Data tamper-proof batch auditing scheme based on industrial cloud storage systems

doi:10.11772/j.issn.1001-9081.2024030349

Journal of Computer Applications ›› 2025, Vol. 45 ›› Issue (3): 891-895.DOI: 10.11772/j.issn.1001-9081.2024030349

• Cyber security • Previous Articles Next Articles

Data tamper-proof batch auditing scheme based on industrial cloud storage systems

Xiaojun ZHANG¹^,²^,³(), Yunpu HAO¹^,²^,³, Lei LI²^,³, Chenyang LI¹, Ziyu ZHOU¹

^1.School of Computer Science and Software Engineering，Southwest Petroleum University，Chengdu Sichuan 610500，China
^2.Bureau of Geophysical Prospecting Inc. ，China National Petroleum Corporation，Zhuozhou Hebei 072751，China
^3.National Engineering Research Center of Oil and Gas Exploration Computer Software，Zhuozhou Hebei 072750，China

Received:2024-03-26 Revised:2024-07-19 Accepted:2024-07-24 Online:2024-10-14 Published:2025-03-10
Contact: Xiaojun ZHANG
About author:HAO Yunpu， born in 2000， M. S. candidate. His research interests include data aggregation， federated learning.
LI Lei， born in 1979， Ph. D.， senior engineer. His research interests include computer graphics， artificial intelligence， geophysics.
LI Chenyang， born in 2002. His research interests include cryptography， information security.
ZHOU Ziyu， born in 1997， M. S. candidate. Her research interests include cryptography， information security， data auditing.
Supported by:
National Natural Science Foundation of China(61902327);Open Project of National Engineering Research Center of Oil and Gas Exploration Computer Software(DFWT-ZYRJ-2024-JS-81);Sichuan Provincial Natural Science Foundation(2025ZNSFSC0495)

基于工业云存储系统的数据防篡改批量审计方案

张晓均¹^,²^,³(), 郝云溥¹^,²^,³, 李磊²^,³, 李晨阳¹, 周子玉¹

^1.西南石油大学计算机与软件学院，成都 610500
^2.中国石油集团东方地球物理勘探有限责任公司，河北涿州 072751
^3.油气勘探计算机软件国家工程研究中心，河北涿州 072750

通讯作者: 张晓均
作者简介:郝云溥（2000—），男，河北邯郸人，硕士研究生，主要研究方向：数据聚合、联邦学习
李磊（1979—），男，河北唐山人，高级工程师，博士，CCF会员，主要研究方向：计算机图形学、人工智能、地球物理
李晨阳（2002—），男，河北保定人，主要研究方向：密码学、信息安全
周子玉（1997—），女，四川乐山人，硕士研究生，主要研究方向：密码学、信息安全、数据审计。
基金资助:
国家自然科学基金资助项目(61902327);油气勘探开发软件国家工程研究中心开放课题(DFWT-ZYRJ-2024-JS-81);四川省自然科学基金资助项目(2025ZNSFSC0495)

Abstract

Abstract:

To address the issue of network active attacks such as tampering for industrial cloud storage system data， to achieve the goal of secure sharing of industrial data in cloud storage， and to ensure the confidentiality， integrity， and availability of industrial data transmission and storage processes， a data tamper-proof batch auditing scheme based on industrial cloud storage systems was proposed. In this scheme， a homomorphic digital signature algorithm based on bilinear pairing mapping was proposed， enabling a third-party auditor to achieve batch tamper-proof integrity detection of industrial cloud storage system data， and feedback the tamper-proof integrity auditing results to engineering service end users timely. Besides， the computational burden on engineering service end users was reduced by adding auditors， while ensuring the integrity of industrial encrypted data during transmission and storage processes. Security analysis and performance comparison results demonstrate that the proposed scheme reduces the third-party auditing computational cost significantly by reducing the third-party auditor’s computational cost from O（n） bilinear pairing operations to O（1） constant-level bilinear pairing operations through the design of tamper-proof detection vectors. It can be seen that the proposed scheme is suitable for lightweight batch auditing scenarios that require tamper-proof detection of a large number of core data files of industrial cloud storage systems.

Key words: industrial cloud storage, tamper-proof, homomorphic digital signature, data integrity, batch auditing

摘要：

为解决工业云存储系统数据遭受篡改等网络主动攻击问题，实现工业数据云端安全共享的目标，并确保工业数据传输与存储过程的机密性、完整性与可用性，提出基于工业云存储系统的数据防篡改批量审计方案。在该方案中，设计基于双线性对映射的同态数字签名算法，使第三方审计者实现对工业云存储系统数据的批量防篡改完整性检测，并及时将防篡改完整性审计结果反馈给工程服务终端用户；此外，通过加入审计者减轻工程服务终端用户的计算负担，同时确保工业加密数据在传输与存储过程中的完整性。安全性分析与性能比较结果表明，所提方案通过设计防篡改检测向量，使得第三方审计者的计算量从O（n）次双线性对操作减少到O（1）次常量级双线性对操作，极大地降低了第三方审计者的计算开销。可见，所提方案适用于需要对大量工业云存储系统核心数据文件进行防篡改检测的轻量级批量审计场景。

关键词: 工业云存储, 防篡改, 同态数字签名, 数据完整性, 批量审计

CLC Number:

TP399

Xiaojun ZHANG, Yunpu HAO, Lei LI, Chenyang LI, Ziyu ZHOU. Data tamper-proof batch auditing scheme based on industrial cloud storage systems[J]. Journal of Computer Applications, 2025, 45(3): 891-895.

张晓均, 郝云溥, 李磊, 李晨阳, 周子玉. 基于工业云存储系统的数据防篡改批量审计方案[J]. 《计算机应用》唯一官方网站, 2025, 45(3): 891-895.

Figures/Tables 4

Fig. 1 System model

Tab. 1 Definitions of symbols

符号	定义
$T M u$	椭圆曲线上的倍点运算运行时间
$T m u$	普通乘法运算运行时间
$T B p$	双线性对算法运行时间
$T A d$	椭圆曲线上两个点相加运行时间
$T a d$	普通加法运算运行时间
$T h a$	普通哈希函数运行时间
$T H a$	哈希函数映射到群上运行时间
$T E X$	椭圆曲线上的指数运算运行时间
$T E x$	模指数计算运行时间

Tab. 1 Definitions of symbols

符号	定义
$T M u$	椭圆曲线上的倍点运算运行时间
$T m u$	普通乘法运算运行时间
$T B p$	双线性对算法运行时间
$T A d$	椭圆曲线上两个点相加运行时间
$T a d$	普通加法运算运行时间
$T h a$	普通哈希函数运行时间
$T H a$	哈希函数映射到群上运行时间
$T E X$	椭圆曲线上的指数运算运行时间
$T E x$	模指数计算运行时间

Tab. 2 Batch integrity auditing costs

方案	批量审计开销
SEPA^［21］	$(k + 1) T B p + 2 k c T M u + k c T H a$
LCB-private auditing^［22］	$2 T B p + (k c + 4) T M u + T H a +$ $(2 k c + 1) T h a + (k c + 1) T A d$
LCB-public auditing^［22］	$2 T B p + (k c + s + 2) T M u + T H a + (2 k c + 1) T h a +$ $(k c + s - 1) T A d$
ELSBBA^［23］	$3 T B p + (2 k c + 3 k - 2) T E X +$ $(2 k + c k) T M u$
MBCSBA^［24］	$(k + 1) T B p + (2 k c + k - 2) T M u +$ $(k + k c) T E X + k T h a$
NDS-EPA^［25］	$3 T B p + (k c + 2 k) T E X +$ $(2 k c + 2 k + 6) T M u + k T h a$
本文方案	$2 T B p + T E x + k T h a + (k + 1) T m u$

Tab. 2 Batch integrity auditing costs

方案	批量审计开销
SEPA^［21］	$(k + 1) T B p + 2 k c T M u + k c T H a$
LCB-private auditing^［22］	$2 T B p + (k c + 4) T M u + T H a +$ $(2 k c + 1) T h a + (k c + 1) T A d$
LCB-public auditing^［22］	$2 T B p + (k c + s + 2) T M u + T H a + (2 k c + 1) T h a +$ $(k c + s - 1) T A d$
ELSBBA^［23］	$3 T B p + (2 k c + 3 k - 2) T E X +$ $(2 k + c k) T M u$
MBCSBA^［24］	$(k + 1) T B p + (2 k c + k - 2) T M u +$ $(k + k c) T E X + k T h a$
NDS-EPA^［25］	$3 T B p + (k c + 2 k) T E X +$ $(2 k c + 2 k + 6) T M u + k T h a$
本文方案	$2 T B p + T E x + k T h a + (k + 1) T m u$

Fig. 2 Batch auditing computing time comparison among different schemes

References 25

1	NIU S， SHAO H， SU Y， et al. Efficient heterogeneous signcryption scheme based on edge computing for Industrial Internet of Things［J］. Journal of Systems Architecture， 2023， 136： No.102836.
2	KUNDURU A R. Industry best practices on implementing oracle cloud ERP security ［J］. International Journal of Computer Trends and Technology， 2023， 71（6）： 1-8.
3	YANG C， SONG B， DING Y， et al. Efficient data integrity auditing supporting provable data update for secure cloud storage［J］. Wireless Communications and Mobile Computing， 2022， 2022： No.5721917.
4	PANDEY N K， KUMAR K， SAINI G， et al. Security issues and challenges in cloud of things-based applications for industrial automation ［J］. Annals of Operations Research， 2024， 342（1）： 565-584.
5	LIANG W， FAN Y， LI K C， et al. Secure data storage and recovery in industrial blockchain network environments ［J］. IEEE Transactions on Industrial Informatics， 2020， 16（10）： 6543-6552.
6	NARAYANAN M E， MUTHUKUMAR B. Industrial machine learning cloud applications： integrity and confidentiality of machine sensitive data ［C］// Proceedings of the 2022 International Conference on Deep Sciences for Computing and Communications， CCIS 1719. Cham： Springer， 2023： 202-216.
7	KNEBEL F P， TREVISAN R， NASCIMENTO G S DO， et al. A study on cloud and edge computing for the implementation of digital twins in the Oil & Gas industries ［J］. Computers and Industrial Engineering， 2023， 182： No.109363.
8	LI Y， GAI K， QIU L， et al. Intelligent cryptography approach for secure distributed big data storage in cloud computing ［J］. Information Sciences， 2017， 387： 103-115.
9	LIU Q， ZHANG X， XUE J， et al. Enabling blockchain-assisted certificateless public integrity checking for industrial cloud storage systems ［J］. Journal of Systems Architecture， 2023， 140： No.102898.
10	WANG C， CHOW S S M， WANG Q， et al. Privacy-preserving public auditing for secure cloud storage ［J］. IEEE Transactions on Computers， 2013， 62（2）： 362-375.
11	LI Y， LI Z， YANG B， et al. Algebraic signature-based public data integrity batch verification for Cloud-IoT ［J］. IEEE Transactions on Cloud Computing， 2023， 11（3）： 3184-3196.
12	何启芝，曹素珍，王彩芬，等. 基于身份的可审计多重截取签名方案［J］. 计算机工程与科学， 2023， 45（2）： 269-276.
	HE Q Z， CAO S Z， WANG C F， et al. An identity-based auditable multiple interception signature scheme ［J］. Computer Engineering and Science， 2023， 45（2）： 269-276.
13	袁文勇，李秀广，李瑞峰，等. 基于无双线性对的可信云数据完整性验证方案［J］. 计算机应用， 2022， 42（12）： 3769-3774.
	YUAN W Y， LI X G， LI R F， et al. Trusted integrity verification scheme of cloud data without bilinear pairings ［J］. Journal of Computer Applications， 2022， 42（12）： 3769-3774.
14	GARG N， NEHRA A， BAZA M， et al. Secure and efficient data integrity verification scheme for cloud data storage ［C］// Proceedings of the IEEE 20th Consumer Communications and Networking Conference. Piscataway： IEEE， 2023： 1-6.
15	LI X， YI Z， LI R， et al. SM2-based offline/online efficient data integrity verification scheme for multiple application scenarios ［J］. Sensors， 2023， 23（9）： No.4307.
16	TIAN M， ZHANG Y， ZHU Y， et al. DIVRS： data integrity verification based on ring signature in cloud storage ［J］. Computers and Security， 2023， 124： No.103002.
17	张晓均，王鑫，廖文才，等. 支持条件身份匿名的云存储医疗数据轻量级完整性验证方案［J］. 电子与信息学报， 2022， 44（12）： 4348-4356.
	ZHANG X J， WANG X， LIAO W C， et al. Lightweight integrity verification scheme for outsourced medical data in cloud storage supporting conditional identity anonymity［J］. Journal of Electronics and Information Technology， 2022， 44（12）： 4348-4356.
18	HUSSIEN Z A， ABDULMALIK H A， HUSSAIN M A， et al. Lightweight integrity preserving scheme for secure data exchange in cloud-based IoT systems ［J］. Applied Sciences， 2023， 13（2）： No.691.
19	TIAN H， WANG J， CHANG C C， et al. Public auditing of log integrity for shared cloud storage systems via blockchain ［J］. Wireless Networks， 2024， 30（7）： 6249-6264.
20	SHEN W， QIN J， YU J， et al. Data integrity auditing without private key storage for secure cloud storage ［J］. IEEE Transactions on Cloud Computing， 2021， 9（4）： 1408-1421.
21	JALIL B A， HASAN T M， MAHMOOD G S， et al. A secure and efficient public auditing system of cloud storage based on BLS signature and automatic blocker protocol ［J］. Journal of King Saud University — Computer and Information Sciences， 2022， 34（7）： 4008-4021.
22	WANG F， XU L， CHOO K K R， et al. Lightweight certificate-based public/private auditing scheme based on bilinear pairing for cloud storage ［J］. IEEE Access， 2020， 8： 2258-2271.
23	HAN J， LI Y， LIU J， et al. An efficient Lucas sequence-based batch auditing scheme for the Internet of Medical Things ［J］. IEEE Access， 2019， 7： 10077-10092.
24	JIN Y， YAN D， HE H. Research on MapReduce-based cloud storage batch auditing ［C］// Proceedings of the IEEE 11th Conference on Industrial Electronics and Applications. Piscataway： IEEE， 2016： 1317-1322.
25	SHEN J， SHEN J， CHEN X， et al. An efficient public auditing protocol with novel dynamic structure for cloud data ［J］. IEEE Transactions on Information Forensics and Security， 2017， 12（10）： 2402-2415.

[1]	He HUANG, Yu JIN. Cloud data auditing scheme based on voting and Ethereum smart contracts [J]. Journal of Computer Applications, 2024, 44(7): 2093-2101.
[2]	Tingting GAO, Zhongyuan YAO, Miao JIA, Xueming SI. Overview of on-chain and off-chain consistency protection technologies [J]. Journal of Computer Applications, 2024, 44(12): 3658-3668.
[3]	QING Xinyi, CHEN Yuling, ZHOU Zhengqiang, TU Yuanchao, LI Tao. Blockchain storage expansion model based on Chinese remainder theorem [J]. Journal of Computer Applications, 2021, 41(7): 1977-1982.
[4]	LI Xiuyan, LIU Mingxi, SHI Wenbo, DONG Guofang. Efficient dynamic data audit scheme for resource-constrained users [J]. Journal of Computer Applications, 2021, 41(2): 422-432.
[5]	LI Zhaobin, LIU Zeyi, WEI Zhanzhen, HAN Yu. Software defined network path security based on Hash chain [J]. Journal of Computer Applications, 2019, 39(5): 1368-1373.
[6]	BAI Ping, ZHANG Wei, WANG Xu'an. Homomorphic MACs for arithmetic circuits on cloud environment [J]. Journal of Computer Applications, 2018, 38(9): 2543-2548.
[7]	BAI Ping, ZHANG Wei, LI Cong, WANG Xu'an. Verifiable ciphertext retrieval scheme with user revocation [J]. Journal of Computer Applications, 2018, 38(6): 1640-1643.
[8]	WANG Manman, SHU Yong'an. Energy consumption of WSN with multi-mobile sinks considering QoS [J]. Journal of Computer Applications, 2018, 38(3): 758-762.
[9]	ZHENG Qibin, DIAO Xingchun, CAO Jianjun, ZHOU Xing, XU Yongping. k-nearest neighbor data imputation algorithm combined with locality sensitive Hashing [J]. Journal of Computer Applications, 2016, 36(2): 397-401.
[10]	YANG Wenwen MA Chunguang HUANG Yuluo. Integration-preservation data aggregation scheme based on distributed authentication [J]. Journal of Computer Applications, 2014, 34(3): 714-719.
[11]	JIA Lei WANG Lingjiao GUO Hua XU Yawei LI Juan. Enhanced distributed mobility management based on host identity protocol [J]. Journal of Computer Applications, 2014, 34(2): 341-345.
[12]	YU Xing HU Demin CHANG Huang. Integrity check method for fine-grained cloud storage data [J]. Journal of Computer Applications, 2014, 34(1): 27-30.
[13]	CAO Xi, XU li, CHEN Lan-xiang. Data integrity verification protocol in cloud storage system [J]. Journal of Computer Applications, 2012, 32(01): 8-12.
[14]	. Integrity protection of renewable data [J]. Journal of Computer Applications, 2006, 26(9): 2105-2108.

Data tamper-proof batch auditing scheme based on industrial cloud storage systems

基于工业云存储系统的数据防篡改批量审计方案

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 4

References 25

Related Articles 14

Recommended Articles

Metrics