基于多分支路径树的云存储数据完整性验证机制 |
李勇1,2, 姚戈1, 雷丽楠1, 张晓菲3, 杨鲲4 |
1. 北京交通大学 电子信息工程学院, 北京 100044; 2. 福建师范大学 福建省网络安全与密码技术重点实验室, 福州 350007; 3. 中国信息安全测评中心, 北京 100085; 4. 中国计量科学研究院, 北京 100029 |
LBT-based cloud data integrity verification scheme |
LI Yong1,2, YAO Ge1, LEI Linan1, ZHANG Xiaofei3, YANG Kun4 |
1. School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China; 2. Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou 350007, China; 3. China Information Technology Security Evaluation Center, Beijing 100085, China; 4. National Institute of Metrology, Beijing 100029, China |
摘要:
| |||
摘要随着云存储技术的发展, 为了节约存储成本, 越来越多的用户选择将数据存储在云端, 但同时用户也失去了对数据的控制权, 无法确保云端数据的完整性。因此, 云服务提供商(cloud service provider, CSP)需要通过一种有效的协议向用户提供数据完整性证明。目前许多方案仍存在无法支持全动态(插入、修改和删除)更新, 或方案计算、存储和通信开销大等问题。针对上述问题, 该文提出基于多分支路径树(large branching tree, LBT)的数据完整性验证机制, 通过构建结构简单的认证树, 简化动态更新过程, 实现全动态更新。实验结果表明: 该方案在动态更新过程中, 能够减少协议各实体的计算负担, 高效完成大量数据更新的云存储数据完整性验证。 | |||
关键词 :云存储,数据完整性,数据持有性证明,数据可恢复性证明 | |||
Abstract:With the rapid growth of cloud storage, more and more users are choosing to store their data in the cloud to reduce storage costs. However, users then lose control of the data and the data integrity cannot be ensured. Thus, cloud service providers (CSP) need to provide proof to users that their data is secure through an efficient integrity verification protocol. A number of feasible schemes have been proposed, but they have trouble supporting fully dynamic operations including insert, modify, and delete and they have large computing, storage and communication costs. This paper presents a data integrity verification scheme based on a large branching tree (LBT). The scheme supports fully dynamic updates and simplifies the dynamic update process by constructing a simple authentication tree. Tests show that the scheme reduces the computation of burden of the entities so that the method can be efficiently applied in the cloud environment to verify data integrity with frequent update operations. | |||
Key words:cloud storagedata integrityprovable data prossessionproofs of retrievability | |||
收稿日期: 2016-01-22 出版日期: 2016-05-19 | |||
|
引用本文: |
李勇, 姚戈, 雷丽楠, 张晓菲, 杨鲲. 基于多分支路径树的云存储数据完整性验证机制[J]. 清华大学学报(自然科学版), 2016, 65(5): 504-510. LI Yong, YAO Ge, LEI Linan, ZHANG Xiaofei, YANG Kun. LBT-based cloud data integrity verification scheme. Journal of Tsinghua University(Science and Technology), 2016, 65(5): 504-510. |
链接本文: |
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2016.25.008或 http://jst.tsinghuajournals.com/CN/Y2016/V65/I5/504 |
图表:
图1 LBT结构 |
图2 云服务提供商构建的LBT结构 |
图3 在数据块mi 后插入文件f |
表1 方案性能比较 |
图4 出度树的构建时间 |
图5 CSP生成证据的时间 |
图6 TPA 验证时间 |
参考文献:
[1] 冯登国, 张敏, 张妍, 等. 云计算安全研究[J]. 软件学报, 2011,22(1):71-83. FENG Dengguo, ZHANG Min, ZHANG Yan, et al. Study on cloud computing security[J].Journal of Software, 2011,22(1):71-83. (in Chinese) [2] Ateniese G, Burns R, Curtmola R. Provable data possession at untrusted stores[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007). New York, USA:ACM Press, 2007:598-609. [3] Ateniese G, Pietro R D, Mancini L, et al. Scalable and efficient provable data possession[C]//Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SecureComm'08). New York, USA:ACM Press, 2008:1-10. [4] WANG Huaqun. Identity-based distributed provable data possession in multicloud storage[J].IEEE Transactions on Services Computing, 2015,8(2):328-340 [5] Juels A, Kaliski B S. PORs:Proofs of retrievability for large files[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007). New York, USA:ACM Press, 2007:584-597. [6] Shacham H, Waters B. Compact proofs of retrievability[C]//Proceedings of 14th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT'08). Berlin, Germany:Springer-Verlag Press, 2008:90-107. [7] 谭霜, 贾焰, 韩伟红. 云存储中的数据完整性证明研究及进展[J]. 计算机学报, 2015,38(1):164-177. TAN Shuang, JIA Yan, HAN Weihong. Research and development of provable data integrity in cloud storage[J].Chinese Journal of Computers, 2015,38(1):164-177. (in Chinese) [8] Erway C, Kupccu A, Papamathou C, et al. Dynamic provable data possession[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009). New York, USA:ACM Press, 2009:213-222. [9] ZHU Yan, HU Hongxin, AHN G J, et al. Efficient audit service outsourcing for data integrity in clouds[J].Journal of Systems and Software, 2012,85(5):1083-1095. [10] ZHU Yan, HU Hongxin, AHN G J, et al. Cooperative provable data possession for integrity verification in multi-cloud storage[J].IEEE Transactions on Parallel and Distributed Systems, 2012,23(12):2231-2244. [11] WANG Qian, WANG Cong, LI Jin, et al. Enabling public verifiability and data dynamics for storage security in cloud computing[C]//Proceedings of 14th European Symposium on Research in Computer Security (ESORICS 2009). Berlin, Germany:Springer-Verlag Press, 2009:355-370. [12] Boneh D, Lynn B, Shacham H. Short signatures from the weil pairing[C]//Proceedings of Seventh International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT'01). Berlin, Germany:Springer-Verlag Press, 2001:514-532. |
相关文章:
|