基于嵌套Merkle Hash tree区块链的云数据动态审计模型

doi:10.11772/j.issn.1001-9081.2019040764

计算机应用 ›› 2019, Vol. 39 ›› Issue (12): 3575-3583.DOI: 10.11772/j.issn.1001-9081.2019040764

基于嵌套Merkle Hash tree区块链的云数据动态审计模型

周坚^1,2, 金瑜^1,2, 何亨², 李鹏²

1. 武汉科技大学计算机科学与技术学院, 武汉 430065;
2. 湖北省智能信息处理与实时工业系统重点实验室, 武汉 430065

收稿日期:2019-05-06 修回日期:2019-08-06 发布日期:2019-08-26 出版日期:2019-12-10
作者简介:周坚(1994-),男,湖北咸宁人,硕士研究生,主要研究方向:云计算安全;金瑜(1973-),女,湖北武汉人,副教授,博士,主要研究方向:云计算、软件定义网络、网络安全;何亨(1981-),男,湖北武汉人,副教授,博士,主要研究方向:云计算、软件定义网络、网络安全;李鹏(1981-),男,湖北武汉人,副教授,博士,主要研究方向:车联网。

Dynamic cloud data audit model based on nest Merkle Hash tree block chain

ZHOU Jian^1,2, JIN Yu^1,2, HE Heng², LI Peng²

1. College of Computer Science and Technology, Wuhan University of Science and Technology, Wuhan Hubei 430065, China;
2. Hubei Province Key Laboratory of Intelligent Information Processing and Real-time Industrial System, Wuhan Hubei 430065, China

Received:2019-05-06 Revised:2019-08-06 Online:2019-08-26 Published:2019-12-10
Contact: 金瑜

摘要/Abstract

摘要： 云存储凭借高扩展性、高可靠性、低成本的数据管理优点得到用户青睐。然而，如何确保云数据完整性成为亟待解决的安全问题。当前最成熟、高效的云数据完整性审计方案是基于半可信第三方来提供公共审计服务，但基于半可信第三方审计方案存在单点失效、算力瓶颈和错误数据定位效率低等问题。为了解决上述问题，提出了基于区块链的云数据动态审计模型。首先，采用分布式网络、共识算法建立一个由众多审计实体组成的区块链审计网络，并以此来解决单点失效和算力瓶颈问题；然后，在保证区块链数据可信度的前提下，引入变色龙哈希算法和嵌套MHT结构，以实现云数据标签在区块链上的动态操作；最后，借助嵌套MHT结构以及辅助路径信息，提高了在审计发生错误时对错误数据的定位效率。实验结果表明，与基于半可信第三方云数据动态审计方案相比，所提模型显著提高了审计效率，降低了数据动态操作时间开销，并提升了错误数据定位效率。

关键词: 区块链, 云存储, 动态操作, 审计, 变色龙哈希

Abstract: Cloud storage is popular to users for its high scalability, high reliability, and low-cost data management. However, it is an important security problem to safeguard the cloud data integrity. Currently, providing public auditing services based on semi-trusted third party is the most popular and effective cloud data integrity audit scheme, but there are still some shortcomings such as single point of failure, computing power bottlenecks, and low efficient positioning of erroneous data. Aiming at these defects, a dynamic cloud data audit model based on block chain was proposed. Firstly, distributed network and consensus algorithm were used to establish a block chain audit network with multiple audit entities to solve the problems of single point of failure and computing power bottlenecks. Then, on the guarantee of the reliability of block chain, chameleon Hash algorithm and nest Merkle Hash Tree (MHT) structure were introduced to realize the dynamic operation of cloud data tags in block chain. Finally, by using nest MHT structure and auxiliary path information, the efficiency of erroneous data positioning was increased when error occurring in audit procedure. The experimental results show that compared with the semi-trusted third-party cloud data dynamic audit scheme, the proposed model significantly improves the audit efficiency, reduces the data dynamic operation time cost and increases the erroneous data positioning efficiency.

Key words: block chain, cloud storage, dynamic operation, audit, chameleon Hash

中图分类号:

周坚, 金瑜, 何亨, 李鹏. 基于嵌套Merkle Hash tree区块链的云数据动态审计模型[J]. 计算机应用, 2019, 39(12): 3575-3583.

ZHOU Jian, JIN Yu, HE Heng, LI Peng. Dynamic cloud data audit model based on nest Merkle Hash tree block chain[J]. Journal of Computer Applications, 2019, 39(12): 3575-3583.

参考文献

[1] 谭霜,贾焰,韩伟红.云存储中的数据完整性证明研究及进展[J].计算机自动化学报,2015,38(1):164-177.(TAN S, JIA Y, HAN W H. Research and development of provable data integrity in cloud storage[J]. Chinese Journal of Computers, 2015, 38(1):164-177.)
[2] WANG Q, WANG C, LI J, et al. Enabling public verifiability and data dynamics for storage security in cloud computing[C]//Proceedings of the 2009 European Conference on Research in Computer Security, LNCS 5789. Berlin:Springer, 2009:355-370.
[3] WANG C, WANG Q, REN K, et al. Privacy-preserving public auditing for data storage security in cloud computing[C]//Proceedings of the 29th Conference on Information communications. Piscataway:IEEE, 2010:525-533.
[4] ZHENG Q, XU S. Fair and dynamic proofs of retrievability[C]//Proceedings of the 1st ACM Conference on Data and Application Security and Privacy. New York:ACM, 2011:290-295.
[5] WANG Q, WANG C, REN K, et al. Enabling public auditability and data dynamics for storage security in cloud computing[J]. IEEE Transactions on Parallel and Distributed Systems, 2011, 22(5):847-859.
[6] YANG K, JIA X. An efficient and secure dynamic auditing protocol for data storage in cloud computing[J]. IEEE Transactions on Parallel and Distributed Systems, 2013, 24(9):1717-1726.
[7] ERWAY C C, KÜPÇÜ A, PAPAMANTHOU C, et al. Dynamic provable data possession[J]. ACM Transactions on Information and System Security. New York:ACM, 2015:Article No.15.
[8] 李勇,姚戈,雷丽楠,等.基于多分支路径树的云存储数据完整性验证机制[J].清华大学学报(自然科学版),2016,56(5):504-510.(LI Y, YAO G, LEI L N, et al. LBT-based cloud data integrity verification scheme[J]. Journal of Tsinghua University (Science and Technology), 2016, 56(5):504-510).
[9] GARG N, BAWA S. RITS-MHT:relative indexed and time stamped merkle Hash tree based data auditing protocol for cloud computing[J]. Journal of Network and Computer Applications, 2017, 84:1-13.
[10] FILHO D L G, BARRETO P S L M. Demonstrating data possession and uncheatable data transfer[EB/OL].[2019-01-20]. https://eprint.iacr.org/2006/150.pdf.
[11] DESWARTE Y, QUISQUATER J J, SA? DANE A. Remote integrity checking[C]//Proceedings of the 2003 Working Conference on Integrity and Internal Control in Information Systems, IFIPAICT 140. Boston:Springer, 2004:1-11.
[12] ATENIESE G, BURNS R, CURTMOLA R, et al. Provable data possession at untrusted stores[C]//Proceedings of the 14th ACM Conference on Computer and Communications Security. New York:ACM, 2007:598-609.
[13] ATENIESE G, DI PIETRO R, MANCINI L V, et al. Scalable and efficient provable data possession[C]//Proceedings of the 4th International Conference on Security and Privacy in Communication Networks. New York,:ACM, 2008:Article No. 9.
[14] CURTMOLA R, KHAN O, BURNS R C, et al. Robust remote data checking[C]//Proceedings of the 4th ACM International Workshop on Storage Security and Survivability. New York:ACM, 2008:63-68.
[15] ATENIESE G, BURNS R, CURTMOLA R, et al. Remote data checking using provable data possession[J]. ACM Transactions on Information and System Security, 2011, 14(1):Article No.12.
[16] 袁勇,王飞跃.区块链技术发展现状与展望[J].自动化学报,2016,42(4):481-494.(YUAN Y, WANG F Y. Blockchain:the state of the art and future treads[J]. Acta Automatica Sinica, 2016, 42(4):481-494.)
[17] 谢辉,王健.区块链技术及其应用研究[J].信息网络安全,2016(9):192-195.(XIE H, WANG J. Study on blockchain technology and its applications[J]. Netinfo Security, 2016(9):192-195)
[18] 何蒲,于戈,张岩峰,等.区块链技术与应用前瞻综述[J].计算机科学,2017,44(4):1-7,15.(HE P, YU G, ZHANG Y F, et al. Survey on blockchain technology and its application prospect[J]. Computer Science, 2017, 44(4):1-7, 15.)
[19] 杨宇光,张树新.区块链共识机制综述[J].信息安全研究,2018,4(4):369-379.(YANG Y G, ZHANG S X. Review and research for consensus mechanism of block chain[J]. Journal of Information Security Research, 2018, 4(4):369-379)
[20] NAKAMOTO S. Bitcoin:a peer-to-peer electronic cash system[EB/OL].[2019-01-20]. https:/bitcoin.org/bitcoin.pdf.
[21] LARIMER D. Transactions as proof-of-stake[EB/OL].[2019-01-20]. http://7fvhfe.com1.z0.glb.clouddn.com/wp-content/uploads/2014/01/TransactionsAsProofOfStake10.pdf.
[22] LARIMER D. Delegated proof-of-stake white paper[EB/OL].[2019-01-20]. http://www.bts.hk/dpos-baipishu.html.
[23] 杜欣军,王莹,葛建华,等.基于双线性对的Chameleon签名方案[J].软件学报,2007,18(10):2662-2668.(DU X J, WANG Y, GE J H, et al. Chameleon signature from bilinear pairing[J]. Journal of Software, 2007, 18(10):2662-2668.)
[24] 李佩丽,徐海霞,马添军,等.可更改区块链技术研究[J].密码学报,2018, 5(5):501-509.(LI P L, XU H X, MA T J, et al. Research on fault-correcting blockchain technology[J]. Journal of Cryptologic Research, 2018, 5(5):501-509.)

基于嵌套Merkle Hash tree区块链的云数据动态审计模型

Dynamic cloud data audit model based on nest Merkle Hash tree block chain

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	陈廷伟, 张嘉诚, 王俊陆. 面向联邦学习的随机验证区块链构建[J]. 《计算机应用》唯一官方网站, 2024, 44(9): 2770-2776.
[2]	孙晓玲, 王丹辉, 李姗姗. 基于区块链的动态密文排序检索方案[J]. 《计算机应用》唯一官方网站, 2024, 44(8): 2500-2505.
[3]	黄河, 金瑜. 基于投票和以太坊智能合约的云数据审计方案[J]. 《计算机应用》唯一官方网站, 2024, 44(7): 2093-2101.
[4]	宋宝燕, 丁俊翔, 王俊陆, 张浩林. 基于变色龙哈希和可验证秘密共享的联盟链修改方法[J]. 《计算机应用》唯一官方网站, 2024, 44(7): 2087-2092.
[5]	李皎, 张秀山, 宁远航. 降低跨分片交易比例的区块链分片方法[J]. 《计算机应用》唯一官方网站, 2024, 44(6): 1889-1896.
[6]	赵莉朋, 郭兵. 基于BDLS的区块链共识改进算法[J]. 《计算机应用》唯一官方网站, 2024, 44(4): 1139-1147.
[7]	陈美宏, 袁凌云, 夏桐. 基于主从多链的数据分类分级访问控制模型[J]. 《计算机应用》唯一官方网站, 2024, 44(4): 1148-1157.
[8]	高改梅, 张瑾, 刘春霞, 党伟超, 白尚旺. 基于区块链与CP-ABE策略隐藏的众包测试任务隐私保护方案[J]. 《计算机应用》唯一官方网站, 2024, 44(3): 811-818.
[9]	王政, 王经纬, 殷新春. 支持用户撤销的可搜索电子健康记录共享方案[J]. 《计算机应用》唯一官方网站, 2024, 44(2): 504-511.
[10]	马海峰, 李玉霞, 薛庆水, 杨家海, 高永福. 用于实现区块链隐私保护的属性基加密方案[J]. 《计算机应用》唯一官方网站, 2024, 44(2): 485-489.
[11]	王伊婷, 万武南, 张仕斌, 张金全, 秦智. 基于SM9算法的可链接环签名方案[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3709-3716.
[12]	刘德渊, 张金全, 张鑫, 万武南, 张仕斌, 秦智. 基于无证书签密的跨链身份认证方案[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3731-3740.
[13]	孙科硕, 高海英, 宋杨. 面向公有区块链上的私有区块链的多权威属性加密方案[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3699-3708.
[14]	方鹏, 赵凡, 王保全, 王轶, 蒋同海. 区块链3.0的发展、技术与应用[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3647-3657.
[15]	王一帆, 林绍福, 李云江. 基于区块链和零知识证明的高速公路自由流收费方法[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3741-3750.