计算机应用 ›› 2017, Vol. 37 ›› Issue (12): 3417-3422.DOI: 10.11772/j.issn.1001-9081.2017.12.3417

• 网络空间安全 • 上一篇    下一篇

支持用户追溯和轻量的共享云数据审计方案

金瑜1,2, 蔡超1,2, 何亨1,2   

  1. 1. 武汉科技大学 计算机科学与技术学院, 武汉 430065;
    2. 湖北省智能信息处理与实时工业系统重点实验室, 武汉 430065
  • 收稿日期:2017-05-08 修回日期:2017-08-08 出版日期:2017-12-10 发布日期:2017-12-18
  • 通讯作者: 蔡超
  • 作者简介:金瑜(1973-),女,湖北武汉人,教授,博士,CCF会员,主要研究方向:云计算、对等计算、信任模型;蔡超(1993-),男,湖北黄冈人,硕士研究生,主要研究方向:云计算安全、云审计;何亨(1985-),男,湖北武汉人,教授,博士,主要研究方向:密码学、属性加密、安全控制机制。
  • 基金资助:
    国家自然科学基金资助项目(61303117,61602351)。

Scheme of sharing cloud data audit supporting user traceability and lightweight

JIN Yu1,2, CAI Chao1,2, HE Heng1,2   

  1. 1. College of Computer Science and Technology, Wuhan University of Science and Technology, Wuhan Hubei 430065, China;
    2. Hubei Provincial Key Laboratory of Intelligent Information Processing and Real-time Industrial System, Wuhan Hubei 430065, China
  • Received:2017-05-08 Revised:2017-08-08 Online:2017-12-10 Published:2017-12-18
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61303117, 61602351).

摘要: 在云计算中,数据通常由一组用户共享。由于第三方审计可以通过数据块的签名获取组成员的身份,为了保护群组成员的身份,现有对共享数据的公共审计方案都隐藏了组成员的身份。然而,身份的匿名性将导致一个组的成员可以恶意修改共享数据而不被发现,而且对于资源受限的设备,用户在产生签名的过程中计算量大。因此现有公共审计方案存在数据块身份的不可追溯、用户产生共享数据块签名的计算量大等问题。针对上述问题,提出了一种支持用户追溯和轻量的共享云数据审计方案(ASDA)。该方案利用安全中介者代替用户签名,保护了群组成员的身份,在签名的同时保存用户的信息,通过这些信息,可以追溯到数据块是由哪一个组成员修改,从而保证数据块身份可追溯性;而且利用新的数据块致盲技术,减少用户端计算量。实验结果表明,所提方案与利用第三方媒介存储共享云数据(SDVS)方案相比,减少了用户端计算时间,并且能够实现共享数据块身份的可追溯性。

关键词: 云计算, 共享数据, 公共审计, 轻量, 可追溯性

Abstract: The data is usually shared by a group of users in cloud computing. The third party auditor can obtain the the identities of group members through their signatures of data blocks. In order to protect the identities of group members, the existing public audit schemes for shared data all hide the identities of group members. However, the anonymity of identity leads to the problem that a member of the group can change the shared data maliciously without being found, and the amount of computation is large for resource constrained devices in the process of generating signature for users. The existing public audit schemes have the problems that the identity of data block can not be traced and the amount of calculation of generating shared data block signature is large. In order to solve the above problems, A Scheme of sharing cloud Data Audit supporting user traceability and lightweight (ASDA) was proposed. Firstly, the security mediator was used to replace the user signature to protect the identities of group members. The information of user was saved while signing and it could be traced back that the data block was modified by which member through the above information, which could ensure the traceability of the identity of data block. Then, a new data block blinding technology was used to reduce the amount of client computing. The experimental results show that, compared with Storing shared Data on the cloud Via Security-mediator (SDVS) scheme, the proposed scheme reduces the computing time of users and realizes the traceability of shared data blocks.

Key words: cloud computing, shared data, public audit, light weight, traceability

中图分类号: