支持受损数据定位与恢复的动态群用户可证明存储

云计算的外包存储模式导致数据拥有者的数据所有权和管理权分离，进而改变了数据存储网络模型和安全模型。为了有效应对云服务器端的软硬件故障及潜在的不诚实服务提供商，确保数据拥有者数据的可用性，设计安全、高效的数据可用性、可恢复性审计方案对于解决用户担忧、保证云数据安全具有重要的理论和实践价值。然而，现有研究多针对数据完整性或者可恢复性方案的安全性和效率进行设计，没有考虑动态群用户下受损数据的快速定位和可靠恢复问题。因此，针对动态群用户环境中受损数据定位与恢复问题，设计了一个可公开验证的动态群组云用户存储证明方案。该方案在检测到数据受损时，任何可信的第三方审计者能够通过挑战协议快速定位受损数据，并在数据受损程度小于纠错能力门限情况下允许云平台对数据进行可靠恢复。该方案结合关联计算和累加计算，有效减少了受损数据定位的计算次数；通过纠删码与共享编码技术，方案能够实现用户受损数据的有效恢复。同时，方案支持用户的动态撤销，确保了群用户共享数据在用户撤销后的完整性审计和可靠恢复。定义了方案的网络模型和威胁模型，并在相应安全模型下证明了所设计方案的安全性。通过真实环境下的原型系统实现和模块化性能分析，证明...

Proof of storage with corruption identification and recovery for dynamic group users

The outsourced storage mode of cloud computing leads to the separation of data ownership and management rights of data owners, which changes the data storage network model and security model.To effectively deal with the software and hardware failures of the cloud server and the potential dishonest service provider and also ensure the availability of the data owners’ data, the design of secure and efficient data availability and recoverability auditing scheme has both theoretical and practical importance in solving the concern of users and ensuring the security of cloud data.However, most of the existing studies were designed for the security and efficiency of data integrity or recoverability schemes, without considering the fast identification and reliable recovery of damaged data under dynamic group users.Thus, to quickly identify and recover damaged data, a publicly verifiable proof of storage scheme was proposed for dynamic group cloud users.The designed scheme enabled a trusted third-party auditor to efficiently identify the damaged files through a challenge-response protocol and allowed the cloud storage server to effectively recover them when the degree of data damage is less than an error correction ability threshold.The scheme combined association calculation and accumulation calculation, which effectively reduced the number of calculations for the identification of damaged data.By combining erasure coding and shared coding technology, the scheme achieved effective recovery of damaged data of dynamic group users.At the same time, the scheme also supported dynamic user revocation, which ensured the integrity audit and reliable recovery of the collective data after user revocation.The network model and threat model of the designed scheme were defined and the security of the scheme under the corresponding security model was proved.Through the prototype implementation of the scheme in the real environment and the modular performance analysis, it is proved that the proposed scheme can effectively identify the damaged data and reliably recover the cloud data when the data is damaged.Besides, compared with other schemes, it is also proved that the proposed scheme has less computational overhead in identifying and recovering damaged data.