CN117235342A - Dynamic cloud auditing method based on homomorphic hash function and virtual index - Google Patents
Dynamic cloud auditing method based on homomorphic hash function and virtual index Download PDFInfo
- Publication number
- CN117235342A CN117235342A CN202311265073.9A CN202311265073A CN117235342A CN 117235342 A CN117235342 A CN 117235342A CN 202311265073 A CN202311265073 A CN 202311265073A CN 117235342 A CN117235342 A CN 117235342A
- Authority
- CN
- China
- Prior art keywords
- auditing
- random
- data
- index
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000007246 mechanism Effects 0.000 claims abstract description 32
- 238000012795 verification Methods 0.000 claims abstract description 16
- 238000012550 audit Methods 0.000 claims abstract description 12
- 125000004122 cyclic group Chemical group 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 6
- 230000008901 benefit Effects 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013496 data integrity verification Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a dynamic cloud auditing method based on homomorphic hash function and virtual index, belonging to the field of cloud computing security, comprising the following steps: the user performs block signature operation on the original data to obtain stored data, uploads the stored data to a cloud service mechanism, and deletes the local original data after uploading is successful; uploading a virtual index table to an auditing mechanism by a user, and providing an auditing request when auditing is needed, and generating a random challenge set and sending the random challenge set to a cloud service mechanism after the auditing mechanism receives the auditing request; the cloud service mechanism calculates and generates evidence according to the random challenge set, and sends the evidence to the auditing mechanism; and the audit mechanism performs integrity verification on the evidence to obtain a verification result, and sends the verification result to the user. The invention constructs the signature by utilizing the hash function and the virtual index, thereby realizing the integrity verification of the outsourced data.
Description
Technical Field
The invention relates to the field of cloud computing security, in particular to a dynamic cloud auditing method based on homomorphic hash functions and virtual indexes.
Background
Data cloud storage is one way to store data on remote cloud servers, rather than in local computers or data centers. It has many benefits and is therefore becoming increasingly popular among individuals, businesses and organizations. The benefits of data cloud storage are as follows: the data cloud storage allows you to access your data anytime and anywhere as long as there is an internet connection. This means you can access and share data from different devices (e.g. computer, smart phone, tablet computer), providing great convenience. Cloud storage eliminates the need for local storage devices, which can save costs of hardware purchase and maintenance. You do not need to purchase an additional hard drive or server to store large amounts of data. However, cloud service data is vulnerable to attacks, which can damage the integrity of user data. There is currently no data integrity verification method.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides the following technical scheme:
a dynamic cloud auditing method based on homomorphic hash function and virtual index includes the following steps:
the user performs block signature operation on the original data to obtain stored data, uploads the stored data to a cloud service mechanism, and deletes the local original data after uploading is successful;
uploading a virtual index table to an auditing mechanism by a user, and providing an auditing request, and after the auditing mechanism receives the auditing request, generating a random challenge set and sending the random challenge set to a cloud service mechanism;
the cloud service mechanism calculates and generates evidence according to the random challenge set, and sends the evidence to the auditing mechanism;
and the audit mechanism performs integrity verification on the evidence to obtain a verification result, and sends the verification result to the user.
Preferably, the process of performing the block signature operation on the original data includes:
selecting system parameters based on the multiplication cyclic group and the hash function, and obtaining a key pair through the multiplication cyclic group and the system parameters;
encrypting and blinding the original data according to the key pair;
the encrypted and blinded data is segmented and signed.
Preferably, the method for obtaining the key pair comprises the following steps:
the user selects a multiplication cyclic group with a large prime number, and carries out hash function operation to obtain system parameters;
and selecting a random number pair from the system parameters as a private key, and calculating the selected random number pair and the generation element of the multiplication cyclic group to obtain a public key.
Preferably, the method for cryptographically blinding the original data comprises:
the file name and the private key are input into a pseudo-random function to obtain a first random number, the first random number is used as a key of a symmetric encryption algorithm, and the original data is encrypted and blinded through the symmetric encryption algorithm.
Preferably, the contents of the virtual index table include a data block sequence number, a virtual index, and a time stamp.
Preferably, the method for generating a random challenge set comprises: c elements are randomly extracted from the virtual index table through the block index to serve as a challenge index, a second random number is selected from the integer set, and a random challenge set is obtained based on the challenge index and the second random number.
Preferably, the expression of the random challenge set is:
chal={(i,v i )} i∈I
where chal represents a random challenge set, I represents a challenge index, I represents an element in the challenge index, v i Representing the selected second random number.
Preferably, the method for generating evidence comprises: the cloud service mechanism obtains evidence by calling data corresponding to the random challenge set from the stored data through the random challenge set and the public key.
The invention has the following technical effects:
(1) Constructing a signature by utilizing a hash function and a virtual index, and realizing the integrity verification of the outsourced data;
(2) In order to protect data privacy, the data is blinded by utilizing a pseudo-random function before the data is outsourced, and the blinded data and the corresponding signature thereof are outsourced to a cloud server.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a dynamic cloud audit method according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
Example 1
As shown in fig. 1, the present embodiment provides a dynamic cloud auditing method based on homomorphic hash functions and virtual indexes, including the following steps:
the user performs block signature operation on the original data to obtain stored data, uploads the stored data to a cloud service mechanism, and deletes the local original data after uploading is successful;
uploading a virtual index table to an auditing mechanism by a user, and providing an auditing request when auditing is needed, and generating a random challenge set and sending the random challenge set to a cloud service mechanism after the auditing mechanism receives the auditing request;
the cloud service mechanism calculates and generates evidence according to the random challenge set, and sends the evidence to the auditing mechanism;
and the audit mechanism performs integrity verification on the evidence to obtain a verification result, and sends the verification result to the user.
According to a further optimization scheme, the process of carrying out block signature operation on the original data comprises the following steps:
selecting system parameters based on the multiplication cyclic group and the hash function, and obtaining a key pair through the multiplication cyclic group and the system parameters;
encrypting and blinding the original data according to the key pair;
the encrypted and blinded data is segmented and signed.
In a further preferred embodiment, the method for obtaining the key pair includes:
the user selects a multiplication cyclic group with a large prime number, and carries out hash function operation to obtain system parameters;
and selecting a random number pair from the system parameters as a private key, and calculating the selected random number pair and the generation element of the multiplication cyclic group to obtain a public key.
In a further preferred embodiment, the method for encryption blinding of the original data comprises:
the file name and the private key are input into a pseudo-random function to obtain a first random number, the first random number is used as a key of a symmetric encryption algorithm, and the original data is encrypted and blinded through the symmetric encryption algorithm.
Further optimizing scheme, the content of the virtual index table comprises a data block sequence number, a virtual index and a time stamp.
Further optimizing scheme, the method for generating the random challenge set comprises the following steps: c elements are randomly extracted from the virtual index table through the block index to serve as a challenge index, a second random number is selected from the integer set, and a random challenge set is obtained based on the challenge index and the second random number.
Further optimizing scheme, the expression of the random challenge set is as follows:
chal={(i,v i )} i∈I
where chal represents a random challenge set, I represents a challenge index, I represents an element in the challenge index, v i Representing the selected second random number.
Further optimizing scheme, the evidence generation method comprises the following steps: the cloud service mechanism obtains evidence by calling data corresponding to the random challenge set from the stored data through the random challenge set and the public key.
Example two
The embodiment provides a dynamic cloud auditing method based on homomorphic hash functions and virtual indexes, which comprises the following specific implementation steps:
setup, user selects two different multiplication loop groups G with order of large prime number q 1 ,G 2 . Taking G as G 1 Then there is a bilinear map e: G 1 ×G 1 →G 2 . Selecting a hash function H 1 :{0,1} * →G 1 Sum vector homomorphic hash functionPublic parameter { G 1 ,G 2 ,e,q,H 1 ,H 2 }。
KeyGen(s) → (pk, sk): the user selects the random number alpha, beta epsilon Z q * As a private key sk 1 、sk 2 Calculate the public key pk 1 =g α ,pk 2 =g β . The user randomly selects a secure signature algorithm key pair (ssk, spk). The user private key is sk= (sk) 1 ,sk 2 Ssk) with a public key pk= (pk) 1 ,pk 2 ,spk)。
TagGen (F, sk) → (F, σ): the user utilizes a pseudo-random function f sk1 The (name) uses the file name as a parameter to generate a random number, and uses the random number as a key, and adopts a symmetric encryption algorithm to encrypt and blindly encrypt the original data (the same pseudo-random function is used to generate the random number when the data is recovered, and the same symmetric encryption algorithm is used to decrypt and recover the original data). Blocking the blinded data F into f= (m 1 ,m 2 ,...,m n ) Wherein each data block m i Comprising n elements, i.e. m i ={m i,1 ,m i,2 ,...m i,n }. Calculating eta i =i·2 h Where i is data block sequence number information, 2 h Represents a step size, at most between two adjacent data blocks (2 h -1) data blocks. In actual operation, a proper h is selected according to the file size and the data updating frequency. The user is at time t i For data block m i The label of (2) is: sigma (sigma) i =H 1 (Fid i ||η i ) α ·H 2 (m i ) β Wherein Fid i =name||t i . After signing, the user selects the appropriate TPA as the designated audit mechanism based on the requirements, and sets the key pair for this TPA to (sk TPA ,pk TPA ). The user uploads the virtual index table (as shown in Table 1) to the TPA and sends { F, σ,2 h And t to CSP, and deleting the local data after the uploading is successful. Wherein f= (m 1 ,m 2 ,...,m n ),σ={σ 1 ,σ 2 ,...σ n },t={t 1 ,t 2 ,...t n }。
TABLE 1
After receiving the user upload information, the CSP generates a data retrieval table (shown in table 2).
TABLE 2
Request (name) → audio: the user sends a data integrity audit request to the designated TPA.
ChallengeGen (t) →chal: the algorithm is executed by the TPA, generating an index challenge. The specific operation process is as follows: TPA from the chunking index [1, n ]]C elements are randomly extracted to serve as a challenge index I, and a random number v is selected i ∈Z q Output challenge chal= { (i, v) i )} i∈I . TPA willAnd transmitted to the CSP.
Profgen (chal, F, pk, σ) →p: after the CSP receives the challenge, verifying the legality of the challenge, and continuously generating evidence if the challenge passes the verification; otherwise, the operation is terminated. The evidence generation process is as follows: CSP random selectionCalculation ofX=H 2 (r) and->P= { μ, Φ, X } was returned to TPA.
VerifyProof (p) → 0|1: and (5) verifying the formula (1) after the TPA receives the evidence, and returning the verification result to the user.
The scheme correctness proving process is as follows:
the foregoing has shown and described the basic principles, principal features and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that the above embodiments and descriptions are merely illustrative of the principles of the present invention, and that various changes and modifications may be made therein without departing from the spirit and scope of the invention, which is defined by the appended claims. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (8)
1. The dynamic cloud auditing method based on homomorphic hash function and virtual index is characterized by comprising the following steps:
the user performs block signature operation on the original data to obtain stored data, uploads the stored data to a cloud service mechanism, and deletes the local original data after uploading is successful;
uploading a virtual index table to an auditing mechanism by a user, and providing an auditing request when auditing is needed, and generating a random challenge set and sending the random challenge set to a cloud service mechanism after the auditing mechanism receives the auditing request;
the cloud service mechanism calculates and generates evidence according to the random challenge set, and sends the evidence to the auditing mechanism;
and the audit mechanism performs integrity verification on the evidence to obtain a verification result, and sends the verification result to the user.
2. The dynamic cloud audit method based on homomorphic hash functions and virtual indexes of claim 1, wherein,
the process of carrying out the block signature operation on the original data comprises the following steps:
selecting system parameters based on the multiplication cyclic group and the hash function, and obtaining a key pair through the multiplication cyclic group and the system parameters;
encrypting and blinding the original data according to the key pair;
the encrypted and blinded data is segmented and signed.
3. The homomorphic hash function and virtual index based dynamic cloud auditing method according to claim 2,
the method for obtaining the key pair comprises the following steps:
the user selects a multiplication cyclic group with a large prime number, and carries out hash function operation to obtain system parameters;
and selecting a random number pair from the system parameters as a private key, and calculating the selected random number pair and the generation element of the multiplication cyclic group to obtain a public key.
4. The dynamic cloud auditing method based on homomorphic hash function and virtual index according to claim 3,
the method for encryption blinding of the original data comprises the following steps:
the file name and the private key are input into a pseudo-random function to obtain a first random number, the first random number is used as a key of a symmetric encryption algorithm, and the original data is encrypted and blinded through the symmetric encryption algorithm.
5. The dynamic cloud audit method based on homomorphic hash functions and virtual indexes of claim 1, wherein,
the contents of the virtual index table include a data block sequence number, a virtual index, and a time stamp.
6. The dynamic cloud audit method based on homomorphic hash functions and virtual indexes of claim 1, wherein,
the method for generating the random challenge set comprises the following steps: c elements are randomly extracted from the virtual index table through the block index to serve as a challenge index, a second random number is selected from the integer set, and a random challenge set is obtained based on the challenge index and the second random number.
7. The dynamic cloud audit method based on homomorphic hash functions and virtual indexes of claim 6, wherein,
the expression of the random challenge set is:
chal={(i,v i )} i∈I
where chal represents a random challenge set, I represents a challenge index, I represents an element in the challenge index, v i Representing the selected second random number.
8. The dynamic cloud audit method based on homomorphic hash functions and virtual indexes of claim 1, wherein,
the method for generating evidence comprises the following steps: the cloud service mechanism obtains evidence by calling data corresponding to the random challenge set from the stored data through the random challenge set and the public key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311265073.9A CN117235342A (en) | 2023-09-27 | 2023-09-27 | Dynamic cloud auditing method based on homomorphic hash function and virtual index |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311265073.9A CN117235342A (en) | 2023-09-27 | 2023-09-27 | Dynamic cloud auditing method based on homomorphic hash function and virtual index |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117235342A true CN117235342A (en) | 2023-12-15 |
Family
ID=89087763
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311265073.9A Pending CN117235342A (en) | 2023-09-27 | 2023-09-27 | Dynamic cloud auditing method based on homomorphic hash function and virtual index |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117235342A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117834303A (en) * | 2024-03-05 | 2024-04-05 | 南开大学 | Data auditing method for decentralised storage |
-
2023
- 2023-09-27 CN CN202311265073.9A patent/CN117235342A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117834303A (en) * | 2024-03-05 | 2024-04-05 | 南开大学 | Data auditing method for decentralised storage |
CN117834303B (en) * | 2024-03-05 | 2024-05-28 | 南开大学 | Data auditing method for decentralised storage |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Li et al. | Privacy-preserving machine learning with multiple data providers | |
CN110912706B (en) | Identity-based dynamic data integrity auditing method | |
Garg et al. | RITS-MHT: Relative indexed and time stamped Merkle hash tree based data auditing protocol for cloud computing | |
Bogos et al. | Cryptanalysis of a homomorphic encryption scheme | |
CN112118113B (en) | Multi-party cooperative group signature method, device, system and medium based on SM2 algorithm | |
EP4226568A1 (en) | Updatable private set intersection | |
CN104978239A (en) | Method, device and system for realizing multi-backup-data dynamic updating | |
CN112906056A (en) | Cloud storage key security management method based on block chain | |
CN110351297B (en) | Verification method and device applied to block chain | |
US20150023498A1 (en) | Byzantine fault tolerance and threshold coin tossing | |
Xie et al. | A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices | |
Tian et al. | DIVRS: Data integrity verification based on ring signature in cloud storage | |
CN117235342A (en) | Dynamic cloud auditing method based on homomorphic hash function and virtual index | |
CN113259317B (en) | Cloud storage data deduplication method based on identity agent unencrypted | |
CN112019335B (en) | SM2 algorithm-based multiparty collaborative encryption and decryption method, device, system and medium | |
CN111798236B (en) | Transaction data encryption and decryption methods, devices and equipment | |
Xu et al. | A generic integrity verification algorithm of version files for cloud deduplication data storage | |
Armknecht et al. | Sharing proofs of retrievability across tenants | |
CN108494552B (en) | Cloud storage data deduplication method supporting efficient convergence key management | |
CN115048432B (en) | Fuzzy keyword public auditing method based on bloom filter | |
CN111585756B (en) | Certificate-free cloud auditing method suitable for multi-copy-multi-cloud situation | |
Dang et al. | Secure and Efficient Client-Side Data Deduplication with Public Auditing in Cloud Storage. | |
Long et al. | Integrity verification for multiple data copies in cloud storage based on spatiotemporal chaos | |
Mao et al. | Co‐Check: Collaborative Outsourced Data Auditing in Multicloud Environment | |
CN112784314B (en) | Data integrity detection method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |