一种面向云存储的数据动态验证方案

摘要/Abstract

摘要： 云存储是一种新型的数据存储体系结构,云储存中数据的安全性、易管理性等也面临着新的挑战。由于用户在本地不再保留任何数据副本,无法确保云中数据的完整性,因此保护云端数据的完整性是云数据安全性研究的重点方向。数据完整性证明(Provable Data Integrity,PDI)被认为是解决这一问题的重要手段。文中提出了一种面向云存储环境的、基于格的数据完整性验证方案。本方案在已有研究的基础上,基于带权默克尔树(Ranked Merkle Hash Tree,RMHT),实现了云数据的动态验证。方案实现了数据粒度的签名,降低了用户方生成认证标签所需的消耗;引入RMHT对数据进行更改验证,支持数据动态更新;具有较强的隐私保护能力,在验证过程中对用户的原始数据进行盲化,使得第三方无法获取用户的真实数据信息,用户的数据隐私得到了有效的保护。此外,为了防止恶意第三方对云服务器发动拒绝服务攻击,方案中只有授权的第三方才能对用户数据进行完整性验证,这在保护云服务器安全的同时也保障了用户数据的隐私性。安全分析和性能分析表明,该方案不仅具有不可伪造性、隐私保护等特性,其签名计算量也优于同类算法。

关键词: 带权默克尔树, 格密码, 公开验证, 授权验证, 云存储

Abstract: Cloud storage is a novel data storage architecture.The security and manageability of data in cloud storage are also facing new challenges.Because users no longer store any copies of the data in their local memory,they cannot fully ensure whether the outsourced data are intact overall.How to protect the data integrity in the cloud has become a hot topic in academic research.The protocol of Provable Data Integrity (PDI) was considered to be the main method to solve this problem,this paper presented lattice-based provable data integrity for checking the integrity of the data in the cloud.The proposed scheme realizes the dynamic data verification by incorporating the idea of Ranked Merkle Hash Tree (RMHT) and lattice-based technology.The scheme realizes the fine-grained signature and reduces the computational cost required by the user to generate the authentication tag.The scheme introduces the RMHT to perform the modification verification of the data and supports the dynamic update of the data.It has strong privacy protection capability,blinds the users original data during the verification process,and the third party cannot obtain users real data information.Moreover,in order to prevent malicious third parties from launching denial-of-service attacks on cloud servers,only authorized third parties can verify the integrity of user data.Finally,security analysis and performance ana-lysis show that the proposed scheme not only has characteristics of unforgeability and privacy protection,but also greatly reduces the computational cost of signature.

Key words: Authorization checking, Cloud storage, Lattice-based cryptography, Public verification, Ranked merkle hash tree (RMHT)

中图分类号:

TP309

李树全,刘磊,朱大勇,熊超,李锐. 一种面向云存储的数据动态验证方案[J]. 计算机科学, 2020, 47(2): 256-261. https://doi.org/10.11896/jsjkx.181202371

LI Shu-quan,LIU Lei,ZHU Da-yong,XIONG Chao,LI Rui. Protocol of Dynamic Provable Data Integrity for Cloud Storage[J]. Computer Science, 2020, 47(2): 256-261. https://doi.org/10.11896/jsjkx.181202371

参考文献

[1]WEI L,ZHU H,CAO Z,et al.SecCloud:Bridging Secure Stora-ge and Computation in Cloud[C]∥IEEE International Conference on Distributed Computing Systems Workshops.IEEE,2010.
[2]FENG D G,ZHANG M,ZHANG Y.et al.Study on Cloud Computing Security[J].Journal of Software,2011,22(1):71-83.
[3]THANGAVEL M,VARALAKSHMI P,SINDHUJA R,et al.A survey on provable data possession in cloud storage[C]∥Eighth International Conference on Advanced Computing.IEEE,2017.
[4]ATENIESE G,BURNS R,CURTMOLA R,et al.Provable data possession at untrusted stores [C]∥Proceedings of the 14th ACM Conference on Computer and Communications Security.2007:598-609.
[5]SHEN J,SHEN J,CHEN X,et al.An Efficient Public Auditing Protocol With Novel Dynamic Structure for Cloud Data[J].IEEE Transactions on Information Forensics & Security,2017,12(10):2402-2415.
[6]JIN Y,CAI C,HE H,et al.BTDA:Dynamic Cloud Data Updating Audit Scheme Based on Semi-trusted Third Party[J].Computer Science,2018,45(3):144-150.
[7]RAZAQUE A,RIZVI S S.Privacy preserving model:a new scheme for auditing cloud stakeholders[J].Journal of Cloud Computing,2017,6(1):7.
[8]SHOR SHOR P W.Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer[J].SIAM Review,1999,41(2):303-332.
[9]MICCIANCIO D,REGEV O.Worst-Case to Average-Case Reductions Based on Gaussian Measures[C]∥45th Annual IEEE Symposium on Foundations of Computer Science.IEEE,2004:372-381.
[10]BUCHMANN J,LINDNER R,SCHNEIDER M.Post-quantum cryptography:lattice signatures[J].Computing,2009,85(1/2):105-125.
[11]GENTRY C,PEIKERT C,VAIKUNTANATHAN V.Trap-doors for hard lattices and new cryptographic constructions[C]∥Proceedings of the 40th Annual ACM Symposium on Theory of Computing.Victoria:ACM,2008.
[12]PEIKERT C.Bonsai trees (or,arboriculture in lattice based cryptog2raphy)[J].Manuscript,2009(1／2):147-191.
[13]LING S,NGUYEN K,ROUX-LANGLOIS A,et al.A lattice-based group signature scheme with verifier-local revocation[J].Theoretical Computer Science,2018,730:1-20.
[14]GAO W,CHEN L,HU Y,et al.Lattice-based deniable ring signatures[J].International Journal of Information Security,2019,18(3):355-370.
[15]WANG F H,HU Y P,WANG B C.Lattice-based linearly homomorphic signature scheme over binary field[J].Science China(Information Sciences),2013,56(11):1-9.
[16]LIU H,CAO W.Public Proof of Cloud Storage from Lattice Assumption[J].Chinese Journal of Electronics,2014,23(1):186-190.
[17]ZHANG X,XU C,ZHANG Y,et al.Insecurity of a Public Proof of Cloud Storage from Lattice Assumption[J].Chinese Journal of Electronics,2017,26(1):88-92.
[18]ZHANG X,XU C.Efficient Identity-Based Public Auditing Scheme for Cloud Storage from Lattice Assumption[C]∥IEEE,17th International Conference on Computational Science and Engineering(CSE 2014).2014:1819-1826.
[19]MERKLE R C.A Digital Signature Based on a Conventional Encryption Function[M]∥Advances in Cryptology-CRYPTO ’87.Berlin:Springer,1988:369-378.
[20]WANG Y X,YANG Q,CHENG W,et al.Application of lattice-based linearly homomo-rphic signatures in cloud[J].CHINA SCIEN-PAPER,2016,11(20):2381-2386.
[21]LIU Z,LIAO Y,YANG X,et al.Identity-Based Remote Data Integrity Checking of Cloud Storage From Lattices[C]∥International Conference on Big Data Computing & Communications.2017:128-135.
[22]YAN Y,WU L,GAO G,et al.A dynamic integrity verification scheme of cloud storage data based on lattice and Bloom filter[J].Journal of Information Security & Applications,2018,39(C):10-18.
[23]ALWEN J,PEIKERT C.Generating Shorter Bases for Hard Random Lattices[J].Theory of Computing Systems,2011,48(3):535-553.
[24]LIU C,CHEN J,YANG L T,et al.Authorized Public Auditing of Dynamic Big Data Storage on Cloud with Efficient Verifiable Fine-Grained Updates[J].IEEE Transactions on Parallel & Distributed Systems,2014,25(9):2234-2244.
[25]SOOKHAK M,YU R,ZOMAYA A.Auditing Big Data Storage in Cloud Computing Using Divide and Conquer Tables[J].IEEE Transactions on Parallel and Distributed Systems,2017,29(5):999-1012.
[26]AGRAWAL S,BONEH D,BOYEN X.Lattice Basis Delegation in Fixed Dimension and Shorter-Ciphertext Hierarchical IBE.[C]∥Annual Cryptology Conference.Berlin:Springer,2010:98-115.

相关文章 15

[1]	钱心缘, 吴文渊. 基于R-SIS和R-LWE构建的IBE加密方案 Identity-based Encryption Scheme Based on R-SIS/R-LWE 计算机科学, 2021, 48(6): 315-323. https://doi.org/10.11896/jsjkx.200700215
[2]	郑嘉彤, 吴文渊. 基于MLWE的双向可否认加密方案 Practical Bi-deniable Encryption Scheme Based on MLWE 计算机科学, 2021, 48(3): 307-312. https://doi.org/10.11896/jsjkx.200100024
[3]	徐堃, 付印金, 陈卫卫, 张亚男. 基于区块链的云存储安全研究进展 Research Progress on Blockchain-based Cloud Storage Security Mechanism 计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015
[4]	李莹, 于亚新, 张宏宇, 李振国. 基于TBchain区块链的高可信云存储模型 High Trusted Cloud Storage Model Based on TBchain Blockchain 计算机科学, 2020, 47(9): 330-338. https://doi.org/10.11896/jsjkx.190800147
[5]	陈利锋, 朱路平. 一种基于云端加密的FPGA自适应动态配置方法 Encrypted Dynamic Configuration Method of FPGA Based on Cloud 计算机科学, 2020, 47(7): 278-281. https://doi.org/10.11896/jsjkx.190700110
[6]	马潇潇, 黄艳. 大属性可公开追踪的密文策略属性基加密方案 Publicly Traceable Accountable Ciphertext Policy Attribute Based Encryption Scheme Supporting Large Universe 计算机科学, 2020, 47(6A): 420-423. https://doi.org/10.11896/JsJkx.190700131
[7]	张茜, 王箭. 用户身份可追踪的云共享数据完整性审计方案 Public Integrity Auditing for Shared Data in Cloud Supporting User Identity Tracking 计算机科学, 2020, 47(6): 303-309. https://doi.org/10.11896/jsjkx.190600079
[8]	白利芳, 祝跃飞, 芦斌. 云数据存储安全审计研究及进展 Research and Development of Data Storage Security Audit in Cloud 计算机科学, 2020, 47(10): 290-300. https://doi.org/10.11896/jsjkx.191000111
[9]	乔毛,秦岭. 云存储服务中一种高效属性撤销的AB-ACCS方案 AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services 计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015
[10]	谢四江,贾倍,王鹤,许世聪. 基于多分支路径树的云存储大数据完整性证明机制 Cloud Big Data Integrity Verification Scheme Based on Multi-branch Tree 计算机科学, 2019, 46(3): 188-196. https://doi.org/10.11896/j.issn.1002-137X.2019.03.028
[11]	顾晨阳, 付伟, 刘金龙, 孙刚. 云存储中的ORAM研究综述 Survey of ORAM Research in Cloud Storage 计算机科学, 2019, 46(11A): 341-347.
[12]	吴修国, 刘翠. 云存储系统中最小开销的数据副本布局转换策略 Data Replicas Distribution Transition Strategy in Cloud Storage System 计算机科学, 2019, 46(10): 202-208. https://doi.org/10.11896/jsjkx.180901623
[13]	金瑜,蔡超,何亨,李鹏. BTDA:基于半可信第三方的动态云数据更新审计方案 BTDA:Dynamic Cloud Data Updating Audit Scheme Based on Semi-trusted Third Party 计算机科学, 2018, 45(3): 144-150. https://doi.org/10.11896/j.issn.1002-137X.2018.03.023
[14]	刘宴涛, 刘珩. 一种基于网络编码的云存储系统 Cloud Storage System Based on Network Coding 计算机科学, 2018, 45(12): 293-298. https://doi.org/10.11896／j.issn.1002-137X.2018.12.047
[15]	庞晓琼, 任孟琦, 王田琪, 陈文俊, 聂梦飞. 一种支持完美隐私保护的批处理数据拥有性证明方案 Perfect Privacy-preserving Batch Provable Data Possession 计算机科学, 2018, 45(11): 130-137. https://doi.org/10.11896／j.issn.1002-137X.2018.11.019

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed