PDF(1012 KB)
PDF(1012 KB)
PDF(1012 KB)
云计算中抗共谋攻击的数据位置验证协议
Collusion-Attack-Defensive Data Location Verification Protocols in Cloud Computing
针对云计算中数据位置验证存在的共谋攻击,本文提出了抗共谋攻击的数据位置验证协议.首先给出了数据位置验证的系统模型,分析了安全威胁,并给出了数据位置验证的安全定义.随后,将安全定位协议与数据持有性证明协议相结合,设计了一维空间下的数据位置验证协议,并证明了所提协议满足安全定义且能抵御共谋攻击.在一维协议基础之上,构建了三维空间下的数据位置验证协议.最后,在三维空间下将本文所提协议与Lost协议和Geoproof协议进行了性能的测试和比较.结果表明所提协议能够验证服务器具体位置且能抵御共谋攻击.
In view of the collusion attack in cloud computing data location verification,collusion-attack-defensive data location verification protocols are proposed.Firstly,the system model of data location verification is given and the security threats are analyzed and the security definition is formalized.Then,the security positioning protocol is combined with the provable data possession protocol and the data location verification protocol in one dimension is proposed.In addition,the proposed protocol is proved to satisfy the security definition and to defend collusion attack.Based on the proposed protocol,the data location verification protocol in three dimensions is constructed.Finally,in three dimensions,the proposed protocol is tested and compared with the Lost protocol and the Geoproof protocol.The results show the proposed protocol can verify the specific geographical location of the server and can defend collusion attack of the adversaries.
云计算 / 共谋攻击 / 数据位置验证 / 安全定位 / 数据持有性证明 / 数据完整性检验 {{custom_keyword}} /
cloud computing / collusion attack / data location verification / security positioning / provable data possession / position-based cryptography / data integrity check {{custom_keyword}} /
[1] 俞能海,郝卓,徐甲甲,等.云安全研究进展综述[J].电子学报,2013,41(2):371-381. Yu N,Hao Z,Xu J,et al.Review of cloud computing security[J].Acta Electronica Sinica,2013,41(2):371-381.(in Chinese)
[2] 冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83. Feng D G,Zhang M,Zhang Y,et al.Study on cloud computing security[J].Journal of Software,2011,22(1):71-83.(in Chinese)
[3] Zissis D,Lekkas D.Addressing cloud computing security issues[J].Future Generation Computer Systems,2012,28(3):583-592.
[4] Brunette G,Mogull R.Security guidance for critical areas of focus in cloud computing v2.1[J].Cloud Security Alliance,2009(11).1-76.
[5] Takabi H,Joshi J B D,Ahn G J.Security and privacy challenges in cloud computing environments[J].IEEE Security & Privacy,2010(6):24-31.
[6] Gueye B,Ziviani A,Crovella M,et al.Constraint-based geolocation of internet hosts[J].IEEE/ACM Transactions on Networking,2006,14(6):1219-1232.
[7] Gill P,Ganjali Y,Wong B,et al.Dude,where's that IP? circumventing measurement-based IP geolocation[A].Proceedings of the 19th USENIX Conference on Security[C].USA:USENIX Association,2010.16-31.
[8] Katz-Bassett,Ethan,et al.Towards IP geolocation using delay and topology measurements[A].Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement[C].USA:ACM,2006.71-84.
[9] Zeng Y,Cao J,Hong J,et al.Secure localization and location verification in wireless sensor networks[A].IEEE 6th International Conference on Mobile Adhoc and Sensor Systems,2009(MASS'09)[C].USA:IEEE,2009.864-869.
[10] Chiang J T,Haas J J,Choi J,et al.Secure location verification using simultaneous multilateration[J].IEEE Transactions on Wireless Communications,2012,11(2):584-591.
[11] Zhu Y,Ma D,Huang D,et al.Enabling secure location-based services in mobile cloud computing[A].Proceedings of the Second ACM SIGCOMM Workshop on Mobile Cloud Computing[C].USA:ACM,2013.27-32.
[12] Chandran N,Goyal V,Moriarty R,et al.Position based cryptography[A].Advances in Cryptology-CRYPTO 2009[C].Berlin:Springer-Verlag,2009.391-407.
[13] Cremers C,Rasmussen K B,Schmidt B,et al.Distance hijacking attacks on distance bounding protocols[A].2012 IEEE Symposium on Security and Privacy (SP)[C].USA:IEEE,2012.113-127.
[14] Rasmussen K B,Capkun S.Realization of RF distance bounding[A].Proceedings of the 19th USENIX Conference on Security[C].USA:USENIX Association,2010.389-402.
[15] Hancke G P,Kuhn M G.Attacks on time-of-flight distance bounding channels[A].Proceedings of the first ACM Conference on Wireless Network Security[C].USA:ACM,2008.194-202.
[16] Erway C,Kupcu A,Papamanthou C,et al.Dynamic provable data possession[A].Proceedings of the 16th ACM Conference on Computer and Communications Security[C].USA:ACM,2009.213-222.
[17] Zhu Y,Wang H,Hu Z,et al.Efficient provable data possession for hybrid clouds[A].Proceedings of the 17th ACM Conference on Computer and Communications Security[C].USA:ACM,2010.756-758.
[18] Bowers K D,Juels A,Oprea A.Proofs of retrievability:Theory and implementation[A].Proceedings of the 2009 ACM Workshop on Cloud Computing Security[C].USA:ACM,2009.43-54.
[19] Zhu Y,Wang H X,Hu Z X,et al.Zero-knowledge proofs of retrievability[J].Science China Information Sciences,2011,54(8):1608-1617.
[20] Albeshri A,Boyd C,Nieto J G.Geoproof:proofs of geographic location for cloud computing environment[A].201232nd International Conference on Distributed Computing Systems Workshops (ICDCSW)[C].USA:IEEE,2012.506-514.
[21] Albeshri A,Boyd C,Nieto J G.Enhanced GeoProof:improved geographic assurance for data in the cloud[J].International Journal of Information Security,2014,13(2):191-198.
[22] Watson G J,Safavi-Naini R,Alimomeni M,et al.Lost:location based storage[A].Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop[C].USA:ACM,2012.59-70.
[23] Ateniese G,Di Pietro R,Mancini L V,et al.Scalable and efficient provable data possession[A].Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks[C].USA:ACM,2008.1-10.
[24] 陈兰香,许力.云存储服务中可证明数据持有及恢复技术研究[J].计算机研究与发展,2012(S1):19-25. Lanxiang C,Li X.Research on provable data possession and recovery technology in cloud storage[J].Journal of Computer Research and Development,2012(S1):19-25.(in Chinese)
国家自然科学基金 (No.61472310,No.U1405255,No.61372075,No.61303219,No.61363068)
/
| 〈 |
|
〉 |
