filtration verification label identical with the position of the current challenge key of record in inquiry array that be position in verification sequence label.
8. a cloud storage data storage verification system for high durability, is characterized in that, comprising: client (1) and server (2);
Wherein client (1) comprising: checking preparation module (11), checking initiation module (13), obscure module (14), filtering module (15), checking correction verification module (16); Obscure module (14) and comprise challenge key sequence number acquisition module (141), replacement module (142), inquiry array generation module (143) and sending module (144);
Server (2) comprises verification generation module (21);
Checking preparation module (11), is used to each file of uploading onto the server set certificate parameter and obscure parameter, and for determining the blocks of files number that need to read according to single checking confidence level C and file size; Wherein, certificate parameter comprises: the filename of file, file size, checking times N, single checking confidence level C; Obscuring parameter comprises: pseudorandom array S, pseudorandom array generate key Y, degree of obscuring P;
Checking initiation module (13), for receiving user's data storage revene lookup request, and initiates inquiry request;
Challenge key sequence number acquisition module (141), in the time that checking initiation module (13) is initiated inquiry request, obscures current checking number of times, obtains challenge key sequence number;
Replacement module (142), for replacing current checking number of times by challenge key sequence number, obtains current challenge key and checking label;
Inquiry array generation module (143), for selecting P-1 pseudo random number from pseudorandom array S, and mixes with current challenge key, with generated query array, and records the position of current challenge key in inquiry array;
Sending module (144), for sending to server by inquiry array, filename and blocks of files number;
Verification generation module (21), for generating verification sequence label according to inquiry array, filename and blocks of files number, and returns to client;
Filtering module (15), filters for the verification sequence label that verification generation module (21) is returned;
Checking correction verification module (16), for the verification label obtaining after filtering and checking label are compared, whether destroyed to judge file.
9. the cloud storage data storage verification system of high durability according to claim 8, is characterized in that, described client also comprises checking maintenance module (12), for storing certificate parameter and obscuring parameter, and for upgrading current checking number of times.
10. the cloud storage data storage verification system of the high durability described according to Claim 8-9 any one, is characterized in that, challenge key sequence number acquisition module (141) calculates challenge key sequence number according to formula (1):
i=j*cur mod N (1)
In formula (1), i is challenge key sequence number, and j is the numerical value of random choose from pseudorandom array S, and cur is current checking number of times, and N is checking number of times.
CN201410054969.7A 2014-02-18 2014-02-18 Highly reusable cloud storage data storage verification method and system Active CN103944874B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410054969.7A CN103944874B (en) 2014-02-18 2014-02-18 Highly reusable cloud storage data storage verification method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410054969.7A CN103944874B (en) 2014-02-18 2014-02-18 Highly reusable cloud storage data storage verification method and system

Publications (2)

Publication Number Publication Date
CN103944874A true CN103944874A (en) 2014-07-23
CN103944874B CN103944874B (en) 2017-01-25

Family

ID=51192358

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410054969.7A Active CN103944874B (en) 2014-02-18 2014-02-18 Highly reusable cloud storage data storage verification method and system

Country Status (1)

Country Link
CN (1) CN103944874B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104811300A (en) * 2015-04-22 2015-07-29 电子科技大学 Secret key updating method for cloud storage and implementation method of cloud data auditing system
CN106161523A (en) * 2015-04-02 2016-11-23 腾讯科技(深圳)有限公司 A kind of data processing method and equipment
CN106612274A (en) * 2016-07-25 2017-05-03 四川用联信息技术有限公司 Homogeneity-based shared data verification algorithm in cloud computing
CN108737438A (en) * 2018-06-02 2018-11-02 桂林电子科技大学 Take precautions against the identity identifying method in sudden and violent library
CN114584328A (en) * 2022-05-09 2022-06-03 武汉四通信息服务有限公司 API interface access method, computer device and computer storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080091613A1 (en) * 2006-09-28 2008-04-17 Microsoft Corporation Rights management in a cloud
CN102045356B (en) * 2010-12-14 2013-04-10 中国科学院软件研究所 Cloud-storage-oriented trusted storage verification method and system
CN102611749B (en) * 2012-01-12 2014-05-28 电子科技大学 Cloud-storage data safety auditing method
CN103425941B (en) * 2013-07-31 2016-12-28 数安时代科技股份有限公司 The verification method of cloud storage data integrity, equipment and server

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161523A (en) * 2015-04-02 2016-11-23 腾讯科技(深圳)有限公司 A kind of data processing method and equipment
CN106161523B (en) * 2015-04-02 2019-11-22 腾讯科技(深圳)有限公司 A kind of data processing method and equipment
CN104811300A (en) * 2015-04-22 2015-07-29 电子科技大学 Secret key updating method for cloud storage and implementation method of cloud data auditing system
CN104811300B (en) * 2015-04-22 2017-11-17 电子科技大学 The key updating method of cloud storage and the implementation method of cloud data accountability system
CN106612274A (en) * 2016-07-25 2017-05-03 四川用联信息技术有限公司 Homogeneity-based shared data verification algorithm in cloud computing
CN108737438A (en) * 2018-06-02 2018-11-02 桂林电子科技大学 Take precautions against the identity identifying method in sudden and violent library
CN114584328A (en) * 2022-05-09 2022-06-03 武汉四通信息服务有限公司 API interface access method, computer device and computer storage medium
CN114584328B (en) * 2022-05-09 2022-08-02 武汉四通信息服务有限公司 API interface access method, computer device and computer storage medium

Also Published As

Publication number Publication date
CN103944874B (en) 2017-01-25

Similar Documents

Publication Publication Date Title
CN107295002B (en) Cloud data storage method and server
US10027473B2 (en) Verifiable redactable audit log
CN102045356B (en) Cloud-storage-oriented trusted storage verification method and system
CN102170440B (en) Method suitable for safely migrating data between storage clouds
CN101482887B (en) Anti-tamper verification method for key data in database
US8701209B2 (en) Measurement data management and authentication method and measurement data management and authentication system
CN103944874A (en) Highly reusable cloud storage data storage verification method and system
CN202795383U (en) Device and system for protecting data
CN104572357A (en) Backup and recovery method for HDFS (Hadoop distributed filesystem)
Kumar et al. Ensuring data storage security in cloud computing using Sobol Sequence
US11803461B2 (en) Validation of log files using blockchain system
US12013972B2 (en) System and method for certifying integrity of data assets
CN104219232B (en) Method for controlling file security of block distributed file system
WO2021034274A1 (en) Blockchain for operational data security in industrial control systems
CN111899019A (en) Method and system for cross validation and sharing of blacklist and multiple parties
EP3436949A1 (en) Data recovery with authenticity
CN103368926A (en) Method for preventing file tampering and device for preventing file manipulation
KR101443508B1 (en) Method and system of data integrity verification for cloud computing
CN110493011B (en) Block chain-based certificate issuing management method and device
CN112115101B (en) Method and system for determinacy deletion of data in cloud storage
KR101633778B1 (en) Security system and control method using black box for guaranteeing data integrity
US20230009460A1 (en) Trail recording system and data verification method
Burns et al. Verifiable audit trails for a versioning file system
CN115221136A (en) Log tamper-proof verification system, method and device and computer equipment
US10425233B2 (en) Method for automatically verifying a target computer file with respect to a reference computer file

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant