| 用户可动态撤销及数据可实时更新的云审计方案 |
| |
| 引用本文: | 韩静,李艳平,禹勇,丁勇.用户可动态撤销及数据可实时更新的云审计方案[J].软件学报,2020,31(2):578-596. |
| |
| 作者姓名: | 韩静 李艳平 禹勇 丁勇 |
| |
| 作者单位: | 陕西师范大学数学与信息科学学院,陕西西安710119;陕西师范大学计算机科学学院,陕西西安710119;广西密码学与信息安全重点实验室(桂林电子科技大学),广西桂林541004 |
| |
| 基金项目: | 国家自然科学基金(61802243,61872229,61772150);陕西省工业领域重点研发项目(2019GY-013);中央高校基本科研业务费专项资金(2018CSLY002,GK201803005) |
| |
| 摘 要: | 随着云存储的出现,越来越多的用户选择将大量数据存储在远程云服务器上,以节约本地存储资源.如何验证用户远程存储在云端数据的完整性,成为近年来学术界的一个研究热点.虽然现已提出了很多云审计方案,但大多数方案都假设个人和企业在使用云存储系统的整个过程中,用户及其公私钥始终不变,且不能高效地对数据进行实时动态更新.为此,提出一种轻量级的支持用户可动态撤销及存储数据可动态更新的云审计方案.首先,该方案允许用户可高效地动态撤销(包括更换公私钥),在用户撤销阶段,采用了多重单向代理重签名技术,新用户只需计算重签名密钥,而无需从云端下载数据再重新签名后上传到云端;其次,该方案能够保证数据可实时动态更新(插入、删除、修改),通过在数据块的身份识别码中引入虚拟索引,数据动态更新时,只有被更新数据块的身份识别码发生变化,其余数据块的身份识别码保持不变;最后,在重签名阶段,云服务器代替新用户进行签名,在审计阶段,第三方审计者代表当前用户对存储在远程云服务器上的数据进行完整性验证,减轻了终端用户的计算开销及系统的通信开销(轻量级).安全性分析和性能分析进一步说明,该方案是安全的和高效的.
|
| 关 键 词: | 云审计 数据完整性 用户动态可撤销 轻量级 虚拟索引 隐私保护 |
| 收稿时间: | 2017/9/25 0:00:00 |
| 修稿时间: | 2018/6/6 0:00:00 |
Cloud Auditing Scheme with Dynamic Revocation of Users and Real-time Updates of Data |
| |
| HAN Jing,LI Yan-Ping,YU Yong and DING Yong.Cloud Auditing Scheme with Dynamic Revocation of Users and Real-time Updates of Data[J].Journal of Software,2020,31(2):578-596. |
| |
| Authors: | HAN Jing LI Yan-Ping YU Yong and DING Yong |
| |
| Affiliation: | School of Mathematics and Information Science, Shaanxi Normal University, Xi''an 710119, China,School of Mathematics and Information Science, Shaanxi Normal University, Xi''an 710119, China,School of Computer Science, Shaanxi Normal University, Xi''an 710119, China and Guangxi Key Laboratory of Cryptography and Information Security(Guilin University of Electronic Technology), Guilin 541004, China |
| |
| Abstract: | With the advent of cloud storage, more and more users choose to store large amounts of data on the remote cloud server in order to save local storage resources. In recent years, how to verify the integrity of remote stored data in the cloud has been become a hotspot in academia. Although many cloud auditing protocols have been put forward, most of them are based on the assumption that users (individuals or enterprises) and their public/private keys remain constant in the whole process of using cloud storage system, and these schemes cannot dynamically update data in real time. Therefore, this study proposes a lightweight cloud auditing scheme which supports dynamic revocation of users and real-time updating of data. First of all, this scheme allows users to revoke dynamically and efficiently (including the updating of public private keys), multi-use unidirectional proxy re-signature technology is adopted in the stage of revocation, that is, a new user simply needs to calculate the re-signature key instead of downloading data from the cloud to re-sign and then uploading it to the cloud. Secondly, this scheme can realize the data dynamic updating (inserting, deleting, and modifying) in real time by introducing the virtual index into the identification code of data block. Consequently, only the identification code of updated data block changes while the other''s remain unchanged when dynamically updating data. Finally, in the stage of re-signature, the cloud server is able to represent a new user to re-sign, and in the stage of auditing, third party audit center can represent the current user to verify the integrity of data in the cloud, which greatly reduce the computational overhead of user and communication overhead of system (lightweight). The security and performance analyses of this study further show that the proposed scheme is secure and efficient. |
| |
| Keywords: | cloud auditing data integrity dynamic revocation of users lightweight virtual index privacy protection |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
