Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a pu...Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a public auditing protocol, there is a trusted auditor who has certain ability to help users to check the integrity of data files. With the advantages of no public key management and verification, researchers focus on public auditing protocol in ID-based cryptography recently. However, some existing protocols are vulnerable to forgery attack. In this paper, based on ID-based signature technology, by strengthening information authentication and the computing power of the auditor, we propose an ID-based public auditing protocol for cloud data integrity checking. We also prove that the proposed protocol is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard. Furthermore, we compare the proposed protocol with other two ID-based auditing protocols in security features, communication efficiency and computation cost. The comparisons show that the proposed protocol satisfies more security features with lower computation cost.展开更多
Recently released Intel processors have been equipped with hardware instruction tracing facilities to securely and efficiently record the program execution path.In this paper,we study a case for data integrity checkin...Recently released Intel processors have been equipped with hardware instruction tracing facilities to securely and efficiently record the program execution path.In this paper,we study a case for data integrity checking based on Intel Processor Trace(Intel PT),the instruction tracing facility on x86 processors.We incorporate software instrumentation and hardware instruction tracing to guarantee fine-grained data integrity without frequently switching the processor mode.We incorporate the idea in a system named DTrace which provides primitives to instruct Intel PT to capture the data load and store events,even current Intel PT implementations only record control transfers.The trace is analyzed before the program makes security-sensitive operations.We apply DTrace in several case studies to show that the primitives that DTrace provides are easy to use and help to enhance data integrity in applications.We further evaluate DTrace with several microbenchmarks to show the time cost that DTrace’s data tracing operation incurs.We also evaluate DTrace on Nginx to show the performance impact when Nginx is enhanced in security to provide the integrity during the runtime execution for programmer-defined security sensitive data.We find the performance overhead that DTrace incurs for the data tracing is moderate.展开更多
Recently released Intel processors have been equipped with hardware instruction tracing facilities to securely and efficiently record the program execution path.In this paper,we study a case for data integrity checkin...Recently released Intel processors have been equipped with hardware instruction tracing facilities to securely and efficiently record the program execution path.In this paper,we study a case for data integrity checking based on Intel Processor Trace(Intel PT),the instruction tracing facility on x86 processors.We incorporate software instrumentation and hardware instruction tracing to guarantee fine-grained data integrity without frequently switching the processor mode.We incorporate the idea in a system named DTrace which provides primitives to instruct Intel PT to capture the data load and store events,even current Intel PT implementations only record control transfers.The trace is analyzed before the program makes security-sensitive operations.We apply DTrace in several case studies to show that the primitives that DTrace provides are easy to use and help to enhance data integrity in applications.We further evaluate DTrace with several microbenchmarks to show the time cost that DTrace’s data tracing operation incurs.We also evaluate DTrace on Nginx to show the performance impact when Nginx is enhanced in security to provide the integrity during the runtime execution for programmer-defined security sensitive data.We find the performance overhead that DTrace incurs for the data tracing is moderate.展开更多
With the rapidly developing of Internet of Things (IoT), the volume ofdata generated by IoT systems is increasing quickly. To release the pressure ofdata management and storage, more and more enterprises and individua...With the rapidly developing of Internet of Things (IoT), the volume ofdata generated by IoT systems is increasing quickly. To release the pressure ofdata management and storage, more and more enterprises and individuals preferto integrate cloud service with IoT systems, in which the IoT data can be outsourced to cloud server. Since cloud service provider (CSP) is not fully trusted,a variety of methods have been proposed to deal with the problem of data integritychecking. In traditional data integrity audition schemes, the task of data auditing isusually performed by Third Party Auditor (TPA) which is assumed to be trustful.However, in real-life TPA is not trusted as people thought. Therefore, theseschemes suffer from the underlying problem of single-point failure. Moreover,most of the traditional schemes are designed by RSA or bilinear map techniqueswhich consume heavy computation and communication cost. To overcome theseshortcomings, we propose a novel data integrity checking scheme for cloud-IoTdata based on blockchain technique and homomorphic hash. In our scheme, thetags of all data blocks are computed by a homomorphic hash function and storedin blockchain. Moreover, each step within the process of data integrity checking issigned by the performer, and the signatures are stored in blockchain through smartcontracts. As a result, each behavior for data integrity checking in our scheme canbe traced and audited which improves the security of the scheme greatly. Furthermore, batch-audition for multiple data challenges is also supported in our scheme.We formalize the system model of our scheme and give the concrete construction.Detailed performance analyses demonstrate that our proposed scheme is efficientand practical without the trust-assumption of TPA.展开更多
Most of the previous studies concerning checking the integrity constraints in distributed database derive simplified forms of the initial integrity constraints with the sufficiency property, since the sufficient test ...Most of the previous studies concerning checking the integrity constraints in distributed database derive simplified forms of the initial integrity constraints with the sufficiency property, since the sufficient test is known to be cheaper than the complete test and its initial integrity constraint as it involves less data to be transferred across the network and can always be evaluated at the target site (single site). Their studies are limited as they depend strictly on the assumption that an update operation will be executed at a site where the relation specified in the update operation is located, which is not always true. Hence, the sufficient test, which is proven to be local test by previous study, is no longer appropriate. This paper proposes an approach to checking integrity constraints in a distributed database by utilizing as much as possible the local information stored at the target site. The proposed approach derives support tests as an alternative to the existing complete and sufficient tests proposed by previous researchers with the intention to increase the number of local checking regardless the location of the submitted update operation. Several analyses have been performed to evaluate the proposed approach, and the results show that support tests can benefit the distributed database, where local constraint checking can be achieved.展开更多
基金Supported by the Applied Basic and Advanced Technology Research Programs of Tianjin(15JCYBJC15900)the National Natural Science Foundation of China(51378350)
文摘Cloud storage service reduces the burden of data users by storing users' data files in the cloud. But, the files might be modified in the cloud. So, data users hope to check data files integrity periodically. In a public auditing protocol, there is a trusted auditor who has certain ability to help users to check the integrity of data files. With the advantages of no public key management and verification, researchers focus on public auditing protocol in ID-based cryptography recently. However, some existing protocols are vulnerable to forgery attack. In this paper, based on ID-based signature technology, by strengthening information authentication and the computing power of the auditor, we propose an ID-based public auditing protocol for cloud data integrity checking. We also prove that the proposed protocol is secure in the random oracle model under the assumption that the Diffie-Hellman problem is hard. Furthermore, we compare the proposed protocol with other two ID-based auditing protocols in security features, communication efficiency and computation cost. The comparisons show that the proposed protocol satisfies more security features with lower computation cost.
文摘Recently released Intel processors have been equipped with hardware instruction tracing facilities to securely and efficiently record the program execution path.In this paper,we study a case for data integrity checking based on Intel Processor Trace(Intel PT),the instruction tracing facility on x86 processors.We incorporate software instrumentation and hardware instruction tracing to guarantee fine-grained data integrity without frequently switching the processor mode.We incorporate the idea in a system named DTrace which provides primitives to instruct Intel PT to capture the data load and store events,even current Intel PT implementations only record control transfers.The trace is analyzed before the program makes security-sensitive operations.We apply DTrace in several case studies to show that the primitives that DTrace provides are easy to use and help to enhance data integrity in applications.We further evaluate DTrace with several microbenchmarks to show the time cost that DTrace’s data tracing operation incurs.We also evaluate DTrace on Nginx to show the performance impact when Nginx is enhanced in security to provide the integrity during the runtime execution for programmer-defined security sensitive data.We find the performance overhead that DTrace incurs for the data tracing is moderate.
基金supported in part by National Key Research and Development Program of Chinaa research grant from Huawei Technologies,Inc.
文摘Recently released Intel processors have been equipped with hardware instruction tracing facilities to securely and efficiently record the program execution path.In this paper,we study a case for data integrity checking based on Intel Processor Trace(Intel PT),the instruction tracing facility on x86 processors.We incorporate software instrumentation and hardware instruction tracing to guarantee fine-grained data integrity without frequently switching the processor mode.We incorporate the idea in a system named DTrace which provides primitives to instruct Intel PT to capture the data load and store events,even current Intel PT implementations only record control transfers.The trace is analyzed before the program makes security-sensitive operations.We apply DTrace in several case studies to show that the primitives that DTrace provides are easy to use and help to enhance data integrity in applications.We further evaluate DTrace with several microbenchmarks to show the time cost that DTrace’s data tracing operation incurs.We also evaluate DTrace on Nginx to show the performance impact when Nginx is enhanced in security to provide the integrity during the runtime execution for programmer-defined security sensitive data.We find the performance overhead that DTrace incurs for the data tracing is moderate.
基金supported by Program for Scientific Research Foundation for Talented Scholars of Jinling Institute of Technology(No.JIT-B-202031)H.Yan received it and the URLs is www.jit.edu.cn.H.Yan also received the Opening Foundation of Fujian Provincial Key Laboratory of Network Security and Cryptology Research Fund of Fujian Normal University(NSCL-KF2021-02)and the URLs is www.fjnu.edu.cn.Y.Liu received the funding of the National Natural Science Foundation of China(No.61902163,)the URLs is www.nsfc.gov.cn.S.Hu received the funding of the Science and Technology Project of Education Department in Jiangxi Province(No.GJJ201402)and the URLs is www.gnnu.cn.
文摘With the rapidly developing of Internet of Things (IoT), the volume ofdata generated by IoT systems is increasing quickly. To release the pressure ofdata management and storage, more and more enterprises and individuals preferto integrate cloud service with IoT systems, in which the IoT data can be outsourced to cloud server. Since cloud service provider (CSP) is not fully trusted,a variety of methods have been proposed to deal with the problem of data integritychecking. In traditional data integrity audition schemes, the task of data auditing isusually performed by Third Party Auditor (TPA) which is assumed to be trustful.However, in real-life TPA is not trusted as people thought. Therefore, theseschemes suffer from the underlying problem of single-point failure. Moreover,most of the traditional schemes are designed by RSA or bilinear map techniqueswhich consume heavy computation and communication cost. To overcome theseshortcomings, we propose a novel data integrity checking scheme for cloud-IoTdata based on blockchain technique and homomorphic hash. In our scheme, thetags of all data blocks are computed by a homomorphic hash function and storedin blockchain. Moreover, each step within the process of data integrity checking issigned by the performer, and the signatures are stored in blockchain through smartcontracts. As a result, each behavior for data integrity checking in our scheme canbe traced and audited which improves the security of the scheme greatly. Furthermore, batch-audition for multiple data challenges is also supported in our scheme.We formalize the system model of our scheme and give the concrete construction.Detailed performance analyses demonstrate that our proposed scheme is efficientand practical without the trust-assumption of TPA.
文摘Most of the previous studies concerning checking the integrity constraints in distributed database derive simplified forms of the initial integrity constraints with the sufficiency property, since the sufficient test is known to be cheaper than the complete test and its initial integrity constraint as it involves less data to be transferred across the network and can always be evaluated at the target site (single site). Their studies are limited as they depend strictly on the assumption that an update operation will be executed at a site where the relation specified in the update operation is located, which is not always true. Hence, the sufficient test, which is proven to be local test by previous study, is no longer appropriate. This paper proposes an approach to checking integrity constraints in a distributed database by utilizing as much as possible the local information stored at the target site. The proposed approach derives support tests as an alternative to the existing complete and sufficient tests proposed by previous researchers with the intention to increase the number of local checking regardless the location of the submitted update operation. Several analyses have been performed to evaluate the proposed approach, and the results show that support tests can benefit the distributed database, where local constraint checking can be achieved.