基于同态hash的数据多副本持有性证明方案

为检查云存储中服务提供商(CSP)是否按协议完整地存储了用户的所有数据副本,在分析并指出一个基于同态hash的数据持有性证明方案安全缺陷的基础上,对其进行了改进和扩展,提出了一个多副本持有性证明方案。为实现多副本检查,将各副本编号与文件连接后利用相同密钥加密以生成副本文件,既有效防止了CSP各服务器的合谋攻击,又简化了用户和文件的授权访问者的密钥管理;为提高检查效率,利用同态hash为数据块生成验证标签,实现了对所有副本的批量检查;为保证方案安全性,将文件标志和块位置信息添加到数据块标签中,有效防止了CSP进行替换和重放攻击。安全性证明和性能分析表明,该方案是正确和完备的,并具有计算、存储和通信负载低,以及支持公开验证等特点,从而为云存储中数据完整性检查提供了一种可行的方法。

Multiple-replica provable data possession based on homomorphic hash

In cloud storage, in order to check whether all the file replicas were stored by the CSP cloud service provider intactly, this paper proposed a multiple-replica provable data possession scheme by improving and extending one scheme based on homomorphic hash. To achieve multiple-replica checking, it generated differentiable replicas by using a single key to encrypt the concatenation of the serial numbers of replicas and the file. Differentiable replicas could prevent the colluding attack among servers, and simplify the key management of cloud user and authorized file users. To improve checking performance, it generated the verifying tags by homomorphic hash, which enabled the batch checking of all replicas. It added the information of file identification and block position into the block tags to prevent both of the replace and replay attacks from the CSP. The security and performance analysis shows that the scheme is correct and sound, and has some favorable characteristics, which includes low computing, storing and communicating load, and public verifiability support. Therefore, this scheme provides a practicable method for integrity checking in cloud storage.