摘要
针对云端多副本审计问题,提出了一种基于Shamir秘密共享的审计方案.该方案利用Shamir秘密共享算法为同一数据文件的所有副本生成不同的数据标签,以防范云服务提供商的多种攻击,且根据该算法特性生成的聚合标签能有助于实现云服务提供商未完全持有全部副本数据时的出错定位;利用BLS(BonehLynn-Shacham)签名和双线性映射技术实现了多副本的批量审计,避免了云服务提供商与审计者之间的多次交互,从而降低了审计过程中的通信开销;通过在用户数据预处理阶段引入随机掩码实现了对合谋攻击的防范,并在审计过程中应用随机掩码避免了用户隐私的泄漏.对提出方案的安全性进行了理论证明,并与已有方法在性能方面进行了比较和实验分析.结果表明:提出的方案能够有效地实现多副本数据的安全审计,并较之已有方法具有更小的时空开销.
For auditing the integrity of multiple-replica in clouds,apublic auditing scheme based on Shamir secret sharing was presented.The scheme can generate diverse data tags for different replicas of a given file using Shamir-secret-sharing algorithm,which is helpful for avoiding possible attacks from cloud service provider(CSP)and locating errors while the CSP does not exactly store all required replicas.Further,the scheme support batch auditing for multiple-replicas using Boneh-Lynn-Shacham(BLS)signature and bilinear maps,which can cut down times of interactions between the CSP and the auditor,and reduce communication costs.Moreover,random masks were introduced in user′s data preprocessing and auditing process to avert conspiracy attack of the CSP and prevent privacy leakage.The security of the presented scheme was proved in theory,and the auditing performance was experimentally compared with that of the previous work.The experimental results demonstrate that the proposed scheme can effectively achieve secure auditing for multiple-replica in clouds,and outperforms the existing methods on both time and space costs.
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2016年第3期77-82,共6页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家自然科学基金资助项目(U1405254
61302094)
福建省自然科学基金资助项目(2014J01238)
福建省高校杰出青年科研人才培育计划资助项目(MJK2015-54)
福建省中青年教师教育科研项目(JA13012)
中央高校基本科研业务费中青年教师资助项目(ZQN-PY115)
华侨大学科研创新团队和领军人才资助项目(2014KJTD13)
关键词
云存储
多副本
公开审计
完整性验证
秘密共享
cloud storage
multiple-replicas
public auditing
integrity verification
secret sharing