支持用户追溯和轻量的共享云数据审计方案

doi:10.11772/j.issn.1001-9081.2017.12.3417

计算机应用 ›› 2017, Vol. 37 ›› Issue (12): 3417-3422.DOI: 10.11772/j.issn.1001-9081.2017.12.3417

支持用户追溯和轻量的共享云数据审计方案

金瑜^1,2, 蔡超^1,2, 何亨^1,2

1. 武汉科技大学计算机科学与技术学院, 武汉 430065;
2. 湖北省智能信息处理与实时工业系统重点实验室, 武汉 430065

收稿日期:2017-05-08 修回日期:2017-08-08 出版日期:2017-12-10 发布日期:2017-12-18
通讯作者: 蔡超
作者简介:金瑜(1973-),女,湖北武汉人,教授,博士,CCF会员,主要研究方向:云计算、对等计算、信任模型;蔡超(1993-),男,湖北黄冈人,硕士研究生,主要研究方向:云计算安全、云审计;何亨(1985-),男,湖北武汉人,教授,博士,主要研究方向:密码学、属性加密、安全控制机制。
基金资助:
国家自然科学基金资助项目（61303117，61602351）。

Scheme of sharing cloud data audit supporting user traceability and lightweight

JIN Yu^1,2, CAI Chao^1,2, HE Heng^1,2

1. College of Computer Science and Technology, Wuhan University of Science and Technology, Wuhan Hubei 430065, China;
2. Hubei Provincial Key Laboratory of Intelligent Information Processing and Real-time Industrial System, Wuhan Hubei 430065, China

Received:2017-05-08 Revised:2017-08-08 Online:2017-12-10 Published:2017-12-18
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61303117, 61602351).

摘要/Abstract

摘要： 在云计算中，数据通常由一组用户共享。由于第三方审计可以通过数据块的签名获取组成员的身份，为了保护群组成员的身份，现有对共享数据的公共审计方案都隐藏了组成员的身份。然而，身份的匿名性将导致一个组的成员可以恶意修改共享数据而不被发现，而且对于资源受限的设备，用户在产生签名的过程中计算量大。因此现有公共审计方案存在数据块身份的不可追溯、用户产生共享数据块签名的计算量大等问题。针对上述问题，提出了一种支持用户追溯和轻量的共享云数据审计方案（ASDA）。该方案利用安全中介者代替用户签名，保护了群组成员的身份，在签名的同时保存用户的信息，通过这些信息，可以追溯到数据块是由哪一个组成员修改，从而保证数据块身份可追溯性；而且利用新的数据块致盲技术，减少用户端计算量。实验结果表明，所提方案与利用第三方媒介存储共享云数据（SDVS）方案相比，减少了用户端计算时间，并且能够实现共享数据块身份的可追溯性。

关键词: 云计算, 共享数据, 公共审计, 轻量, 可追溯性

Abstract: The data is usually shared by a group of users in cloud computing. The third party auditor can obtain the the identities of group members through their signatures of data blocks. In order to protect the identities of group members, the existing public audit schemes for shared data all hide the identities of group members. However, the anonymity of identity leads to the problem that a member of the group can change the shared data maliciously without being found, and the amount of computation is large for resource constrained devices in the process of generating signature for users. The existing public audit schemes have the problems that the identity of data block can not be traced and the amount of calculation of generating shared data block signature is large. In order to solve the above problems, A Scheme of sharing cloud Data Audit supporting user traceability and lightweight (ASDA) was proposed. Firstly, the security mediator was used to replace the user signature to protect the identities of group members. The information of user was saved while signing and it could be traced back that the data block was modified by which member through the above information, which could ensure the traceability of the identity of data block. Then, a new data block blinding technology was used to reduce the amount of client computing. The experimental results show that, compared with Storing shared Data on the cloud Via Security-mediator (SDVS) scheme, the proposed scheme reduces the computing time of users and realizes the traceability of shared data blocks.

Key words: cloud computing, shared data, public audit, light weight, traceability

中图分类号:

TP393.08

金瑜, 蔡超, 何亨. 支持用户追溯和轻量的共享云数据审计方案[J]. 计算机应用, 2017, 37(12): 3417-3422.

JIN Yu, CAI Chao, HE Heng. Scheme of sharing cloud data audit supporting user traceability and lightweight[J]. Journal of Computer Applications, 2017, 37(12): 3417-3422.

参考文献

[1] DESWARTE Y, QUISQUATER J J, SAïDANE A. Remote integrity checking[C]//Proceedings of the Sixth Working Conference on Integrity and Internal Control in Information Systems, IFIPAICT 140. Berlin:Springer, 2004:1-11.
[2] SEBE F, MARTINEZ-BALLESTE A, DESWARTE Y. Time-bounded remote file integrity checking, Technical Report 04429[R]. Tarragona, Spain:Universitat Rovira i Virgili, 2004.
[3] ATENIESE G, BURNS R, CURTMOLA R, et al. Provable data possession at untrusted stores[C]//Proceedings of the 200714th ACM Conference on Computer and Communications Security. New York:ACM, 2007:598-609.
[4] JUELS A, KALISKI B S, Jr. Pors:proofs of retrievability for large files[C]//Proceedings of the 200714th ACM Conference on Computer and Communications Security. New York:ACM, 2007:584-597.
[5] SHACHAM H, WATERS B. Compact proofs of retrievability[C]//ASIACRYPT 2008:Proceedings of the 200814th International Conference on the Theory and Application of Cryptology and Information Security:Advances in Cryptology. Berlin:Springer, 2008:90-107.
[6] BONEH D, LYNN B, SHACHAM H. Short signatures from the Weil pairing[J]. Journal of Cryptology, 2004, 17(4):297-319.
[7] WANG Q, WANG C, REN K, et al. Enabling public auditability and data dynamics for storage security in cloud computing[J]. IEEE Transactions on Parallel & Distributed Systems, 2011, 22(5):847-859.
[8] WANG C, WANG Q, REN K, et al. Privacy-preserving public auditing for data storage security in cloud computing[C]//Proceedings of the IEEE INFOCOM 2010. Piscataway, NJ:IEEE, 2010:1-15.
[9] YANG K, JIA X H. An efficient and secure dynamic auditing protocol for data storage in cloud computing[J]. IEEE Transactions on Parallel & Distributed Systems, 2013, 24(9):1717-1726.
[10] YU S C, WANG C, REN K, et al. Achieving secure, scalable, and fine-grained data access control in cloud computing[C]//INFOCOM 2010:Proceedings of the 201029th IEEE International Conference on Information Communications. Piscataway, NJ:IEEE, 2010:534-542.
[11] 梁彪,曹宇佶,秦中元,等.云计算下的数据存储安全可证明性综述[J].计算机应用研究,2012,29(7):2416-2421.(LIANG B, CAO Y J, QIN Z Y, et al. Survey of proofs on data storage security in cloud computing[J]. Application Research of Computers, 2012, 29(7):2416-2421.)
[12] 秦志光,吴世坤,熊虎.云存储服务中数据完整性审计方案综述[J].信息网络安全,2014(7):1-6.(QIN Z G, WU S K, XIONG H. A review on data integrity auditing protocols for data storage in cloud computing[J]. Netinfo Security, 2014(7):1-6.)
[13] 王少辉,陈丹伟,王志伟,等.一种新的满足隐私性的云存储公共审计方案[J].电信科学,2012,28(9):15-21.(WANG S H, CHEN D W, WANG Z W, et al. A new solution of privacy-preserving public auditing scheme for cloud storage security[J]. Telecommunications Science, 2012, 28(9):15-21.)
[14] WANG B Y, LI B C, LI H. Oruta:privacy-preserving public auditing for shared data in the cloud[C]//CLOUD 2012:Proceedings of the 2012 IEEE Fifth International Conference on Cloud Computing. Washington, DC:IEEE Computer Society, 2012:295-302.
[15] SHEN W T, YU J, XIA H, et al. Light-weight and privacy-preserving secure cloud auditing scheme for group users via the third party medium[J]. Journal of Network and Computer Applications, 2017, 82:56-64.
[16] WANG B Y, LI H, LI M. Privacy-preserving public auditing for shared cloud data supporting group dynamics[C]//Proceedings of the 2013 IEEE International Conference on Communications. Piscataway, NJ:IEEE, 2013:1946-1950.
[17] WANG B Y, CHOW S S M, LI M, et al. Storing shared data on the cloud via security-mediator[C]//ICDCS 2013:Proceedings of the 2013 IEEE 33rd International Conference on Distributed Computing Systems. Piscataway, NJ:IEEE, 2013:124-133.
[18] BONEH D,GENTRY C, WATERS B. Collusion resistant broadcast encryption with short ciphertexts and private keys[C]//CRYPTO 2005:Proceedings of the 200525th Annual International Conference on Advances in Cryptology. Berlin:Springer, 2005:258-275.
[19] DELERABLÉE C, PAILLIER P, POINTCHEVAL D. Fully collusion secure dynamic broadcast encrytpion with constant-size ciphertexts or decryption keys[C]//Proceedings of 2007 International Conference on Pairing-Based Cryptography, LNCS 4575. Berlin:Springer, 2007:39-59.

支持用户追溯和轻量的共享云数据审计方案

Scheme of sharing cloud data audit supporting user traceability and lightweight

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	陈家豪, 殷新春. 基于云雾计算的可追踪可撤销密文策略属性基加密方案[J]. 计算机应用, 2021, 41(6): 1611-1620.
[2]	吴恺凡, 殷新春. 基于随机运算符的轻量级匿名射频识别系统双向认证协议[J]. 计算机应用, 2021, 41(6): 1621-1630.
[3]	葛丽娜, 胡雨谷, 张桂芬, 陈园园. 云计算环境基于客体属性匹配的逆向混合访问控制方案[J]. 计算机应用, 2021, 41(6): 1604-1610.
[4]	史杨潇, 章军, 陈鹏, 王兵. 基于轻量级网络的钢铁表面缺陷分类[J]. 计算机应用, 2021, 41(6): 1836-1841.
[5]	胡嵽, 冯子亮. 基于深度学习的轻量级道路图像语义分割算法[J]. 计算机应用, 2021, 41(5): 1326-1331.
[6]	杨翎, 姜春茂. 基于三支决策的虚拟机节能迁移策略[J]. 计算机应用, 2021, 41(4): 990-998.
[7]	孙晓玲, 杨光, 沈焱萍, 杨秋格, 陈涛. 基于可拆分倒排索引的可搜索加密方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3288-3294.
[8]	顾桐, 许国良, 李万林, 李家浩, 王志愿, 雒江涛. 基于集成LightGBM和贝叶斯优化策略的房价智能评估模型[J]. 计算机应用, 2020, 40(9): 2762-2767.
[9]	朱怡, 宁振虎, 周艺华. 基于视觉特征的仿冒域名轻量级检测技术[J]. 计算机应用, 2020, 40(8): 2279-2285.
[10]	吕佳玉, 竺智荣, 姚志强. 云计算环境下的双通道数据动态加密策略[J]. 计算机应用, 2020, 40(8): 2268-2273.
[11]	强保华, 翟艺杰, 陈金龙, 谢武, 郑虹, 王学文, 张世豪. 基于改进CPMs和SqueezeNet的轻量级人体骨骼关键点检测模型[J]. 计算机应用, 2020, 40(6): 1806-1811.
[12]	陈程军, 毛莺池, 王绎超. 基于激活-熵的分层迭代剪枝策略的CNN模型压缩[J]. 计算机应用, 2020, 40(5): 1260-1265.
[13]	郭曙杰, 李志华, 蔺凯青. 云环境下基于模糊隶属度的虚拟机放置算法[J]. 计算机应用, 2020, 40(5): 1374-1381.
[14]	邓雄, 王洪春. 基于深度学习和特征融合的人脸活体检测算法[J]. 计算机应用, 2020, 40(4): 1009-1015.
[15]	赵羽龙, 牛保宁, 李鹏, 樊星. 区块链增强型轻量级节点模型[J]. 计算机应用, 2020, 40(4): 942-946.