云存储中数据完整性的聚合盲审计方法研究
发布时间:2018-07-25 14:17
【摘要】:云存储是云计算的一种重要服务,允许数据所有者将其数据托管在云服务器中,并通过网络向用户提供数据访问。通过这种数据的外包服务,可以给数据所有者带来诸多方便:1)减少存储管理的压力;2)减少存储硬件和软件以及数据维护的费用;3)可以实现任意地点、任意时间的数据访问。与此同时,云存储也带来了新的安全问题。数据存储在云端后,其安全性高度依赖于云服务提供商。事实上云服务提供商是不能被完全信任的。首先,由于自然灾害、硬件故障、软件故障和黑客攻击等原因不可避免地造成数据的丢失。其次,云服务提供商可能对数据所有者的数据采取不可信的行为。如通过丢弃没有或很少被访问的数据来节省存储空间,或者隐瞒数据损坏事件来维护其声誉。由此可以看出,云存储并不能保证数据所有者数据的完整性。传统基于签名或者消息验证码的完整性验证方法需要先从云服务器下载全部原始数据,然后验证对应的签名或者消息验证码的正确性。在云存储环境下,因数据量大,该方法是非常低效的。为了安全高效地验证云端数据的完整性,第三方审计方法是近年来的研究热点。数据所有者将数据文件分块并为每一数据块计算相应的数据标签。数据块和标签都存储在云端,审计者通过抽样检查部分数据块与标签是否匹配来验证数据的完整性。其优势有:1)不需要下载全部原始数据。2)将审计工作委托给审计者,减轻了数据所有者的负担。3)为数据所有者和云服务器商提供公平可信的审计结果。在第三方审计过程中,必须保证审计者是在不能获取数据内容的前提下进行盲审计。否则,它将给所有者的数据带来新的安全问题。当考虑群组中多用户都可以对云端同一份数据文件进行访问和修改时,共享数据的完整性审计面临着新的挑战,比如身份隐私保护和用户撤销等问题。数据所有者关心其数据完整性的同时,云服务提供商同样会关注存储效率。当将重复数据删除技术和完整性审计结合考虑时,重删数据的完整性审计面临着新的挑战,比如密文情况下重复数据删除和重复标签删除,以及重删后怎么样进行完整性审计。当检查到云端数据被破坏或者丢失时,数据所有者更关心的是被破坏或丢失的数据能否被修复。当考虑再生码存储数据的完整性审计问题时,其面临着新的挑战,比如分布式存储的完整性审计和错误定位、修复过程的污染攻击以及支持编码数据更新的动态审计。本文从个人数据、共享数据、密文重删数据和再生码存储数据等四个方面对云存储中的数据完整性审计问题进行研究,提出了不同情况下的盲审计方法分别解决不同的关键问题。论文的主要工作可以总结为以下几个方面:(1)提出了一种基于双线性映射加密的个人数据完整性盲审计方法。首先,设计了个人数据盲审计方案的框架并给出了相应的定义,该定义由5个算法组成。利用双线性对映射的性质,在云服务器端将数据证据和标签证据加密后再合并,实现审计者在不知数据内容的情况下进行盲审计。其次,设计高效的索引机制支持数据更新,使数据更新操作不会导致大量额外的计算和通信开销,实现了动态审计。最后针对多个审计请求,设计将不同的证据聚合的方法,以支持对多所有者多云服务器多文件的批量审计,使批量审计的通信开销与审计请求的数量无关。理论分析和实验结果表明,该方法是可证明安全的,与现有的方案相比,提出的方案有效提高了审计效率。(2)提出了一种基于代理重签名的共享数据完整性盲审计方法。设计了共享数据盲审计方案的框架并给出了相应的定义,该定义由6个算法组成。结合共享数据的特点,重点研究审计过程中身份隐私保护和用户撤销问题。利用代理重签名方法,计算标签证据时将其他用户签名的标签转成成质询用户签名的标签,从而实现身份隐私保护。同时使得审计开销与用户数据无关。该方法还实现了用户直接撤销,不需要重新计算被撤销用户签名的标签。详细的安全性分析表明,本章的方案是可证明安全的。与现有的方案相比,在审计和用户撤销等方面提高了效率。(3)提出了一种基于代理重加密的密文重删数据完整性盲审计方法。设计了密文重删数据盲审计方案的框架并给出了相应的定义,该定义由7个算法组成。在同一框架下实现了客户端密文重复数据删除和云端数据完整性审计。利用代理重加密方法,实现了密文重删对所有者加密的密钥没有限制。设计新的标签生成方法,实现了标签重删,使得存储开销与所有者数量无关。同时,审计者可以代表任意数据所有者验证重删数据的完整性。详细的安全性分析表明,本章的方案是可证明安全的。与现有的方案相比,在审计和重删等方面提高了效率。(4)提出了一种基于增量矩阵的再生码存储数据完整性盲审计方法。设计了再生码存储数据盲审计方案的框架并给出了相应的定义,该定义由10个算法组成。审计者不仅能一次性验证存储在不同服务器上的数据的完整性,还能快速定位出错的服务器。数据修复时先进行完整性检查,以防止云服务器发起地污染攻击。为了支持动态审计,提出了基于增量矩阵和索引机制的数据更新方法,使得数据更新不需要重新下载和编码云端数据。详细的安全性分析表明,本章的方案是可证明安全的。实验结果对方案的效率进行了验证。
[Abstract]:Cloud storage is an important service in cloud computing that allows data owners to host their data in a cloud server and provide data access to users through the network. Through the outsourced service of this data, it can bring a lot of convenience to the data owners: 1) reduce storage management pressure; 2) reduce storage hardware and software and data dimension. At the same time, cloud storage also brings new security problems. When data is stored in the cloud, the security is highly dependent on cloud service providers. In fact, cloud service providers are not completely trusted. First, natural disasters, hardware failures, and software reasons. Barriers and hacker attacks inevitably cause data loss. Secondly, cloud service providers may take untrusted behavior for data owners' data, such as saving storage space by discarding data that is not or rarely accessed, or concealing data damage events to maintain their reputation. The integrity of data owner data is not guaranteed. The integrity verification method based on the traditional signature or message validation code needs to download all the original data from the cloud server first, and then verify the correctness of the corresponding signature or message authentication code. In the cloud storage environment, the method is very inefficient because of the large amount of data. The third party audit method is the research hotspot in recent years. The data owner blocks the data file and calculates the corresponding data labels for each data block. The data block and label are stored in the cloud. The auditor checks the integrity of the data by sampling the matching of the part of the data block to the label. The advantages are: 1) no need to download all the original data.2) to delegate the audit to the auditor, reduce the burden of the data owner.3) to provide a fair and credible audit result for the data owner and the cloud server. In the third party audit process, the auditor must be blinded on the premise that the data is not available. Otherwise, it will bring new security issues to the owner's data. When many users in the group can access and modify the same data file in the cloud, the integrity audit of shared data is faced with new challenges, such as identity privacy protection and user revocation. Data owners are concerned with their data integrity. At the same time, cloud service providers also pay attention to storage efficiency. When considering duplication of data deletions and integrity audits, the integrity audit of heavy censored data faces new challenges, such as repeated data deletions and repeat label deletions under the case of ciphertext, and how to carry out integrity audits after heavy censoring. When inspecting the cloud end When data is destroyed or lost, data owners are more concerned with whether the data being destroyed or lost can be repaired. When considering the integrity audit of the regenerated code storage data, it faces new challenges, such as the integrity audit and error location of the distributed storage, the pollution attack of the repair process, and the support for the update of the coded data. This paper studies the audit of data integrity in the cloud storage from four aspects, such as personal data, shared data, ciphertext censored data and regenerative code storage data, and puts forward the different key problems in different cases. The main work of this paper can be summarized as follows: (1) a blind audit method of personal data integrity based on bilinear map encryption is proposed. First, the framework of the personal data blind audit scheme is designed and the corresponding definition is given. The definition is composed of 5 algorithms. Using the properties of the bilinear pairing, the data evidence and the label evidence are encrypted and consolidated on the cloud server side. The present auditor performs a blind audit without knowing the content of the data. Secondly, the efficient index mechanism is designed to support the data updating, so that the data update operation does not lead to a large amount of additional computing and communication overhead and realizes the dynamic audit. Finally, the different methods of aggregation of evidence are designed to support multiple audit requests. The batch audit of multi cloud server multiple files makes the communication overhead of batch audit unrelated to the number of audit requests. The theoretical analysis and experimental results show that the method is proved to be safe. Compared with the existing schemes, the proposed scheme effectively improves the audit efficiency. (2) a kind of shared data integrity based on proxy re signature is proposed. The framework of the blind audit scheme of the shared data is designed and the corresponding definition is designed. The definition is composed of 6 algorithms. Combining the characteristics of the shared data, the identity privacy protection and the user revocation problem in the audit process are focused on. The proxy resignature method is used to calculate the label evidence when the labels of other users are transferred. This method also makes the audit cost unrelated to the user data. This method also implements the user direct revocation without recalculating the label of the revoked user's signature. Detailed security analysis shows that the scheme of this chapter is proved to be safe. Compared with the existing scheme, The efficiency of audit and user revocation is improved. (3) a blind data integrity audit method based on agent re encryption is proposed. The framework of the blind audit scheme of ciphertext re censoring data is designed and the corresponding definition is given. The definition is composed of 7 algorithms. In the same framework, the repeated data deletion of the client ciphertext is realized. And cloud data integrity audit. Using the agent re encryption method, there is no restriction on the encryption key of the owner. A new label generation method is designed to realize the tag deletion, which makes the storage cost unrelated to the number of the owners. At the same time, the auditor can verify the integrity of the deleted data on behalf of the owner of the data. The detailed security analysis shows that the scheme of this chapter is proved to be safe. Compared with the existing schemes, it improves the efficiency in audit and censoring. (4) a blind audit method of data integrity for regenerated codes based on incremental matrix is proposed. The framework of the regenerated code storage number based blind Audit Scheme is designed and the corresponding definition is given. The definition is composed of 10 algorithms. The auditor can not only verify the integrity of the data stored on different servers, but also quickly locate the wrong server. The integrity check is carried out to prevent the cloud server from launching pollution attacks. In order to support the dynamic audit, the incremental matrix and index machine are proposed. The data update method makes the data update without the need to re download and code the cloud data. Detailed security analysis shows that the scheme is proved to be safe. The experimental results verify the efficiency of the scheme.
【学位授予单位】:武汉大学
【学位级别】:博士
【学位授予年份】:2016
【分类号】:TP333
本文编号:2144086
[Abstract]:Cloud storage is an important service in cloud computing that allows data owners to host their data in a cloud server and provide data access to users through the network. Through the outsourced service of this data, it can bring a lot of convenience to the data owners: 1) reduce storage management pressure; 2) reduce storage hardware and software and data dimension. At the same time, cloud storage also brings new security problems. When data is stored in the cloud, the security is highly dependent on cloud service providers. In fact, cloud service providers are not completely trusted. First, natural disasters, hardware failures, and software reasons. Barriers and hacker attacks inevitably cause data loss. Secondly, cloud service providers may take untrusted behavior for data owners' data, such as saving storage space by discarding data that is not or rarely accessed, or concealing data damage events to maintain their reputation. The integrity of data owner data is not guaranteed. The integrity verification method based on the traditional signature or message validation code needs to download all the original data from the cloud server first, and then verify the correctness of the corresponding signature or message authentication code. In the cloud storage environment, the method is very inefficient because of the large amount of data. The third party audit method is the research hotspot in recent years. The data owner blocks the data file and calculates the corresponding data labels for each data block. The data block and label are stored in the cloud. The auditor checks the integrity of the data by sampling the matching of the part of the data block to the label. The advantages are: 1) no need to download all the original data.2) to delegate the audit to the auditor, reduce the burden of the data owner.3) to provide a fair and credible audit result for the data owner and the cloud server. In the third party audit process, the auditor must be blinded on the premise that the data is not available. Otherwise, it will bring new security issues to the owner's data. When many users in the group can access and modify the same data file in the cloud, the integrity audit of shared data is faced with new challenges, such as identity privacy protection and user revocation. Data owners are concerned with their data integrity. At the same time, cloud service providers also pay attention to storage efficiency. When considering duplication of data deletions and integrity audits, the integrity audit of heavy censored data faces new challenges, such as repeated data deletions and repeat label deletions under the case of ciphertext, and how to carry out integrity audits after heavy censoring. When inspecting the cloud end When data is destroyed or lost, data owners are more concerned with whether the data being destroyed or lost can be repaired. When considering the integrity audit of the regenerated code storage data, it faces new challenges, such as the integrity audit and error location of the distributed storage, the pollution attack of the repair process, and the support for the update of the coded data. This paper studies the audit of data integrity in the cloud storage from four aspects, such as personal data, shared data, ciphertext censored data and regenerative code storage data, and puts forward the different key problems in different cases. The main work of this paper can be summarized as follows: (1) a blind audit method of personal data integrity based on bilinear map encryption is proposed. First, the framework of the personal data blind audit scheme is designed and the corresponding definition is given. The definition is composed of 5 algorithms. Using the properties of the bilinear pairing, the data evidence and the label evidence are encrypted and consolidated on the cloud server side. The present auditor performs a blind audit without knowing the content of the data. Secondly, the efficient index mechanism is designed to support the data updating, so that the data update operation does not lead to a large amount of additional computing and communication overhead and realizes the dynamic audit. Finally, the different methods of aggregation of evidence are designed to support multiple audit requests. The batch audit of multi cloud server multiple files makes the communication overhead of batch audit unrelated to the number of audit requests. The theoretical analysis and experimental results show that the method is proved to be safe. Compared with the existing schemes, the proposed scheme effectively improves the audit efficiency. (2) a kind of shared data integrity based on proxy re signature is proposed. The framework of the blind audit scheme of the shared data is designed and the corresponding definition is designed. The definition is composed of 6 algorithms. Combining the characteristics of the shared data, the identity privacy protection and the user revocation problem in the audit process are focused on. The proxy resignature method is used to calculate the label evidence when the labels of other users are transferred. This method also makes the audit cost unrelated to the user data. This method also implements the user direct revocation without recalculating the label of the revoked user's signature. Detailed security analysis shows that the scheme of this chapter is proved to be safe. Compared with the existing scheme, The efficiency of audit and user revocation is improved. (3) a blind data integrity audit method based on agent re encryption is proposed. The framework of the blind audit scheme of ciphertext re censoring data is designed and the corresponding definition is given. The definition is composed of 7 algorithms. In the same framework, the repeated data deletion of the client ciphertext is realized. And cloud data integrity audit. Using the agent re encryption method, there is no restriction on the encryption key of the owner. A new label generation method is designed to realize the tag deletion, which makes the storage cost unrelated to the number of the owners. At the same time, the auditor can verify the integrity of the deleted data on behalf of the owner of the data. The detailed security analysis shows that the scheme of this chapter is proved to be safe. Compared with the existing schemes, it improves the efficiency in audit and censoring. (4) a blind audit method of data integrity for regenerated codes based on incremental matrix is proposed. The framework of the regenerated code storage number based blind Audit Scheme is designed and the corresponding definition is given. The definition is composed of 10 algorithms. The auditor can not only verify the integrity of the data stored on different servers, but also quickly locate the wrong server. The integrity check is carried out to prevent the cloud server from launching pollution attacks. In order to support the dynamic audit, the incremental matrix and index machine are proposed. The data update method makes the data update without the need to re download and code the cloud data. Detailed security analysis shows that the scheme is proved to be safe. The experimental results verify the efficiency of the scheme.
【学位授予单位】:武汉大学
【学位级别】:博士
【学位授予年份】:2016
【分类号】:TP333
【相似文献】
相关期刊论文 前10条
1 李师谦;基于杂凑函数的数据完整性研究[J];山东理工大学学报(自然科学版);2003年03期
2 高春玲,张新颜;数据完整性机制的认识与应用[J];洛阳大学学报;2003年04期
3 武立福,毛宇光;多级安全数据库保密性和数据完整性研究[J];计算机工程与应用;2004年08期
4 温一军;数据完整性应用的深入研究[J];沙洲职业工学院学报;2004年01期
5 郭艳光,于庆峰,胡敏,高明堂;浅析数据完整性问题及应用[J];内蒙古石油化工;2004年06期
6 刘慧娟,张奕黄;嵌入式系统中闪存数据完整性处理方法[J];仪器仪表学报;2004年S1期
7 张华伟;杨凯;;Microsoft SQL Server 2000中的数据完整性机制探讨[J];河南科技;2007年03期
8 龙映宏;;浅析数据完整性及其实现[J];电脑编程技巧与维护;2009年24期
9 张俊楷;谷小娅;;空气质量监测系统数据完整性研究[J];电脑知识与技术;2013年19期
10 闪四清;数据完整性[J];个人电脑;1999年08期
相关会议论文 前5条
1 刘慧娟;张奕黄;;嵌入式系统中闪存数据完整性处理方法[A];第二届全国信息获取与处理学术会议论文集[C];2004年
2 曹丹阳;;数据完整性的检测研究[A];中国计量协会冶金分会2008年会论文集[C];2008年
3 曹丹阳;;数据完整性的检测研究[A];2008全国第十三届自动化应用技术学术交流会论文集[C];2008年
4 彭凉;赖继宏;梁余发;;MES中数据完整性的解决方案[A];冶金企业MES和ERP技术实践论文集[C];2005年
5 吴爱珍;;CICS与数据完整性[A];中国航海学会内河船舶驾驶专业委员会学术年会论文集[C];2004年
相关重要报纸文章 前3条
1 记者 刘学习;NonStop拒绝宕机恶梦[N];计算机世界;2003年
2 本报记者 周蕾;期待NonStop的新成长[N];网络世界;2003年
3 赛迪评测硬件与网络事业部网络通信实验室;十项考验炼“真金”[N];通信产业报;2004年
相关博士学位论文 前4条
1 张新鹏;云数据完整性与可用性研究[D];电子科技大学;2016年
2 何凯;云存储中数据完整性的聚合盲审计方法研究[D];武汉大学;2016年
3 郝卓;远程数据完整性和认证技术研究[D];中国科学技术大学;2011年
4 周强;无线传感器网络安全数据融合技术研究[D];南京邮电大学;2014年
相关硕士学位论文 前10条
1 董庆运;基于存储证据的云端数据完整性验证机制研究[D];河北大学;2015年
2 陈科;基于动态变色龙认证树的流式数据完整性验证研究与应用[D];东北大学;2014年
3 孟奕光;桥梁长期监测数据完整性研究[D];石家庄铁道大学;2016年
4 王士雨;高效的云端数据完整性验证机制研究[D];电子科技大学;2016年
5 陈阳;云环境下基于身份的数据完整性证明的研究及应用[D];电子科技大学;2016年
6 吴远栋;云存储下数据完整性和安全性研究[D];长安大学;2016年
7 杨光洋;云计算外包存储中数据完整性审计的研究[D];青岛大学;2016年
8 郑平;在药品生产质量管理体系中的数据完整性[D];上海交通大学;2015年
9 孙志峰;云存储中能量有效的数据完整性校验算法研究[D];东华大学;2016年
10 于美丽;云存储数据完整性校验中数据抽样算法的研究[D];东华大学;2015年
,本文编号:2144086
本文链接:https://www.wllwen.com/shoufeilunwen/xxkjbs/2144086.html
