CN106612325A - Method for data authenticity verification under authority management in cloud storage - Google Patents

Method for data authenticity verification under authority management in cloud storage Download PDF

Info

Publication number
CN106612325A
CN106612325A CN201610836998.8A CN201610836998A CN106612325A CN 106612325 A CN106612325 A CN 106612325A CN 201610836998 A CN201610836998 A CN 201610836998A CN 106612325 A CN106612325 A CN 106612325A
Authority
CN
China
Prior art keywords
signature
user
file
access
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610836998.8A
Other languages
Chinese (zh)
Inventor
范勇
胡成华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Yonglian Information Technology Co Ltd
Original Assignee
Sichuan Yonglian Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Yonglian Information Technology Co Ltd filed Critical Sichuan Yonglian Information Technology Co Ltd
Publication of CN106612325A publication Critical patent/CN106612325A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method for data authenticity verification under authority management in cloud storage. The method adopts the technical scheme that a data owner generates a signature from data information and sends the signature to all users; encryption is carried out through the attribute-based encryption method, so that the users obtain different access authorities; according to a signature interception method designed by the method, a part of the signature is intercepted and used as information for verifying information completeness and authenticity; and the users with the different authorities can only intercept part of the information from the signature according to the corresponding authorities to verify whether the received data is complete and authentic or not, and overall verification is not required. The method has the advantages that the users with the different authorities can verify the received data according to the uniform data signature, so that especially in case of a high updating frequency and a large number of the users, the operation complexity and the system and time costs can be greatly reduced.

Description

A kind of data validity checking in cloud storage under rights management
Technical field
The present invention relates to cloud storage in field of cloud calculation, information security, integrality authenticity verification field.
Background technology
Cloud storage and cloud information sharing have become data storage today and the hot topic propagated, and either enterprise is also individual People, increasingly tends to store data in high in the clouds, in the hope of saving local resource and realizing that data are shared at any time.As user gets over Come more, then safety problem also becomes one of factor of restriction development.
Documentation is uploaded to high in the clouds by data owner, it is allowed to hold the user accesses data of legal licensing, in order to protect Card data can only be that authorized user could access, and can adopt based on the encryption method of attribute base, and each user has different authorities, The different data of integrated degree can be had access to.
But, now again a problem is faced, it is exactly how user determines that had access to information is exactly by data owner Send, do not changed by invaderThat is how user is able to verify that had access to data are exactly under data owner Reach!Often, data can be sent jointly to user by user together with the electronic signature of data, but if number of visitors is more, Authority differs, then how checking information simply could be sent jointly to the user that specifies by data ownerTraditional method It is aiming at each user, there is provided the electronic signature to be accessed content, but so operation, and to data, owner causes pole Big burden.The workload of sharer is not only increased, is lost time, while also increase overhead, particularly customer volume Huge, authority is different, and again in the case of Jing often renewals, data owner will be absorbed in undying according to different rights generation data Then different checking informations are sent to successively each user.
The content of the invention
For the above-mentioned deficiency of prior art, the data validity that the present invention is proposed in cloud storage under a kind of rights management is tested Card method.
To solve the above problems, the present invention proposes technical scheme below:
Data owner produces data message after one signature, all users is sent to, then with attribute base encryption method Encryption, is that user obtains different access authority, and then the signature intercept method according to designed by method intercepts in signature The information for checking information integrality and authenticity is allocated as, and the user of different rights can only be from signature according to the authority of oneself Intercept partial information to verify received data whether completely and truly and without global checking.Comprise the following steps that:
Step 1:The digital signature that generation can be split.
Step 2:Access privilege control encrypts file.
Step 3:Signature is intercepted.
Step 4:Signature verification.
The invention has the beneficial effects as follows:
The different user of authority can verify to received data according to unified data signature, particularly update frequently Rate is high, when number of users is big, can greatly save complexity, overhead, the time-consuming expense of operation.
Specific embodiment
Step 1:The digital signature that generation can be split
For file F, it includes many subfiles, and the subfile that the user of different rights can access is different, if:
F=(F1, F2..., Fn)
Footmark n represents the numbering of subfile, for user Ux, the subfile that he can access is Fu=(Fi, Fj), i, j ∈ {n}.So need to be intercepted out from the digital signature of file F long to be able to verify that FuSignature section.
1.1 generate signature key
In a Bilinear map, if p is a Big prime,It is to generate unit, H (*) is Hash letter Number, randomly selectsCalculate v=ga(mod p) then:
Public key PKsig={ p, g, v };
Private key SKsig=a;
PKsigAnd SKsigFor generating the public key and private key of signature.
1.2 file content extraction signatures are generated
F is the file to be signed, FiBe numbering be i subfile, while i also illustrates that i-th subfile;1≤i≤n, CeasFor contents interception access structure, he represents user UxThe label of the file sub-block that can be accessed, such as Cead={ 1,3, i } represents to be used Family can access and be numbered 1,2, the subfile of i, CI (F ') represents the label for intercepting subfile, then hasDefining T is CeasMark (Ceas- Tags) length be 80bit.
1) randomly selectCalculate r=gk(mod p);
2) to each sub- message F of file Fi, calculate hi=H (Fi||Ceas||i||T;H (*) is hash function;
3) sub- message F is calculatediSignature (Sig, signature):
Sigi=(hi-a·r)·k-1mod(p-1)
Wherein 1≤i≤n;
4) global signature of calculation document F:
SigF=(Ceas||T||Sig1||Sig2||...||Sign)
Step 2:Access privilege control encrypts file
The signature for intercepting of file has, and then according to the authority of user, using ABE algorithms, generates access structure control System, defining user can decrypt and access the authority of subfile.
2.1 and for the PK of signaturesigAnd SKsigEqually, main key MK of encryption of file is generated using Bilinear mapF, Public key PKF
PKF=(G0, g, gβ, e (g, g)α);
2.2 formulate access structure control
If P=is { P1, P2... PnBe all users community set, wherein user Pi={ δm, Ceas, that is to say, that will User accesses parameter C of file sub-blockeasIn being added to user authority management.T is access structure, is { P1, P2... PnOne Individual nonvoid subset, that is, which attribute file can be just accessed with.
2.3 access keys key for calculating user ii=KeyGen (MK, T, Pi), using AES in ABE algorithms Encrypt (PK, F, T) is to file F=(F1, F2..., Fn) be encrypted, ciphertext is obtained for CF
Then by data ciphertext CF, global signature SigFCloud Server is sent to, user's key is distributed to into user, signed Key also issues user.
Step 3:Signature is intercepted
When arbitrarily user conducts interviews the data in access rights, need to verify that whether complete data are true, first The part signature for checking is intercepted from global signature according to authority.
F ' represents the sub- message that user receives, the set that CI (F ') is made up of the index of the sub- message included in F '.
First according to CeasConstruction intercepts subset CI (F ');CheckingSet up, then signature is true, is continued It is follow-up to calculate, being false failure of then return;
According to CI (F '), generate and intercept sub- message F '={ Fi|i∈CI(F‘)};
To each i ∈ CI (F '), from SigFMiddle taking-up Sigi
Generate and intercept signature:
Sigi=(Ceas||CI(F‘)||T||Sigi1||Sigi2||...||Sigif)
SigijFor the signature of corresponding sub- message in CI (F '), i, j ∈ CI (F ').
Step 4:Signature verification
User when conducting interviews to the file in authority, according to ABE algorithms, utilizes according to the access key of oneself keyiThe file that decryption can be accessed, the subset of the file for obtaining is F ';It is first in order to determine whether accessed file is authentic and valid First to be verified.
User's checkingWhether set up, establishment then performs following steps, being false failure of then return;So Afterwards for user UiSubfile F '={ the F being had access toi, 1≤i≤n calculates the cryptographic Hash of each subfile:
Then signature private key SK is usedsig, by the signature Sig being truncated toi,
Sigi=(Ceas||CI(F‘)||T||Sigi1||Sigi2||...||Sigif) be decrypted, obtain cryptographic Hash
hi=H (Fi||Ceas||i||T)
Then contrastWith hi, that is, if checking is unanimously, illustrates FiBe it is authentic and valid, it is otherwise invalid, then All of { F is verified successivelyi, check user UiWhether the file sub-block that can be accessed is all authentic and valid.

Claims (5)

1. the data validity checking in cloud storage under a kind of rights management, the present invention relates to cloud storage in field of cloud calculation, letter Breath safety, integrality authenticity verification field, is characterized in that, comprise the steps:
Step 1:The digital signature that generation can be split
Step 2:Access privilege control encrypts file
Step 3:Signature is intercepted
Step 4:Signature verification.
2. verified according to the data validity under a kind of rights management in the cloud storage described in claim 1, be it is characterized in that, with Concrete calculating process in the upper step 1 is as follows:
Step 1:The digital signature that generation can be split
For file F, it includes many subfiles, and the subfile that the user of different rights can access is different, if:
Footmark n represents the numbering of subfile, for userThe subfile that he can access is, So need to be intercepted out from the digital signature of file F long to be able to verify thatSignature section
1.1 generate signature key
In a Bilinear map, if p is a Big prime,It is to generate unit, H(*)For hash function, Randomly selectCalculateThen:
Public key
Private key
WithFor generating the public key and private key of signature
1.2 file content extraction signatures are generated
F is the file to be signed,Be numbering be i subfile, while i also illustrates that i-th subfile;For contents interception access structure, he represents userThe label of the file sub-block that can be accessed, such asRepresent user can access be numbered 1,2, the subfile of i,Represent the mark for intercepting subfile Number, then have ,Defining T isMarkLength is 80 bit
1)Randomly selectCalculate
2)The each sub- message to file FCalculate
3)Calculate sub- messageSignature(Sig, signature):
Wherein
4)The global signature of calculation document F:
3. verified according to the data validity under a kind of rights management in the cloud storage described in claim 1, be it is characterized in that, with Concrete calculating process in the upper step 2 is as follows:
Step 2:Access privilege control encrypts file
The signature for intercepting of file has, and then according to the authority of user, using ABE algorithms, generates access structure control, fixed Adopted user can decrypt and access the authority of subfile
2.1 and for signatureWithEqually, the main key of encryption of file is generated using Bilinear map Public key
2.2 formulate access structure control
IfIt is the community set of all users, wherein userThat is User is accessed into the parameter of file sub-blockIn being added to user authority management, T is access structure, isA nonvoid subset, that is, which attribute can just access file with
The 2.3 access keys for calculating user iEncrypt using in ABE algorithms AlgorithmTo fileIt is encrypted, obtaining ciphertext is
Then by data ciphertextGlobal signatureCloud Server is sent to, user's key is distributed to into user, signed secret Key also issues user.
4. verified according to the data validity under a kind of rights management in the cloud storage described in claim 1, be it is characterized in that, with Concrete calculating process in the upper step 3 is as follows:
Step 3:Signature is intercepted
When arbitrarily user conducts interviews the data in access rights, need to verify that whether complete data are true, be first according to Authority intercepts the part signature for checking from global signature
The sub- message that user receives is represented,ForIn the set that constituted of the index of sub- message that includes
Basis firstConstruction intercepts subset;CheckingSet up, then signature is true, is continued It is follow-up to calculate, being false failure of then return;
According to, generate and intercept sub- message
To each, fromMiddle taking-up
Generate and intercept signature:
ForIn corresponding sub- message signature, i,
5. verified according to the data validity under a kind of rights management in the cloud storage described in claim 1, be it is characterized in that, with Concrete calculating process in the upper step 4 is as follows:
Step 4:Signature verification
User when conducting interviews to the file in authority, according to ABE algorithms, utilizes according to the access key of oneselfSolution The close file that can be accessed, the subset of the file for obtaining is;In order to determine whether accessed file is authentic and valid, first has to Verified
User's checkingWhether set up, establishment then performs following steps, being false failure of then return;Then For userCalculate the cryptographic Hash of each subfile:
Then signature private key is usedBy the signature being truncated to
It is decrypted, obtains cryptographic Hash
Then contrastWithIf namely verifying consistent, illustrateIt is authentic and valid, otherwise invalid, Ran Houyi Secondary checking is all ofCheck userWhether the file sub-block that can be accessed is all authentic and valid.
CN201610836998.8A 2016-07-21 2016-09-21 Method for data authenticity verification under authority management in cloud storage Pending CN106612325A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2016105809609 2016-07-21
CN201610580960 2016-07-21

Publications (1)

Publication Number Publication Date
CN106612325A true CN106612325A (en) 2017-05-03

Family

ID=58615189

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610836998.8A Pending CN106612325A (en) 2016-07-21 2016-09-21 Method for data authenticity verification under authority management in cloud storage

Country Status (1)

Country Link
CN (1) CN106612325A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107508801A (en) * 2017-08-04 2017-12-22 安徽智圣通信技术股份有限公司 A kind of file tamper-proof method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103699851A (en) * 2013-11-22 2014-04-02 杭州师范大学 Remote data completeness verification method facing cloud storage
CN104301119A (en) * 2014-11-05 2015-01-21 中国建设银行股份有限公司 Data signature method, signature verification method, data signature equipment and verification server
CN105515778A (en) * 2015-12-25 2016-04-20 河南城建学院 Cloud storage data integrity service signature method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103699851A (en) * 2013-11-22 2014-04-02 杭州师范大学 Remote data completeness verification method facing cloud storage
CN104301119A (en) * 2014-11-05 2015-01-21 中国建设银行股份有限公司 Data signature method, signature verification method, data signature equipment and verification server
CN105515778A (en) * 2015-12-25 2016-04-20 河南城建学院 Cloud storage data integrity service signature method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王彩芬 等: "基于可截取签名和属性加密的云存储访问控制方案", 《计算机工程与科学》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107508801A (en) * 2017-08-04 2017-12-22 安徽智圣通信技术股份有限公司 A kind of file tamper-proof method and device

Similar Documents

Publication Publication Date Title
CN109040045B (en) Cloud storage access control method based on ciphertext policy attribute-based encryption
CN109614818B (en) Authorized identity-based keyword search encryption method
CN113918981B (en) Attribute-based encryption method and system
US7688975B2 (en) Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure
Tao et al. Secure data sharing and search for cloud-edge-collaborative storage
CN100586065C (en) CPK credibility authorization system
CN104901942A (en) Distributed access control method for attribute-based encryption
CN102075544A (en) Encryption system, encryption method and decryption method for local area network shared file
Guo et al. Using blockchain to control access to cloud data
Ghanmi et al. A secure data storage in multi-cloud architecture using blowfish encryption algorithm
Suveetha et al. Ensuring confidentiality of cloud data using homomorphic encryption
CN117335989A (en) Safety application method in internet system based on national cryptographic algorithm
CN110519040B (en) Anti-quantum computation digital signature method and system based on identity
CN111914270A (en) Programmable authentication service method and system based on block chain technology
Lei et al. A cloud data access authorization update scheme based on blockchain
CN106612325A (en) Method for data authenticity verification under authority management in cloud storage
CN112671729B (en) Internet of vehicles oriented anonymous key leakage resistant authentication method, system and medium
Jyoti et al. Achieving cloud security using hybrid cryptography algorithm
CN112069487B (en) Intelligent equipment network communication safety implementation method based on Internet of things
Khobragade et al. High security mechanism: fragmentation and replication in the cloud with auto update in the system
Singh et al. Role based security for cloud based data with data reliability
Ghorpade et al. Notice of Violation of IEEE Publication Principles: Towards Achieving Efficient and Secure Way to Share the Data
CN116599757B (en) Decentralizing forward security identity base encryption method and system
CN116155496B (en) National soil transformation investigation data transmission method and device based on national secret algorithm
Karani et al. Secure File Storage Using Hybrid Cryptography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170503

WD01 Invention patent application deemed withdrawn after publication