信息网络安全 ›› 2020, Vol. 20 ›› Issue (1): 83-88.doi: 10.3969/j.issn.1671-1122.2020.01.012

• 技术研究 • 上一篇    下一篇

具有数据上传管控的无证书可证明数据持有方案

李晓冉1, 郝蓉1(), 于佳1,2   

  1. 1. 青岛大学计算机科学技术学院,青岛 266071
    2. 中国科学院信息工程研究所信息安全国家重点实验室,北京 100093
  • 收稿日期:2019-06-15 出版日期:2020-01-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:李晓冉(1995—),女,山东,硕士研究生,主要研究方向为云计算安全;郝蓉(1976—),女,山东,高级实验师,硕士,主要研究方向为信息安全;于佳(1976—),男,山东,教授,博士,主要研究方向为密码学、云计算安全、大数据安全和网络安全。

  • 基金资助:
    国家自然科学基金[61572267,61272425];“十三五”国家密码发展基金[MMJJ20170118];中国科学院信息工程研究所信息安全国家重点实验室开放课题[2016-MS-23,2017-MS-21]

Certificateless Provable Data Possession with Data Uploading Control

LI Xiaoran1, HAO Rong1(), YU Jia1,2   

  1. 1. College of Computer Science and Technology, Qingdao University, Qingdao 266071, China
    2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
  • Received:2019-06-15 Online:2020-01-10 Published:2020-05-11

摘要:

随着大数据技术的发展,云存储受到了越来越多的关注。它在给用户带来诸多便利的同时,也产生了新的安全挑战。由于用户在将数据存储到云端后就失去了对数据的直接控制,如何安全有效地检测存储在云端数据的完整性成为一个重要的安全挑战。可证明数据持有技术(PDP)是近年来的一个研究热点,它可以在不下载全部数据的情况下实现云数据的完整性检测。然而,绝大多数已存在的PDP方案或者存在复杂的证书管理问题,或者存在密钥托管问题。除此之外,这些方案都没有考虑数据上传的管控问题。针对上述问题,文章提出了一种具有数据上传管控的无证书可证明数据持有的方案,该方案首先利用权限管理和秘密共享技术,实现了对数据上传过程的管控,即只有当超过一定门限值的用户同意后才可将数据上传到云端,避免了用户随意上传数据的行为;其次利用无证书的密码技术,既避免了密钥托管问题,又简化了证书管理的操作。同时,也对方案的安全性和性能进行了分析。

关键词: 云存储, 数据完整性检测, 可证明数据持有, 密钥托管

Abstract:

With the development of big data technology, cloud storage has received more and more attention. While it brings a lot of convenience to users, it also creates new security challenges. Since users lose direct control over data after storing data on the cloud, how to safely and effectively detect the integrity of data stored on the cloud becomes an important security challenge. The technology of PDP has been a research hot spot in recent years, which can realize the integrity detection of cloud data without downloading all the data. However, most existing PDP schemes either have complex certificate management issues or have key escrow issues. In addition, these schemes do not consider the issue of control over data uploads. In view of the above problems, we propose a scheme of certificateless provable data possession with data uploading control. It first uses the technology of rights management and secret sharing to realize the control of the data uploading process, that is, only over threshold users can upload the data to the cloud, which avoids the user’s randomly uploading behavior. Secondly, the certificateless cryptographic technology is utilized, which avoids the key escrow problem and simplifies the operation of certificate management. At the same time, the security and performance of the solution are also analyzed.

Key words: cloud storage, data integrity detection, PDP, key escrow

中图分类号: