一种改进的短签名云数据审计方案

崔圆佑; 王绪安; 郎讯; 涂正; 苏昀暄

doi:10.19665/j.issn1001-2400.20230107

您当前的位置：

首页 >

文章列表页 >

一种改进的短签名云数据审计方案

网络空间安全 | 更新时间：2023-11-30

- 一种改进的短签名云数据审计方案
- 暂无标题
- 西安电子科技大学学报 2023年50卷第5期页码：132-141
- 作者机构：
  
  1. 武警工程大学密码工程学院,陕西西安 710000
  2. 武警安徽总队,安徽合肥 230000
  3. 武警贵州总队,贵州贵阳 550000
- 作者简介：
  
  [ "崔圆佑(1995—),男,武警安徽总队某部硕士研究生,E-mail:[email protected];" ]
  王绪安(1981—),男,武警工程大学教授,E-mail:[email protected]
  [ "郎讯(1990—),男,武警贵州总队某部助理工程师,E-mail:[email protected];" ]
  [ "涂正(1998—),男,武警工程大学硕士研究生,E-mail:[email protected];" ]
  [ "苏昀暄(1996—),男,武警工程大学硕士研究生,E-mail:[email protected]" ]
- 基金信息：
  
  国家自然科学基金(62172436);陕西省自然科学基金(2023-JC-YB-584);武警工程大学基础前沿创新项目(WJY202313)
- DOI：10.19665/j.issn1001-2400.20230107
  中图分类号：
扫描看全文
崔圆佑, 王绪安, 郎讯, 等. 一种改进的短签名云数据审计方案[J]. 西安电子科技大学学报, 2023,50(5):132-141.
崔圆佑, 王绪安, 郎讯, 等. 一种改进的短签名云数据审计方案[J]. 西安电子科技大学学报, 2023,50(5):132-141. DOI： 10.19665/j.issn1001-2400.20230107.

DOI：

摘要

随着物联网的发展,云存储数据产生了爆发式的增长,有效验证存储在云存储服务提供商上数据的完整性成为了一个重要问题。为解决已知的基于BLS短签名的数据完整性审计方案计算效率不高的问题,2019年ZHU等设计了基于ZSS短签名的数据完整性审计方案。但ZHU等的方案在挑战阶段生成的证据在运算上存在正确性问题,并且能对其进行重放攻击或者利用双线性映射特征进行攻击,从而通过第三方审计者的审计。通过改进挑战阶段证据的计算方法,优化验证阶段第三方审计者用于验证证据的双线性对等式,提出了优化的基于ZSS短签名的云数据审计方案。证明了改进后方案的正确性,弥补了原方案中存在的不足,同时分析了方案的安全性。改进的方案中不仅包括第三方审计者在内的攻击者无法恢复出用户数据,而且可以抵抗包括恶意云存储服务提供商在内的攻击者的重放攻击和伪造攻击。通过数值分析发现,计算开销变化不大,通信代价降低,比原方案提供了更好的计算准确性。

Abstract

With the development of the Internet of Things,Cloud storage has experienced an explosive growth.Effective verification of the integrity of data stored on the Cloud storage service providers(CSP) has become an important issue.In order to solve the problem that the existing data integrity audit scheme based on the BLS short signature is inefficient,ZHU et al.designed a data integrity audit scheme based on the ZSS short signature in 2019.However,this paper points out that the proof generated by ZHU et al.'s scheme in the challenge phase is incorrect and can be subjected to replay attacks or attacked by using a bilinear map,so as to pass the audit of a third party auditor(TPA).Then,this paper proposes an improved cloud audit scheme based on the short signature by improving the calculation method of proof in the challenge stage and optimizing the equations used by the third party auditor in the verification stage for verifying proof.This paper proves the correctness of the improved scheme,compensates for the shortcomings in the original scheme,and analyzes the security of the scheme.The improved scheme not only can make attackers including the third party auditor unable to recover users’ data,but also can resist replay attacks and forgery attacks of attackers including malicious cloud storage service providers.Through numerical analysis,it is found that the computational cost did not change much,and that the communication cost decreased,thus providing a better computational accuracy than the original scheme.

关键词

短签名云存储云安全持有性证明

Keywords

short signaturecloud storagecloud securitydata possession proof

references

CHEN K, HU C, ZHANG X, et al. Survey on Routing in Data Centers:Insights and Future Directions[J]. IEEE Network, 2011, 25(4):6-10.

DESWARTE Y, QUISQUATER J J, SAÏDANE A, Remote Integrity Checking[C]//Proceedings of the Integrity and Internal Control in Information Systems VI[J]. Heidelberg:Springer, 2004:1-11.

OPREA A, REITER M K, YANG K. Space-Efficient Block Storage Integrity[C]//Proceedings of the Network and Distributed System Security Symposium. San Diego: NDSS, 2005:1-12.

BONEH D, LYNN B, SHACHAM H. Short Signatures from the Weil Pairing[C]//Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security. Heidelberg:Springer, 2001:514-532.

FILHO D, BARRETO P S. Demonstrating Data Possession and Uncheatable Data Transfer[J]. Cryptology ePrint Archive, 2006, 1(1):150-159.

ATENIESE G, BURNS R, CURTMOLA R. Provable Data Possession at Untrusted Stores[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security(CCS2007). New York: ACM, 2007:598-609.

ATENIESE G, BURNS R, CURTMOLA R, et al. Remote Data Checking Using Provable Data Possession[J]. ACM Transactions on Information and System Security, 2011, 14(1):1-34.

WANG Q, WANG C, LI J, et al. Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing[J]. IEEE Transactions on Parallel and Distributed Systems, 2011, 22(5):847-859. DOI:10.1109/TPDS.2010.183http://doi.org/10.1109/TPDS.2010.183http://ieeexplore.ieee.org/document/5611497/http://ieeexplore.ieee.org/document/5611497/

CURTMOLA R, KHAN O, BURNS R, et al. MR-PDP:Multiple-Replica Provable Data Possession[C]//2008 The 28th International Conference on Distributed Computing Systems.Piscataway:IEEE, 2008:411-420.

李勇, 姚戈, 雷丽楠, 等. 基于多分支路径树的云存储数据完整性验证机制[J]. 清华大学学报(自然科学版), 2016, 56(5):504-510.

LI Yong, YAO Ge, LEI Linan, et al. A Validation Mechanism for Cloud Storage Data Integrity Based on Multi-branch Path Tree[J]. Journal of Tsinghua University (Science and Technology), 2016, 56(5):504-510.

ZHU H, YUAN Y, CHEN Y, et al. A Secure and Efficient Data Integrity Verification Scheme for Cloud-IoT Based on Short Signature.[J] IEEE Access, 2019, 7:90036- 90044. DOI:10.1109/Access.6287639http://doi.org/10.1109/Access.6287639https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

毛向杰, 张品. 云平台数据完整性混合验证方案[J]. 计算机工程, 2020, 46(10):46-51. DOI:10.19678/j.issn.1000-3428.0056404http://doi.org/10.19678/j.issn.1000-3428.0056404

MAO Xiangjie, ZHANG Pin. Hybrid Verification Scheme for Data Integrity of Cloud Platform[J]. Computer Engineering, 2020, 46(10):46-51. DOI:10.19678/j.issn.1000-3428.0056404http://doi.org/10.19678/j.issn.1000-3428.0056404

杨小东, 裴喜祯, 陈桂兰, 等. 支持用户撤销的多用户多副本数据公开审计方案[J]. 计算机工程, 2020, 46(12):150-157. DOI:10.19678/j.issn.1000-3428.0056369http://doi.org/10.19678/j.issn.1000-3428.0056369

YANG Xiaodong, PEI Xizhen, CHEN Guilan, et al. Multi-User and Multi-Replica Public Data Audit Scheme Supporting User Revocation[J]. Computer Engineering, 2020, 46(12):150-157. DOI:10.19678/j.issn.1000-3428.0056369http://doi.org/10.19678/j.issn.1000-3428.0056369

咸鹤群, 刘红燕, 张曙光, 等. 可验证的云存储安全数据删重方法[J]. 软件学报, 2020, 31(2):455-470.

XIAN Hequn, LIU Hongyan, ZHANG Shuguang, et al. Verifiable Secure Data Deduplication Method in Cloud Storage[J]. Journal of Software, 2020, 31(2):455-470.

杨海滨, 李瑞峰, 易铮阁, 等. 无效双线性对的高效云存储数据审计方案[J]. 西安电子科技大学学报, 2022, 49(1):47-54.

YANG Haibin, LI Ruifeng, YI Zhengge, et al. Efficient Cloud Storage Data Auditing Scheme without Bilinear Pairing[J]. Journal of Xidian University, 2022, 49(1):47-54.

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

无双线性对的高效云存储数据审计方案

一种多副本动态数据持有性证明方案

支持访问控制与密钥更新的加密去重方案

采用随机块附加策略的云数据安全去重方法

一种基于短签名和离线半可信第三方的公平交换协议