网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (5): 75-87.doi: 10.11959/j.issn.2096-109x.2022071

• 学术论文 • 上一篇    下一篇

支持受损数据定位与恢复的动态群用户可证明存储

姜涛1, 徐航2, 王良民3, 马建峰1   

  1. 1 西安电子科技大学ISN国家重点实验室,陕西 西安 710071
    2 西安电子科技大学网络与信息安全学院,陕西 西安 710126
    3 东南大学网络空间安全学院,江苏 南京 211189
  • 修回日期:2022-07-22 出版日期:2022-10-15 发布日期:2022-10-01
  • 作者简介:姜涛(1984- ),男,山东威海人,博士,西安电子科技大学副教授,主要研究方向为密码学与安全协议、大数据存储安全和智能安全
    徐航(1995- ),男,陕西西安人,西安电子科技大学硕士生,主要研究方向为云存储数据安全
    王良民(1977- ),男,安徽潜山人,博士,东南大学教授、博士生导师,主要研究方向为密码学与安全协议、物联网安全、大数据安全
    马建峰(1963- ),男,陕西西安人,博士,西安电子科技大学教授、博士生导师,主要研究方向为计算机系统安全、移动与无线安全、系统可生存性和可信计算
  • 基金资助:
    中央高校基本科研业务费专项(XJS211502)

Proof of storage with corruption identification and recovery for dynamic group users

Tao JIANG1, Hang XU2, Liangmin WANG3, Jianfeng MA1   

  1. 1 State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an 710071, China
    2 School of Cyber Engineering, Xidian University, Xi’an 710126, China
    3 School of computer science and engineering, Southeast University, Nanjing 211189, China
  • Revised:2022-07-22 Online:2022-10-15 Published:2022-10-01
  • Supported by:
    Fundamental Research Funds for the Central Universities(XJS211502)

摘要:

云计算的外包存储模式导致数据拥有者的数据所有权和管理权分离,进而改变了数据存储网络模型和安全模型。为了有效应对云服务器端的软硬件故障及潜在的不诚实服务提供商,确保数据拥有者数据的可用性,设计安全、高效的数据可用性、可恢复性审计方案对于解决用户担忧、保证云数据安全具有重要的理论和实践价值。然而,现有研究多针对数据完整性或者可恢复性方案的安全性和效率进行设计,没有考虑动态群用户下受损数据的快速定位和可靠恢复问题。因此,针对动态群用户环境中受损数据定位与恢复问题,设计了一个可公开验证的动态群组云用户存储证明方案。该方案在检测到数据受损时,任何可信的第三方审计者能够通过挑战协议快速定位受损数据,并在数据受损程度小于纠错能力门限情况下允许云平台对数据进行可靠恢复。该方案结合关联计算和累加计算,有效减少了受损数据定位的计算次数;通过纠删码与共享编码技术,方案能够实现用户受损数据的有效恢复。同时,方案支持用户的动态撤销,确保了群用户共享数据在用户撤销后的完整性审计和可靠恢复。定义了方案的网络模型和威胁模型,并在相应安全模型下证明了所设计方案的安全性。通过真实环境下的原型系统实现和模块化性能分析,证明了所设计方案能够有效定位受损数据并在数据受损时对云端数据进行可靠恢复。同时,与相关方案相比,所设计方案在受损数据定位与恢复方面的计算开销较小。

关键词: 云存储, 数据共享, 损坏识别, 可恢复证明, 动态群用户

Abstract:

The outsourced storage mode of cloud computing leads to the separation of data ownership and management rights of data owners, which changes the data storage network model and security model.To effectively deal with the software and hardware failures of the cloud server and the potential dishonest service provider and also ensure the availability of the data owners’ data, the design of secure and efficient data availability and recoverability auditing scheme has both theoretical and practical importance in solving the concern of users and ensuring the security of cloud data.However, most of the existing studies were designed for the security and efficiency of data integrity or recoverability schemes, without considering the fast identification and reliable recovery of damaged data under dynamic group users.Thus, to quickly identify and recover damaged data, a publicly verifiable proof of storage scheme was proposed for dynamic group cloud users.The designed scheme enabled a trusted third-party auditor to efficiently identify the damaged files through a challenge-response protocol and allowed the cloud storage server to effectively recover them when the degree of data damage is less than an error correction ability threshold.The scheme combined association calculation and accumulation calculation, which effectively reduced the number of calculations for the identification of damaged data.By combining erasure coding and shared coding technology, the scheme achieved effective recovery of damaged data of dynamic group users.At the same time, the scheme also supported dynamic user revocation, which ensured the integrity audit and reliable recovery of the collective data after user revocation.The network model and threat model of the designed scheme were defined and the security of the scheme under the corresponding security model was proved.Through the prototype implementation of the scheme in the real environment and the modular performance analysis, it is proved that the proposed scheme can effectively identify the damaged data and reliably recover the cloud data when the data is damaged.Besides, compared with other schemes, it is also proved that the proposed scheme has less computational overhead in identifying and recovering damaged data.

Key words: cloud storage, data sharing, corruption identification, proof of retrievability, dynamic group users

中图分类号: 

No Suggested Reading articles found!