网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (6): 156-168.doi: 10.11959/j.issn.2096-109x.2022087

• 学术论文 • 上一篇    下一篇

具有紧凑标签的基于身份匿名云审计方案

卢晨昕1, 陈兵2, 丁宁2, 陈立全1, 吴戈1   

  1. 1 东南大学网络空间安全学院,江苏 无锡 214081
    2 宿迁市互联网信息办公室,江苏 宿迁 223834;
  • 修回日期:2022-06-28 出版日期:2022-12-15 发布日期:2023-01-16
  • 作者简介:卢晨昕(1998- ),女,福建宁德人,东南大学硕士生,主要研究方向为密码学
    陈兵(1970- ),男,江苏泗阳人,宿迁市互联网信息办公室副主任,主要研究方向为网络安全、可信体系建设
    丁宁(1990- ),女,江苏宿迁人,主要研究方向为网络安全、可信体系建设
    陈立全(1976- ),男,广西玉林人,东南大学教授、博士生导师,主要研究方向为信息安全、密码学和网络安全协议
    吴戈(1990- ),男,江苏徐州人,东南大学副研究员,主要研究方向为密码学
  • 基金资助:
    国家重点研发计划(2020YFE0200600);国家自然科学基金(62002058);江苏省自然科学基金(BK20200391);中央高校基本科研业务费专项资金(2242021R40011);宿迁市网信领域研究课题

Identity-based anonymous cloud auditing scheme with compact tags

Chenxin LU1, Bing CHEN2, Ning DING2, Liquan CHEN1, Ge WU1   

  1. 1 School of Cyber Science and Engineering, Southeast University, Wuxi 214081, China
    2 Cyberspace Administration of Suqian City, Suqian 223834, China
  • Revised:2022-06-28 Online:2022-12-15 Published:2023-01-16
  • Supported by:
    The National Key R&D Program of China(2020YFE0200600);The National Natural Science Foundation of China(62002058);Natural Science Foundation of Jiangsu Province(BK20200391);Fundamental Research Funds for the Central Universities(2242021R40011);Research Topic in the Network Communicaiton Field in Suqian

摘要:

云存储技术具有效率高、可扩展性强等优点。用户可以借助云存储技术节省本地的存储开销,并与他人共享数据。然而,数据存储到云服务器后,用户失去对数据的物理控制,需要有相应的机制保证云中数据的完整性。数据拥有证明(PDP,provable data possession)机制允许用户或用户委托的第三方审计员(TPA,third party auditor)对数据完整性进行验证。但在实际应用中,数据通常由多个用户共同维护,用户在进行完整性验证请求的同时泄露了自己的身份。匿名云审计支持 TPA 在完成数据完整性验证时保证用户的匿名性。在基于身份体制下,匿名云审计方案通常需要借助基于身份的环签名或群签名技术实现,数据标签的构成元素与用户数量相关,使得数据标签不够紧凑,存储效率较低。为了解决这一问题,提出一种基于身份的匿名云审计方案通用构造,使用一个传统体制下的签名方案和一个传统体制下的匿名云审计方案即可构造一个基于身份的匿名云审计方案。基于该通用构造,使用 BLS 签名和一个传统体制下具有紧凑标签的匿名云审计方案设计了具有紧凑标签的基于身份匿名云审计方案。该方案主要优势在于数据标签短,能够减少云服务器的存储压力,提高存储效率。此外,证明了该方案的不可欺骗性和匿名性。

关键词: 云审计, 隐私保护, 匿名, 基于身份体制, 紧凑标签

Abstract:

Cloud storage has the advantages of high efficiency and scalability.Users can save local storage cost and share data with others through cloud storage technology.However, when data is uploaded to cloud servers, its owner also loses the physical control, and hence there needs a corresponding mechanism to ensure the integrity of data stored in the cloud.The Provable Data Possession (PDP) mechanism allows users or a Third-Party Auditor (TPA) appointed by the user to verify data integrity.In practice, data is usually maintained by multiple users.Users may reveal their identities while making an integrity verification request in traditional auditing processes.Anonymous cloud auditing ensures anonymity of users against the TPA during auditing.Currently, in identity-based systems, anonymous cloud auditing schemes usually resort to identity-based ring signature or group signature schemes.As a result, the size of a tag is related to the number of users, which makes it not compact and causes high storage cost.In order to solve this issue, a general construction of identity-based anonymous cloud auditing scheme was proposed.With a signature scheme and an anonymous cloud auditing scheme, a concrete identity-based anonymous cloud auditing scheme based on the general construction was proposed.It combined theBLS signature and an anonymous cloud auditing scheme with compact tags.The main advantage of this solution is that the tags are compact, which can significantly reduce storage cost and improve storage efficiency.Furthermore, the uncheatability and anonymity of the scheme are proved.

Key words: cloud auditing, privacy protection, anonymous, identity-based system, compact tags

中图分类号: 

No Suggested Reading articles found!