面向真实云存储环境的数据持有性证明系统

Provable Data Possession System for Realistic Cloud Storage Environments

对数据动态更新和第三方审计的支持的实现方式是影响现有数据持有性证明(provable data possession,简称PDP)方案实用性的重要因素.提出面向真实云存储环境的安全、高效的PDP系统IDPA-MF-PDP.通过基于云存储数据更新模式的多文件持有性证明算法MF-PDP,显著减少审计多个文件的开销.通过隐式第三方审计架构和显篡改审计日志,最大限度地减少了对用户在线的需求.用户、云服务器和隐式审计者的三方交互协议,将MF-PDP和隐式第三方审计架构结合.理论分析和实验结果表明:IDPA-MF-PDP具有与单文件PDP方案等同的安全性,且审计日志提供了可信的审计结果历史记录;IDPA-MF-PDP将持有性审计的计算和通信开销由与文件数线性相关减少到接近常数.

The methods for supporting dynamic data updates and third-party audit are key factors that affect the practicality of existing provable data possession （PDP） schemes. This article proposes a secure and efficient PDP system called IDPA-MF-PDP for realistic cloud storage environments. The cost of auditing multiple files is dramatically reduced by a multiple-file PDP scheme based on the data update pattern of cloud storage. The requirement for users being online is reduced to the maximum extent by the implicit third-party audit framework and tamper-evident audit logs. The tripartite interaction protocol between the user, the cloud server and the implicit auditor combines MF-PDP with the implicit third-party audit framework. Theoretical analysis and experimental results show that IDPA-MF-PDP has equivalent security property with single-file PDP schemes and the audit log provides a trustworthy history record of audit results; IDPA-MF-PDP reduces the computation and communication overhead of data possession auditing from linear in the number of files to near constant.