Reducing Computational and Communication Complexity for Dynamic Provable Data Possession

Nowadays, an increasing number of persons choose to outsource their computing demands and storage demands to the Cloud. In order to ensure the integrity of the data in the untrusted Cloud, especially the dynamic files which can be updated online, we propose an improved dynamic provable data possession model. We use some homomorphic tags to verify the integrity of the file and use some hash values generated by some secret values and tags to prevent replay attack and forgery attack. Compared with previous works, our proposal reduces the computational and communication complexity from O(logn) to O(1). We did some experiments to ensure this improvement and extended the model to file sharing situation.

A Novel Provable Data Possession Scheme Based on Geographic Location Attribute

Increment of mobile cloud video motivates mobile users to utilize cloud storage service to address their demands, cloud storage provider always furnish a location-independent platform for managing user＇s data. However, mobile users wonder if their cloud video data leakage or dynamic migration to illegal service providers. In this paper, we design a novel provable data possession protocol based on data geographic location attribute, which allows data owner to auditing the integrity of their video data, which put forward an ideal choice for remote data possession checking in the mobile cloud storage. In our proposed scheme, we check out whether the video data dynamic migrate to an unspecified location （such as： overseas） by adding data geographic location attribute tag into provable data possession protocol. Moreover, we make sure the security of our proposed scheme under the Computational Diffic-Hellman assumption. The analysis and experiment results demonstrate that our proposed scheme is provably secure and efficient.

Blockchain-Based Light-Weighted Provable Data Possession for Low Performance Devices

Provable Data Possession(PDP)schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading.However,with the emerging of network consisting of low performance devices such as Internet of Things,we find that there are still two obstacles for applying PDP schemes.The first one is the heavy computation overhead in generating tags for data blocks,which is essential for setting up any PDP scheme.The other one is how to resist collusion attacks from third party auditors with any possible entities participating the auditing.In this paper,we propose a novel blockchain-based light-weighted PDP scheme for low performance devices,with an instance deployed on a cloud server.We design a secure outsourced tag generating method for low performance devices,which enables a kind of“hash-sign-switch”two-phase tag computing.With this method,users with low performance devices can employ third party auditors to compute modular exponential operations that accounts for the largest portion of computation overhead in tag generation,without leaking their data content.Chaincodes in blockchain network ensure the correctness of such outsourcing and prevent collusion attacks.The security analysis and performance evaluation prove that our scheme is both secure and efficient.

Sec-Auditor:A Blockchain-Based Data Auditing Solution for Ensuring Integrity and Semantic Correctness

Currently,there is a growing trend among users to store their data in the cloud.However,the cloud is vulnerable to persistent data corruption risks arising from equipment failures and hacker attacks.Additionally,when users perform file operations,the semantic integrity of the data can be compromised.Ensuring both data integrity and semantic correctness has become a critical issue that requires attention.We introduce a pioneering solution called Sec-Auditor,the first of its kind with the ability to verify data integrity and semantic correctness simultaneously,while maintaining a constant communication cost independent of the audited data volume.Sec-Auditor also supports public auditing,enabling anyone with access to public information to conduct data audits.This feature makes Sec-Auditor highly adaptable to open data environments,such as the cloud.In Sec-Auditor,users are assigned specific rules that are utilized to verify the accuracy of data semantic.Furthermore,users are given the flexibility to update their own rules as needed.We conduct in-depth analyses of the correctness and security of Sec-Auditor.We also compare several important security attributes with existing schemes,demonstrating the superior properties of Sec-Auditor.Evaluation results demonstrate that even for time-consuming file upload operations,our solution is more efficient than the comparison one.

Blockchain-based Privacy-Preserving Group Data Auditing with Secure User Revocation

Progress in cloud computing makes group data sharing in outsourced storage a reality.People join in group and share data with each other,making team work more convenient.This new application scenario also faces data security threats,even more complex.When a user quit its group,remaining data block signatures must be re-signed to ensure security.Some researchers noticed this problem and proposed a few works to relieve computing overhead on user side.However,considering the privacy and security need of group auditing,there still lacks a comprehensive solution to implement secure group user revocation,supporting identity privacy preserving and collusion attack resistance.Aiming at this target,we construct a concrete scheme based on ring signature and smart contracts.We introduce linkable ring signature to build a kind of novel meta data for integrity proof enabling anonymous verification.And the new meta data supports secure revocation.Meanwhile,smart contracts are using for resisting possible collusion attack and malicious re-signing computation.Under the combined effectiveness of both signature method and blockchain smart contracts,our proposal supports reliable user revocation and signature re-signing,without revealing any user identity in the whole process.Security and performance analysis compared with previous works prove that the proposed scheme is feasible and efficient.

Blockchain-Based Privacy-Preserving Public Auditing for Group Shared Data

Cloud storage has been widely used to team work or cooperation devel-opment.Data owners set up groups,generating and uploading their data to cloud storage,while other users in the groups download and make use of it,which is called group data sharing.As all kinds of cloud service,data group sharing also suffers from hardware/software failures and human errors.Provable Data Posses-sion(PDP)schemes are proposed to check the integrity of data stored in cloud without downloading.However,there are still some unmet needs lying in auditing group shared data.Researchers propose four issues necessary for a secure group shared data auditing:public verification,identity privacy,collusion attack resis-tance and traceability.However,none of the published work has succeeded in achieving all of these properties so far.In this paper,we propose a novel block-chain-based ring signature PDP scheme for group shared data,with an instance deployed on a cloud server.We design a linkable ring signature method called Linkable Homomorphic Authenticable Ring Signature(LHARS)to implement public anonymous auditing for group data.We also build smart contracts to resist collusion attack in group auditing.The security analysis and performance evalua-tion prove that our scheme is both secure and efficient.

Towards Comprehensive Provable Data Possession in Cloud Computing

To check the remote data integrity in cloud computing,we have proposed an efficient and full data dynamic provable data possession（PDP） scheme that uses a SN（serial number）-BN（block number） table to support data block update.In this article,we first analyze and test its performance in detail.The result shows that our scheme is efficient with low computation,storage,and communication costs.Then,we discuss how to extend the dynamic scheme to support other features,including public auditability,privacy preservation,fairness,and multiple-replica checking.After being extended,a comprehensive PDP scheme that has high efficiency and satisfies all main requirements is provided.

可证数据持有研究进展

海量远程数据完整性检测是云计算安全领域的一个研究热点,可证数据持有(Provable Data Possession,PDP)是一种轻量级远程数据完整性概率检测模型。从不同的公钥基础架构的角度,综述了PDP的研究进展。首先,针对公钥架构(Public Key Infrastructure,PKI)、身份基公钥密码和无证书公钥密码体制,分别阐述了PDP的研究背景和主要研究进展。其次,给出了结合新型网络技术的PDP方案,如区块链技术、DNA技术等。最后,展望了未来PDP研究的一些重要方向,包括量子计算和抗量子PDP、新型智慧城市和基于我国商用密码标准的PDP、6G和内生安全PDP等。

基于电力系统多用户的数据持有证明计算方法

基于云计算的电力系统多用户业务应用将不可避免地规模化发展,为保障电力系统业务应用的数据安全可靠,不被伪造和攻击,论文提出一种多用户的数据持有证明计算方法,通过数据持有证明计算方法,不仅保护业务应用数据不被攻击者伪造,恶意管理员伪造,而且能很好地满足电力智慧物联体系的规模化业务应用;同时,通过对数据持有证明计算方法的安全性进行验证,计算性能进行了评估,使得该计算方法能够很好地应用于智慧物联体系下电力业务系统规模化应用。

公有云中身份基多源IoT终端数据PDP方案

针对公有云中多源物联网(IoT)数据完整性验证问题,提出了一种身份基多源IoT终端数据可证明数据持有(ID-MPDP)方案。首先,给出了ID-MPDP方案的系统模型和安全模型的形式化定义。然后,使用RSA设计了具体的ID-MPDP方案。最后,给出了该方案的性能分析和安全性分析。性能分析和安全性分析结果表明,该方案是可证安全的、高效和可转换的,并具有以下优势:可用于多源IoT终端的数据完整性检测;具有较低的块扩展率;使用身份基公钥密码技术,消除了证书管理;满足可转换性。

Data Integrity Checking Protocol with Data Dynamics in Cloud Computing

We introduce a model for provable data possession (PDP) which allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. In a previous work, Ateniese et al. proposed a remote data integrity checking protocol that supports data partial dynamics. In this paper, we present a new remote data possession checking protocol which allows an unlimited number of file integrity verifications and efficiently supports dynamic operations, such as data modification, deletion, insertion and append. The proposed protocol supports public verifiability. In addition, the proposed protocol does not leak any private information to third-party verifiers. Through a specific analysis, we show the correctness and security of the protocol. After that, we demonstrate the proposed protocol has a good performance.

A Privacy-Preserving TPA-aided Remote Data Integrity Auditing Scheme in Clouds

The remote data integrity auditing technology can guarantee the integrity of outsourced data in clouds. Users can periodically run an integrity auditing protocol by interacting with cloud server, to verify the latest status of outsourced data. Integrity auditing requires user to take massive time-consuming computations, which would not be affordable by weak devices. In this paper, we propose a privacy-preserving TPA-aided remote data integrity auditing scheme based on Li et al.’s data integrity auditing scheme without bilinear pairings, where a third party auditor (TPA) is employed to perform integrity auditing on outsourced data for users. The privacy of outsourced data can be guaranteed against TPA in the sense that TPA could not infer its contents from the returned proofs in the integrity auditing phase. Our construction is as efficient as Li et al.’s scheme, that is, each procedure takes the same time-consuming operations in both schemes, and our solution does not increase the sizes of processed data, challenge and proof.

基于区块链的公平可验证数据持有方案

针对传统可证明数据持有(Provable Data Possession,PDP)方案中要求客户端是诚实的这一问题,基于区块链技术提出了公平的可证明数据持有方案.在传统PDP方案中,总是假定服务器是半诚实而客户端是可信的,这对服务器而言是不公平的.在基于区块链的公平PDP方案中,用于检验的元数据不再由客户端生成,而是由区块链节点生成并对其达成共识.因此,借助区块链的分布式信任性质可以实现PDP方案的互信机制,保证客户端和云服务器之间的公平性.同时,利用哈希函数、Pedersen承诺实现高效的公平PDP方案.分析所提方案的安全性、计算开销、通信开销以及冗余率.分析结果表明,在保障安全性的基础上,所提方案比同类方案具有更优的计算开销、通信开销及冗余率.

基于区块链的云数据完整性验证研究综述

云存储服务与传统的内部存储基础设施相比,拥有更高的扩展性以及更低的管理成本,其低成本和可靠性的优势吸引了越来越多的用户选择将数据存储到云存储服务器上.但是云存储服务也给用户带来了额外的安全问题,即用户失去了对数据的控制,无法确保云数据的完整性.目前已有很多云数据完整性验证方案来确保用户可以及时发现云上数据的损坏,但是传统方案本质上都是一种中心化的审计服务,面临着单点故障的风险;且存在着数据拥有者与审计者都是可信的安全假设,未能考虑到二者的不诚实行为所带来的安全风险;同时协议运行的透明程度不够,无法在协议运行异常的时候追溯到违反协议规定的一方.区块链技术为解决上述问题提供了新的方向,目前已有很多研究将区块链和传统云数据完整性验证方案相结合,增强了协议的可靠性与运行透明度.该文根据对区块链的不同利用方式对相关文献进行了梳理分类及对比分析,并指出了基于区块链的云数据完整性验证这一研究领域尚需要解决的问题及研究方向.

云存储中的数据完整性证明研究及进展

随着云存储模式的出现,越来越多的用户选择将应用和数据移植到云中,但他们在本地可能并没有保存任何数据副本,无法确保存储在云中的数据是完整的.如何确保云存储环境下用户数据的完整性,成为近来学术界研究的一个热点.数据完整性证明(Provable Data Integrity,PDI)被认为是解决这一问题的重要手段,该文对此进行了综述.首先,给出了数据完整性证明机制的协议框架,分析了云存储环境下数据完整性证明所具备的特征;其次,对各种数据完整性证明机制加以分类,在此分类基础上,介绍了各种典型的数据完整性验证机制并进行了对比;最后,指出了云存储中数据完整性验证面临的挑战及发展趋势.

云计算下的数据存储安全可证明性综述

云计算的数据服务外包可以减少数据所有者本地的存储和维护压力,然而用户会因此失去对数据可靠性和安全的物理控制。于是如何确保云中数据的安全就成为了非常有挑战性的任务和难题。在全面研究云计算数据存储安全现有成果的基础上,介绍了云计算数据存储的基本架构,并从可检索证明和可证明数据拥有两个角度分析了相关研究方案的发展,从公共认证、同态认证、数据动态化、隐私保护、批审计和多服务器环境得方面讨论了协议的功能设计,并且列表进行了功能和开销对比,在此基础上提出了一个比较完备的云计算环境下的协议框架。最后总结并阐述了后续工作。

移动云计算环境中基于代理的可验证数据存储方案

现有云计算可验证数据存储协议无法直接应用于终端存储和计算能力有限的移动计算环境。针对该问题,提出移动计算环境下基于代理的可验证云存储协议,在终端和云服务器之间引入一个半可信的安全计算代理,利用代理来帮助移动终端用户完成计算密集的操作,从而使得可验证数据存储方案可用于移动计算环境。提出一个具体的可验证数据存储协议,形式化证明了所提协议满足随机预言机模型下的选择明文攻击(CPA)安全,量化分析结果表明协议设计适用于移动计算环境,符合设计目标。

一种支持完美隐私保护的批处理数据拥有性证明方案

数据拥有性证明技术是当前云存储安全领域中的一项重要研究内容,可使用户无须下载所有文件就能高效地远程校验用户数据是否完整存储于云服务器。现实中,用户趋向于委托第三方验证机构TPA代替自己来验证数据的完整性;然而,多数支持第三方公开审计的数据拥有性证明方案通常只考虑恶意服务器是否能够伪造标签或证明的问题,鲜有考虑恶意TPA可能会窃取用户隐私的情况。近几年,一些既针对服务器保证数据的安全性又针对TPA实现数据隐私保护的数据拥有性证明方案逐渐被提出,但多应用于单云服务器环境下;个别应用在多云服务器环境下可支持批量审计的方案,或者不能有效抵抗恶意云服务器的攻击,或者无法实现针对TPA的零知识隐私保护。因此,文中在Yu等工作的基础上,提出了一个多云服务器环境下支持批量审计的数据拥有性证明方案。所提方案既可保证针对恶意云服务器的安全性,还可实现针对TPA的完美零知识隐私保护。性能分析及仿真实验表明所提方案是高效且可行的。

支持并发更新的云存储数据持有性审计方法

数据持有性审计是保证云存储数据完整性的重要方法,但并发更新操作会导致审计系统效率大幅降低。为此,提出一种支持并发更新的云存储数据持有性审计方法。通过改进Merkle哈希树(MHT)结构,将多个请求更新MHT中间节点的过程延后执行,生成更新状态树,分离出多个叶子节点更新路径并合并执行,从而避免重复节点更新,降低云存储数据完整性验证系统的更新成本。形式化分析及实验结果表明,该方法能减少更新MHT节点数,提高云存储数据持有性审计的更新效率。

云存储中数据完整性自适应审计方法

作为云存储安全的重要问题,数据完整性验证技术受到学术界和工业界的广泛关注.为了验证云端数据完整性,研究者提出了多个数据完整性公开审计模型.然而,现有的数据完整性审计模型采用固定参数审计所有文件,浪费了大量计算资源,导致系统审计效率不高.为了提高系统的审计效率,提出了一种自适应数据持有性证明方法(self-adaptive provable data possession,SA-PDP),该方法基于文件属性和用户需求动态调整文件的审计方案,使得文件的审计需求和审计方案的执行强度高度匹配.为了增强审计方案更新的灵活性,依据不同的审计需求发起者,设计了2种审计方案动态更新算法.主动更新算法保证了审计系统的覆盖率,而被动更新算法能够及时满足文件的审计需求.实验结果表明:相较于传统方法,SA-PDP的审计总执行时间至少减少了50%,有效增加了系统审计文件的数量.此外,SAPDP方法生成的审计方案的达标率比传统审计方法提高了30%.