一种高效的大数据中心完整性检查方案研究

doi:10.3969/j.issn.1671-1122.2016.05.001

信息网络安全 ›› 2016, Vol. 16 ›› Issue (5): 1-8.doi: 10.3969/j.issn.1671-1122.2016.05.001

• 等级保护 • 下一篇

一种高效的大数据中心完整性检查方案研究

李宏军^1,², 郎为民¹(), 邓刚¹

1. 解放军国防信息学院, 湖北武汉 430010
2. 解放军68056部队, 甘肃兰州 721000

收稿日期:2016-03-07 出版日期:2016-05-20 发布日期:2020-05-13
作者简介:
李宏军（1969—）,男,甘肃,工程师,博士研究生,主要研究方向为信息安全和通指装备保障;郎为民（1976—）,男,河北,副教授,博士,主要研究方向为信息安全、大数据和云计算;邓刚（1957—）,男,安徽,教授,主要研究方向为作战指挥和教育训练。
基金资助:
国家自然科学基金[61100240]

Research on An Effective Integrity Check Scheme for Big Data Center

Hongjun LI^1,², Weimin LANG¹(), Gang DENG¹

1. PLA Institute of National Defense Information, Wuhan Hubei 430010, China
2. PLA 68056 Troops, Lanzhou Gansu 721000, China

Received:2016-03-07 Online:2016-05-20 Published:2020-05-13

摘要/Abstract

摘要：

在大数据中心的云存储应用中,用户不需要在本地客户端保存自己的文件,因而存储文件的安全性非常重要。数据的鲁棒性是云存储的重要关注点,可能会面临两大问题：服务故障和服务损坏。文章提出了一种能够增强数据鲁棒性的完整性检查方案,使得大数据中心存储系统不仅可以解决存储服务器故障问题,而且还可以应对存储服务器损坏问题。方案采用了同态完整性标签,不需要用户密钥或备份服务器的参与,新型完整性标签可以从存储服务器中旧的完整性标签计算得出。最后,文章形式化地证明了完整性检查方案的安全性。

关键词: 完整性检查方案, 云存储, 大数据中心, 数据鲁棒性, 安全

Abstract:

For the application of cloud storage in the big data center, a user no longer possesses his files in his local depository. Thus, he is concerned about the security of the stored files. For data robustness, there are two concerns: service failure, and service corruption. In this paper, we propose an integrity check scheme for their system to enhance data robustness against storage server corruption, with which their storage system in the big data center can deal with not only the problem of storage server failure, but also the problem of storage server corruption. Furthermore, we adopt homomorphic integrity tags such that new integrity tags can be computed from old integrity tags by storage servers without involvement of the user's secret key or backup servers. In conclusion, we prove the security of our integrity check scheme formally.

Key words: integrity check scheme, cloud storage, big data center, data robustness, security

中图分类号:

TP309

李宏军, 郎为民, 邓刚. 一种高效的大数据中心完整性检查方案研究[J]. 信息网络安全, 2016, 16(5): 1-8.

Hongjun LI, Weimin LANG, Gang DENG. Research on An Effective Integrity Check Scheme for Big Data Center[J]. Netinfo Security, 2016, 16(5): 1-8.

图/表 3

参考文献 26

[1]	FRANK F,MARCOS K.移动云计算:无线、移动和社交网络中分布式资源的开发利用[M]. 郎为民,译. 北京:机械工业出版社, 2015.
[2]	郎为民. 大话云计算[M]. 北京: 人民邮电出版社, 2012.
[3]	BOYEN X,WATERS B.Full-domain Subgroup Hiding and Constant-size Group Signatures[C]//IEEE. PKC 2007.10th International Conference on Practice and Theory in Public-Key Cryptography April 16-20,2007,Beijing,China.NJ:IEEE, 2007: 1-15.
[4]	MAJI H K,PRABHAKARAN M,ROSULEK M.Attribute-ased Signatures[EB/OL]..
[5]	DOIDS Y,YAMPOLSKIY A.A Verifiable Random Function with Short Proofs and Keys[C]//IEEE. PKC2005.8th International Workshop on Theory and Practice in Public Key Cryptography,January 23-26, 2005,Les Diablerets, Switzerland. NJ:IEEE, 416-431.
[6]	SHACHAM H,WATEWRS . Compact Proofs of Retrievability[J].Journal of Cryptology, 2015, 28(3): 442-483.
[7]	HAN J,WU S,MU Y,et al.Improving Privacy and Security in Decentralized Ciphertext-Policy Attribute-Based Encryption[J].IEEE Transactions on Information Forensics and Security, 2015, 10(03): 665-678.
[8]	CHI P W,LEI C L.Audit-Free Cloud Storage via Deniable Attribute-based Encryption[J].IEEE Transactions on Cloud Computing, 2015, 21(7): 865-876.
[9]	ZHOU Z B,HUANG D J,WANG Z .Efficient Privacy-Preserving Ciphertext-Policy Attribute-based Encryption and Broadcast Encryption[J].IEEE Transactions on Computers, 2015, 64(01): 126-138.
[10]	LI C L,CHEN Y,TAN P,et al.An Efficient Provable Data Possession Scheme with Data Dynamics[C]//IEEE. CSSS.Proceedings of 2012 International Conference on Computer Science & Service System (CSSS),August 11-13,2012,Nanjing China.NJ:IEEE, 2012: 706-710.
[11]	WANG J X,LI S L.Dynamic Provable Data Possession with Batch-update Verifiability[C]//IEEE. ICADE.Proceedings of 2012 IEEE International Conference on Intelligent Control, Automatic Detection and High-End Equipment (ICADE).July 27-29,2012,Beijing,China.NJ:IEEE, 2012: 108-113.
[12]	LIU F,GU D,LU H.An Improved Dynamic Provable Data Possession Model[C]//IEEE. CCIS.Proceedings of 2011 IEEE International Conference on Cloud Computing and Intelligence Systems (CCIS),September 15-17,2011,Beijing,China.NJ:IEEE, 2011: 290-295.
[13]	冯登国. 面向云存储的多副本文件完整性验证方案[J].计算机研究与发展,2014,51(7): 1410-1416.
[14]	LIN H Y, ZENG W G.A Secure Erasure Code-based Cloud Storage System with Secure Data Forwarding[J]. IEEE Transaction on Parallel Distribution System, 2012, 23(6): 995-1003.
[15]	LIN H Y, ZENG W G.A Decentralized Repair Mechanism for Decentralized Erasure Code Based Storage Systems[C]//IEEE. TrustCom'11. 10th IEEE International Conference of Trust, Security and Privacy in Computing and Communication (TrustCom'11),November 16-18 ,Changsha,China.NJ:IEEE, 2011: 613-620.
[16]	JUELS A,KALISKI B S.Pors, Proofs of Retrievability for Large Files[C]//ACM. 14th ACM Conference of Computer and Communication Security (CCS'07),October 29-November 2,2007,Hilton Alexandria Mark Center,Alexandria,VA,USA.New York:ACM,2007:584-597.
[17]	ATENIESE G,BURNS R,CURTMOLA R,et al.Provable Data Possession at Untrusted tores[C]//ACM. 14th ACM Conference of Computer and Communication Security (CCS'07),October 29-November 2,2007,Hilton Alexandria Mark Center,Alexandria,VA,USA.New York:ACM,2007:598-609.
[18]	ATENIESE G,BURNS R,CURTMOLA R,et al.Remote Data Checking Using Provable Data Possession[J]. ACM Transaction on Information System Security, 2011, 14(1):1201-1214.
[19]	WANG H Q, ZHANG. On the Knowledge Soundness of a Cooperative Provable Data Possession Scheme in Multicloud Storage[J].IEEE Transactions on Parallel and Distributed Systems, 2014, 25(1): 264-267.
[20]	WANG H Q.Identity-based Distributed Provable Data Possession in Multicloud Storage[J].IEEE Transactions on Services Computing, 2015, 8(2): 328-340.
[21]	ATENIESE G,KAMARA S,KATZ J.Proofs of Storage from Homomorphic Identification Protocols[C]//ASIACRYPT'15. 21th International Conference Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT'15),December 6-10, 2009,Tokyo, Japan.Berlin Heidelberg:Springer,2015: 319-333.
[22]	CURTMOLA R,KHAN O,BURNS R.Robust Remote Data Checking[C]//ACM. 11th ACM Workshop Storage Security and Survivability (Storage SS' 15), 2015: 63-68.
[23]	CHEN B, CURTMOLA R, ATENIESE G, et al. Remote data checking for network coding-based distributed storage systems [EB/OL]..
[24]	ZHU Y,HU H,AHN G J,et al.Cooperative Provable Data Possession for Integrity Verification in Multicloud Storage[J]. IEEE Transactions on Parallel Distribution System, 2015, 26(12): 2231-2244.
[25]	WANG C,CHOW S M,WANG Q,et al.Privacy- Preserving Public Auditing for Secure Cloud Storage[J]. IEEE Transactions on Computing, 2015, 64(2): 362-375.
[26]	LIN H Y,ZENG W G.A Secure Decentralized Erasure Code for Distributed Networked Storage[J]. IEEE Transaction on Parallel Distribution System, 2010, 21(1): 1586-1594.

一种高效的大数据中心完整性检查方案研究

Research on An Effective Integrity Check Scheme for Big Data Center

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 3

参考文献 26

相关文章 15

编辑推荐

Metrics

本文评价

[1]	刘建伟, 韩祎然, 刘斌, 余北缘. 5G网络切片安全模型研究[J]. 信息网络安全, 2020, 20(4): 1-11.
[2]	江金芳, 韩光洁. 无线传感器网络中信任管理机制研究综述[J]. 信息网络安全, 2020, 20(4): 12-20.
[3]	傅智宙, 王利明, 唐鼎, 张曙光. 基于同态加密的HBase二级密文索引方法研究[J]. 信息网络安全, 2020, 20(4): 55-64.
[4]	赵志岩, 纪小默. 智能化网络安全威胁感知融合模型研究[J]. 信息网络安全, 2020, 20(4): 87-93.
[5]	马力. 网络安全等级保护测评中结论产生的定量计算方法研究[J]. 信息网络安全, 2020, 20(3): 1-8.
[6]	李宁, 李柏潮. 移动互联网的通行证式统一威胁管理架构[J]. 信息网络安全, 2020, 20(3): 18-28.
[7]	张兴隆, 李钰汀, 程庆丰, 郭路路. 一种防范TLS协议降级攻击的浏览器安全模型[J]. 信息网络安全, 2020, 20(3): 65-74.
[8]	黎水林, 祝国邦, 范春玲, 陈广勇. 一种新的等级测评综合得分算法研究[J]. 信息网络安全, 2020, 20(2): 1-6.
[9]	王晓, 赵军, 张建标. 基于可信软件基的虚拟机动态监控机制研究[J]. 信息网络安全, 2020, 20(2): 7-13.
[10]	郎为民, 张汉, 赵毅丰, 姚晋芳. 一种基于区块链的物联网行为监控和活动管理方案[J]. 信息网络安全, 2020, 20(2): 22-29.
[11]	姚萌萌, 唐黎, 凌永兴, 肖卫东. 基于串空间的安全协议形式化分析研究[J]. 信息网络安全, 2020, 20(2): 30-36.
[12]	喻露, 罗森林. RBAC模式下数据库内部入侵检测方法研究[J]. 信息网络安全, 2020, 20(2): 83-90.
[13]	唐春明, 林旭慧. 隐私保护集合交集计算协议[J]. 信息网络安全, 2020, 20(1): 9-15.
[14]	荆涛, 万巍. 面向属性迁移状态的P2P网络行为分析方法研究[J]. 信息网络安全, 2020, 20(1): 16-25.
[15]	胡蝶, 马东堂, 龚旻, 马召. 一种基于PUF的物理层安全认证方法[J]. 信息网络安全, 2020, 20(1): 61-66.