云存储数据完整性审计技术研究综述

doi:10.3969/j.issn.1671-1122.2019.06.004

摘要/Abstract

摘要：

云存储是解决数据量爆发式增长所导致的数据存储成本不断增长的问题的最佳解决方案。然而,当用户将数据存储到云端时,便失去了对数据的物理控制权,检验外包数据的完整性是保障云存储数据安全的一个迫切需要解决的问题。文章从数据持有性证明（PDP）、数据可恢复性证明（PoR）和数据所有权证明（PoW）三个方面归纳总结现有数据审计协议的优缺点,并从技术原理、时间成本、可靠性、检测概率等指标对典型协议进行性能评估。研究发现：大多数审计协议只能针对特定场景,各方面性能均衡的普适审计协议亟待进一步研究;与云际存储、雾存储、区块链等技术相匹配的审计协议尚处于探索阶段。文章最后从云际审计协议、联盟链审计协议、组件池审计协议等5个方面预测外包数据审计方法的未来发展趋势。

关键词: 云存储, 数据完整性, 审计技术

Abstract:

Cloud storage is the best way to address the growing dilemma of data storage costs caused by explosive bursts of data. When users store data in the cloud, they lose the physical control of the data. Testing the integrity of the outsourced data is an urgent problem to be solved. This paper summarizes the advantages and disadvantages of existing data auditing protocols from three perspectives: Provable Data Possession (PDP), Proof of Retrievability (PoR) and Proof of Ownership (PoW), andevaluate the performance of a typical protocol from technical principle, time cost, reliability, detection probability and other indicators. The research finds that: Most audit protocols are only for specific scenarios, and the universal audit protocol for balancing performance in all aspects needs to be improved; the audit protocol matching the technologies such as cloud storage, fog storage, and blockchain is still in the process of exploration phase. Finally, we predict the future development trend of outsourcing data auditing methods from five aspects: cloud auditing protocol, alliance chain auditing protocol and component pool auditing protocol and so on.

Key words: cloud storage, data integrity, auditing technology

中图分类号:

TP309

邵必林, 李肖俊, 边根庆, 赵煜. 云存储数据完整性审计技术研究综述[J]. 信息网络安全, 2019, 19(6): 28-36.

Bilin SHAO, Xiaojun LI, Genqing BIAN, Yu ZHAO. A Survey on Data Integrity Auditing Technology in Cloud Storage[J]. Netinfo Security, 2019, 19(6): 28-36.

图/表 3

参考文献 53

[1]	CHOO K K R, DOMINGO F J, ZHANG L. Cloud Cryptography: Theory, Practice and Future Research Directions[J]. Future Generation Computer Systems, 2016, 62(9): 51-53.
[2]	COPPOLINO L, ANTONIO D, MAZZEO G, Et Al.Cloud Security: Emerging Threats And Current Solutions[J]. Computers & Electrical Engineering, 2017, 59(4): 126-140.
[3]	RAHMAN N H, CHOO K K R. A Survey of Information Security Incident Handling In The Cloud[J]. Computers & Security, 2015, 49(3): 45-69.
[4]	SHAO B, BIAN G, WANG Y, et al.Dynamic Data Integrity Auditing Method Supporting Privacy Protection in Vehicular Cloud Environment[J]. IEEE Access, 2018, 6(8): 43785-43797.
[5]	ATENIESE G, BURNS R, CURTMOLA R, et al.Provable Data Possession at Untrusted Stores[C]//ACM. Proceedings of the 14th ACM Conference on Computer and Communications Security, October 28-31, 2007, Alexandria, Virginia, USA. New York: ACM, 2007: 598-609.
[6]	SEBE F, DOMINGO F J, MARTINEZ B A, et al.Efficient Remote Data Possession Checking in Critical Information Infrastructures[J]. IEEE Transactions on Knowledge and Data Engineering, 2008, 20(8): 1034-1038.
[7]	ATENIESE G, DI P R, MANCINI L V, et al.Scalable and Efficient Provable Data Possession[C]//ACM. Proceedings of the 4th International Conference on Security and privacy in communication netowrks, September 22-25, 2008, Istanbul, Turkey. New York: ACM, 2008: 9.
[8]	ERWAY C, KÜPCÜ A, PAPAMANTHOU C, et al. Dynamic provable data possession[C]//ACM. Proceedings of the 16th ACM conference on Computer and communications security, November 9-13, 2009, Chicago, Illinois, USA. New York: ACM, 2009: 213-222.
[9]	PUGH W.Skip Lists: a Probabilistic Alternative to Balanced Trees[J].Communications of the ACM, 1990, 33(6): 668-676.
[10]	PAPAMANTHOU C, TAMASSIA R, TRIANDOPOULOS N.Authenticated hash tables[C]//ACM. Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA. New York: ACM, 2008: 437-448.
[11]	ATENIESE G, BURNS R C, CURTMOLA R, et al.Remote Data Checking Using Provable Data Possession[J]. ACM Transactions on Information and System Security, 2011, 14(1): 12-34.
[12]	HANSER C, SLAMANIG D.Efficient Simultaneous Privately and Publicly Verifiable Robust Provable Data Possession from Elliptic Curves[C]// IEEE. 2013 International Conference on Security and Cryptography (SECRYPT), July 29-31, 2013, Reykjavik, Iceland, Iceland. New York: IEEE, 2014: 1-12.
[13]	CHEN Lanxiang.Using Algebraic Signatures to Check Data Possession in Cloud Storage[J]. Future Generation Computer Systems, 2013, 29(7): 1709-1715.
[14]	SCHWARZ T S J, MILLER E L. Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage[C]//IEEE. 26th IEEE International Conference on Distributed Computing Systems (ICDCS’06), July 4-7 2006, Lisboa, Portugal, Portugal. New York: IEEE, 2006: 12-12.
[15]	WANG H.Proxy Provable Data Possession in Public Clouds[J]. IEEE Transactions on Services Computing, 2013, 6(4): 551-559.
[16]	JUELS A, KALISKI Jr B S. PORs: Proofs of Retrievability for Large Files[C]// ACM. Proceedings of the 14th ACM Conference on Computer and Communications Security, 2007. Alexandria, Virginia, USA. New York: ACM, 2007: 584-597.
[17]	SHACHAM H, WATERS B J. Cryptol (2013) 26: 442[EB/OL]. , 2019-1-13.
[18]	BONEH D, GENTRY C, LYNN B, et al.Aggregate and Verifiably Encrypted Signatures from Bilinear Maps[J]. Advances in Cryptology-EUROCRYPT, 2002, 2656(1): 416-432.
[19]	YANG K, JIA X.An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing[J]. IEEE Transactions on Parallel and Distributed Systems, 2013, 24(9): 1717-1726.
[20]	YEH S C, SU M Y, CHEN H H, et al.An Efficient and Secure Approach for A Cloud Collaborative Editing[J]. Journal of Network & Computer Applications, 2013, 36(6): 1632-1641.
[21]	CASH D, ALPTEKIN Küpcü, Wichs D.Dynamic Proofs of Retrievability via Oblivious RAM[C]//Springer. Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2013. Berlin: Springer, 2013: 279—295.
[22]	YANG K, JIA X.An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing[J]. IEEE Transactions on Parallel and Distributed Systems, 2013, 24(9): 1717-1726.
[23]	MANDAGERE N, ZHOU P, Smith M A, et al.Demystifying data deduplication[C]//ACM. Proceedings of the ACM/IFIP/USENIX Middleware’08 Conference Companion, December 1-5, 2008, Leuven, Belgium. New York: ACM, 2008: 12-17.
[24]	MEYER D T, BOLOSKY W J.A Study of Practical Deduplication[J]. ACM Transactions on Storage (TOS), 2012, 7(4): 14.
[25]	BIAN Genqing, SHAO Bilin, CAI Wandong, et al.Research on Multiple-replica Integrity Auditing Method on Supporting Data Dynamic Updating in Cloud Environment[J]. Netinfo Security, 2017, 17(10): 22-28.
	边根庆,邵必林,蔡皖东,等.云环境下支持数据动态更新的多副本数据完整性审计方法研究[J].信息网络安全,2017,17(10):22-28.
[26]	HALEVI S, HARNIK D, PINKAS B, et al.Proofs of ownership in remote storage systems[C]//ACM. Proceedings of the 18th ACM conference on Computer and communications security, October 17-21, 2011, Chicago, Illinois, USA. NEW York: ACM, 2011: 491-500.
[27]	CHEN Lanxiang, QIU Linbing.A Verifiable Ciphertext Retrieval Scheme Based on Merkle Hash Tree[J]. Netinfo Security, 2017, 17(4): 1-8.
	陈兰香,邱林冰.基于Merkle 哈希树的可验证密文检索方案[J].信息网络安全,2017,17(4):1-8.
[28]	BAI Jianli, LI Xiaoran, HAO Rong, et al.Algebraic Signature-based Secure Auditing and Deduplication Scheme with Ownership Dynamic Modification in Cloud Environment[J]. Netinfo Security, 2018, 18(8): 50-55.
	柏建丽,李晓冉,郝蓉,等.云环境下基于代数签名的支持所有权动态变更的安全审计和去冗方案[J].信息网络安全,2018,18(8):50-55.
[29]	MARQUES L, COSTA C J.Secure Deduplication on Mobile Devices[C]//ACM. Proceedings of the 2011 workshop on open source and design of communication, July 11-11, 2011, Lisboa, Portugal. New York: ACM, 2011: 19-26.
[30]	ZHENG Q, XU S.Secure and Efficient Proof of Storage with Deduplication[C]//ACM. Proceedings of the second ACM conference on Data and Application Security and Privacy, February 7-9, 2012. San Antonio, Texas, USA. New York: ACM, 2012: 1-12
[31]	SHIN Y, HUR J, KIM K.Security Weakness in the Proof of Storage with Deduplication[J]. IACR Cryptology ePrint Archive, 2012, 2(2): 554-565.
[32]	YUAN J, YU S.Secure and Constant Cost Public Cloud Storage Auditing with Deduplication[C]//IEEE. 2013 IEEE Conference on Communications and Network Security (CNS), October 14-16, 2013, National Harbor, MD, USA. New York: IEEE, 2013: 145-153.
[33]	WANG Huaqun.Identity-Based Distributed Provable Data Possession in Multicloud Storage[J]. IEEE Transactions on Services Computing, 2015, 8(2): 328-340.
[34]	LI Peili, XU Haixia, MA Tianjun, et al.The Application of Blockchain Technology in Network Mutual Aid and User Privacy Protection[J]. Netinfo Security, 2018, 18(9): 60-65.
	李佩丽,徐海霞,马添军,等.区块链技术在网络互助中的应用及用户隐私保护[J].信息网络安全,2018,18(9):60-65.
[35]	ZOU Hongxia, QI Bin, WANG Yu, et al.Encryption Based on Alliance Chain and DNA Coding in Local Area Network[J]. Netinfo Security, 2018, 18(12): 31-37.
	邹红霞,齐斌,王宇,等.基于联盟链和DNA 编码的局域网加密技术[J].信息网络安全,2018,18(12):31-37.
[36]	GAO Feng, MAO Hongliang, WU Zhen, et al.Lightweight Bitcoin Transaction Traceability Mechanism[J]. Chinese Journal of Computers, 2018, 41(5): 23-38.
	高峰,毛洪亮,吴震,等.轻量级比特币交易溯源机制[J].计算机学报,2018,41(5):23-38.
[37]	WANG Junsheng, LI Lili, YAN Yong, et al.Security and Supervision of Blockchain Technology Applications[J]. Computer Science, 2018, 45(S1): 365-368, 395.
	王俊生,李丽丽,颜拥,等.区块链技术应用的安全与监管问题[J].计算机科学,2018,45(S1):365-368,395.
[38]	SCHIAVO F P, SASSONE V, NICOLETTI L, et al. Faas: Federation-as-a-service[EB/OL].,2019-1-15.
[39]	TIAN Junfeng, LI Tianle.Data Integrity Verification Model Based on TPA Cloud Alliance[J]. Journal on Communications, 2018, 18(8): 113-124.
	田俊峰,李天乐.基于TPA云联盟的数据完整性验证模型[J].通信学报,2018,18(8):113-124.
[40]	TIAN Junfeng, CHANG Fangshu.Management Model of Trusted Cloud Platform Based on TPM Alliance[J]. Journal on Communications, 2016, 37(2): 1-10.
	田俊峰,常方舒.基于TPM联盟的可信云平台管理模型[J].通信学报,2016,37(2):1-10.
[41]	ZHAO Gang, Management and Informatization. Blockchain: The Cornerstone of Value Internet[M]. Beijing: Publishing House of Electronics Industry, 2016.
	赵刚,管理和信息化.区块链:价值互联网的基石[M].北京:电子工业出版社,2016.
[42]	MAK G.Spring MVC Framework[M].Berlin: Spring Recipes. Apress, 2008.
[43]	ZHANG D, WEI Z, YANG Y.Research on Lightweight MVC Framework Based on Spring MVC and Mybatis[C]// IEEE. Proceedings of the 2013 Sixth International Symposium on Computational Intelligence and Design, October 28-29, 2013, Hangzhou, China. New York: IEEE, 2013: 350-353.
[44]	YU Z, YING H W, XIANG N Z.Design and Implementation of MVC Framework Based on Spring[J]. Computer Engineering, 2010, 36(4): 59-62.
[45]	GUO Guangcan, ZHANG Wei, WANG Qin.A Survey of the Development of Quantum Information Technology[J]. Journal of Nanjing University of Posts and Telecommunications(Natural Science Edition), 2017, 17(3): 1-14.
	郭光灿,张昊,王琴.量子信息技术发展概况[J].南京邮电大学学报(自然科学版),2017,17(3):1-14.
[46]	ZAFAR F, KHAN A, MALIK S U R, et al. A Survey of Cloud Computing Data Integrity Schemes: Design Challenges, Taxonomy and Future Trends[J]. Computers & Security, 2016, 65(3): 29-49.
[47]	HAN J, LIU Y, SUN X, et al.Enhancing Data and Privacy Security in Mobile Cloud Computing through Quantum Cryptography[C]// IEEE. IEEE International Conference on Software Engineering & Service Science, August 26-28, 2016, Beijing, China. New York: IEEE, 2017: 398-401.
[48]	JEEVITHA M, CHANDRASEKAR A, KARTHIK S.Survey on Verification of Storage Correctness in Cloud Computing[J]. International Journal of Engineering and Computer Science, 2015, 4(9): 56-68.
[49]	SHAO Bilin, WU Shuqiang, LIU Jiang, et al.Distributed Detection System for Important Data Integrity[J]. Journal of Detection & Control, 2018, 40(2): 95-100.
	邵必林,吴书强,刘江,等.重要数据完整性分布式检测系统[J].探测与控制学报,2018,40(2):95-100.
[50]	LIN C, SHEN Z, CHEN Q, et al.A Data Integrity Verification Scheme in Mobile Cloud Computing[J]. Journal of Network & Computer Applications, 2017, 77(3): 146-151.
[51]	XU J, WEI L, WU W, et al.Privacy-preserving Data Integrity Verification by Using Lightweight Streaming Authenticated Data Structures for Healthcare Cyber-physical System[J]. Future Generation Computer Systems, 2018, 11(4): 1-13.
[52]	BAO H, CHEN L.A Lightweight Privacy-preserving Scheme with Data Integrity for Smart Grid Communications[J]. Concurrency and Computation: Practice and Experience, 2016, 28(4): 1094-1110.
[53]	ABDALLAH A, SHEN X.A LightWeight Lattice-based Homomorphic Privacy-Preserving Data Aggregation Scheme for Smart Grid[J]. IEEE Transactions on Smart Grid, 2017, 9(1): 396-405.

协议	实现技术	动态操作	加密模型	批审计	公共审计	可靠性
文献[5]	基于RSA的HVT	不支持	随机预言	不支持	支持	不可靠
文献[12]	椭圆加密与HVT	不支持	随机预言	不支持	支持	不可靠
文献[9]	同态块标签	基于等级的认证跳表	标准	不支持	不支持	可靠
文献[10]	同态块标签	基于等级的RSA树	标准	不支持	不支持	可靠
文献[15]	双线性对技术	不支持	随机预言	不支持	不支持	不可靠
文献[16]	哨兵与RS码	不支持	标准	不支持	不支持	不可靠
文献[17]	基于HLA的BLS签名	不支持	随机预言	不支持	支持	不可靠
文献[21]	基于哨兵	ORAM 技术	标准	不支持	不支持	不可靠
文献[30]	CDH	不支持	随机预言	不支持	支持	不可靠