微信服务号

微信订阅号

2025年3月28日 21:24 星期五
首页 > 过刊浏览>2025年第36卷第3期 >1268-1288. DOI:10.13328/j.cnki.jos.007166
PDF HTML阅读 XML下载 导出引用 引用提醒
支持错误定位与数据恢复的多云关键词审计
作者:
中图分类号:

TP309

基金项目:

国家自然科学基金(61902327); 通信安全重点实验室科技基金(61421030107012102); 四川省自然科学基金(2023NSFSC1398, 2022YFG0172, 2022JDRC0061); 成都市重点研发项目(2021-YF05-00965-SN)


Keyword-based Multi-cloud Auditing with Fault Localization and Data Recovery
Author:
  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [41]
    • | | | |
  • 文章评论
    摘要:

    基于关键词的审计(KA)技术是保障云审计经济适用性的重要手段. 不同于概率性审计对外包数据进行随机抽样验证, KA考虑多用户多属性数据的审计需求, 执行关键词检索和定向审计, 能有效降低审计开销. 然而, 现有的KA方案通常聚焦于目标数据的审计效率, 而很少关注审计失败后的错误定位及数据恢复等补救措施; 这无益于保障数据的可用性. 因此, 提出基于关键词的多云审计方案(简称KMCA), 结合智能合约技术实现定向审计、批量错位定位与数据恢复功能. 具体来说, 定向审计模块借鉴可搜索加密技术的索引结构, 定义关键词-文件数据映射关系, 并利用布隆过滤器的误报率特性来隐藏审计词频, 保护关键词隐私; 错误定位模块采用二分思想实现出错云服务器批量定位和受损数据细粒度定位; 数据恢复模块提出多云冗余存储与数据恢复策略, 避免单点故障, 提升存储容错率. 在随机预言机模型下, KMCA是可证明安全的. 性能分析表明, KMCA具备可行性.

    Abstract:

    Keyword-based auditing (KA) technology is a crucial measure to achieve cost-effectiveness in cloud auditing applications. Different from probabilistic auditing, which verifies outsourced data by random sampling and verification, KA considers the auditing requirements of multi-user and multi-attribute data by performing keyword searches and targeted audits. KA can significantly reduce auditing costs. However, existing KA schemes usually focus only on auditing the efficiency of target data while paying little attention to remedial measures such as fault localization and data recovery after audit failures. This lack of attention to remediation measures does not guarantee data availability. Therefore, this study proposes a keyword-based multi-cloud auditing scheme (referred to as KMCA) that leverages smart contracts to enable targeted auditing, batch fault localization, and data recovery. Specifically, the targeted auditing module defines the keyword-file mapping based on the searchable encryption index structure and employs Bloom filters’ false-positive rate characteristic to hide keyword frequency and protect privacy. The fault localization module uses a binary search approach to locate error-prone cloud servers in batches and fine-grained localization of corrupted data. The data recovery module formulates multi-cloud redundant storage and data recovery strategies to avoid single-point failure and improve storage fault tolerance. Under the random oracle model, KMCA is provably secure. Performance analysis shows that KMCA is feasible.

    参考文献
    [1] 汪玉凯. 数字政府的到来与智慧政务发展新趋势——5G时代政务信息化前瞻. 人民论坛, 2019(11): 33–35.
    Wang YK. The arrival of digital government and new trends in the development of intelligent government affairs-5G era government information technology foresight. People’s Tribune, 2019(11): 33–35. (in Chinese with English abstract).
    [2] Gao X, Yu J, Chang Y, Wang HQ, Fan JX. Checking only when it is necessary: Enabling integrity auditing based on the keyword with sensitive information privacy for encrypted cloud data. IEEE Trans. on Dependable and Secure Computing, 2022, 19(6): 3774–3789.
    [3] Zhu Y, Hu HX, Ahn GJ, Yu MY. Cooperative provable data possession for integrity verification in multicloud storage. IEEE Trans. on Parallel and Distributed Systems, 2012, 23(12): 2231–2244.
    [4] Wang HQ. Identity-based distributed provable data possession in multicloud storage. IEEE Trans. on Services Computing, 2015, 8(2): 328–340.
    [5] Tian H, Nan FL, Jiang H, Chang CC, Ning JT, Huang YF. Public auditing for shared cloud data with efficient and secure group management. Information Sciences, 2019, 472: 107–125.
    [6] Behrouzi-Far A, Soljanin E. Data replication for reducing computing time in distributed systems with stragglers. In: Proc. of the 2019 IEEE Int’l Conf. on Big Data. Los Angeles: IEEE, 2019. 5986–5988. [doi: 10.1109/BigData47090.2019.9006012]
    [7] Li JG, Yan H, Zhang YC. Efficient identity-based provable multi-copy data possession in multi-cloud storage. IEEE Trans. on Cloud Computing, 2022, 10(1): 356–365.
    [8] Miao Y, Huang Q, Xiao MY, Susilo W. Blockchain assisted multi-copy provable data possession with faults localization in multi-cloud storage. IEEE Trans. on Information Forensics and Security, 2022, 17: 3663–3676.
    [9] Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson Z, Song D. Provable data possession at untrusted stores. In: Proc. of the 14th ACM Conf. on Computer and Communications Security. Alexandria: Association for Computing Machinery, 2007. 598–609. [doi: 10.1145/1315245.1315318]
    [10] Wang Q, Wang C, Li J, Ren K, Lou WJ. Enabling public verifiability and data dynamics for storage security in cloud computing. In: Proc. of the 14th European Symp. on Research in Computer Security. Saint-Malo: Springer, 2009. 355–370. [doi: 10.1007/978-3-642-04444-1_22]
    [11] 韩静, 李艳平, 禹勇, 丁勇. 用户可动态撤销及数据可实时更新的云审计方案. 软件学报, 2020, 31(2): 578–596. http://www.jos.org.cn/1000-9825/5633.htm
    Han J, Li YP, Yu Y, Ding Y. Cloud auditing scheme with dynamic revocation of users and real-time updates of data. Ruan Jian Xue Bao/Journal of Software, 2020, 31(2): 578–596 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5633.htm
    [12] Shen J, Shen J, Chen XF, Huang XY, Susilo W. An efficient public auditing protocol with novel dynamic structure for cloud data. IEEE Trans. on Information Forensics and Security, 2017, 12(10): 2402–2415.
    [13] Zhu K, Ren YJ, Zhu QF. A provable data possession protocol in cloud storage systems with fault tolerance. In: Proc. of the 2021 IEEE Conf. on Dependable and Secure Computing. Aizuwakamatsu: IEEE, 2021. 1–6. [doi: 10.1109/DSC49826.2021.9346241]
    [14] Ding Y, Li YP, Yang WJ, Zhang K. Edge data integrity verification scheme supporting data dynamics and batch auditing. Journal of Systems Architecture, 2022, 128: 102560.
    [15] 田秀霞, 刘天顺, 牛晓宇, 周傲英. 面向泛在电力物联网云端数据的轻型动态完整性审计方案. 计算机学报, 2020, 43(12): 2298–2314.
    Tian XX, Liu TS, Niu XY, Zhou AY. Lightweight dynamic integrity auditing scheme for cloud data of ubiquitous power Internet of Things. Chinese Journal of Computers, 2020, 43(12): 2298–2314 (in Chinese with English abstract).
    [16] Widodo RNS, Lim H, Atiquzzaman M. A new content-defined chunking algorithm for data deduplication in cloud storage. Future Generation Computer Systems, 2017, 71: 145–156.
    [17] Singh Y, Kandah F, Zhang WY. A secured cost-effective multi-cloud storage in cloud computing. In: Proc. of the 2011 IEEE Conf. on Computer Communications Workshops (INFOCOM WKSHPS). Shanghai: IEEE, 2011. 619–624.
    [18] 庞晓琼, 王田琪, 陈文俊, 任孟琦. 一个支持错误定位的批处理数据拥有性证明方案. 软件学报, 2019, 30(2): 362–380. http://www.jos.org.cn/1000-9825/5423.htm
    Pang XQ, Wang TQ, Chen WJ, Ren MQ. Batch provable data possession scheme with error locating. Ruan Jian Xue Bao/Journal of Software, 2019, 30(2): 362–380 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5423.htm
    [19] Zhang C, Xu Y, Hu YP, Wu JJ, Ren J, Zhang YX. A blockchain-based multi-cloud storage data auditing scheme to locate faults. IEEE Trans. on Cloud Computing, 2022, 10(4): 2252–2263.
    [20] Su Y, Li YP, Yang B, Ding Y. Decentralized self-auditing scheme with errors localization for multi-cloud storage. IEEE Trans. on Dependable and Secure Computing, 2022, 19(4): 2838–2850.
    [21] 朱昱锦, 姚建国, 管海兵. 区块链即服务: 下一个云服务前沿. 软件学报, 2020, 31(1): 1–19. http://www.jos.org.cn/1000-9825/5891.htm
    Zhu YJ, Yao JG, Guan HB. Blockchain as a service: Next generation of cloud services. Ruan Jian Xue Bao/Journal of Software, 2020, 31(1): 1–19. (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5891.htm
    [22] Xue JT, Xu CX, Zhao JN, Ma JF. Identity-based public auditing for cloud storage systems against malicious auditors via blockchain. Science China Information Sciences, 2019, 62(3): 32104.
    [23] Xu Y, Ren J, Zhang Y, Zhang C, Shen B, Zhang YX. Blockchain empowered arbitrable data auditing scheme for network storage as a service. IEEE Trans. on Services Computing, 2020, 13(2): 289–300.
    [24] Fan K, Bao ZJ, Liu MX, Vasilakos AV, Shi WB. Dredas: Decentralized, reliable and efficient remote outsourced data auditing scheme with blockchain smart contract for industrial IoT. Future Generation Computer Systems, 2020, 110: 665–674.
    [25] Du YF, Duan HY, Zhou AX, Wang C, Au MH, Wang Q. Towards privacy-assured and lightweight on-chain auditing of decentralized storage. In: Proc. of the 40th IEEE Int’l Conf. on Distributed Computing Systems (ICDCS). Singapore: IEEE, 2020. 201–211.
    [26] Du YF, Duan HY, Zhou AX, Wang C, Au MH, Wang Q. Enabling secure and efficient decentralized storage auditing with blockchain. IEEE Trans. on Dependable and Secure Computing, 2022, 19(5): 3038–3054.
    [27] Duan HY, Du YF, Zheng LQ, Wang C, Au MH, Wang Q. Towards practical auditing of dynamic data in decentralized storage. IEEE Trans. on Dependable and Secure Computing, 2023, 20(1): 708–723.
    [28] 李涛, 杨安家, 翁健, 郭梓繁. 基于智能合约的工业互联网数据公开审计方案. 软件学报, 2023, 34(3): 1491–1511. http://www.jos.org.cn/1000-9825/6716.htm
    Li T, Yang AJ, Weng J, Guo ZF. Public auditing scheme for industrial Internet data based on smart contracts. Ruan Jian Xue Bao/Journal of Software, 2023, 34(3): 1491–1511 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/6716.htm
    [29] Xue JT, Luo SQ, Deng QF, Shi LJ, Zhang XJ, Wang HX. KA: Keyword-based auditing with frequency hiding and retrieval reliability for smart government. Journal of Systems Architecture, 2023, 138: 102856.
    [30] Schnorr CP. Efficient signature generation by smart cards. Journal of Cryptology, 1991, 4(3): 161–174.
    [31] Peng C, Luo M, Wang HQ, Khan MK, He DB. An efficient privacy-preserving aggregation scheme for multidimensional data in IoT. IEEE Internet of Things Journal, 2022, 9(1): 589–600.
    [32] Gavin W. Ethereum: A secure decentralised generalised transaction ledger. 2014. https://www.win.tue.nl/~mholende/seminar/references/ethereum_yellowpaper.pdf
    [33] Yu JD, Lu P, Zhu YM, Xue GT, Li ML. Toward secure multikeyword top-k retrieval over encrypted cloud data. IEEE Trans. on Dependable and Secure Computing, 2013, 10(4): 239–250.
    [34] Lin WK, Chiu DM, Lee YB. Erasure code replication revisited. In: Proc. of the 4th Int’l Conf. on Peer-to-peer Computing. Zurich: IEEE Computer Society, 2004. 90–97. [doi: 10.1109/PTP.2004.1334935]
    [35] Takami G, Sugawara T, Sakiyama K, Li Y. Mixture-based 5-round physical attack against AES: Attack proposal and noise evaluation. IEICE Trans. on Fundamentals of Electronics, Communications and Computer Sciences, 2022, 105.A(3): 289–299.
    相似文献
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

薛婧婷,罗抒琴,张文政,李发根,周宇,张晓均.支持错误定位与数据恢复的多云关键词审计.软件学报,2025,36(3):1268-1288

复制
分享
文章指标
  • 点击次数:178
  • 下载次数: 1376
  • HTML阅读次数: 54
  • 引用次数: 0
历史
  • 收稿日期:2023-06-14
  • 最后修改日期:2023-11-13
  • 在线发布日期: 2024-08-21
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第19746049位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号