###
工程科学与技术:2022,54(3):72-79
←前一篇   |   后一篇→
本文二维码信息
码上扫一扫!
高效的无证书云数据审计方案
(1.武警工程大学 密码工程学院,陕西 西安 710086;2.网络与信息安全武警部队重点实验室,陕西 西安 710086;3.西安电子科技大学 综合业务网国家重点实验室,陕西 西安 710071)
Efficient Certificateless Cloud Data Auditing Scheme
(1.College of Cryptographic Eng., Eng. Univ. of People’s Armed Police, Xi’an 710086, China;2.Key Lab. of the Armed Police Force for Network and Info. Security, Xi’an 710071, China;3.State Key Lab. of Integrated Service Networks, Xidian Univ., Xi’an 710071, China)
摘要
图/表
参考文献
相似文献
附件
本文已被:浏览 1703次   下载 736
投稿时间:2021-09-21    修订日期:2022-04-07
中文摘要: 针对现有无证书云审计方案中,使用了幂指数、双线性映射、点哈希映射等大开销运算,导致审计效率不高的问题,本文提出一种高效的无证书云数据完整性验证方案。方案在密钥生成阶段,使用无证书签名技术,由密钥生成中心(key generating center, KGC)与用户合作生成用户的公私钥,能够避免审计系统的安全对于KGC安全的强依赖性,既解决了公钥基础设施(public key infrastructure,PKI)体制下的云审计方案中公钥证书管理复杂的缺点,又能够解决基于身份的云审计方案所固有的密钥托管问题。在数据预处理阶段,用户将数据加密、分块,保护了数据内容隐私,且降低了方案的计算与通信开销。在数据动态更新阶段,方案使用虚拟索引数据结构实现云端数据块的动态更新(插入、删除、修改),能够避免标签重复计算导致的额外计算开销。在数据审计阶段,由第三方审计者(third party auditor,TPA)代替用户对来自云端的完整性证据进行验证,能够减轻用户的计算负担。本文在安全性分析部分,证明了方案能够抵抗来自云端的替代攻击,可实现隐私保护,且能够抵抗两类敌手的伪造攻击。在方案性能分析部分,先对本方案和现有方案进行数值分析与对比,再利用JPBC库进行实验,结果表明本方案的计算开销明显降低。
Abstract:In order to solve the problem of low audit efficiency due to the use of power exponent, bilinear mapping, point hash mapping and other expensive operations in the existing certificateless cloud auditing scheme, an efficient certificateless cloud auditing scheme was designed in this paper. In the key generation stage, combined with the certificateless signature technology, the user’s public and private keys were generated by the key generating center (KGC) in cooperation with the user, so that the strong dependence of auditing system security on KGC security was avoided. Consequently, the shortcomings of complex public key certificate management under the public key infrastructure (PKI) system and the inherent key escrow issues under the identity-based cloud audit scheme were solved. In the data preprocessing stage, the data was encrypted and divided into blocks. Therefore, the data content privacy was protected and the calculation and communication overhead of the scheme was reduced. In the data dynamic update stage, the virtual index data structure was used to realize the insertion, deletion and modification of data blocks. As a result, the extra computational overhead caused by label recalculation was avoided. In the data auditing stage, the task of users to verify the integrity evidence was replaced by a third party auditor (TPA), which reduces the user’s computational burden. In the section of security analysis, it was proved that the substitution attack from the cloud was resisted, the privacy protection was achieved, and the forgery attacks by two types of adversaries were resisted. In the performance analysis part, numerical analysis and comparison of the proposed scheme with the existing schemes were carried out on the JPBC library. The experiments show that the proposed scheme significantly reduces the computational cost.
文章编号:202100953     中图分类号:TP309.7    文献标志码:
基金项目:国家重点研发计划项目(2017YFB0802000);国家自然科学基金项目(62172436);武警工程大学基础前沿研究基金项目(WJY202014)
作者简介:第一作者:杨海滨(1982—),男,副教授,博士. 研究方向:信息安全. E-mail:54537959@qq.com
引用文本:
杨海滨,李瑞峰,李秀广,袁文勇,易铮阁,杨晓元.高效的无证书云数据审计方案[J].工程科学与技术,2022,54(3):72-79.
YANG Haibin,LI Ruifeng,LI Xiuguang,YUAN Wenyong,YI Zhengge,YANG Xiaoyuan.Efficient Certificateless Cloud Data Auditing Scheme[J].Advanced Engineering Sciences,2022,54(3):72-79.