云数据存储安全审计研究及进展

doi:10.11896/jsjkx.191000111

计算机科学 ›› 2020, Vol. 47 ›› Issue (10): 290-300.doi: 10.11896/jsjkx.191000111

云数据存储安全审计研究及进展

白利芳^1,2, 祝跃飞¹, 芦斌¹

1 信息工程大学网络空间安全学院郑州450000
2 中国软件评测中心网络安全测评工程技术中心北京100048

收稿日期:2019-10-17 修回日期:2020-01-17 出版日期:2020-10-15 发布日期:2020-10-16
通讯作者: 祝跃飞(mompidan@163.com)
作者简介:bailifang@cstc.org.cn
基金资助:
国家重点研发计划(2016YF0801601);国家自然科学基金青年科学基金(61601517)

Research and Development of Data Storage Security Audit in Cloud

BAI Li-fang^1,2, ZHU Yue-fei¹, LU Bin¹

1 School of Cyberspace Security,Information Engineering University,Zhengzhou 450000,China
2 Cybersecurity Testing Engineering Technology Center,China Software Testing Center,Beijing 100048,China

Received:2019-10-17 Revised:2020-01-17 Online:2020-10-15 Published:2020-10-16
About author:BAI Li-fang,born in 1990,doctorial student,is a member of China Computer Federation.Her main research interests include cloud storage security and network security protocol.
ZHU Yue-fei,born in 1964,Ph.D,professor,Ph.D supervisor.His main research interests include cryptography,data security and network security protocol.
Supported by:
National Key R&D Program of China (2016YF0801601) and Young Scientists Fund Program of the National Natural Science Foundation of China(61601517)

摘要/Abstract

摘要： 云存储相比传统存储方式可避免存储平台重复建设及维护,其存储容量和性能的可扩展性、地理位置的无约束性及按需付费的服务模式有效优化了存储及社会资源配置。然而,云存储服务中数据所有权和管理权分离的特点,使得用户对保存在云端数据安全性及可控性的关注日益增长,国内外学者对此进行了大量的研究。文中论述了云数据在其生命周期各阶段的安全风险及其安全审计需求;构建了云存储数据安全审计机制的框架结构,并提出了审计机制的主要评价指标;综述了云数据存储安全审计现有机制,包括数据持有性证明机制、数据可恢复性证明机制、外包存储安全备份审计机制和存储位置审计机制;最后,从不同角度指出现有云数据存储安全审计研究存在的不足及下一步可研究的方向。

关键词: 存储安全审计, 审计框架, 数据持有性证明, 数据可恢复性证明, 外包存储合规性, 云存储

Abstract: Compared with traditional storage,cloud storage can avoid repeated construction and maintenance of storage platform.Its storage capacity and performance scalability,non-binding geographical location and fee-on-demand service mode effectively optimize storage and social resource allocation.However,due to the separation of data ownership and management rights in cloud storage services,users pay more and more attention to the security and controllability of cloud data.Researchers at home and abroad have conducted a lot of studies on this.The security risks and security audit requirements of cloud data in each stage of its life cycle are discussed.The framework structure of mechanisms of cloud data storage security audit is constructed and the main evaluation index of the audit mechanism is proposed.This paper reviews the existing mechanisms of cloud data storage security audit,including data provable data possession mechanism,provable data retrievability mechanism,outsourcing storage regularity audit mechanism and storage location audit mechanism.Finally,the shortcomings of the existing cloud data storage security audit research from different perspectives and the direction for further research are pointed out.

Key words: Auditing framework, Cloud storage, Outsourcing storage regularity, Provable data possession, Provable data retrievability, Storage security auditing

中图分类号:

TP309.2

白利芳, 祝跃飞, 芦斌. 云数据存储安全审计研究及进展[J]. 计算机科学, 2020, 47(10): 290-300. https://doi.org/10.11896/jsjkx.191000111

BAI Li-fang, ZHU Yue-fei, LU Bin. Research and Development of Data Storage Security Audit in Cloud[J]. Computer Science, 2020, 47(10): 290-300. https://doi.org/10.11896/jsjkx.191000111

参考文献

[1]YU X,WEN Q.A View about Cloud Data Security from Data Life Cycle[C]//International Conference on Computational Intelligence and Software Engineering.IEEE,2010:1-4.
[2]CHEN L X,XU L.Research on Provable Data Holding and Recovery Technologies in Cloud Storage Services [J].Computer Research and Development,2012,49(S1):19-25.
[3]DESWARTE Y,QUISQUATER J J,SAÏDANE A.Remote Integrity Checking[C]//Sixth Working Conference on Integrity and Internal Control in Information Systems.Springer,2003:1-11.
[4]SHAH M A,BAKER M,MOGUL J C,et al.Auditing to Keep Online Storage Services Honest[C]//USENIX Workshop on Hot Topics inOperating Systems.Usenix Association,2007:1-6.
[5]SHAH M A,SWAMINATHAN R,BAKER M.Privacy-Preserving Audit and Extraction of Digital Contents,HPL-2008-32R1[R].HP Laboratories,2008.
[6]FILHO D,BARRETO P S.Demonstrating data possession and uncheatable data transfer[J].Cryptology Eprint Archive,2006,1(1):150-159.
[7]FRANCESC S,DOMINGO-FERRER J,MARTINEZ-BALLESTE A,et al.Efficient Remote Data Possession Checking in Critical Information Infrastructures[J].IEEE Transactions on Knowledge and Data Engineering,2008,20(8):1034-1038.
[8]GIUSEPPE A,RANDAL B,REZA C,et al.Provable Data Possession at Untrusted Stores[C]//ACM Conference on Computer and Communications Security.ACM,2007:598-610.
[9]GIUSEPPE A,RANDAL B,REZA C,et al.Remote DataCheckingUsing Provable Data Possession[J].ACM Transactions on Information and System Security,2011,14(1):1-34.
[10]CURTMOLA R,KHAN O,BURNS R,et al.MR-PDP:Multiple-Replica Provable Data Possession[C]//International Conference on Distributed Computing Systems.IEEE,2008:411-420.
[11]GIUSEPPE A,KAMARA S,KATZ J.Proofs of Storage from Homomorphic Identification Protocols[C]//International Conference on the Theory and Application of Cryptology and Information Security.Berlin:Springer,2009:319-333.
[12]HAO Z,ZHONG S,YU N.A Privacy-Preserving Remote Data Integrity Checking Protocol with Data Dynamics and Public Verifiability[J].IEEE Transactions on Knowledge & Data Engineering,2011,23(9):1432-1437.
[13]SHACHAM H,WATERS B.Compact Proofs of Retrievability[C]//International Conference on the Theory and Application of Cryptology and Information Security.Springer,2008:90-107.
[14]SHACHAM H,WATERS B.Compact Proofs of Retrievability[J].Journal of Cryptology,2013,26(3):442-483.
[15]BONEH D,LYNN B,SHACHAM H.Short signatures from the Weil pairing[C]//International Conference on the Theory and Application of Cryptology and Information Security.Springer,2001:514-532.
[16]WANG Q,WANG C,LI J,et al.Enabling Public Verifiabilityand Data Dynamics for Storage Security in Cloud Computing[C]//European Conference on Research in Computer Security.Springer,2009:355-370.
[17]WANG C,WANG Q,REN K,et al.Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing[C]//Proceedings of the 29thConference on Information Communications.IEEE Press,2010:525-533.
[18]WANG C,CHOW S M,WANG Q,et al.Privacy-PreservingPublic Auditing for Secure Cloud Storage[J].IEEE Transactions on Computers,2013,62(2):362-375.
[19]SHAMIR A.Identity based cryptosystems and signatureschemes[J].In Proceedings of Crypto 84 on Advances in Cryptology,1985:47-53.
[20]ZHAO J,XU C,LI F,et al.Identity-Based Public Verification with Privacy-Preserving for Data Storage Security in Cloud Computing[J].Ieice Transactions on Fundamentals of Electronics,Communications and Computer Sciences,2013,96(12):2709-2716.
[21]GENTRY C,RAMZAN Z.Identity-Based aggregate signatures[C]//International Conference on Theory and Practice of Public-Key Cryptography.Springer,2006:257-273.
[22]DOMINGO-FERRER J,QIN B,WU Q,et al.Identity-Based Remote Data Possession Checking in Public Clouds[J].IET Information Security,2014,8(2):114-121.
[23]PENG S,ZHOU F,XU J,et al.Identity-Based Distributed Provable Data Possession in Multicloud Storage [J].IEEE Transactions on Services Computing,2016,9(6):996-998.
[24]YU Y,AU M H,ATENIESE G,et al.Identity-based Remote Data Integrity Checking with Perfect Data Privacy Preserving for Cloud Storage[J].IEEE Transactions on Information Forensics and Security,2017,12(4):767-778.
[25]ZHANG J,DONG Q.Efficient ID-based public auditing for the outsourced data in cloud storage[J].Information Sciences,2016,343(C):1-14.
[26]YU Y,XUE L,AU M H,et al.Cloud data integrity checking with an identity-based auditing mechanism from RSA[J].Future GenerationComputer Systems,2016,C(62):85-91.
[27]ZHANG J,LI P,SUN Z,et al.ID-based Data Integrity Auditing Scheme from RSA with Resisting Key Exposure[C]//International Conference on Provable Security.Springer:Springer,2016:83-100.
[28]XU Z,WU L,KHAN M K,et al.A secure and efficient public auditing scheme using RSA algorithm for cloud storage[J].The Journal of Supercomputing,2017,73(12):5285-5309.
[29]LIU Z,LIAO Y,YANG X,et al.Identity-Based Remote DataIntegrity Checking of Cloud Storage From Lattices[C]//International Conference on Big Data Computing & Communications.IEEE Computer Society,2017:128-135.
[30]WANG Y,WU Q,QIN B,et al.Identity-based data outsourcing with comprehensive auditing in clouds[J].IEEE Transactions on Information Forensics and Security,2017,12(4):940-952.
[31]TIAN M,YE S B,HONG Z,et al.Identity-based proofs of storage with enhanced privacy[C]//International Conference on Algorithms and Architectures for Parallel Processing.Springer,2018:461-480.
[32]XUE J,XU C,ZHAO J,et al.Identity-based public auditing for cloud storage systems against malicious auditors via blockchain[J].Science China Information Sciences,2019,62(3):1-16.
[33]WANG S H,PAN X X,WANG Z W,et al.Analysis and improvement on identity-basedcloud data integrityverification scheme [J].Journal on Communications,2018(11):98-105.
[34]TIAN M M,GAO C,CHEN J.Identity-based cloud storage integrity checking from lattices[J].Journal on Communications,2019,40(4):128-139.
[35]LI Y,YU Y,MIN G,et al.Fuzzy Identity-Based Data Integrity Auditing for Reliable Cloud Storage Systems[J].IEEE Transactions on Dependable and Secure Computing,2017,1(16):72-83.
[36]SCHWARZ T J,MILLER E L.Store,Forget,and Check:Using Algebraic Signatures to Check Remotely Administered Storage[C]//IEEE International Conference on Distributed Computing Systems.IEEE Computer Society,2006:1-12.
[37]CHEN L X.Using algebraic signatures for remote data possession checking[C]//2011 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.IEEE,2011:289-294.
[38]CHEN L X.Using algebraic signatures to check data possession in cloud storage[J].Future Generation Computer Systems,2013,29(7):1709-1715.
[39]GIUSEPPE A,DI PIETRO R,MANCINI L V,et al.Scalable and Efficient Provable Data Possession[C]//International Conference on Security and Privacy in Communication Networks.ACM,2008:1-10.
[40]WANG C,WANG Q,REN K,et al.Ensuring Data Storage Security in Cloud Computing[C]//International Conference onAdvanced Computing,Networking and Security.IEEE Computer Society,2013:214-219.
[41]BARSOUM A F,ANWAR H M.On Verifying Dynamic Mul-tiple Data Copies over Cloud Servers [EB/OL].[2019-10-17].https://eprint.iacr.org/2011/447.pdf.
[42]WANG Q,REN K,YU S,et al.Dependable and Secure Sensor Data Storage with Dynamic Integrity Assurance[J].ACM Transactions on Sensor Networks,2011,8(1):1-24.
[43]YONG Y,MAN H A,YI M,et al.Enhanced privacy of a remote data integrity checking protocol for secure cloud storage[J].International Journal of Information Security,2015,14(4):307-318.
[44]ZHANG Y B M.Efficient dynamic provable possession of re-mote data via balanced update trees[C]//ACM SIGSAC Symposium on Information,Computer and Communications Security.ACM,2013:183-194.
[45]ERWAY C C,KÜPÇÜ A,CHARALAMPOS P,et al.Dynamic Provable Data Possession[J].ACM Transactions on Information and System Security,2015,17(4):1-29.
[46]ERWAY C C,KÜPÇÜ A,CHARALAMPOS P,et al.Dynamic Provable Data Possession[C]//ACM Conference on Computer and Communications Security.2009:213-222.
[47]GOODRICH M T,TAMASSIA R,SCHWERIN A.Implementation of an Authenticated Dictionary with Skip Lists and Commutative Hashing[C]//Darpa Information Survivability Conference & Exposition II.IEEE,2001:68-82.
[48]SAXENA R,DEY S.Cloud Audit:A Data Integrity Verification Approach for Cloud Computing[J].Procedia Computer Science,2016,89:142-151.
[49]YAN Z,HU H X,GAIL-JOON A,et al.Efficient audit service outsourcing for data integrity in clouds[J].Journal of Systems and Software,2012,85(5):1083-1095.
[50]ZHU Y,HU H,AHN G J,et al.Cooperative Provable Data Possession for Integrity Verification in Multicloud Storage[J].IEEE Transactions on Parallel and Distributed Systems,2012,23(12):2231-2244.
[51]TIAN M,YE S B,HONG Z,et al.Identity-based proofs of storage with enhanced privacy[C]//International Conference on Algorithms and Architectures for Parallel Processing.Springer,2018:461-480.
[52]WANG B,LI B,LI H.Oruta:Privacy-Preserving Public Auditing for Shared Data in the Cloud[J].IEEE Transactions on Cloud Computing,2014,2(1):43-56.
[53]WANG B,LI B,LI H.Panda:Public Auditing for Shared Data with Efficient User Revocation in the Cloud[J].IEEE Transactions on Services Computing,2015,8(1):92-106.
[54]ZHANG J H,ZHAO X B.Efficient chameleon hashing-basedprivacy-preserving auditing in cloud storage[J].Cluster Computing,2016,19(1):47-56.
[55]JUELS A,KALISKI J S.Pors:Proofs of Retrievability for Large Files[C]//ACM Conference on Computer and Communications Security.ACM,2007:584-597.
[56]CHEN B,REZA C,GIUSEPPE A,et al.Remote Data Checking for Network Coding-based Distributed Storage Systems[C]//ACM Workshop on Cloud Computing Security Workshop.ACM,2010:31-42.
[57]HU Y C,CHEN H,LEE P C,et al.NCCloud:Applying Net-work Coding for the Storage Repair in a Cloud-of-clouds[C]//USENIX Conference on File and Storage Technologies.Usenix Association.2012:1-8.
[58]BOWERS K D,JUELS A,OPREA A.HAIL:A High-availability and Integrity Layer for Cloud Storage[C]//ACM Conference on Computer and Communications Security.ACM,2009:187-198.
[59]CHEN H,LEE P C.Enabling Data Integrity Protection in Regenerating-Coding-Based Cloud Storage[C]//2012 IEEE 31st Symposium on Reliable Distributed Systems.IEEE,2012:51-60.
[60]BOWERS K D,JUELS A,OPREA A.Proofs of Retrievability:Theory and Implementation[C]//ACM Workshop on Cloud Computing Security.ACM,2009:43-54.
[61]DODIS Y,SALIL V,DANIEL W.Proofs of Retrievability via Hardness Amplification[C]//Theory of Cryptography Conference on Theory of Cryptography.Springer,2009:109-127.
[62]CHEN B C R.Robust dynamic remote data checking for public
clouds[C]//ACM Conference on Computer and Communications Security.ACM,2012:1043-1045.
[63]ZHENG Q J,XU S H.Fair and Dynamic Proofs of Retrievability[C]//ACM Conference on Data and Application Security and Privacy.ACM,2011:237- 248.
[64]YUAN J W,YU S C.Proofs of Retrievability with Public Verifiability and Constant Communication Cost in Cloud[C]//Proceedings of the 2013 International Workshop on Security in Cloud.Computing:ACM,2013:19-26.
[65]DAVID C,ALPTEKIN K,DANIEL W.Dynamic Proofs of Retrievability Via Oblivious RAM[J].Journal of Cryptology,2017,30(1):22-57.
[66]GOLDREICH O O R.Software protection and simulation on oblivious RAMs[J].Journal of the Acm,1996,43(3):431-473.
[67]HAO Z,YU N H.A Multiple-Replica Remote Data Possession Checking Protocol with Public Verifiability[C]//International Symposium on Data.IEEE,2010:84-89.
[68]DAMGÅRD I,GANESH C,ORLANDI C,et al.Proofs of Replicated Storage Without Timing Assumptions[C]//Advances in Cryptology( CRYPTO 2019).Springer,2019:355-380.
[69]PETERSON Z J,GONDREE M,BEVERLY R.A Position Paper on Data Sovereignty:The Importance of Geolocating Data in the Cloud[C]//USENIX Conference on Hot Topics in Cloud Computing.Usenix Association,2011:9.
[70]ALBESHRI A,BOYD C,NIETO J G.GeoProof:Proofs of Geographic Location for Cloud Computing Environment[C]//International Conference on Distributed Computing Systems Workshops.IEEE Computer Society,2012:506-514.
[71]ALBESHRI A,BOYD C,NIETO J.Enhanced GeoProof:im-proved geographic assurance for data in the cloud[J].International Journal of Information Security,2014,13(2):191-198.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

云数据存储安全审计研究及进展

Research and Development of Data Storage Security Audit in Cloud

PDF (PC)

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

Metrics

本文评价

推荐阅读 0

[1]	徐堃, 付印金, 陈卫卫, 张亚男. 基于区块链的云存储安全研究进展 Research Progress on Blockchain-based Cloud Storage Security Mechanism 计算机科学, 2021, 48(11): 102-115. https://doi.org/10.11896/jsjkx.210600015
[2]	李莹, 于亚新, 张宏宇, 李振国. 基于TBchain区块链的高可信云存储模型 High Trusted Cloud Storage Model Based on TBchain Blockchain 计算机科学, 2020, 47(9): 330-338. https://doi.org/10.11896/jsjkx.190800147
[3]	陈利锋, 朱路平. 一种基于云端加密的FPGA自适应动态配置方法 Encrypted Dynamic Configuration Method of FPGA Based on Cloud 计算机科学, 2020, 47(7): 278-281. https://doi.org/10.11896/jsjkx.190700110
[4]	张茜, 王箭. 用户身份可追踪的云共享数据完整性审计方案 Public Integrity Auditing for Shared Data in Cloud Supporting User Identity Tracking 计算机科学, 2020, 47(6): 303-309. https://doi.org/10.11896/jsjkx.190600079
[5]	李树全,刘磊,朱大勇,熊超,李锐. 一种面向云存储的数据动态验证方案 Protocol of Dynamic Provable Data Integrity for Cloud Storage 计算机科学, 2020, 47(2): 256-261. https://doi.org/10.11896/jsjkx.181202371
[6]	乔毛,秦岭. 云存储服务中一种高效属性撤销的AB-ACCS方案 AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services 计算机科学, 2019, 46(7): 96-101. https://doi.org/10.11896/j.issn.1002-137X.2019.07.015
[7]	谢四江,贾倍,王鹤,许世聪. 基于多分支路径树的云存储大数据完整性证明机制 Cloud Big Data Integrity Verification Scheme Based on Multi-branch Tree 计算机科学, 2019, 46(3): 188-196. https://doi.org/10.11896/j.issn.1002-137X.2019.03.028
[8]	顾晨阳, 付伟, 刘金龙, 孙刚. 云存储中的ORAM研究综述 Survey of ORAM Research in Cloud Storage 计算机科学, 2019, 46(11A): 341-347.
[9]	吴修国, 刘翠. 云存储系统中最小开销的数据副本布局转换策略 Data Replicas Distribution Transition Strategy in Cloud Storage System 计算机科学, 2019, 46(10): 202-208. https://doi.org/10.11896/jsjkx.180901623
[10]	金瑜,蔡超,何亨,李鹏. BTDA:基于半可信第三方的动态云数据更新审计方案 BTDA:Dynamic Cloud Data Updating Audit Scheme Based on Semi-trusted Third Party 计算机科学, 2018, 45(3): 144-150. https://doi.org/10.11896/j.issn.1002-137X.2018.03.023
[11]	刘宴涛, 刘珩. 一种基于网络编码的云存储系统 Cloud Storage System Based on Network Coding 计算机科学, 2018, 45(12): 293-298. https://doi.org/10.11896／j.issn.1002-137X.2018.12.047
[12]	庞晓琼, 任孟琦, 王田琪, 陈文俊, 聂梦飞. 一种支持完美隐私保护的批处理数据拥有性证明方案 Perfect Privacy-preserving Batch Provable Data Possession 计算机科学, 2018, 45(11): 130-137. https://doi.org/10.11896／j.issn.1002-137X.2018.11.019
[13]	张桂鹏, 陈平华. 一种混合云环境下基于Merkle哈希树的数据安全去重方案 Secure Data Deduplication Scheme Based on Merkle Hash Tree in HybridCloud Storage Environments 计算机科学, 2018, 45(11): 187-192. https://doi.org/10.11896／j.issn.1002-137X.2018.11.029
[14]	田晖,陈羽翔,黄永峰,卢璥. 云数据持有性审计研究与进展 Research and Development of Auditing Techniques for Cloud Data Possession 计算机科学, 2017, 44(6): 8-16. https://doi.org/10.11896/j.issn.1002-137X.2017.06.002
[15]	徐云云,白光伟,沈航,黄中平. 云存储中基于虚拟用户的数据完整性验证 Virtual-user-based Public Auditing Integrity in Cloud Storage 计算机科学, 2017, 44(5): 95-99. https://doi.org/10.11896/j.issn.1002-137X.2017.05.017