支持用户撤销的多用户多副本数据公开审计方案

doi:10.19678/j.issn.1000-3428.0056369

计算机工程 ›› 2020, Vol. 46 ›› Issue (12): 150-156,192. doi: 10.19678/j.issn.1000-3428.0056369

支持用户撤销的多用户多副本数据公开审计方案

杨小东, 裴喜祯, 陈桂兰, 王美丁, 王彩芬

西北师范大学计算机科学与工程学院, 兰州 730070

收稿日期:2019-10-22 修回日期:2019-12-18 发布日期:2020-01-13
作者简介:杨小东(1981-),男,教授、博士,主研方向为云计算安全;裴喜祯、陈桂兰、王美丁,硕士研究生;王彩芬,教授、博士。
基金资助:
国家自然科学基金（61662069）；中国博士后科学基金（2017M610817）；甘肃省高等学校创新能力提升项目（2019A-006）；兰州市科技计划（2013-4-22）；西北师范大学青年教师科研能力提升计划（WNU-LKQN-14-7）。

Multi-User and Multi-Replica Public Data Audit Scheme Supporting User Revocation

YANG Xiaodong, PEI Xizhen, CHEN Guilan, WANG Meiding, WANG Caifen

College of Computer Science and Engineering, Northwest Normal University, Lanzhou 730070, China

Received:2019-10-22 Revised:2019-12-18 Published:2020-01-13

摘要/Abstract

摘要： 用户将海量数据存储于云服务器以节省本地存储空间，然而云存储存在数据丢失或损坏的风险，现有审计方案虽能进行云端数据完整性验证，但主要用于单用户单副本环境，不支持用户撤销且数据动态更新计算开销较大。针对该问题，基于秘密共享技术和多分支路径树，提出一种多用户多副本云端数据公开审计方案。引入代理重签名算法实现用户安全撤销功能，利用多分支路径树完成云端数据的修改、插入和删除等动态更新，并对该方案的安全性和计算效率进行分析。实验结果表明，该方案满足审计的健壮性并能抵抗云服务器和被撤销用户的合谋攻击，与同类多副本数据完整性方案相比，在签名和挑战响应阶段具有较高的计算效率。

关键词: 云存储, 基于身份的密码系统, 用户撤销, 数据动态更新, 多分支路径树

Abstract: Cloudstorage can help save local storage space when dealing with massive data,but increases the risk of data loss or damage.Although the existing audit schemes can verify the integrity of cloud data,it is mainly used in single-user single-replica environment,and does not support user revocation.Also,the calculation cost of dynamic data update is high.To solve the problem,this paper proposes a multi-user and multi-replica public audit scheme for cloud data based on secret sharing technology and multi-branch path tree.The scheme introduces the proxy re-signature algorithm to realize the secure user revocation function,and uses the multi-branch path tree to dynamically update cloud data,including modification,insertion and deletion.The security and computational efficiency of the scheme are analyzed.Experimental results show that the proposed scheme satisfies the robustness requirements of audit and can resist the collusion attacks of cloud server and revoked users.Compared with the similar multi-replica data integrity schemes,the proposed scheme has higher computational efficiency in the signature and challenge response phase.

Key words: cloud storage, identity-based cryptosystem, user revocation, dynamic data update, multi-branch path tree

中图分类号:

TP309

杨小东, 裴喜祯, 陈桂兰, 王美丁, 王彩芬. 支持用户撤销的多用户多副本数据公开审计方案[J]. 计算机工程, 2020, 46(12): 150-156,192.

YANG Xiaodong, PEI Xizhen, CHEN Guilan, WANG Meiding, WANG Caifen. Multi-User and Multi-Replica Public Data Audit Scheme Supporting User Revocation[J]. Computer Engineering, 2020, 46(12): 150-156,192.

http://www.ecice06.com/CN/Y2020/V46/I12/150

图/表 12

20201216141433

20201216141436

20201216141439

20201216141443

20201216141446

20201216141450

20201216141453

20201216141456

20201216141459

20201216141502

20201216141505

20201216141509

参考文献

[1] BUYYA R,YEO C S,VENUGOPAL S,et al.Cloud computing and emerging IT platforms:vision,hype and reality for delivering computing as the 5th utility[J].Future Generation Computer Systems,2009,25(6):599-616.
[2] ATENIESE G,BURNS R,CURTMOLA R,et al.Provable data possession at untrusted stores[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.New York,USA:ACM Press,2007:598-609.
[3] CACHIN C,KEIDAR I,SHRAER A.Trusting the cloud[J].ACM SIGACT News,2009,40(2):81-86.
[4] REN Kaili,WANG Cong,WANG Qian.Security challenges for the public cloud[J].IEEE Internet Computing,2012,16(1):69-73.
[5] JUELS A,KALISKI B S.PoRs:proofs of retrievability for large files[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security.New York,USA:ACM Press,2007:584-597.
[6] SHACHAM H,WATERS B.Compact proofs of retrievability[C]//Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security.Berlin,Germany:Springer,2008:90-107.
[7] ERWAY C,KUPCU A,PAPAMANTHOU C,et al.Dynamic provable data possession[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security.New York,USA:ACM Press,2009:213-222.
[8] WANG Qian,WANG Cong,LI Jin,et al.Enabling public verifiability and data dynamics for storage security in cloud computing[C]//Proceedings of ESORICS’09.Berlin,Germany:Springer,2009:355-370.
[9] XIE Sijiang,JIA Bei,WANG He,et al.Proof mechanism of cloud storage big data integrity based on multi-branch path tree[J].Computer Science,2019,46(3):188-196.(in Chinese) 谢四江,贾倍,王鹤,等.基于多分支路径树的云存储大数据完整性证明机制[J].计算机科学,2019,46(3):188-196.
[10] WANG Boyang,LI Baochun,LI Hui.Oruta:privacy-preserving public auditing for shared data in the cloud[J].IEEE Transactions on Cloud Computing,2014,2(1):43-56.
[11] WANG Boyang,LI Baochun,LI Hui.Knox:privacy-preserving auditing for shared data with large groups in the cloud[C]//Proceedings of 2012 International Conference on Applied Cryptography and Network Security.Berlin,Germany:Springer,2012:507-525.
[12] WANG Boyang,LI Baochun,LI Hui.Panda:public auditing for shared data with efficient user revocation in the cloud[J].IEEE Transactions on Services Computing,2015,8(1):92-106.
[13] YANG Xiaodong,LIU Tingting,YANG Ping,et al.Integrity verification scheme of cloud data based on proxy re-signature[J].Computer Engineering,2018,44(9):130-135.(in Chinese)杨小东,刘婷婷,杨平,等.基于代理重签名的云端数据完整性验证方案[J].计算机工程,2018,44(9):130-135.
[14] LUO Yuchuan,XU Ming,HUANG Kai,et al.Efficient auditing for shared data in the cloud with secure user revocation and computations outsourcing[J].Computers and Security,2018,73(3):492-506.
[15] CURTMOLA R,KHAN O,BURNS R,et al.MR-PDP:multiple-replica provable data possession[C]//Proceedings of the 28th International Conference on Distributed Computing Systems.Washington D.C.,USA:IEEE Press,2008:411-420.
[16] LIU C,RANJAN R,YANG C,et al.MuR-DPA:top-down levelled multi-replica Merkle Hash tree based secure public auditing for dynamic big data storage on cloud[J].IEEE Transactions on Computers,2015,64(9):2609-2622.
[17] CHA Yaxing.Research on data integrity verification technology in cloud storage environment[D].Beijing:Beijing University of Posts and Telecommunications,2018.(in Chinese)查雅行.云存储环境下数据完整性验证技术研究[D].北京:北京邮电大学,2018.
[18] LU Jing,CHEN Yuxiang,TIAN Hui,et al.Improving the security of a public auditing scheme for multiple-replica dynamic data[C]//Proceedings of 2018 International Conference on Algorithms and Architectures for Parallel Processing.Berlin,Germany:Springer,2018:185-191.
[19] LI Jingwei,ZHU Mingdong.MHT-based dynamic data integrity verification and recovery scheme in cloud storage[J].Application Research of Computers,2019,36(7):2179-2183.(in Chinese)李敬伟,朱命冬.云存储中基于MHT的动态数据完整性验证与恢复方案[J].计算机应用研究,2019,36(7):2179-2183.
[20] PENG Su,ZHOU Fucai,LI Jin,et al.Efficient,dynamic and identity-based remote data integrity checking for multiple replicas[J].Journal of Network and Computer Applications,2019,134(2):72-88.
[21] SHAMIR A.How to share a secret[J].Communications of the ACM,1979,22(11):612-613.

选择文件类型/文献管理软件名称

选择包含的内容

支持用户撤销的多用户多副本数据公开审计方案

Multi-User and Multi-Replica Public Data Audit Scheme Supporting User Revocation

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	张晓均, 刘庆, 郑爽, 王鑫, 薛婧婷, 王世雄. 支持隐私保护的可验证云端数据分享方案[J]. 计算机工程, 2023, 49(3): 49-57.
[2]	牛淑芬, 闫森, 吕锐曦, 周思玮, 张美玲. V2V车联网中隐私保护性异构聚合签密方案[J]. 计算机工程, 2022, 48(9): 20-27,36.
[3]	魏秀然, 王峰. 基于协调器与遗传算法的云存储数据复制策略[J]. 计算机工程, 2021, 47(8): 124-130,139.
[4]	牛淑芬, 刘文科, 陈俐霞, 杜小妮. 基于代理重加密的电子病历数据共享方案[J]. 计算机工程, 2021, 47(6): 164-171.
[5]	张晓均, 张经伟, 黄超, 唐伟. 可验证的云存储医疗加密数据统计分析方案[J]. 计算机工程, 2021, 47(6): 32-37,43.
[6]	黄保华, 黄丕荣, 赵伟宏, 彭丽. 云存储中支持属性撤销的多关键词可搜索加密方案[J]. 计算机工程, 2021, 47(11): 29-36.
[7]	杨小东, 陈桂兰, 李婷, 刘瑞, 赵晓斌. 基于无证书密码体制的多用户密文检索方案[J]. 计算机工程, 2020, 46(9): 129-135.
[8]	骆云鹏, 朱旎彤, 毛慈伟, 程晋雪, 许春根. 一种基于连接关键词的实用化可搜索加密方案[J]. 计算机工程, 2020, 46(2): 175-182.
[9]	曹素珍, 杜霞玲, 杨小东, 刘雪艳, 汪锐. 可验证混合存储属性基多关键字密文检索方案[J]. 计算机工程, 2020, 46(11): 181-186,193.
[10]	鲍禹含, 付印金, 陈卫卫. 多云存储关键技术研究进展[J]. 计算机工程, 2020, 46(10): 18-32,40.
[11]	吴颖豪,凌捷. 一种改进的云存储数据完整性验证方法[J]. 计算机工程, 2019, 45(3): 36-40.
[12]	黄保华,吕琦,莫家威. 云存储中基于拼音相似度的密文模糊搜索方案[J]. 计算机工程, 2019, 45(1): 103-108.
[13]	杨小东,刘婷婷,杨平,安发英,肖立坤,王彩芬. 基于代理重签名的云端数据完整性验证方案[J]. 计算机工程, 2018, 44(9): 130-135.
[14]	张玉磊,刘文静,马彦丽,王彩芬. 多属性授权机构环境下属性可撤销的CP-ABE方案[J]. 计算机工程, 2018, 44(8): 19-23,29.
[15]	范运东,吴晓平. 基于策略隐藏属性加密的云存储访问控制方案[J]. 计算机工程, 2018, 44(7): 139-144,149.

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

支持用户撤销的多用户多副本数据公开审计方案

Multi-User and Multi-Replica Public Data Audit Scheme Supporting User Revocation

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献

相关文章 15

编辑推荐

Metrics

本文评价