基于同态加密的动态多副本数据持有性验证方法研究

发布时间：2019-05-27 17:10

【摘要】：在云存储环境下,如何高效、动态地完成多副本数据的完整性审计是一项极具挑战性的问题。数据所有者为了节约存储成本,通过远程服务将数据外包存储在云服务端。由于云服务提供商(CSP)不完全可信,因而外包数据的安全性将受到严重威胁。另一方面,CSP为了节省存储成本,可能会恶意删除、篡改一些不经常使用的数据或资料副本,因此数据所有者(DO)或第三方审计(TPA)需要定期验证按照服务等级协议(SLA)要求存储的多个数据副本的完整性。本文主要研究工作如下:1.本文研究并提出了一个基于ElGamal加密的动态多副本数据持有性验证方法。首先利用BLS(Boneh-Lynn-Shacham)签名和双线性映射方法实现了多副本的批量审计,避免了CSP与TPA之间的多次交互,从而降低审计过程中的通信开销;其次在各副本编号与文件连接后,利用ElGamal密码系统生成副本文件,在用户数据预处理阶段引入随机掩码实现对CSP合谋攻击的防范,并将文件标志和块位置信息添加到数据块标签中,以保证其安全性,且支持高效的动态操作;最后对验证方法的安全性进行了理论分析和实验比较。结果表明本方法在安全性、通信、计算开销方面的性能优于已有的方法,提高了文件存储和验证的效率,减少了计算开销。2.基于增量存储的多副本文件版本控制方法(Multiple Replica File Version Control Method,MRFVCM)是对动态多副本数据持有性验证方法的扩展,支持基本文件版本管理。数据所有者加密数据,创建多个副本并将其存储在云端,当更新数据时,数据文件不被直接更新,而是将增量更新。在使用MRFVCM时,数据所有者仍然可以使用动态多副本数据持有性验证方法来验证云存储的多个副本和增量的完整性。通过理论分析和实验验证,本方法能够准确验证多副本数据的完整性,同时支持数据动态更新。
[Abstract]:In the cloud storage environment, how to efficiently and dynamically complete the integrity audit of the multi-copy data is a challenging problem. In order to save the storage cost, the data owner can store the data in the cloud server through the remote service. Because the cloud service provider (CSP) is not fully trusted, the security of the outsourced data will be a serious threat. on the other hand, the csp may, in order to save storage costs, may maliciously delete, tamper with some non-frequently used data or a copy of the data, The data owner (do) or third party audit (tpa) therefore requires periodic verification of the integrity of the multiple data copies stored in accordance with the service level agreement (sla). The main research work is as follows:1. A dynamic multi-copy data holding verification method based on ElGamal encryption is presented in this paper. firstly, a batch auditing of a multi-copy is realized by using a BLS (Boneh-Lynn-Shacham) signature and a bilinear mapping method, so that a plurality of interactions between the CSP and the TPA are avoided, the communication cost in the audit process is reduced; secondly, after the copy numbers are connected with the files, a copy file is generated by using the ElGamal password system, a random mask is introduced into the user data preprocessing stage to realize the prevention of the collusion attack on the CSP, and the file mark and the block position information are added into the data block label so as to ensure the security of the CSP and support the efficient dynamic operation; Finally, the security of the verification method is analyzed and compared. The results show that the performance of the method is better than that of the existing method in the aspects of security, communication and computational overhead, and the efficiency of file storage and verification is improved, and the calculation cost is reduced. Multiple Replica File Version Control Method (MRFVCM) is an extension of the dynamic multi-copy data holding verification method and supports the basic file version management. The data owner encrypts the data, creates multiple copies and stores it in the cloud, and when the data is updated, the data file is not directly updated, but is updated incrementally. When using MRFVCM, the data owner can still use the dynamic multi-copy data-holding verification method to verify the integrity of multiple copies and increments of the cloud storage. Through the theoretical analysis and the experimental verification, the method can accurately verify the integrity of the multi-copy data, and support the dynamic updating of the data.
【学位授予单位】：西安建筑科技大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP333;TP309.7

【相似文献】