CN114531296A - Method for detecting integrity of data transmission process - Google Patents
Method for detecting integrity of data transmission process Download PDFInfo
- Publication number
- CN114531296A CN114531296A CN202210209920.9A CN202210209920A CN114531296A CN 114531296 A CN114531296 A CN 114531296A CN 202210209920 A CN202210209920 A CN 202210209920A CN 114531296 A CN114531296 A CN 114531296A
- Authority
- CN
- China
- Prior art keywords
- data
- verification
- challenge
- party auditor
- holder
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of data transmission integrity, in particular to a method for detecting the integrity of a data transmission process, which aims at the problem that a data holder in the background art is about whether data stored in a cloud end is accessed and checked by an unauthorized third party or whether a cloud service provider intentionally deletes some data for saving storage capacity, and now provides the following scheme, which comprises the following steps: step 1, data initialization and uploading; step 2, a challenge phase; step 3, a proving stage; step 4, TAP verification; and 5, a batch verification stage. On the basis of introducing the verification of the third-party auditor, the method and the device improve the control of the data holder on the third-party auditor, can increase the autonomous verification capability of the data holder, realize the detection work of the data of the cloud end of the package under the condition of completely untrustling the third-party auditor, and comprehensively protect the safety of the cloud data in the cloud storage environment.
Description
Technical Field
The invention relates to the technical field of data transmission integrity, in particular to a method for detecting the integrity of a data transmission process.
Background
In recent years, with the rapid popularization and development of information network technology, cloud computing is an information-oriented technology, which changes the industry of the current information network technology to a great extent, and cloud storage is an important service mode of cloud computing, which allows data holders to outsource their data to the cloud.
The data holder will worry about whether the data stored in the cloud end is accessed and checked by an unauthorized third party or whether the cloud service provider intentionally deletes some data for saving the storage capacity, the data is generally not accessed or accessed infrequently, but the cloud service provider still refers to whether the data outsourced in the cloud end is complete, so that it is extremely necessary to perform integrity detection on the data.
Disclosure of Invention
The invention aims to solve the defects in the prior art and provides a method for detecting the integrity of a data transmission process.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method for detecting the integrity of a data transmission process comprises the following steps:
step 1, data initialization and uploading stage: firstly, a data holder generates data information and label information which correspond to each other from outsourced data files, and then sends the corresponding information to a cloud service provider and a third party auditor respectively in a safe channel;
step 2, challenge phase: firstly, a third party auditor randomly generates a challenge subset, and then sends a challenge value generated by the challenge subset to a cloud service provider;
step 3, proving stage: the cloud service provider generates a corresponding verification value according to the challenge value, and sends the verification value to the data holder and the third party auditor;
step 4, TAP verification: firstly, a third party auditor needs to verify a verification value sent by a cloud service provider, secondly, if the verification is successful, the verification value needs to generate verification information, and if the verification cannot be successful, the verification is finished;
step 5, batch verification stage: firstly, a holder needs to carry out batch verification on a plurality of verification information by hands, and the purpose of the stage is as follows: and checking whether the data outsourced to the cloud is complete and whether a third party auditor seriously treats the verification work given by the data holder.
Preferably, the following scheme design is included:
s1, initialization stage: the data holder will randomly select skt∈ZqAs a tag private key for a data file, getAs its public key, randomly choose χ1,χ2,χ3...χχ∈ZqCalculatingAnd calculateFor then data block tag information may be expressed as t ═ tj}j∈[1,n] 0After the data is initialized, the data is sent to a third party auditor through a secure channel;
s2, challenge phase: third party auditor random slave (m)1,m2,m3...mn) The selected l elements form a challenge subset Q, and are m in the challenge subset QcGenerating a random number Vc∈ZqThe challenge value, call, generated by the third party auditor is { c, v ═ vc}c∈qSending the challenge sub-set Q data to a cloud service provider to produce a random number r for a challenge sub-set Q data holderk∈ZqThen calculate outAnd R iskRespectively sending the data to a cloud service provider and a third party auditor;
s3, proving stage: the cloud service provider generates a label verification value TP of the challenge subset Q according to the received challenge value CharlkAnd a data verification value DPkI.e. byWherein mpkFor challenging data in subset Q by blocking messages, i.e.The cloud service provider will generate verification values P in the challenge subset Qk=(TPk,DPk) Sending to TPA and data holder;
s4, TAP verification stage: the third party auditor receives the verification value PkThereafter, it is generated with respect to the challenge subset QAnd the following equation was verified:if the above equation is true, indicating that the data in the challenge subset Q is completely stored in the cloud, the third party auditor will send HkFor a data holder, if the equation is not satisfied, the data M outsourced in the cloud is considered to be damaged, and the verification of the data M should be finished;
s5, batch verification stage: the data holder can carry out batch audit verification on the verification message sent by the third party auditor, namely, whether the following equation is true or not is verified:
preferably, in step 4, in order to generate more verification information, the operations are repeated multiple times in stages S2-S4.
Preferably, the ID in S1iRepresented as a data block miIdentity information of (2).
Preferably, k in S2 is the number of verification.
The invention has the beneficial effects that:
1. according to the method for detecting the integrity of the data transmission process, on the basis of introducing the verification of the third-party auditor, the control of the data holder on the third-party auditor is improved, and the autonomous verification capability of the data holder can be improved;
2. the method for detecting the integrity of the data transmission process realizes the detection work of the data of the external package cloud terminal under the condition that a third party auditor is completely untrusted, and comprehensively protects the safety of the cloud terminal data in a cloud terminal storage environment.
Drawings
Fig. 1 is a schematic overall flow chart of a method for detecting integrity of a data transmission process according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Embodiment 1, referring to fig. 1, a method for detecting integrity of a data transmission process includes the following steps:
step 1, data initialization and uploading stage: firstly, a data holder generates data information and label information which correspond to each other from outsourced data files, and then sends the corresponding information to a cloud service provider and a third party auditor respectively in a safe channel;
step 2, challenge phase: firstly, a third party auditor randomly generates a challenge subset, and then sends a challenge value generated by the challenge subset to a cloud service provider;
step 3, proving stage: the cloud service provider generates a corresponding verification value according to the challenge value, and sends the verification value to the data holder and the third party auditor;
step 4, TAP verification: firstly, a third party auditor needs to verify a verification value sent by a cloud service provider, secondly, if the verification is successful, verification information needs to be generated from the verification value, if the verification cannot be passed, the verification is finished, and in order to generate more verification information, repeated operation needs to be carried out in stages S2-S4;
step 5, batch verification stage: firstly, a holder needs to carry out batch verification on a plurality of verification information by hands, and the purpose of the stage is as follows: and checking whether the data outsourced to the cloud end is complete and whether a third party auditor seriously treats the verification work given by the data holder.
Preferably, the following scheme design is included:
s1, initialization stage: the data holder will randomly select skt∈ZqAs a tag private key for a data file, getAs its public key, randomly choose χ1,χ2,χ3...χχ∈ZqCalculatingAnd calculateFor then data block tag information may be expressed as t ═ tj}j∈[1,n] 0And after the data is initialized, the data is sent to a third party auditor through a secure channel, and the ID is sent to the third party auditoriRepresented as a data block miIdentity information of (2);
s2, challenge phase: third party auditors random slave (m)1,m2,m3...mn) The selected l elements form a challenge subset Q, and are m in the challenge subset QcGenerating a random number Vc∈ZqThe challenge value, call, generated by the third party auditor is { c, v ═ vc}c∈qSending the challenge sub-set Q data to a cloud service provider to produce a random number r for a challenge sub-set Q data holderk∈ZqThen calculate outAnd R iskRespectively sending the data to a cloud service provider and a third party auditor, wherein k is the verification frequency;
s3, proving stage: the cloud service provider generates a label check of the challenge subset Q based on the received challenge value CharlCertificate value TPkAnd a data verification value DPkI.e. byWherein mpkFor challenging data in subset Q by blocking messages, i.e.The cloud service provider will generate verification values P in the challenge subset Qk=(TPk,DPk) Sending to TPA and data holder;
s4, TAP verification stage: the third party auditor receives the verification value PkThereafter, it is generated with respect to the challenge subset QAnd the following equation was verified:if the above equation is true, indicating that the data in the challenge subset Q is completely stored in the cloud, the third party auditor will send HkFor a data holder, if the equation is not satisfied, the data M outsourced in the cloud is considered to be damaged, and the verification of the data M should be finished;
s5, batch verification stage: the data holder can carry out batch audit verification on the verification message sent by the third party auditor, namely, whether the following equation is true or not is verified:
and (4) conclusion: if the formula is established, the data outsourced to the cloud end is complete, and a third party auditor seriously treats the verification work of the data integrity. If the formula is not established, it is indicated that the data outsourced to the cloud is damaged, and the integrity inspection of the cloud data is not performed due to laziness of the message in the third-party audit.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered as the technical solutions and the inventive concepts of the present invention within the technical scope of the present invention.
Claims (5)
1. A method for detecting the integrity of a data transmission process comprises the following steps:
step 1, data initialization and uploading stage: firstly, a data holder generates data information and label information which correspond to each other from outsourced data files, and then sends the corresponding information to a cloud service provider and a third party auditor respectively in a safe channel;
step 2, challenge phase: firstly, a third party auditor randomly generates a challenge subset, and then sends a challenge value generated by the challenge subset to a cloud service provider;
step 3, proving stage: the cloud service provider generates a corresponding verification value according to the challenge value, and sends the verification value to the data holder and the third party auditor;
step 4, TAP verification: firstly, a third party auditor needs to verify a verification value sent by a cloud service provider, secondly, if the verification is successful, the verification value needs to generate verification information, and if the verification cannot be successful, the verification is finished;
step 5, batch verification stage: firstly, a holder needs to carry out batch verification on a plurality of verification information by hands, and the purpose of the stage is as follows: and checking whether the data outsourced to the cloud is complete and whether a third party auditor seriously treats the verification work given by the data holder.
2. The method for detecting the integrity of the data transmission process according to claim 1, wherein the method comprises the following scheme design:
s1, initialization stage: the data holder will randomly select skt∈ZqAs a tag private key for a data file, getAs its public key, randomly choose χ1,χ2,χ3...χχ∈ZqCalculatingAnd calculateThe tag information may be expressed as t ═ t for the data blockj}j∈[1,n] 0After the data is initialized, the data is sent to a third party auditor through a secure channel;
s2, challenge phase: third party auditor random slave (m)1,m2,m3...mn) The selected l elements form a challenge subset Q, and are m in the challenge subset QcGenerating a random number Vc∈ZqThe challenge value, call, generated by the third party auditor is { c, v ═ vc}c∈qSending the challenge sub-set Q data to a cloud service provider to produce a random number r for a challenge sub-set Q data holderk∈ZqThen calculate outAnd R iskRespectively sending the data to a cloud service provider and a third party auditor;
s3, proving stage: the cloud service provider generates a label verification value TP of the challenge subset Q according to the received challenge value CharlkAnd a data verification value DPkI.e. byWherein mpkFor challenging data in subset Q by blocking messages, i.e.The cloud service provider will generate verification values P in the challenge subset Qk=(TPk,DPk) Sending to TPA and data holder;
s4, TAP verification stage: the third party auditor receives the verification value PkThereafter, it is generated with respect to the challenge subset QAnd the following equation was verified:if the above equation is true, indicating that the data in the challenge subset Q is completely stored in the cloud, the third party auditor will send HkFor a data holder, if the equation is not satisfied, the data M outsourced in the cloud is considered to be damaged, and the verification of the data M should be finished;
3. the method as claimed in claim 1, wherein the step 4 requires repeating the operations of S2-S4 for generating more verification information.
4. The method as claimed in claim 2, wherein the ID in S1iRepresented as a data block miIdentity information of (2).
5. The method for detecting the integrity of a data transmission process according to claim 2, wherein k in S2 is the number of verification.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210209920.9A CN114531296A (en) | 2022-03-04 | 2022-03-04 | Method for detecting integrity of data transmission process |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210209920.9A CN114531296A (en) | 2022-03-04 | 2022-03-04 | Method for detecting integrity of data transmission process |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114531296A true CN114531296A (en) | 2022-05-24 |
Family
ID=81627195
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210209920.9A Pending CN114531296A (en) | 2022-03-04 | 2022-03-04 | Method for detecting integrity of data transmission process |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114531296A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105791321A (en) * | 2016-05-03 | 2016-07-20 | 西南石油大学 | Cloud storage data common auditing method possessing secret key leakage resistance characteristic |
CN111222176A (en) * | 2020-01-08 | 2020-06-02 | 中国人民解放军国防科技大学 | Block chain-based cloud storage possession proving method, system and medium |
CN113364600A (en) * | 2021-08-11 | 2021-09-07 | 西南石油大学 | Certificateless public auditing method for integrity of cloud storage data |
-
2022
- 2022-03-04 CN CN202210209920.9A patent/CN114531296A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105791321A (en) * | 2016-05-03 | 2016-07-20 | 西南石油大学 | Cloud storage data common auditing method possessing secret key leakage resistance characteristic |
CN111222176A (en) * | 2020-01-08 | 2020-06-02 | 中国人民解放军国防科技大学 | Block chain-based cloud storage possession proving method, system and medium |
CN113364600A (en) * | 2021-08-11 | 2021-09-07 | 西南石油大学 | Certificateless public auditing method for integrity of cloud storage data |
Non-Patent Citations (1)
Title |
---|
张键红;李鹏燕;: "一种有效的云存储数据完整性验证方案", 信息网络安全, no. 03, pages 3 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103516511A (en) | Method and device for detecting encryption algorithm and secret key | |
CN106411531A (en) | Weak password screening method | |
CN103500202A (en) | Security protection method and system for light-weight database | |
CN108259506A (en) | SM2 whitepack password implementation methods | |
CN105610872B (en) | Internet-of-things terminal encryption method and internet-of-things terminal encryption device | |
CN110505061A (en) | A kind of Digital Signature Algorithm and system | |
CN113486358B (en) | Vulnerability detection method and device | |
CN104410500B (en) | Signature, signature verification and copy analogy method and system based on Designated-Verifier | |
CN103441989B (en) | A kind of authentication, information processing method and device | |
CN114531296A (en) | Method for detecting integrity of data transmission process | |
CN111193730B (en) | IoT trusted scene construction method and device | |
CN105190637A (en) | Software security detection method, apparatus and device | |
CN116389164A (en) | Data detection method and device | |
US9438425B2 (en) | Robust MAC aggregation with short MAC tags | |
CN107844290B (en) | Software product design method and device based on data stream security threat analysis | |
CN110674499A (en) | Method, device and storage medium for identifying computer threat | |
CN113360575B (en) | Method, device, equipment and storage medium for supervising transaction data in alliance chain | |
CN114900365A (en) | Innovative service resource data processing and secure interaction method | |
CN113836239A (en) | Transaction data supervision method, storage medium and computer equipment | |
CN114679284A (en) | Trusted remote attestation system, storage method, verification method and storage medium thereof | |
CN113609520A (en) | Interface calling method, device, equipment and computer readable storage medium | |
CN105989025A (en) | Data checking method ad device | |
CN116015679B (en) | Government cloud multi-cloud management authentication system based on SM2 digital signature | |
CN110381452A (en) | The anti-sniff method of GMS short message, terminal and server | |
CN104135470A (en) | A method and system for verifying storage integrity of target data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |