计算机科学 ›› 2021, Vol. 48 ›› Issue (11): 102-115.doi: 10.11896/jsjkx.210600015

• 区块链技术* 上一篇    下一篇

基于区块链的云存储安全研究进展

徐堃, 付印金, 陈卫卫, 张亚男   

  1. 陆军工程大学指挥控制工程学院 南京210007
  • 收稿日期:2021-06-01 修回日期:2021-07-12 出版日期:2021-11-15 发布日期:2021-11-10
  • 通讯作者: 陈卫卫(njcww@qq.com)
  • 作者简介:1255284410@qq.com
  • 基金资助:
    国家自然科学基金(61402518);江苏省自然科学基金(BK20191327)

Research Progress on Blockchain-based Cloud Storage Security Mechanism

XU Kun, FU Yin-jin, CHEN Wei-wei, ZHANG Ya-nan   

  1. College of Command and Control Engineering,Army Engineering University of PLA,Nanjing 210007,China
  • Received:2021-06-01 Revised:2021-07-12 Online:2021-11-15 Published:2021-11-10
  • About author:XU Kun,born in 1997,postgraduate.Her main research interests include cloud storage and blockchain.
    CHEN Wei-wei,born in 1967,professor,is a member of China Computer Federation .Her main research interests include services computing and cloud computing.
  • Supported by:
    National Natural Science Foundation of China(61402518) and Natural Science Foundation of Jiangsu Province(BK20191327).

摘要: 云存储使得用户能够随时随地通过网络连接按需获取廉价的在线存储服务,但因云服务提供商、第三方机构和用户的不可信以及不可避免的恶意攻击,存在诸多云存储安全漏洞。区块链拥有去中心化、持久性、匿名性和可审计性的特点,具有建立可信平台的潜力。因此,基于区块链技术的云存储安全机制研究已成为一种研究趋势。据此,首先概述云存储系统安全架构与区块链技术的安全性,然后从访问控制、完整性验证、重复数据删除和数据溯源4个方面进行文献综述与对比分析,最后对基于区块链的云存储安全进行技术挑战分析,并总结全文与展望未来。

关键词: 云存储安全, 区块链, 访问控制, 完整性验证, 重复数据删除, 数据溯源

Abstract: Cloud storage enables users to obtain cheap online storage services on demand through network connection anytime and anywhere.However,due to the untrustability of cloud service providers,third-party institutions and users as well as the inevitable malicious attacks,there are many security vulnerabilities of cloud storage.Blockchain has the potential to build a trusted platform with its characteristics of decentralization,persistence,anonymity and auditability.Therefore,the research on cloud storage security mechanism based on blockchain technology has become a research trend.Based on this,the security architecture of cloud sto-rage system and the security of blockchain technology are first outlined,then the literature review and comparative analysis are conducted from four aspects of access control,integrity verification,data deduplication and data provenance.Finally,the technical challenges of blockchain-based cloud storage security mechanism are analyzed,summarized and prospected.

Key words: Cloud storage security, Blockchain, Access control, Integrity verification, Data deduplication, Data provenance

中图分类号: 

  • TP311
[1]CHAI Q,GONG G.Verifiable symmetric searchable encryption for semi-honest-but-curious cloud servers[C]//2012 IEEE International Conference on Communications (ICC).IEEE,2012:917-922.
[2]ALMORSY M,GRUNDY J,MÜLLER I.An analysis of thecloud computing security problem[J].arXiv:1609.01107,2016.
[3]WU J,PING L,GE X,et al.Cloud storage as the infrastructure of cloud computing[C]//2010 International Conference on Intelligent Computing and Cognitive Informatics.IEEE,2010:380-383.
[4]FU Y,LUO S,SHU J.Survey of Secure Cloud Storage System and Key Technologies[J].Journal of Computer Research and Development,2013(1):136-145.
[5]NAKAMOTO S.Bitcoin:A peer-to-peer electronic cash system[J/OL].Decentralized Business Review,2008:21260.https://www.researchgate.net/publication/228640975_Bitcoin_A_Peer-to-Peer_Electronic_Cash_System.
[6]ZHENG Z,XIE S,DAI H,et al.An Overview of BlockchainTechnology:Architecture,Consensus,and Future Trends[C]//IEEE International Congress on Big Data.Piscaway:IEEE,2017.
[7]SEGURA S D,PÉREZ-SOLÀ C,NAVARRO-ARRIBAS G,et al.Analysis of the Bitcoin UTXO Set[C]//22nd International Conference on Financial Cryptography and Data Security(FC 2018).2018.
[8]Protocol Labs.Filecoin:A Decentralized Storage Network[OL].https://filecoin.io/filecoin.pdf.
[9]BENET J.Ipfs-content addressed,versioned,p2p file system[J].arXiv:1407.3561,2014.
[10]WILKINSON S.Storj A Peer-to-Peer Cloud Storage Network[OL]. http://storj.io/storj.pdf.
[11]VORICK D,CHAMPINE L.Sia:Simple decentralized storage[OL].https://blockchainlab.com/pdf/whitepaper3.pdf.
[12]LAMBDA P.A Blockchain Infrastructure Providing Unlimited Storage Capabilities[OL].https://www.lambdastorage.com/doc/Lambda%E7%BB%8F%E6%B5%8E%E7%99%BD%E7%9A%AE%E4%B9%A6.pdf.
[13]TAVIZI T,SHAJARI M,DODANGEH P.A usage controlbased architecture for cloud environments[C]//2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum.IEEE,2012:1534-1539.
[14]LIN G Y,HE S,HUANG H,et al.Access control security mo-del based on behavior in cloud computing environment[J].Journal on Communications,2012,33(3):59-66.
[15]BETHENCOURT J,SAHAI A,WATERS B.Ciphertext-policy attribute-based encryption[C]//2007 IEEE Symposium on Security and Privacy (SP'07).IEEE,2007:321-334.
[16]SOHRABI N,YI X,TARI Z,et al.BACC:blockchain-based access control for cloud data[C]//Proceedings of the Australasian Computer Science Week Multiconference.2020:1-10.
[17]GUO J,YANG W,LAM K Y,et al.Using blockchain to control access to cloud data[C]//International Conference on Information Security and Cryptology.Springer,Cham,2018:274-288.
[18]YANG C,TAN L,SHI N,et al.AuthPrivacyChain:A blockchain-based access control framework with privacy protection in cloud[J].IEEE Access,2020,8:70604-70615.
[19]SUKHODOLSKIY I,ZAPECHNIKOV S.A blockchain-based access control system for cloud storage[C]//2018 IEEE Confe-rence of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus).IEEE,2018:1575-1578.
[20]WANG S,WANG X,ZHANG Y.A secure cloud storage framework with access control based on blockchain[J].IEEE Access,2019,7:112713-112725.
[21]QIN X,HUANG Y,YANG Z,et al.A Blockchain-based access control scheme with multiple attribute authorities for secure cloud data sharing[J].Journal of Systems Architecture,2021,112:101854.
[22]GAO S,PIAO G,ZHU J,et al.TrustAccess:A trustworthy secure ciphertext-policy and attribute hiding access control scheme based on blockchain[J].IEEE Transactions on Vehicular Technology,2020,69(6):5784-5798.
[23]GUO L,YANG X,YAU W C.TABE-DAC:Efficient Traceable Attribute-Based Encryption Scheme With Dynamic Access Control Based on Blockchain[J].IEEE Access,2021,9:8479-8490.
[24]QIN X,HUANG Y,YANG Z,et al.LBAC:A lightweightblockchain-based access control scheme for the internet of things[J].Information Sciences,2021,554:222-235.
[25]KUMAR R,PALANISAMY B,SURAL S.BEAAS:Blockchain Enabled Attribute-Based Access Control as a Service[C]//2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC).IEEE,2021:1-3.
[26]WANG S,ZHANG Y,ZHANG Y.A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems[J].IEEE Access,2018,6:38437-38450.
[27]SCHIAVO F P,SASSONE V,NICOLETTI L,et al.Faas:Fe-deration-as-a-service[J].arXiv:1612.03937,2016.
[28]FERDOUS M S,MARGHERI A,PACI F,et al.Decentralisedruntime monitoring for access control systems in cloud federations[C]//2017 IEEE 37th International Conference on Distri-buted Computing Systems (ICDCS).IEEE,2017:2632-2633.
[29]ALANSARI S,PACI F,SASSONE V.A distributed access control system for cloud federations[C]//2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).IEEE,2017:2131-2136.
[30]PRIYADHARSHINI B,PARVATHI P.Data integrity in cloud storage[C]//IEEE-international conference on advances in engineering,science and management (ICAESM-2012).IEEE,2012:261-265.
[31]YANG C.Research on Blockchain-based Cloud Storage Data Integrity Detection[D].School of Computer Science and Enginee-ring,2020.
[32]GAETANI E,ANIELLO L,BALDONI R,et al.Blockchain-based database to ensure data integrity in cloud computing environments[C]//the First Italian Conference on Cybersecurity (ITASEC17).2017:146-155.
[33]ZIKRATOV I,KUZMIN A,AKIMENKO V,et al.Ensuring data integrity using blockchain technology[C]//2017 20thConfe-rence of Open Innovations Association (FRUCT).IEEE,2017:534-539.
[34]WEI P C,WANG D,ZHAO Y,et al.Blockchain data-basedcloud data integrity protection mechanism[J].Future Generation Computer Systems,2020,102:902-911.
[35]XUE J,XU C,ZHAO J,et al.Identity-based public auditing for cloud storage systems against malicious auditors via blockchain[J].Science China Information Sciences,2019,62(3):32104.
[36]ZHANG G,YANG Z,XIE H,et al.A secure authorized dedupli-cation scheme for cloud data based on blockchain[J].Information Processing & Management,2021,58(3):102510.
[37]LI S,LIU J,YANG G,et al.A Blockchain-Based Public Auditing Scheme for Cloud Storage Environment without Trusted Auditors[J].Wireless Communications and Mobile Computing,2020,2020:8841711.
[38]LI J,WU J,JIANG G,et al.Blockchain-based public auditing for big data in cloud storage[J].Information Processing & Management,2020,57(6):102382.
[39]PINHEIRO A,CANEDO E D,DE SOUSA R T,et al.Monitoring File Integrity Using Blockchain and Smart Contracts[J].IEEE Access,2020,8:198548-198579.
[40]ZHANG C,XU Y,HU Y,et al.A blockchain-based multi-cloud storage data auditing scheme to locate faults[J].IEEE Transactions on Cloud Computing,2021:3057771.
[41]YUE D,LI R,ZHANG Y,et al.Blockchain based data integrity verification in P2P cloud storage[C]//2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS).IEEE,2018:561-568.
[42]XUE J,XU C,ZHANG Y,et al.DStore:a distributed cloudstorage system based on smart contracts and blockchain[C]//International Conference on Algorithms and Architectures for Parallel Processing.Cham:Springer,2018:385-401.
[43]WANG J,PENG F,TIAN H,et al.Public auditing of log integrity for cloud storage systems via blockchain[C]//International Conference on Security and Privacy in New Computing Environments.Cham:Springer,2019:378-387.
[44]ZHANG Y,XU C,LIN X,et al.Blockchain-based public integrity verification for cloud storage against procrastinating auditors[J].IEEE Transactions on Cloud Computing,2019:2908400.
[45]YUAN H,CHEN X,WANG J,et al.Blockchain-based public auditing and secure deduplication with fair arbitration[J].Information Sciences,2020,541:409-425.
[46]DOUCEUR J R,ADYA A,BOLOSKY W J,et al.Reclaiming space from duplicate files in a serverless distributed file system[C]//Proceedings 22nd International Conference on Distributed Computing Systems.IEEE,2002:617-624.
[47]BELLARE M,KEELVEEDHI S,RISTENPART T.Message-locked encryption and secure deduplication[C]//Annual International Conference on the Theory and Applications of Cryptographic Techniques.Springer,Berlin,Heidelberg,2013:296-312.
[48]LI Y,ZHU L,SHEN M,et al.Cloudshare:towards a cost-efficient and privacy-preserving alliance cloud using permissioned blockchains[C]//International Conference on Mobile Networks and Management.Springer,Cham,2017:339-352.
[49]LI J,WU J,CHEN L,et al.Deduplication with blockchain for secure cloud storage[C]//CCF Conference on Big Data.Sprin-ger,Singapore,2018:558-570.
[50]ZHANG G,XIE H,YANG Z,et al.BDKM:A Blockchain-Based Secure Deduplication Scheme with Reliable Key Management[J].Neural Processing Letters,2021(3):1-18.
[51]ZHANG G,YANG Z,XIE H,et al.A secure authorized deduplication scheme for cloud data based on blockchain[J].Information Processing & Management,2021,58(3):102510.
[52]HUANG H,CHEN Q,ZHOU Y,et al.Blockchain-Based Secure Cloud Data Deduplication with Traceability[C]//International Conference on Blockchain and Trustworthy Systems.Springer,Singapore,2020:295-302.
[53]XU Y,ZHANG C,WANG G,et al.A blockchain-enabled deduplicatable data auditing mechanism for network storage services[J/OL].IEEE Transactions on Emerging Topics in Computing,2020.https://www.researchgate.net/publication/342539890_A_Blockchain-enabled_Deduplicatable_Data_Auditing_Mechanism_for_Network_Storage_Services.
[54]MING H,ZHANG Y,FU X.Survey of Data Provenance[J].Journal of Chinese Computer Systems,2012(9):1917-1923.
[55]GAI K,GUO J,ZHU L,et al.Blockchain meets cloud computing:a survey[J].IEEE Communications Surveys & Tutorials,2020,22(3):2009-2030.
[56]LIANG X,SHETTY S S,TOSH D,et al.ProvChain:Block-chain-based Cloud Data Provenance[M].Blockchain for Distri-buted Systems Security,2019:67-94.
[57]ZHANG Y,LIN X,XU C.Blockchain-based secure data provenance for cloud storage[C]//International Conference on Information and Communications Security.Springer,Cham,2018:3-19.
[58]LIANG X,SHETTY S,TOSH D,et al.Provchain:A block-chain-based data provenance architecture in cloud environment with enhanced privacy and availability[C]//2017 17th IEEE/ACM International Symposium on Cluster,Cloud and Grid Computing (CCGRID).IEEE,2017:468-477.
[59]Tierion:Blockchain Proof Engine | API[OL].2018.https://tierion.com.
[60]SIFAH E B,XIA Q,AGYEKUM K O B O,et al.A Blockchain Approach to Ensuring Provenance to Outsourced Cloud Data in a Sharing Ecosystem[J/OL].IEEE Systems Journal,2021:3068224.https://ieeexplore.ieee.org/document/9405789.
[61]SHETTY S,RED V,KAMHOUA C,et al.Data provenance assurance in the cloud using blockchain[C]//Disruptive Technologies in Sensors and Sensor Systems.International Society for Optics and Photonics,2017,10206:1020601.
[62]TOSH D,SHETTY S,LIANG X,et al.Data provenance in the cloud:A blockchain-based approach[J].IEEE Consumer Electronics Magazine,2019,8(4):38-44.
[63]LI H,GAI K,FANG Z,et al.Blockchain-enabled data provenance in cloud datacenter reengineering[C]//Proceedings of the 2019 ACM International Symposium on Blockchain and Secure Critical Infrastructure.2019:47-55.
[64]ALI S,WANG G,BHUIYAN M Z A,et al.Secure data provenance in cloud-centric internet of things via blockchain smart contracts[C]//2018 IEEE SmartWorld,Ubiquitous Intelligence &Computing,Advanced & Trusted Computing,Scalable Computing &Communications,Cloud & Big Data Computing,Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/ SCI).IEEE,2018:991-998.
[65]SHAFAGH H,BURKHALTER L,HITHNAWI A,et al.Towards blockchain-based auditable storage and sharing of IoT data[C]//Proceedings of the 2017 on Cloud Computing Security Workshop.2017:45-50.
[66]SIDDIQUI M S,ALI T,NADEEM A,et al.BlockTrack-L:A lightweight blockchain-based provenance message tracking in IoT[J].International Journal of Advanced Computer Science and Applications,2020,11(4):463-470.
[67]POURVAHAB M,EKBATANIFARD G.Digital forensics ar-chitecture for evidence collection and provenance preservation in iaas cloud environment using sdn and blockchain technology[J].IEEE Access,2019,7:153349-153364.
[68]ZHANG Y,WU S,JIN B,et al.A blockchain-based process provenance for cloud forensics[C]//2017 3rd IEEE Internatio-nal Conference on Computer and Communications (ICCC).IEEE,2017:2470-2473.
[69]GOURU N,VADLAMANI N L.DistProv-Data Provenance in Distributed Cloud for Secure Transfer of Digital Assets with Ethereum Blockchain using ZKP[M]//Cyber Warfare and Terrorism:Concepts,Methodologies,Tools,and Applications.IGI Global,2020:866-890.
[70]BERNABE J B,CANOVAS J L,HERNANDEZ-RAMOS J L,et al.Privacy-preserving solutions for blockchain:Review and challenges[J].IEEE Access,2019,7:164908-164940.
[71]JOSHI A P,HAN M,WANG Y.A survey on security and privacy issues of blockchain technology[J].Mathematical Foundations of Computing,2018,1(2):121-147.
[72]CHAUM D L.Untraceable electronic mail,return addresses,and digital pseudonyms[J].Communications of the ACM,1981,24(2):84-90.
[73]GOLDREICH O,MICALI S,WIGDERSON A.Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems[J].Journal of the ACM (JACM),1991,38(3):690-728.
[74]RIVEST R L,SHAMIR A,TAUMAN Y.How to leak a secret:Theory and applications of ring signatures[M]//Theoretical Computer Science.Springer,Berlin,Heidelberg,2006:164-186.
[75]DWORK C,ROTH A.The algorithmic foundations of differential privacy[J].Foundations and Trends in Theoretical Compu-ter Science,2014,9(3/4):211-407.
[76]BACK A,CORALLO M,DASHJR L,et al.Enabling blockchain innovations with pegged sidechains[OL].http://www.opensciencereview.com/papers/123/enablingblockchain-innovations-with-pegged-sidechains,2014,72.
[1] 郭显, 王雨悦, 冯涛, 曹来成, 蒋泳波, 张迪. 基于区块链的工业控制系统角色委派访问控制机制[J]. 计算机科学, 2021, 48(9): 306-316.
[2] 王日宏, 周航, 徐泉清, 张立锋. 用于联盟链的非拜占庭容错共识算法[J]. 计算机科学, 2021, 48(9): 317-323.
[3] 张小艳, 李秦伟, 付福杰. 基于数字承诺的区块链交易金额保密验证方法[J]. 计算机科学, 2021, 48(9): 324-329.
[4] 周艺华, 贾玉欣, 贾立圆, 方嘉博, 侍伟敏. 基于红黑树的共享电子病历数据完整性验证方案[J]. 计算机科学, 2021, 48(9): 330-336.
[5] 刘嘉琪, 刘贝丽, 彭韬, 段江, 康立, 陈智. 基于区块链的音频版权存证模型[J]. 计算机科学, 2021, 48(6A): 438-442.
[6] 唐飞, 陈云龙, 冯卓. 基于区块链和代理重加密的电子处方共享方案[J]. 计算机科学, 2021, 48(6A): 498-503.
[7] 程学林, 杨小虎, 卓崇魁. 基于组织架构的数据权限控制模型研究与实现[J]. 计算机科学, 2021, 48(6A): 558-562.
[8] 李嘉明, 赵阔, 屈挺, 刘晓翔. 基于知识图谱的区块链物联网领域研究分析[J]. 计算机科学, 2021, 48(6A): 563-567.
[9] 潘瑞杰, 王高才, 黄珩逸. 云计算下基于动态用户信任度的属性访问控制[J]. 计算机科学, 2021, 48(5): 313-319.
[10] 郭上铜, 王瑞锦, 张凤荔. 区块链技术原理与应用综述[J]. 计算机科学, 2021, 48(2): 271-281.
[11] 王卫红, 陈震宇. 基于改进区块链的智能制造安全模型[J]. 计算机科学, 2021, 48(2): 295-302.
[12] 季钰翔, 黄建华, 王喆, 郑红, 唐瑞琮. 基于信任度匹配的改进PBFT共识算法[J]. 计算机科学, 2021, 48(2): 303-310.
[13] 闫凯伦, 张继连. 一种可用于数据和模型分享的模型链[J]. 计算机科学, 2021, 48(2): 311-316.
[14] 曹萌, 于洋, 梁英, 史红周. 基于区块链的大数据交易关键技术与发展趋势[J]. 计算机科学, 2021, 48(11A): 184-190.
[15] 代闯闯, 栾海晶, 杨雪莹, 过晓冰, 陆忠华, 牛北方. 区块链技术研究综述[J]. 计算机科学, 2021, 48(11A): 500-508.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] 杨羽琦,章国安,金喜龙. 车载自组织网络中基于车辆密度的双簇头路由协议[J]. 计算机科学, 2018, 45(4): 126 -130 .
[2] 厉柏伸,李领治,孙涌,朱艳琴. 基于伪梯度提升决策树的内网防御算法[J]. 计算机科学, 2018, 45(4): 157 -162 .
[3] 冉正,罗蕾,晏华,李允. AUTOSAR可运行实体-任务自动映射方法研究[J]. 计算机科学, 2018, 45(4): 190 -195 .
[4] 司念文,王衡军,李伟,单义栋,谢鹏程. 基于注意力长短时记忆网络的中文词性标注模型[J]. 计算机科学, 2018, 45(4): 66 -70 .
[5] 项英倬, 谭菊仙, 韩杰思, 石浩. 图匹配技术研究[J]. 计算机科学, 2018, 45(6): 27 -31 .
[6] 侯林清, 蔡英, 范艳芳, 夏红科. 移动社交网中基于兴趣社区的消息传输方案[J]. 计算机科学, 2018, 45(6): 105 -110 .
[7] 黄一龙, 李培峰, 朱巧明. 事件因果与时序关系识别的联合推理模型[J]. 计算机科学, 2018, 45(6): 204 -207 .
[8] 刘惊雷, 廖士中. CP-nets学习的复杂度[J]. 计算机科学, 2018, 45(6): 211 -215 .
[9] 陈玉金, 李续武, 邢瑞康. 基于证据理论的三支决策模型[J]. 计算机科学, 2018, 45(6): 241 -246 .
[10] 李宗鑫, 秦勃, 王梦倩. 基于时空关系模型的交通信号灯的实时检测与识别[J]. 计算机科学, 2018, 45(6): 314 -319 .