Nowadays, an increasing number of persons choose to outsource their computing demands and storage demands to the Cloud. In order to ensure the integrity of the data in the untrusted Cloud, especially the dynamic files...Nowadays, an increasing number of persons choose to outsource their computing demands and storage demands to the Cloud. In order to ensure the integrity of the data in the untrusted Cloud, especially the dynamic files which can be updated online, we propose an improved dynamic provable data possession model. We use some homomorphic tags to verify the integrity of the file and use some hash values generated by some secret values and tags to prevent replay attack and forgery attack. Compared with previous works, our proposal reduces the computational and communication complexity from O(logn) to O(1). We did some experiments to ensure this improvement and extended the model to file sharing situation.展开更多
Increment of mobile cloud video motivates mobile users to utilize cloud storage service to address their demands, cloud storage provider always furnish a location-independent platform for managing user's data. Howeve...Increment of mobile cloud video motivates mobile users to utilize cloud storage service to address their demands, cloud storage provider always furnish a location-independent platform for managing user's data. However, mobile users wonder if their cloud video data leakage or dynamic migration to illegal service providers. In this paper, we design a novel provable data possession protocol based on data geographic location attribute, which allows data owner to auditing the integrity of their video data, which put forward an ideal choice for remote data possession checking in the mobile cloud storage. In our proposed scheme, we check out whether the video data dynamic migrate to an unspecified location (such as: overseas) by adding data geographic location attribute tag into provable data possession protocol. Moreover, we make sure the security of our proposed scheme under the Computational Diffic-Hellman assumption. The analysis and experiment results demonstrate that our proposed scheme is provably secure and efficient.展开更多
Provable Data Possession(PDP)schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading.However,with the emerging of network consisting of low pe...Provable Data Possession(PDP)schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading.However,with the emerging of network consisting of low performance devices such as Internet of Things,we find that there are still two obstacles for applying PDP schemes.The first one is the heavy computation overhead in generating tags for data blocks,which is essential for setting up any PDP scheme.The other one is how to resist collusion attacks from third party auditors with any possible entities participating the auditing.In this paper,we propose a novel blockchain-based light-weighted PDP scheme for low performance devices,with an instance deployed on a cloud server.We design a secure outsourced tag generating method for low performance devices,which enables a kind of“hash-sign-switch”two-phase tag computing.With this method,users with low performance devices can employ third party auditors to compute modular exponential operations that accounts for the largest portion of computation overhead in tag generation,without leaking their data content.Chaincodes in blockchain network ensure the correctness of such outsourcing and prevent collusion attacks.The security analysis and performance evaluation prove that our scheme is both secure and efficient.展开更多
Currently,there is a growing trend among users to store their data in the cloud.However,the cloud is vulnerable to persistent data corruption risks arising from equipment failures and hacker attacks.Additionally,when ...Currently,there is a growing trend among users to store their data in the cloud.However,the cloud is vulnerable to persistent data corruption risks arising from equipment failures and hacker attacks.Additionally,when users perform file operations,the semantic integrity of the data can be compromised.Ensuring both data integrity and semantic correctness has become a critical issue that requires attention.We introduce a pioneering solution called Sec-Auditor,the first of its kind with the ability to verify data integrity and semantic correctness simultaneously,while maintaining a constant communication cost independent of the audited data volume.Sec-Auditor also supports public auditing,enabling anyone with access to public information to conduct data audits.This feature makes Sec-Auditor highly adaptable to open data environments,such as the cloud.In Sec-Auditor,users are assigned specific rules that are utilized to verify the accuracy of data semantic.Furthermore,users are given the flexibility to update their own rules as needed.We conduct in-depth analyses of the correctness and security of Sec-Auditor.We also compare several important security attributes with existing schemes,demonstrating the superior properties of Sec-Auditor.Evaluation results demonstrate that even for time-consuming file upload operations,our solution is more efficient than the comparison one.展开更多
Progress in cloud computing makes group data sharing in outsourced storage a reality.People join in group and share data with each other,making team work more convenient.This new application scenario also faces data s...Progress in cloud computing makes group data sharing in outsourced storage a reality.People join in group and share data with each other,making team work more convenient.This new application scenario also faces data security threats,even more complex.When a user quit its group,remaining data block signatures must be re-signed to ensure security.Some researchers noticed this problem and proposed a few works to relieve computing overhead on user side.However,considering the privacy and security need of group auditing,there still lacks a comprehensive solution to implement secure group user revocation,supporting identity privacy preserving and collusion attack resistance.Aiming at this target,we construct a concrete scheme based on ring signature and smart contracts.We introduce linkable ring signature to build a kind of novel meta data for integrity proof enabling anonymous verification.And the new meta data supports secure revocation.Meanwhile,smart contracts are using for resisting possible collusion attack and malicious re-signing computation.Under the combined effectiveness of both signature method and blockchain smart contracts,our proposal supports reliable user revocation and signature re-signing,without revealing any user identity in the whole process.Security and performance analysis compared with previous works prove that the proposed scheme is feasible and efficient.展开更多
Cloud storage has been widely used to team work or cooperation devel-opment.Data owners set up groups,generating and uploading their data to cloud storage,while other users in the groups download and make use of it,wh...Cloud storage has been widely used to team work or cooperation devel-opment.Data owners set up groups,generating and uploading their data to cloud storage,while other users in the groups download and make use of it,which is called group data sharing.As all kinds of cloud service,data group sharing also suffers from hardware/software failures and human errors.Provable Data Posses-sion(PDP)schemes are proposed to check the integrity of data stored in cloud without downloading.However,there are still some unmet needs lying in auditing group shared data.Researchers propose four issues necessary for a secure group shared data auditing:public verification,identity privacy,collusion attack resis-tance and traceability.However,none of the published work has succeeded in achieving all of these properties so far.In this paper,we propose a novel block-chain-based ring signature PDP scheme for group shared data,with an instance deployed on a cloud server.We design a linkable ring signature method called Linkable Homomorphic Authenticable Ring Signature(LHARS)to implement public anonymous auditing for group data.We also build smart contracts to resist collusion attack in group auditing.The security analysis and performance evalua-tion prove that our scheme is both secure and efficient.展开更多
To check the remote data integrity in cloud computing,we have proposed an efficient and full data dynamic provable data possession(PDP) scheme that uses a SN(serial number)-BN(block number) table to support data...To check the remote data integrity in cloud computing,we have proposed an efficient and full data dynamic provable data possession(PDP) scheme that uses a SN(serial number)-BN(block number) table to support data block update.In this article,we first analyze and test its performance in detail.The result shows that our scheme is efficient with low computation,storage,and communication costs.Then,we discuss how to extend the dynamic scheme to support other features,including public auditability,privacy preservation,fairness,and multiple-replica checking.After being extended,a comprehensive PDP scheme that has high efficiency and satisfies all main requirements is provided.展开更多
海量远程数据完整性检测是云计算安全领域的一个研究热点,可证数据持有(Provable Data Possession,PDP)是一种轻量级远程数据完整性概率检测模型。从不同的公钥基础架构的角度,综述了PDP的研究进展。首先,针对公钥架构(Public Key Infra...海量远程数据完整性检测是云计算安全领域的一个研究热点,可证数据持有(Provable Data Possession,PDP)是一种轻量级远程数据完整性概率检测模型。从不同的公钥基础架构的角度,综述了PDP的研究进展。首先,针对公钥架构(Public Key Infrastructure,PKI)、身份基公钥密码和无证书公钥密码体制,分别阐述了PDP的研究背景和主要研究进展。其次,给出了结合新型网络技术的PDP方案,如区块链技术、DNA技术等。最后,展望了未来PDP研究的一些重要方向,包括量子计算和抗量子PDP、新型智慧城市和基于我国商用密码标准的PDP、6G和内生安全PDP等。展开更多
We introduce a model for provable data possession (PDP) which allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. In a previous work...We introduce a model for provable data possession (PDP) which allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. In a previous work, Ateniese et al. proposed a remote data integrity checking protocol that supports data partial dynamics. In this paper, we present a new remote data possession checking protocol which allows an unlimited number of file integrity verifications and efficiently supports dynamic operations, such as data modification, deletion, insertion and append. The proposed protocol supports public verifiability. In addition, the proposed protocol does not leak any private information to third-party verifiers. Through a specific analysis, we show the correctness and security of the protocol. After that, we demonstrate the proposed protocol has a good performance.展开更多
针对传统可证明数据持有(Provable Data Possession,PDP)方案中要求客户端是诚实的这一问题,基于区块链技术提出了公平的可证明数据持有方案.在传统PDP方案中,总是假定服务器是半诚实而客户端是可信的,这对服务器而言是不公平的.在基于...针对传统可证明数据持有(Provable Data Possession,PDP)方案中要求客户端是诚实的这一问题,基于区块链技术提出了公平的可证明数据持有方案.在传统PDP方案中,总是假定服务器是半诚实而客户端是可信的,这对服务器而言是不公平的.在基于区块链的公平PDP方案中,用于检验的元数据不再由客户端生成,而是由区块链节点生成并对其达成共识.因此,借助区块链的分布式信任性质可以实现PDP方案的互信机制,保证客户端和云服务器之间的公平性.同时,利用哈希函数、Pedersen承诺实现高效的公平PDP方案.分析所提方案的安全性、计算开销、通信开销以及冗余率.分析结果表明,在保障安全性的基础上,所提方案比同类方案具有更优的计算开销、通信开销及冗余率.展开更多
The remote data integrity auditing technology can guarantee the integrity of outsourced data in clouds. Users can periodically run an integrity auditing protocol by interacting with cloud server, to verify the latest ...The remote data integrity auditing technology can guarantee the integrity of outsourced data in clouds. Users can periodically run an integrity auditing protocol by interacting with cloud server, to verify the latest status of outsourced data. Integrity auditing requires user to take massive time-consuming computations, which would not be affordable by weak devices. In this paper, we propose a privacy-preserving TPA-aided remote data integrity auditing scheme based on Li et al.’s data integrity auditing scheme without bilinear pairings, where a third party auditor (TPA) is employed to perform integrity auditing on outsourced data for users. The privacy of outsourced data can be guaranteed against TPA in the sense that TPA could not infer its contents from the returned proofs in the integrity auditing phase. Our construction is as efficient as Li et al.’s scheme, that is, each procedure takes the same time-consuming operations in both schemes, and our solution does not increase the sizes of processed data, challenge and proof.展开更多
随着云存储模式的出现,越来越多的用户选择将应用和数据移植到云中,但他们在本地可能并没有保存任何数据副本,无法确保存储在云中的数据是完整的.如何确保云存储环境下用户数据的完整性,成为近来学术界研究的一个热点.数据完整性证明(Pr...随着云存储模式的出现,越来越多的用户选择将应用和数据移植到云中,但他们在本地可能并没有保存任何数据副本,无法确保存储在云中的数据是完整的.如何确保云存储环境下用户数据的完整性,成为近来学术界研究的一个热点.数据完整性证明(Provable Data Integrity,PDI)被认为是解决这一问题的重要手段,该文对此进行了综述.首先,给出了数据完整性证明机制的协议框架,分析了云存储环境下数据完整性证明所具备的特征;其次,对各种数据完整性证明机制加以分类,在此分类基础上,介绍了各种典型的数据完整性验证机制并进行了对比;最后,指出了云存储中数据完整性验证面临的挑战及发展趋势.展开更多
作为云存储安全的重要问题,数据完整性验证技术受到学术界和工业界的广泛关注.为了验证云端数据完整性,研究者提出了多个数据完整性公开审计模型.然而,现有的数据完整性审计模型采用固定参数审计所有文件,浪费了大量计算资源,导致系统...作为云存储安全的重要问题,数据完整性验证技术受到学术界和工业界的广泛关注.为了验证云端数据完整性,研究者提出了多个数据完整性公开审计模型.然而,现有的数据完整性审计模型采用固定参数审计所有文件,浪费了大量计算资源,导致系统审计效率不高.为了提高系统的审计效率,提出了一种自适应数据持有性证明方法(self-adaptive provable data possession,SA-PDP),该方法基于文件属性和用户需求动态调整文件的审计方案,使得文件的审计需求和审计方案的执行强度高度匹配.为了增强审计方案更新的灵活性,依据不同的审计需求发起者,设计了2种审计方案动态更新算法.主动更新算法保证了审计系统的覆盖率,而被动更新算法能够及时满足文件的审计需求.实验结果表明:相较于传统方法,SA-PDP的审计总执行时间至少减少了50%,有效增加了系统审计文件的数量.此外,SAPDP方法生成的审计方案的达标率比传统审计方法提高了30%.展开更多
基金supported by Major Program of Shanghai Science and Technology Commission under Grant No.10DZ1500200Collaborative Applied Research and Development Project between Morgan Stanley and Shanghai Jiao Tong University, China
文摘Nowadays, an increasing number of persons choose to outsource their computing demands and storage demands to the Cloud. In order to ensure the integrity of the data in the untrusted Cloud, especially the dynamic files which can be updated online, we propose an improved dynamic provable data possession model. We use some homomorphic tags to verify the integrity of the file and use some hash values generated by some secret values and tags to prevent replay attack and forgery attack. Compared with previous works, our proposal reduces the computational and communication complexity from O(logn) to O(1). We did some experiments to ensure this improvement and extended the model to file sharing situation.
基金supported in part by National High Tech Research and Development Program(863 Program)of China(No.2015 AA016005)
文摘Increment of mobile cloud video motivates mobile users to utilize cloud storage service to address their demands, cloud storage provider always furnish a location-independent platform for managing user's data. However, mobile users wonder if their cloud video data leakage or dynamic migration to illegal service providers. In this paper, we design a novel provable data possession protocol based on data geographic location attribute, which allows data owner to auditing the integrity of their video data, which put forward an ideal choice for remote data possession checking in the mobile cloud storage. In our proposed scheme, we check out whether the video data dynamic migrate to an unspecified location (such as: overseas) by adding data geographic location attribute tag into provable data possession protocol. Moreover, we make sure the security of our proposed scheme under the Computational Diffic-Hellman assumption. The analysis and experiment results demonstrate that our proposed scheme is provably secure and efficient.
基金The work is supported by the National Key Research and Development Program of China(No.2018YFC1604002)the National Natural Science Foundation of China(Nos.U1836204,U1936208,U1936216 and 62002197).
文摘Provable Data Possession(PDP)schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading.However,with the emerging of network consisting of low performance devices such as Internet of Things,we find that there are still two obstacles for applying PDP schemes.The first one is the heavy computation overhead in generating tags for data blocks,which is essential for setting up any PDP scheme.The other one is how to resist collusion attacks from third party auditors with any possible entities participating the auditing.In this paper,we propose a novel blockchain-based light-weighted PDP scheme for low performance devices,with an instance deployed on a cloud server.We design a secure outsourced tag generating method for low performance devices,which enables a kind of“hash-sign-switch”two-phase tag computing.With this method,users with low performance devices can employ third party auditors to compute modular exponential operations that accounts for the largest portion of computation overhead in tag generation,without leaking their data content.Chaincodes in blockchain network ensure the correctness of such outsourcing and prevent collusion attacks.The security analysis and performance evaluation prove that our scheme is both secure and efficient.
基金This research was supported by the Qinghai Provincial High-End Innovative and Entrepreneurial Talents Project.
文摘Currently,there is a growing trend among users to store their data in the cloud.However,the cloud is vulnerable to persistent data corruption risks arising from equipment failures and hacker attacks.Additionally,when users perform file operations,the semantic integrity of the data can be compromised.Ensuring both data integrity and semantic correctness has become a critical issue that requires attention.We introduce a pioneering solution called Sec-Auditor,the first of its kind with the ability to verify data integrity and semantic correctness simultaneously,while maintaining a constant communication cost independent of the audited data volume.Sec-Auditor also supports public auditing,enabling anyone with access to public information to conduct data audits.This feature makes Sec-Auditor highly adaptable to open data environments,such as the cloud.In Sec-Auditor,users are assigned specific rules that are utilized to verify the accuracy of data semantic.Furthermore,users are given the flexibility to update their own rules as needed.We conduct in-depth analyses of the correctness and security of Sec-Auditor.We also compare several important security attributes with existing schemes,demonstrating the superior properties of Sec-Auditor.Evaluation results demonstrate that even for time-consuming file upload operations,our solution is more efficient than the comparison one.
基金The work is supported by the National Key Research and Development Program of China(No.2018YFC1604002)the National Natural Science Foundation of China(No.U1836204,No.U1936208,No.U1936216,No.62002197).
文摘Progress in cloud computing makes group data sharing in outsourced storage a reality.People join in group and share data with each other,making team work more convenient.This new application scenario also faces data security threats,even more complex.When a user quit its group,remaining data block signatures must be re-signed to ensure security.Some researchers noticed this problem and proposed a few works to relieve computing overhead on user side.However,considering the privacy and security need of group auditing,there still lacks a comprehensive solution to implement secure group user revocation,supporting identity privacy preserving and collusion attack resistance.Aiming at this target,we construct a concrete scheme based on ring signature and smart contracts.We introduce linkable ring signature to build a kind of novel meta data for integrity proof enabling anonymous verification.And the new meta data supports secure revocation.Meanwhile,smart contracts are using for resisting possible collusion attack and malicious re-signing computation.Under the combined effectiveness of both signature method and blockchain smart contracts,our proposal supports reliable user revocation and signature re-signing,without revealing any user identity in the whole process.Security and performance analysis compared with previous works prove that the proposed scheme is feasible and efficient.
基金supported by the National Key Research and Development Program of China(No.2018YFC1604002)the National Natural Science Foundation of China(No.U1836204,No.U1936208,No.U1936216,No.62002197).
文摘Cloud storage has been widely used to team work or cooperation devel-opment.Data owners set up groups,generating and uploading their data to cloud storage,while other users in the groups download and make use of it,which is called group data sharing.As all kinds of cloud service,data group sharing also suffers from hardware/software failures and human errors.Provable Data Posses-sion(PDP)schemes are proposed to check the integrity of data stored in cloud without downloading.However,there are still some unmet needs lying in auditing group shared data.Researchers propose four issues necessary for a secure group shared data auditing:public verification,identity privacy,collusion attack resis-tance and traceability.However,none of the published work has succeeded in achieving all of these properties so far.In this paper,we propose a novel block-chain-based ring signature PDP scheme for group shared data,with an instance deployed on a cloud server.We design a linkable ring signature method called Linkable Homomorphic Authenticable Ring Signature(LHARS)to implement public anonymous auditing for group data.We also build smart contracts to resist collusion attack in group auditing.The security analysis and performance evalua-tion prove that our scheme is both secure and efficient.
基金Supported by the National Basic"863"Research Program of China(2012CB315901)
文摘To check the remote data integrity in cloud computing,we have proposed an efficient and full data dynamic provable data possession(PDP) scheme that uses a SN(serial number)-BN(block number) table to support data block update.In this article,we first analyze and test its performance in detail.The result shows that our scheme is efficient with low computation,storage,and communication costs.Then,we discuss how to extend the dynamic scheme to support other features,including public auditability,privacy preservation,fairness,and multiple-replica checking.After being extended,a comprehensive PDP scheme that has high efficiency and satisfies all main requirements is provided.
文摘海量远程数据完整性检测是云计算安全领域的一个研究热点,可证数据持有(Provable Data Possession,PDP)是一种轻量级远程数据完整性概率检测模型。从不同的公钥基础架构的角度,综述了PDP的研究进展。首先,针对公钥架构(Public Key Infrastructure,PKI)、身份基公钥密码和无证书公钥密码体制,分别阐述了PDP的研究背景和主要研究进展。其次,给出了结合新型网络技术的PDP方案,如区块链技术、DNA技术等。最后,展望了未来PDP研究的一些重要方向,包括量子计算和抗量子PDP、新型智慧城市和基于我国商用密码标准的PDP、6G和内生安全PDP等。
文摘We introduce a model for provable data possession (PDP) which allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. In a previous work, Ateniese et al. proposed a remote data integrity checking protocol that supports data partial dynamics. In this paper, we present a new remote data possession checking protocol which allows an unlimited number of file integrity verifications and efficiently supports dynamic operations, such as data modification, deletion, insertion and append. The proposed protocol supports public verifiability. In addition, the proposed protocol does not leak any private information to third-party verifiers. Through a specific analysis, we show the correctness and security of the protocol. After that, we demonstrate the proposed protocol has a good performance.
文摘针对传统可证明数据持有(Provable Data Possession,PDP)方案中要求客户端是诚实的这一问题,基于区块链技术提出了公平的可证明数据持有方案.在传统PDP方案中,总是假定服务器是半诚实而客户端是可信的,这对服务器而言是不公平的.在基于区块链的公平PDP方案中,用于检验的元数据不再由客户端生成,而是由区块链节点生成并对其达成共识.因此,借助区块链的分布式信任性质可以实现PDP方案的互信机制,保证客户端和云服务器之间的公平性.同时,利用哈希函数、Pedersen承诺实现高效的公平PDP方案.分析所提方案的安全性、计算开销、通信开销以及冗余率.分析结果表明,在保障安全性的基础上,所提方案比同类方案具有更优的计算开销、通信开销及冗余率.
基金the National Natural Science Foundation of China under projects 61772150 and 61862012the Guangxi Key R&D Program under project AB17195025+3 种基金the Guangxi Natural Science Foundation under grants 2018GXNSFDA281054 and 2018GXNSFAA281232the National Cryptography Development Fund of China under project MMJJ20170217the Guangxi Young Teachers’ Basic Ability Improvement Program under Grant 2018KY0194and the open program of Guangxi Key Laboratory of Cryptography and Information Security under projects GCIS201621 and GCIS201702.
文摘The remote data integrity auditing technology can guarantee the integrity of outsourced data in clouds. Users can periodically run an integrity auditing protocol by interacting with cloud server, to verify the latest status of outsourced data. Integrity auditing requires user to take massive time-consuming computations, which would not be affordable by weak devices. In this paper, we propose a privacy-preserving TPA-aided remote data integrity auditing scheme based on Li et al.’s data integrity auditing scheme without bilinear pairings, where a third party auditor (TPA) is employed to perform integrity auditing on outsourced data for users. The privacy of outsourced data can be guaranteed against TPA in the sense that TPA could not infer its contents from the returned proofs in the integrity auditing phase. Our construction is as efficient as Li et al.’s scheme, that is, each procedure takes the same time-consuming operations in both schemes, and our solution does not increase the sizes of processed data, challenge and proof.
文摘随着云存储模式的出现,越来越多的用户选择将应用和数据移植到云中,但他们在本地可能并没有保存任何数据副本,无法确保存储在云中的数据是完整的.如何确保云存储环境下用户数据的完整性,成为近来学术界研究的一个热点.数据完整性证明(Provable Data Integrity,PDI)被认为是解决这一问题的重要手段,该文对此进行了综述.首先,给出了数据完整性证明机制的协议框架,分析了云存储环境下数据完整性证明所具备的特征;其次,对各种数据完整性证明机制加以分类,在此分类基础上,介绍了各种典型的数据完整性验证机制并进行了对比;最后,指出了云存储中数据完整性验证面临的挑战及发展趋势.
文摘作为云存储安全的重要问题,数据完整性验证技术受到学术界和工业界的广泛关注.为了验证云端数据完整性,研究者提出了多个数据完整性公开审计模型.然而,现有的数据完整性审计模型采用固定参数审计所有文件,浪费了大量计算资源,导致系统审计效率不高.为了提高系统的审计效率,提出了一种自适应数据持有性证明方法(self-adaptive provable data possession,SA-PDP),该方法基于文件属性和用户需求动态调整文件的审计方案,使得文件的审计需求和审计方案的执行强度高度匹配.为了增强审计方案更新的灵活性,依据不同的审计需求发起者,设计了2种审计方案动态更新算法.主动更新算法保证了审计系统的覆盖率,而被动更新算法能够及时满足文件的审计需求.实验结果表明:相较于传统方法,SA-PDP的审计总执行时间至少减少了50%,有效增加了系统审计文件的数量.此外,SAPDP方法生成的审计方案的达标率比传统审计方法提高了30%.