Cloud-edge-device Collaborative Integrity Verification Scheme Based on Chameleon Authentication Tree for Streaming Data

doi:10.3969/j.issn.1671-1122.2022.01.005

Abstract

Abstract:

Devices in the Internet of things produce a lot of streaming data, such as environment perception data, industrial control, human health data, etc., all these data uploaded to the cloud server will cause a huge burden on network, and the cloud-edge collaborative calculation mode can greatly alleviate the pressure of the network bandwidth and the cloud computing, and expedite the processing of data, improve the service response ability. However, cloud-edge collaborative computing is also faced with problems such as data theft and tampering. Obviously, once these streaming data carrying important information are tampered with, it is likely to cause serious losses. Based on the chameleon authentication tree (CAT), this paper constructed a cloud-edge-device collaborative integrity verification model for streaming data (CCIVS-SD) that supports data confidentiality protection. The scheme includes five entities: devices, edge nodes, cloud servers, data users and trusted third parties, which can complete appending, query, and integrity verification of the streaming data, and can also protect data privacy.

Key words: internet of things, edge computing, streaming data, integrity, chameleon authentication tree

CLC Number:

TP309

LI Tong, REN Shuai, WANG Gang, MENG Qingyu. Cloud-edge-device Collaborative Integrity Verification Scheme Based on Chameleon Authentication Tree for Streaming Data[J]. Netinfo Security, 2022, 22(1): 37-45.

Figures/Tables 4

References 15

[1]	MARIA R P, MISCHA D, ALFREDO G, et al. Internet of Things in the 5G Era: Enablers, Architecture, and Business Models[J], IEEE Journal on Selected Areas in Communications, 2016, 34(3):510-527. doi: 10.1109/JSAC.2016.2525418 URL
[2]	Cisco Visual Networking. Cisco Global Cloud Index: Forecast and Methodology 2015-2020[EB/OL]. http://www.cisco.com/c/dam/en/us/solutions/collateral/service-provider/global-coud-index-gci/white-paper-c11-738085.pdf, 2017-08-15.
[3]	BABCOCK B, BABU S, DATAR M, et al. Models and Issues in Data Stream Systems[C]// ACM. Proceedings of the 21th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, June 3-5, 2002, Madison, Wisconsin, USA. New York: ACM, 2002: 1-16.
[4]	ZHENG Xi, JULIEN C, KIM M, et al. Perceptions on The State of the Art in Verification and Validation in Cyber-physical Systems[J]. IEEE Systems Journal, 2015, 11(4):2614-2627. doi: 10.1109/JSYST.2015.2496293 URL
[5]	KRUPP J, SCHRODER D, SIMKIM M, et al. Nearly Optimal Verifiable Data Streaming[C]// Springer. Public-key Cryptography-PKC 2016, March 6-9, 2016, Taipei, Taiwan, China. Berlin: Springer, 2016: 417-445.
[6]	CATALANO D, FIORE D. Vector Commitments and Their Applications[C]// Springer. International Workshop on Public Key Cryptography, March 1, 2013, Nara, Japan. Berlin: Springer, 2013: 55-72.
[7]	CHEN Chiyuan, WU Hsinmin, WANG Lei, et al. Practical Integrity Preservation for Data Streaming in Cloud-assisted Healthcare Sensor Systems[J]. Computer Networks, 2017, 129(5):472-480. doi: 10.1016/j.comnet.2017.05.032 URL
[8]	XU Jian, WEI Laiwen, ZHANG Yu, et al. Dynamic Fully Homomorphic Encryption-based Merkle Tree for Lightweight Streaming Authenticated Data Structures[J]. Journal of Network and Computer Applications, 2018, 107(4):113-124. doi: 10.1016/j.jnca.2018.01.014 URL
[9]	YU C M. POSTER: Lightweight Streaming Authenticated Data Structures[C]// ACM. Proceedings of the 22th ACM SIGSAC Conference on Computer and Communications Security, October 12, 2015, Denver Colorado, USA. New York: ACM, 2015: 1693-1695.
[10]	PAPAMANTHOU C, SHI E, TAMASSIA R, et al. Streaming Authenticated Data Structures[C]// Springer. Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 26-30, 2013, Athens Greece. Heidelberg: Springer. 2013: 353-370.
[11]	QIAN Yi, ZHANG Yupeng, CHEN Xi, et al. Streaming Authenticated Data Structures: Abstraction and Implementation[C]// ACM. Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security, November 7, 2014, Scottsdale Arizona, USA. New York: ACM, 2014: 129-139.
[12]	ZHANG Zhiwen, CHEN Xianfeng, MA Jianfeng, et al. New Efficient Constructions of Verifiable Data Streaming with Accountability[J]. Annals of Telecommunications, 2019, 74(7):483-499. doi: 10.1007/s12243-018-0687-7 URL
[13]	KIM K S, JEONG I R. Efficient Verifiable Data Streaming[J]. Security and Communication Networks, 2015, 8(18):4013-4018. doi: 10.1002/sec.1317 URL
[14]	SCHRÖDER D, SCHRÖDER H. Verifiable Data Streaming[C]// ACM. Proceedings of the 2012 ACM Conference on Computer and Communications Security, October 16-18, 2012, Raleigh, North Carolina, USA. New York: ACM, 2012: 953-964.
[15]	SCHRÖDER D, SIMKIN M. VeriStream-a Framework for Verifiable Data Streaming[C]// Springer. International Conference on Financial Cryptography and Data Security, January 26-30, 2015, Puetro Rico. Heidelberg: Springer, 2015: 548-566.

符号	含义	符号	含义
$\text{Device}$	终端设备	$\text{EdgeNode}$	边缘节点
$\text{CloudServer}$	云服务器	$\text{DataUser}$	数据使用者
$\text{TTP}$	可信任第三方平台	$\lambda $	安全参数
$cpk$	变色龙hash函数公钥	$csk$	变色龙hash函数私钥
$hpk$	全同态加密公钥	$hsk$	全同态加密私钥
$m_{\tau }^{j}$	原始数据	$c_{\tau }^{j}$	密文数据
${{C}_{\tau }}$	密文数据集合	${{A}_{\tau }}$	聚合计算后的密文数据
${{P}_{i,j}}$	聚合计算后的原始数据	$[i,j]$	查询范围
${{A}_{i,j}}$	查询结果	$aut{{h}_{i,j}}$	查询结果对应的认证路径
$initial$	CAT初始化算法	$append$	CAT数据插入算法
$rangeQuery$	CAT查询算法	$rangeVerify$	CAT验证算法