云存储系统中数据完整性验证协议

doi:10.3724/SP.J.1087.2012.00008

计算机应用 ›› 2012, Vol. 32 ›› Issue (01): 8-12.DOI: 10.3724/SP.J.1087.2012.00008

• 第四届中国计算机网络与信息安全学术会议论文(CCNIS’2011) • 上一篇下一篇

云存储系统中数据完整性验证协议

曹夕,许力,陈兰香

福建师范大学网络安全与密码技术重点实验室，福州 350007

收稿日期:2011-08-03 修回日期:2011-09-11 发布日期:2012-02-06 出版日期:2012-01-01
通讯作者: 许力
作者简介:曹夕(1988-)，男，福建福州人，硕士研究生，CCF会员，主要研究方向：网络与信息安全；许力(1970-)，男，福建福州人，教授，博士生导师，CCF高级会员，主要研究方向：无线网络与移动通信、网络与信息安全；陈兰香(1979-)，女，湖北麻城人，讲师，博士，CCF会员，主要研究方向：计算机体系结构、网络存储、信息安全。
基金资助:
国家自然科学基金资助项目(61070090);福建省自然科学基金资助项目(2011J05148);福建省教育厅科技项目(JA10079, JB10041)

Data integrity verification protocol in cloud storage system

CAO Xi, XU li, CHEN Lan-xiang

Key Laboratory of Network and Cryptology, Fujian Normal University, Fuzhou Fujian 350007, China

Received:2011-08-03 Revised:2011-09-11 Online:2012-02-06 Published:2012-01-01

摘要/Abstract

摘要： 在云存储网络环境中，数据的安全性和完整性是用户最关心的问题之一。综合考虑云存储网络环境中的安全需求，设计了云存储数据完整性验证(CS-DIV)协议。客户端把数据文件和校验标签上传到云存储服务器后随机抽查，服务器返回验证证据并由客户端判断文件的完整性。协议可以有效地验证云存储数据的完整性，并抵抗恶意服务器欺骗和恶意客户端攻击，从而提高整个云存储系统的可靠性和稳定性。仿真实验数据表明，所提协议以较低的存储、通信及时间开销实现了数据的完整性保护。

关键词: 云存储, 数据完整性, 同态标签, 安全协议, 数据存储安全

Abstract: In the cloud storage network, the security and integrity of data are the major concerns of clients. Taking full consideration of the security requirements for cloud storage network, a new Cloud Storage-Data Integrity Verification (CS-DIV) protocol was proposed. The clients uploaded files and tags to the servers and then did random check; the servers returned proofs and the clients judged the result. This protocol could not only ensure the integrity of data in the cloud storage effectively, but also resist the cheat from the un-trusted servers and the attack from the malicious clients, and then improved the reliability and stability of the whole cloud storage system. The simulation experimental results show that the proposed protocol realizes the protection of data integrity at low cost of storage, communication and delay.

Key words: cloud storage, data integrity, homomorphic tag, data storage security

中图分类号:

TP393.04

曹夕许力陈兰香. 云存储系统中数据完整性验证协议[J]. 计算机应用, 2012, 32(01): 8-12.

CAO Xi, XU li, CHEN Lan-xiang. Data integrity verification protocol in cloud storage system[J]. Journal of Computer Applications, 2012, 32(01): 8-12.

参考文献

[1]

YUMEREFENDI A R, CHASE J S. Strong accountability for network storage ［J］. ACM Transactions on Storage, 2007, 3(3): 6-6.

[2]

KUBIATOWICZ J, BINDEL D, CHEN Y, et al. OceanStore: An architecture for global-scale persistent storage ［C］// Proceedings of the Ninth International Conference on Architectural Support for Programming Languages and Operating Systems. New York: ACM Press, 2000: 190-201.

[3]

MAHESHWARI U, VINGRALEK R, SHAPIRO W. How to build a trusted database system on untrusted storage ［C］// OSDI'00: Proceedings of the 4th Conference on Symposium on Operating System Design and Implementation. Berkeley, CA: USENIX Association, 2000: 10-10.

[4]

ATENIESE G, BURNS R, CURTMOLA R, et al. Provable data possession at untrusted stores ［C］// CCS'07: Proceedings of the 14th ACM Conference on Computer and Communications Security. New York: ACM Press, 2007: 598-609.

[5]

ATENIESE G, PIETRO R D, MANCINI L V, et al. Scalable and efficient provable data possession ［C］// SecureComm'08: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks. New York: ACM Press, 2008: 1-10.

[6]

ATENIESE G, KAMARA S, KATZ J. Proofs of storage from homomorphic identification protocols ［C］// ASIACRYPT'09: Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology. Berlin: Springer-Verlag, 2009: 319-333.

[7]

CURTMOLA R, KHAN O, BURNS R, et al. MR-PDP: Multiple-replica provable data possession ［C］// The 28th International Conference on Distributed Computing Systems. Piscataway: IEEE, 2008: 411-420.

[8]

SHAH M A, BAKER M, MOGUL J C, et al. Auditing to keep online storage services honest ［C］// HOTOS'07: Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems. Berkeley, CA: USENIX Association, 2007: 1-6.

[9]

ZHU Y, WANG H, HU Z, et al. Efficient provable data possession for hybrid clouds ［C］// CCS'10: Proceedings of the 17th ACM Conference on Computer and Communications Security. New York: ACM Press, 2010: 756-758.

[10]

GHEMAWAT S, GOBIOFF H, LEUNG S-T. The Google file system ［C］// Proceedings of the 19th ACM Symposium on Operating Systems Principles. New York: ACM Press, 2003: 29-43.

[11]

刘鹏.云计算［M］.北京:电子工业出版社,2010.

[12]

CHANG E-C, JIA X. Remote integrity check with dishonest storage server ［C］// Proceedings of the 13th European Symposium on Research in Computer Security. Berlin: Springer-Verlag, 2008: 223-237.

[13]

BURROWS M, ABADI M, NEEDHAM R M. A logic of authentication ［J］. ACM Transactions on Computer Systems, 1990, 8(1): 233-271.

[14]

SYVERSON P F, van OORSCHOT P C. On unifying some cryptographic protocol logics ［C］// SP'94: Proceedings of the 1994 IEEE Symposium on Security and Privacy. Washington, DC: IEEE Computer Society, 1994: 14-28.

[15]

冯登国.安全协议——理论与实践［M］.北京:清华大学出版社,2011.

[16]

赵晓明,孟庆超,刘军.基于SVO逻辑的X.509协议安全性分析［J］.军事通信技术,2007,28(3):63-67.

[17]

EASTLAKE D, JONES P. RFC 3174: US Secure Hash Algorithm 1 (SHA1) ［S］, 2001.

[18]

DESWARTE Y, QUISQUATER J-J, SADANE A. Remote integrity checking: How to trust files stored on untrusted servers ［C］// Proceedings of 2004 Conference on Integrity and Internal Control in Information Systems. Berlin: Springer-Verlag, 2004: 1-11.

云存储系统中数据完整性验证协议

Data integrity verification protocol in cloud storage system

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	卿欣艺, 陈玉玲, 周正强, 涂园超, 李涛. 基于中国剩余定理的区块链存储扩展模型[J]. 计算机应用, 2021, 41(7): 1977-1982.
[2]	李秀艳, 刘明曦, 史闻博, 董国芳. 面向资源受限用户的高效动态数据审计方案[J]. 计算机应用, 2021, 41(2): 422-432.
[3]	唐鑫, 周琳娜. 基于响应模糊化的抗附加块攻击云数据安全去重方法[J]. 计算机应用, 2020, 40(4): 1085-1090.
[4]	付伟, 顾晨阳, 高强. 基于属性加密的多用户共享ORAM方案[J]. 计算机应用, 2020, 40(2): 497-502.
[5]	王海勇, 彭垚, 郭凯璇. 云存储中基于代理重加密的CP-ABE访问控制方案[J]. 计算机应用, 2019, 39(9): 2611-2616.
[6]	柳玉东, 王绪安, 涂广升, 王涵. 全生命周期的云外包数据安全审计协议[J]. 计算机应用, 2019, 39(7): 1954-1958.
[7]	李兆斌, 刘泽一, 魏占祯, 韩禹. 基于哈希链的软件定义网络路径安全[J]. 计算机应用, 2019, 39(5): 1368-1373.
[8]	明洋, 何宝康. 支持属性撤销的可验证外包的多授权属性加密方案[J]. 计算机应用, 2019, 39(12): 3556-3562.
[9]	周坚, 金瑜, 何亨, 李鹏. 基于嵌套Merkle Hash tree区块链的云数据动态审计模型[J]. 计算机应用, 2019, 39(12): 3575-3583.
[10]	李静, 刘冬实. 主动容错云存储系统的可靠性评价模型[J]. 计算机应用, 2018, 38(9): 2631-2636.
[11]	白平, 张薇, 王绪安. 云环境下基于运算电路的同态认证方案[J]. 计算机应用, 2018, 38(9): 2543-2548.
[12]	白平, 张薇, 李聪, 王绪安. 支持用户撤销的可验证密文检索方案[J]. 计算机应用, 2018, 38(6): 1640-1643.
[13]	陈博, 何连跃, 严巍巍, 徐照淼, 徐俊. 海量小文件系统的可移植操作系统接口兼容技术[J]. 计算机应用, 2018, 38(5): 1389-1392.
[14]	王漫漫, 束永安. 多移动汇聚节点的无线传感网中基于服务质量的能耗[J]. 计算机应用, 2018, 38(3): 758-762.
[15]	杨宏宇, 王玥. 云存储环境下的多关键字密文搜索方法[J]. 计算机应用, 2018, 38(2): 343-347.