• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
高级检索

面向轻量级设备的云存储场景数据完整性校验方案

韩冰, 王昊, 方敏, 张永超, 周璐, 葛春鹏

韩冰, 王昊, 方敏, 张永超, 周璐, 葛春鹏. 面向轻量级设备的云存储场景数据完整性校验方案[J]. 计算机研究与发展, 2024, 61(10): 2467-2481. DOI: 10.7544/issn1000-1239.202440489
引用本文: 韩冰, 王昊, 方敏, 张永超, 周璐, 葛春鹏. 面向轻量级设备的云存储场景数据完整性校验方案[J]. 计算机研究与发展, 2024, 61(10): 2467-2481. DOI: 10.7544/issn1000-1239.202440489
Han Bing, Wang Hao, Fang Min, Zhang Yongchao, Zhou Lu, Ge Chunpeng. Data Integrity Verification Scheme For Lightweight Devices in Cloud Storage Scenarios[J]. Journal of Computer Research and Development, 2024, 61(10): 2467-2481. DOI: 10.7544/issn1000-1239.202440489
Citation: Han Bing, Wang Hao, Fang Min, Zhang Yongchao, Zhou Lu, Ge Chunpeng. Data Integrity Verification Scheme For Lightweight Devices in Cloud Storage Scenarios[J]. Journal of Computer Research and Development, 2024, 61(10): 2467-2481. DOI: 10.7544/issn1000-1239.202440489
韩冰, 王昊, 方敏, 张永超, 周璐, 葛春鹏. 面向轻量级设备的云存储场景数据完整性校验方案[J]. 计算机研究与发展, 2024, 61(10): 2467-2481. CSTR: 32373.14.issn1000-1239.202440489
引用本文: 韩冰, 王昊, 方敏, 张永超, 周璐, 葛春鹏. 面向轻量级设备的云存储场景数据完整性校验方案[J]. 计算机研究与发展, 2024, 61(10): 2467-2481. CSTR: 32373.14.issn1000-1239.202440489
Han Bing, Wang Hao, Fang Min, Zhang Yongchao, Zhou Lu, Ge Chunpeng. Data Integrity Verification Scheme For Lightweight Devices in Cloud Storage Scenarios[J]. Journal of Computer Research and Development, 2024, 61(10): 2467-2481. CSTR: 32373.14.issn1000-1239.202440489
Citation: Han Bing, Wang Hao, Fang Min, Zhang Yongchao, Zhou Lu, Ge Chunpeng. Data Integrity Verification Scheme For Lightweight Devices in Cloud Storage Scenarios[J]. Journal of Computer Research and Development, 2024, 61(10): 2467-2481. CSTR: 32373.14.issn1000-1239.202440489

面向轻量级设备的云存储场景数据完整性校验方案

基金项目: 国家重点研发计划项目(2021YFB2700503);国家自然科学基金项目(62071222,62032025,U21A20467,U20A20176,U22B2030);江苏省自然科学基金项目(BK20220075);深圳市科学技术计划项目(JCYJ20210324134810028)
详细信息
    作者简介:

    韩冰: 2000年生. 硕士. 主要研究方向为可信执行环境、数据安全

    王昊: 1996年生. 博士. 主要研究方向为区块链、隐私保护

    方敏: 1996年生. 博士. 主要研究方向为区块链数据管理、可信硬件、隐私保护计算

    张永超: 1994年生. 博士. 主要研究方向为网络流量测量、图流分析、网络安全

    周璐: 1990年生. 博士,教授. 主要研究方向为区块链、密码学和物联网安全解决方案

    葛春鹏: 1987年生. 博士,教授. 主要研究方向为云计算中的信息安全和隐私保护、区块链、人工智能系统安全和隐私

    通讯作者:

    周璐(lu.zhou@nuaa.edu.cn

  • 中图分类号: TP309

Data Integrity Verification Scheme For Lightweight Devices in Cloud Storage Scenarios

Funds: This work was supported by the National Key Research and Development Program of China (2021YFB2700503), the National Natural Science Foundation of China (62071222, 62032025, U21A20467, U20A20176, U22B2030), the Natural Science Foundation of Jiangsu Province (BK20220075), and the Shenzhen Science and Technology Program (JCYJ20210324134810028).
More Information
    Author Bio:

    Han Bing: born in 2000. Master. Her main research interests include trusted execution environment and data security

    Wang Hao: born in 1996. PhD. His main research interests include blockchain and privacy-preserving

    Fang Min: born in 1996. PhD. Her main research interests include blockchain data management, trusted hardware, and privacy-preserving computing

    Zhang Yongchao: born in 1994. PhD. His main research interests include network traffic measurement, graph stream analysis, and network security

    Zhou Lu: born in 1990. PhD, professor. Her main research interests include blockchain, cryptographic and security solutions for the Internet of things

    Ge Chunpeng: born in 1987. PhD, professor. His main research interests include information security and privacy-preserving for cloud computing, blockchain, and security and privacy of AI systems

  • 摘要:

    资源受限的轻量级移动设备往往可以通过将大规模数据外包至云存储服务器中从而卸载自身的计算和存储压力. 然而该云存储模式存在自私云服务器丢弃数据以节省存储资源的可能性. 因此需要能够对云储存数据进行有效的完整性校验以确保数据正确完好地存储着. 然而现有的云存储完整性校验机制在缺乏可靠且能够满足数据隐私保护的前提下对数据进行即时、多次校验的机制. 提出了一种基于可信执行环境的完整性校验机制,通过在隔离区域中对数据产生可信证明,保证了云服务器在全过程中对数据以及产生证明的全过程的不可见,从而不得不诚实地保证存储数据的完整性. 为了进一步提高方案的安全性,引入了区块链智能合约以提供证明的可信存证和验证. 此外,还考虑到了端侧设备的资源不足问题,提出了基于布谷鸟过滤器的高效验证机制. 实验结果表明,该方法能够在保证隐私数据的完整性校验的基础上,实现较高的执行效率和实用性.

    Abstract:

    Lightweight mobile devices with limited resources often alleviate their computational and storage burdens by outsourcing large-scale data to cloud storage servers. However, this cloud storage model is susceptible to the possibility of selfish cloud servers discarding data to conserve storage resources. Therefore, there is a need for effective integrity verification of cloud-stored data to ensure its correct and intact storage. Existing cloud storage integrity verification mechanisms lack a reliable approach to perform real-time, multiple verifications of data under the premise of data privacy protection. We propose an integrity verification mechanism based on a trusted execution environment. It generates trustworthy proofs in isolated areas to ensure that the cloud server remains unaware of the data and the entire proof generation process, thereby compelling honest assurance of data integrity throughout the process. To further enhance the security of the proposed solution, we introduce blockchain smart contracts to provide trustworthy storage and verification of proofs. Additionally, we address the issue of resource scarcity on the client side by proposing an efficient verification mechanism based on cuckoo filters. Experimental results demonstrate that this method can achieve high execution efficiency and practicality while ensuring the integrity verification of private data.

  • 图  1   数据存储过程示意图

    Figure  1.   Illustration of data storage process

    图  2   数据验证过程示意图

    Figure  2.   Illustration of data verification process

    图  3   智能合约封装

    Figure  3.   Smart contract wrapper

    图  4   远程认证的平均时间开销

    Figure  4.   Average time overhead of remote attestation

    图  5   云侧各个阶段的总时间开销

    Figure  5.   Total time overhead of each stage at the cloud side

    图  6   数据完整性校验算法运行于SGX与一般环境中的时间开销对比

    Figure  6.   Time overhead comparison of data integrity verification algorithms running on SGX and general environments

    图  7   存储阶段端侧2种不同数据结构的时间开销对比

    Figure  7.   Time overhead comparison of two different data structures at the client side in the storage phase

    图  8   验证阶段端侧2种不同数据结构的时间开销对比

    Figure  8.   Time overhead comparison of two different data structures at the client side in the verification phase

    图  9   2种不同数据结构的空间开销对比

    Figure  9.   Memory overhead comparison of two different data structures

    表  1   数据完整性校验方案性质对比

    Table  1   Property Comparison of Data Integrity Check Schemes

    策略 是否需要
    第三方
    隐私保
    护级别
    是否不
    可伪造
    是否可
    信存证
    性能是
    否增益
    是否需
    要硬件
    是否轻
    量级
    文献[1]方案
    文献[2]方案
    文献[3]方案
    文献[4]方案
    本文方案
    下载: 导出CSV

    表  2   参数设置

    Table  2   Parameter Setting

    缩略词 英文全称 中文描述
    msk master secret key 主密钥,对称密钥,用于对传输数据进行加密
    ssk session secret key 会话密钥,对称密钥,用于对msk进行加密
    SGX software guard extensions 所使用的可信硬件
    IAS Intel attestation service Intel提供的远程任务服务,用于验证SGX产出的结果是否正确
    $ \pi $ Proof of correct execution of TEE TEE正确执行的证明
    $ {\sigma }_{\rm tee} $ a signature over the enclave code and output enclave执行代码和输出的签名
    $ {\sigma }_{\rm IAS} $ a signature over
    $ {\sigma }_{\rm tee} $ and validity
    of $ {\sigma }_{\rm tee} $
    对于$ {\sigma }_{\rm tee} $和其在IAS上验证结果的签名
    DO data owner 数据所有者
    CS cloud server 云服务器
    BC blockchain 区块链
    下载: 导出CSV

    表  3   数据完整性校验方案计算复杂度对比

    Table  3   Computation Complexity Comparison of Data Integrity Check Schemes

    方案 端侧 云侧
    存储阶段 验证阶段 存储阶段 验证阶段
    本文方案 $ O\left(1\right) $ $ O\left(1\right) $ $ O\left(1\right) $ $ O\left(1\right) $
    文献[1]方案 $ O\left(\log m\right) $ $ O\left(\log m\right) $ $ O\left(1\right) $ $ O\left(1\right) $
    文献[2]方案 $ O\left(m\right) $ $ O\left(m\right) $ $ O\left(n\right) $ $ O\left(n\right) $
    文献[3]方案 $ O\left(m\right) $ $ O\left(m\right) $ $ O\left(1\right) $ $ O\left(1\right) $
    文献[4]方案 $ O\left(m\right) $ $ O\left(m\right) $ $ O\left(1\right) $ $ O\left(1\right) $
    下载: 导出CSV

    表  4   不同链上操作的gas消耗和交易费

    Table  4   gas Cost and Transaction Fees of Different On-Chain Operations

    操作gas消耗交易费/ETH
    ContractCreation7159450.01145512
    Deposit267690.00042831
    UploadHash2415110.00386417
    下载: 导出CSV

    表  5   不同链上操作Ethereum和Fabric上的时间开销

    Table  5   Time Overhead of Different On-Chain Operations on Etheruem and Fabric

    操作Ethereum耗时/sFabric耗时/s
    ContractCreation10.72.2
    Deposit7.62.1
    UploadHash11.42.6
    下载: 导出CSV

    表  6   对MNIST数据集进行存储和数据完整性验证各个阶段的时间开销

    Table  6   Time Overhead of Each Stage of Storage and Data Integrity Verification of MNIST Dataset

    不同阶段的时间
    开销/ns
    测试数据集 训练数据集
    20 KB/条 40 KB/条 120 KB/条 240 KB/条
    存储阶段TEE执行
    平均时间
    1278036 1760142 3729707 5396273
    验证阶段TEE执行
    平均时间
    830041 1312147 3281712 4948268
    存储阶段平均存储
    时间
    1207 1109 1152 1064
    验证阶段平均查询
    时间
    920 1002 993 1029
    下载: 导出CSV

    表  7   不同方案在存储和数据完整性验证阶段的时间开销

    Table  7   Time Overhead of Different Schemes in the Storage and Data Integrity Verification Phases

    方案 存储阶段/ms 验证阶段/ms
    文献[4] 15.065 0.320
    本文方案 0.719 0.271
    下载: 导出CSV
  • [1]

    Li Jiaxing, Wu Jigang, Jiang Guiyuan, et al. Blockchain-based public auditing for big data in cloud storage[J/OL]. Information Processing & Management, 2020[2024-07-16]. https://doi.org/10.1016/j.ipm.2020.102382

    [2]

    Garg N, Nehra A, Baza M, et al. Secure and efficient data integrity verification scheme for cloud data storage[C]//Proc of the 20th IEEE Consumer Communications & Networking Conf. Piscataway, NJ: IEEE, 2023: 1−6

    [3]

    Fan Yongkai, Lin Xiaodong, Tan Gang, et al. One secure data integrity verification scheme for cloud storage[J]. Future Generation Computer Systems, 2019, 96: 376−385 doi: 10.1016/j.future.2019.01.054

    [4]

    Zhao Quanyu, Chen Siyi, Liu Zheli, et al. Blockchain-based privacy-preserving remote data integrity checking scheme for IoT information systems[J]. Information Processing & Management, 2020, 57(6): 102355

    [5]

    Babitha M, Babu K. Secure cloud storage using aes encryption[C]//Proc of the Int Conf on Automatic Control and Dynamic Optimization Techniques. Piscataway, NJ: IEEE, 2016: 859−864

    [6]

    Seth B, Dalal S, Le D, et al. Secure cloud data storage system using hybrid Paillier–Blowfish algorithm[J/OL]. Computers, Materials & Continua, 2021[2024-07-16]. https://doi.org/10.32604/cmc.2021.014466

    [7]

    Sarkar M, Kumar S. Ensuring data storage security in cloud computing based on hybrid encryption schemes[C]//Proc of the 4th Int Conf on Parallel Distributed and Grid Computing. Piscataway, NJ: IEEE, 2016: 320−325

    [8]

    Morales-Sandoval M, Cabello M, Marin-Castro H, et al. Attribute-based encryption approach for storage, sharing and retrieval of encrypted data in the cloud[J]. IEEE Access, 2020(8): 170101−170116

    [9]

    Yu Yong, Au M, Ateniese G, et al. Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2016, 12(4): 767−778

    [10]

    Ping Yuan, Zhan Yu, Lu Ke, et al. Public data integrity verification scheme for secure cloud storage[J]. Information, 2020, 11(9): 409. https://doi.org/10.3390/info11090409

    [11]

    Zhu Hongliang, Yuan Ying, Chen Yuling, et al. A secure and efficient data integrity verification scheme for cloud-IoT based on short signature[J]. IEEE Access, 2019(7): 90036−90044

    [12]

    Garg N, Bawa S, Kumar N. An efficient data integrity auditing protocol for cloud computing[J]. Future Generation Computer Systems, 2020(109): 306−316

    [13]

    Fan Yongkai, Lin Xiaodong, Liang Wei, et al. A secure privacy preserving deduplication scheme for cloud computing[J]. Future Generation Computer Systems, 2019(101): 127−135

    [14]

    Kurnikov A, Paverd A, Mannan M, et al. Keys in the clouds: Auditable multi-device access to cryptographic credentials[C]//Proc of the 13th Int Conf on Availability, Reliability and Security. New York: ACM , 2018: 1−10

    [15] 王惠峰,李战怀,张晓,等. 云存储中数据完整性自适应审计方法[J]. 计算机研究与发展,2017,54(1):172−183 doi: 10.7544/issn1000-1239.2017.20150900

    Wang Huifeng, Li Zhanhuai, Zhang Xiao, et cl. A self-adaptive audit method of data integrity in the cloud storage[J]. Journal of Computer Research and Development, 2017, 54(1): 172−183 (in Chinese) doi: 10.7544/issn1000-1239.2017.20150900

    [16]

    Fan Bin, Andersen D, Kaminsky M, et al. Cuckoo filter: Practically better than Bloom[C]//Proc of the 10th ACM Int on Conf on emerging Networking Experiments and Technologies. New York: ACM , 2014: 75−88

图(9)  /  表(7)
计量
  • 文章访问数:  0
  • HTML全文浏览量:  0
  • PDF下载量:  0
  • 被引次数: 0
出版历程
  • 收稿日期:  2024-05-30
  • 修回日期:  2024-07-17
  • 网络出版日期:  2024-09-13
  • 刊出日期:  2024-09-30

目录

    /

    返回文章
    返回