计算机科学 ›› 2024, Vol. 51 ›› Issue (12): 310-316.doi: 10.11896/jsjkx.231100085

• 信息安全 • 上一篇    下一篇

抗密钥泄露的代理可证数据持有

安睿诚, 王化群   

  1. 南京邮电大学计算机学院 南京 210023
  • 收稿日期:2023-11-14 修回日期:2024-04-26 出版日期:2024-12-15 发布日期:2024-12-10
  • 通讯作者: 王化群(whq@njupt.edu.cn)
  • 作者简介:(1022041202@njupt.edu.cn)
  • 基金资助:
    国家自然科学基金(62272238)

Proxy Provable Data Possession with Key-exposure Resilient

AN Ruicheng, WANG Huaqun   

  1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
  • Received:2023-11-14 Revised:2024-04-26 Online:2024-12-15 Published:2024-12-10
  • About author:AN Ruicheng,born in 1997,master.His main research interests include applied cryptography and information security.
    WANG Huaqun,born in 1974,Ph.D,professor.His main research interests include applied cryptography,blockchain,and cloud computing security.
  • Supported by:
    National Natural Science Foundation of China(62272238).

摘要: 云存储近年来发展迅猛,越来越多的用户选择将他们的数据存储在云服务器中。为了检验云存储数据的完整性,研究者们提出了可证数据持有(Provable Data Possession,PDP)。用户在某些情况下无法访问互联网,例如在远洋轮渡上,或是参加某些涉密的项目时,因此必须将远程数据完整性检验委托给代理。然而在代理PDP中,一旦用户的私钥泄露,审计方案将无法进行。针对上述问题,所提方案将密钥隔离技术与代理PDP相结合,在系统模型中引入了物理上安全但计算受限的助手设备。助手设备在每个时间段生成更新信息并发送给用户,帮助用户计算当前时段的签名密钥。在此方案下,敌手无法在密钥未泄露的时间段伪造用户生成的认证器。安全性分析和性能分析表明,所提方案是安全高效的。

关键词: 可证数据持有, 抗密钥泄露, 代理, 云存储安全

Abstract: More and more clients would like to store their data to public cloud server along with the rapid development of cloud storage.To check the integrity of remote data,researchers proposed provable data possession(PDP).In some cases,the client will be restricted to access the Internet,such as on the ocean-going vessel,participating in some classified projects.It has to delegate the remote data possession checking task to some proxy.However,in proxy PDP,once the client’s private key is exposed,auditing schemes would inevitably become unable to work.To solve these problems,the proposed scheme combines key-insulated with proxy PDP,and introduces a physically-secure but computationally-limited helper into the system model.The helper generates an update message in each time period and then sends it to the client to help the client calculate the signing key for the current time peroid.In this scheme,adversaries cannot forge user-generated authenticators during the time period when the key is not leaked.Security analysis and performance analysis show that the proposed scheme is secure and efficient.

Key words: Provable data possession, Key exposure resilient, Proxy, Cloud storage security

中图分类号: 

  • TP309
[1]YANG K,JIA X.Data storage auditing service in cloud computing:challenges,methods and opportunities[J].World Wide Web,2012,15:409-428.
[2]ATENIESE G,BURNS R,CURTMOLA R,et al.Provable data possession at untrusted stores[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.2007:598-609.
[3]DODIS Y,KATZ J,XU S,et al.Key-insulated public key crypto-systems[C]//Advances in Cryptology—EUROCRYPT 2002:International Conference on the Theory and Applications of Cryptographic Techniques Amsterdam,The Netherlands,April 28-May 2,2002 Proceedings 21.Springer Berlin Heidelberg,2002:65-82.
[4]YUAN Y,ZHU H L,CHEN Y L,et al.Survey of data integrity verification technology based on provable data possession[J].Computer Engineering and Applications,2019,55(18):1-7,52.
[5]JUELS A,KALISKI JR B S.PORs:Proofs of retrievability forlarge files[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.2007:584-597.
[6]SHACHAM H,WATERS B.Compact proofs of retrievability[J].Journal of Cryptology,2013,26(3):442-483.
[7]WANG C,CHOW S S M,WANG Q,et al.Privacy-preserving public auditing for secure cloud storage[J].IEEE Transactions on Computers,2011,62(2):362-375.
[8]ATENIESE G,DI PIETRO R,MANCINI L V,et al.Scalable and efficient provable data possession[C]//Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks.2008:1-10.
[9]WANG Q,WANG C,REN K,et al.Enabling public auditability and data dynamics for storage security in cloud computing[J].IEEE Transactions on Parallel and Distributed Systems,2010,22(5):847-859.
[10]ERWAY C C,KÜPÇÜ A,PAPAMANTHOU C,et al.Dynamic provable data possession[J].ACM Transactions on Information and System Security(TISSEC),2015,17(4):1-29.
[11]ZHAO J,XU C,LI F,et al.Identity-based public verification with privacy-preserving for data storage security in cloud computing[J].IEICE Transactions on Fundamentals of Electronics,Communications and Computer Sciences,2013,96(12):2709-2716.
[12]WANG H,WU Q,QIN B,et al.Identity-based remote data possession checking in public clouds[J].IET Information Security,2014,8(2):114-121.
[13]WANG H.Identity-based distributed provable data possession in multicloud storage[J].IEEE Transactions on Services Computing,2014,8(2):328-340.
[14]ZHANG J,DONG Q.Efficient ID-based public auditing for the outsourced data in cloud storage[J].Information Sciences,2016,343:1-14.
[15]HE D,WANG H,ZHANG J,et al.Insecurity of an identity-based public auditing protocol for the outsourced data in cloud storage[J].Information Sciences,2017,375:48-53.
[16]WANG H.Proxy provable data possession in public clouds[J].IEEE Transactions on Services Computing,2012,6(4):551-559.
[17]WANG H,HE D,TANG S.Identity-based proxy-oriented data uploading and remote data integrity checking in public cloud[J].IEEE Transactions on Information Forensics and Security,2016,11(6):1165-1176.
[18]WANG Y,WU Q,QIN B,et al.Identity-based data outsourcing with comprehensive auditing in clouds[J].IEEE Transactions on Information Forensics and Security,2016,12(4):940-952.
[19]PATERSON K G,SCHULDT J C N.Efficient identity-based signatures secure in the standard model[C]//Australasian Conference on Information Security and Privacy.Berlin,Heidelberg:Springer,2006:207-222.
[20]YU H,CAI Y,KONG S,et al.Efficient and Secure Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy[J].KSII Transactions on Internet & Information Systems,2017,11(10):5039-5061.
[21]ZHAO J,XU C,CHEN K.Detailed analysis and improvement of an efficient and secure identity-based public auditing for dynamic outsourced data with proxy[J].Journal of Information Security and Applications,2019,47:39-49.
[22]YU J,REN K,WANG C,et al.Enabling cloud storage auditing with key-exposure resistance[J].IEEE Transactions on Information Forensics and Security,2015,10(6):1167-1179.
[23]YU J,REN K,WANG C.Enabling cloud storage auditing with verifiable outsourcing of key updates[J].IEEE Transactions on Information Forensics and Security,2016,11(6):1362-1375.
[24]YU J,WANG H.Strong key-exposure resilient auditing for secure cloud storage[J].IEEE Transactions on Information Forensics and Security,2017,12(8):1931-1940.
[25]SHEN W,YU J,YANG M,et al.Efficient identity-based data integrity auditing with key-exposure resistance for cloud storage[J].IEEE Transactions on Dependable and Secure Computing,2022,20(6):4593-4606.
[26]ZHANG X,WANG H,XU C.Identity-based key-exposure resi-lient cloud storage public auditing scheme from lattices[J].Information Sciences,2019,472:223-234.
[27]ZHANG X S,LI C,LIU Z H.Key-exposure resilient integrity auditing scheme with encrypted data deduplication[J].Journal on Communications,2019,40(4):95-106.
[28]NITHYA S M V,UTHARIARAJ V R.Identity-based public auditing scheme for cloud storage with strong key-exposure resilience[J].Security and Communication Networks,2020,2020:1-13.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!