面向公有云的数据完整性公开审计方案

针对云数据完整性公开审计中隐私泄漏给第三方审计者（TPA）以及云存储服务器（CSS）发起替代攻击的问题,提出一种面向公有云的数据完整性公开审计方案。该方案首先利用哈希值混淆方法,模糊化云存储服务器返回的证据,以防止TPA分析证据计算出原始数据;然后,在审计过程中,由TPA自行计算出文件Merkle哈希树（MHT）对应挑战请求所选数据块的覆盖树,并与CSS返回的覆盖树作结构匹配,以防止云存储服务器用其他已有数据响应审计挑战。实验结果表明,该方案解决了现有方案隐私问题及攻击问题后,在计算开销、存储开销和通信开销方面的性能不会有数量级变化。     

On the security of auditing mechanisms for secure cloud storage

Cloud computing is a novel computing model that enables convenient and on-demand access to a shared pool of configurable computing resources. Auditing services are highly essential to make sure that the data is correctly hosted in the cloud. In this paper, we investigate the active adversary attacks in three auditing mechanisms for shared data in the cloud, including two identity privacy-preserving auditing mechanisms called Oruta and Knox, and a distributed storage integrity auditing mechanism. We show that these schemes become insecure when active adversaries are involved in the cloud storage. Specifically, an active adversary can arbitrarily alter the cloud data without being detected by the auditor in the verification phase. We also propose a solution to remedy the weakness without sacrificing any desirable features of these mechanisms.     

A security evaluation framework for cloud security auditing

Cloud computing is clearly one of today’s most enticing technologies due to its scalable, flexible, and cost-efficient access to infrastructure and application services. Despite these benefits, cloud service users (CSUs) have serious concerns about the data security and privacy. Currently, there are several cloud service providers (CSPs) offering a wide range of services to their customers with varying levels of security strengths. Due to the vast diversity in the available cloud services, from the customer’s perspective, it has become difficult to decide which CSP they should use and what should be the selection criteria. Presently, there is no framework that can allow CSUs to evaluate CSPs based on their ability to meet the customer’s security requirements. We propose a framework and a mechanism that evaluate the security strength of CSPs based on the customer’s security preferences. We have shown the applicability of our security evaluation framework using a case study.     

Key Derivation Policy for data security and data integrity in cloud computing

Cloud computing is currently emerging as a promising next-generation architecture in the Information Technology (IT) industry and education sector. The encoding process of state information from the data and protection are governed by the organizational access control policies. An encryption technique protects the data confidentiality from the unauthorized access leads to the development of fine-grained access control policies with user attributes. The Attribute-Based Encryption (ABE) verifies the intersection of attributes to the multiple sets. The handling of adding or revoking the users is difficult with respect to changes in policies. The inclusion of multiple encrypted copies for the same key raised the computational cost. This paper proposes an efficient Key Derivation Policy (KDP) for improvement of data security and integrity in the cloud and overcomes the problems in traditional methods. The local key generation process in proposed method includes the data attributes. The secret key is generated from the combination of local keys with the user attribute by a hash function. The original text is recovered from the ciphertext by the decryption process. The key sharing between data owner and user validates the data integrity referred MAC verification process. The proposed efficient KDP with MAC verification analyze the security issues and compared with the Cipher Text–Attribute-Based Encryption (CP-ABE) schemes on the performance parameters of encryption time, computational overhead and the average lifetime of key generation. The major advantage of proposed approach is the updating of public information and easy handling of adding/revoking of users in the cloud.     

图书馆云存储数据安全性问题研究

云存储是在云计算上延伸的一个新的概念,主要是为用户提供数据存储服务.在分析图书馆云存储系统中数据安全隐患的基础上,提出了系统对数据的完整性、保密性和可用性的目标.针对图书馆信息传输过程中的动态数据安全、服务器上的静态数据安全、残留数据的清除和数据恢复等问题,分析了身份访问控制、数据加密存储、数据完整性校验和数据销毁/恢复等安全解决方案.     

云存储服务中支持动态数据完整性检测方法

在云存储服务中,为了让用户可以验证存储在云存储服务器上数据的完整性,提出一种支持动态更新和公开验证的云存储数据完整性检测方法.通过引入双线性对和用户随机选择待检测数据块可以无限次验证数据完整性是否完好无损;可信第三方的引入解决了云用户与云存储供应商在数据完整性问题上产生的纠纷,实现数据完整性的公开验证;然后给出该方法的正确性、安全性以及性能分析,最后通过实验验证了该方法是高效可行的.     

基于代理重签名的支持用户可撤销的云存储数据公共审计方案

针对用户动态可撤销需要新的数据管理员对其前任所管理的数据进行完整性验证的问题,基于单向代理重签名技术提出了具有隐私保护的支持用户可撤销的云存储数据公共审计方案。首先,该方案中所采用的单向代理重签名算法,其代理重签名密钥由当前用户私钥结合已撤销用户公钥生成,不存在私钥泄露问题,能够安全实现数据所有权的转移;其次,该方案证明了恶意的云服务器不能产生伪造的审计证明响应信息来欺骗第三方审计者（TPA）通过审计验证过程;更进一步,该方案采用了随机掩饰码技术,能够有效防止好奇的第三方审计者恢复原始数据块。和Panda方案相比较,所提方案在增加抗合谋攻击功能的基础上,其审计过程中通信开销与计算代价仍全部低于Panda方案。     

Data access control method for multimedia content data sharing and security based on XMDR-DAI in mobile cloud storage

Multimedia Tools and Applications - Mobile cloud storage service is used for users’ multimedia content data sharing or synchronization in effective way with several mobile devices. To save...     

存储分割编码技术在移动云安全中的应用

针对移动终端频繁更新数据效率低、安全性不高的问题,提出一种基于加密技术和编码技术的存储分割编码技术。首先,将移动终端的数据进行等分分割后存储在云端,通过编码技术标记每份数据;然后,用户在更新数据时下载相应数据块信息进行更新;最后,更新完的数据块通过重新编码,加密上传到云端相应位置,组合成完整的数据进行存储。实验结果表明,相比传统移动云安全方案(AES加密方案和RC编码),存储分割编码技术在频繁更新云端数据时节省了文件转换时间,同时大幅降低了移动终端的性能消耗。该方案能够显著提高更新数据的效率及移动终端的资源利用率,同时有效增强了移动云数据的机密性和完整性,对于移动终端频繁更新云端数据的需求,具有明显优势。     

Efficient integrity verification of replicated data in cloud using homomorphic encryption

The cloud computing is an emerging model in which computing infrastructure resources are provided as a service over the internet. Data owners can outsource their data by remotely storing them in the cloud and enjoy on-demand high quality services from a shared pool of configurable computing resources. However, since data owners and the cloud servers are not in the same trusted domain, the outsourced data may be at risk as the cloud server may no longer be fully trusted. Therefore, data confidentiality, availability and integrity is of critical importance in such a scenario. The data owner encrypts data before storing it on the cloud to ensure data confidentiality. Cloud should let the owners or a trusted third party to check for the integrity of their data storage without demanding a local copy of the data. Owners often replicate their data on the cloud servers across multiple data centers to provide a higher level of scalability, availability, and durability. When the data owners ask the cloud service provider (CSP) to replicate data, they are charged a higher storage fee by the CSP. Therefore, the data owners need to be strongly convinced that the CSP is storing data copies agreed on in the service level contract, and data-updates have been correctly executed on all the remotely stored copies. To deal with such problems, previous multi copy verification schemes either focused on static files or incurred huge update costs in a dynamic file scenario. In this paper, we propose a dynamic multi-replica provable data possession scheme (DMR-PDP) that while maintaining data confidentiality prevents the CSP from cheating, by maintaining fewer copies than paid for and/or tampering data. In addition, we also extend the scheme to support a basic file versioning system where only the difference between the original file and the updated file is propagated rather than the propagation of operations for privacy reasons. DMR-PDP also supports efficient dynamic operations like block modification, insertion and deletion on replicas over the cloud servers. Through security analysis and experimental results, we demonstrate that the proposed scheme is secure and performs better than some other related ideas published recently.     

云计算下的数据存储安全可证明性综述

云计算的数据服务外包可以减少数据所有者本地的存储和维护压力,然而用户会因此失去对数据可靠性和安全的物理控制。于是如何确保云中数据的安全就成为了非常有挑战性的任务和难题。在全面研究云计算数据存储安全现有成果的基础上,介绍了云计算数据存储的基本架构,并从可检索证明和可证明数据拥有两个角度分析了相关研究方案的发展,从公共认证、同态认证、数据动态化、隐私保护、批审计和多服务器环境得方面讨论了协议的功能设计,并且列表进行了功能和开销对比,在此基础上提出了一个比较完备的云计算环境下的协议框架。最后总结并阐述了后续工作。     

Practical cloud storage auditing using serverless computing

Cloud storage auditing research is dedicated to solving the data integrity problem of outsourced storage on the cloud. In recent years, researchers have proposed various cloud storage auditing schemes using different techniques. While these studies are elegant in theory, they assume an ideal cloud storage model;that is, they assume that the cloud provides the storage and compute interfaces as required by the proposed schemes. However, this does not hold for mainstream cloud storage systems becau...     

Dynamic data auditing scheme for big data storage

When users store data in big data platforms,the integrity of outsourced data is a major concern for data owners due to the lack of direct control over the data.However,the existing remote data auditing schemes for big data platforms are only applicable to static data.In order to verify the integrity of dynamic data in a Hadoop big data platform,we presents a dynamic auditing scheme meeting the special requirement of Hadoop.Concretely,a new data structure,namely Data Block Index Table,is designed to support dynamic data operations on HDFS(Hadoop distributed file system),including appending,inserting,deleting,and modifying.Then combined with the MapReduce framework,a dynamic auditing algorithm is designed to audit the data on HDFS concurrently.Analysis shows that the proposed scheme is secure enough to resist forge attack,replace attack and replay attack on big data platform.It is also efficient in both computation and communication.     

Enhancing cloud storage security against a new replay attack with an efficient public auditing scheme

The Journal of Supercomputing - The cloud storage service becomes a popular tendency based on the cloud computing, which can solve user’s storage bottleneck problem. Data security problems...     

Identity-based public data integrity verification scheme in cloud storage system via blockchain

The Journal of Supercomputing - Almost all existing data integrity verification schemes upload outsourced files and tags set to the CSP simultaneously. Thus, in this paper, we provide a novel idea...     

支持动态操作的多副本数据完整性验证方案

针对云存储环境下外包数据面临的安全隐患，并结合现有云数据完整性验证方案的不足，提出了支持动态操作的多副本数据完整性验证方案。方案考虑了多副本应用场景，并在现有云数据完整性验证方案的基础上以较小的代价实现了文件的多副本验证，并通过引入认证的数据结构—基于等级的Merkle哈希树，实现了文件的可验证动态更新。通过对多副本进行关联，可以实现多个副本的同步更新。安全性分析与实验表明了该方案的安全性与有效性，实现了数据的安全存储与更新，并有效保证了数据多副本的隐私安全。     

云存储中利用TPA的数据隐私保护公共审计方案

针对云存储中用户数据完整性和私密性易受破坏的问题,提出了一种能够保证云数据完整性和私密性的高效方法。首先定义了隐私保护公共审计算法,然后采用第三方审计方法为用户进行数据审计,最后在随机oracle模型上验证了方案具有较高的安全性和隐私性。计算开销分析表明,相比其他审计方案,所提出方案在服务计算方面更加高效。     

一种基于同态标签的动态云存储数据完整性验证方法

在云存储服务中,为使用户可以随时验证存储在云存储服务器上数据的完整性,提出一种基于同态标签的动态数据完整性验证方法。通过引入同态标签和用户随机选择待检测数据块,可以无限次验证数据是否完好无损,并支持数据动态更新;可信第三方的引入解决了云用户与云存储服务供应商因数据完整性问题产生的纠纷,实现数据完整性的公开验证;然后给出该方法的正确性和安全性分析,以及该方法的性能分析;最后通过实验验证了该方法是高效可行的。     

Secure and efficient privacy-preserving public auditing scheme for cloud storage

Cloud computing poses many challenges on integrity and privacy of users’ data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.