计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (1): 401-411.doi: 10.11896/jsjkx.231200081

• 信息安全 • 上一篇    下一篇

基于身份的密钥隔离的多云多副本可证数据持有方案

周杰, 王化群   

  1. 南京邮电大学计算机学院 南京 210023
  • 收稿日期:2023-12-12 修回日期:2024-05-29 出版日期:2025-01-15 发布日期:2025-01-09
  • 通讯作者: 王化群(whq@njupt.edu.cn)
  • 作者简介:(zhoujiewish@163.com)
  • 基金资助:
    国家自然科学基金(U23B2002)

Identity-based Key-insulated Provable Multi-copy Data Possession in Multi-cloud Storage

ZHOU Jie, WANG Huaqun   

  1. School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
  • Received:2023-12-12 Revised:2024-05-29 Online:2025-01-15 Published:2025-01-09
  • About author:ZHOU Jie,born in 1997,postgraduate.His main research interests include cryptography and information security.
    WANG Huaqun,born in 1974,Ph.D,professor.His main research interests include cryptography,blockchain and cloud computing security.
  • Supported by:
    National Natural Science Foundation of China(U23B2002).

PDF (PC)

123

摘要: 可证数据持有方案(Provable Data Possession,PDP)可以让用户在不下载全部数据的情况下验证其外包数据是否完好无损。为了提高外包数据的可用性和安全性,许多用户将数据的多个副本存储在单云服务器上,但是单云服务器在发生故障或者其他意外情况时,用户存储的数据副本也会遭到破坏因而无法恢复原始数据。同时,许多可证数据持有方案依赖于公钥基础设施(Public Key Infrastructure,PKI)技术,存在密钥管理问题。此外,现有的可证数据持有方案大多是在用户端使用密钥对数据进行处理。由于用户端的安全意识较弱或者安全设置较低,密钥可能会有泄露的风险。恶意云一旦获得了用户端的密钥,就可以通过伪造虚假的数据持有证明来隐藏数据丢失的事件。基于上述问题,提出了一种基于身份的密钥隔离的多云多副本可证数据持有方案(Identity-Based Key-Insulated Provable Multi-Copy Data Possession in Multi-Cloud Storage,IDKIMC-PDP)。基于身份的可证数据持有方案消除了公钥基础设施技术中复杂的证书管理。多云多副本确保了即使在某个云服务器上的副本被篡改或者被破坏的情况下,用户仍然可以从其他云服务器上获取副本并恢复数据。同时,方案中使用了密钥隔离技术实现了前向和后向安全。即使某一时间段内的密钥泄露,其他时间段内云存储审计的安全性也不会受到影响。给出了该方案的正式定义、系统模型和安全模型;在标准困难问题下,给出了该方案的安全性证明。安全性分析表明,IDKIMC-PDP方案具有强抗密钥泄露性、可检测性以及数据块标签和证明的不可伪造性。实验结果表明,与现有的多云多副本相关方案相比,IDKIMC-PDP方案具有相对较高的效率。

关键词: 可证数据持有, 密钥隔离, 基于身份的签名, 多云多副本

Abstract: Provable data possession(PDP) allows users to verify that their outsourced data is intact without downloading all the data.To improve the availability and security of outsourced data,many users store multiple copies of their data on a single server.In case of a single cloud server failure or other unexpected circumstances,the data copy stored by users will be damaged and the original data cannot be restored.At the same time,many PDP schemes rely on the technique of public key infrastructure(PKI),which has key management problems.In addition,most of the existing PDP schemes use the key to process the data on the client side.Because the security awareness of the client is weak or the security settings are low,the key may be exposed.Once the malicious cloud obtains the client’s key,it can hide the event of data loss by forging false proof of data possession.Based on the above problems,we propose a scheme called identity-based key-insulated provable multi-copy data possession in multi-cloud storage.Identity-based PDP scheme eliminates complex certificate management in the technique of public key infrastructure.Multi-copy in multi-cloud ensures that if all copies in one cloud server are tampered with or corrupted,users can still obtain copies from other cloud servers and recover data.At the same time,the key-insulated technology is used to realize forward and backward security.Even if the key is exposed in a certain period of time,the security of cloud storage auditing in other periods of time is not affec-ted.The formal definition,system model and security model of the scheme are given.The security proof of the scheme is given under the standard difficult problem.The security analysis shows that the proposed scheme has strong anti-key leakage,detectability and unforgeability of data block authenticator and proofs.Experimental results show that compared with the existing multi-cloud and multi-copy related schemes,the proposed scheme has relatively high efficiency.

Key words: Provable data possession, Key-insulated, Identity-based signature, Multi-copy in multi-cloud

中图分类号: 

  • TP309
[1]WANG W,REN L,CHEN L,et al.Intrusion detection and security calculation in industrial cloud storage based on an improved dynamic immune algorithm[J].Information Sciences,2018,501:543-557.
[2]ZAFAR F,KHAN A,MALIK S U R,et al.A survey of cloud computing data integrity schemes:design challenges,taxonomy and future trends[J].Computers & Security,2017,65:29-49.
[3]DODIS Y,KATZ J,XU S H,et al.Key-insulated public key cryptosystems[C]//Proceedings of the Eurocrypt 2002.Berlin,Heidelberg:Springer,2002:65-82.
[4]ATENIESE G,BURNS R,CURTMOLA R,et al.Provable data possession at untrusted stores[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.New York:Association for Computing Machinery,2007:598-609.
[5]ERWAY C,KÜPÇÜ A,PAPAMANTHOU C,et al.Dynamic provable data possession[J].ACM Transactions on Information and System Security,2015,17(4):15.
[6]WANG C,CHOW S S M,WANG Q,et al.Privacy-Preserving Public Auditing for Secure Cloud Storage[J].IEEE Transactions on Computers,2013,62(2):362-375.
[7]ZHU Y,HU H X,YU M Y,et al.Cooperative Provable Data Possession for Integrity Verification in Multicloud Storage[J].IEEE Transactions on Parallel and Distributed Systems,2012,23(12):2231-2244.
[8]WANG H Q,WU Q H,QIN B,et al.Identity-based remote data possession checking in public clouds[J].IET Information Secu-rity,2014,8(2):114-121.
[9]CHEN R N,LI Y N,YU Y,et al.Blockchain-BasedDynamic Provable Data Possession for Smart Cities[J].IEEE Internet of Things Journal,2020,7(5):4143-4154.
[10]WANG H Q,WANG Q H,HE D B.Blockchain-Based Private Provable Data Possession[J].IEEE Transactions on Dependable and Secure Computing,2021,18(5):2379-2389.
[11]DU J M,DONG G F,NING J G,et al.A Blockchain-Assisted Certificateless Public Cloud Data Integrity Auditing Scheme[J].IEEE Access,2023,11:123018-123029.
[12]YANG X,WU L B,ZHANG Z Z,et al.Survey on Blockchain-based Integrity Validating for Cloud Data[J].Journal of Chinese Computer Systems,2023,44(11):2369-2376.
[13]WANG H Q,HE D B,YU J,et al.Incentive and Unconditionally Anonymous Identity-Based Public Provable Data Possession[J].IEEE Transactions on Services Computing,2019,12(5):824-835.
[14]ZHANG X J,LIU Q,ZHENG S,et al.Verifiable Cloud Data Sharing Scheme that Supports Privacy Protection[J].Computer Engineering,2023,49(3):49-57.
[15]LI T,WANG H Q,HE D B,et al.Synchronized Provable Data Possession Based on Blockchain for Digital Twin[J].IEEE Transactions on Information Forensics and Security,2022,17:472-485.
[16]YANG Y,CHEN Y J,CHEN F,et al.An Efficient Identity-Based Provable Data Possession Protocol With Compressed Cloud Storage[J].IEEE Transactions on Information Forensics and Security,2022,17:1359-1371.
[17]CURTMOLA R,KHAN O,BURNS R,et al.MR-PDP:Multiple-Replica Provable Data Possession[C]//Proceedings of the 28th International Conference on Distributed Computing Systems.IEEE,2008:411-420.
[18]YUAN Y L,ZHANG J B,XU W S.Dynamic Multiple-Replica Provable Data Possession in Cloud Storage System[J].IEEE Access,2020,8:120778-120784.
[19]LIU Z P,LIU Y,YANG X W,et al.Integrity Auditing forMulti-Copy in Cloud Storage Based on Red-Black Tree[J].IEEE Access,2021,9:75117-75131.
[20]ZHOU L,FU A M,YANG G M,et al.Efficient Certificateless Multi-Copy Integrity Auditing Scheme Supporting Data Dyna-mics[J].IEEE Transactions on Dependable and Secure Computing,2022,19(2):1118-1132.
[21]ZHOU L,FU A M,MU Y,et al.Multicopy provable data possession scheme supporting data dynamics for cloud-based Electronic Medical Record system[J].Information Sciences,2021,545:254-276.
[22]LI J G,YAN H,ZHANG Y C.Efficient Identity-Based Provable Multi-Copy Data Possession in Multi-Cloud Storage[J].IEEE Transactions on Cloud Computing,2022,10(1):356-365.
[23]MIAO Y,HUANG Q,XIAO M Y,et al.Blockchain Assisted Multi-Copy Provable Data Possession With Faults Localization in Multi-Cloud Storage[J].IEEE Transactions on Information Forensics and Security,2022,17:3663-3676.
[24]WENG J,LIU S L,CHEN K F,et al.Identity-Based Key-Insulated Signature with Secure Key-Updates[C]//Proceedings of International Conference on Information Security and Cryptology.Berlin,Heidelberg:Springer,2006:13-26.
[25]VASUDEVA REDDY P,GOPAL P V S S N.Identity-basedkey-insulated aggregate signature scheme[J].Journal of King Saud University-Computer and Information Sciences,2017,29(3):303-310.
[26]HANAOKA G,HANAOKA Y,IMAI H.Parallel Key-Insulated Public Key Encryption[C]//Proceedings of the PKC 2006.Berlin,Heidelberg:Springer,2006:105-122.
[27]HOU Y,XIONG H,HUANG X,et al.Certificate-Based Parallel Key-Insulated Aggregate Signature Against Fully Chosen Key Attacks for Industrial Internet of Things[J].IEEE Internet of Things Journal,2021,8(11):8935-8948.
[28]CUI J,LU J,ZHONG H,et al.Parallel Key-Insulated Multiuser Searchable Encryption for Industrial Internet of Things[J].IEEE Transactions on Industrial Informatics,2022,18(7):4875-4883.
[29]YU J,REN K,WANG C,et al.Enabling Cloud Storage Auditing With Key-Exposure Resistance[J].IEEE Transactions on Information Forensics and Security,2015,10(6):1167-1179.
[30]YU J,WANG H Q.Strong Key-Exposure Resilient Auditing for Secure Cloud Storage[J].IEEE Transactions on Information Forensics and Security,2017,12(8):1931-1940.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发