具有数据上传管控的无证书可证明数据持有方案

doi:10.3969/j.issn.1671-1122.2020.01.012

信息网络安全 ›› 2020, Vol. 20 ›› Issue (1): 83-88.doi: 10.3969/j.issn.1671-1122.2020.01.012

具有数据上传管控的无证书可证明数据持有方案

李晓冉¹, 郝蓉¹(), 于佳^1,²

1. 青岛大学计算机科学技术学院,青岛 266071
2. 中国科学院信息工程研究所信息安全国家重点实验室,北京 100093

收稿日期:2019-06-15 出版日期:2020-01-10 发布日期:2020-05-11
作者简介:
作者简介：李晓冉（1995—）,女,山东,硕士研究生,主要研究方向为云计算安全;郝蓉（1976—）,女,山东,高级实验师,硕士,主要研究方向为信息安全;于佳（1976—）,男,山东,教授,博士,主要研究方向为密码学、云计算安全、大数据安全和网络安全。
基金资助:
国家自然科学基金[61572267,61272425];“十三五”国家密码发展基金[MMJJ20170118];中国科学院信息工程研究所信息安全国家重点实验室开放课题[2016-MS-23,2017-MS-21]

Certificateless Provable Data Possession with Data Uploading Control

LI Xiaoran¹, HAO Rong¹(), YU Jia^1,²

1. College of Computer Science and Technology, Qingdao University, Qingdao 266071, China
2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China

Received:2019-06-15 Online:2020-01-10 Published:2020-05-11

摘要/Abstract

摘要：

随着大数据技术的发展,云存储受到了越来越多的关注。它在给用户带来诸多便利的同时,也产生了新的安全挑战。由于用户在将数据存储到云端后就失去了对数据的直接控制,如何安全有效地检测存储在云端数据的完整性成为一个重要的安全挑战。可证明数据持有技术（PDP）是近年来的一个研究热点,它可以在不下载全部数据的情况下实现云数据的完整性检测。然而,绝大多数已存在的PDP方案或者存在复杂的证书管理问题,或者存在密钥托管问题。除此之外,这些方案都没有考虑数据上传的管控问题。针对上述问题,文章提出了一种具有数据上传管控的无证书可证明数据持有的方案,该方案首先利用权限管理和秘密共享技术,实现了对数据上传过程的管控,即只有当超过一定门限值的用户同意后才可将数据上传到云端,避免了用户随意上传数据的行为;其次利用无证书的密码技术,既避免了密钥托管问题,又简化了证书管理的操作。同时,也对方案的安全性和性能进行了分析。

关键词: 云存储, 数据完整性检测, 可证明数据持有, 密钥托管

Abstract:

With the development of big data technology, cloud storage has received more and more attention. While it brings a lot of convenience to users, it also creates new security challenges. Since users lose direct control over data after storing data on the cloud, how to safely and effectively detect the integrity of data stored on the cloud becomes an important security challenge. The technology of PDP has been a research hot spot in recent years, which can realize the integrity detection of cloud data without downloading all the data. However, most existing PDP schemes either have complex certificate management issues or have key escrow issues. In addition, these schemes do not consider the issue of control over data uploads. In view of the above problems, we propose a scheme of certificateless provable data possession with data uploading control. It first uses the technology of rights management and secret sharing to realize the control of the data uploading process, that is, only over threshold users can upload the data to the cloud, which avoids the user’s randomly uploading behavior. Secondly, the certificateless cryptographic technology is utilized, which avoids the key escrow problem and simplifies the operation of certificate management. At the same time, the security and performance of the solution are also analyzed.

Key words: cloud storage, data integrity detection, PDP, key escrow

中图分类号:

TP309

李晓冉, 郝蓉, 于佳. 具有数据上传管控的无证书可证明数据持有方案[J]. 信息网络安全, 2020, 20(1): 83-88.

LI Xiaoran, HAO Rong, YU Jia. Certificateless Provable Data Possession with Data Uploading Control[J]. Netinfo Security, 2020, 20(1): 83-88.

图/表 4

参考文献 16

[1]	ATENIESE G, BURNS R, CURTMOLA R, et al.Provable Data Possession at Untrusted Stores[C]// ACM. Proceedings of the 14th ACM Conference on Computer and Communication Security, October 29-November 2, 2007, Alexandria, Virginia, USA. New York: ACM, 2007: 598-609.
[2]	ATENIESE G, DIPIETRO R, MANCINI L V, et al.Scalable and Efficient Provable Data Possession[C]//ACM. Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, September 22-25, 2008, Istanbul, Turkey. New York: ACM, 2008: 114-123.
[3]	ERWAY C C, KUPCU A, PAPAMANTHOU C, et al.Dynamic Provable Data Possession[J]. ACM Transactions on Information and System Security, 2009, 17(15): 213-222.
[4]	SHACHAM H, WATERS B.Compact Proofs of Retrievability[J]. Journal of Cryptology, 2013, 26(3): 442-483.
[5]	DOMINGO F J, QIN Bo, WU Qianghong, et al.Identity-Based Remote Data Possession Checking in Public Clouds[J]. IET Information Security, 2014, 8(2): 114-121.
[6]	WANG Huaqun.Identity-Based Distributed Provable Data Possession in Multi-cloud Storage[J]. IEEE Transactions on Services Computing, 2015, 8(2): 328-340.
[7]	YU Yong, XUE Liang, AU M H, et al.Cloud Data Integrity Checking with an Identity-Based Auditing Mechanism from RSA[J]. Future Generation Computer Systems, 2016, 62(C): 85-91.
[8]	YU Yong, AU M H, ATENIESE G, et al.Identity-Based Remote Data Integrity Checking with Perfect Data Privacy Preserving for Cloud Storage[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(4): 767-778.
[9]	AL-RIYAMI S S, PATERSON K G. Certificateless Public Key Cryptography[C]// Springer. International Conference on the Theory and Application of Cryptology and Information Security, November 30-December 4, 2003. Taipei, China. Heidelberg: Springer, 2003: 452-473.
[10]	WANG Boyang, LI Bochun, LI Hui, et al.Certificateless Public Auditing for Data Integrity in the Cloud[C]// IEEE. Conference on Communications and Network Security, October 14-16, 2013, National Harbor, MD, USA. New Nork: IEEE, 2013: 136-144.
[11]	HE Debiao, ZEADALLY S, WU Libing.Certificateless Public Auditing Scheme for Cloud-Assisted Wireless Body Area Networks[J]. IEEE Systems Journal, 2018, 12(1): 64-73.
[12]	HE Debiao, NEERAJ K, SHERALI Z, et al.Certificateless Provable Data Possession Scheme for Cloud-Based Smart Grid Data Management Systems[J]. IEEE Transactions on Industrial Informatics, 2018, 14(3): 1232-1241
[13]	HE Debiao, KUMAR N, WANG Huaqun, et al.Privacy-Preserving Certificateless Provable Data Possession Scheme for Big Data Storage on Cloud[J]. Applied Mathematics and Computation, 2017, 314(1): 31-43.
[14]	YANG Anjia, XU Jia, WENG Jian, et al.Lightweight and Privacy-Preserving Delegatable Proofs of Storage with Dynamics in Cloud Storage[J]. IEEE Transactions on Cloud Computing. 2018: 1-14
[15]	SHEN Wenting, YU Jia, XIA Hui, et al.Light-Weight and Privacy-Preserving Secure Cloud Auditing Scheme for Group Users via the Third Party Medium[J]. Journal of Network and Computer Applications, 2017, 82(3): 56-64.
[16]	ZHANG Yue, YU Jia, HAO Rong, et al.Enabling Efficient User Revocation in Identity-Based Cloud Storage Auditing for Shared Big Data[J]. IEEE Transactions on Dependable and Secure Computing, 2018, 15(x): 1-13.

不同方案	用户成员	云服务器	KGC	TPA
本文方案	(6t+4)E+ (3t-2)M+ (t+n-2)A+H	(c+2)E+ (2c+n)M+ (c-1)A+H+2P	(nt+t+2)E+ (nt+1)M+ (nt-n+1)A+H	(c+2)E+ (c+n+1)M+ cH+2P
文献[16]	(4n+2m+1)E+ (2n+m)M+2A+ (2n+m+1)H	(3m+c)E+ (4m+2c-1)M+ (c-1)A+ 3mH+2mP	3E+M+A+H	(c+3)E+ (c+3)M+ (c+2)H+2P

不同方案	TPA发送给云服务器的质询	云服务器返回给TPA的证明
本文方案	${{\log }_{2}}c+{{\log }_{2}}{{k}_{1}}+{{\log }_{2}}{{k}_{2}}$	${{\log }_{2}}q+q+\left\| {{m}_{i}} \right\|$
文献[16]	$c\cdot \left( {{\log }_{2}}i+q \right)$	${{\log }_{2}}q+q+\left\| {{m}_{i}} \right\|$

具有数据上传管控的无证书可证明数据持有方案

Certificateless Provable Data Possession with Data Uploading Control

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 16

相关文章 15

编辑推荐

Metrics

本文评价

[1]	刘建华, 郑晓坤, 郑东, 敖章衡. 基于属性加密且支持密文检索的安全云存储系统[J]. 信息网络安全, 2019, 19(7): 50-58.
[2]	侯林, 李明洁, 徐剑, 周福才. 基于变长认证跳表的分布式动态数据持有证明模型[J]. 信息网络安全, 2019, 19(7): 67-74.
[3]	秦中元, 韩尹, 张群芳, 朱雪金. 一种改进的多私钥生成中心云存储访问控制方案[J]. 信息网络安全, 2019, 19(6): 11-18.
[4]	邵必林, 李肖俊, 边根庆, 赵煜. 云存储数据完整性审计技术研究综述[J]. 信息网络安全, 2019, 19(6): 28-36.
[5]	黑一鸣, 刘建伟, 张宗洋, 喻辉. 基于区块链的可公开验证分布式云存储系统[J]. 信息网络安全, 2019, 19(3): 52-60.
[6]	李帅, 刘晓洁, 徐兵. 一种基于目录哈希树的磁盘数据同步方法研究[J]. 信息网络安全, 2019, 19(2): 53-59.
[7]	赵星, 王晓东, 张串绒. 一种基于数据漂移的动态云安全存储机制[J]. 信息网络安全, 2019, 19(10): 65-73.
[8]	秦中元, 韩尹, 朱雪金. 基于改进DGHV算法的云存储密文全文检索研究[J]. 信息网络安全, 2019, 19(1): 8-8.
[9]	鲁秀青, 咸鹤群. 云存储中基于用户授权的大数据完整性审计方案[J]. 信息网络安全, 2018, 18(4): 32-37.
[10]	马苗立, 张洪波, 丁卫颖. 基于字节级优化更新的云存储增量式网络编码方法研究[J]. 信息网络安全, 2018, 18(11): 18-26.
[11]	赵萌, 丁勇, 王玉珏. 指定审计员的云数据安全存储方案[J]. 信息网络安全, 2018, 18(11): 66-72.
[12]	姜红, 亢保元, 李春青. 改进的保护身份的云共享数据完整性公开审计方案[J]. 信息网络安全, 2018, 18(10): 85-91.
[13]	张键红, 孟宏欣. 云存储中一种基于链表的动态去重方案研究[J]. 信息网络安全, 2017, 17(8): 14-18.
[14]	蒋凡, 魏弋翔, 庄严, 张静波. 安全私有云有效应对勒索病毒的原理分析[J]. 信息网络安全, 2017, 17(8): 83-88.
[15]	陈兰香, 邱林冰. 基于Merkle哈希树的可验证密文检索方案[J]. 信息网络安全, 2017, 17(4): 1-8.