云存储中支持数据去重的群组数据持有性证明
作者:
基金项目:

国家自然科学基金(61272512,61100172);国家高技术研究发展计划(863)(2013AA01A214);教育部新世纪优秀人才计划(NCET-12-0046);北京市自然科学基金(4121001)


Group Provable Data Possession with Deduplication in Cloud Storage
Author:
Fund Project:

National Natural Science Foundation of China (61272512, 61100172); National High-Tech R&D Program of China (863) (2013AA01A214); Program for New Century Excellent Talents in University (NCET-12-0046); Natural Science Foundation of Beijing (4121001)

  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [44]
  • |
  • 相似文献 [20]
  • | | |
  • 文章评论
    摘要:

    数据持有性证明(provable data possession,简称PDP)和数据可恢复性证明(proofs of retrievability,简称POR)是客户端用来验证存储在云端服务器上数据完整性的主要技术.近几年,它在学术界和工业界的应用广泛,很多PDP和POR方案相继出现.但是由于不同群组的特殊性和独特要求,使得群组PDP/POR方案多样化,并且群组应用中的许多重要功能(例如数据去重)没有被实现.如何构造高效及满足群组特定功能和安全需求的PDP/POR方案,已经引起了人们的广泛关注.给出了一种支持数据去重的群组PDP方案(GPDP),基于矩阵计算和伪随机函数, GPDP可以在支持数据去重的基础上,高效地完成数据持有性证明,并且可以在群组中抵抗恶意方选择成员攻击.在标准模型下证明了GPDP的安全性,并且在百度云平台上实现了GPDP的原型系统.为了评估方案的性能,使用了10GB的数据量进行实验和分析,结果表明:GPDP方案在达到群组中数据去重的目标的基础上,可以高效地保证抵抗选择攻击和数据持有性,即:预处理效率高于私有验证方案,而验证效率高于公开验证方案(与私有验证效率几乎相同).另外,与其他群组PDP/POR方案相比,GPDP方案将额外存储代价和通信代价都降到了最低.

    Abstract:

    Provable data possession (PDP) and proofs of retrievability (POR) are techniques for a client to verify the integrity of outsourced data in cloud storage. Recently, numerous PDP and POR schemes have been proposed while the techniques are widely used in academic and industrial community. However, due to specific and unique requirements of different groups, PDP/POR schemes vary and many functionalities such as data deduplication have not been implemented. How to construct an efficient group PDP/POR scheme to meet these unique requirements of functionality and security has received much attention. In this paper, a group PDP with deduplication (GPDP) is presented. Based on matrix calculation and pseudo-random function, GPDP can efficiently guarantee data possession with deduplication, as well as defend against selective opening attacks of a malicious party.The security of GPDP in the standard model is proved and a prototype based on GPDP scheme in a realistic cloud platform of Baidu is implemented. To evaluate the performance of GPDP, this work utilizes data size of 10GB for experiments and analysis. The result of experiments show that GPDP can guarantee data possession efficiently with deduplication and protect against selective opening attacks. In particular, the performance is superior to private schemes in the phase of pre-process and public schemes in the phase of verification (as efficient as private scheme in the phase of verification). Furthermore, GPDP reduces the extra storage and communication cost to a minimum than the other PDP/POR schemes applied in a group.

    参考文献
    [1] Tan S, Jia Y, Han HW. Research and development of provable data integrity in cloud storage. Chinese Journal of Computers, 2015,38(1):164-177 (in Chinese with English abstract).
    [2] Yu NH, Hao Z, Xu JJ, Zhang WM, Zhang C. Review of cloud computing security. Journal of Electritic, 2013,41(2):371-381 (in Chinese with English abstract).
    [3] Yuan J, Yu S. Efficient public integrity checking for cloud data sharing with multi-user modification. In: Proc. of the 2014 IEEE INFOCOM. IEEE, 2014. 2121-2129. [doi: 10.1109/INFOCOM.2014.6848154]
    [4] Zhu Y, Ahn GJ, Hu H, Yau SS, An HG, Hu CJ. Dynamic audit services for outsourced storages in clouds. IEEE Trans. on Services Computing, 2013, 6(2):227-238. [doi: 10.1109/TSC.2011.51]
    [5] Rong L, Li L, Li CL. Extensible provable data possession scheme with data dynamics.Application Research of Computers, 2013,30(7):2132-2135 (in Chinese with English abstract).
    [6] Juels A, KaliskiJr BS, Bowers KD. Proof of Retrievability for Archived Files. U.S. Patent 8381062, 2013-2-19.
    [7] Armknecht F, Bohli JM, Karame GO, Liu ZR, Reuter CA. Outsourced proofs of retrievability. In: Proc. of the 2014 ACM SIGSAC Conf. on Computer and Communications Security. ACM Press, 2014. 831-843. [doi: 10.1145/2660267.2660310]
    [8] 朱岩,王怀习,胡泽行,Gail-Joon AHN,胡宏新.数据可恢复性的零知识证明.中国科学:信息科学,2011,41(10):1227-1237.
    [9] Ateniese G, Burns R, Curtmola R, Herring J, Kissaer L, Peterson Z, Song D. Provable data possession at untrusted stores. In: Proc. of the 14th ACM Conf. on Computer and Communications Security. ACM Press, 2007. 598-609. [doi: 10.1145/1315245.1315318]
    [10] Ateniese G, Burns R, Curtmola R, Herring J, Khan O, Kissner L, Peterson Z, Song D. Remote data checking using provable data possession. ACM Trans. on Information & System Security, 2011,14(1):1165-1182. [doi: 10.1145/1952982.1952994]
    [11] Juels A, Kaliski BS. Pors: Proofs of retrievability for large files. In: Proc. of the 14th ACM Conf. on Computer and Communications Security. ACM Press, 2007. 584-597. [doi: 10.1145/1315245.1315317]
    [12] Shacham H, Waters B. Compact proofs of retrievability. In: Proc. of the Advances in Cryptology (ASIACRYPT 2008). Berlin, Heidelberg: Springer-Verlag, 2008. 90-107. [doi: 10.1007/978-3-540-89255-7_7]
    [13] Ateniese G, Di Pietro R, Mancini LV, Tsudik G. Scalable and efficient provable data possession. In: Proc. of the 4th Int'l Conf. on Security and Privacy in Communication Networks. ACM Press, 2008. 9. [doi: 10.1145/1460877.1460889]
    [14] Dodis Y, Vadhan S, Wichs D. Proofs of retrievability via hardness amplification. In: Proc. of the Theory of Cryptography. Berlin, Heidelberg: Springer-Verlag, 2009. 109-127. [doi: 10.1007/978-3-642-00457-5_8]
    [15] Ateniese G, Kamara S, Katz J. Proofs of storage from homomorphic identification protocols. LNCS, 2009. 319-333. [doi: 10.1007/ 978-3-642-10366-7_19]
    [16] Erway CC, Küpçü A, Papamanthou C, Tamassia R. Dynamic provable data possession. In: Proc. of the ACM Conf. on Computer and Communications Security. 2009. 213-222. [doi: 10.1145/1653662.1653688]
    [17] Chen B, Curtmola R. Robust dynamic provable data possession. In: Proc. of the ICDCS Workshops. 2012. 515-525. [doi: 10.1109/ ICDCSW.2012.57]
    [18] Zheng Q, Xu S. Fair and dynamic proofs of retrievability. In: Proc. of the 1st ACM Conf. on Data and Application Security and Privacy. ACM Press, 2011. 237-248. [doi: 10.1145/1943513.1943546]
    [19] Zhu Y, Wang H, Hu Z, Ahn G, Hu H, Yau SS. Efficient provable data possession for hybrid clouds. In: Proc. of the ACM Conf. on Computer and Communications Security. 2010. 756-758. [doi: 10.1145/1866307.1866421]
    [20] Zhu Y, Hu H, Ahn G, Yu M. Cooperative provable data possession for integrity verification in multicloud storage. IEEE Trans. on Parallel Distributed Systems, 2012. 2231-2244.
    [21] Hanser C, Slamanig D. Efficient simultaneous privately and publicly verifiable robust provable data possession from elliptic curves. In: Proc. of the 2013 Int'l Conf. on Security and Cryptography (SECRYPT). IEEE, 2013. 1-12.
    [22] Shi E, Stefanov E, Papamanthou C. Practical dynamic proofs of retrievability. In: Proc. of the 2013 ACM SIGSAC Conf. on Computer & Communications Security. ACM Press, 2013. 325-336. [doi: 10.1145/2508859.2516669]
    [23] Stefanov E, van Dijk M, Juels A, Oprea A. Iris: A scalable cloud file system with efficient integrity checks. In: Proc. of the 28th Annual Computer Security Applications Conf. ACM Press, 2012. 229-238. [doi: 10.1145/2420950.2420985]
    [24] Stefanov E, Shi E, Song D. Towards Practical Oblivious RAM. NDSS the Internet Society, 2011.
    [25] Cash D, Küpçü A, Wichs D. Dynamic proofs of retrievability via oblivious ram. In: Proc. of the Advances in Cryptology (EUROCRYPT 2013). Berlin, Heidelberg: Springer-Verlag, 2013. 279-295. [doi: 10.1007/978-3-642-38348-9_17]
    [26] Wang Q, Wang C, Li J, Ren K, Lon WJ. Enabling public verifiability and data dynamics for storage security in cloud computing. In: Proc. of the Computer Security (ESORICS 2009). Berlin, Heidelberg: Springer-Verlag, 2009. 355-370. [doi: 10.1007/978-3-642- 04444-1_22]
    [27] Wang C, Wang Q, Ren K, Lou WJ. Privacy-Preserving public auditing for data storage security in cloud computing. In: Proc. of the 2010 IEEE INFOCOM. IEEE, 2010. 1-9. [doi: 10.1109/INFCOM.2010.5462173]
    [28] Wang C, Wang Q, Ren K, Cao N, Lou WJ. Toward secure and dependable storage services in cloud computing. IEEE Trans. on Services Computing, 2012,5(2):220-232. [doi: 10.1109/TSC.2011.24]
    [29] Wang C, Chow SM, Wang Q, Ren K, Lou WJ. Privacy-Preserving public auditing for secure cloud storage. IEEE Trans. on Computers, 2013,62(2):362-375. [doi: 10.1109/TC.2011.245]
    [30] Wang B, Li B, Li H. Knox: Privacy-Preserving auditing for shared data with large groups in the cloud. LNCS, 2012. 507-525. [doi: 10.1007/978-3-642-31284-7_30]
    [31] Wang B, Li B, Li H. Oruta: Privacy-Preserving public auditing for shared data in the cloud. IEEE Trans. on Cloud Computing, 2014,2(1):43-56. [doi: 10.1109/TCC.2014.2299807]
    [32] Wang B, Li B, Li H. Panda: Public auditing for shared data with efficient user revocation in the cloud. IEEE Trans. on Services Computing, 2015,8(1):92-106. [doi: 10.1109/TSC.2013.2295611]
    [33] Wang Y, Wu Q, Qin B, Chen XF, Huang XY, Zhou YY. Group-Oriented proofs of storage. In: Proc. of the 10th ACM Symp. on Information, Computer and Communications Security. ACM Press, 2015. 73-84. [doi: 10.1145/2714576.2714630]
    [34] Douceur JR, Adya A, Bolosky WJ, Simon D, Theimer M, Research M. Reclaiming space from duplicate files in a serverless distributed file system. In: Proc. of the Int'l Conf. on Distributed Computing Systems. 2002. 617-624. [doi: 10.1109/ICDCS.2002. 1022312]
    [35] Storer MW, Greenan K, Long DE, Miller EL. Secure data deduplication. In: Proc. of the 4th ACM Int'l Workshop on Storage Security and Survivability. ACM Press, 2008. 1-10. [doi: 10.1145/1456469.1456471]
    [36] Harnik D, Pinkas B, Shulman-Peleg A. Side channels in cloud services: Deduplication in cloud storage. Security & Privacy, IEEE, 2010,8(6):40-47. [doi: 10.1109/MSP.2010.187]
    [37] Halevi S, Harnik D, Pinkas B, Shulman-Peleg A. Proofs of ownership in remote storage systems. In: Proc. of the ACM Conf. on Computer and Communications Security. 2011. 491-500. [doi: 10.1145/2046707.2046765]
    [38] Zheng Q, Xu S. Secure and efficient proof of storage with deduplication. In: Proc. of the 2nd ACM Conf. on Data and Application Security and Privacy. CODASPY, 2012. 1-12. [doi: 10.1145/2133601.2133603]
    [39] Fehr S, Hofheinz D, Kiltz E, Wee H. Encryption schemes secure against chosen-ciphertext selective opening attacks. LNCS, 2010, 6110:381-402. [doi: 10.1007/978-3-642-13190-5_20]
    [40] Agrawal S, Dan B. Homomorphic MACs: MAC-Based integrity for network coding. In: Proc. of the ACNS. 2009. 292-305. [doi: 10.1007/978-3-642-01957-9_18]
    附中文参考文献:
    [37] 谭霜,贾焰,韩伟红.云存储中的数据完整性证明研究及进展.计算机学报,2015,38(1):164-177.
    [38] 俞能海,郝卓,徐甲甲,张卫明,张弛.云安全研究进展综述.电子学报,2013,41(2):371-381.
    [40] 肜丽,栗磊,李超零.一种可扩展的动态数据持有性证明方案.计算机应用研究,2013,30(7):2132-2135.
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

王宏远,祝烈煌,李龙一佳.云存储中支持数据去重的群组数据持有性证明.软件学报,2016,27(6):1417-1431

复制
分享
文章指标
  • 点击次数:5117
  • 下载次数: 7271
  • HTML阅读次数: 2920
  • 引用次数: 0
历史
  • 收稿日期:2015-08-13
  • 最后修改日期:2015-10-09
  • 在线发布日期: 2016-01-22
文章二维码
您是第19811452位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号