基于分治表的云存储数据完整性审计方案

本文基于分治表和双线性对技术,提出基于分治表的云存储数据完整性审计方案。提出的方案不但能满足云存储数据的完整性审计的安全要求,同时设计的数据结构分治表(DCT)能更加高效的支持外包的动态操作。云存储数据完整性检查受到了学术各界的广泛关注,而且现有的数据审计方案并不能很好数据动态更新问题。     

支持条件身份匿名的云存储医疗数据轻量级完整性验证方案

医疗云存储服务是云计算技术的一个重要应用,同时外包医疗数据的完整性和用户的身份隐私保护已变得越来越重要。该文提出适用于无线医疗传感器网络的支持条件身份匿名的外包云存储医疗数据轻量级完整性验证方案。方案结合同态哈希函数设计了聚合签名,通过第三方审计者(TPA)对外包云存储医疗数据进行完整性验证,在TPA端存放审计辅助信息,利用同态哈希函数的同态性质将TPA端的计算优化为常量运算,大大降低了第三方审计者的计算开销,同时支持TPA对多个数据文件执行批量验证,其验证开销几乎是恒定的,与医疗数据文件的数量无关。方案有效防止了第三方审计者通过求解线性方程恢复原始医疗数据,并且设计了条件身份匿名算法,密钥生成中心(PKG)根据用户唯一标识的身份信息为用户生成匿名身份及对应的签名私钥。即使攻击者截获到用户传输的医疗数据,也无法获知拥有此数据的真实身份,有效避免了对公钥证书的复杂管理,同时使得密钥生成中心可以有效追踪医疗信息系统中具有恶意行为的用户。安全性分析与性能评估结果表明该方案能够安全高效地部署在云辅助无线医疗传感器网络。     

基于椭圆曲线的云存储数据完整性的验证研究

针对当前常用的云存储数据完整性验证方案已无法适应数据验证需要的问题,提出了基于椭圆曲线的云存储数据完整性验证方案ECPDP,分别设计了二方参与、三方参与和动态验证的云存储数据验证的椭圆曲线方案。然后基于Open SSL密码库对传统PDP和ECPDP云存储数据完整性验证方案进行了性能对比实验,实验结果表明,ECPDP方案在协议的预处理性能、验证性能及挑战性能方面均较传统的PDP协议有所提高,且不降低协议的安全性。     

云存储中数据完整性保护关键技术研究

数据完整性是数据保护工作实施的关键与核心,因而在此基础上,为了实现对云存储数据的有效应用,要求相关技术人员在对云端服务器进行操控过程中应提高数据完整性保护意识,继而提升云数据服务器数据可信度,满足当前云存储数据应用需求。     

一种新的满足隐私性的云存储公共审计方案

在云存储网络环境中,数据的安全性、完整性和隐私性是用户最关心的问题之一.云存储服务中,用户将存储的数据和认证标识信息存储在云服务器中.为了保证存储数据的完整性,云存储服务提供者需要向用户或第三方审计者证明其正确地持有用户存储的数据.公共审计是指由用户以外的第三方代替用户完成审计工作,这对于计算资源比较有限的用户尤其重要.目前多数云存储审计方案没有考虑隐私性问题.本文提出了一种新的可聚合基于签名的广播加密(ASBB)方案,并在此基础上设计了新的满足隐私性的云存储公共审计方案.新方案在随机预言模型下是可证安全的,并且在计算开销方面更具有优势.     

基于区块链的细粒度云数据安全存储与删除方案

在基于云计算的存储与删除服务中,由于外包数据所有权和管理分离,现有的逻辑删除机制使云上的数据很容易暴露给未经授权的用户,甚至云服务器可能未遵循用户要求删除相应数据.为此,该文提出一种细粒度的安全云端数据存储与删除方案.基于椭圆曲线构造了基于密文策略的属性基加密以实现外包数据细粒度访问控制,应用区块链实现可公开验证的安全数据删除.该文方案具有责任可追踪性以及两方删除与可验证性等特性.理论分析与实验结果表明该文方案具有较好的安全性和较高的性能,能够满足云数据共享与安全删除的需求.     

云存储数据完整性校验机制研究

云数据存储是未来数据存储的发展方向,但云数据远程存储使用户面临巨大的安全威胁。文章首先研究云存储架构及云数据安全存储问题,其次,分析云数据保护模型,设计云数据完整性校验机制,该机制基于Hash算法,随机化抽取数据块,最后,分析验证该机制系统开销小,置信度高,能够实现云数据完整性校验。     

基于区块链的细粒度云数据安全存储与删除方案

在基于云计算的存储与删除服务中,由于外包数据所有权和管理分离,现有的逻辑删除机制使云上的数据很容易暴露给未经授权的用户,甚至云服务器可能未遵循用户要求删除相应数据.为此,该文提出一种细粒度的安全云端数据存储与删除方案.基于椭圆曲线构造了基于密文策略的属性基加密以实现外包数据细粒度访问控制,应用区块链实现可公开验证的安全...     

如何用云存储构建IDC中的存储云服务

电信运营商的IDC是信息的集散地。采用云计算的理念和技术来建设、管理IDC可以有效地提高资源的利用率,提升IDC服务的内容和服务质量。本文通过分析云存储的种类和特点．阐述了如何科学地选择合适的云存储来构建IDC的存储云服务．以满足IDC在开展和推广不同层次的业务时对存储的服务要求。     

An Efficient Method for Checking the Integrity of Data in the Cloud

Cloud computing and storage services allow clients to move their data center and applications to centralized large data centers and thus avoid the burden of local data storage and maintenance. However, this poses new challenges related to creating secure and reliable data storage over unreliable service providers. In this study, we address the problem of ensuring the integrity of data storage in cloud computing. In particular, we consider methods for reducing the burden of generating a constant amount of metadata at the client side. By exploiting some good attributes of the bilinear group, we can devise a simple and efficient audit service for public verification of untrusted and outsourced storage, which can be important for achieving widespread deployment of cloud computing. Whereas many prior studies on ensuring remote data integrity did not consider the burden of generating verification metadata at the client side, the objective of this study is to resolve this issue. Moreover, our scheme also supports data dynamics and public verifiability. Extensive security and performance analysis shows that the proposed scheme is highly efficient and provably secure.     

A Data Assured Deletion Scheme in Cloud Storage

In order to provide a practicable solution to data confidentiality in cloud storage service, a data assured deletion scheme, which achieves the fine grained access control, hopping and sniffing attacks resistance, data dynamics and deduplication, is proposed. In our scheme, data blocks are encrypted by a two-level encryption approach, in which the control keys are generated from a key derivation tree, encrypted by an All-Or- Nothing algorithm and then distributed into DHT network after being partitioned by secret sharing. This guarantees that only authorized users can recover the control keys and then decrypt the outsourced data in an owner- specified data lifetime. Besides confidentiality, data dynamics and deduplication are also achieved separately by adjustment of key derivation tree and convergent encryption. The analysis and experimental results show that our scheme can satisfy its security goal and perform the assured deletion with low cost.     

基于代数签名且支持数据动态更新的云数据完整性验证方案(英文)

Cloud storage is one of the main application of the cloud computing. With the data services in the cloud, users is able to outsource their data to the cloud, access and share their outsourced data from the cloud server anywhere and anytime. However, this new paradigm of data outsourcing services also introduces new security challenges, among which is how to ensure the integrity of the outsourced data. Although the cloud storage providers commit a reliable and secure environment to users, the integrity of data can still be damaged owing to the carelessness of humans and failures of hardwares/softwares or the attacks from external adversaries. Therefore, it is of great importance for users to audit the integrity of their data outsourced to the cloud. In this paper, we first design an auditing framework for cloud storage and proposed an algebraic signature based remote data possession checking protocol, which allows a third-party to auditing the integrity of the outsourced data on behalf of the users and supports unlimited number of verifications. Then we extends our auditing protocol to support data dynamic operations, including data update, data insertion and data deletion. The analysis and experiment results demonstrate that our proposed schemes are secure and efficient.     

一种有效率的方法用于检测云中数据的完整性(英文)

Cloud computing and storage services allow clients to move their data center and applications to centralized large data centers and thus avoid the burden of local data storage and maintenance.However,this poses new challenges related to creating secure and reliable data storage over unreliable service providers.In this study,we address the problem of ensuring the integrity of data storage in cloud computing.In particular,we consider methods for reducing the burden of generating a constant amount of metadata at the client side.By exploiting some good attributes of the bilinear group,we can devise a simple and efficient audit service for public verification of untrusted and outsourced storage,which can be important for achieving widespread deployment of cloud computing.Whereas many prior studies on ensuring remote data integrity did not consider the burden of generating verification metadata at the client side,the objective of this study is to resolve this issue.Moreover,our scheme also supports data dynamics and public verifiability.Extensive security and performance analysis shows that the proposed scheme is highly efficient and provably secure.     

云数据存储和管理标准化研究

分析云数据存储和管理面临的挑战,指出云数据存储和管理接口标准化问题,提出云数据存储和管理接口标准体系架构,并对标准体系架构中两类云数据存储接口和三类云数据管理接口分别进行阐述,提出未来的标准化工作建议.     

大数据场景下的云存储技术与应用

文章认为随着大数据应用规模的扩大,新业务环境和场景对海量云存储需求的迫切,云存储平台需要打破原有的框架,改变组网和管理方式,以满足新的业务需求。文章分析了各种场景,提出了云存储的需求及关键技术等。文章指出大数据需求促进了云存储的发展,而云存储的发展则带动了新的业务应用。     

云计算中抗共谋攻击的数据位置验证协议

针对云计算中数据位置验证存在的共谋攻击,本文提出了抗共谋攻击的数据位置验证协议.首先给出了数据位置验证的系统模型,分析了安全威胁,并给出了数据位置验证的安全定义.随后,将安全定位协议与数据持有性证明协议相结合,设计了一维空间下的数据位置验证协议,并证明了所提协议满足安全定义且能抵御共谋攻击.在一维协议基础之上,构建了三维空间下的数据位置验证协议.最后,在三维空间下将本文所提协议与Lost协议和Geoproof协议进行了性能的测试和比较.结果表明所提协议能够验证服务器具体位置且能抵御共谋攻击.     

一种适于云存储的数据确定性删除方法

 为保护云存储模式下数据的机密性,本文提出了一种适于云存储系统的数据确定性删除方法.该方法通过密钥派生树组织管理密钥,将密钥经秘密共享方案处理后分发到DHT网络中,利用DHT网络的动态特性实现密钥的定期删除,使得在非授权时间内密文数据不能被解密和访问,从而实现云存储系统中数据的确定性删除.实验结果表明,该方法能够有效地删除密钥,且性能开销低,满足云存储系统中过期数据或备份文件的确定性删除要求.