CN106611136A - Data tampering verification method in cloud storage - Google Patents

Data tampering verification method in cloud storage Download PDF

Info

Publication number
CN106611136A
CN106611136A CN201610511021.9A CN201610511021A CN106611136A CN 106611136 A CN106611136 A CN 106611136A CN 201610511021 A CN201610511021 A CN 201610511021A CN 106611136 A CN106611136 A CN 106611136A
Authority
CN
China
Prior art keywords
data
lattice
index
cloud storage
challenge
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610511021.9A
Other languages
Chinese (zh)
Inventor
范勇
胡成华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Yonglian Information Technology Co Ltd
Original Assignee
Sichuan Yonglian Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Yonglian Information Technology Co Ltd filed Critical Sichuan Yonglian Information Technology Co Ltd
Priority to CN201610511021.9A priority Critical patent/CN106611136A/en
Publication of CN106611136A publication Critical patent/CN106611136A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data tampering verification method in cloud storage. The method comprises the following steps: partitioning data by use of lattice theory, and then performing hashing to generate an index label and a header containing data dynamic information, transforming header data into leaf nodes of an MHT hashing tree, and saving the leaf nodes, and then respectively mapping a data block value and a data block index to two lattices to generate a coset of intersection of the two lattices, and computing a short vector in the coset by use of a short basis to generate a signature of a data block; combining the block index with a challenge weight to form a challenge request in verification, and designing a computing function to compute a data integrity evidence, wherein the evidence is used for computing whether the data is illegally accessed and tampered. The method disclosed by the invention is high in security and free from data copy operation; the communication expenditure and computation cost are lowered; and the verification can be synchronously initiated to multiple tasks so that the efficiency is improved.

Description

A kind of data tampering verification method in cloud storage
Technical field
The present invention relates to cloud computing, cloud storage field, are specifically related to information security field.
Background technology
With the development of cloud computing technology, beyond the clouds, user also tends to information be uploaded in cloud substantial amounts of application memory To save locally stored resource.But, while cloud storage offers convenience, also bring new safety problem, information leakage It is problem that each user worries, it is many that the computing environment of the data and complexity of high concentration causes user data to be subjected to Threaten.As system complexity rises, vulnerability is consequently increased.Secondly, multi-tenant shares cloud computing resources, is subjected to data The risk of damage is bigger.Under cloud computing environment, the resource customized between tenant and tenant typically by logic method every From.Attacker's possible spoofing of malice is launched a offensive into tenant from inside, invades the data of other users.
In information Store, divulged a secret by fly-by-night cloud service provider, or peeped by malicious user, replicate leakage, data Loss etc. is caused by attack, becomes current challenge, then how to verify whether data are divulged a secret by fraudulent copying, distorted In order to solve this problem, researchers propose certain methods, but the security model adopted by these methods is base mostly Difficult problem is calculated in big number decomposition and discrete logarithm etc..There is method to propose that a kind of data based on sentry post can recover proof mechanism, The mechanism can not only recognize the behavior that data integrity is invaded on remote node, and can also recover a part of damaged data.But The mechanism does not support open checking, and can only carry out limited number of time checking, and another is used to verify that data are complete on insincere node Integrity verification model, referred to as the data property held prove that the model supports disclose checking, and are not limited by checking number of times;But Calculation cost and communication overhead are larger, and security model is based on big number decomposition computation hardly possible problem.
Thus, present invention proposition is a kind of can carry out unusual fluctuation (bag in the case of no data copy to the data in cloud storage Include unauthorized access and duplication, distort) checking, and can support that data owner is updated to data.
The content of the invention
For the above-mentioned deficiency of prior art, the present invention proposes a kind of data tampering verification method in cloud storage.
To solve the problems, such as appeal, the present invention is achieved by the following technical solutions:
The inventive method application case theory, Hash after deblocking generate index tab and comprising data multidate information Gauge outfit, gauge outfit data are converted into the leaf node of MHT Hash trees and store, and then map data block value and data block index respectively To on two lattice, the coset that two lattice occur simultaneously then is generated, the signature that the short amount in coset generates data block is calculated with short base; During checking, block is indexed and challenged weight and combines composition challenge request, design calculates function and calculates the complete evidence of data, by evidence Calculate whether data are distorted by unauthorized access.
In cloud storage, a kind of data tampering verification method, specifically includes following steps:
Step 1:The generation of dynamic operation function and file index information.
Step 2:Multidate information is implanted into and data public-key cryptographic keys are generated.
Step 3:Lattice theory calculates the digital signature of data.
Step 4:Certificate parameter is generated.
Step 5:The checking of data dynamic and integrity.
The invention has the beneficial effects as follows:
1st, safe, no data copy is operated, and reduces communication-cost and calculation cost.
2nd, simultaneously multiple tasks can be initiated to verify, improves efficiency.
Specific embodiment
For a kind of data tampering verification method in cloud storage, which comprises the following steps that:
Step 1:The generation of dynamic operation function and file index information
VectorIt is one group of linearly independent vector, then the lattice Λ for having B generations is:
Wherein c ∈ ZnRepresent that c is defined in the n-ary function on Z, B is referred to as the base of lattice Λ.For given ZnIn, 2 n dimensions Lattice Λ1With Λ2It is coprime, i.e. Λ12=Zn, have:
If the lattice vector of one group of full rankThen there is another group of a multinomial algorithm generation and meet commercial city length about The short base T of beam, i.e.,:
For the file F that will store cloud, n blocks of files is classified as, blocks of files is represented with m, i.e.,:
F={ m1, m2..., mn}
A gauge outfit is generated, comprising 5 row, respectively data modification (M), data insertion (T), data deletion (D), data are visited Ask number of times (N), modification time (time), front 4 initial values are all 0, and time term record is last modification time.
Using hash algorithm, to data block mi(1≤i≤n) carries out Hash, generates data block summary h (mi), wherein h (mi) | | i is indexed for data block.
Step 2:Multidate information is implanted into and data public-key cryptographic keys are generated
P, q represent two different prime numbers, and it is Λ, Λ to define three lattice1、Λ2, wherein Λ=Λ1∩Λ2, Λ1=pZn,T=Tq, it is one group of short base of Λ kinds.
Define hash function H:Define s,So public key PK is defined as:Pk =(Λ, Λ1, Λ2, s, H), private key SK=T.
Defined function f (t)=(N, M, T, D), y → f (t), using f (t) as the leaf node of MHT Hash trees, iterate to calculate Go out root hashed value RMHTAnd as checking metadata storage, root node y is hashed in ciphering process, access is received per secondary data During request, according to access request operation note f (t) value, N is embodied in, the change of tetra- values of M, T, D is above.That is work as number When according to there is operation, R 'MHT≠RMHT, return R 'MHTValue, parsing is obtained N, the value of M, T, D, and determines that data were carried out Which operation.
Data F are encrypted with public key, obtain ciphertext data CF
Step 3:Lattice theory calculates the digital signature of data
There are two lattice, Λ12=Zn, by data block miWith h (mi) be respectively mapped on two lattice:
Wherein p, q represent two different prime numbers, as the homorphism of rings is expressed as:And there is one group completely The lattice vector of orderThen:AndT represents one group of short lattice, makes δi=min (Ti), then have:
δi=mod Λ1modΛ2·H(h(mi)||i)
δiRepresent several piece miDigital signature, Φ={ δi, Φ represents the signature set of generation.Then by ciphertext dataHigh in the clouds, locally stored sk are uploaded to digital signature set Φ.
Step 4:Certificate parameter is generated
During checking, server parses Λ first1, Λ2, s, i information, then from block index { h (mi) | | i } middle extraction j Index block is corresponded to the challenge index of extraction in challenge indexed set J, J=(j as challenge index1, j2..., jj), for Each challenge index block ji(1≤i≤j) randomly selects challenge weight ui,Will the two in combination as Challenge request chal=(ji, ui)j∈J, it is subsequently sent to server.
After server receives challenge request chal, using { the C to storeF, Φ } and calculation of integrity evidence Γ=(μ, σ), The computational methods of μ, σ are as follows:
Meanwhile, by hashed value f (t) and its checking information { H (m of chal data blocksi), ΓiTogether with μ, the value one of σ rises It is sent to checking port.
Step 5:The checking of data dynamic and integrity
5.1 dynamic authentication
The data for receiving are by f (t) and { H (mi), ΓiAfter, using f (t) as the leaf node of MHT Hash trees, iterate to calculate out Root hashed value R 'MHT;As R 'MHT≠RMHT, return R 'MHTValue, parsing is obtained N, the value of M, T, D, time, and determines that data are entered Went which operation.
5.2 integrity verification
After receiving the checking data of attached return, user parsing Γ=(μ, σ) makes the following judgment:
σ modp=μ;
For j ∈ J, calculate:
αi=H { h (mi) | | i },
Judge:
Whether set up, if establishment, then illustrate complete during data, be false, then data are damaged;What output was destroyed Data block.

Claims (6)

1. a kind of data tampering verification method in cloud storage, the present invention relates to cloud computing, cloud storage field, are specifically related to information Security fields, is characterized in that, comprise the steps:
Step 1:The generation of dynamic operation function and file index information
Step 2:Multidate information is implanted into and data public-key cryptographic keys are generated
Step 3:Lattice theory calculates the digital signature of data
Step 4:Certificate parameter is generated
Step 5:The checking of data dynamic and integrity.
2., according to a kind of data tampering verification method in the cloud storage described in claim 1, it is characterized in that, it is concrete in step 1 Calculating process it is as follows:
Step 1:The generation of dynamic operation function and file index information
VectorIt is one group of linearly independent vector, then the lattice Λ for having B generations is:
WhereinRepresent that c is defined in the n-ary function on Z, B is referred to as the base of lattice Λ, for givenIn, 2 n dimensions LatticeIt is coprime, i.e.,, have:
If the lattice vector of one group of full rank, then there is another group of a multinomial algorithm generation and meet commercial city length constraint Short base T, i.e.,:
For the file F that will store cloud, n blocks of files is classified as, blocks of files is represented with m, i.e.,:
A gauge outfit is generated, comprising 5 row, respectively data modification(M), data insertion(T), data deletion(D), data access time Number(N), modification time(time), front 4 initial values are all 0, and time term record is last modification time
Using hash algorithm, to data blockHash is carried out, data block summary is generated, whereinIndex for data block.
3., according to a kind of data tampering verification method in the cloud storage described in claim 1, it is characterized in that, it is concrete in step 2 Elaborate process it is as follows:
Step 2:Multidate information is implanted into and data public-key cryptographic keys are generated
P, q represent two different prime numbers, define three lattice and are, wherein It isThe one group of short base planted
Define hash function H:, s is defined,, so public key PK is defined as:, private key SK=T
Defined functionft)=(N,M,T,D),, willft)As the leaf node of MHT Hash trees, iterate to calculate out Root hashed valueAnd as checking metadata storage, root node y is hashed in ciphering process, access is received per secondary data During request, according to access request operation noteft)Value, is embodied in N, and the change of tetra- values of M, T, D is above, that is to say, that work as number When according to there is operation,ReturnValue, parsing is obtained N, the value of M, T, D, and determines number According to which operation carried out, data F are encrypted with public key, obtain ciphertext data
4., according to a kind of data tampering verification method in the cloud storage described in claim 1, it is characterized in that, step 3 it is concrete Calculating process is as follows:
Step 3:Lattice theory calculates the digital signature of data
There are two lattice,, by data blockWithIt is respectively mapped on two lattice:
Wherein p, q represent two different prime numbers, due toAnd there is one group of full rank Lattice vector, then:T represents one group of short lattice, order, Then have:
,, Φ represents the signature set of generation, then by ciphertext data High in the clouds, locally stored sk are uploaded to digital signature set Φ.
5., according to a kind of data tampering verification method in the cloud storage described in claim 1, it is characterized in that, step 4 it is concrete Calculating process is as follows:
Step 4:Certificate parameter is generated
During checking, server is parsed firstInformation, then from block index| | i } middle extraction j Index block corresponds to the challenge index of extraction in challenge indexed set J as challenge index,, it is right In each challenge index blockRandomly select challenge weightThe two is combined As challenge requestIt is subsequently sent to server
Server receives challenge requestchalAfterwards, using storingCalculation of integrity evidence Computational methods it is as follows:
Meanwhile, by the hashed value of chal data blocksft)And its checking informationTogether withValue be sent collectively to Checking port.
6., according to a kind of data tampering verification method in the cloud storage described in claim 1, it is characterized in that, described in step 5 Calculating process it is as follows:
Step 5:The checking of data dynamic and integrity
5.1 dynamic authentication
The data for receiving willft)WithAfterwards, willft)As the leaf node of MHT Hash trees, root is iterated to calculate out Hashed valueWhenReturnValue, parsing N, M, T, D is obtained,timeValue, and determine Which operation was data carried out
5.2 integrity verification
After receiving the checking data of attached return, user's parsingMake the following judgment:
ForCalculate:
Judge:
Whether set up, if establishment, then illustrate complete during data, be false, then data are damaged;The destroyed data of output Block.
CN201610511021.9A 2016-07-01 2016-07-01 Data tampering verification method in cloud storage Pending CN106611136A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610511021.9A CN106611136A (en) 2016-07-01 2016-07-01 Data tampering verification method in cloud storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610511021.9A CN106611136A (en) 2016-07-01 2016-07-01 Data tampering verification method in cloud storage

Publications (1)

Publication Number Publication Date
CN106611136A true CN106611136A (en) 2017-05-03

Family

ID=58614896

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610511021.9A Pending CN106611136A (en) 2016-07-01 2016-07-01 Data tampering verification method in cloud storage

Country Status (1)

Country Link
CN (1) CN106611136A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107317819A (en) * 2017-07-13 2017-11-03 北京邮电大学 Encryption method, decryption method and its device of conventional data based on trust data form
CN107423637A (en) * 2017-07-31 2017-12-01 南京理工大学 Support the traceable integrality auditing method of electronic health record data on cloud
CN107508801A (en) * 2017-08-04 2017-12-22 安徽智圣通信技术股份有限公司 A kind of file tamper-proof method and device
CN108647230A (en) * 2018-03-29 2018-10-12 深圳市网心科技有限公司 Distributed storage method, electronic device and storage medium
CN109257954A (en) * 2017-05-15 2019-01-22 松下电器(美国)知识产权公司 Verification method, verifying device and program
CN111090386A (en) * 2018-10-23 2020-05-01 北京白山耘科技有限公司 Cloud storage method, device and system and computer equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105320899A (en) * 2014-07-22 2016-02-10 北京大学 User-oriented cloud storage data integrity protection method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105320899A (en) * 2014-07-22 2016-02-10 北京大学 User-oriented cloud storage data integrity protection method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
谭霜 等: "云存储中一种基于格的数据完整性验证方法", 《计算机研究与发展》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109257954A (en) * 2017-05-15 2019-01-22 松下电器(美国)知识产权公司 Verification method, verifying device and program
CN109257954B (en) * 2017-05-15 2022-10-28 松下电器(美国)知识产权公司 Authentication method, authentication device, and computer-readable recording medium
CN107317819A (en) * 2017-07-13 2017-11-03 北京邮电大学 Encryption method, decryption method and its device of conventional data based on trust data form
CN107423637A (en) * 2017-07-31 2017-12-01 南京理工大学 Support the traceable integrality auditing method of electronic health record data on cloud
CN107423637B (en) * 2017-07-31 2020-07-31 南京理工大学 Integrity auditing method supporting traceability of electronic medical record data on cloud
CN107508801A (en) * 2017-08-04 2017-12-22 安徽智圣通信技术股份有限公司 A kind of file tamper-proof method and device
CN108647230A (en) * 2018-03-29 2018-10-12 深圳市网心科技有限公司 Distributed storage method, electronic device and storage medium
CN108647230B (en) * 2018-03-29 2021-10-08 深圳市网心科技有限公司 Distributed storage method, electronic device, and storage medium
CN111090386A (en) * 2018-10-23 2020-05-01 北京白山耘科技有限公司 Cloud storage method, device and system and computer equipment
CN111090386B (en) * 2018-10-23 2023-12-19 北京白山耘科技有限公司 Cloud storage method, device, system and computer equipment

Similar Documents

Publication Publication Date Title
CN110300112B (en) Block chain key hierarchical management method
CN106611136A (en) Data tampering verification method in cloud storage
CN113364600B (en) Certificateless public auditing method for integrity of cloud storage data
Zheng et al. Fair and dynamic proofs of retrievability
CN113556322B (en) Cloud data integrity verification method based on blockchain
CN103501352B (en) A kind of cloud storage data method for auditing safely allowing group user identity to cancel
CN110719165B (en) Block chain distributed dynamic network key generation and encryption method
CN108039943B (en) Verifiable encryption searching method
CN111130757A (en) Multi-cloud CP-ABE access control method based on block chain
Yu et al. Comments on “public integrity auditing for dynamic data sharing with multiuser modification”
CN109525403B (en) Anti-leakage public cloud auditing method supporting full-dynamic parallel operation of user
CN106612320A (en) Encrypted data dereplication method for cloud storage
CN113312574A (en) Cloud data integrity auditing method based on block chain
CN108123934B (en) Mobile-end-oriented data integrity verification method
CN103778387B (en) Big data dynamic memory integrity verification method based on lattice
CN110263584A (en) A kind of data integrity auditing method and system based on block chain
CN107707354A (en) A kind of cloud storage data verification method and system based on elliptic curve cryptography
CN112565264B (en) Cloud storage data integrity detection method based on block chain
Bellare et al. Deterring certificate subversion: efficient double-authentication-preventing signatures
CN108111313A (en) The method that auditing by third party is carried out to the user file stored on Cloud Server
CN104899525A (en) Cloud data integrity proving scheme with improved dynamic operations
CN112152813A (en) Certificateless content extraction signcryption method supporting privacy protection
Alupotha et al. Aggregable confidential transactions for efficient quantum-safe cryptocurrencies
CN110460447A (en) Edge calculations data accountability system and auditing method based on Hash binary tree
CN108664814A (en) A kind of group data integrity verification method based on agency

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170503

WD01 Invention patent application deemed withdrawn after publication