支持受损数据定位与恢复的动态群用户可证明存储  

作　　者：姜涛 徐航 王良民 马建峰 JIANG Tao;XU Hang;WANG Liangmin;MA Jianfeng(State Key Laboratory of Integrated Service Networks,Xidian University,Xi’an 710071,China;School of Cyber Engineering,Xidian University,Xi’an 710126,China;School of computer science and engineering,Southeast University,Nanjing 211189,China)

机构地区：[1]西安电子科技大学ISN国家重点实验室,陕西西安710071 [2]西安电子科技大学网络与信息安全学院,陕西西安710126 [3]东南大学网络空间安全学院,江苏南京211189

出　　处：《网络与信息安全学报》2022年第5期75-87,共13页Chinese Journal of Network and Information Security

基　　金：中央高校基本科研业务费专项(XJS211502)。

摘　　要：云计算的外包存储模式导致数据拥有者的数据所有权和管理权分离,进而改变了数据存储网络模型和安全模型。为了有效应对云服务器端的软硬件故障及潜在的不诚实服务提供商,确保数据拥有者数据的可用性,设计安全、高效的数据可用性、可恢复性审计方案对于解决用户担忧、保证云数据安全具有重要的理论和实践价值。然而,现有研究多针对数据完整性或者可恢复性方案的安全性和效率进行设计,没有考虑动态群用户下受损数据的快速定位和可靠恢复问题。因此,针对动态群用户环境中受损数据定位与恢复问题,设计了一个可公开验证的动态群组云用户存储证明方案。该方案在检测到数据受损时,任何可信的第三方审计者能够通过挑战协议快速定位受损数据,并在数据受损程度小于纠错能力门限情况下允许云平台对数据进行可靠恢复。该方案结合关联计算和累加计算,有效减少了受损数据定位的计算次数;通过纠删码与共享编码技术,方案能够实现用户受损数据的有效恢复。同时,方案支持用户的动态撤销,确保了群用户共享数据在用户撤销后的完整性审计和可靠恢复。定义了方案的网络模型和威胁模型,并在相应安全模型下证明了所设计方案的安全性。通过真实环境下的原型系统实现和模块化性能分析,证明了所设计方案能够有效定位受损数据并在数据受损时对云端数据进行可靠恢复。同时,与相关方案相比,所设计方案在受损数据定位与恢复方面的计算开销较小。The outsourced storage mode of cloud computing leads to the separation of data ownership and management rights of data owners,which changes the data storage network model and security model.To effectively deal with the software and hardware failures of the cloud server and the potential dishonest service provider and also ensure the availability of the data owners’data,the design of secure and efficient data availability and recoverability auditing scheme has both theoretical and practical importance in solving the concern of users and ensuring the security of cloud data.However,most of the existing studies were designed for the security and efficiency of data integrity or recoverability schemes,without considering the fast identification and reliable recovery of damaged data under dynamic group users.Thus,to quickly identify and recover damaged data,a publicly verifiable proof of storage scheme was proposed for dynamic group cloud users.The designed scheme enabled a trusted third-party auditor to efficiently identify the damaged files through a challenge-response protocol and allowed the cloud storage server to effectively recover them when the degree of data damage is less than an error correction ability threshold.The scheme combined association calculation and accumulation calculation,which effectively reduced the number of calculations for the identification of damaged data.By combining erasure coding and shared coding technology,the scheme achieved effective recovery of damaged data of dynamic group users.At the same time,the scheme also supported dynamic user revocation,which ensured the integrity audit and reliable recovery of the collective data after user revocation.The network model and threat model of the designed scheme were defined and the security of the scheme under the corresponding security model was proved.Through the prototype implementation of the scheme in the real environment and the modular performance analysis,it is proved that the proposed scheme can effectively identify the damaged da

关 键 词：云存储 数据共享 损坏识别 可恢复证明 动态群用户 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]