信息网络安全 ›› 2015, Vol. 15 ›› Issue (12): 1-7.doi: 10.3969/j.issn.1671-1122.2015.12.001

• 等级保护 • 上一篇    下一篇

基于更新树的动态云数据审计方案

赵洋, 任化强(), 熊虎, 陈阳   

  1. 电子科技大学信息与软件工程学院,四川成都 610054
  • 收稿日期:2015-07-28 出版日期:2015-12-20 发布日期:2016-01-04
  • 作者简介:

    作者简介: 赵洋(1973—),男,四川,副教授,博士,主要研究方向为网络安全;任化强(1990—),男,安徽,硕士研究生,主要研究方向为网络安全;熊虎(1982—),男,四川,副教授,博士,主要研究方向为网络安全;陈阳(1985—),男,湖北,硕士研究生,主要研究方向为网络安全。

  • 基金资助:
    国家自然科学基金[61472064];国家高科技研究发展计划(国家863计划)[2015AA016007]

A Dynamic Cloud Data Audit Scheme Based on Update Tree

ZHAO Yang, REN Huaqiang(), XIONG Hu, CHEN Yang   

  1. School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu Sichuan 610054, China
  • Received:2015-07-28 Online:2015-12-20 Published:2016-01-04

摘要:

由于云服务器是半可信的,为了保证云数据的完整性和正确性,用户需要定期对云中数据进行审计,同时云服务器也要支持用户对云数据进行动态操作。文章提出了一个新的更新树结构用于实现动态的数据完整性审计。方案中的更新树存有数据块的版本号、序号范围、偏移量,序号范围的设置使得更新树具有一个节点存储多个数据块的属性。相同版本号和偏移量的连续序号具保存在一个更新树节点中,这样大大减少了存储空间和访问时间。在动态审计过程中,系统可以根据序号和偏移量来对签名时的数据块号进行验证。对云中大量连续数据块进行修改时,更新树只需更新一次含有相应数据块序号范围的更新树节点,更新树不平衡时可根据二叉平衡树的原理进行调整。更新树节点存放的是一定范围的数据块属性,使得更新树的大小不与文件数据块个数成正比,而与用户对文件更新次数相关,从而方案对动态云数据的审计性能不会根据文件大小的增长而变低。最后通过安全性分析和性能分析可以看出,文中方案是一个高效安全的动态云数据审计方案。

关键词: 云存储安全, 动态云数据审计, 更新树

Abstract:

The cloud server is partially trusted. In order to ensure the completeness and correctness of the cloud data, users need to periodically audit the cloud data. At the same time the cloud server should also support user to update the cloud data dynamic. The provable dynamic cloud data possession scheme via update tree came up with a new update tree structure which is used to realize dynamic data integrity audit plan. The update trees exist a version number of data blocks, the range of serial number, the offset, the setting of range makes the trees don’t have to use a node to store the attribute of a single block of data. The continuous serial number with same version and offset can be stored in a node to the update tree, and it greatly reduces the storage space and access time. In the dynamic audit process, the system can be according to the serial number and offset to determine the data block number in signature for validation. At the same time when the user updates the data blocks for a range, it only needs to update the tree node which the range in it. When the update tree is not balance, it can be adjusted according to the principle of balanced binary tree. The update tree node stores attributes for a range of data blocks, and this characteristic makes the size of the tree affected by the times of dynamic operations not by the file size, and thus the performance of the audit will not step down when the file size become large. By the security and performance analysis which in the end of this article, we can be seen that this scheme is an efficient security provable dynamic cloud data possession scheme.

Key words: cloud storage security, dynamic cloud data audit, update tree

中图分类号: