支持身份认证的数据持有性证明方案

doi:10.11959/j.issn.1000-436x.2016203

通信学报 ›› 2016, Vol. 37 ›› Issue (10): 117-127.doi: 10.11959/j.issn.1000-436x.2016203

支持身份认证的数据持有性证明方案

李昊星¹,李凤华^1,²,宋承根³,阎亚龙³

¹ 西安电子科技大学综合业务网理论与关键技术国家重点实验室，陕西西安 710071
² 中国科学院信息工程研究所信息安全国家重点实验室，北京 100093
³ 北京电子科技学院信息安全研究所，北京 100070

出版日期:2016-10-25 发布日期:2016-10-25
基金资助:
国家自然科学面上基金资助项目;国家高技术研究发展计划（“863”计划）基金资助项目;国家自然科学基金—广东联合基金资助项目

Provable data possession scheme with authentication

Hao-xing LI¹,Feng-hua LI^1,²,Cheng-gen SONG³,Ya-long YAN³

¹ State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an 710071,China
² State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China
³ Information Security Institute,Beijing Electronic Science and Technology Institute,Beijing 100070,China

Online:2016-10-25 Published:2016-10-25
Supported by:
The National Natural Science Foundation of China General Project;The National High Technol-ogy Research and Development Program of China (863 Program);The National Natural Science Foundation of China-Guangdong Provincial People’s Government of the Joint Natural Science Fund Projects

摘要/Abstract

摘要：

针对云应用场景中身份认证和数据持有性证明的双重需求，提出一种支持身份认证的数据持有性证明方案。基于数据标签签名和随机数复用，新方案通过3次交互即可实现用户对云持有数据的完整性验证、用户与云服务器之间的双向身份认证以及会话密钥协商与确认。与使用认证密钥协商和数据持有性证明的组合方案相比，新方案具有较少的运算量和交互轮次以及可证明的安全性。在随机预言机模型下，基于计算性 Diffie-Hellman 问题假设，给出方案的安全性证明。

关键词: 认证, 数据持有, 云计算, 可证明安全, 随机预言机

Abstract:

To satisfy the requirements of identity authentication and data possession proven in the cloud application scenarios,a provable data possession scheme with authentication was proposed.Based on data tag signature and randomness reusing,the proposed scheme could accomplish several issues with three interactions,including the possession proof of cloud data,the mutual authentication between user and cloud computing server,the session key agreement and confirmation.Compared to the simple combination of authentication key agreement and provable data possession schemes,the proposed scheme has less computation and interactions,and better provable securities.In the random oracle model,the security proof of the proposed scheme is given under the computational Diffie-Hellman assumption.

Key words: authentication, data possession, cloud computing, provable security, random oracle

李昊星,李凤华,宋承根,阎亚龙. 支持身份认证的数据持有性证明方案[J]. 通信学报, 2016, 37(10): 117-127.

Hao-xing LI,Feng-hua LI,Cheng-gen SONG,Ya-long YAN. Provable data possession scheme with authentication[J]. Journal on Communications, 2016, 37(10): 117-127.

图/表 6

图1

图2

表1

表2

图3

图4

参考文献 20

[1]	BUYYA R , YEO C S , VENUGOPAL S ,et al. Cloud computing and emerging IT platforms:vision,hype,and reality for delivering computing as the 5th utility[J]. Future Generation Computer Systems, 2009,25(6): 599-616.
[2]	WU J , SHEN Q , WANG T ,et al. Recent advances in cloud security[J]. Journal of Computers, 2014,5(10): 2156-2163.
[3]	ATENIESE G , BURNS R , CURTMOLA R ,et al. Provable data possession at untrusted stores[C]// Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM, 2007: 598-609.
[4]	BOWERS K D , JUELS A , OPREA A . Proofs of retrievability:theory and implementation[C]// ACM Cloud Computing Security Workshop,CCSW 2009. Chicago,Il,USA, 2009: 43-54.
[5]	CHOUDHURY A J , KUMAR P , SAIN M ,et al. A strong user authentication framework for cloud computing[C]// IEEE Asia-Pacific Services Computing Conference. Jeju,Korea, 2011: 110-115.
[6]	LIU C , CHEN J , YANG L T ,et al. Authorized public auditing of dynamic big data storage on cloud with efficient verifiable fine-grained updates[J]. IEEE Transactions on Parallel ＆ Distributed Systems, 2014,25(9): 2234-2244.
[7]	GRITTI C , SUSILO W , PLANTARD T . Efficient dynamic provable data possession with public verifiability and data privacy[M]// Information Security and Privacy. Springer International Publishing, 2015: 395-412.
[8]	WANG B , LI B , LI H . Panda:public auditing for shared data with efficient user revocation in the cloud[J]. IEEE Transactions on Services Computing, 2015(1): 92-106.
[9]	SHEN S T , ZENG W G . Delegable provable data possession for remote data in the clouds[M]// Information and Communications Security. Springer Berlin Heidelberg, 2011: 93-111.
[10]	WANG H . Proxy provable data possession in public clouds[J]. IEEE Transactions on Services Computing, 2013,6(4): 551-559.
[11]	RUAN H M , LEI C L . Fine-grained audit privilege control for integrity audit on cloud storage[C]// 2014 Ninth Asia Joint Conference on Information Security (ASIA JCIS). IEEE, 2014: 156-163.
[12]	XU J , CHEN W , JI S ,et al. A novel preserving client privacy and designate verifier auditing scheme for cloud storage[J]. International Journal of Security and Its Applications, 2015,9(1): 295-304.
[13]	NIMMY K , SETHUMADHAVAN M . Novel mutual authentication protocol for cloud computing using secret sharing and steganography[C]// Applications of Digital Information and Web Technologies. IEEE, 2014: 101-106.
[14]	HAO Z , ZHONG S , YU N ,et al. A time-bound ticket-based mutual authentication scheme for cloud computing[J]. International Journal of Computers Communications ＆ Control, 2011,(VI2): 227-235.
[15]	HUANG J J , JUANG W S , FAN C I ,et al. Robust and privacy protection authentication in cloud computing[J]. International Journal of Innovative Computing,Information and Control, 2013,9(11): 4247-4261.
[16]	NAGARAJU S , PARTHIBAN L . SecAuthn:provably secure multifactor authentication for the cloud computing systems[J]. Indian Journal of Science and Technology, 2016,9(9).
[17]	HAHN C , KWON H , KIM D ,et al. Enhanced authentication for outsourced educational contents through provable block possession[J]. Multimedia Tools ＆ Applications, 2015,23: 1-20.
[18]	CREMERS C , FELTZ M . Beyond eCK:perfect forward secrecy under actor compromise and ephemeral-key reveal[J]. Designs,Codes and Cryptography, 2015,74(1): 183-218.
[19]	KRAWCZYK H , . HMQV:a high-performance secure Diffie-Hellman protocol[C]// Advances in Cryptology–CRYPTO 2005. Springer Berlin Heidelberg, 2005: 546-566.
[20]	SCOTT M , . MIRACL-multiprecision integer and rational arithmetic C/C++ library(1988-2007)[EB/OL]. .

方案	类型		运算量		存储损耗		通信损耗		交互次数
方案	类型	P	U	S	U	S	U	S	交互次数
SIG(NAXOS)^[18]方案	AKA	2e	3e+1sig+3h+1ver	3e+1sig+3h+1ver	O(1)	O(1)	O(1)	O(1)	2
HMQV^[19]方案	AKA	2e	2e+2h	2e+2h	O(1)	O(1)	O(1)	O(1)	2
S-PDP^[3]方案	PDP	2e+1h	(n+3)e+(n+1)h+(2n+3)f	(n+1)e+(n+1)h+2nf	O(1)	O(n)	O(1)	O(1)	2
PPDP^[10]方案	PDP	2e+1h	2p+(n+1)e+2nf	ne+2nf	O(1)	O(n)	O(1)	O(1)	2
Hahn^[17]方案	PDP	1e+(2n-1)h	(n+1)e+(3n+2)h+(n+2)f	(3n+2)e+(3n+3)h+(n+1)f	O(n)	O(n)	O(log n)	O(1)	3
本文方案	PDP+AKA	1e+1h	5e+1E+3h+(n+1)f	(n+4)e+4h+1E+1f	O(1)	O(n)	O(n)	O(1)	3

基础运算	平均消耗时间
1 024位DH(17位幂)	0.82 ms
1 024位DH(1 024位幂)	11.69 ms
1 024位DH(160位幂)	1.36 ms
AES加/解密	2.07 μs/16 byte
SHA1	4.35 μs /64 byte
伪随机数生成算法	0.33 μs /20 byte

支持身份认证的数据持有性证明方案

Provable data possession scheme with authentication

在线阅读

PDF下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 20

相关文章 15

Metrics

推荐阅读 0

[1]	马玲, 樊漆亮, 许婷, 郭冠琛, 张圣林, 孙永谦, 张玉志. 基于强化学习的在线离线混部云环境下的调度框架[J]. 通信学报, 2023, 44(6): 90-102.
[2]	张海波, 兰凯, 陈舟, 王汝言, 邹灿, 王明月. 车联网中基于环的匿名高效批量认证与组密钥协商协议[J]. 通信学报, 2023, 44(6): 103-116.
[3]	刘雪娇, 钟强, 夏莹杰. 基于双层分片区块链的车联网跨信任域高效认证方案[J]. 通信学报, 2023, 44(5): 213-223.
[4]	夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123.
[5]	李玮, 刘春, 谷大武, 孙文倩, 高建宁, 秦梦洋. Saturnin-Short轻量级认证加密算法的统计无效故障分析[J]. 通信学报, 2023, 44(4): 167-175.
[6]	王圣宝, 周鑫, 文康, 翁柏森. 适用于智能电网的三方认证密钥交换协议[J]. 通信学报, 2023, 44(2): 210-218.
[7]	田有亮, 田茂清, 高鸿峰, 何淼, 熊金波. 面向群智感知应用的基于协作的位置认证方案[J]. 通信学报, 2022, 43(9): 121-133.
[8]	冯霞, 崔凯平, 谢晴晴, 王良民. VANET中基于区块链的分布式匿名认证方案[J]. 通信学报, 2022, 43(9): 134-147.
[9]	王振宇, 郭阳, 李少青, 侯申, 邓丁. 面向轻量级物联网设备的高效匿名身份认证协议设计[J]. 通信学报, 2022, 43(7): 49-61.
[10]	王竹, 杨思琦, 李凤华, 耿魁, 彭婷婷, 史梦瑶. 高效可证明安全的无证书有序聚合签名方案[J]. 通信学报, 2022, 43(5): 58-67.
[11]	廉欢欢, 侯慧莹, 赵运磊. 后量子基于验证元的三方口令认证密钥交换协议[J]. 通信学报, 2022, 43(4): 95-106.
[12]	张应辉, 胡凌云, 李艺昕, 宁建廷, 郑东. 空间信息网络中基于动态撤销机制的安全高效批量认证方案[J]. 通信学报, 2022, 43(4): 164-176.
[13]	尹安琪, 郭渊博, 汪定, 曲彤洲, 陈琳. 可证明安全的抗量子两服务器口令认证密钥交换协议[J]. 通信学报, 2022, 43(3): 14-29.
[14]	郭渊博, 尹安琪. 基于格的口令认证密钥交换协议综述[J]. 通信学报, 2022, 43(12): 172-187.
[15]	曹进, 卜秋雨, 杨元元, 李晖, 刘樵, 马懋德. 基于位置密钥的增强型北斗用户设备接入认证协议[J]. 通信学报, 2022, 43(11): 80-89.