计算机科学

计算机科学 ›› 2020, Vol. 47 ›› Issue (6): 303-309.doi: 10.11896/jsjkx.190600079

• 信息安全 • 上一篇    下一篇

用户身份可追踪的云共享数据完整性审计方案

张茜, 王箭   

  1. 南京航空航天大学计算机科学与技术学院 南京211106
  • 收稿日期:2019-06-17 出版日期:2020-06-15 发布日期:2020-06-10
  • 通讯作者: 王箭(wangjian@nuaa.edu.cn)
  • 作者简介:zhangxi105@nuaa.edu.cn

Public Integrity Auditing for Shared Data in Cloud Supporting User Identity Tracking

ZHANG Xi, WANG Jian   

  1. College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China
  • Received:2019-06-17 Online:2020-06-15 Published:2020-06-10
  • About author:ZHANG Xi,born in 1995,postgraduate,is a member of China Computer Federation.Her main research interests include cloud computing security and applied cryptography.
    WANG Jian,born in 1968,Ph.D,professor,Ph.D supervisor,is a member of China Computer Federation.His main research interests include key management,cryptographic protocoland privacy protection.

PDF (PC)

633

摘要: 云端共享数据完整性审计用于验证一个用户群组共享在云端的数据的完整性。与单用户的数据完整性审计相比,群组共享数据的完整性审计需要考虑用户撤销、身份隐私保护等问题。如果数据出现争议或其他情况,还需要对数据的来源进行追踪,目前已有的云共享数据完整性审计方案尚未能很好地处理这个问题。为了实现数据源的追踪,并保证高效的用户撤销和用户身份隐私的保护,文中提出基于群签名算法的云共享数据完整性审计方案。当需要追踪数据块签名者的身份时,群管理员可利用自己的私钥对数据块签名者的身份进行追踪,且他人无法得知该签名者的身份。该方案中的私钥更新机制能很好地支持用户撤销,极大缩减了用户撤销过程中的计算和通信开销。安全性分析和实验结果表明,该方案是安全、高效的。

关键词: 共享数据, 可追踪性, 群签名, 完整性审计, 云存储

Abstract: Public integrity auditing for shared data in the cloud is used to verify the integrity of data shared by a group of users.Compared with the integrity auditing forsingle-user data,the integrity auditing for shared data of a group needs to consider more issues,such as efficient user revocation,identity privacy protection and so on.If there is a dispute or other situation in the data,the source of the data needs to be tracked,and existing integrity auditing schemes for shared cloud data have not yet handled this problem well.In order to track the source of data and ensure efficient user revocation and the protection of user’s identity privacy,an integrity auditing scheme based on group signature algorithm for shared cloud data is proposed.When it is necessary to track the identity of the signer of a data block,the group manager can track it by using his/her private key and others cannot know the identity of this signer.The private key update mechanism in this scheme can well support user revocation,and greatly reduce the computation and communication overhead during the user revocation process.Safety analysis and experimental results show that the scheme is safe and efficient.

Key words: Cloud storage, Group signature, Integrity auditing, Shared data, Traceability

中图分类号: 

  • TP309
[1]REN K,WANG C,WANG Q.Security Challenges for the Public Cloud[J].IEEE Internet Computing,2012,16(1):69-73.
[2]ATENIESE G,BURNS R,CURTMOLA R,et al.Provable data possessionat untrusted stores[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.ACM,2007:598-609.
[3]ERWAY C C,KÜPÇÜ A,PAPAMANTHOUS C,et al.Dynamic provable data possession[J].ACM Transactions on Information and System Security(TISSEC),2015,17(4):15.
[4]ZHU Y,WANG H,HU Z,et al.Dynamic audit services for integrity verification of outsourced storages in clouds[C]//Proceedings of the 2011 ACM Symposium on Applied Computing.ACM,2011:1550-1557.
[5]CAO N,YU S,YANG Z,et al.LT codes-based secure and reliable cloud storage service[C]//2012 Proceedings IEEE INFOCOM.IEEE,2012:693-701.
[6]WANG B,LI B,LI H.Oruta:Privacy-preserving public auditing for shared data in the cloud[J].IEEE Transactions on Cloud Computing,2014,2(1):43-56.
[7]WANG B,LI H,LI M.Privacy-preserving public auditing for shared cloud data supporting group dynamics[C]//2013 IEEE International Conference on Communications(ICC).IEEE,2013:1946-1950.
[8]WANG B,LI B,LI H.Panda:Public auditing for shared data with efficient user revocation in the cloud[J].IEEE Transactions on Services Computing,2013,8(1):92-106.
[9]JIANG T,CHEN X,MA J.Public integrity auditing for shared dynamic cloud data with group user revocation[J].IEEETran-sactions on Computers,2015,65(8):2363-2373.
[10]YU J,WANG H.Strong key-exposure resilient auditing for secure cloud storage[J].IEEE Transactions on Information Forensics and Security,2017,12(8):1931-1940.
[11]ZHANG Y,YU J,HAO R,et al.Enabling Efficient User Revocation in Identity-based Cloud Storage Auditing for Shared Big Data[J].IEEE Transactions on Dependable and Secure Computing,2018,PP(99):1-1.
[12]WANG B,LI B,LI H.Knox:privacy-preserving auditing for shared data with large groups in the cloud[C]//International Conference on Applied Cryptography and Network Security.Springer,Berlin,Heidelberg,2012:507-525.
[13]BONEH D,BOYEN X,SHACHAM H.Short group signatures[C]//Annual International Cryptology Conference.Springer,Berlin,Heidelberg,2004:41-55.
[14]REN K,WANG C,WANG Q.Security challenges for the public cloud[J].IEEE Internet Computing,2012,16(1):69-73.
[15]SHACHAM H,WATERS B.Compact proofs of retrievability[J].Journal of Cryptology,2013,26(3):442-483.
[16]YANG G,YU J,SHEN W,et al.Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability[J].Journal of Systems and Software,2016,113:130-139.
[17]SHEN W,YU J,XIA H,et al.Light-weight and privacy-preserving secure cloud auditing scheme for group users via the third party medium[J].Journal of Network and Computer Applications,2017,82:56-64.
[18]SOOKHAK M,YU F R,ZOMAYA A Y.Auditing big data storage in cloud computing using divide and conquer tables[J].IEEE Transactions on Parallel and Distributed Systems,2017,29(5):999-1012.
[19]ZHANG Y,YU J.ID-based Cloud Storage Integrity Detection Scheme[J].Computer Engineering,2018,44(3): 8-12,18.
[20]YU J,HAO R,ZHAO H.IRIBE: Intrusion-resilient identity-based encryption[J].Information Sciences,2016,329:90-104.
[1] 徐堃, 付印金, 陈卫卫, 张亚男.
基于区块链的云存储安全研究进展
Research Progress on Blockchain-based Cloud Storage Security Mechanism
计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015
[2] 于七龙, 鲁宁, 史闻博.
一种可追溯的比特币混淆方案
Traceable Mixing Scheme for Bitcoin
计算机科学, 2021, 48(11): 72-78. https://doi.org/10.11896/jsjkx.210600242
[3] 李莹, 于亚新, 张宏宇, 李振国.
基于TBchain区块链的高可信云存储模型
High Trusted Cloud Storage Model Based on TBchain Blockchain
计算机科学, 2020, 47(9): 330-338. https://doi.org/10.11896/jsjkx.190800147
[4] 陈利锋, 朱路平.
一种基于云端加密的FPGA自适应动态配置方法
Encrypted Dynamic Configuration Method of FPGA Based on Cloud
计算机科学, 2020, 47(7): 278-281. https://doi.org/10.11896/jsjkx.190700110
[5] 赵楠,章国安.
VANET中基于无证书环签密的可认证隐私保护方案
Authenticated Privacy Protection Scheme Based on Certificateless Ring Signcryption in VANET
计算机科学, 2020, 47(3): 312-319. https://doi.org/10.11896/jsjkx.190100115
[6] 李树全,刘磊,朱大勇,熊超,李锐.
一种面向云存储的数据动态验证方案
Protocol of Dynamic Provable Data Integrity for Cloud Storage
计算机科学, 2020, 47(2): 256-261. https://doi.org/10.11896/jsjkx.181202371
[7] 白利芳, 祝跃飞, 芦斌.
云数据存储安全审计研究及进展
Research and Development of Data Storage Security Audit in Cloud
计算机科学, 2020, 47(10): 290-300. https://doi.org/10.11896/jsjkx.191000111
[8] 乔毛,秦岭.
云存储服务中一种高效属性撤销的AB-ACCS方案
AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services
计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015
[9] 谢四江,贾倍,王鹤,许世聪.
基于多分支路径树的云存储大数据完整性证明机制
Cloud Big Data Integrity Verification Scheme Based on Multi-branch Tree
计算机科学, 2019, 46(3): 188-196. https://doi.org/10.11896/j.issn.1002-137X.2019.03.028
[10] 顾晨阳, 付伟, 刘金龙, 孙刚.
云存储中的ORAM研究综述
Survey of ORAM Research in Cloud Storage
计算机科学, 2019, 46(11A): 341-347.
[11] 吴修国, 刘翠.
云存储系统中最小开销的数据副本布局转换策略
Data Replicas Distribution Transition Strategy in Cloud Storage System
计算机科学, 2019, 46(10): 202-208. https://doi.org/10.11896/jsjkx.180901623
[12] 金瑜,蔡超,何亨,李鹏.
BTDA:基于半可信第三方的动态云数据更新审计方案
BTDA:Dynamic Cloud Data Updating Audit Scheme Based on Semi-trusted Third Party
计算机科学, 2018, 45(3): 144-150. https://doi.org/10.11896/j.issn.1002-137X.2018.03.023
[13] 刘宴涛, 刘珩.
一种基于网络编码的云存储系统
Cloud Storage System Based on Network Coding
计算机科学, 2018, 45(12): 293-298. https://doi.org/10.11896/j.issn.1002-137X.2018.12.047
[14] 岳笑含, 惠明亨, 王溪波.
基于群签名的前向安全VANET匿名认证协议
Forward Security Anonymous Authentication Protocol Based on Group Signature for Vehicular Ad Hoc Network
计算机科学, 2018, 45(11A): 382-388.
[15] 庞晓琼, 任孟琦, 王田琪, 陈文俊, 聂梦飞.
一种支持完美隐私保护的批处理数据拥有性证明方案
Perfect Privacy-preserving Batch Provable Data Possession
计算机科学, 2018, 45(11): 130-137. https://doi.org/10.11896/j.issn.1002-137X.2018.11.019
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发