Identity-based public cloud storage auditing schemes can check the integrity of cloud data, and reduce the complicated certificate management. In such a scheme, one Private Key Generator(PKG) is employed to authentica...Identity-based public cloud storage auditing schemes can check the integrity of cloud data, and reduce the complicated certificate management. In such a scheme, one Private Key Generator(PKG) is employed to authenticate the identity and generate private keys for all users, and one Third Party Auditor(TPA) is employed to by users to check the integrity of cloud data. This approach is undesirable for large-scale users since the PKG and the TPA might not be able to afford the heavy workload. To solve the problem, we give a hierarchical Private Key Generator structure for large-scale user groups, in which a root PKG delegates lower-level PKGs to generate private keys and authenticate identities. Based on the proposed structure, we propose an authorized identity-based public cloud storage auditing scheme, in which the lowest-level PKGs play the role of TPA, and only the authorized lowest-level PKGs can represent users in their domains to check cloud data's integrity. Furthermore, we give the formal security analysis and experimental results, which show that our proposed scheme is secure and efficient.展开更多
Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated ...Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated from each other with the constraint of security policies. Learning from the notion of trusted cloud computing and trustworthiness in cloud, in this paper, a multi-level authorization separation model is formally described, and a series of rules are proposed to summarize the separation property of this model. The correctness of the rules is proved. Furthermore, based on this model, a tenant separation mechanism is deployed in a real world mixed-critical information system. Performance benchmarks have shown the availability and efficiency of this mechanism.展开更多
基金supported by National Natural Science Foundation of China (No. 61572267, No. 61272425, No. 61402245)the Open Project of Co-Innovation Center for Information Supply & Assurance Technology, Anhui University+1 种基金the Open Project of the State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences(No.2017-MS-21, No.2016-MS-23)National Cryptography Development Fund of China (MMJJ20170118)
文摘Identity-based public cloud storage auditing schemes can check the integrity of cloud data, and reduce the complicated certificate management. In such a scheme, one Private Key Generator(PKG) is employed to authenticate the identity and generate private keys for all users, and one Third Party Auditor(TPA) is employed to by users to check the integrity of cloud data. This approach is undesirable for large-scale users since the PKG and the TPA might not be able to afford the heavy workload. To solve the problem, we give a hierarchical Private Key Generator structure for large-scale user groups, in which a root PKG delegates lower-level PKGs to generate private keys and authenticate identities. Based on the proposed structure, we propose an authorized identity-based public cloud storage auditing scheme, in which the lowest-level PKGs play the role of TPA, and only the authorized lowest-level PKGs can represent users in their domains to check cloud data's integrity. Furthermore, we give the formal security analysis and experimental results, which show that our proposed scheme is secure and efficient.
基金supported by the Fundamental Research funds for the central Universities of China (No. K15JB00190)the Ph.D. Programs Foundation of Ministry of Education of China (No. 20120009120010)the Program for Innovative Research Team in University of Ministry of Education of China (IRT201206)
文摘Separation issue is one of the most important problems about cloud computing security. Tenants should be separated from each other based on cloud infrastructure and different users from one tenant should be separated from each other with the constraint of security policies. Learning from the notion of trusted cloud computing and trustworthiness in cloud, in this paper, a multi-level authorization separation model is formally described, and a series of rules are proposed to summarize the separation property of this model. The correctness of the rules is proved. Furthermore, based on this model, a tenant separation mechanism is deployed in a real world mixed-critical information system. Performance benchmarks have shown the availability and efficiency of this mechanism.
