[关键词]
[摘要]
随着云存储的出现,越来越多的用户选择将大量数据存储在远程云服务器上,以节约本地存储资源.如何验证用户远程存储在云端数据的完整性,成为近年来学术界的一个研究热点.虽然现已提出了很多云审计方案,但大多数方案都假设个人和企业在使用云存储系统的整个过程中,用户及其公私钥始终不变,且不能高效地对数据进行实时动态更新.为此,提出一种轻量级的支持用户可动态撤销及存储数据可动态更新的云审计方案.首先,该方案允许用户可高效地动态撤销(包括更换公私钥),在用户撤销阶段,采用了多重单向代理重签名技术,新用户只需计算重签名密钥,而无需从云端下载数据再重新签名后上传到云端;其次,该方案能够保证数据可实时动态更新(插入、删除、修改),通过在数据块的身份识别码中引入虚拟索引,数据动态更新时,只有被更新数据块的身份识别码发生变化,其余数据块的身份识别码保持不变;最后,在重签名阶段,云服务器代替新用户进行签名,在审计阶段,第三方审计者代表当前用户对存储在远程云服务器上的数据进行完整性验证,减轻了终端用户的计算开销及系统的通信开销(轻量级).安全性分析和性能分析进一步说明,该方案是安全的和高效的.
[Key word]
[Abstract]
With the advent of cloud storage, more and more users choose to store large amounts of data on the remote cloud server in order to save local storage resources. In recent years, how to verify the integrity of remote stored data in the cloud has been become a hotspot in academia. Although many cloud auditing protocols have been put forward, most of them are based on the assumption that users (individuals or enterprises) and their public/private keys remain constant in the whole process of using cloud storage system, and these schemes cannot dynamically update data in real time. Therefore, this study proposes a lightweight cloud auditing scheme which supports dynamic revocation of users and real-time updating of data. First of all, this scheme allows users to revoke dynamically and efficiently (including the updating of public private keys), multi-use unidirectional proxy re-signature technology is adopted in the stage of revocation, that is, a new user simply needs to calculate the re-signature key instead of downloading data from the cloud to re-sign and then uploading it to the cloud. Secondly, this scheme can realize the data dynamic updating (inserting, deleting, and modifying) in real time by introducing the virtual index into the identification code of data block. Consequently, only the identification code of updated data block changes while the other's remain unchanged when dynamically updating data. Finally, in the stage of re-signature, the cloud server is able to represent a new user to re-sign, and in the stage of auditing, third party audit center can represent the current user to verify the integrity of data in the cloud, which greatly reduce the computational overhead of user and communication overhead of system (lightweight). The security and performance analyses of this study further show that the proposed scheme is secure and efficient.
[中图分类号]
TP333
[基金项目]
国家自然科学基金(61802243,61872229,61772150);陕西省工业领域重点研发项目(2019GY-013);中央高校基本科研业务费专项资金(2018CSLY002,GK201803005)