摘要
Private data leakage is a threat to current integrity verification schemes of cloud components. To address this issue, this work proposes a privacy-enhancing Structural Integrity Verification (SIV) approach. It is made up of three processes: proof organization, proof transformation, and integrity judgement. By introducing a Merkle tree technique, the integrity of a constituent part of a cloud component on a node is represented by a root value. The value is then masked to cipher texts in proof transformation. With the masked proofs, a structural feature is extracted and validated in an integrity judgement by a third-party verification provider. The integrity of the cloud component is visually displayed in the output result matrix. If there are abnormities, the corrupted constituent parts can be located. Integrity is verified through the encrypted masked proofs. All raw proofs containing sensitive information stay on their original nodes, thus minimizing the attack surface of the proof data, and eliminating the risk of leaking private data at the source. Although some computations are added, the experimental results show that the time overhead is within acceptable bounds.
Private data leakage is a threat to current integrity verification schemes of cloud components. To address this issue, this work proposes a privacy-enhancing Structural Integrity Verification(SIV) approach. It is made up of three processes: proof organization, proof transformation, and integrity judgement. By introducing a Merkle tree technique, the integrity of a constituent part of a cloud component on a node is represented by a root value. The value is then masked to cipher texts in proof transformation. With the masked proofs, a structural feature is extracted and validated in an integrity judgement by a third-party verification provider. The integrity of the cloud component is visually displayed in the output result matrix. If there are abnormities, the corrupted constituent parts can be located. Integrity is verified through the encrypted masked proofs. All raw proofs containing sensitive information stay on their original nodes, thus minimizing the attack surface of the proof data, and eliminating the risk of leaking private data at the source. Although some computations are added, the experimental results show that the time overhead is within acceptable bounds.
基金
supported by the National Key Basic Research and Development(973) Program of China(No.2014CB340600)
Wuhan FRONTIER Program of Application Foundation(No.2018010401011295)
the National Natural Science Foundation of China(No.61802239)
the Fundamental Research Funds for the Central Universities(No.GK201803061)
China Postdoctoral Science Foundation(No.2018M631121)
