计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (5): 345-356.doi: 10.11896/jsjkx.240300027

• 信息安全 • 上一篇    下一篇

多云多副本的远程动态数据完整性检验方案

谈诗懿, 王化群   

  1. 南京邮电大学计算机学院 南京 210023
  • 收稿日期:2024-03-04 修回日期:2024-07-21 出版日期:2025-05-15 发布日期:2025-05-12
  • 通讯作者: 王化群(whq@njupt.edu.cn)
  • 作者简介:(294650575@qq.com)
  • 基金资助:
    国家自然科学基金(U23B2002)

Remote Dynamic Data Integrity Checking Scheme for Multi-cloud and Multi-replica

TAN Shiyi, WANG Huaqun   

  1. School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
  • Received:2024-03-04 Revised:2024-07-21 Online:2025-05-15 Published:2025-05-12
  • About author:TAN Shiyi,born in 1999,master candidate.Her main research interests include cryptography and information security.
    WANG Huaqun,born in 1974,Ph.D,professor.His main research interests include cryprtography, blockchain,and cloud computing security.
  • Supported by:
    National Natural Science Foundation of China(U23B2002).

PDF (PC)

50

摘要: 随着云存储服务的快速发展,越来越多的数据拥有者愿意将数据存储到云服务器中,从而减小自己在本地的存储负担。然而,一旦数据拥有者上传数据至云服务器,本地将不保存数据,数据拥有者将失去对数据的直接控制权。为了保证保存在云服务器上远程数据的完整性,数据完整性检验是必不可少的。它可以使得数据拥有者在不下载全部数据的情况下验证外包数据是否完整。为了提高外包数据的可用性和持久性,数据拥有者将多个副本存储在多个云服务器上。由于云服务器不是完全可信的,在公共云环境下保护数据拥有者的身份隐私是有必要的。当数据拥有者想要更改存储在云服务器上的数据文件时,数据动态操作如数据修改、数据删除、数据插入具有重要意义。因此,提出了在多云多副本环境下的远程动态数据完整性检验方案。该方案将环签名算法结合多云多副本环境,有效保护了数据拥有者的身份隐私,使得数据拥有者不用担心身份暴露问题。同时在多云环境下引入一种新的数据结构-分治邻接表实现数据动态操作,分治邻接表通过索引搜索指定数据并通过修改指针完成数据的插入和删除,相比其他数据结构如Merkle树等,提高了更新效率。基于标准困难问题,提出的方案是安全的。所提方案利用基于身份的公钥密码体制,消除了复杂的证书管理。通过性能分析和安全性分析,所提方案满足无条件匿名性、动态性和远程数据完整性验证。

关键词: 云计算, 可证明数据持有, 动态数据, 匿名性, 多云服务器

Abstract: More and more data owners would like to store their data to cloud servers in order to reduce their localstorage burden along with rapid development of cloud servers.However,data owners will lose the direct control over their data after uploading to cloud servers.Data integrity checking is essential to ensure the integrity of remote data stored on cloud servers.It allows data owners to verify the integrity of the outsourced data without downloading all the data.To improve the availability and durability of outsourced data,data owners store multiple copies on multiple cloud servers.It is necessary to protect data owners' identity privacy in public cloud environment because public cloud servers are not completely trustworthy.When data owners want to modi-fy the data stored on the cloud servers,data dynamic operations such as data modification,data deletion,and data insertion are of great significance.Therefore,a remote dynamic data integrity checking scheme in a multi-cloud and multi-replica environment is proposed.The scheme combines the ring signature algorithm with a multi-cloud and multi-replica environment to effectively protect the privacy of data owners' identity,so that data owners do not have to worry about the problems due to identity exposure.At the same time,a new data structure,divide and conquer adjacency table,is introduced to implement dynamic operations of data in multi-cloud environment.The divide and conquer adjacency table searches the specified data through indexes and completes the insertion and deletion of data by modifying the pointers,which enhances updating efficiency compared to other data structures such as Merkle tree.The proposed scheme is secure based on the standard difficulty problem.This scheme makes use of identity-based public key cryptosystem and eliminates complex certificate management.Through performance and security analysis,the scheme satisfies unconditional anonymity,dynamics,and remote data integrity verification.

Key words: Cloud computing, Provable data possession, Dynamic data, Anonymity, Multi-cloud servers

中图分类号: 

  • TP309
[1]ZUO C,SHAO J,LIU K J,et al.Fine-grained two factor protection mechanism for data sharing in cloud storage[J].IEEE Transactions on Information Forensics and Security,2018,13(1):186-196.
[2]LI J G,YAO W,HAN J G,et al.User Collusion Avoidance CP-ABE With Efficient Attribute Revocation for Cloud Storage[J].IEEE Systems Journal,2018,12(2):1767-1777.
[3]LI J G,YU Q H,ZHANG Y C,et al.Key-policy attribute-based encryption against continual auxiliary input leakage[J].IEEE Journal of Selected Topics in Signal Processing,2019,470:175-188.
[4]ZHU Y,AHN G J,HU H X,et al.Dynamic audit services for outsourced storage in clouds[J].IEEE Transactions on Services Computing,2013,6(2):227-238.
[5]BHARAT V,PATIL M.Advanced cooperative provable datapossession based data integrity verification for multi-cloud storage[J].International Journal of Computer Applications,2013,81(13):24-27.
[6]YAN H,LI J G,HAN J G,et al.A novel efficient remote data possession checking protocol in cloud storage[J].IEEE Transactions on Information Forensics and Security,2017,12(1):78-88.
[7]HE J,ZHANG Y C,HUANG G Y,et al.Distributed data pos-session checking for securing multiple replicas in geographically-dispersed clouds[J].Journal of Computer and System Sciences,2012,78:1345-1358.
[8]ZHUO H,YU N H.A multiple-replica remote data possession checking protocol with public verifiability[C]//Second International Symposium on Data,Privacy,and E-Commerce.2010:84-89.
[9]SHAMIR A.Identity-based cryptosystems and signature schem-es[J].Springer,1984,196:47-53.
[10]BONEH D,FRANKLIN M.Identity-based encryption from the weil pairing[C]//Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology.2001:213-229.
[11]RIVEST R L,SHAMIR A,TAUMAN Y.How to Leak a Secret[C]//Theory and Application of Cryptology and Information Security:Advances in Cryptology.2001:552-565.
[12]LIN C Y,WU T C.An identity-based ring signature scheme from bilinear pairings[C]//18th International Conference on Advanced Information Networking and Applications.2004:182-185.
[13]MAN H A,JOSEPH K L,TSZ H Y,et al.ID-Based ring signature scheme secure in the standard model[J].Information and Computer Security.2006,4266:1-16.
[14]ATENIESE G,BURNS R,CURTMOLA R,et al.Provable data possession at untrusted stores[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.2007:598-609.
[15]ATENIESE G,PIETRO R D,MANCINI L V,et al.Scalable and efficient provable data possession[C]//Proceedings of the 4th International Conference on Security and Privacy in Communication Networks.2008:1-10.
[16]SEBE F,DOMINGO-FERRER J,MARTINEZ-BALLESTE A,et al.Efficient remote data possession checking in critical information infrastructures[J].IEEE Transactions on Knowledge and Data Engineering,2008,20(8):1034-1038.
[17]ERWAY C,PAPAMANTHOU C,TAMASSIA R.Dynamicprovable data possession[J].ACM Transactions on Information and System Security,2009,17(4):213-222.
[18]WANG Q,WANG C,REN K,et al.Enabling public auditability and data dynamics for storage security in cloud computing [J].IEEE Transactions on Parallel and Distributed Systems,2011,22(5):847-859.
[19]YANG K,JIA X H.An efficient and secure dynamic auditing protocol for data storage in cloud computing[J].IEEE Transactions on Parallel and Distributed Systems,2013,24(9):1717-1726.
[20]WANG B Y,LI B C,LI H.Oruta:Privacy-preserving public auditing for shared data in the cloud[J].IEEE Transactions on Cloud Computing,2014,2(1):43-56.
[21]YU Y,AU M H,ATENIESE G,et al.Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage[J].IEEE Transactions on Information Forensics and Security,2017,12(4):767-778.
[22]WANG H Q,HE D B,YU J,et al.Incentive and unconditionally anonymous identity-based public provable data possession[J].IEEE Transactions on Services Computing,2019,12(5):824-835.
[23]ZHU Y,HONG X H,GAIL A,et al.Cooperative provable datapossession for integrity verification in multicloud storage[J].IEEE Transactions on Parallel and Distributed Systems,2012,23(12):2231-2244.
[24]WANG H Q.Identity-based distributed provable data posses-sion in multicloud storage[J].IEEE Transactions on Services Computing,2015,8(2):328-340.
[25]CURTMOLA R,KHAN O,BANDAL R,et al.MR-PDP:Multiple-replica provable data possession[C]//The 28th International Conference on Distributed Computing Systems.2008:411-420.
[26]HAO Z,YU N H.A multiple-replica remote data possessionchecking protocol with public verifiability[C]//2010 Second International Symposium on Data,Privacy,and E-Commerce.2010:84-89.
[27]BARSOUM A F,HASAN M A.Provable multicopy dynamicdata possession in cloud computing systems[J].IEEE Transactions on Information Forensics and Security,2015,10(3):485-497.
[28]ZHANG Y F,NI J B,TAO X L,et al.Provable multiple replication data possession with full dynamics for secure cloud Storage[J].Concurrency and Computation:Practice and Experience,2016,28:1161-1173.
[29]ZHU Y,AHN G J,HU H X,et al.Dynamic audit services for integrity verification of outsourced storages in clouds[C]//Proceedings of the 2011 ACM Symposium on Applied Computing.2011:1550-1557.
[30]SHEN J Y,ZEN P,CHOO K.Multicopy and multiserver provable data possession for cloud-based IoT[J].IEEE Internet of Things Journal,2022,9(14):12300-12310.
[31]LI J G,YAN H,ZHANG Y C.Efficient Identity-Based Provable Multi-Copy Data Possession in Multi-Cloud Storage[J].IEEE Transactions on Cloud Computing,2022,10(1):356-365.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发