云中支持抗合谋攻击的批验证方案  被引量：2

作　　者：袁文勇 易铮阁 李瑞峰 杨晓元[1,2] YUAN Wenyong;YI Zhengge;LI Ruifeng;YANG Xiaoyuan(College of Cryptographic Engineering,Engineering University of the PAP,Xi′an 710086,China;Key Laboratory of Network and Information Security of the PAP,Xi′an 710086,China)

机构地区：[1]武警工程大学密码工程学院,陕西西安710086 [2]网络与信息安全武警部队重点实验室,陕西西安710086

出　　处：《郑州大学学报（理学版）》2023年第1期42-48,共7页Journal of Zhengzhou University:Natural Science Edition

基　　金：国家重点研发计划项目(2017YFB0802000);国家自然科学基金项目(62172436)。

摘　　要：存储数据的完整性问题是云计算安全的重要问题。针对撤销用户与云服务器或者第三方审计机构可能存在的合谋问题,提出一种能够抵抗合谋攻击并且满足数据批验证的方案,可提高存储数据的安全性和验证完整性的效率。方案结合虚拟用户思想和代理重签名技术,把撤销用户的签名转化为虚拟用户的签名,以此抵抗撤销用户与CSP的合谋攻击。在审计阶段利用随机掩码技术盲化证据,使得TPA即使有撤销用户的合谋,也无法获得当前用户的隐私。方案不仅支持单个数据块的完整性验证,也支持多个数据的批验证,可同时检验多个群用户的审计请求。安全分析表明,该方案能够有效抵抗合谋攻击,保护用户数据隐私。The integrity of stored data was an important issue in cloud computing security. In order to resist the collusion between users and cloud service provider or third party auditor, the scheme, which could resist collusion attacks and meet the requirements of data batch verification, was proposed. The scheme improved the security of stored data and the efficiency of verifying the integrity. The idea of virtual user and proxy re-signature technology were combined to transform the retraction user′s signature into the virtual user′s signature, so as to resist the collusion attack of retraction user and CSP. The random mask technology was used to blind the evidence in the audit stage, which made TPA unable to obtain the current users′ privacy even if there was conspiracy of retracting the user. The scheme not only supported the integrity verification of single data block, but also supported the batch verification of multiple data, which could verify the audit requests of multiple groups of users at the same time. Security analysis showed that the scheme could effectively resist collusion attacks and protect privacy of users′ data.

关 键 词：云存储 完整性 抗合谋攻击 批验证 数据隐私 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]