摘要
基于身份数据完整性认证方案中,前向安全性保障了用户密钥泄露的情况下,敌手无法伪造密钥泄露前消息的合法标签信息。首先分析了支持前向安全性的云数据完整性验证方案,分析表明此方案易遭受密钥恢复攻击,即云服务器可以利用存储的数据恢复出用户的密钥。然后针对此方案的缺陷,提出了一个可行的修正方法,虽然可以抵御密钥恢复攻击,但是在修正方案中用户的通信成本和开销较大。最后提出了一个新的支持前向安全的基于身份数据完整性验证方案,在随机预言模型下证明新方案可以提供前向安全性、健壮性等安全需求,并且用户的通信成本和计算开销与原有方案一致。
In the identity-based cloud data integrity verification scheme,the forward security ensures that the adversary cannot forge legal authentication tag even if the private key of data user is compromised.Firstly,the security of an identity-based cloud data integrity verification scheme is analyzed.The anlysis results show that the scheme is vulnerable to key recovery attacks.The cloud server can recover user private key by utilizing the stored data and authentication tags.Then,a modified approach is proposed to prevent key recovery attacks,but the revised scheme results in heavy computation cost and communication overhead.Finally,a new data integrity verification scheme supporting forward security is proposed.The new scheme can satisfy requirements for the forward security and the robustness in the random oracle model.Additionally,the user communication overhead and the computation cost are in agreement with that of original scheme.
作者
王少辉
潘笑笑
王志伟
肖甫
王汝传
WANG Shaohui;PAN Xiaoxiao;WANG Zhiwei;XIAO Fu;WANG Ruchuan(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210003,China;Key Laboratory of Jiangsu High Technology Research for Wireless Sensor Network,Nanjing University of Posts and Telecommunications,Nanjing 210003,China)
出处
《南京邮电大学学报(自然科学版)》
北大核心
2019年第1期79-86,共8页
Journal of Nanjing University of Posts and Telecommunications:Natural Science Edition
基金
国家自然科学基金(61373006
61373139
61672016)
江苏省科技支撑计划(61003236)
南京邮电大学校级科研基金(NY214064
NY213036)资助项目
关键词
云存储
基于身份密码系统
数据完整性
前向安全
cloud storage
identity-based cryptosystem
data integrity
forward security
