计算机科学

计算机科学 ›› 2026, Vol. 53 ›› Issue (3): 459-468.doi: 10.11896/jsjkx.241200102

• 信息安全 • 上一篇    

云存储环境下具有审计功能的高效数据共享方案

张宇航1, 常金勇1,2, 杨璐瑶1, 徐茂智3   

  1. 1 西安建筑科技大学信息与控制工程学院 西安 710055
    2 西安电子科技大学空天地一体化综合业务网全国重点实验室 西安 710055
    3 北京大学数学科学学院 北京 100871
  • 收稿日期:2024-12-16 修回日期:2025-03-10 发布日期:2026-03-12
  • 通讯作者: 常金勇(changjinyong@xauat.edu.cn)
  • 作者简介:(460160811@qq.com)
  • 基金资助:
    国家自然科学基金(62476212,62072363);ISN全国重点实验室开放课题(ISN25-02);西安建筑科技大学交叉培育项目(X20220088)

Efficient Data Sharing Scheme with Integrity Auditing Functions in Cloud Storage

ZHANG Yuhang1, CHANG Jinyong1,2, YANG Luyao1, XU Maozhi3   

  1. 1 School of Information and Control Engineering, Xi’an University of Architecture and Technology, Xi’an 710055, China
    2 State Key Laboratory of ISN, Xidian University, Xi’an 710055, China
    3 School of Mathematic Sciences, Peking University, Beijing 100871, China
  • Received:2024-12-16 Revised:2025-03-10 Online:2026-03-12
  • About author:ZHANG Yuhang,born in 1999,postgraduate,is a member of CCF(No.Y0752G).His main research interests inlcude cryptography and communications.
    CHANG Jinyong,born in 1982,Ph.D,professor.His main research interests include cryptography and information security.
  • Supported by:
    National Natural Science Foundation of China(62476212,62072363),Open Project of State Key Laboratory of Integrated Services Networks(ISN25-02) and Project of Interdisciplinary Cultivation in Xi’an University of Architecture and Technology(X20220088).

PDF (PC)

104

摘要: 随着云存储技术的普及,其安全性问题也越来越突出:云服务器可能因故障或外部攻击导致用户的存储数据丢失;同时,基于云存储的数据共享过程还可能面临恶意用户的非法访问风险。现有研究多聚焦于云存储环境下单一安全性功能的实现。对此,在对云存储数据完整性进行安全审计的基础上,完成了数据共享过程的安全访问控制。在数据完整性审计过程中,采用基于身份的同态认证技术为存储数据生成标签,用户通过验证云服务器返回的聚合标签可以获知其存储数据的完整性,从而解决云存储数据意外丢失的问题;在数据共享阶段,采用基于属性加密与对称加密结合的混合形式,不仅可以降低外包数据的计算、通信和存储开销,还可以实现对未授权用户的控制权限管理,从而解决数据共享过程中的高效性与权限管理的平衡问题。性能分析表明,所设计的系统在数据完整性审计和共享过程中均具有较低的计算、通信开销以及存储冗余,为云存储环境下的数据安全存储与高效共享提供了新的研究思路。

关键词: 云存储, 完整性审计, 数据共享, 基于属性加密

Abstract: With the popularity of cloud storage technology,the accompanying security is becoming more and more prominent:cloud servers may lose users’ stored data due to failures or external attacks,while the process of sharing data based on cloud sto-rage may also face the risk of unauthorized access by malicious users.Existing research mostly focuses on the implementation of a single security feature in cloud storage environments.In this paper,secure access control of data sharing process is accomplished on the basis of security audit of cloud storage data integrity.In the process of data integrity auditing,identity-based homomorphic authentication technology is used to generate tags for the stored data,and the user can be informed of the integrity of the stored data by verifying the aggregated tags returned by the cloud server,thus solving the problem of accidental loss of cloud storage data.In the data sharing phase,the hybrid form of attribute-based encryption and symmetric encryption can not only reduce the computation,communication and storage overhead of outsourced data,but also achieve the control of privilege management for unauthorized users,thus solving the problem of balancing high efficiency and privilege management during data sharing.The performance analysis shows that thedesigned system has low computation and communication overheads as well as storage redundancy in both data integrity auditing and sharing processes,which provides new research ideas for secure data storage and efficient sharing in cloud storage environment.

Key words: Cloud storage, Integrity auditing, Data sharing, Attribute-based encryption

中图分类号: 

  • TP391
[1]LYU Z,LOU R,LI J,et al.Big Data Analytics for 6G-enabledMassive Internet of Things[J].IEEE Internet of Things Journal,2021,8(7):5350-5359.
[2]GE C,SUSILO W,LIU Z,et al.Secure Keyword Search and Data Sharing Mechanism for Cloud Computing[J].IEEE Transactions on Dependable and Secure Computing,2021,18(6):2787-2800.
[3]HUANG P,FAN K,YANG H,et al.A Collaborative Auditing Blockchain for Trustworthy Data Integrity in Cloud Storage system[J].IEEE Access,2020,8:94780-94794.
[4]GE C,SUSILO W,BAEK J,et al.Revocable Attribute-BasedEncryption with Data Integrity in Clouds[J].IEEE Transactions on Dependable and Secure Computing,2021,19(5):2864-2872.
[5]SHEN W,YU J,YANG M,et al.Efficient Identity-Based Data Integrity Auditing with Key-Exposure Resistance for Cloud Storage[J].IEEE Transactions on Dependable and Secure Computing,2022,20(6):4593-4606.
[6]LIU Z,WANG S,LIU Y.Block-Based Integrity Auditing forShared Data in Storage with File Prediction[J].Computer Networks,2023,236:110040.
[7]DING R,XU Y,ZHONG H,et al.An Efficient Integrity Che-cking Scheme with Full Identity Anonymity for Cloud Data Sharing[J].IEEE Transactions on Cloud Computing,2023,11(3):2922-2935.
[8]ATENIESE G,BURNS R,CURTMOLA R,et al.Provable Data Possession at Untrusted Stores[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.New York:ACM,2007:598-609.
[9]JUELS A,KALISKI B S.PORs:Proofs of Retrievability forLarge Files[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.New York:ACM,2007:584-597.
[10]WANG C,CHOW S,WANG Q,et al.Privacy-Preserving Public Auditing for Secure Cloud Storage[J].IEEE Transactions on Computers,2013,62(2):362-375.
[11]TIAN H,GAN N,PENG F,et al.Smart Contract-Based Public Integrity Auditing for Cloud Storage Against Malicious Auditiors[J].Future Generation Computer Systems.2025,166:107709.
[12]PENG W,LU T,WANG Z,et al.An Efficient Blockchain-Based Framework for File Sharing[J].Scientific Reports,2024,14:18009.
[13]SHEN W,QIN J,YU J,et al.Enabling Identity-Based Integrity Auditing and Data Sharing with Sensitive Information Hiding for Secure Cloud Storage[J].IEEE Transactions on Information Forensics and Security,2018,14(2):331-345.
[14]LIU Z,REN L,LI R,et al,ID-based Sanitizable Signature Data Integrity Auditing Scheme with Privacy-Preserving[J].Compu-ters & Security,2022,121:102858.
[15]SINGH P,SAGAR S,SINGH S,et al.Blockchain-Enabled Verification of Medical Records Using Soul-Bound Tokens and Cloud Computing[J].Scientific Reports,2024,14:24830.
[16]FENG S,DENG L,GAO Y,et al.Blockchain-Based Remote Data Integrity Auditing Scheme with Deduplication Mechanism[J].Cluster Computing-The Journal of Networks Software Tools and Applications,2025,28(1):33-47.
[17]ZHANG X,SU Y,QIN J.A Dynamic Searchable Symmetric Encryption Scheme for Multiuser with Forward and Backward Security[J].Security and Communication Networks,2020,1:1-13.
[18]GOYAL V,PANDEY O,SAHAI A,et al.Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.New York:ACM,2006:89-98.
[19]WATERS B.Ciphertext-Policy Attribute-Based Encryption:An Expressive,Efficient,and Provably Secure Eealization[C]//International Workshop on Public Key Cryptography.Berlin:Springer,2011:53-70.
[20]LI H,PEI L,LIAO D,et al.FADE:A Fine-Grained Access Control Scheme for VANET Data Based on Blockchain[J].IEEE Access,2020,8:85190-85203.
[21]DUAN X,LI Y,XU Y,et al.An Authentication Scheme with Attribute-Based Encryption for Power Internet of Things[C]//Proceedings of the 2024 3rd International Conference on Networks,Communications and Information Technology.New York:ACM,2024:161-165.
[22]QIAO J,WANG N,FU J,et al.A Lightweight CP-ABE Scheme for EHR Over Cloud Based on Blockchain and Secure Multi-Party Computation[J].Transactions on Emerging Telecommunications Technologies,2025,36:70053.
[23]XIONG H,WANG H,MENG W,et al.Attribute-Based dataSharing Scheme with Flexible Search Functionality for Cloud-Assisted Autonomous Transportation System[J].IEEE Transactions on Industrial Informatics,2023,19(11):10977-10986.
[24]GUO Z,WANG G,LI Y,et al.Accountable Attribute-Based Data-Sharing Scheme Based on Blockchain for Vehicular Ad Hoc Network[J].IEEE Internet of Things Journal,2023,10(8):7011-7026.
[25]SONG C,CHEN L,WU X,et al.A Secure Data Sharing Model Utilizing Attribute-Based Signcryption in Blockchain Technology[J].Sensors.2025,25:160.
[26]ZHANG W X,YAN Y X,WU Y H,et al.Certificateless Sanitizable Signature Scheme in Cloud Storage[J].Computer Systems &Applications,2023,32(1):281-287.
[27]KIM H,JEON Y,KIM G,et al.PIPO:A Lightweight Block Cipher with Efficient Higher-Order Masking Software Implementations[C]//Information Conference on Information Security & Cryptology.Cham:Springer,2020:99-122.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市两江新区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发