边缘环境下基于无证书公钥密码的数据完整性审计方案

doi:10.11959/j.issn.1000-436x.2022130

通信学报 ›› 2022, Vol. 43 ›› Issue (7): 62-72.doi: 10.11959/j.issn.1000-436x.2022130

边缘环境下基于无证书公钥密码的数据完整性审计方案

王子园¹^,², 杜瑞忠²^,³

¹ 河北大学管理学院，河北保定 071002
² 河北省高可信信息系统重点实验室，河北保定 071002
³ 河北大学网络空间安全与计算机学院，河北保定 071002

修回日期:2022-06-02 出版日期:2022-07-25 发布日期:2022-06-01
作者简介:王子园（1996- ），男，河北保定人，河北大学博士生，主要研究方向为信息安全、数据完整性审计
杜瑞忠（1975- ），男，河北献县人，博士，河北大学教授、博士生导师，主要研究方向为可信计算、信息安全等
基金资助:
国家自然科学基金资助项目(61572170);河北省自然科学基金重点资助项目(F2019201290)

Certificateless public key cryptography based provable data possession scheme in edge environment

Ziyuan WANG¹^,², Ruizhong DU²^,³

¹ School of Management, Hebei University, Baoding 071002, China
² Key Lab on High Trusted Information System in Hebei Province, Baoding 071002, China
³ School of Cyber Security and Computer, Hebei University, Baoding 071002, China

Revised:2022-06-02 Online:2022-07-25 Published:2022-06-01
Supported by:
The National Natural Science Foundation of China(61572170);Key Project of Natural Science Foundation of Hebei Province(F2019201290)

摘要/Abstract

摘要：

边缘环境下，当数据传输到云端时需途经边缘节点这一新的实体，这使数据安全问题变得更加复杂，数据的机密性和完整性很难得到保证，传统的数据完整性审计方案不适用于设备繁多的边缘环境。基于此，提出了一种边缘环境下基于无证书公钥密码的数据完整性审计方案，结合在线/离线签名思想，在边缘节点半可信的情况下，用户设备只需在上传数据时进行轻量级的计算，其余计算量交由离线阶段执行。该方案利用边缘节点进行审计工作，同时支持不同存储状态下的审计和隐私保护等特性。安全性分析表明，所提方案在随机预言模型下能有效应对三类敌手攻击，证明该方案是安全的。与其他方案进行实验对比，结果显示所提方案时间开销最低。

关键词: 边缘计算, 数据完整性审计, 在线/离线签名, 无证书公钥密码

Abstract:

In the edge environment, data transmission to the cloud needs to pass through a new entity, the edge node, which makes the data security problem more complicated, the confidentiality and integrity of data are difficult to be guaranteed, and the traditional provable data possession scheme is not suitable for the edge environment with a large number of devices.Based on this, a certificateless public key cryptography based provable data possession scheme was proposed for the edge environment, combining the online/offline signature idea, where the user device only needed to perform light computation when uploading data in the case of semi-trusted edge nodes, leaving the rest of the computation to be performed in the offline phase.The scheme used edge nodes for auditing work while supporting auditing in different storage states, as well as privacy protection and other features.The security analysis shows that the proposed scheme is proven to be secure by being able to effectively combat three types of adversary attacks under a stochastic prediction model.Experimental comparisons with other schemes show that the proposed scheme has lowest time overhead.

Key words: edge computing, provable data possession, online/offline signature, certificateless public key cryptography

中图分类号:

TP309

王子园, 杜瑞忠. 边缘环境下基于无证书公钥密码的数据完整性审计方案[J]. 通信学报, 2022, 43(7): 62-72.

Ziyuan WANG, Ruizhong DU. Certificateless public key cryptography based provable data possession scheme in edge environment[J]. Journal on Communications, 2022, 43(7): 62-72.

图/表 11

图1

表1

图2

图3

表2

数据上传时的时间复杂度分析"

方案	用户层	边缘层	边缘节点
CLPDP	$n H + 2 n {Mul}_{Z_{p}}$	—	—
tHKWWC	$n H + 2 n {Mul}_{Z_{p}}$	—	—
CL-PAS	$2 n H + 2 n {Mul}_{Z_{p}}$	—	—
文献[19]	$n H + n {Mul}_{Z_{p}} + 2 n Exp$	—	可信
文献[20]	$n H + n {Mul}_{Z_{p}} + 2 n Exp$	—	半可信
本文	$n H + n {Mul}_{Z_{p}}$	—	半可信

表2

表3

图4

图5

图6

表4

表5

参考文献 22

[1]	ATENIESE G , BURNS R , CURTMOLA R ,et al. Provable data possession at untrusted stores[C]// Proceedings of the 14th ACM Conference on Computer and Communications Security. New York:ACM Press, 2007: 598-609.
[2]	谭霜, 贾焰, 韩伟红 . 云存储中的数据完整性证明研究及进展[J]. 计算机学报, 2015,38(1): 164-177.
	TAN S , JIA Y , HAN W H . Research and development of provable data integrity in cloud storage[J]. Chinese Journal of Computers, 2015,38(1): 164-177.
[3]	SHI W S , PALLIS G , XU Z W . Edge computing scanning the issue[J]. Proceedings of the IEEE, 2019,107(8): 1474-1481.
[4]	施巍松, 张星洲, 王一帆 ,等. 边缘计算:现状与展望[J]. 计算机研究与发展, 2019,56(1): 69-89.
	SHI W S , ZHANG X Z , WANG Y F ,et al. Edge computing:state-of-the-art and future directions[J]. Journal of Computer Research and Development, 2019,56(1): 69-89.
[5]	张佳乐, 赵彦超, 陈兵 ,等. 边缘计算数据安全与隐私保护研究综述[J]. 通信学报, 2018,39(3): 1-21.
	ZHANG J L , ZHAO Y C , CHEN B ,et al. Survey on data security and privacy-preserving for the research of edge computing[J]. Journal on Communications, 2018,39(3): 1-21.
[6]	OQAILY M , JARRAYA Y , MOHAMMADY M ,et al. SegGuard:segmentation-based anonymization of network data in clouds for privacy-preserving security auditing[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(5): 2486-2505.
[7]	YANG Y , CHEN Y J , CHEN F . A compressive integrity auditing protocol for secure cloud storage[J]. IEEE/ACM Transactions on Networking,2021:doi.org/10.1109/TNET.2021.3058130.
[8]	CHEN X Y , SHANG T , ZHANG F ,et al. Dynamic data auditing scheme for big data storage[J]. Frontiers of Computer Science, 2020,14(1): 219-229.
[9]	KONSTA A , MYTILINIS I , DOKA K ,et al. Clouseau:blockchain-based data integrity for HDFS clusters[C]// Proceedings of 2021 IEEE 37th International Conference on Data Engineering. Piscataway:IEEE Press, 2021: 2725-2728.
[10]	TIAN M , YE S , ZHONG H ,et al. Identity-based proofs of storage with enhanced privacy[C]// Proceedings of International Conference on Algorithms and Architectures for Parallel Processing.[S.l.:s.n.], 2018: 461-480.
[11]	SHEN W T , QIN J , YU J ,et al. Enabling identity-based integrity auditing and data sharing with sensitive information hiding for secure cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2019,14(2): 331-346.
[12]	LI Y N , YU Y , MIN G Y ,et al. Fuzzy identity-based data integrity auditing for reliable cloud storage systems[J]. IEEE Transactions on Dependable and Secure Computing, 2019,16(1): 72-83.
[13]	WANG H Q . Identity-based distributed provable data possession in multicloud storage[J]. IEEE Transactions on Services Compu ting, 2015,8(2): 328-340.
[14]	YU H Y , CAI Y Q , SINNOTT R O ,et al. ID-based dynamic replicated data auditing for the cloud[J]. Concurrency and Computation:Practice and Experience, 2019,31(11): 1-12.
[15]	WANG F , XU L , WANG H Q ,et al. Identity-based non-repudiable dynamic provable data possession in cloud storage[J]. Computers ＆Electrical Engineering, 2018,69: 521-533.
[16]	HE D B , KUMAR N , WANG H Q ,et al. Privacy-preserving certificateless provable data possession scheme for big data storage on cloud[J]. Applied Mathematics and Computation, 2017,314: 31-43.
[17]	JI Y Y , SHAO B L , CHANG J Y ,et al. Privacy-preserving certificateless provable data possession scheme for big data storage on cloud,revisited[J]. Applied Mathematics and Computation, 2020,386:125478.
[18]	GAO G M , FEI H X , QIN Z F . An efficient certificateless public auditing scheme in cloud storage[J]. Concurrency and Computation:Practice and Experience, 2020,32(24): e5924.
[19]	WANG T , MEI Y X , LIU X X ,et al. Edge-based auditing method for data security in resource-constrained Internet of things[J]. Journal of Systems Architecture, 2021,114:101971.
[20]	LIU D Z , SHEN J , VIJAYAKUMAR P ,et al. Efficient data integrity auditing with corrupted data recovery for edge computing in enterprise multimedia security[J]. Multimedia Tools and Applications, 2020,79(15/16): 10851-10870.
[21]	LI B , HE Q , CHEN F F ,et al. Auditing cache data integrity in the edge computing environment[J]. IEEE Transactions on Parallel and Distributed Systems, 2021,32(5): 1210-1223.
[22]	边缘计算产业联盟(ECC)与工业互联网产业联盟(AII)联合发布. 边缘计算安全白皮书[R]. 2019.
	Edge Compting Consortium (ECC) and Alliance of Industrial Internet (AII) Jointly Publish. Edge compting security white paper[R]. 2019.

参数	含义
H ₁,H₂	安全的哈希函数
z	KGC主密钥
P_pub=zP	KGC系统公钥
ID_u	设备u的身份信息
D _u =zQ_u	设备u的部分私钥
PK_u,SK_u	设备u的完整公私钥对
SK_EdgeS/CS	存储节点的私钥
m_i	数据块
δ_i	数据块签名
θ	用户选择的数据F存储状态

角色	系统参数/ms	部分私钥/ms	完全密钥/ms
KGC	2.341	0.859	—
用户	—	—	2.652

取样数/个	CLPDP方案/ms	tHKWWC方案/ms	CL-PAS/ms	文献[19]方案/ms	文献[20]方案/ms	本文方案/ms
300	7.92	7.84	11.46	14.32	13.10	10.98
460	12.23	11.98	16.84	17.33	16.87	16.45

取样数/个	CLPDP方案/ms	tHKWWC方案/ms	CL-PAS/ms	文献[19]方案/ms	文献[20]方案/ms	本文方案/ms
300	17.43	16.93	25.42	36.45	37.58	24.37
460	26.68	26.33	38.96	52.39	53.18	37.21

边缘环境下基于无证书公钥密码的数据完整性审计方案

Certificateless public key cryptography based provable data possession scheme in edge environment

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 22

相关文章 15

Metrics

推荐阅读 0

[1]	鲁蔚锋, 李宁, 徐佳, 徐力杰, 徐建. 多接入边缘计算中相关性任务的联合调度算法[J]. 通信学报, 2023, 44(4): 87-98.
[2]	苏新, 张桂福, 行鸿彦, Zenghui Wang. 基于平衡生成对抗网络的海洋气象传感网入侵检测研究[J]. 通信学报, 2023, 44(4): 124-136.
[3]	谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215.
[4]	余雪勇, 邱礼翔, 宋家宁, 朱洪波. 无人机辅助边缘计算中安全通信与能效优化策略[J]. 通信学报, 2023, 44(3): 45-54.
[5]	范伟, 彭诚, 朱大立, 王雨晴. 移动边缘计算网络下基于静态贝叶斯博弈的入侵响应策略研究[J]. 通信学报, 2023, 44(2): 70-81.
[6]	赵庶旭, 韦萍, 王小龙. 多任务并发边缘计算环境中最优联盟结构生成策略[J]. 通信学报, 2023, 44(2): 172-184.
[7]	龙隆, 刘子辰, 陆在旺, 张玉成, 李蕾. 移动边缘网络下服务缓存与资源分配联合优化策略[J]. 通信学报, 2023, 44(1): 64-74.
[8]	张宇, 程旻. NDN中边缘计算与缓存的联合优化[J]. 通信学报, 2022, 43(8): 164-175.
[9]	王竹, 杨思琦, 李凤华, 耿魁, 彭婷婷, 史梦瑶. 高效可证明安全的无证书有序聚合签名方案[J]. 通信学报, 2022, 43(5): 58-67.
[10]	莫梓嘉, 高志鹏, 杨杨, 林怡静, 孙山, 赵晨. 面向车联网数据隐私保护的高效分布式模型共享策略[J]. 通信学报, 2022, 43(4): 83-94.
[11]	杨力, 潘成胜, 孔相广, 黄琦龙, 戚耀文. 5G融合卫星网络研究综述[J]. 通信学报, 2022, 43(4): 202-215.
[12]	王继锋, 王国峰. 边缘计算模式下密文搜索与共享技术研究[J]. 通信学报, 2022, 43(4): 227-238.
[13]	曹敦, 张应宝, 邹电, 王进, 汤强, 冀保峰. V2X多节点协同分布式卸载策略[J]. 通信学报, 2022, 43(2): 185-195.
[14]	孙俨, 熊翱, 蒋承伶, 王威, 于东晓, 郭少勇. 基于区块链的计算与无线通信资源联合管理双向拍卖模型[J]. 通信学报, 2022, 43(11): 14-25.
[15]	苏新, 孟蕾蕾, 周一青, CELIMUGE Wu. 基于深度强化学习的海洋移动边缘计算卸载方法[J]. 通信学报, 2022, 43(10): 133-145.