信息网络安全 ›› 2017, Vol. 17 ›› Issue (10): 69-74.doi: 10.3969/j.issn.1671-1122.2017.10.011

• • 上一篇    下一篇

一种基于代数签名的云存储完整性审计方案研究

侯慧莹1, 于佳1,2,3(), 郝蓉1   

  1. 1. 青岛大学计算机科学技术学院,山东青岛266071
    2.中国科学院信息工程研究所信息安全国家重点实验室, 北京100093
    3. 南京信息工程大学计算机与软件学院,江苏南京210044
  • 收稿日期:2017-06-07 出版日期:2017-10-10 发布日期:2020-05-12
  • 作者简介:

    作者简介: 侯慧莹(1992—),女,山东,硕士研究生,主要研究方向为云计算;于佳(1976—),男,山东,教授,博士,主要研究方向为密码学、云计算安全、大数据安全、网络安全;郝蓉(1976—),女,山东,实验师,本科,主要研究方向为信息安全。

  • 基金资助:
    国家自然科学基金[61572267,61272425];“十三五”国家密码发展基金[MMJJ201301011];中国科学院信息工程研究所信息安全国家重点实验室开放课题[2016-MS-23,2017-MS-21]

Research on an Integrity Auditing Scheme Based on Algebraic Signature in Cloud Storage

Huiying HOU1, Jia YU1,2,3(), Rong HAO1   

  1. 1.College of Computer Science and Technology, Qingdao University, Qingdao Shandong 266071, China
    2.State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
    3.School of Computer and Software, Nanjing University of Information Engineering, Nanjing Jiangsu 210044, China
  • Received:2017-06-07 Online:2017-10-10 Published:2020-05-12

摘要:

在云存储系统中,安全和效率是两个重要问题。为了解决这两个问题,许多支持数据删重的云存储完整性审计方案被提出。在以往方案中,用户需要为每一个文件块计算一个基于BLS短签名或者RSA签名技术的同态认证器。这样可能会给用户带来比较大的计算负担,尤其当外包数据特别大时。文章使用代数签名技术为每个文件块产生认证器。因为在计算代数签名的过程中大多数操作是异或操作,因此只需要很小的计算开销。此外,方案支持数据所有权的动态变化。当用户对数据进行删除或修改操作后,他就不再是该数据合法的拥有者,不能再正确访问该数据。实验表明,文章方案是安全和高效的。

关键词: 数据删重, 代数签名, 完整性审计

Abstract:

In cloud storage system, security and efficiency are two important issues. In order to solve these problems simultaneously, many cloud storage integrity auditing schemes that support data deduplication are proposed. In most of the previous schemes, the user has to generate a homomorphism authenticator based on BLS signature or RSA signature for each file block, which incurs high overhead for the user especially when the outsourcing data is very big. This paper uses the algebraic signature technique to generate authenticator for each file block. Because most operations of algebraic signature are XOR operations, only minimal computational overhead is required. In addition, the scheme supports dynamic changes in data ownership. When the user performs deletion or modification operation, he is no longer the legal owner of the data, and does not have right to access the data. The experimental results show that the scheme is secure and efficient.

Key words: data deduplication, algebraic signature, integrity auditing

中图分类号: