摘要
为解决现存数据完整性验证方案中用户难以实时撤销且撤销成本大的问题,提出用户可实时撤销的云存储数据验证方案,为用户设计一个管理员属性,实现用户实时撤销;利用代理重签名技术实现用户撤销过程中的签名替换,避免新用户重新从云端下载数据进行签名并上传;利用代理服务器的可信执行环境保证重签名阶段的信息安全,保护签名信息不被篡改或泄露;在审计挑战中采用随机掩码隐藏关键信息,避免好奇的第三方审计者通过验证信息获取到用户的真实数据。安全分析和性能分析进一步表明,方案是安全且高效的。
To solve the problem that it is difficult for users to revoke in real time and the cost of revocation is high in the existing data integrity verification schemes,a cloud storage data integrity verification scheme that realized the user’s real-time revocation was proposed,and an administrator attribute was designed for the user to realize the user’s real-time revocation.An administrator attribute for users was designed to realize real-time revocation of users.The proxy re-signature technology was used to realize the signature replacement in the process of user revocation,so as to avoid new users downloading data from the cloud again for signing and uploading.The trusted execution environment of proxy server was used to ensure the information security in the re-signature stage and protect the signature information from tampering or disclosure.In the audit challenge,the random mask was used to hide the key information,so as to avoid the curious third-party audit and obtain the user’s real data through the verification information.Security analysis and performance analysis further show that the scheme is safe and efficient.
作者
马海峰
王俊华
薛庆水
时雪磊
张继
杨家海
MA Hai-feng;WANG Jun-hua;XUE Qing-shui;SHI Xue-lei;ZHANG Ji;YANG Jia-hai(School of Computer Science and Information Engineering,Shanghai Institute of Technology,Shanghai 201418,China;Institute for Network Sciences and Cyberspace,Tsinghua University,Beijing 100084,China)
出处
《计算机工程与设计》
北大核心
2023年第10期2943-2949,共7页
Computer Engineering and Design
基金
国家“十三五”重点研发计划基金项目(2017YFB0803004)
国家重点研发计划基金项目(2018YFB1800200)
上海应用技术大学引进人才项目启动基金项目(39120K196002-A06)。
关键词
云存储
用户实时撤销
数据完整性
代理重签名
可信执行环境
数据验证
隐私保护
cloud storage
users revoke in real time
data integrity
proxy re-signature
trusted execution environment
data verification
privacy protection
