AI applications have become ubiquitous,bringing significant convenience to various industries.In e-commerce,AI can enhance product recommendations for individuals and provide businesses with more accurate predictions ...AI applications have become ubiquitous,bringing significant convenience to various industries.In e-commerce,AI can enhance product recommendations for individuals and provide businesses with more accurate predictions for market strategy development.However,if the data used for AI applications is damaged or lost,it will inevitably affect the effectiveness of these AI applications.Therefore,it is essential to verify the integrity of e-commerce data.Although existing Provable Data Possession(PDP)protocols can verify the integrity of cloud data,they are not suitable for e-commerce scenarios due to the limited computational capabilities of edge servers,which cannot handle the high computational overhead of generating homomorphic verification tags in PDP.To address this issue,we propose PDP with Outsourced Tag Generation for AI-driven e-commerce,which outsources the computation of homomorphic verification tags to cloud servers while introducing a lightweight verification method to ensure that the tags match the uploaded data.Additionally,the proposed scheme supports dynamic operations such as adding,deleting,and modifying data,enhancing its practicality.Finally,experiments show that the additional computational overhead introduced by outsourcing homomorphic verification tags is acceptable compared to the original PDP.展开更多
To check the remote data integrity in cloud computing,we have proposed an efficient and full data dynamic provable data possession(PDP) scheme that uses a SN(serial number)-BN(block number) table to support data...To check the remote data integrity in cloud computing,we have proposed an efficient and full data dynamic provable data possession(PDP) scheme that uses a SN(serial number)-BN(block number) table to support data block update.In this article,we first analyze and test its performance in detail.The result shows that our scheme is efficient with low computation,storage,and communication costs.Then,we discuss how to extend the dynamic scheme to support other features,including public auditability,privacy preservation,fairness,and multiple-replica checking.After being extended,a comprehensive PDP scheme that has high efficiency and satisfies all main requirements is provided.展开更多
Provable Data Possession(PDP)schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading.However,with the emerging of network consisting of low pe...Provable Data Possession(PDP)schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading.However,with the emerging of network consisting of low performance devices such as Internet of Things,we find that there are still two obstacles for applying PDP schemes.The first one is the heavy computation overhead in generating tags for data blocks,which is essential for setting up any PDP scheme.The other one is how to resist collusion attacks from third party auditors with any possible entities participating the auditing.In this paper,we propose a novel blockchain-based light-weighted PDP scheme for low performance devices,with an instance deployed on a cloud server.We design a secure outsourced tag generating method for low performance devices,which enables a kind of“hash-sign-switch”two-phase tag computing.With this method,users with low performance devices can employ third party auditors to compute modular exponential operations that accounts for the largest portion of computation overhead in tag generation,without leaking their data content.Chaincodes in blockchain network ensure the correctness of such outsourcing and prevent collusion attacks.The security analysis and performance evaluation prove that our scheme is both secure and efficient.展开更多
Nowadays, an increasing number of persons choose to outsource their computing demands and storage demands to the Cloud. In order to ensure the integrity of the data in the untrusted Cloud, especially the dynamic files...Nowadays, an increasing number of persons choose to outsource their computing demands and storage demands to the Cloud. In order to ensure the integrity of the data in the untrusted Cloud, especially the dynamic files which can be updated online, we propose an improved dynamic provable data possession model. We use some homomorphic tags to verify the integrity of the file and use some hash values generated by some secret values and tags to prevent replay attack and forgery attack. Compared with previous works, our proposal reduces the computational and communication complexity from O(logn) to O(1). We did some experiments to ensure this improvement and extended the model to file sharing situation.展开更多
Increment of mobile cloud video motivates mobile users to utilize cloud storage service to address their demands,cloud storage provider always furnish a location-independent platform for managing user's data.Howev...Increment of mobile cloud video motivates mobile users to utilize cloud storage service to address their demands,cloud storage provider always furnish a location-independent platform for managing user's data.However,mobile users wonder if their cloud video data leakage or dynamic migration to illegal service providers.In this paper,we design a novel provable data possession protocol based on data geographic location attribute,which allows data owner to auditing the integrity of their video data,which put forward an ideal choice for remote data possession checking in the mobile cloud storage.In our proposed scheme,we check out whether the video data dynamic migrate to an unspecified location(such as:overseas)by adding data geographic location attribute tag into provable data possession protocol.Moreover,we make sure the security of our proposed scheme under the Computational Diffic-Hellman assumption.The analysis and experiment results demonstrate that our proposed scheme is provably secure and efficient.展开更多
Progress in cloud computing makes group data sharing in outsourced storage a reality.People join in group and share data with each other,making team work more convenient.This new application scenario also faces data s...Progress in cloud computing makes group data sharing in outsourced storage a reality.People join in group and share data with each other,making team work more convenient.This new application scenario also faces data security threats,even more complex.When a user quit its group,remaining data block signatures must be re-signed to ensure security.Some researchers noticed this problem and proposed a few works to relieve computing overhead on user side.However,considering the privacy and security need of group auditing,there still lacks a comprehensive solution to implement secure group user revocation,supporting identity privacy preserving and collusion attack resistance.Aiming at this target,we construct a concrete scheme based on ring signature and smart contracts.We introduce linkable ring signature to build a kind of novel meta data for integrity proof enabling anonymous verification.And the new meta data supports secure revocation.Meanwhile,smart contracts are using for resisting possible collusion attack and malicious re-signing computation.Under the combined effectiveness of both signature method and blockchain smart contracts,our proposal supports reliable user revocation and signature re-signing,without revealing any user identity in the whole process.Security and performance analysis compared with previous works prove that the proposed scheme is feasible and efficient.展开更多
Currently,there is a growing trend among users to store their data in the cloud.However,the cloud is vulnerable to persistent data corruption risks arising from equipment failures and hacker attacks.Additionally,when ...Currently,there is a growing trend among users to store their data in the cloud.However,the cloud is vulnerable to persistent data corruption risks arising from equipment failures and hacker attacks.Additionally,when users perform file operations,the semantic integrity of the data can be compromised.Ensuring both data integrity and semantic correctness has become a critical issue that requires attention.We introduce a pioneering solution called Sec-Auditor,the first of its kind with the ability to verify data integrity and semantic correctness simultaneously,while maintaining a constant communication cost independent of the audited data volume.Sec-Auditor also supports public auditing,enabling anyone with access to public information to conduct data audits.This feature makes Sec-Auditor highly adaptable to open data environments,such as the cloud.In Sec-Auditor,users are assigned specific rules that are utilized to verify the accuracy of data semantic.Furthermore,users are given the flexibility to update their own rules as needed.We conduct in-depth analyses of the correctness and security of Sec-Auditor.We also compare several important security attributes with existing schemes,demonstrating the superior properties of Sec-Auditor.Evaluation results demonstrate that even for time-consuming file upload operations,our solution is more efficient than the comparison one.展开更多
We introduce a model for provable data possession (PDP) which allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. In a previous work...We introduce a model for provable data possession (PDP) which allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. In a previous work, Ateniese et al. proposed a remote data integrity checking protocol that supports data partial dynamics. In this paper, we present a new remote data possession checking protocol which allows an unlimited number of file integrity verifications and efficiently supports dynamic operations, such as data modification, deletion, insertion and append. The proposed protocol supports public verifiability. In addition, the proposed protocol does not leak any private information to third-party verifiers. Through a specific analysis, we show the correctness and security of the protocol. After that, we demonstrate the proposed protocol has a good performance.展开更多
Cloud storage has been widely used to team work or cooperation devel-opment.Data owners set up groups,generating and uploading their data to cloud storage,while other users in the groups download and make use of it,wh...Cloud storage has been widely used to team work or cooperation devel-opment.Data owners set up groups,generating and uploading their data to cloud storage,while other users in the groups download and make use of it,which is called group data sharing.As all kinds of cloud service,data group sharing also suffers from hardware/software failures and human errors.Provable Data Posses-sion(PDP)schemes are proposed to check the integrity of data stored in cloud without downloading.However,there are still some unmet needs lying in auditing group shared data.Researchers propose four issues necessary for a secure group shared data auditing:public verification,identity privacy,collusion attack resis-tance and traceability.However,none of the published work has succeeded in achieving all of these properties so far.In this paper,we propose a novel block-chain-based ring signature PDP scheme for group shared data,with an instance deployed on a cloud server.We design a linkable ring signature method called Linkable Homomorphic Authenticable Ring Signature(LHARS)to implement public anonymous auditing for group data.We also build smart contracts to resist collusion attack in group auditing.The security analysis and performance evalua-tion prove that our scheme is both secure and efficient.展开更多
The remote data integrity auditing technology can guarantee the integrity of outsourced data in clouds. Users can periodically run an integrity auditing protocol by interacting with cloud server, to verify the latest ...The remote data integrity auditing technology can guarantee the integrity of outsourced data in clouds. Users can periodically run an integrity auditing protocol by interacting with cloud server, to verify the latest status of outsourced data. Integrity auditing requires user to take massive time-consuming computations, which would not be affordable by weak devices. In this paper, we propose a privacy-preserving TPA-aided remote data integrity auditing scheme based on Li et al.’s data integrity auditing scheme without bilinear pairings, where a third party auditor (TPA) is employed to perform integrity auditing on outsourced data for users. The privacy of outsourced data can be guaranteed against TPA in the sense that TPA could not infer its contents from the returned proofs in the integrity auditing phase. Our construction is as efficient as Li et al.’s scheme, that is, each procedure takes the same time-consuming operations in both schemes, and our solution does not increase the sizes of processed data, challenge and proof.展开更多
如今为了验证云端数据的完整性,研究者提出了多个数据完整性审计协议.然而,这些协议通常要求用户将数据块、标签以及一些辅助验证数据外包给云,并使用复杂度较高的加密算法进行验证.这些缺点导致了云服务需要消耗额外的存储开销和计算开...如今为了验证云端数据的完整性,研究者提出了多个数据完整性审计协议.然而,这些协议通常要求用户将数据块、标签以及一些辅助验证数据外包给云,并使用复杂度较高的加密算法进行验证.这些缺点导致了云服务需要消耗额外的存储开销和计算开销.针对上述问题,本文提出一种基于代数恒等式的数据持有性证明协议.首先,该协议使用简单的代数运算降低了验证算法运行的时间开销.其次,云服务提供商仅需存储标签而无需存储原始数据便可响应验证请求.此外,本文方案还可以与其它文件加密算法相结合进一步增强对数据的隐私保护.然后,本文提出了C-DLIT框架以支持数据动态操作并可实现全局审计.最后通过理论分析与实验对比,本文证明了该方案既可以保证数据的隐私性,又能够有效抵御恶意攻击.实现结果表明:在验证执行时间方面,相较于数据持有性证明协议(Provable Data Possession,PDP)的10-2秒级耗时与数据可恢复性证明协议(Proofs of Retrievability,PoR)的秒级耗时,本文方案可以把时间减少到2毫秒以内.展开更多
可证数据持有方案(Provable Data Possession, PDP)可以让用户在不下载全部数据的情况下验证其外包数据是否完好无损。为了提高外包数据的可用性和安全性,许多用户将数据的多个副本存储在单云服务器上,但是单云服务器在发生故障或者其...可证数据持有方案(Provable Data Possession, PDP)可以让用户在不下载全部数据的情况下验证其外包数据是否完好无损。为了提高外包数据的可用性和安全性,许多用户将数据的多个副本存储在单云服务器上,但是单云服务器在发生故障或者其他意外情况时,用户存储的数据副本也会遭到破坏因而无法恢复原始数据。同时,许多可证数据持有方案依赖于公钥基础设施(Public Key Infrastructure, PKI)技术,存在密钥管理问题。此外,现有的可证数据持有方案大多是在用户端使用密钥对数据进行处理。由于用户端的安全意识较弱或者安全设置较低,密钥可能会有泄露的风险。恶意云一旦获得了用户端的密钥,就可以通过伪造虚假的数据持有证明来隐藏数据丢失的事件。基于上述问题,提出了一种基于身份的密钥隔离的多云多副本可证数据持有方案(Identity-Based Key-Insulated Provable Multi-Copy Data Possession in Multi-Cloud Storage, IDKIMC-PDP)。基于身份的可证数据持有方案消除了公钥基础设施技术中复杂的证书管理。多云多副本确保了即使在某个云服务器上的副本被篡改或者被破坏的情况下,用户仍然可以从其他云服务器上获取副本并恢复数据。同时,方案中使用了密钥隔离技术实现了前向和后向安全。即使某一时间段内的密钥泄露,其他时间段内云存储审计的安全性也不会受到影响。给出了该方案的正式定义、系统模型和安全模型;在标准困难问题下,给出了该方案的安全性证明。安全性分析表明,IDKIMC-PDP方案具有强抗密钥泄露性、可检测性以及数据块标签和证明的不可伪造性。实验结果表明,与现有的多云多副本相关方案相比,IDKIMC-PDP方案具有相对较高的效率。展开更多
随着云存储模式的出现,越来越多的用户选择将应用和数据移植到云中,但他们在本地可能并没有保存任何数据副本,无法确保存储在云中的数据是完整的.如何确保云存储环境下用户数据的完整性,成为近来学术界研究的一个热点.数据完整性证明(Pr...随着云存储模式的出现,越来越多的用户选择将应用和数据移植到云中,但他们在本地可能并没有保存任何数据副本,无法确保存储在云中的数据是完整的.如何确保云存储环境下用户数据的完整性,成为近来学术界研究的一个热点.数据完整性证明(Provable Data Integrity,PDI)被认为是解决这一问题的重要手段,该文对此进行了综述.首先,给出了数据完整性证明机制的协议框架,分析了云存储环境下数据完整性证明所具备的特征;其次,对各种数据完整性证明机制加以分类,在此分类基础上,介绍了各种典型的数据完整性验证机制并进行了对比;最后,指出了云存储中数据完整性验证面临的挑战及发展趋势.展开更多
作为云存储安全的重要问题,数据完整性验证技术受到学术界和工业界的广泛关注.为了验证云端数据完整性,研究者提出了多个数据完整性公开审计模型.然而,现有的数据完整性审计模型采用固定参数审计所有文件,浪费了大量计算资源,导致系统...作为云存储安全的重要问题,数据完整性验证技术受到学术界和工业界的广泛关注.为了验证云端数据完整性,研究者提出了多个数据完整性公开审计模型.然而,现有的数据完整性审计模型采用固定参数审计所有文件,浪费了大量计算资源,导致系统审计效率不高.为了提高系统的审计效率,提出了一种自适应数据持有性证明方法(self-adaptive provable data possession,SA-PDP),该方法基于文件属性和用户需求动态调整文件的审计方案,使得文件的审计需求和审计方案的执行强度高度匹配.为了增强审计方案更新的灵活性,依据不同的审计需求发起者,设计了2种审计方案动态更新算法.主动更新算法保证了审计系统的覆盖率,而被动更新算法能够及时满足文件的审计需求.实验结果表明:相较于传统方法,SA-PDP的审计总执行时间至少减少了50%,有效增加了系统审计文件的数量.此外,SAPDP方法生成的审计方案的达标率比传统审计方法提高了30%.展开更多
基金funded by the Taiwan Comprehensive University System and the National Science and Technology Council of Taiwan under grant number NSTC 111-2410-H-019-006-MY3Additionally,this work was financially/partially supported by the Advanced Institute of Manufacturing with High-tech Innovations(AIM-HI)from the Featured Areas Research Center Program within the framework of the Higher Education Sprout Project by the Ministry of Education(MOE)in Taiwan+1 种基金the National Natural Science Foundation of China,No.62402444the Zhejiang Provincial Natural Science Foundation of China,No.LQ24F020012.
文摘AI applications have become ubiquitous,bringing significant convenience to various industries.In e-commerce,AI can enhance product recommendations for individuals and provide businesses with more accurate predictions for market strategy development.However,if the data used for AI applications is damaged or lost,it will inevitably affect the effectiveness of these AI applications.Therefore,it is essential to verify the integrity of e-commerce data.Although existing Provable Data Possession(PDP)protocols can verify the integrity of cloud data,they are not suitable for e-commerce scenarios due to the limited computational capabilities of edge servers,which cannot handle the high computational overhead of generating homomorphic verification tags in PDP.To address this issue,we propose PDP with Outsourced Tag Generation for AI-driven e-commerce,which outsources the computation of homomorphic verification tags to cloud servers while introducing a lightweight verification method to ensure that the tags match the uploaded data.Additionally,the proposed scheme supports dynamic operations such as adding,deleting,and modifying data,enhancing its practicality.Finally,experiments show that the additional computational overhead introduced by outsourcing homomorphic verification tags is acceptable compared to the original PDP.
基金Supported by the National Basic"863"Research Program of China(2012CB315901)
文摘To check the remote data integrity in cloud computing,we have proposed an efficient and full data dynamic provable data possession(PDP) scheme that uses a SN(serial number)-BN(block number) table to support data block update.In this article,we first analyze and test its performance in detail.The result shows that our scheme is efficient with low computation,storage,and communication costs.Then,we discuss how to extend the dynamic scheme to support other features,including public auditability,privacy preservation,fairness,and multiple-replica checking.After being extended,a comprehensive PDP scheme that has high efficiency and satisfies all main requirements is provided.
基金The work is supported by the National Key Research and Development Program of China(No.2018YFC1604002)the National Natural Science Foundation of China(Nos.U1836204,U1936208,U1936216 and 62002197).
文摘Provable Data Possession(PDP)schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading.However,with the emerging of network consisting of low performance devices such as Internet of Things,we find that there are still two obstacles for applying PDP schemes.The first one is the heavy computation overhead in generating tags for data blocks,which is essential for setting up any PDP scheme.The other one is how to resist collusion attacks from third party auditors with any possible entities participating the auditing.In this paper,we propose a novel blockchain-based light-weighted PDP scheme for low performance devices,with an instance deployed on a cloud server.We design a secure outsourced tag generating method for low performance devices,which enables a kind of“hash-sign-switch”two-phase tag computing.With this method,users with low performance devices can employ third party auditors to compute modular exponential operations that accounts for the largest portion of computation overhead in tag generation,without leaking their data content.Chaincodes in blockchain network ensure the correctness of such outsourcing and prevent collusion attacks.The security analysis and performance evaluation prove that our scheme is both secure and efficient.
基金supported by Major Program of Shanghai Science and Technology Commission under Grant No.10DZ1500200Collaborative Applied Research and Development Project between Morgan Stanley and Shanghai Jiao Tong University, China
文摘Nowadays, an increasing number of persons choose to outsource their computing demands and storage demands to the Cloud. In order to ensure the integrity of the data in the untrusted Cloud, especially the dynamic files which can be updated online, we propose an improved dynamic provable data possession model. We use some homomorphic tags to verify the integrity of the file and use some hash values generated by some secret values and tags to prevent replay attack and forgery attack. Compared with previous works, our proposal reduces the computational and communication complexity from O(logn) to O(1). We did some experiments to ensure this improvement and extended the model to file sharing situation.
基金supported in part by National High Tech Research and Development Program(863 Program)of China(No.2015 AA016005)
文摘Increment of mobile cloud video motivates mobile users to utilize cloud storage service to address their demands,cloud storage provider always furnish a location-independent platform for managing user's data.However,mobile users wonder if their cloud video data leakage or dynamic migration to illegal service providers.In this paper,we design a novel provable data possession protocol based on data geographic location attribute,which allows data owner to auditing the integrity of their video data,which put forward an ideal choice for remote data possession checking in the mobile cloud storage.In our proposed scheme,we check out whether the video data dynamic migrate to an unspecified location(such as:overseas)by adding data geographic location attribute tag into provable data possession protocol.Moreover,we make sure the security of our proposed scheme under the Computational Diffic-Hellman assumption.The analysis and experiment results demonstrate that our proposed scheme is provably secure and efficient.
基金The work is supported by the National Key Research and Development Program of China(No.2018YFC1604002)the National Natural Science Foundation of China(No.U1836204,No.U1936208,No.U1936216,No.62002197).
文摘Progress in cloud computing makes group data sharing in outsourced storage a reality.People join in group and share data with each other,making team work more convenient.This new application scenario also faces data security threats,even more complex.When a user quit its group,remaining data block signatures must be re-signed to ensure security.Some researchers noticed this problem and proposed a few works to relieve computing overhead on user side.However,considering the privacy and security need of group auditing,there still lacks a comprehensive solution to implement secure group user revocation,supporting identity privacy preserving and collusion attack resistance.Aiming at this target,we construct a concrete scheme based on ring signature and smart contracts.We introduce linkable ring signature to build a kind of novel meta data for integrity proof enabling anonymous verification.And the new meta data supports secure revocation.Meanwhile,smart contracts are using for resisting possible collusion attack and malicious re-signing computation.Under the combined effectiveness of both signature method and blockchain smart contracts,our proposal supports reliable user revocation and signature re-signing,without revealing any user identity in the whole process.Security and performance analysis compared with previous works prove that the proposed scheme is feasible and efficient.
基金This research was supported by the Qinghai Provincial High-End Innovative and Entrepreneurial Talents Project.
文摘Currently,there is a growing trend among users to store their data in the cloud.However,the cloud is vulnerable to persistent data corruption risks arising from equipment failures and hacker attacks.Additionally,when users perform file operations,the semantic integrity of the data can be compromised.Ensuring both data integrity and semantic correctness has become a critical issue that requires attention.We introduce a pioneering solution called Sec-Auditor,the first of its kind with the ability to verify data integrity and semantic correctness simultaneously,while maintaining a constant communication cost independent of the audited data volume.Sec-Auditor also supports public auditing,enabling anyone with access to public information to conduct data audits.This feature makes Sec-Auditor highly adaptable to open data environments,such as the cloud.In Sec-Auditor,users are assigned specific rules that are utilized to verify the accuracy of data semantic.Furthermore,users are given the flexibility to update their own rules as needed.We conduct in-depth analyses of the correctness and security of Sec-Auditor.We also compare several important security attributes with existing schemes,demonstrating the superior properties of Sec-Auditor.Evaluation results demonstrate that even for time-consuming file upload operations,our solution is more efficient than the comparison one.
文摘We introduce a model for provable data possession (PDP) which allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. In a previous work, Ateniese et al. proposed a remote data integrity checking protocol that supports data partial dynamics. In this paper, we present a new remote data possession checking protocol which allows an unlimited number of file integrity verifications and efficiently supports dynamic operations, such as data modification, deletion, insertion and append. The proposed protocol supports public verifiability. In addition, the proposed protocol does not leak any private information to third-party verifiers. Through a specific analysis, we show the correctness and security of the protocol. After that, we demonstrate the proposed protocol has a good performance.
基金supported by the National Key Research and Development Program of China(No.2018YFC1604002)the National Natural Science Foundation of China(No.U1836204,No.U1936208,No.U1936216,No.62002197).
文摘Cloud storage has been widely used to team work or cooperation devel-opment.Data owners set up groups,generating and uploading their data to cloud storage,while other users in the groups download and make use of it,which is called group data sharing.As all kinds of cloud service,data group sharing also suffers from hardware/software failures and human errors.Provable Data Posses-sion(PDP)schemes are proposed to check the integrity of data stored in cloud without downloading.However,there are still some unmet needs lying in auditing group shared data.Researchers propose four issues necessary for a secure group shared data auditing:public verification,identity privacy,collusion attack resis-tance and traceability.However,none of the published work has succeeded in achieving all of these properties so far.In this paper,we propose a novel block-chain-based ring signature PDP scheme for group shared data,with an instance deployed on a cloud server.We design a linkable ring signature method called Linkable Homomorphic Authenticable Ring Signature(LHARS)to implement public anonymous auditing for group data.We also build smart contracts to resist collusion attack in group auditing.The security analysis and performance evalua-tion prove that our scheme is both secure and efficient.
基金the National Natural Science Foundation of China under projects 61772150 and 61862012the Guangxi Key R&D Program under project AB17195025+3 种基金the Guangxi Natural Science Foundation under grants 2018GXNSFDA281054 and 2018GXNSFAA281232the National Cryptography Development Fund of China under project MMJJ20170217the Guangxi Young Teachers’ Basic Ability Improvement Program under Grant 2018KY0194and the open program of Guangxi Key Laboratory of Cryptography and Information Security under projects GCIS201621 and GCIS201702.
文摘The remote data integrity auditing technology can guarantee the integrity of outsourced data in clouds. Users can periodically run an integrity auditing protocol by interacting with cloud server, to verify the latest status of outsourced data. Integrity auditing requires user to take massive time-consuming computations, which would not be affordable by weak devices. In this paper, we propose a privacy-preserving TPA-aided remote data integrity auditing scheme based on Li et al.’s data integrity auditing scheme without bilinear pairings, where a third party auditor (TPA) is employed to perform integrity auditing on outsourced data for users. The privacy of outsourced data can be guaranteed against TPA in the sense that TPA could not infer its contents from the returned proofs in the integrity auditing phase. Our construction is as efficient as Li et al.’s scheme, that is, each procedure takes the same time-consuming operations in both schemes, and our solution does not increase the sizes of processed data, challenge and proof.
文摘如今为了验证云端数据的完整性,研究者提出了多个数据完整性审计协议.然而,这些协议通常要求用户将数据块、标签以及一些辅助验证数据外包给云,并使用复杂度较高的加密算法进行验证.这些缺点导致了云服务需要消耗额外的存储开销和计算开销.针对上述问题,本文提出一种基于代数恒等式的数据持有性证明协议.首先,该协议使用简单的代数运算降低了验证算法运行的时间开销.其次,云服务提供商仅需存储标签而无需存储原始数据便可响应验证请求.此外,本文方案还可以与其它文件加密算法相结合进一步增强对数据的隐私保护.然后,本文提出了C-DLIT框架以支持数据动态操作并可实现全局审计.最后通过理论分析与实验对比,本文证明了该方案既可以保证数据的隐私性,又能够有效抵御恶意攻击.实现结果表明:在验证执行时间方面,相较于数据持有性证明协议(Provable Data Possession,PDP)的10-2秒级耗时与数据可恢复性证明协议(Proofs of Retrievability,PoR)的秒级耗时,本文方案可以把时间减少到2毫秒以内.
文摘随着云存储模式的出现,越来越多的用户选择将应用和数据移植到云中,但他们在本地可能并没有保存任何数据副本,无法确保存储在云中的数据是完整的.如何确保云存储环境下用户数据的完整性,成为近来学术界研究的一个热点.数据完整性证明(Provable Data Integrity,PDI)被认为是解决这一问题的重要手段,该文对此进行了综述.首先,给出了数据完整性证明机制的协议框架,分析了云存储环境下数据完整性证明所具备的特征;其次,对各种数据完整性证明机制加以分类,在此分类基础上,介绍了各种典型的数据完整性验证机制并进行了对比;最后,指出了云存储中数据完整性验证面临的挑战及发展趋势.
文摘作为云存储安全的重要问题,数据完整性验证技术受到学术界和工业界的广泛关注.为了验证云端数据完整性,研究者提出了多个数据完整性公开审计模型.然而,现有的数据完整性审计模型采用固定参数审计所有文件,浪费了大量计算资源,导致系统审计效率不高.为了提高系统的审计效率,提出了一种自适应数据持有性证明方法(self-adaptive provable data possession,SA-PDP),该方法基于文件属性和用户需求动态调整文件的审计方案,使得文件的审计需求和审计方案的执行强度高度匹配.为了增强审计方案更新的灵活性,依据不同的审计需求发起者,设计了2种审计方案动态更新算法.主动更新算法保证了审计系统的覆盖率,而被动更新算法能够及时满足文件的审计需求.实验结果表明:相较于传统方法,SA-PDP的审计总执行时间至少减少了50%,有效增加了系统审计文件的数量.此外,SAPDP方法生成的审计方案的达标率比传统审计方法提高了30%.
