Journal of Computer Applications ›› 2021, Vol. 41 ›› Issue (2): 422-432.DOI: 10.11772/j.issn.1001-9081.2020050614

Special Issue: 网络空间安全

• Cyber security • Previous Articles     Next Articles

Efficient dynamic data audit scheme for resource-constrained users

LI Xiuyan1, LIU Mingxi2, SHI Wenbo3, DONG Guofang1   

  1. 1. School of Electrical Information Engineering, Yunnan Minzu University, Kunming Yunnan 650500, China;
    2. School of Computer Science and Engineering, Northeastern University, Shenyang Liaoning 110819, China;
    3. School of Computer and Communication Engineering, Northeastern University at Qinhuangdao, Qinhuangdao Hebei 066004, China
  • Received:2020-05-11 Revised:2020-09-03 Online:2021-02-10 Published:2020-09-15
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61662089).

面向资源受限用户的高效动态数据审计方案

李秀艳1, 刘明曦2, 史闻博3, 董国芳1   

  1. 1. 云南民族大学 电气信息工程学院, 昆明 650500;
    2. 东北大学 计算机科学与工程学院, 沈阳 110819;
    3. 东北大学秦皇岛分校 计算机与通信工程学院, 河北 秦皇岛 066004
  • 通讯作者: 董国芳
  • 作者简介:李秀艳(1993-),女,云南昆明人,硕士研究生,CCF会员,主要研究方向:云数据安全、隐私保护;刘明曦(1996-),男,河北保定人,硕士研究生,主要研究方向:信息安全、云数据安全;史闻博(1980-),男,河北秦皇岛人,教授,博士,CCF会员,主要研究方向:安全协议、区块链;董国芳(1979-),女,云南德宏人,副教授,博士,CCF会员,主要研究方向:安全协议、物联网安全。
  • 基金资助:
    国家自然科学基金资助项目(61662089)。

Abstract: Internet of Things (IoT) devices promote the rapid development of cloud storage outsourcing data service, which is favored by more and more terminal users. Therefore, how to ensure the integrity verification of user data in cloud server has become a hot issue that needs to be solved urgently. For resource-constrained users, current cloud data audit scheme has the problems such as complex computation, high cost and low efficiency. To solve these problems, an efficient dynamic data audit scheme for resource-constrained users was proposed. First, a new data structure was proposed based on Novel Counting Bloom Filter (NCBF) and Multi-Merkle Hash Tree (M-MHT) to support dynamic audit, namely NCBF-M-MHT. In this data structure, the NCBF structure was able to realize the dynamic updating request of data within O(1) time, thereby ensuring the efficiency of audit. And the root node of M-MHT structure performed signing by user authentication to ensure the security of data. Then, different allocation methods were adopted for different audit entities, and the data evidence and label evidence were used to verify the correctness and integrity of data. Experimental results show that compared with the audit scheme based on Dynamic Hash Table (DHT), the audit scheme based on Merkle Hash Tree (MHT) and the audit scheme based on Location Array-Doubly Linked Info Table (LA-DLIT), the time cost of the proposed scheme in the audit verification phase is reduced by 45.40%, 23.71% and 13.85%, and the time cost in the dynamic update phase is reduced by 43.33%, 27.50% and 17.58% respectively.

Key words: Internet of Things (IoT) device, cloud storage outsourcing, resource-constrained user, dynamic data audit, data integrity verification, dynamic operation

摘要: 物联网(IoT)设备推动着云存储外包数据服务的快速发展,从而使云存储外包数据服务得到越来越多终端用户的青睐,因此如何确保云服务器中用户数据的完整性验证成为一个亟待解决的热点问题。针对资源受限的用户,目前的云数据审计方案存在运算复杂、开销高和效率低等问题。为了解决这些问题,提出一个面向资源受限用户的高效动态数据审计方案。首先提出一个支持动态审计的NCBF-M-MHT数据结构,其中:新颖的计数布隆过滤器(NCBF)结构能在O(1)时间内实现数据的动态更新请求,从而保证审计的高效性;多棵Merkle哈希树(M-MHT)结构的根节点则通过用户身份验证进行签名,进而保证数据的安全性。然后对审计各实体采用不同的分配方式,并使用数据证据和标签证据来验证数据的正确性和完整性。实验结果表明,相比基于动态哈希表的审计方案(DHT Audit)、基于MHT的审计方案(MHT Audit)和基于位置数组双向链接信息表的审计方案(LA-DLIT Audit),所提出的方案在审计验证阶段的时间开销分别降低了45.40%、23.71%和13.85%,在动态更新阶段的时间开销分别降低了43.33%、27.50%和17.58%。

关键词: 物联网设备, 云存储外包, 资源受限用户, 动态数据审计, 数据完整性验证, 动态操作

CLC Number: