-
摘要: 近年來研究人員提出了各種針對云存儲數據進行完整性審計的方案。其中,在一部分基于同態認證碼、數據塊隨機抽樣和隨機掩碼等技術提出的云存儲公共審計方案中,用戶需要存儲和維護一個與文件中數據塊的索引信息有關的二維表。當用戶的外包數據需要頻繁地進行更新時,為了防止因相同的塊索引值被重復使用而遭受偽造攻擊,使得設計和維護這個二維表變得繁瑣。針對此問題,本文首先提出了一個結構簡單且易于維護的索引–存根表結構,并基于該結構提出了一個具有隱私保護屬性的云存儲第三方審計方案,該方案能夠有效地支持對外包數據進行各種數據塊級的遠程動態操作。然后,在隨機預言機模型下,對方案提供的數據完整性保證給出了形式化的安全證明,對方案中審計協議的隱私保護屬性也給出了形式化的安全分析。最后,針對方案的性能進行了理論分析和相關的實驗比較,結果表明該方案是高效的。Abstract: With the development of cloud computing technology, more individuals and organizations have chosen cloud services to store and maintain their data and reduce the burden on local storage and corresponding maintenance costs. However, although the cloud computing infrastructure is more powerful and reliable than personal computing devices, the cloud storage server is not completely trusted due to various internal and external threats; therefore, users need to regularly check whether their data stored in the cloud server are intact. Therefore, in recent years, researchers have proposed a variety of schemes for data integrity auditing in cloud storage. Among them, in a part of public auditing schemes for cloud storage based on homomorphic authenticators, random sampling of data blocks, and random masking techniques, users need to store and maintain a two-dimensional (2D) table related to the index information of data blocks in the file. When a user’s outsource data need to be frequently updated to avoid forgery attacks due to the similar index value of data block being reused, the design and maintenance of the 2D table become cumbersome. In this study, to solve the abovementioned problem, an index–stub table structure was first proposed, which is simple and easy to maintain. On the basis of this structure, a third-party auditor auditing scheme with a privacy-preserving property was proposed for cloud storage. This scheme can effectively support various remote dynamic operations for outsource data at the block level. Then, a formal security proof for data integrity guarantee provided by the scheme was given under the random oracle model. A formal security analysis was also given for the privacy-preserving property of the audit protocol. Finally, the performance of the scheme was theoretically analyzed and compared with relevant experiments. Results indicate that the scheme has high efficiency.
-
Key words:
- cloud storage /
- privacy preserving /
- data integrity /
- third party auditing /
- index–stub table
-
圖 1 包含CSS、云用戶和TPA的云存儲架構
Figure 1. Cloud storage architecture with CSS, cloud users, and TPA
圖 4 批量審計與分別單獨審計的平均審計時間比較
Figure 4. Comparison of the average audit time between the batch audit and separate audit
表 1 索引–存根表
Table 1. Index–stub table
Serial number Stub 1 $ {\left(H\left({m}_{1}\right)\right)}^{\alpha /\beta }$ 2 $ {\left(H\left({m}_{2}\right)\right)}^{\alpha /\beta }$ $ \vdots $ $\vdots $ i $ {\left(H\left({m}_{i}\right)\right)}^{\alpha /\beta }$ $\vdots $ $\vdots $ n $ ({H\left({m}_{n}\right))}^{\alpha /\beta }$ 
下載: 導出CSV
表 2 符號和相關操作說明
Table 2. Notations of relevant operations
Notation Meaning $ {{\rm{M}}{\rm{u}}{\rm{l}}{\rm{t}}}_{{\rm{G}}}^{x}$ x multiplications in group G $ {{\rm{M}}{\rm{u}}{\rm{l}}{\rm{t}}}_{{G}_{T}}^{x}$ x multiplications in group GT $ {{\rm{M}}{\rm{u}}{\rm{l}}{\rm{t}}}_{{Z}_{p}}^{x}$ x multiplications in group Zp $ {{\rm{H}}{\rm{a}}{\rm{s}}{\rm{h}}}_{{Z}_{p}}^{x}$ x hash values into group Zp $ {{\rm{H}}{\rm{a}}{\rm{s}}{\rm{h}}}_{G}^{x}$ x hash values into group G $ {{\rm{A}}{\rm{d}}{\rm{d}}}_{{Z}_{p}}^{x}$ x additions on group Zp $ {{\rm{E}}{\rm{x}}{\rm{p}}}_{G}^{x}$ x exponentiations gt, where g∈G, t∈Zp $ {{\rm{E}}{\rm{x}}{\rm{p}}}_{{G}_{T}}^{x}$ x exponentiations $ {{g}_{T}}^{t}$, where gT∈GT, t∈Zp $ {{\rm{P}}{\rm{a}}{\rm{i}}{\rm{r}}}_{{G}_{T}}^{x}$ x pairings, $ e(u,v)$, where $ u, v \in G$, $ e(u,v)\in {G}_{T}$ $ {{\rm{P}}{\rm{R}}{\rm{P}}}_{S}^{x}$ x PRPs in $ {S=\left\{{0,1}\right\}}^{{{\rm{log}}}_{2}n}$ $ {{\rm{P}}{\rm{R}}{\rm{F}}}_{{Z}_{p}}^{x}$ x PRFs in Zp
下載: 導出CSV
表 3 不同的隱私保護方案之間的計算開銷比較
Table 3. Comparison of the computation overhead of different privacy-preserving schemes
Scheme User’s computation overhead Server’s computation overhead Verifier’s computation overhead Reference [5] $ {{\rm{E}}{\rm{x}}{\rm{p}}}_{G}^{n \cdot (s+2)}+{{\rm{M}}{\rm{u}}{\rm{l}}{\rm{t}}}_{G}^{n \cdot s}+{{\rm{H}}{\rm{a}}{\rm{s}}{\rm{h}}}_{G}^{n}$ $\begin{array}{l} { {\rm{P} }{\rm{a} }{\rm{i} }{\rm{r} } }_{ {G}_{T} }^{s}+{ {\rm{E} }{\rm{x} }{\rm{p} } }_{ {G}_{T} }^{s}+{ {\rm{E} }{\rm{x} }{\rm{p} } }_{G}^{c}+{ {\rm{M} }{\rm{u} }{\rm{l} }{\rm{t} } }_{G}^{c-1}+\\{ {\rm{M} }{\rm{u} }{\rm{l} }{\rm{t} } }_{ {Z}_{p} }^{(c+1) \cdot s}+{ {\rm{A} }{\rm{d} }{\rm{d} } }_{ {Z}_{p} }^{c \cdot s}+{ {\rm{H} }{\rm{a} }{\rm{s} }{\rm{h} } }_{ {Z}_{p} }^{1}\end{array}$ $\begin{array}{l} { {\rm{P} }{\rm{a} }{\rm{i} }{\rm{r} } }_{ {G}_{T} }^{2}+{ {\rm{E} }{\rm{x} }{\rm{p} } }_{G}^{s+c+2}+{ {\rm{M} }{\rm{u} }{\rm{l} }{\rm{t} } }_{G}^{c+s-1}+\\{ {\rm{M} }{\rm{u} }{\rm{l} }{\rm{t} } }_{ {G}_{T} }^{s}+{ {\rm{H} }{\rm{a} }{\rm{s} }{\rm{h} } }_{G}^{c}+{ {\rm{H} }{\rm{a} }{\rm{s} }{\rm{h} } }_{ {Z}_{p} }^{1}\end{array}$ Our scheme $\begin{array}{l} { {\rm{E} }{\rm{x} }{\rm{p} } }_{G}^{3 \cdot n+2}+{ {\rm{M} }{\rm{u} }{\rm{l} }{\rm{t} } }_{G}^{n}+{ {\rm{M} }{\rm{u} }{\rm{l} }{\rm{t} } }_{ {Z}_{p} }^{n \cdot s}+\\{ {\rm{A} }{\rm{d} }{\rm{d} } }_{ {Z}_{p} }^{n \cdot (s-1)}+{ {\rm{H} }{\rm{a} }{\rm{s} }{\rm{h} } }_{G}^{n} \end{array}$ $ \begin{array}{l} { { {\rm{P} }{\rm{a} }{\rm{i} }{\rm{r} } }_{ {G}_{T} }^{1}+{\rm{E} }{\rm{x} }{\rm{p} } }_{G}^{c+s+2}+{ {\rm{M} }{\rm{u} }{\rm{l} }{\rm{t} } }_{G}^{c}+{ {\rm{M} }{\rm{u} }{\rm{l} }{\rm{t} } }_{ {Z}_{p} }^{c+2}+\\ { {\rm{A} }{\rm{d} }{\rm{d} } }_{ {Z}_{p} }^{c}+{ {\rm{H} }{\rm{a} }{\rm{s} }{\rm{h} } }_{ {Z}_{p} }^{1}+{ {\rm{P} }{\rm{R} }{\rm{P} } }_{S}^{c}+{ {\rm{P} }{\rm{R} }{\rm{F} } }_{ {Z}_{p} }^{c}\end{array}$ $ \begin{array}{l} { {\rm{P} }{\rm{a} }{\rm{i} }{\rm{r} } }_{ {G}_{T} }^{2}+{ {\rm{E} }{\rm{x} }{\rm{p} } }_{G}^{c+s+2}+{ {\rm{M} }{\rm{u} }{\rm{l} }{\rm{t} } }_{G}^{c+s}+\\{ {\rm{M} }{\rm{u} }{\rm{l} }{\rm{t} } }_{ {G}_{T} }^{1}+ { {\rm{P} }{\rm{R} }{\rm{P} } }_{S}^{c}+{ {\rm{P} }{\rm{R} }{\rm{F} } }_{ {Z}_{p} }^{c} \end{array}$
下載: 導出CSV
259luxu-164<th id="5nh9l"></th> <strike id="5nh9l"></strike> <th id="5nh9l"><noframes id="5nh9l"><th id="5nh9l"></th> <strike id="5nh9l"></strike> <th id="5nh9l"><noframes id="5nh9l"> <th id="5nh9l"></th> <strike id="5nh9l"><noframes id="5nh9l"><span id="5nh9l"></span> <span id="5nh9l"><noframes id="5nh9l"><span id="5nh9l"></span> <strike id="5nh9l"><noframes id="5nh9l"><strike id="5nh9l"></strike> <span id="5nh9l"><noframes id="5nh9l"> <span id="5nh9l"><noframes id="5nh9l"> <span id="5nh9l"></span> <span id="5nh9l"><video id="5nh9l"></video></span> <th id="5nh9l"><noframes id="5nh9l"><th id="5nh9l"></th> -
參考文獻
[1] Mell P M, Grance T. SP 800-145. The NIST Definition of Cloud Computing. US: National Institute of Standards and Technology, 2011 [2] Ateniese G, Di Pietro R, Mancini L V, et al. Scalable and efficient provable data possession // Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks. Istanbul, 2008: 9 [3] Archer J, Boehme A, Cullinane D, et al. Top threats to cloud computing V1.0[J/OL]. Cloud Security Alliance. https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf [4] Zhu Y, Hu H X, Ahn G J, et al. Efficient audit service outsourcing for data integrity in clouds. J Syst Softw, 2012, 85(5): 1083 doi: 10.1016/j.jss.2011.12.024 [5] Wang C, Chow S S M, Wang Q, et al. Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput, 2013, 62(2): 362 doi: 10.1109/TC.2011.245 [6] Liu C, Ranjan R, Yang C, et al. MuR-DPA: Top-down levelled multi-replica merkle hash tree based secure public auditing for dynamic big data storage on cloud. IEEE Trans Comput, 2015, 64(9): 2609 doi: 10.1109/TC.2014.2375190 [7] Yu Y, Au M H, Ateniese G, et al. Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage. IEEE Trans Inf Forensics Secur, 2017, 12(4): 767 doi: 10.1109/TIFS.2016.2615853 [8] Mo Z, Zhou Y A, Chen S G, et al. Enabling non-repudiable data possession verification in cloud storage systems // 2014 IEEE 7th International Conference on Cloud Computing. Anchorage, 2014: 232 [9] Barsoum A F, Hasan M A. On verifying dynamic multiple data copies over cloud servers. Iacr Cryptology Eprint Archive, 2011 [10] Liu C W, Hsien W F, Yang C C, et al. A survey of public auditing for shared data storage with user revocation in cloud computing. Int J Netw Secur, 2016, 18(4): 650 [11] Shacham H, Waters B. Compact proofs of retrievability // International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2008: 90 [12] Kaltz J, Lindell Y. Introduction to Modern Cryptography: Principles and Protocols. British: Chapman and Hall/CRC, 2008 [13] Ateniese G, Burns R, Curtmola R, et al. Provable data possession at untrusted stores // Proceedings of the 14th ACM Conference on Computer and Communications Security. Alexandria, 2007: 598 [14] Juels A, Kaliski Jr B S. PORs: proofs of retrievability for large files // Proceedings of the 14th ACM Conference on Computer and Communications Security. Alexandria, 2007: 584 [15] Erway C C, Küp?ü A, Papamanthou C, et al. Dynamic provable data possession. ACM Trans Inf Syst Secur, 2015, 17(4): 15 [16] Wang Q, Wang C, Ren K, et al. Enabling public auditability and data dynamics for storage security in cloud computing. IEEE Trans Parallel Distrib Syst, 2011, 22(5): 847 doi: 10.1109/TPDS.2010.183 [17] Yuan J W, Yu S C. Pcpor: public and constant-cost proofs of retrievability in cloud1. J Comput Secur, 2015, 23(3): 403 doi: 10.3233/JCS-150525 [18] Zhang J D, Wang B C, He D B, et al. Improved secure fuzzy auditing protocol for cloud data storage. Soft Comput, 2019, 23(10): 3411 doi: 10.1007/s00500-017-3000-1 [19] Barsoum A F, Hasan M A. Provable multicopy dynamic data possession in cloud computing systems. IEEE Trans Inf Forensics Secur, 2015, 10(3): 485 doi: 10.1109/TIFS.2014.2384391 [20] Yuan J W, Yu S C. Public integrity auditing for dynamic data sharing with multiuser modification. IEEE Trans Inf Forensics Secur, 2015, 10(8): 1717 doi: 10.1109/TIFS.2015.2423264 [21] Wang H Q. Identity-based distributed provable data possession in multicloud storage. IEEE Trans Serv Comput, 2015, 8(2): 328 doi: 10.1109/TSC.2014.1 [22] Yang G Y, Yu J, Shen W T, et al. Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability. J Syst Softw, 2016, 113: 130 doi: 10.1016/j.jss.2015.11.044 [23] Li Y N, Yu Y, Yang B, et al. Privacy preserving cloud data auditing with efficient key update. Future Gener Comput Syst, 2018, 78: 789 doi: 10.1016/j.future.2016.09.003 [24] Hwang M S, Sun T H, Lee C C. Achieving dynamic data guarantee and data confidentiality of public auditing in cloud storage service. J Circuits Syst Comput, 2017, 26(5): 1750072 doi: 10.1142/S0218126617500724 [25] Wang C, Ren K, Lou W J, et al. Toward publicly auditable secure cloud data storage services. IEEE Netw, 2010, 24(4): 19 doi: 10.1109/MNET.2010.5510914 [26] Liu C, Chen J J, Yang L T, et al. Authorized public auditing of dynamic big data storage on cloud with efficient verifiable fine-grained updates. IEEE Trans Parallel Distrib Syst, 2014, 25(9): 2234 doi: 10.1109/TPDS.2013.191 [27] Shah M A, Baker M, Mogul J C, et al. Auditing to keep online storage services honest// HOTOS'07: Proceedings of the 11th USENIX workshop on Hot topics in operating systems. CA, 2007: Article No. : 11 [28] Pointcheval D, Stern J. Provably secure blind signature schemes // International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 1996: 252 [29] Zhao H C, Yao X X, Zheng X F, et al. User stateless privacy-preserving TPA auditing scheme for cloud storage. J Netw Comput Appl, 2019, 129: 62 doi: 10.1016/j.jnca.2019.01.005 [30] Zhao H C, Yao X X, Zheng X F. Privacy-preserving TPA auditing scheme based on skip list for cloud storage. Int J Netw Secur, 2019, 21(3): 451 [31] Boneh D, Franklin M. Identity-based encryption from the Weil pairing // Annual International Cryptology Conference. Berlin: Springer, 2001: 213 [32] Worku S G, Xu C X, Zhao J N, et al. Secure and efficient privacy-preserving public auditing scheme for cloud storage. Comput Electr Eng, 2014, 40(5): 1703 doi: 10.1016/j.compeleceng.2013.10.004 -
點擊查看大圖
圖(6) / 表(3)
計量
- 文章訪問數: 2437
- HTML全文瀏覽量: 1368
- PDF下載量: 28
- 被引次數: 0
