作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2020, Vol. 46 ›› Issue (12): 150-156,192. doi: 10.19678/j.issn.1000-3428.0056369

• 网络空间安全 • 上一篇    下一篇

支持用户撤销的多用户多副本数据公开审计方案

杨小东, 裴喜祯, 陈桂兰, 王美丁, 王彩芬   

  1. 西北师范大学 计算机科学与工程学院, 兰州 730070
  • 收稿日期:2019-10-22 修回日期:2019-12-18 发布日期:2020-01-13
  • 作者简介:杨小东(1981-),男,教授、博士,主研方向为云计算安全;裴喜祯、陈桂兰、王美丁,硕士研究生;王彩芬,教授、博士。
  • 基金资助:
    国家自然科学基金(61662069);中国博士后科学基金(2017M610817);甘肃省高等学校创新能力提升项目(2019A-006);兰州市科技计划(2013-4-22);西北师范大学青年教师科研能力提升计划(WNU-LKQN-14-7)。

Multi-User and Multi-Replica Public Data Audit Scheme Supporting User Revocation

YANG Xiaodong, PEI Xizhen, CHEN Guilan, WANG Meiding, WANG Caifen   

  1. College of Computer Science and Engineering, Northwest Normal University, Lanzhou 730070, China
  • Received:2019-10-22 Revised:2019-12-18 Published:2020-01-13

摘要: 用户将海量数据存储于云服务器以节省本地存储空间,然而云存储存在数据丢失或损坏的风险,现有审计方案虽能进行云端数据完整性验证,但主要用于单用户单副本环境,不支持用户撤销且数据动态更新计算开销较大。针对该问题,基于秘密共享技术和多分支路径树,提出一种多用户多副本云端数据公开审计方案。引入代理重签名算法实现用户安全撤销功能,利用多分支路径树完成云端数据的修改、插入和删除等动态更新,并对该方案的安全性和计算效率进行分析。实验结果表明,该方案满足审计的健壮性并能抵抗云服务器和被撤销用户的合谋攻击,与同类多副本数据完整性方案相比,在签名和挑战响应阶段具有较高的计算效率。

关键词: 云存储, 基于身份的密码系统, 用户撤销, 数据动态更新, 多分支路径树

Abstract: Cloudstorage can help save local storage space when dealing with massive data,but increases the risk of data loss or damage.Although the existing audit schemes can verify the integrity of cloud data,it is mainly used in single-user single-replica environment,and does not support user revocation.Also,the calculation cost of dynamic data update is high.To solve the problem,this paper proposes a multi-user and multi-replica public audit scheme for cloud data based on secret sharing technology and multi-branch path tree.The scheme introduces the proxy re-signature algorithm to realize the secure user revocation function,and uses the multi-branch path tree to dynamically update cloud data,including modification,insertion and deletion.The security and computational efficiency of the scheme are analyzed.Experimental results show that the proposed scheme satisfies the robustness requirements of audit and can resist the collusion attacks of cloud server and revoked users.Compared with the similar multi-replica data integrity schemes,the proposed scheme has higher computational efficiency in the signature and challenge response phase.

Key words: cloud storage, identity-based cryptosystem, user revocation, dynamic data update, multi-branch path tree

中图分类号: