基于区块链的云存储安全研究进展

摘要/Abstract

摘要： 云存储使得用户能够随时随地通过网络连接按需获取廉价的在线存储服务,但因云服务提供商、第三方机构和用户的不可信以及不可避免的恶意攻击,存在诸多云存储安全漏洞。区块链拥有去中心化、持久性、匿名性和可审计性的特点,具有建立可信平台的潜力。因此,基于区块链技术的云存储安全机制研究已成为一种研究趋势。据此,首先概述云存储系统安全架构与区块链技术的安全性,然后从访问控制、完整性验证、重复数据删除和数据溯源4个方面进行文献综述与对比分析,最后对基于区块链的云存储安全进行技术挑战分析,并总结全文与展望未来。

关键词: 访问控制, 区块链, 数据溯源, 完整性验证, 云存储安全, 重复数据删除

Abstract: Cloud storage enables users to obtain cheap online storage services on demand through network connection anytime and anywhere.However,due to the untrustability of cloud service providers,third-party institutions and users as well as the inevitable malicious attacks,there are many security vulnerabilities of cloud storage.Blockchain has the potential to build a trusted platform with its characteristics of decentralization,persistence,anonymity and auditability.Therefore,the research on cloud storage security mechanism based on blockchain technology has become a research trend.Based on this,the security architecture of cloud sto-rage system and the security of blockchain technology are first outlined,then the literature review and comparative analysis are conducted from four aspects of access control,integrity verification,data deduplication and data provenance.Finally,the technical challenges of blockchain-based cloud storage security mechanism are analyzed,summarized and prospected.

Key words: Access control, Blockchain, Cloud storage security, Data deduplication, Data provenance, Integrity verification

中图分类号:

TP311

徐堃, 付印金, 陈卫卫, 张亚男. 基于区块链的云存储安全研究进展[J]. 计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015

XU Kun, FU Yin-jin, CHEN Wei-wei, ZHANG Ya-nan. Research Progress on Blockchain-based Cloud Storage Security Mechanism[J]. Computer Science, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015

参考文献

[1]CHAI Q,GONG G.Verifiable symmetric searchable encryption for semi-honest-but-curious cloud servers[C]//2012 IEEE International Conference on Communications (ICC).IEEE,2012:917-922.
[2]ALMORSY M,GRUNDY J,MÜLLER I.An analysis of thecloud computing security problem[J].arXiv:1609.01107,2016.
[3]WU J,PING L,GE X,et al.Cloud storage as the infrastructure of cloud computing[C]//2010 International Conference on Intelligent Computing and Cognitive Informatics.IEEE,2010:380-383.
[4]FU Y,LUO S,SHU J.Survey of Secure Cloud Storage System and Key Technologies[J].Journal of Computer Research and Development,2013(1):136-145.
[5]NAKAMOTO S.Bitcoin:A peer-to-peer electronic cash system[J/OL].Decentralized Business Review,2008:21260.https://www.researchgate.net/publication/228640975_Bitcoin_A_Peer-to-Peer_Electronic_Cash_System.
[6]ZHENG Z,XIE S,DAI H,et al.An Overview of BlockchainTechnology:Architecture,Consensus,and Future Trends[C]//IEEE International Congress on Big Data.Piscaway:IEEE,2017.
[7]SEGURA S D,PÉREZ-SOLÀ C,NAVARRO-ARRIBAS G,et al.Analysis of the Bitcoin UTXO Set[C]//22nd International Conference on Financial Cryptography and Data Security(FC 2018).2018.
[8]Protocol Labs.Filecoin:A Decentralized Storage Network[OL].https://filecoin.io/filecoin.pdf.
[9]BENET J.Ipfs-content addressed,versioned,p2p file system[J].arXiv:1407.3561,2014.
[10]WILKINSON S.Storj A Peer-to-Peer Cloud Storage Network[OL]. http://storj.io/storj.pdf.
[11]VORICK D,CHAMPINE L.Sia:Simple decentralized storage[OL].https://blockchainlab.com/pdf/whitepaper3.pdf.
[12]LAMBDA P.A Blockchain Infrastructure Providing Unlimited Storage Capabilities[OL].https://www.lambdastorage.com/doc/Lambda%E7%BB%8F%E6%B5%8E%E7%99%BD%E7%9A%AE%E4%B9%A6.pdf.
[13]TAVIZI T,SHAJARI M,DODANGEH P.A usage controlbased architecture for cloud environments[C]//2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum.IEEE,2012:1534-1539.
[14]LIN G Y,HE S,HUANG H,et al.Access control security mo-del based on behavior in cloud computing environment[J].Journal on Communications,2012,33(3):59-66.
[15]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]//2007 IEEE Symposium on Security and Privacy (SP'07).IEEE,2007:321-334.
[16]SOHRABI N,YI X,TARI Z,et al.BACC:blockchain-based access control for cloud data[C]//Proceedings of the Australasian Computer Science Week Multiconference.2020:1-10.
[17]GUO J,YANG W,LAM K Y,et al.Using blockchain to control access to cloud data[C]//International Conference on Information Security and Cryptology.Springer,Cham,2018:274-288.
[18]YANG C,TAN L,SHI N,et al.AuthPrivacyChain:A blockchain-based access control framework with privacy protection in cloud[J].IEEE Access,2020,8:70604-70615.
[19]SUKHODOLSKIY I,ZAPECHNIKOV S.A blockchain-based access control system for cloud storage[C]//2018 IEEE Confe-rence of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus).IEEE,2018:1575-1578.
[20]WANG S,WANG X,ZHANG Y.A secure cloud storage framework with access control based on blockchain[J].IEEE Access,2019,7:112713-112725.
[21]QIN X,HUANG Y,YANG Z,et al.A Blockchain-based access control scheme with multiple attribute authorities for secure cloud data sharing[J].Journal of Systems Architecture,2021,112:101854.
[22]GAO S,PIAO G,ZHU J,et al.TrustAccess:A trustworthy secure ciphertext-policy and attribute hiding access control scheme based on blockchain[J].IEEE Transactions on Vehicular Technology,2020,69(6):5784-5798.
[23]GUO L,YANG X,YAU W C.TABE-DAC:Efficient Traceable Attribute-Based Encryption Scheme With Dynamic Access Control Based on Blockchain[J].IEEE Access,2021,9:8479-8490.
[24]QIN X,HUANG Y,YANG Z,et al.LBAC:A lightweightblockchain-based access control scheme for the internet of things[J].Information Sciences,2021,554:222-235.
[25]KUMAR R,PALANISAMY B,SURAL S.BEAAS:Blockchain Enabled Attribute-Based Access Control as a Service[C]//2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC).IEEE,2021:1-3.
[26]WANG S,ZHANG Y,ZHANG Y.A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems[J].IEEE Access,2018,6:38437-38450.
[27]SCHIAVO F P,SASSONE V,NICOLETTI L,et al.Faas:Fe-deration-as-a-service[J].arXiv:1612.03937,2016.
[28]FERDOUS M S,MARGHERI A,PACI F,et al.Decentralisedruntime monitoring for access control systems in cloud federations[C]//2017 IEEE 37th International Conference on Distri-buted Computing Systems (ICDCS).IEEE,2017:2632-2633.
[29]ALANSARI S,PACI F,SASSONE V.A distributed access control system for cloud federations[C]//2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).IEEE,2017:2131-2136.
[30]PRIYADHARSHINI B,PARVATHI P.Data integrity in cloud storage[C]//IEEE-international conference on advances in engineering,science and management (ICAESM-2012).IEEE,2012:261-265.
[31]YANG C.Research on Blockchain-based Cloud Storage Data Integrity Detection[D].School of Computer Science and Enginee-ring,2020.
[32]GAETANI E,ANIELLO L,BALDONI R,et al.Blockchain-based database to ensure data integrity in cloud computing environments[C]//the First Italian Conference on Cybersecurity (ITASEC17).2017:146-155.
[33]ZIKRATOV I,KUZMIN A,AKIMENKO V,et al.Ensuring data integrity using blockchain technology[C]//2017 20thConfe-rence of Open Innovations Association (FRUCT).IEEE,2017:534-539.
[34]WEI P C,WANG D,ZHAO Y,et al.Blockchain data-basedcloud data integrity protection mechanism[J].Future Generation Computer Systems,2020,102:902-911.
[35]XUE J,XU C,ZHAO J,et al.Identity-based public auditing for cloud storage systems against malicious auditors via blockchain[J].Science China Information Sciences,2019,62(3):32104.
[36]ZHANG G,YANG Z,XIE H,et al.A secure authorized dedupli-cation scheme for cloud data based on blockchain[J].Information Processing & Management,2021,58(3):102510.
[37]LI S,LIU J,YANG G,et al.A Blockchain-Based Public Auditing Scheme for Cloud Storage Environment without Trusted Auditors[J].Wireless Communications and Mobile Computing,2020,2020:8841711.
[38]LI J,WU J,JIANG G,et al.Blockchain-based public auditing for big data in cloud storage[J].Information Processing & Management,2020,57(6):102382.
[39]PINHEIRO A,CANEDO E D,DE SOUSA R T,et al.Monitoring File Integrity Using Blockchain and Smart Contracts[J].IEEE Access,2020,8:198548-198579.
[40]ZHANG C,XU Y,HU Y,et al.A blockchain-based multi-cloud storage data auditing scheme to locate faults[J].IEEE Transactions on Cloud Computing,2021:3057771.
[41]YUE D,LI R,ZHANG Y,et al.Blockchain based data integrity verification in P2P cloud storage[C]//2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS).IEEE,2018:561-568.
[42]XUE J,XU C,ZHANG Y,et al.DStore:a distributed cloudstorage system based on smart contracts and blockchain[C]//International Conference on Algorithms and Architectures for Parallel Processing.Cham:Springer,2018:385-401.
[43]WANG J,PENG F,TIAN H,et al.Public auditing of log integrity for cloud storage systems via blockchain[C]//International Conference on Security and Privacy in New Computing Environments.Cham:Springer,2019:378-387.
[44]ZHANG Y,XU C,LIN X,et al.Blockchain-based public integrity verification for cloud storage against procrastinating auditors[J].IEEE Transactions on Cloud Computing,2019:2908400.
[45]YUAN H,CHEN X,WANG J,et al.Blockchain-based public auditing and secure deduplication with fair arbitration[J].Information Sciences,2020,541:409-425.
[46]DOUCEUR J R,ADYA A,BOLOSKY W J,et al.Reclaiming space from duplicate files in a serverless distributed file system[C]//Proceedings 22nd International Conference on Distributed Computing Systems.IEEE,2002:617-624.
[47]BELLARE M,KEELVEEDHI S,RISTENPART T.Message-locked encryption and secure deduplication[C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.Springer,Berlin,Heidelberg,2013:296-312.
[48]LI Y,ZHU L,SHEN M,et al.Cloudshare:towards a cost-efficient and privacy-preserving alliance cloud using permissioned blockchains[C]//International Conference on Mobile Networks and Management.Springer,Cham,2017:339-352.
[49]LI J,WU J,CHEN L,et al.Deduplication with blockchain for secure cloud storage[C]//CCF Conference on Big Data.Sprin-ger,Singapore,2018:558-570.
[50]ZHANG G,XIE H,YANG Z,et al.BDKM:A Blockchain-Based Secure Deduplication Scheme with Reliable Key Management[J].Neural Processing Letters,2021(3):1-18.
[51]ZHANG G,YANG Z,XIE H,et al.A secure authorized deduplication scheme for cloud data based on blockchain[J].Information Processing & Management,2021,58(3):102510.
[52]HUANG H,CHEN Q,ZHOU Y,et al.Blockchain-Based Secure Cloud Data Deduplication with Traceability[C]//International Conference on Blockchain and Trustworthy Systems.Springer,Singapore,2020:295-302.
[53]XU Y,ZHANG C,WANG G,et al.A blockchain-enabled deduplicatable data auditing mechanism for network storage services[J/OL].IEEE Transactions on Emerging Topics in Computing,2020.https://www.researchgate.net/publication/342539890_A_Blockchain-enabled_Deduplicatable_Data_Auditing_Mechanism_for_Network_Storage_Services.
[54]MING H,ZHANG Y,FU X.Survey of Data Provenance[J].Journal of Chinese Computer Systems,2012(9):1917-1923.
[55]GAI K,GUO J,ZHU L,et al.Blockchain meets cloud computing:a survey[J].IEEE Communications Surveys & Tutorials,2020,22(3):2009-2030.
[56]LIANG X,SHETTY S S,TOSH D,et al.ProvChain:Block-chain-based Cloud Data Provenance[M].Blockchain for Distri-buted Systems Security,2019:67-94.
[57]ZHANG Y,LIN X,XU C.Blockchain-based secure data provenance for cloud storage[C]//International Conference on Information and Communications Security.Springer,Cham,2018:3-19.
[58]LIANG X,SHETTY S,TOSH D,et al.Provchain:A block-chain-based data provenance architecture in cloud environment with enhanced privacy and availability[C]//2017 17th IEEE/ACM International Symposium on Cluster,Cloud and Grid Computing (CCGRID).IEEE,2017:468-477.
[59]Tierion:Blockchain Proof Engine | API[OL].2018.https://tierion.com.
[60]SIFAH E B,XIA Q,AGYEKUM K O B O,et al.A Blockchain Approach to Ensuring Provenance to Outsourced Cloud Data in a Sharing Ecosystem[J/OL].IEEE Systems Journal,2021:3068224.https://ieeexplore.ieee.org/document/9405789.
[61]SHETTY S,RED V,KAMHOUA C,et al.Data provenance assurance in the cloud using blockchain[C]//Disruptive Technologies in Sensors and Sensor Systems.International Society for Optics and Photonics,2017,10206:1020601.
[62]TOSH D,SHETTY S,LIANG X,et al.Data provenance in the cloud:A blockchain-based approach[J].IEEE Consumer Electronics Magazine,2019,8(4):38-44.
[63]LI H,GAI K,FANG Z,et al.Blockchain-enabled data provenance in cloud datacenter reengineering[C]//Proceedings of the 2019 ACM International Symposium on Blockchain and Secure Critical Infrastructure.2019:47-55.
[64]ALI S,WANG G,BHUIYAN M Z A,et al.Secure data provenance in cloud-centric internet of things via blockchain smart contracts[C]//2018 IEEE SmartWorld,Ubiquitous Intelligence &Computing,Advanced & Trusted Computing,Scalable Computing &Communications,Cloud & Big Data Computing,Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/ SCI).IEEE,2018:991-998.
[65]SHAFAGH H,BURKHALTER L,HITHNAWI A,et al.Towards blockchain-based auditable storage and sharing of IoT data[C]//Proceedings of the 2017 on Cloud Computing Security Workshop.2017:45-50.
[66]SIDDIQUI M S,ALI T,NADEEM A,et al.BlockTrack-L:A lightweight blockchain-based provenance message tracking in IoT[J].International Journal of Advanced Computer Science and Applications,2020,11(4):463-470.
[67]POURVAHAB M,EKBATANIFARD G.Digital forensics ar-chitecture for evidence collection and provenance preservation in iaas cloud environment using sdn and blockchain technology[J].IEEE Access,2019,7:153349-153364.
[68]ZHANG Y,WU S,JIN B,et al.A blockchain-based process provenance for cloud forensics[C]//2017 3rd IEEE Internatio-nal Conference on Computer and Communications (ICCC).IEEE,2017:2470-2473.
[69]GOURU N,VADLAMANI N L.DistProv-Data Provenance in Distributed Cloud for Secure Transfer of Digital Assets with Ethereum Blockchain using ZKP[M]//Cyber Warfare and Terrorism:Concepts,Methodologies,Tools,and Applications.IGI Global,2020:866-890.
[70]BERNABE J B,CANOVAS J L,HERNANDEZ-RAMOS J L,et al.Privacy-preserving solutions for blockchain:Review and challenges[J].IEEE Access,2019,7:164908-164940.
[71]JOSHI A P,HAN M,WANG Y.A survey on security and privacy issues of blockchain technology[J].Mathematical Foundations of Computing,2018,1(2):121-147.
[72]CHAUM D L.Untraceable electronic mail,return addresses,and digital pseudonyms[J].Communications of the ACM,1981,24(2):84-90.
[73]GOLDREICH O,MICALI S,WIGDERSON A.Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems[J].Journal of the ACM (JACM),1991,38(3):690-728.
[74]RIVEST R L,SHAMIR A,TAUMAN Y.How to leak a secret:Theory and applications of ring signatures[M]//Theoretical Computer Science.Springer,Berlin,Heidelberg,2006:164-186.
[75]DWORK C,ROTH A.The algorithmic foundations of differential privacy[J].Foundations and Trends in Theoretical Compu-ter Science,2014,9(3/4):211-407.
[76]BACK A,CORALLO M,DASHJR L,et al.Enabling blockchain innovations with pegged sidechains[OL].http://www.opensciencereview.com/papers/123/enablingblockchain-innovations-with-pegged-sidechains,2014,72.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed