用户可动态撤销及数据可实时更新的云审计方案
作者:
作者单位:

作者简介:

韩静(1992-),女,山西吕梁人,硕士生,主要研究领域为云存储数据完整性验证;禹勇(1980-),男,博士,教授,博士生导师,CCF专业会员,主要研究领域为区块链与密码货币,云计算安全,大数据安全与隐私保护;李艳平(1978-),女,博士,副教授,主要研究领域为云存储数据完整性验证,可搜索加密;丁勇(1975-),男,博士,教授,博士生导师,CCF高级会员,主要研究领域为无线网络安全,椭圆曲线密码体系,可证明安全性研究.

通讯作者:

李艳平,Email:lyp@snnu.edu.cn

中图分类号:

TP333

基金项目:

国家自然科学基金(61802243,61872229,61772150);陕西省工业领域重点研发项目(2019GY-013);中央高校基本科研业务费专项资金(2018CSLY002,GK201803005)


Cloud Auditing Scheme with Dynamic Revocation of Users and Real-time Updates of Data
Author:
Affiliation:

Fund Project:

National Natural Science Foundation of China (61802243, 61872229, 61772150); Key R&D Program in Industry Field of Shaanxi Province (2019GY-013); Fundamental Research Funds for the Central Universities (2018CSLY002, GK201803005)

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    随着云存储的出现,越来越多的用户选择将大量数据存储在远程云服务器上,以节约本地存储资源.如何验证用户远程存储在云端数据的完整性,成为近年来学术界的一个研究热点.虽然现已提出了很多云审计方案,但大多数方案都假设个人和企业在使用云存储系统的整个过程中,用户及其公私钥始终不变,且不能高效地对数据进行实时动态更新.为此,提出一种轻量级的支持用户可动态撤销及存储数据可动态更新的云审计方案.首先,该方案允许用户可高效地动态撤销(包括更换公私钥),在用户撤销阶段,采用了多重单向代理重签名技术,新用户只需计算重签名密钥,而无需从云端下载数据再重新签名后上传到云端;其次,该方案能够保证数据可实时动态更新(插入、删除、修改),通过在数据块的身份识别码中引入虚拟索引,数据动态更新时,只有被更新数据块的身份识别码发生变化,其余数据块的身份识别码保持不变;最后,在重签名阶段,云服务器代替新用户进行签名,在审计阶段,第三方审计者代表当前用户对存储在远程云服务器上的数据进行完整性验证,减轻了终端用户的计算开销及系统的通信开销(轻量级).安全性分析和性能分析进一步说明,该方案是安全的和高效的.

    Abstract:

    With the advent of cloud storage, more and more users choose to store large amounts of data on the remote cloud server in order to save local storage resources. In recent years, how to verify the integrity of remote stored data in the cloud has been become a hotspot in academia. Although many cloud auditing protocols have been put forward, most of them are based on the assumption that users (individuals or enterprises) and their public/private keys remain constant in the whole process of using cloud storage system, and these schemes cannot dynamically update data in real time. Therefore, this study proposes a lightweight cloud auditing scheme which supports dynamic revocation of users and real-time updating of data. First of all, this scheme allows users to revoke dynamically and efficiently (including the updating of public private keys), multi-use unidirectional proxy re-signature technology is adopted in the stage of revocation, that is, a new user simply needs to calculate the re-signature key instead of downloading data from the cloud to re-sign and then uploading it to the cloud. Secondly, this scheme can realize the data dynamic updating (inserting, deleting, and modifying) in real time by introducing the virtual index into the identification code of data block. Consequently, only the identification code of updated data block changes while the other's remain unchanged when dynamically updating data. Finally, in the stage of re-signature, the cloud server is able to represent a new user to re-sign, and in the stage of auditing, third party audit center can represent the current user to verify the integrity of data in the cloud, which greatly reduce the computational overhead of user and communication overhead of system (lightweight). The security and performance analyses of this study further show that the proposed scheme is secure and efficient.

    参考文献
    相似文献
    引证文献
引用本文

韩静,李艳平,禹勇,丁勇.用户可动态撤销及数据可实时更新的云审计方案.软件学报,2020,31(2):578-596

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2017-09-25
  • 最后修改日期:2018-06-06
  • 录用日期:
  • 在线发布日期: 2020-02-17
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号