计算机应用 ›› 2016, Vol. 36 ›› Issue (7): 1816-1821.DOI: 10.11772/j.issn.1001-9081.2016.07.1816

• 网络空间安全 • 上一篇    下一篇

基于代理重签名的支持用户可撤销的云存储数据公共审计方案

张新鹏1,2, 许春香1, 张新颜3, 赛伟2, 韩兴阳2, 刘国平2   

  1. 1. 电子科技大学 计算机科学与工程学院, 成都 611731;
    2. 成都军区联勤部 后勤信息中心, 成都 610015;
    3. 成都军区总医院 信息科, 成都 610083
  • 收稿日期:2015-12-16 修回日期:2016-02-23 出版日期:2016-07-10 发布日期:2016-07-14
  • 通讯作者: 张新鹏
  • 作者简介:张新鹏(1978-),男,四川成都人,博士研究生,主要研究方向:密码学、信息安全;许春香(1966-),女,四川成都人,教授,博士,主要研究方向:密码学、信息安全;张新颜(1976-),女,四川成都人,博士,主要研究方向:医学信息管理;赛伟(1962-),男,四川成都人,高级工程师,硕士,主要研究方向:软件工程、网络安全;韩兴阳(1979-),男,四川成都人,工程师,硕士,主要研究方向:网络安全、自动化;刘国平(1972-),男,四川成都人,工程师,硕士,主要研究方向:网络安全、自动化。
  • 基金资助:
    国家自然科学基金重点资助项目(61370203);四川省科技支撑计划项目(2012SZ0162)。

Efficient public auditing scheme for cloud storage supporting user revocability with proxy re-signature scheme

ZHANG Xinpeng1,2, XU Chunxiang1, ZHANG Xinyan3, SAI Wei2, HAN Xingyang2, LIU Guoping2   

  1. 1. School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu Sichuan 611731, China;
    2. Logistic Information Center, Joint Logistics Department of Chengdu Military Region, Chengdu Sichuan 610015, China;
    3. Department of Information, General Hospital of Chengdu Military Region, Chengdu Sichuan 610083, China
  • Received:2015-12-16 Revised:2016-02-23 Online:2016-07-10 Published:2016-07-14
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61370203), the Science and Technology Support Program of Sichuan Province (2012SZ0162).

摘要: 针对用户动态可撤销需要新的数据管理员对其前任所管理的数据进行完整性验证的问题,基于单向代理重签名技术提出了具有隐私保护的支持用户可撤销的云存储数据公共审计方案。首先,该方案中所采用的单向代理重签名算法,其代理重签名密钥由当前用户私钥结合已撤销用户公钥生成,不存在私钥泄露问题,能够安全实现数据所有权的转移;其次,该方案证明了恶意的云服务器不能产生伪造的审计证明响应信息来欺骗第三方审计者(TPA)通过审计验证过程;更进一步,该方案采用了随机掩饰码技术,能够有效防止好奇的第三方审计者恢复原始数据块。和Panda方案相比较,所提方案在增加抗合谋攻击功能的基础上,其审计过程中通信开销与计算代价仍全部低于Panda方案。

关键词: 云存储, 代理重签名, 隐私保护, 完整性验证, 用户可撤销

Abstract: Due to user revocability, the new data manager needs to verify the integrity of the former data manager's management data stored in the cloud server, which is obviously inevitable in reality. In order to solve this issue, an efficient privacy-preserving public auditing scheme for cloud storage scheme was proposed. Firstly, in the proposed scheme based on unidirectional proxy re-signature, the proxy re-signature key was generated by the current data manager's private key and the former public key, which did not leak any information, to realize transferring of ownership data caused by the users revocability securely. Secondly, it was proved that the proposed scheme could protect any malicious cloud server from generating the forged response proof which could pass the verification to cheat the Third Party Auditor (TPA). Moreover, the random masking technique was employed to prevent the curious TPA from revealing the primitive data blocks. Compared with the Padna scheme, even though the proposed scheme adds the new functions but its communication overhead in the process of auditing and computational cost are also lower than Panda's.

Key words: cloud storage, proxy re-signature, privacy-preserving, integrity verification, user revocation

中图分类号: