基于变色龙认证树的云边端协同流式数据完整性验证模型

doi:10.3969/j.issn.1671-1122.2022.01.005

信息网络安全 ›› 2022, Vol. 22 ›› Issue (1): 37-45.doi: 10.3969/j.issn.1671-1122.2022.01.005

基于变色龙认证树的云边端协同流式数据完整性验证模型

李桐¹^,², 任帅², 王刚², 孟庆宇³()

1.东北大学计算机科学与工程学院,沈阳 110169
2.国网辽宁省电力有限公司电力科学研究院,沈阳 110003
3.东北大学软件学院,沈阳 110169

收稿日期:2021-06-23 出版日期:2022-01-10 发布日期:2022-02-16
通讯作者: 孟庆宇 E-mail:1531280129@qq.com
作者简介:李桐（1990—）,男,辽宁,工程师,博士研究生,主要研究方向为电力系统网络安全|任帅（1989—）,男,辽宁,工程师,硕士,主要研究方向为信息安全|王刚（1978—）,男,黑龙江,高级工程师,硕士,主要研究方向为网络安全|孟庆宇（1995—）,男,辽宁,硕士研究生,主要研究方向为网络与信息安全
基金资助:
工信部工业企业网络安全综合防护平台项目-物联网终端虚拟化与安全验证技术研究(TC200H01V)

Cloud-edge-device Collaborative Integrity Verification Scheme Based on Chameleon Authentication Tree for Streaming Data

LI Tong¹^,², REN Shuai², WANG Gang², MENG Qingyu³()

1. School of Computer Science and Engineering, Northeastern University, Shenyang 110169, China
2. State Grid Liaoning Electric Power Research Institute, Shenyang 110003, China
3. Software College, Northeastern University, Shenyang 110169, China

Received:2021-06-23 Online:2022-01-10 Published:2022-02-16
Contact: MENG Qingyu E-mail:1531280129@qq.com

摘要/Abstract

摘要：

物联网环境中的终端设备会产生大量的流式数据,如环境感知数据、工业控制数据、人体健康数据等,这些数据全部上传到云服务器会造成巨大的网络负担,云边协同的计算方式能够极大地缓解网络带宽以及云服务器的计算压力,加快数据的处理,提升服务响应能力。但是,云边协同计算同样面临着数据被窃取、篡改等问题。这些承载着重要信息的流式数据一旦遭到窃取或篡改,很可能造成严重的损失。为此,文章基于流式数据完整性验证重要方法——变色龙认证树,构建了一个支持数据机密性的云边端协同流式数据完整性验证模型（Cloud-edge-device Collaborative Integrity Verification Scheme for Streaming Data,CCIVS-SD）,该模型包括5种实体：终端设备、边缘节点、云服务器、数据使用者和可信任第三方。文章给出模型的实体构成、形式化定义以及通信协议,并对模型进行分析,结果表明该模型能够完成流式数据插入、查询和完整性验证,并且能够保护数据的机密性。

关键词: 物联网, 边缘计算, 流式数据, 完整性, 变色龙认证树

Abstract:

Devices in the Internet of things produce a lot of streaming data, such as environment perception data, industrial control, human health data, etc., all these data uploaded to the cloud server will cause a huge burden on network, and the cloud-edge collaborative calculation mode can greatly alleviate the pressure of the network bandwidth and the cloud computing, and expedite the processing of data, improve the service response ability. However, cloud-edge collaborative computing is also faced with problems such as data theft and tampering. Obviously, once these streaming data carrying important information are tampered with, it is likely to cause serious losses. Based on the chameleon authentication tree (CAT), this paper constructed a cloud-edge-device collaborative integrity verification model for streaming data (CCIVS-SD) that supports data confidentiality protection. The scheme includes five entities: devices, edge nodes, cloud servers, data users and trusted third parties, which can complete appending, query, and integrity verification of the streaming data, and can also protect data privacy.

Key words: internet of things, edge computing, streaming data, integrity, chameleon authentication tree

中图分类号:

TP309

李桐, 任帅, 王刚, 孟庆宇. 基于变色龙认证树的云边端协同流式数据完整性验证模型[J]. 信息网络安全, 2022, 22(1): 37-45.

LI Tong, REN Shuai, WANG Gang, MENG Qingyu. Cloud-edge-device Collaborative Integrity Verification Scheme Based on Chameleon Authentication Tree for Streaming Data[J]. Netinfo Security, 2022, 22(1): 37-45.

图/表 4

图1

图2

表1

图3

参考文献 15

[1]	MARIA R P, MISCHA D, ALFREDO G, et al. Internet of Things in the 5G Era: Enablers, Architecture, and Business Models[J], IEEE Journal on Selected Areas in Communications, 2016, 34(3):510-527. doi: 10.1109/JSAC.2016.2525418 URL
[2]	Cisco Visual Networking. Cisco Global Cloud Index: Forecast and Methodology 2015-2020[EB/OL]. http://www.cisco.com/c/dam/en/us/solutions/collateral/service-provider/global-coud-index-gci/white-paper-c11-738085.pdf, 2017-08-15.
[3]	BABCOCK B, BABU S, DATAR M, et al. Models and Issues in Data Stream Systems[C]// ACM. Proceedings of the 21th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, June 3-5, 2002, Madison, Wisconsin, USA. New York: ACM, 2002: 1-16.
[4]	ZHENG Xi, JULIEN C, KIM M, et al. Perceptions on The State of the Art in Verification and Validation in Cyber-physical Systems[J]. IEEE Systems Journal, 2015, 11(4):2614-2627. doi: 10.1109/JSYST.2015.2496293 URL
[5]	KRUPP J, SCHRODER D, SIMKIM M, et al. Nearly Optimal Verifiable Data Streaming[C]// Springer. Public-key Cryptography-PKC 2016, March 6-9, 2016, Taipei, Taiwan, China. Berlin: Springer, 2016: 417-445.
[6]	CATALANO D, FIORE D. Vector Commitments and Their Applications[C]// Springer. International Workshop on Public Key Cryptography, March 1, 2013, Nara, Japan. Berlin: Springer, 2013: 55-72.
[7]	CHEN Chiyuan, WU Hsinmin, WANG Lei, et al. Practical Integrity Preservation for Data Streaming in Cloud-assisted Healthcare Sensor Systems[J]. Computer Networks, 2017, 129(5):472-480. doi: 10.1016/j.comnet.2017.05.032 URL
[8]	XU Jian, WEI Laiwen, ZHANG Yu, et al. Dynamic Fully Homomorphic Encryption-based Merkle Tree for Lightweight Streaming Authenticated Data Structures[J]. Journal of Network and Computer Applications, 2018, 107(4):113-124. doi: 10.1016/j.jnca.2018.01.014 URL
[9]	YU C M. POSTER: Lightweight Streaming Authenticated Data Structures[C]// ACM. Proceedings of the 22th ACM SIGSAC Conference on Computer and Communications Security, October 12, 2015, Denver Colorado, USA. New York: ACM, 2015: 1693-1695.
[10]	PAPAMANTHOU C, SHI E, TAMASSIA R, et al. Streaming Authenticated Data Structures[C]// Springer. Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 26-30, 2013, Athens Greece. Heidelberg: Springer. 2013: 353-370.
[11]	QIAN Yi, ZHANG Yupeng, CHEN Xi, et al. Streaming Authenticated Data Structures: Abstraction and Implementation[C]// ACM. Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security, November 7, 2014, Scottsdale Arizona, USA. New York: ACM, 2014: 129-139.
[12]	ZHANG Zhiwen, CHEN Xianfeng, MA Jianfeng, et al. New Efficient Constructions of Verifiable Data Streaming with Accountability[J]. Annals of Telecommunications, 2019, 74(7):483-499. doi: 10.1007/s12243-018-0687-7 URL
[13]	KIM K S, JEONG I R. Efficient Verifiable Data Streaming[J]. Security and Communication Networks, 2015, 8(18):4013-4018. doi: 10.1002/sec.1317 URL
[14]	SCHRÖDER D, SCHRÖDER H. Verifiable Data Streaming[C]// ACM. Proceedings of the 2012 ACM Conference on Computer and Communications Security, October 16-18, 2012, Raleigh, North Carolina, USA. New York: ACM, 2012: 953-964.
[15]	SCHRÖDER D, SIMKIN M. VeriStream-a Framework for Verifiable Data Streaming[C]// Springer. International Conference on Financial Cryptography and Data Security, January 26-30, 2015, Puetro Rico. Heidelberg: Springer, 2015: 548-566.

符号	含义	符号	含义
$\text{Device}$	终端设备	$\text{EdgeNode}$	边缘节点
$\text{CloudServer}$	云服务器	$\text{DataUser}$	数据使用者
$\text{TTP}$	可信任第三方平台	$\lambda $	安全参数
$cpk$	变色龙hash函数公钥	$csk$	变色龙hash函数私钥
$hpk$	全同态加密公钥	$hsk$	全同态加密私钥
$m_{\tau }^{j}$	原始数据	$c_{\tau }^{j}$	密文数据
${{C}_{\tau }}$	密文数据集合	${{A}_{\tau }}$	聚合计算后的密文数据
${{P}_{i,j}}$	聚合计算后的原始数据	$[i,j]$	查询范围
${{A}_{i,j}}$	查询结果	$aut{{h}_{i,j}}$	查询结果对应的认证路径
$initial$	CAT初始化算法	$append$	CAT数据插入算法
$rangeQuery$	CAT查询算法	$rangeVerify$	CAT验证算法

基于变色龙认证树的云边端协同流式数据完整性验证模型

Cloud-edge-device Collaborative Integrity Verification Scheme Based on Chameleon Authentication Tree for Streaming Data

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 15

相关文章 15

编辑推荐

Metrics

本文评价

[1]	吴克河, 程瑞, 姜啸晨, 张继宇. 基于SDP的电力物联网安全防护方案[J]. 信息网络安全, 2022, 22(2): 32-38.
[2]	易铮阁, 袁文勇, 李瑞峰, 杨晓元. 一种支持动态操作的身份基云存储方案[J]. 信息网络安全, 2022, 22(2): 86-95.
[3]	陈庆港, 杜彦辉, 韩奕, 刘翔宇. 基于深度可分离卷积的物联网设备识别模型[J]. 信息网络安全, 2021, 21(9): 67-73.
[4]	吴克河, 程瑞, 郑碧煌, 崔文超. 电力物联网安全通信协议研究[J]. 信息网络安全, 2021, 21(9): 8-15.
[5]	李群, 董佳涵, 关志涛, 王超. 一种基于聚类分类的物联网恶意攻击检测方法[J]. 信息网络安全, 2021, 21(8): 82-90.
[6]	刘忻, 杨浩睿, 郭振斌, 王家寅. 一种实现在线注册与权限分离的工业物联网身份认证协议[J]. 信息网络安全, 2021, 21(7): 1-9.
[7]	刘忻, 郭振斌, 宋宇宸. 一种基于SGX的工业物联网身份认证协议[J]. 信息网络安全, 2021, 21(6): 1-10.
[8]	王开轩, 滕亚均, 王琼霄, 王伟. 隐式证书的国密算法应用研究[J]. 信息网络安全, 2021, 21(5): 74-81.
[9]	储志强, 仵冀颖, 徐磊, 杜聪. 基于区块链的分布式离链存储框架设计[J]. 信息网络安全, 2021, 21(2): 87-93.
[10]	李桐, 周小明, 任帅, 徐剑. 轻量化移动边缘计算双向认证协议[J]. 信息网络安全, 2021, 21(11): 58-64.
[11]	张富成, 付绍静, 夏竟, 罗玉川. 基于GlusterFS的分布式数据完整性验证系统[J]. 信息网络安全, 2021, 21(1): 72-79.
[12]	徐绘凯, 刘跃, 马振邦, 段海新. MQTT安全大规模测量研究[J]. 信息网络安全, 2020, 20(9): 37-41.
[13]	刘文懋, 尤扬. 5G新型基础设施的安全防护思路和技术转换[J]. 信息网络安全, 2020, 20(9): 67-71.
[14]	石润华, 石泽. 基于区块链技术的物联网密钥管理方案[J]. 信息网络安全, 2020, 20(8): 1-8.
[15]	刘建伟, 韩祎然, 刘斌, 余北缘. 5G网络切片安全模型研究[J]. 信息网络安全, 2020, 20(4): 1-11.