西安电子科技大学学报 ›› 2022, Vol. 49 ›› Issue (1): 47-54.doi: 10.19665/j.issn1001-2400.2022.01.005

• 隐私计算与数据安全专题 • 上一篇    下一篇

无双线性对的高效云存储数据审计方案

杨海滨1,2(),李瑞峰1(),易铮阁1(),钮可1,2(),杨晓元2()   

  1. 1.武警工程大学 密码工程学院,陕西 西安 710086
    2.网络与信息安全武警部队重点实验室,陕西 西安 710086
  • 收稿日期:2021-09-16 出版日期:2022-02-20 发布日期:2022-04-27
  • 通讯作者: 李瑞峰,杨晓元
  • 作者简介:杨海滨(1982—),男,副教授,博士,E-mail: 54537959@qq.com;|易铮阁(1999—),男,武警工程大学硕士研究生,E-mail: 1713621192@qq.com;|钮 可(1981—),男,副教授,博士,E-mail: niuke@163.com
  • 基金资助:
    国家重点研发计划项目(2017YFB0802000);国家自然科学基金(62172436);武警工程大学基础前沿研究基金(WJY202014)

Efficient cloud storage data auditing scheme without bilinear pairing

YANG Haibin1,2(),LI Ruifeng1(),YI Zhengge1(),NIU Ke1,2(),YANG Xiaoyuan2()   

  1. 1. College of Cryptographic Engineering,Engineering University of PAP,Xi'an 710086,China
    2. Key Laboratory of Network and Information Security of the PAP,Xi'an 710086,China
  • Received:2021-09-16 Online:2022-02-20 Published:2022-04-27
  • Contact: Ruifeng LI,Xiaoyuan YANG

摘要:

在现有的云存储数据完整性审计方案中,只有少量标签参与完整性验证工作,大部分数据标签处于闲置状态,造成了计算与存储资源的浪费。针对此问题,构造了一种无双线性对的高效云存储数据审计方案。该方案使用Schnorr签名算法,只针对被审计数据块生成标签,不仅降低了用户的计算开销,而且能对数据高效地进行增加、删除、修改等动态更新。在挑战阶段,使用区块链技术,利用时间戳生成挑战参数,以确保挑战参数的随机性,云服务商和第三方审计者无须进行交互,降低了通信开销。在整个审计阶段,方案避免了双线性映射、幂指数、点映射哈希函数等大开销运算。通过安全性分析证明,该方案是安全且有效的,不仅能够抵抗来自云服务提供商的伪造攻击、重放攻击,而且能够实现对数据与私钥的隐私进行保护。在效率分析部分,通过数值分析与实验分析证明,与现有云存储数据完整性审计方案相比,该方案的审计效率与动态更新效率较高,而且随着数据块、挑战块数量的增加,优势更加明显。

关键词: 云存储, 云安全, 无双线性对, 动态数据, 持有性证明

Abstract:

In the existing cloud storage data integrity auditing schemes,only a few tags participate in integrity verification,with most of the data tags idle,which causes the waste of computing and storage resources.To solve this problem,this paper constructs an efficient cloud storage data auditing scheme without bilinear pairs.The scheme uses the Schnorr Signature Algorithm to generate labels only for the audited data blocks,which reduces the user's computing overhead.It can efficiently complete dynamic updates to the data.In the challenge phase,blockchain technology is used to generate challenge parameters by using the timestamp to ensure the randomness of challenge parameters.The cloud service provider and third-party auditor do not need to interact,which reduces the communication overhead.In the whole auditing phase,the scheme avoids large overhead operations such as bilinear mapping,power exponent,point mapping hash function and so on.The security analysis shows that the scheme is safe and effective,and that it can resist forgery attacks and replay attacks from cloud service providers and protect the privacy of data and private key.In the efficiency analysis part,numerical analysis and experimental analysis show that the scheme has a higher auditing efficiency and dynamic update efficiency compared with the existing cloud auditing schemes.Moreover,with the increase of the number of data blocks and challenge blocks,its advantages are more obvious.

Key words: cloud storage, cloud security, pairing free, dynamic data, possession proving

中图分类号: 

  • TP309.7