计算机应用 ›› 2018, Vol. 38 ›› Issue (10): 2892-2898.DOI: 10.11772/j.issn.1001-9081.2018030510

• 网络空间安全 • 上一篇    下一篇

面向公有云的数据完整性公开审计方案

缪俊敏1, 冯朝胜1,2, 李敏1, 刘霞1   

  1. 1. 四川师范大学 计算机科学学院, 成都 610101;
    2. 电子科技大学 信息与软件工程学院, 成都 610054
  • 收稿日期:2018-03-13 修回日期:2018-04-25 出版日期:2018-10-10 发布日期:2018-10-13
  • 通讯作者: 冯朝胜
  • 作者简介:缪俊敏(1993-),女,四川成都人,硕士研究生,主要研究方向:云计算、信息安全、隐私保护;冯朝胜(1971-),男,四川成都人,教授,博士,CCF高级会员,主要研究方向:云计算、隐私保护、网络安全;李敏(1978-),女,四川成都人,副教授,博士,主要研究方向:隐私保护、安全协议;刘霞(1978-),女,四川都江堰人,讲师,硕士,主要研究方向:网络协议、网络安全。
  • 基金资助:
    国家自然科学基金资助项目(61373163);国家科技支撑计划项目(2014BAH11F02);四川省科技支撑计划项目(2015GZ079)。

Public auditing scheme of data integrity for public cloud

MIAO Junmin1, FENG Chaosheng1,2, LI Min1, LIU Xia1   

  1. 1. School of Computer Science, Sichuan Normal University, Chengdu Sichuan 610101, China;
    2. School of Information and Software engineering, University of Electronic Science and Technology of China, Chengdu Sichuan 610054, China
  • Received:2018-03-13 Revised:2018-04-25 Online:2018-10-10 Published:2018-10-13
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61373163), the National Key Technology Research and Development Program of the Ministry of Science and Technology of China (2014BAH11F02), the Science and Technology Support Program of Sichuan Province (2015GZ079).

摘要: 针对云数据完整性公开审计中隐私泄漏给第三方审计者(TPA)以及云存储服务器(CSS)发起替代攻击的问题,提出一种面向公有云的数据完整性公开审计方案。该方案首先利用哈希值混淆方法,模糊化云存储服务器返回的证据,以防止TPA分析证据计算出原始数据;然后,在审计过程中,由TPA自行计算出文件Merkle哈希树(MHT)对应挑战请求所选数据块的覆盖树,并与CSS返回的覆盖树作结构匹配,以防止云存储服务器用其他已有数据响应审计挑战。实验结果表明,该方案解决了现有方案隐私问题及攻击问题后,在计算开销、存储开销和通信开销方面的性能不会有数量级变化。

关键词: 云数据, 完整性验证, 公开审计, 隐私保护, 替代攻击, 覆盖树

Abstract: Aimming at the problem of leaking privacy to Third-Party Auditors (TPA) and initiating alternative attacks by Cloud Storage Server (CSS) in public auditing, a new public auditing scheme of data integrity for public cloud was proposed. Firstly, the hash value obfuscation method was used to obfuscate the evidence returned by the cloud storage server to prevent TPA from analyzing and calculating the original data. Then during the audit process, TPA itself calculated the overlay tree of the Merkle Hash Tree (MHT) corresponding to the challenge request, and matched with the overlay tree returned by CSS to prevent the cloud storage server from responding to audit challenges with other existing data. Experimental results show that the performance in terms of computational overhead, storage overhead and communication overhead does not change by orders of magnitude after solving the privacy and attack problems of the existing scheme.

Key words: cloud data, integrity authentication, public auditability, privacy protection, alternative attack, overlay tree

中图分类号: