信息网络安全 ›› 2015, Vol. 15 ›› Issue (8): 1-7.doi: 10.3969/j.issn.1671-1122.2015.08.001

• 等级保护 •    下一篇

云环境下一种可撤销授权的数据拥有性证明方案

赵洋, 陈阳(), 熊虎, 任化强   

  1. 电子科技大学信息与软件工程学院,四川成都 610054
  • 收稿日期:2015-05-18 出版日期:2015-08-01 发布日期:2015-08-21
  • 作者简介:

    赵洋(1973-),男,四川,副教授,博士,主要研究方向:网络安全;陈阳(1985-),男,湖北,硕士研究生,主要研究方向:网络安全;熊虎(1982-),男,四川,副教授,博士,主要研究方向:网络安全;任化强(1990-),男,安徽,硕士研究生,主要研究方向:网络安全。

  • 基金资助:
    国家自然科学基金[61472064,61370026];国家高技术研究发展计划[2015AA016007];四川省科技支撑计划[2014GZ0109]

A Revocable Authorization Provable Data Possession Scheme in Clouds

ZHAO Yang, CHEN Yang(), XIONG Hu, REN Hua-qiang   

  1. School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu Sichuan 610054, China
  • Received:2015-05-18 Online:2015-08-01 Published:2015-08-21

摘要:

现有的数据完整性验证主要有公共验证与私有验证两种,但当用户需要指定一个合作第三方来进行验证时就变得十分困难。对此,文章提出了一种可撤销授权的数据拥有性证明方案。方案允许用户对合作第三方审计进行授权,使其可协助用户完成远程数据的完整性验证,同时在一定程度上保护用户隐私,并且方案允许用户在需要时撤销对原第三方的授权并更换新的授权审计。在文中所设计的方案中,只有拥有授权证据的第三方才能完成整个验证过程并将验证结果返回给委托用户。另外,方案中的用户可选择保密授权证据、将授权证据发送给第三方或公开授权证据的方式实现私有验证、授权验证与公有验证的切换。方案的设计基于身份加密技术与双线性对,并通过将授权证据嵌入到完整性证明的实现授权验证与撤销。文章最后进行了安全与性能分析,证明了方案的安全性与高效性。

关键词: 数据完整性证明, 可撤销授权, 基于身份加密, 授权验证, 双线性对

Abstract:

There are two main provable data possession schemes: public verification and verification, but it is very difficult when users want to specify a third party to verify the data. In this regard, we propose a revocable authorization provable data possession scheme in clouds. The scheme allows users to authorize a third party audit to help them perform remote data integrity verification. This can protect users’ privacy. In addition, users can revoke the third party audit’s authorization when they need and authorize a new third party. In our scheme only the third party it has the authorization can complete the verification process and give back the result to users. Furthermore, users can choose to keep the authorized evidence secret, authorize to a third party or public to achieve private verification, authorized verification or public verification. The scheme is designed base on bilinear pairing and identity-based encryption (IDE) technology. And it achieves authorization verification or revocation by embedding authorized evidence to integrity verification. Then we analyze the security and performance of the scheme to prove the scheme is safety and efficiency at last of the paper.

Key words: provable data possession, revocable authorization, IBE, authorization checking, bilinear pairings

中图分类号: