Nowadays, an increasing number of persons choose to outsource their computing demands and storage demands to the Cloud. In order to ensure the integrity of the data in the untrusted Cloud, especially the dynamic files...Nowadays, an increasing number of persons choose to outsource their computing demands and storage demands to the Cloud. In order to ensure the integrity of the data in the untrusted Cloud, especially the dynamic files which can be updated online, we propose an improved dynamic provable data possession model. We use some homomorphic tags to verify the integrity of the file and use some hash values generated by some secret values and tags to prevent replay attack and forgery attack. Compared with previous works, our proposal reduces the computational and communication complexity from O(logn) to O(1). We did some experiments to ensure this improvement and extended the model to file sharing situation.展开更多
Increment of mobile cloud video motivates mobile users to utilize cloud storage service to address their demands, cloud storage provider always furnish a location-independent platform for managing user's data. Howeve...Increment of mobile cloud video motivates mobile users to utilize cloud storage service to address their demands, cloud storage provider always furnish a location-independent platform for managing user's data. However, mobile users wonder if their cloud video data leakage or dynamic migration to illegal service providers. In this paper, we design a novel provable data possession protocol based on data geographic location attribute, which allows data owner to auditing the integrity of their video data, which put forward an ideal choice for remote data possession checking in the mobile cloud storage. In our proposed scheme, we check out whether the video data dynamic migrate to an unspecified location (such as: overseas) by adding data geographic location attribute tag into provable data possession protocol. Moreover, we make sure the security of our proposed scheme under the Computational Diffic-Hellman assumption. The analysis and experiment results demonstrate that our proposed scheme is provably secure and efficient.展开更多
Provable Data Possession(PDP)schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading.However,with the emerging of network consisting of low pe...Provable Data Possession(PDP)schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading.However,with the emerging of network consisting of low performance devices such as Internet of Things,we find that there are still two obstacles for applying PDP schemes.The first one is the heavy computation overhead in generating tags for data blocks,which is essential for setting up any PDP scheme.The other one is how to resist collusion attacks from third party auditors with any possible entities participating the auditing.In this paper,we propose a novel blockchain-based light-weighted PDP scheme for low performance devices,with an instance deployed on a cloud server.We design a secure outsourced tag generating method for low performance devices,which enables a kind of“hash-sign-switch”two-phase tag computing.With this method,users with low performance devices can employ third party auditors to compute modular exponential operations that accounts for the largest portion of computation overhead in tag generation,without leaking their data content.Chaincodes in blockchain network ensure the correctness of such outsourcing and prevent collusion attacks.The security analysis and performance evaluation prove that our scheme is both secure and efficient.展开更多
Currently,there is a growing trend among users to store their data in the cloud.However,the cloud is vulnerable to persistent data corruption risks arising from equipment failures and hacker attacks.Additionally,when ...Currently,there is a growing trend among users to store their data in the cloud.However,the cloud is vulnerable to persistent data corruption risks arising from equipment failures and hacker attacks.Additionally,when users perform file operations,the semantic integrity of the data can be compromised.Ensuring both data integrity and semantic correctness has become a critical issue that requires attention.We introduce a pioneering solution called Sec-Auditor,the first of its kind with the ability to verify data integrity and semantic correctness simultaneously,while maintaining a constant communication cost independent of the audited data volume.Sec-Auditor also supports public auditing,enabling anyone with access to public information to conduct data audits.This feature makes Sec-Auditor highly adaptable to open data environments,such as the cloud.In Sec-Auditor,users are assigned specific rules that are utilized to verify the accuracy of data semantic.Furthermore,users are given the flexibility to update their own rules as needed.We conduct in-depth analyses of the correctness and security of Sec-Auditor.We also compare several important security attributes with existing schemes,demonstrating the superior properties of Sec-Auditor.Evaluation results demonstrate that even for time-consuming file upload operations,our solution is more efficient than the comparison one.展开更多
To check the remote data integrity in cloud computing,we have proposed an efficient and full data dynamic provable data possession(PDP) scheme that uses a SN(serial number)-BN(block number) table to support data...To check the remote data integrity in cloud computing,we have proposed an efficient and full data dynamic provable data possession(PDP) scheme that uses a SN(serial number)-BN(block number) table to support data block update.In this article,we first analyze and test its performance in detail.The result shows that our scheme is efficient with low computation,storage,and communication costs.Then,we discuss how to extend the dynamic scheme to support other features,including public auditability,privacy preservation,fairness,and multiple-replica checking.After being extended,a comprehensive PDP scheme that has high efficiency and satisfies all main requirements is provided.展开更多
可证数据持有方案(Provable Data Possession, PDP)可以让用户在不下载全部数据的情况下验证其外包数据是否完好无损。为了提高外包数据的可用性和安全性,许多用户将数据的多个副本存储在单云服务器上,但是单云服务器在发生故障或者其...可证数据持有方案(Provable Data Possession, PDP)可以让用户在不下载全部数据的情况下验证其外包数据是否完好无损。为了提高外包数据的可用性和安全性,许多用户将数据的多个副本存储在单云服务器上,但是单云服务器在发生故障或者其他意外情况时,用户存储的数据副本也会遭到破坏因而无法恢复原始数据。同时,许多可证数据持有方案依赖于公钥基础设施(Public Key Infrastructure, PKI)技术,存在密钥管理问题。此外,现有的可证数据持有方案大多是在用户端使用密钥对数据进行处理。由于用户端的安全意识较弱或者安全设置较低,密钥可能会有泄露的风险。恶意云一旦获得了用户端的密钥,就可以通过伪造虚假的数据持有证明来隐藏数据丢失的事件。基于上述问题,提出了一种基于身份的密钥隔离的多云多副本可证数据持有方案(Identity-Based Key-Insulated Provable Multi-Copy Data Possession in Multi-Cloud Storage, IDKIMC-PDP)。基于身份的可证数据持有方案消除了公钥基础设施技术中复杂的证书管理。多云多副本确保了即使在某个云服务器上的副本被篡改或者被破坏的情况下,用户仍然可以从其他云服务器上获取副本并恢复数据。同时,方案中使用了密钥隔离技术实现了前向和后向安全。即使某一时间段内的密钥泄露,其他时间段内云存储审计的安全性也不会受到影响。给出了该方案的正式定义、系统模型和安全模型;在标准困难问题下,给出了该方案的安全性证明。安全性分析表明,IDKIMC-PDP方案具有强抗密钥泄露性、可检测性以及数据块标签和证明的不可伪造性。实验结果表明,与现有的多云多副本相关方案相比,IDKIMC-PDP方案具有相对较高的效率。展开更多
Progress in cloud computing makes group data sharing in outsourced storage a reality.People join in group and share data with each other,making team work more convenient.This new application scenario also faces data s...Progress in cloud computing makes group data sharing in outsourced storage a reality.People join in group and share data with each other,making team work more convenient.This new application scenario also faces data security threats,even more complex.When a user quit its group,remaining data block signatures must be re-signed to ensure security.Some researchers noticed this problem and proposed a few works to relieve computing overhead on user side.However,considering the privacy and security need of group auditing,there still lacks a comprehensive solution to implement secure group user revocation,supporting identity privacy preserving and collusion attack resistance.Aiming at this target,we construct a concrete scheme based on ring signature and smart contracts.We introduce linkable ring signature to build a kind of novel meta data for integrity proof enabling anonymous verification.And the new meta data supports secure revocation.Meanwhile,smart contracts are using for resisting possible collusion attack and malicious re-signing computation.Under the combined effectiveness of both signature method and blockchain smart contracts,our proposal supports reliable user revocation and signature re-signing,without revealing any user identity in the whole process.Security and performance analysis compared with previous works prove that the proposed scheme is feasible and efficient.展开更多
We introduce a model for provable data possession (PDP) which allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. In a previous work...We introduce a model for provable data possession (PDP) which allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. In a previous work, Ateniese et al. proposed a remote data integrity checking protocol that supports data partial dynamics. In this paper, we present a new remote data possession checking protocol which allows an unlimited number of file integrity verifications and efficiently supports dynamic operations, such as data modification, deletion, insertion and append. The proposed protocol supports public verifiability. In addition, the proposed protocol does not leak any private information to third-party verifiers. Through a specific analysis, we show the correctness and security of the protocol. After that, we demonstrate the proposed protocol has a good performance.展开更多
Cloud storage has been widely used to team work or cooperation devel-opment.Data owners set up groups,generating and uploading their data to cloud storage,while other users in the groups download and make use of it,wh...Cloud storage has been widely used to team work or cooperation devel-opment.Data owners set up groups,generating and uploading their data to cloud storage,while other users in the groups download and make use of it,which is called group data sharing.As all kinds of cloud service,data group sharing also suffers from hardware/software failures and human errors.Provable Data Posses-sion(PDP)schemes are proposed to check the integrity of data stored in cloud without downloading.However,there are still some unmet needs lying in auditing group shared data.Researchers propose four issues necessary for a secure group shared data auditing:public verification,identity privacy,collusion attack resis-tance and traceability.However,none of the published work has succeeded in achieving all of these properties so far.In this paper,we propose a novel block-chain-based ring signature PDP scheme for group shared data,with an instance deployed on a cloud server.We design a linkable ring signature method called Linkable Homomorphic Authenticable Ring Signature(LHARS)to implement public anonymous auditing for group data.We also build smart contracts to resist collusion attack in group auditing.The security analysis and performance evalua-tion prove that our scheme is both secure and efficient.展开更多
海量远程数据完整性检测是云计算安全领域的一个研究热点,可证数据持有(Provable Data Possession,PDP)是一种轻量级远程数据完整性概率检测模型。从不同的公钥基础架构的角度,综述了PDP的研究进展。首先,针对公钥架构(Public Key Infra...海量远程数据完整性检测是云计算安全领域的一个研究热点,可证数据持有(Provable Data Possession,PDP)是一种轻量级远程数据完整性概率检测模型。从不同的公钥基础架构的角度,综述了PDP的研究进展。首先,针对公钥架构(Public Key Infrastructure,PKI)、身份基公钥密码和无证书公钥密码体制,分别阐述了PDP的研究背景和主要研究进展。其次,给出了结合新型网络技术的PDP方案,如区块链技术、DNA技术等。最后,展望了未来PDP研究的一些重要方向,包括量子计算和抗量子PDP、新型智慧城市和基于我国商用密码标准的PDP、6G和内生安全PDP等。展开更多
云存储近年来发展迅猛,越来越多的用户选择将他们的数据存储在云服务器中。为了检验云存储数据的完整性,研究者们提出了可证数据持有(Provable Data Possession,PDP)。用户在某些情况下无法访问互联网,例如在远洋轮渡上,或是参加某些涉...云存储近年来发展迅猛,越来越多的用户选择将他们的数据存储在云服务器中。为了检验云存储数据的完整性,研究者们提出了可证数据持有(Provable Data Possession,PDP)。用户在某些情况下无法访问互联网,例如在远洋轮渡上,或是参加某些涉密的项目时,因此必须将远程数据完整性检验委托给代理。然而在代理PDP中,一旦用户的私钥泄露,审计方案将无法进行。针对上述问题,所提方案将密钥隔离技术与代理PDP相结合,在系统模型中引入了物理上安全但计算受限的助手设备。助手设备在每个时间段生成更新信息并发送给用户,帮助用户计算当前时段的签名密钥。在此方案下,敌手无法在密钥未泄露的时间段伪造用户生成的认证器。安全性分析和性能分析表明,所提方案是安全高效的。展开更多
随着云存储模式的出现,越来越多的用户选择将应用和数据移植到云中,但他们在本地可能并没有保存任何数据副本,无法确保存储在云中的数据是完整的.如何确保云存储环境下用户数据的完整性,成为近来学术界研究的一个热点.数据完整性证明(Pr...随着云存储模式的出现,越来越多的用户选择将应用和数据移植到云中,但他们在本地可能并没有保存任何数据副本,无法确保存储在云中的数据是完整的.如何确保云存储环境下用户数据的完整性,成为近来学术界研究的一个热点.数据完整性证明(Provable Data Integrity,PDI)被认为是解决这一问题的重要手段,该文对此进行了综述.首先,给出了数据完整性证明机制的协议框架,分析了云存储环境下数据完整性证明所具备的特征;其次,对各种数据完整性证明机制加以分类,在此分类基础上,介绍了各种典型的数据完整性验证机制并进行了对比;最后,指出了云存储中数据完整性验证面临的挑战及发展趋势.展开更多
作为云存储安全的重要问题,数据完整性验证技术受到学术界和工业界的广泛关注.为了验证云端数据完整性,研究者提出了多个数据完整性公开审计模型.然而,现有的数据完整性审计模型采用固定参数审计所有文件,浪费了大量计算资源,导致系统...作为云存储安全的重要问题,数据完整性验证技术受到学术界和工业界的广泛关注.为了验证云端数据完整性,研究者提出了多个数据完整性公开审计模型.然而,现有的数据完整性审计模型采用固定参数审计所有文件,浪费了大量计算资源,导致系统审计效率不高.为了提高系统的审计效率,提出了一种自适应数据持有性证明方法(self-adaptive provable data possession,SA-PDP),该方法基于文件属性和用户需求动态调整文件的审计方案,使得文件的审计需求和审计方案的执行强度高度匹配.为了增强审计方案更新的灵活性,依据不同的审计需求发起者,设计了2种审计方案动态更新算法.主动更新算法保证了审计系统的覆盖率,而被动更新算法能够及时满足文件的审计需求.实验结果表明:相较于传统方法,SA-PDP的审计总执行时间至少减少了50%,有效增加了系统审计文件的数量.此外,SAPDP方法生成的审计方案的达标率比传统审计方法提高了30%.展开更多
基金supported by Major Program of Shanghai Science and Technology Commission under Grant No.10DZ1500200Collaborative Applied Research and Development Project between Morgan Stanley and Shanghai Jiao Tong University, China
文摘Nowadays, an increasing number of persons choose to outsource their computing demands and storage demands to the Cloud. In order to ensure the integrity of the data in the untrusted Cloud, especially the dynamic files which can be updated online, we propose an improved dynamic provable data possession model. We use some homomorphic tags to verify the integrity of the file and use some hash values generated by some secret values and tags to prevent replay attack and forgery attack. Compared with previous works, our proposal reduces the computational and communication complexity from O(logn) to O(1). We did some experiments to ensure this improvement and extended the model to file sharing situation.
基金supported in part by National High Tech Research and Development Program(863 Program)of China(No.2015 AA016005)
文摘Increment of mobile cloud video motivates mobile users to utilize cloud storage service to address their demands, cloud storage provider always furnish a location-independent platform for managing user's data. However, mobile users wonder if their cloud video data leakage or dynamic migration to illegal service providers. In this paper, we design a novel provable data possession protocol based on data geographic location attribute, which allows data owner to auditing the integrity of their video data, which put forward an ideal choice for remote data possession checking in the mobile cloud storage. In our proposed scheme, we check out whether the video data dynamic migrate to an unspecified location (such as: overseas) by adding data geographic location attribute tag into provable data possession protocol. Moreover, we make sure the security of our proposed scheme under the Computational Diffic-Hellman assumption. The analysis and experiment results demonstrate that our proposed scheme is provably secure and efficient.
基金The work is supported by the National Key Research and Development Program of China(No.2018YFC1604002)the National Natural Science Foundation of China(Nos.U1836204,U1936208,U1936216 and 62002197).
文摘Provable Data Possession(PDP)schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading.However,with the emerging of network consisting of low performance devices such as Internet of Things,we find that there are still two obstacles for applying PDP schemes.The first one is the heavy computation overhead in generating tags for data blocks,which is essential for setting up any PDP scheme.The other one is how to resist collusion attacks from third party auditors with any possible entities participating the auditing.In this paper,we propose a novel blockchain-based light-weighted PDP scheme for low performance devices,with an instance deployed on a cloud server.We design a secure outsourced tag generating method for low performance devices,which enables a kind of“hash-sign-switch”two-phase tag computing.With this method,users with low performance devices can employ third party auditors to compute modular exponential operations that accounts for the largest portion of computation overhead in tag generation,without leaking their data content.Chaincodes in blockchain network ensure the correctness of such outsourcing and prevent collusion attacks.The security analysis and performance evaluation prove that our scheme is both secure and efficient.
基金This research was supported by the Qinghai Provincial High-End Innovative and Entrepreneurial Talents Project.
文摘Currently,there is a growing trend among users to store their data in the cloud.However,the cloud is vulnerable to persistent data corruption risks arising from equipment failures and hacker attacks.Additionally,when users perform file operations,the semantic integrity of the data can be compromised.Ensuring both data integrity and semantic correctness has become a critical issue that requires attention.We introduce a pioneering solution called Sec-Auditor,the first of its kind with the ability to verify data integrity and semantic correctness simultaneously,while maintaining a constant communication cost independent of the audited data volume.Sec-Auditor also supports public auditing,enabling anyone with access to public information to conduct data audits.This feature makes Sec-Auditor highly adaptable to open data environments,such as the cloud.In Sec-Auditor,users are assigned specific rules that are utilized to verify the accuracy of data semantic.Furthermore,users are given the flexibility to update their own rules as needed.We conduct in-depth analyses of the correctness and security of Sec-Auditor.We also compare several important security attributes with existing schemes,demonstrating the superior properties of Sec-Auditor.Evaluation results demonstrate that even for time-consuming file upload operations,our solution is more efficient than the comparison one.
基金Supported by the National Basic"863"Research Program of China(2012CB315901)
文摘To check the remote data integrity in cloud computing,we have proposed an efficient and full data dynamic provable data possession(PDP) scheme that uses a SN(serial number)-BN(block number) table to support data block update.In this article,we first analyze and test its performance in detail.The result shows that our scheme is efficient with low computation,storage,and communication costs.Then,we discuss how to extend the dynamic scheme to support other features,including public auditability,privacy preservation,fairness,and multiple-replica checking.After being extended,a comprehensive PDP scheme that has high efficiency and satisfies all main requirements is provided.
基金The work is supported by the National Key Research and Development Program of China(No.2018YFC1604002)the National Natural Science Foundation of China(No.U1836204,No.U1936208,No.U1936216,No.62002197).
文摘Progress in cloud computing makes group data sharing in outsourced storage a reality.People join in group and share data with each other,making team work more convenient.This new application scenario also faces data security threats,even more complex.When a user quit its group,remaining data block signatures must be re-signed to ensure security.Some researchers noticed this problem and proposed a few works to relieve computing overhead on user side.However,considering the privacy and security need of group auditing,there still lacks a comprehensive solution to implement secure group user revocation,supporting identity privacy preserving and collusion attack resistance.Aiming at this target,we construct a concrete scheme based on ring signature and smart contracts.We introduce linkable ring signature to build a kind of novel meta data for integrity proof enabling anonymous verification.And the new meta data supports secure revocation.Meanwhile,smart contracts are using for resisting possible collusion attack and malicious re-signing computation.Under the combined effectiveness of both signature method and blockchain smart contracts,our proposal supports reliable user revocation and signature re-signing,without revealing any user identity in the whole process.Security and performance analysis compared with previous works prove that the proposed scheme is feasible and efficient.
文摘We introduce a model for provable data possession (PDP) which allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. In a previous work, Ateniese et al. proposed a remote data integrity checking protocol that supports data partial dynamics. In this paper, we present a new remote data possession checking protocol which allows an unlimited number of file integrity verifications and efficiently supports dynamic operations, such as data modification, deletion, insertion and append. The proposed protocol supports public verifiability. In addition, the proposed protocol does not leak any private information to third-party verifiers. Through a specific analysis, we show the correctness and security of the protocol. After that, we demonstrate the proposed protocol has a good performance.
基金supported by the National Key Research and Development Program of China(No.2018YFC1604002)the National Natural Science Foundation of China(No.U1836204,No.U1936208,No.U1936216,No.62002197).
文摘Cloud storage has been widely used to team work or cooperation devel-opment.Data owners set up groups,generating and uploading their data to cloud storage,while other users in the groups download and make use of it,which is called group data sharing.As all kinds of cloud service,data group sharing also suffers from hardware/software failures and human errors.Provable Data Posses-sion(PDP)schemes are proposed to check the integrity of data stored in cloud without downloading.However,there are still some unmet needs lying in auditing group shared data.Researchers propose four issues necessary for a secure group shared data auditing:public verification,identity privacy,collusion attack resis-tance and traceability.However,none of the published work has succeeded in achieving all of these properties so far.In this paper,we propose a novel block-chain-based ring signature PDP scheme for group shared data,with an instance deployed on a cloud server.We design a linkable ring signature method called Linkable Homomorphic Authenticable Ring Signature(LHARS)to implement public anonymous auditing for group data.We also build smart contracts to resist collusion attack in group auditing.The security analysis and performance evalua-tion prove that our scheme is both secure and efficient.
文摘海量远程数据完整性检测是云计算安全领域的一个研究热点,可证数据持有(Provable Data Possession,PDP)是一种轻量级远程数据完整性概率检测模型。从不同的公钥基础架构的角度,综述了PDP的研究进展。首先,针对公钥架构(Public Key Infrastructure,PKI)、身份基公钥密码和无证书公钥密码体制,分别阐述了PDP的研究背景和主要研究进展。其次,给出了结合新型网络技术的PDP方案,如区块链技术、DNA技术等。最后,展望了未来PDP研究的一些重要方向,包括量子计算和抗量子PDP、新型智慧城市和基于我国商用密码标准的PDP、6G和内生安全PDP等。
文摘云存储近年来发展迅猛,越来越多的用户选择将他们的数据存储在云服务器中。为了检验云存储数据的完整性,研究者们提出了可证数据持有(Provable Data Possession,PDP)。用户在某些情况下无法访问互联网,例如在远洋轮渡上,或是参加某些涉密的项目时,因此必须将远程数据完整性检验委托给代理。然而在代理PDP中,一旦用户的私钥泄露,审计方案将无法进行。针对上述问题,所提方案将密钥隔离技术与代理PDP相结合,在系统模型中引入了物理上安全但计算受限的助手设备。助手设备在每个时间段生成更新信息并发送给用户,帮助用户计算当前时段的签名密钥。在此方案下,敌手无法在密钥未泄露的时间段伪造用户生成的认证器。安全性分析和性能分析表明,所提方案是安全高效的。
文摘随着云存储模式的出现,越来越多的用户选择将应用和数据移植到云中,但他们在本地可能并没有保存任何数据副本,无法确保存储在云中的数据是完整的.如何确保云存储环境下用户数据的完整性,成为近来学术界研究的一个热点.数据完整性证明(Provable Data Integrity,PDI)被认为是解决这一问题的重要手段,该文对此进行了综述.首先,给出了数据完整性证明机制的协议框架,分析了云存储环境下数据完整性证明所具备的特征;其次,对各种数据完整性证明机制加以分类,在此分类基础上,介绍了各种典型的数据完整性验证机制并进行了对比;最后,指出了云存储中数据完整性验证面临的挑战及发展趋势.
文摘作为云存储安全的重要问题,数据完整性验证技术受到学术界和工业界的广泛关注.为了验证云端数据完整性,研究者提出了多个数据完整性公开审计模型.然而,现有的数据完整性审计模型采用固定参数审计所有文件,浪费了大量计算资源,导致系统审计效率不高.为了提高系统的审计效率,提出了一种自适应数据持有性证明方法(self-adaptive provable data possession,SA-PDP),该方法基于文件属性和用户需求动态调整文件的审计方案,使得文件的审计需求和审计方案的执行强度高度匹配.为了增强审计方案更新的灵活性,依据不同的审计需求发起者,设计了2种审计方案动态更新算法.主动更新算法保证了审计系统的覆盖率,而被动更新算法能够及时满足文件的审计需求.实验结果表明:相较于传统方法,SA-PDP的审计总执行时间至少减少了50%,有效增加了系统审计文件的数量.此外,SAPDP方法生成的审计方案的达标率比传统审计方法提高了30%.
