ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2015, Vol. 52 ›› Issue (10): 2192-2199.doi: 10.7544/issn1000-1239.2015.20150509

所属专题: 2015网络安全与隐私保护研究进展

• 信息安全 • 上一篇    下一篇

云存储服务的动态数据完整性审计方案

秦志光1,王士雨1,赵洋1,熊虎1,吴松洋2   

  1. 1(电子科技大学信息与软件工程学院 成都 610054); 2(公安部第三研究所 上海 201204) (xionghu.uestc@gmail.com)
  • 出版日期: 2015-10-01
  • 基金资助: 
    基金项目:国家自然科学基金项目(61003230,61370026);四川省应用基础研究计划基金项目(2014JY0041);中央高校基本科研业务费专项资金项目(ZYGX2013J073)

An Auditing Protocol for Data Storage in Cloud Computing with Data Dynamics

Qin Zhiguang1, Wang Shiyu1, Zhao Yang1, Xiong Hu1, Wu Songyang2   

  1. 1(School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu 610054);2(The Third Research Institute of Ministry of Public Security, Shanghai 201204)
  • Online: 2015-10-01

摘要: 云存储服务的数据完整性检查受到了学术界和工业界的广泛关注.然而动态数据审计方案容易受到恶意云服务器的重放攻击,且存在不能很好地支持用户多粒度的动态操作等问题.为此基于Merkle Hash树(Merkle Hash tree, MHT)和双线性对技术,提出一个分层次索引结构的动态数据完整性审计方案.通过分层次索引结构的方法将数据块分割为长度更小的数据块,同时使MHT的每个叶结点对应多个数据块,从而有效降低了MHT的高度.提出的方案不但能满足云存储服务的数据完整性审计方案的安全要求,而且支持用户多粒度的动态操作.此外,在该方案中用户执行动态操作和审计者执行审计操作的通信开销将被大大降低.安全分析和性能分析,表明该方案是安全和高效的.

关键词: 审计, 云存储, 动态操作, 层次索引结构, 完整性检查

Abstract: Data integrity checking for cloud storage services has attracted widespread attention from academia and industry recently. However, some issues should be addressed in case the dynamic operations are considered, because the dynamic auditing schemes are vulnerable to replay attacks mounted by the malicious cloud servers, and also cannot support the multi-granular dynamic operations well. This paper proposes a hierarchical auditing protocol for data storage in cloud computing with data dynamics by incorporating the idea of Merkle Hash tree (MHT) and bilinear pairings technology. In this paper, the basic block has been divided into a number of smaller blocks by utilizing the hierarchical index structures, and every leaf of the Merkle Hash Tree is associated with multiple blocks, so our scheme can reduce the length of the Merkle Hash Tree effectively. The proposed scheme can not only meet the security demands of cloud storage services for data integrity, but also support the user to perform multi-granular dynamic operations. In addition, the communication costs of the dynamic operations derived from the user and the auditing operations derived from the auditor have been greatly reduced. Finally, security analysis and performance analysis show that our proposed scheme is secure and efficient.

Key words: auditing, cloud storage, dynamic operating, hierarchical index structure, integrity checking

中图分类号: