具有数据上传管控的无证书可证明数据持有方案

随着大数据技术的发展,云存储受到了越来越多的关注。它在给用户带来诸多便利的同时,也产生了新的安全挑战。由于用户在将数据存储到云端后就失去了对数据的直接控制,如何安全有效地检测存储在云端数据的完整性成为一个重要的安全挑战。可证明数据持有技术(PDP)是近年来的一个研究热点,它可以在不下载全部数据的情况下实现云数据的完整性检测。然而,绝大多数已存在的PDP方案或者存在复杂的证书管理问题,或者存在密钥托管问题。除此之外,这些方案都没有考虑数据上传的管控问题。针对上述问题,文章提出了一种具有数据上传管控的无证书可证明数据持有的方案,该方案首先利用权限管理和秘密共享技术,实现了对数据上传过程的管控,即只有当超过一定门限值的用户同意后才可将数据上传到云端,避免了用户随意上传数据的行为;其次利用无证书的密码技术,既避免了密钥托管问题,又简化了证书管理的操作。同时,也对方案的安全性和性能进行了分析。

Certificateless Provable Data Possession with Data Uploading Control

With the development of big data technology,cloud storage has received more and more attention.While it brings a lot of convenience to users,it also creates new security challenges.Since users lose direct control over data after storing data on the cloud,how to safely and effectively detect the integrity of data stored on the cloud becomes an important security challenge.The technology of PDP has been a research hot spot in recent years,which can realize the integrity detection of cloud data without downloading all the data.However,most existing PDP schemes either have complex certificate management issues or have key escrow issues.In addition,these schemes do not consider the issue of control over data uploads.In view of the above problems,we propose a scheme of certificateless provable data possession with data uploading control.It first uses the technology of rights management and secret sharing to realize the control of the data uploading process,that is,only over threshold users can upload the data to the cloud,which avoids the user’s randomly uploading behavior.Secondly,the certificateless cryptographic technology is utilized,which avoids the key escrow problem and simplifies the operation of certificate management.At the same time,the security and performance of the solution are also analyzed.