云计算中抗共谋攻击的数据位置验证协议

doi:10.3969/j.issn.0372-2112.2017.06.006

电子学报 ›› 2017, Vol. 45 ›› Issue (6): 1321-1326.DOI: 10.3969/j.issn.0372-2112.2017.06.006

云计算中抗共谋攻击的数据位置验证协议

杜思军, 徐尚书, 刘俊南, 张俊伟, 马建峰

西安电子科技大学网络与信息安全学院, 陕西西安 710071

收稿日期:2015-10-22 修回日期:2016-03-23 出版日期:2017-06-25
- 作者简介:
- 杜思军 男,1983年生于湖北襄阳.现为西安电子科技大学硕士研究生,主要研究方向为网络与信息安全.E-mail:617021248@qq.com;徐尚书 男,1992年生于重庆.现为西安电子科技大学硕士研究生,主要研究方向为无线网络安全.E-mail:278567131@qq.com;刘俊南 男,1991年生于广东揭西.现为西安电子科技大学硕士研究生,主要研究方向为网络与信息安全.E-mail:1457870709@qq.com;张俊伟 男,1982年生于陕西西安.现为西安电子科技大学副教授,硕士生导师,主要研究方向为网络与信息安全、密码学等.E-mail:jwzhang@xidian.edu.cn
- 基金资助:
- 国家自然科学基金 (No.61472310，No.U1405255，No.61372075，No.61303219，No.61363068）

Collusion-Attack-Defensive Data Location Verification Protocols in Cloud Computing

DU Si-jun, XU Shang-shu, LIU Jun-nan, ZHANG Jun-wei, MA Jian-feng

School of Cyber Engineering, Xidian University, Xi'an, Shaanxi 710071, China

Received:2015-10-22 Revised:2016-03-23 Online:2017-06-25 Published:2017-06-25

摘要/Abstract

摘要：

针对云计算中数据位置验证存在的共谋攻击，本文提出了抗共谋攻击的数据位置验证协议.首先给出了数据位置验证的系统模型，分析了安全威胁，并给出了数据位置验证的安全定义.随后，将安全定位协议与数据持有性证明协议相结合，设计了一维空间下的数据位置验证协议，并证明了所提协议满足安全定义且能抵御共谋攻击.在一维协议基础之上，构建了三维空间下的数据位置验证协议.最后，在三维空间下将本文所提协议与Lost协议和Geoproof协议进行了性能的测试和比较.结果表明所提协议能够验证服务器具体位置且能抵御共谋攻击.

关键词: 云计算, 共谋攻击, 数据位置验证, 安全定位, 数据持有性证明, 数据完整性检验

Abstract:

In view of the collusion attack in cloud computing data location verification,collusion-attack-defensive data location verification protocols are proposed.Firstly,the system model of data location verification is given and the security threats are analyzed and the security definition is formalized.Then,the security positioning protocol is combined with the provable data possession protocol and the data location verification protocol in one dimension is proposed.In addition,the proposed protocol is proved to satisfy the security definition and to defend collusion attack.Based on the proposed protocol,the data location verification protocol in three dimensions is constructed.Finally,in three dimensions,the proposed protocol is tested and compared with the Lost protocol and the Geoproof protocol.The results show the proposed protocol can verify the specific geographical location of the server and can defend collusion attack of the adversaries.

Key words: cloud computing, collusion attack, data location verification, security positioning, provable data possession, position-based cryptography, data integrity check

中图分类号:

TN911.7

杜思军, 徐尚书, 刘俊南, 张俊伟, 马建峰. 云计算中抗共谋攻击的数据位置验证协议[J]. 电子学报, 2017, 45(6): 1321-1326.

DU Si-jun, XU Shang-shu, LIU Jun-nan, ZHANG Jun-wei, MA Jian-feng. Collusion-Attack-Defensive Data Location Verification Protocols in Cloud Computing[J]. Acta Electronica Sinica, 2017, 45(6): 1321-1326.

参考文献

[1] 俞能海,郝卓,徐甲甲,等.云安全研究进展综述[J].电子学报,2013,41(2):371-381. Yu N,Hao Z,Xu J,et al.Review of cloud computing security[J].Acta Electronica Sinica,2013,41(2):371-381.(in Chinese)
[2] 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83. Feng D G,Zhang M,Zhang Y,et al.Study on cloud computing security[J].Journal of Software,2011,22(1):71-83.(in Chinese)
[3] Zissis D,Lekkas D.Addressing cloud computing security issues[J].Future Generation Computer Systems,2012,28(3):583-592.
[4] Brunette G,Mogull R.Security guidance for critical areas of focus in cloud computing v2.1[J].Cloud Security Alliance,2009(11).1-76.
[5] Takabi H,Joshi J B D,Ahn G J.Security and privacy challenges in cloud computing environments[J].IEEE Security & Privacy,2010(6):24-31.
[6] Gueye B,Ziviani A,Crovella M,et al.Constraint-based geolocation of internet hosts[J].IEEE/ACM Transactions on Networking,2006,14(6):1219-1232.
[7] Gill P,Ganjali Y,Wong B,et al.Dude,where's that IP? circumventing measurement-based IP geolocation[A].Proceedings of the 19th USENIX Conference on Security[C].USA:USENIX Association,2010.16-31.
[8] Katz-Bassett,Ethan,et al.Towards IP geolocation using delay and topology measurements[A].Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement[C].USA:ACM,2006.71-84.
[9] Zeng Y,Cao J,Hong J,et al.Secure localization and location verification in wireless sensor networks[A].IEEE 6th International Conference on Mobile Adhoc and Sensor Systems,2009(MASS'09)[C].USA:IEEE,2009.864-869.
[10] Chiang J T,Haas J J,Choi J,et al.Secure location verification using simultaneous multilateration[J].IEEE Transactions on Wireless Communications,2012,11(2):584-591.
[11] Zhu Y,Ma D,Huang D,et al.Enabling secure location-based services in mobile cloud computing[A].Proceedings of the Second ACM SIGCOMM Workshop on Mobile Cloud Computing[C].USA:ACM,2013.27-32.
[12] Chandran N,Goyal V,Moriarty R,et al.Position based cryptography[A].Advances in Cryptology-CRYPTO 2009[C].Berlin:Springer-Verlag,2009.391-407.
[13] Cremers C,Rasmussen K B,Schmidt B,et al.Distance hijacking attacks on distance bounding protocols[A].2012 IEEE Symposium on Security and Privacy (SP)[C].USA:IEEE,2012.113-127.
[14] Rasmussen K B,Capkun S.Realization of RF distance bounding[A].Proceedings of the 19th USENIX Conference on Security[C].USA:USENIX Association,2010.389-402.
[15] Hancke G P,Kuhn M G.Attacks on time-of-flight distance bounding channels[A].Proceedings of the first ACM Conference on Wireless Network Security[C].USA:ACM,2008.194-202.
[16] Erway C,Kupcu A,Papamanthou C,et al.Dynamic provable data possession[A].Proceedings of the 16th ACM Conference on Computer and Communications Security[C].USA:ACM,2009.213-222.
[17] Zhu Y,Wang H,Hu Z,et al.Efficient provable data possession for hybrid clouds[A].Proceedings of the 17th ACM Conference on Computer and Communications Security[C].USA:ACM,2010.756-758.
[18] Bowers K D,Juels A,Oprea A.Proofs of retrievability:Theory and implementation[A].Proceedings of the 2009 ACM Workshop on Cloud Computing Security[C].USA:ACM,2009.43-54.
[19] Zhu Y,Wang H X,Hu Z X,et al.Zero-knowledge proofs of retrievability[J].Science China Information Sciences,2011,54(8):1608-1617.
[20] Albeshri A,Boyd C,Nieto J G.Geoproof:proofs of geographic location for cloud computing environment[A].201232nd International Conference on Distributed Computing Systems Workshops (ICDCSW)[C].USA:IEEE,2012.506-514.
[21] Albeshri A,Boyd C,Nieto J G.Enhanced GeoProof:improved geographic assurance for data in the cloud[J].International Journal of Information Security,2014,13(2):191-198.
[22] Watson G J,Safavi-Naini R,Alimomeni M,et al.Lost:location based storage[A].Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop[C].USA:ACM,2012.59-70.
[23] Ateniese G,Di Pietro R,Mancini L V,et al.Scalable and efficient provable data possession[A].Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks[C].USA:ACM,2008.1-10.
[24] 陈兰香,许力.云存储服务中可证明数据持有及恢复技术研究[J].计算机研究与发展,2012(S1):19-25. Lanxiang C,Li X.Research on provable data possession and recovery technology in cloud storage[J].Journal of Computer Research and Development,2012(S1):19-25.(in Chinese)

云计算中抗共谋攻击的数据位置验证协议

Collusion-Attack-Defensive Data Location Verification Protocols in Cloud Computing

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	罗智勇, 朱梓豪, 谢志强, 孙广路. 面向云计算的花朵差分授粉工作流多目标优化算法研究[J]. 电子学报, 2021, 49(3): 470-476.
[2]	李航, 冯朝胜, 刘帅南, 刘彬, 赵开强. 支持离线/在线加密及可验证外包解密的CP-WABE方案[J]. 电子学报, 2020, 48(11): 2146-2153.
[3]	卢晶, 段勇, 刘海波. 基于z值的分布式密度峰值聚类算法[J]. 电子学报, 2018, 46(3): 730-738.
[4]	王于丁, 杨家海. DACPCC:一种包含访问权限的云计算数据访问控制方案[J]. 电子学报, 2018, 46(1): 236-244.
[5]	丁嘉宁, 张鹏, 杨嵘, 刘俊朋, 刘庆云, 熊刚. 支持多租户的网络测试床模拟流量标记和溯源模型[J]. 电子学报, 2017, 45(8): 1947-1956.
[6]	陈振华, 李顺东, 王道顺, 黄琼, 张卫国. 集合成员关系的安全多方计算及其应用[J]. 电子学报, 2017, 45(5): 1109-1116.
[7]	李焱, 郑亚松, 李婧, 朱春鸽, 刘欣然. 云环境下面向跨域作业的调度方法[J]. 电子学报, 2017, 45(10): 2416-2424.
[8]	陶晓玲, 韦毅, 王勇. 一种基于分层多代理的云计算负载均衡方法[J]. 电子学报, 2016, 44(9): 2106-2113.
[9]	陈凯, 许海铭, 徐震, 林东岱, 刘勇. 适用于移动云计算的抗中间人攻击的SSP方案[J]. 电子学报, 2016, 44(8): 1806-1813.
[10]	梁俊杰, 李凤华, 刘琼妮, 尹利. MapReduce框架下的优化高维索引与KNN查询[J]. 电子学报, 2016, 44(8): 1873-1880.
[11]	肖鹏, 刘洞波, 屈喜龙. 云计算中基于能耗比例模型的虚拟机调度算法[J]. 电子学报, 2015, 43(2): 305-311.
[12]	冯朝胜, 秦志光, 袁丁, 卿昱. 云计算环境下访问控制关键技术[J]. 电子学报, 2015, 43(2): 312-319.
[13]	匡桂娟, 曾国荪, 曹洁, 熊焕亮. 基于图匹配理论的云任务与云资源满意“婚配”方法[J]. 电子学报, 2014, 42(8): 1582-1586.
[14]	李德毅, 张天雷, 黄立威. 位置服务：接地气的云计算[J]. 电子学报, 2014, 42(4): 786-790.
[15]	陈丹伟, 邵菊, 樊晓唯, 陈林铃, 何利文. 基于MAH-ABE的云计算隐私保护访问控制[J]. 电子学报, 2014, 42(4): 821-827.