CN114531296A - Method for detecting integrity of data transmission process - Google Patents

Method for detecting integrity of data transmission process Download PDF

Info

Publication number
CN114531296A
CN114531296A CN202210209920.9A CN202210209920A CN114531296A CN 114531296 A CN114531296 A CN 114531296A CN 202210209920 A CN202210209920 A CN 202210209920A CN 114531296 A CN114531296 A CN 114531296A
Authority
CN
China
Prior art keywords
data
verification
challenge
party auditor
holder
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210209920.9A
Other languages
Chinese (zh)
Inventor
黄伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Maiyao Information Technology Co ltd
Original Assignee
Suzhou Maiyao Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Maiyao Information Technology Co ltd filed Critical Suzhou Maiyao Information Technology Co ltd
Priority to CN202210209920.9A priority Critical patent/CN114531296A/en
Publication of CN114531296A publication Critical patent/CN114531296A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of data transmission integrity, in particular to a method for detecting the integrity of a data transmission process, which aims at the problem that a data holder in the background art is about whether data stored in a cloud end is accessed and checked by an unauthorized third party or whether a cloud service provider intentionally deletes some data for saving storage capacity, and now provides the following scheme, which comprises the following steps: step 1, data initialization and uploading; step 2, a challenge phase; step 3, a proving stage; step 4, TAP verification; and 5, a batch verification stage. On the basis of introducing the verification of the third-party auditor, the method and the device improve the control of the data holder on the third-party auditor, can increase the autonomous verification capability of the data holder, realize the detection work of the data of the cloud end of the package under the condition of completely untrustling the third-party auditor, and comprehensively protect the safety of the cloud data in the cloud storage environment.

Description

Method for detecting integrity of data transmission process
Technical Field
The invention relates to the technical field of data transmission integrity, in particular to a method for detecting the integrity of a data transmission process.
Background
In recent years, with the rapid popularization and development of information network technology, cloud computing is an information-oriented technology, which changes the industry of the current information network technology to a great extent, and cloud storage is an important service mode of cloud computing, which allows data holders to outsource their data to the cloud.
The data holder will worry about whether the data stored in the cloud end is accessed and checked by an unauthorized third party or whether the cloud service provider intentionally deletes some data for saving the storage capacity, the data is generally not accessed or accessed infrequently, but the cloud service provider still refers to whether the data outsourced in the cloud end is complete, so that it is extremely necessary to perform integrity detection on the data.
Disclosure of Invention
The invention aims to solve the defects in the prior art and provides a method for detecting the integrity of a data transmission process.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method for detecting the integrity of a data transmission process comprises the following steps:
step 1, data initialization and uploading stage: firstly, a data holder generates data information and label information which correspond to each other from outsourced data files, and then sends the corresponding information to a cloud service provider and a third party auditor respectively in a safe channel;
step 2, challenge phase: firstly, a third party auditor randomly generates a challenge subset, and then sends a challenge value generated by the challenge subset to a cloud service provider;
step 3, proving stage: the cloud service provider generates a corresponding verification value according to the challenge value, and sends the verification value to the data holder and the third party auditor;
step 4, TAP verification: firstly, a third party auditor needs to verify a verification value sent by a cloud service provider, secondly, if the verification is successful, the verification value needs to generate verification information, and if the verification cannot be successful, the verification is finished;
step 5, batch verification stage: firstly, a holder needs to carry out batch verification on a plurality of verification information by hands, and the purpose of the stage is as follows: and checking whether the data outsourced to the cloud is complete and whether a third party auditor seriously treats the verification work given by the data holder.
Preferably, the following scheme design is included:
s1, initialization stage: the data holder will randomly select skt∈ZqAs a tag private key for a data file, get
Figure BDA0003532789220000021
As its public key, randomly choose χ1,χ2,χ3...χχ∈ZqCalculating
Figure BDA0003532789220000022
And calculate
Figure BDA0003532789220000023
For then data block tag information may be expressed as t ═ tj}j∈[1,n] 0After the data is initialized, the data is sent to a third party auditor through a secure channel;
s2, challenge phase: third party auditor random slave (m)1,m2,m3...mn) The selected l elements form a challenge subset Q, and are m in the challenge subset QcGenerating a random number Vc∈ZqThe challenge value, call, generated by the third party auditor is { c, v ═ vc}c∈qSending the challenge sub-set Q data to a cloud service provider to produce a random number r for a challenge sub-set Q data holderk∈ZqThen calculate out
Figure BDA0003532789220000031
And R iskRespectively sending the data to a cloud service provider and a third party auditor;
s3, proving stage: the cloud service provider generates a label verification value TP of the challenge subset Q according to the received challenge value CharlkAnd a data verification value DPkI.e. by
Figure BDA0003532789220000032
Wherein mpkFor challenging data in subset Q by blocking messages, i.e.
Figure BDA0003532789220000033
The cloud service provider will generate verification values P in the challenge subset Qk=(TPk,DPk) Sending to TPA and data holder;
s4, TAP verification stage: the third party auditor receives the verification value PkThereafter, it is generated with respect to the challenge subset Q
Figure BDA0003532789220000034
And the following equation was verified:
Figure BDA0003532789220000035
if the above equation is true, indicating that the data in the challenge subset Q is completely stored in the cloud, the third party auditor will send HkFor a data holder, if the equation is not satisfied, the data M outsourced in the cloud is considered to be damaged, and the verification of the data M should be finished;
s5, batch verification stage: the data holder can carry out batch audit verification on the verification message sent by the third party auditor, namely, whether the following equation is true or not is verified:
Figure BDA0003532789220000036
preferably, in step 4, in order to generate more verification information, the operations are repeated multiple times in stages S2-S4.
Preferably, the ID in S1iRepresented as a data block miIdentity information of (2).
Preferably, k in S2 is the number of verification.
The invention has the beneficial effects that:
1. according to the method for detecting the integrity of the data transmission process, on the basis of introducing the verification of the third-party auditor, the control of the data holder on the third-party auditor is improved, and the autonomous verification capability of the data holder can be improved;
2. the method for detecting the integrity of the data transmission process realizes the detection work of the data of the external package cloud terminal under the condition that a third party auditor is completely untrusted, and comprehensively protects the safety of the cloud terminal data in a cloud terminal storage environment.
Drawings
Fig. 1 is a schematic overall flow chart of a method for detecting integrity of a data transmission process according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Embodiment 1, referring to fig. 1, a method for detecting integrity of a data transmission process includes the following steps:
step 1, data initialization and uploading stage: firstly, a data holder generates data information and label information which correspond to each other from outsourced data files, and then sends the corresponding information to a cloud service provider and a third party auditor respectively in a safe channel;
step 2, challenge phase: firstly, a third party auditor randomly generates a challenge subset, and then sends a challenge value generated by the challenge subset to a cloud service provider;
step 3, proving stage: the cloud service provider generates a corresponding verification value according to the challenge value, and sends the verification value to the data holder and the third party auditor;
step 4, TAP verification: firstly, a third party auditor needs to verify a verification value sent by a cloud service provider, secondly, if the verification is successful, verification information needs to be generated from the verification value, if the verification cannot be passed, the verification is finished, and in order to generate more verification information, repeated operation needs to be carried out in stages S2-S4;
step 5, batch verification stage: firstly, a holder needs to carry out batch verification on a plurality of verification information by hands, and the purpose of the stage is as follows: and checking whether the data outsourced to the cloud end is complete and whether a third party auditor seriously treats the verification work given by the data holder.
Preferably, the following scheme design is included:
s1, initialization stage: the data holder will randomly select skt∈ZqAs a tag private key for a data file, get
Figure BDA0003532789220000051
As its public key, randomly choose χ1,χ2,χ3...χχ∈ZqCalculating
Figure BDA0003532789220000052
And calculate
Figure BDA0003532789220000053
For then data block tag information may be expressed as t ═ tj}j∈[1,n] 0And after the data is initialized, the data is sent to a third party auditor through a secure channel, and the ID is sent to the third party auditoriRepresented as a data block miIdentity information of (2);
s2, challenge phase: third party auditors random slave (m)1,m2,m3...mn) The selected l elements form a challenge subset Q, and are m in the challenge subset QcGenerating a random number Vc∈ZqThe challenge value, call, generated by the third party auditor is { c, v ═ vc}c∈qSending the challenge sub-set Q data to a cloud service provider to produce a random number r for a challenge sub-set Q data holderk∈ZqThen calculate out
Figure BDA0003532789220000054
And R iskRespectively sending the data to a cloud service provider and a third party auditor, wherein k is the verification frequency;
s3, proving stage: the cloud service provider generates a label check of the challenge subset Q based on the received challenge value CharlCertificate value TPkAnd a data verification value DPkI.e. by
Figure BDA0003532789220000061
Wherein mpkFor challenging data in subset Q by blocking messages, i.e.
Figure BDA0003532789220000062
The cloud service provider will generate verification values P in the challenge subset Qk=(TPk,DPk) Sending to TPA and data holder;
s4, TAP verification stage: the third party auditor receives the verification value PkThereafter, it is generated with respect to the challenge subset Q
Figure BDA0003532789220000063
And the following equation was verified:
Figure BDA0003532789220000064
if the above equation is true, indicating that the data in the challenge subset Q is completely stored in the cloud, the third party auditor will send HkFor a data holder, if the equation is not satisfied, the data M outsourced in the cloud is considered to be damaged, and the verification of the data M should be finished;
s5, batch verification stage: the data holder can carry out batch audit verification on the verification message sent by the third party auditor, namely, whether the following equation is true or not is verified:
Figure BDA0003532789220000065
and (4) conclusion: if the formula is established, the data outsourced to the cloud end is complete, and a third party auditor seriously treats the verification work of the data integrity. If the formula is not established, it is indicated that the data outsourced to the cloud is damaged, and the integrity inspection of the cloud data is not performed due to laziness of the message in the third-party audit.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered as the technical solutions and the inventive concepts of the present invention within the technical scope of the present invention.

Claims (5)

1. A method for detecting the integrity of a data transmission process comprises the following steps:
step 1, data initialization and uploading stage: firstly, a data holder generates data information and label information which correspond to each other from outsourced data files, and then sends the corresponding information to a cloud service provider and a third party auditor respectively in a safe channel;
step 2, challenge phase: firstly, a third party auditor randomly generates a challenge subset, and then sends a challenge value generated by the challenge subset to a cloud service provider;
step 3, proving stage: the cloud service provider generates a corresponding verification value according to the challenge value, and sends the verification value to the data holder and the third party auditor;
step 4, TAP verification: firstly, a third party auditor needs to verify a verification value sent by a cloud service provider, secondly, if the verification is successful, the verification value needs to generate verification information, and if the verification cannot be successful, the verification is finished;
step 5, batch verification stage: firstly, a holder needs to carry out batch verification on a plurality of verification information by hands, and the purpose of the stage is as follows: and checking whether the data outsourced to the cloud is complete and whether a third party auditor seriously treats the verification work given by the data holder.
2. The method for detecting the integrity of the data transmission process according to claim 1, wherein the method comprises the following scheme design:
s1, initialization stage: the data holder will randomly select skt∈ZqAs a tag private key for a data file, get
Figure FDA0003532789210000011
As its public key, randomly choose χ1,χ2,χ3...χχ∈ZqCalculating
Figure FDA0003532789210000012
And calculate
Figure FDA0003532789210000013
The tag information may be expressed as t ═ t for the data blockj}j∈[1,n] 0After the data is initialized, the data is sent to a third party auditor through a secure channel;
s2, challenge phase: third party auditor random slave (m)1,m2,m3...mn) The selected l elements form a challenge subset Q, and are m in the challenge subset QcGenerating a random number Vc∈ZqThe challenge value, call, generated by the third party auditor is { c, v ═ vc}c∈qSending the challenge sub-set Q data to a cloud service provider to produce a random number r for a challenge sub-set Q data holderk∈ZqThen calculate out
Figure FDA0003532789210000021
And R iskRespectively sending the data to a cloud service provider and a third party auditor;
s3, proving stage: the cloud service provider generates a label verification value TP of the challenge subset Q according to the received challenge value CharlkAnd a data verification value DPkI.e. by
Figure FDA0003532789210000022
Wherein mpkFor challenging data in subset Q by blocking messages, i.e.
Figure FDA0003532789210000023
The cloud service provider will generate verification values P in the challenge subset Qk=(TPk,DPk) Sending to TPA and data holder;
s4, TAP verification stage: the third party auditor receives the verification value PkThereafter, it is generated with respect to the challenge subset Q
Figure FDA0003532789210000024
And the following equation was verified:
Figure FDA0003532789210000025
if the above equation is true, indicating that the data in the challenge subset Q is completely stored in the cloud, the third party auditor will send HkFor a data holder, if the equation is not satisfied, the data M outsourced in the cloud is considered to be damaged, and the verification of the data M should be finished;
s5, batch verification stage: the data holder can carry out batch audit verification on the verification message sent by the third party auditor, namely, whether the following equation is true or not is verified:
Figure FDA0003532789210000026
3. the method as claimed in claim 1, wherein the step 4 requires repeating the operations of S2-S4 for generating more verification information.
4. The method as claimed in claim 2, wherein the ID in S1iRepresented as a data block miIdentity information of (2).
5. The method for detecting the integrity of a data transmission process according to claim 2, wherein k in S2 is the number of verification.
CN202210209920.9A 2022-03-04 2022-03-04 Method for detecting integrity of data transmission process Pending CN114531296A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210209920.9A CN114531296A (en) 2022-03-04 2022-03-04 Method for detecting integrity of data transmission process

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210209920.9A CN114531296A (en) 2022-03-04 2022-03-04 Method for detecting integrity of data transmission process

Publications (1)

Publication Number Publication Date
CN114531296A true CN114531296A (en) 2022-05-24

Family

ID=81627195

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210209920.9A Pending CN114531296A (en) 2022-03-04 2022-03-04 Method for detecting integrity of data transmission process

Country Status (1)

Country Link
CN (1) CN114531296A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105791321A (en) * 2016-05-03 2016-07-20 西南石油大学 Cloud storage data common auditing method possessing secret key leakage resistance characteristic
CN111222176A (en) * 2020-01-08 2020-06-02 中国人民解放军国防科技大学 Block chain-based cloud storage possession proving method, system and medium
CN113364600A (en) * 2021-08-11 2021-09-07 西南石油大学 Certificateless public auditing method for integrity of cloud storage data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105791321A (en) * 2016-05-03 2016-07-20 西南石油大学 Cloud storage data common auditing method possessing secret key leakage resistance characteristic
CN111222176A (en) * 2020-01-08 2020-06-02 中国人民解放军国防科技大学 Block chain-based cloud storage possession proving method, system and medium
CN113364600A (en) * 2021-08-11 2021-09-07 西南石油大学 Certificateless public auditing method for integrity of cloud storage data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张键红;李鹏燕;: "一种有效的云存储数据完整性验证方案", 信息网络安全, no. 03, pages 3 *

Similar Documents

Publication Publication Date Title
CN103516511A (en) Method and device for detecting encryption algorithm and secret key
CN106411531A (en) Weak password screening method
CN103500202A (en) Security protection method and system for light-weight database
CN108259506A (en) SM2 whitepack password implementation methods
CN105610872B (en) Internet-of-things terminal encryption method and internet-of-things terminal encryption device
CN110505061A (en) A kind of Digital Signature Algorithm and system
CN113486358B (en) Vulnerability detection method and device
CN104410500B (en) Signature, signature verification and copy analogy method and system based on Designated-Verifier
CN103441989B (en) A kind of authentication, information processing method and device
CN114531296A (en) Method for detecting integrity of data transmission process
CN111193730B (en) IoT trusted scene construction method and device
CN105190637A (en) Software security detection method, apparatus and device
CN116389164A (en) Data detection method and device
US9438425B2 (en) Robust MAC aggregation with short MAC tags
CN107844290B (en) Software product design method and device based on data stream security threat analysis
CN110674499A (en) Method, device and storage medium for identifying computer threat
CN113360575B (en) Method, device, equipment and storage medium for supervising transaction data in alliance chain
CN114900365A (en) Innovative service resource data processing and secure interaction method
CN113836239A (en) Transaction data supervision method, storage medium and computer equipment
CN114679284A (en) Trusted remote attestation system, storage method, verification method and storage medium thereof
CN113609520A (en) Interface calling method, device, equipment and computer readable storage medium
CN105989025A (en) Data checking method ad device
CN116015679B (en) Government cloud multi-cloud management authentication system based on SM2 digital signature
CN110381452A (en) The anti-sniff method of GMS short message, terminal and server
CN104135470A (en) A method and system for verifying storage integrity of target data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination