可证数据持有方案(Provable Data Possession,PDP)可以让用户在不下载全部数据的情况下验证其外包数据是否完好无损.为了提高外包数据的可用性和安全性,许多用户将数据的多个副本存储在单云服务器上,但是单云服务器在发生故障或者其他意外情况时,用户存储的数据副本也会遭到破坏因而无法恢复原始数据.同时,许多可证数据持有方案依赖于公钥基础设施(Public Key Infrastructure,PKI)技术,存在密钥管理问题.此外,现有的可证数据持有方案大多是在用户端使用密钥对数据进行处理.由于用户端的安全意识较弱或者安全设置较低,密钥可能会有泄露的风险.恶意云一旦获得了用户端的密钥,就可以通过伪造虚假的数据持有证明来隐藏数据丢失的事件.基于上述问题,提出了一种基于身份的密钥隔离的多云多副本可证数据持有方案(Identity-Based Key-Insulated Provable Multi-Copy Data Possession in Multi-Cloud Storage,IDKIMC-PDP).基于身份的可证数据持有方案消除了公钥基础设施技术中复杂的证书管理.多云多副本确保了即使在某个云服务器上的副本被篡改或者被破坏的情况下,用户仍然可以从其他云服务器上获取副本并恢复数据.同时,方案中使用了密钥隔离技术实现了前向和后向安全.即使某一时间段内的密钥泄露,其他时间段内云存储审计的安全性也不会受到影响.给出了该方案的正式定义、系统模型和安全模型;在标准困难问题下,给出了该方案的安全性证明.安全性分析表明,IDKIMC-PDP方案具有强抗密钥泄露性、可检测性以及数据块标签和证明的不可伪造性.实验结果表明,与现有的多云多副本相关方案相比,IDKIMC-PDP 方案具有相对较高的效率.
Identity-based Key-insulated Provable Multi-copy Data Possession in Multi-cloud Storage
Provable data possession(PDP)allows users to verify that their outsourced data is intact without downloading all the data.To improve the availability and security of outsourced data,many users store multiple copies of their data on a single server.In case of a single cloud server failure or other unexpected circumstances,the data copy stored by users will be damaged and the original data cannot be restored.At the same time,many PDP schemes rely on the technique of public key infrastructure(PKI),which has key management problems.In addition,most of the existing PDP schemes use the key to process the data on the client side.Because the security awareness of the client is weak or the security settings are low,the key may be exposed.Once the mali-cious cloud obtains the client's key,it can hide the event of data loss by forging false proof of data possession.Based on the above problems,we propose a scheme called identity-based key-insulated provable multi-copy data possession in multi-cloud storage.Identity-based PDP scheme eliminates complex certificate management in the technique of public key infrastructure.Multi-copy in multi-cloud ensures that if all copies in one cloud server are tampered with or corrupted,users can still obtain copies from other cloud servers and recover data.At the same time,the key-insulated technology is used to realize forward and backward security.Even if the key is exposed in a certain period of time,the security of cloud storage auditing in other periods of time is not affec-ted.The formal definition,system model and security model of the scheme are given.The security proof of the scheme is given un-der the standard difficult problem.The security analysis shows that the proposed scheme has strong anti-key leakage,detectability and unforgeability of data block authenticator and proofs.Experimental results show that compared with the existing multi-cloud and multi-copy related schemes,the proposed scheme has relatively high efficiency.
Provable data possessionKey-insulatedIdentity-based signatureMulti-copy in multi-cloud
万方数据
维普
