基于DDCT表的多副本完整性审计方案

doi:10.3969/j.issn.0372-2112.2020.01.020

电子学报 ›› 2020, Vol. 48 ›› Issue (1): 164-171.DOI: 10.3969/j.issn.0372-2112.2020.01.020

基于DDCT表的多副本完整性审计方案

杜瑞忠^1,2, 石朋亮^1,2, 田俊峰^1,2

1. 河北大学网络空间安全与计算机学院, 河北保定 071002;
2. 河北省高可信信息系统重点实验室, 河北保定 071002

收稿日期:2018-12-19 修回日期:2019-04-23 出版日期:2020-01-25
- 作者简介:
- 杜瑞忠 男,1975年10月出生,河北献县人.博士,教授,硕士生导师,主要研究方向为可信计算与信息安全.E-mail:drzh@hbu.edu.cn;石朋亮 男,1992年10月出生,河北唐县人.河北大学硕士生,主要研究方向为分布式计算、云存储安全.E-mail:782764152@qq.com;田俊峰 男,1965年1月出生,河北保定人.博士,教授,博士生导师,主要研究方向为分布式计算与信息安全.
- 基金资助:
- 国家自然科学基金 (No.61572170）; 河北省自然科学基金 (No.F2018201153，No.2016205023）

Multi-copy Integrity Audit Scheme Based on DDCT Table

DU Rui-zhong^1,2, SHI Peng-liang^1,2, TIAN Jun-feng^1,2

1. Cyberspace Security and Computer, Hebei University, Baoding, Hebei 071002, China;
2. Key Lab on High Trusted Information System in Hebei Province, Baoding, Hebei 071002, China

Received:2018-12-19 Revised:2019-04-23 Online:2020-01-25 Published:2020-01-25

摘要/Abstract

摘要： 在云存储环境下，云数据采用多副本存储已经成为一种流行的应用.针对恶意云服务提供商威胁云副本数据安全问题，提出一种基于DDCT（Dynamic Divide and Conquer Table）表的多副本完整性审计方案.首先引入DDCT表来解决数据动态操作问题，同时表中存储副本数据的块号、版本号和时间戳等信息；接下来为抵制恶意云服务商攻击，设计一种基于时间戳的副本数据签名认证算法；其次提出了包括区块头和区块体的副本区块概念，区块头存储副本数据基于时间戳识别认证的签名信息，区块体存放加密的副本数据；最后委托第三方审计机构采用基于副本时间戳的签名认证算法来审计云端多副本数据的完整性.通过安全性分析和实验对比，本方案不仅有效的防范恶意存储节点之间的攻击，而且还能防止多副本数据泄露给第三方审计机构.

关键词: 云存储, 完整性, 多副本, 时间戳, 数据加密, 副本区块, 签名算法

Abstract: In the cloud storage environment,the multiple copies are more popular.However,aiming at the problems of data dynamic operation and malicious cloud service provider attacks encountered in multi-copy data integrity audit,a multi-copy integrity audit scheme based on dynamic divide and conquer table (DDCT) is proposed.Firstly,the dynamic divide and conquer table is introduced to solve the problem of dynamic data operation,and the block number,version number and timestamp of the copy data are stored in the table.In order to resist the malicious cloud service provider attacks,a time-based replica data signature authentication algorithm is designed.Secondly,it proposes the concept of replica block including block header and block body.The block header stores the authenticated signature information which is based on timestamp,and the block body stores the encrypted data.Finally,the third-party auditing agency uses a replica timestamp-based signature authentication algorithm to audit the integrity of the multi-copy data.Through security analysis and experimental comparison,this solution protects data information from third-party auditors while effectively preventing malicious cloud service provider attacks.

Key words: cloud storage, integrity, multiple copies, timestamp, data encryption, copy block, signature algorithm

中图分类号:

TP-393.2

杜瑞忠, 石朋亮, 田俊峰. 基于DDCT表的多副本完整性审计方案[J]. 电子学报, 2020, 48(1): 164-171.

DU Rui-zhong, SHI Peng-liang, TIAN Jun-feng. Multi-copy Integrity Audit Scheme Based on DDCT Table[J]. Acta Electronica Sinica, 2020, 48(1): 164-171.

参考文献

[1] 王国峰,刘川意,潘鹤中.云计算模式内部威胁综述[J].计算机学报,2017,40(02):296-316. Wang G F,Liu C Y,Pan H Z.Survey on insider to cloud computing[J].Chinese Journal of Computers,2017,40(02):296-316.(in Chinese)
[2] 田俊峰,李天乐.基于TPA云联盟的数据完整性验证模型[J].通信学报,2018,39(08):113-124. Tian J F,Li T L.Data integrity verification based on model cloud federation of TPA[J].Journal on Communications,2018,39(08):113-124.(in Chinese)
[3] Feng B,Ma X,Guo C,et al.An efficient protocol with bidirectional verification for storage security in cloud computing[J].IEEE Access,2017,99(4):7899-7911.
[4] Atenise G,Burns R.,Curtmol R.,et al.Provable data possession at untrusted stores[J].ACM Conference on Computer and Communications Security,2007,14(1):598-609.
[5] Fun T S,Samsudin A,Zaaba Z F.Enhanced security for public cloud storage with honey encryption[J].Advanced Science Letters,2017,23(5):4232-4235.
[6] Wang Q,Wang C,et al.Enabling public verifiability and data dynamics for storage security in cloud computing[J].IEEE Transactions on Parallel and Distributed Systems,2011,22(5):847-859.
[7] Wang C,Chow S S,WANG Q,et al.Privacy-preserving public auditing for secure cloud storage[J].IEEE Transactions on Computers,2013,62(2):362-375.
[8] Tian H,Chen Z,Chang C,et al.Enabling public auditability for operation behaviors in cloud storage[J].Soft Computing,2016,21(8):2175-2187.
[9] Yang K,Jia X.An efficient and secure dynamic auditing protocol for data storage in cloud computing[J].IEEE Transactions on Parallel and Distributed Systems,2013,24(9):1717-1726.
[10] Sookhak M,Gani A,et al.Dynamic remote data auditing for securing big data storage in cloud computing[J].Information Sciences,2017,380(3):101-116.
[11] Zhou Y,Ni J,Tao X.Provable multiple replication data possession with full dynamics for secure cloud[J].Concurrency and Computation,2015,28(4),1164-1173.
[12] 付艳艳,张敏,陈开渠,冯登国.面向云存储的多副本文件完整性验证方案[J].计算机研究与发展,2014,51(07):1410-1416. Fu Y Y,Zhang M,Chen K Q,et al.Proofs of data possession of multiple-copies[J].Journal of Computer Research and Development,2014,51(07):1410-1416.(in Chinese).
[13] Cha Y X,Luo S S,Bian J C,Li W.Multiuser and multiple-replica provable data possession scheme based on multi-branch authentication tree[J].Journal on Communications,2015,36(11):80-91.
[14] Yu Y,Ni J,Man H A,et al.Improved security of a dynamic remote data possession checking protocol for cloud storage[J].Expert Systems with Applications,2014,41(1):7789-7796.
[15] Shen W T,Qin J,Yu J,Hao R,Hu J K:Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage[J].IEEE Transactions Information Forensics and Security,2019,14(2):331-346.
[16] Li Y N,Yu Y,Min G Y,Susilo W,Ni J B.Fuzzy identity-based data integrity auditing for reliable cloud storage systems[J].IEEE Transactions Dependable Security Computer,2019,16(1):72-83.
[17] Surmila T,Dilip K.Privacy preserving and public auditable integrity checking on dynamic cloud data[J].Network Security,2019,21(2):221-229.

基于DDCT表的多副本完整性审计方案

Multi-copy Integrity Audit Scheme Based on DDCT Table

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	任正伟, 李雪婷, 王丽娜, 童言, 徐士伟, 丁炜. 云存储中外包数据确定性删除研究综述[J]. 电子学报, 2022, 50(10): 2542-2560.
[2]	吴志军, 杨一鸣, 张云. 基于身份签名的北斗二代民用D2导航电文认证协议[J]. 电子学报, 2021, 49(9): 1790-1798.
[3]	王亚文, 郭云飞, 刘文彦, 霍树民, 杨超. 面向云存储安全的可自愈拜占庭Quorum系统[J]. 电子学报, 2020, 48(4): 675-681.
[4]	李建江, 马占宁, 张凯. 一种基于内容分块的层次化去冗优化策略[J]. 电子学报, 2019, 47(5): 1094-1100.
[5]	彭朝英, 席政军. 基于最小熵的完整性度量[J]. 电子学报, 2018, 46(8): 1822-1828.
[6]	马行坡, 危锋, 梁俊斌, 李然, 马文鹏, 祁传达. TMWSNs中一种确保数据完整性的高能效时空Top-k查询协议[J]. 电子学报, 2018, 46(5): 1274-1280.
[7]	杜思军, 徐尚书, 刘俊南, 张俊伟, 马建峰. 云计算中抗共谋攻击的数据位置验证协议[J]. 电子学报, 2017, 45(6): 1321-1326.
[8]	周洪丞, 杨超, 马建峰, 张俊伟. 云端数据异地容灾验证方案研究[J]. 电子学报, 2016, 44(10): 2485-2494.
[9]	张晓刚, 杨路明, 潘久辉. 面向数据集成的一种高效一致性查询方法[J]. 电子学报, 2014, 42(8): 1474-1479.
[10]	陈伟, 于乐, 高迪. 一种支持完整性验证的隐私保护直方图融合算法[J]. 电子学报, 2014, 42(11): 2268-2272.
[11]	谢显中, 黄倩, 王柳苏, 马彬. 一种云存储中基于干扰对齐的多节点精确修复方法[J]. 电子学报, 2014, 42(10): 1873-1881.
[12]	王宁, 杨扬, 孟坤, 陈宇, 王磊, 季青. 云计算环境下基于用户体验的成本最优存储策略研究[J]. 电子学报, 2014, 42(1): 20-27.
[13]	周恩光, 李舟军, 郭华, 贾仰理. 一个改进的云存储数据完整性验证方案[J]. 电子学报, 2014, 42(1): 150-154.
[14]	俞能海, 郝卓, 徐甲甲, 张卫明, 张驰. 云安全研究进展综述[J]. 电子学报, 2013, 41(2): 371-381.
[15]	马海峰, 姚念民, 杜文杰. 基于不等长counter的存储器机密性和完整性保护方法[J]. 电子学报, 2013, 41(12): 2503-2506.