具有紧凑标签的基于身份匿名云审计方案

doi:10.11959/j.issn.2096-109x.2022087

网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (6): 156-168.doi: 10.11959/j.issn.2096-109x.2022087

具有紧凑标签的基于身份匿名云审计方案

卢晨昕¹, 陈兵², 丁宁², 陈立全¹, 吴戈¹

¹ 东南大学网络空间安全学院，江苏无锡 214081
² 宿迁市互联网信息办公室，江苏宿迁 223834；

修回日期:2022-06-28 出版日期:2022-12-15 发布日期:2023-01-16
作者简介:卢晨昕（1998- ），女，福建宁德人，东南大学硕士生，主要研究方向为密码学
陈兵（1970- ），男，江苏泗阳人，宿迁市互联网信息办公室副主任，主要研究方向为网络安全、可信体系建设
丁宁（1990- ），女，江苏宿迁人，主要研究方向为网络安全、可信体系建设
陈立全（1976- ），男，广西玉林人，东南大学教授、博士生导师，主要研究方向为信息安全、密码学和网络安全协议
吴戈（1990- ），男，江苏徐州人，东南大学副研究员，主要研究方向为密码学
基金资助:
国家重点研发计划(2020YFE0200600);国家自然科学基金(62002058);江苏省自然科学基金(BK20200391);中央高校基本科研业务费专项资金(2242021R40011);宿迁市网信领域研究课题

Identity-based anonymous cloud auditing scheme with compact tags

Chenxin LU¹, Bing CHEN², Ning DING², Liquan CHEN¹, Ge WU¹

¹ School of Cyber Science and Engineering, Southeast University, Wuxi 214081, China
² Cyberspace Administration of Suqian City, Suqian 223834, China

Revised:2022-06-28 Online:2022-12-15 Published:2023-01-16
Supported by:
The National Key R＆D Program of China(2020YFE0200600);The National Natural Science Foundation of China(62002058);Natural Science Foundation of Jiangsu Province(BK20200391);Fundamental Research Funds for the Central Universities(2242021R40011);Research Topic in the Network Communicaiton Field in Suqian

摘要/Abstract

摘要：

云存储技术具有效率高、可扩展性强等优点。用户可以借助云存储技术节省本地的存储开销，并与他人共享数据。然而，数据存储到云服务器后，用户失去对数据的物理控制，需要有相应的机制保证云中数据的完整性。数据拥有证明（PDP，provable data possession）机制允许用户或用户委托的第三方审计员（TPA，third party auditor）对数据完整性进行验证。但在实际应用中，数据通常由多个用户共同维护，用户在进行完整性验证请求的同时泄露了自己的身份。匿名云审计支持 TPA 在完成数据完整性验证时保证用户的匿名性。在基于身份体制下，匿名云审计方案通常需要借助基于身份的环签名或群签名技术实现，数据标签的构成元素与用户数量相关，使得数据标签不够紧凑，存储效率较低。为了解决这一问题，提出一种基于身份的匿名云审计方案通用构造，使用一个传统体制下的签名方案和一个传统体制下的匿名云审计方案即可构造一个基于身份的匿名云审计方案。基于该通用构造，使用 BLS 签名和一个传统体制下具有紧凑标签的匿名云审计方案设计了具有紧凑标签的基于身份匿名云审计方案。该方案主要优势在于数据标签短，能够减少云服务器的存储压力，提高存储效率。此外，证明了该方案的不可欺骗性和匿名性。

关键词: 云审计, 隐私保护, 匿名, 基于身份体制, 紧凑标签

Abstract:

Cloud storage has the advantages of high efficiency and scalability.Users can save local storage cost and share data with others through cloud storage technology.However, when data is uploaded to cloud servers, its owner also loses the physical control, and hence there needs a corresponding mechanism to ensure the integrity of data stored in the cloud.The Provable Data Possession (PDP) mechanism allows users or a Third-Party Auditor (TPA) appointed by the user to verify data integrity.In practice, data is usually maintained by multiple users.Users may reveal their identities while making an integrity verification request in traditional auditing processes.Anonymous cloud auditing ensures anonymity of users against the TPA during auditing.Currently, in identity-based systems, anonymous cloud auditing schemes usually resort to identity-based ring signature or group signature schemes.As a result, the size of a tag is related to the number of users, which makes it not compact and causes high storage cost.In order to solve this issue, a general construction of identity-based anonymous cloud auditing scheme was proposed.With a signature scheme and an anonymous cloud auditing scheme, a concrete identity-based anonymous cloud auditing scheme based on the general construction was proposed.It combined theBLS signature and an anonymous cloud auditing scheme with compact tags.The main advantage of this solution is that the tags are compact, which can significantly reduce storage cost and improve storage efficiency.Furthermore, the uncheatability and anonymity of the scheme are proved.

Key words: cloud auditing, privacy protection, anonymous, identity-based system, compact tags

中图分类号:

TP393

卢晨昕, 陈兵, 丁宁, 陈立全, 吴戈. 具有紧凑标签的基于身份匿名云审计方案[J]. 网络与信息安全学报, 2022, 8(6): 156-168.

Chenxin LU, Bing CHEN, Ning DING, Liquan CHEN, Ge WU. Identity-based anonymous cloud auditing scheme with compact tags[J]. Chinese Journal of Network and Information Security, 2022, 8(6): 156-168.

图/表 4

图1

图2

表1

表2

性能比较Table 2 performance comparison"

方案	标签大小	挑战计算开销	应答计算开销	验证计算开销
文献[13]方案	$\| \| G \| \|$	(n+1)E	(c+2)BP+cE	(c+2)E+BP
文献[22]方案	$\| \| Z_{p} \| \| + n \| \| G \| \|$	\	\	2nBP+nH+nG
本文方案	$\| \| G \| \|$	2BP+(n+1)E	(c+2)BP+cE	(c+2)E+BP
注：文献[22]主要采用基于身份的环签名技术和承诺方案实现审计，因此主要的开销在标签的大小和验证标签的计算上，挑战和应答过程并未进行说明，表中用“\”表示；本文的构造中，单独的标签由 3 个元素构成，但每个标签均含有公共部分pk _j和σ_j，故针对大量的数据标签而言，每个数据块的平均存储成本可近似认为一个群元素。

表2

参考文献 22

[1]	BHAJANTRI L B , MUJAWAR T . A survey of cloud computing security challenges,issues and their countermeasures[C]// 2019 Third International Conference on I-SMAC (IoT in Social,Mobile,Analytics and Cloud). 2019: 376-380.
[2]	GUDEME J R , PASUPULETI S , KANDUKURI R . Certificateless privacy preserving public auditing for dynamic shared data with group user revocation in cloud storage[J]. Journal of Parallel and Distributed Computing, 2021,(156): 163-175.
[3]	RABANINEJAD R , RAJABZADEH ASAAR M , AHMADIAN ATTARI M ,et al. An identity-based online/offline secure cloud storage auditing scheme[J]. Cluster Computing:The Journal of Networks,Software Tools and Applications, 2020,23(2): 55-68.
[4]	DESWARTE Y , QUISQUATER J J , SA?DANE A . Remote integrity checking[C]// Integrity and Internal Control in Information Systems VI-IICIS 2003. 2003: 1-11.
[5]	ATENIESE G , BURNS R , CURTMOLA R ,et al. Provable data possession at untrusted stores[C]// 14th ACM Conference:Computer＆ Communications Security. 2007: 598-609.
[6]	BOYANG W , BAOCHUN L , HUI L . Oruta:privacy-preserving public auditing for shared data in the cloud[J]. IEEE Transactions on Cloud Computing, 2014,2(1): 43-56.
[7]	FENG Y , MU Y , YANG G ,et al. A new public remote integrity checking scheme with user privacy[C]// 20th Australasian Conference on Information Security and Privacy (ACISP 2015). 2015: 377-394.
[8]	BOYANG W , HUI L , MING L . Privacy-preserving public auditing for shared cloud data supporting group dynamics[C]// 2013 IEEE International Conference on Communications-ICC. 2013: 1946-1950.
[9]	BONEH D , GENTRY C , LYNN B ,et al. Aggregate and verifiably encrypted signatures from bilinear Maps[C]// Advances in Cryptology—EUROCRYPT 2003. 2003: 416-432.
[10]	RIVEST R L , SHAMIR A , TAUMAN Y . How to leak a secret[C]// Advances in Cryptology— ASIACRYPT 2001. 2001: 552-565.
[11]	FERRARA A L , GREEN M , HOHENBERGER S ,et al. Practical short signature batch verification[C]// Topics in Cryptology–CT-RSA 2009. 2009: 309-324.
[12]	BONEH D , BOYEN X , SHACHAM H . Short group signatures[C]// Advances in Cryptology–CRYPTO 2004. 2004: 41-55.
[13]	WU G , MU Y , SUSILO W ,et al. Privacy-preserving cloud auditing with multiple uploaders[C]// Information Security Practice and Experience-ISPEC 2016. 2016: 224-237.
[14]	SHACHAM H , WATERS B . Compact proofs of retrievability[J]. Journal of Cryptology, 2013,26(3): 442-83.
[15]	SHAMIR A . Identity-based cryptosystems and signature schemes[C]// Advances in Cryptology—CRYPTO 1984. 1984: 47-53.
[16]	YU Y , AU M H , ATENIESE G ,et al. Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2017,12(4): 767-78.
[17]	ZHANG Y , YU J , HAO R ,et al. Enabling efficient user revocation in identity-based cloud storage auditing for shared big data[J]. IEEE Transactions on Dependable and Secure Computing, 2020,17(3): 608-619.
[18]	WENTING S , JING Q , JIA Y ,et al. Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2019,14(2): 331-46.
[19]	BELLARE M , NAMPREMPRE C , NEVEN G . Security proofs for identity-based identification and signature schemes[J]. Journal of Cryptology, 2009,22(1): 1-61.
[20]	GALINDO D , HERRANZ J , KILTZ E . On the generic construction of identity-based signatures with additional properties[C]// Advances in Cryptology–ASIACRYPT 2006. 2006: 178-193.
[21]	BONEH D , LYNN B , SHACHAM H . Short signatures from the Weil pairing[J]. Pairings and Their Use in Cryptology, 2004,17(4): 297-319.
[22]	SINGH S , THOKCHOM S . Public integrity auditing for shared dynamic cloud data[C]// 6th International Conference on Smart Computing and Communications (ICSCC), 2018: 698-708.

符号	意义
\|\|G\|\|	群中元素二进制长度
\|\|Z_p\|\|	整数集合中二进制长度
BP	双线性对计算开销
E	指数计算开销
H	哈希计算开销

具有紧凑标签的基于身份匿名云审计方案

Identity-based anonymous cloud auditing scheme with compact tags

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 22

相关文章 15

Metrics

推荐阅读 0

[1]	陈赛特, 李卫海, 姚远志, 俞能海. 轻量级K匿名增量近邻查询位置隐私保护算法[J]. 网络与信息安全学报, 2023, 9(3): 60-72.
[2]	肖敏, 毛发英, 黄永洪, 曹云飞. 基于属性签名的车载网匿名信任管理方案[J]. 网络与信息安全学报, 2023, 9(2): 33-45.
[3]	许建龙, 林健, 黎宇森, 熊智. 分布式用户隐私保护可调节的云服务个性化QoS预测模型[J]. 网络与信息安全学报, 2023, 9(2): 70-80.
[4]	孙哲, 宁洪, 殷丽华, 方滨兴. 基于教学实训靶场的“数据隐私保护”课程建设初探[J]. 网络与信息安全学报, 2023, 9(1): 178-188.
[5]	白雪, 秦宝东, 郭瑞, 郑东. 基于SM2的两方协作盲签名协议[J]. 网络与信息安全学报, 2022, 8(6): 39-51.
[6]	肖敏, 姚涛, 刘媛妮, 黄永洪. 具有隐私保护的动态高效车载云管理方案[J]. 网络与信息安全学报, 2022, 8(6): 70-83.
[7]	明盛智, 朱建明, 隋智源, 张娴. 信息增值机制下在线医疗隐私保护策略[J]. 网络与信息安全学报, 2022, 8(6): 169-177.
[8]	张娴, 朱建明, 隋智源, 明盛智. 数字货币交易匿名性与监管的博弈分析[J]. 网络与信息安全学报, 2022, 8(5): 150-157.
[9]	刘峰, 杨杰, 齐佳音. 区块链密码学隐私保护技术综述[J]. 网络与信息安全学报, 2022, 8(4): 29-44.
[10]	金琳, 田有亮. 基于区块链的多权限属性隐藏电子病历共享方案[J]. 网络与信息安全学报, 2022, 8(4): 66-76.
[11]	张伟成, 卫红权, 刘树新, 普黎明. 5G移动边缘计算场景下的快速切换认证方案[J]. 网络与信息安全学报, 2022, 8(3): 154-168.
[12]	陈前昕, 毕仁万, 林劼, 金彪, 熊金波. 支持多数不规则用户的隐私保护联邦学习框架[J]. 网络与信息安全学报, 2022, 8(1): 139-150.
[13]	高振升, 曹利峰, 杜学绘. 基于区块链的访问控制技术研究进展[J]. 网络与信息安全学报, 2021, 7(6): 68-87.
[14]	杨冠群, 刘荫, 徐浩, 邢宏伟, 张建辉, 李恩堂. 基于区块链的电网可信分布式身份认证系统[J]. 网络与信息安全学报, 2021, 7(6): 88-98.
[15]	宋甫元, 秦拯, 张吉昕, 刘羽. 基于访问控制安全高效的多用户外包图像检索方案[J]. 网络与信息安全学报, 2021, 7(5): 29-39.