引用本文
  • 杨帆,袁艺林,张邓凡,李子臣.支持审计者更换和数据动态的云数据完整性审计方案[J].信息安全学报,已采用    [点击复制]
  • Yang Fan,Yuan Yilin,Zhang Dengfan,Li Zichen.Cloud data integrity audit solution that supports auditor replacement and data dynamics[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 1669次   下载 0  
支持审计者更换和数据动态的云数据完整性审计方案
杨帆, 袁艺林, 张邓凡, 李子臣
0
(北京印刷学院)
摘要:
由于用户希望在传输和存储过程中的云端数据没有被篡改或损坏,因此需要定期审计云端数据的完整性。为便于用户摆脱云端数据的审计负担,目前,云端数据完整性验证研究中通常采用审计者替代用户执行审计工作的模式。然而,单一且固定的审计者,可能因资源限制、服务到期、安全风险等原因导致审计失败,从而造成用户权益受损。针对此问题,本文提出了支持审计者更换和数据动态的云数据完整性审计方案。首先,本文提出以雾节点充当审计者,雾节点的低延迟、高自主、离线支持等特性可使审计服务不受地理、时间或其他客观因素影响,且支持在审计服务到期或维修故障时随时退出审计服务。其次,为了防止退出审计服务的雾节点利用原有签名和密钥发起不正当的行为,方案加入标签与密钥更新技术,根据代替原有雾节点继续执行审计服务的新雾节点的信息重新生成标签与密钥。另外,保证云端数据新鲜性有助于提升用户的体验感,因此方案引入一种数据结构--可调节分治表(Adjustable Divide and Conquer Table, ADCT),用于辅助用户完成数据动态操作。安全性分析证明方案在Computational Diffie-Hellman(CDH)、Discrete Logarithm(DL)假设下具备安全性,实现了标签不可伪造与审计者更换,实验评估表明本方案的总计算开销较小,综合性能更为优越,兼具安全性与高效性。
关键词:  云存储  完整性验证  雾节点  审计者更换  数据动态
DOI:
投稿时间:2023-09-26修订日期:2023-12-26
基金项目:
Cloud data integrity audit solution that supports auditor replacement and data dynamics
Yang Fan, Yuan Yilin, Zhang Dengfan, Li Zichen
(Beijing Institute of Graphic Communication)
Abstract:
Since users want data in the cloud to not be tampered with or corrupted during transmission and storage, the integrity of the data in the cloud needs to be audited regularly. In order to facilitate users to break free from the audit bur-den of cloud data, currently, in research on cloud data integrity verification, auditors are usually used to perform audit work on behalf of users. However, a single and fixed auditor may fail audits due to resource constraints, service expiration, security risks, and other reasons, resulting in damage to user rights. In response to this issue, this article proposes a cloud storage data integrity audit scheme that supports auditor replacement and dynamic data updates. Firstly, this article proposes using fog nodes as auditors. The characteristics of fog nodes such as low latency, high autonomy, and offline support enable audit services to be unaffected by geographical, temporal, or other objective factors, and can be exited at any time when the service expires or maintenance malfunctions occur. Secondly, in order to prevent the fog nodes that have exited the audit service from using the original signatures and keys to initiate improper behaviors, the label and key update technology is added to regenerate the label and key according to the information of the new fog node that continues to execute the audit service instead of the original fog node.In addition, ensuring the freshness of cloud data helps to enhance the user experience. Therefore, the solution introduces a data structure - Adjustable Divide and Conquer Table (ADCT) used to assist users in completing data dynamic operations. The safety analysis proves that the scheme has security under the assumption of Computational Diffie-Hellman(CDH) and Discrete Logarithm(DL), and realizes the non-forgery of the label and the replacement of the auditor, and the experimental evaluation shows that the total computing overhead of the scheme is small, the comprehensive performance is superior, and it has both security and efficiency.
Key words:  cloud storage  integrity verification  fog nodes  auditor replacement  data dynamics