ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2015, Vol. 52 ›› Issue (7): 1672-1681.doi: 10.7544/issn1000-1239.2015.20140353

• 信息安全 • 上一篇    下一篇

一种基于公钥分割的多副本持有性证明方案

付伟1,吴晓平1,叶清1,肖侬2,卢锡城2   

  1. 1(海军工程大学信息安全系 武汉 430033); 2(国防科学技术大学计算机学院 长沙 410073) (lukeyoyo@tom.com)
  • 出版日期: 2015-07-01
  • 基金资助: 
    基金项目:国家自然科学基金项目(61100042);后勤科技重大项目(AWS14R013);中国博士后科学基金项目(2013M532170);信息保障技术重点实验室开放基金项目(KJ-14-102)

A Multiple Replica Possession Proving Scheme Based on Public Key Partition

Fu Wei1, Wu Xiaoping1, Ye Qing1, Xiao Nong2, Lu Xicheng2   

  1. 1(Department of Information Security, Naval University of Engineering, Wuhan 430033);2(School of Computer, National University of Defense Technology, Changsha 410073)
  • Online: 2015-07-01

摘要: 在数据外包的云存储环境中,如何验证存储服务方是否忠诚地按照客户需求保存足够数量的副本数据是一个挑战性问题.现有方案只能对各个副本逐一进行验证,存在验证效率低、计算开销大和对数据更新支持弱等缺点.提出一种带Collector的多副本云存储模型,在此基础上给出一种基于公钥分割的多副本持有性证明方案(multiple replica possession proving scheme based on public key partition, MRP-PKP).该方案将公钥分割为多个份额并分配给对应的副本存储节点;在验证时,能够一次性对所有副本的持有性进行高效验证.此外,该方案可有效防御同谋攻击,能够方便地支持数据块级更新操作.进一步理论分析和模拟实验表明:与传统方案相比,MRP-PKP方案具有安全性高、通信开销低、运算代价小等优势.

关键词: 云存储, 云安全, 多副本, 持有性证明, 公钥分割

Abstract: In outsourcing cloud storage environment, users cannot completely trust storage service providers. It is a challenge problem to validate whether storage service providers are faithfully maintaining enough replicas complying its promise with users. Most of existing solutions have several disadvantages, such as low efficiency, high computation overload and the absence of supporting for dynamic data updating. A multiple replica cloud storage model with Collector is presented, and a novel multiple replica possession proving scheme, namely MRP-PKP(multiple replica possession proving scheme based on public key partition), is proposed based on public key partition. In preparing phrase, a public key is divided into several private shares and distributed to corresponding storage servers. In validating phrase, only after all storage servers show their possession evidences can the challenge be admitted as success. The scheme is designed to defeat collude adversaries, and can support dynamic data updating operations at block level easily. It is the first scheme to validate all replica’s possessions with just one challenge. Both theoretical analysis and simulating experiment show that MRP-PKP scheme has higher secure guarantee, lower communication cost and computation overload than existing schemes.

Key words: cloud storage, cloud security, multiple replica, possession proving, public key partition

中图分类号: