Data Integrity Verification Scheme For Lightweight Devices in Cloud Storage Scenarios
-
摘要:
资源受限的轻量级移动设备往往可以通过将大规模数据外包至云存储服务器中从而卸载自身的计算和存储压力. 然而该云存储模式存在自私云服务器丢弃数据以节省存储资源的可能性. 因此需要能够对云储存数据进行有效的完整性校验以确保数据正确完好地存储着. 然而现有的云存储完整性校验机制在缺乏可靠且能够满足数据隐私保护的前提下对数据进行即时、多次校验的机制. 提出了一种基于可信执行环境的完整性校验机制,通过在隔离区域中对数据产生可信证明,保证了云服务器在全过程中对数据以及产生证明的全过程的不可见,从而不得不诚实地保证存储数据的完整性. 为了进一步提高方案的安全性,引入了区块链智能合约以提供证明的可信存证和验证. 此外,还考虑到了端侧设备的资源不足问题,提出了基于布谷鸟过滤器的高效验证机制. 实验结果表明,该方法能够在保证隐私数据的完整性校验的基础上,实现较高的执行效率和实用性.
Abstract:Lightweight mobile devices with limited resources often alleviate their computational and storage burdens by outsourcing large-scale data to cloud storage servers. However, this cloud storage model is susceptible to the possibility of selfish cloud servers discarding data to conserve storage resources. Therefore, there is a need for effective integrity verification of cloud-stored data to ensure its correct and intact storage. Existing cloud storage integrity verification mechanisms lack a reliable approach to perform real-time, multiple verifications of data under the premise of data privacy protection. We propose an integrity verification mechanism based on a trusted execution environment. It generates trustworthy proofs in isolated areas to ensure that the cloud server remains unaware of the data and the entire proof generation process, thereby compelling honest assurance of data integrity throughout the process. To further enhance the security of the proposed solution, we introduce blockchain smart contracts to provide trustworthy storage and verification of proofs. Additionally, we address the issue of resource scarcity on the client side by proposing an efficient verification mechanism based on cuckoo filters. Experimental results demonstrate that this method can achieve high execution efficiency and practicality while ensuring the integrity verification of private data.
-
-
表 1 数据完整性校验方案性质对比
Table 1 Property Comparison of Data Integrity Check Schemes
表 2 参数设置
Table 2 Parameter Setting
缩略词 英文全称 中文描述 msk master secret key 主密钥,对称密钥,用于对传输数据进行加密 ssk session secret key 会话密钥,对称密钥,用于对msk进行加密 SGX software guard extensions 所使用的可信硬件 IAS Intel attestation service Intel提供的远程任务服务,用于验证SGX产出的结果是否正确 $ \pi $ Proof of correct execution of TEE TEE正确执行的证明 $ {\sigma }_{\rm tee} $ a signature over the enclave code and output enclave执行代码和输出的签名 $ {\sigma }_{\rm IAS} $ a signature over
$ {\sigma }_{\rm tee} $ and validity
of $ {\sigma }_{\rm tee} $对于$ {\sigma }_{\rm tee} $和其在IAS上验证结果的签名 DO data owner 数据所有者 CS cloud server 云服务器 BC blockchain 区块链 表 3 数据完整性校验方案计算复杂度对比
Table 3 Computation Complexity Comparison of Data Integrity Check Schemes
方案 端侧 云侧 存储阶段 验证阶段 存储阶段 验证阶段 本文方案 $ O\left(1\right) $ $ O\left(1\right) $ $ O\left(1\right) $ $ O\left(1\right) $ 文献[1]方案 $ O\left(\log m\right) $ $ O\left(\log m\right) $ $ O\left(1\right) $ $ O\left(1\right) $ 文献[2]方案 $ O\left(m\right) $ $ O\left(m\right) $ $ O\left(n\right) $ $ O\left(n\right) $ 文献[3]方案 $ O\left(m\right) $ $ O\left(m\right) $ $ O\left(1\right) $ $ O\left(1\right) $ 文献[4]方案 $ O\left(m\right) $ $ O\left(m\right) $ $ O\left(1\right) $ $ O\left(1\right) $ 表 4 不同链上操作的gas消耗和交易费
Table 4 gas Cost and Transaction Fees of Different On-Chain Operations
操作 gas消耗 交易费/ETH ContractCreation 715945 0.01145512 Deposit 26769 0.00042831 UploadHash 241511 0.00386417 表 5 不同链上操作Ethereum和Fabric上的时间开销
Table 5 Time Overhead of Different On-Chain Operations on Etheruem and Fabric
操作 Ethereum耗时/s Fabric耗时/s ContractCreation 10.7 2.2 Deposit 7.6 2.1 UploadHash 11.4 2.6 表 6 对MNIST数据集进行存储和数据完整性验证各个阶段的时间开销
Table 6 Time Overhead of Each Stage of Storage and Data Integrity Verification of MNIST Dataset
不同阶段的时间
开销/ns测试数据集 训练数据集 20 KB/条 40 KB/条 120 KB/条 240 KB/条 存储阶段TEE执行
平均时间1278036 1760142 3729707 5396273 验证阶段TEE执行
平均时间830041 1312147 3281712 4948268 存储阶段平均存储
时间1207 1109 1152 1064 验证阶段平均查询
时间920 1002 993 1029 表 7 不同方案在存储和数据完整性验证阶段的时间开销
Table 7 Time Overhead of Different Schemes in the Storage and Data Integrity Verification Phases
方案 存储阶段/ms 验证阶段/ms 文献[4] 15.065 0.320 本文方案 0.719 0.271 -
[1] Li Jiaxing, Wu Jigang, Jiang Guiyuan, et al. Blockchain-based public auditing for big data in cloud storage[J/OL]. Information Processing & Management, 2020[2024-07-16]. https://doi.org/10.1016/j.ipm.2020.102382
[2] Garg N, Nehra A, Baza M, et al. Secure and efficient data integrity verification scheme for cloud data storage[C]//Proc of the 20th IEEE Consumer Communications & Networking Conf. Piscataway, NJ: IEEE, 2023: 1−6
[3] Fan Yongkai, Lin Xiaodong, Tan Gang, et al. One secure data integrity verification scheme for cloud storage[J]. Future Generation Computer Systems, 2019, 96: 376−385 doi: 10.1016/j.future.2019.01.054
[4] Zhao Quanyu, Chen Siyi, Liu Zheli, et al. Blockchain-based privacy-preserving remote data integrity checking scheme for IoT information systems[J]. Information Processing & Management, 2020, 57(6): 102355
[5] Babitha M, Babu K. Secure cloud storage using aes encryption[C]//Proc of the Int Conf on Automatic Control and Dynamic Optimization Techniques. Piscataway, NJ: IEEE, 2016: 859−864
[6] Seth B, Dalal S, Le D, et al. Secure cloud data storage system using hybrid Paillier–Blowfish algorithm[J/OL]. Computers, Materials & Continua, 2021[2024-07-16]. https://doi.org/10.32604/cmc.2021.014466
[7] Sarkar M, Kumar S. Ensuring data storage security in cloud computing based on hybrid encryption schemes[C]//Proc of the 4th Int Conf on Parallel Distributed and Grid Computing. Piscataway, NJ: IEEE, 2016: 320−325
[8] Morales-Sandoval M, Cabello M, Marin-Castro H, et al. Attribute-based encryption approach for storage, sharing and retrieval of encrypted data in the cloud[J]. IEEE Access, 2020(8): 170101−170116
[9] Yu Yong, Au M, Ateniese G, et al. Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage[J]. IEEE Transactions on Information Forensics and Security, 2016, 12(4): 767−778
[10] Ping Yuan, Zhan Yu, Lu Ke, et al. Public data integrity verification scheme for secure cloud storage[J]. Information, 2020, 11(9): 409. https://doi.org/10.3390/info11090409
[11] Zhu Hongliang, Yuan Ying, Chen Yuling, et al. A secure and efficient data integrity verification scheme for cloud-IoT based on short signature[J]. IEEE Access, 2019(7): 90036−90044
[12] Garg N, Bawa S, Kumar N. An efficient data integrity auditing protocol for cloud computing[J]. Future Generation Computer Systems, 2020(109): 306−316
[13] Fan Yongkai, Lin Xiaodong, Liang Wei, et al. A secure privacy preserving deduplication scheme for cloud computing[J]. Future Generation Computer Systems, 2019(101): 127−135
[14] Kurnikov A, Paverd A, Mannan M, et al. Keys in the clouds: Auditable multi-device access to cryptographic credentials[C]//Proc of the 13th Int Conf on Availability, Reliability and Security. New York: ACM , 2018: 1−10
[15] 王惠峰,李战怀,张晓,等. 云存储中数据完整性自适应审计方法[J]. 计算机研究与发展,2017,54(1):172−183 doi: 10.7544/issn1000-1239.2017.20150900 Wang Huifeng, Li Zhanhuai, Zhang Xiao, et cl. A self-adaptive audit method of data integrity in the cloud storage[J]. Journal of Computer Research and Development, 2017, 54(1): 172−183 (in Chinese) doi: 10.7544/issn1000-1239.2017.20150900
[16] Fan Bin, Andersen D, Kaminsky M, et al. Cuckoo filter: Practically better than Bloom[C]//Proc of the 10th ACM Int on Conf on emerging Networking Experiments and Technologies. New York: ACM , 2014: 75−88