用户可实时撤销的云存储数据完整性验证方案  被引量：3

作　　者：马海峰 王俊华 薛庆水 时雪磊 张继 杨家海[2] MA Hai-feng;WANG Jun-hua;XUE Qing-shui;SHI Xue-lei;ZHANG Ji;YANG Jia-hai(School of Computer Science and Information Engineering,Shanghai Institute of Technology,Shanghai 201418,China;Institute for Network Sciences and Cyberspace,Tsinghua University,Beijing 100084,China)

机构地区：[1]上海应用技术大学计算机科学与信息工程学院,上海201418 [2]清华大学网络科学与网络空间研究院,北京100084

出　　处：《计算机工程与设计》2023年第10期2943-2949,共7页Computer Engineering and Design

基　　金：国家“十三五”重点研发计划基金项目(2017YFB0803004);国家重点研发计划基金项目(2018YFB1800200);上海应用技术大学引进人才项目启动基金项目(39120K196002-A06)。

摘　　要：为解决现存数据完整性验证方案中用户难以实时撤销且撤销成本大的问题,提出用户可实时撤销的云存储数据验证方案,为用户设计一个管理员属性,实现用户实时撤销;利用代理重签名技术实现用户撤销过程中的签名替换,避免新用户重新从云端下载数据进行签名并上传;利用代理服务器的可信执行环境保证重签名阶段的信息安全,保护签名信息不被篡改或泄露;在审计挑战中采用随机掩码隐藏关键信息,避免好奇的第三方审计者通过验证信息获取到用户的真实数据。安全分析和性能分析进一步表明,方案是安全且高效的。To solve the problem that it is difficult for users to revoke in real time and the cost of revocation is high in the existing data integrity verification schemes,a cloud storage data integrity verification scheme that realized the user’s real-time revocation was proposed,and an administrator attribute was designed for the user to realize the user’s real-time revocation.An administrator attribute for users was designed to realize real-time revocation of users.The proxy re-signature technology was used to realize the signature replacement in the process of user revocation,so as to avoid new users downloading data from the cloud again for signing and uploading.The trusted execution environment of proxy server was used to ensure the information security in the re-signature stage and protect the signature information from tampering or disclosure.In the audit challenge,the random mask was used to hide the key information,so as to avoid the curious third-party audit and obtain the user’s real data through the verification information.Security analysis and performance analysis further show that the scheme is safe and efficient.

关 键 词：云存储 用户实时撤销 数据完整性 代理重签名 可信执行环境 数据验证 隐私保护 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]